-
公开(公告)号:EP4325352A3
公开(公告)日:2024-06-19
申请号:EP24150660.9
申请日:2016-05-26
申请人: Intel Corporation
CPC分类号: G06F21/52 , G06F9/3861 , G06F9/30054 , G06F9/30101 , G06F9/30134 , G06F9/3806 , G06F12/1009 , G06F12/1027 , G06F12/1036 , G06F12/1063 , G06F12/1081 , G06F12/109 , G06F12/1491 , G06F2212/105220130101 , G06F2212/15120130101 , G06F2212/65120130101 , G06F2212/65720130101 , G06F9/30076 , G06F12/0811
摘要: Embodiments of the subject disclosure provide a processor and a system. The processor comprises: a shadow stack pointer, SSP, register to store a current SSP to identify a top of a current shadow stack; a decode unit to decode a restore shadow stack pointer instruction, the restore shadow stack pointer instruction to indicate a source operand that is to have a first SSP, the first SSP to identify a top of a first shadow stack; and an execution unit coupled with the decode unit, the execution unit, in response to the restore shadow stack pointer instruction, to: perform a plurality of security checks, including to determine whether a value derived from the first SSP is compatible with a value accessed from the first shadow stack; cause an exception, if at least one of the security checks fails; and restore an SSP to the SSP register to switch from the current shadow stack to the first shadow stack, if all of the security checks succeed.
-
公开(公告)号:EP3671474A1
公开(公告)日:2020-06-24
申请号:EP19209897.8
申请日:2019-11-19
申请人: Intel Corporation
发明人: Ouziel, Ido , Aharon, Arie , Caspi, Dror , Chaikin, Baruch , Doweck, Jacob , Gerzon, Gideon , Huntley, Barry E. , McKeen, Francis X. , Neiger, Gilbert , Rozas, Carlos V. , Sahita, Ravi L. , Shanbhogue, Vedvyas , Zaltsman, Assaf
摘要: A processor includes a processor core. A register of the core is to store:
a bit range for a number of address bits of physical memory addresses used for key identifiers (IDs), and a first key ID to identify a boundary between non-restricted key IDs and restricted key IDs of the key identifiers. A memory controller is to: determine, via access to bit range and the first key ID in the register, a key ID range of the restricted key IDs within the physical memory addresses; access a processor state that a first logical processor of the processor core executes in an untrusted domain mode; receive a memory transaction, from the first logical processor, including an address associated with a second key ID; and generate a fault in response to a determination that the second key ID is within a key ID range of the restricted key IDs.-
公开(公告)号:EP4379592A3
公开(公告)日:2024-08-28
申请号:EP24170687.8
申请日:2018-08-15
申请人: INTEL Corporation
发明人: Sahita, Ravi L. , Patel, Baiju V. , Huntley, Barry E. , Neiger, Gilbert , Khosravi, Hormuzd M. , Ouziel, Ido , Durham, David M. , Schoinas, Ioannis T. , Chhabra, Siddhartha , Rozas, Carlos V. , Gerzon, Gideon
摘要: Implementations describe providing isolation in virtualized systems using trust domains. In one implementation, an apparatus comprises: a memory encryption engine to protect memory using encryption; and a processor to execute one or more instructions to allow a virtual machine manager (VMM) to manage a trust domain (TD). The processor is to support at least one of a first instruction to add a memory page to the TD, wherein execution of the first instruction is to use an address of TD control structure, an address of a source page, and an address of destination page to: copy the source memory page to the destination page using an encryption key identified in the TD control structure, a second instruction, wherein execution of the second instruction is to initialize the TD control structure for a TD and generate the encryption key, or a third instruction, wherein execution of the third instruction is to enter the TD and load a saved state of the TD from a data structure.
-
4.发明公开
公开(公告)号:EP4328747A2
公开(公告)日:2024-02-28
申请号:EP24152166.5
申请日:2020-03-21
申请人: INTEL Corporation
IPC分类号: G06F9/455
摘要: Implementations describe a computing system that implements a plurality of virtual machines inside a trust domain (TD), enabled via a secure arbitration mode (SEAM) of the processor. A processor includes one or more registers to store a SEAM range of memory, a TD key identifier of a TD private encryption key. The processor is capable of initializing a trust domain resource manager (TDRM) to manage the TD, and a virtual machine monitor within the TD to manage the plurality of virtual machines therein. The processor is further capable of exclusively associating a plurality of memory pages with the TD, wherein the plurality of memory pages associated with the TD is encrypted with a TD private encryption key inaccessible to the TDRM. The processor is further capable of using the SEAM range of memory, inaccessible to the TDRM, to provide isolation between the TDRM and the plurality of virtual machines.
-
5.发明公开Controlling virtual machines based on activity state 审中-公开Steuerung美食家Maschinen auf der Basis desAktivitätszustandes
公开(公告)号:EP1995662A1
公开(公告)日:2008-11-26
申请号:EP07254788.8
申请日:2007-12-12
申请人: Intel Corporation
发明人: Bennett, Steven M. , Rodgers, Scott D. , Shekhar, Shashank , Anderson, Andrew V. , Huntley, Barry E. , Neiger, Gilbert , Smith III, Lawrence
CPC分类号: G06F9/45558 , G06F2009/45566
摘要: Embodiments of apparatuses, methods, and systems for controlling virtual machines based on activity state are disclosed. In one embodiment, an apparatus includes virtual machine entry logic and activity state evaluation logic. The virtual machine entry logic is to transfer control of the apparatus from a host to a guest. The activity state evaluation logic is to determine whether the activity state of the guest would be inactive upon receiving control.
摘要翻译: 公开了用于基于活动状态来控制虚拟机的设备,方法和系统的实施例。 在一个实施例中,装置包括虚拟机入口逻辑和活动状态评估逻辑。 虚拟机入口逻辑是将设备的控制从主机传送到访客。 活动状态评估逻辑是确定访客的活动状态是否在接收到控制时处于不活动状态。
-
6.发明公开
公开(公告)号:EP4152194A1
公开(公告)日:2023-03-22
申请号:EP22203986.9
申请日:2020-03-21
申请人: Intel Corporation
摘要: Implementations describe a computing system that implements a plurality of virtual machines inside a trust domain (TD), enabled via a secure arbitration mode (SEAM) of the processor. A processor includes one or more registers to store a SEAM range of memory, a TD key identifier of a TD private encryption key. The processor is capable of initializing a trust domain resource manager (TDRM) to manage the TD, and a virtual machine monitor within the TD to manage the plurality of virtual machines therein. The processor is further capable of exclusively associating a plurality of memory pages with the TD, wherein the plurality of memory pages associated with the TD is encrypted with a TD private encryption key inaccessible to the TDRM. The processor is further capable of using the SEAM range of memory, inaccessible to the TDRM, to provide isolation between the TDRM and the plurality of virtual machines.
-
7.发明公开
公开(公告)号:EP3671521A1
公开(公告)日:2020-06-24
申请号:EP19203470.0
申请日:2019-10-16
申请人: INTEL Corporation
发明人: Ouziel, Ido , Aharon, Arie , Caspi, Dror , Chaikin, Baruch , Doweck, Jacob , Gerzon, Gideon , Huntley, Barry E. , McKeen, Francis X. , Neiger, Gilbert , Rozas, Carlos V. , Sahita, Ravi L. , Shanbhogue, Vedvyas , Zaltsman, Assaf , Khosravi, Hormuzd M.
摘要: Implementations described provide hardware support for the co-existence of restricted and non-restricted encryption keys on a computing system. Such hardware support may comprise a processor having a core, a hardware register to store a bit range to identify a number of bits, of physical memory addresses, that define key identifiers (IDs) and a partition key ID identifying a boundary between non-restricted and restricted key IDs. The core may allocate at least one of the non-restricted key IDs to a software program, such as a hypervisor. The core may further allocate a restricted key ID to a trust domain whose trust computing base does not comprise the software program. A memory controller coupled to the core may allocate a physical page of a memory to the trust domain, wherein data of the physical page of the memory is to be encrypted with an encryption key associated with the restricted key ID.
-
公开(公告)号:EP3958160A1
公开(公告)日:2022-02-23
申请号:EP21201854.3
申请日:2019-05-24
申请人: INTEL Corporation
发明人: LeMay, Michael , Durham, David M. , Kounavis, Michael E. , Huntley, Barry E. , Shanbhogue, Vedvyas , Brandt, Jason W. , Triplett, Josh , Neiger, Gilbert , Grewal, Karanvir , Patel, Baiju V. , Zhuang, Ye , Tsai, Jr-Shian , Sukhomlinov, Vadim , Sahita, Ravi , Zhang, Mingwei , Farwell, James C. , Das, Amitabh , Bhuyan, Krishna
摘要: Disclosed embodiments relate to encoded inline capabilities. In one example, an apparatus comprises: a trusted execution environment to configure a plurality of compartments in an address space of memory, each compartment comprising a private memory and a pointer to an object in a shared heap of the plurality of compartments, wherein each compartment is isolated from other compartments, is unable to access the private memory of other compartments, and is unable to access any object in the shared heap that is solely assigned to another compartment; decode circuitry to decode a single instruction into a decoded single instruction, the single instruction comprising a pointer for a first compartment to a first object in the shared heap; and execution circuitry to execute the decoded single instruction to generate an encoded capability, based at least in part on the pointer to the first object, to allow access to the first object in the shared heap by a second compartment in response to the second compartment having the encoded capability.
-
公开(公告)号:EP3671473A1
公开(公告)日:2020-06-24
申请号:EP19204526.8
申请日:2019-10-22
申请人: Intel Corporation
发明人: Shanbhogue, Vedvyas , Van Doren, Stephen R. , Neiger, Gilbert , Huntley, Barry E. , Santoni, Amy , Makaram, Raghunandan , Agarwal, Rajat , Perez, Ronald , Khosravi, Hormuzd , Peddireddy, Manjula , Chhabra, Siddhartha
IPC分类号: G06F12/14
摘要: A processor includes a processor core to execute an application; a key attribute table (KAT) register to store a plurality of key identifiers (KeyIDs) associated with the application, wherein a KeyID identifies an encryption key; a selection circuit coupled to the KAT register to select the KeyID from the KAT register based on a KeyID selector (KSEL), wherein the KSEL is associated with a page of memory to which access is performed; a cache coupled to the processor core, the cache to store a physical address, data, and the KeyID of the page of memory, wherein the KeyID is an attribute associated with the page of memory; and a memory controller coupled to the cache to encrypt, based on the encryption key identified by the KeyID, the data of the page of memory stored in the cache as it is evicted from the cache to main memory.
-
公开(公告)号:EP1995662B1
公开(公告)日:2018-10-17
申请号:EP07254788.8
申请日:2007-12-12
申请人: Intel Corporation
发明人: Bennett, Steven M. , Rodgers, Scott D. , Shekhar, Shashank , Anderson, Andrew V. , Huntley, Barry E. , Neiger, Gilbert , Smith III, Lawrence
CPC分类号: G06F9/45558 , G06F2009/45566
摘要: Embodiments of apparatuses, methods, and systems for controlling virtual machines based on activity state are disclosed. In one embodiment, an apparatus includes virtual machine entry logic and activity state evaluation logic. The virtual machine entry logic is to transfer control of the apparatus from a host to a guest. The activity state evaluation logic is to determine whether the activity state of the guest would be inactive upon receiving control.
-
-
-
-
-
-
-
-
-
搜索结果
16 条记录 (耗时 0.013 秒)
