LOW OVERHEAD INTEGRITY PROTECTION WITH HIGH AVAILABILITY FOR TRUST DOMAINS

    公开(公告)号:US20220365885A1

    公开(公告)日:2022-11-17

    申请号:US17872805

    申请日:2022-07-25

    申请人: Intel Corporation

    摘要: Techniques are described for providing low-overhead cryptographic memory isolation to mitigate attack vulnerabilities in a multi-user virtualized computing environment. Memory read and memory write operations for target data, each operation initiated via an instruction associated with a particular virtual machine (VM), include the generation and/or validation of a message authentication code that is based at least on a VM-specific cryptographic key and a physical memory address of the target data. Such operations may further include transmitting the generated message authentication code via a plurality of ancillary bits incorporated within a data line that includes the target data. In the event of a validation failure, one or more error codes may be generated and provided to distinct trust domain architecture entities based on an operating mode of the associated virtual machine.

    ALGEBRAIC AND DETERMINISTIC MEMORY AUTHENTICATION AND CORRECTION WITH COUPLED CACHELINE METADATA

    公开(公告)号:US20220114112A1

    公开(公告)日:2022-04-14

    申请号:US17559258

    申请日:2021-12-22

    申请人: Intel Corporation

    摘要: A method comprises generating, for a cacheline, a first tag and a second tag, the first tag and the second tag generated as a function of user data stored and metadata in the cacheline stored in a first memory device, and a multiplication parameter derived from a secret key, storing the user data, the metadata, the first tag and the second tag in the first cacheline of the first memory device; generating, for the cacheline, a third tag and a fourth tag, the third tag and the fourth tag generated as a function of the user data stored and metadata in the cacheline stored in a second memory device, and the multiplication parameter; storing the user data, the metadata, the third tag and the fourth tag in the corresponding cache line of the second memory device; receiving, from a requesting device, a read operation directed to the cacheline; and using the first tag, the second tag, the third tag, and the fourth tag to determine whether a read error occurred during the read operation.

    Reducing conflicts in direct mapped caches

    公开(公告)号:US10901899B2

    公开(公告)日:2021-01-26

    申请号:US16408870

    申请日:2019-05-10

    申请人: Intel Corporation

    摘要: A processor includes a core to execute a transaction with a memory via cache; and cache controller having an index mapper circuit to: identify a physical memory address associated with the transaction and having a plurality of bits; determine, based on the plurality of bits, a first set of bits encoding a tag value, a second set of bits encoding a page index value, and a third set of bits encoding a line index value; determine a mapping function corresponding to the tag value; determine, using the mapping function, a bit-placement order; combine, based on the order, second and third set of bits to form an index; generate, using the index, a mapping from the address to a cache line index value identifying a cache line in the cache; and wherein the cache controller is further to access, using the mapping and in response to the transaction, the cache line.

    LOW OVERHEAD INTEGRITY PROTECTION WITH HIGH AVAILABILITY FOR TRUST DOMAINS

    公开(公告)号:US20190042476A1

    公开(公告)日:2019-02-07

    申请号:US16023576

    申请日:2018-06-29

    申请人: Intel Corporation

    摘要: Techniques are described for providing low-overhead cryptographic memory isolation to mitigate attack vulnerabilities in a multi-user virtualized computing environment. Memory read and memory write operations for target data, each operation initiated via an instruction associated with a particular virtual machine (VM), include the generation and/or validation of a message authentication code that is based at least on a VM-specific cryptographic key and a physical memory address of the target data. Such operations may further include transmitting the generated message authentication code via a plurality of ancillary bits incorporated within a data line that includes the target data. In the event of a validation failure, one or more error codes may be generated and provided to distinct trust domain architecture entities based on an operating mode of the associated virtual machine.

    Technologies for fast booting with error-correcting code memory

    公开(公告)号:US11960900B2

    公开(公告)日:2024-04-16

    申请号:US16729321

    申请日:2019-12-28

    申请人: Intel Corporation

    IPC分类号: G06F9/44 G06F9/4401 G06F9/445

    CPC分类号: G06F9/4403 G06F9/445

    摘要: Technologies for fast boot-up of a compute device with error-correcting code (ECC) memory are disclosed. A basic input/output system (BIOS) of a compute device may assign memory addresses of the ECC memory to different processors on the compute device. The processors may then initialize the ECC memory in parallel by writing to the ECC memory. The processors may write to the ECC memory with direct-store operations that are immediately written to the ECC memory instead of being cached. The BIOS may continue to operation on one processor while the rest of the processors initialize the ECC memory.