公开(公告)号：US20250005137A1

公开(公告)日：2025-01-02

申请号：US18346220

申请日：2023-07-01

Applicant: Intel Corporation

Inventor： David M. Durham

IPC: G06F21/54 ,  G06F21/55

Abstract: Techniques for instruction tagging for intra-object memory tagging are described. In an embodiment, an apparatus includes an instruction decoder to decode a first instruction having an instruction tag value; and execution circuitry coupled to the instruction decoder, the execution circuitry to perform one or more operations corresponding to the first instruction, including generating a first data tag value based on the instruction tag value and a relative enumeration in a pointer to data.

公开(公告)号：US20240333501A1

公开(公告)日：2024-10-03

申请号：US18194553

申请日：2023-03-31

Applicant: Intel Corporation

Inventor： David M. Durham ,  Michael LeMay ,  Salmin Sultana ,  Karanvir S. Grewal ,  Sergej Deutsch

IPC: H04L9/14 ,  G06F21/60 ,  G06F21/62 ,  G06F21/78

CPC classification number: H04L9/14 ,  G06F21/602 ,  G06F21/6209 ,  G06F21/6218 ,  G06F21/78

Abstract: In a technique of hardware thread isolation, a processor comprises a first core including a first hardware thread register. The core is to select a first key identifier stored in the first hardware thread register in response to receiving a first memory access request associated with a first hardware thread of a process. Memory controller circuitry coupled to the first core is to obtain a first encryption key associated with the first key identifier. The first key identifier may be selected from the first hardware thread register based, at least in part, on a first portion of a pointer of the first memory access request. The first key identifier selected from the first hardware thread register is to be appended to a physical address translated from a linear address at least partially included in the pointer.

公开(公告)号：US20240311234A1

公开(公告)日：2024-09-19

申请号：US18676811

申请日：2024-05-29

Applicant: Intel Corporation

Inventor： David M. Durham ,  Sergej Deutsch ,  Karanvir Grewal

IPC: G06F11/10 ,  H04L9/08

CPC classification number: G06F11/1044 ,  H04L9/0816

Abstract: The technology disclosed herein includes a memory to store a plurality of pages, a page of the plurality of pages configured as one of a trusted execution environment (TEE) configuration and a non-TEE configuration, and a memory controller to attempt to access the page using a memory address and the TEE configuration and generate a first error correcting code (ECC); and when data for the first ECC is at least one of correct and correctable by ECC for the attempt to access the page using the TEE configuration, attempt to access the page using the memory address and the non-TEE configuration and generate a second ECC, and when data the second ECC is at least one of correct and correctable by ECC for the attempt to access the page using the non-TEE configuration, store the memory address as an unknown cacheline address.

公开(公告)号：US12019562B2

公开(公告)日：2024-06-25

申请号：US17481405

申请日：2021-09-22

Applicant: Intel Corporation

Inventor： Michael D. LeMay ,  David M. Durham ,  Anjo Lucas Vahldiek-Oberwagner ,  Anna Trikalinou

IPC: G06F12/14 ,  G06F12/1027

CPC classification number: G06F12/1408 ,  G06F12/1027 ,  G06F12/1441 ,  G06F12/1466

Abstract: An apparatus comprising a processor unit comprising circuitry to generate, for a first network host, a request for an object of a second network host, wherein the request comprises an address comprising a routable host ID of the second network host and an at least partially encrypted object ID, wherein the address uniquely identifies the object within a distributed computing domain; and a memory element to store at least a portion of the object.

公开(公告)号：US11972126B2

公开(公告)日：2024-04-30

申请号：US17472272

申请日：2021-09-10

Applicant: Intel Corporation

Inventor： David M. Durham ,  Michael D. LeMay ,  Sergej Deutsch ,  Joydeep Rakshit ,  Anant Vithal Nori ,  Jayesh Gaur ,  Sreenivas Subramoney

IPC: G06F3/06 ,  G06F12/02 ,  G06F12/1027

CPC classification number: G06F3/0631 ,  G06F3/0604 ,  G06F3/0659 ,  G06F3/0679 ,  G06F12/0238 ,  G06F12/1027

Abstract: Technologies disclosed herein provide one example of a system that includes processor circuitry to be communicatively coupled to a memory circuitry. The processor circuitry is to receive a memory access request corresponding to an application for access to an address range in a memory allocation of the memory circuitry and to locate a metadata region within the memory allocation. The processor circuitry is also to, in response to a determination that the address range includes at least a portion of the metadata region, obtain first metadata stored in the metadata region, use the first metadata to determine an alternate memory address in a relocation region, and read, at the alternate memory address, displaced data from the portion of the metadata region included in the address range of the memory allocation. The address range includes one or more bytes of an expected allocation region of the memory allocation.

公开(公告)号：US20240104027A1

公开(公告)日：2024-03-28

申请号：US17953186

申请日：2022-09-26

Applicant: Intel Corporation

Inventor： Santosh Ghosh ,  Christoph Dobraunig ,  Michael LeMay ,  David M. Durham

IPC: G06F12/14

CPC classification number: G06F12/1408 ,  G06F12/1441 ,  G06F12/1466

Abstract: In one embodiment, a processor includes a cache and a core. The core includes an execution unit and cryptographic computing circuitry to encrypt plaintext data output by the execution unit and store the encrypted data in the cache and decrypt encrypted data accessed from the cache and provide the decrypted data to the execution unit for processing. The encryption and decryption are based on both a stream cipher and a block cipher. In some embodiments, the encryption is based on providing an output of the stream cipher to the block cipher and the decryption is based on providing an output of the block cipher to the stream cipher.

公开(公告)号：US11868273B2

公开(公告)日：2024-01-09

申请号：US16458007

申请日：2019-06-29

Applicant: Intel Corporation

Inventor： David M. Durham

IPC: G06F12/14 ,  G06F12/10 ,  G06F12/1009 ,  G06F12/1027

CPC classification number: G06F12/1408 ,  G06F12/1009 ,  G06F12/1425 ,  G06F12/1027

Abstract: Embodiments are directed to memory protection with hidden inline metadata to indicate data type and capabilities. An embodiment of a processor includes a processor core and cache memory. The processor core is to implant hidden inline metadata in one or more cachelines for the cache memory, the hidden inline metadata hidden at a linear address level, hidden from software, the hidden inline metadata to indicate data type or capabilities for the associated data stored on the same cacheline.

公开(公告)号：US20230402077A1

公开(公告)日：2023-12-14

申请号：US18145095

申请日：2022-12-22

Applicant: Intel Corporation

Inventor： Sergej Deutsch ,  Christoph Dobraunig ,  Rajat Agarwal ,  David M. Durham ,  Santosh Ghosh ,  Karanvir Grewal ,  Krystian Matusiewicz

IPC: G06F11/10

CPC classification number: G06F11/1044

Abstract: The technology described herein includes a first plurality of bijection diffusion function circuits to diffuse data bits into diffused data bits and store the diffused data bits into a memory; an error correcting code (ECC) generation circuit to generate ECC bits for the data bits; and a second plurality of bijection diffusion function circuits to diffuse the ECC bits into diffused ECC bits and store the diffused ECC bits into the memory.

公开(公告)号：US11836094B2

公开(公告)日：2023-12-05

申请号：US17699593

申请日：2022-03-21

Applicant: Intel Corporation

Inventor： David M. Durham ,  Anna Trikalinou ,  Michael LeMay

IPC: G06F12/00 ,  G06F12/14 ,  G06F12/02 ,  G06F12/1009

CPC classification number: G06F12/1408 ,  G06F12/0238 ,  G06F12/1009 ,  G06F12/1441

Abstract: A method comprises identifying a first page in a computer readable memory communicatively coupled to the apparatus that has been marked as being stored in memory as plaintext even if accessed using cryptographic addresses, the first page in the computer readable memory comprising at least one encrypted data object, and set a page table entry bit for the first page to a first value which indicates that at least one memory allocation in the first page has been marked as being stored in memory as plaintext even if accessed using cryptographic addresses.

公开(公告)号：US11829299B2

公开(公告)日：2023-11-28

申请号：US17819418

申请日：2022-08-12

Applicant: Intel Corporation

Inventor： David M. Durham ,  Michael LeMay ,  Men Long

IPC: G06F12/00 ,  G06F12/1027 ,  G06F12/14 ,  G06F9/30 ,  G06F12/1045 ,  G06F12/1081

CPC classification number: G06F12/1027 ,  G06F9/3005 ,  G06F12/1408 ,  G06F12/1475 ,  G06F12/1045 ,  G06F12/1081 ,  G06F2212/402 ,  G06F2212/50 ,  G06F2212/65 ,  G06F2212/652 ,  G06F2212/657 ,  Y02D10/00

Abstract: Technologies for execute only transactional memory include a computing device with a processor and a memory. The processor includes an instruction translation lookaside buffer (iTLB) and a data translation lookaside buffer (dTLB). In response to a page miss, the processor determines whether a page physical address is within an execute only transactional (XOT) range of the memory. If within the XOT range, the processor may populate the iTLB with the page physical address and prevent the dTLB from being populated with the page physical address. In response to an asynchronous change of control flow such as an interrupt, the processor determines whether a last iTLB translation is within the XOT range. If within the XOT range, the processor clears or otherwise secures the processor register state. The processor ensures that an XOT range starts execution at an authorized entry point. Other embodiments are described and claimed.