公开(公告)号：US20180203801A1

公开(公告)日：2018-07-19

申请号：US15408774

申请日：2017-01-18

申请人： Intel Corporation

发明人： Rebekah M. Leslie-Hurd ,  Francis X. McKeen ,  Carlos V. Rozas ,  Gilbert Neiger ,  Asit Mallick ,  Ittai Anati ,  Ilya Alexandrovich ,  Vedvyas Shanbhogue ,  Somnath Chakrabarti

IPC分类号： G06F12/0837 ,  G06F9/30 ,  G06F9/455 ,  G06F12/1045

CPC分类号： G06F12/0837 ,  G06F9/30003 ,  G06F9/45558 ,  G06F12/1063 ,  G06F2009/45583 ,  G06F2009/45591 ,  G06F2212/152 ,  G06F2212/60 ,  G06F2212/621 ,  G06F2212/68

摘要： A processing device includes a conflict resolution logic circuit to initiate a tracking phase to track translation look aside buffer (TLB) mappings to an enclave memory cache (EPC) page of a secure enclave. The conflict resolution logic circuit is further to execute a tracking instruction as part of the tracking phase, wherein the tracking instruction takes any page in the secure enclave as an argument parameter to the tracking instruction.

公开(公告)号：US09875189B2

公开(公告)日：2018-01-23

申请号：US14738037

申请日：2015-06-12

申请人： INTEL CORPORATION

发明人： Krystof C. Zmudzinski ,  Siddhartha Chhabra ,  Uday R. Savagaonkar ,  Simon P. Johnson ,  Rebekah M. Leslie-Hurd ,  Francis X. McKeen ,  Gilbert Neiger ,  Raghunandan Makaram ,  Carlos V. Rozas ,  Amy L. Santoni ,  Vincent R. Scarlata ,  Vedvyas Shanbhogue ,  Ilya Alexandrovich ,  Ittai Anati ,  Wesley H. Smith ,  Michael Goldsmith

IPC分类号： G06F12/00 ,  G06F13/00 ,  G06F13/28 ,  G06F12/1009 ,  G06F12/1027 ,  G06F12/1036 ,  G06F12/109 ,  G06F12/14 ,  G06F9/455 ,  G06F12/1045

CPC分类号： G06F12/1009 ,  G06F9/455 ,  G06F9/45558 ,  G06F12/1027 ,  G06F12/1036 ,  G06F12/1045 ,  G06F12/109 ,  G06F12/1441 ,  G06F2009/45583 ,  G06F2212/1016 ,  G06F2212/1052 ,  G06F2212/151 ,  G06F2212/657 ,  G06F2212/684

摘要： A processor for supporting secure memory intent is disclosed. The processor of the disclosure includes a memory execution unit to access memory and a processor core coupled to the memory execution unit. The processor core is to receive a request to access a convertible page of the memory. In response to the request, the processor core to determine an intent for the convertible page in view of a page table entry (PTE) corresponding to the convertible page. The intent indicates whether the convertible page is to be accessed as at least one of a secure page or a non-secure page.

公开(公告)号：US09766889B2

公开(公告)日：2017-09-19

申请号：US15074573

申请日：2016-03-18

申请人： Intel Corporation

发明人： Rebekah Leslie-Hurd ,  Carlos V. Rozas ,  Vincent R. Scarlata ,  Simon P. Johnson ,  Uday R. Savagaonkar ,  Barry E. Huntley ,  Vedvyas Shanbhogue ,  Ittai Anati ,  Francis X. Mckeen ,  Michael A. Goldsmith ,  Ilya Alexandrovich ,  Alex Berenzon ,  Wesley H. Smith ,  Gilbert Neiger

IPC分类号： G06F12/00 ,  G06F9/30 ,  G06F12/0875 ,  G06F9/44 ,  G06F12/084 ,  G06F12/14

CPC分类号： G06F9/3004 ,  G06F9/30047 ,  G06F9/30076 ,  G06F9/44 ,  G06F12/084 ,  G06F12/0875 ,  G06F12/1483 ,  G06F2212/452

摘要： Embodiments of an invention for memory management in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction and a second instruction. The execution unit is to execute the first instruction, wherein execution of the first instruction includes allocating a page in an enclave page cache to a secure enclave. The execution unit is also to execute the second instruction, wherein execution of the second instruction includes confirming the allocation of the page.

公开(公告)号：US09720843B2

公开(公告)日：2017-08-01

申请号：US13729439

申请日：2012-12-28

申请人： Intel Corporation

发明人： Gur Hildesheim ,  Shlomo Raikin ,  Ittai Anati ,  Gideon Gerzon ,  Hisham Shafi ,  Alex Berenzon ,  Geoffrey S. Strongin ,  Iris Sorani

IPC分类号： G06F12/00 ,  G06F12/1027 ,  G06F12/14

CPC分类号： G06F12/1027 ,  G06F12/1441 ,  G06F12/145 ,  G06F2212/1052

摘要： A processor of an aspect includes operation mode check logic to determine whether to allow an attempted access to an operation mode and access type protected memory based on an operation mode that is to indicate whether the attempted access is by an on-die processor logic. Access type check logic is to determine whether to allow the attempted access to the operation mode and access type protected memory based on an access type of the attempted access to the operation mode and access type protected memory. Protection logic is coupled with the operation mode check logic and is coupled with the access type check logic. The protection logic is to deny the attempted access to the operation mode and access type protected memory if at least one of the operation mode check logic and the access type check logic determines not to allow the attempted access.

公开(公告)号：US09407636B2

公开(公告)日：2016-08-02

申请号：US14281651

申请日：2014-05-19

申请人： INTEL CORPORATION

发明人： Vincent Scarlata ,  Simon Johnson ,  Carlos Rozas ,  Francis McKeen ,  Ittai Anati ,  Ilya Alexandrovich ,  Rebekah Leslie-Hurd

IPC分类号： G06F21/64 ,  H04L29/06 ,  G06F21/74

CPC分类号： G06F21/64 ,  G06F21/62 ,  G06F21/74 ,  G06F21/81 ,  G06F21/85 ,  H04L63/061 ,  H04L63/0876

摘要： An apparatus and method for securely suspending and resuming the state of a processor. For example, one embodiment of a method comprises: generating a data structure including at least the monotonic counter value; generating a message authentication code (MAC) over the data structure using a first key; securely providing the data structure and the MAC to a module executed on the processor; the module verifying the MAC, comparing the monotonic counter value with a counter value stored during a previous suspend operation and, if the counter values match, then loading processor state required for the resume operation to complete. Another embodiment of a method comprises: generating a first key by a processor; securely sharing the first key with an off-processor component; and using the first key to generate a pairing ID usable to identify a pairing between the processor and the off-processor component.

摘要翻译： 一种用于安全地挂起并恢复处理器状态的装置和方法。 例如，方法的一个实施例包括：生成至少包括单调计数器值的数据结构; 使用第一密钥在数据结构上生成消息认证码（MAC）; 将数据结构和MAC安全地提供给在处理器上执行的模块; 所述模块验证所述MAC，将所述单调计数器值与在先前暂停操作期间存储的计数器值进行比较，并且如果所述计数器值匹配，则加载完成所述恢复操作所需的处理器状态。 方法的另一实施例包括：由处理器生成第一密钥; 用脱离处理器组件安全地共享第一个密钥; 以及使用所述第一密钥来生成可用于识别所述处理器和所述关闭处理器组件之间的配对的配对ID。