公开(公告)号：EP2726991B1

公开(公告)日：2018-03-14

申请号：EP11868426.5

申请日：2011-06-29

申请人： Intel Corporation

发明人： GUERON, Shay ,  SAVAGAONKAR, Uday ,  MCKEEN, Francis X. ,  ROZAS, Carlos V. ,  DURHAM, David M. ,  DOWECK, Jacob ,  MULLA, Ofir ,  ANATI, Ittai ,  GREENFIELD, Zvika ,  MAOR, Moshe

IPC分类号： G06F12/14 ,  G06F21/72 ,  G06F21/64 ,  H04L9/06 ,  H04L9/32

CPC分类号： G06F21/72 ,  G06F12/1408 ,  G06F21/00 ,  G06F21/64 ,  H04L9/0637 ,  H04L9/3242

摘要： A method and apparatus to provide cryptographic integrity checks and replay protection to protect against hardware attacks on system memory is provided. A mode of operation for block ciphers enhances the standard XTS-AES mode of operation to perform memory encryption by extending a tweak to include a “time stamp” indicator. A tree-based replay protection scheme uses standard XTS-AES to encrypt contents of a cache line in the system memory. A Message-Authentication Code (MAC) for the cache line is encrypted using enhanced XTS-AES and a “time stamp” indicator associated with the cache line. The “time stamp indicator” is stored in a processor.

公开(公告)号：EP3862886A1

公开(公告)日：2021-08-11

申请号：EP21166256.4

申请日：2015-08-14

申请人： Intel Corporation

发明人： LESLIE-HURD, Rebekah M. ,  MCKEEN, Francis X. ,  ROZAS, Carlos V. ,  ZMUDZINSKI, Krystof C.

IPC分类号： G06F12/14 ,  G06F21/74 ,  G06F21/79

摘要： The present disclosure provides a processor comprising a processor core and a memory controller coupled between the processor core and main memory, wherein the main memory comprises an enclave that includes enclave page cache, EPC, pages. The processor core is to execute a first enclave instruction, wherein the first enclave instruction is a single instruction and, in response to executing the first enclave instruction, copy content of a source EPC page within a same enclave as a target EPC page, update an access permission level of the target EPC page, and change a page type flag of the target EPC page from a pending state to a valid state for use in the enclave.

公开(公告)号：EP3314853A1

公开(公告)日：2018-05-02

申请号：EP16814991.2

申请日：2016-05-27

申请人： Intel Corporation

发明人： ROZAS, Carlos V. ,  VIJ, Mona ,  LESLIE-HURD, Rebekah M. ,  ZMUDZINSKI, Krystof C. ,  CHAKRABARTI, Somnath ,  MCKEEN, Francis X. ,  SCARLATA, Vincent R. ,  JOHNSON, Simon P. ,  ALEXANDROVICH, Ilya ,  NEIGER, Gilbert ,  SHANBHOGUE, Vedvyas ,  ANATI, Ittai

IPC分类号： H04L29/06 ,  H04L9/08 ,  H04L29/08

CPC分类号： G06F12/1408 ,  G06F8/41 ,  G06F9/30145 ,  G06F9/45558 ,  G06F21/53 ,  G06F21/602 ,  G06F2009/4557 ,  G06F2009/45587 ,  G06F2212/1052

摘要： A processor includes a decode unit to decode an instruction that is to indicate a page of a protected container memory, and a storage location outside of the protected container memory. An execution unit, in response to the instruction, is to ensure that there are no writable references to the page of the protected container memory while it has a write protected state. The execution unit is to encrypt a copy of the page of the protected container memory. The execution unit is to store the encrypted copy of the page to the storage location outside of the protected container memory, after it has been ensured that there are no writable references. The execution unit is to leave the page of the protected container memory in the write protected state, which is also valid and readable, after the encrypted copy has been stored to the storage location.

公开(公告)号：EP3025268A1

公开(公告)日：2016-06-01

申请号：EP14829860.7

申请日：2014-07-15

申请人： Intel Corporation

发明人： SCARLATA, Vincent R. ,  ROZAS, Carlos V. ,  JOHNSON, Simon P. ,  SAVAGAONKAR, Uday R. ,  ANATI, Ittai ,  MCKEEN, Francis X. ,  GOLDSMITH, Michael A.

IPC分类号： G06F21/00 ,  G06F9/06

CPC分类号： H04L9/3213 ,  G06F21/12 ,  G06F21/53 ,  H04L9/3263

摘要： Embodiments of an invention for feature licensing in a secure processing environment are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction to initialize a secure enclave. The execution unit is to execute the instruction. Execution of the instruction includes determining whether a requested feature is licensed for use in the secure enclave.

公开(公告)号：EP3641270A1

公开(公告)日：2020-04-22

申请号：EP19209069.4

申请日：2016-05-27

申请人： INTEL Corporation

发明人： ROZAS, Carlos V. ,  VIJ, Mona ,  LESLIE-HURD, Rebekah M. ,  ZMUDZINSKI, Krystof C. ,  CHAKRABARTI, Somnath ,  MCKEEN, Francis X. ,  SCARLATA, Vincent R. ,  JOHNSON, Simon P. ,  ALEXANDROVICH, Ilya ,  NEIGER, Gilbert ,  SHANBHOGUE, Vedvyas ,  ANATI, Ittai

IPC分类号： H04L29/06 ,  H04L9/08 ,  H04L29/08 ,  G06F9/455 ,  G06F8/41 ,  G06F21/53 ,  G06F21/60 ,  G06F12/14

摘要： A processor includes a decode unit to decode an instruction that is to indicate a page of a protected container memory, and a storage location outside of the protected container memory. An execution unit, in response to the instruction, is to ensure that there are no writable references to the page of the protected container memory while it has a write protected state. The execution unit is to encrypt a copy of the page of the protected container memory. The execution unit is to store the encrypted copy of the page to the storage location outside of the protected container memory, after it has been ensured that there are no writable references. The execution unit is to leave the page of the protected container memory in the write protected state, which is also valid and readable, after the encrypted copy has been stored to the storage location.

公开(公告)号：EP3049992B1

公开(公告)日：2019-07-03

申请号：EP14849831.4

申请日：2014-09-16

申请人： Intel Corporation

发明人： CHHABRA, Siddhartha ,  SAVAGAONKAR, Uday R. ,  GOLDSMITH, Michael A. ,  JOHNSON, Simon P. ,  LESLIE-HURD, Rebekah M. ,  MCKEEN, Francis X. ,  NEIGER, Gilbert ,  MAKARAM, Raghunandan ,  ROZAS, Carlos V. ,  SANTONI, Amy L. ,  SCARLATA, Vincent R. ,  SHANBHOGUE, Vedvyas ,  SMITH, Wesley H. ,  ANATI, Ittai ,  ALEXANDROVICH, Ilya

IPC分类号： G06F21/79 ,  G06F12/14

公开(公告)号：EP3394760A1

公开(公告)日：2018-10-31

申请号：EP16880125.6

申请日：2016-12-22

申请人： Intel Corporation

发明人： ROZAS, Carlos V. ,  ALEXANDROVICH, Ilya ,  NEIGER, Gilbert ,  MCKEEN, Francis X. ,  ANATI, Ittai ,  SHANBHOGUE, Vedvyas ,  VIJ, Mona ,  LESLIE-HURD, Rebekah M. ,  ZMUDZINSKI, Krystof C. ,  CHAKRABARTI, Somnath ,  SCARLATA, Vincent R. ,  JOHNSON, Simon P.

IPC分类号： G06F12/14

CPC分类号： G06F12/1408 ,  G06F12/0802 ,  G06F12/0875 ,  G06F12/1466 ,  G06F2212/1052 ,  G06F2212/402 ,  G06F2212/60 ,  H04L9/0891 ,  H04L9/0894 ,  H04L9/14 ,  H04L9/32 ,  H04L9/3226

摘要： Instructions and logic support suspending and resuming migration of enclaves in a secure enclave page cache (EPC). An EPC stores a secure domain control structure (SDCS) in storage accessible by an enclave for a management process, and by a domain of enclaves. A second processor checks if a corresponding version array (VA) page is bound to the SDCS, and if so: increments a version counter in the SDCS for the page, performs an authenticated encryption of the page from the EPC using the version counter in the SDCS, and writes the encrypted page to external memory. A second processor checks if a corresponding VA page is bound to a second SDCS of the second processor, and if so: performs an authenticated decryption of the page using a version counter in the second SDCS, and loads the decrypted page to the EPC in the second processor if authentication passes.

公开(公告)号：EP3326107A1

公开(公告)日：2018-05-30

申请号：EP16828178.0

申请日：2016-06-10

申请人： Intel Corporation

发明人： BHATTACHARYYA, Binata ,  MAKARAM, Raghunandan ,  SANTONI, Amy L. ,  CHRYSOS, George Z. ,  JOHNSON, Simon P. ,  MORRIS, Brian S. ,  MCKEEN, Francis X.

IPC分类号： G06F21/79 ,  G06F21/62 ,  G06F12/14

CPC分类号： G06F21/62 ,  G06F21/602 ,  G06F21/64 ,  G06F21/78 ,  G06F2221/2113

摘要： A processor implementing techniques for supporting configurable security levels for memory address ranges is disclosed. In one embodiment, the processor includes a processing core a memory controller, operatively coupled to the processing core, to access data in an off-chip memory and a memory encryption engine (MEE) operatively coupled to the memory controller. The MEE is to responsive to detecting a memory access operation with respect to a memory location identified by a memory address within a memory address range associated with the off-chip memory, identify a security level indicator associated with the memory location based on a value stored on a security range register. The MEE is further to access at least a portion of a data item associated with the memory address range of the off-chip memory in view of the security level indicator.

公开(公告)号：EP3025266A1

公开(公告)日：2016-06-01

申请号：EP14829313.7

申请日：2014-07-15

申请人： Intel Corporation

发明人： ROZAS, Carlos V. ,  ANATI, Ittai ,  GERZON, Gideon ,  GUERON, Shay ,  JOHNSON, Simon P. ,  MCKEEN, Francis X. ,  SAVAGAONKAR, Uday R. ,  SCARLATA, Vincent R.

IPC分类号： G06F21/00 ,  G06F9/06

CPC分类号： H04L9/3239 ,  G06F9/3004 ,  G06F12/1441 ,  G06F21/71 ,  G06F2221/2111

摘要： Embodiments of an invention for measuring a secure enclave are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first, a second, and a third instruction. The execution unit is to execute the first, the second, and the third instruction. Execution of the first instruction includes initializing a measurement field in a control structure of a secure enclave with an initial value. Execution of the second instruction includes adding a region to the secure enclave. Execution of the third instruction includes measuring a subregion of the region.

摘要翻译： 公开了用于测量安全飞地的发明的实施例。 在一个实施例中，处理器包括指令单元和执行单元。 指令单元将接收第一，第二和第三指令。 执行单元执行第一条，第二条和第三条指令。 第一指令的执行包括用初始值初始化安全区域的控制结构中的测量字段。 第二条指令的执行包括向安全飞地增加一个区域。 第三条指令的执行包括测量该地区的一个子地区。

公开(公告)号：EP2726991A1

公开(公告)日：2014-05-07

申请号：EP11868426.5

申请日：2011-06-29

申请人： Intel Corporation

发明人： GUERON, Shay ,  SAVAGAONKAR, Uday ,  MCKEEN, Francis X. ,  ROZAS, Carlos V. ,  DURHAM, David M. ,  DOWECK, Jacob ,  MULLA, Ofir ,  ANATI, Ittai ,  GREENFIELD, Zvika ,  MAOR, Moshe

IPC分类号： G06F12/14

CPC分类号： G06F21/72 ,  G06F12/1408 ,  G06F21/00 ,  G06F21/64 ,  H04L9/0637 ,  H04L9/3242

摘要： A method and apparatus to provide cryptographic integrity checks and replay protection to protect against hardware attacks on system memory is provided. A mode of operation for block ciphers enhances the standard XTS-AES mode of operation to perform memory encryption by extending a tweak to include a "time stamp" indicator. A tree-based replay protection scheme uses standard XTS-AES to encrypt contents of a cache line in the system memory. A Message-Authentication Code (MAC) for the cache line is encrypted using enhanced XTS-AES and a "time stamp" indicator associated with the cache line. The "time stamp indicator" is stored in a processor.