公开(公告)号：US20240243913A1

公开(公告)日：2024-07-18

申请号：US18560368

申请日：2021-11-23

Applicant: Intel Corporation

Inventor： Junyuan WANG ,  Kapil SOOD ,  Brian WILL ,  Thomas Joseph O'DWYER ,  Zijuan FAN ,  Kaijie GUO ,  Maksim LUKOSHKOV ,  Seosamh O'RIORDAIN ,  Jun XU ,  Guodong ZHU ,  Siming WAN

IPC: H04L9/30

CPC classification number: H04L9/3066 ,  H04L9/302

Abstract: Methods and apparatus for customers key protection for cloud native deployments. Compute resources for a compute platform comprising platform hardware including one or more processors are allocated to one or more customers that use the compute resources to execute applications and/or services used to perform customer workloads. The compute platform includes a per-part device key that is used to generate hardware protected key used by the applications and services. Mechanisms are provided to ensure hardware protected keys can only be accessed by associated customers and/or customer applications and services, while preventing other customers and/or applications and services from accessing the hardware protected keys. The hardware protected keys include keys employing various forms of RSA and ECC Wrapped Private Keys (WPKs) including RSA WPKs, RSA Chinese Remainder Theorem CRT WPK and ECC WPKs.

公开(公告)号：US20210149821A1

公开(公告)日：2021-05-20

申请号：US17133503

申请日：2020-12-23

Applicant: Intel Corporation

Inventor： Bo CUI ,  Chris M. WOLF ,  Ren WANG ,  Kaijie GUO

IPC: G06F12/1045 ,  G06F12/02 ,  G06F9/50

Abstract: Examples described herein relate to an apparatus comprising: at least one processor, when operational, to: perform a command to submit a work descriptor to a device, wherein: submission of the work descriptor causes an attempt to perform a substitution of an address in the work descriptor before submitting the work descriptor to the device. In some examples, the address comprises a guest virtual address (GVA) and the substitution of an address comprises replacement of the GVA with a host physical address (HPA) corresponding to the GVA. In some examples, the at least one processor is to: substitute the address in the work descriptor with an address translation of the address in the work descriptor if the address translation is available for access by a processor that performs the command.

公开(公告)号：US20240118913A1

公开(公告)日：2024-04-11

申请号：US18283205

申请日：2021-03-26

Applicant: Intel Corporation

Inventor： Kaijie GUO ,  Junyuan WANG ,  Maksim LUKOSHKOV ,  Weigang LI ,  Xin ZENG

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/45579 ,  G06F2009/45583 ,  G06F2009/45591

Abstract: An apparatus and method to implement shared virtual memory in a trust zone. For example, one embodiment of a processor comprises: a plurality of cores; a memory controller coupled to the plurality of cores to establish a first private memory region in a system memory using a first key associated with a first trust domain of a first guest; an input/output memory management unit (IOMMU) coupled to the memory controller, the IOMMU to receive a memory access request by an input/output (IO) device, the memory access request comprising a first address space identifier and a guest virtual address (GVA), the IOMMU to access an entry in a first translation table using at least the first address space identifier to determine that the memory access request is directed to the first private memory region which is not directly accessible to the IOMMU, the IOMMU to generate an address translation request associated with the memory access request, wherein based on the address translation request, a virtual machine monitor (VMM) running on one or more of the plurality of cores is to initiate a secure transaction sequence with trust domain manager to cause a secure entry into the first trust domain to translate the GVA to a physical address based on the address space identifier, the IOMMU to receive the physical address from the VMM and to use the physical address to perform the requested memory access on behalf of the IO device.

公开(公告)号：US20240020241A1

公开(公告)日：2024-01-18

申请号：US18254322

申请日：2020-12-24

Applicant: Intel Corporation

Inventor： Kaijie GUO ,  Weigang LI ,  Junyuan WANG ,  Bo CUI ,  Mithilesh K. DAS ,  Amit K. WARDHAN ,  Zijuan FAN ,  Maojun JI ,  Qianjun XIE ,  Tingqiang CHU

IPC: G06F12/1081

CPC classification number: G06F12/1081 ,  G06F2212/657

Abstract: Apparatus and method for performing address pre-translation to enhance direct memory access by hardware subsystems is described herein. An apparatus embodiment includes a processor to execute an enqueue instruction to submit, to a hardware subsystem, a job descriptor describing a job to be performed. The job descriptor includes virtual addresses of memory locations in which data required to perform the job are stored. An input-output memory management unit (IOMMU) is to obtain the address translations for the virtual addresses responsive to a pre-translation request from the processor. The address translations is obtained by the IOMMU prior to receiving a memory access request from the hardware subsystem. The IOMMU is to retrieve the data from the memory location using the address translations and to provide the retrieved data to the hardware subsystem to fulfill the request.