-
公开(公告)号:US20170177457A1
公开(公告)日:2017-06-22
申请号:US14978597
申请日:2015-12-22
申请人: ROBERT C. SWANSON , THEODROS YIGZAW , ESWARAMOORTHI NALLUSAMY , RAGHUNANDAN MAKARAM , VINCENT J. ZIMMER
发明人: ROBERT C. SWANSON , THEODROS YIGZAW , ESWARAMOORTHI NALLUSAMY , RAGHUNANDAN MAKARAM , VINCENT J. ZIMMER
IPC分类号: G06F11/263 , G06F21/53 , G06F1/24
CPC分类号: G06F11/263 , G06F1/24 , G06F11/073 , G06F11/0793 , G06F11/1016 , G06F21/53 , G06F2221/034
摘要: Methods and apparatus to increase cloud availability and silicon isolation using secure enclaves. A compute platform is configured to host a compute domain in which a plurality of secure enclaves are implemented. In conjunction with creating and deploying secure enclaves, mapping information is generated that maps the secure enclaves to platform/CPU resources, such as Intellectual Property blocks (IP) belong to the secure enclaves. In response to platform error events caused by errant platform/CPU resources, the secure enclave(s) belonging to the errant platform/CPU are identified via the mapping information, and an interrupt is directed to that/those secure enclave(s). In response to the interrupt, a secure enclave may be configured to one or more of handle the error, pass information to another secure enclave, and teardown the enclave. The secure enclave may execute an interrupt service routine that causes the errant platform/CPU resource to reset without resetting the entire platform or CPU, as applicable.
-
公开(公告)号:US20150089173A1
公开(公告)日:2015-03-26
申请号:US14034813
申请日:2013-09-24
申请人: Siddhartha Chhabra , Uday R. Savagaonkar , Michael A. Goldsmith , Simon P. Johnson , Rebekah M. Leslie-Hurd , Francis X. McKeen , Gilbert Neiger , Raghunandan Makaram , Carlos V. Rozas , Amy L. Santoni , Vincent R. Scarlata , Vedvyas Shanbhogue , Wesley H. Smith , Ittai Anati , Ilya Alexandrovich
发明人: Siddhartha Chhabra , Uday R. Savagaonkar , Michael A. Goldsmith , Simon P. Johnson , Rebekah M. Leslie-Hurd , Francis X. McKeen , Gilbert Neiger , Raghunandan Makaram , Carlos V. Rozas , Amy L. Santoni , Vincent R. Scarlata , Vedvyas Shanbhogue , Wesley H. Smith , Ittai Anati , Ilya Alexandrovich
CPC分类号: G06F12/1408 , G06F9/45558 , G06F12/0808 , G06F12/0897 , G06F12/1027 , G06F2009/45587 , G06F2212/1032 , G06F2212/1048 , G06F2212/152
摘要: Secure memory repartitioning technologies are described. A processor includes a processor core and a memory controller coupled between the processor core and main memory. The main memory includes a memory range including a section of convertible pages are convertible to secure pages or non-secure pages. The processor core, in response to a page conversion instruction, is to determine from the instruction a convertible page in the memory range to be converted and convert the convertible page to be at least one of a secure page or a non-secure page. The memory range may also include a hardware reserved section are convertible in response to a section conversion instruction.
摘要翻译: 描述了安全的内存重新分区技术。 处理器包括耦合在处理器核心和主存储器之间的处理器核心和存储器控制器。 主存储器包括一个内存范围,包括可转换页面的一部分可转换为安全页面或非安全页面。 响应于页面转换指令的处理器核心是从指令中确定要转换的存储器范围内的可转换页面,并将可转换页面转换为安全页面或非安全页面中的至少一个页面。 存储器范围还可以包括可响应于段转换指令而转换的硬件保留部分。
-
公开(公告)号:US20230237168A1
公开(公告)日:2023-07-27
申请号:US18193231
申请日:2023-03-30
CPC分类号: G06F21/602 , G06F21/85
摘要: Embodiments herein relate to an electronic device with an interface an interface to communicatively couple with a second electronic device via a communication link, and a link controller. The link controller may be configured to identify, from the second electronic device over the communication link, a flit related to a request from the second electronic device to access a resource of the first electronic device, wherein the flit is an element of a message authentication code (MAC) epoch; generate, based on the flit, a cache/mem interface message related to the request, wherein the cache/mem interface message includes an indication of the MAC epoch; and transmit, to a device fabric of the first electronic device, the cache/mem interface message prior to receipt of a MAC related to the MAC epoch. Other embodiments may be described and/or claimed.
-
公开(公告)号:US20190236022A1
公开(公告)日:2019-08-01
申请号:US16377230
申请日:2019-04-07
申请人: Vinodh Gopal , Wajdi Feghali , Raghunandan Makaram
发明人: Vinodh Gopal , Wajdi Feghali , Raghunandan Makaram
IPC分类号: G06F12/109 , G06F3/06
CPC分类号: G06F12/109 , G06F3/0622 , G06F3/0659 , G06F3/0673
摘要: Methods and apparatus for ultra-secure accelerators. New ISA enqueue (ENQ) instructions with a wrapping key (WK) are provided to facilitate secure access to on-chip and off-chip accelerators in computer platforms and systems. The ISA ENQ with WK instructions include a dest operand having an address of an accelerator portal and a scr operand having the address of a request descriptor in system memory defining a job to be performed by an accelerator and including a wrapped key. Execution of the instruction writes a record including the src and a WK to the portal, and the record is enqueued in an accelerator queue if a slot is available. The accelerator reads the enqueued request descriptor and uses the WK to unwrap the wrapped key, which is then used to decrypt encrypted data read from one or more buffers in memory. The accelerator then performs one or more functions on the decrypted data as defined by the job and writes the output of the processing back to memory with optional encryption.
-
5.发明申请USING AUTHENTICATED MANIFESTS TO ENABLE EXTERNAL CERTIFICATION OF MULTI-PROCESSOR PLATFORMS 有权使用认证机构启用多处理器平台的外部认证公开(公告)号:US20150178226A1
公开(公告)日:2015-06-25
申请号:US14140254
申请日:2013-12-24
申请人: Vincent R. Scarlata , Simon P. Johnson , Vladimir Beker , Jesse Walker , Carlos V. Rozas , Amy L. Santoni , Ittai Anati , Raghunandan Makaram , Francis X. McKeen , Uday R. Savagaonkar
发明人: Vincent R. Scarlata , Simon P. Johnson , Vladimir Beker , Jesse Walker , Carlos V. Rozas , Amy L. Santoni , Ittai Anati , Raghunandan Makaram , Francis X. McKeen , Uday R. Savagaonkar
IPC分类号: G06F12/14
CPC分类号: G06F12/1466 , G06F21/74 , G06F2212/1052
摘要: Systems and methods for secure delivery of output surface bitmaps to a display engine. An example processing system comprises: an architecturally protected memory; and a plurality of processing devices communicatively coupled to the architecturally protected memory, each processing device comprising a first processing logic to implement an architecturally-protected execution environment by performing at least one of: executing instructions residing in the architecturally protected memory, or preventing an unauthorized access to the architecturally protected memory; wherein each processing device further comprises a second processing logic to establish a secure communication channel with a second processing device of the processing system, employ the secure communication channel to synchronize a platform identity key representing the processing system, and transmit a platform manifest comprising the platform identity key to a certification system.
摘要翻译: 用于将输出表面位图安全传递到显示引擎的系统和方法。 一个示例处理系统包括:架构受保护的存储器; 以及多个处理设备,通信地耦合到架构保护的存储器,每个处理设备包括第一处理逻辑,以通过执行以下至少一个来实现架构保护的执行环境:执行驻留在架构保护的存储器中的指令,或者防止未授权的 访问架构受保护的内存; 其中每个处理设备还包括第二处理逻辑,用于与所述处理系统的第二处理设备建立安全通信信道,采用所述安全通信信道来同步代表所述处理系统的平台标识密钥,并发送包括所述平台的平台清单 认证系统的身份密钥。
-
公开(公告)号:US20230020359A1
公开(公告)日:2023-01-19
申请号:US17954419
申请日:2022-09-28
申请人: Nitish Paliwal , Binal Nasit , Peeyush Purohit , Kirk S. Yap , Raghunandan Makaram , Robert G. Blankenship
发明人: Nitish Paliwal , Binal Nasit , Peeyush Purohit , Kirk S. Yap , Raghunandan Makaram , Robert G. Blankenship
摘要: In one embodiment, an apparatus includes: a control circuit to receive a message authentication code (MAC) for an epoch comprising a plurality of flits; a calculation circuit to calculate a computed MAC for the epoch; a cryptographic circuit to receive the epoch via a link and decrypt the plurality of flits, prior to authentication of the epoch; and at least one memory to store messages of the decrypted plurality of flits, prior to the authentication of the epoch. Other embodiments are described and claimed.
-
公开(公告)号:US20170024573A1
公开(公告)日:2017-01-26
申请号:US14803956
申请日:2015-07-20
申请人: Binata Bhattacharyya , Raghunandan Makaram , Amy L. Santoni , George Z. Chrysos , Simon P. Johnson , Brian S. Morris , Francis X. McKeen
发明人: Binata Bhattacharyya , Raghunandan Makaram , Amy L. Santoni , George Z. Chrysos , Simon P. Johnson , Brian S. Morris , Francis X. McKeen
CPC分类号: G06F21/62 , G06F21/602 , G06F21/64 , G06F21/78 , G06F2221/2113
摘要: A processor implementing techniques for supporting configurable security levels for memory address ranges is disclosed. In one embodiment, the processor includes a processing core a memory controller, operatively coupled to the processing core, to access data in an off-chip memory and a memory encryption engine (MEE) operatively coupled to the memory controller. The MEE is to responsive to detecting a memory access operation with respect to a memory location identified by a memory address within a memory address range associated with the off-chip memory, identify a security level indicator associated with the memory location based on a value stored on a security range register. The MEE is further to access at least a portion of a data item associated with the memory address range of the off-chip memory in view of the security level indicator.
摘要翻译: 公开了一种实现用于支持存储器地址范围的可配置安全级别的技术的处理器。 在一个实施例中,处理器包括处理核心,存储器控制器,可操作地耦合到处理核心,以访问片外存储器中的数据和可操作地耦合到存储器控制器的存储器加密引擎(MEE)。 所述MEE响应于检测相对于与所述片外存储器相关联的存储器地址范围内的存储器地址识别的存储器位置的存储器访问操作,基于存储的值来识别与所述存储器位置相关联的安全级别指示符 在安全范围寄存器上。 鉴于安全级别指示符,MEE进一步访问与片外存储器的存储器地址范围相关联的数据项的至少一部分。
-
8.发明授权Configuring power management functionality in a processor including a plurality of cores by utilizing a register to store a power domain indicator 有权通过利用寄存器来存储电力域指示符来配置包括多个核的处理器中的电源管理功能公开(公告)号:US08984313B2
公开(公告)日:2015-03-17
申请号:US13600568
申请日:2012-08-31
CPC分类号: G06F1/324 , G06F1/26 , G06F1/3206 , G06F1/3225 , G06F1/3234 , G06F1/3243 , G06F1/3275 , G06F1/3296 , Y02D10/126 , Y02D10/172
摘要: In one embodiment, a multicore processor includes cores that can independently execute instructions, each at an independent voltage and frequency. The processor may include a power controller having logic to provide for configurability of power management features of the processor. One such feature enables at least one core to operate at an independent performance state based on a state of a single power domain indicator present in a control register. Other embodiments are described and claimed.
摘要翻译: 在一个实施例中,多核处理器包括可独立执行指令的核心,每个指令以独立的电压和频率进行。 处理器可以包括具有用于提供处理器的电源管理特征的可配置性的逻辑的功率控制器。 一种这样的特征使得至少一个核可以基于存在于控制寄存器中的单个功率域指示符的状态在独立的性能状态下操作。 描述和要求保护其他实施例。
-
公开(公告)号:US20140068290A1
公开(公告)日:2014-03-06
申请号:US13600568
申请日:2012-08-31
IPC分类号: G06F1/32
CPC分类号: G06F1/324 , G06F1/26 , G06F1/3206 , G06F1/3225 , G06F1/3234 , G06F1/3243 , G06F1/3275 , G06F1/3296 , Y02D10/126 , Y02D10/172
摘要: In one embodiment, a multicore processor includes cores that can independently execute instructions, each at an independent voltage and frequency. The processor may include a power controller having logic to provide for configurability of power management features of the processor. One such feature enables at least one core to operate at an independent performance state based on a state of a single power domain indicator present in a control register. Other embodiments are described and claimed.
-
公开(公告)号:US20140068284A1
公开(公告)日:2014-03-06
申请号:US13785259
申请日:2013-03-05
IPC分类号: G06F1/26
CPC分类号: G06F1/324 , G06F1/26 , G06F1/3206 , G06F1/3225 , G06F1/3234 , G06F1/3243 , G06F1/3275 , G06F1/3296 , Y02D10/126 , Y02D10/172
摘要: In one embodiment, a multicore processor includes cores that can independently execute instructions, each at an independent voltage and frequency. The processor may include a power controller having logic to provide for configurability of power management features of the processor. One such feature enables at least one core to operate at an independent performance state based on a state of a single power domain indicator present in a control register. Other embodiments are described and claimed.
摘要翻译: 在一个实施例中,多核处理器包括可独立执行指令的核心,每个指令以独立的电压和频率进行。 处理器可以包括具有用于提供处理器的电源管理特征的可配置性的逻辑的功率控制器。 一种这样的特征使得至少一个核可以基于存在于控制寄存器中的单个功率域指示符的状态在独立的性能状态下操作。 描述和要求保护其他实施例。
-
-
-
-
-
-
-
-
-
搜索结果
10 条记录 (耗时 0.016 秒)
