-
公开(公告)号:US10768863B2
公开(公告)日:2020-09-08
申请号:US15476693
申请日:2017-03-31
Applicant: INTEL CORPORATION
Inventor: Rajesh Poornachandran , Vincent J. Zimmer , Ned M. Smith , Nadhiya Chandramohan
Abstract: Techniques related to preventing unauthorized access to a computing device are disclosed. The techniques include a machine-readable medium, on which are stored instructions, comprising instructions that when executed cause a device to identify a host hardware configuration, obtain a policy based on the host hardware configuration, monitor two or more memory transactions based on the policy, identify, based on the memory transactions, a memory transaction pattern, wherein the memory transaction pattern is associated with an attempt to obtain unauthorized access to the device, and take one or more actions to interfere with attempts to obtain unauthorized access to the device based on the policy.
-
公开(公告)号:US10684865B2
公开(公告)日:2020-06-16
申请号:US16410252
申请日:2019-05-13
Applicant: Intel Corporation
Inventor: Kevin Y. Li , Vincent J. Zimmer , Xiaohu Zhou , Ping Wu , Zijian You , Michael A. Rothman
IPC: G06F21/74 , G06F9/4401 , G06F9/455 , H04L9/08
Abstract: The present application is directed to access isolation for multi-operating system devices. In general, a device may be configured using firmware to accommodate more than one operating system (OS) operating concurrently on the device or to transition from one OS to another. An access isolation module (AIM) in the firmware may determine a device equipment configuration and may partition the equipment for use by multiple operating systems. The AIM may disable OS-based equipment sensing and may allocate at least a portion of the equipment to each OS using customized tables. When transitioning between operating systems, the AIM may help to ensure that information from one OS is not accessible to others. For example, the AIM may detect when a foreground OS is to be replaced by a background OS, and may protect (e.g., lockout or encrypt) the files of the foreground OS prior to the background OS becoming active.
-
公开(公告)号:US10592670B2
公开(公告)日:2020-03-17
申请号:US15195320
申请日:2016-06-28
Applicant: Intel Corporation
Inventor: Rajesh Poornachandran , Vincent J. Zimmer , Mingqiu Sun , Gopinatth Selvaraje
Abstract: Technologies for configuring a launch enclave include a computing device having a processor with secure enclave support. A trusted execution environment (TEE) of the computing device stores a launch enclave hash in a launch enclave hash table in secure storage and provisions the launch enclave hash to platform firmware at runtime. The TEE may receive the launch enclave hash via trusted I/O. The platform firmware sets a configure enclave launch bit and resets the computing device. On reset, the TEE determines whether the launch enclave hash is allowed for launch. The TEE may evaluate one or more launch configuration policies and may select a launch enclave hash based on the launch configuration policies. If allowed, the platform firmware writes the launch enclave hash to a model-specific register of the processor, and the launch enclave may be loaded and verified with the launch enclave hash. Other embodiments are described and claimed.
-
公开(公告)号:US10585702B2
公开(公告)日:2020-03-10
申请号:US14171509
申请日:2014-02-03
Applicant: Intel Corporation
Inventor: Vincent J. Zimmer , Michael A. Rothman , Mark Doran
Abstract: In some embodiments, the invention involves partitioning resources of a manycore platform for simultaneous use by multiple clients, or adding/reducing capacity to a single client. Cores and resources are activated and assigned to a client environment by reprogramming the cores' route tables and source address decoders. Memory and I/O devices are partitioned and securely assigned to a core and/or a client environment. Instructions regarding allocation or reallocation of resources is received by an out-of-band processor having privileges to reprogram the chipsets and cores. Other embodiments are described and claimed.
-
公开(公告)号:US10552613B2
公开(公告)日:2020-02-04
申请号:US15715773
申请日:2017-09-26
Applicant: INTEL CORPORATION
Inventor: Krishnakumar Narasimhan , Sudhakar Otturu , Karunakara Kotary , Vincent J. Zimmer
Abstract: A computing device that implements a secure and transparent firmware update process is provided. The computing device includes a secure memory area and a secure device that separately executes firmware updates in parallel with other processes executed by a CPU. The secure memory area may be allocated by the CPU and/or a memory controller using any of a variety of memory protection techniques. System software executed by the CPU receives update firmware requests from a trusted source, stores a firmware payload included in these requests in the secure memory area, and executes the next scheduled process. Firmware executed by the secure device retrieves the firmware payload from the secure memory area, authenticates the firmware payload, and applies the firmware payload to a firmware storage device. The secure device performs these acts transparently from the point of view of the CPU, these avoiding consumption of resources of the CPU.
-
Patent Agency Ranking
公开(公告)号:US10372491B2
公开(公告)日:2019-08-06
申请号:US15553481
申请日:2015-03-23
Applicant: Intel Corporation
Inventor: Vincent J. Zimmer , Jiewen Yao , Sarathy Jayakumar , Robert C. Swanson , Rajesh Poornachandran , Gopinatth Selvaraje , Mingqiu Sun , John S. Howard , Eugene Gorbatov
IPC: G06F9/48 , G06F9/46 , G06F1/3287 , G06F9/50 , G06F1/16 , G06F1/3215 , G06F1/3293
Abstract: Methods, apparatuses and storage medium associated with migration between processors by a computing device are disclosed. In various embodiments, a portable electronic device having an internal processor and internal memory may be attached to a dock. The dock may include another processor as well other memory. The attachment of the dock to the portable electronic device may cause an interrupt. In response to this interrupt, a state associated with the internal processor may be copied to the other memory of the dock. Instructions for the computing device may then be executed using the other processor of the dock. Other embodiments may be disclosed or claimed.
-
公开(公告)号:US10289425B2
公开(公告)日:2019-05-14
申请号:US14772605
申请日:2014-03-19
Applicant: Intel Corporation
Inventor: Kevin Y. Li , Vincent J. Zimmer , Xiaohu Zhou , Ping Wu , Zijian You , Michael A. Rothman
IPC: G06F21/74 , G06F9/4401 , G06F9/455 , H04L9/08
Abstract: The present application is directed to access isolation for multi-operating system devices. In general, a device may be configured using firmware to accommodate more than one operating system (OS) operating concurrently on the device or to transition from one OS to another. An access isolation module (AIM) in the firmware may determine a device equipment configuration and may partition the equipment for use by multiple operating systems. The AIM may disable OS-based equipment sensing and may allocate at least a portion of the equipment to each OS using customized tables. When transitioning between operating systems, the AIM may help to ensure that information from one OS is not accessible to others. For example, the AIM may detect when a foreground OS is to be replaced by a background OS, and may protect (e.g., lockout or encrypt) the files of the foreground OS prior to the background OS becoming active.
-
公开(公告)号:US10275598B2
公开(公告)日:2019-04-30
申请号:US14679145
申请日:2015-04-06
Applicant: Intel Corporation
Inventor: Vincent J. Zimmer , Bryant E. Bigbee , Andrew J. Fish , Mark S. Doran
IPC: G06F21/57 , G06F9/4401
Abstract: In one embodiment, the present invention includes a method to establish a secure pre-boot environment in a computer system and performs at least one secure operation in the secure environment. In one embodiment, the secure operation may be storage of a secret in the secure pre-boot environment.
-
公开(公告)号:US10218508B2
公开(公告)日:2019-02-26
申请号:US15917360
申请日:2018-03-09
Applicant: Intel Corporation
Inventor: Vincent J. Zimmer , Rajesh Poornachandran , Mingqiu Sun , Gopinatth Selvaraje
Abstract: Methods and apparatus to provide isolated execution environments are disclosed. An example apparatus includes a machine status register to determine whether excess micro operations are available during an instruction cycle to execute a pico-application in response to a request for computing provided by a host application. The pico-application is a fragment of microcode. The microcode comprises a plurality of micro operations. The machine status register is also to determine whether space is available in a memory to load the pico-application. The example apparatus also includes a loader to load a virtual machine and the pico-application into the memory in response to the excess micro operations and the space in the memory being available. The virtual machine validates the pico-application and loads the pico-application into the memory. The example apparatus also includes a processor to execute the pico-application via the excess micro operations.
-
公开(公告)号:US20190004825A1
公开(公告)日:2019-01-03
申请号:US15638741
申请日:2017-06-30
Applicant: Intel Corporation
Inventor: Ravi Poovalur Rangarajan , Xiang Ma , Vincent J. Zimmer
Abstract: Technologies for optimization of a memory controller include a computing device having a memory manager, a memory trainer, and a platform firmware. The memory manager reserves a space in memory of the computing device that is inaccessible to an operating system of the computing device. The memory trainer utilizes the reserved space to perform a memory training to determine configuration settings of the memory controller. After the configuration settings of the memory controller have been determined, the platform firmware configures the memory controller with the determined configuration settings.
-
-
-
-
-
-
-
-
-
Search Results
149
records
(took 0.025 seconds)
