公开(公告)号：US20230198548A1

公开(公告)日：2023-06-22

申请号：US17559989

申请日：2021-12-22

Applicant: Intel Corporation

Inventor： James David Guilford ,  Vinodh Gopal ,  Daniel Frederick Cutter ,  Kirk Yap

IPC: H03M7/30 ,  H03M7/40

CPC classification number: H03M7/3084 ,  H03M7/40

Abstract: Apparatus and method for detecting a constant data block are described herein. An apparatus embodiment includes compression circuitry to perform compression operations on a memory block; constant detection circuitry to, concurrently with performance of the compression operations on the memory block, determine that the memory block is a constant data block comprised of only repeat instances of a constant value; and controller circuitry to associate a first indication with the memory block based on the determination, the first indication usable for controlling whether to abort the compression operations or whether to discard a compressed memory block generated from the compression operations.

公开(公告)号：US11663003B2

公开(公告)日：2023-05-30

申请号：US16452390

申请日：2019-06-25

Applicant: INTEL CORPORATION

Inventor： Vinodh Gopal ,  Wajdi Feghali ,  Gilbert Wolrich ,  Kirk Yap

IPC: G06F9/30

CPC classification number: G06F9/30029 ,  G06F9/30036 ,  G06F9/30167

Abstract: An apparatus and method are described for performing efficient Boolean operations in a pipelined processor which, in one embodiment, does not natively support three operand instructions. For example, in one embodiment, a processor comprises: a set of registers for storing packed operands; Boolean operation logic to execute a single instruction which uses three or more source operands packed in the set of registers, the Boolean operation logic to read at least three source operands and an immediate value to perform a Boolean operation on the three source operands, wherein the Boolean operation comprises: combining a bit read from each of the three operands to form an index to the immediate value, the index identifying a bit position within the immediate value; reading the bit from the identified bit position of the immediate value; and storing the bit from the identified bit position of the immediate value in a destination register.

公开(公告)号：US11516013B2

公开(公告)日：2022-11-29

申请号：US16022619

申请日：2018-06-28

Applicant: Intel Corporation

Inventor： James Guilford ,  Vinodh Gopal ,  Kirk Yap

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/06

Abstract: Disclosed embodiments relate to encrypting or decrypting confidential data with additional authentication data by an accelerator and a processor. In one example, a processor includes processor circuitry to compute a first hash of a first block of data stored in a memory, store the first hash in the memory, and generate an authentication tag based in part on a second hash. The processor further includes accelerator circuitry to obtain the first hash from the memory, decrypt a second block of data using the first hash, and compute the second hash based in part on the first hash and the second block of data.

公开(公告)号：US20220365885A1

公开(公告)日：2022-11-17

申请号：US17872805

申请日：2022-07-25

Applicant: Intel Corporation

Inventor： Siddhartha Chhabra ,  Rajat Agarwal ,  Baiju Patel ,  Kirk Yap

IPC: G06F12/14 ,  G06F21/78 ,  G06F21/60 ,  H04L9/32 ,  G06F21/64 ,  H04L9/14 ,  G06F21/53 ,  G06F21/85

Abstract: Techniques are described for providing low-overhead cryptographic memory isolation to mitigate attack vulnerabilities in a multi-user virtualized computing environment. Memory read and memory write operations for target data, each operation initiated via an instruction associated with a particular virtual machine (VM), include the generation and/or validation of a message authentication code that is based at least on a VM-specific cryptographic key and a physical memory address of the target data. Such operations may further include transmitting the generated message authentication code via a plurality of ancillary bits incorporated within a data line that includes the target data. In the event of a validation failure, one or more error codes may be generated and provided to distinct trust domain architecture entities based on an operating mode of the associated virtual machine.

公开(公告)号：US20220075738A1

公开(公告)日：2022-03-10

申请号：US17475768

申请日：2021-09-15

Applicant: Intel Corporation

Inventor： Santosh Ghosh ,  Kirk Yap ,  Siddhartha Chhabra

IPC: G06F12/14 ,  H04L9/32 ,  H04L9/06

Abstract: The disclosed embodiments generally relate to methods, systems and apparatuses to authenticate instructions on a memory circuitry. In an exemplary embodiment, the disclosure relates to a computing device (e.g., a memory protection engine) to protect integrity of one or more memory circuitry. The computing device may include: a key-hash operator configured to provide a Message Authentication Code (MAC) for a secure Hash Algorithm (SHA) as a function of a hash-key, MAC-key, metadata and data; a multi-round (MR) circuitry configured to receive the MAC from the key-hash operator and to compute substantially all SHA round-functions during each clock cycle, the multi-round circuitry further comprising combination logic to process all sub-round functions of the SHA function substantially simultaneously; and a Memory Integrity Pipeline (MIP) engine to compute a hash digest, the hash digest further comprising a MAC key, a metadata and the cache line data; the MIP further comprising an input prep logic, an SHA pipeline logic and an MAC validation logic.

公开(公告)号：US11169934B2

公开(公告)日：2021-11-09

申请号：US16021496

申请日：2018-06-28

Applicant: Intel Corporation

Inventor： Santosh Ghosh ,  Kirk Yap ,  Siddhartha Chhabra

IPC: G06F12/14 ,  H04L9/32 ,  H04L9/06

Abstract: The disclosed embodiments generally relate to methods, systems and apparatuses to authenticate instructions on a memory circuitry. In an exemplary embodiment, the disclosure relates to a computing device (e.g., a memory protection engine) to protect integrity of one or more memory circuitry. The computing device may include: a key-hash operator configured to provide a Message Authentication Code (MAC) for a secure Hash Algorithm (SHA) as a function of a hash-key, MAC-key, metadata and data; a multi-round (MR) circuitry configured to receive the MAC from the key-hash operator and to compute substantially all SHA round-functions during each clock cycle, the multi-round circuitry further comprising combination logic to process all sub-round functions of the SHA function substantially simultaneously; and a Memory Integrity Pipeline (MIP) engine to compute a hash digest, the hash digest further comprising a MAC key, a metadata and the cache line data; the MIP further comprising an input prep logic, an SHA pipeline logic and an MAC validation logic.

公开(公告)号：US20190042476A1

公开(公告)日：2019-02-07

申请号：US16023576

申请日：2018-06-29

Applicant: Intel Corporation

Inventor： Siddhartha Chhabra ,  Rajat Agarwal ,  Baiju Patel ,  Kirk Yap

IPC: G06F12/14 ,  G06F21/78 ,  G06F21/64 ,  G06F21/60 ,  H04L9/32 ,  G06F9/455

Abstract: Techniques are described for providing low-overhead cryptographic memory isolation to mitigate attack vulnerabilities in a multi-user virtualized computing environment. Memory read and memory write operations for target data, each operation initiated via an instruction associated with a particular virtual machine (VM), include the generation and/or validation of a message authentication code that is based at least on a VM-specific cryptographic key and a physical memory address of the target data. Such operations may further include transmitting the generated message authentication code via a plurality of ancillary bits incorporated within a data line that includes the target data. In the event of a validation failure, one or more error codes may be generated and provided to distinct trust domain architecture entities based on an operating mode of the associated virtual machine.