公开(公告)号：US20210399882A1

公开(公告)日：2021-12-23

申请号：US17465311

申请日：2021-09-02

Applicant: Intel Corporation

Inventor： Ido OUZIEL ,  Arie AHARON ,  Dror CASPI ,  Baruch CHAIKIN ,  Jacob DOWECK ,  Gideon GERZON ,  Barry E. HUNTLEY ,  Francis X. MCKEEN ,  Gilbert NEIGER ,  Carlos V. ROZAS ,  Ravi L. SAHITA ,  Vedvyas SHANBHOGUE ,  Assaf ZALTSMAN

IPC: H04L9/08 ,  G06F9/455 ,  G06F12/1009 ,  G06F21/60 ,  G06F21/62

Abstract: A processor includes a processor core. A register of the core is to store: a bit range for a number of address bits of physical memory addresses used for key identifiers (IDs), and a first key ID to identify a boundary between non-restricted key IDs and restricted key IDs of the key identifiers. A memory controller is to: determine, via access to bit range and the first key ID in the register, a key ID range of the restricted key IDs within the physical memory addresses; access a processor state that a first logical processor of the processor core executes in an untrusted domain mode; receive a memory transaction, from the first logical processor, including an address associated with a second key ID; and generate a fault in response to a determination that the second key ID is within a key ID range of the restricted key IDs.

公开(公告)号：US20190087586A1

公开(公告)日：2019-03-21

申请号：US16123593

申请日：2018-09-06

Applicant: Intel Corporation

Inventor： Francis X. McKEEN ,  Carlos V. ROZAS ,  Uday R. SAVAGAONKAR ,  Simon P. JOHNSON ,  Vincent SCARLATA ,  Michael A. GOLDSMITH ,  Ernie BRICKELL ,  Jiang Tao LI ,  Howard C. HERBERT ,  Prashant DEWAN ,  Stephen J. TOLOPKA ,  Gilbert NEIGER ,  David DURHAM ,  Gary GRAUNKE ,  Bernard LINT ,  Don A. VAN DYKE ,  Joseph CIHULA ,  Stalinselvaraj JEYASINGH ,  Stephen R. VAN DOREN ,  Dion RODGERS ,  John GARNEY ,  Asher ALTMAN

IPC: G06F21/60 ,  G06F21/53 ,  G06F21/72

Abstract: A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.

公开(公告)号：US20180276027A1

公开(公告)日：2018-09-27

申请号：US15899664

申请日：2018-02-20

Applicant: Intel Corporation

Inventor： Atul KHARE ,  Leena PUTHIYEDATH ,  Asit MALLICK ,  Jim COKE ,  Michael MISHAELI ,  Gilbert NEIGER ,  Vivekananthan SANJEEPAN ,  Jason BRANDT

IPC: G06F9/46 ,  G06F9/30

CPC classification number: G06F9/461 ,  G06F9/30003 ,  G06F9/30043 ,  G06F9/30101 ,  H05K999/99

Abstract: Embodiments of an invention related to compacted context state management are disclosed. In one embodiment, a processor includes instruction hardware and state management logic. The instruction hardware is to receive a first save instruction and a second save instruction. The state management logic is to, in response to the first save instruction, save context state in an un-compacted format in a first save area. The state management logic is also to, in response to the second save instruction, save a compaction mask and context state in a compacted format in a second save area and set a compacted-save indicator in the second save area. The state management logic is also to, in response to a single restore instruction, determine, based on the compacted-save indicator, whether to restore context from the un-compacted format in the first save area or from the compacted format in the second save area.

公开(公告)号：US20160191525A1

公开(公告)日：2016-06-30

申请号：US14582829

申请日：2014-12-24

Applicant: Intel Corporation

Inventor： Barry E. Huntley ,  Gilbert NEIGER ,  H P. ANVIN ,  Asit K. MALLICK ,  Arjan VAN DE VEN ,  Scott D. RODGERS

IPC: H04L29/06

CPC classification number: H04L63/10 ,  G06F21/74 ,  H04L63/1433

Abstract: Embodiments of an invention for protecting supervisor mode information are disclosed. In one embodiment, an apparatus includes a storage location, instruction hardware, execution hardware, and control logic. The storage location is to store an indicator to enable supervisor mode information protection. The instruction hardware is to receive an instruction to access supervisor mode information. The execution hardware is to execute the instruction. The control logic is to prevent execution of the instruction if supervisor mode information protection is enabled and a current privilege level is less privileged than a supervisor mode.

Abstract translation: 公开了用于保护管理员模式信息的发明的实施例。 在一个实施例中，一种装置包括存储位置，指令硬件，执行硬件和控制逻辑。 存储位置是存储一个指示灯，以使能管理员模式信息保护。 指令硬件是接收访问主管模式信息的指令。 执行硬件是执行指令。 如果启用了管理员模式信息保护并且当前权限级别比管理员模式更低权限，则控制逻辑是防止执行指令。

公开(公告)号：US20240311312A1

公开(公告)日：2024-09-19

申请号：US18121972

申请日：2023-03-15

Applicant: INTEL CORPORATION

Inventor： Jason BRANDT ,  Ido OUZIEL ,  Michael CHYNOWETH ,  Raoul RIVAS TOLEDANO ,  Gilbert NEIGER ,  Andreas KLEEN ,  Jacob DOWECK ,  Andrew NELSON

IPC: G06F12/1045

CPC classification number: G06F12/1045 ,  G06F2212/682

Abstract: An apparatus and method are described for reduced power TLB management. For example, one embodiment of a processor comprises: a plurality of cores; a first core of the plurality of cores comprising: a first translation lookaside buffer (TLB) to store address translations associated with page table walk operations, and power management logic to cause the first core to enter into a first low power state in which the address translations in the first TLB are no longer valid, wherein prior to entering into the low power state, the first core is to write an indication in a memory location that the first TLB no longer contains valid address translations; a second core of the plurality of cores to perform an operation requiring invalidation of one or more of the address translations previously stored in the first TLB, the second core to determine whether to transmit a request to the first core to invalidate the one or more address translations based on the indication.

公开(公告)号：US20240192981A1

公开(公告)日：2024-06-13

申请号：US18285212

申请日：2021-06-25

Applicant: Intel Corporation

Inventor： Wei WANG ,  Kun TIAN ,  Gilbert NEIGER ,  Rajesh SANKARAN ,  Asit MALLICK ,  Jr-Shian TSAI ,  Jacob Jun PAN ,  Mesut ERGIN

IPC: G06F9/455 ,  G06F9/30

CPC classification number: G06F9/45558 ,  G06F9/30145 ,  G06F2009/45579

Abstract: Embodiments of exitless guest to host (G2H) notification are described. In some embodiments, G2H is provided via an instruction. An exemplary processor includes decoder circuitry to decode a single instruction, the single instruction to include a field for an opcode; and execution processing resources to execute the decoded single instruction according to the at least the opcode to cause an exitless guest to host notification from a virtual processor to a physical or virtual processor.

公开(公告)号：US20220197822A1

公开(公告)日：2022-06-23

申请号：US17133570

申请日：2020-12-23

Applicant: Intel Corporation

Inventor： Vedvyas SHANBHOGUE ,  Gilbert NEIGER ,  Stephen ROBINSON ,  Dan BAUM ,  Ron GABOR

IPC: G06F12/1027 ,  G06F11/07

Abstract: Techniques to allow use of metadata in unused bits of virtual addresses are described. A processor of an aspect includes a decode circuit to decode a memory access instruction. The instruction to indicate one or more memory address operands that are to have address generation information and metadata. An execution circuit coupled with the decode circuit to generate a 64-bit virtual address based on the one or more memory address operands. The 64-bit virtual address having a bit 63, an X-bit address field starting at a bit 0 to store an address generated from the address generation information, and one or more metadata bits to store the metadata. The execution circuit also to perform a canonicality check on the 64-bit virtual address that does not fail due to non-canonical values of the metadata stored in the one or more metadata bits. Other processors, methods, systems, and instructions are disclosed.

公开(公告)号：US20220027287A1

公开(公告)日：2022-01-27

申请号：US17496327

申请日：2021-10-07

Applicant: Intel Corporation

Inventor： Ravi L. SAHITA ,  Gilbert NEIGER ,  Vedvyas SHANBHOGUE ,  David M. DURHAM ,  Andrew V. ANDERSON ,  David A. KOUFATY ,  Asit K. MALLICK ,  Arumugam THIYAGARAJAH ,  Barry E. HUNTLEY ,  Deepak K. GUPTA ,  Michael LEMAY ,  Joseph F. CIHULA ,  Baiju V. PATEL

IPC: G06F12/14 ,  G06F12/1009 ,  G06F12/1027 ,  G06F9/455

Abstract: This disclosure is directed to a system for address mapping and translation protection. In one embodiment, processing circuitry may include a virtual machine manager (VMM) to control specific guest linear address (GLA) translations. Control may be implemented in a performance sensitive and secure manner, and may be capable of improving performance for critical linear address page walks over legacy operation by removing some or all of the cost of page walking extended page tables (EPTs) for critical mappings. Alone or in combination with the above, certain portions of a page table structure may be selectively made immutable by a VMM or early boot process using a sub-page policy (SPP). For example, SPP may enable non-volatile kernel and/or user space code and data virtual-to-physical memory mappings to be made immutable (e.g., non-writable) while allowing for modifications to non-protected portions of the OS paging structures and particularly the user space.

公开(公告)号：US20210117244A1

公开(公告)日：2021-04-22

申请号：US17134327

申请日：2020-12-26

Applicant: Intel Corporation

Inventor： Andrew J. HERDRICH ,  Priya AUTEE ,  Rajesh M. SANKARAN ,  Gilbert NEIGER ,  Scott OEHRLEIN ,  Michael PRINKE ,  Ravi IYER ,  Edwin VERPLANKE

IPC: G06F9/50 ,  G06F9/455 ,  G06F9/30

Abstract: Examples provide a system that includes one or more processors, that when operational, are to: based on content in a request being within a permitted range for a virtualized execution environment, transfer the request from the virtualized execution environment to reserve one or more device resources independent from causing a virtual machine exit to request to reserve one or more device resources. In some examples, the transfer comprises a write to a register. In some examples, processor-executed microcode is to determine whether content in the request is within a permitted range for the virtualized execution environment.

公开(公告)号：US20190042299A1

公开(公告)日：2019-02-07

申请号：US16147169

申请日：2018-09-28

Applicant: Intel Corporation

Inventor： Gilbert NEIGER ,  Geoffrey STRONGIN ,  Ramya JAYARAM MASTI

IPC: G06F9/455 ,  G06F12/1009

Abstract: A method includes receiving, by a processor from a virtual machine (VM) executed by the processor, an indication that a proper subset of a plurality of virtual memory pages of the VM are secure memory pages. The method further includes, responsive to determining the VM is attempting to access a first memory page, determining whether the proper subset comprises the first memory page. The method further includes, responsive to determining the proper subset comprises the first memory page: using first attributes specified by the VM for the first memory page; and ignoring second attributes specified by a virtual machine monitor (VMM) for the first memory page. The VMM is executed by the processor to manage the VM.