-
公开(公告)号:US20240281302A1
公开(公告)日:2024-08-22
申请号:US18636749
申请日:2024-04-16
申请人: Intel Corporation
发明人: Reshma Lal , Pradeep Pappachan , Luis Kida , Soham Jayesh Desai , Sujoy Sen , Selvakumar Panneer , Robert Sharp
CPC分类号: G06F9/5083 , G06F9/3814 , G06F9/5027 , G06T1/20 , G06T1/60
摘要: An apparatus to facilitate disaggregated computing for a distributed confidential computing environment is disclosed. The apparatus includes one or more processors to: provide a remote GPU middleware layer to act as a proxy for an application stack on a client platform that is separate from the remote server platform, wherein the remote GPU middleware layer comprises is to expose an abstraction of the remote GPU to userspace components of a remote GPU stack, the userspace components running on the client machine; communicate with a kernel mode driver of the one or more processors to cause the host memory to be allocated for data structures used to communicate commands between the client and the remote GPU; and invoke the kernel mode driver to submit a workload generated by the application stack, the workload submitted for processing by the remote GPU using the data structures allocated in the host memory.
-
公开(公告)号:US11941457B2
公开(公告)日:2024-03-26
申请号:US17525143
申请日:2021-11-12
申请人: Intel Corporation
发明人: Reshma Lal , Pradeep Pappachan , Luis Kida , Soham Jayesh Desai , Sujoy Sen , Selvakumar Panneer , Robert Sharp
CPC分类号: G06F9/5083 , G06F9/3814 , G06F9/5027 , G06T1/20 , G06T1/60
摘要: An apparatus to facilitate disaggregated computing for a distributed confidential computing environment is disclosed. The apparatus includes a source remote direct memory access (RDMA) network interface controller (RNIC); a queue to store a data entry corresponding to an RDMA request between the source RNIC and a sink RNIC; a data buffer to store data for an RDMA transfer corresponding to the RDMA request, the RDMA transfer between the source RNIC and the sink RNIC; and a trusted execution environment (TEE) comprising an authentication tag controller to: initialize a first authentication tag calculated using a first key known between a source consumer generating the RDMA request and the source RNIC; associate the first authentication tag with the data entry as integrity verification; initialize a second authentication tag calculated using a second key; and associate the second authentication tag with the data buffer as integrity verification for the data buffer.
-
公开(公告)号:US11494523B2
公开(公告)日:2022-11-08
申请号:US16993469
申请日:2020-08-14
申请人: Intel Corporation
发明人: Abhishek Basak , Pradeep Pappachan , Siddhartha Chhabra , Alpa Narendra Trivedi , Erdem Aktas , Ravi Sahita
IPC分类号: G06F12/00 , G06F13/00 , G06F13/28 , G06F21/79 , G06F21/60 , G06F21/31 , G06F12/1081 , G06F12/14 , G06F21/57
摘要: An apparatus to facilitate security of a shared memory resource is disclosed. The apparatus includes a memory device to store memory data, wherein the memory device comprises a plurality of private memory pages associated with one or more trusted domains and a cryptographic engine to encrypt and decrypt the memory data, including a key encryption table having a key identifier associated with each trusted domain to access a private memory page, wherein a first key identifier is generated to perform direct memory access (DMA) transfers for each of a plurality of input/output (I/O) devices.
-
公开(公告)号:US20220100583A1
公开(公告)日:2022-03-31
申请号:US17532562
申请日:2021-11-22
申请人: Intel Corporation
发明人: Reshma Lal , Pradeep Pappachan , Luis Kida , Soham Jayesh Desai , Sujoy Sen , Selvakumar Panneer , Robert Sharp
摘要: An apparatus to facilitate disaggregated computing for a distributed confidential computing environment is disclosed. The apparatus includes a programmable integrated circuit (IC) comprising secure device manager (SDM) hardware circuitry to: receive a tenant bitstream of a tenant and a tenant use policy for utilization of the programmable IC via the tenant bitstream, wherein the tenant use policy is cryptographically bound to the tenant bitstream by a cloud service provider (CSP) authorizing entity and signed with a signature of the CSP authorizing entity; in response to successfully verifying the signature, extract the tenant use policy to provide to a policy manager of the programmable IC for verification; in response to the policy manager verifying the tenant bitstream based on the tenant use policy, configure a partial reconfiguration (PR) region of the programable IC using the tenant bitstream; and associate a slot ID of the PR region with the tenant use policy.
-
公开(公告)号:US20220100579A1
公开(公告)日:2022-03-31
申请号:US17525143
申请日:2021-11-12
申请人: Intel Corporation
发明人: Reshma Lal , Pradeep Pappachan , Luis Kida , Soham Jayesh Desai , Sujoy Sen , Selvakumar Panneer , Robert Sharp
摘要: An apparatus to facilitate disaggregated computing for a distributed confidential computing environment is disclosed. The apparatus includes a source remote direct memory access (RDMA) network interface controller (RNIC); a queue to store a data entry corresponding to an RDMA request between the source RNIC and a sink RNIC; a data buffer to store data for an RDMA transfer corresponding to the RDMA request, the RDMA transfer between the source RNIC and the sink RNIC; and a trusted execution environment (TEE) comprising an authentication tag controller to: initialize a first authentication tag calculated using a first key known between a source consumer generating the RDMA request and the source RNIC; associate the first authentication tag with the data entry as integrity verification; initialize a second authentication tag calculated using a second key; and associate the second authentication tag with the data buffer as integrity verification for the data buffer.
-
6.发明授权公开(公告)号:US11163913B2
公开(公告)日:2021-11-02
申请号:US16234871
申请日:2018-12-28
申请人: Intel Corporation
发明人: Luis Kida , Krystof Zmudzinski , Reshma Lal , Pradeep Pappachan , Abhishek Basak , Anna Trikalinou
摘要: Technologies for secure I/O include a compute device having a processor, a memory, an input/output (I/O) device, and a filter logic. The filter logic is configured to receive a first key identifier from the processor, wherein the first key identifier is indicative of a shared memory range includes a shared key identifier range to be used for untrusted I/O devices and receive a transaction from the I/O device, wherein the transaction includes a second key identifier and a trust device ID indicator associated with the I/O device. The filter logic is further configured to determine whether the transaction is asserted with the trust device ID indicator indicative of whether the I/O device is assigned to a trust domain and determine, in response to a determination that the transaction is not asserted with the trust device ID indicator, whether the second key identifier matches the first key identifier.
-
公开(公告)号:US20210318920A1
公开(公告)日:2021-10-14
申请号:US17304820
申请日:2021-06-25
申请人: Intel Corporation
发明人: Pradeep Pappachan , Sujoy Sen , Joseph Grecco , Mukesh Gangadhar Bhavani Venkatesan , Reshma Lal
IPC分类号: G06F9/54
摘要: A method of offloading performance of a workload includes receiving, on a first computing system acting as an initiator, a first function call from a caller, the first function call to be executed by an accelerator on a second computing system acting as a target, the first computing system coupled to the second computing system by a network; determining a type of the first function call; and generating a list of parameter values of the first function call.
-
公开(公告)号:US20190042805A1
公开(公告)日:2019-02-07
申请号:US15868634
申请日:2018-01-11
申请人: Intel Corporation
发明人: Soham Jayesh Desai , Reshma Lal , Pradeep Pappachan , Bin Xing
摘要: Technologies for secure enumeration of USB devices include a computing device having a USB controller and a trusted execution environment (TEE). The TEE may be a secure enclave protected secure enclave support of the processor. In response to a USB device connecting to the USB controller, the TEE sends a secure command to the USB controller to protect a device descriptor for the USB device. The secure command may be sent over a secure channel to a static USB device. A driver sends a get device descriptor request to the USB device, and the USB device responds with the device descriptor. The USB controller redirects the device descriptor to a secure memory buffer, which may be located in a trusted I/O processor reserved memory region. The TEE retrieves and validates the device descriptor. If validated, the TEE may enable the USB device for use. Other embodiments are described and claimed.
-
公开(公告)号:US11989595B2
公开(公告)日:2024-05-21
申请号:US17526097
申请日:2021-11-15
申请人: Intel Corporation
发明人: Reshma Lal , Pradeep Pappachan , Luis Kida , Soham Jayesh Desai , Sujoy Sen , Selvakumar Panneer , Robert Sharp
CPC分类号: G06F9/5083 , G06F9/3814 , G06F9/5027 , G06T1/20 , G06T1/60
摘要: An apparatus to facilitate disaggregated computing for a distributed confidential computing environment is disclosed. The apparatus includes one or more processors to: provide a remote GPU middleware layer to act as a proxy for an application stack on a client platform separate from the apparatus; communicate, by the remote GPU middleware layer, with a kernel mode driver of the one or more processors to cause the host memory to be allocated for command buffers and data structures received from the client platform for consumption by a command streamer of a remote GPU of the apparatus; and invoke, by the remote GPU middleware layer, the kernel mode driver to submit a workload generated by the application stack, the workload submitted for processing by the remote GPU using the command buffers and the data structures allocated in the host memory as directed by the command streamer.
-
公开(公告)号:US11593529B2
公开(公告)日:2023-02-28
申请号:US16687561
申请日:2019-11-18
申请人: Intel Corporation
发明人: Vedvyas Shanbhogue , Utkarsh Y. Kakaiya , Ravi Sahita , Abhishek Basak , Pradeep Pappachan , Erdem Aktas
摘要: Systems, apparatuses, methods, and computer-readable media are provided for device interface management. A device includes a device interface, a virtual machine (VM) includes a device driver, both to facilitate assignment of the device to the VM, access of the device by the VM, or removal of the device from being assigned to the VM. The VM is managed by a hypervisor of a computing platform coupled to the device by a computer bus. The device interface includes logic in support of a device management protocol to place the device interface in an unlocked state, a locked state to prevent changes to be made to the device interface, or an operational state to enable access to device registers of the device by the VM or direct memory access to memory address spaces of the VM, or an error state. Other embodiments may be described and/or claimed.
-
-
-
-
-
-
-
-
-
搜索结果
45 条记录 (耗时 0.021 秒)
