公开(公告)号：US20170286645A1

公开(公告)日：2017-10-05

申请号：US15621864

申请日：2017-06-13

Applicant: Intel Corporation

Inventor： Prashant Pandey ,  Mona Vij ,  Somnath Chakrabarti ,  Krystof C. Zmudzinski

IPC: G06F21/12 ,  G06F12/0875 ,  G06F13/24 ,  G06F12/0811 ,  G06F12/0817 ,  G06F12/14

CPC classification number: G06F21/12 ,  G06F12/0811 ,  G06F12/0822 ,  G06F12/0875 ,  G06F12/14 ,  G06F12/1425 ,  G06F13/24 ,  G06F2212/1052 ,  G06F2212/283 ,  G06F2212/452

Abstract: Instructions and logic fork processes and establish child enclaves in a secure enclave page cache (EPC). Instructions specify addresses for secure storage allocated to enclaves of a parent and a child process to store secure enclave control structure (SECS) data, application data, code, etc. The processor includes an EPC to store enclave data of the parent and child processes. Embodiments of the parent may execute, or a system may execute an instruction to copy parent SECS to secure storage for the child, initialize a unique child ID and link to the parent's SECS/ID. Embodiments of the child may execute, or the system may execute an instruction to copy pages from the parent enclave to the enclave of the child where both have the same key, set an entry for EPC mapping to partial completion, and record a page state in the child enclave, if interrupted. Thus copying can be resumed.

公开(公告)号：US09710622B2

公开(公告)日：2017-07-18

申请号：US14629132

申请日：2015-02-23

Applicant: INTEL CORPORATION

Inventor： Prashant Pandey ,  Mona Vij ,  Somnath Chakrabarti ,  Krystof C. Zmudzinski

IPC: G06F21/12 ,  G06F12/0817 ,  G06F12/14 ,  G06F13/24 ,  G06F12/0875 ,  G06F12/0811

CPC classification number: G06F21/12 ,  G06F12/0811 ,  G06F12/0822 ,  G06F12/0875 ,  G06F12/14 ,  G06F12/1425 ,  G06F13/24 ,  G06F2212/1052 ,  G06F2212/283 ,  G06F2212/452

Abstract: Instructions and logic fork processes and establish child enclaves in a secure enclave page cache (EPC). Instructions specify addresses for secure storage allocated to enclaves of a parent and a child process to store secure enclave control structure (SECS) data, application data, code, etc. The processor includes an EPC to store enclave data of the parent and child processes. Embodiments of the parent may execute, or a system may execute an instruction to copy parent SECS to secure storage for the child, initialize a unique child ID and link to the parent's SECS/ID. Embodiments of the child may execute, or the system may execute an instruction to copy pages from the parent enclave to the enclave of the child where both have the same key, set an entry for EPC mapping to partial completion, and record a page state in the child enclave, if interrupted. Thus copying can be resumed.

公开(公告)号：US20160364338A1

公开(公告)日：2016-12-15

申请号：US14738037

申请日：2015-06-12

Applicant: INTEL CORPORATION

Inventor： Krystof C. Zmudzinski ,  Siddhartha Chhabra ,  Uday R. Savagaonkar ,  Simon P. Johnson ,  Rebekah M. Leslie-Hurd ,  Francis X. McKeen ,  Gilbert Neiger ,  Raghunandan Makaram ,  Carlos V. Rozas ,  Amy L. Santoni ,  Vincent R. Scarlata ,  Vedvyas Shanbhogue ,  Ilya Alexandrovich ,  Ittai Anati ,  Wesley H. Smith ,  Michael Goldsmith

IPC: G06F12/10

CPC classification number: G06F12/1009 ,  G06F9/455 ,  G06F9/45558 ,  G06F12/1027 ,  G06F12/1036 ,  G06F12/1045 ,  G06F12/109 ,  G06F12/1441 ,  G06F2009/45583 ,  G06F2212/1016 ,  G06F2212/1052 ,  G06F2212/151 ,  G06F2212/657 ,  G06F2212/684

Abstract: A processor for supporting secure memory intent is disclosed. The processor of the disclosure includes a memory execution unit to access memory and a processor core coupled to the memory execution unit. The processor core is to receive a request to access a convertible page of the memory. In response to the request, the processor core to determine an intent for the convertible page in view of a page table entry (PTE) corresponding to the convertible page. The intent indicates whether the convertible page is to be accessed as at least one of a secure page or a non-secure page.

Abstract translation: 公开了一种用于支持安全存储器意图的处理器。 本公开的处理器包括存储器存储器执行单元和耦合到存储器执行单元的处理器核心。 处理器核心是接收访问存储器可转换页面的请求。 响应于该请求，处理器核心鉴于对应于可转换页面的页表项目（PTE）来确定可转换页面的意图。 意图表示可转换页面是作为安全页面还是非安全页面中的至少一个访问。

公开(公告)号：US20160246720A1

公开(公告)日：2016-08-25

申请号：US14629132

申请日：2015-02-23

Applicant: Intel Corporation

Inventor： Prashant Pandey ,  Mona Vij ,  Somnath Chakrabarti ,  Krystof C. Zmudzinski

IPC: G06F12/08 ,  G06F12/14 ,  G06F13/24 ,  G06F9/30

CPC classification number: G06F21/12 ,  G06F12/0811 ,  G06F12/0822 ,  G06F12/0875 ,  G06F12/14 ,  G06F12/1425 ,  G06F13/24 ,  G06F2212/1052 ,  G06F2212/283 ,  G06F2212/452

Abstract: Instructions and logic fork processes and establish child enclaves in a secure enclave page cache (EPC). Instructions specify addresses for secure storage allocated to enclaves of a parent and a child process to store secure enclave control structure (SECS) data, application data, code, etc. The processor includes an EPC to store enclave data of the parent and child processes. Embodiments of the parent may execute, or a system may execute an instruction to copy parent SECS to secure storage for the child, initialize a unique child ID and link to the parent's SECS/ID. Embodiments of the child may execute, or the system may execute an instruction to copy pages from the parent enclave to the enclave of the child where both have the same key, set an entry for EPC mapping to partial completion, and record a page state in the child enclave, if interrupted. Thus copying can be resumed.

Abstract translation: 指令和逻辑fork处理并在安全的飞地页面缓存（EPC）中建立子空间。 指令指定分配给父节点和子进程的子进程的安全存储地址，以存储安全区域控制结构（SECS）数据，应用程序数据，代码等。处理器包括用于存储父进程和子进程的飞地数据的EPC。 父级的实施例可以执行，或者系统可以执行复制父SECS以保护儿童的存储的指令，初始化唯一的子ID并链接到父级的SECS / ID。 子系统的实施例可以执行，或者系统可以执行将父页面的页面复制到具有相同密钥的小孩的飞地的指令，将用于EPC映射的条目设置为部分完成，并将页面状态记录在 孩子飞散，如果中断。 因此可以恢复复印。

公开(公告)号：US12242391B2

公开(公告)日：2025-03-04

申请号：US18378124

申请日：2023-10-09

Applicant: Intel Corporation

Inventor： Carlos V. Rozas ,  Mona Vij ,  Rebekah M. Leslie-Hurd ,  Krystof C. Zmudzinski ,  Somnath Chakrabarti ,  Francis X. McKeen ,  Vincent R. Scarlata ,  Simon P. Johnson ,  Ilya Alexandrovich ,  Gilbert Neiger ,  Vedvyas Shanbhogue ,  Ittai Anati

IPC: G06F12/14 ,  G06F8/41 ,  G06F9/30 ,  G06F9/455 ,  G06F21/53 ,  G06F21/60

Abstract: A processor includes a decode unit to decode an instruction that is to indicate a page of a protected container memory, and a storage location outside of the protected container memory. An execution unit, in response to the instruction, is to ensure that there are no writable references to the page of the protected container memory while it has a write protected state. The execution unit is to encrypt a copy of the page of the protected container memory. The execution unit is to store the encrypted copy of the page to the storage location outside of the protected container memory, after it has been ensured that there are no writable references. The execution unit is to leave the page of the protected container memory in the write protected state, which is also valid and readable, after the encrypted copy has been stored to the storage location.

公开(公告)号：US20210406201A1

公开(公告)日：2021-12-30

申请号：US17367349

申请日：2021-07-03

Applicant: Intel Corporation

Inventor： Carlos V. Rozas ,  Mona Vij ,  Rebekah M. Leslie-Hurd ,  Krystof C. Zmudzinski ,  Somnath Chakrabarti ,  Francis X. Mckeen ,  Vincent R. Scarlata ,  Simon P. Johnson ,  Ilya Alexandrovich ,  Gilbert Neiger ,  Vedvyas Shanbhogue ,  Ittai Anati

IPC: G06F12/14 ,  G06F21/60 ,  G06F9/30 ,  G06F21/53 ,  G06F8/41 ,  G06F9/455

Abstract: A processor includes a decode unit to decode an instruction that is to indicate a page of a protected container memory, and a storage location outside of the protected container memory. An execution unit, in response to the instruction, is to ensure that there are no writable references to the page of the protected container memory while it has a write protected state. The execution unit is to encrypt a copy of the page of the protected container memory. The execution unit is to store the encrypted copy of the page to the storage location outside of the protected container memory, after it has been ensured that there are no writable references. The execution unit is to leave the page of the protected container memory in the write protected state, which is also valid and readable, after the encrypted copy has been stored to the storage location.

公开(公告)号：US10540291B2

公开(公告)日：2020-01-21

申请号：US15592089

申请日：2017-05-10

Applicant: Intel Corporation

Inventor： Krystof C. Zmudzinski ,  Carlos V. Rozas ,  Francis X. McKeen ,  Rebekah M. Leslie-Hurd ,  Meltem Ozsoy ,  Somnath Chakrabarti ,  Mona Vij

IPC: G06F12/1027 ,  G06F12/1009 ,  G06F12/14 ,  G06F9/455

Abstract: Translation lookaside buffer (TLB) tracking and managing technologies are described. A processing device comprises a translation lookaside buffer (TLB) and a processing core to execute a virtual machine monitor (VMM), the VMM to manage a virtual machine (VM) including virtual processors. The processing core to execute, via the VM, a plurality of conversion instructions on at least one of the virtual processors to convert a plurality of non-secure pages to a plurality of secure pages. The processing core also to execute, via the VM, one or more allocation instructions on the at least one of the virtual processors to allocate at least one secure page of the plurality of secure pages, execution of the one or more allocation instructions to include determining whether the TLB is cleared of mappings to the at least one secure page prior to allocating the at least one secure page.

公开(公告)号：US20190324918A1

公开(公告)日：2019-10-24

申请号：US16402442

申请日：2019-05-03

Applicant: INTEL CORPORATION

Inventor： Krystof C. Zmudzinski ,  Siddhartha Chhabra ,  Uday R. Savagaonkar ,  Simon P. Johnson ,  Rebekah M. Leslie-Hurd ,  Francis X. McKeen ,  Gilbert Neiger ,  Raghunandan Makaram ,  Carlos V. Rozas ,  Amy L. Santoni ,  Vincent R. Scarlata ,  Vedvyas Shanbhogue ,  Ilya Alexandrovich ,  Ittai Anati ,  Wesley H. Smith ,  Michael Goldsmith

IPC: G06F12/1009 ,  G06F12/1036 ,  G06F12/1027 ,  G06F12/109 ,  G06F12/14 ,  G06F9/455

Abstract: A processor for supporting secure memory intent is disclosed. The processor of the disclosure includes a memory execution unit to access memory and a processor core coupled to the memory execution unit. The processor core is to receive a request to access a convertible page of the memory. In response to the request, the processor core to determine an intent for the convertible page in view of a page table entry (PTE) corresponding to the convertible page. The intent indicates whether the convertible page is to be accessed as at least one of a secure page or a non-secure page.

公开(公告)号：US20190095334A1

公开(公告)日：2019-03-28

申请号：US15719023

申请日：2017-09-28

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Krystof C. Zmudzinski ,  Carlos V. Rozas ,  Francis X. McKeen ,  Raghunandan Makaram ,  Ilya Alexandrovich ,  Ittai Anati ,  Meltem Ozsoy

IPC: G06F12/0862 ,  G06F12/0846 ,  G06F12/1027 ,  G06F12/14 ,  G06F12/1009

Abstract: Secure memory repartitioning technologies are described. Embodiments of the disclosure may include a processing device including a processing core and a memory controller coupled between the processor core and a memory device. The memory device includes a memory range including a section of convertible pages that are convertible to secure pages or non-secure pages. The processor core is to receive a non-secure access request to a page in the memory device, responsive to a determination, based on one or more secure state bits in one or more secure state bit arrays, that the page is a secure page, insert an abort page address into a translation lookaside buffer, and responsive to a determination, based on the one or more secure state bits in the one or more secure state bit arrays, that the page is a non-secure page, insert the page into the translation lookaside buffer.

公开(公告)号：US10089447B2

公开(公告)日：2018-10-02

申请号：US15621864

申请日：2017-06-13

Applicant: Intel Corporation

Inventor： Prashant Pandey ,  Mona Vij ,  Somnath Chakrabarti ,  Krystof C. Zmudzinski

IPC: G06F21/12 ,  G06F12/0817 ,  G06F12/14 ,  G06F13/24 ,  G06F12/0875 ,  G06F12/0811

Abstract: Instructions and logic fork processes and establish child enclaves in a secure enclave page cache (EPC). Instructions specify addresses for secure storage allocated to enclaves of a parent and a child process to store secure enclave control structure (SECS) data, application data, code, etc. The processor includes an EPC to store enclave data of the parent and child processes. Embodiments of the parent may execute, or a system may execute an instruction to copy parent SECS to secure storage for the child, initialize a unique child ID and link to the parent's SECS/ID. Embodiments of the child may execute, or the system may execute an instruction to copy pages from the parent enclave to the enclave of the child where both have the same key, set an entry for EPC mapping to partial completion, and record a page state in the child enclave, if interrupted. Thus copying can be resumed.