公开(公告)号：US12189550B2

公开(公告)日：2025-01-07

申请号：US18347236

申请日：2023-07-05

Applicant: Intel Corporation

Inventor： Robert J. Safranek ,  Robert G. Blankenship ,  Venkatraman Iyer ,  Jeff Willey ,  Robert Beers ,  Darren S. Jue ,  Arvind A. Kumar ,  Debendra Das Sharma ,  Jeffrey C. Swanson ,  Bahaa Fahim ,  Vedaraman Geetha ,  Aaron T. Spink ,  Fulvio Spagna ,  Rahul R. Shah ,  Sitaraman V. Iyer ,  William Harry Nale ,  Abhishek Das ,  Simon P. Johnson ,  Yuvraj S. Dhillon ,  Yen-Cheng Liu ,  Raj K. Ramanujan ,  Robert A. Maddox ,  Herbert H. Hum ,  Ashish Gupta

IPC: G06F13/22 ,  G06F1/3287 ,  G06F8/71 ,  G06F8/77 ,  G06F9/30 ,  G06F9/445 ,  G06F9/46 ,  G06F11/10 ,  G06F12/0806 ,  G06F12/0808 ,  G06F12/0813 ,  G06F12/0815 ,  G06F12/0831 ,  G06F13/40 ,  G06F13/42 ,  H04L9/06 ,  H04L49/15 ,  G06F8/73 ,  H04L12/46 ,  H04L45/74

Abstract: A physical layer (PHY) is coupled to a serial, differential link that is to include a number of lanes. The PHY includes a transmitter and a receiver to be coupled to each lane of the number of lanes. The transmitter coupled to each lane is configured to embed a clock with data to be transmitted over the lane, and the PHY periodically issues a blocking link state (BLS) request to cause an agent to enter a BLS to hold off link layer flit transmission for a duration. The PHY utilizes the serial, differential link during the duration for a PHY associated task selected from a group including an in-band reset, an entry into low power state, and an entry into partial width state.

公开(公告)号：US20240184717A1

公开(公告)日：2024-06-06

申请号：US18378124

申请日：2023-10-09

Applicant: Intel Corporation

Inventor： Carlos V. Rozas ,  Mona Vij ,  Rebekah M. Leslie-Hurd ,  Krystof C. Zmudzinski ,  Somnath Chakrabarti ,  Francis X. Mckeen ,  Vincent R. Scarlata ,  Simon P. Johnson ,  Ilya Alexandrovich ,  Gilbert Neiger ,  Vedvyas Shanbhogue ,  Ittai Anati

IPC: G06F12/14 ,  G06F8/41 ,  G06F9/30 ,  G06F9/455 ,  G06F21/53 ,  G06F21/60

CPC classification number: G06F12/1408 ,  G06F8/41 ,  G06F9/30145 ,  G06F9/45558 ,  G06F12/1441 ,  G06F12/1483 ,  G06F21/53 ,  G06F21/602 ,  G06F2009/4557 ,  G06F2009/45587 ,  G06F2212/1052

Abstract: A processor includes a decode unit to decode an instruction that is to indicate a page of a protected container memory, and a storage location outside of the protected container memory. An execution unit, in response to the instruction, is to ensure that there are no writable references to the page of the protected container memory while it has a write protected state. The execution unit is to encrypt a copy of the page of the protected container memory. The execution unit is to store the encrypted copy of the page to the storage location outside of the protected container memory, after it has been ensured that there are no writable references. The execution unit is to leave the page of the protected container memory in the write protected state, which is also valid and readable, after the encrypted copy has been stored to the storage location.

公开(公告)号：US11030120B2

公开(公告)日：2021-06-08

申请号：US16454481

申请日：2019-06-27

Applicant: Intel Corporation

Inventor： Krystof C. Zmudzinski ,  Simon P. Johnson ,  Raghunandan Makaram ,  Francis X. McKeen ,  Carlos V. Rozas ,  Meltem Ozsoy ,  Ilya Alexandrovich ,  Siddhartha Chhabra

IPC: G06F12/14 ,  G06F12/1045 ,  G06F12/0882 ,  G06F11/30 ,  G06F12/0871 ,  G06F9/4401 ,  G06F11/07 ,  G06F12/0891

Abstract: A processor includes a cryptographic engine to control access, using an secure region key identifier (ID), to one or more memory range of memory allocable for flexible conversion to secure pages of architecturally-protected memory regions, and a processor core. The processor core is to, responsive to receipt of a request to access the memory, perform a walk of page tables and extended page tables to translate a linear address of the request to a physical address of the memory. The processor core is further to determine that the physical address corresponds to an secure page within the one or more memory range of the memory, that a first key ID located within the physical address does not match the secure region key ID, and issue a page fault and deny access to the secure page in the memory.

公开(公告)号：US10671740B2

公开(公告)日：2020-06-02

申请号：US15946401

申请日：2018-04-05

Applicant: Intel Corporation

Inventor： Binata Bhattacharyya ,  Raghunandan Makaram ,  Amy L. Santoni ,  George Z. Chrysos ,  Simon P. Johnson ,  Brian S. Morris ,  Francis X. McKeen

IPC: G06F21/62 ,  G06F21/64 ,  G06F21/78 ,  G06F21/74 ,  G06F12/14 ,  G06F21/60

Abstract: A processor implementing techniques for supporting configurable security levels for memory address ranges is disclosed. In one embodiment, the processor includes a processing core a memory controller, operatively coupled to the processing core, to access data in an off-chip memory and a memory encryption engine (MEE) operatively coupled to the memory controller. The MEE is to responsive to detecting a memory access operation with respect to a memory location identified by a memory address within a memory address range associated with the off-chip memory, identify a security level indicator associated with the memory location based on a value stored on a security range register. The MEE is further to access at least a portion of a data item associated with the memory address range of the off-chip memory in view of the security level indicator.

公开(公告)号：US10248591B2

公开(公告)日：2019-04-02

申请号：US15393153

申请日：2016-12-28

Applicant: Intel Corporation

Inventor： Robert J. Safranek ,  Robert G. Blankenship ,  Venkatraman Iyer ,  Jeff Willey ,  Robert H. Beers ,  Darren S. Jue ,  Arvind A. Kumar ,  Debendra Das Sharma ,  Jeffrey C. Swanson ,  Bahaa Fahim ,  Vedaraman Geetha ,  Aaron T. Spink ,  Fulvio Spagna ,  Rahul R. Shah ,  Sitaraman V. Iyer ,  William Harry Nale ,  Abhishek Das ,  Simon P. Johnson ,  Yuvraj S. Dhillon ,  Yen-Cheng Liu ,  Raj K. Ramanujan ,  Robert A. Maddox ,  Herbert H. Hum ,  Ashish Gupta

IPC: G06F13/22 ,  G06F12/0831 ,  G06F13/42 ,  G06F8/71 ,  G06F8/77 ,  G06F9/30 ,  G06F12/0806 ,  H04L12/933 ,  G06F9/46 ,  G06F13/40 ,  G06F12/0813 ,  G06F12/0815 ,  G06F9/445 ,  G06F1/3287 ,  G06F11/10 ,  H04L9/06 ,  G06F12/0808 ,  H04L12/741 ,  G06F8/73 ,  H04L12/46

Abstract: A physical layer (PHY) is coupled to a serial, differential link that is to include a number of lanes. The PHY includes a transmitter and a receiver to be coupled to each lane of the number of lanes. The transmitter coupled to each lane is configured to embed a clock with data to be transmitted over the lane, and the PHY periodically issues a blocking link state (BLS) request to cause an agent to enter a BLS to hold off link layer flit transmission for a duration. The PHY utilizes the serial, differential link during the duration for a PHY associated task selected from a group including an in-band reset, an entry into low power state, and an entry into partial width state.

公开(公告)号：US10135622B2

公开(公告)日：2018-11-20

申请号：US15279527

申请日：2016-09-29

Applicant: Intel Corporation

Inventor： Vincent R. Scarlata ,  Francis X. McKeen ,  Carlos V. Rozas ,  Simon P. Johnson ,  Bo Zhang ,  James D. Beaney, Jr. ,  Piotr Zmijewski ,  Wesley H. Smith ,  Eduardo Cabre

IPC: H04L9/36 ,  H04L9/32 ,  H04L9/08 ,  H04L9/14 ,  H04L9/30 ,  H04L29/06 ,  G09C1/00 ,  G06F21/53

Abstract: A computing platform implements one or more secure enclaves including a first provisioning enclave to interface with a first provisioning service to obtain a first attestation key from the first provisioning service, a second provisioning enclave to interface with a different, second provisioning service to obtain a second attestation key from the second provisioning service, and a provisioning certification enclave to sign first data from the first provisioning enclave and second data from the second provisioning enclave using a hardware-based provisioning attestation key. The signed first data is used by the first provisioning enclave to authenticate to the first provisioning service to obtain the first attestation key and the signed second data is used by the second provisioning enclave to authenticate to the second provisioning service to obtain the second attestation key.

公开(公告)号：US20180183580A1

公开(公告)日：2018-06-28

申请号：US15391208

申请日：2016-12-27

Applicant: Intel Corporation

Inventor： Vincent R. Scarlata ,  Carlos V. Rozas ,  Simon P. Johnson ,  Francis X. McKeen ,  Mona Vij ,  Somnath Chakrabarti ,  Brandon Baker ,  Ittai Anati ,  Ilya Alexandrovich

IPC: H04L9/08 ,  H04L9/32 ,  G06F9/48

CPC classification number: G06F9/4856 ,  G06F21/53 ,  G06F21/602 ,  H04L9/0861 ,  H04L9/0897 ,  H04L9/3247 ,  H04L9/3268

Abstract: A secure migration enclave is provided to identify a launch of a particular virtual machine on a host computing system, where the particular virtual machine is launched to include a secure quoting enclave to perform an attestation of one or more aspects of the virtual machine. A root key for the particular virtual machine is generated using the secure migration enclave hosted on the host computing system for use in association with provisioning the secure quoting enclave with an attestation key to be used in the attestation. The migration enclave registers the root key with a virtual machine registration service.

公开(公告)号：US20170308467A1

公开(公告)日：2017-10-26

申请号：US15643273

申请日：2017-07-06

Applicant: Intel Corporation

Inventor： Michael A. Goldsmith ,  Simon P. Johnson ,  Carlos V. Rozas ,  Vincent R. Scarlata

IPC: G06F12/084 ,  G06F21/60 ,  G06F21/79 ,  G06F9/46 ,  G06F21/71 ,  G06F12/14

CPC classification number: G06F12/084 ,  G06F9/468 ,  G06F12/1483 ,  G06F21/606 ,  G06F21/71 ,  G06F21/79 ,  G06F2212/608 ,  G06F2221/2141

Abstract: Embodiments of an invention for sharing memory in a secure processing environment are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction to match an offer to make a page in an enclave page cache shareable to a bid to make the page shareable. The execution unit is to execute the instruction. Execution of the instruction includes making the page shareable.

公开(公告)号：US09747102B2

公开(公告)日：2017-08-29

申请号：US13729371

申请日：2012-12-28

Applicant: Intel Corporation

Inventor： Rebekah Leslie ,  Carlos V. Rozas ,  Vincent R. Scarlata ,  Simon P. Johnson ,  Uday R. Savagaonkar ,  Barry E. Huntley ,  Vedvyas Shanbhogue ,  Ittai Anati ,  Francis X. Mckeen ,  Michael A. Goldsmith ,  Ilya Alexandrovich ,  Alex Berenzon ,  Wesley H. Smith ,  Gilbert G. Neiger

IPC: G06F12/00 ,  G06F9/30 ,  G06F9/44 ,  G06F12/084 ,  G06F12/14

CPC classification number: G06F9/3004 ,  G06F9/30047 ,  G06F9/30076 ,  G06F9/44 ,  G06F12/084 ,  G06F12/0875 ,  G06F12/1483 ,  G06F2212/452

Abstract: Embodiments of an invention for memory management in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction and a second instruction. The execution unit is to execute the first instruction, wherein execution of the first instruction includes allocating a page in an enclave page cache to a secure enclave. The execution unit is also to execute the second instruction, wherein execution of the second instruction includes confirming the allocation of the page.

公开(公告)号：US11741030B2

公开(公告)日：2023-08-29

申请号：US17134242

申请日：2020-12-25

Applicant: Intel Corporation

Inventor： Robert J. Safranek ,  Robert G. Blankenship ,  Venkatraman Iyer ,  Jeff Willey ,  Robert Beers ,  Darren S. Jue ,  Arvind A. Kumar ,  Debendra Das Sharma ,  Jeffrey C. Swanson ,  Bahaa Fahim ,  Vedaraman Geetha ,  Aaron T. Spink ,  Fulvio Spagna ,  Rahul R. Shah ,  Sitaraman V. Iyer ,  William Harry Nale ,  Abhishek Das ,  Simon P. Johnson ,  Yuvraj S. Dhillon ,  Yen-Cheng Liu ,  Raj K. Ramanujan ,  Robert A. Maddox ,  Herbert H. Hum ,  Ashish Gupta

IPC: G06F13/22 ,  H04L49/15 ,  G06F12/0813 ,  G06F12/0815 ,  G06F12/0831 ,  G06F13/42 ,  G06F8/71 ,  G06F8/77 ,  G06F9/30 ,  G06F12/0806 ,  G06F9/46 ,  G06F13/40 ,  G06F9/445 ,  G06F1/3287 ,  G06F11/10 ,  H04L9/06 ,  G06F12/0808 ,  H04L45/74 ,  G06F8/73 ,  H04L12/46

CPC classification number: G06F13/22 ,  G06F1/3287 ,  G06F8/71 ,  G06F8/77 ,  G06F9/30145 ,  G06F9/44505 ,  G06F9/466 ,  G06F11/1004 ,  G06F12/0806 ,  G06F12/0808 ,  G06F12/0813 ,  G06F12/0815 ,  G06F12/0831 ,  G06F12/0833 ,  G06F13/4022 ,  G06F13/4068 ,  G06F13/4221 ,  G06F13/4282 ,  G06F13/4286 ,  G06F13/4291 ,  H04L9/0662 ,  H04L49/15 ,  G06F8/73 ,  G06F13/4273 ,  G06F2212/1016 ,  G06F2212/2542 ,  G06F2212/622 ,  H04L12/4641 ,  H04L45/74 ,  Y02D10/00 ,  Y02D30/00

Abstract: A physical layer (PHY) is coupled to a serial, differential link that is to include a number of lanes. The PHY includes a transmitter and a receiver to be coupled to each lane of the number of lanes. The transmitter coupled to each lane is configured to embed a clock with data to be transmitted over the lane, and the PHY periodically issues a blocking link state (BLS) request to cause an agent to enter a BLS to hold off link layer flit transmission for a duration. The PHY utilizes the serial, differential link during the duration for a PHY associated task selected from a group including an in-band reset, an entry into low power state, and an entry into partial width state.