公开(公告)号：US11055401B2

公开(公告)日：2021-07-06

申请号：US15720083

申请日：2017-09-29

Applicant: Intel Corporation

Inventor： Mingwei Zhang ,  Mingqiu Sun ,  Ravi L. Sahita ,  Chunhui Zhang ,  Xiaoning Li

IPC: H04L29/00 ,  G06F21/53 ,  G06F8/41 ,  G06F9/38 ,  G06F21/12

Abstract: Technologies for untrusted code execution include a computing device having a processor with sandbox support. The computing device executes code included in a native domain in a non-privileged, native processor mode. The computing device may invoke a sandbox jump processor instruction during execution of the code in the native domain to enter a sandbox domain. The computing device executes code in the sandbox domain in a non-privileged, sandbox processor mode in response to invoking the sandbox jump instruction. While executing in the sandbox processor mode, the processor denies access to memory outside of the sandbox domain and may deny execution of one or more prohibited instructions. From the sandbox domain, the computing device may execute a sandbox exit instruction to exit the sandbox domain and resume execution in the native domain. The computing device may execute processor instructions to configure the sandbox domain. Other embodiments are described and claimed.

公开(公告)号：US10831508B2

公开(公告)日：2020-11-10

申请号：US16307126

申请日：2016-07-22

Applicant: Intel Corporation

Inventor： Ligang Wang ,  Daoming Qiu ,  Yi Zhang ,  Mingqiu Sun ,  Haiwei Zhou

IPC: G06F9/445 ,  G06F8/61

Abstract: Apparatuses, methods and storage medium associated with installing and executing an application program on an embedded system are described herein. In embodiments, an embedded system may include an application management program and an application execution program to install an application program onto the embedded system. The application management program is to verify metadata associated with the application program, in response to a first request to install the application program on the embedded system; and the application execution program is to verify the application program, in response to a second request, subsequent to the first request, to verify the application program. Other aspects and embodiments may be described and/or claimed.

公开(公告)号：US10601955B2

公开(公告)日：2020-03-24

申请号：US15428274

申请日：2017-02-09

Applicant: Intel Corporation

Inventor： Vincent J. Zimmer ,  Rajesh Poornachandran ,  Ned M. Smith ,  Mingqiu Sun ,  Gopinatth Selvaraje

IPC: H04L29/08 ,  H04L29/06 ,  H04L12/24

Abstract: An automated method for distributed and redundant firmware evaluation involves using a first interface that is provided by system firmware of a client device to obtain, at an evaluation server, a first firmware resource table (FRT) from the client device. The evaluation server also uses a second interface that is provided by a component of the client device other than the system firmware to obtain a second FRT from the client device. The evaluation server automatically uses the first and second FRTs to identify a trustworthy FRT among the first and second FRTs. The evaluation server automatically uses the trustworthy FRT to determine whether the client device should be updated. For instance, the evaluation server may automatically use the trustworthy FRT to determine whether firmware in the client device should be updated. Other embodiments are described and claimed.

公开(公告)号：US20180329737A1

公开(公告)日：2018-11-15

申请号：US15775982

申请日：2015-12-18

Applicant: Intel Corporation

Inventor： Yao Zu Dong ,  Yuyang Du ,  Mingqiu Sun

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F9/455 ,  G06F9/5077 ,  G06F2009/4557 ,  G06F2009/45583 ,  G06F2009/45595

Abstract: A virtual machine migration controller may perform the live migration of a plurality of virtual machines from a first physical host system to a second physical host system. The virtual machine migration controller may determine a memory page dirty rate for each of a plurality of virtual machines. The virtual machine migration controller may additionally identify virtual machines that share memory pages and/or map to different memory pages having, at least in part, identical data or information. The virtual machine migration controller may group virtual machines demonstrating commonality among mapped memory pages. The virtual machine migration controller may determine a projected migration time based on the dirtying rate, the commonality of memory pages, and the available bandwidth. The virtual machine migration controller orders and transfers virtual machine groups based on the projected migration time.

公开(公告)号：US20170372076A1

公开(公告)日：2017-12-28

申请号：US15195320

申请日：2016-06-28

Applicant: Intel Corporation

Inventor： Rajesh Poornachandran ,  Vincent J. Zimmer ,  Mingqiu Sun ,  Gopinatth Selvaraje

IPC: G06F21/57 ,  H04L9/32

CPC classification number: G06F21/575 ,  G06F9/44 ,  G06F9/4401 ,  G06F21/53 ,  G06F21/74 ,  G06F2221/034 ,  H04L9/0897 ,  H04L9/3268

Abstract: Technologies for configuring a launch enclave include a computing device having a processor with secure enclave support. A trusted execution environment (TEE) of the computing device stores a launch enclave hash in a launch enclave hash table in secure storage and provisions the launch enclave hash to platform firmware at runtime. The TEE may receive the launch enclave hash via trusted I/O. The platform firmware sets a configure enclave launch bit and resets the computing device. On reset, the TEE determines whether the launch enclave hash is allowed for launch. The TEE may evaluate one or more launch configuration policies and may select a launch enclave hash based on the launch configuration policies. If allowed, the platform firmware writes the launch enclave hash to a model-specific register of the processor, and the launch enclave may be loaded and verified with the launch enclave hash. Other embodiments are described and claimed.

公开(公告)号：US09626227B2

公开(公告)日：2017-04-18

申请号：US14671077

申请日：2015-03-27

Applicant: Intel Corporation

Inventor： Mingqiu Sun ,  Rajesh Poornachandran ,  Vincent J. Zimmer ,  Gopinatth Selvaraje ,  Uttam K. Sengupta

IPC: G06F9/46 ,  G06F15/173 ,  G06F1/26 ,  G06F9/50 ,  G06N99/00

CPC classification number: G06F9/5094 ,  G06F9/5044 ,  G06F2209/509 ,  G06N99/005 ,  Y02D10/22

Abstract: Technologies for transferring offloading or on-loading data or tasks between a processor and a coprocessor include a computing device having a processor and a sensor hub that includes a coprocessor. The coprocessor receives sensor data associated with one or more sensors and detects events associated with the sensor data. The coprocessor determines frequency, resource usage cost, and power state transition cost for the events. In response to an offloaded task request from the processor, the coprocessor determines an aggregate load value based on the frequency, resource usage cost, and power state transition cost, and determines whether to accept the offloaded task request based on the aggregate load value. The aggregate load value may be determined as an exponential moving average. The coprocessor may determine whether to accept the offloaded task request based on a principal component analysis of the events. Other embodiments are described and claimed.

公开(公告)号：US11847206B2

公开(公告)日：2023-12-19

申请号：US17367106

申请日：2021-07-02

Applicant: Intel Corporation

Inventor： Mingwei Zhang ,  Mingqiu Sun ,  Ravi L. Sahita ,  Chunhui Zhang ,  Xiaoning Li

IPC: H04L29/00 ,  G06F21/53 ,  G06F8/41 ,  G06F9/38 ,  G06F21/12

CPC classification number: G06F21/53 ,  G06F8/441 ,  G06F9/3836 ,  G06F21/126 ,  G06F2221/2143

Abstract: Technologies for untrusted code execution include a computing device having a processor with sandbox support. The computing device executes code included in a native domain in a non-privileged, native processor mode. The computing device may invoke a sandbox jump processor instruction during execution of the code in the native domain to enter a sandbox domain. The computing device executes code in the sandbox domain in a non-privileged, sandbox processor mode in response to invoking the sandbox jump instruction. While executing in the sandbox processor mode, the processor denies access to memory outside of the sandbox domain and may deny execution of one or more prohibited instructions. From the sandbox domain, the computing device may execute a sandbox exit instruction to exit the sandbox domain and resume execution in the native domain. The computing device may execute processor instructions to configure the sandbox domain. Other embodiments are described and claimed.

公开(公告)号：US20230018149A1

公开(公告)日：2023-01-19

申请号：US17950773

申请日：2022-09-22

Applicant: Intel Corporation

Inventor： Mingqiu Sun ,  Rajesh Poornachandran ,  Vincent Zimmer ,  Gopinatth Selvaraje

IPC: G06F8/41 ,  G06F8/76

Abstract: Systems and methods for code generation for a plurality of architectures. At a host architecture, a JIT compile operation is performed for a received JavaScript or Web Assembly file. The JIT compiler references a host library that has been updated to include at least one new JIT instruction. Output from the JIT compile operation is compiled machine code for the host architecture that has new opcodes (OPX) added, responsive to the new JIT instruction. The JIT compiler executes the opcodes (OPX) in XuCode mode, meaning that the host architecture switches into a hardware protected private ISA (Instruction Set Architecture) called XuCode to implement the new JIT opcode instruction in XuCode.

公开(公告)号：US11487517B2

公开(公告)日：2022-11-01

申请号：US16232372

申请日：2018-12-26

Applicant: INTEL CORPORATION

Inventor： Mingqiu Sun ,  Rajesh Poornachandran ,  Vincent J. Zimmer ,  Ned M. Smith ,  Gopinatth Selvaraje

IPC: G06F9/44 ,  G06F8/41 ,  G06F9/455 ,  G06F21/57 ,  G06F9/50 ,  G06F21/53 ,  G06F21/62 ,  G06F21/00

Abstract: Various embodiments are generally directed to techniques for supporting the distributed execution of a task routine among multiple secure controllers incorporated into multiple computing devices. An apparatus includes a first processor component and first secure controller of a first computing device, where the first secure controller includes: a selection component to select the first secure controller or a second secure controller of a second computing device to compile a task routine based on a comparison of required resources to compile the task routine and available resources of the first secure controller; and a compiling component to compile the task routine into a first version of compiled routine for execution within the first secure controller by the first processor component and a second version for execution within the second secure controller by a second processor component in response to selection of the first secure controller. Other embodiments are described and claimed.

公开(公告)号：US11074092B2

公开(公告)日：2021-07-27

申请号：US15775982

申请日：2015-12-18

Applicant: Intel Corporation

Inventor： Yao Zu Dong ,  Yuyang Du ,  Mingqiu Sun

IPC: G06F9/455 ,  G06F9/50

Abstract: A virtual machine migration controller may perform the live migration of a plurality of virtual machines from a first physical host system to a second physical host system. The virtual machine migration controller may determine a memory page dirty rate for each of a plurality of virtual machines. The virtual machine migration controller may additionally identify virtual machines that share memory pages and/or map to different memory pages having, at least in part, identical data or information. The virtual machine migration controller may group virtual machines demonstrating commonality among mapped memory pages. The virtual machine migration controller may determine a projected migration time based on the dirtying rate, the commonality of memory pages, and the available bandwidth. The virtual machine migration controller orders and transfers virtual machine groups based on the projected migration time.