公开(公告)号：US10592421B2

公开(公告)日：2020-03-17

申请号：US15250787

申请日：2016-08-29

Applicant: Intel Corporation

Inventor： Carlos V. Rozas ,  Ilya Alexandrovich ,  Ittai Anati ,  Alex Berenzon ,  Michael A. Goldsmith ,  Barry E. Huntley ,  Anton Ivanov ,  Simon P. Johnson ,  Rebekah M. Leslie-Hurd ,  Francis X. McKeen ,  Gilbert Neiger ,  Rinat Rappoport ,  Scott D. Rodgers ,  Uday R. Savagaonkar ,  Vincent R. Scarlata ,  Vedvyas Shanbhogue ,  Wesley H. Smith ,  William C. Wood

IPC: G06F12/00 ,  G06F12/08 ,  G06F13/00 ,  G06F12/0875 ,  G06F12/0808 ,  G06F12/1027

Abstract: Instructions and logic provide advanced paging capabilities for secure enclave page caches. Embodiments include multiple hardware threads or processing cores, a cache to store secure data for a shared page address allocated to a secure enclave accessible by the hardware threads. A decode stage decodes a first instruction specifying said shared page address as an operand, and execution units mark an entry corresponding to an enclave page cache mapping for the shared page address to block creation of a new translation for either of said first or second hardware threads to access the shared page. A second instruction is decoded for execution, the second instruction specifying said secure enclave as an operand, and execution units record hardware threads currently accessing secure data in the enclave page cache corresponding to the secure enclave, and decrement the recorded number of hardware threads when any of the hardware threads exits the secure enclave.

公开(公告)号：US20200004991A1

公开(公告)日：2020-01-02

申请号：US16352051

申请日：2019-03-13

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Jason W. Brandt ,  Uday Savagaonkar ,  Ravi L. Sahita

IPC: G06F21/71 ,  G06F9/30 ,  G06F9/38 ,  G06F21/52

Abstract: In an embodiment, the present invention includes a processor having an execution logic to execute instructions and a control transfer termination (CTT) logic coupled to the execution logic. This logic is to cause a CTT fault to be raised if a target instruction of a control transfer instruction is not a CTT instruction. Other embodiments are described and claimed.

公开(公告)号：US10409597B2

公开(公告)日：2019-09-10

申请号：US15972573

申请日：2018-05-07

Applicant: Intel Corporation

Inventor： Rebekah Leslie-Hurd ,  Carlos V. Rozas ,  Vincent R. Scarlata ,  Simon P. Johnson ,  Uday R. Savagaonkar ,  Barry E. Huntley ,  Vedvyas Shanbhogue ,  Ittai Anati ,  Francis X. Mckeen ,  Michael A. Goldsmith ,  Ilya Alexandrovich ,  Alex Berenzon ,  Wesley H. Smith ,  Gilbert Neiger

IPC: G06F12/00 ,  G06F9/30 ,  G06F12/0875 ,  G06F9/44 ,  G06F12/084 ,  G06F12/14

Abstract: Embodiments of an invention for memory management in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction and a second instruction. The execution unit is to execute the first instruction, wherein execution of the first instruction includes allocating a page in an enclave page cache to a secure enclave. The execution unit is also to execute the second instruction, wherein execution of the second instruction includes confirming the allocation of the page.

公开(公告)号：US10402218B2

公开(公告)日：2019-09-03

申请号：US15251425

申请日：2016-08-30

Applicant: INTEL CORPORATION

Inventor： Vedvyas Shanbhogue ,  Gilbert Neiger ,  Arumugam Thiyagarajah

IPC: G06F11/30 ,  G06F9/455 ,  G06F11/22 ,  G06F12/14 ,  G06F12/1045

Abstract: A processor may include a register to store a bus-lock-disable bit and an execution unit to execute instructions. The execution unit may receive an instruction that includes a memory access request. The execution may further determine that the memory access request requires acquiring a bus lock, and, responsive to detecting that the bus-lock-disable bit indicates that bus locks are disabled, signal a fault to an operating system.

公开(公告)号：US20190044729A1

公开(公告)日：2019-02-07

申请号：US15859295

申请日：2017-12-29

Applicant: Intel Corporation

Inventor： Siddhartha Chhabra ,  Vedvyas Shanbhogue

IPC: H04L9/32 ,  H04L9/06 ,  H04L9/14 ,  G06F12/14

Abstract: A processer is provided that includes on-die memory, a protected memory region, and a memory encryption engine (MEE). The MEE includes logic to: receive a request for data in a particular page in the protected region of memory, and access a pointer in an indirection directory, where the pointer is to point to a particular metadata page stored outside the protected region of memory. The particular metadata page includes a first portion of security metadata for use in securing the data of the particular page. The MEE logic is further to access a second portion of the security metadata associated with the particular page from the protected region of memory, and determine authenticity of the data of the particular page based on the first and second portions of the security metadata.

公开(公告)号：US20180095894A1

公开(公告)日：2018-04-05

申请号：US15282300

申请日：2016-09-30

Applicant: Intel Corporation

Inventor： Rebekah M. Leslie-Hurd ,  Francis X. McKeen ,  Carlos V. Rozas ,  Gilbert Neiger ,  Asit K. Mallick ,  Ittai Anati ,  Ilya Alexandrovich ,  Vedvyas Shanbhogue ,  Somnath Chakrabarti

IPC: G06F12/12 ,  G06F3/06 ,  G06F12/0875 ,  G06F9/455

CPC classification number: G06F12/12 ,  G06F3/0604 ,  G06F3/0631 ,  G06F3/064 ,  G06F3/0664 ,  G06F3/0665 ,  G06F3/0673 ,  G06F9/45558 ,  G06F12/0875 ,  G06F2009/45583 ,  G06F2212/1016 ,  G06F2212/151 ,  G06F2212/152 ,  G06F2212/402 ,  G06F2212/604

Abstract: Implementations of the disclosure provide for supporting oversubscription of guest enclave memory pages. In one implementation, a processing device comprising a memory controller unit to access a secure enclave and a processor core, operatively coupled to the memory controller unit. The processing device is to identify a target memory page in memory. The target memory page is associated with a secure enclave of a virtual machine (VM). A data structure comprising context information corresponding to the target memory page is received. A state of the target memory page is determined based on the received data structure. The state indicating whether the target memory page is associated with at least one of: a child memory page or a parent memory page of the VM. Thereupon, an instruction to evict the target memory page from the secure enclave is generated based on the determined state.

公开(公告)号：US20180074969A1

公开(公告)日：2018-03-15

申请号：US15260893

申请日：2016-09-09

Applicant: Intel Corporation

Inventor： Gilbert Neiger ,  Baiju V. Patel ,  Gur Hildesheim ,  Ron Rais ,  Andrew V. Anderson ,  Jason W. Brandt ,  David M. Durham ,  Barry E. Huntley ,  Raanan Sade ,  Ravi L. Sahita ,  Vedvyas Shanbhogue ,  Arumugam Thiyagarajah

IPC: G06F12/1009 ,  G06F12/14 ,  G06F9/455

CPC classification number: G06F12/1009 ,  G06F9/45545 ,  G06F9/45558 ,  G06F12/1441 ,  G06F12/145 ,  G06F12/1491 ,  G06F2009/45583 ,  G06F2009/45587 ,  G06F2212/151 ,  G06F2212/651

Abstract: A processing system includes a processing core to execute a virtual machine (VM) comprising a guest operating system (OS) and a memory management unit, communicatively coupled to the processing core, comprising a storage device to store an extended page table entry (EPTE) comprising a mapping from a guest physical address (GPA) associated with the guest OS to an identifier of a memory frame, a first plurality of access right flags associated with accessing the memory frame in a first page mode referenced by an attribute of a memory page identified by the GPA, and a second plurality of access right flags associated with accessing the memory frame in a second page mode referenced by the attribute of the memory page identified by the GPA.

公开(公告)号：US20180067866A1

公开(公告)日：2018-03-08

申请号：US15259411

申请日：2016-09-08

Applicant: INTEL CORPORATION

Inventor： Vedvyas Shanbhogue ,  Gilbert Neiger ,  Barry E. Huntley

IPC: G06F12/1009 ,  G06F11/07 ,  G06F12/14 ,  G06F9/455

CPC classification number: G06F12/1009 ,  G06F9/45558 ,  G06F11/0712 ,  G06F11/073 ,  G06F11/0751 ,  G06F11/0787 ,  G06F12/109 ,  G06F12/145 ,  G06F2009/45583 ,  G06F2212/1024 ,  G06F2212/151 ,  G06F2212/651

Abstract: A processor includes a core with virtualization support circuitry to, in response to a request to access an instruction, retrieve a logical address from a virtual machine control structure (VMCS) associated with a virtual machine. The logical address corresponds to the instruction to be accessed. The virtualization support circuitry may further translate the logical address to a guest virtual address; invoke translation circuitry to translate the guest virtual address to a guest physical address, and translate the guest physical address to a host physical address; and store at least one of the guest physical address or the host physical address in the VMCS.

公开(公告)号：US09798666B2

公开(公告)日：2017-10-24

申请号：US14752109

申请日：2015-06-26

Applicant: Intel Corporation

Inventor： Rebekah M. Leslie-Hurd ,  Carlos V. Rozas ,  Francis X. McKeen ,  Ilya Alexandrovich ,  Vedvyas Shanbhogue ,  Bin Xing ,  Mark W. Shanahan ,  Simon P. Johnson

IPC: G06F12/08 ,  G06F12/0844 ,  G06F12/0882

CPC classification number: G06F12/0844 ,  G06F11/073 ,  G06F11/0775 ,  G06F12/0882 ,  G06F2212/1032 ,  G06F2212/1052 ,  G06F2212/281 ,  G06F2212/312 ,  G06F2212/402 ,  G06F2212/608

Abstract: A processor implementing techniques to supporting fault information delivery is disclosed. In one embodiment, the processor includes a memory controller unit to access an enclave page cache (EPC) and a processor core coupled to the memory controller unit. The processor core to detect a fault associated with accessing the EPC and generate an error code associated with the fault. The error code reflects an EPC-related fault cause. The processor core is further to encode the error code into a data structure associated with the processor core. The data structure is for monitoring a hardware state related to the processor core.

公开(公告)号：US20170293775A1

公开(公告)日：2017-10-12

申请号：US15635294

申请日：2017-06-28

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Jason W. Brandt ,  Uday Savagaonkar ,  Ravi L. Sahita

IPC: G06F21/71

CPC classification number: G06F21/71 ,  G06F9/3005 ,  G06F9/30054 ,  G06F9/30076 ,  G06F9/3012 ,  G06F9/30145 ,  G06F9/3851 ,  G06F9/3857 ,  G06F9/3861 ,  G06F21/52

Abstract: In an embodiment, the present invention includes a processor having an execution logic to execute instructions and a control transfer termination (CTT) logic coupled to the execution logic. This logic is to cause a CTT fault to be raised if a target instruction of a control transfer instruction is not a CTT instruction. Other embodiments are described and claimed.