Abstract: Technologies for secure I/O include a compute device, which further includes a processor, a memory, a trusted execution environment (TEE), one or more input/output (I/O) devices, and an I/O subsystem. The I/O subsystem includes a device memory access table (DMAT) programmed by the TEE to establish bindings between the TEE and one or more I/O devices that the TEE trusts and a memory ownership table (MOT) programmed by the TEE when a memory page is allocated to the TEE.

Abstract: Examples include an apparatus which accesses secure pages in a trust domain using secure lookups in first and second sets of page tables. For example, one embodiment of the processor comprises: a decoder to decode a plurality of instructions including instructions related to a trusted domain; execution circuitry to execute a first one or more of the instructions to establish a first trusted domain using a first trusted domain key, the trusted domain key to be used to encrypt memory pages within the first trusted domain; and the execution circuitry to execute a second one or more of the instructions to associate a first process address space identifier (PASID) with the first trusted domain, the first PASID to uniquely identify a first execution context associated with the first trusted domain.

Abstract: The present application is directed to employing intermediary structures for facilitating access to secure memory. A secure driver (SD) may be loaded into the device to reserve a least a section of memory in the device as a secure page cache (SPC). The SPC may protect application data from being accessed by other active applications in the device. Potential race conditions may be avoided through the use of a linear address manager (LAM) that maps linear addresses (LAs) in an application page table (PT) to page slots in the SPC. The SD may also facilitate error handling in the device by reconfiguring VEs that would otherwise be ignored by the OS.

Abstract: A secure enclave circuit stores an enclave page cache map to track contents of a secure enclave in system memory that stores secure data containing a page having a virtual address. An execution unit is to, in response to a request to evict the page from the secure enclave: block creation of translations of the virtual address; record one or more hardware threads currently accessing the secure data in the secure enclave; send an inter-processor interrupt to one or more cores associated with the one or more hardware threads, to cause the one or more hardware threads to exit the secure enclave and to flush translation lookaside buffers of the one or more cores; and in response to detection of a page fault associated with the virtual address for the page in the secure enclave, unblock the creation of translations of the virtual address.

Abstract: Detailed herein are systems, apparatuses, and methods for a computer architecture with instruction set support to mitigate against page fault- and/or cache-based side-channel attacks. In an embodiment, an apparatus includes a decoder to decode a first instruction, the first instruction having a first field for a first opcode that indicates that execution circuitry is to set a first flag in a first register that indicates a mode of operation that redirects program flow to an exception handler upon the occurrence of an event. The apparatus further includes execution circuitry to execute the decoded first instruction to set the first flag in the first register that indicates the mode of operation and to store an address of an exception handler in a second register.

Abstract: Technologies for secure device configuration and management include a computing device having an I/O device. A trusted agent of the computing device is trusted by a virtual machine monitor of the computing device. The trusted agent securely commands the I/O device to enter a trusted I/O mode, securely commands the I/O device to set a global lock on configuration registers, receives configuration data from the I/O device, and provides the configuration data to a trusted execution environment. In the trusted I/O mode, the I/O device rejects a configuration command if a configuration register associated with the configuration command is locked and the configuration command is not received from the trusted agent. The trusted agent may provide attestation information to the trusted execution environment. The trusted execution environment may verify the configuration data and the attestation information. Other embodiments are described and claimed.

Abstract: A processor includes a processing core to identify a code comprising a plurality of instructions to be executed in the architecturally-protected environment, determine that a first physical memory page stored in the architecturally-protected memory matches a first virtual memory page referenced by a first instruction of the plurality of instructions, generate a first address mapping between a first address of the first virtual memory page and a second address of the first physical memory page, store, in the cache memory, the address translation data structure comprising the first address mapping, and execute the code by retrieving the first address mapping in the address translation data structures to be executed in the architecturally-protected environment, determine that a first physical memory page stored in the architecturally-protected memory matches a first virtual memory page referenced by a first instruction of the plurality of instructions, generate a first address mapping between a first address of

Abstract: Technologies for filtering transactions includes a compute device, which further includes an accelerator device and an I/O subsystem having an accelerator port. The I/O subsystem is configured to determine whether to enable a global attestation during a boot process of the compute device, receive a transaction from the accelerator device connected to the accelerator port via a coherent accelerator link, and filter the transaction based on a determination of whether to enable the global attestation.

Abstract: Technologies for secure I/O include a compute device, which further includes a processor, a memory, a trusted execution environment (TEE), one or more input/output (I/O) devices, and an I/O subsystem. The I/O subsystem includes a device memory access table (DMAT) programmed by the TEE to establish bindings between the TEE and one or more I/O devices that the TEE trusts and a memory ownership table (MOT) programmed by the TEE when a memory page is allocated to the TEE.

Abstract: A secure enclave circuit stores an enclave page cache map to track contents of a secure enclave in system memory that stores secure data containing a page having a virtual address. An execution unit is to, in response to a request to evict the page from the secure enclave: block creation of translations of the virtual address; record one or more hardware threads currently accessing the secure data in the secure enclave; send an inter-processor interrupt to one or more cores associated with the one or more hardware threads, to cause the one or more hardware threads to exit the secure enclave and to flush translation lookaside buffers of the one or more cores; and in response to detection of a page fault associated with the virtual address for the page in the secure enclave, unblock the creation of translations of the virtual address.

Abstract: Technologies for secure I/O include a compute device having a processor, a memory, an input/output (I/O) device, and a filter logic. The filter logic is configured to receive a first key identifier from the processor, wherein the first key identifier is indicative of a shared memory range includes a shared key identifier range to be used for untrusted I/O devices and receive a transaction from the I/O device, wherein the transaction includes a second key identifier and a trust device ID indicator associated with the I/O device. The filter logic is further configured to determine whether the transaction is asserted with the trust device ID indicator indicative of whether the I/O device is assigned to a trust domain and determine, in response to a determination that the transaction is not asserted with the trust device ID indicator, whether the second key identifier matches the first key identifier.

Abstract: Examples include an apparatus which accesses secure pages in a trust domain using secure lookups in first and second sets of page tables. For example, one embodiment of the processor comprises: a decoder to decode a plurality of instructions including instructions related to a trusted domain; execution circuitry to execute a first one or more of the instructions to establish a first trusted domain using a first trusted domain key, the trusted domain key to be used to encrypt memory pages within the first trusted domain; and the execution circuitry to execute a second one or more of the instructions to associate a first process address space identifier (PASID) with the first trusted domain, the first PASID to uniquely identify a first execution context associated with the first trusted domain.

Abstract: The present application is directed to employing intermediary structures for facilitating access to secure memory. A secure driver (SD) may be loaded into the device to reserve a least a section of memory in the device as a secure page cache (SPC). The SPC may protect application data from being accessed by other active applications in the device. Potential race conditions may be avoided through the use of a linear address manager (LAM) that maps linear addresses (LAs) in an application page table (PT) to page slots in the SPC. The SD may also facilitate error handling in the device by reconfiguring VEs that would otherwise be ignored by the OS.

Abstract: A machine-controlled method can include a first vehicle network node of a user monitoring for a second vehicle network node, detecting the presence of a second vehicle network node within a specified distance from the first vehicle network node, and determining whether the second vehicle network node is associated with a friend of the user. Responsive to a determination that the second vehicle network node is associated with the friend of the user, the first vehicle network node can provide a notification to the user.

Abstract: A method includes halting at least one processing core of a computer system in response to a system management interrupt. The method further includes handling the system management interrupt with at least one other processing core of the computer system in response to determining that the at least one processing core is halted. An associated system and machine readable medium are also disclosed.

Abstract: A processing system may include a first processing unit for a first partition and a second processing unit for a second partition. To support power management, an interrupt handler in the processing system may receive a standby command from an operating system. In response to receiving the standby command, the interrupt handler may cause the first processing unit to transition into a reduced power mode. After the second partition detects a wake event, the second partition may cause the first processing unit to transition out of the reduced power mode. In an example embodiment, the interrupt handler executes within the first partition, and the first processing unit transitions into the reduced power mode by entering an idle loop within the interrupt handler. The first partition may determine from within the idle loop whether the first partition has been released from the low power state. Other embodiments are described and claimed.

Abstract: A method includes directing a system management interrupt to a processor core from a plurality of processor cores of a computing device for handling based upon core load-sharing considerations. A machine readable medium includes a plurality of instruction, that in response to being executed, result in a computing device selecting a processor core of a plurality of processor cores to handle a system management interrupt and programming at least one system management register to direct the system management interrupt to the processor core selected from the plurality of processor cores for handling. An associated system is also disclosed.

Abstract: A method includes halting at least one processing core of a computer system in response to a system management interrupt. The method further includes handling the system management interrupt with at least one other processing core of the computer system in response to determining that the at least one processing core is halted. An associated system and machine readable medium are also disclosed.

Abstract: Methods and devices for networked applications are disclosed. In one embodiment, a device instructs a proxy server to receive traffic inbound for the device, and to notify the device when such traffic arrives. The device can then sleep, except for a notification channel that listens for a wakeup message from the proxy server. The proxy server detects traffic inbound for proxied devices, caches the data from that traffic, and issues notification messages to the proxied devices to cause those devices to download the cached data. One use for such a system is in instant messaging, as it allows a subscriber to place a battery-powered computing device in sleep mode while still advertising a continuous presence to her messaging buddies.

Abstract: A processing system may include a first processing unit for a first partition and a second processing unit for a second partition. To support power management, an interrupt handler in the processing system may receive a standby command from an operating system. In response to receiving the standby command, the interrupt handler may cause the first processing unit to transition into a reduced power mode. After the second partition detects a wake event, the second partition may cause the first processing unit to transition out of the reduced power mode. In an example embodiment, the interrupt handler executes within the first partition, and the first processing unit transitions into the reduced power mode by entering an idle loop within the interrupt handler. The first partition may determine from within the idle loop whether the first partition has been released from the low power state. Other embodiments are described and claimed.