Abstract: Examples described herein relate to network layer 7 (L7) offload to an infrastructure processing unit (IPU) for a service mesh. An apparatus described herein includes an IPU comprising an IPU memory to store a routing table for a service mesh, the routing table to map shared memory address spaces of the IPU and a host device executing one or more microservices, wherein the service mesh provides an infrastructure layer for the one or more microservices executing on the host device; and one or more IPU cores communicably coupled to the IPU memory, the one or more IPU cores to: host a network L7 proxy endpoint for the service mesh, and communicate messages between the network L7 proxy endpoint and an L7 interface device of the one or more microservices by copying data between the shared memory address spaces of the IPU and the host device based on the routing table.

Abstract: An apparatus to facilitate protecting data transfer between a secure application and networked devices is disclosed. The apparatus includes a processor to provide a trusted execution environment (TEE) to run an application, wherein the processor is to: generate, via the application in the TEE, encrypted data, wherein the encrypted data comprises a payload; copy, via the application in the TEE, the encrypted data to a local buffer; interface, using the application in the TEE, with a source network interface controller (NIC) to initiate a copy over a network of the encrypted data from the local buffer to a remote buffer of a remote platform; and communicate, after completing the copy of the network of the encrypted data, at least one message with the remote platform to indicate that the encrypted data is available and to enable the remote platform to verify integrity of the encrypted data.

Abstract: A security framework for virtual machines is described. In one or more implementations, a hardware platform comprises physical computer hardware, the physical computer hardware including one or more processing units and one or more memories. The system also includes a virtual machine monitor configured to virtualize the physical computer hardware of the hardware platform to instantiate a plurality of framework-secure virtual machines. Further, the system includes a root framework-secure virtual machine instantiated by the virtual machine monitor. In accordance with the described techniques, the root framework-secure virtual machine is configured to control access to the hardware platform by the framework-secure virtual machines instantiated by the virtual machine monitor.

Abstract: Root-trusted guest memory page management is described. A root-trusted guest is loaded by a hardware platform and authenticated. The root-trusted guest is configured to manage memory operations of different guests via special privileges that permit the root-trusted guest to execute memory operations using a guest's private memory page. To do so, a guest page table includes a novel “T-bit” in each entry, which indicates whether the root-trusted guest or a different guest owns the associated memory page. Each entry in the guest page table for the root-trusted guest additionally includes a “C-bit” that indicates whether the corresponding memory page is a protected page. Combined C-bit and T-bit values for a page table entry dictate whether operations performed as part of handling a guest's memory request are offloaded from the hardware platform to the root-trusted guest.

Abstract: Embodiments are directed to providing integrity-protected command buffer execution. An embodiment of an apparatus includes a computer-readable memory comprising one or more command buffers and a processing device communicatively coupled to the computer-readable memory to read, from a command buffer of the computer-readable memory, a first command received from a host device, the first command executable by one or more processing elements on the processing device, the first command comprising an instruction and associated parameter data, compute a first authentication tag using a cryptographic key associated with the host device, the instruction and at least a portion of the parameter data, and authenticate the first command by comparing the first authentication tag with a second authentication tag computed by the host device and associated with the command.

Abstract: Embodiments are directed to providing integrity-protected command buffer execution. An embodiment of an apparatus includes a computer-readable memory comprising one or more command buffers and a processing device communicatively coupled to the computer-readable memory to read, from a command buffer of the computer-readable memory, a first command received from a host device, the first command executable by one or more processing elements on the processing device, the first command comprising an instruction and associated parameter data, compute a first authentication tag using a cryptographic key associated with the host device, the instruction and at least a portion of the parameter data, and authenticate the first command by comparing the first authentication tag with a second authentication tag computed by the host device and associated with the command.

Abstract: Systems and methods include establishing a cryptographically secure communication between an application module and an audio module. The application module is configured to execute on an information-handling machine, and the audio module is coupled to the information-handling machine. The establishment of the cryptographically secure communication may be at least partially facilitated by a mutually trusted module.

Abstract: Technologies for trusted I/O include a computing device having a hardware cryptographic agent, a cryptographic engine, and an I/O controller. The hardware cryptographic agent intercepts a message from the I/O controller and identifies boundaries of the message. The message may include multiple DMA transactions, and the start of message is the start of the first DMA transaction. The cryptographic engine encrypts the message and stores the encrypted data in a memory buffer. The cryptographic engine may skip and not encrypt header data starting at the start of message or may read a value from the header to determine the skip length. In some embodiments, the cryptographic agent and the cryptographic engine may be an inline cryptographic engine. In some embodiments, the cryptographic agent may be a channel identifier filter, and the cryptographic engine may be processor-based. Other embodiments are described and claimed.

Abstract: Systems and methods include establishing a cryptographically secure communication between an application module and an audio module. The application module is configured to execute on an information-handling machine, and the audio module is coupled to the information-handling machine. The establishment of the cryptographically secure communication may be at least partially facilitated by a mutually trusted module.

Abstract: Technologies for secure device configuration and management include a computing device having an I/O device. A trusted agent of the computing device is trusted by a virtual machine monitor of the computing device. The trusted agent securely commands the I/O device to enter a trusted I/O mode, securely commands the I/O device to set a global lock on configuration registers, receives configuration data from the I/O device, and provides the configuration data to a trusted execution environment. In the trusted I/O mode, the I/O device rejects a configuration command if a configuration register associated with the configuration command is locked and the configuration command is not received from the trusted agent. The trusted agent may provide attestation information to the trusted execution environment. The trusted execution environment may verify the configuration data and the attestation information. Other embodiments are described and claimed.

Abstract: An apparatus to facilitate disaggregated computing for a distributed confidential computing environment is disclosed. The apparatus includes a graphics processing unit (GPU) to: provide a virtual GPU monitor (VGM) to interface over a network with a middleware layer of a client platform, the VGM to interface with the middleware layer using a message passing interface; configure and expose, by the VGM, virtual functions (VFs) of the GPU to the middleware layer of the client platform; intercept, by the VGM, request messages directed to the GPU from the middleware layer, the request messages corresponding to VFs of the GPU to be utilized by the client platform; and generate, by the VGM, a response to the request messages for the middleware client.

Abstract: A computing platform comprising a plurality of disaggregated data center resources and an infrastructure processing unit (IPU), communicatively coupled to the plurality of resources, to compose a platform of the plurality of disaggregated data center resources for allocation of microservices cluster.

Abstract: A system includes an orchestrator to receive a first request for resources for a workload of a tenant and to select a first node cluster in a first compute domain to be provisioned for the workload. The system also includes a first security manager to run in a trusted execution environment of one or more processors to receive attestation results for a second node cluster from a second security manager in a second compute domain, and to establish the first node cluster and the second node cluster as a trusted group of node clusters for the workload based, at least in part, on determining that a first compute node in the first node cluster meets one or more security requirements of a workload execution policy associated with the workload and that the attestation results indicate that a second compute node in the second node cluster meets the one or more security requirements.

Abstract: An apparatus to facilitate disaggregated computing for a distributed confidential computing environment is disclosed. The apparatus includes one or more processors to facilitate receiving a manifest corresponding to graph nodes representing regions of memory of a remote client machine, the graph nodes corresponding to a command buffer and to associated data structures and kernels of the command buffer used to initialize a hardware accelerator and execute the kernels, and the manifest indicating a destination memory location of each of the graph nodes and dependencies of each of the graph nodes; identifying, based on the manifest, the command buffer and the associated data structures to copy to the host memory; identifying, based on the manifest, the kernels to copy to local memory of the hardware accelerator; and patching addresses in the command buffer copied to the host memory with updated addresses of corresponding locations in the host memory.

Abstract: An apparatus to facilitate confidential computing in a heterogeneous compute environment including a network-connected hardware accelerator is disclosed. The apparatus includes a processor to provide a first trusted execution environment (TEE) to run an application, and to send, via the application to a user mode driver (UMD) hosted in first the TEE, a command to transfer data of the application to a hardware accelerator device that is connected via network to the application; encrypt and integrity-protect, via the UMD, the data using shared secret data keys and a destination buffer address of the hardware accelerator device to generate encrypted and integrity-protected data, the shared secret data keys established with a remote service in a second TEE operating on an accelerator platform connected to the application; and interface, via the UMD with a local network interface card (NIC), to cause a copy over the network of the encrypted and integrity-protected data.

Abstract: Embodiments are directed to protection of communications between a trusted execution environment and a hardware accelerator utilizing enhanced end-to-end encryption and inter-context security. An embodiment of an apparatus includes one or more processors having one or more trusted execution environments (TEEs) including a first TEE to include a first trusted application; an interface with a hardware accelerator, the hardware accelerator including trusted embedded software or firmware; and a computer memory to store an untrusted kernel mode driver for the hardware accelerator, the one or more processors to establish an encrypted tunnel between the first trusted application in the first TEE and the trusted software or firmware, generate a call for a first command from the first trusted application, generate an integrity tag for the first command, and transfer command parameters for the first command and the integrity tag to the kernel mode driver to generate the first command.

Abstract: Embodiments are directed to trusted local memory management in a virtualized GPU. An embodiment of an apparatus includes one or more processors including a trusted execution environment (TEE); a GPU including a trusted agent; and a memory, the memory including GPU local memory, the trusted agent to ensure proper allocation/deallocation of the local memory and verify translations between graphics physical addresses (PAs) and PAs for the apparatus, wherein the local memory is partitioned into protection regions including a protected region and an unprotected region, and wherein the protected region to store a memory permission table maintained by the trusted agent, the memory permission table to include any virtual function assigned to a trusted domain, a per process graphics translation table to translate between graphics virtual address (VA) to graphics guest PA (GPA), and a local memory translation table to translate between graphics GPAs and PAs for the local memory.

Abstract: Technologies for secure device configuration and management include a computing device having an I/O device. A trusted agent of the computing device is trusted by a virtual machine monitor of the computing device. The trusted agent securely commands the I/O device to enter a trusted I/O mode, securely commands the I/O device to set a global lock on configuration registers, receives configuration data from the I/O device, and provides the configuration data to a trusted execution environment. In the trusted I/O mode, the I/O device rejects a configuration command if a configuration register associated with the configuration command is locked and the configuration command is not received from the trusted agent. The trusted agent may provide attestation information to the trusted execution environment. The trusted execution environment may verify the configuration data and the attestation information. Other embodiments are described and claimed.

Abstract: Technologies for secure I/O data transfer include a computing device having a processor and an accelerator. Each of the processor and the accelerator includes a memory encryption engine. The computing device configures both memory encryption engines with a shared encryption key and transfers encrypted data from a source component to a destination component via an I/O link. The source may be processor and the destination may be the accelerator or vice versa. The computing device may perform a cryptographic operation with one of the memory encryption engines and bypass the other memory encryption engine. The computing device may read encrypted data from a memory of the source, bypass the source memory encryption engine, and transfer the encrypted data to the destination. The destination may receive encrypted data, bypass the destination memory encryption engine, and store the encrypted data in a memory of the destination. Other embodiments are described and claimed.

Abstract: An apparatus to facilitate disaggregated computing for a distributed confidential computing environment is disclosed. The apparatus includes one or more processors to facilitate receiving a manifest corresponding to graph nodes representing regions of memory of a remote client machine, the graph nodes corresponding to a command buffer and to associated data structures and kernels of the command buffer used to initialize a hardware accelerator and execute the kernels, and the manifest indicating a destination memory location of each of the graph nodes and dependencies of each of the graph nodes; identifying, based on the manifest, the command buffer and the associated data structures to copy to the host memory; identifying, based on the manifest, the kernels to copy to local memory of the hardware accelerator; and patching addresses in the command buffer copied to the host memory with updated addresses of corresponding locations in the host memory.