-
公开(公告)号:US11614939B2
公开(公告)日:2023-03-28
申请号:US17359337
申请日:2021-06-25
申请人: Intel Corporation
发明人: Ashok Raj , Andreas Kleen , Gilbert Neiger , Beeman Strong , Jason Brandt , Rupin Vakharwala , Jeff Huxel , Larisa Novakovsky , Ido Ouziel , Sarathy Jayakumar
摘要: An apparatus and method for processing non-maskable interrupt source information. For example, one embodiment of a processor comprises: a plurality of cores comprising execution circuitry to execute instructions and process data; local interrupt circuitry comprising a plurality of registers to store interrupt-related data including non-maskable interrupt (NMI) data related to a first NMI; and non-maskable interrupt (NMI) processing mode selection circuitry, responsive to a request, to select between at least two NMI processing modes to process the first NMI including: a first NMI processing mode in which the plurality of registers are to store first data related to a first NMI, wherein no NMI source information related to a source of the NMI is included in the first data, and a second NMI processing mode in which the plurality of registers are to store both the first data related to the first NMI and second data comprising NMI source information indicating the NMI source.
-
公开(公告)号:US11422811B2
公开(公告)日:2022-08-23
申请号:US17098129
申请日:2020-11-13
申请人: Intel Corporation
发明人: Gideon Gerzon , Dror Caspi , Arie Aharon , Ido Ouziel
IPC分类号: G06F12/0804 , G06F9/30 , G06F9/455
摘要: A processor includes a global register to store a value of an interrupted block count. A processor core, communicably coupled to the global register, may, upon execution of an instruction to flush blocks of a cache that are associated with a security domain: flush the blocks of the cache sequentially according to a flush loop of the cache; and in response to detection of a system interrupt: store a value of a current cache block count to the global register as the interrupted block count; and stop execution of the instruction to pause the flush of the blocks of the cache. After handling of the interrupt, the instruction may be called again to restart the flush of the cache.
-
公开(公告)号:US11900115B2
公开(公告)日:2024-02-13
申请号:US18126920
申请日:2023-03-27
申请人: Intel Corporation
发明人: Ashok Raj , Andreas Kleen , Gilbert Neiger , Beeman Strong , Jason Brandt , Rupin Vakharwala , Jeff Huxel , Larisa Novakovsky , Ido Ouziel , Sarathy Jayakumar
CPC分类号: G06F9/30098 , G06F9/4812 , G06F9/5005 , G06F15/80
摘要: An apparatus and method for processing non-maskable interrupt source information. For example, one embodiment of a processor comprises: a plurality of cores comprising execution circuitry to execute instructions and process data; local interrupt circuitry comprising a plurality of registers to store interrupt-related data including non-maskable interrupt (NMI) data related to a first NMI; and non-maskable interrupt (NMI) processing mode selection circuitry, responsive to a request, to select between at least two NMI processing modes to process the first NMI including: a first NMI processing mode in which the plurality of registers are to store first data related to a first NMI, wherein no NMI source information related to a source of the NMI is included in the first data, and a second NMI processing mode in which the plurality of registers are to store both the first data related to the first NMI and second data comprising NMI source information indicating the NMI source.
-
公开(公告)号:US11687654B2
公开(公告)日:2023-06-27
申请号:US15705562
申请日:2017-09-15
申请人: Intel Corporation
发明人: Ravi L. Sahita , Baiju V. Patel , Barry E. Huntley , Gilbert Neiger , Hormuzd M. Khosravi , Ido Ouziel , David M. Durham , Ioannis T. Schoinas , Siddhartha Chhabra , Carlos V. Rozas , Gideon Gerzon
IPC分类号: G06F21/57 , G06F21/62 , G06F12/14 , H04L9/06 , H04L9/40 , G06F21/53 , G06F21/71 , G06F21/79 , G06F9/455
CPC分类号: G06F21/57 , G06F12/1408 , G06F21/53 , G06F21/6218 , G06F21/71 , G06F21/79 , H04L9/0618 , H04L63/061 , G06F9/45558 , G06F2009/45587 , G06F2212/1052 , G06F2221/2107 , G06F2221/2149
摘要: Implementations describe providing isolation in virtualized systems using trust domains. In one implementation, a processing device includes a memory ownership table (MOT) that is access-controlled against software access. The processing device further includes a processing core to execute a trust domain resource manager (TDRM) to manage a trust domain (TD), maintain a trust domain control structure (TDCS) for managing global metadata for each TD, maintain an execution state of the TD in at least one trust domain thread control structure (TD-TCS) that is access-controlled against software accesses, and reference the MOT to obtain at least one key identifier (key ID) corresponding to an encryption key assigned to the TD, the key ID to allow the processing device to decrypt memory pages assigned to the TD responsive to the processing device executing in the context of the TD, the memory pages assigned to the TD encrypted with the encryption key.
-
公开(公告)号:US11048512B1
公开(公告)日:2021-06-29
申请号:US16833598
申请日:2020-03-28
申请人: Intel Corporation
发明人: Ashok Raj , Andreas Kleen , Gilbert Neiger , Beeman Strong , Jason Brandt , Rupin Vakharwala , Jeff Huxel , Larisa Novakovsky , Ido Ouziel , Sarathy Jayakumar
摘要: An apparatus and method for processing non-maskable interrupt source information. For example, one embodiment of a processor comprises: a plurality of cores comprising execution circuitry to execute instructions and process data; local interrupt circuitry comprising a plurality of registers to store interrupt-related data including non-maskable interrupt (NMI) data related to a first NMI; and non-maskable interrupt (NMI) processing mode selection circuitry, responsive to a request, to select between at least two NMI processing modes to process the first NMI including: a first NMI processing mode in which the plurality of registers are to store first data related to a first NMI, wherein no NMI source information related to a source of the NMI is included in the first data, and a second NMI processing mode in which the plurality of registers are to store both the first data related to the first NMI and second data comprising NMI source information indicating the NMI source.
-
公开(公告)号:US20190087575A1
公开(公告)日:2019-03-21
申请号:US15705562
申请日:2017-09-15
申请人: Intel Corporation
发明人: Ravi L. Sahita , Baiju V. Patel , Barry E. Huntley , Gilbert Neiger , Hormuzd M. Khosravi , Ido Ouziel , David M. Durham , Ioannis T. Schoinas , Siddhartha Chhabra , Carlos V. Rozas , Gideon Gerzon
摘要: Implementations describe providing isolation in virtualized systems using trust domains. In one implementation, a processing device includes a memory ownership table (MOT) that is access-controlled against software access. The processing device further includes a processing core to execute a trust domain resource manager (TDRM) to manage a trust domain (TD), maintain a trust domain control structure (TDCS) for managing global metadata for each TD, maintain an execution state of the TD in at least one trust domain thread control structure (TD-TCS) that is access-controlled against software accesses, and reference the MOT to obtain at least one key identifier (key ID) corresponding to an encryption key assigned to the TD, the key ID to allow the processing device to decrypt memory pages assigned to the TD responsive to the processing device executing in the context of the TD, the memory pages assigned to the TD encrypted with the encryption key.
-
公开(公告)号:US20190004973A1
公开(公告)日:2019-01-03
申请号:US15635548
申请日:2017-06-28
申请人: Intel Corporation
发明人: Siddhartha Chhabra , Hormuzd M. Khosravi , Gideon Gerzon , Barry E. Huntley , Gilbert Neiger , Ido Ouziel , Baiju Patel , Ravi L. Sahita , Amy L. Santoni , Ioannis T. Schoinas
摘要: In one embodiment, an apparatus comprises a processor to execute instruction(s), wherein the instructions comprise a memory access operation associated with a memory location of a memory. The apparatus further comprises a memory encryption controller to: identify the memory access operation; determine that the memory location is associated with a protected domain, wherein the protected domain is associated with a protected memory region of the memory, and wherein the protected domain is identified from a plurality of protected domains associated with a plurality of protected memory regions of the memory; identify an encryption key associated with the protected domain; perform a cryptography operation on data associated with the memory access operation, wherein the cryptography operation is performed based on the encryption key associated with the protected domain; and return a result of the cryptography operation, wherein the result is to be used for the memory access operation.
-
公开(公告)号:US11461244B2
公开(公告)日:2022-10-04
申请号:US16227386
申请日:2018-12-20
申请人: Intel Corporation
发明人: Ido Ouziel , Arie Aharon , Dror Caspi , Baruch Chaikin , Jacob Doweck , Gideon Gerzon , Barry E. Huntley , Francis X. McKeen , Gilbert Neiger , Carlos V. Rozas , Ravi L. Sahita , Vedvyas Shanbhogue , Assaf Zaltsman , Hormuzd M. Khosravi
IPC分类号: G06F11/30 , G06F12/14 , G06F9/455 , G06F11/07 , G06F12/02 , G06F12/0817 , G06F21/53 , G06F21/57 , G06F21/60 , G06F21/79
摘要: Implementations described provide hardware support for the co-existence of restricted and non-restricted encryption keys on a computing system. Such hardware support may comprise a processor having a core, a hardware register to store a bit range to identify a number of bits, of physical memory addresses, that define key identifiers (IDs) and a partition key ID identifying a boundary between non-restricted and restricted key IDs. The core may allocate at least one of the non-restricted key IDs to a software program, such as a hypervisor. The core may further allocate a restricted key ID to a trust domain whose trust computing base does not comprise the software program. A memory controller coupled to the core may allocate a physical page of a memory to the trust domain, wherein data of the physical page of the memory is to be encrypted with an encryption key associated with the restricted key ID.
-
公开(公告)号:US11139967B2
公开(公告)日:2021-10-05
申请号:US16228002
申请日:2018-12-20
申请人: Intel Corporation
发明人: Ido Ouziel , Arie Aharon , Dror Caspi , Baruch Chaikin , Jacob Doweck , Gideon Gerzon , Barry E. Huntley , Francis X. Mckeen , Gilbert Neiger , Carlos V. Rozas , Ravi L. Sahita , Vedvyas Shanbhogue , Assaf Zaltsman
IPC分类号: H04L9/08 , G06F9/455 , G06F12/1009 , G06F21/60 , G06F21/62
摘要: A processor includes a processor core. A register of the core is to store: a bit range for a number of address bits of physical memory addresses used for key identifiers (IDs), and a first key ID to identify a boundary between non-restricted key IDs and restricted key IDs of the key identifiers. A memory controller is to: determine, via access to bit range and the first key ID in the register, a key ID range of the restricted key IDs within the physical memory addresses; access a processor state that a first logical processor of the processor core executes in an untrusted domain mode; receive a memory transaction, from the first logical processor, including an address associated with a second key ID; and generate a fault in response to a determination that the second key ID is within a key ID range of the restricted key IDs.
-
10.
公开(公告)号:US10657071B2
公开(公告)日:2020-05-19
申请号:US15714217
申请日:2017-09-25
申请人: Intel Corporation
发明人: David M. Durham , Siddhartha Chhabra , Amy L. Santoni , Gilbert Neiger , Barry E. Huntley , Hormuzd M. Khosravi , Baiju V. Patel , Ravi L. Sahita , Gideon Gerzon , Ido Ouziel , Ioannis T. Schoinas , Rajesh M. Sankaran
摘要: In one embodiment, a cryptographic circuit is adapted to receive a data line including at least an encrypted portion from a memory in response to a read request having a memory address from a first agent, obtain a key identifier for a key of the first agent from the data line, obtain the key using the key identifier, decrypt the at least encrypted portion of the data line using the key and send decrypted data of the at least encrypted portion of the data line to the first agent. Other embodiments are described and claimed.
-
-
-
-
-
-
-
-
-