公开(公告)号：US10671547B2

公开(公告)日：2020-06-02

申请号：US15384267

申请日：2016-12-19

申请人： Patrick Koeberl ,  Steffen Schulz ,  Vedvyas Shanbhogue ,  Jason W. Brandt ,  Venkateswara R. Madduri ,  Sang W. Kim ,  Julien Carreno

发明人： Patrick Koeberl ,  Steffen Schulz ,  Vedvyas Shanbhogue ,  Jason W. Brandt ,  Venkateswara R. Madduri ,  Sang W. Kim ,  Julien Carreno

IPC分类号： G06F12/14 ,  G06F21/74 ,  G06F21/57 ,  G06F9/4401

摘要： Methods and apparatus relating to lightweight trusted tasks are disclosed. In one embodiment, a processor includes a memory interface to a memory to store code, data, and stack segments for a lightweight-trusted task (LTT) mode task and for another task, a LTT control and status register including a lock bit, a processor core to enable LTT-mode, configure the LTT-mode task, and lock down the configuration by writing the lock bit, and a memory protection circuit to: receive a memory access request from the memory interface, the memory access request being associated with the other task, determine whether the memory access request is attempting to access a protected memory region of the LTT-mode task, and protect against the memory access request accessing the protected memory region of the LTT-mode task, regardless of a privilege level of the other task, and regardless of whether the other task is also a LTT-mode task.

公开(公告)号：US20180285291A1

公开(公告)日：2018-10-04

申请号：US15476001

申请日：2017-03-31

申请人： Steffen Schulz ,  Patrick Koeberl ,  Vedvyas Shanbhogue ,  Jason W. Brandt ,  Venkateswara R. Madduri ,  Sang W. Kim ,  Julien Carreno

发明人： Steffen Schulz ,  Patrick Koeberl ,  Vedvyas Shanbhogue ,  Jason W. Brandt ,  Venkateswara R. Madduri ,  Sang W. Kim ,  Julien Carreno

IPC分类号： G06F13/24

摘要： Methods, apparatus, and system to create interrupts which are resolved at runtime relative to an active compartment. Active compartments may be, for example, a compartment of an operating system (“OS”) or a trusted execution environment (“TEE”). The context-specific interrupts comprise an interrupt dispatch table (“IDT”) for each compartment.

公开(公告)号：US20150032996A1

公开(公告)日：2015-01-29

申请号：US13952849

申请日：2013-07-29

申请人： Patrick Koeberl ,  Steffen Schulz

发明人： Patrick Koeberl ,  Steffen Schulz

IPC分类号： G06F9/38

CPC分类号： G06F12/1441 ,  G06F9/3005 ,  G06F9/3802 ,  G06F9/3824

摘要： Execution-Aware Memory protection technologies are described. A processor includes an instruction fetch unit to fetch instructions of applications executing in a multitasking environment and an execution unit to execute the instructions. A memory protection unit (MPU) enforces memory access control of the applications by defining an instruction region (I-space) and a data region (D-space and linking the I-space to the D-space. When the MPU determining whether an instruction address is within the I-space and whether a data address of a data access operation is within the D-space. The MPU issues a memory protection fault for the data access operation when either the instruction address is not within the I-space or the data address is not within the D-space.

摘要翻译： 执行意识描述内存保护技术。 处理器包括指令获取单元，用于获取在多任务环境中执行的应用的指令，以及执行单元来执行指令。 存储器保护单元（MPU）通过定义指令区域（I空间）和数据区域（D空间并将I空间链接到D空间）来强制应用程序的存储器访问控制，当MPU确定是否 指令地址在I空间内，数据访问操作的数据地址是否在D空间内，当指令地址不在I空间内时，MPU发出数据存取操作的存储器保护故障， 数据地址不在D空间内。

公开(公告)号：US20170187752A1

公开(公告)日：2017-06-29

申请号：US14998084

申请日：2015-12-24

申请人： Steffen Schulz ,  Manoj R. Sastry ,  Li Zhao ,  Patrick Koeberl

发明人： Steffen Schulz ,  Manoj R. Sastry ,  Li Zhao ,  Patrick Koeberl

IPC分类号： H04L29/06

CPC分类号： H04L63/20 ,  H04L63/0263

摘要： Systems, apparatuses and methods may provide for changing the execution mode of a device based on policy enforcement request that is received when the device is located proximately to a specific area. The policy enforcement request is verified with respect to a System on Chip (SoC) platform. An enforcement manager of the SoC platform may enforce the received policy enforcement request if verification is successful, and an attestation controller may report the enforced policy request and a status of the platform to an external device from which the policy request originates.

公开(公告)号：US09395993B2

公开(公告)日：2016-07-19

申请号：US13952849

申请日：2013-07-29

申请人： Patrick Koeberl ,  Steffen Schulz

发明人： Patrick Koeberl ,  Steffen Schulz

IPC分类号： G06F12/14 ,  G06F9/38

CPC分类号： G06F12/1441 ,  G06F9/3005 ,  G06F9/3802 ,  G06F9/3824

摘要： Execution-Aware Memory protection technologies are described. A processor includes an instruction fetch unit to fetch instructions of applications executing in a multitasking environment and an execution unit to execute the instructions. A memory protection unit (MPU) enforces memory access control of the applications by defining an instruction region (I-space) and a data region (D-space and linking the I-space to the D-space. When the MPU determining whether an instruction address is within the I-space and whether a data address of a data access operation is within the D-space. The MPU issues a memory protection fault for the data access operation when either the instruction address is not within the I-space or the data address is not within the D-space.

摘要翻译： 执行意识描述内存保护技术。 处理器包括指令获取单元，用于获取在多任务环境中执行的应用的指令，以及执行单元来执行指令。 存储器保护单元（MPU）通过定义指令区域（I空间）和数据区域（D空间并将I空间链接到D空间）来强制应用程序的存储器访问控制，当MPU确定是否 指令地址在I空间内，数据访问操作的数据地址是否在D空间内，当指令地址不在I空间内时，MPU发出数据存取操作的存储器保护故障， 数据地址不在D空间内。

公开(公告)号：US20220124009A1

公开(公告)日：2022-04-21

申请号：US17561061

申请日：2021-12-23

申请人： Thijs Metsch ,  Susanne M. Balle ,  Patrick Koeberl ,  Bin Li ,  Mark Yarvis ,  Adrian Hoban ,  Kshitij Arun Doshi ,  Francesc Guim Bernat ,  Cesar Martinez-Spessot ,  Mats Gustav Agerstam ,  Dario Nicolas Oliver ,  Marcos E. Carranza ,  John J. Browne ,  Mikko Ylinen ,  David Cremins

发明人： Thijs Metsch ,  Susanne M. Balle ,  Patrick Koeberl ,  Bin Li ,  Mark Yarvis ,  Adrian Hoban ,  Kshitij Arun Doshi ,  Francesc Guim Bernat ,  Cesar Martinez-Spessot ,  Mats Gustav Agerstam ,  Dario Nicolas Oliver ,  Marcos E. Carranza ,  John J. Browne ,  Mikko Ylinen ,  David Cremins

IPC分类号： H04L41/5054 ,  H04L47/72 ,  H04L43/08 ,  H04L41/5025

摘要： Various systems and methods for implementing intent-based orchestration in heterogenous compute platforms are described herein. An orchestration system is configured to: receive, at the orchestration system, a workload request for a workload, the workload request including an intent-based service level objective (SLO); generate rules for resource allocation based on the workload request; generate a deployment plan using the rules for resource allocation and the intent-based SLO; deploy the workload using the deployment plan; monitor performance of the workload using real-time telemetry; and modify the rules for resource allocation and the deployment plan based on the real-time telemetry.

公开(公告)号：US20220116455A1

公开(公告)日：2022-04-14

申请号：US17561334

申请日：2021-12-23

申请人： Arun Raghunath ,  Mohammad Chowdhury ,  Michael Mesnier ,  Ravishankar R. Iyer ,  Ian Adams ,  Thijs Metsch ,  John J. Browne ,  Adrian Hoban ,  Veeraraghavan Ramamurthy ,  Patrick Koeberl ,  Francesc Guim Bernat ,  Kshitij Arun Doshi ,  Susanne M. Balle ,  Bin Li

发明人： Arun Raghunath ,  Mohammad Chowdhury ,  Michael Mesnier ,  Ravishankar R. Iyer ,  Ian Adams ,  Thijs Metsch ,  John J. Browne ,  Adrian Hoban ,  Veeraraghavan Ramamurthy ,  Patrick Koeberl ,  Francesc Guim Bernat ,  Kshitij Arun Doshi ,  Susanne M. Balle ,  Bin Li

IPC分类号： H04L67/1097 ,  H04L67/146 ,  H04L67/52 ,  H04L9/40

摘要： Various systems and methods for implementing computational storage are described herein. An orchestrator system is configured to: receive, at the orchestrator system, a registration package, the registration package including function code, a logical location of input data for the function code, and an event trigger for the function code, the event trigger set to trigger in response to when the input data is modified; interface with a storage service, the storage service to monitor the logical location of the input data and notify a location service when the input data is modified; interface with the location service to obtain a physical location of the input data, the location service to resolve the physical location from the logical location of the input data; and configure the function code to execute near the input data

公开(公告)号：US09262256B2

公开(公告)日：2016-02-16

申请号：US14140243

申请日：2013-12-24

申请人： Sanu K. Mathew ,  Sudhir K. Satpathy ,  Patrick Koeberl ,  Jiangtao Li ,  Ram K. Krishnamurthy ,  Anand Rajan

发明人： Sanu K. Mathew ,  Sudhir K. Satpathy ,  Patrick Koeberl ,  Jiangtao Li ,  Ram K. Krishnamurthy ,  Anand Rajan

IPC分类号： G06F21/00 ,  H04L29/06 ,  G06F11/07 ,  G11C7/24 ,  G11C7/00 ,  G06F7/58 ,  H04L9/34

CPC分类号： G06F11/0793 ,  G06F7/00 ,  G06F7/588 ,  G06F11/0745 ,  G11C7/24 ,  H04L9/3278 ,  H04L9/34

摘要： Dark-bit masking technologies for physically unclonable function (PUF) components are described. A computing system includes a processor core and a secure key manager component coupled to the processor core. The secure key manager includes the PUF component, and a dark-bit masking circuit coupled to the PUF component. The dark-bit masking circuit is to measure a PUF value of the PUF component multiple times during a dark-bit window to detect whether the PUF value of the PUF component is a dark bit. The dark bit indicates that the PUF value of the PUF component is unstable during the dark-bit window. The dark-bit masking circuit is to output the PUF value as an output PUF bit of the PUF component when the PUF value is not the dark bit and set the output PUF bit to be a specified value when the PUF value of the PUF component is the dark bit.

摘要翻译： 描述了用于物理不可克隆功能（PUF）组件的暗位掩蔽技术。 计算系统包括处理器核心和耦合到处理器核心的安全密钥管理器组件。 安全密钥管理器包括PUF组件和耦合到PUF组件的暗位屏蔽电路。 暗位掩蔽电路是在暗位窗口期间多次测量PUF分量的PUF值，以检测PUF分量的PUF值是否为暗位。 暗位表示PUF组件的PUF值在暗位窗口期间不稳定。 当PUF值不是暗位时，暗位屏蔽电路将输出PUF值作为PUF分量的输出PUF位，并且当PUF分量的PUF值为 黑暗的一点

公开(公告)号：US20150188717A1

公开(公告)日：2015-07-02

申请号：US14141226

申请日：2013-12-26

申请人： Wei WU ,  Jiangtao Li ,  Patrick Koeberl

发明人： Wei WU ,  Jiangtao Li ,  Patrick Koeberl

IPC分类号： H04L9/32

CPC分类号： H04L9/3278 ,  G09C1/00 ,  H03K19/003 ,  H04L9/0866

摘要： Embodiments of an invention for using physically unclonable function redundant bits are disclosed. In one embodiment, an integrated circuit includes a PUF cell array and redundancy logic. The PUF cell array includes a plurality of redundant cells and is to provide a raw PUF value. The redundancy logic is to generate a redirection list to be used to replace each of one or more bits of the raw PUF value with a redundant bit value from one of the redundant cells.

摘要翻译： 公开了用于使用物理上不可克隆的功能冗余位的发明的实施例。 在一个实施例中，集成电路包括PUF单元阵列和冗余逻辑。 PUF单元阵列包括多个冗余单元并且提供原始PUF值。 冗余逻辑是生成一个重定向列表，用于使用来自冗余单元之一的冗余比特值来替换原始PUF值的一个或多个比特中的每一个。

公开(公告)号：US20140189890A1

公开(公告)日：2014-07-03

申请号：US13730469

申请日：2012-12-28

申请人： Patrick Koeberl ,  Jiangtao Li

发明人： Patrick Koeberl ,  Jiangtao Li

IPC分类号： G06F21/70

CPC分类号： G06F21/70 ,  G06F21/44 ,  G06F21/73 ,  G09C1/00 ,  H04L9/0866 ,  H04L2209/12

摘要： At least one machine accessible medium having instructions stored thereon for authenticating a hardware device is provided. When executed by a processor, the instructions cause the processor to receive two or more device keys from a physically unclonable function (PUF) on the hardware device, generate a device identifier from the two or more device keys, obtain a device certificate from the hardware device, perform a verification of the device identifier, and provide a result of the device identifier verification. In a more specific embodiment, the instructions cause the processor to perform a verification of a digital signature in the device certificate and to provide a result of the digital signature verification. The hardware device may be rejected if at least one of the device identifier verification and the digital signature verification fails.

摘要翻译： 提供了至少一个具有存储在其上用于认证硬件设备的指令的机器可访问介质。 当处理器执行时，指令使处理器从硬件设备上的物理不可克隆功能（PUF）接收两个或多个设备密钥，从两个或多个设备密钥生成设备标识符，从硬件获得设备证书 设备，执行设备标识符的验证，并提供设备标识符验证的结果。 在更具体的实施例中，指令使处理器执行设备证书中的数字签名的验证并提供数字签名验证的结果。 如果设备标识符验证和数字签名验证中的至少一个失败，则硬件设备可能被拒绝。