-
公开(公告)号:US20190102577A1
公开(公告)日:2019-04-04
申请号:US15720360
申请日:2017-09-29
Applicant: Intel Corporation
Inventor: Shay Gueron , Siddhartha Chhabra , Nadav Bonen
Abstract: System and techniques for multi-tenant cryptographic memory isolation are described herein. A multiple key total memory encryption (MKTME) circuitry may receive a read request for encrypted memory. Here, the read request may include an encrypted memory address that itself includes a sequence of keyid bits and physical address bits. The MKTME circuitry may retrieve a keyid-nonce from a key table using the keyid bits. The MKTME circuitry may construct a tweak from the keyid-nonce, the keyid bits, and the physical address bits. The MKTME circuitry may then decrypt data specified by the read request using the tweak and a common key.
-
公开(公告)号:US20190102323A1
公开(公告)日:2019-04-04
申请号:US15720799
申请日:2017-09-29
Applicant: Intel Corporation
Inventor: David M. Durham , Kai Cong , Vedvyas Shanbhogue , Barry E. Huntley , Jason W. Brandt , Siddhartha Chhabra , Ravi L. Sahita
IPC: G06F12/14 , G06F9/455 , G06F12/1009
Abstract: An embodiment of a semiconductor package apparatus may include technology to identify a first encrypted memory alias corresponding to a first portion of memory based on a verification indicator, where the first portion is decryptable and readable by both a privileged component and an unprivileged component, and identify a second encrypted memory alias corresponding to a second portion of memory based on the verification indicator, where the second portion is accessible by only the unprivileged component. Other embodiments are disclosed and claimed.
-
公开(公告)号:US20190095351A1
公开(公告)日:2019-03-28
申请号:US15714323
申请日:2017-09-25
Applicant: Intel Corporation
Inventor: Siddhartha Chhabra , Reouven Elbaz , Krishnakumar Narasimhan , Prashant Dewan , David M. Durham
Abstract: Technologies for secure memory usage include a computing device having a processor that includes a memory encryption engine and a memory device coupled to the processor. The processor supports multiple processor usages, such as secure enclaves, system management firmware, and a virtual machine monitor. The memory encryption engine is configured to protect a memory region stored in the memory device for a processor usage. The memory encryption engine restricts access to one or more configuration registers to a trusted code base of the processor usage. The processor executes the processor usage and the memory encryption engine protects contents of the memory region during execution. The memory encryption engine may access integrity metadata based on the address of the protected memory region. The memory encryption engine may prepare top-level counter metadata for entering a low-power state. Other embodiments are described and claimed.
-
公开(公告)号:US20190087575A1
公开(公告)日:2019-03-21
申请号:US15705562
申请日:2017-09-15
Applicant: Intel Corporation
Inventor: Ravi L. Sahita , Baiju V. Patel , Barry E. Huntley , Gilbert Neiger , Hormuzd M. Khosravi , Ido Ouziel , David M. Durham , Ioannis T. Schoinas , Siddhartha Chhabra , Carlos V. Rozas , Gideon Gerzon
Abstract: Implementations describe providing isolation in virtualized systems using trust domains. In one implementation, a processing device includes a memory ownership table (MOT) that is access-controlled against software access. The processing device further includes a processing core to execute a trust domain resource manager (TDRM) to manage a trust domain (TD), maintain a trust domain control structure (TDCS) for managing global metadata for each TD, maintain an execution state of the TD in at least one trust domain thread control structure (TD-TCS) that is access-controlled against software accesses, and reference the MOT to obtain at least one key identifier (key ID) corresponding to an encryption key assigned to the TD, the key ID to allow the processing device to decrypt memory pages assigned to the TD responsive to the processing device executing in the context of the TD, the memory pages assigned to the TD encrypted with the encryption key.
-
公开(公告)号:US10230528B2
公开(公告)日:2019-03-12
申请号:US14703420
申请日:2015-05-04
Applicant: Intel Corporation
Inventor: Binata Bhattacharyya , Amy L. Santoni , Raghunandan Makaram , Francis X. McKeen , Simon P. Johnson , George Z. Chrysos , Siddhartha Chhabra
Abstract: Systems and methods for memory protection for implementing trusted execution environment. An example processing system comprises: an on-package memory; a memory encryption engine (MEE) comprising a MEE cache, the MEE to: responsive to failing to locate, within the MEE cache, an encryption metadata associated with a data item loaded from an external memory, retrieve at least part of the encryption metadata from the OPM, and validate the data item using the encryption metadata.
-
Patent Agency Ranking
166.发明申请公开(公告)号:US20190042402A1
公开(公告)日:2019-02-07
申请号:US15939871
申请日:2018-03-29
Applicant: Intel Corporation
Inventor: Siddhartha Chhabra , David M. Durham
CPC classification number: G06F12/0215 , G06F9/45558 , G06F12/0207 , G06F12/1036 , G06F12/1408 , G06F12/1475 , G06F2009/45587 , G06F2212/651 , G06F2212/68 , H04L9/088 , H04L9/0894 , H04L9/14
Abstract: In one embodiment, an apparatus includes a page miss handler to receive a full address including a linear address portion having a linear address and a key identifier portion having a key identifier for a key. The page miss handler may insert an entry including this key identifier in a translation storage. The apparatus further may include a remapping table having a plurality of entries each to store information regarding a key identifier. Other embodiments are described and claimed.
-
公开(公告)号:US20190004974A1
公开(公告)日:2019-01-03
申请号:US15639119
申请日:2017-06-30
Applicant: INTEL CORPORATION
Inventor: Siddhartha Chhabra , Saeedeh Komijani
IPC: G06F12/14 , G06F12/0875
Abstract: Various embodiments are generally directed to techniques for crypto-aware cache partitioning, such as with a metadata cache for an integrity tree, for instance. Some embodiments are particularly directed to a cache manager that implements partitioning of a cryptographic metadata cache based on locality characteristics of the cryptographic metadata. For instance, locality characteristics of different levels of an integrity tree may be utilized to partition a metadata cache for the integrity tree.
-
公开(公告)号:US20190004973A1
公开(公告)日:2019-01-03
申请号:US15635548
申请日:2017-06-28
Applicant: Intel Corporation
Inventor: Siddhartha Chhabra , Hormuzd M. Khosravi , Gideon Gerzon , Barry E. Huntley , Gilbert Neiger , Ido Ouziel , Baiju Patel , Ravi L. Sahita , Amy L. Santoni , Ioannis T. Schoinas
Abstract: In one embodiment, an apparatus comprises a processor to execute instruction(s), wherein the instructions comprise a memory access operation associated with a memory location of a memory. The apparatus further comprises a memory encryption controller to: identify the memory access operation; determine that the memory location is associated with a protected domain, wherein the protected domain is associated with a protected memory region of the memory, and wherein the protected domain is identified from a plurality of protected domains associated with a plurality of protected memory regions of the memory; identify an encryption key associated with the protected domain; perform a cryptography operation on data associated with the memory access operation, wherein the cryptography operation is performed based on the encryption key associated with the protected domain; and return a result of the cryptography operation, wherein the result is to be used for the memory access operation.
-
169.发明授权公开(公告)号:US10031861B2
公开(公告)日:2018-07-24
申请号:US14865304
申请日:2015-09-25
Applicant: Intel Corporation
Inventor: Siddhartha Chhabra , Binata Bhattacharyya , Raghunandan Makaram , Brian S. Morris
IPC: G06F12/14 , G06F12/0802 , H04L9/30 , H04L9/32 , H04L9/06
Abstract: A server, processing device and/or processor includes a processing core and a memory controller, operatively coupled to the processing core, to access data in an off-chip memory. A memory encryption engine (MEE) may be operatively coupled to the memory controller and the off-chip memory. The MEE may store non-MEE metadata bits within a modified version line corresponding to ones of a plurality of data lines stored in a protected region of the off-chip memory, compute an embedded message authentication code (eMAC) using the modified version line, and detect an attempt to modify one of the non-MEE metadata bits by using the eMAC within a MEE tree walk to authenticate access to the plurality of data lines. The non-MEE metadata bits may store coherence bits that track changes to a cache line in a remote socket, poison bits that track error containment within the data lines, and possibly other metadata bits.
-
170.发明授权公开(公告)号:US09852301B2
公开(公告)日:2017-12-26
申请号:US14582797
申请日:2014-12-24
Applicant: Intel Corporation
Inventor: Alpa Narendra Trivedi , Siddhartha Chhabra , Uday Savagaonkar , Men Long
CPC classification number: G06F21/606 , G06F21/6218 , H04L9/0822 , H04L9/0861
Abstract: Embodiments of an invention for establishing secure channels between a protected execution environment and fixed-function endpoints are disclosed. In one embodiment, and system includes an architecturally protected memory, a processing core communicatively coupled to the architecturally protected memory, and a key distribution engine. The processing core is to implement an architecturally-protected execution environment by performing at least one of executing instructions residing in the architecturally protected memory and preventing an unauthorized access to the architecturally protected memory. The key distribution engine is to provide a secure channel between an application executing within the architecturally-protected execution environment and a fixed-function endpoint by generating a decrypted content encryption key by decrypting an encrypted content encryption key using a key wrapping key shared between the processing core and the key distribution engine and providing the decrypted content encryption key to the fixed-function endpoint.
-
-
-
-
-
-
-
-
-
Search Results
307
records
(took 0.029 seconds)
