-
公开(公告)号:US20220058292A1
公开(公告)日:2022-02-24
申请号:US17469591
申请日:2021-09-08
Applicant: Apple Inc.
Inventor: Manu Gulati , Joseph Sokol, JR. , Jeffrey R. Wilcox , Bernard J. Semeria , Michael J. Smith
Abstract: In one embodiment, a system includes a non-volatile memory that may serve as both the main memory system and the backing store (or persistent storage). In some embodiments, the non-volatile memory is divided into a main memory portion and a persistent portion. Data in the main memory operation may be encrypted using one or more first keys, and data in the persistent portion may be encrypted using one or more second keys, in an embodiment. The volatile behavior of main memory may be implemented by discarding the one or more first keys in a power down event or other event that indicates a loss of main memory data, while the one or more second keys may be retained. In one embodiment, the physical address space of the non-volatile memory may be a mapping from a second physical address space that is used within the system.
-
公开(公告)号:US20200082066A1
公开(公告)日:2020-03-12
申请号:US16539356
申请日:2019-08-13
Applicant: Apple Inc.
Inventor: Bernard J. Semeria , Devon S. Andrade , Jeremy C. Andrus , Ahmed Bougacha , Peter Cooper , Jacques Fortier , Louis G. Gerbarg , James H. Grosbach , Robert J. McCall , Daniel A. Steffen , Justin R. Unger
Abstract: Embodiments described herein enable the interoperability between processes configured for pointer authentication and processes that are not configured for pointer authentication. Enabling the interoperability between such processes enables essential libraries, such as system libraries, to be compiled with pointer authentication, while enabling those libraries to still be used by processes that have not yet been compiled or configured to use pointer authentication.
-
公开(公告)号:US09852084B1
公开(公告)日:2017-12-26
申请号:US15017427
申请日:2016-02-05
Applicant: Apple Inc.
Inventor: Peter G. Soderquist , Pradeep Kanapathipillai , Bernard J. Semeria , Joshua P. de Cesare , David J. Williamson , Gerard R. Williams, III
IPC: G06F12/14 , G06F12/1009
CPC classification number: G06F12/1483 , G06F12/1009 , G06F2212/1052
Abstract: Systems, apparatuses, and methods for modifying access permissions in a processor. A processor may include one or more permissions registers for managing access permissions. A first permissions register may be utilized to override access permissions embedded in the page table data. A plurality of bits from the page table data may be utilized as an index into the first permissions register for the current privilege level. An attribute field may be retrieved from the first permissions register to determine the access permissions for a given memory request. A second permissions register may also be utilized to set the upper and lower boundary of a region in physical memory where the kernel is allowed to execute. A lock register may prevent any changes from being made to the second permissions register after the second permissions register has been initially programmed.
-
公开(公告)号:US20250103492A1
公开(公告)日:2025-03-27
申请号:US18582305
申请日:2024-02-20
Applicant: Apple Inc.
Inventor: Brett S. Feero , Dennis R. Bradford , Gaurav Garg , Jeff Gonion , Bernard J. Semeria , James Vash , Richard F. Russo
IPC: G06F12/0808 , G06F12/0882 , G06F12/1045
Abstract: Techniques are disclosed relating to performing remote cache invalidations. In some embodiments, primary processor circuitry is configured to, based on execution of a remote invalidate instruction (e.g., an ISA-defined instruction), send a cache invalidate command to coprocessor circuitry. The coprocessor circuitry includes coprocessor cache circuitry and cache invalidation control circuitry configured to, in response to the cache invalidate command sent by the primary processor, invalidate one or more cache lines in the coprocessor cache circuitry without executing any instructions on the coprocessor circuitry.
-
公开(公告)号:US12242396B2
公开(公告)日:2025-03-04
申请号:US18343125
申请日:2023-06-28
Applicant: Apple Inc.
Inventor: Jeffry E. Gonion , Bernard J. Semeria
IPC: G06F12/14 , G06F9/30 , G06F12/1027 , G06F21/52
Abstract: A memory permissions model for a processor that is based on the memory address accessed by an instruction as well as the program counter of the instruction. These permissions may be stored in permissions tables and indexed using the memory addresses of the instruction and the address of the memory locations that it accesses. Those indexes may be obtained from a page table in some cases. These memory permissions may be used in conjunction with other permissions, such as execute permissions and secondary execution privileges that are based on whether the instruction belongs to a particular instruction group.
-
公开(公告)号:US20230418929A1
公开(公告)日:2023-12-28
申请号:US18343145
申请日:2023-06-28
Applicant: Apple Inc.
Inventor: Jeffry E. Gonion , Bernard J. Semeria
IPC: G06F21/52
CPC classification number: G06F21/52 , G06F2221/034
Abstract: A permissions model for a processor in which permissions are based on the instruction group of an instruction. These permissions may be stored in permissions tables and indexed using the program counter of the instruction. The permissions may identify which of a plurality of instruction groups of an instruction set architecture (ISA) of a processor are permitted to execute from that program counter value. Accordingly, the instruction group of the instruction can be compared to the permitted instruction groups to determine if the instruction has execution permission. In some cases, the instruction-group-based permissions are secondary execution privileges; additional primary execution permissions that are determined using the program counter may also be used.
-
公开(公告)号:US20230305924A1
公开(公告)日:2023-09-28
申请号:US17804950
申请日:2022-06-01
Applicant: Apple Inc.
Inventor: Farid Nemati , Steven R. Hutsell , Derek R. Kumar , Bernard J. Semeria , James Vash , Era K. Nangia , Gregory S. Mathews
CPC classification number: G06F11/1068 , G06F11/076 , G06F11/106 , G06F11/0772
Abstract: Techniques are disclosed relating to memory error tracking and logging. In some embodiments, a memory cache controller circuitry is configured to track, using multiple circuit entries, numbers of detected correctable errors associated with multiple respective locations, and in response to detecting a threshold number of correctable errors for a particular location, generate a signal to the one or more processors that identifies the particular location. In some embodiments, the memory cache controller circuitry includes multiple circuit entries for tracking uncorrectable errors.
-
公开(公告)号:US20220138313A1
公开(公告)日:2022-05-05
申请号:US17348576
申请日:2021-06-15
Applicant: Apple Inc.
Inventor: Filip J. Pizlo , Michael L. Saboff , Bernard J. Semeria , Jacques Fortier , Ivan Krstic , Yusuke Suzuki , Saam J. Barati , Yin Zin Mark Lam
IPC: G06F21/53
Abstract: In an embodiment, dynamically-generated code may be supported in the system by ensuring that the code either remains executing within a predefined region of memory or exits to one of a set of valid exit addresses. Software embodiments are described in which the dynamically-generated code is scanned prior to permitting execution of the dynamically-generated code to ensure that various criteria are met including exclusion of certain disallowed instructions and control of branch target addresses. Hardware embodiments are described in which the dynamically-generated code is permitted to executed but is monitored to ensure that the execution criteria are met.
-
公开(公告)号:US11188477B2
公开(公告)日:2021-11-30
申请号:US16564502
申请日:2019-09-09
Applicant: Apple Inc.
Inventor: Julien Oster , Thomas G. Holland , Bernard J. Semeria , Jason A. Harmening , Pierre-Olivier J. Martel , Gregory D. Hughes , P. Love Hornquist Astrand , Jacques Fortier , Ryan P. Nielson , Simon P. Cooper
IPC: G06F12/1009 , G06F21/62 , G06F9/455
Abstract: In an embodiment, a computer system comprises a page protection layer. The page protection layer may be the component in the system which manages the page tables for virtual to physical page mappings. Transactions to the page protection layer are used to create/manage mappings created in the page tables. The page protection layer may enforce dynamic security policies in the system (i.e. security policies that may not be enforced using only a static hardware configuration). In an embodiment, the page protection layer may ensure that it is the only component which is able to modify the page tables. The page protection layer may ensure than no component in the system is able to modify a page that is marked executable in any process' address space. The page protection may ensure that any page that is marked executable has code with a verified code signature, in an embodiment.
-
公开(公告)号:US20190012484A1
公开(公告)日:2019-01-10
申请号:US15748893
申请日:2016-08-25
Applicant: Apple Inc.
Inventor: Manu Gulati , Joseph Sokol, Jr. , Jeffrey R. Wilcox , Bernard J. Semeria , Michael J. Smith
CPC classification number: G06F21/72 , G06F12/0246 , G06F12/1027 , G06F12/1408 , G06F21/78 , G06F2212/7206 , G06F2212/7208 , G06F2221/2143 , H04L9/0861 , H04L9/0894 , H04L2209/12
Abstract: In one embodiment, a system includes a non-volatile memory that may serve as both the main memory system and the backing store (or persistent storage). In some embodiments, the non-volatile memory is divided into a main memory portion and a persistent portion. Data in the main memory operation may be encrypted using one or more first keys, and data in the persistent portion may be encrypted using one or more second keys, in an embodiment. The volatile behavior of main memory may be implemented by discarding the one or more first keys in a power down event or other event that indicates a loss of main memory data, while the one or more second keys may be retained. In one embodiment, the physical address space of the non-volatile memory may be a mapping from a second physical address space that is used within the system.
-
-
-
-
-
-
-
-
-