公开(公告)号：US11048800B2

公开(公告)日：2021-06-29

申请号：US16362218

申请日：2019-03-22

Applicant: Intel Corporation

Inventor： Kapil Sood ,  Ioannis T. Schoinas ,  Yu-Yuan Chen ,  Raghunandan Makaram ,  David J. Harriman ,  Baiju Patel ,  Ronald Perez ,  Matthew E. Hoekstra ,  Reshma Lal

IPC: G06F21/57 ,  G06F9/50 ,  G06F21/85 ,  G06F21/72 ,  G06F21/53

Abstract: In one embodiment, an apparatus comprises a processor to: receive a request to configure a secure execution environment for a first workload; configure a first set of secure execution enclaves for execution of the first workload, wherein the first set of secure execution enclaves is configured on a first set of processing resources, wherein the first set of processing resources comprises one or more central processing units and one or more accelerators; configure a first set of secure datapaths for communication among the first set of secure execution enclaves during execution of the first workload, wherein the first set of secure datapaths is configured over a first set of interconnect resources; configure the secure execution environment for the first workload, wherein the secure execution environment comprises the first set of secure execution enclaves and the first set of secure datapaths.

公开(公告)号：US20210064254A1

公开(公告)日：2021-03-04

申请号：US16643836

申请日：2017-09-29

Applicant: Intel Corporation

Inventor： David M. Durham ,  Ravi L. Sahita ,  Vedvyas Shanbhogue ,  Barry E. Huntley ,  Baiju Patel ,  Gideon Gerzon ,  Ioannis T. Schoinas ,  Hormuzd M. Khosravi ,  Siddhartha Chhabra ,  Carlos V. Rozas

IPC: G06F3/06 ,  G06F9/455

Abstract: There is disclosed a microprocessor, including: a processing core; and a total memory encryption (TME) engine to provide TME for a first trust domain (TD), and further to: allocate a block of physical memory to the first TD and a first cryptographic key to the first TD; map within an extended page table (EPT) a host physical address (HPA) space to a guest physical address (GPA) space of the TD; create a memory ownership table (MOT) entry for a memory page within the block of physical memory, wherein the MOT table comprises a GPA reverse mapping; encrypt the MOT entry using the first cryptographic key; and append to the MOT entry verification data, wherein the MOT entry verification data enables detection of an attack on the MOT entry.

公开(公告)号：US10831679B2

公开(公告)日：2020-11-10

申请号：US15934916

申请日：2018-03-23

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Joseph Nuzman ,  Baiju Patel

IPC: G06F12/14 ,  G06F12/02 ,  G06F21/52

Abstract: Systems, methods, and apparatuses for defending against cross-privilege linear access are described. For example, an implementation of an apparatus comprising privilege level storage to store a current privilege level and address check circuitry coupled to the privilege level storage, wherein the address check circuitry is to determine whether a linear address associated with an instruction is allowed to access a partition of a linear address space of the apparatus based upon a comparison of the current privilege level and a most significant bit of the linear address is described.

公开(公告)号：US20190034617A1

公开(公告)日：2019-01-31

申请号：US15664489

申请日：2017-07-31

Applicant: Intel Corporation

Inventor： Vincent R. Scarlata ,  Carlos V. Rozas ,  Baiju Patel ,  Barry Huntley ,  Ravi L. Sahita ,  Hormuzd M. Khosravi

IPC: G06F21/44 ,  G06F9/30

Abstract: Data integrity logic is executable by a processor to generate a data integrity code using a hardware-based secret. A container manager, executable by the processor, creates a secured container including report generation logic that determines measurements of the secured container, generates a report according to a defined report format, and sends a quote request including the report. The defined report format includes a field to include the measurements and a field to include the data integrity code, and the report format is compatible for consumption by any one of a plurality of different quote creator types.

公开(公告)号：US20160371199A1

公开(公告)日：2016-12-22

申请号：US15257544

申请日：2016-09-06

Applicant: Intel Corporation

Inventor： David M. Durham ,  Baiju Patel

IPC: G06F12/14 ,  H04L29/06

CPC classification number: G06F12/1408 ,  G06F21/556 ,  G06F21/72 ,  G06F2212/1052 ,  G06F2221/034 ,  G06F2221/2107 ,  H04L63/0435 ,  H04L63/061 ,  H04L63/1433

Abstract: A computing device includes technologies for securing indirect addresses (e.g., pointers) that are used by a processor to perform memory access (e.g., read/write/execute) operations. The computing device encodes the indirect address using metadata and a cryptographic algorithm. The metadata may be stored in an unused portion of the indirect address.

Abstract translation: 计算设备包括用于保护由处理器用于执行存储器访问（例如，读/写/执行）操作的间接地址（例如，指针）的技术。 计算设备使用元数据和加密算法对间接地址进行编码。 元数据可以存储在间接地址的未使用部分中。

公开(公告)号：US09519773B2

公开(公告)日：2016-12-13

申请号：US14484751

申请日：2014-09-12

Applicant: Intel Corporation

Inventor： Baiju Patel ,  Vedvyas Shanbhogue ,  Ravi Sahita

IPC: H04K1/00 ,  G06F21/52 ,  G06F21/74 ,  G06F9/30

CPC classification number: G06F21/52 ,  G06F9/30003 ,  G06F9/30054 ,  G06F9/3836 ,  G06F21/74 ,  G06F2221/033

Abstract: In an embodiment, the present invention includes a processor having a decode unit and an execution unit. The decode unit is to decode control transfer instructions and the execution unit is to execute control transfer instructions, the control transfer instructions including a call instruction and a return instruction. The processor is to operate in a first mode in which the processor is to raise a fault if a next instruction to be executed immediately after the return instruction is not the call instruction.

Abstract translation: 在一个实施例中，本发明包括具有解码单元和执行单元的处理器。 解码单元用于解码控制传输指令，并且执行单元执行控制传输指令，控制传输指令包括呼叫指令和返回指令。 处理器将在第一模式下操作，其中如果在返回指令之后立即执行的下一个指令不是调用指令，则处理器将引起故障。