公开(公告)号：US09767044B2

公开(公告)日：2017-09-19

申请号：US14034813

申请日：2013-09-24

Applicant: Intel Corporation

Inventor： Siddhartha Chhabra ,  Uday R. Savagaonkar ,  Michael A. Goldsmith ,  Simon P. Johnson ,  Rebekah M. Leslie-Hurd ,  Francis X. McKeen ,  Gilbert Neiger ,  Raghunandan Makaram ,  Carlos V. Rozas ,  Amy L. Santoni ,  Vincent R. Scarlata ,  Vedvyas Shanbhogue ,  Wesley H. Smith ,  Ittai Anati ,  Ilya Alexandrovich

IPC: G06F12/00 ,  G06F12/14 ,  G06F12/0808 ,  G06F12/1027 ,  G06F9/455 ,  G06F12/0897

CPC classification number: G06F12/1408 ,  G06F9/45558 ,  G06F12/0808 ,  G06F12/0897 ,  G06F12/1027 ,  G06F2009/45587 ,  G06F2212/1032 ,  G06F2212/1048 ,  G06F2212/152

Abstract: Secure memory repartitioning technologies are described. A processor includes a processor core and a memory controller coupled between the processor core and main memory. The main memory includes a memory range including a section of convertible pages that are convertible to secure pages or non-secure pages. The processor core, in response to a page conversion instruction, is to determine from the instruction a convertible page in the memory range to be converted and convert the convertible page to be at least one of a secure page or a non-secure page. The memory range may also include a hardware reserved section that is convertible in response to a section conversion instruction.

公开(公告)号：US09323686B2

公开(公告)日：2016-04-26

申请号：US13729277

申请日：2012-12-28

Applicant: Intel Corporation

Inventor： Francis X. Mckeen ,  Michael A. Goldsmith ,  Barry E. Huntley ,  Simon P. Johnson ,  Rebekah Leslie ,  Carlos V. Rozas ,  Uday R. Savagaonkar ,  Vincent R. Scarlata ,  Vedvyas Shanbhogue ,  Wesley H. Smith ,  Ittai Anati ,  Ilya Alexandrovich ,  Alex Berenzon ,  Gilbert Neiger

IPC: G06F12/00 ,  G06F12/08 ,  G06F9/30

CPC classification number: G06F12/0804 ,  G06F9/30047 ,  G06F12/0875 ,  G06F12/1408 ,  G06F2212/1052 ,  G06F2212/402

Abstract: Embodiments of an invention for paging in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction. The execution unit is to execute the first instruction, wherein execution of the first instruction includes evicting a first page from an enclave page cache.

Abstract translation: 公开了用于在安全飞行器中寻呼的发明的实施例。 在一个实施例中，处理器包括指令单元和执行单元。 指令单元接收第一条指令。 执行单元执行第一指令，其中第一指令的执行包括从飞地页面缓存中逐出第一页。

公开(公告)号：US20160042184A1

公开(公告)日：2016-02-11

申请号：US14919350

申请日：2015-10-21

Applicant: Intel Corporation

Inventor： Francis X. Mckeen ,  Michael A. Goldsmith ,  Barrey E. Huntley ,  Simon P. Johnson ,  Rebekah M. Leslie-Hurd ,  Carlos V. Rozas ,  Uday R. Savagaonkar ,  Vincent R. Scarlata ,  Vedvyas Shanbhogue ,  Wesley H. Smith ,  Gilbert Neiger

IPC: G06F21/60 ,  G06F12/14 ,  G06F21/72 ,  G06F12/08

CPC classification number: G06F21/60 ,  G06F12/0875 ,  G06F12/14 ,  G06F12/145 ,  G06F21/72 ,  G06F2212/1052 ,  G06F2212/152 ,  G06F2212/452

Abstract: Embodiments of an invention for logging in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction having an associated enclave page cache address. The execution unit is to execute the instruction without causing a virtual machine exit, wherein execution of the instruction includes logging the instruction and the associated enclave page cache address.

Abstract translation: 公开了用于登录安全飞行器的发明的实施例。 在一个实施例中，处理器包括指令单元和执行单元。 该指令单元用于接收具有关联的飞地页面缓存地址的指令。 执行单元执行指令而不引起虚拟机退出，其中指令的执行包括记录指令和关联的飞地页面缓存地址。

公开(公告)号：US20150278514A1

公开(公告)日：2015-10-01

申请号：US14739133

申请日：2015-06-15

Applicant: Intel Corporation

Inventor： Xiaozhu Kang ,  Alpa T. Narendra Trivedi ,  Siddhartha Chhabra ,  Prashant Dewan ,  Uday R. Savagaonkar ,  David M. Durham

IPC: G06F21/53 ,  G06F21/60

CPC classification number: G06F21/53 ,  G06F12/14 ,  G06F21/50 ,  G06F21/60 ,  G06F21/78 ,  G06F2221/034

Abstract: The entry/exit architecture may be a critical component of a protection framework using a secure enclaves-like trust framework for coprocessors. The entry/exit architecture describes steps that may be used to switch securely into a trusted execution environment (entry architecture) and out of the trusted execution environment (exit architecture), at the same time preventing any secure information from leaking to an untrusted environment.

Abstract translation: 入口/出口架构可能是保护框架的关键组成部分，使用协同处理器的安全的类似信任框架。 入口/出口架构描述了可用于将安全切换到受信任的执行环境（入口体系结构）并脱离可信执行环境（退出体系结构）的步骤，同时防止任何安全信息泄露到不受信任的环境中。

公开(公告)号：US09087202B2

公开(公告)日：2015-07-21

申请号：US13891255

申请日：2013-05-10

Applicant: Intel Corporation

Inventor： Xiaozhu Kang ,  Alpa T. Narendra Trivedi ,  Siddhartha Chhabra ,  Prashant Dewan ,  Uday R. Savagaonkar ,  David M. Durham

IPC: G06F21/60 ,  G06F21/78 ,  G06F21/50 ,  G06F12/14

CPC classification number: G06F21/53 ,  G06F12/14 ,  G06F21/50 ,  G06F21/60 ,  G06F21/78 ,  G06F2221/034

Abstract: The entry/exit architecture may be a critical component of a protection framework using a secure enclaves-like trust framework for coprocessors. The entry/exit architecture describes steps that may be used to switch securely into a trusted execution environment (entry architecture) and out of the trusted execution environment (exit architecture), at the same time preventing any secure information from leaking to an untrusted environment.

Abstract translation: 入口/出口架构可能是保护框架的关键组成部分，使用协同处理器的安全的类似信任框架。 入口/出口架构描述了可用于将安全切换到受信任的执行环境（入口体系结构）并脱离可信执行环境（退出体系结构）的步骤，同时防止任何安全信息泄露到不受信任的环境中。

公开(公告)号：US09043604B2

公开(公告)日：2015-05-26

申请号：US13987807

申请日：2013-09-05

Applicant: Intel Corporation

Inventor： Ernest F. Brickell ,  Shay Gueron ,  Jiangtao Li ,  Carlos V. Rozas ,  Daniel Nemiroff ,  Vincent R. Scarlata ,  Uday R. Savagaonkar ,  Simon P. Johnson

IPC: H04L9/08 ,  H04L9/32 ,  G06F21/73 ,  G06F21/60

CPC classification number: H04L9/0816 ,  G06F21/572 ,  G06F21/73

Abstract: Keying materials used for providing security in a platform are securely provisioned both online and offline to devices in a remote platform. The secure provisioning of the keying materials is based on a revision of firmware installed in the platform.

Abstract translation: 用于在平台中提供安全性的键控材料可以安全地在线和离线地配置到远程平台中的设备。 密钥材料的安全配置基于安装在平台中的固件的修订版本。

公开(公告)号：US11995001B2

公开(公告)日：2024-05-28

申请号：US17867306

申请日：2022-07-18

Applicant: Intel Corporation

Inventor： Krystof C. Zmudzinski ,  Siddhartha Chhabra ,  Uday R. Savagaonkar ,  Simon P. Johnson ,  Rebekah M. Leslie-Hurd ,  Francis X. McKeen ,  Gilbert Neiger ,  Raghunandan Makaram ,  Carlos V. Rozas ,  Amy L. Santoni ,  Vincent R. Scarlata ,  Vedvyas Shanbhogue ,  Ilya Alexandrovich ,  Ittai Anati ,  Wesley H. Smith ,  Michael Goldsmith

IPC: G06F12/1009 ,  G06F9/455 ,  G06F12/1027 ,  G06F12/1036 ,  G06F12/1045 ,  G06F12/109 ,  G06F12/14

CPC classification number: G06F12/1009 ,  G06F9/455 ,  G06F9/45558 ,  G06F12/1027 ,  G06F12/1036 ,  G06F12/109 ,  G06F12/1441 ,  G06F2009/45583 ,  G06F12/1045 ,  G06F2212/1016 ,  G06F2212/1052 ,  G06F2212/151 ,  G06F2212/657 ,  G06F2212/684

Abstract: A processor for supporting secure memory intent is disclosed. The processor of the disclosure includes a memory execution unit to access memory and a processor core coupled to the memory execution unit. The processor core is to receive a request to access a convertible page of the memory. In response to the request, the processor core to determine an intent for the convertible page in view of a page table entry (PTE) corresponding to the convertible page. The intent indicates whether the convertible page is to be accessed as at least one of a secure page or a non-secure page.

公开(公告)号：US11489678B2

公开(公告)日：2022-11-01

申请号：US16856968

申请日：2020-04-23

Applicant: Intel Corporation

Inventor： Vincent R. Scarlata ,  Francis X. McKeen ,  Carlos V. Rozas ,  Simon P. Johnson ,  Bo Zhang ,  James D. Beaney, Jr. ,  Piotr Zmijewski ,  Wesley Hamilton Smith ,  Eduardo Cabre ,  Uday R. Savagaonkar

IPC: H04L9/32 ,  H04L9/08 ,  G09C1/00 ,  H04L9/40 ,  H04L9/14

Abstract: Embodiments include systems, methods, computer readable media, and devices configured to, for a first processor of a platform, generate a platform root key; create a data structure to encapsulate the platform root key, the data structure comprising a platform provisioning key and an identification of a registration service; and transmit, on a secure connection, the data structure to the registration service to register the platform root key for the first processor of the platform. Embodiments include systems, methods, computer readable media, and devices configured to store a device certificate received from a key generation facility; receive a manifest from a platform, the manifest comprising an identification of a processor associated with the platform; and validate the processor using a stored device certificate.

公开(公告)号：US10922241B2

公开(公告)日：2021-02-16

申请号：US16402442

申请日：2019-05-03

Applicant: INTEL CORPORATION

Inventor： Krystof C. Zmudzinski ,  Siddhartha Chhabra ,  Uday R. Savagaonkar ,  Simon P. Johnson ,  Rebekah M. Leslie-Hurd ,  Francis X. McKeen ,  Gilbert Neiger ,  Raghunandan Makaram ,  Carlos V. Rozas ,  Amy L. Santoni ,  Vincent R. Scarlata ,  Vedvyas Shanbhogue ,  Ilya Alexandrovich ,  Ittai Anati ,  Wesley H. Smith ,  Michael Goldsmith

IPC: G06F12/1009 ,  G06F12/1027 ,  G06F12/1036 ,  G06F12/109 ,  G06F12/14 ,  G06F9/455 ,  G06F12/1045

Abstract: A processor for supporting secure memory intent is disclosed. The processor of the disclosure includes a memory execution unit to access memory and a processor core coupled to the memory execution unit. The processor core is to receive a request to access a convertible page of the memory. In response to the request, the processor core to determine an intent for the convertible page in view of a page table entry (PTE) corresponding to the convertible page. The intent indicates whether the convertible page is to be accessed as at least one of a secure page or a non-secure page.

公开(公告)号：US20200259632A1

公开(公告)日：2020-08-13

申请号：US16733685

申请日：2020-01-03

Applicant: Intel Corporation

Inventor： Eugene M. Kishinevsky ,  Uday R. Savagaonkar ,  Alpa T. Narendra Trivedi ,  Siddhartha Chhabra ,  Baiju V. Patel ,  Men Long ,  Kirk S. Yap ,  David M. Durham

IPC: H04L9/06 ,  G06F21/60 ,  G06F21/85 ,  G09C1/00 ,  G06F12/14

Abstract: Encryption interface technologies are described. A processor can include a system agent, an encryption interface, and a memory controller. The system agent can communicate data with a hardware functional block. The encryption interface can be coupled between the system agent and a memory controller. The encryption interface can receive a plaintext request from the system agent, encrypt the plaintext request to obtain an encrypted request, and communicate the encrypted request to the memory controller. The memory controller can communicate the encrypted request to a main memory of the computing device.