公开(公告)号：US09710401B2

公开(公告)日：2017-07-18

申请号：US14752227

申请日：2015-06-26

Applicant: Intel Corporation

Inventor： Carlos V. Rozas ,  Mona Vij ,  Rebekah M. Leslie-Hurd ,  Krystof C. Zmudzinski ,  Somnath Chakrabarti ,  Francis X. McKeen ,  Vincent R. Scarlata ,  Simon P. Johnson ,  Ilya Alexandrovich ,  Gilbert Neiger ,  Vedvyas Shanbhogue ,  Ittai Anati

IPC: G06F11/30 ,  G06F12/14 ,  G06F21/60 ,  G06F9/30 ,  G06F21/53

CPC classification number: G06F12/1408 ,  G06F8/41 ,  G06F9/30145 ,  G06F9/45558 ,  G06F21/53 ,  G06F21/602 ,  G06F2009/4557 ,  G06F2009/45587 ,  G06F2212/1052

Abstract: A processor includes a decode unit to decode an instruction that is to indicate a page of a protected container memory, and a storage location outside of the protected container memory. An execution unit, in response to the instruction, is to ensure that there are no writable references to the page of the protected container memory while it has a write protected state. The execution unit is to encrypt a copy of the page of the protected container memory. The execution unit is to store the encrypted copy of the page to the storage location outside of the protected container memory, after it has been ensured that there are no writable references. The execution unit is to leave the page of the protected container memory in the write protected state, which is also valid and readable, after the encrypted copy has been stored to the storage location.

公开(公告)号：US09690704B2

公开(公告)日：2017-06-27

申请号：US15091926

申请日：2016-04-06

Applicant: Intel Corporation

Inventor： Francis X. Mckeen ,  Michael A. Goldsmith ,  Barry E. Huntley ,  Simon P. Johnson ,  Rebekah Leslie-Hurd ,  Carlos V. Rozas ,  Uday R. Savagaonkar ,  Vincent R. Scarlata ,  Vedvyas Shanbhogue ,  Wesley H. Smith ,  Ittai Anati ,  Ilya Alexandrovich ,  Alex Berenzon ,  Gilbert Neiger

IPC: G06F12/00 ,  G06F12/0804 ,  G06F9/30 ,  G06F12/0875 ,  G06F12/14

CPC classification number: G06F12/0804 ,  G06F9/30047 ,  G06F12/0875 ,  G06F12/1408 ,  G06F2212/1052 ,  G06F2212/402

Abstract: Embodiments of an invention for paging in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction. The execution unit is to execute the first instruction, wherein execution of the first instruction includes evicting a first page from an enclave page cache.

公开(公告)号：US20160378664A1

公开(公告)日：2016-12-29

申请号：US14752109

申请日：2015-06-26

Applicant: Intel Corporation

Inventor： Rebekah M. Leslie-Hurd ,  Carlos V. Rozas ,  Francis X. McKeen ,  Ilya Alexandrovich ,  Vedvyas Shanbhogue ,  Bin Xing ,  Mark W. Shanahan ,  Simon P. Johnson

IPC: G06F12/08

CPC classification number: G06F12/0844 ,  G06F11/073 ,  G06F11/0775 ,  G06F12/0882 ,  G06F2212/1032 ,  G06F2212/1052 ,  G06F2212/281 ,  G06F2212/312 ,  G06F2212/402 ,  G06F2212/608

Abstract: A processor implementing techniques to supporting fault information delivery is disclosed. In one embodiment, the processor includes a memory controller unit to access an enclave page cache (EPC) and a processor core coupled to the memory controller unit. The processor core to detect a fault associated with accessing the EPC and generate an error code associated with the fault. The error code reflects an EPC-related fault cause. The processor core is further to encode the error code into a data structure associated with the processor core. The data structure is for monitoring a hardware state related to the processor core.

Abstract translation: 公开了一种实现技术支持故障信息传递的处理器。 在一个实施例中，处理器包括存储器控制器单元，用于访问耦合到存储器控制器单元的飞地页面缓存（EPC）和处理器核心。 处理器核心，用于检测与访问EPC相关的故障并生成与故障相关的错误代码。 错误代码反映了与EPC相关的故障原因。 处理器核心还将错误代码编码成与处理器核心相关联的数据结构。 数据结构用于监视与处理器核心相关的硬件状态。

公开(公告)号：US20160202976A1

公开(公告)日：2016-07-14

申请号：US15074573

申请日：2016-03-18

Applicant: Intel Corporation

Inventor： Rebekah Leslie-Hurd ,  Carlos V. Rozas ,  Vincent R. Scarlata ,  Simon P. Johnson ,  Uday R. Savagaonkar ,  Barry E. Huntley ,  Vedvyas Shanbhogue ,  Ittai Anati ,  Francis X. Mckeen ,  Michael A. Goldsmith ,  Ilya Alexandrovich ,  Alex Berenzon ,  Wesley H. Smith ,  Gilbert Neiger

IPC: G06F9/30 ,  G06F12/08

CPC classification number: G06F9/3004 ,  G06F9/30047 ,  G06F9/30076 ,  G06F9/44 ,  G06F12/084 ,  G06F12/0875 ,  G06F12/1483 ,  G06F2212/452

Abstract: Embodiments of an invention for memory management in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction and a second instruction. The execution unit is to execute the first instruction, wherein execution of the first instruction includes allocating a page in an enclave page cache to a secure enclave. The execution unit is also to execute the second instruction, wherein execution of the second instruction includes confirming the allocation of the page.

Abstract translation: 公开了用于安全飞行器中的存储器管理的发明的实施例。 在一个实施例中，处理器包括指令单元和执行单元。 指令单元接收第一指令和第二指令。 执行单元执行第一指令，其中第一指令的执行包括将飞地页面缓存中的页面分配到安全飞地。 执行单元还执行第二指令，其中第二指令的执行包括确认页的分配。

公开(公告)号：US09059855B2

公开(公告)日：2015-06-16

申请号：US13843954

申请日：2013-03-15

Applicant: Intel Corporation

Inventor： Simon P. Johnson ,  Vincent R. Scarlata ,  Willard M. Wiseman

IPC: G06F21/00 ,  H04L9/32 ,  G06F21/10 ,  G06F21/57

CPC classification number: G06F21/71 ,  G06F21/10 ,  G06F21/57 ,  G06F2221/0748 ,  G06F2221/0797 ,  H04L9/3234

Abstract: An apparatus and method are described for implementing a trusted dynamic launch and trusted platform module (TPM) using a secure enclave. For example, a computer-implemented method according to one embodiment of the invention comprises: initializing a secure enclave in response to a first command, the secure enclave comprising a trusted software execution environment which prevents software executing outside the enclave from having access to software and data inside the enclave; and executing a trusted platform module (TPM) from within the secure enclave, the trusted platform module securely reading data from a set of platform control registers (PCR) in a processor or chipset component into a memory region allocated to the secure enclave.

Abstract translation: 描述了使用安全飞地实现可信的动态发射和可信平台模块（TPM）的装置和方法。 例如，根据本发明的一个实施例的计算机实现的方法包括：响应于第一命令初始化安全飞地，所述安全飞地包括可信软件执行环境，其防止在飞地之外执行的软件访问软件，以及 飞地内的数据; 以及从所述安全飞地内执行可信平台模块（TPM），所述可信平台模块将处理器或芯片组组件中的一组平台控制寄存器（PCR）中的数据安全地读取到分配给所述安全飞地的存储器区域中。

公开(公告)号：US20230042288A1

公开(公告)日：2023-02-09

申请号：US17867306

申请日：2022-07-18

Applicant: Intel Corporation

Inventor： Krystof C. Zmudzinski ,  Siddhartha Chhabra ,  Uday R. Savagaonkar ,  Simon P. Johnson ,  Rebekah M. Leslie-Hurd ,  Francis X. McKeen ,  Gilbert Neiger ,  Raghunandan Makaram ,  Carlos V. Rozas ,  Amy L. Santoni ,  Vincent R. Scarlata ,  Vedvyas Shanbhogue ,  Ilya Alexandrovich ,  Ittai Anati ,  Wesley H. Smith ,  Michael Goldsmith

IPC: G06F12/1009 ,  G06F12/1027 ,  G06F12/1036 ,  G06F12/109 ,  G06F12/14 ,  G06F9/455

Abstract: A processor for supporting secure memory intent is disclosed. The processor of the disclosure includes a memory execution unit to access memory and a processor core coupled to the memory execution unit. The processor core is to receive a request to access a convertible page of the memory. In response to the request, the processor core to determine an intent for the convertible page in view of a page table entry (PTE) corresponding to the convertible page. The intent indicates whether the convertible page is to be accessed as at least one of a secure page or a non-secure page.

公开(公告)号：US20210255962A1

公开(公告)日：2021-08-19

申请号：US17156175

申请日：2021-01-22

Applicant: Intel Corporation

Inventor： Krystof C. Zmudzinski ,  Siddhartha Chhabra ,  Uday R. Savagaonkar ,  Simon P. Johnson ,  Rebekah M. Leslie-Hurd ,  Francis X. McKeen ,  Gilbert Neiger ,  Raghunandan Makaram ,  Carlos V. Rozas ,  Amy L. Santoni ,  Vincent R. Scarlata ,  Vedvyas Shanbhogue ,  Ilya Alexandrovich ,  Ittai Anati ,  Wesley H. Smith ,  Michael Goldsmith

IPC: G06F12/1009 ,  G06F12/1027 ,  G06F12/1036 ,  G06F12/109 ,  G06F12/14 ,  G06F9/455

Abstract: A processor for supporting secure memory intent is disclosed. The processor of the disclosure includes a memory execution unit to access memory and a processor core coupled to the memory execution unit. The processor core is to receive a request to access a convertible page of the memory. In response to the request, the processor core to determine an intent for the convertible page in view of a page table entry (PTE) corresponding to the convertible page. The intent indicates whether the convertible page is to be accessed as at least one of a secure page or a non-secure page.

公开(公告)号：US11055236B2

公开(公告)日：2021-07-06

申请号：US16729251

申请日：2019-12-27

Applicant: Intel Corporation

Inventor： Carlos V. Rozas ,  Mona Vij ,  Rebekah M. Leslie-Hurd ,  Krystof C. Zmudzinski ,  Somnath Chakrabarti ,  Francis X. Mckeen ,  Vincent R. Scarlata ,  Simon P. Johnson ,  Ilya Alexandrovich ,  Gilbert Neiger ,  Vedvyas Shanbhogue ,  Ittai Anati

IPC: G06F12/14 ,  G06F21/60 ,  G06F9/30 ,  G06F21/53 ,  G06F8/41 ,  G06F9/455

Abstract: A processor includes a decode unit to decode an instruction that is to indicate a page of a protected container memory, and a storage location outside of the protected container memory. An execution unit, in response to the instruction, is to ensure that there are no writable references to the page of the protected container memory while it has a write protected state. The execution unit is to encrypt a copy of the page of the protected container memory. The execution unit is to store the encrypted copy of the page to the storage location outside of the protected container memory, after it has been ensured that there are no writable references. The execution unit is to leave the page of the protected container memory in the write protected state, which is also valid and readable, after the encrypted copy has been stored to the storage location.

公开(公告)号：US20210117350A1

公开(公告)日：2021-04-22

申请号：US17134242

申请日：2020-12-25

Applicant: Intel Corporation

Inventor： Robert J. Safranek ,  Robert G. Blankenship ,  Venkatraman Iyer ,  Jeff Willey ,  Robert Beers ,  Darren S. Jue ,  Arvind A. Kumar ,  Debendra Das Sharma ,  Jeffrey C. Swanson ,  Bahaa Fahim ,  Vedaraman Geetha ,  Aaron T. Spink ,  Fulvio Spagna ,  Rahul R. Shah ,  Sitaraman V. Iyer ,  William Harry Nale ,  Abhishek Das ,  Simon P. Johnson ,  Yuvraj S. Dhillon ,  Yen-Cheng Liu ,  Raj K. Ramanujan ,  Robert A. Maddox ,  Herbert H. Hum ,  Ashish Gupta

IPC: G06F13/22 ,  H04L12/933 ,  G06F12/0813 ,  G06F12/0815 ,  G06F12/0831 ,  G06F13/42 ,  G06F8/71 ,  G06F8/77 ,  G06F9/30 ,  G06F12/0806 ,  G06F9/46 ,  G06F13/40 ,  G06F9/445 ,  G06F1/3287 ,  G06F11/10 ,  H04L9/06 ,  G06F12/0808

Abstract: A physical layer (PHY) is coupled to a serial, differential link that is to include a number of lanes. The PHY includes a transmitter and a receiver to be coupled to each lane of the number of lanes. The transmitter coupled to each lane is configured to embed a clock with data to be transmitted over the lane, and the PHY periodically issues a blocking link state (BLS) request to cause an agent to enter a BLS to hold off link layer flit transmission for a duration. The PHY utilizes the serial, differential link during the duration for a PHY associated task selected from a group including an in-band reset, an entry into low power state, and an entry into partial width state.

公开(公告)号：US20210006416A1

公开(公告)日：2021-01-07

申请号：US16856968

申请日：2020-04-23

Applicant: Intel Corporation

Inventor： Vincent R. Scarlata ,  Francis X. McKeen ,  Carlos V. Rozas ,  Simon P. Johnson ,  Bo Zhang ,  James D. Beaney, JR. ,  Piotr Zmijewski ,  Wesley Hamilton Smith ,  Eduardo Cabre ,  Uday R. Savagaonkar

IPC: H04L9/32 ,  H04L9/08 ,  G09C1/00 ,  H04L29/06 ,  H04L9/14

Abstract: Embodiments include systems, methods, computer readable media, and devices configured to, for a first processor of a platform, generate a platform root key; create a data structure to encapsulate the platform root key, the data structure comprising a platform provisioning key and an identification of a registration service; and transmit, on a secure connection, the data structure to the registration service to register the platform root key for the first processor of the platform. Embodiments include systems, methods, computer readable media, and devices configured to store a device certificate received from a key generation facility; receive a manifest from a platform, the manifest comprising an identification of a processor associated with the platform; and validate the processor using a stored device certificate.