公开(公告)号：US20220083347A1

公开(公告)日：2022-03-17

申请号：US17019880

申请日：2020-09-14

Applicant: Intel Corporation

Inventor： Scott Constable ,  Bin Xing ,  Fangfei Liu ,  Thomas Unterluggauer ,  Krystof Zmudzinski

IPC: G06F9/4401 ,  G06F9/30

Abstract: A method comprises receiving an instruction to resume operations of an enclave in a cloud computing environment and generating a pseud-random time delay before resuming operations of the enclave in the cloud computing environment.

公开(公告)号：US10552344B2

公开(公告)日：2020-02-04

申请号：US15854278

申请日：2017-12-26

Applicant: Intel Corporation

Inventor： Carlos V. Rozas ,  Ittai Anati ,  Francis X. McKeen ,  Krystof Zmudzinski ,  Ilya Alexandrovich ,  Somnath Chakrabarti ,  Dror Caspi ,  Meltem Ozsoy

IPC: G06F12/14 ,  G06F12/08 ,  G06F12/10 ,  G06F3/06 ,  G06F12/0806 ,  G06F12/0868 ,  G06F12/1009 ,  G06F12/1027 ,  G06F12/128

Abstract: A secure enclave circuit stores an enclave page cache map to track contents of a secure enclave in system memory that stores secure data containing a page having a virtual address. An execution unit is to, in response to a request to evict the page from the secure enclave: block creation of translations of the virtual address; record one or more hardware threads currently accessing the secure data in the secure enclave; send an inter-processor interrupt to one or more cores associated with the one or more hardware threads, to cause the one or more hardware threads to exit the secure enclave and to flush translation lookaside buffers of the one or more cores; and in response to detection of a page fault associated with the virtual address for the page in the secure enclave, unblock the creation of translations of the virtual address.

公开(公告)号：US20190311123A1

公开(公告)日：2019-10-10

申请号：US16444053

申请日：2019-06-18

Applicant: Intel Corporation

Inventor： Reshma Lal ,  Pradeep M. Pappachan ,  Luis Kida ,  Krystof Zmudzinski ,  Siddhartha Chhabra ,  Abhishek Basak ,  Alpa Narendra Trivedi ,  Anna Trikalinou ,  David M. Lee ,  Vedvyas Shanbhogue ,  Utkarsh Y. Kakaiya

IPC: G06F21/57 ,  G06F21/64 ,  H04L12/24 ,  H04L9/08 ,  G06F9/455

Abstract: Technologies for secure device configuration and management include a computing device having an I/O device. A trusted agent of the computing device is trusted by a virtual machine monitor of the computing device. The trusted agent securely commands the I/O device to enter a trusted I/O mode, securely commands the I/O device to set a global lock on configuration registers, receives configuration data from the I/O device, and provides the configuration data to a trusted execution environment. In the trusted I/O mode, the I/O device rejects a configuration command if a configuration register associated with the configuration command is locked and the configuration command is not received from the trusted agent. The trusted agent may provide attestation information to the trusted execution environment. The trusted execution environment may verify the configuration data and the attestation information. Other embodiments are described and claimed.

公开(公告)号：US20190227827A1

公开(公告)日：2019-07-25

申请号：US16369295

申请日：2019-03-29

Applicant: Intel Corporation

Inventor： Krystof Zmudzinski ,  Siddhartha Chhabra ,  Reshma Lal ,  Alpa Narendra Trivedi ,  Luis S. Kida ,  Pradeep M. Pappachan ,  Abhishek Basak ,  Anna Trikalinou

IPC: G06F9/455 ,  G06F21/62 ,  G06F9/50 ,  G06F9/46 ,  G06F13/28 ,  G06F12/1009

Abstract: Technologies for secure I/O include a compute device, which further includes a processor, a memory, a trusted execution environment (TEE), one or more input/output (I/O) devices, and an I/O subsystem. The I/O subsystem includes a device memory access table (DMAT) programmed by the TEE to establish bindings between the TEE and one or more I/O devices that the TEE trusts and a memory ownership table (MOT) programmed by the TEE when a memory page is allocated to the TEE.

公开(公告)号：US20190138755A1

公开(公告)日：2019-05-09

申请号：US16234871

申请日：2018-12-28

Applicant: Intel Corporation

Inventor： Luis Kida ,  Krystof Zmudzinski ,  Reshma Lal ,  Pradeep Pappachan ,  Abhishek Basak ,  Anna Trikalinou

IPC: G06F21/78 ,  G06F21/44

Abstract: Technologies for secure I/O include a compute device having a processor, a memory, an input/output (I/O) device, and a filter logic. The filter logic is configured to receive a first key identifier from the processor, wherein the first key identifier is indicative of a shared memory range includes a shared key identifier range to be used for untrusted I/O devices and receive a transaction from the I/O device, wherein the transaction includes a second key identifier and a trust device ID indicator associated with the I/O device. The filter logic is further configured to determine whether the transaction is asserted with the trust device ID indicator indicative of whether the I/O device is assigned to a trust domain and determine, in response to a determination that the transaction is not asserted with the trust device ID indicator, whether the second key identifier matches the first key identifier.