Abstract: First data is stored. A request for the first data is received from a communication device over a link established with a communication device. An access control engine comprising circuitry is to control access to the first data to the communication device based on an authentication state of the communication device and a protection state of the link.

Abstract: An interface of a device is used to couple to another device and includes a set of data pins to support high speed data communication on an interconnect link between the devices based on an interconnect protocol. The interface further includes at least one auxiliary pin to support a particular signal defined by the interconnect protocol. The device is further configurated to generate hint data for use by the other device and send the hint data as a sideband signal to the other device over the auxiliary pin, where the sideband signal is distinct from signals defined for the auxiliary pin by the interconnect protocol.

Abstract: In one embodiment, an apparatus comprises a processor to: receive a request to configure a secure execution environment for a first workload; configure a first set of secure execution enclaves for execution of the first workload, wherein the first set of secure execution enclaves is configured on a first set of processing resources, wherein the first set of processing resources comprises one or more central processing units and one or more accelerators; configure a first set of secure datapaths for communication among the first set of secure execution enclaves during execution of the first workload, wherein the first set of secure datapaths is configured over a first set of interconnect resources; configure the secure execution environment for the first workload, wherein the secure execution environment comprises the first set of secure execution enclaves and the first set of secure datapaths.

Abstract: A device includes protocol logic to determine a packet type for a packet and generate and send the corresponding packet. The packet includes a packet header with a header base, the header base including a type field and a header content field. The type field indicates the packet type and the header content field indicates which of a plurality of header content blocks is to be included in the packet header with the header base. Information in fields of the header base indicate a total length of the packet.

Abstract: Methods, systems, and apparatuses associated with a secure stream protocol for a serial interconnect are disclosed. An apparatus comprises a first device comprising circuitry to, using an end-to-end protocol, secure a transaction in a first secure stream based at least in part on a transaction type of the transaction, where the first secure stream is separate from a second secure stream. The first device is further to send the transaction secured in the first secure stream to a second device over a link established between the first device and the second device, where the transaction is to traverse one or more intermediate devices from the first device to the second device. In more specific embodiments, the first secure stream is based on one of a posted transaction type, a non-posted transaction type, or completion transaction type.

Abstract: An interface for coupling an agent to a fabric supports a load/store interconnect protocol, where the I/O interconnect protocol includes a flit mode and a non-flit mode. A set of flit mode header formats are used when in the flit mode and a set of non-flit mode header formats are used when in the non-flit mode, the set of non-flit mode header formats including one or more non-flit mode fields. Interface logic determines that a link is trained to the non-flit mode and generates a header according to the set of flit mode header formats, where the header includes a field to indicate that a corresponding packet originated as a non-flit mode packet. One or more fields of the set of flit mode header formats are repurposed in the header to carry the one or more non-flit mode fields before sending the modified header over the interface.

Abstract: A device includes protocol logic to determine a packet type for a packet and generate and send the corresponding packet. The packet includes a packet header with a header base, the header base including a type field and a header content field. The type field indicates the packet type and the header content field indicates which of a plurality of header content blocks is to be included in the packet header with the header base. Information in fields of the header base indicate a total length of the packet.

Abstract: A flattening portal bridge (FPB) is provided to support addressing according to a first addressing scheme and a second, alternative addressing scheme. The FPB comprises a primary side and a secondary side, the primary side connects to a first set of devices addressed according to a first addressing scheme, and the secondary side connects to a second set of devices addressed according to a second addressing scheme. The first addressing scheme uses a unique bus number within a Bus/Device/Function (BDF) address space for each device in the first set of devices, and the second bus addressing scheme uses a unique bus-device number for each device in the second set of devices.

Abstract: Methods, systems, and apparatuses associated with a secure stream protocol for a serial interconnect are disclosed. An apparatus comprises a first device comprising circuitry to, using an end-to-end protocol, secure a transaction in a first secure stream based at least in part on a transaction type of the transaction, where the first secure stream is separate from a second secure stream. The first device is further to send the transaction secured in the first secure stream to a second device over a link established between the first device and the second device, where the transaction is to traverse one or more intermediate devices from the first device to the second device. In more specific embodiments, the first secure stream is based on one of a posted transaction type, a non-posted transaction type, or completion transaction type.

Abstract: A device includes a microcontroller, memory including secure memory to store a private key, a set of registers, and an authentication engine. The set of registers includes a write mailbox register and a read mailbox register, and message data is to be written to the write mailbox register by a host system. The message data includes at least a portion of a challenge request, and the challenge request includes a challenge by the host system to authenticity of the device. The authentication engine generates a response to the challenge, where the response includes data to identify attributes of the device and a signature generated using the private key. The authentication engine causes at least a portion of the response to be written to the read mailbox register to be read by the host system.

Abstract: A protected link between a first computing device and a second computing device is set up, wherein communication over the protected link is to comply with a communication protocol that allows packets to be reordered during transit. A plurality of packets are generated according to a packet format that ensures the plurality of packets will not be reordered during transmission over the protected link, the plurality of packets comprising a first packet and a second packet. Data of the plurality of packets are encrypted for transmission over the protected link, wherein data of the first packet is encrypted based on the cryptographic key and a first value of a counter and data of the second packet is encrypted based on the cryptographic key and a second value of the counter.

Abstract: Aspects of the embodiments are directed to systems, methods, and computer program products that facilitate a downstream port to operate in Separate Reference Clocks with Independent Spread Spectrum Clocking (SSC) (SRIS) mode. The system can determine that the downstream port supports one or more SRIS selection mechanisms; determine a system clock configuration from the downstream port to a corresponding upstream port connected to the downstream port by the PCIe-compliant link; set an SRIS mode in the downstream port; and transmit data across the link from the downstream port using the determined system clock configuration.

Abstract: Embodiments of apparatuses, methods, and systems for hardware manage address translation services are described. In an embodiment, an apparatus includes a first interconnect, a second interconnect, address translation hardware, a device, a translation lookaside buffer. The address translation hardware is coupled to the interconnect and is to provide a translation of a first address to a second address. The device is coupled to the first interconnect and the second interconnect and is to provide the first address to the address translation hardware through the first interconnect. The translation lookaside buffer includes an entry to store the translation, which is to be provided to the translation lookaside buffer through the first interconnect by the address translation hardware. The device is to access a system memory through the second interconnect using the second address from the entry in the translation lookaside buffer.

Abstract: Systems and devices can include a controller and a command queue to buffer incoming write requests into the device. The controller can receive, from a client across a link, a non-posted write request (e.g., a deferred memory write (DMWr) request) in a transaction layer packet (TLP) to the command queue; determine that the command queue can accept the DMWr request; identify, from the TLP, a successful completion (SC) message that indicates that the DMWr request was accepted into the command queue; and transmit, to the client across the link, the SC message that indicates that the DMWr request was accepted into the command queue. The controller can receive a second DMWr request in a second TLP; determine that the command queue is full; and transmit a memory request retry status (MRS) message to be transmitted to the client in response to the command queue being full.

Abstract: Aspects of the embodiments are directed to systems, methods, and computer program products that facilitate a downstream port to operate in Separate Reference Clocks with Independent Spread Spectrum Clocking (SSC) (SRIS) mode. The system can determine that the downstream port supports one or more SRIS selection mechanisms; determine a system clock configuration from the downstream port to a corresponding upstream port connected to the downstream port by the PCIe-compliant link; set an SRIS mode in the downstream port; and transmit data across the link from the downstream port using the determined system clock configuration.

Abstract: A device includes a plurality of ports and a plurality of capability registers that correspond to a respective one of the plurality of ports. The device is to connect to one or more processors of a host device through the plurality of ports, and each of the plurality of ports comprises a respective protocol stack to support a respective link between the corresponding port and the host device according to a particular interconnect protocol. Each of the plurality of capability registers comprises a respective set of fields for use in configuration of the link between its corresponding port and one of the one or more processors of the host device. The fields include a field to indicate an association between the port and a particular processor, a field to indicate a port identifier for the port, and a field to indicate a total number of ports of the device.

Abstract: In an embodiment, a core includes at least one execution circuit. The core may be configured to: send a command for a first address translation cache (ATC) of a first device to perform an operation, the core to send the command to a first device queue of a shared memory, the first device queue associated with the first ATC; and send a register write directly to the first device to inform the first ATC regarding presence of the command in the first device queue. Other embodiments are described and claimed.

Abstract: Systems and devices can include a controller and a command queue to buffer incoming write requests into the device. The controller can receive, from a client across a link, a non-posted write request (e.g., a deferred memory write (DMWr) request) in a transaction layer packet (TLP) to the command queue; determine that the command queue can accept the DMWr request; identify, from the TLP, a successful completion (SC) message that indicates that the DMWr request was accepted into the command queue; and transmit, to the client across the link, the SC message that indicates that the DMWr request was accepted into the command queue. The controller can receive a second DMWr request in a second TLP; determine that the command queue is full; and transmit a memory request retry status (MRS) message to be transmitted to the client in response to the command queue being full.

Abstract: First data is stored. A request for the first data is received from a communication device over a link established with a communication device. An access control engine comprising circuitry is to control access to the first data to the communication device based on an authentication state of the communication device and a protection state of the link.

Abstract: A flattening portal bridge (FPB) is provided to support addressing according to a first addressing scheme and a second, alternative addressing scheme. The FPB comprises a primary side and a secondary side, the primary side connects to a first set of devices addressed according to a first addressing scheme, and the secondary side connects to a second set of devices addressed according to a second addressing scheme. The first addressing scheme uses a unique bus number within a Bus/Device/Function (BDF) address space for each device in the first set of devices, and the second bus addressing scheme uses a unique bus-device number for each device in the second set of devices.