-
公开(公告)号:US11841939B2
公开(公告)日:2023-12-12
申请号:US17456768
申请日:2021-11-29
Applicant: Intel Corporation
Inventor: Michael LeMay , Barry E. Huntley , Ravi Sahita
CPC classification number: G06F21/53 , G06F9/5016 , G06F12/00 , G06F21/121 , G06F21/74 , G06F2221/033 , G06F2221/0713 , G06F2221/2113
Abstract: Technologies for memory management with memory protection extension include a computing device having a processor with one or more protection extensions. The processor may load a logical address including a segment base, effective limit, and effective address and generate a linear address as a function of the logical address with the effective limit as a mask. The processor may switch to a new task described by a task state segment extension. The task state extension may specify a low-latency segmentation mode. The processor may prohibit access to a descriptor in a local descriptor table with a descriptor privilege level lower than the current privilege level of the processor. The computing device may load a secure enclave using secure enclave support of the processor. The secure enclave may load an unsandbox and a sandboxed application in a user privilege level of the processor. Other embodiments are described and claimed.
-
公开(公告)号:US11599621B2
公开(公告)日:2023-03-07
申请号:US16370921
申请日:2019-03-30
Applicant: Intel Corporation
Inventor: Vedvyas Shanbhogue , Rajesh Sankaran , Abhishek Basak , Pradeep Pappachan , Utkarsh Y. Kakaiya , Ravi Sahita , Rupin Vakharwala
Abstract: Systems, methods, and apparatuses relating to performing an attachment of an input-output memory management unit (IOMMU) to a device, and a verification of the attachment. In one embodiment, a protocol and IOMMU extensions are used by a secure arbitration mode (SEAM) module and/or circuitry to determine if the IOMMU that is attached to the device requested to be mapped to a trusted domain.
-
公开(公告)号:US11562063B2
公开(公告)日:2023-01-24
申请号:US17114246
申请日:2020-12-07
Applicant: INTEL CORPORATION
Inventor: Michael Lemay , David M. Durham , Michael E. Kounavis , Barry E. Huntley , Vedvyas Shanbhogue , Jason W. Brandt , Josh Triplett , Gilbert Neiger , Karanvir Grewal , Baiju Patel , Ye Zhuang , Jr-Shian Tsai , Vadim Sukhomlinov , Ravi Sahita , Mingwei Zhang , James C. Farwell , Amitabh Das , Krishna Bhuyan
Abstract: Disclosed embodiments relate to encoded inline capabilities. In one example, a system includes a trusted execution environment (TEE) to partition an address space within a memory into a plurality of compartments each associated with code to execute a function, the TEE further to assign a message object in a heap to each compartment, receive a request from a first compartment to send a message block to a specified destination compartment, respond to the request by authenticating the request, generating a corresponding encoded capability, conveying the encoded capability to the destination compartment, and scheduling the destination compartment to respond to the request, and subsequently, respond to a check capability request from the destination compartment by checking the encoded capability and, when the check passes, providing a memory address to access the message block, and, otherwise, generating a fault, wherein each compartment is isolated from other compartments.
-
公开(公告)号:US11216556B2
公开(公告)日:2022-01-04
申请号:US16222785
申请日:2018-12-17
Applicant: Intel Corporation
Inventor: Ken Grewal , Ravi Sahita , David Durham , Erdem Aktas , Sergej Deutsch , Abhishek Basak
Abstract: The present disclosure is directed to systems and methods that maintain consistency between a system architectural state and a microarchitectural state in the system cache circuitry to prevent a side-channel attack from accessing secret information. Speculative execution of one or more instructions by the processor circuitry causes memory management circuitry to transition the cache circuitry from a first microarchitectural state to a second microarchitectural state. The memory management circuitry maintains the cache circuitry in the second microarchitectural state in response to a successful completion and/or retirement of the speculatively executed instruction. The memory management circuitry reverts the cache circuitry from the second microarchitectural state to the first microarchitectural state in response to an unsuccessful completion, flushing, and/or retirement of the speculatively executed instruction.
-
公开(公告)号:US20210303678A1
公开(公告)日:2021-09-30
申请号:US17346860
申请日:2021-06-14
Applicant: Intel Corporation
Inventor: Michael LeMay , Barry E. Huntley , Ravi Sahita
Abstract: Technologies for memory management with memory protection extension include a computing device having a processor with one or more protection extensions. The processor may load a logical address including a segment base, effective limit, and effective address and generate a linear address as a function of the logical address with the effective limit as a mask. The processor may switch to a new task described by a task state segment extension. The task state extension may specify a low-latency segmentation mode. The processor may prohibit access to a descriptor in a local descriptor table with a descriptor privilege level lower than the current privilege level of the processor. The computing device may load a secure enclave using secure enclave support of the processor. The secure enclave may load an unsandbox and a sandboxed application in a user privilege level of the processor. Other embodiments are described and claimed.
-
Patent Agency Ranking
公开(公告)号:US11016773B2
公开(公告)日:2021-05-25
申请号:US16585287
申请日:2019-09-27
Applicant: Intel Corporation
Inventor: Salmin Sultana , Beeman Strong , Ravi Sahita
Abstract: Embodiments described herein provide for a computing device comprising a hardware processor including a processor trace module to generate trace data indicative of an order of instructions executed by the processor, wherein the processor trace module is configurable to selectively output a processor trace packet associated with execution of a selected non-deterministic control flow transfer instruction.
-
公开(公告)号:US10901772B2
公开(公告)日:2021-01-26
申请号:US16380717
申请日:2019-04-10
Applicant: Intel Corporation
Inventor: Gilbert Neiger , Mayank Bomb , Manohar Castelino , Robert Chappell , David Durham , Barry Huntley , Anton Ivanov , Madhavan Parthasarathy , Scott Rodgers , Ravi Sahita , Vedvyas Shanbhogue
Abstract: Embodiments of an invention for virtualization exceptions are disclosed. In one embodiment, a processor includes instruction hardware, control logic, and execution hardware. The instruction hardware is to receive a plurality of instructions, including an instruction to enter a virtual machine. The control logic is to determine, in response to a privileged event occurring within the virtual machine, whether to generate a virtualization exception. The execution hardware is to generate a virtualization exception in response to the control logic determining to generate a virtualization exception.
-
公开(公告)号:US10810305B2
公开(公告)日:2020-10-20
申请号:US15899229
申请日:2018-02-19
Applicant: Intel Corporation
Inventor: Mingwei Zhang , Ravi Sahita
Abstract: Systems, apparatuses and methods may provide technology for securing untrusted code using memory protection keys and control flow integrity, by applying a memory protection key to one or more memory regions, enforcing control flow integrity with respect to the one or more memory regions, and executing untrusted code in an isolated region of the one or more memory regions.
-
公开(公告)号:US20190129867A1
公开(公告)日:2019-05-02
申请号:US16229857
申请日:2018-12-21
Applicant: Intel Corporation
Inventor: Mingwei Zhang , Ravi Sahita , David A. Koufaty
IPC: G06F12/14 , G06F12/1027 , G06F12/1009 , H04L9/08 , G06F21/78
Abstract: In embodiments, an apparatus for computing includes a protection key register (PKR) having 2N bits, where N is an integer, to store a plurality of permission entries corresponding to protected memory domains, and a protected memory domain controller, coupled to the PKR. In embodiments, the memory domain controller is to: obtain protection key (PK) bits from a page table entry for a target page address; obtain one or more additional PK bits from a target linear memory address; and combine the PK bits and the additional PK bits to form a PK domain number to index into the plurality of permission entries in the PKR to obtain a permission entry for a protected memory domain.
-
公开(公告)号:US20190121964A1
公开(公告)日:2019-04-25
申请号:US16218908
申请日:2018-12-13
Applicant: Intel Corporation
Inventor: Michael LeMay , Barry E. Huntley , Ravi Sahita
Abstract: Technologies for memory management with memory protection extension include a computing device having a processor with one or more protection extensions. The processor may load a logical address including a segment base, effective limit, and effective address and generate a linear address as a function of the logical address with the effective limit as a mask. The processor may switch to a new task described by a task state segment extension. The task state extension may specify a low-latency segmentation mode. The processor may prohibit access to a descriptor in a local descriptor table with a descriptor privilege level lower than the current privilege level of the processor. The computing device may load a secure enclave using secure enclave support of the processor. The secure enclave may load an unsandbox and a sandboxed application in a user privilege level of the processor. Other embodiments are described and claimed.
-
-
-
-
-
-
-
-
-
Search Results
70
records
(took 0.026 seconds)
