公开(公告)号：US11222119B2

公开(公告)日：2022-01-11

申请号：US16392863

申请日：2019-04-24

Applicant: Intel Corporation

Inventor： Sarathy Jayakumar ,  Mohan J. Kumar ,  Ron Story ,  Mahesh Natu

IPC: G06F9/04 ,  G06F21/57 ,  G06F9/455 ,  G06F9/448 ,  G06F9/4401

Abstract: Technologies for secure native code invocation include a computing device having an operating system and a firmware environment. The operating system executes a firmware method in an operating system context using a virtual machine. In response to invoking the firmware method, the operating system invokes a callback to a bridge driver in the operating system context. In response to the callback, the bridge driver invokes a firmware runtime service in the operating system context. The firmware environment executes a native code handler in the operating system context in response to invoking the firmware runtime service. The native code handler may be executed in a de-privileged container. The firmware method may process results data stored in a firmware mailbox by the native code handler, which may include accessing a hardware resource using a firmware operation region.

公开(公告)号：US20190044702A1

公开(公告)日：2019-02-07

申请号：US15836225

申请日：2017-12-08

Applicant: Intel Corporation

Inventor： Mahesh Natu ,  Adrian Pearson

IPC: H04L9/06 ,  G06F13/40 ,  G06F21/62 ,  G06F8/70

Abstract: Examples disclosed herein include are computing device hardware components, computing devices, systems, machine-readable mediums, and interconnect protocols that provide for code object measurement of a peripheral device and a method for accessing the measurements to verify integrity across a computing interconnect (e.g., Peripheral Component Interconnect Express—PCIe). For example, a cryptographic processor of a PCIe endpoint (such as a peripheral) may take a measurement (e.g., computing a hash value) of a code object on the device prior to executing the code object. This measurement may be placed in a register that is accessible to another component, such as a host operating system across a PCIe bus for interrogation. The host operating system may utilize an interconnect protocol, such as a PCIe protocol to access the measurement. These measurements may be consumed by a Trusted Platform Manager or other components of a host system that may verify the measurements.

公开(公告)号：US11704181B2

公开(公告)日：2023-07-18

申请号：US17849356

申请日：2022-06-24

Applicant: Intel Corporation

Inventor： Balaji Vembu ,  Bryan White ,  Ankur Shah ,  Murali Ramadoss ,  David Puffer ,  Altug Koker ,  Aditya Navale ,  Mahesh Natu

IPC: G06F11/00 ,  G06F11/07

CPC classification number: G06F11/0769 ,  G06F11/0784 ,  G06F11/0787

Abstract: Apparatus and method for scalable error reporting. For example, one embodiment of an apparatus comprises error detection circuitry to detect an error in a component of a first tile within a tile-based hierarchy of a processing device; error classification circuitry to classify the error and record first error data based on the classification; a first tile interface to combine the first error data with second error data received from one or more other components associated with the first tile to generate first accumulated error data; and a master tile interface to combine the first accumulated error data with second accumulated error data received from at least one other tile interface to generate second accumulated error data and to provide the second accumulated error data to a host executing an application to process the second accumulated error data.

公开(公告)号：US11048626B1

公开(公告)日：2021-06-29

申请号：US16797796

申请日：2020-02-21

Applicant: Intel Corporation

Inventor： Kerry Vander Kamp ,  Jason Voelz ,  James Goffena ,  Robert Branch ,  Mahesh Natu ,  Anand Enamandram

IPC: G06F12/02 ,  G06F12/0802 ,  G06F9/50 ,  G06F12/14

Abstract: Systems, apparatuses and methods may provide for technology that detects a misalignment condition, wherein the misalignment condition includes a memory map being misaligned with a granularity of a register, automatically appends a protected range to the memory map, wherein the protected range eliminates the misalignment condition, and defines an operational characteristic of the memory map via the register. In one example, the protected range is a non-existent memory (NXM) range appended via a source address decoder (SAD) rule, the register is a memory type range register (MTRR), and the operational characteristic is a cache characteristic.

公开(公告)号：US10691839B2

公开(公告)日：2020-06-23

申请号：US15980455

申请日：2018-05-15

Applicant: Intel Corporation

Inventor： Mahesh Natu ,  Eric Dahlen

IPC: G06F21/00 ,  G06F21/85 ,  G06F13/40 ,  H04L29/06

Abstract: A solution is presented to securing endpoints without the need for a separate bus or communication path. The solution allows for controlling access to endpoints by utilizing a management protocol by overlapping with existing interconnect communication paths in a packet format and utilizing a PCI address BDF (Bus number, Device number, and Function number) for verification.

公开(公告)号：US20190251264A1

公开(公告)日：2019-08-15

申请号：US16392863

申请日：2019-04-24

Applicant: Intel Corporation

Inventor： Sarathy Jayakumar ,  Mohan J. Kumar ,  Ron Story ,  Mahesh Natu

IPC: G06F21/57 ,  G06F9/455 ,  G06F9/4401 ,  G06F9/448

CPC classification number: G06F21/572 ,  G06F9/4411 ,  G06F9/449 ,  G06F9/45558 ,  G06F2009/45579 ,  G06F2009/45583

Abstract: Technologies for secure native code invocation include a computing device having an operating system and a firmware environment. The operating system executes a firmware method in an operating system context using a virtual machine. In response to invoking the firmware method, the operating system invokes a callback to a bridge driver in the operating system context. In response to the callback, the bridge driver invokes a firmware runtime service in the operating system context. The firmware environment executes a native code handler in the operating system context in response to invoking the firmware runtime service. The native code handler may be executed in a de-privileged container. The firmware method may process results data stored in a firmware mailbox by the native code handler, which may include accessing a hardware resource using a firmware operation region. Other embodiments are described and claimed.

公开(公告)号：US09971912B2

公开(公告)日：2018-05-15

申请号：US14565833

申请日：2014-12-10

Applicant: Intel Corporation

Inventor： Mahesh Natu ,  Eric Dahlen

IPC: G06F13/36 ,  G06F21/85 ,  G06F13/40 ,  H04L29/06

CPC classification number: G06F21/85 ,  G06F13/4027 ,  G06F2221/2141 ,  H04L63/101 ,  H04L63/104 ,  H04L63/20

Abstract: A solution is presented to securing endpoints without the need for a separate bus or communication path. The solution allows for controlling access to endpoints by utilizing a management protocol by overlapping with existing interconnect communication paths in a packet format and utilizing a PCI address BDF (Bus number, Device number, and Function number) for verification.

公开(公告)号：US11954047B2

公开(公告)日：2024-04-09

申请号：US17033745

申请日：2020-09-26

Applicant: Intel Corporation

Inventor： Mahesh Natu ,  Anand K. Enamandram ,  Manjula Peddireddy ,  Robert A. Branch ,  Tiffany J. Kasanicky ,  Siddhartha Chhabra ,  Hormuzd Khosravi

IPC: G06F12/14 ,  G06F9/30 ,  G06F12/02

CPC classification number: G06F12/1441 ,  G06F9/30101 ,  G06F9/30145 ,  G06F12/0238 ,  G06F12/1408

Abstract: Systems, methods, and apparatuses to implement spatially unique and location independent persistent memory encryption are described. In one embodiment, a system on a chip (SoC) includes at least one persistent range register to indicate a persistent range of memory, an address modifying circuit to check if an address for a memory store request is within the persistent range indicated by the at least one persistent range register, and append a unique identifier value, for a component corresponding to the memory store request for the address, to the address to generate a modified address and output the modified address as an output address when the address is within the persistent range, and output the address as the output address when the address is not within the persistent range, and an encryption engine circuit to generate a ciphertext based on the output address.

公开(公告)号：US20230342459A1

公开(公告)日：2023-10-26

申请号：US18339571

申请日：2023-06-22

Applicant: Intel Corporation

Inventor： Michael Berger ,  Xiaoyu Ruan ,  Purushottam Goel ,  Mahesh Natu ,  Bharat Pillilli

IPC: G06F21/55 ,  G06F21/57

CPC classification number: G06F21/556 ,  G06F21/554 ,  G06F21/572

Abstract: An apparatus comprising a computer platform, including a central processing unit (CPU) comprising a first security engine to perform security operations at the CPU and a chipset comprising a second security engine to perform security operations at the chipset, wherein the first security engine and the second security engine establish a secure channel session between the CPU and the chipset to secure data transmitted between the CPU and the chipset.

公开(公告)号：US11385952B2

公开(公告)日：2022-07-12

申请号：US17171790

申请日：2021-02-09

Applicant: Intel Corporation

Inventor： Balaji Vembu ,  Bryan White ,  Ankur Shah ,  Murali Ramadoss ,  David Puffer ,  Altug Koker ,  Aditya Navale ,  Mahesh Natu

IPC: G06F11/00 ,  G06F11/07

Abstract: Apparatus and method for scalable error reporting. For example, one embodiment of an apparatus comprises error detection circuitry to detect an error in a component of a first tile within a tile-based hierarchy of a processing device; error classification circuitry to classify the error and record first error data based on the classification; a first tile interface to combine the first error data with second error data received from one or more other components associated with the first tile to generate first accumulated error data; and a master tile interface to combine the first accumulated error data with second accumulated error data received from at least one other tile interface to generate second accumulated error data and to provide the second accumulated error data to a host executing an application to process the second accumulated error data.