Unified Addressable Memory
    11.
    发明申请

    公开(公告)号:US20220058292A1

    公开(公告)日:2022-02-24

    申请号:US17469591

    申请日:2021-09-08

    Applicant: Apple Inc.

    Abstract: In one embodiment, a system includes a non-volatile memory that may serve as both the main memory system and the backing store (or persistent storage). In some embodiments, the non-volatile memory is divided into a main memory portion and a persistent portion. Data in the main memory operation may be encrypted using one or more first keys, and data in the persistent portion may be encrypted using one or more second keys, in an embodiment. The volatile behavior of main memory may be implemented by discarding the one or more first keys in a power down event or other event that indicates a loss of main memory data, while the one or more second keys may be retained. In one embodiment, the physical address space of the non-volatile memory may be a mapping from a second physical address space that is used within the system.

    Access permissions modification
    13.
    发明授权

    公开(公告)号:US09852084B1

    公开(公告)日:2017-12-26

    申请号:US15017427

    申请日:2016-02-05

    Applicant: Apple Inc.

    CPC classification number: G06F12/1483 G06F12/1009 G06F2212/1052

    Abstract: Systems, apparatuses, and methods for modifying access permissions in a processor. A processor may include one or more permissions registers for managing access permissions. A first permissions register may be utilized to override access permissions embedded in the page table data. A plurality of bits from the page table data may be utilized as an index into the first permissions register for the current privilege level. An attribute field may be retrieved from the first permissions register to determine the access permissions for a given memory request. A second permissions register may also be utilized to set the upper and lower boundary of a region in physical memory where the kernel is allowed to execute. A lock register may prevent any changes from being made to the second permissions register after the second permissions register has been initially programmed.

    Remote Cache Invalidation
    14.
    发明申请

    公开(公告)号:US20250103492A1

    公开(公告)日:2025-03-27

    申请号:US18582305

    申请日:2024-02-20

    Applicant: Apple Inc.

    Abstract: Techniques are disclosed relating to performing remote cache invalidations. In some embodiments, primary processor circuitry is configured to, based on execution of a remote invalidate instruction (e.g., an ISA-defined instruction), send a cache invalidate command to coprocessor circuitry. The coprocessor circuitry includes coprocessor cache circuitry and cache invalidation control circuitry configured to, in response to the cache invalidate command sent by the primary processor, invalidate one or more cache lines in the coprocessor cache circuitry without executing any instructions on the coprocessor circuitry.

    PC-based memory permissions
    15.
    发明授权

    公开(公告)号:US12242396B2

    公开(公告)日:2025-03-04

    申请号:US18343125

    申请日:2023-06-28

    Applicant: Apple Inc.

    Abstract: A memory permissions model for a processor that is based on the memory address accessed by an instruction as well as the program counter of the instruction. These permissions may be stored in permissions tables and indexed using the memory addresses of the instruction and the address of the memory locations that it accesses. Those indexes may be obtained from a page table in some cases. These memory permissions may be used in conjunction with other permissions, such as execute permissions and secondary execution privileges that are based on whether the instruction belongs to a particular instruction group.

    PC-Based Instruction Group Permissions
    16.
    发明公开

    公开(公告)号:US20230418929A1

    公开(公告)日:2023-12-28

    申请号:US18343145

    申请日:2023-06-28

    Applicant: Apple Inc.

    CPC classification number: G06F21/52 G06F2221/034

    Abstract: A permissions model for a processor in which permissions are based on the instruction group of an instruction. These permissions may be stored in permissions tables and indexed using the program counter of the instruction. The permissions may identify which of a plurality of instruction groups of an instruction set architecture (ISA) of a processor are permitted to execute from that program counter value. Accordingly, the instruction group of the instruction can be compared to the permitted instruction groups to determine if the instruction has execution permission. In some cases, the instruction-group-based permissions are secondary execution privileges; additional primary execution permissions that are determined using the program counter may also be used.

    Software Verification of Dynamically Generated Code

    公开(公告)号:US20220138313A1

    公开(公告)日:2022-05-05

    申请号:US17348576

    申请日:2021-06-15

    Applicant: Apple Inc.

    Abstract: In an embodiment, dynamically-generated code may be supported in the system by ensuring that the code either remains executing within a predefined region of memory or exits to one of a set of valid exit addresses. Software embodiments are described in which the dynamically-generated code is scanned prior to permitting execution of the dynamically-generated code to ensure that various criteria are met including exclusion of certain disallowed instructions and control of branch target addresses. Hardware embodiments are described in which the dynamically-generated code is permitted to executed but is monitored to ensure that the execution criteria are met.

    Page protection layer
    19.
    发明授权

    公开(公告)号:US11188477B2

    公开(公告)日:2021-11-30

    申请号:US16564502

    申请日:2019-09-09

    Applicant: Apple Inc.

    Abstract: In an embodiment, a computer system comprises a page protection layer. The page protection layer may be the component in the system which manages the page tables for virtual to physical page mappings. Transactions to the page protection layer are used to create/manage mappings created in the page tables. The page protection layer may enforce dynamic security policies in the system (i.e. security policies that may not be enforced using only a static hardware configuration). In an embodiment, the page protection layer may ensure that it is the only component which is able to modify the page tables. The page protection layer may ensure than no component in the system is able to modify a page that is marked executable in any process' address space. The page protection may ensure that any page that is marked executable has code with a verified code signature, in an embodiment.

Patent Agency Ranking