公开(公告)号：US20190278911A1

公开(公告)日：2019-09-12

申请号：US16280351

申请日：2019-02-20

Applicant: Intel Corporation

Inventor： Pradeep M. Pappachan ,  Reshma Lal ,  Bin Xing ,  Siddhartha Chhabra ,  Vincent R. Scarlata ,  Steven B. McGowan

IPC: G06F21/57 ,  G06F13/28 ,  G06F21/60

Abstract: Technologies for trusted I/O attestation and verification include a computing device with a cryptographic engine and one or more I/O controllers. The computing device collects hardware attestation information associated with statically attached hardware I/O components that are associated with a trusted I/O usage protected by the cryptographic engine. The computing device verifies the hardware attestation information and securely enumerates one or more dynamically attached hardware components in response to verification. The computing device collects software attestation information for trusted software components loaded during secure enumeration. The computing device verifies the software attestation information. The computing device may collect firmware attestation information for firmware loaded in the I/O controllers and verify the firmware attestation information. The computing device may collect application attestation information for a trusted application that uses the trusted I/O usage and verify the application attestation information. Other embodiments are described and claimed.

公开(公告)号：US20190156038A1

公开(公告)日：2019-05-23

申请号：US16260850

申请日：2019-01-29

Applicant: Intel Corporation

Inventor： Pradeep M. Pappachan ,  Reshma Lal ,  Bin Xing ,  Siddhartha Chhabra ,  Vincent R. Scarlata ,  Steven B. McGowan

IPC: G06F21/57 ,  G06F13/28 ,  G06F21/60

Abstract: Technologies for trusted I/O attestation and verification include a computing device with a cryptographic engine and one or more I/O controllers. The computing device collects hardware attestation information associated with statically attached hardware I/O components that are associated with a trusted I/O usage protected by the cryptographic engine. The computing device verifies the hardware attestation information and securely enumerates one or more dynamically attached hardware components in response to verification. The computing device collects software attestation information for trusted software components loaded during secure enumeration. The computing device verifies the software attestation information. The computing device may collect firmware attestation information for firmware loaded in the I/O controllers and verify the firmware attestation information. The computing device may collect application attestation information for a trusted application that uses the trusted I/O usage and verify the application attestation information. Other embodiments are described and claimed.

公开(公告)号：US10181946B2

公开(公告)日：2019-01-15

申请号：US14974956

申请日：2015-12-18

Applicant: Intel Corporation

Inventor： Reshma Lal ,  Steven B. McGowan ,  Siddhartha Chhabra ,  Gideon Gerzon ,  Bin Xing ,  Pradeep M. Pappachan ,  Reouven Elbaz

IPC: H04L9/06 ,  G06F13/28 ,  H04L9/08 ,  H04L9/32

Abstract: Technologies for cryptographic protection of I/O data include a computing device with one or more I/O controllers. Each I/O controller may generate a direct memory access (DMA) transaction that includes a channel identifier that is indicative of the I/O controller and that is indicative of an I/O device coupled to the I/O controller. The computing device intercepts the DMA transaction and determines whether to protect the DMA transaction as a function of the channel identifier. If so, the computing device performs a cryptographic operation using an encryption key associated with the channel identifier. The computing device may include a cryptographic engine that intercepts the DMA transaction and determines whether to protect the DMA transaction by determining whether the channel identifier matches an entry in a channel identifier table of the cryptographic engine. Other embodiments are described and claimed.

公开(公告)号：US20170364689A1

公开(公告)日：2017-12-21

申请号：US15628012

申请日：2017-06-20

Applicant: Intel Corporation

Inventor： Pradeep M. Pappachan ,  Reshma Lal ,  Siddhartha Chhabra ,  Gideon Gerzon ,  Baruch Chaikin ,  Bin Xing ,  William A. Stevens, JR.

IPC: G06F21/60 ,  G06F21/57 ,  H04L9/32

CPC classification number: G06F21/602 ,  G06F13/20 ,  G06F13/28 ,  G06F21/51 ,  G06F21/57 ,  G06F21/6218 ,  G06F21/6281 ,  G06F21/85 ,  G09C1/00 ,  H04L9/0637 ,  H04L9/32 ,  H04L9/3242 ,  H04L63/12 ,  H04L63/126

Abstract: Technologies for securely binding a manifest to a platform include a computing device having a security engine and a field-programmable fuse. The computing device receives a platform manifest indicative of a hardware configuration of the computing device and a manifest hash. The security engine of the computing device blows a bit of a field programmable fuse and then stores the manifest hash and a counter value of the field-programmable fuse in integrity-protected non-volatile storage. In response to a platform reset, the security engine verifies the stored manifest hash and counter value and then determines whether the stored counter value matches the field-programmable fuse. If verified and current, trusted software may calculate a hash of the platform manifest and compare the calculated hash to the stored manifest hash. If matching, the platform manifest may be used to discover platform hardware. Other embodiments are described and claimed.

公开(公告)号：US20170026171A1

公开(公告)日：2017-01-26

申请号：US14974956

申请日：2015-12-18

Applicant: Intel Corporation

Inventor： Reshma Lal ,  Steven B. McGowan ,  Siddhartha Chhabra ,  Gideon Gerzon ,  Bin Xing ,  Pradeep M. Pappachan ,  Reouven Elbaz

IPC: H04L9/06 ,  G06F13/28 ,  H04L9/08

CPC classification number: H04L9/0631 ,  G06F13/28 ,  H04L9/0618 ,  H04L9/0822 ,  H04L9/3242

Abstract: Technologies for cryptographic protection of I/O data include a computing device with one or more I/O controllers. Each I/O controller may be coupled to one or more I/O devices. Each I/O controller may generate a direct memory access (DMA) transaction that includes a channel identifier that is indicative of the I/O controller and that is indicative of an I/O device coupled to the I/O controller. The computing device intercepts the DMA transaction and determines whether to protect the DMA transaction as a function of the channel identifier. If so, the computing device performs a cryptographic operation using an encryption key associated with the channel identifier. The computing device may include a cryptographic engine that intercepts the DMA transaction and determines whether to protect the DMA transaction by determining whether the channel identifier matches an entry in a channel identifier table of the cryptographic engine. Other embodiments are described and claimed.

Abstract translation: 用于I / O数据加密保护的技术包括具有一个或多个I / O控制器的计算设备。 每个I / O控制器可以耦合到一个或多个I / O设备。 每个I / O控制器可以生成包括指示I / O控制器并且指示耦合到I / O控制器的I / O设备的信道标识符的直接存储器访问（DMA）事务。 计算设备拦截DMA事务，并根据信道标识确定是否保护DMA事务。 如果是这样，则计算设备使用与该信道标识符相关联的加密密钥来执行密码操作。 计算设备可以包括密码引擎，其拦截DMA事务并且通过确定信道标识符是否匹配密码引擎的信道标识符表中的条目来确定是否保护DMA事务。 描述和要求保护其他实施例。