公开(公告)号：US20240104226A1

公开(公告)日：2024-03-28

申请号：US18358210

申请日：2023-07-25

Applicant: Intel Corporation

Inventor： Pradeep M. Pappachan ,  Luis S. Kida ,  Reshma Lal

IPC: G06F21/60 ,  G06F12/1009 ,  G06F12/14 ,  G06F21/78 ,  G06T1/20 ,  H04L9/14

CPC classification number: G06F21/602 ,  G06F12/1009 ,  G06F12/1458 ,  G06F21/78 ,  G06T1/20 ,  H04L9/14 ,  G06F2212/1052 ,  G06F2221/2149

Abstract: Embodiments are directed to trusted local memory management in a virtualized GPU. An embodiment of an apparatus includes one or more processors including a trusted execution environment (TEE); a GPU including a trusted agent; and a memory, the memory including GPU local memory, the trusted agent to ensure proper allocation/deallocation of the local memory and verify translations between graphics physical addresses (PAs) and PAs for the apparatus, wherein the local memory is partitioned into protection regions including a protected region and an unprotected region, and wherein the protected region to store a memory permission table maintained by the trusted agent, the memory permission table to include any virtual function assigned to a trusted domain, a per process graphics translation table to translate between graphics virtual address (VA) to graphics guest PA (GPA), and a local memory translation table to translate between graphics GPAs and PAs for the local memory.

公开(公告)号：US20230118641A1

公开(公告)日：2023-04-20

申请号：US18068106

申请日：2022-12-19

Applicant: Intel Corporation

Inventor： Pradeep M. Pappachan ,  Luis S. Kida ,  Reshma Lal

IPC: G06F21/60 ,  G06F12/1009 ,  G06F12/14 ,  G06F21/78 ,  G06T1/20 ,  H04L9/14

Abstract: Embodiments are directed to trusted local memory management in a virtualized GPU. An embodiment of an apparatus includes one or more processors including a trusted execution environment (TEE); a GPU including a trusted agent; and a memory, the memory including GPU local memory, the trusted agent to ensure proper allocation/deallocation of the local memory and verify translations between graphics physical addresses (PAs) and PAs for the apparatus, wherein the local memory is partitioned into protection regions including a protected region and an unprotected region, and wherein the protected region to store a memory permission table maintained by the trusted agent, the memory permission table to include any virtual function assigned to a trusted domain, a per process graphics translation table to translate between graphics virtual address (VA) to graphics guest PA (GPA), and a local memory translation table to translate between graphics GPAs and PAs for the local memory.

公开(公告)号：US20230071723A1

公开(公告)日：2023-03-09

申请号：US18052087

申请日：2022-11-02

Applicant: Intel Corporation

Inventor： Reshma Lal ,  Luis S. Kida ,  Soham Jayesh Desai

IPC: H04L9/40 ,  H04L67/00 ,  G06F21/57 ,  G06F13/20 ,  G06F21/60 ,  H04L9/08

Abstract: Technologies for secure I/O data transfer includes a compute device, which includes a processor to execute a trusted application, an input/output (I/O) device, and an I/O subsystem. The I/O subsystem is configured to establish a secured channel between the I/O subsystem and a trusted application running on the compute device, and receive, in response to an establishment of the secured channel, I/O data from the I/O device via an unsecured channel. The I/O subsystem is further configured to encrypt, in response to a receipt of the I/O data, the I/O data using a security key associated with the trusted application that is to process the I/O data and transmit the encrypted I/O data to the trusted application via the secured channel, wherein the secured channel has a data transfer rate that is higher than a data transfer rate of the unsecured channel between the I/O device and the I/O subsystem.

公开(公告)号：US20220188224A1

公开(公告)日：2022-06-16

申请号：US17686854

申请日：2022-03-04

Applicant: Intel Corporation

Inventor： Luis S. Kida ,  Reshma Lal ,  Soham Jayesh Desai

IPC: G06F12/06 ,  G06F12/14 ,  G06F21/76 ,  G06F9/48 ,  G06F12/0895

Abstract: Technologies for cryptographic separation of MMIO operations with an accelerator device include a computing device having a processor and an accelerator. The processor establishes a trusted execution environment. The accelerator determines, based on a target memory address, a first memory address range associated with the memory-mapped I/O transaction, generates a second authentication tag using a first cryptographic key from a set of cryptographic keys, wherein the first key is uniquely associated with the first memory address range. An accelerator validator determines whether the first authentication tag matches the second authentication tag, and a memory mapper commits the memory-mapped I/O transaction in response to a determination that the first authentication tag matches the second authentication tag. Other embodiments are described and claimed.

公开(公告)号：US11216749B2

公开(公告)日：2022-01-04

申请号：US16513800

申请日：2019-07-17

Applicant: Intel Corporation

Inventor： Luis S. Kida ,  Nilesh K. Jain ,  Darshan Iyer ,  Ebrahim Al Safadi

IPC: G06N20/00

Abstract: Technologies for platform-targeted machine learning include a computing device to generate a machine learning algorithm model indicative of a plurality of classes between which a user input is to be classified and translate the machine learning algorithm model into hardware code for execution on the target platform. The user input is to be classified as being associated with a particular class based on an application of one or more features to the user input, and each of the one or more features has an associated implementation cost indicative of a cost to perform on a target platform on which the corresponding feature is to be applied to the user input.

公开(公告)号：US20200159657A1

公开(公告)日：2020-05-21

申请号：US16774293

申请日：2020-01-28

Applicant: Intel Corporation

Inventor： Luis S. Kida ,  Reshma Lal ,  Soham Jayesh Desai

IPC: G06F12/06 ,  G06F12/14 ,  G06F12/0895 ,  G06F9/48 ,  G06F21/76

Abstract: Technologies for cryptographic separation of MMIO operations with an accelerator device include a computing device having a processor and an accelerator. The processor establishes a trusted execution environment. The accelerator determines, based on a target memory address, a first memory address range associated with the memory-mapped I/O transaction, generates a second authentication tag using a first cryptographic key from a set of cryptographic keys, wherein the first key is uniquely associated with the first memory address range. An accelerator validator determines whether the first authentication tag matches the second authentication tag, and a memory mapper commits the memory-mapped I/O transaction in response to a determination that the first authentication tag matches the second authentication tag. Other embodiments are described and claimed.

公开(公告)号：US20190230067A1

公开(公告)日：2019-07-25

申请号：US16369303

申请日：2019-03-29

Applicant: Intel Corporation

Inventor： Reshma Lal ,  Luis S. Kida ,  Soham Jayesh Desai

IPC: H04L29/06 ,  H04L29/08 ,  H04L9/08 ,  G06F13/20 ,  G06F21/60 ,  G06F21/57

Abstract: Technologies for secure I/O data transfer includes a compute device, which includes a processor to execute a trusted application, an input/output (I/O) device, and an I/O subsystem. The I/O subsystem is configured to establish a secured channel between the I/O subsystem and a trusted application running on the compute device, and receive, in response to an establishment of the secured channel, I/O data from the I/O device via an unsecured channel. The I/O subsystem is further configured to encrypt, in response to a receipt of the I/O data, the I/O data using a security key associated with the trusted application that is to process the I/O data and transmit the encrypted I/O data to the trusted application via the secured channel, wherein the secured channel has a data transfer rate that is higher than a data transfer rate of the unsecured channel between the I/O device and the I/O subsystem.