公开(公告)号：US09698989B2

公开(公告)日：2017-07-04

申请号：US13949213

申请日：2013-07-23

Applicant: Intel Corporation

Inventor： Vincent Scarlata ,  Carlos Rozas ,  Simon Johnson ,  Uday Savagaonkar ,  Ittai Anati ,  Francis McKeen ,  Michael Goldsmith

IPC: H04L9/32 ,  G06F21/12 ,  G06F21/53

CPC classification number: H04L9/3213 ,  G06F21/12 ,  G06F21/53 ,  H04L9/3263

Abstract: Embodiments of an invention for feature licensing in a secure processing environment are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction to initialize a secure enclave. The execution unit is to execute the instruction. Execution of the instruction includes determining whether a requested feature is licensed for use in the secure enclave.

公开(公告)号：US09519803B2

公开(公告)日：2016-12-13

申请号：US13690401

申请日：2012-11-30

Applicant: Intel Corporation

Inventor： Prashant Dewan ,  Uday R. Savagaonkar ,  David M. Durham ,  Paul S. Schmitz ,  Jason Martin ,  Michael Goldsmith ,  Ravi L. Sahita ,  Francis X. McKeen ,  Carlos Rozas ,  Balaji Vembu ,  Scott Janus ,  Geoffrey S. Strongin ,  Xiaozhu Kang ,  Karanvir S. Grewal ,  Siddhartha Chhabra ,  Alpha T. Narendra Trivedi

IPC: G06F21/00 ,  G06F21/64 ,  G06F21/53 ,  G06F21/56

CPC classification number: G06F21/64 ,  G06F21/53 ,  G06F21/56

Abstract: In accordance with some embodiments, a protected execution environment may be defined for a graphics processing unit. This framework not only protects the workloads from malware running on the graphics processing unit but also protects those workloads from malware running on the central processing unit. In addition, the trust framework may facilitate proof of secure execution by measuring the code and data structures used to execute the workload. If a part of the trusted computing base of this framework or protected execution environment is compromised, that part can be patched remotely and the patching can be proven remotely throughout attestation in some embodiments.

Abstract translation: 根据一些实施例，可以为图形处理单元定义受保护的执行环境。 该框架不仅保护了图形处理单元上运行的恶意软件的工作负载，还保护了这些工作负载免受中央处理单元上运行的恶意软件。 此外，信任框架可以通过测量用于执行工作负载的代码和数据结构来促进安全执行的证明。 如果该框架或受保护的执行环境的可信计算基础的一部分受到损害，那么该部分可以被远程修补，并且在一些实施例中可以通过验证远程验证修补。

公开(公告)号：US12001346B2

公开(公告)日：2024-06-04

申请号：US17127786

申请日：2020-12-18

Applicant: Intel Corporation

Inventor： Thomas Unterluggauer ,  Alaa Alameldeen ,  Scott Constable ,  Fangfei Liu ,  Francis McKeen ,  Carlos Rozas ,  Anna Trikalinou

IPC: G06F12/10 ,  G06F12/121 ,  G06F12/14

CPC classification number: G06F12/14 ,  G06F12/121 ,  G06F2212/1052

Abstract: Techniques and mechanisms for a victim cache to operate in conjunction with a skewed cache to help mitigate the risk of a side-channel attack. In an embodiment, a first line is evicted from a skewed cache, and moved to a victim cache, based on a message indicating that a second line is to be stored to the skewed cache. Subsequently, a request to access the first line results in a search of both the victim cache and sets of the skewed cache which have been mapped to an address corresponding to the first line. Based on the search, the first line is evicted from the victim cache, and reinserted in the skewed cache. In another embodiment, reinsertion of the first line in the skewed cache includes the first line and a third line being swapped between the skewed cache and the victim cache.

公开(公告)号：US11797309B2

公开(公告)日：2023-10-24

申请号：US16728722

申请日：2019-12-27

Applicant: Intel Corporation

Inventor： Carlos Rozas ,  Francis McKeen ,  Pasquale Cocchini ,  Meltem Ozsoy ,  Matthew Fernandez

IPC: G06F9/38 ,  G06F9/50 ,  G06F9/30

CPC classification number: G06F9/3844 ,  G06F9/30145 ,  G06F9/3804 ,  G06F9/5011

Abstract: An apparatus and method for tracking speculative execution flow and detecting potential vulnerabilities. For example, one embodiment of a processor comprises: an instruction fetcher to fetch instructions from a cache or system memory; a branch predictor to speculate a first instruction path to be taken comprising a first sequence of instructions; a decoder to decode the first sequence of instructions; execution circuitry to execute the first sequence of instructions and process data associated with the instruction to generate results; information flow tracking circuitry and/or logic to: assign labels to all or a plurality of instructions in the first sequence of instructions, track resource usage of the plurality of instructions using the labels, merge sets of labels to remove redundancies; and responsive to detecting that the first instruction path was mis-predicted, generating one or more summaries comprising resources affected by one or more of the first sequence of instructions; and recycling labels responsive to retirement of instructions associated with the labels.

公开(公告)号：US20220207154A1

公开(公告)日：2022-06-30

申请号：US17134333

申请日：2020-12-26

Applicant: Intel Corporation

Inventor： Richard Winterton ,  Mohammad Reza Haghighat ,  Asit Mallick ,  Alaa Alameldeen ,  Abhishek Basak ,  Jason W. Brandt ,  Michael Chynoweth ,  Carlos Rozas ,  Scott Constable ,  Martin Dixon ,  Matthew Fernandez ,  Fangfei Liu ,  Francis McKeen ,  Joseph Nuzman ,  Gilles Pokam ,  Thomas Unterluggauer ,  Xiang Zou

IPC: G06F21/60 ,  H04L9/08 ,  H04L9/30

Abstract: Embodiments for dynamically mitigating speculation vulnerabilities are disclosed. In an embodiment, an apparatus includes a hybrid key generator and memory protection hardware. The hybrid key generator is to generate a hybrid key based on a public key and multiple process identifiers. Each of the process identifiers corresponds to one or more memory spaces in a memory. The memory protection hardware is to use the first hybrid key to protect to the memory spaces.

公开(公告)号：US20220207148A1

公开(公告)日：2022-06-30

申请号：US17134345

申请日：2020-12-26

Applicant: Intel Corporation

Inventor： Carlos Rozas ,  Fangfei Liu ,  Xiang Zou ,  Francis McKeen ,  Jason W. Brandt ,  Joseph Nuzman ,  Alaa Alameldeen ,  Abhishek Basak ,  Scott Constable ,  Thomas Unterluggauer ,  Asit Mallick ,  Matthew Fernandez

IPC: G06F21/57 ,  G06F9/38 ,  G06F21/54

Abstract: Embodiments for dynamically mitigating speculation vulnerabilities are disclosed. In an embodiment, an apparatus includes decode circuitry and branch circuitry coupled to the decode circuitry. The decode circuitry is to decode a branch hardening instruction to mitigate vulnerability to a speculative execution attack. The branch circuitry is to be hardened in response to the branch hardening instruction.

公开(公告)号：US20220207146A1

公开(公告)日：2022-06-30

申请号：US17134341

申请日：2020-12-26

Applicant: Intel Corporation

Inventor： Carlos Rozas ,  Fangfei Liu ,  Xiang Zou ,  Francis McKeen ,  Jason W. Brandt ,  Joseph Nuzman ,  Alaa Alameldeen ,  Abhishek Basak ,  Scott Constable ,  Thomas Unterluggauer ,  Asit Mallick ,  Matthew Fernandez

IPC: G06F21/57 ,  G06F9/38 ,  G06F21/54

Abstract: Embodiments for dynamically mitigating speculation vulnerabilities are disclosed. In an embodiment, an apparatus includes decode circuitry and load circuitry coupled to the decode circuitry. The decode circuitry is to decode a load hardening instruction to mitigate vulnerability to a speculative execution attack. The load circuitry is to be hardened in response to the load hardening instruction.

公开(公告)号：US20190251257A1

公开(公告)日：2019-08-15

申请号：US15897406

申请日：2018-02-15

Applicant: Intel Corporation

Inventor： Francis McKeen ,  Bin Xing ,  Krystof Zmudzinski ,  Carlos Rozas ,  Mona Vij

IPC: G06F21/55 ,  G06F21/53

CPC classification number: G06F21/556 ,  G06F12/145 ,  G06F12/1491 ,  G06F21/53 ,  G06F2212/1052 ,  G06F2221/2149

Abstract: A processor includes a processing core to identify a code comprising a plurality of instructions to be executed in the architecturally-protected environment, determine that a first physical memory page stored in the architecturally-protected memory matches a first virtual memory page referenced by a first instruction of the plurality of instructions, generate a first address mapping between a first address of the first virtual memory page and a second address of the first physical memory page, store, in the cache memory, the address translation data structure comprising the first address mapping, and execute the code by retrieving the first address mapping in the address translation data structures to be executed in the architecturally-protected environment, determine that a first physical memory page stored in the architecturally-protected memory matches a first virtual memory page referenced by a first instruction of the plurality of instructions, generate a first address mapping between a first address of the first virtual memory page and a second address of the first physical memory page, store, in the cache memory, an address translation data structure comprising the first address mapping, and execute the code by retrieving the first address mapping stored in the address translation data structure.

公开(公告)号：US09684608B2

公开(公告)日：2017-06-20

申请号：US14525421

申请日：2014-10-28

Applicant: Intel Corporation

Inventor： Francis McKeen ,  Vincent Scarlata ,  Carlos Rozas ,  Ittai Anati ,  Vedvyas Shanbhogue

IPC: G06F12/14 ,  G06F12/08 ,  G06F12/0875

CPC classification number: G06F12/1416 ,  G06F9/4418 ,  G06F12/0804 ,  G06F12/0875 ,  G06F12/1408 ,  G06F12/1441 ,  G06F21/53 ,  G06F2212/1016 ,  G06F2212/1028 ,  G06F2212/1052 ,  G06F2212/152 ,  G06F2212/452 ,  Y02D10/13

Abstract: Embodiments of an invention for maintaining a secure processing environment across power cycles are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction to evict a root version array page entry from a secure cache. The execution unit is to execute the instruction. Execution of the instruction includes generating a blob to contain information to maintain a secure processing environment across a power cycle and storing the blob in a non-volatile memory.

公开(公告)号：US20160170900A1

公开(公告)日：2016-06-16

申请号：US15048400

申请日：2016-02-19

Applicant: Intel Corporation

Inventor： Gur Hildesheim ,  Shlomo Raikin ,  Ittai Anati ,  Gideon Gerzon ,  Uday Savagaonkar ,  Francis Mckeen ,  Carlos Rozas ,  Michael Goldsmith ,  Prashant Dewan

IPC: G06F12/10

CPC classification number: G06F12/109 ,  G06F12/0284 ,  G06F12/1036 ,  G06F2212/656 ,  G06F2212/657

Abstract: Embodiments of apparatuses and methods including virtual address memory range registers are disclosed. In one embodiment, a processor includes a memory interface, address translation hardware, and virtual memory address comparison hardware. The memory interface is to access a system memory using a physical memory address. The address translation hardware is to support translation of a virtual memory address to the physical memory address. The virtual memory address is used by software to access a virtual memory location in the virtual memory address space of the processor. The virtual memory address comparison hardware is to determine whether the virtual memory address is within a virtual memory address range.

Abstract translation: 公开了包括虚拟地址存储器范围寄存器的装置和方法的实施例。 在一个实施例中，处理器包括存储器接口，地址转换硬件和虚拟存储器地址比较硬件。 存储器接口是使用物理内存地址访问系统内存。 地址转换硬件是支持将虚拟内存地址转换为物理内存地址。 虚拟存储器地址由软件用于访问处理器的虚拟存储器地址空间中的虚拟存储器位置。 虚拟内存地址比较硬件是确定虚拟内存地址是否在虚拟内存地址范围内。