OBJECT ORIENTED MARSHALING SCHEME FOR CALLS TO A SECURE REGION
    1.
    发明申请
    OBJECT ORIENTED MARSHALING SCHEME FOR CALLS TO A SECURE REGION 有权
    面向目标的MARSHALING计划到安全地区

    公开(公告)号:US20150278528A1

    公开(公告)日:2015-10-01

    申请号:US14227411

    申请日:2014-03-27

    申请人: Intel Corporation

    IPC分类号: G06F21/60

    CPC分类号: G06F21/60 G06F21/53

    摘要: A system is disclosed and includes a processor to automatically execute enclave initialization code within a host application at run time of the host application. The enclave initialization code includes marshaling code to create a secure enclave separate from the host application. The marshaling code is generated at build time of the host application. The system also includes a dynamic random access memory (DRAM) including a dedicated DRAM portion to store the secure enclave. Other embodiments are described and claimed.

    摘要翻译: 公开了一种系统,并且包括处理器,用于在主机应用的运行时间内在主机应用内自动执行飞地初始化代码。 飞地初始化代码包括编组代码,以创建与主机应用程序分开的安全飞地。 编组代码是在主机应用程序的构建时生成的。 该系统还包括动态随机存取存储器(DRAM),其包括用于存储安全飞地的专用DRAM部分。 描述和要求保护其他实施例。

    Application execution enclave memory page cache management method and apparatus

    公开(公告)号:US10416890B2

    公开(公告)日:2019-09-17

    申请号:US14849222

    申请日:2015-09-09

    申请人: Intel Corporation

    摘要: Apparatuses, methods and storage medium associated with application execution enclave cache management, are disclosed herein. In embodiments, an apparatus may include one or more processors with supports for application execution enclaves; cache memory coupled with the one or more processors to be organized into a plurality of cache pages; and an exception handler to be operated by the one or more processors to handle cache page fault exceptions, wherein to handle cache page fault exceptions includes to handle a cache page fault triggered to request additional allocation of one or more cache pages to an execution enclave of an application. Other embodiments may be described and/or claimed.

    SUPPORTING FAULT INFORMATION DELIVERY
    5.
    发明申请
    SUPPORTING FAULT INFORMATION DELIVERY 有权
    支持故障信息交付

    公开(公告)号:US20160378664A1

    公开(公告)日:2016-12-29

    申请号:US14752109

    申请日:2015-06-26

    申请人: Intel Corporation

    IPC分类号: G06F12/08

    摘要: A processor implementing techniques to supporting fault information delivery is disclosed. In one embodiment, the processor includes a memory controller unit to access an enclave page cache (EPC) and a processor core coupled to the memory controller unit. The processor core to detect a fault associated with accessing the EPC and generate an error code associated with the fault. The error code reflects an EPC-related fault cause. The processor core is further to encode the error code into a data structure associated with the processor core. The data structure is for monitoring a hardware state related to the processor core.

    摘要翻译: 公开了一种实现技术支持故障信息传递的处理器。 在一个实施例中,处理器包括存储器控制器单元,用于访问耦合到存储器控制器单元的飞地页面缓存(EPC)和处理器核心。 处理器核心,用于检测与访问EPC相关的故障并生成与故障相关的错误代码。 错误代码反映了与EPC相关的故障原因。 处理器核心还将错误代码编码成与处理器核心相关联的数据结构。 数据结构用于监视与处理器核心相关的硬件状态。

    APPLICATION EXECUTION ENCLAVE MEMORY PAGE CACHE MANAGEMENT METHOD AND APPARATUS
    8.
    发明申请
    APPLICATION EXECUTION ENCLAVE MEMORY PAGE CACHE MANAGEMENT METHOD AND APPARATUS 有权
    应用程序执行内容存储页缓存管理方法和设备

    公开(公告)号:US20170068455A1

    公开(公告)日:2017-03-09

    申请号:US14849222

    申请日:2015-09-09

    申请人: Intel Corporation

    IPC分类号: G06F3/06 G06F12/08

    摘要: Apparatuses, methods and storage medium associated with application execution enclave cache management, are disclosed herein. In embodiments, an apparatus may include one or more processors with supports for application execution enclaves; cache memory coupled with the one or more processors to be organized into a plurality of cache pages; and an exception handler to be operated by the one or more processors to handle cache page fault exceptions, wherein to handle cache page fault exceptions includes to handle a cache page fault triggered to request additional allocation of one or more cache pages to an execution enclave of an application. Other embodiments may be described and/or claimed.

    摘要翻译: 本文公开了与应用执行包层缓存管理相关联的设备,方法和存储介质。 在实施例中,设备可以包括具有用于应用执行包层的支持的一个或多个处理器; 与所述一个或多个处理器耦合的高速缓冲存储器将被组织成多个高速缓存页面; 以及由所述一个或多个处理器操作以处理高速缓存页错误异常的异常处理程序,其中处理高速缓存页错误异常包括处理触发的高速缓存页错误以请求对一个或多个高速缓存页的附加分配到执行空间 一个应用程序。 可以描述和/或要求保护其他实施例。

    Technologies for dynamic loading of integrity protected modules into secure enclaves

    公开(公告)号:US10511598B2

    公开(公告)日:2019-12-17

    申请号:US15083988

    申请日:2016-03-29

    申请人: Intel Corporation

    摘要: Technologies for dynamic loading of integrity protected modules into a secure enclave include a computing device having a processor with secure enclave support. The computing device divides an executable image into multiple chunks, hashes each of the chunks with corresponding attributes that affect security to generate a corresponding hash value, and generates a hash tree as a function of the hash values. The computing device generates an initial secure enclave memory image that includes the root value of the hash tree. At runtime, the computing device accesses a chunk of the executable image from within the secure enclave, which generates a page fault. In response to the page fault, the secure enclave verifies the associated chunk based on the hash tree and accepts the chunk into the secure enclave in response to successful verification. The root value of the hash tree is integrity-protected. Other embodiments are described and claimed.