公开(公告)号：US20240259194A1

公开(公告)日：2024-08-01

申请号：US18212739

申请日：2023-06-22

Applicant: ADVANCED MICRO DEVICES, INC.

Inventor： Donald Matthews, JR.

IPC: H04L9/08 ,  H04L9/40

CPC classification number: H04L9/0861 ,  H04L63/0428 ,  H04L9/3242

Abstract: A computing node in a computing cluster includes at least a key generator and an encryption engine. The key generator implements a key derivation function and generates a first data encryption key based on a key derivation key. The key derivation key is a global security association encryption key shared by a plurality of nodes in the computing cluster. The first data encryption key is unique to a node pair comprising the first node and a second node of the plurality of nodes. The encryption engine encrypts a data packet using the first data encryption key.

公开(公告)号：US20240220429A1

公开(公告)日：2024-07-04

申请号：US18090601

申请日：2022-12-29

Applicant: ATI TECHNOLOGIES ULC ,  ADVANCED MICRO DEVICES, INC.

Inventor： Philip Ng ,  Nippon Raval ,  Jeremy W. Powell ,  Donald Matthews, JR. ,  David Kaplan

IPC: G06F13/28 ,  G06F9/455 ,  G06F21/57

CPC classification number: G06F13/28 ,  G06F9/45558 ,  G06F21/57 ,  G06F2009/45579 ,  G06F2009/45587

Abstract: A processor supports managing DMA accesses, in secure fashion, at an IOMMU. The IOMMU is configured to ensure that, for a given DMA request issued by an I/O device and associated with a particular executing VM, the device is bound to the VM according to a specified security registration process, and the request is targeted to a region of memory that has been assigned to the VM. The IOMMU thus prevents a malicious entity from accessing confidential information of a VM via DMA requests.

公开(公告)号：US20240289150A1

公开(公告)日：2024-08-29

申请号：US18113655

申请日：2023-02-24

Applicant: ATI TECHNOLOGIES ULC ,  ADVANCED MICRO DEVICES, INC.

Inventor： Philip Ng ,  Nippon Raval ,  Jeremy W. Powell ,  Donald Matthews, JR. ,  David Kaplan

IPC: G06F9/455 ,  G06F13/42

CPC classification number: G06F9/45558 ,  G06F13/4221 ,  G06F2009/45579 ,  G06F2213/0026

Abstract: A processor includes a security processor and an input-output memory management unit (IOMMU). The security processor is configured to maintain device control information in a secure data structure and prevent a hypervisor from accessing the secure data structure. The IOMMU is configured to process at least one device request targeting a virtual machine from an input/output device based on the secure data structure.

公开(公告)号：US20240289151A1

公开(公告)日：2024-08-29

申请号：US18113912

申请日：2023-02-24

Applicant: ATI Technologies ULC ,  Advanced Micro Devices, Inc.

Inventor： Philip Ng ,  Nippon Raval ,  Jeremy W. Powell ,  Donald Matthews, JR. ,  David Kaplan

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/45579 ,  G06F2009/45583 ,  G06F2009/45587

Abstract: A processor configured to execute one or more virtual machines (VMs) includes an input-output memory management unit (IOMMU) configured to handle memory-mapped input-output (MMIO) requests and direct memory access (DMA) requests from a processor core of the processor or one or more input/output (I/O) devices. In response to receiving an MMIO or DMA request, the IOMMU is configured to determine a VM associated with the request. The IOMMU then checks a security indicator field of an address space identifier (ASID) mask table to determine if the VM was previously the target of an attack by a malicious entity. In response to the VM previously being a target of an attack, the IOMMU denies the received MMIO or DMA request.

公开(公告)号：US20240220296A1

公开(公告)日：2024-07-04

申请号：US18090605

申请日：2022-12-29

Applicant: ATI TECHNOLOGIES ULC ,  ADVANCED MICRO DEVICES, INC.

Inventor： Philip Ng ,  Nippon Raval ,  Jeremy W. Powell ,  Donald Matthews, JR. ,  David Kaplan

IPC: G06F9/455 ,  G06F12/1081

CPC classification number: G06F9/45558 ,  G06F12/1081 ,  G06F2009/45587

Abstract: A processor manages memory-mapped input/output (MMIO) accesses, in secure fashion, at an input/output memory management unit (IOMMU). The processor is configured to ensure that, for a given MMIO request issued by a processor core and associated with a particular executing VM, the request is targeted to a MMIO address that has been assigned to the VM by a security module (e.g., a security co-processor). The processor thus prevents a malicious entity from accessing confidential information of a VM via MMIO requests.