Technologies for virtualized access to security services provided by a converged manageability and security engine

Assignee

• Intel Corporation · US

Inventors

• Mona Vij · Hillsboro, US
• Carlos V. Rozas · Portland, US
• Vincent R. Scarlata · Beaverton, US
• Francis X. McKeen · Portland, US
• Bo Zhang · Raleigh, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2009/45587
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Technologies for secure access to platform security services include a computing device having a processor and a security engine. The computing device establishes a platform services enclave in a virtual machine of the computing device using secure enclave support of the processor. The platform services enclave receives a platform services request from an application enclave via a first authenticated session and transmits the platform services request to a virtual security engine established by a host environment via a second authenticated session. The first and second authenticated sessions may be authenticated by report-based attestation and quote-based attestation, respectively. The virtual security engine transmits the platform services request to the security engine via a long-term pairing session established by the virtual security engine with the security engine. The security engine performs the platform services request using hardware resources shared with other platform services enclaves. Other embodiments are described and claimed.