公开(公告)号：US10102380B2

公开(公告)日：2018-10-16

申请号：US13802272

申请日：2013-03-13

Applicant: INTEL CORPORATION

Inventor： Francis X. McKeen ,  Carlos V. Rozas ,  Uday R. Savagaonkar ,  Simon P. Johnson ,  Vincent Scarlata ,  Michael A. Goldsmith ,  Ernie Brickell ,  Jiang Tao Li ,  Howard C. Herbert ,  Prashant Dewan ,  Stephen J. Tolopka ,  Gilbert Neiger ,  David Durham ,  Gary Graunke ,  Bernard Lint ,  Don A. Van Dyke ,  Joseph Cihula ,  Stalinselvaraj Jeyasingh ,  Stephen R. Van Doren ,  Dion Rodgers ,  John Garney ,  Asher Altman

IPC: G06F21/60 ,  G06F21/72 ,  G06F21/53

Abstract: A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.

公开(公告)号：US09703715B2

公开(公告)日：2017-07-11

申请号：US14142838

申请日：2013-12-28

Applicant: Intel Corporation

Inventor： Michael A. Goldsmith ,  Simon P. Johnson ,  Carlos V. Rozas ,  Vincent R. Scarlata

IPC: G06F12/00 ,  G06F12/084 ,  G06F12/14 ,  G06F9/46 ,  G06F21/60 ,  G06F21/71 ,  G06F21/79

CPC classification number: G06F12/084 ,  G06F9/468 ,  G06F12/1483 ,  G06F21/606 ,  G06F21/71 ,  G06F21/79 ,  G06F2212/608 ,  G06F2221/2141

Abstract: Embodiments of an invention for sharing memory in a secure processing environment are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction to match an offer to make a page in an enclave page cache shareable to a bid to make the page shareable. The execution unit is to execute the instruction. Execution of the instruction includes making the page shareable.

公开(公告)号：US09665724B2

公开(公告)日：2017-05-30

申请号：US14919350

申请日：2015-10-21

Applicant: Intel Corporation

Inventor： Francis X. McKeen ,  Michael A. Goldsmith ,  Barrey E. Huntley ,  Simon P. Johnson ,  Rebekah M. Leslie-Hurd ,  Carlos V. Rozas ,  Uday R. Savagaonkar ,  Vincent R. Scarlata ,  Vedvyas Shanbhogue ,  Wesley H. Smith ,  Gilbert Neiger

IPC: G06F12/00 ,  G06F21/60 ,  G06F12/0875 ,  G06F12/14 ,  G06F21/72

CPC classification number: G06F21/60 ,  G06F12/0875 ,  G06F12/14 ,  G06F12/145 ,  G06F21/72 ,  G06F2212/1052 ,  G06F2212/152 ,  G06F2212/452

Abstract: Embodiments of an invention for logging in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction having an associated enclave page cache address. The execution unit is to execute the instruction without causing a virtual machine exit, wherein execution of the instruction includes logging the instruction and the associated enclave page cache address.

公开(公告)号：US20170024317A1

公开(公告)日：2017-01-26

申请号：US15091926

申请日：2016-04-06

Applicant: Intel Corporation

Inventor： Francis X. Mckeen ,  Michael A. Goldsmith ,  Barry E. Huntley ,  Simon P. Johnson ,  Rebekah Leslie-Hurd ,  Carlos V. Rozas ,  Uday R. Savagaonkar ,  Vincent R. Scarlata ,  Vedvyas Shanbhogue ,  Wesley H. Smith ,  Ittai Anati ,  Ilya Alexandrovich ,  Alex Berenzon ,  Gilbert Neiger

IPC: G06F12/0804 ,  G06F12/14 ,  G06F12/0875

CPC classification number: G06F12/0804 ,  G06F9/30047 ,  G06F12/0875 ,  G06F12/1408 ,  G06F2212/1052 ,  G06F2212/402

Abstract: Embodiments of an invention for paging in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction. The execution unit is to execute the first instruction, wherein execution of the first instruction includes evicting a first page from an enclave page cache.

Abstract translation: 公开了用于在安全飞行器中寻呼的发明的实施例。 在一个实施例中，处理器包括指令单元和执行单元。 指令单元接收第一条指令。 执行单元执行第一指令，其中第一指令的执行包括从飞地页面缓存中逐出第一页。

公开(公告)号：US09766889B2

公开(公告)日：2017-09-19

申请号：US15074573

申请日：2016-03-18

Applicant: Intel Corporation

Inventor： Rebekah Leslie-Hurd ,  Carlos V. Rozas ,  Vincent R. Scarlata ,  Simon P. Johnson ,  Uday R. Savagaonkar ,  Barry E. Huntley ,  Vedvyas Shanbhogue ,  Ittai Anati ,  Francis X. Mckeen ,  Michael A. Goldsmith ,  Ilya Alexandrovich ,  Alex Berenzon ,  Wesley H. Smith ,  Gilbert Neiger

IPC: G06F12/00 ,  G06F9/30 ,  G06F12/0875 ,  G06F9/44 ,  G06F12/084 ,  G06F12/14

CPC classification number: G06F9/3004 ,  G06F9/30047 ,  G06F9/30076 ,  G06F9/44 ,  G06F12/084 ,  G06F12/0875 ,  G06F12/1483 ,  G06F2212/452

Abstract: Embodiments of an invention for memory management in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction and a second instruction. The execution unit is to execute the first instruction, wherein execution of the first instruction includes allocating a page in an enclave page cache to a secure enclave. The execution unit is also to execute the second instruction, wherein execution of the second instruction includes confirming the allocation of the page.

公开(公告)号：US20160012565A1

公开(公告)日：2016-01-14

申请号：US14864183

申请日：2015-09-24

Applicant: Intel Corporation

Inventor： Siddhartha Chhabra ,  Uday R. Savagaonkar ,  Prashant Dewan ,  Michael A. Goldsmith ,  David M. Durham

IPC: G06T1/60 ,  G06T1/20 ,  G06F21/84 ,  G06F3/147

CPC classification number: G06T1/60 ,  G06F3/147 ,  G06F21/84 ,  G06T1/20 ,  G09G2358/00 ,  H04N21/42653 ,  H04N21/4318 ,  H04N21/4367 ,  H04N21/44004 ,  H04N21/4408

Abstract: A protected graphics module can send its output to a display engine securely. Secure communications with the display can provide a level of confidentiality of content generated by protected graphics modules against software and hardware attacks.

Abstract translation: 受保护的图形模块可以将其输出安全地发送到显示引擎。 与显示器的安全通信可以提供受保护图形模块生成的内容对软件和硬件攻击的机密性。

公开(公告)号：US09134878B2

公开(公告)日：2015-09-15

申请号：US13631288

申请日：2012-09-28

Applicant: Intel Corporation

Inventor： Prashant Dewan ,  Siddhartha Chhabra ,  Xiaozhu Kang ,  Xiaoning Li ,  Uday R. Savagaonkar ,  David M. Durham ,  Paul S. Schmitz ,  Michael A. Goldsmith ,  Jason Martin

IPC: G06F3/041 ,  G06F3/0481 ,  G06F3/0488 ,  G06F21/74 ,  G06F21/82

CPC classification number: G06F3/0481 ,  G06F3/041 ,  G06F3/04883 ,  G06F21/74 ,  G06F21/82

Abstract: A device and method for securely rendering content on a gesture-enabled computing device includes initializing a secure execution environment on a processor graphics of the computing device. The computing device transfers view rendering code and associated state data to the secure execution environment. An initial view of the content is rendered by executing the view rendering code in the secure execution environment. A gesture is recognized, and an updated view of the content is rendered in the secure execution environment in response to the gesture. The gesture may include a touch gesture recognized on a touch screen, or a physical gesture of the user recognized by a camera. After the updated view of the content is rendered, the main processor of the computing device may receive updated view data from the secure execution environment.

Abstract translation: 用于在启用姿势的计算设备上安全地呈现内容的设备和方法包括在计算设备的处理器图形上初始化安全执行环境。 计算设备将视图呈现代码和相关联的状态数据传送到安全执行环境。 通过在安全执行环境中执行视图呈现代码来呈现内容的初始视图。 识别手势，并且响应于手势在安全执行环境中呈现内容的更新视图。 手势可以包括在触摸屏上识别的触摸手势，或者由相机识别的用户的身体手势。 在呈现内容的更新视图之后，计算设备的主处理器可以从安全执行环境接收更新的视图数据。

公开(公告)号：US11023385B2

公开(公告)日：2021-06-01

申请号：US16883634

申请日：2020-05-26

Applicant: INTEL CORPORATION

Inventor： Kiran S. Panesar ,  Michael A. Goldsmith

IPC: G06F12/1009 ,  G06F12/10 ,  G06F12/02 ,  G06F12/109 ,  G06F12/1081 ,  G06F9/455

Abstract: A system and method including, in some embodiments, receiving a request for a graphics memory address for an input/output (I/O) device assigned to a virtual machine in a system that supports virtualization, and installing, in a graphics memory translation table, a physical guest graphics memory address to host physical memory address translation.

公开(公告)号：US10885202B2

公开(公告)日：2021-01-05

申请号：US16123593

申请日：2018-09-06

Applicant: Intel Corporation

Inventor： Francis X. McKeen ,  Carlos V. Rozas ,  Uday R. Savagaonkar ,  Simon P. Johnson ,  Vincent Scarlata ,  Michael A. Goldsmith ,  Ernie Brickell ,  Jiang Tao Li ,  Howard C. Herbert ,  Prashant Dewan ,  Stephen J. Tolopka ,  Gilbert Neiger ,  David Durham ,  Gary Graunke ,  Bernard Lint ,  Don A. Van Dyke ,  Joseph Cihula ,  Stalinselvaraj Jeyasingh ,  Stephen R. Van Doren ,  Dion Rodgers ,  John Garney ,  Asher Altman

IPC: G06F21/60 ,  G06F21/72 ,  G06F21/53

Abstract: A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.

公开(公告)号：US10133674B2

公开(公告)日：2018-11-20

申请号：US14711312

申请日：2015-05-13

Applicant: INTEL CORPORATION

Inventor： Kiran S. Panesar ,  Michael A. Goldsmith

IPC: G06F12/1009 ,  G06F12/10 ,  G06F12/02 ,  G06F12/1081 ,  G06F9/455 ,  G06F12/109

Abstract: A system and method including, in some embodiments, receiving a request for a graphics memory address for an input/output (I/O) device assigned to a virtual machine in a system that supports virtualization, and installing, in a graphics memory translation table, a physical guest graphics memory address to host physical memory address translation.