-
公开(公告)号:US20230089869A1
公开(公告)日:2023-03-23
申请号:US18070655
申请日:2022-11-29
申请人: Intel Corporation
发明人: Furkan Turan , Patrick Koeberl , Alpa Trivedi , Steffen Schulz , Scott Weber
IPC分类号: G06F21/85 , G06F30/398 , G06N3/04 , H04L9/08 , G06F9/30 , G06F9/50 , G06F15/177 , G06F15/78 , H04L9/40 , G06F11/07 , G06F30/331 , G06F9/38 , G06F11/30
摘要: An apparatus to facilitate scalable runtime validation for on-device design rule checks is disclosed. The apparatus includes a memory to store a contention set, multiplexers, and a validator. In one implementation, the validator is to: receive design rule information for the multiplexers, the design rule information referencing the contention set, wherein the contention set identifies a determined harmful bitstream configuration for each multiplexer instance of the multiplexers, and wherein the contention set comprises a mapping of contents of a user bitstream to configuration bits of the multiplexers; receive, at the validator of the apparatus, the user bitstream for programming the multiplexers of the apparatus; analyze, at the validator using the design rule information, the user bitstream against the contention set at a programming time of the apparatus; and provide an error indication responsive to identifying a match between the user bitstream and the contention set.
-
公开(公告)号:US20230068607A1
公开(公告)日:2023-03-02
申请号:US18049781
申请日:2022-10-26
申请人: Intel Corporation
发明人: Steffen Schulz , Alpa Trivedi , Patrick Koeberl
IPC分类号: G06F21/85 , G06F30/398 , G06N3/04 , H04L9/08 , G06F9/30 , G06F9/50 , G06F15/177 , G06F15/78 , H04L9/40 , G06F11/07 , G06F30/331 , G06F9/38 , G06F11/30
摘要: An apparatus to facilitate transparent network access controls for spatial accelerator device multi-tenancy is disclosed. The apparatus includes a secure device manager (SDM) to: establish a network-on-chip (NoC) communication path in the apparatus, the NoC communication path comprising a plurality of NoC nodes for ingress and egress of communications on the NoC communication path; for each NoC node of the NoC communication path, configure a programmable register of the NoC node to indicate a node group that the NoC node is assigned, the node group corresponding to a persona configured on the apparatus; determine whether a prefix of received data at the NoC node matches the node group indicated by the programmable register of the NoC; and responsive to determining that the prefix does not match the node group, discard the data from the NoC node.
-
公开(公告)号:US20210150033A1
公开(公告)日:2021-05-20
申请号:US17129243
申请日:2020-12-21
申请人: Intel Corporation
发明人: Alpa Trivedi , Steffen Schulz , Patrick Koeberl
IPC分类号: G06F21/57 , G06F21/44 , G06F30/331 , G06F9/38
摘要: An apparatus to facilitate enabling late-binding of security features via configuration security controller for accelerator devices is disclosed. The apparatus includes a security controller to initialize as part of a secure boot and attestation chain of trust; receive configuration data for portions of the security controller, the portions comprising components of the security controller capable of re-programming; verify and validate the configuration data to as originating from a secure and trusted source; and responsive to successful verification and validation of the configuration data, re-program the portions of the security controller based on the configuration data.
-
公开(公告)号:US20210112073A1
公开(公告)日:2021-04-15
申请号:US17129223
申请日:2020-12-21
申请人: Intel Corporation
发明人: Steffen Schulz , Alpa Trivedi , Patrick Koeberl
摘要: An apparatus to facilitate broadcast remote sealing for scalable trusted execution environment provisioning is disclosed. The apparatus includes one or more processors to: request a group status report to confirm a status of a group of trusted execution platforms from a cloud service provider (CSP) providing scalable runtime validation for on-device design rule checks; validate, by a tenant, a minimum trusted computing base (TCB) declared with the group status report; determine, based on validation of the minimum TCB, whether a set of group members of the group of trusted execution platforms satisfies security requirements of the tenant; responsive to the set of group members satisfying the security requirement, utilize a group public key to encrypt a workload of the tenant; and send the encrypted workload to the CSP for storage by the CSP and subsequent execution by an execution platform of the group using a private group key.
-
公开(公告)号:US20210110099A1
公开(公告)日:2021-04-15
申请号:US17132306
申请日:2020-12-23
申请人: Intel Corporation
发明人: Furkan Turan , Patrick Koeberl , Alpa Trivedi , Steffen Schulz , Scott Weber
IPC分类号: G06F30/398
摘要: An apparatus to facilitate scalable runtime validation for on-device design rule checks is disclosed. The apparatus includes a memory to store a contention set, one or more multiplexors, and a validator communicably coupled to the memory. In one implementation, the validator is to: receive design rule information for the one or more multiplexers, the design rule information referencing the contention set; analyze, using the design rule information, a user bitstream against the contention set at a programming time of the apparatus, the user bitstream for programming the one or more multiplexors; and provide an error indication responsive to identifying a match between the user bitstream and the contention set.
-
公开(公告)号:US11637868B2
公开(公告)日:2023-04-25
申请号:US17133803
申请日:2020-12-24
申请人: Intel Corporation
发明人: Vincent Scarlata , Alpa Trivedi , Reshma Lal
摘要: Attestation support in cloud computing environments is described. An example of an apparatus includes one or more processors to process data, including data related to hosting of workloads for one or more tenants; an orchestration element to receive a request for support of a workload of a tenant according to a selected membership policy, the orchestration element to select a set of one or more compute nodes to provide computation for the workload; and a security manager to receive the membership policy and to receive attestations from the selected compute nodes and, upon determining that the attestations meet the requirements of the membership policy, to add the one or more compute nodes to a group of compute nodes to provide computation for the workload.
-
公开(公告)号:US20220222203A1
公开(公告)日:2022-07-14
申请号:US17712350
申请日:2022-04-04
申请人: Intel Corporation
发明人: Alpa Trivedi , Carlos Rozas
IPC分类号: G06F15/78 , G06F30/398 , G06N3/04 , H04L9/08 , G06F9/30 , G06F9/50 , G06F15/177 , H04L9/40 , G06F11/07 , G06F30/331 , G06F9/38
摘要: An apparatus to facilitate enabling stateless accelerator designs shared across mutually-distrustful tenants is disclosed. The apparatus includes a fully-homomorphic encryption (FHE)-capable circuitry to establish a secure session with a trusted environment executing on a host device communicably coupled to the apparatus; generate, as part of establishing the secure session, per-tenant FHE keys for each tenant utilizing the FHE-capable circuitry, the per-tenant FHE keys utilized to encrypt tenant data provided to an FHE-capable compute kernel of the FHE-capable circuitry; process tenant data that is in an FHE-encrypted format encrypted with a per-tenant FHE key of the per-tenant FHE keys; and store the tenant data that is in the FHE-encrypted format encrypted with the per-tenant FHE key of the per-tenant FHE keys.
-
公开(公告)号:US20220206764A1
公开(公告)日:2022-06-30
申请号:US17133880
申请日:2020-12-24
申请人: Intel Corporation
发明人: Vincent Scarlata , Alpa Trivedi , Reshma Lal , Marcela S. Melara , Michael Steiner , Anjo Vahldiek-Oberwagner
IPC分类号: G06F8/40
摘要: Attestation of operations by tool chains is described. An example of a storage medium includes instructions for receiving source code for processing of a secure workload of a tenant; selecting at least a first compute node to provide computation for the workload; processing the source code by an attestable tool chain to generate machine code for the first compute node, including performing one or more conversions of the source code by one or more convertors to generate converted code and generating an attestation associated with each code conversion, and receiving machine code for the first compute node and generating an attestation associated with the first compute node; and providing each of the attestations from the first stage and the second stage for verification.
-
公开(公告)号:US20210117268A1
公开(公告)日:2021-04-22
申请号:US17132221
申请日:2020-12-23
申请人: Intel Corporation
发明人: Patrick Koeberl , Scott Weber , Alpa Trivedi , Steffen Schulz , Sriram Vangal
摘要: An apparatus to facilitate runtime fault detection, fault location, and circuit recovery in an accelerator device is disclosed. In one implementation, the accelerator device comprises a sensor network comprising a plurality of sensors; a secure device manager (SDM); and a sensor aggregator communicably coupled to the sensor network and the SDM. In one implementation, the sensor aggregator can receive sensor data from the sensor network; analyze the sensor data to detect a fault condition; determine a spatial location of the fault condition based on the sensor data; and generate an event for the SDM to cause the SDM to mitigate the fault condition.
-
10.
公开(公告)号:US20210110069A1
公开(公告)日:2021-04-15
申请号:US17129250
申请日:2020-12-21
申请人: Intel Corporation
发明人: Alpa Trivedi , Scott Weber , Steffen Schulz , Patrick Koeberl
摘要: An apparatus to facilitate enabling secure state-clean during configuration of partial reconfiguration bitstreams on accelerator devices is disclosed. The apparatus includes a security engine to receive an incoming partial reconfiguration (PR) bitstream corresponding to a new PR persona to configure a region of the apparatus; perform, as part of a PR configuration sequence for the new PR persona, a first clear operation to clear previously-set persona configuration bits in the region; perform, as part of the PR configuration sequence subsequent to the first clear operation, a set operation to set new persona configuration bits in the region; and perform, as part of the PR configuration sequence, a second clear operation to clear memory blocks of the region that became unfrozen subsequent to the set operation, the second clear operation performed using a persona-dependent mask corresponding to the new PR persona.
-
-
-
-
-
-
-
-
-