公开(公告)号：US20210255962A1

公开(公告)日：2021-08-19

申请号：US17156175

申请日：2021-01-22

Applicant: Intel Corporation

Inventor： Krystof C. Zmudzinski ,  Siddhartha Chhabra ,  Uday R. Savagaonkar ,  Simon P. Johnson ,  Rebekah M. Leslie-Hurd ,  Francis X. McKeen ,  Gilbert Neiger ,  Raghunandan Makaram ,  Carlos V. Rozas ,  Amy L. Santoni ,  Vincent R. Scarlata ,  Vedvyas Shanbhogue ,  Ilya Alexandrovich ,  Ittai Anati ,  Wesley H. Smith ,  Michael Goldsmith

IPC: G06F12/1009 ,  G06F12/1027 ,  G06F12/1036 ,  G06F12/109 ,  G06F12/14 ,  G06F9/455

Abstract: A processor for supporting secure memory intent is disclosed. The processor of the disclosure includes a memory execution unit to access memory and a processor core coupled to the memory execution unit. The processor core is to receive a request to access a convertible page of the memory. In response to the request, the processor core to determine an intent for the convertible page in view of a page table entry (PTE) corresponding to the convertible page. The intent indicates whether the convertible page is to be accessed as at least one of a secure page or a non-secure page.

公开(公告)号：US11055236B2

公开(公告)日：2021-07-06

申请号：US16729251

申请日：2019-12-27

Applicant: Intel Corporation

Inventor： Carlos V. Rozas ,  Mona Vij ,  Rebekah M. Leslie-Hurd ,  Krystof C. Zmudzinski ,  Somnath Chakrabarti ,  Francis X. Mckeen ,  Vincent R. Scarlata ,  Simon P. Johnson ,  Ilya Alexandrovich ,  Gilbert Neiger ,  Vedvyas Shanbhogue ,  Ittai Anati

IPC: G06F12/14 ,  G06F21/60 ,  G06F9/30 ,  G06F21/53 ,  G06F8/41 ,  G06F9/455

Abstract: A processor includes a decode unit to decode an instruction that is to indicate a page of a protected container memory, and a storage location outside of the protected container memory. An execution unit, in response to the instruction, is to ensure that there are no writable references to the page of the protected container memory while it has a write protected state. The execution unit is to encrypt a copy of the page of the protected container memory. The execution unit is to store the encrypted copy of the page to the storage location outside of the protected container memory, after it has been ensured that there are no writable references. The execution unit is to leave the page of the protected container memory in the write protected state, which is also valid and readable, after the encrypted copy has been stored to the storage location.

公开(公告)号：US20210117350A1

公开(公告)日：2021-04-22

申请号：US17134242

申请日：2020-12-25

Applicant: Intel Corporation

Inventor： Robert J. Safranek ,  Robert G. Blankenship ,  Venkatraman Iyer ,  Jeff Willey ,  Robert Beers ,  Darren S. Jue ,  Arvind A. Kumar ,  Debendra Das Sharma ,  Jeffrey C. Swanson ,  Bahaa Fahim ,  Vedaraman Geetha ,  Aaron T. Spink ,  Fulvio Spagna ,  Rahul R. Shah ,  Sitaraman V. Iyer ,  William Harry Nale ,  Abhishek Das ,  Simon P. Johnson ,  Yuvraj S. Dhillon ,  Yen-Cheng Liu ,  Raj K. Ramanujan ,  Robert A. Maddox ,  Herbert H. Hum ,  Ashish Gupta

IPC: G06F13/22 ,  H04L12/933 ,  G06F12/0813 ,  G06F12/0815 ,  G06F12/0831 ,  G06F13/42 ,  G06F8/71 ,  G06F8/77 ,  G06F9/30 ,  G06F12/0806 ,  G06F9/46 ,  G06F13/40 ,  G06F9/445 ,  G06F1/3287 ,  G06F11/10 ,  H04L9/06 ,  G06F12/0808

Abstract: A physical layer (PHY) is coupled to a serial, differential link that is to include a number of lanes. The PHY includes a transmitter and a receiver to be coupled to each lane of the number of lanes. The transmitter coupled to each lane is configured to embed a clock with data to be transmitted over the lane, and the PHY periodically issues a blocking link state (BLS) request to cause an agent to enter a BLS to hold off link layer flit transmission for a duration. The PHY utilizes the serial, differential link during the duration for a PHY associated task selected from a group including an in-band reset, an entry into low power state, and an entry into partial width state.

公开(公告)号：US20210006416A1

公开(公告)日：2021-01-07

申请号：US16856968

申请日：2020-04-23

Applicant: Intel Corporation

Inventor： Vincent R. Scarlata ,  Francis X. McKeen ,  Carlos V. Rozas ,  Simon P. Johnson ,  Bo Zhang ,  James D. Beaney, JR. ,  Piotr Zmijewski ,  Wesley Hamilton Smith ,  Eduardo Cabre ,  Uday R. Savagaonkar

IPC: H04L9/32 ,  H04L9/08 ,  G09C1/00 ,  H04L29/06 ,  H04L9/14

Abstract: Embodiments include systems, methods, computer readable media, and devices configured to, for a first processor of a platform, generate a platform root key; create a data structure to encapsulate the platform root key, the data structure comprising a platform provisioning key and an identification of a registration service; and transmit, on a secure connection, the data structure to the registration service to register the platform root key for the first processor of the platform. Embodiments include systems, methods, computer readable media, and devices configured to store a device certificate received from a key generation facility; receive a manifest from a platform, the manifest comprising an identification of a processor associated with the platform; and validate the processor using a stored device certificate.

公开(公告)号：US10558588B2

公开(公告)日：2020-02-11

申请号：US15651771

申请日：2017-07-17

Applicant: Intel Corporation

Inventor： Carlos V. Rozas ,  Mona Vij ,  Rebekah M. Leslie-Hurd ,  Krystof C. Zmudzinski ,  Somnath Chakrabarti ,  Francis X. Mckeen ,  Vincent R. Scarlata ,  Simon P. Johnson ,  Ilya Alexandrovich ,  Gilbert Neiger ,  Vedvyas Shanbhogue ,  Ittai Anati

IPC: G06F11/30 ,  G06F12/14 ,  G06F21/60 ,  G06F9/30 ,  G06F21/53 ,  G06F8/41 ,  G06F9/455

Abstract: A processor includes a decode unit to decode an instruction that is to indicate a page of a protected container memory, and a storage location outside of the protected container memory. An execution unit, in response to the instruction, is to ensure that there are no writable references to the page of the protected container memory while it has a write protected state. The execution unit is to encrypt a copy of the page of the protected container memory. The execution unit is to store the encrypted copy of the page to the storage location outside of the protected container memory, after it has been ensured that there are no writable references. The execution unit is to leave the page of the protected container memory in the write protected state, which is also valid and readable, after the encrypted copy has been stored to the storage location.

公开(公告)号：US10534724B2

公开(公告)日：2020-01-14

申请号：US14998157

申请日：2015-12-24

Applicant: INTEL CORPORATION

Inventor： Carlos V. Rozas ,  Ilya Alexandrovich ,  Gilbert Neiger ,  Francis X. McKeen ,  Ittai Anati ,  Vedvyas Shanbhogue ,  Mona Vij ,  Rebekah Leslie-Hurd ,  Krystof C. Zmudzinski ,  Somnath Chakrabarti ,  Vincent R. Scarlata ,  Simon P. Johnson

IPC: G06F12/14 ,  H04L9/32 ,  G06F12/0802 ,  H04L9/14

Abstract: Instructions and logic support suspending and resuming migration of enclaves in a secure enclave page cache (EPC). An EPC stores a secure domain control structure (SDCS) in storage accessible by an enclave for a management process, and by a domain of enclaves. A second processor checks if a corresponding version array (VA) page is bound to the SDCS, and if so: increments a version counter in the SDCS for the page, performs an authenticated encryption of the page from the EPC using the version counter in the SDCS, and writes the encrypted page to external memory. A second processor checks if a corresponding VA page is bound to a second SDCS of the second processor, and if so: performs an authenticated decryption of the page using a version counter in the second SDCS, and loads the decrypted page to the EPC in the second processor if authentication passes.

公开(公告)号：US10289554B2

公开(公告)日：2019-05-14

申请号：US15711615

申请日：2017-09-21

Applicant: Intel Corporation

Inventor： Rebekah M. Leslie-Hurd ,  Carlos V. Rozas ,  Francis X. Mckeen ,  Ilya Alexandrovich ,  Vedvyas Shanbhogue ,  Bin Xing ,  Mark W. Shanahan ,  Simon P. Johnson

IPC: G06F12/0844 ,  G06F12/0882 ,  G06F11/07

Abstract: A processor implementing techniques to supporting fault information delivery is disclosed. In one embodiment, the processor includes a memory controller unit to access an enclave page cache (EPC) and a processor core coupled to the memory controller unit. The processor core to detect a fault associated with accessing the EPC and generate an error code associated with the fault. The error code reflects an EPC-related fault cause. The processor core is further to encode the error code into a data structure associated with the processor core. The data structure is for monitoring a hardware state related to the processor core.

公开(公告)号：US10230528B2

公开(公告)日：2019-03-12

申请号：US14703420

申请日：2015-05-04

Applicant: Intel Corporation

Inventor： Binata Bhattacharyya ,  Amy L. Santoni ,  Raghunandan Makaram ,  Francis X. McKeen ,  Simon P. Johnson ,  George Z. Chrysos ,  Siddhartha Chhabra

IPC: G06F11/30 ,  G06F12/14 ,  H04L9/32 ,  H04L9/06

Abstract: Systems and methods for memory protection for implementing trusted execution environment. An example processing system comprises: an on-package memory; a memory encryption engine (MEE) comprising a MEE cache, the MEE to: responsive to failing to locate, within the MEE cache, an encryption metadata associated with a data item loaded from an external memory, retrieve at least part of the encryption metadata from the OPM, and validate the data item using the encryption metadata.

公开(公告)号：US10218711B2

公开(公告)日：2019-02-26

申请号：US15152755

申请日：2016-05-12

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Simon P. Johnson ,  Steve Orrin ,  Willard M. Wiseman

IPC: H04L29/06 ,  G06F21/57 ,  H04W4/021 ,  H04W12/06 ,  H04W12/08

Abstract: In one embodiment, a method includes determining a location of a system responsive to location information received from at least one of a location sensor and a wireless device of the system, associating the location with a key present in the system to generate an authenticated location of the system, and determining whether the authenticated location is within a geofence boundary indicated in a location portion of a launch control policy (LCP) that provides a geographic-specific policy. Other embodiments are described and claimed.

公开(公告)号：US10152350B2

公开(公告)日：2018-12-11

申请号：US15200820

申请日：2016-07-01

Applicant: Intel Corporation

Inventor： Somnath Chakrabarti ,  Mona Vij ,  Carlos V. Rozas ,  Brandon Baker ,  Vincent R. Scarlata ,  Francis X. McKeen ,  Simon P. Johnson

IPC: H04L29/06 ,  G06F21/00 ,  G06F9/48 ,  H04L9/08

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to determine that a secure domain has been created on a device, where keys are required to access the secure domain, obtain the keys that are required to access the secure domain from a network element, and encrypt the keys and store the encrypted keys on the device. In an example, only the secure domain can decrypt the encrypted keys and the device is a virtual machine.