公开(公告)号：US12292840B2

公开(公告)日：2025-05-06

申请号：US17352631

申请日：2021-06-21

Applicant: Intel Corporation

Inventor： Utkarsh Y. Kakaiya ,  Rajesh Sankaran ,  David Koufaty

IPC: G06F12/14 ,  G06F12/1009

Abstract: An embodiment of an integrated circuit comprises circuitry to store memory protection information for a non-host memory in a memory protection cache, and perform one or more memory protection checks on a translated access request for the non-host memory based on the stored memory protection information. Other embodiments are disclosed and claimed.

公开(公告)号：US20250103514A1

公开(公告)日：2025-03-27

申请号：US18974472

申请日：2024-12-09

Applicant: Intel Corporation

Inventor： Reshma Lal ,  Pradeep M. Pappachan ,  Luis Kida ,  Krystof Zmudzinski ,  Siddhartha Chhabra ,  Abhishek Basak ,  Alpa Narendra Trivedi ,  Anna Trikalinou ,  David M. Lee ,  Vedvyas Shanbhogue ,  Utkarsh Y. Kakaiya

IPC: G06F12/14 ,  G06F9/38 ,  G06F9/455 ,  G06F12/0802 ,  G06F21/57 ,  G06F21/60 ,  G06F21/64 ,  G06F21/76 ,  G06F21/79 ,  H04L9/06 ,  H04L9/08 ,  H04L9/32 ,  H04L41/046 ,  H04L41/28

Abstract: Technologies for secure device configuration and management include a computing device having an I/O device. A trusted agent of the computing device is trusted by a virtual machine monitor of the computing device. The trusted agent securely commands the I/O device to enter a trusted I/O mode, securely commands the I/O device to set a global lock on configuration registers, receives configuration data from the I/O device, and provides the configuration data to a trusted execution environment. In the trusted I/O mode, the I/O device rejects a configuration command if a configuration register associated with the configuration command is locked and the configuration command is not received from the trusted agent. The trusted agent may provide attestation information to the trusted execution environment. The trusted execution environment may verify the configuration data and the attestation information. Other embodiments are described and claimed.

公开(公告)号：US12210660B2

公开(公告)日：2025-01-28

申请号：US17548170

申请日：2021-12-10

Applicant: Intel Corporation

Inventor： Anna Trikalinou ,  Abhishek Basak ,  Rupin H. Vakharwala ,  Utkarsh Y. Kakaiya

IPC: G06F21/83 ,  G06F21/62 ,  G06F21/78

Abstract: In one embodiment, a read request is received from a peripheral device across an interconnect, with the read request including a process identifier and an encrypted virtual address. One or more keys are obtained based on the process identifier of the read request, and the encrypted virtual address of the read request is decrypted based on the one or more keys to obtain an unencrypted virtual address. Encrypted data is retrieved from memory based on the unencrypted virtual address, and the encrypted data is decrypted based on the one or more keys to obtain plaintext data. The plaintext data is transmitted to the peripheral device across the interconnect.

公开(公告)号：US12189542B2

公开(公告)日：2025-01-07

申请号：US17543267

申请日：2021-12-06

Applicant: Intel Corporation

Inventor： Reshma Lal ,  Pradeep M. Pappachan ,  Luis Kida ,  Krystof Zmudzinski ,  Siddhartha Chhabra ,  Abhishek Basak ,  Alpa Narendra Trivedi ,  Anna Trikalinou ,  David M. Lee ,  Vedvyas Shanbhogue ,  Utkarsh Y. Kakaiya

IPC: G06F12/14 ,  G06F9/38 ,  G06F9/455 ,  G06F12/0802 ,  G06F21/57 ,  G06F21/60 ,  G06F21/64 ,  G06F21/76 ,  G06F21/79 ,  H04L9/06 ,  H04L9/08 ,  H04L9/32 ,  H04L41/046 ,  H04L41/28

Abstract: Technologies for secure device configuration and management include a computing device having an I/O device. A trusted agent of the computing device is trusted by a virtual machine monitor of the computing device. The trusted agent securely commands the I/O device to enter a trusted I/O mode, securely commands the I/O device to set a global lock on configuration registers, receives configuration data from the I/O device, and provides the configuration data to a trusted execution environment. In the trusted I/O mode, the I/O device rejects a configuration command if a configuration register associated with the configuration command is locked and the configuration command is not received from the trusted agent. The trusted agent may provide attestation information to the trusted execution environment. The trusted execution environment may verify the configuration data and the attestation information. Other embodiments are described and claimed.

公开(公告)号：US12164971B2

公开(公告)日：2024-12-10

申请号：US18301733

申请日：2023-04-17

Applicant: Intel Corporation

Inventor： Utkarsh Y. Kakaiya ,  Rajesh Sankaran ,  Sanjay Kumar ,  Kun Tian ,  Philip Lantz

IPC: G06F9/50 ,  G06F15/76 ,  H04L51/226 ,  G06F15/17 ,  H04L61/59 ,  H04L67/2885

Abstract: Techniques for scalable virtualization of an Input/Output (I/O) device are described. An electronic device composes a virtual device comprising one or more assignable interface (AI) instances of a plurality of AI instances of a hosting function exposed by the I/O device. The electronic device emulates device resources of the I/O device via the virtual device. The electronic device intercepts a request from the guest pertaining to the virtual device, and determines whether the request from the guest is a fast-path operation to be passed directly to one of the one or more AI instances of the I/O device or a slow-path operation that is to be at least partially serviced via software executed by the electronic device. For a slow-path operation, the electronic device services the request at least partially via the software executed by the electronic device.

公开(公告)号：US11966281B2

公开(公告)日：2024-04-23

申请号：US17723383

申请日：2022-04-18

Applicant: Intel Corporation

Inventor： Sundar Nadathur ,  Pratik M. Marolia ,  Henry M. Mitchel ,  Joseph J. Grecco ,  Utkarsh Y. Kakaiya ,  David A. Munday

IPC: G06F11/00 ,  G06F11/07

CPC classification number: G06F11/0793 ,  G06F11/0706 ,  G06F11/0721 ,  G06F11/0751

Abstract: Systems, methods, and devices for isolating a misbehaving accelerator circuit, such as an accelerator function unit or an accelerated function context, are provided. An integrated circuit may include a region that includes an accelerator circuit. When the accelerator circuit issues a request, another region of the integrated circuit or a processor connected to the integrated circuit may determine whether there is a misbehavior associated with the request and, in response to determining that there is a misbehavior associated with the request, may perform a misbehavior response to mitigate a negative impact of the misbehavior of the accelerator circuit.

公开(公告)号：US20240054011A1

公开(公告)日：2024-02-15

申请号：US18233308

申请日：2023-08-12

Applicant: Intel Corporation

Inventor： Rajesh M. Sankaran ,  Philip R. Lantz ,  Narayan Ranganathan ,  Saurabh Gayen ,  Sanjay Kumar ,  Nikhil Rao ,  Dhananjay A. Joshi ,  Hai Ming Khor ,  Utkarsh Y. Kakaiya

IPC: G06F9/48 ,  G06F9/50 ,  G06F12/0802

CPC classification number: G06F9/4881 ,  G06F9/5027 ,  G06F12/0802

Abstract: Methods and apparatus relating to data streaming accelerators are described. In an embodiment, a hardware accelerator such as a Data Streaming Accelerator (DSA) logic circuitry performs data movement and/or data transformation for data to be transferred between a processor (having one or more processor cores) and a storage device. Other embodiments are also disclosed and claimed.

公开(公告)号：US11656916B2

公开(公告)日：2023-05-23

申请号：US17361932

申请日：2021-06-29

Applicant: Intel Corporation

Inventor： Utkarsh Y. Kakaiya ,  Rajesh Sankaran ,  Sanjay Kumar ,  Kun Tian ,  Philip Lantz

IPC: G06F9/50 ,  G06F15/76 ,  H04L51/226 ,  G06F15/17 ,  H04L67/2885 ,  H04L61/59

CPC classification number: G06F9/5077 ,  G06F9/5038 ,  G06F15/76 ,  H04L51/226 ,  G06F15/17 ,  H04L61/59 ,  H04L67/2885 ,  H04T2001/2093

Abstract: Techniques for scalable virtualization of an Input/Output (I/O) device are described. An electronic device composes a virtual device comprising one or more assignable interface (AI) instances of a plurality of AI instances of a hosting function exposed by the I/O device. The electronic device emulates device resources of the I/O device via the virtual device. The electronic device intercepts a request from the guest pertaining to the virtual device, and determines whether the request from the guest is a fast-path operation to be passed directly to one of the one or more AI instances of the I/O device or a slow-path operation that is to be at least partially serviced via software executed by the electronic device. For a slow-path operation, the electronic device services the request at least partially via the software executed by the electronic device.

公开(公告)号：US11599621B2

公开(公告)日：2023-03-07

申请号：US16370921

申请日：2019-03-30

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Rajesh Sankaran ,  Abhishek Basak ,  Pradeep Pappachan ,  Utkarsh Y. Kakaiya ,  Ravi Sahita ,  Rupin Vakharwala

IPC: G06F21/44 ,  G06F13/16 ,  G06F3/06 ,  G06F21/79

Abstract: Systems, methods, and apparatuses relating to performing an attachment of an input-output memory management unit (IOMMU) to a device, and a verification of the attachment. In one embodiment, a protocol and IOMMU extensions are used by a secure arbitration mode (SEAM) module and/or circuitry to determine if the IOMMU that is attached to the device requested to be mapped to a trusted domain.

公开(公告)号：US11556437B2

公开(公告)日：2023-01-17

申请号：US16211950

申请日：2018-12-06

Applicant: Intel Corporation

Inventor： Mitu Aggarwal ,  Nrupal Jani ,  Manasi Deval ,  Kiran Patil ,  Parthasarathy Sarangam ,  Rajesh M. Sankaran ,  Sanjay K. Kumar ,  Utkarsh Y. Kakaiya ,  Philip Lantz ,  Kun Tian

IPC: G06F9/455 ,  G06F9/46 ,  G06F11/20 ,  G06F3/06 ,  G06F13/16 ,  G06F13/42 ,  G06F13/40 ,  G06F15/173 ,  G06F9/48

Abstract: Examples include a method of live migrating a virtual device by creating a virtual device in a virtual machine, creating first and second interfaces for the virtual device, transferring data over the first interface, detecting a disconnection of the virtual device from the virtual machine, switching data transfers for the virtual device from the first interface to the second interface, detecting a reconnection of the virtual device to the virtual machine, and switching data transfers for the virtual device from the second interface to the first interface.