Abstract: Embodiments of apparatuses and methods including virtual address memory range registers are disclosed. In one embodiment, a processor includes a memory interface, address translation hardware, and virtual memory address comparison hardware. The memory interface is to access a system memory using a physical memory address. The address translation hardware is to support translation of a virtual memory address to the physical memory address. The virtual memory address is used by software to access a virtual memory location in the virtual memory address space of the processor. The virtual memory address comparison hardware is to determine whether the virtual memory address is within a virtual memory address range.

Abstract: Embodiments of an invention for secure processing environment measurement and attestation are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction associated with a build or a rebuild of a secure enclave. The execution unit is to execute the first instruction. Execution of the first instruction, when associated with the build, includes calculation of a first measurement and a second measurement of the secure enclave. Execution of the first instruction, when associated with the rebuild, includes calculation of the second measurement without calculation of the first measurement.

Abstract: Embodiments of an invention for logging in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction having an associated enclave page cache address. The execution unit is to execute the instruction without causing a virtual machine exit, wherein execution of the instruction includes logging the instruction and the associated enclave page cache address.

Abstract: A protected graphics module can send its output to a display engine securely. Secure communications with the display can provide a level of confidentiality of content generated by protected graphics modules against software and hardware attacks.

Abstract: Embodiments of an invention for logging in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction having an associated enclave page cache address. The execution unit is to execute the instruction without causing a virtual machine exit, wherein execution of the instruction includes logging the instruction and the associated enclave page cache address.

Abstract: An apparatus and method for managing a protection table by a processor. For example, a processor according to one embodiment of the invention comprises: protection table management logic to manage a protection table, the protection table having an entry for each protected page or each group of protected pages in memory; wherein the protection table management logic prevents direct access to the protection table by user application program code and operating system program code but permits direct access by the processor.

Abstract: A protected graphics module can send its output to a display engine securely. Secure communications with the display can provide a level of confidentiality of content generated by protected graphics modules against software and hardware attacks.

Abstract: A system and method including, in some embodiments, receiving a request for a graphics memory address for an input/output (I/O) device assigned to a virtual machine in a system that supports virtualization, and installing, in a graphics memory translation table, a physical guest graphics memory address to host physical memory address translation.

Abstract: A device and method for securely rendering content on a gesture-enabled computing device includes initializing a secure execution environment on a processor graphics of the computing device. The computing device transfers view rendering code and associated state data to the secure execution environment. An initial view of the content is rendered by executing the view rendering code in the secure execution environment. A gesture is recognized, and an updated view of the content is rendered in the secure execution environment in response to the gesture. The gesture may include a touch gesture recognized on a touch screen, or a physical gesture of the user recognized by a camera. After the updated view of the content is rendered, the main processor of the computing device may receive updated view data from the secure execution environment.

Abstract: A visual indicator for denoting a fluid level in a throat portion of a waterless urinal cartridge is presented. The visual indicator comprises a fluid level indicator disposed in the throat portion of the cartridge. As material buildup occurs inside the cartridge, a corresponding rise in the fluid level in the throat of the cartridge may be seen relative to the indicator, indicating when the cartridge will need replacement. The visual indicator may comprise markings that indicate the level of fluid within the throat portion, reactive materials, or an electronic reader. The fluid level indicator may also be made visible by ultraviolet radiation.

Abstract: A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.

Abstract: Embodiments of an invention for offloading functionality from a secure processing environment are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction to initialize a secure enclave. The execution unit is to execute the instruction. Execution of the instruction includes verifying that a signature structure key matches a hardware key that permits functionality to be offloaded.

Abstract: Embodiments of an invention for modifying memory permissions in a secure processing environment are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction to modify access permissions for a page in a secure enclave. The execution unit is to execute the instruction. Execution of the instruction includes setting new access permissions in an enclave page cache map entry. Furthermore, the page is immediately accessible from inside the secure enclave according to the new access permissions.

Abstract: Embodiments of an invention for sharing memory in a secure processing environment are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction to match an offer to make a page in an enclave page cache shareable to a bid to make the page shareable. The execution unit is to execute the instruction. Execution of the instruction includes making the page shareable.

Abstract: A system and method including, in some embodiments, receiving a request for a graphics memory address for an input/output (I/O) device assigned to a virtual machine in a system that supports virtualization, and installing, in a graphics memory translation table, a physical guest graphics memory address to host physical memory address translation.

Abstract: Secure memory repartitioning technologies are described. A processor includes a processor core and a memory controller coupled between the processor core and main memory. The main memory includes a memory range including a section of convertible pages are convertible to secure pages or non-secure pages. The processor core, in response to a page conversion instruction, is to determine from the instruction a convertible page in the memory range to be converted and convert the convertible page to be at least one of a secure page or a non-secure page. The memory range may also include a hardware reserved section are convertible in response to a section conversion instruction.

Abstract: Embodiments of an invention for secure processing environment measurement and attestation are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction associated with a build or a rebuild of a secure enclave. The execution unit is to execute the first instruction. Execution of the first instruction, when associated with the build, includes calculation of a first measurement and a second measurement of the secure enclave. Execution of the first instruction, when associated with the rebuild, includes calculation of the second measurement without calculation of the first measurement.

Abstract: Embodiments of an invention for feature licensing in a secure processing environment are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction to initialize a secure enclave. The execution unit is to execute the instruction. Execution of the instruction includes determining whether a requested feature is licensed for use in the secure enclave.

Abstract: A fluid exit portion for a splash-reducing urinal cartridge is presented. The exit portion comprises a splash reducer for causing fluid to exit the cartridge in a splash-reduced manner. The splash reducer is generally in the form of a spout with a tapered exit area for accelerating and directing the fluid. The spout may comprise converting fins to urge fluid to collect in a progressively narrower channel. When the cartridge is installed into a housing, the splash reducer ensures that fluid exiting the cartridge transitions into the housing with minimal disturbance, substantially parallel to the housing. The splash reducer is formed of a flexible material or is hinged with respect to the cartridge body to allow for easy insertion into a housing.

Abstract: A hybrid flushing system for water free urinals is presented with a housing having a wall portion forming a cavity for receiving a cartridge. The housing also includes a flushing fluid inlet portion for receiving a flushing fluid and a flushing fluid directing portion configured to direct the flushing fluid. A cartridge for installation into a housing is presented, including a cartridge wall, a flushing fluid receiving portion and a flushing fluid directing portion to direct flushing fluid received to any portion to clean areas of the housing, the cartridge, and connected plumbing. Steps for cleaning a hybrid flushing system are presented with an act of directing a flushing fluid into an area, where the area is one of a cartridge for a hybrid flushing system, a housing for a hybrid flushing system, and a plumbing system connected with the hybrid flushing system.