-
公开(公告)号:US09811475B2
公开(公告)日:2017-11-07
申请号:US13538154
申请日:2012-06-29
CPC分类号: G06F12/1408 , G06F1/3206 , G06F1/3237 , G06F1/3243 , G06F1/3287 , G06F9/4418 , G06F21/57 , G06F21/6209 , G06F21/81 , G06F2221/2107 , G06F2221/2143 , Y02D10/128 , Y02D10/152 , Y02D10/171 , Y02D50/20
摘要: Methods and apparatus for a secure sleep state are disclosed. An example method includes, in response to an initiation of a sleep state of a computing platform, encrypting a memory of the computing platform; and decrypting the memory when resuming the computing platform from the sleep state, wherein placing the computing platform in the sleep state includes powering down a portion of the computing platform and preserving a state of the computing platform.
-
公开(公告)号:US20140006799A1
公开(公告)日:2014-01-02
申请号:US13538154
申请日:2012-06-29
IPC分类号: G06F12/14
CPC分类号: G06F12/1408 , G06F1/3206 , G06F1/3237 , G06F1/3243 , G06F1/3287 , G06F9/4418 , G06F21/57 , G06F21/6209 , G06F21/81 , G06F2221/2107 , G06F2221/2143 , Y02D10/128 , Y02D10/152 , Y02D10/171 , Y02D50/20
摘要: Methods and apparatus for a secure sleep state are disclosed. An example method includes, in response to an initiation of a sleep state of a computing platform, encrypting a memory of the computing platform; and decrypting the memory when resuming the computing platform from the sleep state, wherein placing the computing platform in the sleep state includes powering down a portion of the computing platform and preserving a state of the computing platform.
摘要翻译: 公开了用于安全睡眠状态的方法和装置。 响应于计算平台的睡眠状态的启动,示例性方法包括加密计算平台的存储器; 以及当将所述计算平台从所述睡眠状态恢复时将所述存储器解密,其中将所述计算平台置于所述睡眠状态包括关闭所述计算平台的一部分并且保留所述计算平台的状态。
-
公开(公告)号:US20170371803A1
公开(公告)日:2017-12-28
申请号:US15647179
申请日:2017-07-11
IPC分类号: G06F12/1009 , G06F12/14 , G06F9/455 , G06F12/1036
摘要: An apparatus and method for efficient guest EPT manipulation. For example, one embodiment of a apparatus comprises: a hypervisor to create extended page table (EPT) mappings between a guest physical address (GPA) space and a host physical address (HPA) space; the hypervisor to create an EPT edit table and populate the EPT edit table with information related to permitted mappings between the GPA space and HPA space; a guest to read the EPT edit table to determine information related to the permitted mappings between the GPA space and HPA space, the guest to use the information to map one or more pages in the GPA space to one or more pages in the HPA space.
-
4.发明授权公开(公告)号:US07428609B2
公开(公告)日:2008-09-23
申请号:US11321330
申请日:2005-12-29
IPC分类号: G06F12/00
CPC分类号: G06F8/656
摘要: Disclosed is a method and system to partition hardware resources between operating systems. A determination is made whether a first PCI resource attached to a line of a bus is to be sequestered to a service operating system (OS). If so, the first PCI resource is sequestered to the service OS. It is next determined whether at least one other PCI resource shares the same line of the bus as the sequestered first PCI resource. If so, the at least one other PCI resource is selected and sequestered to the service OS. The first PCI resource and the other sequestered PCI resource are then hidden from a subsequently loaded host OS.
摘要翻译: 公开了一种在操作系统之间分配硬件资源的方法和系统。 确定附加到总线的第一PCI资源是否被隔离到服务操作系统(OS)。 如果是这样,第一个PCI资源被隔离到服务操作系统。 接下来确定至少一个其他PCI资源是否共享与隔离的第一PCI资源相同的总线线路。 如果是,则至少另外一个PCI资源被选择并隔离到服务OS。 然后,第一个PCI资源和另一个隔离的PCI资源将从随后加载的主机操作系统中隐藏起来。
-
公开(公告)号:US10437733B2
公开(公告)日:2019-10-08
申请号:US15647179
申请日:2017-07-11
IPC分类号: G06F12/10 , G06F12/1009 , G06F12/1036 , G06F12/14 , G06F9/455
摘要: An apparatus and method for efficient guest EPT manipulation. For example, one embodiment of a apparatus comprises: a hypervisor to create extended page table (EPT) mappings between a guest physical address (GPA) space and a host physical address (HPA) space; the hypervisor to create an EPT edit table and populate the EPT edit table with information related to permitted mappings between the GPA space and HPA space; a guest to read the EPT edit table to determine information related to the permitted mappings between the GPA space and HPA space, the guest to use the information to map one or more pages in the GPA space to one or more pages in the HPA space.
-
公开(公告)号:US20170054557A1
公开(公告)日:2017-02-23
申请号:US14829340
申请日:2015-08-18
申请人: Carlos V. Rozas , Mona Vij , Rebekah M. Leslie-Hurd , Krystof C. Zmudzinski , Somnath Chakrabarti , Francis X. McKeen , Vincent R. Scarlata , Simon P. Johnson , Ilya Alexandrovich
发明人: Carlos V. Rozas , Mona Vij , Rebekah M. Leslie-Hurd , Krystof C. Zmudzinski , Somnath Chakrabarti , Francis X. McKeen , Vincent R. Scarlata , Simon P. Johnson , Ilya Alexandrovich
CPC分类号: H04L9/0891 , G06F9/45558 , G06F2009/45575 , G06F2009/45587 , H04L63/061 , H04L63/10 , H04L67/34
摘要: A processor to support platform migration of secure enclaves is disclosed. In one embodiment, the processor includes a memory controller unit to access secure enclaves and a processor core coupled to the memory controller unit. The processor core to identify a control structure associated with a secure enclave. The control structure comprises a plurality of data slots and keys associated with a first platform comprising the memory controller unit and the processor core. A version of data from the secure enclave is associated with the plurality of data slots. Migratable keys are generated as a replacement for the keys associated with the control structure. The migratable keys control access to the secure enclave. Thereafter, the control structure is migrated to a second platform to enable access to the secure enclave on the second platform.
摘要翻译: 公开了一种用于支持安全飞行器的平台迁移的处理器。 在一个实施例中,处理器包括存储器控制器单元以访问安全的包围层和耦合到存储器控制器单元的处理器核心。 处理器核心,用于识别与安全飞地相关联的控制结构。 控制结构包括与包括存储器控制器单元和处理器核心的第一平台相关联的多个数据时隙和密钥。 来自安全飞地的数据的版本与多个数据时隙相关联。 生成可迁移键作为与控制结构相关联的键的替代。 可移植键控制对安全飞地的访问。 此后,将控制结构迁移到第二平台以使得能够访问第二平台上的安全飞地。
-
7.发明申请公开(公告)号:US20160179696A1
公开(公告)日:2016-06-23
申请号:US14581654
申请日:2014-12-23
CPC分类号: G06F12/1009 , G06F9/45558 , G06F12/1036 , G06F12/145 , G06F12/1475 , G06F2009/45583 , G06F2009/45587 , G06F2212/1052 , G06F2212/657
摘要: An apparatus and method for efficient guest EPT manipulation. For example, one embodiment of a apparatus comprises: a hypervisor to create extended page table (EPT) mappings between a guest physical address (GPA) space and a host physical address (HPA) space; the hypervisor to create an EPT edit table and populate the EPT edit table with information related to permitted mappings between the GPA space and HPA space; a guest to read the EPT edit table to determine information related to the permitted mappings between the GPA space and HPA space, the guest to use the information to map one or more pages in the GPA space to one or more pages in the HPA space.
摘要翻译: 一种用于有效访客EPT操作的设备和方法。 例如,设备的一个实施例包括:管理程序,用于在客户物理地址(GPA)空间和主机物理地址(HPA)空间之间创建扩展页表(EPT)映射; 创建EPT编辑表的管理程序,并填充与GPA空间和HPA空间之间允许的映射相关的信息的EPT编辑表; 客人阅读EPT编辑表以确定与GPA空间和HPA空间之间允许的映射相关的信息,客人将使用该信息将GPA空间中的一个或多个页面映射到HPA空间中的一个或多个页面。
-
8.发明申请Method and apparatus for managing power from a sequestered partition of a processing system 有权用于从处理系统的隔离分区管理电力的方法和装置公开(公告)号:US20070266265A1
公开(公告)日:2007-11-15
申请号:US11496906
申请日:2006-07-31
IPC分类号: G06F1/00
CPC分类号: G06F1/3203 , G06F1/3228 , G06F1/329 , G06F9/5077 , Y02D10/22 , Y02D10/24 , Y02D10/36
摘要: A processing system may include a first processing unit for a legacy partition and a second processing unit for a sequestered partition. In one embodiment, a first interrupt handler in the legacy partition may support power management for the first processing unit. A second interrupt handler in the sequestered partition may cause the sequestered partition to take control of power management hardware in the processing system when the legacy partition enters reduced power mode. For example, the second interrupt handler may program the power management hardware to route interrupts to the second processing unit. The sequestered partition may relinquish control of power management hardware to the legacy partition when the legacy partition exits reduced power mode. A power policy manager in the sequestered partition may support features such as wake for incoming communications, wake to record, etc. Other embodiments are described and claimed.
摘要翻译: 处理系统可以包括用于传统分区的第一处理单元和用于隔离分区的第二处理单元。 在一个实施例中,传统分区中的第一中断处理程序可以支持第一处理单元的电源管理。 隔离分区中的第二个中断处理程序可能导致隔离分区在传统分区进入降低功耗模式时控制处理系统中的电源管理硬件。 例如,第二中断处理程序可以对电源管理硬件进行编程,以将中断路由到第二处理单元。 当传统分区退出降低功耗模式时,隔离分区可放弃对旧分区的电源管理硬件的控制。 隔离分区中的电力策略管理器可以支持诸如进入通信的唤醒,唤醒记录等功能。其它实施例被描述和要求保护。
-
公开(公告)号:US20150143118A1
公开(公告)日:2015-05-21
申请号:US14127533
申请日:2013-06-04
CPC分类号: H04L63/0428 , H04L9/14 , H04L9/3223 , H04L63/062 , H04L63/08 , H04L2209/60
摘要: The present disclosure is directed to an end-to-end secure communication system wherein, in addition to encrypting transmissions between clients, communication-related operations occurring within each client may also be secured. Each client may comprise a secure processing environment to process encrypted communication information received from other clients and locally-captured media information for transmission to other clients. The secure processing environment may include resources to decrypt received encrypted communication information and to process the communication information into media information for presentation by the client. The secure processing environment may also operate in reverse to provide locally recorded audio, image, video, etc. to other clients. Encryption protocols may be employed at various stages of information processing in the client to help ensure that information being transferred between the processing resources cannot be read, copied, altered, etc. In one example implementation, a server may manage interaction between clients, provision encryption keys, etc.
摘要翻译: 本公开涉及一种端到端安全通信系统,其中除了加密客户端之间的传输之外,还可以确保在每个客户端内发生的与通信相关的操作。 每个客户端可以包括用于处理从其他客户端接收的加密通信信息和本地捕获的媒体信息以便传输到其他客户端的安全处理环境。 安全处理环境可以包括用于解密所接收的加密通信信息并将通信信息处理成媒体信息以供客户呈现的资源。 安全处理环境也可以相反地操作,以向其他客户端提供本地记录的音频,图像,视频等。 可以在客户端的信息处理的各个阶段采用加密协议,以帮助确保在处理资源之间传递的信息不能被读取,复制,改变等。在一个示例实现中,服务器可以管理客户端之间的交互,提供加密 钥匙等
-
10.发明授权Method and apparatus for managing power from a sequestered partition of a processing system 有权用于从处理系统的隔离分区管理电力的方法和装置公开(公告)号:US08301917B2
公开(公告)日:2012-10-30
申请号:US12849627
申请日:2010-08-03
CPC分类号: G06F1/3203 , G06F1/3228 , G06F1/329 , G06F9/5077 , Y02D10/22 , Y02D10/24 , Y02D10/36
摘要: A processing system may include a first processing unit for a legacy partition and a second processing unit for a sequestered partition. In one embodiment, a first interrupt handler in the legacy partition may support power management for the first processing unit. A second interrupt handler in the sequestered partition may cause the sequestered partition to take control of power management hardware in the processing system when the legacy partition enters reduced power mode. For example, the second interrupt handler may program the power management hardware to route interrupts to the second processing unit. The sequestered partition may relinquish control of power management hardware to the legacy partition when the legacy partition exits reduced power mode. A power policy manager in the sequestered partition may support features such as wake for incoming communications, wake to record, etc. Other embodiments are described and claimed.
摘要翻译: 处理系统可以包括用于传统分区的第一处理单元和用于隔离分区的第二处理单元。 在一个实施例中,传统分区中的第一中断处理程序可以支持第一处理单元的电源管理。 隔离分区中的第二个中断处理程序可能导致隔离分区在传统分区进入降低功耗模式时控制处理系统中的电源管理硬件。 例如,第二中断处理程序可以对电源管理硬件进行编程,以将中断路由到第二处理单元。 当传统分区退出降低功耗模式时,隔离分区可放弃对旧分区的电源管理硬件的控制。 隔离分区中的电力策略管理器可以支持诸如进入通信的唤醒,唤醒记录等功能。其它实施例被描述和要求保护。
-
-
-
-
-
-
-
-
-
搜索结果
17 条记录 (耗时 0.032 秒)
