公开(公告)号：US09870467B2

公开(公告)日：2018-01-16

申请号：US14671346

申请日：2015-03-27

Applicant: Intel Corporation

Inventor： Prashant Pandey ,  Mona Vij ,  Somnath Chakrabarti ,  Krystof C. Zmudzinski

IPC: G06F9/46 ,  G06F21/53 ,  G06F21/57

CPC classification number: G06F21/53 ,  G06F21/57

Abstract: In an embodiment, at least one machine-readable storage medium includes instructions that when executed enable a system to receive, at a special library of a parent process located outside of a parent protected region of the parent process, from the parent protected region of the parent process, a call to create a child process and responsive to the call received at the special library, issue by the special library a first request and a second request. The first request is to execute, by a processor, a non-secure instruction to create the child process. The second request is to execute, by the processor, a first secure instruction to create a child protected region within the child process. Responsive to the first request the child process is to be created and responsive to the second request the child protected region is to be created. Other embodiments are described and claimed.

公开(公告)号：US10089447B2

公开(公告)日：2018-10-02

申请号：US15621864

申请日：2017-06-13

Applicant: Intel Corporation

Inventor： Prashant Pandey ,  Mona Vij ,  Somnath Chakrabarti ,  Krystof C. Zmudzinski

IPC: G06F21/12 ,  G06F12/0817 ,  G06F12/14 ,  G06F13/24 ,  G06F12/0875 ,  G06F12/0811

Abstract: Instructions and logic fork processes and establish child enclaves in a secure enclave page cache (EPC). Instructions specify addresses for secure storage allocated to enclaves of a parent and a child process to store secure enclave control structure (SECS) data, application data, code, etc. The processor includes an EPC to store enclave data of the parent and child processes. Embodiments of the parent may execute, or a system may execute an instruction to copy parent SECS to secure storage for the child, initialize a unique child ID and link to the parent's SECS/ID. Embodiments of the child may execute, or the system may execute an instruction to copy pages from the parent enclave to the enclave of the child where both have the same key, set an entry for EPC mapping to partial completion, and record a page state in the child enclave, if interrupted. Thus copying can be resumed.

公开(公告)号：US20160283409A1

公开(公告)日：2016-09-29

申请号：US14671346

申请日：2015-03-27

Applicant: Intel Corporation

Inventor： Prashant Pandey ,  Mona Vij ,  Somnath Chakrabarti ,  Krystof C. Zmudzinski

IPC: G06F12/14 ,  G11C7/10

CPC classification number: G06F21/53 ,  G06F21/57

Abstract: In an embodiment, at least one machine-readable storage medium includes instructions that when executed enable a system to receive, at a special library of a parent process located outside of a parent protected region of the parent process, from the parent protected region of the parent process, a call to create a child process and responsive to the call received at the special library, issue by the special library a first request and a second request. The first request is to execute, by a processor, a non-secure instruction to create the child process. The second request is to execute, by the processor, a first secure instruction to create a child protected region within the child process. Responsive to the first request the child process is to be created and responsive to the second request the child protected region is to be created. Other embodiments are described and claimed.

Abstract translation: 在一个实施例中，至少一个机器可读存储介质包括指令，当被执行时，系统可以在位于父进程的父保护区域之外的父进程的特殊库处接收来自父进程的父保护区域 父进程，调用创建子进程并响应在特殊库中接收的呼叫，由特殊库发出第一请求和第二请求。 第一个请求是由处理器执行非安全指令来创建子进程。 第二个请求是由处理器执行第一个安全指令，以在子进程中创建子保护区域。 响应于第一个请求，子进程将被创建并响应第二个请求创建子保护区域。 描述和要求保护其他实施例。

公开(公告)号：US20170286645A1

公开(公告)日：2017-10-05

申请号：US15621864

申请日：2017-06-13

Applicant: Intel Corporation

Inventor： Prashant Pandey ,  Mona Vij ,  Somnath Chakrabarti ,  Krystof C. Zmudzinski

IPC: G06F21/12 ,  G06F12/0875 ,  G06F13/24 ,  G06F12/0811 ,  G06F12/0817 ,  G06F12/14

CPC classification number: G06F21/12 ,  G06F12/0811 ,  G06F12/0822 ,  G06F12/0875 ,  G06F12/14 ,  G06F12/1425 ,  G06F13/24 ,  G06F2212/1052 ,  G06F2212/283 ,  G06F2212/452

Abstract: Instructions and logic fork processes and establish child enclaves in a secure enclave page cache (EPC). Instructions specify addresses for secure storage allocated to enclaves of a parent and a child process to store secure enclave control structure (SECS) data, application data, code, etc. The processor includes an EPC to store enclave data of the parent and child processes. Embodiments of the parent may execute, or a system may execute an instruction to copy parent SECS to secure storage for the child, initialize a unique child ID and link to the parent's SECS/ID. Embodiments of the child may execute, or the system may execute an instruction to copy pages from the parent enclave to the enclave of the child where both have the same key, set an entry for EPC mapping to partial completion, and record a page state in the child enclave, if interrupted. Thus copying can be resumed.

公开(公告)号：US09710622B2

公开(公告)日：2017-07-18

申请号：US14629132

申请日：2015-02-23

Applicant: INTEL CORPORATION

Inventor： Prashant Pandey ,  Mona Vij ,  Somnath Chakrabarti ,  Krystof C. Zmudzinski

IPC: G06F21/12 ,  G06F12/0817 ,  G06F12/14 ,  G06F13/24 ,  G06F12/0875 ,  G06F12/0811

CPC classification number: G06F21/12 ,  G06F12/0811 ,  G06F12/0822 ,  G06F12/0875 ,  G06F12/14 ,  G06F12/1425 ,  G06F13/24 ,  G06F2212/1052 ,  G06F2212/283 ,  G06F2212/452

Abstract: Instructions and logic fork processes and establish child enclaves in a secure enclave page cache (EPC). Instructions specify addresses for secure storage allocated to enclaves of a parent and a child process to store secure enclave control structure (SECS) data, application data, code, etc. The processor includes an EPC to store enclave data of the parent and child processes. Embodiments of the parent may execute, or a system may execute an instruction to copy parent SECS to secure storage for the child, initialize a unique child ID and link to the parent's SECS/ID. Embodiments of the child may execute, or the system may execute an instruction to copy pages from the parent enclave to the enclave of the child where both have the same key, set an entry for EPC mapping to partial completion, and record a page state in the child enclave, if interrupted. Thus copying can be resumed.

公开(公告)号：US20160246720A1

公开(公告)日：2016-08-25

申请号：US14629132

申请日：2015-02-23

Applicant: Intel Corporation

Inventor： Prashant Pandey ,  Mona Vij ,  Somnath Chakrabarti ,  Krystof C. Zmudzinski

IPC: G06F12/08 ,  G06F12/14 ,  G06F13/24 ,  G06F9/30

CPC classification number: G06F21/12 ,  G06F12/0811 ,  G06F12/0822 ,  G06F12/0875 ,  G06F12/14 ,  G06F12/1425 ,  G06F13/24 ,  G06F2212/1052 ,  G06F2212/283 ,  G06F2212/452

Abstract: Instructions and logic fork processes and establish child enclaves in a secure enclave page cache (EPC). Instructions specify addresses for secure storage allocated to enclaves of a parent and a child process to store secure enclave control structure (SECS) data, application data, code, etc. The processor includes an EPC to store enclave data of the parent and child processes. Embodiments of the parent may execute, or a system may execute an instruction to copy parent SECS to secure storage for the child, initialize a unique child ID and link to the parent's SECS/ID. Embodiments of the child may execute, or the system may execute an instruction to copy pages from the parent enclave to the enclave of the child where both have the same key, set an entry for EPC mapping to partial completion, and record a page state in the child enclave, if interrupted. Thus copying can be resumed.

Abstract translation: 指令和逻辑fork处理并在安全的飞地页面缓存（EPC）中建立子空间。 指令指定分配给父节点和子进程的子进程的安全存储地址，以存储安全区域控制结构（SECS）数据，应用程序数据，代码等。处理器包括用于存储父进程和子进程的飞地数据的EPC。 父级的实施例可以执行，或者系统可以执行复制父SECS以保护儿童的存储的指令，初始化唯一的子ID并链接到父级的SECS / ID。 子系统的实施例可以执行，或者系统可以执行将父页面的页面复制到具有相同密钥的小孩的飞地的指令，将用于EPC映射的条目设置为部分完成，并将页面状态记录在 孩子飞散，如果中断。 因此可以恢复复印。