SECURE INPUT/OUTPUT DEVICE MANAGEMENT

摘要

Embodiments of apparatus and methods for secure I/O device management are disclosed. In an embodiment, an apparatus includes a processor and an I/O controller. The processor has secure execution environment support, wherein the processor is to establish a secure execution environment using the secure execution environment support. The I/O controller includes an integrated trusted I/O device, wherein the trusted I/O device is to receive an unencrypted request to configure the trusted I/O device via a default control endpoint of the trusted I/O device, configure a command endpoint and a response endpoint in response to receipt of the unencrypted request, receive an encrypted command from the secure execution environment via the command endpoint, perform a device management operation related to the I/O controller in response to receipt of the encrypted command, and transmit an encrypted response to the secure execution environment via the response endpoint in response to performance of the device management operation.

主权项

1. An apparatus comprising:
a processor having secure execution environment support, wherein the processor is to establish a secure execution environment using the secure execution environment support; and an input/output (I/O) controller including an integrated trusted I/O device, wherein the trusted I/O device is to receive a unencrypted request to configure the trusted I/O device via a default control endpoint of the trusted I/O device, configure a command endpoint and a response endpoint in response to receipt of the unencrypted request, receive an encrypted command from the secure execution environment via the command endpoint, perform a device management operation related to the I/O controller in response to receipt of the encrypted command; and transmit an encrypted response to the secure execution environment via the response endpoint in response to performance of the device management operation.