公开(公告)号：US11307925B2

公开(公告)日：2022-04-19

申请号：US15940779

申请日：2018-03-29

Applicant: Intel Corporation

Inventor： Sundar Nadathur ,  Pratik M. Marolia ,  Henry M. Mitchel ,  Joseph J. Grecco ,  Utkarsh Y. Kakaiya ,  David A. Munday

IPC: G06F11/00 ,  G06F11/07 ,  G06F1/26 ,  G06F1/04 ,  G06F1/24 ,  G06F1/02

Abstract: Systems, methods, and devices for isolating a misbehaving accelerator circuit, such as an accelerator function unit or an accelerated function context, are provided. An integrated circuit may include a region that includes an accelerator circuit. When the accelerator circuit issues a request, another region of the integrated circuit or a processor connected to the integrated circuit may determine whether there is a misbehavior associated with the request and, in response to determining that there is a misbehavior associated with the request, may perform a misbehavior response to mitigate a negative impact of the misbehavior of the accelerator circuit.

公开(公告)号：US20220091998A1

公开(公告)日：2022-03-24

申请号：US17543267

申请日：2021-12-06

Applicant: Intel Corporation

Inventor： Reshma Lal ,  Pradeep M. Pappachan ,  Luis Kida ,  Krystof Zmudzinski ,  Siddhartha Chhabra ,  Abhishek Basak ,  Alpa Narendra Trivedi ,  Anna Trikalinou ,  David M. Lee ,  Vedvyas Shanbhogue ,  Utkarsh Y. Kakaiya

IPC: G06F12/14 ,  H04L9/32 ,  G06F21/76 ,  G06F21/60 ,  H04L9/08 ,  G06F9/455 ,  G06F21/57 ,  G06F21/64 ,  H04L12/24 ,  G06F21/79 ,  H04L9/06 ,  G06F9/38 ,  G06F12/0802

Abstract: Technologies for secure device configuration and management include a computing device having an I/O device. A trusted agent of the computing device is trusted by a virtual machine monitor of the computing device. The trusted agent securely commands the I/O device to enter a trusted I/O mode, securely commands the I/O device to set a global lock on configuration registers, receives configuration data from the I/O device, and provides the configuration data to a trusted execution environment. In the trusted I/O mode, the I/O device rejects a configuration command if a configuration register associated with the configuration command is locked and the configuration command is not received from the trusted agent. The trusted agent may provide attestation information to the trusted execution environment. The trusted execution environment may verify the configuration data and the attestation information. Other embodiments are described and claimed.

公开(公告)号：US20210406199A1

公开(公告)日：2021-12-30

申请号：US16912542

申请日：2020-06-25

Applicant: Intel Corporation

Inventor： Michael Kounavis ,  David Koufaty ,  Anna Trikalinou ,  Karanvir Grewal ,  Philip Lantz ,  Utkarsh Y. Kakaiya ,  Vedvyas Shanbhogue

IPC: G06F12/14 ,  G06F12/1036 ,  G06F12/1081 ,  G06F12/0831 ,  G06F12/0882 ,  G06F12/06 ,  G06F21/60 ,  H04L9/32

Abstract: Embodiments are directed to providing a secure address translation service. An embodiment of a system includes a memory for storage of data, an Input/Output Memory Management Unit (IOMMU) coupled to the memory via a host-to-device link the IOMMU to perform operations, comprising receiving an address translation request from a remote device via a host-to-device link, wherein the address translation request comprises a virtual address (VA), determining a physical address (PA) associated with the virtual address (VA), generating an encrypted physical address (EPA) using at least the physical address (PA) and a cryptographic key, and sending the encrypted physical address (EPA) to the remote device via the host-to-device link.

公开(公告)号：US20200210363A1

公开(公告)日：2020-07-02

申请号：US16727466

申请日：2019-12-26

Applicant: Intel Corporation

Inventor： Vinay Raghav ,  David J. Harriman ,  Utkarsh Y. Kakaiya

IPC: G06F13/40 ,  G06F13/42 ,  G06F12/06 ,  G06F9/30

Abstract: A device includes a plurality of ports and a plurality of capability registers that correspond to a respective one of the plurality of ports. The device is to connect to one or more processors of a host device through the plurality of ports, and each of the plurality of ports comprises a respective protocol stack to support a respective link between the corresponding port and the host device according to a particular interconnect protocol. Each of the plurality of capability registers comprises a respective set of fields for use in configuration of the link between its corresponding port and one of the one or more processors of the host device. The fields include a field to indicate an association between the port and a particular processor, a field to indicate a port identifier for the port, and a field to indicate a total number of ports of the device.

公开(公告)号：US10521388B2

公开(公告)日：2019-12-31

申请号：US16146466

申请日：2018-09-28

Applicant: Intel Corporation

Inventor： Vinay Raghav ,  David J. Harriman ,  Utkarsh Y. Kakaiya

IPC: G06F13/12 ,  G06F13/40 ,  G06F9/30 ,  G06F12/06 ,  G06F13/42

Abstract: A device includes a plurality of ports and a plurality of capability registers that correspond to a respective one of the plurality of ports. The device is to connect to one or more processors of a host device through the plurality of ports, and each of the plurality of ports comprises a respective protocol stack to support a respective link between the corresponding port and the host device according to a particular interconnect protocol. Each of the plurality of capability registers comprises a respective set of fields for use in configuration of the link between its corresponding port and one of the one or more processors of the host device. The fields include a field to indicate an association between the port and a particular processor, a field to indicate a port identifier for the port, and a field to indicate a total number of ports of the device.

公开(公告)号：US20180331900A1

公开(公告)日：2018-11-15

申请号：US15592799

申请日：2017-05-11

Applicant: Intel Corporation

Inventor： Utkarsh Y. Kakaiya ,  Joshua D. Fender ,  Joseph Grecco ,  Prashant Sethi ,  Nagabhushan Chitlur ,  Pratik M. Marolia ,  Henry M. Mitchel

IPC: H04L12/24 ,  G06F9/455

CPC classification number: H04L41/0813 ,  G06F9/455 ,  H04L12/40

Abstract: An embodiment of a device manager apparatus may include a request processor to process a request for a reconfiguration of a reconfigurable device, a configuration controller communicatively coupled to the request processor to reconfigure the reconfigurable device based on the request, and a pseudo-device manager communicatively coupled to the request processor to create a pseudo device based on the request which corresponds to a functionality of the reconfiguration.

公开(公告)号：US20240338319A1

公开(公告)日：2024-10-10

申请号：US18745603

申请日：2024-06-17

Applicant: Intel Corporation

Inventor： Utkarsh Y. Kakaiya ,  Sanjay Kumar ,  Rajesh M. Sankaran ,  Philip R. Lantz ,  Ashok Raj ,  Kun Tian

IPC: G06F12/1009 ,  G06F9/455 ,  G06F12/06 ,  G06F12/1081

CPC classification number: G06F12/1009 ,  G06F9/45558 ,  G06F12/063 ,  G06F12/1081 ,  G06F2009/45579 ,  G06F2009/45583 ,  G06F2009/45591

Abstract: Embodiments of apparatuses, methods, and systems for unified address translation for virtualization of input/output devices are described. In an embodiment, an apparatus includes first circuitry to use at least an identifier of a device to locate a context entry and second circuitry to use at least a process address space identifier (PASID) to locate a PASID-entry. The context entry is to include at least one of a page-table pointer to a page-table translation structure and a PASID. The PASID-entry is to include at least one of a first-level page-table pointer to a first-level translation structure and a second-level page-table pointer to a second-level translation structure. The PASID is to be supplied by the device. At least one of the apparatus, the context entry, and the PASID entry is to include one or more control fields to indicate whether the first-level page-table pointer or the second-level page-table pointer is to be used.

公开(公告)号：US12045640B2

公开(公告)日：2024-07-23

申请号：US16909084

申请日：2020-06-23

Applicant: Intel Corporation

Inventor： Sanjay K. Kumar ,  Philip Lantz ,  Rajesh Sankaran ,  Narayan Ranganathan ,  Saurabh Gayen ,  David A. Koufaty ,  Utkarsh Y. Kakaiya

IPC: G06F9/455 ,  G06F9/34 ,  G06F9/48 ,  G06F12/10 ,  G06F12/109 ,  G06F12/14

CPC classification number: G06F9/45558 ,  G06F9/342 ,  G06F9/4875 ,  G06F12/10 ,  G06F12/109 ,  G06F12/1441 ,  G06F2009/45579 ,  G06F2009/45583 ,  G06F12/145 ,  G06F12/1475 ,  G06F12/1483 ,  G06F2212/1016 ,  G06F2212/152 ,  G06F2212/656 ,  G06F2212/657

Abstract: In one embodiment, a data mover accelerator is to receive, from a first agent having a first address space and a first process address space identifier (PASID) to identify the first address space, a first job descriptor comprising a second PASID selector to specify a second PASID to identify a second address space. In response to the first job descriptor, the data mover accelerator is to securely access the first address space and the second address space. Other embodiments are described and claimed.

公开(公告)号：US20240004990A1

公开(公告)日：2024-01-04

申请号：US17854159

申请日：2022-06-30

Applicant: Intel Corporation

Inventor： Utkarsh Y. Kakaiya

IPC: G06F21/53 ,  G06F9/455

CPC classification number: G06F21/53 ,  G06F9/45558 ,  G06F2009/45579 ,  G06F2009/45587 ,  G06F2221/034

Abstract: Methods and apparatus relating to techniques to enable co-existence and inter-operation of legacy devices and Trusted Execution Environment (TEE) Input/Output (TO) capable devices from confidential virtual machines are described. In an embodiment, a processor executes at least one Trusted Environment (TE) with a TE address space and a non-TE address space. Logic circuitry selects between the TE address space and the non-TE address space based at least in part on a value of a TE tag for a transaction. The TE address space maps one or more TE Input/Output (TO) devices and the non-TE address space maps one or more legacy IO devices. Other embodiments are also disclosed and claimed.

公开(公告)号：US20230289229A1

公开(公告)日：2023-09-14

申请号：US17854322

申请日：2022-06-30

Applicant: Intel Corporation

Inventor： Utkarsh Y. Kakaiya ,  Saurabh Gayen ,  Kapil Sood ,  Naveen Lakkakula

IPC: G06F9/50 ,  G06F9/48 ,  G06F21/57

CPC classification number: G06F9/5027 ,  G06F9/4881 ,  G06F21/57

Abstract: Methods and apparatus relating to confidential computing extensions for highly scalable accelerators are described. One or more embodiments provide extensions for scalable accelerator(s) to be able to directly assign accelerator work-queue(s) to Trusted Execution Environment (TEE) Virtual Machines (TVMs). Other embodiments are also disclosed and claimed.