公开(公告)号：US20220012187A1

公开(公告)日：2022-01-13

申请号：US17484252

申请日：2021-09-24

Applicant: Intel Corporation

Inventor： Gustavo K. CONTRERAS MUNOZ ,  Raghunandan MAKARAM ,  George VERGIS

IPC: G06F12/14 ,  G06F21/64 ,  G06F13/42

Abstract: A cryptographic hash based on content of a Sideband Bus Device (SPD) Hub and serial number identifiers for components on a memory module is provided. The cryptographic hash provides the ability to mitigate various supply chain attacks by binding the SPD Hub content to a memory module certificate that is used for authentication. Based on the cryptographic signatures, a certificate is trusted by the platform so the binding of the SPD hub content to the memory module certificate creates a secure way to ensure the components on the memory module have not been tampered with and that the reported attributes of the memory module are correct.

公开(公告)号：US20230400996A1

公开(公告)日：2023-12-14

申请号：US18334262

申请日：2023-06-13

Applicant: Intel Corporation

Inventor： Sergej DEUTSCH ,  David M. DURHAM ,  Karanvir GREWAL ,  Raghunandan MAKARAM ,  Rajat AGARWAL ,  Christoph DOBRAUNIG ,  Krystian MATUSIEWICZ ,  Santosh GHOSH

IPC: G06F3/06

CPC classification number: G06F3/064 ,  G06F3/0619 ,  G06F3/0679

Abstract: Some aspects of the present disclosure relate to an apparatus comprising interface circuitry and processor circuitry to write data bits to a memory, by applying a diffusion function on the data bits to calculate diffused data bits, calculating error correcting code (ECC) bits based on the data bits or based on the diffused data bits, applying a diffusion function on the ECC bits to calculate diffused ECC bits, storing the diffused ECC bits in an ECC portion of the memory, and storing the data bits or the diffused data bits in a data portion of the memory.

公开(公告)号：US20250061203A1

公开(公告)日：2025-02-20

申请号：US18724426

申请日：2022-02-25

Applicant: Intel Corporation

Inventor： Shamanna DATTA ,  Mahesh NATU ,  Jiewen YAO ,  Xiaoyu RUAN ,  Andrew Martyn DRAPER ,  Raghunandan MAKARAM ,  Alberto MUNOZ

IPC: G06F21/57 ,  G06F21/53 ,  G06F21/54

Abstract: A method comprises establishing, in a trusted security manager of a trusted execution environment, a device update pre-authentication policy for a device communicatively coupled to the trusted execution manager, providing the device update pre-authentication policy to the device, receiving, from the device, a pre-authentication event signal, and providing, to the device, a pre-authentication event response comprising an update indicator to indicate to the device whether a runtime update may be performed.

公开(公告)号：US20210336767A1

公开(公告)日：2021-10-28

申请号：US17359152

申请日：2021-06-25

Applicant: Intel Corporation

Inventor： Raghunandan MAKARAM ,  Kirk S. YAP ,  Rajat AGARWAL ,  George VERGIS ,  Bill NALE ,  Jacob DOWECK

IPC: H04L9/06 ,  H04L9/08 ,  H04L9/32 ,  G11C29/42 ,  G11C29/12

Abstract: A memory subsystem includes link encryption for the system memory data bus. The memory controller can provide encryption for data at rest and link protection. The memory controller can optionally provide link encryption. Thus, the system can provide link protection for the data in transit. The memory module can include a link decryption engine that can decrypt link encryption if it is used, and performs a link integrity check with a link integrity tag associated with the link protection. The memory devices can then store the encrypted protected data and ECC data from the link decryption engine after link protection verification.

公开(公告)号：US20250117285A1

公开(公告)日：2025-04-10

申请号：US18974396

申请日：2024-12-09

Applicant: Intel Corporation

Inventor： Raghunandan MAKARAM ,  Kirk S. YAP

IPC: G06F11/10 ,  H04L9/32 ,  H04L69/22

Abstract: In one embodiment, an apparatus includes: an integrity circuit to receive data and generate a protection code based at least in part on the data; a cryptographic circuit coupled to the integrity circuit to encrypt the data into encrypted data and encrypt the protection code into an encrypted protection code; a message authentication code (MAC) circuit coupled to the cryptographic circuit to compute a MAC comprising a tag using header information, the encrypted data, and the encrypted protection code; and an output circuit to send the header information, the encrypted data, and the tag to a receiver via a link. Other embodiments are described and claimed.

公开(公告)号：US20210149704A1

公开(公告)日：2021-05-20

申请号：US17127729

申请日：2020-12-18

Applicant: Intel Corporation

Inventor： Wajdi FEGHALI ,  Vinodh GOPAL ,  Kirk S. YAP ,  Sean GULLEY ,  Raghunandan MAKARAM

IPC: G06F9/455 ,  G06F12/14 ,  H04L9/08

Abstract: Systems, methods, and circuitries are disclosed for a per-process memory encryption system. At least one translation lookaside buffer (TLB) is configured to encode key identifiers for keys in one or more bits of either the virtual memory address or the physical address. The process state memory configured to store a first process key table for a first process that maps key identifiers to unique keys and a second process key table that maps the key identifiers to different unique keys. The active process key table memory configured to store an active key table. In response to a request for data corresponding to a virtual memory address, the at least one TLB is configured to provide a key identifier for the data to the active process key table to cause the active process key table to return the unique key mapped to the key identifier.

公开(公告)号：US20190095357A1

公开(公告)日：2019-03-28

申请号：US15719222

申请日：2017-09-28

Applicant: Intel Corporation

Inventor： Meltem OZSOY ,  Vedvyas SHANBHOGUE ,  Krystof C. ZMUDZINSKI ,  Francis X. MCKEEN ,  Carlos V. ROZAS ,  Ilya ALEXANDROVICH ,  Ittai ANATI ,  Raghunandan MAKARAM ,  Dror CASPI ,  Hisham SHAFI

IPC: G06F12/14 ,  G06F9/44

Abstract: A system includes a processor core and main memory. The processor core is to, in response to execution of a patch-load instruction, retrieve, from a predetermined area of the main memory, memory protection metadata and a memory range of reserved memory, wherein the reserved memory is not flexibly convertible to enclave pages. The processor core is further to retrieve a bit from an architectural control register, wherein a value of the bit is to indicate whether an operating system is capable of management of flexibly-convertible enclave pages. The processor core is further to activate, using the memory protection metadata and one of the first information or the second information, a mode of protected memory management for the processor core in response to the value of the bit in the architectural control register.