公开(公告)号：US11070527B2

公开(公告)日：2021-07-20

申请号：US16372353

申请日：2019-04-01

Applicant: Intel Corporation

Inventor： David J. Harriman ,  Raghunandan Makaram ,  Ioannis T. Schoinas ,  Kapil Sood ,  Yu-Yuan Chen ,  Vedvyas Shanbhogue ,  Siddhartha Chhabra ,  Reshma Lal ,  Reouven Elbaz

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/06 ,  G06F13/42

Abstract: A protected link between a first computing device and a second computing device is set up, wherein communication over the protected link is to comply with a communication protocol that allows packets to be reordered during transit. A plurality of packets are generated according to a packet format that ensures the plurality of packets will not be reordered during transmission over the protected link, the plurality of packets comprising a first packet and a second packet. Data of the plurality of packets are encrypted for transmission over the protected link, wherein data of the first packet is encrypted based on the cryptographic key and a first value of a counter and data of the second packet is encrypted based on the cryptographic key and a second value of the counter.

公开(公告)号：US11029957B1

公开(公告)日：2021-06-08

申请号：US16833478

申请日：2020-03-27

Applicant: INTEL CORPORATION

Inventor： Ravi Sahita ,  Deepak Gupta ,  Vedvyas Shanbhogue ,  David Hansen ,  Jason W. Brandt ,  Joseph Nuzman ,  Mingwei Zhang

IPC: G06F9/30 ,  G06F9/38 ,  G06F12/14

Abstract: Systems, methods, and apparatuses relating to instructions to compartmentalize memory accesses and execution (e.g., non-speculative and speculative) are described. In one embodiment, a compartment manager circuit is to determine, when a compartment control register of a hardware processor core is set to an enable value, that a first subset of code requested for execution on the hardware processor core in user privilege is within a first compartment of memory, load a first compartment descriptor for the first compartment into one or more registers of the hardware processor core from the memory, check if the first compartment is marked in the first compartment descriptor, within the one or more registers of the hardware processor core, as a management compartment, and, when the first compartment is marked in the first compartment descriptor as the management compartment, allowing the first subset of the code within the first compartment to load a second compartment descriptor for a second compartment of the memory into the one or more registers of the hardware processor core from the memory, switching execution from the first subset of code within the first compartment to a second subset of code in user privilege within the second compartment, allowing speculative memory accesses for the second subset of code only within the second compartment, and preventing a memory access outside of the second compartment for the second subset of code as indicated by the second compartment descriptor stored within the one or more registers of the hardware processor core.

公开(公告)号：US20210096930A1

公开(公告)日：2021-04-01

申请号：US16586028

申请日：2019-09-27

Applicant: Intel Corporation

Inventor： Hisham Shafi ,  Vedvyas Shanbhogue ,  Gilbert Neiger ,  James A. Coleman

IPC: G06F9/52 ,  G06F12/1009 ,  G06F12/084 ,  G06F13/16 ,  G06F9/30

Abstract: Systems, methods, and apparatuses relating to processor non-write-back capabilities are described. In one embodiment, a processor includes a plurality of logical processors, a control register comprising a non-write-back lock disable bit, a cache shared by the plurality of logical processors, a bus to couple the cache to a memory to service a memory request for the memory from the plurality of logical processors, and a memory controller to disable a non-write-back lock access of the bus for a read-modify-write type of the memory request issued by a logical processor of the plurality of logical processors when the non-write-back lock disable bit is set to a first value, and implement the non-write-back lock access of the bus for the read-modify-write type of the memory request when the non-write-back lock disable bit is set to a second value.

公开(公告)号：US10962596B2

公开(公告)日：2021-03-30

申请号：US16839238

申请日：2020-04-03

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Jeff Huxel ,  Wei Li ,  Sanjoy Mondal ,  Arvind Raman

IPC: G06F11/00 ,  G01R31/3187 ,  G06F1/3203 ,  G01R31/317 ,  G01R31/319 ,  G06F1/3234 ,  G06F11/34 ,  G06F11/07 ,  G06F11/273 ,  G06F11/22 ,  G06F11/263

Abstract: In one embodiment, a processor includes at least one core and an interface circuit to interface the at least one core to additional circuitry of the processor. In response to an in-field self test instruction, at least one core may save state to a low power memory, enter into a diagnostic sleep state and execute an in-field self test in the diagnostic sleep state in which the at least one core appears to be inactive. Other embodiments are described and claimed.

公开(公告)号：US20210064254A1

公开(公告)日：2021-03-04

申请号：US16643836

申请日：2017-09-29

Applicant: Intel Corporation

Inventor： David M. Durham ,  Ravi L. Sahita ,  Vedvyas Shanbhogue ,  Barry E. Huntley ,  Baiju Patel ,  Gideon Gerzon ,  Ioannis T. Schoinas ,  Hormuzd M. Khosravi ,  Siddhartha Chhabra ,  Carlos V. Rozas

IPC: G06F3/06 ,  G06F9/455

Abstract: There is disclosed a microprocessor, including: a processing core; and a total memory encryption (TME) engine to provide TME for a first trust domain (TD), and further to: allocate a block of physical memory to the first TD and a first cryptographic key to the first TD; map within an extended page table (EPT) a host physical address (HPA) space to a guest physical address (GPA) space of the TD; create a memory ownership table (MOT) entry for a memory page within the block of physical memory, wherein the MOT table comprises a GPA reverse mapping; encrypt the MOT entry using the first cryptographic key; and append to the MOT entry verification data, wherein the MOT entry verification data enables detection of an attack on the MOT entry.

公开(公告)号：US10831679B2

公开(公告)日：2020-11-10

申请号：US15934916

申请日：2018-03-23

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Joseph Nuzman ,  Baiju Patel

IPC: G06F12/14 ,  G06F12/02 ,  G06F21/52

Abstract: Systems, methods, and apparatuses for defending against cross-privilege linear access are described. For example, an implementation of an apparatus comprising privilege level storage to store a current privilege level and address check circuitry coupled to the privilege level storage, wherein the address check circuitry is to determine whether a linear address associated with an instruction is allowed to access a partition of a linear address space of the apparatus based upon a comparison of the current privilege level and a most significant bit of the linear address is described.

公开(公告)号：US20200310972A1

公开(公告)日：2020-10-01

申请号：US16367527

申请日：2019-03-28

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Ravi L. Sahita ,  Vincent Scarlata ,  Barry E. Huntley

IPC: G06F12/0817 ,  G06F12/1009 ,  H04L9/30 ,  H04L9/32 ,  G06F9/455

Abstract: A processor includes a range register to store information that identifies a reserved range of memory associated with a secure arbitration mode (SEAM) and a core coupled to the range register. The core includes security logic to unlock the range register on a logical processor, of the processor core, that is to initiate the SEAM. The logical processor is to, via execution of the security logic, store, in the reserved range, a SEAM module and a manifest associated with the SEAM module, wherein the SEAM module supports execution of one or more trust domains; initialize a SEAM virtual machine control structure (VMCS) within the reserved range of the memory that is to control state transitions between a virtual machine monitor (VMM) and the SEAM module; and authenticate the SEAM module using a manifest signature of the manifest.

公开(公告)号：US20200296099A1

公开(公告)日：2020-09-17

申请号：US16298588

申请日：2019-03-11

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Siddhartha Chhabra

IPC: H04L29/06 ,  G06F21/60 ,  H04L9/08

Abstract: A system on a chip (SoC) includes memory, a processor coupled to the memory, and link protection circuitry coupled to the memory and the processor. The link protection circuitry includes an SoC encryption engine to receive first data from the memory and a first key, generate, by an SoC encryption counter of the SoC encryption engine, an SoC encryption counter value, encrypt the first data using the SoC encryption counter value and the first key to generate first encrypted data, and cause the first encrypted data to be transmitted to a device including a device decryption counter synchronized with the SoC encryption counter.

公开(公告)号：US20200233807A1

公开(公告)日：2020-07-23

申请号：US16838418

申请日：2020-04-02

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Krystof C. Zmudzinski ,  Carlos V. Rozas ,  Francis X. McKeen ,  Raghunandan Makaram ,  Ilya Alexandrovich ,  Ittai Anati ,  Meltem Ozsoy

IPC: G06F12/0862 ,  G06F12/1009 ,  G06F12/14 ,  G06F12/1027 ,  G06F12/0846

Abstract: Secure memory repartitioning technologies are described. Embodiments of the disclosure may include a processing device including a processor core and a memory controller coupled between the processor core and a memory device. The memory device includes a memory range including a section of convertible pages that are convertible to secure pages or non-secure pages. The processor core is to receive a non-secure access request to a page in the memory device, responsive to a determination, based on one or more secure state bits in one or more secure state bit arrays, that the page is a secure page, insert an abort page address into a translation lookaside buffer, and responsive to a determination, based on the one or more secure state bits in the one or more secure state bit arrays, that the page is a non-secure page, insert the page into the translation lookaside buffer.

公开(公告)号：US20200104266A1

公开(公告)日：2020-04-02

申请号：US16145942

申请日：2018-09-28

Applicant: Intel Corporation

Inventor： Siddhartha Chhabra ,  Vedvyas Shanbhogue

IPC: G06F12/14 ,  G06F21/64 ,  G06F21/74 ,  G06F21/62 ,  G06F21/78 ,  H04L9/14

Abstract: Techniques and mechanisms for configuring services which variously facilitate data protection. In an embodiment, circuitry coupled to a memory comprises both a first circuit which calculates integrity information based on data, and a second circuit which evaluates data validity based on such integrity information. A configuration of the circuitry provides a combination of one or more services which is specific to a corresponding domain of the memory. With respect to accesses to the corresponding domain, the configuration prevents an access to the first circuit while an access to the second circuit is permitted. In another embodiment, a processor signals the circuitry to transition to another configuration which, with respect to accesses to the corresponding domain, permits access to both the first circuit and the second circuit.