-
21.发明申请公开(公告)号:US20220092223A1
公开(公告)日:2022-03-24
申请号:US17515092
申请日:2021-10-29
Applicant: Intel Corporation
Inventor: Luis Kida , Krystof Zmudzinski , Reshma Lal , Pradeep Pappachan , Abhishek Basak , Anna Trikalinou
Abstract: Technologies for secure I/O include a compute device having a processor, a memory, an input/output (I/O) device, and a filter logic. The filter logic is configured to receive a first key identifier from the processor, wherein the first key identifier is indicative of a shared memory range includes a shared key identifier range to be used for untrusted I/O devices and receive a transaction from the I/O device, wherein the transaction includes a second key identifier and a trust device ID indicator associated with the I/O device. The filter logic is further configured to determine whether the transaction is asserted with the trust device ID indicator indicative of whether the I/O device is assigned to a trust domain and determine, in response to a determination that the transaction is not asserted with the trust device ID indicator, whether the second key identifier matches the first key identifier.
-
Patent Agency Ranking
公开(公告)号:US20220083347A1
公开(公告)日:2022-03-17
申请号:US17019880
申请日:2020-09-14
Applicant: Intel Corporation
Inventor: Scott Constable , Bin Xing , Fangfei Liu , Thomas Unterluggauer , Krystof Zmudzinski
IPC: G06F9/4401 , G06F9/30
Abstract: A method comprises receiving an instruction to resume operations of an enclave in a cloud computing environment and generating a pseud-random time delay before resuming operations of the enclave in the cloud computing environment.
-
公开(公告)号:US10552344B2
公开(公告)日:2020-02-04
申请号:US15854278
申请日:2017-12-26
Applicant: Intel Corporation
Inventor: Carlos V. Rozas , Ittai Anati , Francis X. McKeen , Krystof Zmudzinski , Ilya Alexandrovich , Somnath Chakrabarti , Dror Caspi , Meltem Ozsoy
IPC: G06F12/14 , G06F12/08 , G06F12/10 , G06F3/06 , G06F12/0806 , G06F12/0868 , G06F12/1009 , G06F12/1027 , G06F12/128
Abstract: A secure enclave circuit stores an enclave page cache map to track contents of a secure enclave in system memory that stores secure data containing a page having a virtual address. An execution unit is to, in response to a request to evict the page from the secure enclave: block creation of translations of the virtual address; record one or more hardware threads currently accessing the secure data in the secure enclave; send an inter-processor interrupt to one or more cores associated with the one or more hardware threads, to cause the one or more hardware threads to exit the secure enclave and to flush translation lookaside buffers of the one or more cores; and in response to detection of a page fault associated with the virtual address for the page in the secure enclave, unblock the creation of translations of the virtual address.
-
公开(公告)号:US20190311123A1
公开(公告)日:2019-10-10
申请号:US16444053
申请日:2019-06-18
Applicant: Intel Corporation
Inventor: Reshma Lal , Pradeep M. Pappachan , Luis Kida , Krystof Zmudzinski , Siddhartha Chhabra , Abhishek Basak , Alpa Narendra Trivedi , Anna Trikalinou , David M. Lee , Vedvyas Shanbhogue , Utkarsh Y. Kakaiya
Abstract: Technologies for secure device configuration and management include a computing device having an I/O device. A trusted agent of the computing device is trusted by a virtual machine monitor of the computing device. The trusted agent securely commands the I/O device to enter a trusted I/O mode, securely commands the I/O device to set a global lock on configuration registers, receives configuration data from the I/O device, and provides the configuration data to a trusted execution environment. In the trusted I/O mode, the I/O device rejects a configuration command if a configuration register associated with the configuration command is locked and the configuration command is not received from the trusted agent. The trusted agent may provide attestation information to the trusted execution environment. The trusted execution environment may verify the configuration data and the attestation information. Other embodiments are described and claimed.
-
25.发明申请公开(公告)号:US20190227827A1
公开(公告)日:2019-07-25
申请号:US16369295
申请日:2019-03-29
Applicant: Intel Corporation
Inventor: Krystof Zmudzinski , Siddhartha Chhabra , Reshma Lal , Alpa Narendra Trivedi , Luis S. Kida , Pradeep M. Pappachan , Abhishek Basak , Anna Trikalinou
Abstract: Technologies for secure I/O include a compute device, which further includes a processor, a memory, a trusted execution environment (TEE), one or more input/output (I/O) devices, and an I/O subsystem. The I/O subsystem includes a device memory access table (DMAT) programmed by the TEE to establish bindings between the TEE and one or more I/O devices that the TEE trusts and a memory ownership table (MOT) programmed by the TEE when a memory page is allocated to the TEE.
-
26.发明申请公开(公告)号:US20190138755A1
公开(公告)日:2019-05-09
申请号:US16234871
申请日:2018-12-28
Applicant: Intel Corporation
Inventor: Luis Kida , Krystof Zmudzinski , Reshma Lal , Pradeep Pappachan , Abhishek Basak , Anna Trikalinou
Abstract: Technologies for secure I/O include a compute device having a processor, a memory, an input/output (I/O) device, and a filter logic. The filter logic is configured to receive a first key identifier from the processor, wherein the first key identifier is indicative of a shared memory range includes a shared key identifier range to be used for untrusted I/O devices and receive a transaction from the I/O device, wherein the transaction includes a second key identifier and a trust device ID indicator associated with the I/O device. The filter logic is further configured to determine whether the transaction is asserted with the trust device ID indicator indicative of whether the I/O device is assigned to a trust domain and determine, in response to a determination that the transaction is not asserted with the trust device ID indicator, whether the second key identifier matches the first key identifier.
-
-
-
-
-
Search Results
26
records
(took 0.027 seconds)
