公开(公告)号：US11748146B2

公开(公告)日：2023-09-05

申请号：US17404786

申请日：2021-08-17

Applicant: Intel Corporation

Inventor： Ravi L. Sahita ,  Tin-Cheung Kung ,  Vedvyas Shanbhogue ,  Barry E. Huntley ,  Arie Aharon

IPC: G06F9/455 ,  G06F9/50 ,  H04L9/06

CPC classification number: G06F9/45558 ,  G06F9/455 ,  G06F9/45533 ,  G06F9/50 ,  G06F9/5005 ,  G06F9/5011 ,  G06F9/5016 ,  G06F9/5022 ,  G06F9/5061 ,  H04L9/06 ,  H04L9/0618 ,  G06F2009/4557 ,  G06F2009/45566 ,  G06F2009/45575 ,  G06F2009/45579 ,  G06F2009/45583 ,  G06F2009/45587

Abstract: Implementations describe a computing system that implements a plurality of virtual machines inside a trust domain (TD), enabled via a secure arbitration mode (SEAM) of the processor. A processor includes one or more registers to store a SEAM range of memory, a TD key identifier of a TD private encryption key. The processor is capable of initializing a trust domain resource manager (TDRM) to manage the TD, and a virtual machine monitor within the TD to manage the plurality of virtual machines therein. The processor is further capable of exclusively associating a plurality of memory pages with the TD, wherein the plurality of memory pages associated with the TD is encrypted with a TD private encryption key inaccessible to the TDRM. The processor is further capable of using the SEAM range of memory, inaccessible to the TDRM, to provide isolation between the TDRM and the plurality of virtual machines.

公开(公告)号：US10585721B2

公开(公告)日：2020-03-10

申请号：US15558116

申请日：2016-03-21

Applicant: Intel Corporation

Inventor： Peter S. Adamson ,  Nivedita Aggarwal ,  Karunakara Kotary ,  Abdul Rahman Ismail ,  Tin-Cheung Kung ,  David T. Hines ,  Chia-Hung Sophia Kuo ,  Ajay V. Bhatt ,  Karthi R. Vadivelu ,  Prashant Sethi

IPC: G06F9/54

Abstract: Particular embodiments described herein provide for an electronic device that can receive data from an operating system in an electronic device, where the data is related to hardware that is in communication with the electronic device through a multimodal interface and communicate the data and/or related data to a local policy manager, where the local policy manager is in communication with the multimodal interface. The multimodal interface can be configured to support power transfers, directionality, and multiple input/output (I/O) protocols on the same interface.

公开(公告)号：US20210373933A1

公开(公告)日：2021-12-02

申请号：US17404786

申请日：2021-08-17

Applicant: Intel Corporation

Inventor： Ravi L. Sahita ,  Tin-Cheung Kung ,  Vedvyas Shanbhogue ,  Barry E. Huntley ,  Arie Aharon

IPC: G06F9/455 ,  H04L9/06 ,  G06F9/50

Abstract: Implementations describe a computing system that implements a plurality of virtual machines inside a trust domain (TD), enabled via a secure arbitration mode (SEAM) of the processor. A processor includes one or more registers to store a SEAM range of memory, a TD key identifier of a TD private encryption key. The processor is capable of initializing a trust domain resource manager (TDRM) to manage the TD, and a virtual machine monitor within the TD to manage the plurality of virtual machines therein. The processor is further capable of exclusively associating a plurality of memory pages with the TD, wherein the plurality of memory pages associated with the TD is encrypted with a TD private encryption key inaccessible to the TDRM. The processor is further capable of using the SEAM range of memory, inaccessible to the TDRM, to provide isolation between the TDRM and the plurality of virtual machines.

公开(公告)号：US11099878B2

公开(公告)日：2021-08-24

申请号：US16456628

申请日：2019-06-28

Applicant: Intel Corporation

Inventor： Ravi L. Sahita ,  Tin-Cheung Kung ,  Vedvyas Shanbhogue ,  Barry E. Huntley ,  Arie Aharon

IPC: G06F9/455 ,  G06F9/50 ,  H04L9/06

Abstract: Implementations describe a computing system that implements a plurality of virtual machines inside a trust domain (TD), enabled via a secure arbitration mode (SEAM) of the processor. A processor includes one or more registers to store a SEAM range of memory, a TD key identifier of a TD private encryption key. The processor is capable of initializing a trust domain resource manager (TDRM) to manage the TD, and a virtual machine monitor within the TD to manage the plurality of virtual machines therein. The processor is further capable of exclusively associating a plurality of memory pages with the TD, wherein the plurality of memory pages associated with the TD is encrypted with a TD private encryption key inaccessible to the TDRM. The processor is further capable of using the SEAM range of memory, inaccessible to the TDRM, to provide isolation between the TDRM and the plurality of virtual machines.

公开(公告)号：US12254341B2

公开(公告)日：2025-03-18

申请号：US18353694

申请日：2023-07-17

Applicant: Intel Corporation

Inventor： Ravi L. Sahita ,  Tin-Cheung Kung ,  Vedvyas Shanbhogue ,  Barry E. Huntley ,  Arie Aharon

IPC: G06F9/455 ,  G06F9/50 ,  H04L9/06

Abstract: Implementations describe a computing system that implements a plurality of virtual machines inside a trust domain (TD), enabled via a secure arbitration mode (SEAM) of the processor. A processor includes one or more registers to store a SEAM range of memory, a TD key identifier of a TD private encryption key. The processor is capable of initializing a trust domain resource manager (TDRM) to manage the TD, and a virtual machine monitor within the TD to manage the plurality of virtual machines therein. The processor is further capable of exclusively associating a plurality of memory pages with the TD, wherein the plurality of memory pages associated with the TD is encrypted with a TD private encryption key inaccessible to the TDRM. The processor is further capable of using the SEAM range of memory, inaccessible to the TDRM, to provide isolation between the TDRM and the plurality of virtual machines.

公开(公告)号：US11093020B2

公开(公告)日：2021-08-17

申请号：US15819552

申请日：2017-11-21

Applicant: Intel Corporation

Inventor： Vijaykumar B. Kadgi ,  Barnes Cooper ,  Nivedita Aggarwal ,  Venkataramani Gopalakrishnan ,  Jenn Chuan Cheng ,  Basavaraj Astekar ,  Charuhasini Sunderraman ,  Han Kung Chua ,  Anil Baby ,  Tin-Cheung Kung ,  Chia-Hung Kuo

IPC: G06F1/32 ,  G06F1/3287 ,  G06F1/3296 ,  G06F13/42 ,  G06F13/38 ,  G06F1/26

Abstract: Techniques are provided for managing power delivery to multiple universal serial bus (USB) type-C ports of a desktop computer system. In an example, a method can include providing a first power level to a USB power delivery controller during a non-sleep mode operation of the desktop computer, and providing a second power level to the USB power delivery controller when the computer is in a sleep mode, the second power level configured to provide default charge power to a connected device when the computer is in the sleep mode.

公开(公告)号：US10860522B2

公开(公告)日：2020-12-08

申请号：US15600516

申请日：2017-05-19

Applicant: Intel Corporation

Inventor： Tin-Cheung Kung ,  Chia-Hung S. Kuo ,  Nivedita Aggarwal

IPC: G06F13/42 ,  G06F13/40 ,  G06F13/38

Abstract: A method and system for manages mapping of universal serial bus (USB) connectors to a plurality of USB host controllers. The method determines an enumeration of USB connectors in a system, identifying USB host controllers in the system, generating a grouping for a USB connector with USB host controllers, and configures USB routing in the system to map the USB connector with the USB host controllers according to the grouping.

公开(公告)号：US10521386B2

公开(公告)日：2019-12-31

申请号：US16109994

申请日：2018-08-23

Applicant: Intel Corporation

Inventor： Vijaykumar B. Kadgi ,  Tin-Cheung Kung ,  Nivedita Aggarwal ,  Chia-Hung Kuo ,  Prashant Sethi

IPC: G06F13/38 ,  G06F11/30 ,  G06F13/20 ,  G06F9/4401 ,  G06F1/16 ,  G06F1/26

Abstract: Various techniques for enabling the control and monitoring of a USB device mode controller to a USB-C connector, for the performance of a USB device mode data connection, are disclosed herein. In an example, a computing system that includes multiple USB-C connectors but a single USB device mode controller may manage the availability of the controller to a particular connector. The computing system may determine availability of a USB device mode controller to control the first USB-C connector, wherein the attempted data connection occurs with the first USB-C connector configured as an upstream facing port. The computing system may further perform, in response, a data role swap of the first USB-C connector to configure the first USB-C connector as a downstream facing port. The computing system may, further continue the attempted data connection with the remote computing system via the first USB-C connector configured as a downstream facing port.

公开(公告)号：US20190065423A1

公开(公告)日：2019-02-28

申请号：US16109994

申请日：2018-08-23

Applicant: Intel Corporation

Inventor： Vijaykumar B. Kadgi ,  Tin-Cheung Kung ,  Nivedita Aggarwal ,  Chia-Hung Kuo ,  Prashant Sethi

IPC: G06F13/38 ,  G06F9/4401 ,  G06F13/20 ,  G06F1/16 ,  G06F1/26 ,  G06F11/30

CPC classification number: G06F13/385 ,  G06F1/1632 ,  G06F1/263 ,  G06F1/266 ,  G06F9/4411 ,  G06F11/3051 ,  G06F13/20 ,  G06F2213/0042

Abstract: Various techniques for enabling the control and monitoring of a USB device mode controller to a USB-C connector, for the performance of a USB device mode data connection, are disclosed herein. In an example, a computing system that includes multiple USB-C connectors but a single USB device mode controller may manage the mapping of the controller to a particular connector, through operations that identify the mapping and the characteristics of the connector, process a request to change the mapping of the device mode controller, and perform the change to the mapping of the device mode controller. Such a change may include a disconnection or reassignment of a particular USB-C connector to the controller. Further examples to determine the availability of a USB device mode controller, and respond to a scenario where the USB device mode controller is not available, are also disclosed.

公开(公告)号：US10089247B2

公开(公告)日：2018-10-02

申请号：US15282647

申请日：2016-09-30

Applicant: INTEL CORPORATION

Inventor： Nitin V. Sarangdhar ,  Baiju V. Patel ,  Tin-Cheung Kung ,  Joseph F. Cihula ,  Prashant Sethi ,  Vinay Kumar Rangineni

IPC: G06F13/00 ,  G06F12/14 ,  G06F12/02 ,  G06F13/28 ,  G06F13/16 ,  G06F9/455 ,  G06F21/57

Abstract: One embodiment provides an apparatus. The apparatus includes an input output memory management unit (I/O MMU), a non-secure operating system (OS) driver, a secure OS driver and a virtual machine monitor (VMM). The I/OMMU is to couple an I/O Controller to a memory. The I/O Controller is coupled to a secure device and a non-secure device and has one I/O Controller identifier. The non-secure OS driver is associated with the non-secure device. The secure OS driver is associated with the secure device. The VMM is to allocate a secure address space to a secure OS and a non-secure address space to a non-secure OS. The secure address space is non-overlapping with the non-secure address space.