公开(公告)号：US20190012484A1

公开(公告)日：2019-01-10

申请号：US15748893

申请日：2016-08-25

Applicant: Apple Inc.

Inventor： Manu Gulati ,  Joseph Sokol, Jr. ,  Jeffrey R. Wilcox ,  Bernard J. Semeria ,  Michael J. Smith

IPC: G06F21/72 ,  G06F21/78 ,  G06F12/14 ,  G06F12/1027 ,  G06F12/02 ,  H04L9/08

CPC classification number: G06F21/72 ,  G06F12/0246 ,  G06F12/1027 ,  G06F12/1408 ,  G06F21/78 ,  G06F2212/7206 ,  G06F2212/7208 ,  G06F2221/2143 ,  H04L9/0861 ,  H04L9/0894 ,  H04L2209/12

Abstract: In one embodiment, a system includes a non-volatile memory that may serve as both the main memory system and the backing store (or persistent storage). In some embodiments, the non-volatile memory is divided into a main memory portion and a persistent portion. Data in the main memory operation may be encrypted using one or more first keys, and data in the persistent portion may be encrypted using one or more second keys, in an embodiment. The volatile behavior of main memory may be implemented by discarding the one or more first keys in a power down event or other event that indicates a loss of main memory data, while the one or more second keys may be retained. In one embodiment, the physical address space of the non-volatile memory may be a mapping from a second physical address space that is used within the system.

公开(公告)号：US09047471B2

公开(公告)日：2015-06-02

申请号：US13626585

申请日：2012-09-25

Applicant: Apple Inc.

Inventor： R. Stephen Polzin ,  Fabrice L. Gautier ,  Mitchell D. Adler ,  Timothy R. Paaske ,  Michael J. Smith

IPC: G06F9/24 ,  G06F1/24 ,  G06F15/177 ,  G06F7/04 ,  H04N7/16 ,  G06F21/57 ,  G06F21/74 ,  G06F21/76 ,  G06F21/00 ,  G06F9/44 ,  G06F12/14 ,  G06F9/445 ,  G06F15/167

CPC classification number: G06F21/575 ,  G06F1/24 ,  G06F9/24 ,  G06F9/4401 ,  G06F9/44505 ,  G06F12/14 ,  G06F15/167 ,  G06F21/00 ,  G06F21/572 ,  G06F21/60 ,  G06F21/74 ,  G06F21/76 ,  G06F21/81

Abstract: An SOC implements a security enclave processor (SEP). The SEP may include a processor and one or more security peripherals. The SEP may be isolated from the rest of the SOC (e.g. one or more central processing units (CPUs) in the SOC, or application processors (APs) in the SOC). Access to the SEP may be strictly controlled by hardware. For example, a mechanism in which the CPUs/APs can only access a mailbox location in the SEP is described. The CPU/AP may write a message to the mailbox, which the SEP may read and respond to. The SEP may include one or more of the following in some embodiments: secure key management using wrapping keys, SEP control of boot and/or power management, and separate trust zones in memory.

Abstract translation: SOC实现安全飞地处理器（SEP）。 SEP可以包括处理器和一个或多个安全外设。 SEP可以与SOC的其余部分隔离（例如SOC中的一个或多个中央处理单元（CPU），或SOC中的应用处理器（AP））。 对SEP的访问可以由硬件严格控制。 例如，描述了CPU / AP仅能访问SEP中的邮箱位置的机制。 CPU / AP可以向邮箱写入消息，SEP可以读取并响应。 在一些实施例中，SEP可以包括以下一个或多个：使用包装密钥的安全密钥管理，引导和/或电源管理的SEP控制以及存储器中的单独的信任区域。

公开(公告)号：US20140089682A1

公开(公告)日：2014-03-27

申请号：US13626566

申请日：2012-09-25

Applicant: APPLE INC.

Inventor： Manu Gulati ,  Michael J. Smith ,  Shu-Yi Yu

IPC: G06F21/00

CPC classification number: G06F21/72 ,  G06F21/575

Abstract: An SOC implements a security enclave processor (SEP). The SEP may include a processor and one or more security peripherals. The SEP may be isolated from the rest of the SOC (e.g. one or more central processing units (CPUs) in the SOC, or application processors (APs) in the SOC). Access to the SEP may be strictly controlled by hardware. For example, a mechanism in which the CPUs/APs can only access a mailbox location in the SEP is described. The CPU/AP may write a message to the mailbox, which the SEP may read and respond to. The SEP may include one or more of the following in some embodiments: secure key management using wrapping keys, SEP control of boot and/or power management, and separate trust zones in memory.

Abstract translation: SOC实现安全飞地处理器（SEP）。 SEP可以包括处理器和一个或多个安全外设。 SEP可以与SOC的其余部分隔离（例如SOC中的一个或多个中央处理单元（CPU），或SOC中的应用处理器（AP））。 对SEP的访问可以由硬件严格控制。 例如，描述了CPU / AP仅能访问SEP中的邮箱位置的机制。 CPU / AP可以向邮箱写入消息，SEP可以读取并响应。 在一些实施例中，SEP可以包括以下一个或多个：使用包装密钥的安全密钥管理，引导和/或电源管理的SEP控制以及存储器中的单独的信任区域。

公开(公告)号：US20140089650A1

公开(公告)日：2014-03-27

申请号：US13626585

申请日：2012-09-25

Applicant: APPLE INC.

Inventor： R. Stephen Polzin ,  Fabrice L. Gautier ,  Mitchell D. Adler ,  Timothy R. Paaske ,  Michael J. Smith

IPC: G06F15/177

CPC classification number: G06F21/575 ,  G06F1/24 ,  G06F9/24 ,  G06F9/4401 ,  G06F9/44505 ,  G06F12/14 ,  G06F15/167 ,  G06F21/00 ,  G06F21/572 ,  G06F21/60 ,  G06F21/74 ,  G06F21/76 ,  G06F21/81

Abstract: An SOC implements a security enclave processor (SEP). The SEP may include a processor and one or more security peripherals. The SEP may be isolated from the rest of the SOC (e.g. one or more central processing units (CPUs) in the SOC, or application processors (APs) in the SOC). Access to the SEP may be strictly controlled by hardware. For example, a mechanism in which the CPUs/APs can only access a mailbox location in the SEP is described. The CPU/AP may write a message to the mailbox, which the SEP may read and respond to. The SEP may include one or more of the following in some embodiments: secure key management using wrapping keys, SEP control of boot and/or power management, and separate trust zones in memory.

Abstract translation: SOC实现安全飞地处理器（SEP）。 SEP可以包括处理器和一个或多个安全外设。 SEP可以与SOC的其余部分隔离（例如SOC中的一个或多个中央处理单元（CPU），或SOC中的应用处理器（AP））。 对SEP的访问可以由硬件严格控制。 例如，描述了CPU / AP仅能访问SEP中的邮箱位置的机制。 CPU / AP可以向邮箱写入消息，SEP可以读取并响应。 在一些实施例中，SEP可以包括以下一个或多个：使用包装密钥的安全密钥管理，引导和/或电源管理的SEP控制以及存储器中的单独的信任区域。

公开(公告)号：US20140075208A1

公开(公告)日：2014-03-13

申请号：US14082940

申请日：2013-11-18

Applicant: Apple Inc.

Inventor： Kenneth L. Herman ,  Matthew J. Byom ,  Michael J. Smith ,  Tahoma M. Toelkes

IPC: G06F12/14

CPC classification number: G06F12/1408 ,  G06F12/0246 ,  G06F21/72 ,  G06F21/79 ,  G06F2221/2107 ,  G11C16/10 ,  G11C16/22

Abstract: Systems, apparatuses, and methods are provided for whitening and managing data for storage in non-volatile memories, such as Flash memory. In some embodiments, an electronic device such as media player is provided, which may include a system-on-a-chip (SoC) and a non-volatile memory. The SoC may include SoC control circuitry and a memory interface that acts as an interface between the SoC control circuitry and the non-volatile memory. The SoC can also include an encryption module, such as a block cipher based on the Advanced Encryption Standard (AES). The memory interface can direct the encryption module to whiten all types of data prior to storage in the non-volatile memory, including sensitive data, non-sensitive data, and memory management data. This can, for example, prevent or reduce program-disturb problems or other read/write/erase reliability issues.

Abstract translation: 提供了用于白化和管理数据以存储在诸如闪存的非易失性存储器中的系统，装置和方法。 在一些实施例中，提供诸如媒体播放器的电子设备，其可以包括片上系统（SoC）和非易失性存储器。 SoC可以包括SoC控制电路和用作SoC控制电路和非易失性存储器之间的接口的存储器接口。 SoC还可以包括加密模块，例如基于高级加密标准（AES）的块密码。 存储器接口可以指示加密模块在存储在非易失性存储器之前对所有类型的数据进行白化，包括敏感数据，非敏感数据和存储器管理数据。 这可以例如防止或减少程序干扰问题或其他读/写/擦除可靠性问题。

公开(公告)号：US20220058292A1

公开(公告)日：2022-02-24

申请号：US17469591

申请日：2021-09-08

Applicant: Apple Inc.

Inventor： Manu Gulati ,  Joseph Sokol, JR. ,  Jeffrey R. Wilcox ,  Bernard J. Semeria ,  Michael J. Smith

IPC: G06F21/72 ,  G06F12/02 ,  G06F12/1027 ,  G06F12/14 ,  G06F21/78 ,  H04L9/08

Abstract: In one embodiment, a system includes a non-volatile memory that may serve as both the main memory system and the backing store (or persistent storage). In some embodiments, the non-volatile memory is divided into a main memory portion and a persistent portion. Data in the main memory operation may be encrypted using one or more first keys, and data in the persistent portion may be encrypted using one or more second keys, in an embodiment. The volatile behavior of main memory may be implemented by discarding the one or more first keys in a power down event or other event that indicates a loss of main memory data, while the one or more second keys may be retained. In one embodiment, the physical address space of the non-volatile memory may be a mapping from a second physical address space that is used within the system.

公开(公告)号：US09703748B2

公开(公告)日：2017-07-11

申请号：US14459731

申请日：2014-08-14

Applicant: Apple Inc.

Inventor： Michael J. Smith ,  Josh P. de Cesare ,  Brijesh Tripathi ,  Derek Iwamoto ,  Shane J Keil

IPC: G06F13/36 ,  G06F13/42 ,  G06F13/40 ,  G06F13/10 ,  G06F13/38

CPC classification number: G06F13/4226 ,  G06F13/105 ,  G06F13/28 ,  G06F13/385 ,  G06F13/4022 ,  G06F13/4059

Abstract: An interface emulator for an IC is disclosed. An interface emulator includes a first first-in, first-out memory (FIFO) and a second FIFO. The first FIFO is coupled to receive data from an access port and a second FIFO coupled to receive data from at least one functional unit in the IC. The access port may be coupled to a device that is external to the IC. The external device may write information into the first FIFO, and this information may subsequently be read by a functional unit in the IC. Similarly, the functional unit may write information into the second FIFO, with the external device subsequently reading the information. Information may be written into the FIFOs in accordance with a predefined protocol. Thus, a particular type of interface may be emulated even though the physical connection and supporting circuitry for that interface is not otherwise implemented in the IC.

公开(公告)号：US08832465B2

公开(公告)日：2014-09-09

申请号：US13626566

申请日：2012-09-25

Applicant: Apple Inc.

Inventor： Manu Gulati ,  Michael J. Smith ,  Shu-Yi Yu

IPC: G06F11/30 ,  G06F12/14

CPC classification number: G06F21/72 ,  G06F21/575

Abstract: An SOC implements a security enclave processor (SEP). The SEP may include a processor and one or more security peripherals. The SEP may be isolated from the rest of the SOC (e.g. one or more central processing units (CPUs) in the SOC, or application processors (APs) in the SOC). Access to the SEP may be strictly controlled by hardware. For example, a mechanism in which the CPUs/APs can only access a mailbox location in the SEP is described. The CPU/AP may write a message to the mailbox, which the SEP may read and respond to. The SEP may include one or more of the following in some embodiments: secure key management using wrapping keys, SEP control of boot and/or power management, and separate trust zones in memory.

Abstract translation: SOC实现安全飞地处理器（SEP）。 SEP可以包括处理器和一个或多个安全外设。 SEP可以与SOC的其余部分隔离（例如SOC中的一个或多个中央处理单元（CPU），或SOC中的应用处理器（AP））。 对SEP的访问可以由硬件严格控制。 例如，描述了CPU / AP仅能访问SEP中的邮箱位置的机制。 CPU / AP可以向邮箱写入消息，SEP可以读取并响应。 在一些实施例中，SEP可以包括以下一个或多个：使用包装密钥的安全密钥管理，引导和/或电源管理的SEP控制以及存储器中的单独的信任区域。

公开(公告)号：US10860412B2

公开(公告)日：2020-12-08

申请号：US16147330

申请日：2018-09-28

Applicant: Apple Inc.

Inventor： Christopher J. Noe ,  Joshua H. Berlin ,  Joseph J. Castro ,  Hardik K. Doshi ,  Joel N. Kerr ,  Kerry J. Kopp ,  Michael J. Smith

IPC: G06F11/07

Abstract: One embodiment provides for a data processing system comprising multiple independent processors to execute multiple operating system environments of the data processing system, the multiple operating system environments to enable operation of multiple regions of a computing device associated with the data processing system. The multiple operating system environments are interconnected via a transport agnostic communication link. In response to detection of a fatal error in one or more of the multiple operating system environments, the multiple operating system environments coordinate performance of multiple separate error handling operations within the multiple operating system environments to generate a combined error log. The combined error log includes operational states of the multiple operating system environments.

公开(公告)号：US20150046702A1

公开(公告)日：2015-02-12

申请号：US13963457

申请日：2013-08-09

Applicant: Apple Inc.

Inventor： Timothy R. Paaske ,  David S. Warren ,  Michael J. Smith ,  Diarmuid P. Ross ,  Weihua Mao

IPC: G06F12/14 ,  H04L9/12

CPC classification number: G06F12/1408 ,  G06F21/602 ,  G06F21/72 ,  G06F21/85 ,  G06F21/87 ,  G09C1/00 ,  H04L9/12 ,  H04L2209/12

Abstract: In an embodiment, a peripheral interface controller may include an inline cryptographic engine which may encrypt data being sent over a peripheral interface and decrypt data received from the peripheral interface. The encryption may be transparent to the device connected to the peripheral interface that is receiving/supplying the data. In an embodiment, the peripheral interface controller is included in a system on a chip (SOC) that also includes a memory controller configured to couple to a memory. The memory may be mounted on the SOC in a chip-on-chip or package-on-package configuration. The unencrypted data may be stored in the memory for use by other parts of the SOC (e.g. processors, on-chip peripherals, etc.). The keys used for the encryption/decryption of data may remain within the SOC.

Abstract translation: 在一个实施例中，外围接口控制器可以包括内联密码引擎，其可以对通过外围接口发送的数据进行加密，并解密从外围接口接收的数据。 加密可能对连接到正在接收/提供数据的外设接口的设备是透明的。 在一个实施例中，外围接口控制器包括在芯片上的系统（SOC）中，该系统还包括被配置为耦合到存储器的存储器控​​制器。 存储器可以以片上芯片或封装的封装形式安装在SOC上。 未加密的数据可以存储在存储器中以供SOC的其他部分使用（例如处理器，片上外设等）。 用于加密/解密数据的密钥可能保留在SOC内。