-
公开(公告)号:US20210224202A1
公开(公告)日:2021-07-22
申请号:US17222722
申请日:2021-04-05
Applicant: Intel Corporation
Inventor: Siddhartha Chhabra , Hormuzd M. Khosravi , Gideon Gerzon , Barry E. Huntley , Gilbert Neiger , Ido Ouziel , Baiju Patel , Ravi L. Sahita , Amy L. Santoni , Ioannis T. Schoinas
Abstract: In one embodiment, an apparatus comprises a processor to execute instruction(s), wherein the instructions comprise a memory access operation associated with a memory location of a memory. The apparatus further comprises a memory encryption controller to: identify the memory access operation; determine that the memory location is associated with a protected domain, wherein the protected domain is associated with a protected memory region of the memory, and wherein the protected domain is identified from a plurality of protected domains associated with a plurality of protected memory regions of the memory; identify an encryption key associated with the protected domain; perform a cryptography operation on data associated with the memory access operation, wherein the cryptography operation is performed based on the encryption key associated with the protected domain; and return a result of the cryptography operation, wherein the result is to be used for the memory access operation.
-
公开(公告)号:US20200328879A1
公开(公告)日:2020-10-15
申请号:US16946470
申请日:2020-06-23
Applicant: Intel Corporation
Inventor: Raghunandan Makaram , Ishwar Agarwal , Kirk S. Yap , Nitish Paliwal , David J. Harriman , Ioannis T. Schoinas
Abstract: An apparatus includes a port with circuitry to implement one or more layers of a Compute Express Link (CXL)-based protocol. The port includes an agent to obtain information to be transmitted to another device over a link based on the CXL-based protocol via a flit, encrypt at least a portion of the information to yield a ciphertext, generate a cyclic redundancy check (CRC) code based on the ciphertext, and cause a flit to be generated comprising the ciphertext. The port is to use the circuitry to transmit the flit and the CRC code to the other device over the link.
-
公开(公告)号:US20200177392A1
公开(公告)日:2020-06-04
申请号:US16689575
申请日:2019-11-20
Applicant: INTEL CORPORATION
Inventor: David M. Durham , Rajat Agarwal , Siddhartha Chhabra , Sergej Deutsch , Karanvir S. Grewal , Ioannis T. Schoinas
IPC: H04L9/32 , G06F12/14 , G06F21/78 , G06F11/10 , H04L9/06 , H04L9/08 , G06F21/79 , G06F12/0886 , G06F3/06 , G11C29/52
Abstract: In one example, a system for managing encrypted memory comprises a processor to store a first MAC based on data stored in system memory in response to a write operation to the system memory. The processor can also detect a read operation corresponding to the data stored in the system memory, calculate a second MAC based on the data retrieved from the system memory, determine that the second MAC does not match the first MAC, and recalculate the second MAC with a correction operation, wherein the correction operation comprises an XOR operation based on the data retrieved from the system memory and a replacement value for a device of the system memory. Furthermore, the processor can decrypt the data stored in the system memory in response to detecting the recalculated second MAC matches the first MAC and transmit the decrypted data to cache thereby correcting memory errors.
-
公开(公告)号:US20190281025A1
公开(公告)日:2019-09-12
申请号:US16372353
申请日:2019-04-01
Applicant: Intel Corporation
Inventor: David J. Harriman , Raghunandan Makaram , Ioannis T. Schoinas , Kapil Sood , Yu-Yuan Chen , Vedvyas Shanbhogue , Siddhartha Chhabra , Reshma Lal , Reouven Elbaz
Abstract: A protected link between a first computing device and a second computing device is set up, wherein communication over the protected link is to comply with a communication protocol that allows packets to be reordered during transit. A plurality of packets are generated according to a packet format that ensures the plurality of packets will not be reordered during transmission over the protected link, the plurality of packets comprising a first packet and a second packet. Data of the plurality of packets are encrypted for transmission over the protected link, wherein data of the first packet is encrypted based on the cryptographic key and a first value of a counter and data of the second packet is encrypted based on the cryptographic key and a second value of the counter.
-
公开(公告)号:US20160357700A1
公开(公告)日:2016-12-08
申请号:US14880443
申请日:2015-10-12
Applicant: Intel Corporation
Inventor: Michael T. Klinglesmith , Chang Yong Kang , Robert DeGruijl , Ioannis T. Schoinas , Darren Abramson , Khee Wooi Lee
CPC classification number: G06F13/4282 , G06F3/0604 , G06F3/0644 , G06F3/068 , G06F12/0828 , G06F13/1663 , G06F2212/621
Abstract: In one embodiment, a system includes: a first root space associated with a first root space identifier and including at least one first host processor and a first agent, the at least one first host processor and the first agent associated with the first root space identifier; a second root space associated with a second root space identifier and including at least one second host processor and a second agent, the at least one second host processor and the second agent associated with the second root space identifier; and a shared fabric to couple the first root space and the second root space, the shared fabric to route a transaction to the first root space or the second root space based at least in part on a root space field of the transaction. Other embodiments are described and claimed.
Abstract translation: 在一个实施例中,系统包括:与第一根空间标识符相关联并包括至少一个第一主处理器和第一代理的第一根空间,所述至少一个第一主处理器和与第一根空间标识符相关联的第一代理 ; 与第二根空间标识符相关联并且包括至少一个第二主处理器和第二代理的第二根空间,所述至少一个第二主处理器和与所述第二根空间标识符相关联的第二代理; 以及共享结构,用于耦合第一根空间和第二根空间,共享结构至少部分地基于事务的根空间字段将事务路由到第一根空间或第二根空间。 描述和要求保护其他实施例。
-
Patent Agency Ranking
公开(公告)号:US11687654B2
公开(公告)日:2023-06-27
申请号:US15705562
申请日:2017-09-15
Applicant: Intel Corporation
Inventor: Ravi L. Sahita , Baiju V. Patel , Barry E. Huntley , Gilbert Neiger , Hormuzd M. Khosravi , Ido Ouziel , David M. Durham , Ioannis T. Schoinas , Siddhartha Chhabra , Carlos V. Rozas , Gideon Gerzon
IPC: G06F21/57 , G06F21/62 , G06F12/14 , H04L9/06 , H04L9/40 , G06F21/53 , G06F21/71 , G06F21/79 , G06F9/455
CPC classification number: G06F21/57 , G06F12/1408 , G06F21/53 , G06F21/6218 , G06F21/71 , G06F21/79 , H04L9/0618 , H04L63/061 , G06F9/45558 , G06F2009/45587 , G06F2212/1052 , G06F2221/2107 , G06F2221/2149
Abstract: Implementations describe providing isolation in virtualized systems using trust domains. In one implementation, a processing device includes a memory ownership table (MOT) that is access-controlled against software access. The processing device further includes a processing core to execute a trust domain resource manager (TDRM) to manage a trust domain (TD), maintain a trust domain control structure (TDCS) for managing global metadata for each TD, maintain an execution state of the TD in at least one trust domain thread control structure (TD-TCS) that is access-controlled against software accesses, and reference the MOT to obtain at least one key identifier (key ID) corresponding to an encryption key assigned to the TD, the key ID to allow the processing device to decrypt memory pages assigned to the TD responsive to the processing device executing in the context of the TD, the memory pages assigned to the TD encrypted with the encryption key.
-
公开(公告)号:US20210344653A1
公开(公告)日:2021-11-04
申请号:US17369824
申请日:2021-07-07
Applicant: Intel Corporation
Inventor: David J. Harriman , Raghunandan Makaram , Ioannis T. Schoinas , Kapil Sood , Yu-Yuan Chen , Vedvyas Shanbhogue , Siddhartha Chhabra , Reshma Lal , Reouven Elbaz
Abstract: A protected link between a first computing device and a second computing device is set up, wherein communication over the protected link is to comply with a communication protocol that allows packets to be reordered during transit. A plurality of packets are generated according to a packet format that ensures the plurality of packets will not be reordered during transmission over the protected link, the plurality of packets comprising a first packet and a second packet. Data of the plurality of packets are encrypted for transmission over the protected link, wherein data of the first packet is encrypted based on the cryptographic key and a first value of a counter and data of the second packet is encrypted based on the cryptographic key and a second value of the counter.
-
公开(公告)号:US20190306134A1
公开(公告)日:2019-10-03
申请号:US16445019
申请日:2019-06-18
Applicant: Intel Corporation
Inventor: Vedvyas Shanbhogue , Siddhartha Chhabra , David J. Harriman , Raghunandan Makaram , Ioannis T. Schoinas
Abstract: Methods, systems, and apparatuses associated with a secure stream protocol for a serial interconnect are disclosed. An apparatus comprises a first device comprising circuitry to, using an end-to-end protocol, secure a transaction in a first secure stream based at least in part on a transaction type of the transaction, where the first secure stream is separate from a second secure stream. The first device is further to send the transaction secured in the first secure stream to a second device over a link established between the first device and the second device, where the transaction is to traverse one or more intermediate devices from the first device to the second device. In more specific embodiments, the first secure stream is based on one of a posted transaction type, a non-posted transaction type, or completion transaction type.
-
公开(公告)号:US20190220601A1
公开(公告)日:2019-07-18
申请号:US16362218
申请日:2019-03-22
Applicant: Intel Corporation
Inventor: Kapil Sood , Ioannis T. Schoinas , Yu-Yuan Chen , Raghunandan Makaram , David J. Harriman , Baiju Patel , Ronald Perez , Matthew E. Hoekstra , Reshma Lal
CPC classification number: G06F21/57 , G06F9/505 , G06F21/72 , G06F21/85 , G06F2221/034
Abstract: In one embodiment, an apparatus comprises a processor to: receive a request to configure a secure execution environment for a first workload; configure a first set of secure execution enclaves for execution of the first workload, wherein the first set of secure execution enclaves is configured on a first set of processing resources, wherein the first set of processing resources comprises one or more central processing units and one or more accelerators; configure a first set of secure datapaths for communication among the first set of secure execution enclaves during execution of the first workload, wherein the first set of secure datapaths is configured over a first set of interconnect resources; configure the secure execution environment for the first workload, wherein the secure execution environment comprises the first set of secure execution enclaves and the first set of secure datapaths.
-
公开(公告)号:US20190087575A1
公开(公告)日:2019-03-21
申请号:US15705562
申请日:2017-09-15
Applicant: Intel Corporation
Inventor: Ravi L. Sahita , Baiju V. Patel , Barry E. Huntley , Gilbert Neiger , Hormuzd M. Khosravi , Ido Ouziel , David M. Durham , Ioannis T. Schoinas , Siddhartha Chhabra , Carlos V. Rozas , Gideon Gerzon
Abstract: Implementations describe providing isolation in virtualized systems using trust domains. In one implementation, a processing device includes a memory ownership table (MOT) that is access-controlled against software access. The processing device further includes a processing core to execute a trust domain resource manager (TDRM) to manage a trust domain (TD), maintain a trust domain control structure (TDCS) for managing global metadata for each TD, maintain an execution state of the TD in at least one trust domain thread control structure (TD-TCS) that is access-controlled against software accesses, and reference the MOT to obtain at least one key identifier (key ID) corresponding to an encryption key assigned to the TD, the key ID to allow the processing device to decrypt memory pages assigned to the TD responsive to the processing device executing in the context of the TD, the memory pages assigned to the TD encrypted with the encryption key.
-
-
-
-
-
-
-
-
-
Search Results
50
records
(took 0.021 seconds)
