Abstract: A method and system for implementing a virtual trusted platform module (vTPM). Software components are sequentially loaded and measured from a core root of trust for measurement (CRTM) in a user confidential virtual machine (CVM). The measurements of the software components are recorded in a runtime measurement register (RTMR) log and a digest of each entry of the RTMR log is extended into an RTMR configured for the user CVM. A signed quote and corresponding measurement entries of the RTMR log are provided to a verifier. The signed quote includes a value of the RTMR. A state of the user CVM may be verified based on the RTMR value and the RTMR log entries. The measurement entries of the RTMR log may be replayed to calculate platform configuration register (PCR) values and the TCG event log may be verified using the PCR values.

Abstract: Technologies for trusted I/O include a computing device having a hardware cryptographic agent, a cryptographic engine, and an I/O controller. The hardware cryptographic agent intercepts a message from the I/O controller and identifies boundaries of the message. The message may include multiple DMA transactions, and the start of message is the start of the first DMA transaction. The cryptographic engine encrypts the message and stores the encrypted data in a memory buffer. The cryptographic engine may skip and not encrypt header data starting at the start of message or may read a value from the header to determine the skip length. In some embodiments, the cryptographic agent and the cryptographic engine may be an inline cryptographic engine. In some embodiments, the cryptographic agent may be a channel identifier filter, and the cryptographic engine may be processor-based. Other embodiments are described and claimed.

Abstract: Providing multiple virtual processors (VPs) for a trusted domain (TD) includes creating a virtual processor control structure (VPCS) for one or more of a plurality of VPs of the TD of a processor in a computing system, the TD including a trust domain control structure (TDCS), the plurality of VPs having views into addresses of private memory of the TD, the VPCS for a VP including a secure extended page table (SEPT) for the VP; and for the VP, initializing the VPCS for the VP by copying selected entries of the TDCS to the SEPT of the VPCS, pointing a SEPT pointer to the VPCS, and setting an entry point for starting execution of the VP by the processor.

Abstract: It is provided an apparatus comprising interface circuitry, machine-readable instructions, and processing circuitry to execute the machine-readable instructions. The machine-readable instructions include instructions to generate a first attestation measurement of a runtime image executed in a confidential computing environment at a first point in time. The machine-readable instructions further include instructions to store the first attestation measurement as baseline attestation measurement in a storage circuitry. The machine-readable instructions further include instructions to generate a second attestation measurement of the runtime image executed in confidential computing environment at a second point in time. The machine-readable instructions further include instructions to generate an attestation evidence report based on the baseline attestation measurement and the second attestation measurement.

Abstract: A computer-implemented method is provided that includes transmitting, by a master node to a plurality of computing nodes, definition information about an initial medical validation model (410): performing, by the master node, a federated learning process together with the plurality of computing nodes (420), to jointly train the initial medical validation model using respective processed local training datasets available at the plurality of computing nodes, the respective local training datasets being processed by the plurality of computing nodes based on the definition information; and determining, by the master node, a final medical validation model based on a result of the federated learning process (430). Through the solution, by means of federated learning, it addresses the data security and privacy concerns from local sites owning.

Abstract: In one embodiment, an apparatus comprises a cache to store a plurality of instructions and data associated with a trusted execution environment; instruction processing circuitry to execute the plurality of instructions and process the data, the plurality of instructions including one or more instructions with memory operands, wherein responsive to an interrupt or an exception, the instruction processing circuitry is to pause processing the plurality of instructions and execute a handler; and decode circuitry to partially decode a next instruction of the plurality of instructions to be processed following execution of the handler to determine if the next instruction indicates a memory access and, if so, to calculate at least one corresponding memory address, wherein the partial decode is performed in accordance with one or more constant time programming restrictions.

Abstract: It is provided an apparatus comprising interface circuitry, machine-readable instructions, and processing circuitry to execute the machine-readable instructions. The machine-readable instructions include instructions to generate first attestation evidence based on a measurement of the system software proving the integrity of a system software running on the processing circuitry based on a root of trust of the processing circuitry. The machine-readable instructions further include instructions to generate second attestation evidence for verifying the integrity of a first confidential computing environment based on a measurement of the first confidential computing environment and on the generated first attestation evidence. The first confidential computing environment is operating on the system software and is executed by the processing circuitry. The first confidential computing environment is a virtual machine environment.

Abstract: Embodiments of the present disclosure provide methods and systems for gradient sensitivity correction. The method may include obtaining a three-dimensional image of a phantom. The three-dimensional image may be acquired using an MRI device, and the phantom may have a known actual size on a target axis. The method may include determining a fitting size of the phantom on the target axis by fitting the three-dimensional image. The method may further include correcting, based on the fitting size and the actual size, a gradient sensitivity of the MRI device.

Abstract: Technologies for trusted I/O include a computing device having a hardware cryptographic agent, a cryptographic engine, and an I/O controller. The hardware cryptographic agent intercepts a message from the I/O controller and identifies boundaries of the message. The message may include multiple DMA transactions, and the start of message is the start of the first DMA transaction. The cryptographic engine encrypts the message and stores the encrypted data in a memory buffer. The cryptographic engine may skip and not encrypt header data starting at the start of message or may read a value from the header to determine the skip length. In some embodiments, the cryptographic agent and the cryptographic engine may be an inline cryptographic engine. In some embodiments, the cryptographic agent may be a channel identifier filter, and the cryptographic engine may be processor-based. Other embodiments are described and claimed.

Abstract: In one embodiment, an apparatus comprises a processing circuitry to detect an occurrence of at least one of a single-stepping event or a zero-stepping event in an execution thread on an architecturally protected enclave and in response to the occurrence, implement at least one mitigation process to inhibit further occurrences of the at least one of a single-stepping event or a zero-stepping event in the architecturally protected enclave.

Abstract: Techniques and mechanisms for a processor core to execute an instruction for a hardware (HW) thread to have access to a trusted execution environment (TEE). In an embodiment, execution of the instruction includes determining whether any sibling HW thread, which is currently active, is also currently approved to access the TEE. TEE access by the HW thread is conditioned upon a requirement that any sibling HW thread is either currently inactive, is currently in the same TEE, or is currently approved to enter the TEE. In another embodiment, execution of another instruction, for the HW thread to exit the TEE, includes or otherwise results in system software being conditionally notified of an opportunity to wake up one or more sibling HW threads.

Abstract: An adjustable elliptical trainer is disclosed, which includes a body, a sliding rail, a connecting piece and a movement mechanism. The sliding rail has one end rotatably connected to the body around an axis and an other end detachably connected to the body by the connecting piece along a longitudinal extension direction of the sliding rail. The movement mechanism includes a sliding part matched with the sliding rail, and the sliding part is provided on the sliding rail and is slidable along the sliding rail. The axis is perpendicular to the longitudinal extension direction of the sliding rail, a first connection point is provided at a joint between the connecting piece and the sliding rail, and a second connection point is provided at a joint between the connecting piece and the body, the connecting piece is configured to be movable relative to the sliding rail and/or the body.

Abstract: A mask plate, an alignment mark and a photolithography system are provided. In one form, an alignment mark includes a plurality of alignment patterns arranged at intervals, where the alignment pattern includes a first pattern extending in a first direction and a second pattern extending in a second direction, the first pattern includes a first end and a second end which are opposite to each other in the first direction, the second pattern includes a third end and a fourth end which are opposite to each other in the second direction, the second end is connected to the third end, the fourth end is connected to the first end, and the alignment pattern is a two-dimensional linear pattern.

Abstract: Detailed herein are examples of determining when to allow access to a trusted execution environment (TEE). For example, using TEE logic associated with software to at least in part: determine that a TEE feature is supported based at least on a value of a bit position in a data structure; and not allow a TEE entry instruction to access to a TEE when the bit position of the data structure is reserved.

Abstract: A computing system to receive a new workload by a trusted execution environment virtual machine (TVM); validate the new workload; in response to the new workload being successfully validated, evaluate a launch policy of the new workload against one or more launch policies of one or more existing workloads of the TVM; and in response to the launch policy of the new workload being successfully validated, load the new workload into the TVM.

Abstract: Technologies for trusted I/O attestation and verification include a computing device with a cryptographic engine and one or more I/O controllers. The computing device collects hardware attestation information associated with statically attached hardware I/O components that are associated with a trusted I/O usage protected by the cryptographic engine. The computing device verifies the hardware attestation information and securely enumerates one or more dynamically attached hardware components in response to verification. The computing device collects software attestation information for trusted software components loaded during secure enumeration. The computing device verifies the software attestation information. The computing device may collect firmware attestation information for firmware loaded in the I/O controllers and verify the firmware attestation information.

Abstract: Systems, methods, and apparatuses relating efficient exception handling in trusted execution environments are described. In an embodiment, a hardware processor includes a register, a decoder, and execution circuitry. The register has a field to be set to enable an architecturally protected execution environment at one of a plurality of contexts for code in an architecturally protected enclave in memory. The decoder is to decode an instruction having a format including a field for an opcode, the opcode to indicate that the execution circuitry is to perform a context change. The execution circuitry is to perform one or more operations corresponding to the instruction, the one or more operations including changing, within the architecturally protected enclave, from a first context to a second context.

Abstract: Technologies for trusted I/O include a computing device having a processor, a channel identifier filter, and an I/O controller. The I/O controller may generate an I/O transaction that includes a channel identifier and a memory address. The channel identifier filter verifies that the memory address of the I/O transaction is within a processor reserved memory region associated with the channel identifier. The processor reserved memory region is not accessible to software executed by the computing device. The processor encrypts I/O data at the memory address in response to invocation of a processor feature and copies the encrypted data to a memory buffer outside of the processor reserved memory region. The processor may securely clean the processor reserved memory region before encrypting and copying the data. The processor may wrap and unwrap programming information for the channel identifier filter. Other embodiments are described and claimed.

Abstract: In one embodiment, an apparatus includes a channel filter and a security processor. The security processor is to: receive a plurality of device access control policies from a protected non-volatile storage of a platform; determine whether the plurality of device access control policies are verified; program the channel filter with a plurality of filter entries each associated with one of the plurality of device access control policies based on the determination; and remove a security attribute of the security processor from a policy register of the channel filter, to lock the channel filter for a boot cycle of the platform. Other embodiments are described and claimed.

Abstract: Technologies for trusted I/O include a computing device having a hardware cryptographic agent, a cryptographic engine, and an I/O controller. The hardware cryptographic agent intercepts a message from the I/O controller and identifies boundaries of the message. The message may include multiple DMA transactions, and the start of message is the start of the first DMA transaction. The cryptographic engine encrypts the message and stores the encrypted data in a memory buffer. The cryptographic engine may skip and not encrypt header data starting at the start of message or may read a value from the header to determine the skip length. In some embodiments, the cryptographic agent and the cryptographic engine may be an inline cryptographic engine. In some embodiments, the cryptographic agent may be a channel identifier filter, and the cryptographic engine may be processor-based. Other embodiments are described and claimed.