公开(公告)号：EP4020281A1

公开(公告)日：2022-06-29

申请号：EP21198455.4

申请日：2021-09-23

申请人： INTEL Corporation

发明人： Rozas, Carlos ,  Liu, Fangfei ,  Zou, Xiang ,  McKeen, Francis ,  Brandt, Jason W. ,  Nuzman, Joseph ,  Alameldeen, Alaa ,  Basak, Abhishek ,  Constable, Scott ,  Unterluggauer, Thomas ,  Mallick, Asit ,  Fernandez, Matthew

IPC分类号： G06F21/55

摘要： Embodiments for dynamically mitigating speculation vulnerabilities are disclosed. In an embodiment, an apparatus includes decode circuitry and execution circuitry coupled to the decode circuitry. The decode circuitry is to decode a register hardening instruction to mitigate vulnerability to a speculative execution attack. The execution circuitry is to be hardened in response to the register hardening instruction.

公开(公告)号：EP4325352A3

公开(公告)日：2024-06-19

申请号：EP24150660.9

申请日：2016-05-26

申请人： Intel Corporation

发明人： Shanbhogue, Vedvyas ,  Brandt, Jason W. ,  Sahita, Ravi L. ,  Huntley, Barry E. ,  Patel, Baiju V.

IPC分类号： G06F9/30 ,  G06F21/52 ,  G06F12/14 ,  G06F9/38

CPC分类号： G06F21/52 ,  G06F9/3861 ,  G06F9/30054 ,  G06F9/30101 ,  G06F9/30134 ,  G06F9/3806 ,  G06F12/1009 ,  G06F12/1027 ,  G06F12/1036 ,  G06F12/1063 ,  G06F12/1081 ,  G06F12/109 ,  G06F12/1491 ,  G06F2212/105220130101 ,  G06F2212/15120130101 ,  G06F2212/65120130101 ,  G06F2212/65720130101 ,  G06F9/30076 ,  G06F12/0811

摘要： Embodiments of the subject disclosure provide a processor and a system. The processor comprises: a shadow stack pointer, SSP, register to store a current SSP to identify a top of a current shadow stack; a decode unit to decode a restore shadow stack pointer instruction, the restore shadow stack pointer instruction to indicate a source operand that is to have a first SSP, the first SSP to identify a top of a first shadow stack; and an execution unit coupled with the decode unit, the execution unit, in response to the restore shadow stack pointer instruction, to: perform a plurality of security checks, including to determine whether a value derived from the first SSP is compatible with a value accessed from the first shadow stack; cause an exception, if at least one of the security checks fails; and restore an SSP to the SSP register to switch from the current shadow stack to the first shadow stack, if all of the security checks succeed.

公开(公告)号：EP4020278A1

公开(公告)日：2022-06-29

申请号：EP21197916.6

申请日：2021-09-21

申请人： INTEL Corporation

发明人： Alameldeen, Alaa ,  Rozas, Carlos ,  Liu, Fangfei ,  Zou, Xiang ,  McKeen, Francis ,  Brandt, Jason W. ,  Nuzman, Joseph ,  Basak, Abhishek ,  Constable, Scott ,  Unterluggauer, Thomas ,  Mallick, Asit ,  Fernandez, Matthew

IPC分类号： G06F21/55 ,  G06F21/75

摘要： Embodiments for dynamically mitigating speculation vulnerabilities are disclosed. In an embodiment, an apparatus includes decode circuitry and execution circuitry coupled to the decode circuitry. The decode circuitry is to decode a single instruction to mitigate vulnerability to a speculative execution attack. The execution circuitry is to be hardened in response to the single instruction.

公开(公告)号：EP3706361A1

公开(公告)日：2020-09-09

申请号：EP20172756.7

申请日：2016-06-01

申请人： INTEL Corporation

发明人： Brandt, Jason W. ,  Shanbhogue, Vedvyas

IPC分类号： H04L9/08 ,  G06F21/53 ,  G06F9/455

摘要： Embodiments of an invention for loading and virtualizing cryptographic keys are disclosed. In one embodiment, an apparatus comprises a local key storage location, decode hardware and execution hardware The local key storage location is not readable by software. The decode hardware is to decode a first instruction The execution hardware is to execute the decoded first instruction to load, move, or copy a cryptographic key into the local key storage location.

公开(公告)号：EP4145275A1

公开(公告)日：2023-03-08

申请号：EP22203480.3

申请日：2020-11-17

申请人： INTEL Corporation

发明人： Sahita, Ravi ,  Gupta, Deepak ,  Shanbhogue, Vedvyas ,  Hansen, David ,  Brandt, Jason W. ,  Nuzman, Joseph ,  Zhang, Mingwei

IPC分类号： G06F9/30 ,  G06F9/355 ,  G06F9/38 ,  G06F12/02 ,  G06F12/14

摘要： Systems, methods, and apparatuses relating to instructions to compartmentalize memory accesses and execution (e.g., non-speculative and speculative) are described. In one embodiment, a compartment manager circuit is to determine, when a compartment control register of a hardware processor core is set to an enable value, that a first subset of code requested for execution on the hardware processor core in user privilege is within a first compartment of memory, load a first compartment descriptor for the first compartment into one or more registers of the hardware processor core from the memory, check if the first compartment is marked in the first compartment descriptor, within the one or more registers of the hardware processor core, as a management compartment, and, when the first compartment is marked in the first compartment descriptor as the management compartment, allowing the first subset of the code within the first compartment to load a second compartment descriptor for a second compartment of the memory into the one or more registers of the hardware processor core from the memory, switching execution from the first subset of code within the first compartment to a second subset of code in user privilege within the second compartment, allowing speculative memory accesses for the second subset of code only within the second compartment, and preventing a memory access outside of the second compartment for the second subset of code as indicated by the second compartment descriptor stored within the one or more registers of the hardware processor core.

公开(公告)号：EP4020279A1

公开(公告)日：2022-06-29

申请号：EP21197926.5

申请日：2021-09-21

申请人： INTEL Corporation

发明人： Rozas, Carlos ,  Liu, Fangfei ,  Zou, Xiang ,  McKeen, Francis ,  Brandt, Jason W. ,  Nuzman, Joseph ,  Alameldeen, Alaa ,  Basak, Abhishek ,  Constable, Scott ,  Unterluggauer, Thomas ,  Mallick, Asit ,  Fernandez, Matthew

IPC分类号： G06F21/55 ,  G06F21/75

摘要： Embodiments for dynamically mitigating speculation vulnerabilities are disclosed. In an embodiment, an apparatus includes a decode circuitry and store circuitry coupled to the decode circuitry. The decode circuitry is to decode a store hardening instruction to mitigate vulnerability to a speculative execution attack. The store circuitry is to be hardened in response to the store hardening instruction.

公开(公告)号：EP4020188A1

公开(公告)日：2022-06-29

申请号：EP21197332.6

申请日：2021-09-17

申请人： Intel Corporation

发明人： Rozas, Carlos ,  Liu, Fangfei ,  Zou, Xiang ,  McKeen, Francis ,  Brandt, Jason W. ,  Nuzman, Joseph ,  Alameldeen, Alaa ,  Basak, Abhishek ,  Constable, Scott ,  Unterluggauer, Thomas ,  Mallick, Asit ,  Fernandez, Matthew

IPC分类号： G06F9/38 ,  G06F9/30 ,  G06F21/50

摘要： Embodiments for dynamically mitigating speculation vulnerabilities are disclosed. In an embodiment, an apparatus includes decode circuitry and load circuitry coupled to the decode circuitry. The decode circuitry is to decode a load hardening instruction to mitigate vulnerability to a speculative execution attack. The load circuitry is to be hardened in response to the load hardening instruction.

公开(公告)号：EP3885901A1

公开(公告)日：2021-09-29

申请号：EP20208101.4

申请日：2020-11-17

申请人： Intel Corporation

发明人： Sahita, Ravi ,  Gupta, Deepak ,  Shanbhogue, Vedvyas ,  Hansen, David ,  Brandt, Jason W. ,  Nuzman, Joseph ,  Zhang, Mingwei

IPC分类号： G06F9/30 ,  G06F9/355 ,  G06F9/38 ,  G06F12/02 ,  G06F12/14

摘要： Systems, methods, and apparatuses relating to instructions to compartmentalize memory accesses and execution (e.g., non-speculative and speculative) are described. In one embodiment, a compartment manager circuit is to determine, when a compartment control register of a hardware processor core is set to an enable value, that a first subset of code requested for execution on the hardware processor core in user privilege is within a first compartment of memory, load a first compartment descriptor for the first compartment into one or more registers of the hardware processor core from the memory, check if the first compartment is marked in the first compartment descriptor, within the one or more registers of the hardware processor core, as a management compartment, and, when the first compartment is marked in the first compartment descriptor as the management compartment, allowing the first subset of the code within the first compartment to load a second compartment descriptor for a second compartment of the memory into the one or more registers of the hardware processor core from the memory, switching execution from the first subset of code within the first compartment to a second subset of code in user privilege within the second compartment, allowing speculative memory accesses for the second subset of code only within the second compartment, and preventing a memory access outside of the second compartment for the second subset of code as indicated by the second compartment descriptor stored within the one or more registers of the hardware processor core.

公开(公告)号：EP4325352A2

公开(公告)日：2024-02-21

申请号：EP24150660.9

申请日：2016-05-26

申请人： Intel Corporation

发明人： Shanbhogue, Vedvyas ,  Brandt, Jason W. ,  Sahita, Ravi L. ,  Huntley, Barry E. ,  Patel, Baiju V.

IPC分类号： G06F9/38

摘要： Embodiments of the subject disclosure provide a processor and a system. The processor comprises: a shadow stack pointer, SSP, register to store a current SSP to identify a top of a current shadow stack; a decode unit to decode a restore shadow stack pointer instruction, the restore shadow stack pointer instruction to indicate a source operand that is to have a first SSP, the first SSP to identify a top of a first shadow stack; and an execution unit coupled with the decode unit, the execution unit, in response to the restore shadow stack pointer instruction, to: perform a plurality of security checks, including to determine whether a value derived from the first SSP is compatible with a value accessed from the first shadow stack; cause an exception, if at least one of the security checks fails; and restore an SSP to the SSP register to switch from the current shadow stack to the first shadow stack, if all of the security checks succeed.

公开(公告)号：EP4099158A1

公开(公告)日：2022-12-07

申请号：EP22184595.1

申请日：2016-05-26

申请人： INTEL Corporation

发明人： Shanbhogue, Vedvyas ,  Brandt, Jason W. ,  Sahita, Ravi L. ,  Huntley, Barry E. ,  Patel, Baiju V.

IPC分类号： G06F9/30 ,  G06F21/52 ,  G06F12/14 ,  G06F9/38

摘要： Embodiments of the subject disclosure provide a processor and a system. The processor comprises: a shadow stack pointer (SSP) register to store an SSP, including a first SSP to identify a top of a first shadow stack, the SSP register to indicate a current SSP for a current shadow stack; a decode unit to decode a shadow stack protection instruction, the shadow stack protection instruction to indicate a second SSP, the second SSP to identify a top of a second shadow stack; and an execution unit coupled with the decode unit. The execution unit, in response to the shadow stack protection instruction, is to perform a plurality of security checks, including to determine whether the second SSP is compatible with a value stored on the second shadow stack. If at least one of the security checks fail, the execution unit is further to: not make the second SSP the current SSP; and cause an exception. If all of the security checks succeed, the execution unit is further to: change the value; and update the SSP register to the second SSP to make the second SSP the current SSP.