公开(公告)号：US09323686B2

公开(公告)日：2016-04-26

申请号：US13729277

申请日：2012-12-28

Applicant: Intel Corporation

Inventor： Francis X. Mckeen ,  Michael A. Goldsmith ,  Barry E. Huntley ,  Simon P. Johnson ,  Rebekah Leslie ,  Carlos V. Rozas ,  Uday R. Savagaonkar ,  Vincent R. Scarlata ,  Vedvyas Shanbhogue ,  Wesley H. Smith ,  Ittai Anati ,  Ilya Alexandrovich ,  Alex Berenzon ,  Gilbert Neiger

IPC: G06F12/00 ,  G06F12/08 ,  G06F9/30

CPC classification number: G06F12/0804 ,  G06F9/30047 ,  G06F12/0875 ,  G06F12/1408 ,  G06F2212/1052 ,  G06F2212/402

Abstract: Embodiments of an invention for paging in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction. The execution unit is to execute the first instruction, wherein execution of the first instruction includes evicting a first page from an enclave page cache.

Abstract translation: 公开了用于在安全飞行器中寻呼的发明的实施例。 在一个实施例中，处理器包括指令单元和执行单元。 指令单元接收第一条指令。 执行单元执行第一指令，其中第一指令的执行包括从飞地页面缓存中逐出第一页。

公开(公告)号：US20240184717A1

公开(公告)日：2024-06-06

申请号：US18378124

申请日：2023-10-09

Applicant: Intel Corporation

Inventor： Carlos V. Rozas ,  Mona Vij ,  Rebekah M. Leslie-Hurd ,  Krystof C. Zmudzinski ,  Somnath Chakrabarti ,  Francis X. Mckeen ,  Vincent R. Scarlata ,  Simon P. Johnson ,  Ilya Alexandrovich ,  Gilbert Neiger ,  Vedvyas Shanbhogue ,  Ittai Anati

IPC: G06F12/14 ,  G06F8/41 ,  G06F9/30 ,  G06F9/455 ,  G06F21/53 ,  G06F21/60

CPC classification number: G06F12/1408 ,  G06F8/41 ,  G06F9/30145 ,  G06F9/45558 ,  G06F12/1441 ,  G06F12/1483 ,  G06F21/53 ,  G06F21/602 ,  G06F2009/4557 ,  G06F2009/45587 ,  G06F2212/1052

Abstract: A processor includes a decode unit to decode an instruction that is to indicate a page of a protected container memory, and a storage location outside of the protected container memory. An execution unit, in response to the instruction, is to ensure that there are no writable references to the page of the protected container memory while it has a write protected state. The execution unit is to encrypt a copy of the page of the protected container memory. The execution unit is to store the encrypted copy of the page to the storage location outside of the protected container memory, after it has been ensured that there are no writable references. The execution unit is to leave the page of the protected container memory in the write protected state, which is also valid and readable, after the encrypted copy has been stored to the storage location.

公开(公告)号：US20240103868A1

公开(公告)日：2024-03-28

申请号：US17953486

申请日：2022-09-27

Applicant: Intel Corporation

Inventor： Andreas Kleen ,  Jason W. Brandt ,  Gilbert Neiger ,  Ittai Anati

IPC: G06F9/30 ,  G06F9/455

CPC classification number: G06F9/3016 ,  G06F9/30065 ,  G06F9/45558 ,  G06F2009/45591

Abstract: Techniques relating to virtual idle loops are described. In an embodiment, decoder circuitry decodes a single instruction. The single instruction includes a field for an identifier of a first source operand, a field for an identifier of a second source operand, a field for an identifier of a destination operand, and a field for an opcode. Execution circuitry executes the decoded instruction according to the opcode to: write the first source operand to a memory location identified by the second source operand; compute an index into a control array based at least in part on the destination operand; and determine whether to exit to a hypervisor of a Virtual Machine (VM) based at least in part on data stored at a location in the control array, wherein the location is to be identified by the computed index. Other embodiments are also disclosed and claimed.

公开(公告)号：US11754623B2

公开(公告)日：2023-09-12

申请号：US17397951

申请日：2021-08-09

Applicant: Intel Corporation

Inventor： Tsvika Kurts ,  Boris Dolgunov ,  Vladislav Mladentsev ,  Ittai Anati ,  Elias Khoury ,  Maor Kima ,  Eran Shlomo ,  Shay Gueron ,  William Penner

IPC: G01R31/317 ,  G06F16/22 ,  G01R31/3177 ,  G06F11/263 ,  H04L9/06 ,  H04L9/08 ,  H04L9/32

CPC classification number: G01R31/31719 ,  G01R31/3177 ,  G01R31/31705 ,  G06F11/263 ,  G06F16/22 ,  H04L9/0631 ,  H04L9/0819 ,  H04L9/0894 ,  H04L9/321

Abstract: Systems and techniques of the present disclosure may provide remote debugging of an integrated circuit (IC) device while preventing unauthorized access of device intellectual property (IP). A system may include an IC device that generates an encrypted session key and an interface that enables communication between the IC device and a remote debugging site. The interface may enable the IC device to send the encrypted the encrypted session key to initiate a remote debug process, receive an acknowledgement from the remote debugging session, and authenticate the acknowledgement. Further, the interface may enable to the IC device to initiate a secure debug session between the IC device and the remote debugging site.

公开(公告)号：US20220188114A1

公开(公告)日：2022-06-16

申请号：US17688728

申请日：2022-03-07

Applicant: Intel Corporation

Inventor： Regev Shemy ,  Zeev Sperber ,  Wajdi Feghali ,  Vinodh Gopal ,  Amit Gradstein ,  Simon Rubanovich ,  Sean Gulley ,  Ilya Albrekht ,  Jacob Doweck ,  Jose Yallouz ,  Ittai Anati

IPC: G06F9/30 ,  G06F9/38 ,  H04L9/06

Abstract: Systems, methods, and apparatuses relating to performing hashing operations on packed data elements are described. In one embodiment, a processor includes a decode circuit to decode a single instruction into a decoded single instruction, the single instruction including at least one first field that identifies eight 32-bit state elements A, B, C, D, E, F, G, and H for a round according to a SM3 hashing standard and at least one second field that identifies an input message; and an execution circuit to execute the decoded single instruction to: rotate state element C left by 9 bits to form a rotated state element C, rotate state element D left by 9 bits to form a rotated state element D, rotate state element G left by 19 bits to form a rotated state element G, rotate state element H left by 19 bits to form a rotated state element H, perform two rounds according to the SM3 hashing standard on the input message and state element A, state element B, rotated state element C, rotated state element D, state element E, state element F, rotated state element G, and rotated state element H to generate an updated state element A, an updated state element B, an updated state element E, and an updated state element F, and store the updated state element A, the updated state element B, the updated state element E, and the updated state element F into a location specified by the single instruction.

公开(公告)号：US11243893B2

公开(公告)日：2022-02-08

申请号：US15977353

申请日：2018-05-11

Applicant: Intel Corporation

Inventor： Jonathan Lutz ,  Reouven Elbaz ,  Jason W. Brandt ,  Hisham Shafi ,  Ittai Anati ,  Vedvyas Shanbhogue

IPC: G06F12/14 ,  G06F21/60 ,  G06F21/78 ,  G06F11/36 ,  H04L9/08 ,  G06F9/38

Abstract: A processor or system includes a processor core to execute a set of instructions to determine that a memory encryption mode is enabled. The memory encryption mode is to cause data stored to memory to be encrypted and data retrieved from the memory to be decrypted. The processor core is further to determine that a debug mode has been enabled and, responsive to a determination that the debug mode has been enabled, generate a second encryption key different than a first encryption key employed before reboot of a computing system. The processor core is further to transmit the second encryption key to a cryptographic engine for use in encryption and decryption of the data according to the memory encryption mode.

公开(公告)号：US11204874B2

公开(公告)日：2021-12-21

申请号：US16838418

申请日：2020-04-02

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Krystof C. Zmudzinski ,  Carlos V. Rozas ,  Francis X. McKeen ,  Raghunandan Makaram ,  Ilya Alexandrovich ,  Ittai Anati ,  Meltem Ozsoy

IPC: G06F12/0862 ,  G06F12/0846 ,  G06F12/1027 ,  G06F12/14 ,  G06F12/1009

Abstract: Secure memory repartitioning technologies are described. Embodiments of the disclosure may include a processing device including a processor core and a memory controller coupled between the processor core and a memory device. The memory device includes a memory range including a section of convertible pages that are convertible to secure pages or non-secure pages. The processor core is to receive a non-secure access request to a page in the memory device, responsive to a determination, based on one or more secure state bits in one or more secure state bit arrays, that the page is a secure page, insert an abort page address into a translation lookaside buffer, and responsive to a determination, based on the one or more secure state bits in the one or more secure state bit arrays, that the page is a non-secure page, insert the page into the translation lookaside buffer.

公开(公告)号：US20210364571A1

公开(公告)日：2021-11-25

申请号：US17397951

申请日：2021-08-09

Applicant: Intel Corporation

Inventor： Tsvika Kurts ,  Boris Dolgunov ,  Vladislav Mladentsev ,  Ittai Anati ,  Elias Khoury ,  Maor Kima ,  Eran Shlomo ,  Shay Gueron ,  William Penner

IPC: G01R31/317 ,  G06F16/22 ,  G01R31/3177 ,  G06F11/263 ,  H04L9/06 ,  H04L9/08 ,  H04L9/32

Abstract: Systems and techniques of the present disclosure may provide remote debugging of an integrated circuit (IC) device while preventing unauthorized access of device intellectual property (IP). A system may include an IC device that generates an encrypted session key and an interface that enables communication between the IC device and a remote debugging site. The interface may enable the IC device to send the encrypted the encrypted session key to initiate a remote debug process, receive an acknowledgement from the remote debugging session, and authenticate the acknowledgement. Further, the interface may enable to the IC device to initiate a secure debug session between the IC device and the remote debugging site.

公开(公告)号：US10824428B2

公开(公告)日：2020-11-03

申请号：US16370459

申请日：2019-03-29

Applicant: Intel Corporation

Inventor： Regev Shemy ,  Zeev Sperber ,  Wajdi Feghali ,  Vinodh Gopal ,  Amit Gradstein ,  Simon Rubanovich ,  Sean Gulley ,  Ilya Albrekht ,  Jacob Doweck ,  Jose Yallouz ,  Ittai Anati

IPC: G06F9/30 ,  H04L9/06 ,  G06F9/38

Abstract: Systems, methods, and apparatuses relating to performing hashing operations on packed data elements are described. In one embodiment, a processor includes a decode circuit to decode a single instruction into a decoded single instruction, the single instruction including at least one first field that identifies eight 32-bit state elements A, B, C, D, E, F, G, and H for a round according to a SM3 hashing standard and at least one second field that identifies an input message; and an execution circuit to execute the decoded single instruction to: rotate state element C left by 9 bits to form a rotated state element C, rotate state element D left by 9 bits to form a rotated state element D, rotate state element G left by 19 bits to form a rotated state element G, rotate state element H left by 19 bits to form a rotated state element H, perform two rounds according to the SM3 hashing standard on the input message and state element A, state element B, rotated state element C, rotated state element D, state element E, state element F, rotated state element G, and rotated state element H to generate an updated state element A, an updated state element B, an updated state element E, and an updated state element F, and store the updated state element A, the updated state element B, the updated state element E, and the updated state element F into a location specified by the single instruction.

公开(公告)号：US20180183580A1

公开(公告)日：2018-06-28

申请号：US15391208

申请日：2016-12-27

Applicant: Intel Corporation

Inventor： Vincent R. Scarlata ,  Carlos V. Rozas ,  Simon P. Johnson ,  Francis X. McKeen ,  Mona Vij ,  Somnath Chakrabarti ,  Brandon Baker ,  Ittai Anati ,  Ilya Alexandrovich

IPC: H04L9/08 ,  H04L9/32 ,  G06F9/48

CPC classification number: G06F9/4856 ,  G06F21/53 ,  G06F21/602 ,  H04L9/0861 ,  H04L9/0897 ,  H04L9/3247 ,  H04L9/3268

Abstract: A secure migration enclave is provided to identify a launch of a particular virtual machine on a host computing system, where the particular virtual machine is launched to include a secure quoting enclave to perform an attestation of one or more aspects of the virtual machine. A root key for the particular virtual machine is generated using the secure migration enclave hosted on the host computing system for use in association with provisioning the secure quoting enclave with an attestation key to be used in the attestation. The migration enclave registers the root key with a virtual machine registration service.