Abstract: Embodiments are directed to protection of communications between a trusted execution environment and a hardware accelerator utilizing enhanced end-to-end encryption and inter-context security. An embodiment of an apparatus includes one or more processors having one or more trusted execution environments (TEEs) including a first TEE to include a first trusted application; an interface with a hardware accelerator, the hardware accelerator including trusted embedded software or firmware; and a computer memory to store an untrusted kernel mode driver for the hardware accelerator, the one or more processors to establish an encrypted tunnel between the first trusted application in the first TEE and the trusted software or firmware, generate a call for a first command from the first trusted application, generate an integrity tag for the first command, and transfer command parameters for the first command and the integrity tag to the kernel mode driver to generate the first command.

Abstract: An apparatus comprising a memory device, a system on chip (SoC), including a central processing unit (CPU) to execute a virtual machine to retrieve data from the memory device and transmit the data to a remote input/output (I/O) device coupled to a remote computing platform as memory transaction data; and a port to transmit the memory transaction data as transaction layer packets (TLPs) and a network interface card (NIC) to receive the TLPs, including an interface to receive the TLPs and packet conversion hardware to convert the TLPs to network protocol packets and transmit the network protocol packets to the remote I/O memory device.

Abstract: An apparatus comprising translator circuitry to receive a plurality of physical addresses of memory data, determine an offset associated with each of the physical page addresses and apply a tweak seed to each offset to generate a plurality of tweaks.

Abstract: Technologies for cryptographic separation of MMIO operations with an accelerator device include a computing device having a processor and an accelerator. The processor establishes a trusted execution environment. The accelerator determines, based on a target memory address, a first memory address range associated with the memory-mapped I/O transaction, generates a second authentication tag using a first cryptographic key from a set of cryptographic keys, wherein the first key is uniquely associated with the first memory address range. An accelerator validator determines whether the first authentication tag matches the second authentication tag, and a memory mapper commits the memory-mapped I/O transaction in response to a determination that the first authentication tag matches the second authentication tag. Other embodiments are described and claimed.

Abstract: Embodiments are directed to providing integrity-protected command buffer execution. An embodiment of an apparatus includes a computer-readable memory comprising one or more command buffers and a processing device communicatively coupled to the computer-readable memory to read, from a command buffer of the computer-readable memory, a first command received from a host device, the first command executable by one or more processing elements on the processing device, the first command comprising an instruction and associated parameter data, compute a first authentication tag using a cryptographic key associated with the host device, the instruction and at least a portion of the parameter data, and authenticate the first command by comparing the first authentication tag with a second authentication tag computed by the host device and associated with the command.

Abstract: An apparatus to facilitate in-place memory copy during remote data transfer in a heterogeneous compute environment is disclosed. The apparatus includes a processor to receive data via a network interface card (NIC) of a hardware accelerator device; identify a destination address of memory of the hardware accelerator device to write the data; determine that access control bits of the destination address in page tables maintained by a memory management unit (MMU) indicate that memory pages of the destination address are both registered and free; write the data to the memory pages of the destination address; and update the access control bits for memory pages of the destination address to indicate that the memory pages are restricted, wherein setting the access control bits to restricted prevents the NIC and a compute kernel of the hardware accelerator device from accessing the memory pages.

Abstract: Embodiments are directed to trusted local memory management in a virtualized GPU. An embodiment of an apparatus includes one or more processors including a trusted execution environment (TEE); a GPU including a trusted agent; and a memory, the memory including GPU local memory, the trusted agent to ensure proper allocation/deallocation of the local memory and verify translations between graphics physical addresses (PAs) and PAs for the apparatus, wherein the local memory is partitioned into protection regions including a protected region and an unprotected region, and wherein the protected region to store a memory permission table maintained by the trusted agent, the memory permission table to include any virtual function assigned to a trusted domain, a per process graphics translation table to translate between graphics virtual address (VA) to graphics guest PA (GPA), and a local memory translation table to translate between graphics GPAs and PAs for the local memory.

Abstract: Systems and methods include establishing a cryptographically secure communication between an application module and an audio module. The application module is configured to execute on an information-handling machine, and the audio module is coupled to the information-handling machine. The establishment of the cryptographically secure communication may be at least partially facilitated by a mutually trusted module.

Abstract: An apparatus to facilitate disaggregated computing for a distributed confidential computing environment is disclosed. The apparatus includes a source remote direct memory access (RDMA) network interface controller (RNIC); a queue to store a data entry corresponding to an RDMA request between the source RNIC and a sink RNIC; a data buffer to store data for an RDMA transfer corresponding to the RDMA request, the RDMA transfer between the source RNIC and the sink RNIC; and a trusted execution environment (TEE) comprising an authentication tag controller to: initialize a first authentication tag calculated using a first key known between a source consumer generating the RDMA request and the source RNIC; associate the first authentication tag with the data entry as integrity verification; initialize a second authentication tag calculated using a second key; and associate the second authentication tag with the data buffer as integrity verification for the data buffer.

Abstract: A computer platform is disclosed. The computer platform comprises a non-volatile memory to store fuse override data; and a system on chip (SOC), coupled to the non-volatile memory, including a fuse memory to store fuse data and security micro-controller to receive the fuse override data and perform a fuse override to overwrite the fuse data stored in the fuse memory with the fuse override data.

Abstract: An apparatus to facilitate disaggregated computing for a distributed confidential computing environment is disclosed. The apparatus includes one or more processors to facilitate receiving a manifest corresponding to graph nodes representing regions of memory of a remote client machine, the graph nodes corresponding to a command buffer and to associated data structures and kernels of the command buffer used to initialize a hardware accelerator and execute the kernels, and the manifest indicating a destination memory location of each of the graph nodes and dependencies of each of the graph nodes; identifying, based on the manifest, the command buffer and the associated data structures to copy to the host memory; identifying, based on the manifest, the kernels to copy to local memory of the hardware accelerator; and patching addresses in the command buffer copied to the host memory with updated addresses of corresponding locations in the host memory.

Abstract: An apparatus comprises a hardware processor to perform an attestation procedure to attest a remote device, establish a session key for a communication session with the remote device, define a linear address (LA) region outside an established address range for a secure enclave, generate, for the linear address (LA) region, a unique encryption key accessible only to the enclave, assign a key identifier to the unique encryption key, store the linear address (LA) region and the unique encryption key in an enclave control structure, set a pending bit in the enclave control structure to a value to indicate that contents of the linear address region cannot be changed without approval from the secure enclave, clear the pending bit to indicate that the linear address range is available for use by the enclave, wrap the key identifier and the unique encryption key with the session key, and send the key identifier and the unique encryption key to the remote device.

Abstract: An apparatus comprises a hardware processor to program a memory table for a trusted domain with a first device identifier associated with a device, a guest physical address (GPA) range associated with the device, and a guest physical address offset, receive a memory access request from the device, the memory access request comprising a second device identifier and a guest physical address, and validate the memory access request using the memory table.

Abstract: An apparatus to facilitate protecting assets of mutually distrustful entities during federated learning training on a remote device is disclosed. The apparatus includes a processor to a processor to: receive, at a trusted execution environment (TEE) hosted by a client platform, an encrypted machine learning (ML) model and a cryptographic message authentication code (MAC) from a model owner platform, wherein the encrypted ML model is encrypted by the model owner platform using homomorphic encryption (HE); verify integrity of the encrypted ML model using the cryptographic MAC and a TEE key established by the processor during remote attestation of the TEE with the model owner platform; perform, in the TEE, training of the encrypted ML model using HE computation on sensor data; and send, to the model owner platform, output of the training comprising updated model parameters of the encrypted ML model, where the output is homomorphically encrypted.

Abstract: An apparatus comprises a hardware processor to create an input/output control data structure (IOCS) for a trusted execution environment (TEE), allocate an input/output (I/O) address range comprising a host physical address (HPA) and a plurality of input/output (IO) pages to the input/output control structure, create an entry in the input/output control structure (IOCS) for a set of input/output (IO) pages and a device identifier for a remote device, set a pending bit to a first value which indicates that the remote device is authorized to access the input/output (I/O) address range, and grant the remote device access to the set of input/output pages in the input/output control structure upon verification of an input/output (IO) address range for the remote device.

Abstract: In one embodiment, an apparatus comprises a processor to: receive a request to configure a secure execution environment for a first workload; configure a first set of secure execution enclaves for execution of the first workload, wherein the first set of secure execution enclaves is configured on a first set of processing resources, wherein the first set of processing resources comprises one or more central processing units and one or more accelerators; configure a first set of secure datapaths for communication among the first set of secure execution enclaves during execution of the first workload, wherein the first set of secure datapaths is configured over a first set of interconnect resources; configure the secure execution environment for the first workload, wherein the secure execution environment comprises the first set of secure execution enclaves and the first set of secure datapaths.

Abstract: An apparatus to facilitate disaggregated computing for a distributed confidential computing environment is disclosed. The apparatus includes a processor executing a trusted execution environment (TEE) comprising a field-programmable gate array (FPGA) driver to interface with an FPGA device that is remote to the apparatus; and a remote memory-mapped input/output (MMIO) driver to expose the FPGA device as a legacy device to the FPGA driver, wherein the processor to utilize the remote MMIO driver to: enumerate the FPGA device using FPGA enumeration data provided by a remote management controller of the FPGA device, the FPGA enumeration data comprising a configuration space and device details; load function drivers for the FPGA device in the TEE; create corresponding device files in the TEE based on the FPGA enumeration data; and handle remote MMIO reads and writes to the FPGA device via a network transport protocol.

Abstract: An apparatus to facilitate in-place memory copy during remote data transfer in a heterogeneous compute environment is disclosed. The apparatus includes a processor to receive data via a network interface card (NIC) of a hardware accelerator device; identify a destination address of memory of the hardware accelerator device to write the data; determine that access control bits of the destination address in page tables maintained by a memory management unit (MMU) indicate that memory pages of the destination address are both registered and free; write the data to the memory pages of the destination address; and update the access control bits for memory pages of the destination address to indicate that the memory pages are restricted, wherein setting the access control bits to restricted prevents the NIC and a compute kernel of the hardware accelerator device from accessing the memory pages.

Abstract: An apparatus to facilitate confidential computing in a heterogeneous compute environment including a network-connected hardware accelerator is disclosed. The apparatus includes a processor to provide a first trusted execution environment (TEE) to run an application, and to send, via the application to a user mode driver (UMD) hosted in first the TEE, a command to transfer data of the application to a hardware accelerator device that is connected via network to the application; encrypt and integrity-protect, via the UMD, the data using shared secret data keys and a destination buffer address of the hardware accelerator device to generate encrypted and integrity-protected data, the shared secret data keys established with a remote service in a second TEE operating on an accelerator platform connected to the application; and interface, via the UMD with a local network interface card (NIC), to cause a copy over the network of the encrypted and integrity-protected data.

Abstract: A computing platform comprising a plurality of disaggregated data center resources and an infrastructure processing unit (IPU), communicatively coupled to the plurality of resources, to compose a platform of the plurality of disaggregated data center resources for allocation of microservices cluster.