-
公开(公告)号:US12197357B2
公开(公告)日:2025-01-14
申请号:US17556853
申请日:2021-12-20
Applicant: Intel Corporation
Inventor: Robert J. Safranek , Robert G. Blankenship , Venkatraman Iyer , Jeff Willey , Robert Beers , Darren S. Jue , Arvind A. Kumar , Debendra Das Sharma , Jeffrey C. Swanson , Bahaa Fahim , Vedaraman Geetha , Aaron T. Spink , Fulvio Spagna , Rahul R. Shah , Sitaraman V. Iyer , William Harry Nale , Abhishek Das , Simon P. Johnson , Yuvraj S. Dhillon , Yen-Cheng Liu , Raj K. Ramanujan , Robert A. Maddox , Herbert H. Hum , Ashish Gupta
IPC: G06F13/22 , G06F1/3287 , G06F8/71 , G06F8/77 , G06F9/30 , G06F9/445 , G06F9/46 , G06F11/10 , G06F12/0806 , G06F12/0808 , G06F12/0813 , G06F12/0815 , G06F12/0831 , G06F13/40 , G06F13/42 , H04L9/06 , H04L49/15 , G06F8/73 , H04L12/46 , H04L45/74
Abstract: A physical layer (PHY) is coupled to a serial, differential link that is to include a number of lanes. The PHY includes a transmitter and a receiver to be coupled to each lane of the number of lanes. The transmitter coupled to each lane is configured to embed a clock with data to be transmitted over the lane, and the PHY periodically issues a blocking link state (BLS) request to cause an agent to enter a BLS to hold off link layer flit transmission for a duration. The PHY utilizes the serial, differential link during the duration for a PHY associated task selected from a group including an in-band reset, an entry into low power state, and an entry into partial width state.
-
公开(公告)号:US20240012772A1
公开(公告)日:2024-01-11
申请号:US18347236
申请日:2023-07-05
Applicant: Intel Corporation
Inventor: Robert J. Safranek , Robert G. Blankenship , Venkatraman Iyer , Jeff Willey , Robert Beers , Darren S. Jue , Arvind A. Kumar , Debendra Das Sharma , Jeffrey C. Swanson , Bahaa Fahim , Vedaraman Geetha , Aaron T. Spink , Fulvio Spagna , Rahul R. Shah , Sitaraman V. Iyer , William Harry Nale , Abhishek Das , Simon P. Johnson , Yuvraj S. Dhillon , Yen-Cheng Liu , Raj K. Ramanujan , Robert A. Maddox , Herbert H. Hum , Ashish Gupta
IPC: G06F13/22 , H04L49/15 , G06F12/0813 , G06F12/0815 , G06F12/0831 , G06F13/42 , G06F8/71 , G06F8/77 , G06F9/30 , G06F12/0806 , G06F9/46 , G06F13/40 , G06F9/445 , G06F1/3287 , G06F11/10 , H04L9/06 , G06F12/0808
CPC classification number: G06F13/22 , H04L49/15 , G06F12/0813 , G06F12/0815 , G06F12/0831 , G06F13/4286 , G06F8/71 , G06F8/77 , G06F9/30145 , G06F13/4221 , G06F12/0806 , G06F12/0833 , G06F9/466 , G06F13/4022 , G06F9/44505 , G06F13/4282 , G06F1/3287 , G06F13/4068 , G06F11/1004 , G06F13/4291 , H04L9/0662 , G06F12/0808 , H04L45/74
Abstract: A physical layer (PHY) is coupled to a serial, differential link that is to include a number of lanes. The PHY includes a transmitter and a receiver to be coupled to each lane of the number of lanes. The transmitter coupled to each lane is configured to embed a clock with data to be transmitted over the lane, and the PHY periodically issues a blocking link state (BLS) request to cause an agent to enter a BLS to hold off link layer flit transmission for a duration. The PHY utilizes the serial, differential link during the duration for a PHY associated task selected from a group including an in-band reset, an entry into low power state, and an entry into partial width state.
-
63.
公开(公告)号:US11782849B2
公开(公告)日:2023-10-10
申请号:US17367349
申请日:2021-07-03
Applicant: Intel Corporation
Inventor: Carlos V. Rozas , Mona Vij , Rebekah M. Leslie-Hurd , Krystof C. Zmudzinski , Somnath Chakrabarti , Francis X. Mckeen , Vincent R. Scarlata , Simon P. Johnson , Ilya Alexandrovich , Gilbert Neiger , Vedvyas Shanbhogue , Ittai Anati
CPC classification number: G06F12/1408 , G06F8/41 , G06F9/30145 , G06F9/45558 , G06F12/1441 , G06F12/1483 , G06F21/53 , G06F21/602 , G06F2009/4557 , G06F2009/45587 , G06F2212/1052
Abstract: A processor includes a decode unit to decode an instruction that is to indicate a page of a protected container memory, and a storage location outside of the protected container memory. An execution unit, in response to the instruction, is to ensure that there are no writable references to the page of the protected container memory while it has a write protected state. The execution unit is to encrypt a copy of the page of the protected container memory. The execution unit is to store the encrypted copy of the page to the storage location outside of the protected container memory, after it has been ensured that there are no writable references. The execution unit is to leave the page of the protected container memory in the write protected state, which is also valid and readable, after the encrypted copy has been stored to the storage location.
-
64.
公开(公告)号:US20210064546A1
公开(公告)日:2021-03-04
申请号:US16454481
申请日:2019-06-27
Applicant: Intel Corporation
Inventor: Krystof C. Zmudzinski , Simon P. Johnson , Raghunandan Makaram , Francis X. McKeen , Carlos V. Rozas , Meltem Ozsoy , Ilya Alexandrovich , Siddhartha Chhabra
IPC: G06F12/14 , G06F12/1045 , G06F12/0882 , G06F12/0891 , G06F12/0871 , G06F9/4401 , G06F11/07 , G06F11/30
Abstract: A processor includes a cryptographic engine to control access, using an secure region key identifier (ID), to one or more memory range of memory allocable for flexible conversion to secure pages of architecturally-protected memory regions, and a processor core. The processor core is to, responsive to receipt of a request to access the memory, perform a walk of page tables and extended page tables to translate a linear address of the request to a physical address of the memory. The processor core is further to determine that the physical address corresponds to an secure page within the one or more memory range of the memory, that a first key ID located within the physical address does not match the secure region key ID, and issue a page fault and deny access to the secure page in the memory.
-
公开(公告)号:US10708067B2
公开(公告)日:2020-07-07
申请号:US15201400
申请日:2016-07-02
Applicant: Intel Corporation
Inventor: Vincent R. Scarlata , Francis X. McKeen , Carlos V. Rozas , Simon P. Johnson , Bo Zhang , James D. Beaney, Jr. , Piotr Zmijewski , Wesley Hamilton Smith , Eduardo Cabre , Uday R. Savagaonkar
Abstract: Embodiments include systems, methods, computer readable media, and devices configured to, for a first processor of a platform, generate a platform root key; create a data structure to encapsulate the platform root key, the data structure comprising a platform provisioning key and an identification of a registration service; and transmit, on a secure connection, the data structure to the registration service to register the platform root key for the first processor of the platform. Embodiments include systems, methods, computer readable media, and devices configured to store a device certificate received from a key generation facility; receive a manifest from a platform, the manifest comprising an identification of a processor associated with the platform; and validate the processor using a stored device certificate.
-
66.
公开(公告)号:US10592421B2
公开(公告)日:2020-03-17
申请号:US15250787
申请日:2016-08-29
Applicant: Intel Corporation
Inventor: Carlos V. Rozas , Ilya Alexandrovich , Ittai Anati , Alex Berenzon , Michael A. Goldsmith , Barry E. Huntley , Anton Ivanov , Simon P. Johnson , Rebekah M. Leslie-Hurd , Francis X. McKeen , Gilbert Neiger , Rinat Rappoport , Scott D. Rodgers , Uday R. Savagaonkar , Vincent R. Scarlata , Vedvyas Shanbhogue , Wesley H. Smith , William C. Wood
IPC: G06F12/00 , G06F12/08 , G06F13/00 , G06F12/0875 , G06F12/0808 , G06F12/1027
Abstract: Instructions and logic provide advanced paging capabilities for secure enclave page caches. Embodiments include multiple hardware threads or processing cores, a cache to store secure data for a shared page address allocated to a secure enclave accessible by the hardware threads. A decode stage decodes a first instruction specifying said shared page address as an operand, and execution units mark an entry corresponding to an enclave page cache mapping for the shared page address to block creation of a new translation for either of said first or second hardware threads to access the shared page. A second instruction is decoded for execution, the second instruction specifying said secure enclave as an operand, and execution units record hardware threads currently accessing secure data in the enclave page cache corresponding to the secure enclave, and decrement the recorded number of hardware threads when any of the hardware threads exits the secure enclave.
-
公开(公告)号:US10409597B2
公开(公告)日:2019-09-10
申请号:US15972573
申请日:2018-05-07
Applicant: Intel Corporation
Inventor: Rebekah Leslie-Hurd , Carlos V. Rozas , Vincent R. Scarlata , Simon P. Johnson , Uday R. Savagaonkar , Barry E. Huntley , Vedvyas Shanbhogue , Ittai Anati , Francis X. Mckeen , Michael A. Goldsmith , Ilya Alexandrovich , Alex Berenzon , Wesley H. Smith , Gilbert Neiger
IPC: G06F12/00 , G06F9/30 , G06F12/0875 , G06F9/44 , G06F12/084 , G06F12/14
Abstract: Embodiments of an invention for memory management in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction and a second instruction. The execution unit is to execute the first instruction, wherein execution of the first instruction includes allocating a page in an enclave page cache to a secure enclave. The execution unit is also to execute the second instruction, wherein execution of the second instruction includes confirming the allocation of the page.
-
公开(公告)号:US10102380B2
公开(公告)日:2018-10-16
申请号:US13802272
申请日:2013-03-13
Applicant: INTEL CORPORATION
Inventor: Francis X. McKeen , Carlos V. Rozas , Uday R. Savagaonkar , Simon P. Johnson , Vincent Scarlata , Michael A. Goldsmith , Ernie Brickell , Jiang Tao Li , Howard C. Herbert , Prashant Dewan , Stephen J. Tolopka , Gilbert Neiger , David Durham , Gary Graunke , Bernard Lint , Don A. Van Dyke , Joseph Cihula , Stalinselvaraj Jeyasingh , Stephen R. Van Doren , Dion Rodgers , John Garney , Asher Altman
Abstract: A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.
-
69.
公开(公告)号:US10019601B2
公开(公告)日:2018-07-10
申请号:US15079579
申请日:2016-03-24
Applicant: Intel Corporation
Inventor: Vincent R. Scarlata , Simon P. Johnson , Carlos V. Rozas , Francis X. McKeen , Ittai Anati , Ilya Alexandrovich , Rebekah M. Leslie-Hurd
CPC classification number: G06F21/64 , G06F21/62 , G06F21/74 , G06F21/81 , G06F21/85 , H04L63/061 , H04L63/0876
Abstract: An apparatus and method for securely suspending and resuming the state of a processor. For example, one embodiment of a method comprises: generating a data structure including at least the monotonic counter value; generating a message authentication code (MAC) over the data structure using a first key; securely providing the data structure and the MAC to a module executed on the processor; the module verifying the MAC, comparing the monotonic counter value with a counter value stored during a previous suspend operation and, if the counter values match, then loading processor state required for the resume operation to complete. Another embodiment of a method comprises: generating a first key by a processor; securely sharing the first key with an off-processor component; and using the first key to generate a pairing ID usable to identify a pairing between the processor and the off-processor component.
-
公开(公告)号:US09904632B2
公开(公告)日:2018-02-27
申请号:US13838237
申请日:2013-03-15
Applicant: Intel Corporation
Inventor: Simon P. Johnson , Uday R. Savagaonkar , Vincent R. Scarlata , Francis X. McKeen , Carlos V. Rozas
CPC classification number: G06F12/1466 , G06F21/53 , G06F21/6218 , G06F21/64 , G06F21/645
Abstract: A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.
-
-
-
-
-
-
-
-
-