Abstract: In one example a computer implemented method comprises encrypting data to be stored in a protected region of a memory using a message authentication code (MAC) having a first value determined using a first key during a first period of time, generating a replay integrity tree structure comprising security metadata for the data stored in the protected region of the memory using the first value of the MAC, and at the end of the first period of time, re-keying the MAC to have a second value determined using a second key at the end of the first period of time, decrypting the data stored in the protected region using the first value for the MAC, re-encrypting the data stored in the protected region using the second value for the MAC, and updating the replay integrity tree using the second value for the MAC. Other examples may be described.

Abstract: Technologies for filtering transactions includes a compute device, which further includes an accelerator device and an I/O subsystem having an accelerator port. The I/O subsystem is configured to determine whether to enable a global attestation during a boot process of the compute device, receive a transaction from the accelerator device connected to the accelerator port via a coherent accelerator link, and filter the transaction based on a determination of whether to enable the global attestation.

Abstract: Systems, methods, and apparatuses associated with data exchanged between a processor and a hardware accelerator are disclosed. In various embodiments, a method comprises receiving, at a first endpoint, a first request to change a current tag frequency used to generate a first authentication tag for one or more transactions of a first transaction window sent over a data link to a second endpoint coupled to a processor core. The method further includes sending a message to the second endpoint that the current tag frequency is to change to a new tag frequency, where a second authentication tag for one or more transactions in a second transaction window is to be generated based on the new tag frequency. The method also includes changing the current tag frequency to the new tag frequency based, at least in part, on receiving an acknowledgement that the second endpoint received the message.

Abstract: The presently disclosed method and apparatus for sharing security metadata memory space proposes a technique to allow metadata sharing two different encryption techniques. A section of memory encrypted using a first type of encryption and having first security metadata associated therewith is converted to a section of memory encrypted using a second type of encryption and having second security metadata associated therewith. At least a portion of said first security metadata shares a memory space with at least a portion of said second security metadata for a same section of memory.

Abstract: Technologies for secure channel identifier mapping include a computing device having an I/O controller that may connect to one or more I/O devices. The computing device determines a device path to an I/O device that may be used to identify the I/O device. The computing device identifies a firmware method as a function of the device path and invokes the firmware method. In response, the firmware method determines a channel identifier as a function of the device path. The firmware method may determine a pre-determined channel identifier for static or undiscoverable I/O devices. For dynamic I/O devices, the firmware method may determine the channel identifier using a stable algorithm. The I/O controller may assign the channel identifier to the dynamic I/O device using the same stable algorithm. The computing device establishes a secure channel to the I/O device using the channel identifier. Other embodiments are described and claimed.

Abstract: Technologies for securely binding a manifest to a platform include a computing device having a security engine and a field-programmable fuse. The computing device receives a platform manifest indicative of a hardware configuration of the computing device and a manifest hash. The security engine of the computing device blows a bit of a field programmable fuse and then stores the manifest hash and a counter value of the field-programmable fuse in integrity-protected non-volatile storage. In response to a platform reset, the security engine verifies the stored manifest hash and counter value and then determines whether the stored counter value matches the field-programmable fuse. If verified and current, trusted software may calculate a hash of the platform manifest and compare the calculated hash to the stored manifest hash. If matching, the platform manifest may be used to discover platform hardware. Other embodiments are described and claimed.

Abstract: Various embodiments are generally directed to techniques for converting between different cipher systems, such as, for instance, between a cipher system used for a first encryption environment and a different cipher system used for a second encryption environment, for instance. Some embodiments are particularly directed to an encryption engine that supports memory operations between two or more encryption environments. Each encryption environment can use different cipher systems while the encryption engine can translate ciphertext between the different cipher systems. In various embodiments, for instance, the first encryption environment may include a main memory that uses a position dependent cipher system and the second encrypted environment may include a secondary memory that uses a position independent cipher system.

Abstract: A data processing system includes support for sub-page granular memory tags. The data processing system comprises at least one core, a memory controller responsive to the core, random access memory (RAM) responsive to the memory controller, and a memory protection module in the memory controller. The memory protection module enables the memory controller to use a memory tag value supplied as part of a memory address to protect data stored at a location that is based on a location value supplied as another part of the memory address. The data processing system also comprises an operating system (OS) which, when executed in the data processing system, manages swapping a page of data out of the RAM to non-volatile storage (NVS) by using a memory tag map (MTM) to apply memory tags to respective subpages within the page being swapped out. Other embodiments are described and claimed.

Abstract: Technologies for secure I/O with MIPI camera devices include a computing device having a camera controller coupled to a camera and a channel identifier filter. The channel identifier filter detects DMA transactions issued by the camera controller and related to the camera. The channel identifier filter determines whether a DMA transaction includes a secure channel identifier or a non-secure channel identifier. If the DMA transaction includes the non-secure channel identifier, the channel identifier filter allows the DMA transaction. If the DMA transaction includes the secure channel identifier, the channel identifier filter determines whether the DMA transaction is targeted to a memory address in a protected memory range associated with the secure channel identifier. If so, the channel identifier filter allows the DMA transaction. If not, the channel identifier filter blocks the DMA transaction. Other embodiments are described and claimed.

Abstract: Memory security technologies are described. An example processing system includes a processor core and a memory controller coupled to the processor core and a memory. The processor core can receive a content read instruction from an application. The processor core can identify a cache line (CL) from a plurality of CLs of a cryptographic cache block (CCB) requested in the content read instruction. The processor core can load, from a cryptographic tree, tree nodes with security metadata. The processor core can retrieve, from the memory, the CCB. The processor core can generate a second MAC from the CCB. The processor core can compare the first MAC with the second MAC. The processor core can decrypt the CCB using security metadata when the first MAC matches the second MAC. The processor core can send at least the identified CL from the decrypted CCB to the application.

Abstract: Various embodiments are generally directed to techniques for encrypting stored data. An apparatus includes a processor component comprising a cache that comprises a cache line to store a first block of data corresponding to a second block of encrypted data stored within a storage; a compressor to compress the data within the first block to generate compressed data within the first block to clear sufficient storage space within the first block to store metadata associated with generation of the second block of encrypted data from the first block in response to eviction of the first block from the cache line; and an encrypter to encrypt the compressed data within the first block to generate the encrypted data within the second block and to store encryption metadata associated with encrypting the compressed data within the second block as a portion of the metadata associated with the generation of the second block.

Abstract: Technologies for secure channel identifier mapping include a computing device having an I/O controller that may connect to one or more I/O devices. The computing device determines a device path to an I/O device that may be used to identify the I/O device. The computing device identifies a firmware method as a function of the device path and invokes the firmware method. In response, the firmware method determines a channel identifier as a function of the device path. The firmware method may determine a pre-determined channel identifier for static or undiscoverable I/O devices. For dynamic I/O devices, the firmware method may determine the channel identifier using a stable algorithm. The I/O controller may assign the channel identifier to the dynamic I/O device using the same stable algorithm. The computing device establishes a secure channel to the I/O device using the channel identifier. Other embodiments are described and claimed.

Abstract: Apparatuses, systems, and methods for hardware-level data encryption having integrity and replay protection are described. An example electronic device includes a memory encryption engine (MEE) having a MEE cache configured to store a plurality of MEE cache lines, each MEE cache line comprising a plurality of cryptographic metadata blocks, where each metadata block is associated with each of a plurality of encrypted data lines stored in a memory, and each MEE cache line includes a bit vector mapped to the plurality of metadata blocks, where a set bit in the bit vector indicates that the associated metadata block has been accessed by one or more processors, and MEE circuitry configured to select a replacement candidate from the plurality of MEE cache lines for eviction from the MEE cache based on a number of accessed metadata blocks in the replacement candidate as indicated by the associated bit vector.

Abstract: Technologies for secure programming of a cryptographic engine include a computing device with a cryptographic engine and one or more I/O controllers. The computing device establishes, an invoking secure enclave using secure enclave support of a processor. The invoking enclave configures channel programming information, including a channel key, and invokes a processor instruction with the channel programming information as a parameter. The processor generates wrapped programming information including an encrypted channel key and a message authentication code. The encrypted channel key is protected with a key known only to the processor. The invoking enclave provides the wrapped programming information to untrusted software, which invokes a processor instruction with the wrapped programming information as a parameter. The processor unwraps and verifies the wrapped programming information and then programs the cryptographic engine.

Abstract: Technologies for trusted I/O attestation and verification include a computing device with a cryptographic engine and one or more I/O controllers. The computing device collects hardware attestation information associated with statically attached hardware I/O components that are associated with a trusted I/O usage protected by the cryptographic engine. The computing device verifies the hardware attestation information and securely enumerates one or more dynamically attached hardware components in response to verification. The computing device collects software attestation information for trusted software components loaded during secure enumeration. The computing device verifies the software attestation information. The computing device may collect firmware attestation information for firmware loaded in the I/O controllers and verify the firmware attestation information.

Abstract: Technologies for secure I/O data transfer include a computing device having a processor and an accelerator. Each of the processor and the accelerator includes a memory encryption engine. The computing device configures both memory encryption engines with a shared encryption key and transfers encrypted data from a source component to a destination component via an I/O link. The source may be processor and the destination may be the accelerator or vice versa. The computing device may perform a cryptographic operation with one of the memory encryption engines and bypass the other memory encryption engine. The computing device may read encrypted data from a memory of the source, bypass the source memory encryption engine, and transfer the encrypted data to the destination. The destination may receive encrypted data, bypass the destination memory encryption engine, and store the encrypted data in a memory of the destination. Other embodiments are described and claimed.

Abstract: A server includes a processor core including system memory, and a cryptographic engine storing a key data structure. The data structure is to store multiple keys for multiple secure domains. The core receives a request to program a first secure domain into the cryptographic engine. The request includes first domain information within a first wrapped binary large object (blob). In response a determination that there is no available entry in the data structure, the core selects a second secure domain within the data structure to de-schedule and issues a read key command to read second domain information from a target entry of the data structure. The core encrypts the second domain information to generate a second wrapped blob and stores the second wrapped blob in a determined region of the system memory, which frees up the target entry for use to program the first secure domain.

Abstract: A processor for supporting secure memory intent is disclosed. The processor of the disclosure includes a memory execution unit to access memory and a processor core coupled to the memory execution unit. The processor core is to receive a request to access a convertible page of the memory. In response to the request, the processor core to determine an intent for the convertible page in view of a page table entry (PTE) corresponding to the convertible page. The intent indicates whether the convertible page is to be accessed as at least one of a secure page or a non-secure page.

Abstract: An embodiment of a semiconductor package apparatus may include technology to identify a first encrypted memory alias corresponding to a first portion of memory based on a verification indicator, where the first portion is decryptable and readable by both a privileged component and an unprivileged component, and identify a second encrypted memory alias corresponding to a second portion of memory based on the verification indicator, where the second portion is accessible by only the unprivileged component. Other embodiments are disclosed and claimed.

Abstract: Solutions for secure memory access in a computing platform, include a multi-key encryption (MKE) engine as part of the memory interface between processor core(s) and memory of a computing platform. The processor core(s) perform workloads, each utilizing allocated portions of memory. The MKE engine performs key-based cryptography operations on data to isolate portions of the memory from workloads to which those portions of the memory are not allocated. A key-mapping data store is accessible to the MKE engine and contains associations between identifiers of portions of the memory, and corresponding key identification data from which cryptographic keys are obtained. A key tracking log is maintained by the MKE engine, and the MKE engine temporarily stores entries in the key tracking log containing the identifiers of the portions of the memory and key identification data for those portions of memory during memory-access operations of those portions of memory.