-
公开(公告)号:US10135622B2
公开(公告)日:2018-11-20
申请号:US15279527
申请日:2016-09-29
Applicant: Intel Corporation
Inventor: Vincent R. Scarlata , Francis X. McKeen , Carlos V. Rozas , Simon P. Johnson , Bo Zhang , James D. Beaney, Jr. , Piotr Zmijewski , Wesley H. Smith , Eduardo Cabre
Abstract: A computing platform implements one or more secure enclaves including a first provisioning enclave to interface with a first provisioning service to obtain a first attestation key from the first provisioning service, a second provisioning enclave to interface with a different, second provisioning service to obtain a second attestation key from the second provisioning service, and a provisioning certification enclave to sign first data from the first provisioning enclave and second data from the second provisioning enclave using a hardware-based provisioning attestation key. The signed first data is used by the first provisioning enclave to authenticate to the first provisioning service to obtain the first attestation key and the signed second data is used by the second provisioning enclave to authenticate to the second provisioning service to obtain the second attestation key.
-
公开(公告)号:US09747102B2
公开(公告)日:2017-08-29
申请号:US13729371
申请日:2012-12-28
Applicant: Intel Corporation
Inventor: Rebekah Leslie , Carlos V. Rozas , Vincent R. Scarlata , Simon P. Johnson , Uday R. Savagaonkar , Barry E. Huntley , Vedvyas Shanbhogue , Ittai Anati , Francis X. Mckeen , Michael A. Goldsmith , Ilya Alexandrovich , Alex Berenzon , Wesley H. Smith , Gilbert G. Neiger
IPC: G06F12/00 , G06F9/30 , G06F9/44 , G06F12/084 , G06F12/14
CPC classification number: G06F9/3004 , G06F9/30047 , G06F9/30076 , G06F9/44 , G06F12/084 , G06F12/0875 , G06F12/1483 , G06F2212/452
Abstract: Embodiments of an invention for memory management in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction and a second instruction. The execution unit is to execute the first instruction, wherein execution of the first instruction includes allocating a page in an enclave page cache to a secure enclave. The execution unit is also to execute the second instruction, wherein execution of the second instruction includes confirming the allocation of the page.
-
公开(公告)号:US20230042288A1
公开(公告)日:2023-02-09
申请号:US17867306
申请日:2022-07-18
Applicant: Intel Corporation
Inventor: Krystof C. Zmudzinski , Siddhartha Chhabra , Uday R. Savagaonkar , Simon P. Johnson , Rebekah M. Leslie-Hurd , Francis X. McKeen , Gilbert Neiger , Raghunandan Makaram , Carlos V. Rozas , Amy L. Santoni , Vincent R. Scarlata , Vedvyas Shanbhogue , Ilya Alexandrovich , Ittai Anati , Wesley H. Smith , Michael Goldsmith
IPC: G06F12/1009 , G06F12/1027 , G06F12/1036 , G06F12/109 , G06F12/14 , G06F9/455
Abstract: A processor for supporting secure memory intent is disclosed. The processor of the disclosure includes a memory execution unit to access memory and a processor core coupled to the memory execution unit. The processor core is to receive a request to access a convertible page of the memory. In response to the request, the processor core to determine an intent for the convertible page in view of a page table entry (PTE) corresponding to the convertible page. The intent indicates whether the convertible page is to be accessed as at least one of a secure page or a non-secure page.
-
公开(公告)号:US20210255962A1
公开(公告)日:2021-08-19
申请号:US17156175
申请日:2021-01-22
Applicant: Intel Corporation
Inventor: Krystof C. Zmudzinski , Siddhartha Chhabra , Uday R. Savagaonkar , Simon P. Johnson , Rebekah M. Leslie-Hurd , Francis X. McKeen , Gilbert Neiger , Raghunandan Makaram , Carlos V. Rozas , Amy L. Santoni , Vincent R. Scarlata , Vedvyas Shanbhogue , Ilya Alexandrovich , Ittai Anati , Wesley H. Smith , Michael Goldsmith
IPC: G06F12/1009 , G06F12/1027 , G06F12/1036 , G06F12/109 , G06F12/14 , G06F9/455
Abstract: A processor for supporting secure memory intent is disclosed. The processor of the disclosure includes a memory execution unit to access memory and a processor core coupled to the memory execution unit. The processor core is to receive a request to access a convertible page of the memory. In response to the request, the processor core to determine an intent for the convertible page in view of a page table entry (PTE) corresponding to the convertible page. The intent indicates whether the convertible page is to be accessed as at least one of a secure page or a non-secure page.
-
公开(公告)号:US09767044B2
公开(公告)日:2017-09-19
申请号:US14034813
申请日:2013-09-24
Applicant: Intel Corporation
Inventor: Siddhartha Chhabra , Uday R. Savagaonkar , Michael A. Goldsmith , Simon P. Johnson , Rebekah M. Leslie-Hurd , Francis X. McKeen , Gilbert Neiger , Raghunandan Makaram , Carlos V. Rozas , Amy L. Santoni , Vincent R. Scarlata , Vedvyas Shanbhogue , Wesley H. Smith , Ittai Anati , Ilya Alexandrovich
IPC: G06F12/00 , G06F12/14 , G06F12/0808 , G06F12/1027 , G06F9/455 , G06F12/0897
CPC classification number: G06F12/1408 , G06F9/45558 , G06F12/0808 , G06F12/0897 , G06F12/1027 , G06F2009/45587 , G06F2212/1032 , G06F2212/1048 , G06F2212/152
Abstract: Secure memory repartitioning technologies are described. A processor includes a processor core and a memory controller coupled between the processor core and main memory. The main memory includes a memory range including a section of convertible pages that are convertible to secure pages or non-secure pages. The processor core, in response to a page conversion instruction, is to determine from the instruction a convertible page in the memory range to be converted and convert the convertible page to be at least one of a secure page or a non-secure page. The memory range may also include a hardware reserved section that is convertible in response to a section conversion instruction.
-
Patent Agency Ranking
公开(公告)号:US09323686B2
公开(公告)日:2016-04-26
申请号:US13729277
申请日:2012-12-28
Applicant: Intel Corporation
Inventor: Francis X. Mckeen , Michael A. Goldsmith , Barry E. Huntley , Simon P. Johnson , Rebekah Leslie , Carlos V. Rozas , Uday R. Savagaonkar , Vincent R. Scarlata , Vedvyas Shanbhogue , Wesley H. Smith , Ittai Anati , Ilya Alexandrovich , Alex Berenzon , Gilbert Neiger
CPC classification number: G06F12/0804 , G06F9/30047 , G06F12/0875 , G06F12/1408 , G06F2212/1052 , G06F2212/402
Abstract: Embodiments of an invention for paging in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction. The execution unit is to execute the first instruction, wherein execution of the first instruction includes evicting a first page from an enclave page cache.
Abstract translation: 公开了用于在安全飞行器中寻呼的发明的实施例。 在一个实施例中,处理器包括指令单元和执行单元。 指令单元接收第一条指令。 执行单元执行第一指令,其中第一指令的执行包括从飞地页面缓存中逐出第一页。
-
公开(公告)号:US20160042184A1
公开(公告)日:2016-02-11
申请号:US14919350
申请日:2015-10-21
Applicant: Intel Corporation
Inventor: Francis X. Mckeen , Michael A. Goldsmith , Barrey E. Huntley , Simon P. Johnson , Rebekah M. Leslie-Hurd , Carlos V. Rozas , Uday R. Savagaonkar , Vincent R. Scarlata , Vedvyas Shanbhogue , Wesley H. Smith , Gilbert Neiger
CPC classification number: G06F21/60 , G06F12/0875 , G06F12/14 , G06F12/145 , G06F21/72 , G06F2212/1052 , G06F2212/152 , G06F2212/452
Abstract: Embodiments of an invention for logging in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction having an associated enclave page cache address. The execution unit is to execute the instruction without causing a virtual machine exit, wherein execution of the instruction includes logging the instruction and the associated enclave page cache address.
Abstract translation: 公开了用于登录安全飞行器的发明的实施例。 在一个实施例中,处理器包括指令单元和执行单元。 该指令单元用于接收具有关联的飞地页面缓存地址的指令。 执行单元执行指令而不引起虚拟机退出,其中指令的执行包括记录指令和关联的飞地页面缓存地址。
-
8.发明授权公开(公告)号:US10592421B2
公开(公告)日:2020-03-17
申请号:US15250787
申请日:2016-08-29
Applicant: Intel Corporation
Inventor: Carlos V. Rozas , Ilya Alexandrovich , Ittai Anati , Alex Berenzon , Michael A. Goldsmith , Barry E. Huntley , Anton Ivanov , Simon P. Johnson , Rebekah M. Leslie-Hurd , Francis X. McKeen , Gilbert Neiger , Rinat Rappoport , Scott D. Rodgers , Uday R. Savagaonkar , Vincent R. Scarlata , Vedvyas Shanbhogue , Wesley H. Smith , William C. Wood
IPC: G06F12/00 , G06F12/08 , G06F13/00 , G06F12/0875 , G06F12/0808 , G06F12/1027
Abstract: Instructions and logic provide advanced paging capabilities for secure enclave page caches. Embodiments include multiple hardware threads or processing cores, a cache to store secure data for a shared page address allocated to a secure enclave accessible by the hardware threads. A decode stage decodes a first instruction specifying said shared page address as an operand, and execution units mark an entry corresponding to an enclave page cache mapping for the shared page address to block creation of a new translation for either of said first or second hardware threads to access the shared page. A second instruction is decoded for execution, the second instruction specifying said secure enclave as an operand, and execution units record hardware threads currently accessing secure data in the enclave page cache corresponding to the secure enclave, and decrement the recorded number of hardware threads when any of the hardware threads exits the secure enclave.
-
公开(公告)号:US10409597B2
公开(公告)日:2019-09-10
申请号:US15972573
申请日:2018-05-07
Applicant: Intel Corporation
Inventor: Rebekah Leslie-Hurd , Carlos V. Rozas , Vincent R. Scarlata , Simon P. Johnson , Uday R. Savagaonkar , Barry E. Huntley , Vedvyas Shanbhogue , Ittai Anati , Francis X. Mckeen , Michael A. Goldsmith , Ilya Alexandrovich , Alex Berenzon , Wesley H. Smith , Gilbert Neiger
IPC: G06F12/00 , G06F9/30 , G06F12/0875 , G06F9/44 , G06F12/084 , G06F12/14
Abstract: Embodiments of an invention for memory management in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction and a second instruction. The execution unit is to execute the first instruction, wherein execution of the first instruction includes allocating a page in an enclave page cache to a secure enclave. The execution unit is also to execute the second instruction, wherein execution of the second instruction includes confirming the allocation of the page.
-
公开(公告)号:US20170353319A1
公开(公告)日:2017-12-07
申请号:US15279527
申请日:2016-09-29
Applicant: Intel Corporation
Inventor: Vincent R. Scarlata , Francis X. McKeen , Carlos V. Rozas , Simon P. Johnson , Bo Zhang , James D. Beaney, JR. , Piotr Zmijewski , Wesley H. Smith , Eduardo Cabre
CPC classification number: H04L9/3252 , G06F21/44 , G06F21/53 , G09C1/00 , H04L9/0866 , H04L9/14 , H04L9/302 , H04L9/3066 , H04L9/3234 , H04L9/3247 , H04L9/3249 , H04L63/06 , H04L63/062 , H04L63/0823 , H04L63/12 , H04L2209/127
Abstract: A computing platform implements one or more secure enclaves including a first provisioning enclave to interface with a first provisioning service to obtain a first attestation key from the first provisioning service, a second provisioning enclave to interface with a different, second provisioning service to obtain a second attestation key from the second provisioning service, and a provisioning certification enclave to sign first data from the first provisioning enclave and second data from the second provisioning enclave using a hardware-based provisioning attestation key. The signed first data is used by the first provisioning enclave to authenticate to the first provisioning service to obtain the first attestation key and the signed second data is used by the second provisioning enclave to authenticate to the second provisioning service to obtain the second attestation key.
-
-
-
-
-
-
-
-
-
Search Results
26
records
(took 0.02 seconds)
