Abstract: Technologies for secure authentication and programming of an accelerator device are described. In one example, a computing is disclosed comprising an accelerator device to: provide a unique device identifier to an accelerator services enclave (ASE) of a processor of the computing device; authenticate with the ASE by: performing a secure key exchange with the ASE to establish a shared secret tunnel key; verifying an enclave certificate of the ASE; and providing an attestation response to the ASE indicative of an accelerator device configuration; establish a secure channel with the ASE protected by the shared secret tunnel key; receive bitstream image key and bitstream data key from the ASE via the secure channel; program the accelerator device via the secure channel using the bitstream image key; and exchange data with a tenant enclave of the processor, the data protected by the bitstream data key.

Abstract: An apparatus for cloud key management may include a networking interface, a memory, and a processor, coupled to the memory and the networking interface, the networking interface to couple the apparatus to one or more endpoint servers (EPSs) of a cloud service provider (CSP), each EPS including a hardware accelerator, and a management node (MN) of the CSP. The apparatus may further include an accelerator functional unit (AFU) developer interface module operated by the processor to receive cryptographic material (CM) for each of one or more AFU developers (AFUDs) and store it into the memory, the CM includes a public key hash (PKH), and an encryption key (EK) to decrypt an AFU of the AFUD.

Abstract: Technologies for secure authentication and programming of an accelerator device are described. In one example, a computing is disclosed comprising an accelerator device to: provide a unique device identifier to an accelerator services enclave (ASE) of a processor of the computing device; authenticate with the ASE by: performing a secure key exchange with the ASE to establish a shared secret tunnel key; verifying an enclave certificate of the ASE; and providing an attestation response to the ASE indicative of an accelerator device configuration; establish a secure channel with the ASE protected by the shared secret tunnel key; receive bitstream image key and bitstream data key from the ASE via the secure channel; program the accelerator device via the secure channel using the bitstream image key; and exchange data with a tenant enclave of the processor, the data protected by the bitstream data key.

Abstract: Technologies for secure authentication and programming of an accelerator device include a computing device having a processor and an accelerator. The processor establishes a trusted execution environment, which receives a unique device identifier from the accelerator, validates a device certificate for the device identifier, authenticates the accelerator in response to validating the accelerator, validates attestation information of the accelerator, and establishes a secure channel with the accelerator. The trusted execution environment may securely program a data key and a bitstream key to the accelerator, and may encrypt a bitstream image and securely program the bitstream image to the accelerator. The accelerator and a tenant may securely exchange data protected by the data key. The trusted execution environment may be a secure enclave, and the accelerator may be a field programmable gate array (FPGA). Other embodiments are described and claimed.

Abstract: The present disclosure provides confidential verification for FPGA code. Confidential verification for FPGA code can include receiving the policy from a cloud service provider (CSP) computing device, wherein the policy comprises a plurality of policy requirements used to determine whether to configure the FPGA using the code, receiving the code and the code encryption key from the user computing device, determining whether the code fulfills the plurality of policy requirements, and when the code fulfills the plurality of policy requirements encrypting and integrity protect the code using the code encryption key and providing the encrypted and integrity protected code to an accelerator loader to configure the FPGA using the code.

Abstract: An apparatus for cloud key management may include a networking interface, a memory, and a processor, coupled to the memory and the networking interface, the networking interface to couple the apparatus to one or more endpoint servers (EPSs) of a cloud service provider (CSP), each EPS including a hardware accelerator, and a management node (MN) of the CSP. The apparatus may further include an accelerator functional unit (AFU) developer interface module operated by the processor to receive cryptographic material (CM) for each of one or more AFU developers (AFUDs) and store it into the memory, the CM includes a public key hash (PKH), and an encryption key (EK) to decrypt an AFU of the AFUD.

Abstract: An apparatus for cloud key management may include a networking interface, a memory, and a processor, coupled to the memory and the networking interface, the networking interface to couple the apparatus to one or more endpoint servers (EPSs) of a cloud service provider (CSP), each EPS including a hardware accelerator, and a management node (MN) of the CSP. The apparatus may further include an accelerator functional unit (AFU) developer interface module operated by the processor to receive cryptographic material (CM) for each of one or more AFU developers (AFUDs) and store it into the memory, the CM includes a public key hash (PKH), and an encryption key (EK) to decrypt an AFU of the AFUD.

Abstract: A PCIe card includes an FPGA and a memory that is discrete from the FPGA. The memory is accessible by the FPGA and not other devices on the card. The FPGA's core fabric is configured with a security processor that verifies a bitstream loaded through the FGPA into the memory as authentic or not authentic to limit unauthorized access to data from a user circuit that is associated with a not authentic bitstream. The security processor is loaded into the FPGA when a request is made for bitstream verification and is allowed to be overwritten after the security processor processes the bitstream to determine if the bitstream is authentication or not authentic. Allowing the security processor to be overwritten allows for high percentage usage of the core fabric for user circuits and limits the inclusion of a static circuit in the core fabric that is infrequently used.

Abstract: Technologies for secure authentication and programming of an accelerator device include a computing device having a processor and an accelerator. The processor establishes a trusted execution environment, which receives a unique device identifier from the accelerator, validates a device certificate for the device identifier, authenticates the accelerator in response to validating the accelerator, validates attestation information of the accelerator, and establishes a secure channel with the accelerator. The trusted execution environment may securely program a data key and a bitstream key to the accelerator, and may encrypt a bitstream image and securely program the bitstream image to the accelerator. The accelerator and a tenant may securely exchange data protected by the data key. The trusted execution environment may be a secure enclave, and the accelerator may be a field programmable gate array (FPGA). Other embodiments are described and claimed.

Abstract: An apparatus for cloud key management may include a networking interface, a memory, and a processor, coupled to the memory and the networking interface, the networking interface to couple the apparatus to one or more endpoint servers (EPSs) of a cloud service provider (CSP), each EPS including a hardware accelerator, and a management node (MN) of the CSP. The apparatus may further include an accelerator functional unit (AFU) developer interface module operated by the processor to receive cryptographic material (CM) for each of one or more AFU developers (AFUDs) and store it into the memory, the CM includes a public key hash (PKH), and an encryption key (EK) to decrypt an AFU of the AFUD.

Abstract: The present disclosure provides confidential verification for FPGA code. Confidential verification for FPGA code can include receiving the policy from a cloud service provider (CSP) computing device, wherein the policy comprises a plurality of policy requirements used to determine whether to configure the FPGA using the code, receiving the code and the code encryption key from the user computing device, determining whether the code fulfills the plurality of policy requirements, and when the code fulfills the plurality of policy requirements encrypting and integrity protect the code using the code encryption key and providing the encrypted and integrity protected code to an accelerator loader to configure the FPGA using the code.

Abstract: A technique for reducing altitude error involves determining a corrected altitude for an aircraft using forecast atmospheric pressure data available, for example, from a weather forecasting service. The forecast atmospheric pressure data includes, for a number of points in time and for a number of geographic locations, a set of pressure levels and corresponding altitude values. Altitude correction data is periodically calculated from the forecast atmospheric pressure data for each of a number of geographic grid points. Upon receiving aircraft position information and an aircraft altitude measurement for an aircraft, one or more of the geographic grid points corresponding to the aircraft position are identified, and a corrected altitude of the aircraft is determined based on the altitude correction data of the one or more geographic grid points.

Abstract: A technique for reducing altitude error involves determining a corrected altitude for an aircraft using forecast atmospheric pressure data available, for example, from a weather forecasting service. The forecast atmospheric pressure data includes, for a number of points in time and for a number of geographic locations, a set of pressure levels and corresponding altitude values. Altitude correction data is periodically calculated from the forecast atmospheric pressure data for each of a number of geographic grid points. Upon receiving aircraft position information and an aircraft altitude measurement for an aircraft, one or more of the geographic grid points corresponding to the aircraft position are identified, and a corrected altitude of the aircraft is determined based on the altitude correction data of the one or more geographic grid points.