公开(公告)号：US20210406201A1

公开(公告)日：2021-12-30

申请号：US17367349

申请日：2021-07-03

Applicant: Intel Corporation

Inventor： Carlos V. Rozas ,  Mona Vij ,  Rebekah M. Leslie-Hurd ,  Krystof C. Zmudzinski ,  Somnath Chakrabarti ,  Francis X. Mckeen ,  Vincent R. Scarlata ,  Simon P. Johnson ,  Ilya Alexandrovich ,  Gilbert Neiger ,  Vedvyas Shanbhogue ,  Ittai Anati

IPC: G06F12/14 ,  G06F21/60 ,  G06F9/30 ,  G06F21/53 ,  G06F8/41 ,  G06F9/455

Abstract: A processor includes a decode unit to decode an instruction that is to indicate a page of a protected container memory, and a storage location outside of the protected container memory. An execution unit, in response to the instruction, is to ensure that there are no writable references to the page of the protected container memory while it has a write protected state. The execution unit is to encrypt a copy of the page of the protected container memory. The execution unit is to store the encrypted copy of the page to the storage location outside of the protected container memory, after it has been ensured that there are no writable references. The execution unit is to leave the page of the protected container memory in the write protected state, which is also valid and readable, after the encrypted copy has been stored to the storage location.

公开(公告)号：US10885202B2

公开(公告)日：2021-01-05

申请号：US16123593

申请日：2018-09-06

Applicant: Intel Corporation

Inventor： Francis X. McKeen ,  Carlos V. Rozas ,  Uday R. Savagaonkar ,  Simon P. Johnson ,  Vincent Scarlata ,  Michael A. Goldsmith ,  Ernie Brickell ,  Jiang Tao Li ,  Howard C. Herbert ,  Prashant Dewan ,  Stephen J. Tolopka ,  Gilbert Neiger ,  David Durham ,  Gary Graunke ,  Bernard Lint ,  Don A. Van Dyke ,  Joseph Cihula ,  Stalinselvaraj Jeyasingh ,  Stephen R. Van Doren ,  Dion Rodgers ,  John Garney ,  Asher Altman

IPC: G06F21/60 ,  G06F21/72 ,  G06F21/53

Abstract: A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.

公开(公告)号：US20190391939A1

公开(公告)日：2019-12-26

申请号：US16285035

申请日：2019-02-25

Applicant: Intel Corporation

Inventor： Robert J. Safranek ,  Robert G. Blankenship ,  Venkatraman Iyer ,  Jeff Willey ,  Robert Beers ,  Darren S. Jue ,  Arvind A. Kumar ,  Debendra Das Sharma ,  Jeffrey C. Swanson ,  Bahaa Fahim ,  Vedaraman Geetha ,  Aaron T. Spink ,  Fulvio Spagna ,  Rahul R. Shah ,  Sitaraman V. Iyer ,  William Harry Nale ,  Abhishek Das ,  Simon P. Johnson ,  Yuvraj S. Dhillon ,  Yen-Cheng Liu ,  Raj K. Ramanujan ,  Robert A. Maddox ,  Herbert H. Hum ,  Ashish Gupta

IPC: G06F13/22 ,  G06F12/0808 ,  H04L9/06 ,  G06F13/42 ,  G06F11/10 ,  G06F13/40 ,  G06F1/3287 ,  G06F9/445 ,  G06F9/46 ,  G06F12/0831 ,  G06F12/0806 ,  G06F9/30 ,  G06F8/77 ,  G06F8/71 ,  G06F12/0815 ,  G06F12/0813 ,  H04L12/933

Abstract: A physical layer (PHY) is coupled to a serial, differential link that is to include a number of lanes. The PHY includes a transmitter and a receiver to be coupled to each lane of the number of lanes. The transmitter coupled to each lane is configured to embed a clock with data to be transmitted over the lane, and the PHY periodically issues a blocking link state (BLS) request to cause an agent to enter a BLS to hold off link layer flit transmission for a duration. The PHY utilizes the serial, differential link during the duration for a PHY associated task selected from a group including an in-band reset, an entry into low power state, and an entry into partial width state

公开(公告)号：US20190324918A1

公开(公告)日：2019-10-24

申请号：US16402442

申请日：2019-05-03

Applicant: INTEL CORPORATION

Inventor： Krystof C. Zmudzinski ,  Siddhartha Chhabra ,  Uday R. Savagaonkar ,  Simon P. Johnson ,  Rebekah M. Leslie-Hurd ,  Francis X. McKeen ,  Gilbert Neiger ,  Raghunandan Makaram ,  Carlos V. Rozas ,  Amy L. Santoni ,  Vincent R. Scarlata ,  Vedvyas Shanbhogue ,  Ilya Alexandrovich ,  Ittai Anati ,  Wesley H. Smith ,  Michael Goldsmith

IPC: G06F12/1009 ,  G06F12/1036 ,  G06F12/1027 ,  G06F12/109 ,  G06F12/14 ,  G06F9/455

Abstract: A processor for supporting secure memory intent is disclosed. The processor of the disclosure includes a memory execution unit to access memory and a processor core coupled to the memory execution unit. The processor core is to receive a request to access a convertible page of the memory. In response to the request, the processor core to determine an intent for the convertible page in view of a page table entry (PTE) corresponding to the convertible page. The intent indicates whether the convertible page is to be accessed as at least one of a secure page or a non-secure page.

公开(公告)号：US20190052469A1

公开(公告)日：2019-02-14

申请号：US16162776

申请日：2018-10-17

Applicant: Intel Corporation

Inventor： Vincent R. Scarlata ,  Francis X. McKeen ,  Carlos V. Rozas ,  Simon P. Johnson ,  Bo Zhang ,  James D. Beaney, JR. ,  Piotr Zmijewski ,  Wesley H. Smith ,  Eduardo Cabre

IPC: H04L9/32 ,  G06F21/53 ,  G09C1/00 ,  H04L29/06 ,  G06F21/44 ,  H04L9/30 ,  H04L9/14 ,  H04L9/08

Abstract: A computing platform implements one or more secure enclaves including a first provisioning enclave to interface with a first provisioning service to obtain a first attestation key from the first provisioning service, a second provisioning enclave to interface with a different, second provisioning service to obtain a second attestation key from the second provisioning service, and a provisioning certification enclave to sign first data from the first provisioning enclave and second data from the second provisioning enclave using a hardware-based provisioning attestation key. The signed first data is used by the first provisioning enclave to authenticate to the first provisioning service to obtain the first attestation key and the signed second data is used by the second provisioning enclave to authenticate to the second provisioning service to obtain the second attestation key.

公开(公告)号：US20180329707A1

公开(公告)日：2018-11-15

申请号：US15972573

申请日：2018-05-07

Applicant: Intel Corporation

Inventor： Rebekah Leslie-Hurd ,  Carlos V. Rozas ,  Vincent R. Scarlata ,  Simon P. Johnson ,  Uday R. Savagaonkar ,  Barry E. Huntley ,  Vedvyas Shanbhogue ,  Ittai Anati ,  Francis X. Mckeen ,  Michael A. Goldsmith ,  Ilya Alexandrovich ,  Alex Berenzon ,  Wesley H. Smith ,  Gilbert Neiger

IPC: G06F9/30 ,  G06F12/084 ,  G06F12/14 ,  G06F12/0875 ,  G06F9/44

CPC classification number: G06F9/3004 ,  G06F9/30047 ,  G06F9/30076 ,  G06F9/44 ,  G06F12/084 ,  G06F12/0875 ,  G06F12/1483 ,  G06F2212/452

Abstract: Embodiments of an invention for memory management in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction and a second instruction. The execution unit is to execute the first instruction, wherein execution of the first instruction includes allocating a page in an enclave page cache to a secure enclave. The execution unit is also to execute the second instruction, wherein execution of the second instruction includes confirming the allocation of the page.

公开(公告)号：US20180183578A1

公开(公告)日：2018-06-28

申请号：US15391268

申请日：2016-12-27

Applicant: Intel Corporation

Inventor： Somnath Chakrabarti ,  Vincent R. Scarlata ,  Mona Vij ,  Carlos V. Rozas ,  Ilya Alexandrovich ,  Simon P. Johnson

IPC: H04L9/08 ,  H04L9/32

CPC classification number: H04L9/3247 ,  G06F21/53 ,  G06F21/602 ,  H04L9/0861 ,  H04L9/0897

Abstract: A secure key manager enclave is provided on a host computing system to send an attestation quote to a secure key store system identifying attributes of the key manager enclave and signed by a hardware-based key of the host computing system to attest to trustworthiness of the secure key manager enclave. The secure key manager enclave receives a request to provide a root key for a particular virtual machine to be run on the host computing system, generates a secure data structure in secure memory of the host computing system to be associated with the particular virtual machine, and provisions the root key in the secure data structure using the key manager enclave, where the key manager enclave is to have privileged access to the secure data structure.

公开(公告)号：US09990197B2

公开(公告)日：2018-06-05

申请号：US15683331

申请日：2017-08-22

Applicant: Intel Corporation

Inventor： Rebekah Leslie-Hurd ,  Carlos V. Rozas ,  Vincent R. Scarlata ,  Simon P. Johnson ,  Uday R. Savagaonkar ,  Barry E. Huntley ,  Vedvyas Shanbhogue ,  Ittai Anati ,  Francis X. Mckeen ,  Michael A. Goldsmith ,  Ilya Alexandrovich ,  Alex Berenzon ,  Wesley H. Smith ,  Gilbert Neiger

IPC: G06F12/00 ,  G06F9/30 ,  G06F12/14 ,  G06F12/084 ,  G06F9/44 ,  G06F12/0875

CPC classification number: G06F9/3004 ,  G06F9/30047 ,  G06F9/30076 ,  G06F9/44 ,  G06F12/084 ,  G06F12/0875 ,  G06F12/1483 ,  G06F2212/452

Abstract: Embodiments of an invention for memory management in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction and a second instruction. The execution unit is to execute the first instruction, wherein execution of the first instruction includes allocating a page in an enclave page cache to a secure enclave. The execution unit is also to execute the second instruction, wherein execution of the second instruction includes confirming the allocation of the page.

公开(公告)号：US09942035B2

公开(公告)日：2018-04-10

申请号：US14829340

申请日：2015-08-18

Applicant: INTEL CORPORATION

Inventor： Carlos V. Rozas ,  Mona Vij ,  Rebekah M. Leslie-Hurd ,  Krystof C. Zmudzinski ,  Somnath Chakrabarti ,  Francis X. McKeen ,  Vincent R. Scarlata ,  Simon P. Johnson ,  Ilya Alexandrovich

IPC: H04L9/08 ,  G06F9/455 ,  H04L29/08 ,  H04L29/06

CPC classification number: H04L9/0891 ,  G06F9/45558 ,  G06F2009/45575 ,  G06F2009/45587 ,  H04L63/061 ,  H04L63/10 ,  H04L67/34

Abstract: A processor to support platform migration of secure enclaves is disclosed. In one embodiment, the processor includes a memory controller unit to access secure enclaves and a processor core coupled to the memory controller unit. The processor core to identify a control structure associated with a secure enclave. The control structure comprises a plurality of data slots and keys associated with a first platform comprising the memory controller unit and the processor core. A version of data from the secure enclave is associated with the plurality of data slots. Migratable keys are generated as a replacement for the keys associated with the control structure. The migratable keys control access to the secure enclave. Thereafter, the control structure is migrated to a second platform to enable access to the secure enclave on the second platform.

公开(公告)号：US20170351515A1

公开(公告)日：2017-12-07

申请号：US15683331

申请日：2017-08-22

Applicant: Intel Corporation

Inventor： Rebekah Leslie-Hurd ,  Carlos V. Rozas ,  Vincent R. Scarlata ,  Simon P. Johnson ,  Uday R. Savagaonkar ,  Barry E. Huntley ,  Vedvyas Shanbhogue ,  Ittai Anati ,  Francis X. Mckeen ,  Michael A. Goldsmith ,  Ilya Alexandrovich ,  Alex Berenzon ,  Wesley H. Smith ,  Gilbert Neiger

IPC: G06F9/30 ,  G06F9/44 ,  G06F12/0875 ,  G06F12/084 ,  G06F12/14

CPC classification number: G06F9/3004 ,  G06F9/30047 ,  G06F9/30076 ,  G06F9/44 ,  G06F12/084 ,  G06F12/0875 ,  G06F12/1483 ,  G06F2212/452

Abstract: Embodiments of an invention for memory management in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction and a second instruction. The execution unit is to execute the first instruction, wherein execution of the first instruction includes allocating a page in an enclave page cache to a secure enclave. The execution unit is also to execute the second instruction, wherein execution of the second instruction includes confirming the allocation of the page.