公开(公告)号：US20170353319A1

公开(公告)日：2017-12-07

申请号：US15279527

申请日：2016-09-29

Applicant: Intel Corporation

Inventor： Vincent R. Scarlata ,  Francis X. McKeen ,  Carlos V. Rozas ,  Simon P. Johnson ,  Bo Zhang ,  James D. Beaney, JR. ,  Piotr Zmijewski ,  Wesley H. Smith ,  Eduardo Cabre

IPC: H04L9/32 ,  H04L9/14 ,  H04L9/30 ,  H04L29/06 ,  H04L9/08

CPC classification number: H04L9/3252 ,  G06F21/44 ,  G06F21/53 ,  G09C1/00 ,  H04L9/0866 ,  H04L9/14 ,  H04L9/302 ,  H04L9/3066 ,  H04L9/3234 ,  H04L9/3247 ,  H04L9/3249 ,  H04L63/06 ,  H04L63/062 ,  H04L63/0823 ,  H04L63/12 ,  H04L2209/127

Abstract: A computing platform implements one or more secure enclaves including a first provisioning enclave to interface with a first provisioning service to obtain a first attestation key from the first provisioning service, a second provisioning enclave to interface with a different, second provisioning service to obtain a second attestation key from the second provisioning service, and a provisioning certification enclave to sign first data from the first provisioning enclave and second data from the second provisioning enclave using a hardware-based provisioning attestation key. The signed first data is used by the first provisioning enclave to authenticate to the first provisioning service to obtain the first attestation key and the signed second data is used by the second provisioning enclave to authenticate to the second provisioning service to obtain the second attestation key.

公开(公告)号：US09798666B2

公开(公告)日：2017-10-24

申请号：US14752109

申请日：2015-06-26

Applicant: Intel Corporation

Inventor： Rebekah M. Leslie-Hurd ,  Carlos V. Rozas ,  Francis X. McKeen ,  Ilya Alexandrovich ,  Vedvyas Shanbhogue ,  Bin Xing ,  Mark W. Shanahan ,  Simon P. Johnson

IPC: G06F12/08 ,  G06F12/0844 ,  G06F12/0882

CPC classification number: G06F12/0844 ,  G06F11/073 ,  G06F11/0775 ,  G06F12/0882 ,  G06F2212/1032 ,  G06F2212/1052 ,  G06F2212/281 ,  G06F2212/312 ,  G06F2212/402 ,  G06F2212/608

Abstract: A processor implementing techniques to supporting fault information delivery is disclosed. In one embodiment, the processor includes a memory controller unit to access an enclave page cache (EPC) and a processor core coupled to the memory controller unit. The processor core to detect a fault associated with accessing the EPC and generate an error code associated with the fault. The error code reflects an EPC-related fault cause. The processor core is further to encode the error code into a data structure associated with the processor core. The data structure is for monitoring a hardware state related to the processor core.

公开(公告)号：US09703715B2

公开(公告)日：2017-07-11

申请号：US14142838

申请日：2013-12-28

Applicant: Intel Corporation

Inventor： Michael A. Goldsmith ,  Simon P. Johnson ,  Carlos V. Rozas ,  Vincent R. Scarlata

IPC: G06F12/00 ,  G06F12/084 ,  G06F12/14 ,  G06F9/46 ,  G06F21/60 ,  G06F21/71 ,  G06F21/79

CPC classification number: G06F12/084 ,  G06F9/468 ,  G06F12/1483 ,  G06F21/606 ,  G06F21/71 ,  G06F21/79 ,  G06F2212/608 ,  G06F2221/2141

Abstract: Embodiments of an invention for sharing memory in a secure processing environment are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction to match an offer to make a page in an enclave page cache shareable to a bid to make the page shareable. The execution unit is to execute the instruction. Execution of the instruction includes making the page shareable.

公开(公告)号：US09665724B2

公开(公告)日：2017-05-30

申请号：US14919350

申请日：2015-10-21

Applicant: Intel Corporation

Inventor： Francis X. McKeen ,  Michael A. Goldsmith ,  Barrey E. Huntley ,  Simon P. Johnson ,  Rebekah M. Leslie-Hurd ,  Carlos V. Rozas ,  Uday R. Savagaonkar ,  Vincent R. Scarlata ,  Vedvyas Shanbhogue ,  Wesley H. Smith ,  Gilbert Neiger

IPC: G06F12/00 ,  G06F21/60 ,  G06F12/0875 ,  G06F12/14 ,  G06F21/72

CPC classification number: G06F21/60 ,  G06F12/0875 ,  G06F12/14 ,  G06F12/145 ,  G06F21/72 ,  G06F2212/1052 ,  G06F2212/152 ,  G06F2212/452

Abstract: Embodiments of an invention for logging in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction having an associated enclave page cache address. The execution unit is to execute the instruction without causing a virtual machine exit, wherein execution of the instruction includes logging the instruction and the associated enclave page cache address.

公开(公告)号：US09626321B2

公开(公告)日：2017-04-18

申请号：US14060191

申请日：2013-10-22

Applicant: Intel Corporation

Inventor： Robert J. Safranek ,  Robert G. Blankenship ,  Venkatraman Iyer ,  Jeff Willey ,  Robert Beers ,  Darren S. Jue ,  Arvind A. Kumar ,  Debendra Das Sharma ,  Jeffrey C. Swanson ,  Bahaa Fahim ,  Vedaraman Geetha ,  Aaron T. Spink ,  Fulvio Spagna ,  Rahul R. Shah ,  Sitaraman V. Iyer ,  William Harry Nale ,  Abhishek Das ,  Simon P. Johnson ,  Yuvraj S. Dhillon ,  Yen-Cheng Liu ,  Raj K. Ramanujan ,  Robert A. Maddox ,  Herbert H. Hum ,  Ashish Gupta

IPC: G06F13/40 ,  G06F12/0831 ,  G06F13/42 ,  G06F9/30 ,  G06F12/0806 ,  H04L12/933 ,  G06F9/46 ,  G06F12/0813 ,  G06F12/0815 ,  H04L12/741 ,  G06F9/44

CPC classification number: G06F13/22 ,  G06F1/3287 ,  G06F8/71 ,  G06F8/73 ,  G06F8/77 ,  G06F9/30145 ,  G06F9/44505 ,  G06F9/466 ,  G06F11/1004 ,  G06F12/0806 ,  G06F12/0808 ,  G06F12/0813 ,  G06F12/0815 ,  G06F12/0831 ,  G06F12/0833 ,  G06F13/4022 ,  G06F13/4068 ,  G06F13/4221 ,  G06F13/4282 ,  G06F13/4286 ,  G06F13/4291 ,  G06F2212/1016 ,  G06F2212/2542 ,  G06F2212/622 ,  H04L9/0662 ,  H04L12/4641 ,  H04L45/74 ,  H04L49/15 ,  Y02D10/13 ,  Y02D10/14 ,  Y02D10/151 ,  Y02D10/40 ,  Y02D10/44 ,  Y02D30/30

Abstract: A physical layer (PHY) is coupled to a serial, differential link that is to include a number of lanes. The PHY includes a transmitter and a receiver to be coupled to each lane of the number of lanes. The transmitter coupled to each lane is configured to embed a clock with data to be transmitted over the lane, and the PHY periodically issues a blocking link state (BLS) request to cause an agent to enter a BLS to hold off link layer flit transmission for a duration. The PHY utilizes the serial, differential link during the duration for a PHY associated task selected from a group including an in-band reset, an entry into low power state, and an entry into partial width state

公开(公告)号：US20170024317A1

公开(公告)日：2017-01-26

申请号：US15091926

申请日：2016-04-06

Applicant: Intel Corporation

Inventor： Francis X. Mckeen ,  Michael A. Goldsmith ,  Barry E. Huntley ,  Simon P. Johnson ,  Rebekah Leslie-Hurd ,  Carlos V. Rozas ,  Uday R. Savagaonkar ,  Vincent R. Scarlata ,  Vedvyas Shanbhogue ,  Wesley H. Smith ,  Ittai Anati ,  Ilya Alexandrovich ,  Alex Berenzon ,  Gilbert Neiger

IPC: G06F12/0804 ,  G06F12/14 ,  G06F12/0875

CPC classification number: G06F12/0804 ,  G06F9/30047 ,  G06F12/0875 ,  G06F12/1408 ,  G06F2212/1052 ,  G06F2212/402

Abstract: Embodiments of an invention for paging in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction. The execution unit is to execute the first instruction, wherein execution of the first instruction includes evicting a first page from an enclave page cache.

Abstract translation: 公开了用于在安全飞行器中寻呼的发明的实施例。 在一个实施例中，处理器包括指令单元和执行单元。 指令单元接收第一条指令。 执行单元执行第一指令，其中第一指令的执行包括从飞地页面缓存中逐出第一页。

公开(公告)号：US20160364338A1

公开(公告)日：2016-12-15

申请号：US14738037

申请日：2015-06-12

Applicant: INTEL CORPORATION

Inventor： Krystof C. Zmudzinski ,  Siddhartha Chhabra ,  Uday R. Savagaonkar ,  Simon P. Johnson ,  Rebekah M. Leslie-Hurd ,  Francis X. McKeen ,  Gilbert Neiger ,  Raghunandan Makaram ,  Carlos V. Rozas ,  Amy L. Santoni ,  Vincent R. Scarlata ,  Vedvyas Shanbhogue ,  Ilya Alexandrovich ,  Ittai Anati ,  Wesley H. Smith ,  Michael Goldsmith

IPC: G06F12/10

CPC classification number: G06F12/1009 ,  G06F9/455 ,  G06F9/45558 ,  G06F12/1027 ,  G06F12/1036 ,  G06F12/1045 ,  G06F12/109 ,  G06F12/1441 ,  G06F2009/45583 ,  G06F2212/1016 ,  G06F2212/1052 ,  G06F2212/151 ,  G06F2212/657 ,  G06F2212/684

Abstract: A processor for supporting secure memory intent is disclosed. The processor of the disclosure includes a memory execution unit to access memory and a processor core coupled to the memory execution unit. The processor core is to receive a request to access a convertible page of the memory. In response to the request, the processor core to determine an intent for the convertible page in view of a page table entry (PTE) corresponding to the convertible page. The intent indicates whether the convertible page is to be accessed as at least one of a secure page or a non-secure page.

Abstract translation: 公开了一种用于支持安全存储器意图的处理器。 本公开的处理器包括存储器存储器执行单元和耦合到存储器执行单元的处理器核心。 处理器核心是接收访问存储器可转换页面的请求。 响应于该请求，处理器核心鉴于对应于可转换页面的页表项目（PTE）来确定可转换页面的意图。 意图表示可转换页面是作为安全页面还是非安全页面中的至少一个访问。

公开(公告)号：US09448950B2

公开(公告)日：2016-09-20

申请号：US14140254

申请日：2013-12-24

Applicant: Intel Corporation

Inventor： Vincent R. Scarlata ,  Simon P. Johnson ,  Vladimir Beker ,  Jesse Walker ,  Carlos V. Rozas ,  Amy L. Santoni ,  Ittai Anati ,  Raghunandan Makaram ,  Francis X. McKeen ,  Uday R. Savagaonkar

IPC: G06F21/00 ,  H04L29/06 ,  G06F12/14 ,  G06F21/74 ,  H04L9/32 ,  H04L12/24 ,  G06F21/62 ,  G06F21/57

CPC classification number: G06F12/1466 ,  G06F21/74 ,  G06F2212/1052

Abstract: Systems and methods for secure delivery of output surface bitmaps to a display engine. An example processing system comprises: an architecturally protected memory; and a plurality of processing devices communicatively coupled to the architecturally protected memory, each processing device comprising a first processing logic to implement an architecturally-protected execution environment by performing at least one of: executing instructions residing in the architecturally protected memory, or preventing an unauthorized access to the architecturally protected memory; wherein each processing device further comprises a second processing logic to establish a secure communication channel with a second processing device of the processing system, employ the secure communication channel to synchronize a platform identity key representing the processing system, and transmit a platform manifest comprising the platform identity key to a certification system.

Abstract translation: 用于将输出表面位图安全传递到显示引擎的系统和方法。 一个示例处理系统包括：架构受保护的存储器; 以及多个处理设备，通信地耦合到架构保护的存储器，每个处理设备包括第一处理逻辑，以通过执行以下至少一个来实现架构保护的执行环境：执行驻留在架构保护的存储器中的指令，或者防止未授权的 访问架构受保护的内存; 其中每个处理设备还包括第二处理逻辑，用于与所述处理系统的第二处理设备建立安全通信信道，采用所述安全通信信道来同步代表所述处理系统的平台标识密钥，并发送包括所述平台的平台清单 认证系统的身份密钥。

公开(公告)号：US20160255097A1

公开(公告)日：2016-09-01

申请号：US15152755

申请日：2016-05-12

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Simon P. Johnson ,  Steve Orrin ,  Willard M. Wiseman

IPC: H04L29/06 ,  H04W12/08 ,  H04W4/02 ,  H04W12/06

CPC classification number: H04L63/107 ,  G06F21/57 ,  G06F21/575 ,  G06F2221/2111 ,  H04W4/021 ,  H04W12/06 ,  H04W12/08

Abstract: In one embodiment, a method includes determining a location of a system responsive to location information received from at least one of a location sensor and a wireless device of the system, associating the location with a key present in the system to generate an authenticated location of the system, and determining whether the authenticated location is within a geofence boundary indicated in a location portion of a launch control policy (LCP) that provides a geographic-specific policy. Other embodiments are described and claimed.

公开(公告)号：US20150186680A1

公开(公告)日：2015-07-02

申请号：US14633701

申请日：2015-02-27

Applicant: INTEL CORPORATION

Inventor： Simon P. Johnson ,  Vincent R. Scarlata ,  Willard M. Wiseman

IPC: G06F21/71 ,  H04L9/32

CPC classification number: G06F21/71 ,  G06F21/10 ,  G06F21/57 ,  G06F2221/0748 ,  G06F2221/0797 ,  H04L9/3234

Abstract: An apparatus and method are described for implementing a trusted dynamic launch and trusted platform module (TPM) using a secure enclave. For example, a computer-implemented method according to one embodiment of the invention comprises: initializing a secure enclave in response to a first command, the secure enclave comprising a trusted software execution environment which prevents software executing outside the enclave from having access to software and data inside the enclave; and executing a trusted platform module (TPM) from within the secure enclave, the trusted platform module securely reading data from a set of platform control registers (PCR) in a processor or chipset component into a memory region allocated to the secure enclave.

Abstract translation: 描述了使用安全飞地实现可信的动态发射和可信平台模块（TPM）的装置和方法。 例如，根据本发明的一个实施例的计算机实现的方法包括：响应于第一命令初始化安全飞地，所述安全飞地包括可信软件执行环境，其防止在飞地之外执行的软件访问软件，以及 飞地内的数据; 以及从所述安全飞地内执行可信平台模块（TPM），所述可信平台模块将处理器或芯片组组件中的一组平台控制寄存器（PCR）中的数据安全地读取到分配给所述安全飞地的存储器区域中。