公开(公告)号：US12261941B2

公开(公告)日：2025-03-25

申请号：US18040245

申请日：2021-08-27

Applicant: Intel Corporation

Inventor： Jason W. Brandt ,  Steven L. Grobman ,  Vedvyas Shanbhogue

IPC: H04L9/08 ,  H04L9/32

Abstract: System, method, and apparatus embodiments for creating, using, and managing protected cryptography keys are described. In an embodiment, an apparatus includes a decoder, an execution unit, and a cache. The decoder is to decode a single instruction into a decoded single instruction, the single instruction having a first source operand to specify encrypted data and a second source operand to specify a handle including a first including ciphertext of an encryption key, an integrity tag, and additional authentication data. The execution unit is to execute the decoded single instruction to perform a first check of the integrity tag against the ciphertext and the additional authentication data for any modification to the ciphertext or the additional authentication data, perform a second check of a current request against one or more restrictions specified by the additional authentication data of the handle, decrypt the ciphertext to generate an encryption key only when the first check indicates no modification to the ciphertext or the additional authentication data and the second check indicates the one or more restrictions are not violated, decrypt the encrypted data with the encryption key to generate unencrypted data, and provide the unencrypted data as a result of the single instruction. The cache is to store the handle, wherein only a portion of the integrity tag is to be used in a lookup of the handle.

公开(公告)号：US20250053641A1

公开(公告)日：2025-02-13

申请号：US18904854

申请日：2024-10-02

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Jason W. Brandt ,  Ravi L. Sahita ,  Barry E. Huntley ,  Baiju V. Patel ,  Deepak K. Gupta

IPC: G06F21/52 ,  G06F3/06 ,  G06F9/30 ,  G06F9/46 ,  G06F12/14

Abstract: A processor implementing techniques for processor extensions to protect stacks during ring transitions is provided. In one embodiment, the processor includes a plurality of registers and a processor core, operatively coupled to the plurality of registers. The plurality of registers is used to store data used in privilege level transitions. Each register of the plurality of registers is associated with a privilege level. An indicator to change a first privilege level of a currently active application to a second privilege level is received. In view of the second privilege level, a shadow stack pointer (SSP) stored in a register of the plurality of registers is selected. The register is associated with the second privilege level. By using the SSP, a shadow stack for use by the processor at the second privilege level is identified.

公开(公告)号：US12182018B2

公开(公告)日：2024-12-31

申请号：US17133615

申请日：2020-12-23

Applicant: Intel Corporation

Inventor： Jayesh Gaur ,  Adarsh Chauhan ,  Vinodh Gopal ,  Vedvyas Shanbhogue ,  Sreenivas Subramoney ,  Wajdi Feghali

IPC: G06F12/0811 ,  G06F9/38 ,  G06F12/0862 ,  G06F12/0895

Abstract: Methods and apparatus relating to an instruction and/or micro-architecture support for decompression on core are described. In an embodiment, decode circuitry decodes a decompression instruction into a first micro operation and a second micro operation. The first micro operation causes one or more load operations to fetch data into one or more cachelines of a cache of a processor core. Decompression Engine (DE) circuitry decompresses the fetched data from the one or more cachelines of the cache of the processor core in response to the second micro operation. Other embodiments are also disclosed and claimed.

公开(公告)号：US12130738B2

公开(公告)日：2024-10-29

申请号：US17130632

申请日：2020-12-22

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Jayesh Gaur ,  Wajdi K. Feghali ,  Vinodh Gopal ,  Utkarsh Kakaiya

IPC: G06F12/0802 ,  H03M7/30

CPC classification number: G06F12/0802 ,  H03M7/60 ,  G06F2212/401 ,  G06F2212/60

Abstract: An embodiment of an integrated circuit may comprise, coupled to a core, a hardware decompression accelerator, a compressed cache, a processor and communicatively coupled to the hardware decompression accelerator and the compressed cache, and memory and communicatively coupled to the processor, wherein the memory stores microcode instructions which when executed by the processor causes the processor to store a first address to a decompression work descriptor, retrieve a second address where a compressed page is stored in the compressed cache from the decompression work descriptor at the first address in response to an indication of a page fault, and send instructions to the hardware decompression accelerator to decompress the compressed page at the second address. Other embodiments are disclosed and claimed.

公开(公告)号：US20240320322A1

公开(公告)日：2024-09-26

申请号：US18575836

申请日：2021-12-20

Applicant: Intel Corporation

Inventor： Jiewen Yao ,  Vedvyas Shanbhogue ,  Ravi Sahita

IPC: G06F21/53 ,  G06F21/64

CPC classification number: G06F21/53 ,  G06F21/64

Abstract: Systems, methods, and apparatuses for implementing a trusted execution environment security manager are described. In one example, hardware processor includes a hardware processor core comprising a trust domain manager to manage one or more hardware isolated virtual machines as a respective trust domain, a coupling between the hardware processor core and an input/output device, and a secure startup service circuit separate from the trust domain manager to, in response to a request from the trust domain manager, generate a secure communication session between the trust domain manager and the input/output device.

公开(公告)号：US12086653B2

公开(公告)日：2024-09-10

申请号：US17134065

申请日：2020-12-24

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Jeff A. Huxel ,  Jeffrey G. Wiedemeier ,  James D. Allen ,  Arvind Raman ,  Krishnakumar Ganapathy

IPC: G06F9/30 ,  G06F9/38 ,  G06F9/52 ,  G06F11/07 ,  G06F11/16 ,  G06F9/455

CPC classification number: G06F9/52 ,  G06F9/30101 ,  G06F9/3885 ,  G06F11/0724 ,  G06F11/0751 ,  G06F11/0772 ,  G06F11/1629 ,  G06F11/1683 ,  G06F9/45558

Abstract: A processor is described. The processor includes model specific register space that is visible to software above a BIOS level. The model specific register space is to specify a granularity of a processing entity of a lock-step group. The processor also includes logic circuitry to support dynamic entry/exit of the lock-step group's processing entities to/from lock-step mode including: i) termination of lock-step execution by the processing entities before the program code to be executed in lock-step is fully executed; and, ii) as part of the exit from the lock-step mode, restoration of a state of a shadow processing entity of the processing entities as the state existed before the shadow processing entity entered the lock-step mode and began lock-step execution of the program code.

公开(公告)号：US12086424B2

公开(公告)日：2024-09-10

申请号：US17349509

申请日：2021-06-16

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Siddhartha Chhabra

IPC: G06F3/06 ,  G06F9/455 ,  G06F9/50 ,  H04L9/08

CPC classification number: G06F3/0622 ,  G06F3/0631 ,  G06F3/0679 ,  G06F9/45558 ,  G06F9/5016 ,  H04L9/088

Abstract: Securing communications over a compute express link (CXL) is performed by receiving allocation of memory in a memory device and a key identifier (ID) to a trusted execution environment virtual machine (TEE VM); configuring a random key for the key ID by sending a random key configuration request to instruct a device security manager (DSM) of the memory device to configure a memory encryption engine (MEE) of the memory device with the random key and the memory allocation; initializing the allocated memory using the random key; and enabling secure access by the TEE VM to the allocated memory over the CXL by encrypting data transfers from the TEE VM to the memory device using the random key or decrypting data transfers from the memory device to the TEE VM using the random key.

公开(公告)号：US12032485B2

公开(公告)日：2024-07-09

申请号：US17133570

申请日：2020-12-23

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Gilbert Neiger ,  Stephen Robinson ,  Dan Baum ,  Ron Gabor

IPC: G06F12/10 ,  G06F11/07 ,  G06F12/1027

CPC classification number: G06F12/1027 ,  G06F11/073 ,  G06F2212/657 ,  G06F2212/683

Abstract: Techniques to allow use of metadata in unused bits of virtual addresses are described. A processor of an aspect includes a decode circuit to decode a memory access instruction. The instruction to indicate one or more memory address operands that are to have address generation information and metadata. An execution circuit coupled with the decode circuit to generate a 64-bit virtual address based on the one or more memory address operands. The 64-bit virtual address having a bit 63, an X-bit address field starting at a bit 0 to store an address generated from the address generation information, and one or more metadata bits to store the metadata. The execution circuit also to perform a canonicality check on the 64-bit virtual address that does not fail due to non-canonical values of the metadata stored in the one or more metadata bits. Other processors, methods, systems, and instructions are disclosed.

公开(公告)号：US12028094B2

公开(公告)日：2024-07-02

申请号：US17133622

申请日：2020-12-23

Applicant: Intel Corporation

Inventor： Jayesh Gaur ,  Adarsh Chauhan ,  Vinodh Gopal ,  Vedvyas Shanbhogue ,  Sreenivas Subramoney ,  Wajdi Feghali

IPC: H03M7/00 ,  G06F9/38 ,  G06F9/54 ,  H03M7/30

CPC classification number: H03M7/6029 ,  G06F9/3877 ,  G06F9/541

Abstract: Methods and apparatus relating to an Application Programming Interface (API) for fine grained low latency decompression within a processor core are described. In an embodiment, a decompression Application Programming Interface (API) receives an input handle to a data object. The data object includes compressed data and metadata. Decompression Engine (DE) circuitry decompresses the compressed data to generate uncompressed data. The DE circuitry decompress the compressed data in response to invocation of a decompression instruction by the decompression API. The metadata comprises a first operand to indicate a location of the compressed data, a second operand to indicate a size of the compressed data, a third operand to indicate a location to which decompressed data by the DE circuitry is to be stored, and a fourth operand to indicate a size of the decompressed data. Other embodiments are also disclosed and claimed.

公开(公告)号：US12013954B2

公开(公告)日：2024-06-18

申请号：US17710723

申请日：2022-03-31

Applicant: Intel Corporation

Inventor： Ravi Sahita ,  Dror Caspi ,  Vedvyas Shanbhogue ,  Vincent Scarlata ,  Anjo Lucas Vahldiek-Oberwagner ,  Haidong Xia ,  Mona Vij

IPC: G06F21/60 ,  G06F9/455 ,  G06F21/53 ,  G06F21/54

CPC classification number: G06F21/602 ,  G06F9/45558 ,  G06F21/53 ,  G06F21/54 ,  G06F2009/4557 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: Scalable cloning and replication for trusted execution environments is described. An example of a computer-readable storage medium includes instructions for receiving a selection of a point to capture a snapshot of a baseline trust domain (TD) or secure enclave, the TD or secure enclave being associated with a trusted execution environment (TEE) of a processor utilized for processing of a workload; initiating cloning of the TD or secure enclave from a source platform to an escrow platform; generating an escrow key to export the snapshot to the escrow platform; and exporting a state of the TD or secure enclave to the escrow platform, the state being sealed with a sealing key.