公开(公告)号：US20160197720A1

公开(公告)日：2016-07-07

申请号：US14872556

申请日：2015-10-01

Applicant: Intel Corporation

Inventor： SHAY GUERON ,  WAJDI K FEGHALI ,  VINODH GOPAL ,  RAGHUNANDAN MAKARAM ,  MARTIN G DIXON ,  SRINIVAS CHENNUPATY ,  MICHAEL KOUNAVIS

IPC: H04L9/06 ,  G06F9/38 ,  G06F9/30

Abstract: A flexible aes instruction set for a general purpose processor is provided. The instruction set includes instructions to perform a “one round” pass for aes encryption or decryption and also includes instructions to perform key generation. An immediate may be used to indicate round number and key size for key generation for 128/192/256 bit keys. The flexible aes instruction set enables full use of pipelining capabilities because it does not require tracking of implicit registers.

公开(公告)号：US20210089388A1

公开(公告)日：2021-03-25

申请号：US17111905

申请日：2020-12-04

Applicant: Intel Corporation

Inventor： RAGHUNANDAN MAKARAM ,  KIRK S. YAP

IPC: G06F11/10 ,  H04L9/32 ,  H04L29/06

Abstract: In one embodiment, an apparatus includes: an integrity circuit to receive data and generate a protection code based at least in part on the data; a cryptographic circuit coupled to the integrity circuit to encrypt the data into encrypted data and encrypt the protection code into an encrypted protection code; a message authentication code (MAC) circuit coupled to the cryptographic circuit to compute a MAC comprising a tag using header information, the encrypted data, and the encrypted protection code; and an output circuit to send the header information, the encrypted data, and the tag to a receiver via a link. Other embodiments are described and claimed.

公开(公告)号：US20160275018A1

公开(公告)日：2016-09-22

申请号：US14661044

申请日：2015-03-18

Applicant: Intel Corporation

Inventor： SIDDHARTHA CHHABRA ,  RAGHUNANDAN MAKARAM ,  JIM MCCORMICK ,  BINATA BHATTACHARYYA

IPC: G06F12/14 ,  G06F12/08

CPC classification number: G06F21/79

Abstract: This disclosure is directed to cache and data organization for memory protection. Memory protection operations in a device may be expedited by organizing cache and/or data structure while providing memory protection for encrypted data. An example device may comprise processing module and a memory module. The processing module may include a memory encryption engine (MEE) to decrypt encrypted data loaded from the memory module, or to encrypt plaintext data prior to storage in the memory module, using security metadata also stored in the memory module. Example security metadata may include version (VER) data, memory authentication code (MAC) data and counter data. Consistent with the present disclosure, a cache associated with the MEE may be partitioned to separate the VER and MAC data from counter data. Data organization may comprise including the VER and MAC data corresponding to particular data in the same data line.

Abstract translation: 本公开涉及用于存储器保护的缓存和数据组织。 可以通过组织高速缓存和/或数据结构同时为加密的数据提供存储器保护来加速设备中的存储器保护操作。 示例设备可以包括处理模块和存储器模块。 处理模块可以包括用于解密从存储器模块加载的加密数据的存储器加密引擎（MEE），或者使用也存储在存储器模块中的安全元数据，在存储在存储器模块中之前加密明文数据。 示例安全元数据可以包括版本（VER）数据，存储器认证码（MAC）数据和计数器数据。 与本公开一致，可以将与MEE相关联的缓存分区以将VER和MAC数据与计数器数据分离。 数据组织可以包括在相同数据线中包括对应于特定数据的VER和MAC数据。

公开(公告)号：US20230098288A1

公开(公告)日：2023-03-30

申请号：US17485421

申请日：2021-09-25

Applicant: Intel Corporation

Inventor： Vedvyas SHANBHOGUE ,  Ravi SAHITA ,  Utkarsh Y i wil ,  ABHISHEK BASAK ,  LEE ALBION ,  FILIP SCHMOLE ,  RUPIN VAKHARWALA ,  VINIT M ABRAHAM ,  RAGHUNANDAN MAKARAM

IPC: G06F21/54 ,  G06F9/455 ,  G06F21/56 ,  G06F13/40

Abstract: Apparatus and method for role-based register protection. For example, one embodiment of an apparatus comprises: one or more processor cores to execute instructions and process data, the one or more processor cores to execute one or more security instructions to protect a virtual machine or trusted application from a virtual machine monitor (VMM) or operating system (OS); an interconnect fabric to couple the one or more processor cores to a device; and security hardware logic to determine whether to allow a read or write transaction directed to a protected register to proceed over the interconnect fabric, the security hardware logic to evaluate one or more security attributes associated with an initiator of the transaction to make the determination.

公开(公告)号：US20160328335A1

公开(公告)日：2016-11-10

申请号：US14703420

申请日：2015-05-04

Applicant: Intel Corporation

Inventor： BINATA BHATTACHARYYA ,  AMY L. SANTONI ,  RAGHUNANDAN MAKARAM ,  FRANCIS X. MCKEEN ,  SIMON P. JOHNSON ,  GEORGE Z. CHRYSOS ,  SIDDHARTHA CHHABRA

IPC: G06F12/14 ,  H04L9/08

CPC classification number: H04L9/3242 ,  H04L9/0637 ,  H04L2209/12

Abstract: Systems and methods for memory protection for implementing trusted execution environment. An example processing system comprises: an on-package memory; a memory encryption engine (MEE) comprising a MEE cache, the MEE to: responsive to failing to locate, within the MEE cache, an encryption metadata associated with a data item loaded from an external memory, retrieve at least part of the encryption metadata from the OPM, and validate the data item using the encryption metadata.

Abstract translation: 用于实现可信执行环境的内存保护的系统和方法。 一个示例性处理系统包括：一个包装内存储器; 包括MEE缓存的存储器加密引擎（MEE），所述MEE响应于在所述MEE缓存内未能定位与从外部存储器加载的数据项相关联的加密元数据，从所述MEE缓存中检索至少部分所述加密元数据 OPM，并使用加密元数据验证数据项。