公开(公告)号：US10430589B2

公开(公告)日：2019-10-01

申请号：US14662415

申请日：2015-03-19

Applicant: Intel Corporation

Inventor： Karunakara Kotary ,  Vincent J. Zimmer ,  Scott D. Brenden ,  Jose Benchimol ,  Panner Kumar ,  Rajesh Poornachandran

IPC: G06F21/57 ,  G06F21/74

Abstract: A dynamic firmware module loader loads one of a plurality of a firmware contexts or modules as needed in a containerized environment for secure isolated execution. The modules, called applets, may be loaded and unloaded in a firmware context. The loader may use a hardware inter process communication channel (IPC) to communicate with the secure engine. The modules may be designed to implement specific features desired by basic input/output system vendors, without the use of a system management mode. Designed modules may provide necessary storage and I/O access driver capabilities to be run in trusted execution environment containers.

公开(公告)号：US12010144B2

公开(公告)日：2024-06-11

申请号：US17351004

申请日：2021-06-17

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Jose Benchimol ,  Andrew Draper

IPC: H04L29/06 ,  G06F11/34 ,  H04L9/40 ,  G06F11/30 ,  G06F21/57

CPC classification number: H04L63/20 ,  G06F11/3409 ,  G06F11/3055 ,  G06F11/3089 ,  G06F21/57

Abstract: Various examples of device and system implementations and methods for performing end-to-end attestation operations for multi-layer hardware devices are disclosed. In an example, attestation operations are performed by a verifier, including: obtaining layered attestation evidence regarding a state of a compute device, with the layered attestation evidence including attesting evidence provided from a second hardware layer of the compute device, such that the attesting evidence provided from the second hardware layer is generated from attesting evidence provided from a first hardware layer of the compute device to the second hardware layer of the compute device; obtaining endorsement information relating to the layered attestation evidence for the state of the compute device; determining an appraisal policy for performing attestation of the compute device from the layered attestation evidence; and applying the appraisal policy and the endorsement information to the layered attestation evidence, to perform attestation of the compute device.