公开(公告)号：US20210089466A1

公开(公告)日：2021-03-25

申请号：US16986169

申请日：2020-08-05

Applicant: INTEL CORPORATION

Inventor： Vedvyas SHANBHOGUE ,  Ravi SAHITA ,  Rajesh SANKARAN ,  Siddhartha CHHABRA ,  Abhishek BASAK ,  Krystof ZMUDZINSKI ,  Rupin VAKHARWALA

IPC: G06F12/1009 ,  G06F12/14 ,  G06F9/30 ,  G06F9/455 ,  G06F21/57 ,  G06F21/53

Abstract: Examples include an apparatus which accesses secure pages in a trust domain using secure lookups in first and second sets of page tables. For example, one embodiment of the processor comprises: a decoder to decode a plurality of instructions including instructions related to a trusted domain; execution circuitry to execute a first one or more of the instructions to establish a first trusted domain using a first trusted domain key, the trusted domain key to be used to encrypt memory pages within the first trusted domain; and the execution circuitry to execute a second one or more of the instructions to associate a first process address space identifier (PASID) with the first trusted domain, the first PASID to uniquely identify a first execution context associated with the first trusted domain.

公开(公告)号：US20200004552A1

公开(公告)日：2020-01-02

申请号：US16024733

申请日：2018-06-29

Applicant: Intel Corporation

Inventor： Fangfei LIU ,  Bin XING ,  Michael STEINER ,  Mona VIJ ,  Carlos ROZAS ,  Francis MCKEEN ,  Meltem OZSOY ,  Matthew FERNANDEZ ,  Krystof ZMUDZINSKI ,  Mark SHANAHAN

IPC: G06F9/38 ,  G06F9/30 ,  G06F21/55

Abstract: Detailed herein are systems, apparatuses, and methods for a computer architecture with instruction set support to mitigate against page fault- and/or cache-based side-channel attacks. In an embodiment, an apparatus includes a decoder to decode a first instruction, the first instruction having a first field for a first opcode that indicates that execution circuitry is to set a first flag in a first register that indicates a mode of operation that redirects program flow to an exception handler upon the occurrence of an event. The apparatus further includes execution circuitry to execute the decoded first instruction to set the first flag in the first register that indicates the mode of operation and to store an address of an exception handler in a second register.

公开(公告)号：US20190196982A1

公开(公告)日：2019-06-27

申请号：US15854278

申请日：2017-12-26

Applicant: Intel Corporation

Inventor： Carlos V. ROZAS ,  Ittai ANATI ,  Francis X. MCKEEN ,  Krystof ZMUDZINSKI ,  Ilya ALEXANDROVICH ,  Somnath CHAKRABARTI ,  Dror CASPI ,  Meltem OZSOY

IPC: G06F12/14 ,  G06F12/128 ,  G06F3/06 ,  G06F12/0806 ,  G06F12/0868 ,  G06F12/1009 ,  G06F12/1027

Abstract: A secure enclave circuit stores an enclave page cache map to track contents of a secure enclave in system memory that stores secure data containing a page having a virtual address. An execution unit is to, in response to a request to evict the page from the secure enclave: block creation of translations of the virtual address; record one or more hardware threads currently accessing the secure data in the secure enclave; send an inter-processor interrupt to one or more cores associated with the one or more hardware threads, to cause the one or more hardware threads to exit the secure enclave and to flush translation lookaside buffers of the one or more cores; and in response to detection of a page fault associated with the virtual address for the page in the secure enclave, unblock the creation of translations of the virtual address.