公开(公告)号：US20240289438A1

公开(公告)日：2024-08-29

申请号：US18656667

申请日：2024-05-07

Applicant: Intel Corporation

Inventor： Sergej DEUTSCH ,  David M. DURHAM ,  Karanvir GREWAL

IPC: G06F21/53

CPC classification number: G06F21/53 ,  G06F2221/033

Abstract: It is provided an apparatus comprising interface circuitry, machine-readable instructions, and processing circuitry to execute the machine-readable instructions. The machine-readable instructions comprise instructions to obtain a read request for reading data from an address in volatile memory. The machine-readable instructions further comprise instructions to determine whether the address in volatile memory is associated with a trusted domain. The machine-readable instructions further comprise instructions to set, if the address is associated with a trusted domain and the read request is obtained from outside the trusted domain, an identification tag for the trusted domain. The machine-readable instructions further comprise instructions to return, for the read request and subsequent read requests for one or more addresses associated with the trusted domain, poisoned data if the flag is set for the trusted domain.

公开(公告)号：US20200004953A1

公开(公告)日：2020-01-02

申请号：US16024547

申请日：2018-06-29

Applicant: Intel Corporation

Inventor： Michael LEMAY ,  David M. DURHAM ,  Michael E. KOUNAVIS ,  Barry E. HUNTLEY ,  Vedvyas SHANBHOGUE ,  Jason W. BRANDT ,  Josh TRIPLETT ,  Gilbert NEIGER ,  Karanvir GREWAL ,  Baiju V. PATEL ,  Ye ZHUANG ,  Jr-Shian TSAI ,  Vadim SUKHOMLINOV ,  Ravi SAHITA ,  Mingwei ZHANG ,  James C. FARWELL ,  Amitabh DAS ,  Krishna BHUYAN

IPC: G06F21/53 ,  G06F12/02

Abstract: Disclosed embodiments relate to encoded inline capabilities. In one example, a system includes a trusted execution environment (TEE) to partition an address space within a memory into a plurality of compartments each associated with code to execute a function, the TEE further to assign a message object in a heap to each compartment, receive a request from a first compartment to send a message block to a specified destination compartment, respond to the request by authenticating the request, generating a corresponding encoded capability, conveying the encoded capability to the destination compartment, and scheduling the destination compartment to respond to the request, and subsequently, respond to a check capability request from the destination compartment by checking the encoded capability and, when the check passes, providing a memory address to access the message block, and, otherwise, generating a fault, wherein each compartment is isolated from other compartments.

公开(公告)号：US20230400996A1

公开(公告)日：2023-12-14

申请号：US18334262

申请日：2023-06-13

Applicant: Intel Corporation

Inventor： Sergej DEUTSCH ,  David M. DURHAM ,  Karanvir GREWAL ,  Raghunandan MAKARAM ,  Rajat AGARWAL ,  Christoph DOBRAUNIG ,  Krystian MATUSIEWICZ ,  Santosh GHOSH

IPC: G06F3/06

CPC classification number: G06F3/064 ,  G06F3/0619 ,  G06F3/0679

Abstract: Some aspects of the present disclosure relate to an apparatus comprising interface circuitry and processor circuitry to write data bits to a memory, by applying a diffusion function on the data bits to calculate diffused data bits, calculating error correcting code (ECC) bits based on the data bits or based on the diffused data bits, applying a diffusion function on the ECC bits to calculate diffused ECC bits, storing the diffused ECC bits in an ECC portion of the memory, and storing the data bits or the diffused data bits in a data portion of the memory.

公开(公告)号：US20210117535A1

公开(公告)日：2021-04-22

申请号：US17114246

申请日：2020-12-07

Applicant: INTEL CORPORATION

Inventor： Michael LEMAY ,  David M. DURHAM ,  Michael E. KOUNAVIS ,  Barry E. HUNTLEY ,  Vedvyas SHANBHOGUE ,  Jason W. BRANDT ,  Josh TRIPLETT ,  Gilbert NEIGER ,  Karanvir GREWAL ,  Baiju PATEL ,  Ye ZHUANG ,  Jr-Shian TSAI ,  Vadim SUKHOMLINOV ,  Ravi SAHITA ,  Mingwei ZHANG ,  James C. FARWELL ,  Amitabh DAS ,  Krishna BHUYAN

IPC: G06F21/53 ,  G06F12/02

Abstract: Disclosed embodiments relate to encoded inline capabilities. In one example, a system includes a trusted execution environment (TEE) to partition an address space within a memory into a plurality of compartments each associated with code to execute a function, the TEE further to assign a message object in a heap to each compartment, receive a request from a first compartment to send a message block to a specified destination compartment, respond to the request by authenticating the request, generating a corresponding encoded capability, conveying the encoded capability to the destination compartment, and scheduling the destination compartment to respond to the request, and subsequently, respond to a check capability request from the destination compartment by checking the encoded capability and, when the check passes, providing a memory address to access the message block, and, otherwise, generating a fault, wherein each compartment is isolated from other compartments.