公开(公告)号：US10996969B1

公开(公告)日：2021-05-04

申请号：US15825068

申请日：2017-11-28

Applicant: Amazon Technologies, Inc.

Inventor： Jason Alexander Harland ,  Matthew Shawn Wilson ,  Anthony Nicholas Liguori ,  Erez Tsidon

IPC: G06F9/455 ,  G06F13/42 ,  G06F13/10

Abstract: A server computer toggles between a protected mode and an unprotected mode. In the protected mode, users are unable to access configuration information due to a Base Address Register (BAR) being cleared. However, a service provider can access a Trusted Platform Module (TPM) through an Application Program Interface (API) request. In an unprotected mode, the BAR is programmed so that users can access the configuration information, but the TPM is blocked. Blocking of the TPM is achieved by changing a configuration file, which changes an overall image of the card. With the modified image not matching an original image, the TPM blocks access to data, such as encryption keys. Separate interfaces can be used for user access (PCIe) and service provider access (Ethernet) to the server computer. The server computer can then be toggled back to the protected mode by switching the configuration file to the original configuration file.

公开(公告)号：US10891140B1

公开(公告)日：2021-01-12

申请号：US16144267

申请日：2018-09-27

Applicant: Amazon Technologies, Inc.

Inventor： Alex Levin ,  Georgy Zorik Machulsky ,  Idan Aharoni ,  Barak Wasserstrom ,  Erez Tsidon

IPC: G06F9/455 ,  G06F9/445

Abstract: Configuration snapshots can be obtained from various connected devices, such as network interface cards or hardware offload devices, to determine whether the configuration matches expected values. If discrepancies are determined then the appropriate values can be automatically applied to those devices. For each type and version of device, there can be a set of expected configuration values, or a golden model of configuration, that is determined and stored. The models can also be used to test updated configuration values, as the new values can be pushed to a subset of devices and the impact on performance determined. If acceptable performance improvement is detected, or another such target achieved, then the golden model can be updated with the new values and those values can be pushed out to the remainder of the devices.

公开(公告)号：US12216921B1

公开(公告)日：2025-02-04

申请号：US17710489

申请日：2022-03-31

Applicant: Amazon Technologies, Inc.

Inventor： Erez Tsidon ,  Ori Cohen ,  Barak Wasserstrom ,  Andrew Robert Sinton ,  Asaf Modelevsky ,  Moshe Raz

IPC: G06F3/06

Abstract: Technologies are disclosed for using hardware-embedded monitors to monitor pages of local memory and detect attribute violations or other unauthorized operations relating to the memory. The attribute violations may include mismatches of attributes (e.g., designating a page as writeable versus executable or vice versa) in entries in a translation buffer that point to a same physical address or other mismatches between designations of attributes for a page in physical and virtual space. Responsive to detecting a violation, an alert or other mitigation protocol, which may include an audit of activities surrounding the violation, may be performed.