-
公开(公告)号:US20130262736A1
公开(公告)日:2013-10-03
申请号:US13436342
申请日:2012-03-30
申请人: Andrew KEGEL , Mark Hummel , Anthony Asaro
发明人: Andrew KEGEL , Mark Hummel , Anthony Asaro
CPC分类号: G06F12/1081 , G06F12/0888
摘要: The present system enables receiving a request from an I/O device to translate a virtual address to a physical address to access the page in system memory. One or more memory attributes of the page defining a cacheability characteristic of the page is identified. A response including the physical address and the cacheability characteristic of the page is sent to the I/O device.
摘要翻译: 本系统能够接收来自I / O设备的请求,以将虚拟地址转换为物理地址以访问系统存储器中的页面。 识别页面的一个或多个存储器属性来定义页面的可高速缓存性能。 包括页面的物理地址和缓存性能的响应被发送到I / O设备。
-
公开(公告)号:US20130138840A1
公开(公告)日:2013-05-30
申请号:US13308211
申请日:2011-11-30
申请人: Andrew Kegel , Mark Hummel , Anthony Asaro , Phillip Ng
发明人: Andrew Kegel , Mark Hummel , Anthony Asaro , Phillip Ng
IPC分类号: G06F13/28
CPC分类号: G06F13/28
摘要: The present system enables passing a pointer, associated with accessing data in a memory, to an input/output (I/O) device via an input/output memory management unit (IOMMU). The I/O device accesses the data in the memory via the IOMMU without copying the data into a local I/O device memory. The I/O device can perform an operation on the data in the memory based on the pointer, such that I/O device accesses the memory without expensive copies.
摘要翻译: 本系统使得能够通过输入/输出存储器管理单元(IOMMU)将与访问存储器中的数据相关联的指针传递到输入/输出(I / O)设备。 I / O设备通过IOMMU访问存储器中的数据,而不将数据复制到本地I / O设备存储器中。 I / O设备可以基于指针对存储器中的数据执行操作,使得I / O设备访问存储器而不需要昂贵的副本。
-
3.发明申请TRUSTED PLATFORM MODULE DATA HARMONIZATION DURING TRUSTED SERVER RENDEVOUS 有权TRUSTED平台模块数据协调在TRUSTED服务器RENDEVOUS期间公开(公告)号:US20070260545A1
公开(公告)日:2007-11-08
申请号:US11381237
申请日:2006-05-02
申请人: Steven Bade , Richard Dayan , James Hanna , Andrew Kegel
发明人: Steven Bade , Richard Dayan , James Hanna , Andrew Kegel
CPC分类号: G06F21/57 , G06F21/575 , H04L2463/101
摘要: Embodiments of the present invention address deficiencies of the art in respect to trusted platform module (TPM) unification in a trusted computing environment and provide a novel and non-obvious method, system and computer program product for trusted platform module data harmonization. In one embodiment of the invention, a TPM log harmonization method can include designating both a single master TPM for a master node among multiple nodes, and also a multiplicity of subsidiary TPMs for remaining ones of the nodes. The method further can include extending the single master TPM with a measurement representing a rendezvous operation for the nodes.
摘要翻译: 本发明的实施例解决了可信计算环境中可信任平台模块(TPM)统一方面的技术缺陷,并提供了一种用于可信平台模块数据协调的新颖且非显而易见的方法,系统和计算机程序产品。 在本发明的一个实施例中,TPM对数协调方法可以包括指定多个节点之间的主节点的单个主TPM,以及用于剩余节点的多个辅助TPM。 该方法还可以包括使用表示节点的会合操作的测量来扩展单个主TPM。
-
公开(公告)号:US20130145051A1
公开(公告)日:2013-06-06
申请号:US13309738
申请日:2011-12-02
申请人: Andrew Kegel , Mark Hummel
发明人: Andrew Kegel , Mark Hummel
IPC分类号: G06F3/00
CPC分类号: G06F13/28 , G06F12/1081 , G06F2212/151 , G06F2213/0058
摘要: A system is enabled for configuring an IOMMU to provide direct access to system memory data by at least one I/O device/peripheral. Further, the IOMMU is configured to pass a pointer to at least one I/O device without having to translate the pointer. Further, commands are sent from a process within a guest operating system (OS) directly to a peripheral without intervention from a hypervisor. Further, the IOMMU is configured to grant peripherals access permissions to memory blocks to maintain isolation among peripherals.
摘要翻译: 启用一个系统来配置IOMMU以通过至少一个I / O设备/外围设备直接访问系统内存数据。 此外,IOMMU被配置为将指针传递到至少一个I / O设备,而不必转换指针。 此外,命令从客户操作系统(OS)中的进程直接发送到外设,而无需管理程序的干预。 此外,IOMMU被配置为允许外设对存储器块的访问权限,以保持外设之间的隔离。
-
公开(公告)号:US20060090085A1
公开(公告)日:2006-04-27
申请号:US10971258
申请日:2004-10-23
申请人: Paul McKenney , Paul Landsberg , James Ward , Andrew Kegel
发明人: Paul McKenney , Paul Landsberg , James Ward , Andrew Kegel
IPC分类号: G06F12/14
CPC分类号: G06F21/86 , G06F2221/2143
摘要: Indicating when the cover for a computer chassis has been opened is disclosed. A computer of an embodiment of the invention includes a chassis and a basic input/output system (BIOS), or another type of firmware. The chassis has an openable cover, and circuitry indicating when the openable cover has been opened. The BIOS has a non-volatile memory in which a flag is set when the circuitry indicates that the openable cover has been opened. The computer may further include always-on circuitry, such as time-of-day and real-time clock circuitry, to which the circuitry indicating when the openable cover has been opened is electrically connected. The computer may also include one or more encryption and/or signing modules that encrypt and/or sign data according to one or more keys. The keys are rendered invalid when the cover of the chassis has been opened.
摘要翻译: 指出计算机机壳盖何时已打开。 本发明实施例的计算机包括底盘和基本输入/输出系统(BIOS)或其他类型的固件。 机箱具有可打开的盖子,电路指示何时打开盖子。 BIOS具有非易失性存储器,当电路指示可打开的盖已经打开时,其中标志被置位。 计算机可以进一步包括始终在线的电路,例如时间和实时时钟电路,电路指示何时可打开的盖已经被打开。 计算机还可以包括根据一个或多个密钥加密和/或签署数据的一个或多个加密和/或签名模块。 当机箱的盖子打开时,钥匙将无效。
-
6.发明申请Method and system for bootstrapping a trusted server having redundant trusted platform modules 失效用于引导具有冗余可信平台模块的可信服务器的方法和系统公开(公告)号:US20050257073A1
公开(公告)日:2005-11-17
申请号:US10835498
申请日:2004-04-29
申请人: Steven Bade , Linda Betz , Andrew Kegel , David Safford , Leendert Doorn
发明人: Steven Bade , Linda Betz , Andrew Kegel , David Safford , Leendert Doorn
CPC分类号: G06F21/575
摘要: Multiple trusted platform modules within a data processing system are used in a redundant manner that provides a reliable mechanism for securely storing secret data at rest that is used to bootstrap a system trusted platform module. A hypervisor requests each trusted platform module to encrypt a copy of the secret data, thereby generating multiple versions of encrypted secret data values, which are then stored within a non-volatile memory within the trusted platform. At some later point in time, the encrypted secret data values are retrieved, decrypted by the trusted platform module that performed the previous encryption, and then compared to each other. If any of the decrypted values do not match a quorum of values from the comparison operation, then a corresponding trusted platform module for a non-matching decrypted value is designated as defective because it has not been able to correctly decrypt a value that it previously encrypted.
摘要翻译: 以冗余的方式使用数据处理系统内的多个可信任的平台模块,其提供用于安全地存储用于引导系统可信平台模块的休息处的秘密数据的可靠机制。 管理程序请求每个可信平台模块加密秘密数据的副本,从而生成加密的秘密数据值的多个版本,然后存储在可信平台内的非易失性存储器中。 在稍后的时间点,加密的秘密数据值由执行先前加密的可信任平台模块进行解密,然后进行比较。 如果解密值中的任何一个与比较操作中的值的数量不匹配,则用于非匹配解密值的相应的可信平台模块被指定为有缺陷的,因为它不能正确解密其先前加密的值 。
-
公开(公告)号:US08719464B2
公开(公告)日:2014-05-06
申请号:US13308211
申请日:2011-11-30
申请人: Andrew Kegel , Mark Hummel , Anthony Asaro , Phillip Ng
发明人: Andrew Kegel , Mark Hummel , Anthony Asaro , Phillip Ng
CPC分类号: G06F13/28
摘要: The present system enables passing a pointer, associated with accessing data in a memory, to an input/output (I/O) device via an input/output memory management unit (IOMMU). The I/O device accesses the data in the memory via the IOMMU without copying the data into a local I/O device memory. The I/O device can perform an operation on the data in the memory based on the pointer, such that I/O device accesses the memory without expensive copies.
摘要翻译: 本系统使得能够通过输入/输出存储器管理单元(IOMMU)将与访问存储器中的数据相关联的指针传递到输入/输出(I / O)设备。 I / O设备通过IOMMU访问存储器中的数据,而不将数据复制到本地I / O设备存储器中。 I / O设备可以基于指针对存储器中的数据执行操作,使得I / O设备访问存储器而不需要昂贵的副本。
-
公开(公告)号:US20070198214A1
公开(公告)日:2007-08-23
申请号:US11355719
申请日:2006-02-16
申请人: Steven Bade , Andrew Kegel , Leendert Van Doorn
发明人: Steven Bade , Andrew Kegel , Leendert Van Doorn
IPC分类号: G21C17/00
CPC分类号: G06F21/577 , G06F11/3409 , G06F2201/81
摘要: A solution for evaluating trust in a computer infrastructure is provided. In particular, a plurality of computing devices in the computer infrastructure evaluate one or more other computing devices in the computer infrastructure based on a set of device measurements for the other computing device(s) and a set of reference measurements. To this extent, each of the plurality of computing devices also provides a set of device measurements for processing by the other computing device(s) in the computer infrastructure.
摘要翻译: 提供了一种评估计算机基础设施信任的解决方案。 特别地,计算机基础设施中的多个计算设备基于用于其他计算设备的一组设备测量值和一组参考测量结果来评估计算机基础结构中的一个或多个其他计算设备。 在这种程度上,多个计算设备中的每一个还提供一组设备测量值以供计算机基础设施中的其他计算设备处理。
-
公开(公告)号:US20130145055A1
公开(公告)日:2013-06-06
申请号:US13309753
申请日:2011-12-02
申请人: Andrew Kegel , Mark Hummel , Anthony Asaro , Phillip NG
发明人: Andrew Kegel , Mark Hummel , Anthony Asaro , Phillip NG
IPC分类号: G06F13/28
CPC分类号: G06F13/28 , G06F12/0223 , G06F12/1081 , G06F2213/0058
摘要: The present system enables an input/output (I/O) device to request memory for performing a direct memory access (DMA) of system memory. Further, the system uses an input/output memory management unit (IOMMU) to determine whether or not the system memory is available. The IOMMU notifies an operating system associated with the system memory if the system memory is not available, such that the operating system allocates non-system memory for use by the I/O device to perform the DMA.
摘要翻译: 本系统使得输入/输出(I / O)设备能够请求存储器来执行系统存储器的直接存储器访问(DMA)。 此外,系统使用输入/输出存储器管理单元(IOMMU)来确定系统存储器是否可用。 如果系统内存不可用,IOMMU将通知与系统内存相关联的操作系统,以便操作系统分配非系统内存供I / O设备使用以执行DMA。
-
公开(公告)号:US08244978B2
公开(公告)日:2012-08-14
申请号:US12707341
申请日:2010-02-17
申请人: Andrew Kegel , Mark Hummel , Erich Boleyn
发明人: Andrew Kegel , Mark Hummel , Erich Boleyn
IPC分类号: G06F12/00
CPC分类号: G06F12/1081 , G06F12/1027 , G06F2212/6028 , G06F2212/654
摘要: Embodiments allow a smaller, simpler hardware implementation of an input/output memory management unit (IOMMU) having improved translation behavior that is independent of page table structures and formats. Embodiments also provide device-independent structures and methods of implementation, allowing greater generality of software (fewer specific software versions, in turn reducing development costs).
摘要翻译: 实施例允许具有独立于页表结构和格式的改进的翻译行为的输入/输出存储器管理单元(IOMMU)的更小,更简单的硬件实现。 实施例还提供了与设备无关的结构和实现方法,允许更大程度的软件通用性(较少的特定软件版本,从而降低开发成本)。
-
-
-
-
-
-
-
-
-
搜索结果
13 条记录 (耗时 0.011 秒)
