公开(公告)号：US20190042141A1

公开(公告)日：2019-02-07

申请号：US15966469

申请日：2018-04-30

Applicant: Intel Corporation

Inventor： Michael Rothman ,  Vincent Zimmer

IPC: G06F3/06

Abstract: An embodiment of a semiconductor package apparatus may include technology to determine one or more filtered memory locations of a memory, determine if a read access for the memory corresponds to the one or more filtered memory locations, and return a pre-determined filter value as a result of the read access if the read access is determined to correspond to the one or more filtered memory locations. Other embodiments are disclosed and claimed.

公开(公告)号：US10025934B2

公开(公告)日：2018-07-17

申请号：US15665669

申请日：2017-08-01

Applicant: Intel Corporation

Inventor： Michael A. Rothman ,  Vincent Zimmer ,  Mark S. Doran

IPC: G06F21/57 ,  G06F21/62 ,  G06F21/60 ,  G06F9/4401

Abstract: Technologies for media protection policy enforcement include a computing device having multiple operating systems and a data storage device partitioned into a number of regions. During execution of each of the operating systems, a policy enforcement module may intercept media access requests and determine whether to allow the media access requests based on platform media access policies. The media access policies may allow requests based on the identity of the executing operating system, the region of the data storage device, or the requested storage operation. Prior to loading a selected operating system, a firmware policy enforcement module may determine a region of the disk storage device to protect from the selected operating system. The firmware policy enforcement module may configure the data storage device to prevent access to that region. The media access policies may be stored in one or more firmware variables. Other embodiments are described and claimed.

公开(公告)号：US20160267276A1

公开(公告)日：2016-09-15

申请号：US15164398

申请日：2016-05-25

Applicant: Intel Corporation

Inventor： Ting Ye ,  Qin Long ,  Vincent Zimmer

IPC: G06F21/57

CPC classification number: G06F21/575 ,  G06F21/45 ,  G06F2221/034 ,  G06F2221/2117 ,  G06F2221/2131

Abstract: Described herein is technology for restoring access to a user account. In particular, systems and methods for account recovery using a platform attestation credential are described. In some embodiments, the platform attestation credential is generated by an authentication device in a pre boot environment. A first copy of the platform attestation credential may be bound by an account management system to a user account. Access to the user account may subsequently be restored using a second copy of the platform attestation credential.

Abstract translation: 这里描述的是用于恢复对用户帐户的访问的技术。 特别地，描述了使用平台认证证书进行帐户恢复的系统和方法。 在一些实施例中，平台证明凭证由预引导环境中的认证设备生成。 平台认证凭证的第一个副本可能会被帐户管理系统约束到用户帐户。 随后可以使用平台认证凭证的第二副本来恢复对用户帐户的访问。

公开(公告)号：US09323541B2

公开(公告)日：2016-04-26

申请号：US13976504

申请日：2013-02-25

Applicant: Intel Corporation

Inventor： Qin Long ,  Ting Ye ,  Vincent Zimmer ,  Jiewen Yao

IPC: G06F9/00 ,  G06F9/44 ,  G06F9/445 ,  G06F21/51 ,  G06F21/57

CPC classification number: G06F9/4401 ,  G06F9/445 ,  G06F21/51 ,  G06F21/575

Abstract: Technologies are provided in example embodiments for determining that a module is to be loaded, the module being associated with module code, determining that the module is a frozen module, the frozen module being associated with frozen module code, determining that a module fingerprint of the module fails to correspond with a frozen module fingerprint of the frozen module, and causing loading of the frozen module code instead of the module code.

Abstract translation: 在示例实施例中提供技术，用于确定要加载模块，模块与模块代码相关联，确定模块是冻结模块，冻结模块与冻结的模块代码相关联，确定模块的模块指纹 模块不能对应于冻结模块的冻结模块指纹，并导致加载冻结模块代码而不是模块代码。

公开(公告)号：US12271325B2

公开(公告)日：2025-04-08

申请号：US17703050

申请日：2022-03-24

Applicant: Intel Corporation

Inventor： Jiewen Yao ,  Vincent Zimmer

IPC: G06F21/57 ,  G06F8/65 ,  G06F9/445 ,  G06F9/455 ,  G06F9/48 ,  G06F12/14 ,  G06F13/24 ,  G06F21/62 ,  G06F21/56

Abstract: A system management mode (SMM) runtime resiliency manager (SRM) augments computing resource protection policies provided by an SMM policy shim. The SMM shim protects system resources by deprivileging system management interrupt (SMI) handlers to a lower level of privilege (e.g., ring 3 privilege) and by configuring page tables and register bitmaps (e.g., I/O, MSR, and Save State register bitmaps). SRM capabilities include protecting the SMM shim, updating the SMM shim, protecting a computing system during SMM shim update, detecting SMM attacks, and recovering attacked or faulty SMM components.

公开(公告)号：US12217175B2

公开(公告)日：2025-02-04

申请号：US17560025

申请日：2021-12-22

Applicant: Intel Corporation

Inventor： Rajesh Poornachandran ,  Vincent Zimmer

IPC: G06F9/46 ,  G06F9/38 ,  G06F9/455 ,  G06F9/48 ,  G06F9/50 ,  G06F21/54 ,  G06N3/042 ,  G06N3/063 ,  G06N3/08

Abstract: Methods, apparatus, and articles of manufacture to conditionally activate a big core in a computing system are disclosed. An example apparatus including instructions stored in the apparatus; and processor circuitry to execute the instructions to: in response to a request to operate two or more processing devices as a single processing device, determine whether the two or more processing devices are available and capable of executing instructions according to the request; when the two or more processing devices are available and capable: split the instructions into first sub-instructions and second sub-instructions; provide (a) the first sub-instructions to a first processing device of the two or more processing devices and (b) the second sub-instructions to a second processing device of the two or more processing devices; and generate an output by combining a first output of the first processing device and a second output of the second processing device.

公开(公告)号：US12124856B2

公开(公告)日：2024-10-22

申请号：US17211549

申请日：2021-03-24

Applicant: Intel Corporation

Inventor： Subrata Banik ,  Aamir Bohra ,  Vincent Zimmer ,  Robert E. Gough ,  Xiang Ma ,  Jabeena Begum Gaibusab

IPC: G06F9/4401 ,  G06F8/65 ,  G06F15/78 ,  G06F21/57

CPC classification number: G06F9/4411 ,  G06F15/7807 ,  G06F8/65 ,  G06F9/4401 ,  G06F21/572

Abstract: During a computing system boot sequence, reference firmware provided by a computing system component supplies Advanced Configuration and Power Interface (ACPI) code that generates ACPI tables and definition blocks to a bootloader. During a boot sequence, the reference firmware receives an indication from the bootloader which components the reference firmware is to initialize. As part of component initialization performed by the reference firmware, the reference firmware populates hand-off data structures (e.g., hand-off blocks (HOBs)) with ACPI code (AML code) that, when executed by the bootloader, generates and populates ACPI tables (e.g., DSDT and SSDT tables) and definition blocks with information pertinent to the initialization and runtime management of computing system components. Component initialization and runtime configuration workarounds can be implemented in the bootloader incorporating reference firmware updates provided by the component vendor.

公开(公告)号：US20240168754A1

公开(公告)日：2024-05-23

申请号：US18522526

申请日：2023-11-29

Applicant: Intel Corporation

Inventor： Vincent Zimmer ,  Jiewen Yao

IPC: G06F8/71 ,  G06F8/65

CPC classification number: G06F8/71 ,  G06F8/65

Abstract: An embodiment of a semiconductor package apparatus may include technology to determine version information for a new firmware component, read dependency information corresponding to the firmware component, and determine if dependency is satisfied between the new firmware component and one or more other firmware components based on the version information and the dependency information of the new firmware component. Other embodiments are disclosed and claimed.

公开(公告)号：US11792280B2

公开(公告)日：2023-10-17

申请号：US18067097

申请日：2022-12-16

Applicant: Intel Corporation

Inventor： Rajesh Poornachandran ,  Vincent Zimmer ,  Subrata Banik ,  Marcos Carranza ,  Kshitij Arun Doshi ,  Francesc Guim Bernat ,  Karthik Kumar

IPC: H04L67/51 ,  H04L67/562 ,  H04L41/5009 ,  H04L9/32 ,  H04L9/00

CPC classification number: H04L67/51 ,  H04L9/3278 ,  H04L41/5009 ,  H04L67/562 ,  H04L9/50

Abstract: An apparatus to facilitate provenance audit trails for microservices architectures is disclosed. The apparatus includes one or more processors to: obtain, by a microservice of a service hosted in a datacenter, provisioned credentials for the microservice based on an attestation protocol; generate, for a task performed by the microservice, provenance metadata for the task, the provenance metadata including identification of the microservice, operating state of at least one of a hardware resource or a software resource used to execute the microservice and the task, and operating state of a sidecar of the microservice during the task; encrypt the provenance metadata with the provisioned credentials for the microservice; and record the encrypted provenance metadata in a local blockchain of provenance metadata maintained for the hardware resource executing the task and the microservice.

公开(公告)号：US20230198875A1

公开(公告)日：2023-06-22

申请号：US17556051

申请日：2021-12-20

Applicant: Intel Corporation

Inventor： Rajesh Poornachandran ,  Vincent Zimmer ,  Subrata Banik ,  Marcos Carranza ,  Kshitij Arun Doshi ,  Francesc Guim Bernat ,  Karthik Kumar

IPC: H04L43/0817 ,  H04L43/0894 ,  H04L43/0864 ,  H04L41/5009 ,  G06N20/00

CPC classification number: H04L43/0817 ,  G06N20/00 ,  H04L41/5009 ,  H04L43/0864 ,  H04L43/0894

Abstract: An apparatus to facilitate at-scale telemetry using interactive matrix for deterministic microservices performance is disclosed. The apparatus includes one or more processors to: receive user input comprising an objective or task corresponding to scheduling a microservice for a service, wherein the objective or task may include QoS, SLO, ML feedback; identify interaction matrix components in an interaction matrix that match the objective or tasks for the microservice; identify knowledgebase components in knowledgebase that match the objective or tasks for the microservice; and determine a scheduling operation for the microservice, the scheduling operation to deploy the microservice in a configuration that is in accordance with the objective or task, wherein the configuration comprises a set of hardware devices and microservice interaction points determined based on the interaction matrix components and the knowledgebase components.