-
1.发明授权Instructions and logic to provide advanced paging capabilities for secure enclave page caches 有权为安全的飞地页面缓存提供高级分页功能的说明和逻辑公开(公告)号:US09430384B2
公开(公告)日:2016-08-30
申请号:US13854107
申请日:2013-03-31
申请人: Carlos V Rozas , Ilya Alexandrovich , Ittai Anati , Alex Berenzon , Michael A Goldsmith , Barry E Huntley , Anton Ivanov , Simon P Johnson , Rebekah M. Leslie-Hurd , Francis X. McKeen , Gilbert Neiger , Rinat Rappoport , Scott Dion Rodgers , Uday R. Savagaonkar , Vincent R. Scarlata , Vedvyas Shanbhogue , Wesley H Smith , William Colin Wood
发明人: Carlos V Rozas , Ilya Alexandrovich , Ittai Anati , Alex Berenzon , Michael A Goldsmith , Barry E Huntley , Anton Ivanov , Simon P Johnson , Rebekah M. Leslie-Hurd , Francis X. McKeen , Gilbert Neiger , Rinat Rappoport , Scott Dion Rodgers , Uday R. Savagaonkar , Vincent R. Scarlata , Vedvyas Shanbhogue , Wesley H Smith , William Colin Wood
CPC分类号: G06F12/0875 , G06F12/0808 , G06F12/1027 , G06F2212/1016 , G06F2212/402
摘要: Instructions and logic provide advanced paging capabilities for secure enclave page caches. Embodiments include multiple hardware threads or processing cores, a cache to store secure data for a shared page address allocated to a secure enclave accessible by the hardware threads. A decode stage decodes a first instruction specifying said shared page address as an operand, and execution units mark an entry corresponding to an enclave page cache mapping for the shared page address to block creation of a new translation for either of said first or second hardware threads to access the shared page. A second instruction is decoded for execution, the second instruction specifying said secure enclave as an operand, and execution units record hardware threads currently accessing secure data in the enclave page cache corresponding to the secure enclave, and decrement the recorded number of hardware threads when any of the hardware threads exits the secure enclave.
摘要翻译: 说明和逻辑为安全的飞地页面缓存提供了高级分页功能。 实施例包括多个硬件线程或处理核心,用于存储分配给由硬件线程可访问的安全空间的共享页面地址的安全数据的高速缓存。 解码级将指定所述共享页地址的第一指令解码为操作数,并且执行单元标记对应于共享页地址的飞地页高速缓存映射的条目,以阻止所述第一或第二硬件线程中的任一个的新转换的创建 访问共享页面。 第二指令被解码以执行,第二指令指定所述安全飞地作为操作数,并且执行单元记录当前访问与安全飞地相对应的飞地页面缓存中的安全数据的硬件线程,并且当任何 的硬件线程退出安全飞地。
-
公开(公告)号:US20150089173A1
公开(公告)日:2015-03-26
申请号:US14034813
申请日:2013-09-24
申请人: Siddhartha Chhabra , Uday R. Savagaonkar , Michael A. Goldsmith , Simon P. Johnson , Rebekah M. Leslie-Hurd , Francis X. McKeen , Gilbert Neiger , Raghunandan Makaram , Carlos V. Rozas , Amy L. Santoni , Vincent R. Scarlata , Vedvyas Shanbhogue , Wesley H. Smith , Ittai Anati , Ilya Alexandrovich
发明人: Siddhartha Chhabra , Uday R. Savagaonkar , Michael A. Goldsmith , Simon P. Johnson , Rebekah M. Leslie-Hurd , Francis X. McKeen , Gilbert Neiger , Raghunandan Makaram , Carlos V. Rozas , Amy L. Santoni , Vincent R. Scarlata , Vedvyas Shanbhogue , Wesley H. Smith , Ittai Anati , Ilya Alexandrovich
CPC分类号: G06F12/1408 , G06F9/45558 , G06F12/0808 , G06F12/0897 , G06F12/1027 , G06F2009/45587 , G06F2212/1032 , G06F2212/1048 , G06F2212/152
摘要: Secure memory repartitioning technologies are described. A processor includes a processor core and a memory controller coupled between the processor core and main memory. The main memory includes a memory range including a section of convertible pages are convertible to secure pages or non-secure pages. The processor core, in response to a page conversion instruction, is to determine from the instruction a convertible page in the memory range to be converted and convert the convertible page to be at least one of a secure page or a non-secure page. The memory range may also include a hardware reserved section are convertible in response to a section conversion instruction.
摘要翻译: 描述了安全的内存重新分区技术。 处理器包括耦合在处理器核心和主存储器之间的处理器核心和存储器控制器。 主存储器包括一个内存范围,包括可转换页面的一部分可转换为安全页面或非安全页面。 响应于页面转换指令的处理器核心是从指令中确定要转换的存储器范围内的可转换页面,并将可转换页面转换为安全页面或非安全页面中的至少一个页面。 存储器范围还可以包括可响应于段转换指令而转换的硬件保留部分。
-
3.发明申请INSTRUCTIONS AND LOGIC TO INTERRUPT AND RESUME PAGING IN A SECURE ENCLAVE PAGE CACHE 有权指令和逻辑中断和恢复寻呼在安全的页面缓存公开(公告)号:US20150378941A1
公开(公告)日:2015-12-31
申请号:US14318508
申请日:2014-06-27
申请人: Carlos V. Rozas , Ilya Alexandrovich , Gilbert Neiger , Francis X. McKeen , Ittai Anati , Vedvyas Shanbhogue , Shay Gueron
发明人: Carlos V. Rozas , Ilya Alexandrovich , Gilbert Neiger , Francis X. McKeen , Ittai Anati , Vedvyas Shanbhogue , Shay Gueron
CPC分类号: G06F13/24 , G06F12/08 , G06F12/0806 , G06F12/0875 , G06F21/00 , G06F21/71 , G06F21/85 , G06F2212/1024 , G06F2212/1052 , G06F2212/62
摘要: Instructions and logic interrupt and resume paging in secure enclaves. Embodiments include instructions, specify page addresses allocated to a secure enclave, the instructions are decoded for execution by a processor. The processor includes an enclave page cache to store secure data in a first cache line and in a last cache line for a page corresponding to the page address. A page state is read from the first or last cache line for the page when an entry in an enclave page cache mapping for the page indicates only a partial page is stored in the enclave page cache. The entry for a partial page may be set, and a new page state may be recorded in the first cache line when writing-back, or in the last cache line when loading the page when the instruction's execution is being interrupted. Thus the writing-back, or loading can be resumed.
摘要翻译: 指令和逻辑在安全飞地中中断和恢复寻呼。 实施例包括指令,指定分配给安全空间的页面地址,指令被解码以供处理器执行。 处理器包括用于将安全数据存储在与页面地址对应的页面的第一高速缓存行中的最后高速缓存行中的一个包围页面缓存。 当页面的飞地页面缓存映射中的条目仅指示部分页面存储在飞地页面缓存中时,从页面的第一个或最后一个高速缓存行读取页面状态。 可以设置部分页面的条目,并且当写回时可以在第一高速缓存行中记录新的页面状态,或者当指令的执行中断时在最后的高速缓存行中加载页面时。 因此,可以恢复回写或加载。
-
公开(公告)号:US09087200B2
公开(公告)日:2015-07-21
申请号:US13527547
申请日:2012-06-19
申请人: Francis X. McKeen , Carlos V. Rozas , Uday R. Savagaonkar , Simon P. Johnson , Vincent Scarlata , Michael A. Goldsmith , Ernie Brickell , Jiang Tao Li , Howard C. Herbert , Prashant Dewan , Stephen J. Tolopka , Gilbert Neiger , David Durham , Gary Graunke , Bernard Lint , Don A. Van Dyke , Joseph Cihula , Stalinselvaraj Jeyasingh , Stephen R. Van Doren , Dion Rodgers , John Garney , Asher Altman
发明人: Francis X. McKeen , Carlos V. Rozas , Uday R. Savagaonkar , Simon P. Johnson , Vincent Scarlata , Michael A. Goldsmith , Ernie Brickell , Jiang Tao Li , Howard C. Herbert , Prashant Dewan , Stephen J. Tolopka , Gilbert Neiger , David Durham , Gary Graunke , Bernard Lint , Don A. Van Dyke , Joseph Cihula , Stalinselvaraj Jeyasingh , Stephen R. Van Doren , Dion Rodgers , John Garney , Asher Altman
摘要: A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.
摘要翻译: 一种在计算机系统内实现安全应用和数据完整性的技术。 在一个实施例中,建立一个或多个安全空间,其中可以存储和执行应用和数据。
-
公开(公告)号:US20130159726A1
公开(公告)日:2013-06-20
申请号:US13527547
申请日:2012-06-19
申请人: Francis X. MCKEEN , Carlos V. Rozas , Uday R. Savagaonkar , Simon P. Johnson , Vincent Scarlata , Michael A. Goldsmith , Ernie Brickell , Jiang Tao Li , Howard C. Herbert , Prashant Dewan , Stephen J. Tolopka , Gilbert Neiger , David Durham , Gary Graunke , Bernard Lint , Don A. Van Dyke , Joseph Cihula , Stalinselvaraj Jeyasingh , Stephen R. Van Doren , Dion Rodgers , John Garney , Asher Altman
发明人: Francis X. MCKEEN , Carlos V. Rozas , Uday R. Savagaonkar , Simon P. Johnson , Vincent Scarlata , Michael A. Goldsmith , Ernie Brickell , Jiang Tao Li , Howard C. Herbert , Prashant Dewan , Stephen J. Tolopka , Gilbert Neiger , David Durham , Gary Graunke , Bernard Lint , Don A. Van Dyke , Joseph Cihula , Stalinselvaraj Jeyasingh , Stephen R. Van Doren , Dion Rodgers , John Garney , Asher Altman
IPC分类号: G06F21/72
摘要: A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.
摘要翻译: 一种在计算机系统内实现安全应用和数据完整性的技术。 在一个实施例中,建立一个或多个安全空间,其中可以存储和执行应用和数据。
-
公开(公告)号:US10515023B2
公开(公告)日:2019-12-24
申请号:US15088739
申请日:2016-04-01
申请人: Ravi L. Sahita , Gilbert Neiger , Vedvyas Shanbhogue , David M. Durham , Andrew V. Anderson , David A. Koufaty , Asit K. Mallick , Arumugam Thiyagarajah , Barry E. Huntley , Deepak K. Gupta , Michael Lemay , Joseph F. Cihula , Baiju V. Patel
发明人: Ravi L. Sahita , Gilbert Neiger , Vedvyas Shanbhogue , David M. Durham , Andrew V. Anderson , David A. Koufaty , Asit K. Mallick , Arumugam Thiyagarajah , Barry E. Huntley , Deepak K. Gupta , Michael Lemay , Joseph F. Cihula , Baiju V. Patel
IPC分类号: G06F12/00 , G06F12/14 , G06F12/1009 , G06F9/455 , G06F12/1027 , G06F21/78
摘要: This disclosure is directed to a system for address mapping and translation protection. In one embodiment, processing circuitry may include a virtual machine manager (VMM) to control specific guest linear address (GLA) translations. Control may be implemented in a performance sensitive and secure manner, and may be capable of improving performance for critical linear address page walks over legacy operation by removing some or all of the cost of page walking extended page tables (EPTs) for critical mappings. Alone or in combination with the above, certain portions of a page table structure may be selectively made immutable by a VMM or early boot process using a sub-page policy (SPP). For example, SPP may enable non-volatile kernel and/or user space code and data virtual-to-physical memory mappings to be made immutable (e.g., non-writable) while allowing for modifications to non-protected portions of the OS paging structures and particularly the user space.
-
7.发明申请Instruction-Set Support for Invocation of VMM-Configured Services without VMM Intervention 有权指令集支持调用VMM配置的服务而不进行VMM干预公开(公告)号:US20130117743A1
公开(公告)日:2013-05-09
申请号:US13629395
申请日:2012-09-27
IPC分类号: G06F9/455
CPC分类号: G06F9/45545 , G06F9/455 , G06F9/45533 , G06F9/4555
摘要: A processing core comprising instruction execution logic circuitry and register space. The register space to be loaded from a VMCS, commensurate with a VM entry, with information indicating whether a service provided by the processing core on behalf of the VMM is enabled. The instruction execution logic to, in response to guest software invoking an instruction: refer to the register space to confirm that the service has been enabled, and, refer to second register space or memory space to fetch input parameters for said service written by said guest software.
摘要翻译: 处理核心,包括指令执行逻辑电路和寄存器空间。 要从VMCS加载的与VM条目相称的寄存器空间,其中指示是否启用了代表VMM的由处理核心提供的服务的信息。 指令执行逻辑响应客户软件调用指令:参考寄存器空间以确认服务已经被使能,并且参考第二寄存器空间或存储器空间来获取由所述访客写入的所述服务的输入参数 软件。
-
8.发明申请Instruction-Set Support for Invocation of VMM-Configured Services without VMM Intervention 有权指令集支持调用VMM配置的服务而不进行VMM干预公开(公告)号:US20140013326A1
公开(公告)日:2014-01-09
申请号:US13843337
申请日:2013-03-15
IPC分类号: G06F9/455
CPC分类号: G06F9/45545 , G06F9/455 , G06F9/45533 , G06F9/4555
摘要: A processing core comprising instruction execution logic circuitry and register space. The register space to be loaded from a VMCS, commensurate with a VM entry, with information indicating whether a service provided by the processing core on behalf of the VMM is enabled. The instruction execution logic to, in response to guest software invoking an instruction: refer to the register space to confirm that the service has been enabled, and, refer to second register space or memory space to fetch input parameters for said service written by said guest software.
摘要翻译: 处理核心,包括指令执行逻辑电路和寄存器空间。 要从VMCS加载的与VM条目相称的寄存器空间,其中指示是否启用了代表VMM的由处理核心提供的服务的信息。 指令执行逻辑响应客户软件调用指令:参考寄存器空间以确认服务已经被使能,并且参考第二寄存器空间或存储器空间来获取由所述访客写入的所述服务的输入参数 软件。
-
公开(公告)号:US20150121366A1
公开(公告)日:2015-04-30
申请号:US14064759
申请日:2013-10-28
申请人: Gilbert Neiger , Mayank Bomb , Manohar Castelino , Robert Chappell , David Durham , Barry Huntley , Anton Ivanov , Madhavan Parthasarathy , Scott Rodgers , Ravi Sahita , Vedvyas Shanbhogue
发明人: Gilbert Neiger , Mayank Bomb , Manohar Castelino , Robert Chappell , David Durham , Barry Huntley , Anton Ivanov , Madhavan Parthasarathy , Scott Rodgers , Ravi Sahita , Vedvyas Shanbhogue
IPC分类号: G06F9/455
CPC分类号: G06F9/45558 , G06F9/30076 , G06F9/45533 , G06F9/4555 , G06F9/4812 , G06F11/07 , G06F2009/45583
摘要: Embodiments of an invention for virtualization exceptions are disclosed. In one embodiment, a processor includes instruction hardware, control logic, and execution hardware. The instruction hardware is to receive a plurality of instructions, including an instruction to enter a virtual machine. The control logic is to determine, in response to a privileged event occurring within the virtual machine, whether to generate a virtualization exception. The execution hardware is to generate a virtualization exception in response to the control logic determining to generate a virtualization exception.
摘要翻译: 公开了用于虚拟化异常的发明的实施例。 在一个实施例中,处理器包括指令硬件,控制逻辑和执行硬件。 指令硬件是接收多个指令,包括进入虚拟机的指令。 控制逻辑是为了响应在虚拟机内发生的特权事件来确定是否生成虚拟化异常。 执行硬件是响应于控制逻辑确定生成虚拟化异常来生成虚拟化异常。
-
公开(公告)号:US08631261B2
公开(公告)日:2014-01-14
申请号:US11967303
申请日:2007-12-31
申请人: Don A. Van Dyke , Michael Mishaeli , Ittai Anati , Baiju V. Patel , Will Deutsch , Rajesh Shah , Gilbert Neiger , James B. Crossland , Chris J. Newburn , Bryant E. Bigbee , Muhammad Faisal Azeem , John L. Reid , Dion Rodgers
发明人: Don A. Van Dyke , Michael Mishaeli , Ittai Anati , Baiju V. Patel , Will Deutsch , Rajesh Shah , Gilbert Neiger , James B. Crossland , Chris J. Newburn , Bryant E. Bigbee , Muhammad Faisal Azeem , John L. Reid , Dion Rodgers
CPC分类号: G06F9/30043 , G06F9/30003 , G06F9/30101 , G06F9/461
摘要: Embodiments of an invention related to context state management based on processor features are disclosed. In one embodiment, a processor includes instruction logic and state management logic. The instruction logic is to receive a state management instruction having a parameter to identify a subset of the features supported by the processor. The state management logic is to perform a state management operation specified by the state management instruction.
-
-
-
-
-
-
-
-
-
搜索结果
210 条记录 (耗时 0.067 秒)