-
公开(公告)号:US20220207146A1
公开(公告)日:2022-06-30
申请号:US17134341
申请日:2020-12-26
Applicant: Intel Corporation
Inventor: Carlos Rozas , Fangfei Liu , Xiang Zou , Francis McKeen , Jason W. Brandt , Joseph Nuzman , Alaa Alameldeen , Abhishek Basak , Scott Constable , Thomas Unterluggauer , Asit Mallick , Matthew Fernandez
Abstract: Embodiments for dynamically mitigating speculation vulnerabilities are disclosed. In an embodiment, an apparatus includes decode circuitry and load circuitry coupled to the decode circuitry. The decode circuitry is to decode a load hardening instruction to mitigate vulnerability to a speculative execution attack. The load circuitry is to be hardened in response to the load hardening instruction.
-
42.发明授权公开(公告)号:US11373013B2
公开(公告)日:2022-06-28
申请号:US16234871
申请日:2018-12-28
Applicant: Intel Corporation
Inventor: Luis Kida , Krystof Zmudzinski , Reshma Lal , Pradeep Pappachan , Abhishek Basak , Anna Trikalinou
Abstract: Technologies for secure I/O include a compute device having a processor, a memory, an input/output (I/O) device, and a filter logic. The filter logic is configured to receive a first key identifier from the processor, wherein the first key identifier is indicative of a shared memory range includes a shared key identifier range to be used for untrusted I/O devices and receive a transaction from the I/O device, wherein the transaction includes a second key identifier and a trust device ID indicator associated with the I/O device. The filter logic is further configured to determine whether the transaction is asserted with the trust device ID indicator indicative of whether the I/O device is assigned to a trust domain and determine, in response to a determination that the transaction is not asserted with the trust device ID indicator, whether the second key identifier matches the first key identifier.
-
公开(公告)号:US20220121578A1
公开(公告)日:2022-04-21
申请号:US17560360
申请日:2021-12-23
Applicant: Intel Corporation
Inventor: Abhishek Basak , Santosh Ghosh , Michael D. LeMay , David M. Durham
IPC: G06F12/1027 , G06F9/38
Abstract: In one embodiment, a processor includes circuitry to decode an instruction referencing an encoded data pointer that includes a set of plaintext linear address bits and a set of encrypted linear address bits. The processor also includes circuitry to perform a speculative lookup in a translation lookaside buffer (TLB) using the plaintext linear address bits to obtain physical address, buffer a set of architectural predictor state values based on the speculative TLB lookup, and speculatively execute the instruction using the physical address obtained from the speculative TLB lookup. The processor also includes circuitry to determine whether the speculative TLB lookup was correct and update a set of architectural predictor state values of the core using the buffered architectural predictor state values based on a determination that the speculative TLB lookup was correct.
-
公开(公告)号:US20220100907A1
公开(公告)日:2022-03-31
申请号:US17547875
申请日:2021-12-10
Applicant: Intel Corporation
Inventor: Abhishek Basak , Salmin Sultana , Santosh Ghosh , Michael D. LeMay , Karanvir S. Grewal , David M. Durham
Abstract: In one embodiment, a processor includes a memory hierarchy that stores encrypted data, tracking circuitry that tracks an execution context for instructions executed by the processor, and cryptographic computing circuitry to encrypt/decrypt data that is stored in the memory hierarchy. The cryptographic computing circuitry obtains context information from the tracking circuitry for a load instruction to be executed by the processor, where the context information indicates information about branch predictions made by a branch prediction unit of the processor, and decrypts the encrypted data using a key and the context information as a tweak input to the decryption.
-
公开(公告)号:US20200372188A1
公开(公告)日:2020-11-26
申请号:US16993469
申请日:2020-08-14
Applicant: Intel Corporation
Inventor: Abhishek Basak , Pradeep Pappachan , Siddhartha Chhabra , Alpa Narendra Trivedi , Erdem Aktas , Ravi Sahita
Abstract: An apparatus to facilitate security of a shared memory resource is disclosed. The apparatus includes a memory device to store memory data, wherein the memory device comprises a plurality of private memory pages associated with one or more trusted domains and a cryptographic engine to encrypt and decrypt the memory data, including a key encryption table having a key identifier associated with each trusted domain to access a private memory page, wherein a first key identifier is generated to perform direct memory access (DMA) transfers for each of a plurality of input/output (I/O) devices.
-
Patent Agency Ranking
公开(公告)号:US20190138720A1
公开(公告)日:2019-05-09
申请号:US16222785
申请日:2018-12-17
Applicant: Intel Corporation
Inventor: Ken Grewal , Ravi Sahita , David Durham , Erdem Aktas , Sergej Deutsch , Abhishek Basak
IPC: G06F21/55 , G06F9/38 , G06F12/0891 , G06F12/14
Abstract: The present disclosure is directed to systems and methods that maintain consistency between a system architectural state and a microarchitectural state in the system cache circuitry to prevent a side-channel attack from accessing secret information. Speculative execution of one or more instructions by the processor circuitry causes memory management circuitry to transition the cache circuitry from a first microarchitectural state to a second microarchitectural state. The memory management circuitry maintains the cache circuitry in the second microarchitectural state in response to a successful completion and/or retirement of the speculatively executed instruction. The memory management circuitry reverts the cache circuitry from the second microarchitectural state to the first microarchitectural state in response to an unsuccessful completion, flushing, and/or retirement of the speculatively executed instruction.
-
公开(公告)号:US11681533B2
公开(公告)日:2023-06-20
申请号:US16443593
申请日:2019-06-17
Applicant: Intel Corporation
Inventor: Ron Gabor , Alaa Alameldeen , Abhishek Basak , Fangfei Liu , Francis McKeen , Joseph Nuzman , Carlos Rozas , Igor Yanover , Xiang Zou
IPC: G06F9/30 , G06F9/38 , G06F12/1027 , G06F21/57
CPC classification number: G06F9/3842 , G06F9/30043 , G06F9/30047 , G06F9/30101 , G06F9/30189 , G06F12/1027 , G06F21/57 , G06F2212/68 , G06F2221/034
Abstract: Embodiments of methods and apparatuses for restricted speculative execution are disclosed. In an embodiment, a processor includes configuration storage, an execution circuit, and a controller. The configuration storage is to store an indicator to enable a restricted speculative execution mode of operation of the processor, wherein the processor is to restrict speculative execution when operating in restricted speculative execution mode. The execution circuit is to perform speculative execution. The controller to restrict speculative execution by the execution circuit when the restricted speculative execution mode is enabled.
-
公开(公告)号:US11416415B2
公开(公告)日:2022-08-16
申请号:US16444053
申请日:2019-06-18
Applicant: Intel Corporation
Inventor: Reshma Lal , Pradeep M. Pappachan , Luis Kida , Krystof Zmudzinski , Siddhartha Chhabra , Abhishek Basak , Alpa Narendra Trivedi , Anna Trikalinou , David M. Lee , Vedvyas Shanbhogue , Utkarsh Y. Kakaiya
IPC: G06F12/14 , H04L9/32 , G06F21/76 , G06F21/60 , H04L9/08 , G06F9/455 , G06F21/57 , G06F21/64 , H04L41/28 , G06F21/79 , H04L41/046 , H04L9/06 , G06F9/38 , G06F12/0802
Abstract: Technologies for secure device configuration and management include a computing device having an I/O device. A trusted agent of the computing device is trusted by a virtual machine monitor of the computing device. The trusted agent securely commands the I/O device to enter a trusted I/O mode, securely commands the I/O device to set a global lock on configuration registers, receives configuration data from the I/O device, and provides the configuration data to a trusted execution environment. In the trusted I/O mode, the I/O device rejects a configuration command if a configuration register associated with the configuration command is locked and the configuration command is not received from the trusted agent. The trusted agent may provide attestation information to the trusted execution environment. The trusted execution environment may verify the configuration data and the attestation information. Other embodiments are described and claimed.
-
公开(公告)号:US20220206818A1
公开(公告)日:2022-06-30
申请号:US17134334
申请日:2020-12-26
Applicant: Intel Corporation
Inventor: Alaa Alameldeen , Carlos Rozas , Fangfei Liu , Xiang Zou , Francis McKeen , Jason W. Brandt , Joseph Nuzman , Abhishek Basak , Scott Constable , Thomas Unterluggauer , Asit Mallick , Matthew Fernandez
Abstract: Embodiments for dynamically mitigating speculation vulnerabilities are disclosed. In an embodiment, an apparatus includes decode circuitry and execution circuitry coupled to the decode circuitry. The decode circuitry is to decode a single instruction to mitigate vulnerability to a speculative execution attack. The execution circuitry is to be hardened in response to the single instruction.
-
公开(公告)号:US20220100911A1
公开(公告)日:2022-03-31
申请号:US17548170
申请日:2021-12-10
Applicant: Intel Corporation
Inventor: Anna Trikalinou , Abhishek Basak , Rupin H. Vakharwala , Utkarsh Y. Kakaiya
Abstract: In one embodiment, a read request is received from a peripheral device across an interconnect, with the read request including a process identifier and an encrypted virtual address. One or more keys are obtained based on the process identifier of the read request, and the encrypted virtual address of the read request is decrypted based on the one or more keys to obtain an unencrypted virtual address. Encrypted data is retrieved from memory based on the unencrypted virtual address, and the encrypted data is decrypted based on the one or more keys to obtain plaintext data. The plaintext data is transmitted to the peripheral device across the interconnect.
-
-
-
-
-
-
-
-
-
Search Results
59
records
(took 0.028 seconds)
