公开(公告)号：US20230102178A1

公开(公告)日：2023-03-30

申请号：US17485369

申请日：2021-09-25

Applicant: Intel Corporation

Inventor： Siddhartha CHHABRA ,  Vedvyas SHANBHOGUE ,  Prashant DEWAN ,  Baiju PATEL

IPC: H04L9/08 ,  H04L9/32 ,  G06F9/30

Abstract: Techniques for encrypting data using a key generated by a physical unclonable function (PUF) or a virtual PUF key are described. An apparatus according to the present disclosure may include decoder circuitry to decode an instance of a single instruction having a field for an opcode to indicate that execution circuitry is to encrypt at least encrypt secret information from an input data structure with either a physical unclonable function (PUF) generated encryption key or a virtual PUF key, bind the wrapped secret information to an identified target, update the input data structure, generate a MAC over the updated data structure, store the MAC in the input data structure to generate a wrapped output data structure, store the wrapped output data structure having the encrypted secret information and an indication of the target;

公开(公告)号：US20230094171A1

公开(公告)日：2023-03-30

申请号：US17485370

申请日：2021-09-25

Applicant: Intel Corporation

Inventor： Avishay SNIR ,  Ziv CHAI ,  Siddhartha CHHABRA ,  Prashant DEWAN ,  Baiju PATEL

IPC: G06F12/14 ,  G06F12/02 ,  G06F12/0882

Abstract: Techniques for memory assisted inline encryption/decryption are described. An example includes an encryption data structure engine to provide a key, data, and a tweak to the encryption/decryption engine, wherein the encryption data structure engine is to: read an index value from an encryption data structure lookup data structure entry using an address, the entry to include the index value and a guest page physical address (GPPA), retrieve, based on the index value, an entry from the encryption data structure, the entry to include a logical block address (LBA) base, a key identifier, and at least one GPPA in a sequence of GPPAs, generate a LBA using a position of the GPPA from the encryption data structure lookup data structure entry in the sequence of GPPAs, and retrieve a key based on the key identifier, wherein the encryption engine to encrypt data using the retrieved key, and the generated LBA.

公开(公告)号：US20210089466A1

公开(公告)日：2021-03-25

申请号：US16986169

申请日：2020-08-05

Applicant: INTEL CORPORATION

Inventor： Vedvyas SHANBHOGUE ,  Ravi SAHITA ,  Rajesh SANKARAN ,  Siddhartha CHHABRA ,  Abhishek BASAK ,  Krystof ZMUDZINSKI ,  Rupin VAKHARWALA

IPC: G06F12/1009 ,  G06F12/14 ,  G06F9/30 ,  G06F9/455 ,  G06F21/57 ,  G06F21/53

Abstract: Examples include an apparatus which accesses secure pages in a trust domain using secure lookups in first and second sets of page tables. For example, one embodiment of the processor comprises: a decoder to decode a plurality of instructions including instructions related to a trusted domain; execution circuitry to execute a first one or more of the instructions to establish a first trusted domain using a first trusted domain key, the trusted domain key to be used to encrypt memory pages within the first trusted domain; and the execution circuitry to execute a second one or more of the instructions to associate a first process address space identifier (PASID) with the first trusted domain, the first PASID to uniquely identify a first execution context associated with the first trusted domain.

公开(公告)号：US20190042706A1

公开(公告)日：2019-02-07

申请号：US15942096

申请日：2018-03-30

Applicant: Intel Corporation

Inventor： Prashant DEWAN ,  Siddhartha CHHABRA

IPC: G06F21/10 ,  G06F21/44 ,  H04L29/06

Abstract: The present disclosure is directed to secure processing and display of protected content. The use of a trusted execution environment (TEE) to handle authentication and session key negotiation in accordance with a selected content protection protocol may reduce any trusted computing base (TCB) needed for such operations, and thereby present a smaller target for potential attackers. Techniques are presented in which a session key negotiated via such a TEE is securely provided to output circuitry such as a display controller, which may encrypt protected content that has been requested for viewing on a protocol-compliant display device communicatively coupled to a device comprising the TEE and/or the output circuitry. The output circuitry may then provide the encrypted protected content to the protocol-compliant display device, such as for compliant display of the protected content.

公开(公告)号：US20220209968A1

公开(公告)日：2022-06-30

申请号：US17134364

申请日：2020-12-26

Applicant: Intel Corporation

Inventor： Siddhartha CHHABRA ,  Prashant DEWAN ,  Baiju PATEL

IPC: H04L9/32 ,  H04L9/08 ,  G06F9/30

Abstract: Techniques for encrypting data using a key generated by a physical unclonable function (PUF) are described. An apparatus according to the present disclosure may include decoder circuitry to decode an instruction and generate a decoded instruction. The decoded instruction includes operands and an opcode. The opcode indicates that execution circuitry is to encrypt data using a key generated by a PUF. The apparatus may further include execution circuitry to execute the decoded instruction according to the opcode to encrypt the data to generate encrypted data using the key generated by the PUF.

公开(公告)号：US20220209966A1

公开(公告)日：2022-06-30

申请号：US17134360

申请日：2020-12-26

Applicant: Intel Corporation

Inventor： Siddhartha CHHABRA ,  Prashant DEWAN ,  Baiju PATEL ,  Vedvyas SHANBHOGUE

IPC: H04L9/32 ,  H04L9/08 ,  G06F12/14 ,  G06F9/30

Abstract: Techniques for encrypting data using a key generated by a physical unclonable function (PUF) are described. An apparatus according to the present disclosure may include decoder circuitry to decode an instruction and generate a decoded instruction. The decoded instruction includes operands and an opcode. The opcode indicates that execution circuitry is to encrypt data using a key generated by a PUF. The apparatus may further include execution circuitry to execute the decoded instruction according to the opcode to encrypt the data to generate encrypted data using the key generated by the PUF.

公开(公告)号：US20220206951A1

公开(公告)日：2022-06-30

申请号：US17134052

申请日：2020-12-24

Applicant: Intel Corporation

Inventor： Thomas TOLL ,  Ramya JAYARAM MASTI ,  Barry E. HUNTLEY ,  Vincent VON BOKERN ,  Siddhartha CHHABRA ,  Hormuzd M. KHOSRAVI ,  Vedvyas SHANBHOGUE ,  Gideon GERZON

IPC: G06F12/0895 ,  G06F12/06 ,  G06F9/455 ,  G06F21/53 ,  G06F12/14

Abstract: A method is described. The method includes executing a memory access instruction for a software process or thread. The method includes creating a memory access request for the memory access instruction having a physical memory address and a first identifier of a realm that the software process or thread execute from. The method includes receiving the memory access request and determining a second identifier of a realm from the physical memory address. The method also includes servicing the memory access request because the first identifier matches the second identifier.

公开(公告)号：US20220209969A1

公开(公告)日：2022-06-30

申请号：US17134365

申请日：2020-12-26

Applicant: Intel Corporation

Inventor： Siddhartha CHHABRA ,  Prashant DEWAN ,  Baiju PATEL

IPC: H04L9/32 ,  H04L9/08 ,  G06F9/30

Abstract: Techniques for encrypting data using a key generated by a physical unclonable function (PUF) are described. An apparatus according to the present disclosure may include decoder circuitry to decode an instruction and generate a decoded instruction. The decoded instruction includes operands and an opcode. The opcode indicates that execution circuitry is to encrypt data using a key generated by a PUF. The apparatus may further include execution circuitry to execute the decoded instruction according to the opcode to encrypt the data to generate encrypted data using the key generated by the PUF.

公开(公告)号：US20220209933A1

公开(公告)日：2022-06-30

申请号：US17134351

申请日：2020-12-26

Applicant: Intel Corporation

Inventor： Siddhartha CHHABRA ,  John Sell

IPC: H04L9/00 ,  G06F21/60 ,  H04L9/32 ,  H04L9/06

Abstract: Detailed herein are embodiments which allow for integrity protected access control to provide defense against deterministic software attacks. Software attacks such as rowhammer attacks which target the TD bit itself are defended against using cryptographic integrity which the data itself is protected by the TD-bit alone. As such, software is reduced to performing only non-deterministic attacks (e.g., random corruption), but all the deterministic attacks are defended against. Additionally, integrity-protected access control bits are protected against simple hardware attacks where the adversary with physical access to the machine can flip TD bits to get ciphertext access in software which can break confidentiality.

公开(公告)号：US20220207155A1

公开(公告)日：2022-06-30

申请号：US17134348

申请日：2020-12-26

Applicant: Intel Corporation

Inventor： Siddhartha CHHABRA ,  Thripthi HEGDE ,  Reouven ELBAZ

IPC: G06F21/60

Abstract: Detailed herein is instruction level support to allow untrusted software to save/restore key state from the memory encryption engine to support S3/S4 flows on clients. In a first embodiment, the save/restore is done by the untrusted software and encryption hardware alone. In another embodiment, a security engine (which forms the root of trust on the platform) is involved to protect the keys before handing over to untrusted software. Either embodiment uses the instructions introduced herein which may work differently underneath depending on the implementation option chosen.