| CPC G06F 9/5083 (2013.01) [G06F 9/3814 (2013.01); G06F 9/5027 (2013.01); G06T 1/20 (2013.01); G06T 1/60 (2013.01)] | 20 Claims |
|
1. An apparatus comprising:
a programmable integrated circuit (IC) comprising secure device manager (SDM) hardware circuitry to:
receive, from a computing device of a tenant, a tenant bitstream and a tenant use policy for utilization of the programmable IC via the tenant bitstream, wherein the tenant use policy is cryptographically bound to the tenant bitstream by a cloud service provider (CSP) authorizing entity and signed with a signature of the CSP authorizing entity;
in response to successfully verifying the signature of the CSP authorizing entity, extract the tenant use policy to provide to a policy manager of the programmable IC for verification;
in response to the policy manager verifying the tenant bitstream based on the tenant use policy, configure a partial reconfiguration (PR) region of the programmable IC using the tenant bitstream;
associate a slot identifier (ID) of the PR region with the tenant use policy; and
store the tenant use policy and the slot ID as a policy-slot ID pair in the programmable IC to enable configuration of internal states of the programmable IC and enforcement of the tenant use policy on the PR region of the tenant.
|