Abstract: An apparatus to facilitate disaggregated computing for a distributed confidential computing environment is disclosed. The apparatus includes a programmable integrated circuit (IC) comprising secure device manager (SDM) hardware circuitry to: receive a tenant bitstream of a tenant and a tenant use policy for utilization of the programmable IC via the tenant bitstream, wherein the tenant use policy is cryptographically bound to the tenant bitstream by a cloud service provider (CSP) authorizing entity and signed with a signature of the CSP authorizing entity; in response to successfully verifying the signature, extract the tenant use policy to provide to a policy manager of the programmable IC for verification; in response to the policy manager verifying the tenant bitstream based on the tenant use policy, configure a partial reconfiguration (PR) region of the programable IC using the tenant bitstream; and associate a slot ID of the PR region with the tenant use policy.

Abstract: Technologies for secure I/O include a compute device having a processor, a memory, an input/output (I/O) device, and a filter logic. The filter logic is configured to receive a first key identifier from the processor, wherein the first key identifier is indicative of a shared memory range includes a shared key identifier range to be used for untrusted I/O devices and receive a transaction from the I/O device, wherein the transaction includes a second key identifier and a trust device ID indicator associated with the I/O device. The filter logic is further configured to determine whether the transaction is asserted with the trust device ID indicator indicative of whether the I/O device is assigned to a trust domain and determine, in response to a determination that the transaction is not asserted with the trust device ID indicator, whether the second key identifier matches the first key identifier.

Abstract: Technologies for secure I/O include a compute device having a processor, a memory, an input/output (I/O) device, and a filter logic. The filter logic is configured to receive a first key identifier from the processor, wherein the first key identifier is indicative of a shared memory range includes a shared key identifier range to be used for untrusted I/O devices and receive a transaction from the I/O device, wherein the transaction includes a second key identifier and a trust device ID indicator associated with the I/O device. The filter logic is further configured to determine whether the transaction is asserted with the trust device ID indicator indicative of whether the I/O device is assigned to a trust domain and determine, in response to a determination that the transaction is not asserted with the trust device ID indicator, whether the second key identifier matches the first key identifier.

Abstract: A method of offloading performance of a workload includes receiving, on a first computing system acting as an initiator, a first function call from a caller, the first function call to be executed by an accelerator on a second computing system acting as a target, the first computing system coupled to the second computing system by a network; determining a type of the first function call; and generating a list of parameter values of the first function call.

Abstract: A computing platform comprising a first computer system including a first host and a first accelerator communicatively coupled to the first host, including a first memory, a first page table to perform a translation of virtual addresses to physical addresses in the first memory and a first trusted agent to validate the address translations.

Abstract: An apparatus to facilitate disaggregated computing for a distributed confidential computing environment is disclosed. The apparatus includes one or more processors to facilitate receiving a manifest corresponding to graph nodes representing regions of memory of a remote client machine, the graph nodes corresponding to a command buffer and to associated data structures and kernels of the command buffer used to initialize a hardware accelerator and execute the kernels, and the manifest indicating a destination memory location of each of the graph nodes and dependencies of each of the graph nodes; identifying, based on the manifest, the command buffer and the associated data structures to copy to the host memory; identifying, based on the manifest, the kernels to copy to local memory of the hardware accelerator; and patching addresses in the command buffer copied to the host memory with updated addresses of corresponding locations in the host memory.

Abstract: A computing platform is disclosed. The computing platform includes a first computer system comprising a first graphics processing unit (GPU), a network coupled to the first computer system and a second computer system, coupled to the first computer system via the network, comprising a second GPU, wherein the first and second computer system are configured to perform distributed processing of graphics workloads between the first GPU and the second GPU.

Abstract: An apparatus to facilitate security of a shared memory resource is disclosed. The apparatus includes a memory device to store memory data, wherein the memory device comprises a plurality of private memory pages associated with one or more trusted domains and a cryptographic engine to encrypt and decrypt the memory data, including a key encryption table having a key identifier associated with each trusted domain to access a private memory page, wherein a first key identifier is generated to perform direct memory access (DMA) transfers for each of a plurality of input/output (I/O) devices.

Abstract: Technologies for USB device policy enforcement include a computing device having a USB controller and secure enclave support. On boot, a firmware enclave randomly generates a binding identity and then securely provisions the binding identity to the USB controller. The firmware enclave also seals the binding identity to a policy enforcement enclave. At runtime, the policy enforcement enclave unseals the binding identity and includes the binding identity in a policy enforcement command sent to the USB controller. The USB controller verifies that the binding identity included in the command matches the binding identity that was previously provisioned. If the binding identities are successfully verified, the USB controller enforces the command. The USB controller may block data transfers or device configuration changes for one or more specified devices. Each of the firmware enclave and the policy enforcement enclave are trusted execution environments. Other embodiments are described and claimed.

Abstract: Technologies for USB controller state integrity protection with trusted I/O are disclosed. A computing device includes an I/O controller, a channel identifier filter, and a memory. The I/O controller generates a memory access to controller state data in a scratchpad buffer in the memory. The memory access includes a channel identifier associated with the I/O controller. The channel identifier filter determines whether a memory address of the memory access is included in a range of a processor reserved memory region associated with the channel identifier. A processor of the computing device may copy the controller state data to a memory buffer outside of the processor reserved memory region. The computing device may reserve an isolated memory region in the memory that includes the processor reserved memory region. Secure routing hardware of the computing device may control access to the isolated memory region. Other embodiments are described and claimed.

Abstract: Technologies for secure enumeration of USB devices include a computing device having a USB controller and a trusted execution environment (TEE). The TEE may be a secure enclave protected secure enclave support of the processor. In response to a USB device connecting to the USB controller, the TEE sends a secure command to the USB controller to protect a device descriptor for the USB device. The secure command may be sent over a secure channel to a static USB device. A driver sends a get device descriptor request to the USB device, and the USB device responds with the device descriptor. The USB controller redirects the device descriptor to a secure memory buffer, which may be located in a trusted I/O processor reserved memory region. The TEE retrieves and validates the device descriptor. If validated, the TEE may enable the USB device for use. Other embodiments are described and claimed.

Abstract: Systems, apparatuses, methods, and computer-readable media are provided for device interface management. A device includes a device interface, a virtual machine (VM) includes a device driver, both to facilitate assignment of the device to the VM, access of the device by the VM, or removal of the device from being assigned to the VM. The VM is managed by a hypervisor of a computing platform coupled to the device by a computer bus. The device interface includes logic in support of a device management protocol to place the device interface in an unlocked state, a locked state to prevent changes to be made to the device interface, or an operational state to enable access to device registers of the device by the VM or direct memory access to memory address spaces of the VM, or an error state. Other embodiments may be described and/or claimed.

Abstract: Technologies for USB controller state integrity protection are disclosed. A computing device reserves an isolated memory region in system memory and programs a base address register of a USB controller with the address of the isolated memory region. The computing device locks the base address register from further chances. The USB controller may store controller state data in a scratchpad buffer located within the isolated memory region. Software executed by a processor may read controller state data from the scratchpad buffer. Secure routing hardware of the computing device controls access to the isolated memory region. The secure routing hardware may allow read and write access by the USB controller and read-only access by software executed by the processor. After storing the controller state data, the computing device may power down the I/O controller. Other embodiments are described and claimed.

Abstract: Technologies for secure enumeration of USB devices include a computing device having a USB controller and a trusted execution environment (TEE). The TEE may be a secure enclave protected secure enclave support of the processor. In response to a USB device connecting to the USB controller, the TEE sends a secure command to the USB controller to protect a device descriptor for the USB device. The secure command may be sent over a secure channel to a static USB device. A driver sends a get device descriptor request to the USB device, and the USB device responds with the device descriptor. The USB controller redirects the device descriptor to a secure memory buffer, which may be located in a trusted I/O processor reserved memory region. The TEE retrieves and validates the device descriptor. If validated, the TEE may enable the USB device for use. Other embodiments are described and claimed.

Abstract: Systems, methods, and apparatuses relating to performing an attachment of an input-output memory management unit (IOMMU) to a device, and a verification of the attachment. In one embodiment, a protocol and IOMMU extensions are used by a secure arbitration mode (SEAM) module and/or circuitry to determine if the IOMMU that is attached to the device requested to be mapped to a trusted domain.

Abstract: Technologies for secure channel identifier mapping include a computing device having an I/O controller that may connect to one or more I/O devices. The computing device determines a device path to an I/O device that may be used to identify the I/O device. The computing device identifies a firmware method as a function of the device path and invokes the firmware method. In response, the firmware method determines a channel identifier as a function of the device path. The firmware method may determine a pre-determined channel identifier for static or undiscoverable I/O devices. For dynamic I/O devices, the firmware method may determine the channel identifier using a stable algorithm. The I/O controller may assign the channel identifier to the dynamic I/O device using the same stable algorithm. The computing device establishes a secure channel to the I/O device using the channel identifier. Other embodiments are described and claimed.

Abstract: Technologies for secure I/O with MIPI camera devices include a computing device having a camera controller coupled to a camera and a channel identifier filter. The channel identifier filter detects DMA transactions issued by the camera controller and related to the camera. The channel identifier filter determines whether a DMA transaction includes a secure channel identifier or a non-secure channel identifier. If the DMA transaction includes the non-secure channel identifier, the channel identifier filter allows the DMA transaction. If the DMA transaction includes the secure channel identifier, the channel identifier filter determines whether the DMA transaction is targeted to a memory address in a protected memory range associated with the secure channel identifier. If so, the channel identifier filter allows the DMA transaction. If not, the channel identifier filter blocks the DMA transaction. Other embodiments are described and claimed.

Abstract: Technologies for secure channel identifier mapping include a computing device having an I/O controller that may connect to one or more I/O devices. The computing device determines a device path to an I/O device that may be used to identify the I/O device. The computing device identifies a firmware method as a function of the device path and invokes the firmware method. In response, the firmware method determines a channel identifier as a function of the device path. The firmware method may determine a pre-determined channel identifier for static or undiscoverable I/O devices. For dynamic I/O devices, the firmware method may determine the channel identifier using a stable algorithm. The I/O controller may assign the channel identifier to the dynamic I/O device using the same stable algorithm. The computing device establishes a secure channel to the I/O device using the channel identifier. Other embodiments are described and claimed.

Abstract: Technologies for secure enumeration of USB devices include a computing device having a USB controller and a trusted execution environment (TEE). The TEE may be a secure enclave protected secure enclave support of the processor. In response to a USB device connecting to the USB controller, the TEE sends a secure command to the USB controller to protect a device descriptor for the USB device. The secure command may be sent over a secure channel to a static USB device. A driver sends a get device descriptor request to the USB device, and the USB device responds with the device descriptor. The USB controller redirects the device descriptor to a secure memory buffer, which may be located in a trusted I/O processor reserved memory region. The TEE retrieves and validates the device descriptor. If validated, the TEE may enable the USB device for use. Other embodiments are described and claimed.

Abstract: Technologies for secure I/O include a compute device having a processor, a memory, an input/output (I/O) device, and a filter logic. The filter logic is configured to receive a first key identifier from the processor, wherein the first key identifier is indicative of a shared memory range includes a shared key identifier range to be used for untrusted I/O devices and receive a transaction from the I/O device, wherein the transaction includes a second key identifier and a trust device ID indicator associated with the I/O device. The filter logic is further configured to determine whether the transaction is asserted with the trust device ID indicator indicative of whether the I/O device is assigned to a trust domain and determine, in response to a determination that the transaction is not asserted with the trust device ID indicator, whether the second key identifier matches the first key identifier.