公开(公告)号：EP1880339A2

公开(公告)日：2008-01-23

申请号：EP06759818.5

申请日：2006-05-11

申请人： Intel Corporation

发明人： SCARLATA, Vincent ,  ROZAS, Carlos

IPC分类号： G06F21/00

CPC分类号： G06F21/72 ,  G06F21/53 ,  G06F21/552 ,  G06F21/577 ,  G06F21/602 ,  G06F21/74 ,  G06F21/79 ,  G06F2221/2103 ,  G06F2221/2105 ,  G06F2221/2149

摘要： A virtual security coprocessor framework supports creation of at least one device model to emulate a predetermined cryptographic coprocessor. In one embodiment, the virtual security coprocessor framework uses a cryptographic coprocessor in a processing system to create an instance of the device model (DM) in the processing system. The DM may be based at least in part on a predetermined device model design. The DM may emulate the predetermined cryptographic coprocessor in accordance with the control logic of the device model design. In one embodiment, the virtual security coprocessor framework uses a physical trusted platform module (TPM) in a processing system to support one or more virtual TPMs (vTPMs) for one or more virtual machines (VMs) in the processing system. Other embodiments are described and claimed.

摘要翻译： 虚拟安全协处理器框架支持创建至少一个设备模型来模拟预定的密码协处理器。 在一个实施例中，虚拟安全协处理器框架在处理系统中使用密码协处理器来在处理系统中创建设备模型（DM）的实例。 DM可以至少部分地基于预定的设备模型设计。 DM可以根据设备模型设计的控制逻辑来模拟预定的密码协处理器。 在一个实施例中，虚拟安全协处理器框架使用处理系统中的物理可信平台模块（TPM）来支持处理系统中的一个或多个虚拟机（VM）的一个或多个虚拟TPM（vTPM）。 描述和要求保护其他实施例。

公开(公告)号：EP4296877A2

公开(公告)日：2023-12-27

申请号：EP23209375.7

申请日：2020-02-07

申请人： INTEL Corporation

发明人： SHANBHOGUE, Vedvyas ,  SAHITA, Ravi L. ,  SCARLATA, Vincent ,  HUNTLEY, Barry E.

IPC分类号： G06F21/79

摘要： A processor comprising decode circuitry to decode a SEAMCALL instruction for a virtual machine monitor (VMM) in legacy VMX root operation mode; and execution circuitry to perform operations corresponding to the SEAMCALL instruction, including to: cause a virtual machine (VM) exit; transition the processor from the legacy VMX root operation mode to a secure arbitration mode (SEAM) VMX root operation mode, wherein a SEAM module is to be hosted in the SEAM VMX root operation mode; store a VMM state of the processor to a virtual machine control structure (VMCS); load a SEAM module state of the processor from the VMCS; inhibit system management interrupts (SMI) and non-maskable interrupts (NMI) in the SEAM VMX root operation mode; and invoke the SEAM module. A system comprising a system memory; and said processor as stated above.

公开(公告)号：EP3716128A1

公开(公告)日：2020-09-30

申请号：EP20156141.2

申请日：2020-02-07

申请人： INTEL Corporation

发明人： SHANBHOGUE, Vedvyas ,  SAHITA, Ravi L. ,  SCARLATA, Vincent ,  HUNTLEY, Barry E.

IPC分类号： G06F21/71 ,  G06F21/79

摘要： A processor includes a range register to store information that identifies a reserved range of memory associated with a secure arbitration mode (SEAM) and a core coupled to the range register. The core includes security logic to unlock the range register on a logical processor, of the processor core, that is to initiate the SEAM. The logical processor is to, via execution of the security logic, store, in the reserved range, a SEAM module and a manifest associated with the SEAM module, wherein the SEAM module supports execution of one or more trust domains; initialize a SEAM virtual machine control structure (VMCS) within the reserved range of the memory that is to control state transitions between a virtual machine monitor (VMM) and the SEAM module; and authenticate the SEAM module using a manifest signature of the manifest.

公开(公告)号：EP2973184A1

公开(公告)日：2016-01-20

申请号：EP14769762.7

申请日：2014-03-12

申请人： Intel Corporation

发明人： PHEGADE, Vinay ,  RAJAN, Anand ,  JOHNSON, Simon ,  SCARLATA, Vincent ,  ROZAS, Carlos ,  DESHPANDE, Nikhil

IPC分类号： G06F21/60 ,  G06F15/16

CPC分类号： H04L63/0428 ,  G06F21/57 ,  G06F21/60 ,  G06F21/64 ,  G06F2221/2105 ,  H04L63/126 ,  H04L63/302

摘要： An apparatus for sharing information between entities includes a processor and a trusted execution module executing on the processor. The trusted execution module is configured to receive first confidential information from a first client device associated with a first entity, seal the first confidential information within a trusted execution environment, receive second confidential information from a second client device associated with a second entity, seal the second confidential information within the trusted execution environment, and execute code within the trusted execution environment. The code is configured to compute a confidential result based upon the first confidential information and the second confidential information.

摘要翻译： 用于实体之间共享信息的一种装置包括处理器，并且所述处理器上执行的可信执行模块。 可信执行模块被配置为从与第一实体相关联的第一客户端设备接收第一保密信息，密封可信执行环境内的所述第一保密信息，从与第二实体相关联的第二客户端设备接收第二机密信息，密封 受信任执行环境内第二保密信息，和受信任执行环境内执行的代码。 该代码被配置为计算基于所述第一秘密信息和第二机密信息的机密的结果。

公开(公告)号：EP4145267A1

公开(公告)日：2023-03-08

申请号：EP22202941.5

申请日：2021-09-16

申请人： Intel Corporation

发明人： SAHITA, Ravi ,  MCKEEN, Francis ,  VIJ, Mona ,  SCARLATA, Vincent ,  ZMUDZINSKI, Krystof ,  ILLIKKAL, Rameshkumar ,  KRISHNAKUMAR, Sudha ,  STEINER, Michael ,  KNAUTH, Thomas ,  KUVAISKII, Dmitrii ,  VAHLDIEK-OBERWAGNER, Anjo Lucas

IPC分类号： G06F3/06 ,  G06F21/53 ,  H04L9/08 ,  G06F9/455

摘要： Example methods and systems are directed to reducing latency in providing trusted execution environments (TEEs). Initializing a TEE includes multiple steps before the TEE starts executing. Besides workload-specific initialization, workload-independent initialization is performed, such as adding memory to the TEE. In function-as-a-service (FaaS) environments, a large portion of the TEE is workload-independent, and thus can be performed prior to receiving the workload. Certain steps performed during TEE initialization are identical for certain classes of workloads. Thus, the common parts of the TEE initialization sequence may be performed before the TEE is requested. When a TEE is requested for a workload in the class and the parts to specialize the TEE for its particular purpose are known, the final steps to initialize the TEE are performed.

公开(公告)号：EP4020270A1

公开(公告)日：2022-06-29

申请号：EP21196250.1

申请日：2021-09-13

申请人： INTEL Corporation

发明人： SCARLATA, Vincent ,  LAL, Reshma ,  TRIVEDI, Alpa

IPC分类号： G06F21/44 ,  G06F9/50 ,  H04L9/40

摘要： Attestation support in cloud computing environments is described. An example of an apparatus includes one or more processors to process data, including data related to hosting of workloads for one or more tenants; an orchestration element to receive a request for support of a workload of a tenant according to a selected membership policy, the orchestration element to select a set of one or more compute nodes to provide computation for the workload; and a security manager to receive the membership policy and to receive attestations from the selected compute nodes and, upon determining that the attestations meet the requirements of the membership policy, to add the one or more compute nodes to a group of compute nodes to provide computation for the workload.

公开(公告)号：EP1759261B1

公开(公告)日：2012-08-01

申请号：EP05757249.7

申请日：2005-06-03

申请人： Intel Corporation

发明人： SCARLATA, Vincent ,  ROZAS, Carlos

IPC分类号： G06F21/00

CPC分类号： G06F21/57 ,  G06F9/45558 ,  G06F21/53 ,  G06F2009/45587

摘要： A method and a related apparatus provide a virtual trusted platform module (TPM). In an example embodiment, a virtual TPM service creates a virtual TPM for use in a processing system that contains a physical TPM. The virtual TPM service may store a key for the virtual TPM in the physical TPM. The virtual TPM service may then use the virtual TPM to provide emulated physical TPM features. In one embodiment, the virtual TPM service may use the virtual TPM to emulate a physical TPM for a virtual machine in the processing system. Other embodiments are described and claimed.

公开(公告)号：EP4020275A1

公开(公告)日：2022-06-29

申请号：EP21198666.6

申请日：2021-09-23

申请人： INTEL Corporation

发明人： SAHITA, Ravi ,  CASPI, Dror ,  SCARLATA, Vincent ,  YANIV, Sharon ,  CHAIKIN, Baruch ,  SHANBHOGUE, Vedvyas ,  NAKAJIMA, Jun ,  THIYAGARAJAH, Arumugam ,  CHRISTOPHERSON, Sean ,  XIA, Haidong ,  AWASTHI, Vinay ,  YAMAHATA, Isaku ,  WANG, Wei ,  ADELMEYER, Thomas

IPC分类号： G06F21/53 ,  G06F21/64

摘要： Techniques for migration of a source protected virtual machine from a source platform to a destination platform are descried. A method of an aspect includes enforcing that bundles of state, of a first protected virtual machine (VM), received at a second platform over a stream, during an in-order phase of a migration of the first protected VM from a first platform to the second platform, are imported to a second protected VM of the second platform, in a same order that they were exported from the first protected VM. Receiving a marker over the stream marking an end of the in-order phase. Determining that all bundles of state exported from the first protected VM prior to export of the marker have been imported to the second protected VM. Starting an out-of-order phase of the migration based on the determination that said all bundles of the state exported have been imported.

公开(公告)号：EP3716129A1

公开(公告)日：2020-09-30

申请号：EP20156144.6

申请日：2020-02-07

申请人： INTEL Corporation

发明人： SHANBHOGUE, Vedvyas ,  SAHITA, Ravi L. ,  SCARLATA, Vincent ,  HUNTLEY, Barry E.

IPC分类号： G06F21/71 ,  G06F21/79

摘要： A processor includes a range register to store information that identifies a reserved range of memory associated with a secure arbitration mode (SEAM) and a core coupled to the range register. The core includes security logic to unlock the range register on a logical processor, of the processor core, that is to initiate the SEAM. The logical processor is to, via execution of the security logic, store, in the reserved range, a SEAM module and a manifest associated with the SEAM module, wherein the SEAM module supports execution of one or more trust domains; initialize a SEAM virtual machine control structure (VMCS) within the reserved range of the memory that is to control state transitions between a virtual machine monitor (VMM) and the SEAM module; and authenticate the SEAM module using a manifest signature of the manifest.

公开(公告)号：EP1759261A1

公开(公告)日：2007-03-07

申请号：EP05757249.7

申请日：2005-06-03

申请人： Intel Corporation

发明人： SCARLATA, Vincent ,  ROZAS, Carlos

IPC分类号： G06F1/00

CPC分类号： G06F21/57 ,  G06F9/45558 ,  G06F21/53 ,  G06F2009/45587

摘要： A method and a related apparatus provide a virtual trusted platform module (TPM). In an example embodiment, a virtual TPM service creates a virtual TPM for use in a processing system that contains a physical TPM. The virtual TPM service may store a key for the virtual TPM in the physical TPM. The virtual TPM service may then use the virtual TPM to provide emulated physical TPM features. In one embodiment, the virtual TPM service may use the virtual TPM to emulate a physical TPM for a virtual machine in the processing system. Other embodiments are described and claimed.