公开(公告)号：US11784786B2

公开(公告)日：2023-10-10

申请号：US17214222

申请日：2021-03-26

Applicant: Intel Corporation

Inventor： Sergej Deutsch ,  David M. Durham ,  Karanvir S. Grewal ,  Michael D. LeMay ,  Michael E. Kounavis

IPC: G06F9/50 ,  G06F12/121 ,  G06F12/14 ,  H04L9/06 ,  H04L9/08 ,  H04L9/32

CPC classification number: H04L9/0618 ,  G06F9/5016 ,  G06F12/121 ,  G06F12/1408 ,  G06F12/1441 ,  G06F12/1458 ,  G06F2212/7207

Abstract: Technologies disclosed herein provide one example of a processor that includes a register to store a first encoded pointer for a first memory allocation for an application and circuitry coupled to memory. Size metadata is stored in first bits of the first encoded pointer and first memory address data associated with the first memory allocation is stored in second bits of the first encoded pointer. The circuitry is configured to determine a first memory address of a first marker region in the first memory allocation, obtain current data from the first marker region at the first memory address, compare the current data to a reference marker stored separately from the first memory allocation, and determine that the first memory allocation is in a first state in response to a determination that the current data corresponds to the reference marker.

公开(公告)号：US20220318158A1

公开(公告)日：2022-10-06

申请号：US17839877

申请日：2022-06-14

Applicant: Intel Corporation

Inventor： David M. Durham ,  Michael D. LeMay

IPC: G06F12/1009 ,  G06F12/1045 ,  G06F12/02 ,  G06F12/14

Abstract: Techniques for memory tagging are disclosed. In the illustrative embodiment, 16 bits of a virtual memory address are used as memory tag bits. In a page table entry corresponding to the virtual memory address, page tag bits indicate which of the 16 bits of the virtual memory address are to be sent to the memory as memory tag bits when a memory operation is requested on the virtual memory address. The memory can then compare the memory tag bits sent with the physical memory address to memory tag bits stored on the memory that correspond to the physical memory address. If the memory tag bits match, then the operation is allowed to proceed.

公开(公告)号：US11940927B2

公开(公告)日：2024-03-26

申请号：US17839877

申请日：2022-06-14

Applicant: Intel Corporation

Inventor： David M. Durham ,  Michael D. LeMay

IPC: G06F12/00 ,  G06F12/02 ,  G06F12/1009 ,  G06F12/1045 ,  G06F12/14

CPC classification number: G06F12/1009 ,  G06F12/0238 ,  G06F12/1063 ,  G06F12/1408

Abstract: Techniques for memory tagging are disclosed. In the illustrative embodiment, 16 bits of a virtual memory address are used as memory tag bits. In a page table entry corresponding to the virtual memory address, page tag bits indicate which of the 16 bits of the virtual memory address are to be sent to the memory as memory tag bits when a memory operation is requested on the virtual memory address. The memory can then compare the memory tag bits sent with the physical memory address to memory tag bits stored on the memory that correspond to the physical memory address. If the memory tag bits match, then the operation is allowed to proceed.

公开(公告)号：US20220206958A1

公开(公告)日：2022-06-30

申请号：US17481405

申请日：2021-09-22

Applicant: Intel Corporation

Inventor： Michael D. LeMay ,  David M. Durham ,  Anjo Lucas Vahldiek-Oberwagner ,  Anna Trikalinou

IPC: G06F12/14 ,  G06F12/1027

Abstract: An apparatus comprising a processor unit comprising circuitry to generate, for a first network host, a request for an object of a second network host, wherein the request comprises an address comprising a routable host ID of the second network host and an at least partially encrypted object ID, wherein the address uniquely identifies the object within a distributed computing domain; and a memory element to store at least a portion of the object.

公开(公告)号：US20210405896A1

公开(公告)日：2021-12-30

申请号：US17472272

申请日：2021-09-10

Applicant: Intel Corporation

Inventor： David M. Durham ,  Michael D. LeMay ,  Sergej Deutsch ,  Joydeep Rakshit ,  Anant Vithal Nori ,  Jayesh Gaur ,  Sreenivas Subramoney

IPC: G06F3/06 ,  G06F12/1027 ,  G06F12/02

Abstract: Technologies disclosed herein provide one example of a system that includes processor circuitry to be communicatively coupled to a memory circuitry. The processor circuitry is to receive a memory access request corresponding to an application for access to an address range in a memory allocation of the memory circuitry and to locate a metadata region within the memory allocation. The processor circuitry is also to, in response to a determination that the address range includes at least a portion of the metadata region, obtain first metadata stored in the metadata region, use the first metadata to determine an alternate memory address in a relocation region, and read, at the alternate memory address, displaced data from the portion of the metadata region included in the address range of the memory allocation. The address range includes one or more bytes of an expected allocation region of the memory allocation.

公开(公告)号：US12019562B2

公开(公告)日：2024-06-25

申请号：US17481405

申请日：2021-09-22

Applicant: Intel Corporation

Inventor： Michael D. LeMay ,  David M. Durham ,  Anjo Lucas Vahldiek-Oberwagner ,  Anna Trikalinou

IPC: G06F12/14 ,  G06F12/1027

CPC classification number: G06F12/1408 ,  G06F12/1027 ,  G06F12/1441 ,  G06F12/1466

Abstract: An apparatus comprising a processor unit comprising circuitry to generate, for a first network host, a request for an object of a second network host, wherein the request comprises an address comprising a routable host ID of the second network host and an at least partially encrypted object ID, wherein the address uniquely identifies the object within a distributed computing domain; and a memory element to store at least a portion of the object.

公开(公告)号：US11972126B2

公开(公告)日：2024-04-30

申请号：US17472272

申请日：2021-09-10

Applicant: Intel Corporation

Inventor： David M. Durham ,  Michael D. LeMay ,  Sergej Deutsch ,  Joydeep Rakshit ,  Anant Vithal Nori ,  Jayesh Gaur ,  Sreenivas Subramoney

IPC: G06F3/06 ,  G06F12/02 ,  G06F12/1027

CPC classification number: G06F3/0631 ,  G06F3/0604 ,  G06F3/0659 ,  G06F3/0679 ,  G06F12/0238 ,  G06F12/1027

Abstract: Technologies disclosed herein provide one example of a system that includes processor circuitry to be communicatively coupled to a memory circuitry. The processor circuitry is to receive a memory access request corresponding to an application for access to an address range in a memory allocation of the memory circuitry and to locate a metadata region within the memory allocation. The processor circuitry is also to, in response to a determination that the address range includes at least a portion of the metadata region, obtain first metadata stored in the metadata region, use the first metadata to determine an alternate memory address in a relocation region, and read, at the alternate memory address, displaced data from the portion of the metadata region included in the address range of the memory allocation. The address range includes one or more bytes of an expected allocation region of the memory allocation.

公开(公告)号：US11669625B2

公开(公告)日：2023-06-06

申请号：US17134405

申请日：2020-12-26

Applicant: Intel Corporation

Inventor： David M. Durham ,  Karanvir S. Grewal ,  Michael D. LeMay ,  Salmin Sultana

IPC: G06F21/60 ,  G06F21/79 ,  G06F9/50 ,  G06F9/30 ,  G06F21/54

CPC classification number: G06F21/602 ,  G06F9/30101 ,  G06F9/30145 ,  G06F9/5016 ,  G06F21/54 ,  G06F21/79

Abstract: A processor includes a register to store an encoded pointer to a memory location in memory and the encoded pointer is to include an encrypted portion. The processor further includes circuitry to determine a first data encryption factor based on a first data access instruction, decode the encoded pointer to obtain a memory address of the memory location, use the memory address to access an encrypted first data element, and decrypt the encrypted first data element using a cryptographic algorithm with first inputs to generate a decrypted first data element. The first inputs include the first data encryption factor based on the first data access instruction and a second data encryption factor from the encoded pointer.

公开(公告)号：US11580035B2

公开(公告)日：2023-02-14

申请号：US17134406

申请日：2020-12-26

Applicant: Intel Corporation

Inventor： David M. Durham ,  Karanvir S. Grewal ,  Michael D. LeMay ,  Salmin Sultana ,  Andrew James Weiler

IPC: G06F12/14 ,  G06F9/30 ,  G06F9/50

Abstract: A processor includes a register to store an encoded pointer to a variable in stack memory. The encoded pointer includes an encrypted portion and a fixed plaintext portion of a memory address corresponding to the variable. The processor further includes circuitry to, in response to a memory access request for associated with the variable, decrypt the encrypted portion of the encoded pointer to obtain first upper address bits of the memory address and a memory allocation size for a variable, decode the encoded pointer to obtain the memory address, verify the memory address is valid based, at least in part on the memory allocation size, and in response to determining that the memory address is valid, allow the memory access request.

公开(公告)号：US20230027329A1

公开(公告)日：2023-01-26

申请号：US17791000

申请日：2020-12-26

Applicant: Intel Corporation

Inventor： David M. Durham ,  Michael D. LeMay ,  Salmin Sultana ,  Karanvir S. Grewal ,  Michael E. Kounavis ,  Sergej Deutsch ,  Andrew James Weiler ,  Abhishek Basak ,  Dan Baum ,  Santosh Ghosh

IPC: G06F21/60 ,  G06F21/79 ,  G06F21/54

Abstract: A processor, a system, a machine readable medium, and a method. The processor comprises first circuitry to: encrypt a first code image using a first code key; load the encrypted first code image into a memory area allocated in memory for the first code image by an operating system miming on the processor; and send to the operating system a substitute key that corresponds to the first code key, wherein the first code key is concealed from the operating system; and an instruction cache including control circuitry; and second circuitry coupled to the instruction cache, the second circuitry to: receive the substitute key from the operating system; in response to a first request from the operating system to execute the first code image to instantiate a first process, perform a first cryptographic function using a hardware key to generate the first code key from the substitute key; and program the control circuitry of the instruction cache with the first code key to enable the first code image to be decrypted using the first code key.