Some computer hardware is designed to maintain secret information against software and other attacks. Some computer hardware makes use of hardware hooks in the processors and chipsets to protect memory secrets. Memory secrets may include things like private keys, passwords, personal data etc. for protection from malicious agents. VMM (Virtual Machine Monitor) or the components in the launch environment software can place and remove secrets in system memory. VMM explicitly notifies the hardware about the presence of secrets. VMM manages secrets in memory using a write CMD.SECRETS or CMD.NOSECRETS to hardware protected registers, depending on the presence of memory secrets. Some large server systems with 8-32 processor sockets, run a single copy of VMM, and are assembled by combining several smaller nodes containing 2-4 processor sockets. Each node boots separately to a point in BIOS and is then merged together by system BIOS running on the selected boot or primary node. Node controllers hide the multi-node topology from processors as well as VMMs. In the merged system, only the primary node is actively decoding registers and sets the correct secrets state. Other nodes do not see these commands and will have incorrect information. Each node comes out of reset independently and consults its private copy of SECRETS flag to determine whether to lock memory. Similar issue exists for TPM (Trusted Platform Module) ESTABLISHED flag. These issues may make secrets in these platforms insecure to malicious software.
Together with the following description, the Figures demonstrate and explain the principles of the apparatus and methods described herein. In the Figures, the organization and configuration of components may be exaggerated or simplified for clarity. The same reference numerals in different Figures represent the same component.