公开(公告)号：US20180204025A1

公开(公告)日：2018-07-19

申请号：US15861924

申请日：2018-01-04

Applicant: Intel Corporation

Inventor： Siddhartha Chhabra ,  Francis X. Mckeen ,  Carlos V. Rozas ,  Saeedeh Komijani ,  Tamara S. Lehman

IPC: G06F21/72 ,  G06F21/64 ,  H04L9/00

CPC classification number: G06F21/72 ,  G06F12/1408 ,  G06F21/64 ,  G06F21/78 ,  H04L9/002 ,  H04L9/0637 ,  H04L9/3242 ,  H04L2209/12

Abstract: Memory security technologies are described. An example processing system includes a processor core and a memory controller coupled to the processor core and a memory. The processor core can receive a content read instruction from an application. The processor core can identify a cache line (CL) from a plurality of CLs of a cryptographic cache block (CCB) requested in the content read instruction. The processor core can load, from a cryptographic tree, tree nodes with security metadata. The processor core can retrieve, from the memory, the CCB. The processor core can generate a second MAC from the CCB. The processor core can compare the first MAC with the second MAC. The processor core can decrypt the CCB using security metadata when the first MAC matches the second MAC. The processor core can send at least the identified CL from the decrypted CCB to the application.

公开(公告)号：US20180011793A1

公开(公告)日：2018-01-11

申请号：US15711615

申请日：2017-09-21

Applicant: Intel Corporation

Inventor： Rebekah M. Leslie-Hurd ,  Carlos V. Rozas ,  Francis X. Mckeen ,  Ilya Alexandrovich ,  Vedvyas Shanbhogue ,  Bin Xing ,  Mark W. Shanahan ,  Simon P. Johnson

IPC: G06F12/0844 ,  G06F12/0882

CPC classification number: G06F12/0844 ,  G06F11/073 ,  G06F11/0775 ,  G06F12/0882 ,  G06F2212/1032 ,  G06F2212/1052 ,  G06F2212/281 ,  G06F2212/312 ,  G06F2212/402 ,  G06F2212/608

Abstract: A processor implementing techniques to supporting fault information delivery is disclosed. In one embodiment, the processor includes a memory controller unit to access an enclave page cache (EPC) and a processor core coupled to the memory controller unit. The processor core to detect a fault associated with accessing the EPC and generate an error code associated with the fault. The error code reflects an EPC-related fault cause. The processor core is further to encode the error code into a data structure associated with the processor core. The data structure is for monitoring a hardware state related to the processor core.

公开(公告)号：US09766889B2

公开(公告)日：2017-09-19

申请号：US15074573

申请日：2016-03-18

Applicant: Intel Corporation

Inventor： Rebekah Leslie-Hurd ,  Carlos V. Rozas ,  Vincent R. Scarlata ,  Simon P. Johnson ,  Uday R. Savagaonkar ,  Barry E. Huntley ,  Vedvyas Shanbhogue ,  Ittai Anati ,  Francis X. Mckeen ,  Michael A. Goldsmith ,  Ilya Alexandrovich ,  Alex Berenzon ,  Wesley H. Smith ,  Gilbert Neiger

IPC: G06F12/00 ,  G06F9/30 ,  G06F12/0875 ,  G06F9/44 ,  G06F12/084 ,  G06F12/14

CPC classification number: G06F9/3004 ,  G06F9/30047 ,  G06F9/30076 ,  G06F9/44 ,  G06F12/084 ,  G06F12/0875 ,  G06F12/1483 ,  G06F2212/452

Abstract: Embodiments of an invention for memory management in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction and a second instruction. The execution unit is to execute the first instruction, wherein execution of the first instruction includes allocating a page in an enclave page cache to a secure enclave. The execution unit is also to execute the second instruction, wherein execution of the second instruction includes confirming the allocation of the page.

公开(公告)号：US11055236B2

公开(公告)日：2021-07-06

申请号：US16729251

申请日：2019-12-27

Applicant: Intel Corporation

Inventor： Carlos V. Rozas ,  Mona Vij ,  Rebekah M. Leslie-Hurd ,  Krystof C. Zmudzinski ,  Somnath Chakrabarti ,  Francis X. Mckeen ,  Vincent R. Scarlata ,  Simon P. Johnson ,  Ilya Alexandrovich ,  Gilbert Neiger ,  Vedvyas Shanbhogue ,  Ittai Anati

IPC: G06F12/14 ,  G06F21/60 ,  G06F9/30 ,  G06F21/53 ,  G06F8/41 ,  G06F9/455

Abstract: A processor includes a decode unit to decode an instruction that is to indicate a page of a protected container memory, and a storage location outside of the protected container memory. An execution unit, in response to the instruction, is to ensure that there are no writable references to the page of the protected container memory while it has a write protected state. The execution unit is to encrypt a copy of the page of the protected container memory. The execution unit is to store the encrypted copy of the page to the storage location outside of the protected container memory, after it has been ensured that there are no writable references. The execution unit is to leave the page of the protected container memory in the write protected state, which is also valid and readable, after the encrypted copy has been stored to the storage location.

公开(公告)号：US10558588B2

公开(公告)日：2020-02-11

申请号：US15651771

申请日：2017-07-17

Applicant: Intel Corporation

Inventor： Carlos V. Rozas ,  Mona Vij ,  Rebekah M. Leslie-Hurd ,  Krystof C. Zmudzinski ,  Somnath Chakrabarti ,  Francis X. Mckeen ,  Vincent R. Scarlata ,  Simon P. Johnson ,  Ilya Alexandrovich ,  Gilbert Neiger ,  Vedvyas Shanbhogue ,  Ittai Anati

IPC: G06F11/30 ,  G06F12/14 ,  G06F21/60 ,  G06F9/30 ,  G06F21/53 ,  G06F8/41 ,  G06F9/455

Abstract: A processor includes a decode unit to decode an instruction that is to indicate a page of a protected container memory, and a storage location outside of the protected container memory. An execution unit, in response to the instruction, is to ensure that there are no writable references to the page of the protected container memory while it has a write protected state. The execution unit is to encrypt a copy of the page of the protected container memory. The execution unit is to store the encrypted copy of the page to the storage location outside of the protected container memory, after it has been ensured that there are no writable references. The execution unit is to leave the page of the protected container memory in the write protected state, which is also valid and readable, after the encrypted copy has been stored to the storage location.

公开(公告)号：US10289554B2

公开(公告)日：2019-05-14

申请号：US15711615

申请日：2017-09-21

Applicant: Intel Corporation

Inventor： Rebekah M. Leslie-Hurd ,  Carlos V. Rozas ,  Francis X. Mckeen ,  Ilya Alexandrovich ,  Vedvyas Shanbhogue ,  Bin Xing ,  Mark W. Shanahan ,  Simon P. Johnson

IPC: G06F12/0844 ,  G06F12/0882 ,  G06F11/07

Abstract: A processor implementing techniques to supporting fault information delivery is disclosed. In one embodiment, the processor includes a memory controller unit to access an enclave page cache (EPC) and a processor core coupled to the memory controller unit. The processor core to detect a fault associated with accessing the EPC and generate an error code associated with the fault. The error code reflects an EPC-related fault cause. The processor core is further to encode the error code into a data structure associated with the processor core. The data structure is for monitoring a hardware state related to the processor core.

公开(公告)号：US09323686B2

公开(公告)日：2016-04-26

申请号：US13729277

申请日：2012-12-28

Applicant: Intel Corporation

Inventor： Francis X. Mckeen ,  Michael A. Goldsmith ,  Barry E. Huntley ,  Simon P. Johnson ,  Rebekah Leslie ,  Carlos V. Rozas ,  Uday R. Savagaonkar ,  Vincent R. Scarlata ,  Vedvyas Shanbhogue ,  Wesley H. Smith ,  Ittai Anati ,  Ilya Alexandrovich ,  Alex Berenzon ,  Gilbert Neiger

IPC: G06F12/00 ,  G06F12/08 ,  G06F9/30

CPC classification number: G06F12/0804 ,  G06F9/30047 ,  G06F12/0875 ,  G06F12/1408 ,  G06F2212/1052 ,  G06F2212/402

Abstract: Embodiments of an invention for paging in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction. The execution unit is to execute the first instruction, wherein execution of the first instruction includes evicting a first page from an enclave page cache.

Abstract translation: 公开了用于在安全飞行器中寻呼的发明的实施例。 在一个实施例中，处理器包括指令单元和执行单元。 指令单元接收第一条指令。 执行单元执行第一指令，其中第一指令的执行包括从飞地页面缓存中逐出第一页。

公开(公告)号：US20160042184A1

公开(公告)日：2016-02-11

申请号：US14919350

申请日：2015-10-21

Applicant: Intel Corporation

Inventor： Francis X. Mckeen ,  Michael A. Goldsmith ,  Barrey E. Huntley ,  Simon P. Johnson ,  Rebekah M. Leslie-Hurd ,  Carlos V. Rozas ,  Uday R. Savagaonkar ,  Vincent R. Scarlata ,  Vedvyas Shanbhogue ,  Wesley H. Smith ,  Gilbert Neiger

IPC: G06F21/60 ,  G06F12/14 ,  G06F21/72 ,  G06F12/08

CPC classification number: G06F21/60 ,  G06F12/0875 ,  G06F12/14 ,  G06F12/145 ,  G06F21/72 ,  G06F2212/1052 ,  G06F2212/152 ,  G06F2212/452

Abstract: Embodiments of an invention for logging in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction having an associated enclave page cache address. The execution unit is to execute the instruction without causing a virtual machine exit, wherein execution of the instruction includes logging the instruction and the associated enclave page cache address.

Abstract translation: 公开了用于登录安全飞行器的发明的实施例。 在一个实施例中，处理器包括指令单元和执行单元。 该指令单元用于接收具有关联的飞地页面缓存地址的指令。 执行单元执行指令而不引起虚拟机退出，其中指令的执行包括记录指令和关联的飞地页面缓存地址。

公开(公告)号：US11782849B2

公开(公告)日：2023-10-10

申请号：US17367349

申请日：2021-07-03

Applicant: Intel Corporation

Inventor： Carlos V. Rozas ,  Mona Vij ,  Rebekah M. Leslie-Hurd ,  Krystof C. Zmudzinski ,  Somnath Chakrabarti ,  Francis X. Mckeen ,  Vincent R. Scarlata ,  Simon P. Johnson ,  Ilya Alexandrovich ,  Gilbert Neiger ,  Vedvyas Shanbhogue ,  Ittai Anati

IPC: G06F12/14 ,  G06F21/60 ,  G06F9/30 ,  G06F21/53 ,  G06F8/41 ,  G06F9/455

CPC classification number: G06F12/1408 ,  G06F8/41 ,  G06F9/30145 ,  G06F9/45558 ,  G06F12/1441 ,  G06F12/1483 ,  G06F21/53 ,  G06F21/602 ,  G06F2009/4557 ,  G06F2009/45587 ,  G06F2212/1052

Abstract: A processor includes a decode unit to decode an instruction that is to indicate a page of a protected container memory, and a storage location outside of the protected container memory. An execution unit, in response to the instruction, is to ensure that there are no writable references to the page of the protected container memory while it has a write protected state. The execution unit is to encrypt a copy of the page of the protected container memory. The execution unit is to store the encrypted copy of the page to the storage location outside of the protected container memory, after it has been ensured that there are no writable references. The execution unit is to leave the page of the protected container memory in the write protected state, which is also valid and readable, after the encrypted copy has been stored to the storage location.

公开(公告)号：US10409597B2

公开(公告)日：2019-09-10

申请号：US15972573

申请日：2018-05-07

Applicant: Intel Corporation

Inventor： Rebekah Leslie-Hurd ,  Carlos V. Rozas ,  Vincent R. Scarlata ,  Simon P. Johnson ,  Uday R. Savagaonkar ,  Barry E. Huntley ,  Vedvyas Shanbhogue ,  Ittai Anati ,  Francis X. Mckeen ,  Michael A. Goldsmith ,  Ilya Alexandrovich ,  Alex Berenzon ,  Wesley H. Smith ,  Gilbert Neiger

IPC: G06F12/00 ,  G06F9/30 ,  G06F12/0875 ,  G06F9/44 ,  G06F12/084 ,  G06F12/14

Abstract: Embodiments of an invention for memory management in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction and a second instruction. The execution unit is to execute the first instruction, wherein execution of the first instruction includes allocating a page in an enclave page cache to a secure enclave. The execution unit is also to execute the second instruction, wherein execution of the second instruction includes confirming the allocation of the page.