摘要:
In one embodiment, a processor includes a microcode storage including processor instructions to create and execute a hidden resource manager (HRM) to execute in a hidden environment that is not visible to system software. The processor may further include an extend register to store security information including a measurement of at least one kernel code module of the hidden environment and a status of a verification of the at least one kernel code module. Other embodiments are described and claimed.
摘要:
Methods and apparatus relating to processor extensions for execution of secure embedded containers are described. In an embodiment, a scalable solution for manageability function is provided, e.g., for UMPC environments or otherwise where utilizing a dedicated processor or microcontroller for manageability is inappropriate or impractical. For example, in an embodiment, an OS (Operating System) or VMM (Virtual Machine Manager) Independent (generally referred to herein as “OI”) architecture involves creating one or more containers on a processor by dynamically partitioning resources (such as processor cycles, memory, devices) between the HOST OS/VMM and the OI container. Other embodiments are also described and claimed.
摘要翻译:描述与用于执行安全嵌入式容器的处理器扩展有关的方法和装置。 在一个实施例中,提供了用于可管理性功能的可扩展解决方案,例如对于UMPC环境,或者其他利用专用处理器或微控制器进行可管理性是不合适或不切实际的。 例如,在一个实施例中,OS(操作系统)或VMM(虚拟机管理器)独立(本文通常称为“OI”)架构涉及通过动态地划分资源(例如处理器周期)来在处理器上创建一个或多个容器 ,内存,设备)在HOST OS / VMM和OI容器之间。 还描述和要求保护其他实施例。
摘要:
Methods and apparatus relating to processor extensions for execution of secure embedded containers are described. In an embodiment, a scalable solution for manageability function is provided, e.g., for UMPC environments or otherwise where utilizing a dedicated processor or microcontroller for manageability is inappropriate or impractical. For example, in an embodiment, an OS (Operating System) or VMM (Virtual Machine Manager) Independent (generally referred to herein as “OI”) architecture involves creating one or more containers on a processor by dynamically partitioning resources (such as processor cycles, memory, devices) between the HOST OS/VMM and the OI container. Other embodiments are also described and claimed.
摘要翻译:描述与用于执行安全嵌入式容器的处理器扩展有关的方法和装置。 在一个实施例中,提供了用于可管理性功能的可扩展解决方案,例如对于UMPC环境,或者其他利用专用处理器或微控制器进行可管理性是不合适或不切实际的。 例如,在一个实施例中,OS(操作系统)或VMM(虚拟机管理器)独立(本文通常称为“OI”)架构涉及通过动态地划分资源(例如处理器周期)来在处理器上创建一个或多个容器 ,内存,设备)在HOST OS / VMM和OI容器之间。 还描述和要求保护其他实施例。
摘要:
In one embodiment, a processor includes a microcode storage including processor instructions to create and execute a hidden resource manager (HRM) to execute in a hidden environment that is not visible to system software. The processor may further include an extend register to store security information including a measurement of at least one kernel code module of the hidden environment and a status of a verification of the at least one kernel code module. Other embodiments are described and claimed.
摘要:
In one embodiment, a processor includes a microcode storage including processor instructions to create and execute a hidden resource manager (HRM) to execute in a hidden environment that is not visible to system software. The processor may further include an extend register to store security information including a measurement of at least one kernel code module of the hidden environment and a status of a verification of the at least one kernel code module. Other embodiments are described and claimed.
摘要:
In an embodiment, a first portion of a cache memory is associated with a first core. This first cache memory portion is of a distributed cache memory, and may be dynamically controlled to be one of a private cache memory for the first core and a shared cache memory shared by a plurality of cores (including the first core) according to an addressing mode, which itself is dynamically controllable. Other embodiments are described and claimed.
摘要:
Systems, methods, and apparatuses relating to performing an attachment of an input-output memory management unit (IOMMU) to a device, and a verification of the attachment. In one embodiment, a protocol and IOMMU extensions are used by a secure arbitration mode (SEAM) module and/or circuitry to determine if the IOMMU that is attached to the device requested to be mapped to a trusted domain.
摘要:
Detailed herein are systems, apparatuses, and methods for transparent page level instruction translation. Exemplary embodiments include an instruction translation lookaside buffer (iTLB), wherein each iTLB entry includes a linear address of a page in memory, a physical address of the page in memory, and a remapping indicator.
摘要:
Embodiments of an invention for memory management in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction and a second instruction. The execution unit is to execute the first instruction, wherein execution of the first instruction includes allocating a page in an enclave page cache to a secure enclave. The execution unit is also to execute the second instruction, wherein execution of the second instruction includes confirming the allocation of the page.
摘要:
Embodiments of an invention for paging in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction. The execution unit is to execute the first instruction, wherein execution of the first instruction includes evicting a first page from an enclave page cache.