公开(公告)号：US10754794B2

公开(公告)日：2020-08-25

申请号：US15839331

申请日：2017-12-12

申请人： Intel Corporation

发明人： Rajesh P. Banginwar ,  Sumanth Naropanth ,  Sunil K. Notalapati Prabhakara ,  Surendra K. Singh ,  Arvind Mohan ,  Ravi L. Sahita ,  Rahil Malhotra ,  Aman Bakshi ,  Vasudevarao Kamma ,  Jyothi Nayak ,  Vivek Thakkar ,  Royston A. Pinto

IPC分类号： G06F12/14 ,  G06F9/48 ,  G06F21/53 ,  G06F9/455 ,  G06F21/57 ,  G06F12/109 ,  G06F12/02

摘要： A data processing system (DPS) uses platform protection technology (PPT) to protect some or all of the code and data belonging to certain software modules. The PPT may include a virtual machine monitor (VMM) to enable an untrusted application and a trusted application to run on top of a single operating system (OS), while preventing the untrusted application from accessing memory used by the trusted application. The VMM may use a first extended page table (EPT) to translate a guest physical address (GPA) into a first host physical address (HPA) for the untrusted application. The VMM may use a second EPT to translate the GPA into a second HPA for the trusted application. The first and second EPTs may map the same GPA to different HPAs. Other embodiments are described and claimed.

公开(公告)号：US09673985B2

公开(公告)日：2017-06-06

申请号：US15178780

申请日：2016-06-10

申请人： Intel Corporation

发明人： Jayant Mangalampalli ,  Rajesh P. Banginwar

IPC分类号： G06F9/30 ,  H04L9/32 ,  G06F21/64 ,  G06F21/10 ,  G06F12/14

CPC分类号： H04L9/3247 ,  G06F12/1408 ,  G06F21/10 ,  G06F21/64 ,  G06F2212/1052

摘要： In an embodiment of the present invention, a processor includes content storage logic to parse digital content into portions and to cause each portion to be stored into a corresponding page of a memory. The processor also includes protection logic to receive a write instruction having a destination address within the memory, and if the destination address is associated with a memory location stores a portion of the digital content, erase the page associated with the memory location. If the destination address is associated with another memory location that does not store any of the digital content, the protection logic is to permit execution of the write instruction. Other embodiments are described and claimed.

公开(公告)号：US09411983B2

公开(公告)日：2016-08-09

申请号：US13833119

申请日：2013-03-15

申请人： Intel Corporation

发明人： Jayant Mangalampalli ,  Rajesh P. Banginwar

IPC分类号： G06F9/30 ,  G06F21/64 ,  G06F21/10

CPC分类号： H04L9/3247 ,  G06F12/1408 ,  G06F21/10 ,  G06F21/64 ,  G06F2212/1052

摘要： In an embodiment of the present invention, a processor includes content storage logic to parse digital content into portions and to cause each portion to be stored into a corresponding page of a memory. The processor also includes protection logic to receive a write instruction having a destination address within the memory, and if the destination address is associated with a memory location stores a portion of the digital content, erase the page associated with the memory location. If the destination address is associated with another memory location that does not store any of the digital content, the protection logic is to permit execution of the write instruction. Other embodiments are described and claimed.

摘要翻译： 在本发明的一个实施例中，处理器包括内容存储逻辑，用于将数字内容解析为部分并使每个部分被存储到存储器的对应页面中。 处理器还包括用于接收具有存储器内的目的地地址的写入指令的保护逻辑，并且如果目的地址与存储器位置相关联地存储数字内容的一部分，则擦除与存储器位置相关联的页面。 如果目的地地址与不存储任何数字内容的另一存储器位置相关联，则保护逻辑允许执行写指令。 描述和要求保护其他实施例。

公开(公告)号：US20230030961A1

公开(公告)日：2023-02-02

申请号：US17937010

申请日：2022-09-30

申请人： Intel Corporation

发明人： Rajesh P. Banginwar ,  Sumanth Naropanth ,  Sunil K. Notalapati Prabhakara ,  Surendra K. Singh ,  Arvind Mohan ,  Ravi L. Sahita ,  Rahil Malhotra ,  Aman Bakshi ,  Vasudevarao Kamma ,  Jyothi Nayak ,  Vivek Thakkar ,  Royston A. Pinto

IPC分类号： G06F12/14 ,  G06F9/48 ,  G06F21/53 ,  G06F9/455 ,  G06F21/57 ,  G06F12/109

摘要： A data processing system (DPS) uses platform protection technology (PPT) to protect some or all of the code and data belonging to certain software modules. The PPT may include a virtual machine monitor (VMM) to enable an untrusted application and a trusted application to run on top of a single operating system (OS), while preventing the untrusted application from accessing memory used by the trusted application. The VMM may use a first extended page table (EPT) to translate a guest physical address (GPA) into a first host physical address (HPA) for the untrusted application. The VMM may use a second EPT to translate the GPA into a second HPA for the trusted application. The first and second EPTs may map the same GPA to different HPAs. Other embodiments are described and claimed.

公开(公告)号：US20160364341A1

公开(公告)日：2016-12-15

申请号：US14739560

申请日：2015-06-15

申请人： INTEL CORPORATION

发明人： Rajesh P. Banginwar ,  Sumanth Naropanth ,  Sunil K. Notalapati Prabhakara ,  Surendra K. Singh ,  Arvind Mohan ,  Ravi L. Sahita ,  Rahil Malhotra ,  Aman Bakshi ,  Vasudevarao Kamma ,  Jyothi Nayak ,  Vivek Thakkar ,  Royston A. Pinto

IPC分类号： G06F12/14 ,  G06F9/48 ,  G06F21/53 ,  G06F9/455

CPC分类号： G06F12/145 ,  G06F9/45545 ,  G06F9/45558 ,  G06F9/485 ,  G06F21/53 ,  G06F21/57 ,  G06F2009/45583 ,  G06F2009/45587 ,  G06F2212/1052 ,  G06F2221/2149

摘要： A data processing system (DPS) uses platform protection technology (PPT) to protect some or all of the code and data belonging to certain software modules. The PPT may include a virtual machine monitor (VMM) to enable an untrusted application and a trusted application to run on top of a single operating system (OS), while preventing the untrusted application from accessing memory used by the trusted application. The VMM may use a first extended page table (EPT) to translate a guest physical address (GPA) into a first host physical address (HPA) for the untrusted application. The VMM may use a second EPT to translate the GPA into a second HPA for the trusted application. The first and second EPTs may map the same GPA to different HPAs. Other embodiments are described and claimed.

摘要翻译： 数据处理系统（DPS）使用平台保护技术（PPT）来保护属于某些软件模块的部分或全部代码和数据。 PPT可以包括虚拟机监视器（VMM），以使得不可信应用和可信应用在单个操作系统（OS）之上运行，同时防止不受信任的应用访问可信应用所使用的存储器。 VMM可以使用第一扩展页表（EPT）来将访客物理地址（GPA）转换为不可信应用的第一主机物理地址（HPA）。 VMM可以使用第二EPT将GPA转换为用于可信应用的第二HPA。 第一和第二EPT可以将相同的GPA映射到不同的HPA。 描述和要求保护其他实施例。

公开(公告)号：US11467982B2

公开(公告)日：2022-10-11

申请号：US16985898

申请日：2020-08-05

申请人： Intel Corporation

发明人： Rajesh P. Banginwar ,  Sumanth Naropanth ,  Sunil K. Notalapati Prabhakara ,  Surendra K. Singh ,  Arvind Mohan ,  Ravi L. Sahita ,  Rahil Malhotra ,  Aman Bakshi ,  Vasudevarao Kamma ,  Jyothi Nayak ,  Vivek Thakkar ,  Royston A. Pinto

IPC分类号： G06F12/14 ,  G06F9/48 ,  G06F21/53 ,  G06F9/455 ,  G06F21/57 ,  G06F12/109 ,  G06F12/02

摘要： A data processing system (DPS) uses platform protection technology (PPT) to protect some or all of the code and data belonging to certain software modules. The PPT may include a virtual machine monitor (VMM) to enable an untrusted application and a trusted application to run on top of a single operating system (OS), while preventing the untrusted application from accessing memory used by the trusted application. The VMM may use a first extended page table (EPT) to translate a guest physical address (GPA) into a first host physical address (HPA) for the untrusted application. The VMM may use a second EPT to translate the GPA into a second HPA for the trusted application. The first and second EPTs may map the same GPA to different HPAs. Other embodiments are described and claimed.

公开(公告)号：US20180113817A1

公开(公告)日：2018-04-26

申请号：US15839331

申请日：2017-12-12

申请人： Intel Corporation

发明人： Rajesh P. Banginwar ,  Sumanth Naropanth ,  Sunil K. Notalapati Prabhakara ,  Surendra K. Singh ,  Arvind Mohan ,  Ravi L. Sahita ,  Rahil Malhotra ,  Aman Bakshi ,  Vasudevarao Kamma ,  Jyothi Nayak ,  Vivek Thakkar ,  Royston A. Pinto

IPC分类号： G06F12/14 ,  G06F9/48 ,  G06F9/455 ,  G06F21/53

CPC分类号： G06F12/145 ,  G06F9/45545 ,  G06F9/45558 ,  G06F9/485 ,  G06F12/023 ,  G06F12/109 ,  G06F12/1491 ,  G06F21/53 ,  G06F21/57 ,  G06F2009/45583 ,  G06F2009/45587 ,  G06F2212/1052 ,  G06F2212/151 ,  G06F2212/651 ,  G06F2221/2149

摘要： A data processing system (DPS) uses platform protection technology (PPT) to protect some or all of the code and data belonging to certain software modules. The PPT may include a virtual machine monitor (VMM) to enable an untrusted application and a trusted application to run on top of a single operating system (OS), while preventing the untrusted application from accessing memory used by the trusted application. The VMM may use a first extended page table (EPT) to translate a guest physical address (GPA) into a first host physical address (HPA) for the untrusted application. The VMM may use a second EPT to translate the GPA into a second HPA for the trusted application. The first and second EPTs may map the same GPA to different HPAs. Other embodiments are described and claimed.

公开(公告)号：US09842065B2

公开(公告)日：2017-12-12

申请号：US14739560

申请日：2015-06-15

申请人： INTEL CORPORATION

发明人： Rajesh P. Banginwar ,  Sumanth Naropanth ,  Sunil K. Notalapati Prabhakara ,  Surendra K. Singh ,  Arvind Mohan ,  Ravi L. Sahita ,  Rahil Malhotra ,  Aman Bakshi ,  Vasudevarao Kamma ,  Jyothi Nayak ,  Vivek Thakkar ,  Royston A. Pinto

IPC分类号： G06F12/14 ,  G06F9/48 ,  G06F21/53 ,  G06F9/455

CPC分类号： G06F12/145 ,  G06F9/45545 ,  G06F9/45558 ,  G06F9/485 ,  G06F21/53 ,  G06F21/57 ,  G06F2009/45583 ,  G06F2009/45587 ,  G06F2212/1052 ,  G06F2221/2149

摘要： A data processing system (DPS) uses platform protection technology (PPT) to protect some or all of the code and data belonging to certain software modules. The PPT may include a virtual machine monitor (VMM) to enable an untrusted application and a trusted application to run on top of a single operating system (OS), while preventing the untrusted application from accessing memory used by the trusted application. The VMM may use a first extended page table (EPT) to translate a guest physical address (GPA) into a first host physical address (HPA) for the untrusted application. The VMM may use a second EPT to translate the GPA into a second HPA for the trusted application. The first and second EPTs may map the same GPA to different HPAs. Other embodiments are described and claimed.

公开(公告)号：US20160285637A1

公开(公告)日：2016-09-29

申请号：US15178780

申请日：2016-06-10

申请人： Intel Corporation

发明人： Jayant Mangalampalli ,  Rajesh P. Banginwar

IPC分类号： H04L9/32 ,  G06F12/14

CPC分类号： H04L9/3247 ,  G06F12/1408 ,  G06F21/10 ,  G06F21/64 ,  G06F2212/1052

摘要： In an embodiment of the present invention, a processor includes content storage logic to parse digital content into portions and to cause each portion to be stored into a corresponding page of a memory. The processor also includes protection logic to receive a write instruction having a destination address within the memory, and if the destination address is associated with a memory location stores a portion of the digital content, erase the page associated with the memory location. If the destination address is associated with another memory location that does not store any of the digital content, the protection logic is to permit execution of the write instruction. Other embodiments are described and claimed.

摘要翻译： 在本发明的一个实施例中，处理器包括内容存储逻辑，用于将数字内容解析为部分并使每个部分被存储到存储器的对应页面中。 处理器还包括用于接收具有存储器内的目的地地址的写入指令的保护逻辑，并且如果目的地址与存储器位置相关联地存储数字内容的一部分，则擦除与存储器位置相关联的页面。 如果目的地地址与不存储任何数字内容的另一存储器位置相关联，则保护逻辑允许执行写指令。 描述和要求保护其他实施例。