公开(公告)号：US20170270058A1

公开(公告)日：2017-09-21

申请号：US15612837

申请日：2017-06-02

Applicant: Intel Corporation

Inventor： Francis X. McKeen ,  Vincent R. Scarlata ,  Carlos V. Rozas ,  Ittai Anati ,  Vedvyas Shanbhogue

IPC: G06F12/14 ,  G06F12/0875

CPC classification number: G06F12/1416 ,  G06F9/4418 ,  G06F12/0804 ,  G06F12/0875 ,  G06F12/1408 ,  G06F12/1441 ,  G06F21/53 ,  G06F2212/1016 ,  G06F2212/1028 ,  G06F2212/1052 ,  G06F2212/152 ,  G06F2212/452 ,  Y02D10/13

Abstract: Embodiments of an invention for maintaining a secure processing environment across power cycles are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction to evict a root version array page entry from a secure cache. The execution unit is to execute the instruction. Execution of the instruction includes generating a blob to contain information to maintain a secure processing environment across a power cycle and storing the blob in a non-volatile memory.

公开(公告)号：US09703703B2

公开(公告)日：2017-07-11

申请号：US14581730

申请日：2014-12-23

Applicant: INTEL CORPORATION

Inventor： Michael LeMay ,  Ravi L. Sahita ,  Barry E. Huntley ,  David M. Durham ,  Vedvyas Shanbhogue

IPC: G06F12/00 ,  G06F13/00 ,  G06F12/08 ,  G06F9/455

CPC classification number: G06F12/08 ,  G06F9/45558 ,  G06F12/1009 ,  G06F12/1491 ,  G06F21/79 ,  G06F2009/45583 ,  G06F2009/45591 ,  G06F2212/151 ,  G06F2212/657

Abstract: Generally, this disclosure provides systems, devices, methods and computer readable media for controlled memory view switching. The system may include a memory module comprising a shared address space between a first memory view and a second memory view. The system may also include a virtual machine monitor (VMM) to maintain a list of Controlled View Switch (CVS) descriptors. The system may further include a processor to receive a memory view switch request and to execute an instruction to save processor state information and switch from the first memory view to the second memory view, wherein the second memory view is specified by an extended page table pointer (EPTP) provided by one of the CVS descriptors.

公开(公告)号：US09665724B2

公开(公告)日：2017-05-30

申请号：US14919350

申请日：2015-10-21

Applicant: Intel Corporation

Inventor： Francis X. McKeen ,  Michael A. Goldsmith ,  Barrey E. Huntley ,  Simon P. Johnson ,  Rebekah M. Leslie-Hurd ,  Carlos V. Rozas ,  Uday R. Savagaonkar ,  Vincent R. Scarlata ,  Vedvyas Shanbhogue ,  Wesley H. Smith ,  Gilbert Neiger

IPC: G06F12/00 ,  G06F21/60 ,  G06F12/0875 ,  G06F12/14 ,  G06F21/72

CPC classification number: G06F21/60 ,  G06F12/0875 ,  G06F12/14 ,  G06F12/145 ,  G06F21/72 ,  G06F2212/1052 ,  G06F2212/152 ,  G06F2212/452

Abstract: Embodiments of an invention for logging in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction having an associated enclave page cache address. The execution unit is to execute the instruction without causing a virtual machine exit, wherein execution of the instruction includes logging the instruction and the associated enclave page cache address.

公开(公告)号：US20170024317A1

公开(公告)日：2017-01-26

申请号：US15091926

申请日：2016-04-06

Applicant: Intel Corporation

Inventor： Francis X. Mckeen ,  Michael A. Goldsmith ,  Barry E. Huntley ,  Simon P. Johnson ,  Rebekah Leslie-Hurd ,  Carlos V. Rozas ,  Uday R. Savagaonkar ,  Vincent R. Scarlata ,  Vedvyas Shanbhogue ,  Wesley H. Smith ,  Ittai Anati ,  Ilya Alexandrovich ,  Alex Berenzon ,  Gilbert Neiger

IPC: G06F12/0804 ,  G06F12/14 ,  G06F12/0875

CPC classification number: G06F12/0804 ,  G06F9/30047 ,  G06F12/0875 ,  G06F12/1408 ,  G06F2212/1052 ,  G06F2212/402

Abstract: Embodiments of an invention for paging in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction. The execution unit is to execute the first instruction, wherein execution of the first instruction includes evicting a first page from an enclave page cache.

Abstract translation: 公开了用于在安全飞行器中寻呼的发明的实施例。 在一个实施例中，处理器包括指令单元和执行单元。 指令单元接收第一条指令。 执行单元执行第一指令，其中第一指令的执行包括从飞地页面缓存中逐出第一页。

公开(公告)号：US20160364338A1

公开(公告)日：2016-12-15

申请号：US14738037

申请日：2015-06-12

Applicant: INTEL CORPORATION

Inventor： Krystof C. Zmudzinski ,  Siddhartha Chhabra ,  Uday R. Savagaonkar ,  Simon P. Johnson ,  Rebekah M. Leslie-Hurd ,  Francis X. McKeen ,  Gilbert Neiger ,  Raghunandan Makaram ,  Carlos V. Rozas ,  Amy L. Santoni ,  Vincent R. Scarlata ,  Vedvyas Shanbhogue ,  Ilya Alexandrovich ,  Ittai Anati ,  Wesley H. Smith ,  Michael Goldsmith

IPC: G06F12/10

CPC classification number: G06F12/1009 ,  G06F9/455 ,  G06F9/45558 ,  G06F12/1027 ,  G06F12/1036 ,  G06F12/1045 ,  G06F12/109 ,  G06F12/1441 ,  G06F2009/45583 ,  G06F2212/1016 ,  G06F2212/1052 ,  G06F2212/151 ,  G06F2212/657 ,  G06F2212/684

Abstract: A processor for supporting secure memory intent is disclosed. The processor of the disclosure includes a memory execution unit to access memory and a processor core coupled to the memory execution unit. The processor core is to receive a request to access a convertible page of the memory. In response to the request, the processor core to determine an intent for the convertible page in view of a page table entry (PTE) corresponding to the convertible page. The intent indicates whether the convertible page is to be accessed as at least one of a secure page or a non-secure page.

Abstract translation: 公开了一种用于支持安全存储器意图的处理器。 本公开的处理器包括存储器存储器执行单元和耦合到存储器执行单元的处理器核心。 处理器核心是接收访问存储器可转换页面的请求。 响应于该请求，处理器核心鉴于对应于可转换页面的页表项目（PTE）来确定可转换页面的意图。 意图表示可转换页面是作为安全页面还是非安全页面中的至少一个访问。

公开(公告)号：US09519773B2

公开(公告)日：2016-12-13

申请号：US14484751

申请日：2014-09-12

Applicant: Intel Corporation

Inventor： Baiju Patel ,  Vedvyas Shanbhogue ,  Ravi Sahita

IPC: H04K1/00 ,  G06F21/52 ,  G06F21/74 ,  G06F9/30

CPC classification number: G06F21/52 ,  G06F9/30003 ,  G06F9/30054 ,  G06F9/3836 ,  G06F21/74 ,  G06F2221/033

Abstract: In an embodiment, the present invention includes a processor having a decode unit and an execution unit. The decode unit is to decode control transfer instructions and the execution unit is to execute control transfer instructions, the control transfer instructions including a call instruction and a return instruction. The processor is to operate in a first mode in which the processor is to raise a fault if a next instruction to be executed immediately after the return instruction is not the call instruction.

Abstract translation: 在一个实施例中，本发明包括具有解码单元和执行单元的处理器。 解码单元用于解码控制传输指令，并且执行单元执行控制传输指令，控制传输指令包括呼叫指令和返回指令。 处理器将在第一模式下操作，其中如果在返回指令之后立即执行的下一个指令不是调用指令，则处理器将引起故障。

公开(公告)号：US09355262B2

公开(公告)日：2016-05-31

申请号：US14141941

申请日：2013-12-27

Applicant: Intel Corporation

Inventor： Rebekah Leslie-Hurd ,  Ilya Alexandrovich ,  Ittai Anati ,  Alex Berenzon ,  Michael Goldsmith ,  Simon Johnson ,  Francis McKeen ,  Carlos Rozas ,  Uday Savagaonkar ,  Vincent Scarlata ,  Vedvyas Shanbhogue ,  Wesley Smith

IPC: G06F21/60 ,  G06F12/08 ,  G06F12/14 ,  G06F9/30 ,  G06F21/72

CPC classification number: G06F21/604 ,  G06F9/3004 ,  G06F12/0875 ,  G06F12/145 ,  G06F12/1466 ,  G06F12/1491 ,  G06F21/72

Abstract: Embodiments of an invention for modifying memory permissions in a secure processing environment are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction to modify access permissions for a page in a secure enclave. The execution unit is to execute the instruction. Execution of the instruction includes setting new access permissions in an enclave page cache map entry. Furthermore, the page is immediately accessible from inside the secure enclave according to the new access permissions.

Abstract translation: 公开了用于在安全处理环境中修改存储器许可的发明的实施例。 在一个实施例中，处理器包括指令单元和执行单元。 指令单元将接收修改安全飞地中页面访问权限的指令。 执行单元执行指令。 执行该指令包括在飞地页面缓存映射条目中设置新的访问权限。 此外，根据新的访问权限，该页面可以从安全飞地内部立即访问。

公开(公告)号：US09335943B2

公开(公告)日：2016-05-10

申请号：US14320334

申请日：2014-06-30

Applicant: Intel Corporation

Inventor： Ravi L. Sahita ,  Vedvyas Shanbhogue ,  Gilbert Neiger ,  Jonathan Edwards ,  Ido Ouziel ,  Barry E. Huntley ,  Stanislav Shwartsman ,  David M. Durham ,  Andrew V. Anderson ,  Michael Lemay

IPC: G06F21/00 ,  G06F3/06 ,  G06F12/10 ,  G06F9/455

CPC classification number: G06F9/45558 ,  G06F9/3004 ,  G06F9/30076 ,  G06F12/1009 ,  G06F2009/45583 ,  G06F2212/657

Abstract: An apparatus and method for fine grain memory protection. For example, one embodiment of a method comprises: performing a first lookup operation using a virtual address to identify a physical address of a memory page, the memory page comprising a plurality of sub-pages; determining whether sub-page permissions are enabled for the memory page; if sub-page permissions are enabled, then performing a second lookup operation to determine permissions associated with one or more of the sub-pages of the memory page; and implementing the permissions associated with the one or more sub-pages.

Abstract translation: 一种细粒度记忆保护装置和方法。 例如，方法的一个实施例包括：使用虚拟地址执行第一查找操作以识别存储器页面的物理地址，所述存储器页面包括多个子页面; 确定是否为所述存储器页启用子页面许可; 如果启用子页面许可，则执行第二查找操作以确定与存储器页面的一个或多个子页面相关联的许可; 以及实现与一个或多个子页面相关联的许可。

公开(公告)号：US08806104B2

公开(公告)日：2014-08-12

申请号：US13626441

申请日：2012-09-25

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Stephan J. Robinson

IPC: G06F9/48 ,  G06F9/455 ,  G06F12/14 ,  G06F13/24 ,  G06F9/30

CPC classification number: G06F13/24 ,  G06F9/30101 ,  G06F9/45533 ,  G06F12/10 ,  G06F12/1027 ,  G06F12/1441 ,  G06F12/145 ,  G06F2212/1016 ,  G06F2212/152 ,  G06F2212/206

Abstract: In one embodiment, a processor includes an access logic to determine whether an access request from a virtual machine is to a device access page associated with a device of the processor and if so, to re-map the access request to a virtual device page in a system memory associated with the VM, based at least in part on information stored in a control register of the processor. Other embodiments are described and claimed.

Abstract translation: 在一个实施例中，处理器包括访问逻辑以确定来自虚拟机的访问请求是否是与处理器的设备相关联的设备访问页面，并且如果是，则将访问请求重新映射到虚拟设备页面 至少部分地基于存储在处理器的控制寄存器中的信息，与VM相关联的系统存储器。 描述和要求保护其他实施例。

公开(公告)号：US12248807B2

公开(公告)日：2025-03-11

申请号：US17134339

申请日：2020-12-26

Applicant: INTEL CORPORATION

Inventor： Ravi Sahita ,  Dror Caspi ,  Vincent Scarlata ,  Sharon Yaniv ,  Baruch Chaikin ,  Vedvyas Shanbhogue ,  Jun Nakajima ,  Arumugam Thiyagarajah ,  Sean Christopherson ,  Haidong Xia ,  Vinay Awasthi ,  Isaku Yamahata ,  Wei Wang ,  Thomas Adelmeyer

IPC: G06F9/48 ,  G06F9/38 ,  G06F9/455 ,  G06F21/60

Abstract: Techniques for migration of a source protected virtual machine from a source platform to a destination platform are descried. A method of an aspect includes enforcing that bundles of state, of a first protected virtual machine (VM), received at a second platform over a stream, during an in-order phase of a migration of the first protected VM from a first platform to the second platform, are imported to a second protected VM of the second platform, in a same order that they were exported from the first protected VM. Receiving a marker over the stream marking an end of the in-order phase. Determining that all bundles of state exported from the first protected VM prior to export of the marker have been imported to the second protected VM. Starting an out-of-order phase of the migration based on the determination that said all bundles of the state exported have been imported.