-
1.发明公开SYSTEM AND METHOD FOR PROVIDING GLOBAL PLATFORM COMPLIANT TRUSTED EXECUTION ENVIRONMENT 审中-公开提供全球平台兼容可信执行环境的系统和方法
公开(公告)号:EP3238370A1
公开(公告)日:2017-11-01
申请号:EP15873889.8
申请日:2015-10-21
申请人: Intel Corporation
IPC分类号: H04L9/32
CPC分类号: H04L9/3234 , G06F9/4406 , G06F9/45533 , G06F9/45558 , G06F9/4843 , G06F9/54 , G06F21/74 , G06F2009/45587 , G09C1/00 , H04L2209/127
摘要: Method of providing a Global Platform (GP) compliant Trusted Execution Environment (TEE) starts with main processor executing an application stored in memory device. Application includes client application (CA) and trusted application (TA). Executing the application includes running CA in client process and TA in TEE host process. Client process and TEE host process are separate. Using TEE host process, a request including identifier of the TA is received from client process to open session. Using GP Trusted Services enclave included in TEE host process, TA enclave associated with the identifier is determined and loaded in the TEE host process using the GP Trusted Services enclave to establish the session. Using TEE host process, commands to be invoked in TA enclave and set of parameters needed for commands are received from client process. Using GP Internal APIs, commands in TA enclave associated with identifier are executed. Other embodiments are also described.
摘要翻译: 提供全球平台(GP)兼容可信执行环境(TEE)的方法从主处理器执行存储在存储器装置中的应用程序开始。 应用程序包括客户端应用程序(CA)和可信应用程序(TA)。 执行应用程序包括在TEE主机进程中运行客户端进程中的CA和TA。 客户端进程和TEE主机进程是分开的。 使用TEE主机进程,从客户端进程接收到包含TA标识符的请求以打开会话。 使用包含在TEE主机过程中的GP可信服务飞地,与该标识符相关联的TA飞地被确定并使用GP可信服务飞域建立会话并加载到TEE主机进程中。 使用TEE主机进程,从客户端进程接收在TA飞地中调用的命令以及命令所需的参数集。 使用GP内部API,执行与标识符相关联的TA区域中的命令。 还描述了其他实施例。
-
2.发明公开
公开(公告)号:EP3641270A1
公开(公告)日:2020-04-22
申请号:EP19209069.4
申请日:2016-05-27
申请人: INTEL Corporation
发明人: ROZAS, Carlos V. , VIJ, Mona , LESLIE-HURD, Rebekah M. , ZMUDZINSKI, Krystof C. , CHAKRABARTI, Somnath , MCKEEN, Francis X. , SCARLATA, Vincent R. , JOHNSON, Simon P. , ALEXANDROVICH, Ilya , NEIGER, Gilbert , SHANBHOGUE, Vedvyas , ANATI, Ittai
摘要: A processor includes a decode unit to decode an instruction that is to indicate a page of a protected container memory, and a storage location outside of the protected container memory. An execution unit, in response to the instruction, is to ensure that there are no writable references to the page of the protected container memory while it has a write protected state. The execution unit is to encrypt a copy of the page of the protected container memory. The execution unit is to store the encrypted copy of the page to the storage location outside of the protected container memory, after it has been ensured that there are no writable references. The execution unit is to leave the page of the protected container memory in the write protected state, which is also valid and readable, after the encrypted copy has been stored to the storage location.
-
3.发明公开
公开(公告)号:EP3394760A1
公开(公告)日:2018-10-31
申请号:EP16880125.6
申请日:2016-12-22
申请人: Intel Corporation
发明人: ROZAS, Carlos V. , ALEXANDROVICH, Ilya , NEIGER, Gilbert , MCKEEN, Francis X. , ANATI, Ittai , SHANBHOGUE, Vedvyas , VIJ, Mona , LESLIE-HURD, Rebekah M. , ZMUDZINSKI, Krystof C. , CHAKRABARTI, Somnath , SCARLATA, Vincent R. , JOHNSON, Simon P.
IPC分类号: G06F12/14
CPC分类号: G06F12/1408 , G06F12/0802 , G06F12/0875 , G06F12/1466 , G06F2212/1052 , G06F2212/402 , G06F2212/60 , H04L9/0891 , H04L9/0894 , H04L9/14 , H04L9/32 , H04L9/3226
摘要: Instructions and logic support suspending and resuming migration of enclaves in a secure enclave page cache (EPC). An EPC stores a secure domain control structure (SDCS) in storage accessible by an enclave for a management process, and by a domain of enclaves. A second processor checks if a corresponding version array (VA) page is bound to the SDCS, and if so: increments a version counter in the SDCS for the page, performs an authenticated encryption of the page from the EPC using the version counter in the SDCS, and writes the encrypted page to external memory. A second processor checks if a corresponding VA page is bound to a second SDCS of the second processor, and if so: performs an authenticated decryption of the page using a version counter in the second SDCS, and loads the decrypted page to the EPC in the second processor if authentication passes.
-
公开(公告)号:EP3862886A1
公开(公告)日:2021-08-11
申请号:EP21166256.4
申请日:2015-08-14
申请人: Intel Corporation
摘要: The present disclosure provides a processor comprising a processor core and a memory controller coupled between the processor core and main memory, wherein the main memory comprises an enclave that includes enclave page cache, EPC, pages. The processor core is to execute a first enclave instruction, wherein the first enclave instruction is a single instruction and, in response to executing the first enclave instruction, copy content of a source EPC page within a same enclave as a target EPC page, update an access permission level of the target EPC page, and change a page type flag of the target EPC page from a pending state to a valid state for use in the enclave.
-
5.发明公开
公开(公告)号:EP3757859A3
公开(公告)日:2021-01-13
申请号:EP20162644.7
申请日:2020-03-12
申请人: INTEL Corporation
发明人: ZMUDZINSKI, Krystof C. , JOHNSON, Simon P. , MAKARAM, Raghunandan , McKEEN, Francis X. , ROZAS, Carlos V. , OZSOY, Meltem , ALEXANDROVICH, Ilya , CHHABRA, Siddartha
摘要: A processor includes a cryptographic engine to control access, using an secure region key identifier (ID), to one or more memory range of memory allocable for flexible conversion to secure pages of architecturally-protected memory regions, and a processor core. The processor core is to, responsive to receipt of a request to access the memory, perform a walk of page tables and extended page tables to translate a linear address of the request to a physical address of the memory. The processor core is further to determine that the physical address corresponds to an secure page within the one or more memory range of the memory, that a first key ID located within the physical address does not match the secure region key ID, and issue a page fault and deny access to the secure page in the memory.
-
6.发明公开PROCESSORS, METHODS, SYSTEMS, AND INSTRUCTIONS TO SUPPORT LIVE MIGRATION OF PROTECTED CONTAINERS 审中-公开处理器,方法,系统和说明,以支持受保护的容器的实时迁移
公开(公告)号:EP3314853A1
公开(公告)日:2018-05-02
申请号:EP16814991.2
申请日:2016-05-27
申请人: Intel Corporation
发明人: ROZAS, Carlos V. , VIJ, Mona , LESLIE-HURD, Rebekah M. , ZMUDZINSKI, Krystof C. , CHAKRABARTI, Somnath , MCKEEN, Francis X. , SCARLATA, Vincent R. , JOHNSON, Simon P. , ALEXANDROVICH, Ilya , NEIGER, Gilbert , SHANBHOGUE, Vedvyas , ANATI, Ittai
CPC分类号: G06F12/1408 , G06F8/41 , G06F9/30145 , G06F9/45558 , G06F21/53 , G06F21/602 , G06F2009/4557 , G06F2009/45587 , G06F2212/1052
摘要: A processor includes a decode unit to decode an instruction that is to indicate a page of a protected container memory, and a storage location outside of the protected container memory. An execution unit, in response to the instruction, is to ensure that there are no writable references to the page of the protected container memory while it has a write protected state. The execution unit is to encrypt a copy of the page of the protected container memory. The execution unit is to store the encrypted copy of the page to the storage location outside of the protected container memory, after it has been ensured that there are no writable references. The execution unit is to leave the page of the protected container memory in the write protected state, which is also valid and readable, after the encrypted copy has been stored to the storage location.
-
公开(公告)号:EP2596423A2
公开(公告)日:2013-05-29
申请号:EP11810160.9
申请日:2011-07-12
申请人: Intel Corporation
CPC分类号: G06F9/4403
摘要: In one embodiment, the present invention includes semiconductor integrated code (SIC) corresponding to platform independent code of a processor manufacturer. This code may include embedded memory code (EMC) to initialize a memory via initialization of a memory controller, and a mapping of memory signals using an on-die termination (ODT) data structure accessible via the EMC, where the ODT data structure is provided by an original equipment manufacturer (OEM) and corresponds to a parameterized rule set for a platform dependent memory configuration of the memory. Other embodiments are described and claimed.
-
公开(公告)号:EP3262516B1
公开(公告)日:2020-08-19
申请号:EP16756110.9
申请日:2016-02-22
申请人: Intel Corporation
IPC分类号: G06F12/0875 , G06F12/14 , G06F13/24
-
9.发明公开INSTRUCTIONS AND LOGIC TO FORK PROCESSES OF SECURE ENCLAVES AND ESTABLISH CHILD ENCLAVES IN A SECURE ENCLAVE PAGE CACHE 审中-公开指示和逻辑,以确保安全环境的进程并在安全的页面缓存中建立儿童环境
公开(公告)号:EP3262516A1
公开(公告)日:2018-01-03
申请号:EP16756110.9
申请日:2016-02-22
申请人: Intel Corporation
摘要: Instructions and logic fork processes and establish child enclaves in a secure enclave page cache (EPC). Instructions specify addresses for secure storage allocated to enclaves of a parent and a child process to store secure enclave control structure (SECS) data, application data, code, etc. The processor includes an EPC to store enclave data of the parent and child processes. Embodiments of the parent may execute, or a system may execute an instruction to copy parent SECS to secure storage for the child, initialize a unique child ID and link to the parent's SECS/ID. Embodiments of the child may execute, or the system may execute an instruction to copy pages from the parent enclave to the enclave of the child where both have the same key, set an entry for EPC mapping to partial completion, and record a page state in the child enclave, if interrupted. Thus copying can be resumed.
-
公开(公告)号:EP2596423B1
公开(公告)日:2017-03-22
申请号:EP11810160.9
申请日:2011-07-12
申请人: Intel Corporation
IPC分类号: G06F9/44
CPC分类号: G06F9/4403
-
-
-
-
-
-
-
-
-
搜索结果
13 条记录 (耗时 0.017 秒)
