公开(公告)号：US20230418608A1

公开(公告)日：2023-12-28

申请号：US17848142

申请日：2022-06-23

Applicant: Intel Corporation

Inventor： David M. Durham ,  Michael LeMay ,  Karanvir Grewal

IPC: G06F9/30 ,  G06F9/38

CPC classification number: G06F9/30145 ,  G06F9/30029 ,  G06F9/30105 ,  G06F9/3836

Abstract: Techniques for an instruction for a conditional jump operation (such as a Jump True operation) to detect memory corruption are described. An example apparatus comprises decoder circuitry to decode a single instruction, the single instruction to include fields for identifiers of a source operand, a destination operand, and a field for an opcode, the opcode to indicate execution circuitry is to generate an exception when a value of the source operand is not a first value and not a second value, execute a next instruction when the value of the source operand is the first value, and jump to a destination indicated by the destination operand when the value of the source operand is the second value. Other examples are described and claimed.

公开(公告)号：US11841806B1

公开(公告)日：2023-12-12

申请号：US17444203

申请日：2021-08-02

Applicant: Intel Corporation

Inventor： Siddhartha Chhabra ,  David M. Durham

IPC: G06F21/00 ,  G06F12/14 ,  G06F21/64 ,  G06F21/72 ,  H04L9/40 ,  H04L9/14 ,  G06F21/60 ,  H04L9/32 ,  G06F21/71 ,  H04L9/06 ,  G06F21/53 ,  G06F21/52 ,  H04L9/08

CPC classification number: G06F12/1408 ,  G06F21/52 ,  G06F21/53 ,  G06F21/602 ,  G06F21/64 ,  G06F21/71 ,  G06F21/72 ,  H04L9/0631 ,  H04L9/0637 ,  H04L9/0894 ,  H04L9/14 ,  H04L9/3273 ,  H04L63/0428 ,  H04L63/061 ,  H04L63/126 ,  H04L63/1466 ,  H04L2463/062

Abstract: In one embodiment, a multi-tenant computing system includes at least one processor including a plurality of cores on which a plurality of agents of a plurality of tenants of the multi-tenant computing system are to execute, a configuration storage, and a memory execution circuit. The configuration storage includes a first configuration register to store configuration information associated with the memory execution circuit. The first configuration register is to store a mode identifier to identify a mode of operation of the memory execution circuit. The memory execution circuit, in a first mode of operation, is to receive encrypted data of a first tenant of the plurality of tenants, the encrypted data encrypted by the first tenant, generate an integrity value for the encrypted data, and send the encrypted data and the integrity value to a memory, wherein the integrity value is not visible to the software of the multi-tenant computing system. A memory coupled to the at least one processor is to store the encrypted data and the integrity value.

公开(公告)号：US11782826B2

公开(公告)日：2023-10-10

申请号：US17539933

申请日：2021-12-01

Applicant: Intel Corporation

Inventor： David M. Durham ,  Michael LeMay

IPC: G06F12/02 ,  G06F12/0853 ,  G06F11/10 ,  G06F9/50 ,  G06F21/60 ,  G06F12/0871

CPC classification number: G06F12/0246 ,  G06F9/5016 ,  G06F11/1068 ,  G06F12/0223 ,  G06F12/0853 ,  G06F12/0871 ,  G06F21/602

Abstract: A memory controller is to store a unique tag at the mid-point address within each of allocated memory portions. In addition to the tag data, additional metadata may be stored at the mid-point address of the memory allocation. For each memory access operation, an encoded pointer contains information indicative of a size of the memory allocation as well as its own tag data. The processor circuitry compares the tag data included in the encoded pointer with the tag data stored in the memory allocation. If the tag data included in the encoded pointer matches the tag data stored in the memory allocation, the memory operation proceeds. If the tag data included in the encoded pointer fails to match the tag data stored in the memory allocation, an error or exception is generated.

公开(公告)号：US11704297B2

公开(公告)日：2023-07-18

申请号：US17868467

申请日：2022-07-19

Applicant: Intel Corporation

Inventor： Michael E. Kounavis ,  Santosh Ghosh ,  Sergej Deutsch ,  Michael LeMay ,  David M. Durham

IPC: G06F16/22 ,  G06F16/2457 ,  G06F16/2455 ,  G06F9/38 ,  G06F21/60 ,  G06F21/62 ,  H03M13/00

CPC classification number: G06F16/2255 ,  G06F9/3885 ,  G06F16/24552 ,  G06F16/24573 ,  G06F21/602 ,  G06F21/6218 ,  H03M13/6516

Abstract: Embodiments are directed to collision-free hashing for accessing cryptographic computing metadata and for cache expansion. An embodiment of an apparatus includes one or more processors to: receive a physical address; compute a set of hash functions using a set of different indexes corresponding to the set of hash functions, wherein the set of hash functions combine additions, bit-level reordering, bit-linear mixing, and wide substitutions, wherein the plurality of hash functions differ in the bit-linear mixing; access a plurality of cache units utilizing the set of hash functions; read different sets of the plurality of cache units in parallel, where a set of the different sets is obtained from each cache unit of the plurality of cache units; and responsive to the physical address being located one of the different sets, return cache line data of the set corresponding to the set of the cache unit having the physical address.

公开(公告)号：US11531750B2

公开(公告)日：2022-12-20

申请号：US16937155

申请日：2020-07-23

Applicant: Intel Corporation

Inventor： David M. Durham ,  Karanvir S. Grewal ,  Sergej Deutsch ,  Michael Lemay

IPC: G06F9/455 ,  G06F21/53 ,  G06F21/57 ,  H04L9/40

Abstract: Systems, apparatuses and methods may provide for technology that associates a key domain of a plurality of key domains with a customer boot image, receives the customer boot image from the customer, and verifies the integrity of the customer boot image that is to be securely installed at memory locations determined from an untrusted privileged entity (e.g., a virtual machine manager).

公开(公告)号：US11496486B2

公开(公告)日：2022-11-08

申请号：US17319135

申请日：2021-05-13

Applicant: Intel Corporation

Inventor： Michael Kounavis ,  Amitabh Das ,  Sergej Deutsch ,  Karanvir S. Grewal ,  David M. Durham

IPC: H04L29/06 ,  H04L9/40 ,  H04L9/06

Abstract: A data processing system includes technology to enable implicit integrity to be used for digital communications. That technology comprises a hardware processor and an implicit integrity engine (IIE) responsive to the processor. For instance, in response to the data processing system receiving a communication that contains a message, the IIE is to automatically analyze the communication to determine whether the message was sent with implicit integrity. If the message was sent with implicit integrity, the IIE is to automatically use a pattern matching algorithm to analyze entropy characteristics of a plaintext version of the message, and to automatically determine whether the message has low entropy, based on results of the pattern matching algorithm and a predetermined entropy threshold. If the message does not have low entropy, the IIE is to automatically determine that the message has been corrupted. Other embodiments are described and claimed.

公开(公告)号：US20220343029A1

公开(公告)日：2022-10-27

申请号：US17855261

申请日：2022-06-30

Applicant: Intel Corporation

Inventor： Salmin Sultana ,  Michael LeMay ,  David M. Durham ,  Karanvir S. Grewal ,  Sergej Deutsch

IPC: G06F21/71 ,  G06F9/30

Abstract: Technologies provide domain isolation using encoded pointers to data and code. A system may be configured for decoding an encoded pointer to obtain a linear address of an encrypted code block of a first software component in memory. The first software component shares a linear address space of the memory with a plurality of software components. A processor uses the linear address to access the encrypted code block, determines a relative position of the encrypted code block within a memory slot of the linear address space, and decrypts the encrypted code block to generate a decrypted code block using a code key and a code tweak. The code tweak includes a relative position of the encrypted code block in the address space and domain metadata that uniquely identifies the software component. In some scenarios, the software component may be position independent code and may be relocatable to different address spaces.

公开(公告)号：US11409662B2

公开(公告)日：2022-08-09

申请号：US17321087

申请日：2021-05-14

Applicant: Intel Corporation

Inventor： David M. Durham ,  Jacob Doweck ,  Michael Lemay ,  Deepak Gupta

IPC: G06F12/10 ,  G06F12/1027

Abstract: An apparatus and method for efficient process-based compartmentalization. For example, one embodiment of a processor comprises: execution circuitry to execute instructions and process data; memory management circuitry coupled to the execution circuitry, the memory management circuitry to manage access to a system memory by a plurality of related processes using one or more process-specific translation structures and one or more shared translation structures to be shared by the related processes; and one or more control registers to store a process-specific base address pointer associated with a first process of the plurality of related processes and to store a shared base address pointer to identify the shared translation structures; wherein the memory management circuitry is to use the process-specific base address pointer in combination with a first linear address provided by the first process to walk the process-specific translation structures to identify any permissions and/or physical address associated with the first linear address, wherein if permissions are identified, the memory management circuitry is to use the permissions in place of any permissions specified in the shared translation structures.

公开(公告)号：US20220224510A1

公开(公告)日：2022-07-14

申请号：US17706288

申请日：2022-03-28

Applicant: Intel Corporation

Inventor： Eugene M. Kishinevsky ,  Uday Savagaonkar ,  Alpa T. Narendra Trivedi ,  Siddhartha Chhabra ,  Baiju V. Patel ,  Men Long ,  Kirk S. Yap ,  David M. Durham

IPC: H04L9/06 ,  G06F12/14 ,  G09C1/00 ,  G06F21/85 ,  G06F21/60

Abstract: Encryption interface technologies are described. A processor can include a system agent, an encryption interface, and a memory controller. The system agent can communicate data with a hardware functional block. The encryption interface can be coupled between the system agent and a memory controller. The encryption interface can receive a plaintext request from the system agent, encrypt the plaintext request to obtain an encrypted request, and communicate the encrypted request to the memory controller. The memory controller can communicate the encrypted request to a main memory of the computing device.

公开(公告)号：US20220222186A1

公开(公告)日：2022-07-14

申请号：US17705857

申请日：2022-03-28

Applicant: Intel Corporation

Inventor： David M. Durham ,  Ron Gabor

IPC: G06F12/14 ,  G06F21/60 ,  G06F21/62 ,  G06F21/57

Abstract: Embodiments are directed to memory protection with hidden inline metadata. An embodiment of an apparatus includes processor cores; a computer memory for the storage of data; and cache memory communicatively coupled with one or more of the processor cores, wherein one or more processor cores of the plurality of processor cores are to implant hidden inline metadata in one or more cachelines for the cache memory, the hidden inline metadata being hidden at a linear address level.