公开(公告)号：US11782849B2

公开(公告)日：2023-10-10

申请号：US17367349

申请日：2021-07-03

申请人： Intel Corporation

发明人： Carlos V. Rozas ,  Mona Vij ,  Rebekah M. Leslie-Hurd ,  Krystof C. Zmudzinski ,  Somnath Chakrabarti ,  Francis X. Mckeen ,  Vincent R. Scarlata ,  Simon P. Johnson ,  Ilya Alexandrovich ,  Gilbert Neiger ,  Vedvyas Shanbhogue ,  Ittai Anati

IPC分类号： G06F12/14 ,  G06F21/60 ,  G06F9/30 ,  G06F21/53 ,  G06F8/41 ,  G06F9/455

CPC分类号： G06F12/1408 ,  G06F8/41 ,  G06F9/30145 ,  G06F9/45558 ,  G06F12/1441 ,  G06F12/1483 ,  G06F21/53 ,  G06F21/602 ,  G06F2009/4557 ,  G06F2009/45587 ,  G06F2212/1052

摘要： A processor includes a decode unit to decode an instruction that is to indicate a page of a protected container memory, and a storage location outside of the protected container memory. An execution unit, in response to the instruction, is to ensure that there are no writable references to the page of the protected container memory while it has a write protected state. The execution unit is to encrypt a copy of the page of the protected container memory. The execution unit is to store the encrypted copy of the page to the storage location outside of the protected container memory, after it has been ensured that there are no writable references. The execution unit is to leave the page of the protected container memory in the write protected state, which is also valid and readable, after the encrypted copy has been stored to the storage location.

公开(公告)号：US20200310802A1

公开(公告)日：2020-10-01

申请号：US16370459

申请日：2019-03-29

申请人： Intel Corporation

发明人： Regev Shemy ,  Zeev Sperber ,  Wajdi Feghali ,  Vinodh Gopal ,  Amit Gradstein ,  Simon Rubanovich ,  Sean Gulley ,  Ilya Albrekht ,  Jacob Doweck ,  Jose Yallouz ,  Ittai Anati

IPC分类号： G06F9/30 ,  G06F9/38 ,  H04L9/06

摘要： Systems, methods, and apparatuses relating to performing hashing operations on packed data elements are described. In one embodiment, a processor includes a decode circuit to decode a single instruction into a decoded single instruction, the single instruction including at least one first field that identifies eight 32-bit state elements A, B, C, D, E, F, G, and H for a round according to a SM3 hashing standard and at least one second field that identifies an input message; and an execution circuit to execute the decoded single instruction to: rotate state element C left by 9 bits to form a rotated state element C, rotate state element D left by 9 bits to form a rotated state element D, rotate state element G left by 19 bits to form a rotated state element G, rotate state element H left by 19 bits to form a rotated state element H, perform two rounds according to the SM3 hashing standard on the input message and state element A, state element B, rotated state element C, rotated state element D, state element E, state element F, rotated state element G, and rotated state element H to generate an updated state element A, an updated state element B, an updated state element E, and an updated state element F, and store the updated state element A, the updated state element B, the updated state element E, and the updated state element F into a location specified by the single instruction.

公开(公告)号：US20200233807A1

公开(公告)日：2020-07-23

申请号：US16838418

申请日：2020-04-02

申请人： Intel Corporation

发明人： Vedvyas Shanbhogue ,  Krystof C. Zmudzinski ,  Carlos V. Rozas ,  Francis X. McKeen ,  Raghunandan Makaram ,  Ilya Alexandrovich ,  Ittai Anati ,  Meltem Ozsoy

IPC分类号： G06F12/0862 ,  G06F12/1009 ,  G06F12/14 ,  G06F12/1027 ,  G06F12/0846

摘要： Secure memory repartitioning technologies are described. Embodiments of the disclosure may include a processing device including a processor core and a memory controller coupled between the processor core and a memory device. The memory device includes a memory range including a section of convertible pages that are convertible to secure pages or non-secure pages. The processor core is to receive a non-secure access request to a page in the memory device, responsive to a determination, based on one or more secure state bits in one or more secure state bit arrays, that the page is a secure page, insert an abort page address into a translation lookaside buffer, and responsive to a determination, based on the one or more secure state bits in the one or more secure state bit arrays, that the page is a non-secure page, insert the page into the translation lookaside buffer.

公开(公告)号：US10592421B2

公开(公告)日：2020-03-17

申请号：US15250787

申请日：2016-08-29

申请人： Intel Corporation

发明人： Carlos V. Rozas ,  Ilya Alexandrovich ,  Ittai Anati ,  Alex Berenzon ,  Michael A. Goldsmith ,  Barry E. Huntley ,  Anton Ivanov ,  Simon P. Johnson ,  Rebekah M. Leslie-Hurd ,  Francis X. McKeen ,  Gilbert Neiger ,  Rinat Rappoport ,  Scott D. Rodgers ,  Uday R. Savagaonkar ,  Vincent R. Scarlata ,  Vedvyas Shanbhogue ,  Wesley H. Smith ,  William C. Wood

IPC分类号： G06F12/00 ,  G06F12/08 ,  G06F13/00 ,  G06F12/0875 ,  G06F12/0808 ,  G06F12/1027

摘要： Instructions and logic provide advanced paging capabilities for secure enclave page caches. Embodiments include multiple hardware threads or processing cores, a cache to store secure data for a shared page address allocated to a secure enclave accessible by the hardware threads. A decode stage decodes a first instruction specifying said shared page address as an operand, and execution units mark an entry corresponding to an enclave page cache mapping for the shared page address to block creation of a new translation for either of said first or second hardware threads to access the shared page. A second instruction is decoded for execution, the second instruction specifying said secure enclave as an operand, and execution units record hardware threads currently accessing secure data in the enclave page cache corresponding to the secure enclave, and decrement the recorded number of hardware threads when any of the hardware threads exits the secure enclave.

公开(公告)号：US10409597B2

公开(公告)日：2019-09-10

申请号：US15972573

申请日：2018-05-07

申请人： Intel Corporation

发明人： Rebekah Leslie-Hurd ,  Carlos V. Rozas ,  Vincent R. Scarlata ,  Simon P. Johnson ,  Uday R. Savagaonkar ,  Barry E. Huntley ,  Vedvyas Shanbhogue ,  Ittai Anati ,  Francis X. Mckeen ,  Michael A. Goldsmith ,  Ilya Alexandrovich ,  Alex Berenzon ,  Wesley H. Smith ,  Gilbert Neiger

IPC分类号： G06F12/00 ,  G06F9/30 ,  G06F12/0875 ,  G06F9/44 ,  G06F12/084 ,  G06F12/14

摘要： Embodiments of an invention for memory management in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction and a second instruction. The execution unit is to execute the first instruction, wherein execution of the first instruction includes allocating a page in an enclave page cache to a secure enclave. The execution unit is also to execute the second instruction, wherein execution of the second instruction includes confirming the allocation of the page.

公开(公告)号：US20190102324A1

公开(公告)日：2019-04-04

申请号：US15721631

申请日：2017-09-29

申请人： Intel Corporation

发明人： Meltem Ozsoy ,  Krystof C. Zmudzinski ,  Larisa Novakovsky ,  Julius Mandelblat ,  Francis X. McKeen ,  Carlos V. Rozas ,  Ittai Anati ,  Ilya Alexandrovich

IPC分类号： G06F12/14 ,  G06F12/0846 ,  G06F12/128 ,  G06F12/0831 ,  G06F12/0806 ,  G06F12/1027 ,  G06F12/0888 ,  G06F12/1009

摘要： Cache behavior for secure memory repartitioning systems is described. Implementations may include a processing core and a memory controller coupled between the processor core and a memory device. The processor core is to receive a memory access request to a page in the memory device, the memory access request comprising a first guarded attribute (GA) indicator indicating whether the page is a secure page belonging to an enclave, determine whether the first GA indicator matches a second GA indicator in a cache line entry corresponding to the page, the cache line entry comprised in a cache, and responsive to a determination that the first GA indicator does not match the second GA indicator, apply an eviction policy to the cache line entry based on whether the cache line is indicated as a dirty cache line and accessing second data in the memory device for the page.

公开(公告)号：US10019601B2

公开(公告)日：2018-07-10

申请号：US15079579

申请日：2016-03-24

申请人： Intel Corporation

发明人： Vincent R. Scarlata ,  Simon P. Johnson ,  Carlos V. Rozas ,  Francis X. McKeen ,  Ittai Anati ,  Ilya Alexandrovich ,  Rebekah M. Leslie-Hurd

IPC分类号： G06F21/64 ,  H04L29/06 ,  G06F21/62 ,  G06F21/74 ,  G06F21/81 ,  G06F21/85

CPC分类号： G06F21/64 ,  G06F21/62 ,  G06F21/74 ,  G06F21/81 ,  G06F21/85 ,  H04L63/061 ,  H04L63/0876

摘要： An apparatus and method for securely suspending and resuming the state of a processor. For example, one embodiment of a method comprises: generating a data structure including at least the monotonic counter value; generating a message authentication code (MAC) over the data structure using a first key; securely providing the data structure and the MAC to a module executed on the processor; the module verifying the MAC, comparing the monotonic counter value with a counter value stored during a previous suspend operation and, if the counter values match, then loading processor state required for the resume operation to complete. Another embodiment of a method comprises: generating a first key by a processor; securely sharing the first key with an off-processor component; and using the first key to generate a pairing ID usable to identify a pairing between the processor and the off-processor component.

公开(公告)号：US09971705B2

公开(公告)日：2018-05-15

申请号：US15048400

申请日：2016-02-19

申请人： Intel Corporation

发明人： Gur Hildesheim ,  Shlomo Raikin ,  Ittai Anati ,  Gideon Gerzon ,  Uday Savagaonkar ,  Francis Mckeen ,  Carlos Rozas ,  Michael Goldsmith ,  Prashant Dewan

IPC分类号： G06F12/10 ,  G06F12/109 ,  G06F12/1036 ,  G06F12/02

CPC分类号： G06F12/109 ,  G06F12/0284 ,  G06F12/1036 ,  G06F2212/656 ,  G06F2212/657

摘要： Embodiments of apparatuses and methods including virtual address memory range registers are disclosed. In one embodiment, a processor includes a memory interface, address translation hardware, and virtual memory address comparison hardware. The memory interface is to access a system memory using a physical memory address. The address translation hardware is to support translation of a virtual memory address to the physical memory address. The virtual memory address is used by software to access a virtual memory location in the virtual memory address space of the processor. The virtual memory address comparison hardware is to determine whether the virtual memory address is within a virtual memory address range.

公开(公告)号：US20180095894A1

公开(公告)日：2018-04-05

申请号：US15282300

申请日：2016-09-30

申请人： Intel Corporation

发明人： Rebekah M. Leslie-Hurd ,  Francis X. McKeen ,  Carlos V. Rozas ,  Gilbert Neiger ,  Asit K. Mallick ,  Ittai Anati ,  Ilya Alexandrovich ,  Vedvyas Shanbhogue ,  Somnath Chakrabarti

IPC分类号： G06F12/12 ,  G06F3/06 ,  G06F12/0875 ,  G06F9/455

CPC分类号： G06F12/12 ,  G06F3/0604 ,  G06F3/0631 ,  G06F3/064 ,  G06F3/0664 ,  G06F3/0665 ,  G06F3/0673 ,  G06F9/45558 ,  G06F12/0875 ,  G06F2009/45583 ,  G06F2212/1016 ,  G06F2212/151 ,  G06F2212/152 ,  G06F2212/402 ,  G06F2212/604

摘要： Implementations of the disclosure provide for supporting oversubscription of guest enclave memory pages. In one implementation, a processing device comprising a memory controller unit to access a secure enclave and a processor core, operatively coupled to the memory controller unit. The processing device is to identify a target memory page in memory. The target memory page is associated with a secure enclave of a virtual machine (VM). A data structure comprising context information corresponding to the target memory page is received. A state of the target memory page is determined based on the received data structure. The state indicating whether the target memory page is associated with at least one of: a child memory page or a parent memory page of the VM. Thereupon, an instruction to evict the target memory page from the secure enclave is generated based on the determined state.

公开(公告)号：US09891695B2

公开(公告)日：2018-02-13

申请号：US14751889

申请日：2015-06-26

申请人： Intel Corporation

发明人： Alexander Gendler ,  Ariel Berkovits ,  Michael Mishaeli ,  Nadav Shulman ,  Sameer Desai ,  Shani Rehana ,  Ittai Anati ,  Hisham Shafi

IPC分类号： G06F1/32 ,  G06F12/08 ,  G06F12/14 ,  G06F12/0868 ,  G06F12/0804 ,  G06F12/0888

CPC分类号： G06F1/3287 ,  G06F12/0804 ,  G06F12/0868 ,  G06F12/0888 ,  G06F12/1433 ,  G06F2212/1052 ,  G06F2212/311 ,  G06F2212/621

摘要： A method and apparatus for flushing and restoring core memory content to and from, respectively, external memory are described. In one embodiment, the apparatus is an integrated circuit comprising a plurality of processor cores, the plurality of process cores including one core having a first memory operable to store data of the one core, the one core to store data from the first memory to a second memory located externally to the processor in response to receipt of a first indication that the one core is to transition from a first low power idle state to a second low power idle state and receipt of a second indication generated externally from the one core indicating that the one core is to store the data from the first memory to the second memory, locations in the second memory at which the data is stored being accessible by the one core and inaccessible by other processor cores in the IC; and a power management controller coupled to the plurality of cores and located outside the plurality of cores.