-
公开(公告)号:US10289554B2
公开(公告)日:2019-05-14
申请号:US15711615
申请日:2017-09-21
Applicant: Intel Corporation
Inventor: Rebekah M. Leslie-Hurd , Carlos V. Rozas , Francis X. Mckeen , Ilya Alexandrovich , Vedvyas Shanbhogue , Bin Xing , Mark W. Shanahan , Simon P. Johnson
IPC: G06F12/0844 , G06F12/0882 , G06F11/07
Abstract: A processor implementing techniques to supporting fault information delivery is disclosed. In one embodiment, the processor includes a memory controller unit to access an enclave page cache (EPC) and a processor core coupled to the memory controller unit. The processor core to detect a fault associated with accessing the EPC and generate an error code associated with the fault. The error code reflects an EPC-related fault cause. The processor core is further to encode the error code into a data structure associated with the processor core. The data structure is for monitoring a hardware state related to the processor core.
-
公开(公告)号:US20190065406A1
公开(公告)日:2019-02-28
申请号:US16174337
申请日:2018-10-30
Applicant: Intel Corporation
Inventor: Michael Steiner , Thomas Knauth , Li Lei , Bin Xing , Mona Vij , Somnath Chakrabarti
Abstract: In a method for protecting extra-enclave communications, a data processing system allocates a portion of random access memory (RAM) to a server application that is to execute at a low privilege level, and the data processing system creates an enclave comprising the portion of RAM allocated to the server application. The enclave protects the RAM in the enclave from access by software that executes at a high privilege level. The server application obtains a platform attestation report (PAR) for the enclave from the processor. The PAR includes attestation data from the processor attesting to integrity of the enclave. The server application also generates a public key certificate for the server application. The public key certificate comprises the attestation data. The server application utilizes the public key certificate to establish a transport layer security (TLS) communication channel with a client application outside of the enclave. Other embodiments are described and claimed.
-
公开(公告)号:US09933968B2
公开(公告)日:2018-04-03
申请号:US14701228
申请日:2015-04-30
Applicant: INTEL CORPORATION
Inventor: Bin Xing
IPC: G06F12/02 , G06F12/10 , G06F3/06 , G06F21/74 , G06F21/53 , G06F12/0866 , G06F12/0802 , G06F12/08
CPC classification number: G06F3/0634 , G06F3/0623 , G06F3/0644 , G06F3/0664 , G06F3/0673 , G06F12/0223 , G06F12/08 , G06F12/0802 , G06F12/0866 , G06F12/10 , G06F21/53 , G06F21/74 , G06F2212/1041 , G06F2212/1056 , G06F2221/033
Abstract: A system and method for adapting a secure application execution environment to support multiple configurations includes determining a maximum configuration for the secure application execution environment, determining an optimal configuration for the secure application environment, and, at load time, configuring the secure application execution environment for the optimal configuration.
-
公开(公告)号:US20170091445A1
公开(公告)日:2017-03-30
申请号:US14866856
申请日:2015-09-26
Applicant: Intel Corporation
Inventor: Bin Xing , Krystof C. Zmudzinski , Wei Wu , Shih-Lien L. Lu , Carlos V. Rozas , Francis X. McKeen , Siddhartha Chhabra , Mark W. Shanahan
IPC: G06F21/53
CPC classification number: G06F21/53 , G06F21/79 , G06F2221/033
Abstract: Technologies for software attack detection include a computing device with a processor and a memory external to the processor. The processor originates a memory transaction with an associated secure enclave status bit that indicates whether the memory transaction originated in a secure execution mode, such as from a secure enclave. The processor computes an error-correcting code (ECC) based as a function of memory transaction data and the secure enclave status bit, and performs the memory transaction based on the ECC and the memory transaction data using the memory of the computing device. The processor may store the ECC and the memory transaction data to memory. The processor may load a stored ECC and data from the memory and compare the computed ECC to the stored ECC to detect memory transactions with an invalid secure enclave status bit. Other embodiments are described and claimed.
-
公开(公告)号:US09098300B2
公开(公告)日:2015-08-04
申请号:US13935767
申请日:2013-07-05
Applicant: INTEL CORPORATION
Inventor: Vincent J. Zimmer , Bin Xing , Scott H. Robinson
CPC classification number: G06F9/4401 , G06F11/073 , G06F11/076 , G06F11/1092 , G06F21/14 , G06F21/572 , G06F21/575
Abstract: In one embodiment, a semiconductor integrated code (SIC) may be provided in a binary format by a processor manufacturer. This SIC may include platform independent code of the processor manufacturer. Such code may include embedded processor logic to initialize the processor and at least one link that couples the processor to a memory, and embedded memory logic to initialize the memory. Other embodiments are described and claimed.
Abstract translation: 在一个实施例中,半导体集成代码(SIC)可由处理器制造商以二进制格式提供。 该SIC可以包括处理器制造商的平台无关代码。 这样的代码可以包括用于初始化处理器的嵌入式处理器逻辑和将处理器耦合到存储器的至少一个链路以及嵌入式存储器逻辑以初始化存储器。 描述和要求保护其他实施例。
-
Patent Agency Ranking
公开(公告)号:US12093432B2
公开(公告)日:2024-09-17
申请号:US17485077
申请日:2021-09-24
Applicant: Intel Corporation
Inventor: Scott Constable , Yuan Xiao , Bin Xing , Mona Vij , Mark Shanahan
CPC classification number: G06F21/74 , G06F12/0862 , G06F12/1416 , G06F21/52 , G06F21/554 , G06F21/577 , G06F2201/88
Abstract: In one embodiment, an apparatus comprises a processing circuitry to detect an occurrence of at least one of a single-stepping event or a zero-stepping event in an execution thread on an architecturally protected enclave and in response to the occurrence, implement at least one mitigation process to inhibit further occurrences of the at least one of a single-stepping event or a zero-stepping event in the architecturally protected enclave.
-
公开(公告)号:US20230205869A1
公开(公告)日:2023-06-29
申请号:US17561412
申请日:2021-12-23
Applicant: Intel Corporation
Inventor: Scott Constable , Bin Xing , Yuan Xiao , Krystof Zmudzinski , Mona Vij , Mark Shanahan , Francis McKeen , Ittai Anati
CPC classification number: G06F21/53 , G06F9/30145 , G06F9/30105
Abstract: Systems, methods, and apparatuses relating efficient exception handling in trusted execution environments are described. In an embodiment, a hardware processor includes a register, a decoder, and execution circuitry. The register has a field to be set to enable an architecturally protected execution environment at one of a plurality of contexts for code in an architecturally protected enclave in memory. The decoder is to decode an instruction having a format including a field for an opcode, the opcode to indicate that the execution circuitry is to perform a context change. The execution circuitry is to perform one or more operations corresponding to the instruction, the one or more operations including changing, within the architecturally protected enclave, from a first context to a second context.
-
38.发明申请公开(公告)号:US20230128711A1
公开(公告)日:2023-04-27
申请号:US18062957
申请日:2022-12-07
Applicant: Intel Corporation
Inventor: Reshma Lal , Gideon Gerzon , Baruch Chaikin , Siddhartha Chhabra , Pradeep M. Pappachan , Bin Xing
IPC: G06F21/60 , H04L9/40 , G06F21/57 , G06F13/28 , H04L9/32 , G06F21/62 , G06F21/85 , G09C1/00 , G06F13/20
Abstract: Technologies for trusted I/O include a computing device having a processor, a channel identifier filter, and an I/O controller. The I/O controller may generate an I/O transaction that includes a channel identifier and a memory address. The channel identifier filter verifies that the memory address of the I/O transaction is within a processor reserved memory region associated with the channel identifier. The processor reserved memory region is not accessible to software executed by the computing device. The processor encrypts I/O data at the memory address in response to invocation of a processor feature and copies the encrypted data to a memory buffer outside of the processor reserved memory region. The processor may securely clean the processor reserved memory region before encrypting and copying the data. The processor may wrap and unwrap programming information for the channel identifier filter. Other embodiments are described and claimed.
-
39.发明授权公开(公告)号:US11630904B2
公开(公告)日:2023-04-18
申请号:US17304391
申请日:2021-06-21
Applicant: Intel Corporation
Inventor: Pradeep M. Pappachan , Siddhartha Chhabra , Bin Xing , Reshma Lal , Baruch Chaikin
Abstract: In one embodiment, an apparatus includes a channel filter and a security processor. The security processor is to: receive a plurality of device access control policies from a protected non-volatile storage of a platform; determine whether the plurality of device access control policies are verified; program the channel filter with a plurality of filter entries each associated with one of the plurality of device access control policies based on the determination; and remove a security attribute of the security processor from a policy register of the channel filter, to lock the channel filter for a boot cycle of the platform. Other embodiments are described and claimed.
-
公开(公告)号:US20220012369A1
公开(公告)日:2022-01-13
申请号:US17485077
申请日:2021-09-24
Applicant: Intel Corporation
Inventor: Scott Constable , Yuan Xiao , Bin Xing , Mona Vij , Mark Shanahan
IPC: G06F21/74 , G06F12/0862 , G06F12/14 , G06F9/38 , G06F21/57
Abstract: In one embodiment, an apparatus comprises a processing circuitry to detect an occurrence of at least one of a single-stepping event or a zero-stepping event in an execution thread on an architecturally protected enclave and in response to the occurrence, implement at least one mitigation process to inhibit further occurrences of the at least one of a single-stepping event or a zero-stepping event in the architecturally protected enclave.
-
-
-
-
-
-
-
-
-
Search Results
68
records
(took 0.019 seconds)
