-
公开(公告)号:US20220209959A1
公开(公告)日:2022-06-30
申请号:US17134352
申请日:2020-12-26
Applicant: Intel Corporation
Inventor: Siddhartha CHHABRA , Manjula PEDDIREDDY , Hormuzd KHOSRAVI
Abstract: In embodiments detailed herein describe an encryption architecture with fast zero support (e.g., FZ-MKTME) to allow memory encryption and integrity architecture to work efficiently with 3DXP or other far memory memories. In particular, an encryption engine for the purpose of fast zeroing in the far memory controller is detailed along with mechanisms for consistent key programming of this engine. For example, an instruction is detailed which allows software to send keys protected even when the controller is located outside of a system on a chip (SoC), etc.
-
2.发明公开公开(公告)号:US20230195652A1
公开(公告)日:2023-06-22
申请号:US17554190
申请日:2021-12-17
Applicant: Intel Corporation
Inventor: Dror CASPI , Ravi SAHITA , Kunal MEHTA , Tin-Cheung KUNG , Hormuzd KHOSRAVI
CPC classification number: G06F12/1408 , G06F12/0646 , G06F9/45558 , G06F2212/1052 , G06F2009/45583
Abstract: Methods and apparatus to set guest physical address mapping attributes for a trusted domain In one embodiment, the method includes executing a first one or more of instructions to establish a trusted domain and executing a second one or more of the instructions to add a first memory page to the trusted domain, where the first memory page is private to the trusted domain and a first set of page attributes is set for the first memory page based on the second one or more of the instructions, where the first set of page attributes indicates how the first memory page is mapped in a secure extended page table. The method further includes storing the first set of page attributes for the first memory page in the secure extended page table at a storage location responsive to executing the second one or more of the instructions.
-
公开(公告)号:US20240169099A1
公开(公告)日:2024-05-23
申请号:US18493709
申请日:2023-10-24
Applicant: Intel Corporation
Inventor: Hormuzd KHOSRAVI , Dror CASPI , Arie AHARON
CPC classification number: G06F21/72 , G06F9/45558 , G06F9/5016 , G06F21/575 , H04L9/088 , H04L9/0894 , H04L9/0897 , G06F2009/45583 , G06F2009/45587
Abstract: A method of creating a trusted execution domain includes initializing, by a processing device executing a trust domain resource manager (TDRM), a trust domain control structure (TDCS) and a trust domain protected memory (TDPM) associated with a trust domain (TD). The method further includes generating a one-time cryptographic key, assigning the one-time cryptographic key to an available host key id (HKID) in a multi-key total memory encryption (MK-TME) engine, and storing the HKID in the TDCS. The method further includes associating a logical processor to the TD, adding a memory page from an address space of the logical processor to the TDPM, and transferring execution control to the logical processor to execute the TD.
-
公开(公告)号:US20210397721A1
公开(公告)日:2021-12-23
申请号:US17464163
申请日:2021-09-01
Applicant: Intel Corporation
Inventor: Dror CASPI , Arie AHARON , Gideon GERZON , Hormuzd KHOSRAVI
Abstract: Implementations describe providing secure encryption key management in trust domains. In one implementation, a processing device includes a key ownership table (KOT) that is protected against software access. The processing device further includes a processing core to execute a trust domain resource manager (TDRM) to create a trust domain (TD) and a randomly-generated encryption key corresponding to the TD, the randomly-generated encryption key identified by a guest key identifier (GKID) and protected against software access from at least one of the TDRM or other TDs, the TDRM is to reference the KOT to obtain at least one unassigned host key identifier (HKID) utilized to encrypt a TD memory, the TDRM is to assign the HKID to the TD by marking the HKID in the KOT as assigned, and configure the randomly-generated encryption key on the processing device by associating the randomly-generated encryption key with the HKID.
-
-
-
Search Results
4
records
(took 0.011 seconds)
