-
1.发明公开公开(公告)号:US20240184717A1
公开(公告)日:2024-06-06
申请号:US18378124
申请日:2023-10-09
Applicant: Intel Corporation
Inventor: Carlos V. Rozas , Mona Vij , Rebekah M. Leslie-Hurd , Krystof C. Zmudzinski , Somnath Chakrabarti , Francis X. Mckeen , Vincent R. Scarlata , Simon P. Johnson , Ilya Alexandrovich , Gilbert Neiger , Vedvyas Shanbhogue , Ittai Anati
CPC classification number: G06F12/1408 , G06F8/41 , G06F9/30145 , G06F9/45558 , G06F12/1441 , G06F12/1483 , G06F21/53 , G06F21/602 , G06F2009/4557 , G06F2009/45587 , G06F2212/1052
Abstract: A processor includes a decode unit to decode an instruction that is to indicate a page of a protected container memory, and a storage location outside of the protected container memory. An execution unit, in response to the instruction, is to ensure that there are no writable references to the page of the protected container memory while it has a write protected state. The execution unit is to encrypt a copy of the page of the protected container memory. The execution unit is to store the encrypted copy of the page to the storage location outside of the protected container memory, after it has been ensured that there are no writable references. The execution unit is to leave the page of the protected container memory in the write protected state, which is also valid and readable, after the encrypted copy has been stored to the storage location.
-
公开(公告)号:US11531475B2
公开(公告)日:2022-12-20
申请号:US16882637
申请日:2020-05-25
Applicant: Intel Corporation
Inventor: Ilya Alexandrovich , Vladimir Beker , Gideon Gerzon , Vincent R. Scarlata
Abstract: An integrated circuit includes protected container access control logic to perform a set of access control checks and to determine whether to allow a device protected container module (DPCM) and an input and/or output (I/O) device to communicate securely through one of direct memory access (DMA) and memory-mapped input/output (MMIO). The DPCM and the I/O device are allowed to communicate securely if it is determined that at least the DPCM and the I/O device are mapped to one another, an access address associated with the communication resolves into a protected container memory, and a page of the protected container memory into which the access address resolves allows for the aforementioned one of DMA and MMIO. In some cases, a Security Attributes of Initiator (SAI) or security identifier may be used to obtain a DPCM identifier or attest that access is from a DPCM mapped to the I/O device. In some cases, a determination may be made that a type of access is compatible with one or more allowed access types for the page as represented in a protected container page metadata structure.
-
公开(公告)号:US11204874B2
公开(公告)日:2021-12-21
申请号:US16838418
申请日:2020-04-02
Applicant: Intel Corporation
Inventor: Vedvyas Shanbhogue , Krystof C. Zmudzinski , Carlos V. Rozas , Francis X. McKeen , Raghunandan Makaram , Ilya Alexandrovich , Ittai Anati , Meltem Ozsoy
IPC: G06F12/0862 , G06F12/0846 , G06F12/1027 , G06F12/14 , G06F12/1009
Abstract: Secure memory repartitioning technologies are described. Embodiments of the disclosure may include a processing device including a processor core and a memory controller coupled between the processor core and a memory device. The memory device includes a memory range including a section of convertible pages that are convertible to secure pages or non-secure pages. The processor core is to receive a non-secure access request to a page in the memory device, responsive to a determination, based on one or more secure state bits in one or more secure state bit arrays, that the page is a secure page, insert an abort page address into a translation lookaside buffer, and responsive to a determination, based on the one or more secure state bits in the one or more secure state bit arrays, that the page is a non-secure page, insert the page into the translation lookaside buffer.
-
公开(公告)号:US11030120B2
公开(公告)日:2021-06-08
申请号:US16454481
申请日:2019-06-27
Applicant: Intel Corporation
Inventor: Krystof C. Zmudzinski , Simon P. Johnson , Raghunandan Makaram , Francis X. McKeen , Carlos V. Rozas , Meltem Ozsoy , Ilya Alexandrovich , Siddhartha Chhabra
IPC: G06F12/14 , G06F12/1045 , G06F12/0882 , G06F11/30 , G06F12/0871 , G06F9/4401 , G06F11/07 , G06F12/0891
Abstract: A processor includes a cryptographic engine to control access, using an secure region key identifier (ID), to one or more memory range of memory allocable for flexible conversion to secure pages of architecturally-protected memory regions, and a processor core. The processor core is to, responsive to receipt of a request to access the memory, perform a walk of page tables and extended page tables to translate a linear address of the request to a physical address of the memory. The processor core is further to determine that the physical address corresponds to an secure page within the one or more memory range of the memory, that a first key ID located within the physical address does not match the secure region key ID, and issue a page fault and deny access to the secure page in the memory.
-
公开(公告)号:US20180183580A1
公开(公告)日:2018-06-28
申请号:US15391208
申请日:2016-12-27
Applicant: Intel Corporation
Inventor: Vincent R. Scarlata , Carlos V. Rozas , Simon P. Johnson , Francis X. McKeen , Mona Vij , Somnath Chakrabarti , Brandon Baker , Ittai Anati , Ilya Alexandrovich
CPC classification number: G06F9/4856 , G06F21/53 , G06F21/602 , H04L9/0861 , H04L9/0897 , H04L9/3247 , H04L9/3268
Abstract: A secure migration enclave is provided to identify a launch of a particular virtual machine on a host computing system, where the particular virtual machine is launched to include a secure quoting enclave to perform an attestation of one or more aspects of the virtual machine. A root key for the particular virtual machine is generated using the secure migration enclave hosted on the host computing system for use in association with provisioning the secure quoting enclave with an attestation key to be used in the attestation. The migration enclave registers the root key with a virtual machine registration service.
-
Patent Agency Ranking
公开(公告)号:US20170337145A1
公开(公告)日:2017-11-23
申请号:US15612845
申请日:2017-06-02
Applicant: INTEL CORPORATION
Inventor: Carlos V. Rozas , Ilya Alexandrovich , Gilbert Neiger , Francis X. McKeen , Ittai Anati , Vedvyas Shanbhogue , Shay Gueron
IPC: G06F13/24 , G06F12/0806 , G06F21/00 , G06F21/85 , G06F12/08 , G06F21/71 , G06F12/0875
CPC classification number: G06F13/24 , G06F12/08 , G06F12/0806 , G06F12/0875 , G06F21/00 , G06F21/71 , G06F21/85 , G06F2212/1024 , G06F2212/1052 , G06F2212/62
Abstract: Instructions and logic interrupt and resume paging in secure enclaves. Embodiments include instructions, specify page addresses allocated to a secure enclave, the instructions are decoded for execution by a processor. The processor includes an enclave page cache to store secure data in a first cache line and in a last cache line for a page corresponding to the page address. A page state is read from the first or last cache line for the page when an entry in an enclave page cache mapping for the page indicates only a partial page is stored in the enclave page cache. The entry for a partial page may be set, and a new page state may be recorded in the first cache line when writing-back, or in the last cache line when loading the page when the instruction's execution is being interrupted. Thus the writing-back, or loading can be resumed.
-
公开(公告)号:US09747102B2
公开(公告)日:2017-08-29
申请号:US13729371
申请日:2012-12-28
Applicant: Intel Corporation
Inventor: Rebekah Leslie , Carlos V. Rozas , Vincent R. Scarlata , Simon P. Johnson , Uday R. Savagaonkar , Barry E. Huntley , Vedvyas Shanbhogue , Ittai Anati , Francis X. Mckeen , Michael A. Goldsmith , Ilya Alexandrovich , Alex Berenzon , Wesley H. Smith , Gilbert G. Neiger
IPC: G06F12/00 , G06F9/30 , G06F9/44 , G06F12/084 , G06F12/14
CPC classification number: G06F9/3004 , G06F9/30047 , G06F9/30076 , G06F9/44 , G06F12/084 , G06F12/0875 , G06F12/1483 , G06F2212/452
Abstract: Embodiments of an invention for memory management in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction and a second instruction. The execution unit is to execute the first instruction, wherein execution of the first instruction includes allocating a page in an enclave page cache to a secure enclave. The execution unit is also to execute the second instruction, wherein execution of the second instruction includes confirming the allocation of the page.
-
公开(公告)号:US09703733B2
公开(公告)日:2017-07-11
申请号:US14318508
申请日:2014-06-27
Applicant: Intel Corporation
Inventor: Carlos V. Rozas , Ilya Alexandrovich , Gilbert Neiger , Francis X. McKeen , Ittai Anati , Vedvyas Shanbhogue , Shay Gueron
IPC: G06F12/00 , G06F13/24 , G06F12/0806 , G06F12/08 , G06F12/0875 , G06F21/00 , G06F21/71 , G06F21/85
CPC classification number: G06F13/24 , G06F12/08 , G06F12/0806 , G06F12/0875 , G06F21/00 , G06F21/71 , G06F21/85 , G06F2212/1024 , G06F2212/1052 , G06F2212/62
Abstract: Instructions and logic interrupt and resume paging in secure enclaves. Embodiments include instructions, specify page addresses allocated to a secure enclave, the instructions are decoded for execution by a processor. The processor includes an enclave page cache to store secure data in a first cache line and in a last cache line for a page corresponding to the page address. A page state is read from the first or last cache line for the page when an entry in an enclave page cache mapping for the page indicates only a partial page is stored in the enclave page cache. The entry for a partial page may be set, and a new page state may be recorded in the first cache line when writing-back, or in the last cache line when loading the page when the instruction's execution is being interrupted. Thus the writing-back, or loading can be resumed.
-
公开(公告)号:US20230042288A1
公开(公告)日:2023-02-09
申请号:US17867306
申请日:2022-07-18
Applicant: Intel Corporation
Inventor: Krystof C. Zmudzinski , Siddhartha Chhabra , Uday R. Savagaonkar , Simon P. Johnson , Rebekah M. Leslie-Hurd , Francis X. McKeen , Gilbert Neiger , Raghunandan Makaram , Carlos V. Rozas , Amy L. Santoni , Vincent R. Scarlata , Vedvyas Shanbhogue , Ilya Alexandrovich , Ittai Anati , Wesley H. Smith , Michael Goldsmith
IPC: G06F12/1009 , G06F12/1027 , G06F12/1036 , G06F12/109 , G06F12/14 , G06F9/455
Abstract: A processor for supporting secure memory intent is disclosed. The processor of the disclosure includes a memory execution unit to access memory and a processor core coupled to the memory execution unit. The processor core is to receive a request to access a convertible page of the memory. In response to the request, the processor core to determine an intent for the convertible page in view of a page table entry (PTE) corresponding to the convertible page. The intent indicates whether the convertible page is to be accessed as at least one of a secure page or a non-secure page.
-
公开(公告)号:US20210255962A1
公开(公告)日:2021-08-19
申请号:US17156175
申请日:2021-01-22
Applicant: Intel Corporation
Inventor: Krystof C. Zmudzinski , Siddhartha Chhabra , Uday R. Savagaonkar , Simon P. Johnson , Rebekah M. Leslie-Hurd , Francis X. McKeen , Gilbert Neiger , Raghunandan Makaram , Carlos V. Rozas , Amy L. Santoni , Vincent R. Scarlata , Vedvyas Shanbhogue , Ilya Alexandrovich , Ittai Anati , Wesley H. Smith , Michael Goldsmith
IPC: G06F12/1009 , G06F12/1027 , G06F12/1036 , G06F12/109 , G06F12/14 , G06F9/455
Abstract: A processor for supporting secure memory intent is disclosed. The processor of the disclosure includes a memory execution unit to access memory and a processor core coupled to the memory execution unit. The processor core is to receive a request to access a convertible page of the memory. In response to the request, the processor core to determine an intent for the convertible page in view of a page table entry (PTE) corresponding to the convertible page. The intent indicates whether the convertible page is to be accessed as at least one of a secure page or a non-secure page.
-
-
-
-
-
-
-
-
-
Search Results
59
records
(took 0.027 seconds)
