Systems, apparatuses, and methods for platform security

What is claimed is: 1 . An apparatus comprising: a hardware processor; and security circuitry to perform pre-boot operations including signature verification of a portion of firmware in a firmware storage hardware and initiating recovery upon a signature verification failure. 2 . The apparatus of claim 1 , wherein the hardware processor is one of a plurality of multicore hardware processors. 3 . The apparatus of claim 1 , wherein the firmware is to isolate the firmware storage hardware from an input/output hub during the pre-boot operations. 4 . The apparatus of claim 1 , wherein the firmware is to isolate the firmware storage hardware from a baseboard management controller during the pre-boot operations. 5 . The apparatus of claim 1 , wherein the hardware processor comprises: circuitry to verify and execute an authenticated code module stored in the firmware storage hardware during the pre-boot operations. 6 . The apparatus of claim 1 , wherein the security circuitry includes cryptographic circuitry to perform the signature verification. 7 . The apparatus of claim 1 , further comprising: a complex programmable logic device (CPLD) to control reset and timing sequences during the pre-boot operations. 8 . The apparatus of claim 7 , wherein the CPLD is within the security circuitry. 9 . The apparatus of claim 1 , wherein the security circuitry to monitor and filter bus transactions during boot and runtime. 10 . The apparatus of claim 1 , wherein the security circuitry to monitor and filter bus transactions during boot and runtime. 11 . The apparatus of claim 1 , wherein the security circuitry to monitor and filter bus transactions during boot and runtime. 12 . The apparatus of claim 1 , wherein the security circuitry to monitor and filter bus transactions during boot and runtime. 13 . A method comprising: receiving alternating current (AC) power; performing secure pre-boot operations using at least a security circuit; powering down direct current (DC) power to any hardware processor in operation during secure pre-boot; and powering on DC power to hardware processors and performing a normal boot. 14 . The method of claim 13 , wherein the secure pre-boot operations comprise: powering up one hardware processor in a plurality of hardware processors and holding components that access firmware in reset; holding other platform components that access firmware in reset; calculating signatures of active and recovery partitions in flash using both a public and a private key; determining that the active partition is invalid; and restoring the active partition with the recovery partition. 15 . The method of claim 14 , wherein the private key is stored in fuses of the one hardware processor. 16 . The method of claim 14 , wherein the private key is stored in non-volatile memory accessible to the one hardware processor. 17 . The method of claim 13 , further comprising: detecting a firmware attack; and performing secure pre-boot operations. 18 . The method of claim 17 , wherein the firmware attack is an attack on an active partition of firmware stored in an input/output hub flash. 19 . The method of claim 18 , wherein the active partition stores a basic input and output system (BIOS). 20 . The method of claim 13 , wherein the secure pre-boot operations are performed using the security circuit and an authenticated code module executing on a hardware processor. 21 . A system comprising: a hardware processor; firmware storage hardware to store firmware for the system; security circuitry to perform pre-boot operations including signature verification of a portion of firmware in the firmware storage hardware and initiating recovery upon a signature verification failure. 22 . The system of claim 1 , wherein the hardware processor is one of a plurality of multicore hardware processors. 23 . The system of claim 1 , wherein the firmware is to isolate the firmware storage hardware from an input/output hub during the pre-boot operations. 24 . The system of claim 1 , wherein the firmware is to isolate the firmware storage hardware from a baseboard management controller during the pre-boot operations. 25 . The system of claim 1 , wherein the hardware processor comprises: circuitry to verify and execute an authenticated code module stored in the firmware storage hardware during the pre-boot operations.