公开(公告)号：US20220206951A1

公开(公告)日：2022-06-30

申请号：US17134052

申请日：2020-12-24

Applicant: Intel Corporation

Inventor： Thomas TOLL ,  Ramya JAYARAM MASTI ,  Barry E. HUNTLEY ,  Vincent VON BOKERN ,  Siddhartha CHHABRA ,  Hormuzd M. KHOSRAVI ,  Vedvyas SHANBHOGUE ,  Gideon GERZON

IPC: G06F12/0895 ,  G06F12/06 ,  G06F9/455 ,  G06F21/53 ,  G06F12/14

Abstract: A method is described. The method includes executing a memory access instruction for a software process or thread. The method includes creating a memory access request for the memory access instruction having a physical memory address and a first identifier of a realm that the software process or thread execute from. The method includes receiving the memory access request and determining a second identifier of a realm from the physical memory address. The method also includes servicing the memory access request because the first identifier matches the second identifier.

公开(公告)号：US20210200880A1

公开(公告)日：2021-07-01

申请号：US16728712

申请日：2019-12-27

Applicant: Intel Corporation

Inventor： Hormuzd M. KHOSRAVI ,  Siddhartha CHHABRA ,  Vincent VON BOKERN ,  Barry E. HUNTLEY ,  Vedvyas SHANBHOGUE ,  Ramya Jayaram MASTI

IPC: G06F21/60 ,  G06F21/53 ,  G06F9/455 ,  H04L9/08

Abstract: Disclosed embodiments relate to Multi-Key Total Memory Encryption based on dynamic key derivation. In one example, a processor includes cryptographic circuitry, storage with multiple key splits and multiple full encryption keys, fetch and decode circuitry to fetch and decode an instruction specifying an opcode, an address, and a keyID, the opcode calling for the processor to use the address to determine whether to use an explicit key, in which case the keyID is used to select one of the multiple full encryption keys to use as a cryptographic key, and, otherwise, the processor is to dynamically derive the cryptographic key by using the keyID to select one of the multiple key splits, and provide the key split and a root key to a key derivation function to derive the cryptographic key, which is used by the encryption circuitry to perform a cryptographic operation on an the addressed memory location.

公开(公告)号：US20210200879A1

公开(公告)日：2021-07-01

申请号：US16727608

申请日：2019-12-26

Applicant: Intel Corporation

Inventor： Gideon GERZON ,  Hormuzd M. KHOSRAVI ,  Vincent VON BOKERN ,  Barry E. HUNTLEY ,  Dror CASPI

IPC: G06F21/60 ,  G06F9/455 ,  H04L9/06 ,  G06F21/72

Abstract: Disclosed embodiments relate to trust domain islands with self-contained scope. In one example, a system includes multiple sockets, each including multiple cores, multiple multi-key total memory encryption (MK-TME) circuits, multiple memory controllers, and a trust domain island resource manager (TDIRM) to: initialize a trust domain island (TDI) island control structure (TDICS) associated with a TD island, initialize a trust domain island protected memory (TDIPM) associated with the TD island, identify a host key identifier (HKID) in a key ownership table (KOT), assign the HKID to a cryptographic key and store the HKID in the TDICS, associate one of the plurality of cores with the TD island, add a memory page from an address space of the first core to the TDIPM, and transfer execution control to the first core to execute the TDI, and wherein a number of HKIDs available in the system is increased as the memory mapped to the TD island is decreased.