公开(公告)号：US12210660B2

公开(公告)日：2025-01-28

申请号：US17548170

申请日：2021-12-10

Applicant: Intel Corporation

Inventor： Anna Trikalinou ,  Abhishek Basak ,  Rupin H. Vakharwala ,  Utkarsh Y. Kakaiya

IPC: G06F21/83 ,  G06F21/62 ,  G06F21/78

Abstract: In one embodiment, a read request is received from a peripheral device across an interconnect, with the read request including a process identifier and an encrypted virtual address. One or more keys are obtained based on the process identifier of the read request, and the encrypted virtual address of the read request is decrypted based on the one or more keys to obtain an unencrypted virtual address. Encrypted data is retrieved from memory based on the unencrypted virtual address, and the encrypted data is decrypted based on the one or more keys to obtain plaintext data. The plaintext data is transmitted to the peripheral device across the interconnect.

公开(公告)号：US12189542B2

公开(公告)日：2025-01-07

申请号：US17543267

申请日：2021-12-06

Applicant: Intel Corporation

Inventor： Reshma Lal ,  Pradeep M. Pappachan ,  Luis Kida ,  Krystof Zmudzinski ,  Siddhartha Chhabra ,  Abhishek Basak ,  Alpa Narendra Trivedi ,  Anna Trikalinou ,  David M. Lee ,  Vedvyas Shanbhogue ,  Utkarsh Y. Kakaiya

IPC: G06F12/14 ,  G06F9/38 ,  G06F9/455 ,  G06F12/0802 ,  G06F21/57 ,  G06F21/60 ,  G06F21/64 ,  G06F21/76 ,  G06F21/79 ,  H04L9/06 ,  H04L9/08 ,  H04L9/32 ,  H04L41/046 ,  H04L41/28

Abstract: Technologies for secure device configuration and management include a computing device having an I/O device. A trusted agent of the computing device is trusted by a virtual machine monitor of the computing device. The trusted agent securely commands the I/O device to enter a trusted I/O mode, securely commands the I/O device to set a global lock on configuration registers, receives configuration data from the I/O device, and provides the configuration data to a trusted execution environment. In the trusted I/O mode, the I/O device rejects a configuration command if a configuration register associated with the configuration command is locked and the configuration command is not received from the trusted agent. The trusted agent may provide attestation information to the trusted execution environment. The trusted execution environment may verify the configuration data and the attestation information. Other embodiments are described and claimed.

公开(公告)号：US12164971B2

公开(公告)日：2024-12-10

申请号：US18301733

申请日：2023-04-17

Applicant: Intel Corporation

Inventor： Utkarsh Y. Kakaiya ,  Rajesh Sankaran ,  Sanjay Kumar ,  Kun Tian ,  Philip Lantz

IPC: G06F9/50 ,  G06F15/76 ,  H04L51/226 ,  G06F15/17 ,  H04L61/59 ,  H04L67/2885

Abstract: Techniques for scalable virtualization of an Input/Output (I/O) device are described. An electronic device composes a virtual device comprising one or more assignable interface (AI) instances of a plurality of AI instances of a hosting function exposed by the I/O device. The electronic device emulates device resources of the I/O device via the virtual device. The electronic device intercepts a request from the guest pertaining to the virtual device, and determines whether the request from the guest is a fast-path operation to be passed directly to one of the one or more AI instances of the I/O device or a slow-path operation that is to be at least partially serviced via software executed by the electronic device. For a slow-path operation, the electronic device services the request at least partially via the software executed by the electronic device.

公开(公告)号：US11966281B2

公开(公告)日：2024-04-23

申请号：US17723383

申请日：2022-04-18

Applicant: Intel Corporation

Inventor： Sundar Nadathur ,  Pratik M. Marolia ,  Henry M. Mitchel ,  Joseph J. Grecco ,  Utkarsh Y. Kakaiya ,  David A. Munday

IPC: G06F11/00 ,  G06F11/07

CPC classification number: G06F11/0793 ,  G06F11/0706 ,  G06F11/0721 ,  G06F11/0751

Abstract: Systems, methods, and devices for isolating a misbehaving accelerator circuit, such as an accelerator function unit or an accelerated function context, are provided. An integrated circuit may include a region that includes an accelerator circuit. When the accelerator circuit issues a request, another region of the integrated circuit or a processor connected to the integrated circuit may determine whether there is a misbehavior associated with the request and, in response to determining that there is a misbehavior associated with the request, may perform a misbehavior response to mitigate a negative impact of the misbehavior of the accelerator circuit.

公开(公告)号：US20240054011A1

公开(公告)日：2024-02-15

申请号：US18233308

申请日：2023-08-12

Applicant: Intel Corporation

Inventor： Rajesh M. Sankaran ,  Philip R. Lantz ,  Narayan Ranganathan ,  Saurabh Gayen ,  Sanjay Kumar ,  Nikhil Rao ,  Dhananjay A. Joshi ,  Hai Ming Khor ,  Utkarsh Y. Kakaiya

IPC: G06F9/48 ,  G06F9/50 ,  G06F12/0802

CPC classification number: G06F9/4881 ,  G06F9/5027 ,  G06F12/0802

Abstract: Methods and apparatus relating to data streaming accelerators are described. In an embodiment, a hardware accelerator such as a Data Streaming Accelerator (DSA) logic circuitry performs data movement and/or data transformation for data to be transferred between a processor (having one or more processor cores) and a storage device. Other embodiments are also disclosed and claimed.

公开(公告)号：US11656916B2

公开(公告)日：2023-05-23

申请号：US17361932

申请日：2021-06-29

Applicant: Intel Corporation

Inventor： Utkarsh Y. Kakaiya ,  Rajesh Sankaran ,  Sanjay Kumar ,  Kun Tian ,  Philip Lantz

IPC: G06F9/50 ,  G06F15/76 ,  H04L51/226 ,  G06F15/17 ,  H04L67/2885 ,  H04L61/59

CPC classification number: G06F9/5077 ,  G06F9/5038 ,  G06F15/76 ,  H04L51/226 ,  G06F15/17 ,  H04L61/59 ,  H04L67/2885 ,  H04T2001/2093

Abstract: Techniques for scalable virtualization of an Input/Output (I/O) device are described. An electronic device composes a virtual device comprising one or more assignable interface (AI) instances of a plurality of AI instances of a hosting function exposed by the I/O device. The electronic device emulates device resources of the I/O device via the virtual device. The electronic device intercepts a request from the guest pertaining to the virtual device, and determines whether the request from the guest is a fast-path operation to be passed directly to one of the one or more AI instances of the I/O device or a slow-path operation that is to be at least partially serviced via software executed by the electronic device. For a slow-path operation, the electronic device services the request at least partially via the software executed by the electronic device.

公开(公告)号：US11599621B2

公开(公告)日：2023-03-07

申请号：US16370921

申请日：2019-03-30

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Rajesh Sankaran ,  Abhishek Basak ,  Pradeep Pappachan ,  Utkarsh Y. Kakaiya ,  Ravi Sahita ,  Rupin Vakharwala

IPC: G06F21/44 ,  G06F13/16 ,  G06F3/06 ,  G06F21/79

Abstract: Systems, methods, and apparatuses relating to performing an attachment of an input-output memory management unit (IOMMU) to a device, and a verification of the attachment. In one embodiment, a protocol and IOMMU extensions are used by a secure arbitration mode (SEAM) module and/or circuitry to determine if the IOMMU that is attached to the device requested to be mapped to a trusted domain.

公开(公告)号：US11556437B2

公开(公告)日：2023-01-17

申请号：US16211950

申请日：2018-12-06

Applicant: Intel Corporation

Inventor： Mitu Aggarwal ,  Nrupal Jani ,  Manasi Deval ,  Kiran Patil ,  Parthasarathy Sarangam ,  Rajesh M. Sankaran ,  Sanjay K. Kumar ,  Utkarsh Y. Kakaiya ,  Philip Lantz ,  Kun Tian

IPC: G06F9/455 ,  G06F9/46 ,  G06F11/20 ,  G06F3/06 ,  G06F13/16 ,  G06F13/42 ,  G06F13/40 ,  G06F15/173 ,  G06F9/48

Abstract: Examples include a method of live migrating a virtual device by creating a virtual device in a virtual machine, creating first and second interfaces for the virtual device, transferring data over the first interface, detecting a disconnection of the virtual device from the virtual machine, switching data transfers for the virtual device from the first interface to the second interface, detecting a reconnection of the virtual device to the virtual machine, and switching data transfers for the virtual device from the second interface to the first interface.

公开(公告)号：US11474916B2

公开(公告)日：2022-10-18

申请号：US16211955

申请日：2018-12-06

Applicant: Intel Corporation

Inventor： Mitu Aggarwal ,  Nrupal Jani ,  Manasi Deval ,  Kiran Patil ,  Parthasarathy Sarangam ,  Rajesh M. Sankaran ,  Sanjay K. Kumar ,  Utkarsh Y. Kakaiya ,  Philip Lantz ,  Kun Tian

IPC: G06F11/00 ,  G06F11/20 ,  G06F3/06 ,  G06F13/16 ,  G06F13/42 ,  G06F13/40 ,  G06F15/173 ,  G06F9/455 ,  G06F9/48

Abstract: Examples include a method of performing failover of in an I/O architecture by allocating a first set of resources, associated with a first port of a physical device, to a virtual device, allocating a second set of resources, associated with a second port of the physical device, to the virtual device, assigning the virtual device to a virtual machine, activating the first set of resources, and transferring data between the virtual machine and the first port using the virtual device and the first set of resources. The method further includes detecting an error in the first set of resources, deactivating the first set of resources and activating the second set of resources, and transferring data between the virtual machine and the second port using the virtual device and the second set of resources.

公开(公告)号：US11461099B2

公开(公告)日：2022-10-04

申请号：US16911441

申请日：2020-06-25

Applicant: Intel Corporation

Inventor： Utkarsh Y. Kakaiya ,  Rajesh Sankaran ,  Gilbert Neiger ,  Philip Lantz ,  Sanjay K. Kumar

IPC: G06F9/34 ,  G06F9/30 ,  G06F12/109

Abstract: In one embodiment, a processor comprises: a first configuration register to store a pointer to a process address space identifier (PASID) table; and an execution circuit coupled to the first configuration register. The execution circuit, in response to a first instruction, is to obtain command data from a first location identified in a source operand of the first instruction, obtain a PASID table handle from the command data, access a first entry of the PASID table using the pointer from the first configuration register and the PASID table handle to obtain a PASID value, insert the PASID value into the command data, and send the command data to a device coupled to the processor. Other embodiments are described and claimed.