公开(公告)号：US11711201B2

公开(公告)日：2023-07-25

申请号：US17213568

申请日：2021-03-26

申请人： Intel Corporation

发明人： Andrew James Weiler ,  David M. Durham ,  Michael D. LeMay ,  Sergej Deutsch ,  Michael E. Kounavis ,  Salmin Sultana ,  Karanvir S. Grewal

IPC分类号： H04L9/06 ,  G06F9/50 ,  G06F12/14 ,  H04L9/08 ,  H04L9/32 ,  G06F12/121

CPC分类号： H04L9/0618 ,  G06F9/5016 ,  G06F12/121 ,  G06F12/1408 ,  G06F12/1441 ,  G06F12/1458 ,  G06F2212/7207

摘要： In one embodiment, an encoded pointer is constructed from a stack pointer that includes offset. The encoded pointer includes the offset value and ciphertext that is based on encrypting a portion of a decorated pointer that includes a maximum offset value. Stack data is encrypted based on the encoded pointer, and the encoded pointer is stored in a stack pointer register of a processor. To access memory, a decoded pointer is constructed based on decrypting the ciphertext of the encoded pointer and the offset value. Encrypted stack data is accessed based on the decoded pointer, and the encrypted stack is decrypted based on the encoded pointer.

公开(公告)号：US20210218547A1

公开(公告)日：2021-07-15

申请号：US17213568

申请日：2021-03-26

申请人： Intel Corporation

发明人： Andrew James Weiler ,  David M. Durham ,  Michael D. LeMay ,  Sergej Deutsch ,  Michael E. Kounavis ,  Salmin Sultana ,  Karanvir S. Grewal

IPC分类号： H04L9/06

摘要： In one embodiment, an encoded pointer is constructed from a stack pointer that includes offset. The encoded pointer includes the offset value and ciphertext that is based on encrypting a portion of a decorated pointer that includes a maximum offset value. Stack data is encrypted based on the encoded pointer, and the encoded pointer is stored in a stack pointer register of a processor. To access memory, a decoded pointer is constructed based on decrypting the ciphertext of the encoded pointer and the offset value. Encrypted stack data is accessed based on the decoded pointer, and the encrypted stack is decrypted based on the encoded pointer.

公开(公告)号：US11580035B2

公开(公告)日：2023-02-14

申请号：US17134406

申请日：2020-12-26

申请人： Intel Corporation

发明人： David M. Durham ,  Karanvir S. Grewal ,  Michael D. LeMay ,  Salmin Sultana ,  Andrew James Weiler

IPC分类号： G06F12/14 ,  G06F9/30 ,  G06F9/50

摘要： A processor includes a register to store an encoded pointer to a variable in stack memory. The encoded pointer includes an encrypted portion and a fixed plaintext portion of a memory address corresponding to the variable. The processor further includes circuitry to, in response to a memory access request for associated with the variable, decrypt the encrypted portion of the encoded pointer to obtain first upper address bits of the memory address and a memory allocation size for a variable, decode the encoded pointer to obtain the memory address, verify the memory address is valid based, at least in part on the memory allocation size, and in response to determining that the memory address is valid, allow the memory access request.

公开(公告)号：US20230027329A1

公开(公告)日：2023-01-26

申请号：US17791000

申请日：2020-12-26

申请人： Intel Corporation

发明人： David M. Durham ,  Michael D. LeMay ,  Salmin Sultana ,  Karanvir S. Grewal ,  Michael E. Kounavis ,  Sergej Deutsch ,  Andrew James Weiler ,  Abhishek Basak ,  Dan Baum ,  Santosh Ghosh

IPC分类号： G06F21/60 ,  G06F21/79 ,  G06F21/54

摘要： A processor, a system, a machine readable medium, and a method. The processor comprises first circuitry to: encrypt a first code image using a first code key; load the encrypted first code image into a memory area allocated in memory for the first code image by an operating system miming on the processor; and send to the operating system a substitute key that corresponds to the first code key, wherein the first code key is concealed from the operating system; and an instruction cache including control circuitry; and second circuitry coupled to the instruction cache, the second circuitry to: receive the substitute key from the operating system; in response to a first request from the operating system to execute the first code image to instantiate a first process, perform a first cryptographic function using a hardware key to generate the first code key from the substitute key; and program the control circuitry of the instruction cache with the first code key to enable the first code image to be decrypted using the first code key.

公开(公告)号：US20210149825A1

公开(公告)日：2021-05-20

申请号：US17134406

申请日：2020-12-26

申请人： Intel Corporation

发明人： David M. Durham ,  Karanvir S. Grewal ,  Michael D. LeMay ,  Salmin Sultana ,  Andrew James Weiler

IPC分类号： G06F12/14 ,  G06F9/50 ,  G06F9/30

摘要： A processor includes a register to store an encoded pointer to a variable in stack memory. The encoded pointer includes an encrypted portion and a fixed plaintext portion of a memory address corresponding to the variable. The processor further includes circuitry to, in response to a memory access request for associated with the variable, decrypt the encrypted portion of the encoded pointer to obtain first upper address bits of the memory address and a memory allocation size for a variable, decode the encoded pointer to obtain the memory address, verify the memory address is valid based, at least in part on the memory allocation size, and in response to determining that the memory address is valid, allow the memory access request.