Abstract: A security module of a processor manages the lifecycle of device interfaces of input/output (I/O) devices within a virtualization environment in a secure and trusted manner. For example, the security module is configured to bind a device interface of an I/O device interface to a virtual machine (VM). Responsive to the device interface being bound, the security module is configured to attest at least one of the device interface and the I/O device. Responsive to the at least one of the device interface or the I/O device being attested, the security module is configured to configure an input-output memory management unit (IOMMU) and memory resources associated with the VM.

Abstract: A processing system receives graph object data and graph object metadata. The processing system stores the graph object metadata inline with the graph object data. The graph object metadata indicates access permissions for corresponding graph objects. Because the graph object metadata is stored inline with the graph object data, the graph object metadata is more easily retrieved and fewer system resources are consumed to determine access permissions of a requester as compared to a system where graph object metadata is stored separately from the graph object data.

Abstract: Gasket assemblies and related system and methods. An apparatus includes a system, a flow cell, and a plurality of gasket assemblies. The system includes a flow cell interface and the flow cell has one or more channels. Each channel has a first channel opening and a second channel opening. The first channel openings are positioned at a first end of the flow cell and the second channel openings are positioned at a second end of the flow cell. A gasket assembly coupled at each second channel opening. Each gasket assembly includes an adhesive stack and a gasket. The adhesive stack includes a first side bonded to the gasket and a second side bonded to the flow cell. The flow cell interface is engagable with the corresponding gaskets to establish a fluidic coupling between system and the flow cell.

Abstract: Systems and methods presented herein provide for a non-fungible token (NFT) sustainability credit marketplace. One system includes a regulating authority platform operable to generate and issue an NFT for a sustainability credit, and an organization platform operable to receive the issued NFT sustainability credit from the regulating authority platform over a network. A trading platform receives the NFT sustainability credit from the organization platform, posts the NFT sustainability credit for sale, conducts a transaction of the NFT sustainability credit between the organization platform and a buyer platform, and instantiates the transaction in a block of a blockchain of the NFT sustainability credit. A plurality of nodes validates the block and manage the blockchain of the NFT sustainability credit.

Abstract: A computing device comprises a processor, a table walker, and a memory storing a segmented reverse map table in multiple non-contiguous portions of the memory. The table walker is configured to translate a virtual memory address specified by a memory access request to a physical memory address associated with the virtual memory address; and provide a requester associated with the memory access request with access to the associated physical memory address in response to an indication at the reverse map table that the requester is authorized to access the associated physical memory address.

Abstract: Gasket assemblies and related system and methods. An apparatus includes a system, a flow cell, and a plurality of gasket assemblies. The system includes a flow cell interface and the flow cell has one or more channels. Each channel has a first channel opening and a second channel opening. The first channel openings are positioned at a first end of the flow cell and the second channel openings are positioned at a second end of the flow cell. A gasket assembly coupled at each second channel opening. Each gasket assembly includes an adhesive stack and a gasket. The adhesive stack includes a first side bonded to the gasket and a second side bonded to the flow cell. The flow cell interface is engagable with the corresponding gaskets to establish a fluidic coupling between system and the flow cell.

Abstract: Flow cell assemblies and related systems and methods are disclosed. An apparatus includes a flow cell assembly having a body, a first laminate, a second laminate, and a flow cell. The body carries a flow cell inlet gasket, a flow cell outlet gasket, and an outlet gasket. The body includes a fluidic aperture. The first laminate is coupled to the body and forms a first fluidic channel between the flow cell outlet gasket and the fluidic aperture. The second laminate is coupled to the body and forms a second fluidic channel between the fluidic aperture and the outlet gasket. The flow cell is supported by the body and includes a channel having a flow cell inlet and a flow cell outlet. The flow cell inlet is fluidly coupled to the flow cell inlet gasket and the flow cell outlet is fluidly coupled to the flow cell outlet gasket.

Abstract: A processing system includes a branch prediction structure storing information used to predict the outcome of a branch instruction. The processing system also includes a register storing a first identifier of a first process in response to the processing system changing from a first mode that allows the first process to modify the branch prediction structure to a second mode in which the branch prediction structure is not modifiable. The processing system further includes a processor core that selectively flushes the branch prediction structure based on a comparison of a second identifier of a second process and the first identifier stored in the register. The comparison is performed in response to the second process causing a change from the second mode to the first mode.

Abstract: A processor supports managing DMA accesses, in secure fashion, at an IOMMU. The IOMMU is configured to ensure that, for a given DMA request issued by an I/O device and associated with a particular executing VM, the device is bound to the VM according to a specified security registration process, and the request is targeted to a region of memory that has been assigned to the VM. The IOMMU thus prevents a malicious entity from accessing confidential information of a VM via DMA requests.

Abstract: Described herein are methods for making edible fat product using insect cells. The methods include isolating a population of insect cells, which may be precursor cells, seeding the population of insect cells onto a scaffold, and contacting the population of insect cells with a free fatty acid composition or a lipid composition. The cells seeded on the scaffold accumulate lipids, resulting in an edible fat tissue. Further disclosed are a composition of matter made from the method for making edible fat cells, a food product that includes the composition of matter, and an in vitro edible fat tissue comprising a population of insect precursor cells seeded on the scaffold.

Abstract: A disclosed method can include (i) detecting, by a probe filter in a coherent fabric interconnect, an access request to a specific memory address of a cache hierarchy using a new encryption key, (ii) verifying, by the probe filter, that the specific memory address stores data encrypted using a previous and distinct encryption key, and (iii) evicting, by the probe filter in response to the verifying, references to the previous and distinct encryption key from the cache hierarchy. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The present disclosure relates to cell cultured adipose tissue. In one embodiment, the cultured adipose tissue is produced by culturing adipose cells in a culture media in vitro, harvesting the adipose cells after a desired amount of adipose cells are produced, and aggregating the harvested adipose cells to provide the cultured adipose tissue. In some embodiments, aggregating the harvested adipose cells comprises mixing the harvested adipose cells with a hydrogel or binder in a three-dimensional (3D) mold. In other embodiments, aggregating the harvested adipose cells comprises cross-linking the harvested adipose cells in a 3D mold. The cultured adipose tissue have a defined 3D shape and a size on the macroscale. In some embodiments, the cultured adipose tissue may be a food product.

Abstract: A processor includes a virtual machine manager (VMM) configured to map a guest process address space identifier (PASID) associated with a virtual machine (VM) to a host PASID associated with a host machine of the VM. The processor further includes a processor core configured to maintain, responsive to the guest PASID being mapped to the host PASID, an entry in a PASID reverse mapping table (PMP) including one or more security attributes associated with the host PASID.

Abstract: A processor configured to execute one or more virtual machines (VMs) includes an input-output memory management unit (IOMMU) configured to handle memory-mapped input-output (MMIO) requests and direct memory access (DMA) requests from a processor core of the processor or one or more input/output (I/O) devices. In response to receiving an MMIO or DMA request, the IOMMU is configured to determine a VM associated with the request. The IOMMU then checks a security indicator field of an address space identifier (ASID) mask table to determine if the VM was previously the target of an attack by a malicious entity. In response to the VM previously being a target of an attack, the IOMMU denies the received MMIO or DMA request.

Abstract: A processor includes a security processor and an input-output memory management unit (IOMMU). The security processor is configured to maintain device control information in a secure data structure and prevent a hypervisor from accessing the secure data structure. The IOMMU is configured to process at least one device request targeting a virtual machine from an input/output device based on the secure data structure.

Abstract: Systems and devices for cooling and dispensing a beverage fluid are disclosed herein. One beverage dispensing system includes a beverage tower comprising a tower body, a shank, and a faucet. In some implementations, a coolant line is routed proximal to a beverage supply line through the tower body, through the shank, and into the faucet. In these and other implementations, the faucet includes a removable nozzle having a supplemental portion of the coolant line. In these and still other implementations, the faucet include a removable nozzle having a second coolant line. The coolant line and the second coolant line are configured to transport a coolant medium proximal to a beverage fluid in the beverage supply line to maintain or adjust the temperature of the beverage fluid. Many other features are described herein.

Abstract: A processor manages memory-mapped input/output (MMIO) accesses, in secure fashion, at an input/output memory management unit (IOMMU). The processor is configured to ensure that, for a given MMIO request issued by a processor core and associated with a particular executing VM, the request is targeted to a MMIO address that has been assigned to the VM by a security module (e.g., a security co-processor). The processor thus prevents a malicious entity from accessing confidential information of a VM via MMIO requests.

Abstract: A processor supports programmable control, by a trusted layer of a virtual machine (VM), of the interception of events at the processor. The trusted layer of the VM programs security control information (e.g., a control register or other control structure) that designates particular events that are to be intercepted when triggered by another layer of the VM. In response to detecting a designated event, system hardware intercepts the event, rather than executing the event. The VM is thereby able to protect confidential information and program behavior without relying on a hypervisor, thus improving overall system security.

Abstract: A security module of a processor manages the lifecycle of devices interfaces of input/output (I/O) devices within a virtualization environment in a secure and trusted manner. For example, the security module is configured to bind a device interface of an I/O device interface to a virtual machine (VM). Responsive to the device interface being bound, the security module is configured to attest at least one of the device interface and the I/O device. Responsive to the at least one of the device interface or the I/O device being attested, the security module is configured to configure an input-output memory management unit (IOMMU) and memory resources associated with the VM.