公开(公告)号：US20220414022A1

公开(公告)日：2022-12-29

申请号：US17304834

申请日：2021-06-25

Applicant: Intel Corporation

Inventor： Siva Bhanu Krishna Boga ,  William John Bainbridge ,  Maulik L. Dhada ,  Boris Dolgunov

IPC: G06F12/14 ,  G06F12/1027 ,  G06F13/16

Abstract: In an embodiment, an apparatus includes a memory access controller to be coupled to a memory and a memory management unit (MMU) coupled to the memory access controller. The MMU is to receive a memory transaction comprising an original transaction security attribute from a first device; responsive to the memory transaction comprising a first physical address of the memory, transmit the memory transaction to the memory access controller; and responsive to the memory transaction comprising a virtual address, generate a translated memory transaction comprising a translated physical address of the memory based on the virtual address and a translated transaction security attribute and transmit the translated memory transaction to the memory access controller, the translated physical address and the translated transaction security attribute associated with an operating system (OS) memory region of the memory associated with an OS. Other embodiments are described and claimed.

公开(公告)号：US11100023B2

公开(公告)日：2021-08-24

申请号：US15718178

申请日：2017-09-28

Applicant: Intel Corporation

Inventor： Ruirui Huang ,  Nilanjan Palit ,  Robert P. Adler ,  Ioannis T. Schoinas ,  Avishay Snir ,  Boris Dolgunov

IPC: G06F13/40 ,  H04L12/741 ,  G06F15/78 ,  H04L29/06

Abstract: In one example, a semiconductor die includes a plurality of agents and a fabric coupled to at least some of the plurality of agents. The fabric may include at least one router to provide communication between two or more of the plurality of agents, the at least one router coupled to a first agent of the plurality of agents, where the first agent is to send a first message to the at least one router, the first message comprising a first header including a first source identifier, and the at least one router is to validate that the first source identifier is associated with the first agent and if so to direct the first message towards a destination agent, and otherwise to prevent the first message from being directed towards the destination agent. Other embodiments are described and claimed.

公开(公告)号：US20230409759A1

公开(公告)日：2023-12-21

申请号：US17844383

申请日：2022-06-20

Applicant: Intel Corporation

Inventor： Boris Dolgunov ,  Maulik L. Dhada ,  William John Bainbridge ,  Siva Bhanu Krishna Boga ,  Ruben Daniel Varela Velasco ,  David Deitcher

IPC: G06F21/78 ,  G06F21/57 ,  G06F21/60 ,  G06F21/31

CPC classification number: G06F21/78 ,  G06F21/575 ,  G06F21/604 ,  G06F21/31

Abstract: Embodiments described herein may include apparatus, systems, techniques, or processes that are directed to access control mechanisms used to protect isolated memory regions. Embodiments described herein enable a distributed and efficient register structure enabling system providers to reduce cost and improve system performance while preventing malicious devices from accessing isolated memory regions. Isolated memory region access control registers are distributed through multiple access points or bridges but each may be optimized and minimized to allow fast and efficient access control. Other embodiments may be described and/or claimed.

公开(公告)号：US20250103512A1

公开(公告)日：2025-03-27

申请号：US18474981

申请日：2023-09-26

Applicant: Intel Corporation

Inventor： Thomas Unterluggauer ,  Fangfei Liu ,  Scott D. Constable ,  Carlos V. Rozas ,  Gilles Pokam ,  Boris Dolgunov

IPC: G06F12/14 ,  G06F12/0808

Abstract: Techniques for cache scrubbing for cache-set randomization to resist contention-based cache attacks are described. In certain examples, a system includes a memory; an execution circuit to cause a memory access request for the memory; a cache to store a plurality of sets that each include a plurality of cache lines from the memory; a cache randomizer circuit to generate a randomized index into the plurality of sets of the cache based on an address of the memory access request; and a cache scrubber circuit to determine that a number of invalid cache lines in a set of the plurality of sets of the cache is less than a threshold number of invalid cache lines, and in response, invalidate a valid cache line in the set of the plurality of sets of the cache.

公开(公告)号：US11085964B2

公开(公告)日：2021-08-10

申请号：US16403296

申请日：2019-05-03

Applicant: Intel Corporation

Inventor： Tsvika Kurts ,  Boris Dolgunov ,  Vladislav Mladentsev ,  Ittai Anati ,  Elias Khoury ,  Maor Kima ,  Eran Shlomo ,  Shay Gueron ,  William Penner

IPC: G01R31/317 ,  G06F16/22 ,  G01R31/3177 ,  G06F11/263 ,  H04L9/06 ,  H04L9/08 ,  H04L9/32

Abstract: Systems and techniques of the present disclosure may provide remote debugging of an integrated circuit (IC) device while preventing unauthorized access of device intellectual property (IP). A system may include an IC device that generates an encrypted session key and an interface that enables communication between the IC device and a remote debugging site. The interface may enable the IC device to send the encrypted the encrypted session key to initiate a remote debug process, receive an acknowledgement from the remote debugging session, and authenticate the acknowledgement. Further, the interface may enable to the IC device to initiate a secure debug session between the IC device and the remote debugging site.

公开(公告)号：US20240110975A1

公开(公告)日：2024-04-04

申请号：US17958071

申请日：2022-09-30

Applicant: Intel Corporation

Inventor： Tsvika Kurts ,  Vladislav Mladentsev ,  Elias Khoury ,  Rakesh Kandula ,  Reuven Elbaum ,  Boris Dolgunov

IPC: G01R31/317 ,  H04L9/08 ,  H04L9/32 ,  H04L9/40

CPC classification number: G01R31/31719 ,  H04L9/0819 ,  H04L9/0866 ,  H04L9/0869 ,  H04L9/3213 ,  H04L63/0428

Abstract: Methods and apparatus relating to techniques to provide secure remote debugging are described. In an embodiment, a debugging entity generates and transmits a host token to a device via an interface. The interface provides encrypted communication between the debugging entity and the device. The debugging entity generates a session key based at least in part on the host token and a device token. The debugging entity transmits an acknowledgement signal to the device after generation of the session key to initiate a debug session. The debugging entity transmits a debug unlock key to the device to cause the device to be unlocked for the debug session. Other embodiments are also disclosed and claimed.

公开(公告)号：US11544174B2

公开(公告)日：2023-01-03

申请号：US16832353

申请日：2020-03-27

Applicant: INTEL CORPORATION

Inventor： Loren James McConnell ,  Tsvika Kurts ,  Boris Dolgunov ,  Vamsi Krishna Jakkampudi ,  Marcus Winston ,  Kevin David Safford

IPC: G06F11/00 ,  G06F11/36 ,  G06F13/28 ,  G06F21/60 ,  G06F11/34

Abstract: Methods and apparatus for protecting trace data of a remote debug session for a computing system. In one embodiment, a method includes storing trace data received from one or more trace interfaces to a storage location of a target device, where the trace data is generated from execution at the target device, and where the trace data is protected from an unauthorized access. The method continues with transmitting the trace data to a debug host computer with encryption through a communication channel between the target device and the debug host computer.

公开(公告)号：US12204461B2

公开(公告)日：2025-01-21

申请号：US17304834

申请日：2021-06-25

Applicant: Intel Corporation

Inventor： Siva Bhanu Krishna Boga ,  William John Bainbridge ,  Maulik L. Dhada ,  Boris Dolgunov

IPC: G06F12/14 ,  G06F12/1027 ,  G06F13/16

Abstract: In an embodiment, an apparatus includes a memory access controller to be coupled to a memory and a memory management unit (MMU) coupled to the memory access controller. The MMU is to receive a memory transaction comprising an original transaction security attribute from a first device; responsive to the memory transaction comprising a first physical address of the memory, transmit the memory transaction to the memory access controller; and responsive to the memory transaction comprising a virtual address, generate a translated memory transaction comprising a translated physical address of the memory based on the virtual address and a translated transaction security attribute and transmit the translated memory transaction to the memory access controller, the translated physical address and the translated transaction security attribute associated with an operating system (OS) memory region of the memory associated with an OS. Other embodiments are described and claimed.

公开(公告)号：US11754623B2

公开(公告)日：2023-09-12

申请号：US17397951

申请日：2021-08-09

Applicant: Intel Corporation

Inventor： Tsvika Kurts ,  Boris Dolgunov ,  Vladislav Mladentsev ,  Ittai Anati ,  Elias Khoury ,  Maor Kima ,  Eran Shlomo ,  Shay Gueron ,  William Penner

IPC: G01R31/317 ,  G06F16/22 ,  G01R31/3177 ,  G06F11/263 ,  H04L9/06 ,  H04L9/08 ,  H04L9/32

CPC classification number: G01R31/31719 ,  G01R31/3177 ,  G01R31/31705 ,  G06F11/263 ,  G06F16/22 ,  H04L9/0631 ,  H04L9/0819 ,  H04L9/0894 ,  H04L9/321

Abstract: Systems and techniques of the present disclosure may provide remote debugging of an integrated circuit (IC) device while preventing unauthorized access of device intellectual property (IP). A system may include an IC device that generates an encrypted session key and an interface that enables communication between the IC device and a remote debugging site. The interface may enable the IC device to send the encrypted the encrypted session key to initiate a remote debug process, receive an acknowledgement from the remote debugging session, and authenticate the acknowledgement. Further, the interface may enable to the IC device to initiate a secure debug session between the IC device and the remote debugging site.

公开(公告)号：US20210364571A1

公开(公告)日：2021-11-25

申请号：US17397951

申请日：2021-08-09

Applicant: Intel Corporation

Inventor： Tsvika Kurts ,  Boris Dolgunov ,  Vladislav Mladentsev ,  Ittai Anati ,  Elias Khoury ,  Maor Kima ,  Eran Shlomo ,  Shay Gueron ,  William Penner

IPC: G01R31/317 ,  G06F16/22 ,  G01R31/3177 ,  G06F11/263 ,  H04L9/06 ,  H04L9/08 ,  H04L9/32

Abstract: Systems and techniques of the present disclosure may provide remote debugging of an integrated circuit (IC) device while preventing unauthorized access of device intellectual property (IP). A system may include an IC device that generates an encrypted session key and an interface that enables communication between the IC device and a remote debugging site. The interface may enable the IC device to send the encrypted the encrypted session key to initiate a remote debug process, receive an acknowledgement from the remote debugging session, and authenticate the acknowledgement. Further, the interface may enable to the IC device to initiate a secure debug session between the IC device and the remote debugging site.