公开(公告)号：US20220197659A1

公开(公告)日：2022-06-23

申请号：US17133622

申请日：2020-12-23

Applicant: Intel Corporation

Inventor： Jayesh Gaur ,  Adarsh Chauhan ,  Vinodh Gopal ,  Vedvyas Shanbhogue ,  Sreenivas Subramoney ,  Wajdi Feghali

IPC: G06F9/38 ,  G06F9/30

Abstract: Methods and apparatus relating to an Application Programming Interface (API) for fine grained low latency decompression within a processor core are described. In an embodiment, a decompression Application Programming Interface (API) receives an input handle to a data object. The data object includes compressed data and metadata. Decompression Engine (DE) circuitry decompresses the compressed data to generate uncompressed data. The DE circuitry decompress the compressed data in response to invocation of a decompression instruction by the decompression API. The metadata comprises a first operand to indicate a location of the compressed data, a second operand to indicate a size of the compressed data, a third operand to indicate a location to which decompressed data by the DE circuitry is to be stored, and a fourth operand to indicate a size of the decompressed data. Other embodiments are also disclosed and claimed.

公开(公告)号：US20210357213A1

公开(公告)日：2021-11-18

申请号：US17340632

申请日：2021-06-07

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Jason W. Brandt ,  Ravi L. Sahita ,  Barry E. Huntley ,  Baiju V. Patel ,  Deepak K. Gupta

IPC: G06F9/30 ,  G06F9/46 ,  G06F21/52

Abstract: Methods and apparatuses relating to switching of a shadow stack pointer are described. In one embodiment, a hardware processor includes a hardware decode unit to decode an instruction, and a hardware execution unit to execute the instruction to: pop a token for a thread from a shadow stack, wherein the token includes a shadow stack pointer for the thread with at least one least significant bit (LSB) of the shadow stack pointer overwritten with a bit value of an operating mode of the hardware processor for the thread, remove the bit value in the at least one LSB from the token to generate the shadow stack pointer, and set a current shadow stack pointer to the shadow stack pointer from the token when the operating mode from the token matches a current operating mode of the hardware processor.

公开(公告)号：US11163569B2

公开(公告)日：2021-11-02

申请号：US16729358

申请日：2019-12-28

Applicant: Intel Corporation

Inventor： Michael Lemay ,  Vedvyas Shanbhogue ,  Deepak Gupta ,  Ravi Sahita ,  David M. Durham ,  Willem Pinckaers ,  Enrico Perla

IPC: G06F16/90 ,  G06F12/14 ,  G06F12/1009 ,  G06F9/30 ,  G06F9/38 ,  G06F16/901 ,  G06F9/46 ,  G06F9/448

Abstract: Systems, methods, and apparatuses relating to circuitry to implement individually revocable capabilities for enforcing temporal memory safety are described. In one embodiment, a hardware processor comprises an execution unit to execute an instruction to request access to a block of memory through a pointer to the block of memory, and a memory controller circuit to allow access to the block of memory when an allocated object tag in the pointer is validated with an allocated object tag in an entry of a capability table in memory that is indexed by an index value in the pointer, wherein the memory controller circuit is to clear the allocated object tag in the capability table when a corresponding object is deallocated.

公开(公告)号：US20210311643A1

公开(公告)日：2021-10-07

申请号：US17349509

申请日：2021-06-16

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Siddhartha Chhabra

IPC: G06F3/06 ,  H04L9/08 ,  G06F9/50 ,  G06F9/455

Abstract: Securing communications over a compute express link (CXL) is performed by receiving allocation of memory in a memory device and a key identifier (ID) to a trusted execution environment virtual machine (TEE VM); configuring a random key for the key ID by sending a random key configuration request to instruct a device security manager (DSM) of the memory device to configure a memory encryption engine (MEE) of the memory device with the random key and the memory allocation; initializing the allocated memory using the random key; and enabling secure access by the TEE VM to the allocated memory over the CXL by encrypting data transfers from the TEE VM to the memory device using the random key or decrypting data transfers from the memory device to the TEE VM using the random key.

公开(公告)号：US11099847B2

公开(公告)日：2021-08-24

申请号：US16741498

申请日：2020-01-13

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Jason W. Brandt ,  Ravi L. Sahita ,  Xiaoning Li

IPC: G06F21/00 ,  G06F9/30 ,  G06F9/38 ,  G06F21/55

Abstract: A processor includes an execution unit and a processing logic operatively coupled to the execution unit, the processing logic to: enter a first execution state and transition to a second execution state responsive to executing a control transfer instruction. Responsive to executing a target instruction of the control transfer instruction, the processing logic further transitions to the first execution state responsive to the target instruction being a control transfer termination instruction of a mode identical to a mode of the processing logic following the execution of the control transfer instruction; and raises an execution exception responsive to the target instruction being a control transfer termination instruction of a mode different than the mode of the processing logic following the execution of the control transfer instruction.

公开(公告)号：US11082231B2

公开(公告)日：2021-08-03

申请号：US15859295

申请日：2017-12-29

Applicant: Intel Corporation

Inventor： Siddhartha Chhabra ,  Vedvyas Shanbhogue

IPC: H04L9/32 ,  H04L9/06 ,  G06F12/14 ,  H04L9/14 ,  H04L9/08 ,  H04L9/00

Abstract: A processer is provided that includes on-die memory, a protected memory region, and a memory encryption engine (MEE). The MEE includes logic to: receive a request for data in a particular page in the protected region of memory, and access a pointer in an indirection directory, where the pointer is to point to a particular metadata page stored outside the protected region of memory. The particular metadata page includes a first portion of security metadata for use in securing the data of the particular page. The MEE logic is further to access a second portion of the security metadata associated with the particular page from the protected region of memory, and determine authenticity of the data of the particular page based on the first and second portions of the security metadata.

公开(公告)号：US20210064547A1

公开(公告)日：2021-03-04

申请号：US16456718

申请日：2019-06-28

Applicant: Intel Corporation

Inventor： Siddhartha Chhabra ,  Vedvyas Shanbhogue ,  Ravi L. Sahita

IPC: G06F12/14 ,  G06F12/0802 ,  H04L9/06 ,  G06F11/10

Abstract: A processor includes a processor core and a memory controller coupled to the processor core. The memory controller comprising a cryptographic engine to: detect, in a write request for a cache line, a key identifier (ID) within a physical address of a location in memory; determine that the key ID is a trust domain key ID of a plurality of key IDs; responsive to a determination that the key ID is the trust domain key ID, set an ownership bit of the cache line to indicate the cache line belongs to a trust domain; encrypt the cache line to generate encrypted data; determine a message authentication code (MAC) associated with the cache line; and write the encrypted data, the ownership bit, and the MAC of the cache line to the memory.

公开(公告)号：US10922241B2

公开(公告)日：2021-02-16

申请号：US16402442

申请日：2019-05-03

Applicant: INTEL CORPORATION

Inventor： Krystof C. Zmudzinski ,  Siddhartha Chhabra ,  Uday R. Savagaonkar ,  Simon P. Johnson ,  Rebekah M. Leslie-Hurd ,  Francis X. McKeen ,  Gilbert Neiger ,  Raghunandan Makaram ,  Carlos V. Rozas ,  Amy L. Santoni ,  Vincent R. Scarlata ,  Vedvyas Shanbhogue ,  Ilya Alexandrovich ,  Ittai Anati ,  Wesley H. Smith ,  Michael Goldsmith

IPC: G06F12/1009 ,  G06F12/1027 ,  G06F12/1036 ,  G06F12/109 ,  G06F12/14 ,  G06F9/455 ,  G06F12/1045

Abstract: A processor for supporting secure memory intent is disclosed. The processor of the disclosure includes a memory execution unit to access memory and a processor core coupled to the memory execution unit. The processor core is to receive a request to access a convertible page of the memory. In response to the request, the processor core to determine an intent for the convertible page in view of a page table entry (PTE) corresponding to the convertible page. The intent indicates whether the convertible page is to be accessed as at least one of a secure page or a non-secure page.

公开(公告)号：US10860709B2

公开(公告)日：2020-12-08

申请号：US16024547

申请日：2018-06-29

Applicant: Intel Corporation

Inventor： Michael Lemay ,  David M. Durham ,  Michael E. Kounavis ,  Barry E. Huntley ,  Vedvyas Shanbhogue ,  Jason W. Brandt ,  Josh Triplett ,  Gilbert Neiger ,  Karanvir Grewal ,  Baiju V. Patel ,  Ye Zhuang ,  Jr-Shian Tsai ,  Vadim Sukhomlinov ,  Ravi Sahita ,  Mingwei Zhang ,  James C. Farwell ,  Amitabh Das ,  Krishna Bhuyan

IPC: G06F21/53 ,  G06F12/02

Abstract: Disclosed embodiments relate to encoded inline capabilities. In one example, a system includes a trusted execution environment (TEE) to partition an address space within a memory into a plurality of compartments each associated with code to execute a function, the TEE further to assign a message object in a heap to each compartment, receive a request from a first compartment to send a message block to a specified destination compartment, respond to the request by authenticating the request, generating a corresponding encoded capability, conveying the encoded capability to the destination compartment, and scheduling the destination compartment to respond to the request, and subsequently, respond to a check capability request from the destination compartment by checking the encoded capability and, when the check passes, providing a memory address to access the message block, and, otherwise, generating a fault, wherein each compartment is isolated from other compartments.

公开(公告)号：US10761996B2

公开(公告)日：2020-09-01

申请号：US16147191

申请日：2018-09-28

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Ravi Sahita ,  Rajesh Sankaran ,  Siddhartha Chhabra ,  Abhishek Basak ,  Krystof Zmudzinski ,  Rupin Vakharwala

IPC: G06F12/00 ,  G06F12/1009 ,  G06F12/14 ,  G06F9/30 ,  G06F9/455 ,  G06F21/57 ,  G06F21/53

Abstract: Examples include an apparatus which accesses secure pages in a trust domain using secure lookups in first and second sets of page tables. For example, one embodiment of the processor comprises: a decoder to decode a plurality of instructions including instructions related to a trusted domain; execution circuitry to execute a first one or more of the instructions to establish a first trusted domain using a first trusted domain key, the trusted domain key to be used to encrypt memory pages within the first trusted domain; and the execution circuitry to execute a second one or more of the instructions to associate a first process address space identifier (PASID) with the first trusted domain, the first PASID to uniquely identify a first execution context associated with the first trusted domain.