公开(公告)号：US11709675B2

公开(公告)日：2023-07-25

申请号：US17348576

申请日：2021-06-15

Applicant: Apple Inc.

Inventor： Filip J. Pizlo ,  Michael L. Saboff ,  Bernard J. Semeria ,  Jacques Fortier ,  Ivan Krstić ,  Yusuke Suzuki ,  Saam J. Barati ,  Yin Zin Mark Lam

IPC: G06F21/00 ,  G06F9/30 ,  G06F9/455 ,  H04L9/08 ,  G06F21/53

CPC classification number: G06F9/30054 ,  G06F9/45516 ,  G06F21/53 ,  H04L9/0894 ,  G06F2221/033

Abstract: In an embodiment, dynamically-generated code may be supported in the system by ensuring that the code either remains executing within a predefined region of memory or exits to one of a set of valid exit addresses. Software embodiments are described in which the dynamically-generated code is scanned prior to permitting execution of the dynamically-generated code to ensure that various criteria are met including exclusion of certain disallowed instructions and control of branch target addresses. Hardware embodiments are described in which the dynamically-generated code is permitted to executed but is monitored to ensure that the execution criteria are met.

公开(公告)号：US20200082070A1

公开(公告)日：2020-03-12

申请号：US16664719

申请日：2019-10-25

Applicant: Apple Inc.

Inventor： Bernard J. Semeria ,  Devon S. Andrade ,  Jeremy C. Andrus ,  Ahmed Bougacha ,  Peter Cooper ,  Jacques Fortier ,  Louis G. Gerbarg ,  James H. Grosbach ,  Robert J. McCall ,  Daniel A. Steffen ,  Justin R. Unger

IPC: G06F21/44 ,  H04L9/32 ,  G06F15/78

Abstract: Embodiments described herein enable the interoperability between processes configured for pointer authentication and processes that are not configured for pointer authentication. Enabling the interoperability between such processes enables essential libraries, such as system libraries, to be compiled with pointer authentication, while enabling those libraries to still be used by processes that have not yet been compiled or configured to use pointer authentication.

公开(公告)号：US20200082069A1

公开(公告)日：2020-03-12

申请号：US16664714

申请日：2019-10-25

Applicant: Apple Inc.

Inventor： Bernard J. Semeria ,  Devon S. Andrade ,  Jeremy C. Andrus ,  Ahmed Bougacha ,  Peter Cooper ,  Jacques Fortier ,  Louis G. Gerbarg ,  James H. Grosbach ,  Robert J. McCall ,  Daniel A. Steffen ,  Justin R. Unger

IPC: G06F21/44 ,  H04L9/32 ,  G06F15/78

Abstract: Embodiments described herein enable the interoperability between processes configured for pointer authentication and processes that are not configured for pointer authentication. Enabling the interoperability between such processes enables essential libraries, such as system libraries, to be compiled with pointer authentication, while enabling those libraries to still be used by processes that have not yet been compiled or configured to use pointer authentication.

公开(公告)号：US20250094565A1

公开(公告)日：2025-03-20

申请号：US18790895

申请日：2024-07-31

Applicant: Apple Inc.

Inventor： Peter A. Lisherness ,  Assaf Menachem ,  Assaf Metuki ,  Benjamin Biron ,  D J Capelis ,  Husam Khashiboun ,  Jacques Fortier

IPC: G06F21/53 ,  G06F21/62

Abstract: Techniques are disclosed relating to securing hardware accelerators used by a computing device. In some embodiments, a computing device includes user interface and user interface pipeline circuitry coupled to the user interface. The user interface pipeline circuitry is configured to process a set of data received from a first source to produce an output for the user interface of the computing device, receive, from a second source, an indication that a component of the computing device has been activated, and, prior to presenting the output via the user interface, insert, into the output, an indicator of the component being activated.

公开(公告)号：US20220138313A1

公开(公告)日：2022-05-05

申请号：US17348576

申请日：2021-06-15

Applicant: Apple Inc.

Inventor： Filip J. Pizlo ,  Michael L. Saboff ,  Bernard J. Semeria ,  Jacques Fortier ,  Ivan Krstic ,  Yusuke Suzuki ,  Saam J. Barati ,  Yin Zin Mark Lam

IPC: G06F21/53

Abstract: In an embodiment, dynamically-generated code may be supported in the system by ensuring that the code either remains executing within a predefined region of memory or exits to one of a set of valid exit addresses. Software embodiments are described in which the dynamically-generated code is scanned prior to permitting execution of the dynamically-generated code to ensure that various criteria are met including exclusion of certain disallowed instructions and control of branch target addresses. Hardware embodiments are described in which the dynamically-generated code is permitted to executed but is monitored to ensure that the execution criteria are met.

公开(公告)号：US11188477B2

公开(公告)日：2021-11-30

申请号：US16564502

申请日：2019-09-09

Applicant: Apple Inc.

Inventor： Julien Oster ,  Thomas G. Holland ,  Bernard J. Semeria ,  Jason A. Harmening ,  Pierre-Olivier J. Martel ,  Gregory D. Hughes ,  P. Love Hornquist Astrand ,  Jacques Fortier ,  Ryan P. Nielson ,  Simon P. Cooper

IPC: G06F12/1009 ,  G06F21/62 ,  G06F9/455

Abstract: In an embodiment, a computer system comprises a page protection layer. The page protection layer may be the component in the system which manages the page tables for virtual to physical page mappings. Transactions to the page protection layer are used to create/manage mappings created in the page tables. The page protection layer may enforce dynamic security policies in the system (i.e. security policies that may not be enforced using only a static hardware configuration). In an embodiment, the page protection layer may ensure that it is the only component which is able to modify the page tables. The page protection layer may ensure than no component in the system is able to modify a page that is marked executable in any process' address space. The page protection may ensure that any page that is marked executable has code with a verified code signature, in an embodiment.

公开(公告)号：US20250094563A1

公开(公告)日：2025-03-20

申请号：US18790529

申请日：2024-07-31

Applicant: Apple Inc.

Inventor： Peter A. Lisherness ,  Assaf Menachem ,  Assaf Metuki ,  Benjamin Biron ,  D J Capelis ,  Husam Khashiboun ,  Jacques Fortier ,  Kenneth W. Waters

IPC: G06F21/53 ,  G06F21/54

Abstract: Techniques are disclosed relating to securing hardware accelerators used by a computing device. In some embodiments, a computing device includes one or more processors configured to co-execute trusted processes and untrusted processes in an isolated manner that includes implementing a secure environment in which a set of security criteria is enforced for data of the trusted processes. The computing device further includes multiple heterogenous hardware accelerators configured to implement exclaves of the secure environment that extend enforcement of one or more of the set of security criteria within the hardware accelerators for data distributed to the hardware accelerators for performance of tasks associated with the trusted processes.

公开(公告)号：US11748468B2

公开(公告)日：2023-09-05

申请号：US17497826

申请日：2021-10-08

Applicant: Apple Inc.

Inventor： Bernard J. Semeria ,  Devon S. Andrade ,  Jeremy C. Andrus ,  Ahmed Bougacha ,  Peter Cooper ,  Jacques Fortier ,  Louis G. Gerbarg ,  James H. Grosbach ,  Robert J. McCall ,  Daniel A. Steffen ,  Justin R. Unger

IPC: G06F21/44 ,  G06F15/78 ,  G06F21/78 ,  G06F21/54 ,  G06F12/109 ,  G06F21/56 ,  G06F21/12 ,  H04L9/32 ,  H04L9/08 ,  H04L9/40

CPC classification number: G06F21/44 ,  G06F12/109 ,  G06F15/7807 ,  G06F21/125 ,  G06F21/54 ,  G06F21/565 ,  G06F21/78 ,  H04L9/0861 ,  H04L9/3236 ,  H04L9/3247 ,  H04L63/06

Abstract: Embodiments described herein enable the interoperability between processes configured for pointer authentication and processes that are not configured for pointer authentication. Enabling the interoperability between such processes enables essential libraries, such as system libraries, to be compiled with pointer authentication, while enabling those libraries to still be used by processes that have not yet been compiled or configured to use pointer authentication.

公开(公告)号：US20200082066A1

公开(公告)日：2020-03-12

申请号：US16539356

申请日：2019-08-13

Applicant: Apple Inc.

Inventor： Bernard J. Semeria ,  Devon S. Andrade ,  Jeremy C. Andrus ,  Ahmed Bougacha ,  Peter Cooper ,  Jacques Fortier ,  Louis G. Gerbarg ,  James H. Grosbach ,  Robert J. McCall ,  Daniel A. Steffen ,  Justin R. Unger

IPC: G06F21/44 ,  H04L9/32 ,  G06F15/78

Abstract: Embodiments described herein enable the interoperability between processes configured for pointer authentication and processes that are not configured for pointer authentication. Enabling the interoperability between such processes enables essential libraries, such as system libraries, to be compiled with pointer authentication, while enabling those libraries to still be used by processes that have not yet been compiled or configured to use pointer authentication.

公开(公告)号：US20210397716A1

公开(公告)日：2021-12-23

申请号：US17092030

申请日：2020-11-06

Applicant: Apple Inc.

Inventor： Xeno S. Kovah ,  Nikolaj Schlej ,  Thomas P. Mensch ,  Wade Benson ,  Jerrold V. Hauck ,  Josh P. de Cesare ,  Austin G. Jennings ,  John J. Dong ,  Robert C. Graham ,  Jacques Fortier

IPC: G06F21/57 ,  G06F21/72 ,  H04L9/32 ,  G06F9/4401 ,  H04L9/08 ,  H04L29/06 ,  G06F21/73

Abstract: Techniques are disclosed relating to securing computing devices during boot. In various embodiments, a secure circuit of a computing device generates for a public key pair and signs, using a private key of the public key pair, configuration settings for an operating system of the computing device. A bootloader of the computing device receives a certificate for the public key pair from a certificate authority and initiates a boot sequence to load the operating system. The boot sequence includes the bootloader verifying the signed configuration settings using a public key included in the certificate and the public key pair. In some embodiments, the secure circuit cryptographically protects the private key based on a passcode of a user, the passcode being usable by the user to authenticate to the computing device.