公开(公告)号：US20190004973A1

公开(公告)日：2019-01-03

申请号：US15635548

申请日：2017-06-28

Applicant: Intel Corporation

Inventor： Siddhartha Chhabra ,  Hormuzd M. Khosravi ,  Gideon Gerzon ,  Barry E. Huntley ,  Gilbert Neiger ,  Ido Ouziel ,  Baiju Patel ,  Ravi L. Sahita ,  Amy L. Santoni ,  Ioannis T. Schoinas

IPC: G06F12/14 ,  H04L29/06 ,  H04L9/06

Abstract: In one embodiment, an apparatus comprises a processor to execute instruction(s), wherein the instructions comprise a memory access operation associated with a memory location of a memory. The apparatus further comprises a memory encryption controller to: identify the memory access operation; determine that the memory location is associated with a protected domain, wherein the protected domain is associated with a protected memory region of the memory, and wherein the protected domain is identified from a plurality of protected domains associated with a plurality of protected memory regions of the memory; identify an encryption key associated with the protected domain; perform a cryptography operation on data associated with the memory access operation, wherein the cryptography operation is performed based on the encryption key associated with the protected domain; and return a result of the cryptography operation, wherein the result is to be used for the memory access operation.

公开(公告)号：US09779249B2

公开(公告)日：2017-10-03

申请号：US15292301

申请日：2016-10-13

Applicant: Intel Corporation

Inventor： John H. Wilson ,  Ioannis T. Schoinas ,  Mazin S. Yousif ,  Linda J. Rankin ,  David W. Grawrock ,  Robert J. Greiner ,  James A. Sutton ,  Kushagra Vaid ,  Willard M. Wiseman

IPC: G06F21/00 ,  G06F21/57 ,  G06F21/44 ,  G06F21/50 ,  G06F21/71

CPC classification number: G06F21/575 ,  G06F21/44 ,  G06F21/445 ,  G06F21/50 ,  G06F21/606 ,  G06F21/64 ,  G06F21/71 ,  G06F2221/034

Abstract: In one embodiment of the present invention, a method includes verifying a master processor of a system; validating a trusted agent with the master processor if the master processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.

公开(公告)号：US20170098085A1

公开(公告)日：2017-04-06

申请号：US15292301

申请日：2016-10-13

Applicant: Intel Corporation

Inventor： John H. Wilson ,  Ioannis T. Schoinas ,  Mazin S. Yousif ,  Linda J. Rankin ,  David W. Grawrock ,  Robert J. Greiner ,  James A. Sutton ,  Kushagra Vaid ,  Willard M. Wiseman

IPC: G06F21/57 ,  G06F21/44

CPC classification number: G06F21/575 ,  G06F21/44 ,  G06F21/445 ,  G06F21/50 ,  G06F21/606 ,  G06F21/64 ,  G06F21/71 ,  G06F2221/034

Abstract: In one embodiment of the present invention, a method includes verifying a master processor of a system; validating a trusted agent with the master processor if the master processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.

公开(公告)号：US09563579B2

公开(公告)日：2017-02-07

申请号：US13780117

申请日：2013-02-28

Applicant: Intel Corporation

Inventor： Daniel F. Cutter ,  Blaise Fanning ,  Ramadass Nagarajan ,  Ravishankar Iyer ,  Quang T. Le ,  Ravi Kolagotla ,  Ioannis T. Schoinas ,  Jose S. Niell

IPC: G06F13/00 ,  G06F9/00 ,  G06F13/16

CPC classification number: G06F13/00 ,  G06F9/00 ,  G06F13/1626 ,  Y02D10/14

Abstract: In an embodiment, a shared memory fabric is configured to receive memory requests from multiple agents, where at least some of the requests have an associated order identifier and a deadline value to indicate a maximum latency prior to completion of the memory request. Responsive to the requests, the fabric is to arbitrate between the requests based at least in part on the deadline values. Other embodiments are described and claimed.

Abstract translation: 在一个实施例中，共享存储器结构被配置为从多个代理接收存储器请求，其中至少一些请求具有相关联的顺序标识符和在存储器请求完成之前指示最大等待时间的最后期限值。 响应于请求，结构是至少部分地基于期限值来在请求之间进行仲裁。 描述和要求保护其他实施例。

公开(公告)号：US20160063261A1

公开(公告)日：2016-03-03

申请号：US14938021

申请日：2015-11-11

Applicant: Intel Corporation

Inventor： John H. Wilson ,  Ioannis T. Schoinas ,  Mazin S. Yousif ,  Linda J. Rankin ,  David W. Grawrock ,  Robert J. Greiner ,  James A. Sutton ,  Kushagra Vaid ,  Willard M. Wiseman

IPC: G06F21/60

CPC classification number: G06F21/575 ,  G06F21/44 ,  G06F21/445 ,  G06F21/50 ,  G06F21/606 ,  G06F21/64 ,  G06F21/71 ,  G06F2221/034

Abstract: In one embodiment of the present invention, a method includes verifying a master processor of a system; validating a trusted agent with the master processor if the master processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.

公开(公告)号：US09213865B2

公开(公告)日：2015-12-15

申请号：US14505770

申请日：2014-10-03

Applicant: Intel Corporation

Inventor： John H. Wilson ,  Ioannis T. Schoinas ,  Mazin S. Yousif ,  Linda J. Rankin ,  David W. Grawrock ,  Robert J. Greiner ,  James A. Sutton ,  Kushagra Vaid ,  Willard M. Wiseman

IPC: G06F21/00 ,  G06F21/64 ,  G06F21/44 ,  G06F21/57

CPC classification number: G06F21/575 ,  G06F21/44 ,  G06F21/445 ,  G06F21/50 ,  G06F21/606 ,  G06F21/64 ,  G06F21/71 ,  G06F2221/034

Abstract: In one embodiment of the present invention, a method includes verifying a master processor of a system; validating a trusted agent with the master processor if the master processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.

Abstract translation: 在本发明的一个实施例中，一种方法包括验证系统的主处理器; 如果主处理器被验证，则使用主处理器验证可信代理; 以及如果所述信任代理被验证，则在所述系统的多个处理器上启动所述可信代理。 在执行这样的可信代理之后，在某些实施例中可以启动安全内核。 该系统可以是例如具有任意点到点互连的部分或完全连接的拓扑的多处理器服务器系统。

公开(公告)号：US09112867B2

公开(公告)日：2015-08-18

申请号：US14304307

申请日：2014-06-13

Applicant: Intel Corporation

Inventor： Manoj R. Sastry ,  Ioannis T. Schoinas ,  Daniel M. Cermak

IPC: G06F12/14 ,  H04L29/06 ,  G06F21/62 ,  G06F21/78

CPC classification number: H04L63/10 ,  G06F12/1458 ,  G06F21/6218 ,  G06F21/78

Abstract: A method and system for enforcing access control to system resources and assets. Security attributes associated with devices that initiate transactions in the system are automatically generated and forwarded with transaction messages. The security attributes convey access privileges assigned to each initiator. One or more security enforcement mechanisms are implemented in the system to evaluate the security attributes against access policy requirements to access various system assets and resources, such as memory, registers, address ranges, etc. If the privileges identified by the security attributes indicate the access request is permitted, the transaction is allowed to proceed. The security attributes of the initiator scheme provides a modular, consistent secure access enforcement scheme across system designs.

Abstract translation: 一种执行对系统资源和资产的访问控制的方法和系统。 与系统中发起事务的设备相关联的安全属性将自动生成并使用事务消息进行转发。 安全属性传达分配给每个启动器的访问权限。 在系统中实现一个或多个安全执行机制以根据访问策略要求评估安全属性以访问诸如存储器，寄存器，地址范围等的各种系统资产和资源。如果由安全属性标识的特权指示访问 允许请求，允许交易进行。 启动器方案的安全属性提供跨系统设计的模块化，一致的安全访问实施方案。

公开(公告)号：US20150059007A1

公开(公告)日：2015-02-26

申请号：US14505770

申请日：2014-10-03

Applicant: Intel Corporation

Inventor： John H. Wilson ,  Ioannis T. Schoinas ,  Mazin S. Yousif ,  Linda J. Rankin ,  David W. Grawrock ,  Robert J. Greiner ,  James A. Sutton ,  Kushagra Vaid ,  Willard M. Wiseman

IPC: G06F21/64

CPC classification number: G06F21/575 ,  G06F21/44 ,  G06F21/445 ,  G06F21/50 ,  G06F21/606 ,  G06F21/64 ,  G06F21/71 ,  G06F2221/034

Abstract: In one embodiment of the present invention, a method includes verifying a master processor of a system; validating a trusted agent with the master processor if the master processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.

Abstract translation: 在本发明的一个实施例中，一种方法包括验证系统的主处理器; 如果主处理器被验证，则使用主处理器验证可信代理; 以及如果所述信任代理被验证，则在所述系统的多个处理器上启动所述可信代理。 在执行这样的可信代理之后，在某些实施例中可以启动安全内核。 该系统可以是例如具有任意点到点互连的部分或完全连接的拓扑的多处理器服务器系统。

公开(公告)号：US08874906B2

公开(公告)日：2014-10-28

申请号：US13897906

申请日：2013-05-20

Applicant: Intel Corporation

Inventor： John H. Wilson ,  Ioannis T. Schoinas ,  Mazin S. Yousif ,  Linda J. Rankin ,  David W. Grawrock ,  Robert J. Greiner ,  James A. Sutton ,  Kushagra Vaid ,  Williard M. Wiseman

IPC: G06F9/30 ,  G06F21/64 ,  G06F21/57 ,  G06F21/44

CPC classification number: G06F21/575 ,  G06F21/44 ,  G06F21/445 ,  G06F21/50 ,  G06F21/606 ,  G06F21/64 ,  G06F21/71 ,  G06F2221/034

Abstract: In one embodiment of the present invention, a method includes verifying a master processor of a system; validating a trusted agent with the master processor if the master processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.

Abstract translation: 在本发明的一个实施例中，一种方法包括验证系统的主处理器; 如果主处理器被验证，则使用主处理器验证可信代理; 以及如果所述信任代理被验证，则在所述系统的多个处理器上启动所述可信代理。 在执行这样的可信代理之后，在某些实施例中可以启动安全内核。 该系统可以是例如具有任意点到点互连的部分或完全连接的拓扑的多处理器服务器系统。

公开(公告)号：US08683191B2

公开(公告)日：2014-03-25

申请号：US13664930

申请日：2012-10-31

Applicant: Intel Corporation

Inventor： Sham M. Datta ,  Mohan J. Kumar ,  Ernie Brickell ,  Ioannis T. Schoinas ,  James A. Sutton

IPC: G06F9/48

CPC classification number: G06F21/57

Abstract: Apparatuses, methods, and systems for reconfiguring a secure system are disclosed. In one embodiment, an apparatus includes a configuration storage location, a lock, and lock override logic. The configuration storage location is to store information to configure the apparatus. The lock is to prevent writes to the configuration storage location. The lock override logic is to allow instructions executed from sub-operating mode code to override the lock.

Abstract translation: 公开了用于重新配置安全系统的装置，方法和系统。 在一个实施例中，装置包括配置存储位置，锁定和锁定超驰逻辑。 配置存储位置是存储信息以配置设备。 该锁是为了防止写入配置存储位置。 锁定覆盖逻辑是允许从子操作模式代码执行的指令覆盖锁定。