Abstract: Various examples relate to an apparatus, device, method, and computer program for extending instructions sup-ported by a processor. The apparatus is configured to identify at least a part of a computer program targeting an instruction unsupported by a pre-defined set of instructions of an Instruction Set Architecture (ISA) of the processor. The apparatus is configured to extend the instructions supported by the processor, based on the targeted unsupported instruction. The apparatus is configured to execute the computer program.

Abstract: Various embodiments are generally directed to techniques for supporting the distributed execution of a task routine among multiple secure controllers incorporated into multiple computing devices. An apparatus includes a first processor component and first secure controller of a first computing device, where the first secure controller includes: a selection component to select the first secure controller or a second secure controller of a second computing device to compile a task routine based on a comparison of required resources to compile the task routine and available resources of the first secure controller; and a compiling component to compile the task routine into a first version of compiled routine for execution within the first secure controller by the first processor component and a second version for execution within the second secure controller by a second processor component in response to selection of the first secure controller. Other embodiments are described and claimed.

Abstract: Systems and methods for code generation for a plurality of architectures. At a host architecture, a JIT compile operation is performed for a received JavaScript or Web Assembly file. The JIT compiler references a host library that has been updated to include at least one new JIT instruction. Output from the JIT compile operation is compiled machine code for the host architecture that has new opcodes (OPX) added, responsive to the new JIT instruction. The JIT compiler executes the opcodes (OPX) in XuCode mode, meaning that the host architecture switches into a hardware protected private ISA (Instruction Set Architecture) called XuCode to implement the new JIT opcode instruction in XuCode.

Abstract: Various embodiments are generally directed to techniques for supporting the distributed execution of a task routine among multiple secure controllers incorporated into multiple computing devices. An apparatus includes a first processor component and first secure controller of a first computing device, where the first secure controller includes: a selection component to select the first secure controller or a second secure controller of a second computing device to compile a task routine based on a comparison of required resources to compile the task routine and available resources of the first secure controller; and a compiling component to compile the task routine into a first version of compiled routine for execution within the first secure controller by the first processor component and a second version for execution within the second secure controller by a second processor component in response to selection of the first secure controller. Other embodiments are described and claimed.

Abstract: Various embodiments are generally directed to techniques for supporting the distributed execution of a task routine among multiple secure controllers incorporated into multiple computing devices. An apparatus includes a first processor component and first secure controller of a first computing device, where the first secure controller includes: a selection component to select the first secure controller or a second secure controller of a second computing device to compile a task routine based on a comparison of required resources to compile the task routine and available resources of the first secure controller; and a compiling component to compile the task routine into a first version of compiled routine for execution within the first secure controller by the first processor component and a second version for execution within the second secure controller by a second processor component in response to selection of the first secure controller. Other embodiments are described and claimed.

Abstract: An automated method for distributed and redundant firmware evaluation involves using a first interface that is provided by system firmware of a client device to obtain, at an evaluation server, a first firmware resource table (FRT) from the client device. The evaluation server also uses a second interface that is provided by a component of the client device other than the system firmware to obtain a second FRT from the client device. The evaluation server automatically uses the first and second FRTs to identify a trustworthy FRT among the first and second FRTs. The evaluation server automatically uses the trustworthy FRT to determine whether the client device should be updated. For instance, the evaluation server may automatically use the trustworthy FRT to determine whether firmware in the client device should be updated. Other embodiments are described and claimed.

Abstract: Technologies for configuring a launch enclave include a computing device having a processor with secure enclave support. A trusted execution environment (TEE) of the computing device stores a launch enclave hash in a launch enclave hash table in secure storage and provisions the launch enclave hash to platform firmware at runtime. The TEE may receive the launch enclave hash via trusted I/O. The platform firmware sets a configure enclave launch bit and resets the computing device. On reset, the TEE determines whether the launch enclave hash is allowed for launch. The TEE may evaluate one or more launch configuration policies and may select a launch enclave hash based on the launch configuration policies. If allowed, the platform firmware writes the launch enclave hash to a model-specific register of the processor, and the launch enclave may be loaded and verified with the launch enclave hash. Other embodiments are described and claimed.

Abstract: A microservice infrastructure that securely maintains the currency of computing platform microservices implemented within a process virtual machine is provided. The computing platform microservices maintained by the infrastructure may include protected methods that provide and control access to components of the underlying computing environment. These components may include, for example, storage devices, peripherals, and network interfaces. By providing a software-defined microservice layer between these hardware components and workflows that specify high-level application logic, the embodiments disclosed herein have enhanced flexibility and scalability when compared to conventional technology.

Abstract: A point-of-sale device (“POS”) is described to include a secure transaction tunnel generator (“STG”). The STG may generate secure tunnels between peripherals attached to the POS and remote network resources. The secure tunnel may be generated using a trusted execution environment (“TEE”) of the POS. The STG may be alerted to the need to generate the secure tunnel based on an alert from the peripheral. The STG may execute under a protected environment and may generate two ends of a secure transaction tunnel using the TEE. The STG may also check the peripheral against whitelists and/or blacklists to determine whether the peripheral is allowed or not disallowed to participate in secure transactions. By generating the secure tunnel, the STG may facilitate performance of transactions in such a way that sensitive information is not available to unsecured processes in the POS. Other embodiments may be described and/or claimed.

Abstract: Various embodiments are generally directed to techniques for supporting the distributed execution of a task routine among multiple secure controllers incorporated into multiple computing devices. An apparatus includes a first processor component and first secure controller of a first computing device, where the first secure controller includes: a selection component to select the first secure controller or a second secure controller of a second computing device to compile a task routine based on a comparison of required resources to compile the task routine and available resources of the first secure controller; and a compiling component to compile the task routine into a first version of compiled routine for execution within the first secure controller by the first processor component and a second version for execution within the second secure controller by a second processor component in response to selection of the first secure controller. Other embodiments are described and claimed.

Abstract: Methods, apparatuses and storage medium associated with migration between processors by a computing device are disclosed. In various embodiments, a portable electronic device having an internal processor and internal memory may be attached to a dock. The dock may include another processor as well other memory. The attachment of the dock to the portable electronic device may cause an interrupt. In response to this interrupt, a state associated with the internal processor may be copied to the other memory of the dock. Instructions for the computing device may then be executed using the other processor of the dock. Other embodiments may be disclosed or claimed.

Abstract: In an embodiment, a system on a chip includes: a single core to execute a legacy instruction set, the single core configured to enter a system management mode (SMM) to provide a trusted execution environment to perform at least one secure operation; and a memory controller coupled to the single core, the memory controller to interface with a system memory, where a portion of the system memory comprises a secure memory for the SMM, and the single core is to authenticate and execute a boot firmware, and pass control to the SMM to obtain a key pair from a protected storage and store the key pair in the secure memory. Other embodiments are described and claimed.

Abstract: Methods and apparatus to provide isolated execution environments are disclosed. An example apparatus includes a machine status register to determine whether excess micro operations are available during an instruction cycle to execute a pico-application in response to a request for computing provided by a host application. The pico-application is a fragment of microcode. The microcode comprises a plurality of micro operations. The machine status register is also to determine whether space is available in a memory to load the pico-application. The example apparatus also includes a loader to load a virtual machine and the pico-application into the memory in response to the excess micro operations and the space in the memory being available. The virtual machine validates the pico-application and loads the pico-application into the memory. The example apparatus also includes a processor to execute the pico-application via the excess micro operations.

Abstract: Various embodiments are generally directed to techniques for supporting the distributed execution of a task routine among multiple secure controllers incorporated into multiple computing devices. An apparatus includes a first processor component and first secure controller of a first computing device, where the first secure controller includes: a selection component to select the first secure controller or a second secure controller of a second computing device to compile a task routine based on a comparison of required resources to compile the task routine and available resources of the first secure controller; and a compiling component to compile the task routine into a first version of compiled routine for execution within the first secure controller by the first processor component and a second version for execution within the second secure controller by a second processor component in response to selection of the first secure controller. Other embodiments are described and claimed.

Abstract: A microservice infrastructure that securely maintains the currency of computing platform microservices implemented within a process virtual machine is provided. The computing platform microservices maintained by the infrastructure may include protected methods that provide and control access to components of the underlying computing environment. These components may include, for example, storage devices, peripherals, and network interfaces. By providing a software-defined microservice layer between these hardware components and workflows that specify high-level application logic, the embodiments disclosed herein have enhanced flexibility and scalability when compared to conventional technology.

Abstract: Various embodiments are generally directed to techniques for monitoring the integrity of an operating system (OS) security routine that checks the integrity of an OS and/or one or more application routines. An apparatus may include a first processor component to execute an operating system (OS) in a first operating environment within a processing device and to execute an OS security routine to recurringly verify an integrity of the OS; a challenge component within a second operating environment within the processing device that is isolated from the first operating environment to recurringly challenge the OS security routine to provide a measure of itself; and a response component within the second operating environment to analyze each measure provided by the OS security routine and an elapsed time to receive each measure from the OS security routine to verify an integrity of the OS security routine.

Abstract: Technologies for transferring offloading or on-loading data or tasks between a processor and a coprocessor include a computing device having a processor and a sensor hub that includes a coprocessor. The coprocessor receives sensor data associated with one or more sensors and detects events associated with the sensor data. The coprocessor determines frequency, resource usage cost, and power state transition cost for the events. In response to an offloaded task request from the processor, the coprocessor determines an aggregate load value based on the frequency, resource usage cost, and power state transition cost, and determines whether to accept the offloaded task request based on the aggregate load value. The aggregate load value may be determined as an exponential moving average. The coprocessor may determine whether to accept the offloaded task request based on a principal component analysis of the events. Other embodiments are described and claimed.

Abstract: An automated method for distributed and redundant firmware evaluation involves using a first interface that is provided by system firmware of a client device to obtain, at an evaluation server, a first firmware resource table (FRT) from the client device. The evaluation server also uses a second interface that is provided by a component of the client device other than the system firmware to obtain a second FRT from the client device. The evaluation server automatically uses the first and second FRTs to identify a trustworthy FRT among the first and second FRTs. The evaluation server automatically uses the trustworthy FRT to determine whether the client device should be updated. For instance, the evaluation server may automatically use the trustworthy FRT to determine whether firmware in the client device should be updated. Other embodiments are described and claimed.

Abstract: Methods and apparatus to provide isolated execution environments are disclosed. An example apparatus includes a machine status register to determine whether excess micro operations are available during an instruction cycle to execute a pico-application in response to a request for computing provided by a host application. The pico-application is a fragment of microcode. The microcode comprises a plurality of micro operations. The machine status register is also to determine whether space is available in a memory to load the pico-application. The example apparatus also includes a loader to load a virtual machine and the pico-application into the memory in response to the excess micro operations and the space in the memory being available. The virtual machine validates the pico-application and loads the pico-application into the memory. The example apparatus also includes a processor to execute the pico-application via the excess micro operations.

Abstract: Methods and apparatus to provide isolated execution environments are disclosed. In some examples, the methods and apparatus identify a request from a host application. In some examples, the methods and apparatus, in response to identifying the request from the host application, load a microcode application into memory when excess micro operations exist in a host instruction set architecture, the microcode application being a fragment of code. In some examples, the methods and apparatus execute the microcode application. In some examples, the methods and apparatus, in response to completed execution of the microcode application, unload the microcode application from memory.