公开(公告)号：US20180203801A1

公开(公告)日：2018-07-19

申请号：US15408774

申请日：2017-01-18

Applicant: Intel Corporation

Inventor： Rebekah M. Leslie-Hurd ,  Francis X. McKeen ,  Carlos V. Rozas ,  Gilbert Neiger ,  Asit Mallick ,  Ittai Anati ,  Ilya Alexandrovich ,  Vedvyas Shanbhogue ,  Somnath Chakrabarti

IPC: G06F12/0837 ,  G06F9/30 ,  G06F9/455 ,  G06F12/1045

CPC classification number: G06F12/0837 ,  G06F9/30003 ,  G06F9/45558 ,  G06F12/1063 ,  G06F2009/45583 ,  G06F2009/45591 ,  G06F2212/152 ,  G06F2212/60 ,  G06F2212/621 ,  G06F2212/68

Abstract: A processing device includes a conflict resolution logic circuit to initiate a tracking phase to track translation look aside buffer (TLB) mappings to an enclave memory cache (EPC) page of a secure enclave. The conflict resolution logic circuit is further to execute a tracking instruction as part of the tracking phase, wherein the tracking instruction takes any page in the secure enclave as an argument parameter to the tracking instruction.

公开(公告)号：US09959418B2

公开(公告)日：2018-05-01

申请号：US14803956

申请日：2015-07-20

Applicant: Intel Corporation

Inventor： Binata Bhattacharyya ,  Raghunandan Makaram ,  Amy L. Santoni ,  George Z. Chrysos ,  Simon P. Johnson ,  Brian S. Morris ,  Francis X. McKeen

IPC: G06F21/64 ,  G06F21/62 ,  G06F21/60 ,  G06F21/78

CPC classification number: G06F21/62 ,  G06F21/602 ,  G06F21/64 ,  G06F21/78 ,  G06F2221/2113

Abstract: A processor implementing techniques for supporting configurable security levels for memory address ranges is disclosed. In one embodiment, the processor includes a processing core a memory controller, operatively coupled to the processing core, to access data in an off-chip memory and a memory encryption engine (MEE) operatively coupled to the memory controller. The MEE is to responsive to detecting a memory access operation with respect to a memory location identified by a memory address within a memory address range associated with the off-chip memory, identify a security level indicator associated with the memory location based on a value stored on a security range register. The MEE is further to access at least a portion of a data item associated with the memory address range of the off-chip memory in view of the security level indicator.

公开(公告)号：US20180060237A1

公开(公告)日：2018-03-01

申请号：US15252719

申请日：2016-08-31

Applicant: Intel Corporation

Inventor： Rebekah M. Leslie-Hurd ,  Francis X. McKeen ,  Carlos V. Rozas ,  Somnath Chakrabarti ,  Asit Mallick

IPC: G06F12/0817 ,  G06F21/57 ,  G06F12/0808 ,  G06F12/0811 ,  G06F12/084

CPC classification number: G06F12/0824 ,  G06F12/0808 ,  G06F12/0811 ,  G06F12/084 ,  G06F21/53 ,  G06F21/572 ,  G06F2212/1008 ,  G06F2212/1052 ,  G06F2212/152 ,  G06F2212/60 ,  G06F2212/62 ,  G06F2221/032

Abstract: A processing device includes a first counter having a first count value of a number of child pages among a plurality of child pages present in an enclave memory of a first virtual machine (VM). The plurality of child pages are associated with a parent page in the enclave memory. The processing device includes a second counter having a second count value of a number of child pages among the plurality of child pages not present in the enclave memory and being shared by a second VM, wherein the second VM is different from the first VM. A non-zero value of at least one of the first counter or the second counter prevents eviction of the parent page from the enclave memory.

公开(公告)号：US09875189B2

公开(公告)日：2018-01-23

申请号：US14738037

申请日：2015-06-12

Applicant: INTEL CORPORATION

Inventor： Krystof C. Zmudzinski ,  Siddhartha Chhabra ,  Uday R. Savagaonkar ,  Simon P. Johnson ,  Rebekah M. Leslie-Hurd ,  Francis X. McKeen ,  Gilbert Neiger ,  Raghunandan Makaram ,  Carlos V. Rozas ,  Amy L. Santoni ,  Vincent R. Scarlata ,  Vedvyas Shanbhogue ,  Ilya Alexandrovich ,  Ittai Anati ,  Wesley H. Smith ,  Michael Goldsmith

IPC: G06F12/00 ,  G06F13/00 ,  G06F13/28 ,  G06F12/1009 ,  G06F12/1027 ,  G06F12/1036 ,  G06F12/109 ,  G06F12/14 ,  G06F9/455 ,  G06F12/1045

CPC classification number: G06F12/1009 ,  G06F9/455 ,  G06F9/45558 ,  G06F12/1027 ,  G06F12/1036 ,  G06F12/1045 ,  G06F12/109 ,  G06F12/1441 ,  G06F2009/45583 ,  G06F2212/1016 ,  G06F2212/1052 ,  G06F2212/151 ,  G06F2212/657 ,  G06F2212/684

Abstract: A processor for supporting secure memory intent is disclosed. The processor of the disclosure includes a memory execution unit to access memory and a processor core coupled to the memory execution unit. The processor core is to receive a request to access a convertible page of the memory. In response to the request, the processor core to determine an intent for the convertible page in view of a page table entry (PTE) corresponding to the convertible page. The intent indicates whether the convertible page is to be accessed as at least one of a secure page or a non-secure page.

公开(公告)号：US20180006809A1

公开(公告)日：2018-01-04

申请号：US15200604

申请日：2016-07-01

Applicant: Intel Corporation

Inventor： Vincent R. Scarlata ,  Francis X. McKeen ,  Carlos V. Rozas ,  Simon P. Johnson ,  Bo Zhang ,  Mona Vij ,  Brandon Baker ,  Mohan J. Kumar ,  Asit K. Mallick ,  Mark A. Gentry ,  Somnath Chakrabarti

IPC: H04L9/08 ,  H04L29/06 ,  G06F21/62

CPC classification number: H04L9/0816 ,  G06F21/6218 ,  H04L9/0861 ,  H04L9/088 ,  H04L9/0894 ,  H04L9/14 ,  H04L63/06

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to store data in a secure domain in a cloud network, create encryption keys, where each encryption key is to provide a different type of access to the data, and store the encryption keys in a secure domain key store in the cloud network. In an example, each encryption key provides access to a different version of the data. In another example, a counter engine stores the location of each version of the data in the cloud network.

公开(公告)号：US12242391B2

公开(公告)日：2025-03-04

申请号：US18378124

申请日：2023-10-09

Applicant: Intel Corporation

Inventor： Carlos V. Rozas ,  Mona Vij ,  Rebekah M. Leslie-Hurd ,  Krystof C. Zmudzinski ,  Somnath Chakrabarti ,  Francis X. McKeen ,  Vincent R. Scarlata ,  Simon P. Johnson ,  Ilya Alexandrovich ,  Gilbert Neiger ,  Vedvyas Shanbhogue ,  Ittai Anati

IPC: G06F12/14 ,  G06F8/41 ,  G06F9/30 ,  G06F9/455 ,  G06F21/53 ,  G06F21/60

Abstract: A processor includes a decode unit to decode an instruction that is to indicate a page of a protected container memory, and a storage location outside of the protected container memory. An execution unit, in response to the instruction, is to ensure that there are no writable references to the page of the protected container memory while it has a write protected state. The execution unit is to encrypt a copy of the page of the protected container memory. The execution unit is to store the encrypted copy of the page to the storage location outside of the protected container memory, after it has been ensured that there are no writable references. The execution unit is to leave the page of the protected container memory in the write protected state, which is also valid and readable, after the encrypted copy has been stored to the storage location.

公开(公告)号：US12021980B2

公开(公告)日：2024-06-25

申请号：US17465311

申请日：2021-09-02

Applicant: Intel Corporation

Inventor： Ido Ouziel ,  Arie Aharon ,  Dror Caspi ,  Baruch Chaikin ,  Jacob Doweck ,  Gideon Gerzon ,  Barry E. Huntley ,  Francis X. McKeen ,  Gilbert Neiger ,  Carlos V. Rozas ,  Ravi L. Sahita ,  Vedvyas Shanbhogue ,  Assaf Zaltsman

IPC: H04L9/08 ,  G06F9/455 ,  G06F12/1009 ,  G06F21/60 ,  G06F21/62

CPC classification number: H04L9/088 ,  G06F9/45558 ,  G06F12/1009 ,  G06F21/602 ,  G06F21/62 ,  G06F2009/45583 ,  G06F2009/45587 ,  G06F2212/1044 ,  G06F2212/657

Abstract: A processor includes a processor core. A register of the core is to store: a bit range for a number of address bits of physical memory addresses used for key identifiers (IDs), and a first key ID to identify a boundary between non-restricted key IDs and restricted key IDs of the key identifiers. A memory controller is to: determine, via access to bit range and the first key ID in the register, a key ID range of the restricted key IDs within the physical memory addresses; access a processor state that a first logical processor of the processor core executes in an untrusted domain mode; receive a memory transaction, from the first logical processor, including an address associated with a second key ID; and generate a fault in response to a determination that the second key ID is within a key ID range of the restricted key IDs.

公开(公告)号：US10885202B2

公开(公告)日：2021-01-05

申请号：US16123593

申请日：2018-09-06

Applicant: Intel Corporation

Inventor： Francis X. McKeen ,  Carlos V. Rozas ,  Uday R. Savagaonkar ,  Simon P. Johnson ,  Vincent Scarlata ,  Michael A. Goldsmith ,  Ernie Brickell ,  Jiang Tao Li ,  Howard C. Herbert ,  Prashant Dewan ,  Stephen J. Tolopka ,  Gilbert Neiger ,  David Durham ,  Gary Graunke ,  Bernard Lint ,  Don A. Van Dyke ,  Joseph Cihula ,  Stalinselvaraj Jeyasingh ,  Stephen R. Van Doren ,  Dion Rodgers ,  John Garney ,  Asher Altman

IPC: G06F21/60 ,  G06F21/72 ,  G06F21/53

Abstract: A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.

公开(公告)号：US10540291B2

公开(公告)日：2020-01-21

申请号：US15592089

申请日：2017-05-10

Applicant: Intel Corporation

Inventor： Krystof C. Zmudzinski ,  Carlos V. Rozas ,  Francis X. McKeen ,  Rebekah M. Leslie-Hurd ,  Meltem Ozsoy ,  Somnath Chakrabarti ,  Mona Vij

IPC: G06F12/1027 ,  G06F12/1009 ,  G06F12/14 ,  G06F9/455

Abstract: Translation lookaside buffer (TLB) tracking and managing technologies are described. A processing device comprises a translation lookaside buffer (TLB) and a processing core to execute a virtual machine monitor (VMM), the VMM to manage a virtual machine (VM) including virtual processors. The processing core to execute, via the VM, a plurality of conversion instructions on at least one of the virtual processors to convert a plurality of non-secure pages to a plurality of secure pages. The processing core also to execute, via the VM, one or more allocation instructions on the at least one of the virtual processors to allocate at least one secure page of the plurality of secure pages, execution of the one or more allocation instructions to include determining whether the TLB is cleared of mappings to the at least one secure page prior to allocating the at least one secure page.

公开(公告)号：US20190324918A1

公开(公告)日：2019-10-24

申请号：US16402442

申请日：2019-05-03

Applicant: INTEL CORPORATION

Inventor： Krystof C. Zmudzinski ,  Siddhartha Chhabra ,  Uday R. Savagaonkar ,  Simon P. Johnson ,  Rebekah M. Leslie-Hurd ,  Francis X. McKeen ,  Gilbert Neiger ,  Raghunandan Makaram ,  Carlos V. Rozas ,  Amy L. Santoni ,  Vincent R. Scarlata ,  Vedvyas Shanbhogue ,  Ilya Alexandrovich ,  Ittai Anati ,  Wesley H. Smith ,  Michael Goldsmith

IPC: G06F12/1009 ,  G06F12/1036 ,  G06F12/1027 ,  G06F12/109 ,  G06F12/14 ,  G06F9/455

Abstract: A processor for supporting secure memory intent is disclosed. The processor of the disclosure includes a memory execution unit to access memory and a processor core coupled to the memory execution unit. The processor core is to receive a request to access a convertible page of the memory. In response to the request, the processor core to determine an intent for the convertible page in view of a page table entry (PTE) corresponding to the convertible page. The intent indicates whether the convertible page is to be accessed as at least one of a secure page or a non-secure page.