公开(公告)号：US11921646B2

公开(公告)日：2024-03-05

申请号：US17842094

申请日：2022-06-16

Applicant: Intel Corporation

Inventor： David Koufaty ,  Rajesh Sankaran ,  Anna Trikalinou ,  Rupin Vakharwala

IPC: G06F12/14 ,  G06F12/0862 ,  G06F12/1009 ,  G06F13/16 ,  G06F13/42

CPC classification number: G06F12/1483 ,  G06F12/0862 ,  G06F12/1009 ,  G06F13/1668 ,  G06F13/4282 ,  G06F2212/1052 ,  G06F2212/305 ,  G06F2212/6028 ,  G06F2213/0026

Abstract: Embodiments are directed to providing a secure address translation service. An embodiment of a system includes memory for storage of data, an IOMMU coupled to the memory, and a host-to-device link to couple the IOMMU with one or more devices and to operate as a translation agent on behalf of one or more devices in connection with memory operations relating to the memory, including receiving a translated request from a discrete device via the host-to-device link specifying a memory operation and a physical address within the memory pertaining to the memory operation, determining page access permissions assigned to a context of the discrete device for a physical page of the memory within which the physical address resides, allowing the memory operation to proceed when the page access permissions permit the memory operation, and blocking the memory operation when the page access permissions do not permit the memory operation.

公开(公告)号：US20220405212A1

公开(公告)日：2022-12-22

申请号：US17352631

申请日：2021-06-21

Applicant: Intel Corporation

Inventor： Utkarsh Y. Kakaiya ,  Rajesh Sankaran ,  David Koufaty

IPC: G06F12/14 ,  G06F12/1009

Abstract: An embodiment of an integrated circuit comprises circuitry to store memory protection information for a non-host memory in a memory protection cache, and perform one or more memory protection checks on a translated access request for the non-host memory based on the stored memory protection information. Other embodiments are disclosed and claimed.

公开(公告)号：US20210173794A1

公开(公告)日：2021-06-10

申请号：US17131974

申请日：2020-12-23

Applicant: Intel Corporation

Inventor： David Koufaty ,  Anna Trikalinou ,  Utkarsh Y. Kakaiya ,  Ravi Sahita ,  Ramya Jayaram Masti

IPC: G06F12/14 ,  G06F12/1009 ,  G06F12/1045

Abstract: Embodiments are directed to providing a secure address translation service. An embodiment of a system includes a memory device to store memory data in a plurality of physical pages shared by a plurality of devices, a first table to map each page of memory to an associated bundle identifier (ID) that identifies one or more devices having access to a page of memory, a second table to map each bundle ID to page access permissions that define access to one or more pages associated with a bundle ID and a translation agent to receive requests from the plurality of devices to perform memory operations on the memory and determine page access permissions for requests received from the plurality of devices using the first table and the second table

公开(公告)号：US20220398017A1

公开(公告)日：2022-12-15

申请号：US17348586

申请日：2021-06-15

Applicant: Intel Corporation

Inventor： Utkarsh Y. Kakaiya ,  David Koufaty ,  Rajesh Sankaran ,  Vedvyas Shanbhogue

IPC: G06F3/06 ,  G06F13/28

Abstract: An embodiment of an integrated circuit comprises circuitry to share page tables associated with a page between a processor memory management unit (MMU) and an input/output memory management unit (IOMMU), store a page table entry in the memory associated with the page, and separately control access to the page from a processor and from a direct memory access (DMA) request based on one or more fields of the stored page table entry. Other embodiments are disclosed and claimed.

公开(公告)号：US11526451B2

公开(公告)日：2022-12-13

申请号：US17131974

申请日：2020-12-23

Applicant: Intel Corporation

Inventor： David Koufaty ,  Anna Trikalinou ,  Utkarsh Y. Kakaiya ,  Ravi Sahita ,  Ramya Jayaram Masti

IPC: G06F12/14 ,  G06F12/1009 ,  G06F12/1045

Abstract: Embodiments are directed to providing a secure address translation service. An embodiment of a system includes a memory device to store memory data in a plurality of physical pages shared by a plurality of devices, a first table to map each page of memory to an associated bundle identifier (ID) that identifies one or more devices having access to a page of memory, a second table to map each bundle ID to page access permissions that define access to one or more pages associated with a bundle ID and a translation agent to receive requests from the plurality of devices to perform memory operations on the memory and determine page access permissions for requests received from the plurality of devices using the first table and the second table.

公开(公告)号：US20240220622A1

公开(公告)日：2024-07-04

申请号：US18149055

申请日：2022-12-30

Applicant: Intel Corporation

Inventor： Utkarsh Y. Kakaiya ,  Eric Geisler ,  Rupin H. Vakharwala ,  Michael Prinke ,  David Koufaty

IPC: G06F21/57

CPC classification number: G06F21/57 ,  G06F2221/033

Abstract: Circuitry and methods for implementing address translation extensions for confidential computing hosts are described. In certain examples, a system includes a hardware processor core to implement a trust domain manager to manage one or more hardware isolated virtual machines as a respective trust domain with a region of protected memory; an input/output device coupled to the hardware processor core; and input/output memory management unit (IOMMU) circuitry comprising trusted direct memory access translation data and coupled between the hardware processor core and the input/output device, wherein the IOMMU circuitry is to, for a request from the input/output device for a direct memory access of a protected memory of a trust domain: in response to a field in the request being set to indicate the input/output device is in a trusted computing base of the trust domain and an entry in the trusted direct memory access translation data being set into an active state by the trust domain manager, allow the direct memory access by the input/output device.

公开(公告)号：US20220147393A1

公开(公告)日：2022-05-12

申请号：US17212977

申请日：2021-03-25

Applicant: Intel Corporation

Inventor： Rajesh Sankaran ,  Gilbert Neiger ,  Vedvyas Shanbhogue ,  David Koufaty

IPC: G06F9/50 ,  G06F9/48

Abstract: An embodiment of an apparatus comprises decode circuitry to decode a single instruction, the single instruction to include a field for an identifier of a first source operand, a field for an identifier of a destination operand, and a field for an opcode, the opcode to indicate execution circuitry is to program a user timer, and execution circuitry to execute the decoded instruction according to the opcode to retrieve timer program information from a location indicated by the first source operand, and program a user timer indicated by the destination operand based on the retrieved timer program information. Other embodiments are disclosed and claimed.

公开(公告)号：US20200026661A1

公开(公告)日：2020-01-23

申请号：US16582919

申请日：2019-09-25

Applicant: Intel Corporation

Inventor： Michael Kounavis ,  David Koufaty ,  Anna Trikalinou ,  Rupin Vakharwala

IPC: G06F12/1027 ,  G06F12/0831 ,  G06F12/0868 ,  G06F12/14 ,  G11C15/04

Abstract: Embodiments are directed to providing a secure address translation service. An embodiment of a system includes a memory for storage of data, an Input/Output Memory Management Unit (IOMMU) coupled to the memory via a host-to-device link the IOMMU to perform operations, comprising receiving a memory access request from a remote device via a host-to-device link, wherein the memory access request comprises a host physical address (HPA) that identifies a physical address within the memory pertaining to the memory access request and a first message authentication code (MAC), generating a second message authentication code (MAC) using the host physical address received with the memory access request and a private key associated with the remote device, and performing at least one of allowing the memory access to proceed when the first MAC and the second MAC match and the HPA is not in an invalidation tracking table (ITT) maintained by the IOMMU; or blocking the memory operation when the first MAC and the second MAC do not match.

公开(公告)号：US20200019515A1

公开(公告)日：2020-01-16

申请号：US16582956

申请日：2019-09-25

Applicant: Intel Corporation

Inventor： David Koufaty ,  Rajesh Sankaran ,  Anna Trikalinou ,  Rupin Vakharwala

IPC: G06F12/14 ,  G06F12/0862 ,  G06F12/1009 ,  G06F13/16 ,  G06F13/42

Abstract: Embodiments are directed to providing a secure address translation service. An embodiment of a system includes DRAM for storage of data, an IOMMU coupled to the DRAM, and a host-to-device link to couple the IOMMU with one or more devices and to operate as a translation agent on behalf of one or more devices in connection with memory operations relating to the DRAM, including receiving a translated request from a discrete device via the host-to-device link specifying a memory operation and a physical address within the DRAM pertaining to the memory operation, determining page access permissions assigned to a context of the discrete device for a physical page of the DRAM within which the physical address resides, allowing the memory operation to proceed when the page access permissions permit the memory operation, and blocking the memory operation when the page access permissions do not permit the memory operation.

公开(公告)号：US20220309008A1

公开(公告)日：2022-09-29

申请号：US17842094

申请日：2022-06-16

Applicant: Intel Corporation

Inventor： David Koufaty ,  Rajesh Sankaran ,  Anna Trikalinou ,  Rupin Vakharwala

IPC: G06F12/14 ,  G06F12/0862 ,  G06F12/1009 ,  G06F13/16 ,  G06F13/42

Abstract: Embodiments are directed to providing a secure address translation service. An embodiment of a system includes memory for storage of data, an IOMMU coupled to the memory, and a host-to-device link to couple the IOMMU with one or more devices and to operate as a translation agent on behalf of one or more devices in connection with memory operations relating to the memory, including receiving a translated request from a discrete device via the host-to-device link specifying a memory operation and a physical address within the memory pertaining to the memory operation, determining page access permissions assigned to a context of the discrete device for a physical page of the memory within which the physical address resides, allowing the memory operation to proceed when the page access permissions permit the memory operation, and blocking the memory operation when the page access permissions do not permit the memory operation.