US 12,079,341 B2
Composable trusted execution environments
Kapil Sood, Portland, OR (US); Ioannis T. Schoinas, Portland, OR (US); Yu-Yuan Chen, Chandler, AZ (US); Raghunandan Makaram, Northborough, MA (US); David J. Harriman, Portland, OR (US); Baiju Patel, Portland, OR (US); Ronald Perez, Piedmont, CA (US); Matthew E. Hoekstra, Forest Grove, OR (US); and Reshma Lal, Portland, OR (US)
Assigned to Intel Corporation, Santa Clara, CA (US)
Filed by Intel Corporation, Santa Clara, CA (US)
Filed on Jun. 22, 2021, as Appl. No. 17/354,733.
Application 17/354,733 is a continuation of application No. 16/362,218, filed on Mar. 22, 2019, granted, now 11,048,800.
Claims priority of provisional application 62/780,643, filed on Dec. 17, 2018.
Prior Publication US 2022/0019667 A1, Jan. 20, 2022
Int. Cl. G06F 21/57 (2013.01); G06F 9/50 (2006.01); G06F 21/53 (2013.01); G06F 21/72 (2013.01); G06F 21/85 (2013.01)
CPC G06F 21/57 (2013.01) [G06F 9/505 (2013.01); G06F 21/53 (2013.01); G06F 21/72 (2013.01); G06F 21/85 (2013.01); G06F 2221/034 (2013.01)] 49 Claims
OG exemplary drawing
 
1. An apparatus, comprising:
input/output (I/O) circuitry to communicate with one or more devices over an interconnect;
memory circuitry; and
processing circuitry to:
receive, via the I/O circuitry, a device signature from a first device of the one or more devices, wherein the device signature cryptographically attests a configuration of the first device; and
configure a composed trusted execution environment (TEE) on a virtual machine (VM), wherein the composed TEE is distributed across the apparatus and the first device, and wherein the composed TEE comprises:
an isolated execution environment distributed across the processing circuitry and the first device;
a protected area of memory within the memory circuitry to store data associated with the composed TEE; and
an encrypted data stream for communication over the interconnect between the apparatus and the first device.