公开(公告)号：US20210064546A1

公开(公告)日：2021-03-04

申请号：US16454481

申请日：2019-06-27

Applicant: Intel Corporation

Inventor： Krystof C. Zmudzinski ,  Simon P. Johnson ,  Raghunandan Makaram ,  Francis X. McKeen ,  Carlos V. Rozas ,  Meltem Ozsoy ,  Ilya Alexandrovich ,  Siddhartha Chhabra

IPC: G06F12/14 ,  G06F12/1045 ,  G06F12/0882 ,  G06F12/0891 ,  G06F12/0871 ,  G06F9/4401 ,  G06F11/07 ,  G06F11/30

Abstract: A processor includes a cryptographic engine to control access, using an secure region key identifier (ID), to one or more memory range of memory allocable for flexible conversion to secure pages of architecturally-protected memory regions, and a processor core. The processor core is to, responsive to receipt of a request to access the memory, perform a walk of page tables and extended page tables to translate a linear address of the request to a physical address of the memory. The processor core is further to determine that the physical address corresponds to an secure page within the one or more memory range of the memory, that a first key ID located within the physical address does not match the secure region key ID, and issue a page fault and deny access to the secure page in the memory.

公开(公告)号：US20200233807A1

公开(公告)日：2020-07-23

申请号：US16838418

申请日：2020-04-02

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Krystof C. Zmudzinski ,  Carlos V. Rozas ,  Francis X. McKeen ,  Raghunandan Makaram ,  Ilya Alexandrovich ,  Ittai Anati ,  Meltem Ozsoy

IPC: G06F12/0862 ,  G06F12/1009 ,  G06F12/14 ,  G06F12/1027 ,  G06F12/0846

Abstract: Secure memory repartitioning technologies are described. Embodiments of the disclosure may include a processing device including a processor core and a memory controller coupled between the processor core and a memory device. The memory device includes a memory range including a section of convertible pages that are convertible to secure pages or non-secure pages. The processor core is to receive a non-secure access request to a page in the memory device, responsive to a determination, based on one or more secure state bits in one or more secure state bit arrays, that the page is a secure page, insert an abort page address into a translation lookaside buffer, and responsive to a determination, based on the one or more secure state bits in the one or more secure state bit arrays, that the page is a non-secure page, insert the page into the translation lookaside buffer.

公开(公告)号：US20190102324A1

公开(公告)日：2019-04-04

申请号：US15721631

申请日：2017-09-29

Applicant: Intel Corporation

Inventor： Meltem Ozsoy ,  Krystof C. Zmudzinski ,  Larisa Novakovsky ,  Julius Mandelblat ,  Francis X. McKeen ,  Carlos V. Rozas ,  Ittai Anati ,  Ilya Alexandrovich

IPC: G06F12/14 ,  G06F12/0846 ,  G06F12/128 ,  G06F12/0831 ,  G06F12/0806 ,  G06F12/1027 ,  G06F12/0888 ,  G06F12/1009

Abstract: Cache behavior for secure memory repartitioning systems is described. Implementations may include a processing core and a memory controller coupled between the processor core and a memory device. The processor core is to receive a memory access request to a page in the memory device, the memory access request comprising a first guarded attribute (GA) indicator indicating whether the page is a secure page belonging to an enclave, determine whether the first GA indicator matches a second GA indicator in a cache line entry corresponding to the page, the cache line entry comprised in a cache, and responsive to a determination that the first GA indicator does not match the second GA indicator, apply an eviction policy to the cache line entry based on whether the cache line is indicated as a dirty cache line and accessing second data in the memory device for the page.

公开(公告)号：US11204874B2

公开(公告)日：2021-12-21

申请号：US16838418

申请日：2020-04-02

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Krystof C. Zmudzinski ,  Carlos V. Rozas ,  Francis X. McKeen ,  Raghunandan Makaram ,  Ilya Alexandrovich ,  Ittai Anati ,  Meltem Ozsoy

IPC: G06F12/0862 ,  G06F12/0846 ,  G06F12/1027 ,  G06F12/14 ,  G06F12/1009

Abstract: Secure memory repartitioning technologies are described. Embodiments of the disclosure may include a processing device including a processor core and a memory controller coupled between the processor core and a memory device. The memory device includes a memory range including a section of convertible pages that are convertible to secure pages or non-secure pages. The processor core is to receive a non-secure access request to a page in the memory device, responsive to a determination, based on one or more secure state bits in one or more secure state bit arrays, that the page is a secure page, insert an abort page address into a translation lookaside buffer, and responsive to a determination, based on the one or more secure state bits in the one or more secure state bit arrays, that the page is a non-secure page, insert the page into the translation lookaside buffer.

公开(公告)号：US11030120B2

公开(公告)日：2021-06-08

申请号：US16454481

申请日：2019-06-27

Applicant: Intel Corporation

Inventor： Krystof C. Zmudzinski ,  Simon P. Johnson ,  Raghunandan Makaram ,  Francis X. McKeen ,  Carlos V. Rozas ,  Meltem Ozsoy ,  Ilya Alexandrovich ,  Siddhartha Chhabra

IPC: G06F12/14 ,  G06F12/1045 ,  G06F12/0882 ,  G06F11/30 ,  G06F12/0871 ,  G06F9/4401 ,  G06F11/07 ,  G06F12/0891

Abstract: A processor includes a cryptographic engine to control access, using an secure region key identifier (ID), to one or more memory range of memory allocable for flexible conversion to secure pages of architecturally-protected memory regions, and a processor core. The processor core is to, responsive to receipt of a request to access the memory, perform a walk of page tables and extended page tables to translate a linear address of the request to a physical address of the memory. The processor core is further to determine that the physical address corresponds to an secure page within the one or more memory range of the memory, that a first key ID located within the physical address does not match the secure region key ID, and issue a page fault and deny access to the secure page in the memory.

公开(公告)号：US10922088B2

公开(公告)日：2021-02-16

申请号：US16024733

申请日：2018-06-29

Applicant: Intel Corporation

Inventor： Fangfei Liu ,  Bin Xing ,  Michael Steiner ,  Mona Vij ,  Carlos Rozas ,  Francis McKeen ,  Meltem Ozsoy ,  Matthew Fernandez ,  Krystof Zmudzinski ,  Mark Shanahan

IPC: G06F9/38 ,  G06F9/30 ,  G06F21/55

Abstract: Detailed herein are systems, apparatuses, and methods for a computer architecture with instruction set support to mitigate against page fault- and/or cache-based side-channel attacks. In an embodiment, an apparatus includes a decoder to decode a first instruction, the first instruction having a first field for a first opcode that indicates that execution circuitry is to set a first flag in a first register that indicates a mode of operation that redirects program flow to an exception handler upon the occurrence of an event. The apparatus further includes execution circuitry to execute the decoded first instruction to set the first flag in the first register that indicates the mode of operation and to store an address of an exception handler in a second register.

公开(公告)号：US11797309B2

公开(公告)日：2023-10-24

申请号：US16728722

申请日：2019-12-27

Applicant: Intel Corporation

Inventor： Carlos Rozas ,  Francis McKeen ,  Pasquale Cocchini ,  Meltem Ozsoy ,  Matthew Fernandez

IPC: G06F9/38 ,  G06F9/50 ,  G06F9/30

CPC classification number: G06F9/3844 ,  G06F9/30145 ,  G06F9/3804 ,  G06F9/5011

Abstract: An apparatus and method for tracking speculative execution flow and detecting potential vulnerabilities. For example, one embodiment of a processor comprises: an instruction fetcher to fetch instructions from a cache or system memory; a branch predictor to speculate a first instruction path to be taken comprising a first sequence of instructions; a decoder to decode the first sequence of instructions; execution circuitry to execute the first sequence of instructions and process data associated with the instruction to generate results; information flow tracking circuitry and/or logic to: assign labels to all or a plurality of instructions in the first sequence of instructions, track resource usage of the plurality of instructions using the labels, merge sets of labels to remove redundancies; and responsive to detecting that the first instruction path was mis-predicted, generating one or more summaries comprising resources affected by one or more of the first sequence of instructions; and recycling labels responsive to retirement of instructions associated with the labels.

公开(公告)号：US10540291B2

公开(公告)日：2020-01-21

申请号：US15592089

申请日：2017-05-10

Applicant: Intel Corporation

Inventor： Krystof C. Zmudzinski ,  Carlos V. Rozas ,  Francis X. McKeen ,  Rebekah M. Leslie-Hurd ,  Meltem Ozsoy ,  Somnath Chakrabarti ,  Mona Vij

IPC: G06F12/1027 ,  G06F12/1009 ,  G06F12/14 ,  G06F9/455

Abstract: Translation lookaside buffer (TLB) tracking and managing technologies are described. A processing device comprises a translation lookaside buffer (TLB) and a processing core to execute a virtual machine monitor (VMM), the VMM to manage a virtual machine (VM) including virtual processors. The processing core to execute, via the VM, a plurality of conversion instructions on at least one of the virtual processors to convert a plurality of non-secure pages to a plurality of secure pages. The processing core also to execute, via the VM, one or more allocation instructions on the at least one of the virtual processors to allocate at least one secure page of the plurality of secure pages, execution of the one or more allocation instructions to include determining whether the TLB is cleared of mappings to the at least one secure page prior to allocating the at least one secure page.

公开(公告)号：US20190095334A1

公开(公告)日：2019-03-28

申请号：US15719023

申请日：2017-09-28

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Krystof C. Zmudzinski ,  Carlos V. Rozas ,  Francis X. McKeen ,  Raghunandan Makaram ,  Ilya Alexandrovich ,  Ittai Anati ,  Meltem Ozsoy

IPC: G06F12/0862 ,  G06F12/0846 ,  G06F12/1027 ,  G06F12/14 ,  G06F12/1009

Abstract: Secure memory repartitioning technologies are described. Embodiments of the disclosure may include a processing device including a processing core and a memory controller coupled between the processor core and a memory device. The memory device includes a memory range including a section of convertible pages that are convertible to secure pages or non-secure pages. The processor core is to receive a non-secure access request to a page in the memory device, responsive to a determination, based on one or more secure state bits in one or more secure state bit arrays, that the page is a secure page, insert an abort page address into a translation lookaside buffer, and responsive to a determination, based on the one or more secure state bits in the one or more secure state bit arrays, that the page is a non-secure page, insert the page into the translation lookaside buffer.

公开(公告)号：US10671542B2

公开(公告)日：2020-06-02

申请号：US15200796

申请日：2016-07-01

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Ittai Anati ,  Francis X. McKeen ,  Krystof C. Zmudzinski ,  Meltem Ozsoy

IPC: G06F12/1009 ,  G06F3/06 ,  G06F12/14

Abstract: Apparatuses, methods and storage medium associated with application execution enclave memory page cache management, are disclosed herein. In embodiments, an apparatus may include a processor with processor supports for application execution enclaves; memory organized into a plurality of host physical memory pages; and a virtual machine monitor to be operated by the processor to manage operation of virtual machines. Management of operation of the virtual machines may include facilitation of mapping of virtual machine-physical memory pages of the virtual machines to the host physical memory pages, including maintenance of an unallocated subset of the host physical memory pages to receive increased security protection for selective allocation to the virtual machines, for virtualization and selective allocation to application execution enclaves of applications of the virtual machines. Other embodiments may be described and/or claimed.