公开(公告)号：US11138072B2

公开(公告)日：2021-10-05

申请号：US15852021

申请日：2017-12-22

Applicant: Intel Corporation

Inventor： Mohan J. Kumar ,  Murugasamy K. Nachimuthu ,  Sarathy Jayakumar ,  Sergiu D. Ghetie ,  Neeraj Upasani ,  Ronald N. Story

IPC: G06F11/14 ,  G06F11/07

Abstract: There is disclosed in one example a processor, including: a protected runtime mode (PRM) module to receive a PRM interrupt and to: suspend operation of a software task executing on the processor; save processor state information; place the microprocessor into PRM; access a PRM handler in a designated PRM memory region, wherein the PRM handler comprises a platform specific task; restore the processor state; and resume operation of the software task.

公开(公告)号：US09092632B2

公开(公告)日：2015-07-28

申请号：US13836092

申请日：2013-03-15

Applicant: Intel Corporation

Inventor： Allen R. Wishman ,  Sergiu D. Ghetie ,  Michael Neve De Mevergnies ,  Ulhas S. Warrier ,  Adil Karrar ,  Douglas R. Moran ,  Kirk Brannock

IPC: H04L29/06 ,  G06F21/60 ,  G06F21/57

CPC classification number: G06F21/60 ,  G06F21/572 ,  G06F21/64 ,  G06F21/74 ,  G06F2221/2137

Abstract: A method, apparatus, machine-readable medium, and system are disclosed. In one embodiment the method includes a processor. The processor includes switching a platform firmware update mechanism located in a computer platform to a platform firmware armoring technology (PFAT) mode on a boot of the computer platform. The computer platform includes a platform firmware storage location that stores a platform firmware. The method then persistently locks the platform firmware storage location in response to the platform firmware update mechanism switching to the PFAT mode. When persistently locked, writes are only allowed to the platform firmware storage location by an Authenticated Code Module in the running platform and only after a platform firmware update mechanism unlocking procedure.

Abstract translation: 公开了一种方法，装置，机器可读介质和系统。 在一个实施例中，该方法包括处理器。 处理器包括将计算机平台中的平台固件更新机制切换到计算机平台引导时的平台固件铠装技术（PFAT）模式。 计算机平台包括存储平台固件的平台固件存储位置。 该方法然后持续地锁定平台固件存储位置，以响应平台固件更新机制切换到PFAT模式。 当持续锁定时，只能在运行平台中的认证代码模块才允许平台固件存储位置写入，并且只有在平台固件更新机制解锁过程之后才能进行写操作。

公开(公告)号：US11468170B2

公开(公告)日：2022-10-11

申请号：US16213962

申请日：2018-12-07

Applicant: Intel Corporation

Inventor： Sergiu D. Ghetie ,  Wojciech Powiertowski ,  Jeanne Guillory ,  Neeraj S. Upasani ,  Srihari Narayanan ,  Mohan J. Kumar ,  Sagar V. Dalvi ,  Francisco Orlando C. Arbildo

IPC: G06F21/57 ,  G06F9/4401 ,  G06F9/22

Abstract: A processor can be configured to access boot firmware from a remote location independent from use of a chipset. After a processor powers-on or reboots, the processor can execute microcode. The microcode will cause the processor to train a link with a remote device. The remote device can provide the processor with access to boot firmware. The processor can copy the boot firmware to the processor's cache or memory. The processor will attempt to authenticate the boot firmware. If the boot firmware is authenticated, the processor executes the copy of the boot firmware.

公开(公告)号：US10474596B2

公开(公告)日：2019-11-12

申请号：US14749893

申请日：2015-06-25

Applicant: Intel Corporation

Inventor： Sarathy Jayakumar ,  Ashok Raj ,  John G. Holm ,  Narayan Ranganathan ,  Mohan J. Kumar ,  Sergiu D. Ghetie

IPC: G06F13/24 ,  G06F1/3287 ,  G06F9/4401 ,  G06F1/3228

Abstract: In one embodiment, a processor includes a plurality of cores including a first core to be reserved for execution in a protected domain, the first core to be hidden from an operating system. The processor may further include a filter coupled to the plurality of cores, where the filter includes a plurality of fields each associated with one of the plurality of cores to indicate whether an interrupt of the protected domain is to be directed to the corresponding core. Other embodiments are described and claimed.

公开(公告)号：US10009339B2

公开(公告)日：2018-06-26

申请号：US15086214

申请日：2016-03-31

Applicant: Intel Corporation

Inventor： Sergiu D. Ghetie ,  Neeraj S. Upasani ,  Vijaya K. Boddu ,  Kenneth Young ,  Daniel G. Borkowski ,  Won Lee ,  Shahrokh Shahidzadeh ,  Samie B. Samaan

IPC: H04L29/06 ,  G06F3/06 ,  G06K19/07 ,  G06F21/57

CPC classification number: H04L63/083 ,  G06F21/44 ,  G06F21/88 ,  G06K19/0723 ,  H04L63/0853 ,  H04L63/0876 ,  H04W12/00407 ,  H04W12/06

Abstract: In one embodiment, a processor includes: a first die including at least one processor core to execute instructions and a non-volatile storage to store an identifier to be provisioned into the processor during manufacture; a second die to couple to the first die, the second die including a wireless circuit and a second non-volatile storage; and a wireless interface to couple to the second die to enable wireless communication with a wireless device. The processor may be disabled if the identifier is not stored in the second non-volatile storage. Other embodiments are described and claimed.

公开(公告)号：US11838113B2

公开(公告)日：2023-12-05

申请号：US16656009

申请日：2019-10-17

Applicant: INTEL CORPORATION

Inventor： Alberto J. Munoz ,  Murugasamy K. Nachimuthu ,  Mohan J. Kumar ,  Wojciech Powiertowski ,  Sergiu D. Ghetie ,  Neeraj S. Upasani ,  Sagar V. Dalvi ,  Chukwunenye S. Nnebe ,  Jeanne Guillory

IPC: H04L29/06 ,  H04L43/08 ,  G06F16/901 ,  H04B10/25 ,  G02B6/38 ,  G02B6/42 ,  G02B6/44 ,  G06F1/18 ,  G06F1/20 ,  G06F3/06 ,  G06F8/65 ,  G06F9/30 ,  G06F9/4401 ,  G06F9/54 ,  G06F12/109 ,  G06F12/14 ,  G06F13/16 ,  G06F13/40 ,  G08C17/02 ,  G11C5/02 ,  G11C7/10 ,  G11C11/56 ,  G11C14/00 ,  H03M7/30 ,  H03M7/40 ,  H04L41/14 ,  H04L43/0817 ,  H04L43/0876 ,  H04L43/0894 ,  H04L49/00 ,  H04L49/25 ,  H04L49/356 ,  H04L49/45 ,  H04L67/02 ,  H04L67/306 ,  H04L69/04 ,  H04L69/329 ,  H04Q11/00 ,  H05K7/14 ,  G06F15/16 ,  G06F9/38 ,  G06F9/50 ,  H04L41/12 ,  H04L41/5019 ,  H04L43/16 ,  H04L47/24 ,  H04L47/38 ,  H04L67/1004 ,  H04L67/1034 ,  H04L67/1097 ,  H04L67/12 ,  H05K5/02 ,  H04W4/80 ,  G06Q10/087 ,  G06Q10/20 ,  G06Q50/04 ,  H04L43/065 ,  H04L61/00 ,  H04L67/51 ,  H04J14/00 ,  H04L41/147 ,  H04L67/1008 ,  H04L41/0813 ,  H04L67/1029 ,  H04L41/0896 ,  H04L47/70 ,  H04L47/78 ,  H04L41/082 ,  H04L67/00 ,  H04L67/1012 ,  B25J15/00 ,  B65G1/04 ,  H05K7/20 ,  H04L49/55 ,  H04L67/10 ,  H04W4/02 ,  H04L45/02 ,  G06F13/42 ,  H05K1/18 ,  G05D23/19 ,  G05D23/20 ,  H04L47/80 ,  H05K1/02 ,  H04L45/52 ,  H04Q1/04 ,  G06F12/0893 ,  H05K13/04 ,  G11C5/06 ,  G06F11/14 ,  G06F11/34 ,  G06F12/0862 ,  G06F15/80 ,  H04L47/765 ,  H04L67/1014 ,  G06F12/10 ,  G06Q10/06 ,  G06Q10/0631 ,  G07C5/00 ,  H04L12/28 ,  H04L41/02 ,  H04L9/06 ,  H04L9/14 ,  H04L9/32 ,  H04L41/046 ,  H04L49/15

CPC classification number: H04L43/08 ,  G02B6/3882 ,  G02B6/3893 ,  G02B6/3897 ,  G02B6/4292 ,  G02B6/4452 ,  G06F1/183 ,  G06F1/20 ,  G06F3/064 ,  G06F3/0613 ,  G06F3/0625 ,  G06F3/0653 ,  G06F3/0655 ,  G06F3/0664 ,  G06F3/0665 ,  G06F3/0673 ,  G06F3/0679 ,  G06F3/0683 ,  G06F3/0688 ,  G06F3/0689 ,  G06F8/65 ,  G06F9/30036 ,  G06F9/4401 ,  G06F9/544 ,  G06F12/109 ,  G06F12/1408 ,  G06F13/1668 ,  G06F13/409 ,  G06F13/4022 ,  G06F13/4068 ,  G06F15/161 ,  G06F16/9014 ,  G08C17/02 ,  G11C5/02 ,  G11C7/1072 ,  G11C11/56 ,  G11C14/0009 ,  H03M7/3086 ,  H03M7/4056 ,  H03M7/4081 ,  H04B10/25891 ,  H04L41/145 ,  H04L43/0817 ,  H04L43/0876 ,  H04L43/0894 ,  H04L49/00 ,  H04L49/25 ,  H04L49/357 ,  H04L49/45 ,  H04L67/02 ,  H04L67/306 ,  H04L69/04 ,  H04L69/329 ,  H04Q11/0003 ,  H05K7/1442 ,  B25J15/0014 ,  B65G1/0492 ,  G05D23/1921 ,  G05D23/2039 ,  G06F3/061 ,  G06F3/067 ,  G06F3/0611 ,  G06F3/0616 ,  G06F3/0619 ,  G06F3/0631 ,  G06F3/0638 ,  G06F3/0647 ,  G06F3/0658 ,  G06F3/0659 ,  G06F9/3887 ,  G06F9/505 ,  G06F9/5016 ,  G06F9/5044 ,  G06F9/5072 ,  G06F9/5077 ,  G06F11/141 ,  G06F11/3414 ,  G06F12/0862 ,  G06F12/0893 ,  G06F12/10 ,  G06F13/161 ,  G06F13/1694 ,  G06F13/42 ,  G06F13/4282 ,  G06F15/8061 ,  G06F2209/5019 ,  G06F2209/5022 ,  G06F2212/1008 ,  G06F2212/1024 ,  G06F2212/1041 ,  G06F2212/1044 ,  G06F2212/152 ,  G06F2212/202 ,  G06F2212/401 ,  G06F2212/402 ,  G06F2212/7207 ,  G06Q10/06 ,  G06Q10/06314 ,  G06Q10/087 ,  G06Q10/20 ,  G06Q50/04 ,  G07C5/008 ,  G08C2200/00 ,  G11C5/06 ,  H03M7/30 ,  H03M7/3084 ,  H03M7/40 ,  H03M7/4031 ,  H03M7/6005 ,  H03M7/6023 ,  H04B10/25 ,  H04J14/00 ,  H04L9/0643 ,  H04L9/14 ,  H04L9/3247 ,  H04L9/3263 ,  H04L12/2809 ,  H04L41/024 ,  H04L41/046 ,  H04L41/082 ,  H04L41/0813 ,  H04L41/0896 ,  H04L41/12 ,  H04L41/147 ,  H04L41/5019 ,  H04L43/065 ,  H04L43/16 ,  H04L45/02 ,  H04L45/52 ,  H04L47/24 ,  H04L47/38 ,  H04L47/765 ,  H04L47/782 ,  H04L47/805 ,  H04L47/82 ,  H04L47/823 ,  H04L49/15 ,  H04L49/555 ,  H04L61/00 ,  H04L67/10 ,  H04L67/1004 ,  H04L67/1008 ,  H04L67/1012 ,  H04L67/1014 ,  H04L67/1029 ,  H04L67/1034 ,  H04L67/1097 ,  H04L67/12 ,  H04L67/34 ,  H04L67/51 ,  H04Q1/04 ,  H04Q11/00 ,  H04Q11/0005 ,  H04Q11/0062 ,  H04Q11/0071 ,  H04Q2011/0037 ,  H04Q2011/0041 ,  H04Q2011/0052 ,  H04Q2011/0073 ,  H04Q2011/0079 ,  H04Q2011/0086 ,  H04Q2213/13523 ,  H04Q2213/13527 ,  H04W4/023 ,  H04W4/80 ,  H05K1/0203 ,  H05K1/181 ,  H05K5/0204 ,  H05K7/1418 ,  H05K7/1421 ,  H05K7/1422 ,  H05K7/1447 ,  H05K7/1461 ,  H05K7/1485 ,  H05K7/1487 ,  H05K7/1489 ,  H05K7/1491 ,  H05K7/1492 ,  H05K7/1498 ,  H05K7/2039 ,  H05K7/20709 ,  H05K7/20727 ,  H05K7/20736 ,  H05K7/20745 ,  H05K7/20836 ,  H05K13/0486 ,  H05K2201/066 ,  H05K2201/10121 ,  H05K2201/10159 ,  H05K2201/10189 ,  Y02D10/00 ,  Y02P90/30 ,  Y04S10/50 ,  Y04S10/52 ,  Y10S901/01

Abstract: Embodiments are generally directed apparatuses, methods, techniques and so forth to receive a sled manifest comprising identifiers for physical resources of a sled, receive results of an authentication and validation operations performed to authenticate and validate the physical resources of the sled, determine whether the results of the authentication and validation operations indicate the physical resources are authenticate or not authenticate. Further and in response to the determination that the results indicate the physical resources are authenticated, permit the physical resources to process a workload, and in response to the determination that the results indicate the physical resources are not authenticated, prevent the physical resources from processing the workload.

公开(公告)号：US11635965B2

公开(公告)日：2023-04-25

申请号：US16177028

申请日：2018-10-31

Applicant: Intel Corporation

Inventor： Jason W. Brandt ,  Deepak K. Gupta ,  Rodrigo Branco ,  Joseph Nuzman ,  Robert S. Chappell ,  Sergiu D. Ghetie ,  Wojciech Powiertowski ,  Jared W. Stark, IV ,  Ariel Sabba ,  Scott J. Cape ,  Hisham Shafi ,  Lihu Rappoport ,  Yair Berger ,  Scott P. Bobholz ,  Gilad Holzstein ,  Sagar V. Dalvi ,  Yogesh Bijlani

IPC: G06F9/38 ,  G06F9/30

Abstract: Methods and apparatuses relating to mitigations for speculative execution side channels are described. Speculative execution hardware and environments that utilize the mitigations are also described. For example, three indirect branch control mechanisms and their associated hardware are discussed herein: (i) indirect branch restricted speculation (IBRS) to restrict speculation of indirect branches, (ii) single thread indirect branch predictors (STIBP) to prevent indirect branch predictions from being controlled by a sibling thread, and (iii) indirect branch predictor barrier (IBPB) to prevent indirect branch predictions after the barrier from being controlled by software executed before the barrier.

公开(公告)号：US11620398B2

公开(公告)日：2023-04-04

申请号：US16424558

申请日：2019-05-29

Applicant: INTEL CORPORATION

Inventor： Neeraj S. Upasani ,  David P. Turley ,  Sergiu D. Ghetie ,  Zhangping Chen ,  Jason G. Sandri

IPC: G06F21/62 ,  G06F21/60 ,  G11C7/24 ,  G11C7/10 ,  G11C17/18 ,  G11C29/00

Abstract: Embodiments may be generally directed to techniques to encrypt and decrypt data in a first fuse block array using an encryption key of a second fuse block array, the second fuse block array having the encryption key comprising a plurality of segments of bits, an inverse encryption key comprising a second plurality of segments of bits, each segment of the inverse encryption key to correspond with a particular segment of the encryption key, and a random pattern having equally distributed bit values, the random pattern to enable detection of voltage attacks on the second fuse block array.

公开(公告)号：US20200210196A1

公开(公告)日：2020-07-02

申请号：US16236434

申请日：2018-12-29

Applicant: Intel Corporation

Inventor： Sergiu D. Ghetie

IPC: G06F9/38 ,  G06F12/0875

Abstract: Hardware processors and methods for extended microcode patching through on-die and off-die secure storage are described. In one embodiment, the additional storage resources used for storing micro-operations are section(s) of a cache that are unused at runtime and/or unused by a configuration of a processor. For example, the additional storage resources may be a section of a cache that is used to store context information from a core when the core is transitioned to a power state that shuts off voltage to the core. Non-limiting examples of such sections are one or more sections for: storage of context information for a transition of a thread to idle or off, storage of context information for a transition of a core for a multiple core processor to idle or off, or storage of coherency information for a transition of a cache coherency circuit (e.g., cache box (CBo)) to idle or off.

公开(公告)号：US20190196866A1

公开(公告)日：2019-06-27

申请号：US15852021

申请日：2017-12-22

Applicant: Intel Corporation

Inventor： Mohan J. Kumar ,  Murugasamy K. Nachimuthu ,  Sarathy Jayakumar ,  Sergiu D. Ghetie ,  Neeraj Upasani ,  Ronald N. Story

IPC: G06F9/48 ,  G06F9/30 ,  G06F13/40

CPC classification number: G06F9/4818 ,  G06F9/3012 ,  G06F13/4068 ,  G06F2213/0008 ,  G06F2213/0024 ,  G06F2213/0026

Abstract: There is disclosed in one example a processor, including: a protected runtime mode (PRM) module to receive a PRM interrupt and to: suspend operation of a software task executing on the processor; save processor state information; place the microprocessor into PRM; access a PRM handler in a designated PRM memory region, wherein the PRM handler comprises a platform specific task; restore the processor state; and resume operation of the software task.