公开(公告)号：US20210200880A1

公开(公告)日：2021-07-01

申请号：US16728712

申请日：2019-12-27

Applicant: Intel Corporation

Inventor： Hormuzd M. KHOSRAVI ,  Siddhartha CHHABRA ,  Vincent VON BOKERN ,  Barry E. HUNTLEY ,  Vedvyas SHANBHOGUE ,  Ramya Jayaram MASTI

IPC: G06F21/60 ,  G06F21/53 ,  G06F9/455 ,  H04L9/08

Abstract: Disclosed embodiments relate to Multi-Key Total Memory Encryption based on dynamic key derivation. In one example, a processor includes cryptographic circuitry, storage with multiple key splits and multiple full encryption keys, fetch and decode circuitry to fetch and decode an instruction specifying an opcode, an address, and a keyID, the opcode calling for the processor to use the address to determine whether to use an explicit key, in which case the keyID is used to select one of the multiple full encryption keys to use as a cryptographic key, and, otherwise, the processor is to dynamically derive the cryptographic key by using the keyID to select one of the multiple key splits, and provide the key split and a root key to a key derivation function to derive the cryptographic key, which is used by the encryption circuitry to perform a cryptographic operation on an the addressed memory location.

公开(公告)号：US20220209967A1

公开(公告)日：2022-06-30

申请号：US17134363

申请日：2020-12-26

Applicant: Intel Corporation

Inventor： Siddhartha CHHABRA ,  Prashant DEWAN ,  Baiju PATEL

IPC: H04L9/32 ,  H04L9/08 ,  G06F9/30

Abstract: Techniques for encrypting data using a key generated by a physical unclonable function (PUF) are described. An apparatus according to the present disclosure may include decoder circuitry to decode an instruction and generate a decoded instruction. The decoded instruction includes operands and an opcode. The opcode indicates that execution circuitry is to encrypt data using a key generated by a PUF. The apparatus may further include execution circuitry to execute the decoded instruction according to the opcode to encrypt the data to generate encrypted data using the key generated by the PUF.

公开(公告)号：US20220209959A1

公开(公告)日：2022-06-30

申请号：US17134352

申请日：2020-12-26

Applicant: Intel Corporation

Inventor： Siddhartha CHHABRA ,  Manjula PEDDIREDDY ,  Hormuzd KHOSRAVI

IPC: H04L9/32 ,  H04L9/08 ,  G06F12/14 ,  G06F13/16

Abstract: In embodiments detailed herein describe an encryption architecture with fast zero support (e.g., FZ-MKTME) to allow memory encryption and integrity architecture to work efficiently with 3DXP or other far memory memories. In particular, an encryption engine for the purpose of fast zeroing in the far memory controller is detailed along with mechanisms for consistent key programming of this engine. For example, an instruction is detailed which allows software to send keys protected even when the controller is located outside of a system on a chip (SoC), etc.

公开(公告)号：US20220207194A1

公开(公告)日：2022-06-30

申请号：US17134346

申请日：2020-12-26

Applicant: Intel Corporation

Inventor： Siddhartha CHHABRA ,  Abhishek BASAK

IPC: G06F21/85 ,  G06F21/60 ,  G06F21/57 ,  G06F7/58

Abstract: Detailed herein are embodiments utilizing a cryptographically authenticated address bus (CAAB) protection that uses an intelligent memory design to prevent attacks on the address bus without detection and eliminate the memory bus as an observability surface for an attacker to do access pattern analysis. Embodiments detailed herein describe an intelligent memory module which has cryptographic capabilities. In some embodiments, a memory controller and an intelligent memory module exchange a key and using this key, the address (on the address bus) is encrypted and integrity protected using authenticated counter mode encryption. The memory controller on receiving a read or a write request encrypts the address (e.g., using pre-generated encrypted counters to minimize cryptographic overheads). A message authentication code (MAC) also gets generated along with the encrypted address to be able to detect modification to the encrypted address.

公开(公告)号：US20220207190A1

公开(公告)日：2022-06-30

申请号：US17134344

申请日：2020-12-26

Applicant: Intel Corporation

Inventor： Siddhartha CHHABRA ,  Manjula PEDDIREDDY ,  Rajat AGARWAL

IPC: G06F21/79 ,  G06F21/60 ,  G11C29/42

Abstract: Techniques for Scalable Memory Integrity and Enhanced Reliability, Availability, and Serviceability (SMIRAS) based systems are described. A SMIRAS based system may be enabled to use an integrity-based metadata organization that stores data, metadata, and a first portion of ECC data together in memory and a second portion of ECC data in sequestered memory; or using a compression based organization that stores compressed data, compression metadata, and an second portion of ECC data as a cacheline.