公开(公告)号：US12021980B2

公开(公告)日：2024-06-25

申请号：US17465311

申请日：2021-09-02

Applicant: Intel Corporation

Inventor： Ido Ouziel ,  Arie Aharon ,  Dror Caspi ,  Baruch Chaikin ,  Jacob Doweck ,  Gideon Gerzon ,  Barry E. Huntley ,  Francis X. McKeen ,  Gilbert Neiger ,  Carlos V. Rozas ,  Ravi L. Sahita ,  Vedvyas Shanbhogue ,  Assaf Zaltsman

IPC: H04L9/08 ,  G06F9/455 ,  G06F12/1009 ,  G06F21/60 ,  G06F21/62

CPC classification number: H04L9/088 ,  G06F9/45558 ,  G06F12/1009 ,  G06F21/602 ,  G06F21/62 ,  G06F2009/45583 ,  G06F2009/45587 ,  G06F2212/1044 ,  G06F2212/657

Abstract: A processor includes a processor core. A register of the core is to store: a bit range for a number of address bits of physical memory addresses used for key identifiers (IDs), and a first key ID to identify a boundary between non-restricted key IDs and restricted key IDs of the key identifiers. A memory controller is to: determine, via access to bit range and the first key ID in the register, a key ID range of the restricted key IDs within the physical memory addresses; access a processor state that a first logical processor of the processor core executes in an untrusted domain mode; receive a memory transaction, from the first logical processor, including an address associated with a second key ID; and generate a fault in response to a determination that the second key ID is within a key ID range of the restricted key IDs.

公开(公告)号：US11645080B2

公开(公告)日：2023-05-09

申请号：US17903307

申请日：2022-09-06

Applicant: Intel Corporation

Inventor： Eliezer Weissmann ,  Mark Charney ,  Michael Mishaeli ,  Robert Valentine ,  Itai Ravid ,  Jason W. Brandt ,  Gilbert Neiger ,  Baruch Chaikin ,  Efraim Rotem

IPC: G06F9/38 ,  G06F9/30

CPC classification number: G06F9/3851 ,  G06F9/30076 ,  G06F9/30101 ,  G06F9/3836

Abstract: Systems, methods, and apparatuses relating to instructions to reset software thread runtime property histories in a hardware processor are described. In one embodiment, a hardware processor includes a hardware guide scheduler comprising a plurality of software thread runtime property histories; a decoder to decode a single instruction into a decoded single instruction, the single instruction having a field that identifies a model-specific register; and an execution circuit to execute the decoded single instruction to check that an enable bit of the model-specific register is set, and when the enable bit is set, to reset the plurality of software thread runtime property histories of the hardware guide scheduler.

公开(公告)号：US11436018B2

公开(公告)日：2022-09-06

申请号：US17124813

申请日：2020-12-17

Applicant: Intel Corporation

Inventor： Eliezer Weissmann ,  Mark Charney ,  Michael Mishaeli ,  Robert Valentine ,  Itai Ravid ,  Jason W. Brandt ,  Gilbert Neiger ,  Baruch Chaikin ,  Efraim Rotem

IPC: G06F9/38 ,  G06F9/30

Abstract: Systems, methods, and apparatuses relating to instructions to reset software thread runtime property histories in a hardware processor are described. In one embodiment, a hardware processor includes a hardware guide scheduler comprising a plurality of software thread runtime property histories; a decoder to decode a single instruction into a decoded single instruction, the single instruction having a field that identifies a model-specific register; and an execution circuit to execute the decoded single instruction to check that an enable bit of the model-specific register is set, and when the enable bit is set, to reset the plurality of software thread runtime property histories of the hardware guide scheduler.

公开(公告)号：US20210200858A1

公开(公告)日：2021-07-01

申请号：US16729340

申请日：2019-12-28

Applicant: Intel Corporation

Inventor： Dror Caspi ,  Vedvyas Shanbhogue ,  Ido Ouziel ,  Francis McKeen ,  Baruch Chaikin ,  Carlos V. Rozas

IPC: G06F21/53

Abstract: Embodiments of processors, methods, and systems for executing code in a protected memory container by a trust domain are disclosed. In an embodiment, a processor includes a memory controller to enable creation of a trust domain and a core to enable the trust domain to execute code in a protected memory container.

公开(公告)号：US20200349265A1

公开(公告)日：2020-11-05

申请号：US16931543

申请日：2020-07-17

Applicant: Intel Corporation

Inventor： Reshma Lal ,  Gideon Gerzon ,  Baruch Chaikin ,  Siddhartha Chhabra ,  Pradeep M. Pappachan ,  Bin Xing

IPC: G06F21/60 ,  H04L29/06 ,  G06F21/57 ,  G06F13/28 ,  H04L9/32 ,  G06F21/62 ,  G06F21/85 ,  G09C1/00 ,  G06F13/20

Abstract: Technologies for trusted I/O include a computing device having a processor, a channel identifier filter, and an I/O controller. The I/O controller may generate an I/O transaction that includes a channel identifier and a memory address. The channel identifier filter verifies that the memory address of the I/O transaction is within a processor reserved memory region associated with the channel identifier. The processor reserved memory region is not accessible to software executed by the computing device. The processor encrypts I/O data at the memory address in response to invocation of a processor feature and copies the encrypted data to a memory buffer outside of the processor reserved memory region. The processor may securely clean the processor reserved memory region before encrypting and copying the data. The processor may wrap and unwrap programming information for the channel identifier filter. Other embodiments are described and claimed.

公开(公告)号：US10216662B2

公开(公告)日：2019-02-26

申请号：US14866933

申请日：2015-09-26

Applicant: Intel Corporation

Inventor： Michael Mishaeli ,  Ido Ouziel ,  Baruch Chaikin ,  Yoav Zach

IPC: G06F13/24 ,  G06F12/1027 ,  G06F12/0891

Abstract: Embodiments of systems, apparatuses, and methods for remote action handling are describe. In an embodiment, a hardware apparatus comprises: a first register to store a memory address of a payload corresponding to an action to be performed associated with a remote action request (RAR) interrupt, a second register to store a memory address of an action list accessible by a plurality of processors, and a remote action handler circuit to identify a received RAR interrupt, perform an action of the received RAR interrupt, and signal acknowledgment to an initiating processor upon completion of the action.

公开(公告)号：US10169574B2

公开(公告)日：2019-01-01

申请号：US15907551

申请日：2018-02-28

Applicant: Intel Corporation

Inventor： Nadav Nesher ,  Alex Berenzon ,  Baruch Chaikin

IPC: H04L9/00 ,  G06F21/00 ,  G06F21/60 ,  G06F21/53 ,  G06F21/57 ,  G06F21/71

Abstract: An embodiment includes a processor coupled to memory to perform operations comprising: creating a first trusted execution environment (TXE), in protected non-privileged user address space of the memory, which makes a first measurement for at least one of first data and first executable code and which encrypts the first measurement with a persistent first hardware based encryption key while the first measurement is within the first TXE; creating a second TXE, in the non-privileged user address space, which makes a second measurement for at least one of second data and second executable code; creating a third TXE in the non-privileged user address space; creating a first secure communication channel between the first and third TXEs and a second secure communication channel between the second and third TXEs; and communicating the first measurement between the first and third TXEs via the first secure communication channel. Other embodiments are described herein.

公开(公告)号：US09940456B2

公开(公告)日：2018-04-10

申请号：US14572060

申请日：2014-12-16

Applicant: Intel Corporation

Inventor： Nadav Nesher ,  Alex Berenzon ,  Baruch Chaikin

IPC: G06F21/57 ,  G06F21/00 ,  G06F21/53 ,  G06F21/71

CPC classification number: G06F21/53 ,  G06F21/57 ,  G06F21/71 ,  H04L2209/127

Abstract: An embodiment includes a processor coupled to memory to perform operations comprising: creating a first trusted execution environment (TXE), in protected non-privileged user address space of the memory, which makes a first measurement for at least one of first data and first executable code and which encrypts the first measurement with a persistent first hardware based encryption key while the first measurement is within the first TXE; creating a second TXE, in the non-privileged user address space, which makes a second measurement for at least one of second data and second executable code; creating a third TXE in the non-privileged user address space; creating a first secure communication channel between the first and third TXEs and a second secure communication channel between the second and third TXEs; and communicating the first measurement between the first and third TXEs via the first secure communication channel. Other embodiments are described herein.