公开(公告)号：US09594927B2

公开(公告)日：2017-03-14

申请号：US14482136

申请日：2014-09-10

Applicant: Intel Corporation

Inventor： Vincent J. Zimmer ,  Peter J. Barry ,  Rajesh Poornachandran ,  Arjan Van De Ven ,  Peter A. Dice ,  Gopinatth Selvaraje ,  Julien Carreno ,  Lee G. Rosenbaum

IPC: G06F21/72 ,  H04L9/08 ,  G06F21/79 ,  G06F21/57

CPC classification number: G06F21/575 ,  G06F9/4406 ,  G06F21/53 ,  G06F21/72 ,  G06F21/79 ,  G06F2221/033 ,  G06F2221/2107 ,  G06F2221/2111 ,  H04L9/0861 ,  H04L9/0894 ,  H04L9/14 ,  H04L9/302 ,  H04L2209/60

Abstract: In an embodiment, a system on a chip includes: a single core to execute a legacy instruction set, the single core configured to enter a system management mode (SMM) to provide a trusted execution environment to perform at least one secure operation; and a memory controller coupled to the single core, the memory controller to interface with a system memory, where a portion of the system memory comprises a secure memory for the SMM, and the single core is to authenticate and execute a boot firmware, and pass control to the SMM to obtain a key pair from a protected storage and store the key pair in the secure memory. Other embodiments are described and claimed.

Abstract translation: 在一个实施例中，芯片上的系统包括：执行遗留指令集的单个核心，所述单个核心被配置为进入系统管理模式（SMM）以提供可信赖执行环境以执行至少一个安全操作; 以及耦合到所述单个核的存储器控​​制器，所述存储器控制器与系统存储器接口，其中所述系统存储器的一部分包括用于所述SMM的安全存储器，并且所述单个核心将认证并执行引导固件，并且传递 控制到SMM以从受保护的存储器获取密钥对，并将密钥对存储在安全存储器中。 描述和要求保护其他实施例。

公开(公告)号：US10366237B2

公开(公告)日：2019-07-30

申请号：US15421539

申请日：2017-02-01

Applicant: Intel Corporation

Inventor： Vincent J. Zimmer ,  Peter J. Barry ,  Rajesh Poornachandran ,  Arjan Van De Ven ,  Peter A. Dice ,  Gopinatth Selvaraje ,  Julien Carreno ,  Lee G. Rosenbaum

IPC: G06F21/57 ,  G06F21/53 ,  G06F9/44 ,  H04L9/08 ,  H04L9/14 ,  H04L9/30 ,  G06F21/72 ,  G06F21/79 ,  G06F9/4401

Abstract: In an embodiment, a system on a chip includes: a single core to execute a legacy instruction set, the single core configured to enter a system management mode (SMM) to provide a trusted execution environment to perform at least one secure operation; and a memory controller coupled to the single core, the memory controller to interface with a system memory, where a portion of the system memory comprises a secure memory for the SMM, and the single core is to authenticate and execute a boot firmware, and pass control to the SMM to obtain a key pair from a protected storage and store the key pair in the secure memory. Other embodiments are described and claimed.

公开(公告)号：US09330027B2

公开(公告)日：2016-05-03

申请号：US13834107

申请日：2013-03-15

Applicant: Intel Corporation

Inventor： Julien Carreno ,  Derek Harnett ,  Gordon J. Walsh

IPC: G06F12/14 ,  G06F21/57

CPC classification number: G06F12/1483 ,  G06F21/57

Abstract: A system employs a white list of authorized transactions to control access to system registers. In an embodiment, the white list is loaded into filter registers during system boot. Routing logic monitors a logical interconnect fabric of the system for register access requests. The routing logic parses source, destination information from a request to index the white list. If the white list includes an entry corresponding to the processing entity indicated in the source information and the register indicated in the destination information, the routing logic will permit the requested access.

Abstract translation: 系统采用授权交易的白名单来控制对系统寄存器的访问。 在一个实施例中，白名单在系统引导期间被加载到过滤器寄存器中。 路由逻辑监视系统的逻辑互连结构，用于注册访问请求。 路由逻辑从请求中分析源，目标信息以索引白名单。 如果白名单包括与在源信息中指示的处理实体相对应的条目和在目的地信息中指示的寄存器，路由逻辑将允许所请求的访问。

公开(公告)号：US20140281321A1

公开(公告)日：2014-09-18

申请号：US13834107

申请日：2013-03-15

Applicant: Intel Corporation

Inventor： Julien Carreno ,  Derek Harnett ,  Gordon J. Walsh

IPC: G06F12/14

CPC classification number: G06F12/1483 ,  G06F21/57

Abstract: A system employs a white list of authorized transactions to control access to system registers. In an embodiment, the white list is loaded into filter registers during system boot. Routing logic monitors a logical interconnect fabric of the system for register access requests. The routing logic parses source, destination information from a request to index the white list. If the white list includes an entry corresponding to the processing entity indicated in the source information and the register indicated in the destination information, the routing logic will permit the requested access.

Abstract translation: 系统采用授权交易的白名单来控制对系统寄存器的访问。 在一个实施例中，白名单在系统引导期间被加载到过滤器寄存器中。 路由逻辑监视系统的逻辑互连结构，用于注册访问请求。 路由逻辑从请求中分析源，目标信息以索引白名单。 如果白名单包括与在源信息中指示的处理实体相对应的条目和在目的地信息中指示的寄存器，路由逻辑将允许所请求的访问。

公开(公告)号：US20220222340A1

公开(公告)日：2022-07-14

申请号：US17711883

申请日：2022-04-01

Applicant: Intel Corporation

Inventor： Vidhya Krishnan ,  Ankur Shah ,  Bryan White ,  Daniel Nemiroff ,  David Puffer ,  Julien Carreno ,  Scott Janus ,  Ravi Sahita ,  Hema Nalluri ,  Utkarsh Y. Kakaiya

IPC: G06F21/55 ,  G06F21/54 ,  G06F21/60 ,  G06F9/50

Abstract: Security and support for trust domain operation is described. An example of a method includes processing, at an accelerator, one or more compute workloads received from a host system; upon receiving a notification that a trust domain has transitioned to a secure state, transition an original set of privileges for the accelerator to a downgraded set of privileges; upon receiving a command from the host system for the trust domain, processing the command in accordance with the trust domain; and upon receiving a request from the host system to access a register, for a register included in an allowed list of registers for access, allow access to the register, and, for a register that is not within the allowed list of registers for access, disallowing access to the register.

公开(公告)号：US20220138286A1

公开(公告)日：2022-05-05

申请号：US17133336

申请日：2020-12-23

Applicant: Intel Corporation

Inventor： David Zage ,  Scott Janus ,  Ned M. Smith ,  Vidhya Krishnan ,  Siddhartha Chhabra ,  Rajesh Poornachandran ,  Tomer Levy ,  Julien Carreno ,  Ankur Shah ,  Ronald Silvas ,  Aravindh Anantaraman ,  David Puffer ,  Vedvyas Shanbhogue ,  David Cowperthwaite ,  Aditya Navale ,  Omer Ben-Shalom ,  Alex Nayshtut ,  Xiaoyu Ruan

IPC: G06F21/10 ,  G06F21/60 ,  G06T1/20 ,  G06F9/455

Abstract: Systems, apparatuses and methods may provide for encryption based technology. Data may be encrypted locally with a graphics processor with encryption engines. The graphics processor components may be verified with a root-of-trust and based on collection of claims. The graphics processor may further be able to modify encrypted data from a non-pageable format to a pageable format. The graphics processor may further process data associated with a virtual machine based on a key that is known by the virtual machine and the graphics processor.

公开(公告)号：US20180173644A1

公开(公告)日：2018-06-21

申请号：US15384267

申请日：2016-12-19

Applicant: Intel Corporation

Inventor： Patrick Koeberl ,  Steffen Schulz ,  Vedvyas Shanbhogue ,  Jason W. Brandt ,  Venkateswara R. Madduri ,  Sang W. Kim ,  Julien Carreno

IPC: G06F12/14 ,  G06F3/06 ,  G06F9/44 ,  G06F21/57

Abstract: Methods and apparatus relating to lightweight trusted tasks are disclosed. In one embodiment, a processor includes a memory interface to a memory to store code, data, and stack segments for a lightweight-trusted task (LTT) mode task and for another task, a LTT control and status register including a lock bit, a processor core to enable LTT-mode, configure the LTT-mode task, and lock down the configuration by writing the lock bit, and a memory protection circuit to: receive a memory access request from the memory interface, the memory access request being associated with the other task, determine whether the memory access request is attempting to access a protected memory region of the LTT-mode task, and protect against the memory access request accessing the protected memory region of the LTT-mode task, regardless of a privilege level of the other task, and regardless of whether the other task is also a LTT-mode task.

公开(公告)号：US20170180131A1

公开(公告)日：2017-06-22

申请号：US14971370

申请日：2015-12-16

Applicant: Intel Corporation

Inventor： Santosh Ghosh ,  Manoj R. Sastry ,  Solmaz Ghaznavi ,  Julien Carreno ,  Padraig J. Kearney

IPC: H04L9/32 ,  H04L9/06 ,  H04L29/06

CPC classification number: H04L9/3239 ,  G06F21/75 ,  G06F21/85 ,  G09C1/00 ,  H04L9/0643 ,  H04L63/061 ,  H04L63/123 ,  H04L2209/26

Abstract: System and techniques for secure unlock to access debug hardware are described herein. A cryptographic key may be received at a hardware debug access port of a device. A digest may be computed from the cryptographic key at an unlock unit of the device. A fuse value may be received from a non-volatile read-only storage on the device. The digest and the fuse value may be compared to determine whether they are the same. A pass-fail pulse may be provided that indicates the result of the comparing.

公开(公告)号：US20170140153A1

公开(公告)日：2017-05-18

申请号：US15421539

申请日：2017-02-01

Applicant: Intel Corporation

Inventor： Vincent J. Zimmer ,  Peter J. Barry ,  Rajesh Poornachandran ,  Arjan Van De Ven ,  Peter A. Dice ,  Gopinatth Selvaraje ,  Julien Carreno ,  Lee G. Rosenbaum

IPC: G06F21/57 ,  G06F9/44 ,  H04L9/30 ,  G06F21/53 ,  H04L9/08 ,  H04L9/14

CPC classification number: G06F21/575 ,  G06F9/4406 ,  G06F21/53 ,  G06F21/72 ,  G06F21/79 ,  G06F2221/033 ,  G06F2221/2107 ,  G06F2221/2111 ,  H04L9/0861 ,  H04L9/0894 ,  H04L9/14 ,  H04L9/302 ,  H04L2209/60

Abstract: In an embodiment, a system on a chip includes: a single core to execute a legacy instruction set, the single core configured to enter a system management mode (SMM) to provide a trusted execution environment to perform at least one secure operation; and a memory controller coupled to the single core, the memory controller to interface with a system memory, where a portion of the system memory comprises a secure memory for the SMM, and the single core is to authenticate and execute a boot firmware, and pass control to the SMM to obtain a key pair from a protected storage and store the key pair in the secure memory. Other embodiments are described and claimed.