Abstract: An apparatus has a lens assembly which has: a front region with an entrance window of the lens assembly; a window structure at the entrance window; a back region; a lens between the window structure and the back region; and a heater coupled to heat the window structure. The lens assembly includes a reflective surface. The front region is on a first side of the reflective surface. The back region is on a second side of the reflective surface. The reflective surface reflects thermal radiation generated by the heater. The reflected radiation is reflected towards the first side. Other features are also provided.

Abstract: Method, apparatus, and computer program product are provided for merging multiple compute nodes with trusted platform modules utilizing provisioned node certificates. In some embodiments, compute nodes are connected to be available for merger into a single multi-node system. Each compute node includes a trusted platform module (TPM) provisioned with a platform certificate and a signed attestation key (AK) certificate and is accessible to firmware on the compute node. One compute node is assigned the role of master compute node (MCN), with the other compute node(s) each assigned the role of slave compute node (SCN). A quote request is sent from the MCN to each SCN under control of firmware on the MCN. In response to receiving the quote request, a quote response is sent from each respective SCN to the MCN under control of firmware on the respective SCN, wherein the quote response includes the AK certificate of the respective SCN's TPM.

Abstract: A method and computer system for implementing authentication protocol for merging multiple server nodes with trusted platform modules (TPMs) utilizing provisioned node certificates to support concurrent node add and node remove. Each of the multiple server nodes boots an instance of enablement level firmware and extended to a trusted platform module (TPM) on each node as the server nodes are powered up. A hardware secure channel is established between the server nodes for firmware message passing as part of physical configuration of the server nodes to be merged. A shared secret is securely exchanged via the hardware secure channel between the server nodes establishing an initial authentication value shared among all server nodes. All server nodes confirm common security configuration settings and exchange TPM log and platform configuration register (PCR) data to establish common history for future attestation requirements, enabling dynamic changing the server nodes and concurrently adding and removing nodes.

Abstract: A secure cloud computing environment protects the confidentiality of application code from a customer while simultaneously protecting the confidentiality of a customer's data from intentional or inadvertent leaks by the application code. This result is accomplished without the need to trust the application code and without requiring human surveillance or intervention. A client secure virtual machine (SVM) is accessible by a client who supplies commands, operand data and application data. An appliance SVM has the application code loaded therein and includes an application program interface that accesses a memory area shared by both SVMs. All access to the appliance SVM is initially revoked by an ultravisor, except for the shared memory and an encrypted persistent storage. The appliance SVM stores the application data in the persistent storage. The ultravisor manages an SVM by maintaining exclusive control over a device tree used by the operating system of the SVM.

Abstract: Method, apparatus, and computer program product are provided for merging multiple compute nodes with trusted platform modules (TPMs) utilizing an authentication protocol with active TPM provisioning. In some embodiments, compute nodes are connected to be available for merger into a single multi-node system. Each compute node includes a TPM accessible to firmware on the node. One compute node is assigned the role of master compute node (MCN), with the other node(s) each assigned the role of slave compute node (SCN). Active TPM provisioning in each SCN produces key information that is sent to the MCN to enable use of a challenge/response exchange with each SCN. A quote request is sent from the MCN to each SCN. In response to receiving the quote request, a quote response is sent from each respective SCN to the MCN, wherein the quote response includes slave TPM content along with TPM logs and associated signatures.

Abstract: A system, a method, and a computer program product for secure memory implementation for secure execution of virtual machines are provided. Data is processed in a first mode and a second mode, and commands are sent to a chip interconnect bus using real addresses, wherein the chip interconnect bus transports a number of bits for the real addresses. A memory controller is operatively coupled to a memory component. A secure memory range is specified by using range registers. If the real address is detected to be in the secure memory range to match a memory component address, a real address bit is set. If the real address is in the memory address hole, a security access violation is detected. If the real address is not in the secure address range and the real address bit is set, the security access violation is detected.

Abstract: Hardware mechanisms are provided for performing hardware based access control of instructions to data. These hardware mechanisms associate an instruction access policy label with an instruction to be processed by a processor and associate an operand access policy label with data to be processed by the processor. The instruction access policy label is passed along with the instruction through one or more hardware functional units of the processor. The operand access policy label is passed along with the data through the one or more hardware functional units of the processor. One or more hardware implemented policy engines associated with the one or more hardware functional units of the processor are utilized to control access by the instruction to the data based on the instruction access policy label and the operand access policy label.

Abstract: A secure cloud computing environment protects the confidentiality of application code from a customer while simultaneously protecting the confidentiality of a customer's data from intentional or inadvertent leaks by the application code. This result is accomplished without the need to trust the application code and without requiring human surveillance or intervention. A client secure virtual machine (SVM) is accessible by a client who supplies commands, operand data and application data. An appliance SVM has the application code loaded therein and includes an application program interface that accesses a memory area shared by both SVMs. All access to the appliance SVM is initially revoked by an ultravisor, except for the shared memory. The appliance SVM processes the commands without ever saving any persistent state of the application data. The ultravisor manages an SVM by maintaining exclusive control over a device tree used by the operating system of the SVM.

Abstract: Method, apparatus, and computer program product are provided for merging multiple compute nodes with trusted platform modules (TPMs) utilizing an authentication protocol with active TPM provisioning. In some embodiments, compute nodes are connected to be available for merger into a single multi-node system. Each compute node includes a TPM accessible to firmware on the node. One compute node is assigned the role of master compute node (MCN), with the other node(s) each assigned the role of slave compute node (SCN). Active TPM provisioning in each SCN produces key information that is sent to the MCN to enable use of a challenge/response exchange with each SCN. A quote request is sent from the MCN to each SCN. In response to receiving the quote request, a quote response is sent from each respective SCN to the MCN, wherein the quote response includes slave TPM content along with TPM logs and associated signatures.

Abstract: Method, apparatus, and computer program product are provided for merging multiple compute nodes with trusted platform modules utilizing provisioned node certificates. In some embodiments, compute nodes are connected to be available for merger into a single multi-node system. Each compute node includes a trusted platform module (TPM) provisioned with a platform certificate and a signed attestation key (AK) certificate and is accessible to firmware on the compute node. One compute node is assigned the role of master compute node (MCN), with the other compute node(s) each assigned the role of slave compute node (SCN). A quote request is sent from the MCN to each SCN under control of firmware on the MCN. In response to receiving the quote request, a quote response is sent from each respective SCN to the MCN under control of firmware on the respective SCN, wherein the quote response includes the AK certificate of the respective SCN's TPM.

Abstract: A method and computer system for implementing authentication protocol for merging multiple server nodes with trusted platform modules (TPMs) utilizing provisioned node certificates to support concurrent node add and node remove. Each of the multiple server nodes boots an instance of enablement level firmware and extended to a trusted platform module (TPM) on each node as the server nodes are powered up. A hardware secure channel is established between the server nodes for firmware message passing as part of physical configuration of the server nodes to be merged. A shared secret is securely exchanged via the hardware secure channel between the server nodes establishing an initial authentication value shared among all server nodes. All server nodes confirm common security configuration settings and exchange TPM log and platform configuration register (PCR) data to establish common history for future attestation requirements, enabling dynamic changing the server nodes and concurrently adding and removing nodes.

Abstract: Secure memory implementation for secure execution of virtual machines. Data is processed in a first mode and a second mode, and commands are sent to a chip interconnect bus using real addresses, wherein the chip interconnect bus includes a number of bits for the real addresses. A memory controller is operatively coupled to a memory component. A secure memory range is specified by using range registers. If the real address is detected to be in the secure memory range to match a memory component address, a real address bit is inverted. If the real address is in the secure memory address hole, a security access violation is detected. If the real address is not in the secure address range and the real address bit is set, the security access violation is detected.

Abstract: A system, a method, and a computer program product for secure memory implementation for secure execution of virtual machines. Data is processed in a first mode and a second mode, and commands are sent to a chip interconnect bus using real addresses, wherein the chip interconnect bus transports a number of bits for the real addresses. A memory controller is operatively coupled to a memory component. A secure memory range is specified by using range registers. If the real address is detected to be in the secure memory range to match a memory component address, a real address bit is set. If the real address is in the memory address hole, a security access violation is detected. If the real address is not in the secure address range and the real address bit is set, the security access violation is detected.

Abstract: A circuit arrangement, method, and design structure for controlling access to master secret data disposed in at least a portion of at least one persistent region of an integrated circuit device is disclosed. The circuit arrangement includes a clock circuit responsive to an external clock signal, a security state machine configured to control a security state of the integrated circuit device, and a master secret circuit in communication with the security state machine and configured to control access to the master secret data. The security state machine and master secret circuit are isolated from the clock circuit, and the master secret circuit is responsive to the security state machine to selectively erase at least a portion of the master secret data. The master secret circuit may be configured to erase the portion of the master secret data in response to a null or triggered security state.

Abstract: A secure cloud computing environment protects the confidentiality of application code from a customer while simultaneously protecting the confidentiality of a customer's data from intentional or inadvertent leaks by the application code. This result is accomplished without the need to trust the application code and without requiring human surveillance or intervention. A client secure virtual machine (SVM) is accessible by a client who supplies commands, operand data and application data. An appliance SVM has the application code loaded therein and includes an application program interface that accesses a memory area shared by both SVMs. All access to the appliance SVM is initially revoked by an ultravisor, except for the shared memory. The appliance SVM processes the commands without ever saving any persistent state of the application data. The ultravisor manages an SVM by maintaining exclusive control over a device tree used by the operating system of the SVM.

Abstract: A secure cloud computing environment protects the confidentiality of application code from a customer while simultaneously protecting the confidentiality of a customer's data from intentional or inadvertent leaks by the application code. This result is accomplished without the need to trust the application code and without requiring human surveillance or intervention. A client secure virtual machine (SVM) is accessible by a client who supplies commands, operand data and application data. An appliance SVM has the application code loaded therein and includes an application program interface that accesses a memory area shared by both SVMs. All access to the appliance SVM is initially revoked by an ultravisor, except for the shared memory and an encrypted persistent storage. The appliance SVM stores the application data in the persistent storage. The ultravisor manages an SVM by maintaining exclusive control over a device tree used by the operating system of the SVM.

Abstract: Hardware based isolation for secure execution of virtual machines (VMs). At least one virtual machine is executed via operation of a hypervisor and an ultravisor. A first memory component is configured for access by the hypervisor and the ultravisor, and a second memory component is configured for access by the ultravisor and not by the hypervisor. A first mode of operation is operated, such that the virtual machine is executed using the hypervisor, wherein the first memory component is accessible to the virtual machine and the second memory component is not accessible to the virtual machine. A second mode of operation is operated, such that the virtual machine is executed using the ultravisor, wherein the first memory component and the second memory component are accessible to the virtual machine, thereby executing application code and operating system code using the second memory component without code changes.

Abstract: An embodiment involves secure memory implementation for secure execution of virtual machines. Data is processed in a first mode and a second mode, and commands are sent to a chip interconnect bus using real addresses, wherein the chip interconnect bus includes a number of bits for the real addresses. A memory controller is operatively coupled to a memory component. A secure memory range is specified by using range registers. If the real address is detected to be in the secure memory range to match a memory component address, a real address bit is set. If the real address is in the memory address hole, a security access violation is detected. If the real address is not in the secure address range and the real address bit is set, the security access violation is detected.

Abstract: A secure computer architecture is provided. With this architecture, data is received, in a component of an integrated circuit chip implementing the secure computer architecture, for transmission across a data communication link. The data is converted, by the component, to one or more first fixed length frames. The one or more first fixed length frames are then transmitted, by the component, on the data communication link in a continuous stream of frames. The continuous stream of frames includes one or more second fixed length frames generated when no data is available for inclusion in the frames of the continuous stream.

Abstract: Secure memory implementation for secure execution of virtual machines. Data is processed in a first mode and a second mode, and commands are sent to a chip interconnect bus using real addresses, wherein the chip interconnect bus includes a number of bits for the real addresses. A memory controller is operatively coupled to a memory component. A secure memory range is specified by using range registers. If the real address is detected to be in the secure memory range to match a memory component address, a real address bit is inverted. If the real address is in the secure memory address hole, a security access violation is detected. If the real address is not in the secure address range and the real address bit is set, the security access violation is detected.