公开(公告)号：US20190306134A1

公开(公告)日：2019-10-03

申请号：US16445019

申请日：2019-06-18

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Siddhartha Chhabra ,  David J. Harriman ,  Raghunandan Makaram ,  Ioannis T. Schoinas

IPC: H04L29/06 ,  G06F21/60 ,  G06F21/64 ,  G06F13/42

Abstract: Methods, systems, and apparatuses associated with a secure stream protocol for a serial interconnect are disclosed. An apparatus comprises a first device comprising circuitry to, using an end-to-end protocol, secure a transaction in a first secure stream based at least in part on a transaction type of the transaction, where the first secure stream is separate from a second secure stream. The first device is further to send the transaction secured in the first secure stream to a second device over a link established between the first device and the second device, where the transaction is to traverse one or more intermediate devices from the first device to the second device. In more specific embodiments, the first secure stream is based on one of a posted transaction type, a non-posted transaction type, or completion transaction type.

公开(公告)号：US10430580B2

公开(公告)日：2019-10-01

申请号：US15016068

申请日：2016-02-04

Applicant: INTEL CORPORATION

Inventor： Vedvyas Shanbhogue ,  Jason W. Brandt ,  Ravi L. Sahita ,  Barry E. Huntley ,  Baiju V. Patel ,  Deepak K. Gupta

IPC: G06F21/52 ,  G06F3/06 ,  G06F12/14

Abstract: A processor implementing techniques for processor extensions to protect stacks during ring transitions is provided. In one embodiment, the processor includes a plurality of registers and a processor core, operatively coupled to the plurality of registers. The plurality of registers is used to store data used in privilege level transitions. Each register of the plurality of registers is associated with a privilege level. An indicator to change a first privilege level of a currently active application to a second privilege level is received. In view of the second privilege level, a shadow stack pointer (SSP) stored in a register of the plurality of registers is selected. The register is associated with the second privilege level. By using the SSP, a shadow stack for use by the processor at the second privilege level is identified.

公开(公告)号：US10324862B2

公开(公告)日：2019-06-18

申请号：US15282300

申请日：2016-09-30

Applicant: Intel Corporation

Inventor： Rebekah M. Leslie-Hurd ,  Francis X. McKeen ,  Carlos V. Rozas ,  Gilbert Neiger ,  Asit K. Mallick ,  Ittai Anati ,  Ilya Alexandrovich ,  Vedvyas Shanbhogue ,  Somnath Chakrabarti

IPC: G06F3/06 ,  G06F12/12 ,  G06F12/0875 ,  G06F9/455

Abstract: Implementations of the disclosure provide for supporting oversubscription of guest enclave memory pages. In one implementation, a processing device comprising a memory controller unit to access a secure enclave and a processor core, operatively coupled to the memory controller unit. The processing device is to identify a target memory page in memory. The target memory page is associated with a secure enclave of a virtual machine (VM). A data structure comprising context information corresponding to the target memory page is received. A state of the target memory page is determined based on the received data structure. The state indicating whether the target memory page is associated with at least one of: a child memory page or a parent memory page of the VM. Thereupon, an instruction to evict the target memory page from the secure enclave is generated based on the determined state.

公开(公告)号：US10296366B2

公开(公告)日：2019-05-21

申请号：US15391576

申请日：2016-12-27

Applicant: Intel Corporation

Inventor： Gilbert Neiger ,  Mayank Bomb ,  Manohar Castelino ,  Robert Chappell ,  David Durham ,  Barry Huntley ,  Anton Ivanov ,  Madhavan Parthasarathy ,  Scott Rodgers ,  Ravi Sahita ,  Vedvyas Shanbhogue

IPC: G06F9/455 ,  G06F9/48 ,  G06F11/07

Abstract: Embodiments of an invention for virtualization exceptions are disclosed. In one embodiment, a processor includes instruction hardware, control logic, and execution hardware. The instruction hardware is to receive a plurality of instructions, including an instruction to enter a virtual machine. The control logic is to determine, in response to a privileged event occurring within the virtual machine, whether to generate a virtualization exception. The execution hardware is to generate a virtualization exception in response to the control logic determining to generate a virtualization exception.

公开(公告)号：US10289554B2

公开(公告)日：2019-05-14

申请号：US15711615

申请日：2017-09-21

Applicant: Intel Corporation

Inventor： Rebekah M. Leslie-Hurd ,  Carlos V. Rozas ,  Francis X. Mckeen ,  Ilya Alexandrovich ,  Vedvyas Shanbhogue ,  Bin Xing ,  Mark W. Shanahan ,  Simon P. Johnson

IPC: G06F12/0844 ,  G06F12/0882 ,  G06F11/07

Abstract: A processor implementing techniques to supporting fault information delivery is disclosed. In one embodiment, the processor includes a memory controller unit to access an enclave page cache (EPC) and a processor core coupled to the memory controller unit. The processor core to detect a fault associated with accessing the EPC and generate an error code associated with the fault. The error code reflects an EPC-related fault cause. The processor core is further to encode the error code into a data structure associated with the processor core. The data structure is for monitoring a hardware state related to the processor core.

公开(公告)号：US10262162B2

公开(公告)日：2019-04-16

申请号：US15635294

申请日：2017-06-28

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Jason W. Brandt ,  Uday Savagaonkar ,  Ravi L. Sahita

IPC: G06F9/30 ,  G06F21/71 ,  G06F9/38 ,  G06F21/52

Abstract: In an embodiment, the present invention includes a processor having an execution logic to execute instructions and a control transfer termination (CTT) logic coupled to the execution logic. This logic is to cause a CTT fault to be raised if a target instruction of a control transfer instruction is not a CTT instruction. Other embodiments are described and claimed.

公开(公告)号：US10255196B2

公开(公告)日：2019-04-09

申请号：US14979038

申请日：2015-12-22

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Christopher Bryant ,  Jeff Wiedemeier

IPC: G06F12/10 ,  G06F12/1045 ,  G06F12/0875 ,  G06F12/1027 ,  G06F12/14

Abstract: An apparatus and method for sub-page extended page table protection. For example, one embodiment of an apparatus comprises: a page miss handler to perform a page walk using a guest physical address (GPA) and to detect whether a page identified with the GPA is mapped with sub-page permissions; a sub-page control storage to store at least one GPA and other data related to a sub-page; the page miss handler to determine whether the GPA is programmed in the sub-page control storage; and the page miss handler to send a translation to a translation lookaside buffer (TLB) with a sub-page protection indication set to cause a matching of the sub-page control storage when an access matches a TLB entry with sub-page protection indication.

公开(公告)号：US20190102323A1

公开(公告)日：2019-04-04

申请号：US15720799

申请日：2017-09-29

Applicant: Intel Corporation

Inventor： David M. Durham ,  Kai Cong ,  Vedvyas Shanbhogue ,  Barry E. Huntley ,  Jason W. Brandt ,  Siddhartha Chhabra ,  Ravi L. Sahita

IPC: G06F12/14 ,  G06F9/455 ,  G06F12/1009

Abstract: An embodiment of a semiconductor package apparatus may include technology to identify a first encrypted memory alias corresponding to a first portion of memory based on a verification indicator, where the first portion is decryptable and readable by both a privileged component and an unprivileged component, and identify a second encrypted memory alias corresponding to a second portion of memory based on the verification indicator, where the second portion is accessible by only the unprivileged component. Other embodiments are disclosed and claimed.

公开(公告)号：US10216648B2

公开(公告)日：2019-02-26

申请号：US15612837

申请日：2017-06-02

Applicant: Intel Corporation

Inventor： Francis X. McKeen ,  Vincent R. Scarlata ,  Carlos V. Rozas ,  Ittai Anati ,  Vedvyas Shanbhogue

IPC: G06F12/14 ,  G06F12/0875 ,  G06F12/0804 ,  G06F9/4401 ,  G06F21/53

Abstract: Embodiments of an invention for maintaining a secure processing environment across power cycles are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction to evict a root version array page entry from a secure cache. The execution unit is to execute the instruction. Execution of the instruction includes generating a blob to contain information to maintain a secure processing environment across a power cycle and storing the blob in a non-volatile memory.

公开(公告)号：US20180173644A1

公开(公告)日：2018-06-21

申请号：US15384267

申请日：2016-12-19

Applicant: Intel Corporation

Inventor： Patrick Koeberl ,  Steffen Schulz ,  Vedvyas Shanbhogue ,  Jason W. Brandt ,  Venkateswara R. Madduri ,  Sang W. Kim ,  Julien Carreno

IPC: G06F12/14 ,  G06F3/06 ,  G06F9/44 ,  G06F21/57

Abstract: Methods and apparatus relating to lightweight trusted tasks are disclosed. In one embodiment, a processor includes a memory interface to a memory to store code, data, and stack segments for a lightweight-trusted task (LTT) mode task and for another task, a LTT control and status register including a lock bit, a processor core to enable LTT-mode, configure the LTT-mode task, and lock down the configuration by writing the lock bit, and a memory protection circuit to: receive a memory access request from the memory interface, the memory access request being associated with the other task, determine whether the memory access request is attempting to access a protected memory region of the LTT-mode task, and protect against the memory access request accessing the protected memory region of the LTT-mode task, regardless of a privilege level of the other task, and regardless of whether the other task is also a LTT-mode task.