摘要:
A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.
摘要:
Instructions and logic provide advanced paging capabilities for secure enclave page caches. Embodiments include multiple hardware threads or processing cores, a cache to store secure data for a shared page address allocated to a secure enclave accessible by the hardware threads. A decode stage decodes a first instruction specifying said shared page address as an operand, and execution units mark an entry corresponding to an enclave page cache mapping for the shared page address to block creation of a new translation for either of said first or second hardware threads to access the shared page. A second instruction is decoded for execution, the second instruction specifying said secure enclave as an operand, and execution units record hardware threads currently accessing secure data in the enclave page cache corresponding to the secure enclave, and decrement the recorded number of hardware threads when any of the hardware threads exits the secure enclave.
摘要:
A protected graphics module can send its output to a display engine securely. Secure communications with the display can provide a level of confidentiality of content generated by protected graphics modules against software and hardware attacks.
摘要:
Embodiments of an invention for memory management in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction and a second instruction. The execution unit is to execute the first instruction, wherein execution of the first instruction includes allocating a page in an enclave page cache to a secure enclave. The execution unit is also to execute the second instruction, wherein execution of the second instruction includes confirming the allocation of the page.
摘要:
Embodiments of an invention for paging in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction. The execution unit is to execute the first instruction, wherein execution of the first instruction includes evicting a first page from an enclave page cache.
摘要:
A method and computing device for continuous multi-factor authentication are included in which a plurality of valid authentication credentials may be detected. Also, an authorized user may be detected within a viewing area. Additionally, an unauthorized object may be detected in the viewing area. Furthermore, a display device may be prevented from displaying content.
摘要:
A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.
摘要:
A system and method for supporting two infrared signaling protocols in a single computing device is provided. The computing system operates in a default mode unless a priority signaling request is generated by an application program. Priority signaling requests are given processing priority, and default mode transmission packets may be dropped during priority mode processing. Handling of dropped default mode packets is relinquished to an upper protocol layer of a network stack, which recovers and sends the dropped transmissions to the infrared device when the computing device returns to the default mode.
摘要:
Embodiments of an invention for logging in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction having an associated enclave page cache address. The execution unit is to execute the instruction without causing a virtual machine exit, wherein execution of the instruction includes logging the instruction and the associated enclave page cache address.
摘要:
A system and method including, in some embodiments, receiving a request for a graphics memory address for an input/output (I/O) device assigned to a virtual machine in a system that supports virtualization, and installing, in a graphics memory translation table, a physical guest graphics memory address to host physical memory address translation.