公开(公告)号：US20170220369A1

公开(公告)日：2017-08-03

申请号：US15014977

申请日：2016-02-03

Applicant: Advanced Micro Devices, Inc.

Inventor： David A. Kaplan ,  Joel Howard Schopp

IPC: G06F9/455 ,  G06F12/10

CPC classification number: G06F9/45558 ,  G06F12/1045 ,  G06F2009/45579 ,  G06F2009/45591 ,  G06F2212/50

Abstract: Systems, apparatuses, and methods for implementing hypervisor post-write notification of processor state register modifications. A write to a state register of the processor may be detected during guest execution. In response to detecting the write to the state register, the processor may trigger microcode to perform the write and copy the new value of the register to a memory location prior to exiting the guest. The hypervisor may be notified of the update to the state register after it occurs, and the hypervisor may be prevented from modifying the value of the guest's state register. The hypervisor may terminate the guest if the update to the state register is unacceptable. Alternatively, the hypervisor may recommend an alternate value to the guest. If the guest agrees, the guest may set the state register to the alternate value recommended by the hypervisor when the guest resumes operation.

公开(公告)号：US09213640B2

公开(公告)日：2015-12-15

申请号：US13864844

申请日：2013-04-17

Applicant: ADVANCED MICRO DEVICES, INC.

Inventor： David A. Kaplan ,  Tarun Nakra

IPC: G06F12/14 ,  G06F12/08

CPC classification number: G06F12/0802 ,  G06F12/0862

Abstract: A processor includes a cache memory, a first core including an instruction execution unit, and a memory bus coupling the cache memory to the first core. The memory bus is operable to receive a first portion of a cache line of data for the cache memory, the first core is operable to identify a plurality of data requests targeting the cache line and the first portion and select one of the identified plurality of data requests for execution, and the memory bus is operable to forward the first portion to the instruction execution unit and to the cache memory in parallel.

Abstract translation: 处理器包括高速缓存存储器，包括指令执行单元的第一核心以及将高速缓冲存储器耦合到第一核心的存储器总线。 存储器总线可操作以接收用于高速缓冲存储器的数据的高速缓存行的第一部分，第一核可操作以识别针对高速缓存行和第一部分的多个数据请求，并选择所识别的多个数据之一 请求执行，并且存储器总线可操作以并行地将第一部分转发到指令执行单元和高速缓冲存储器。

公开(公告)号：US20150106916A1

公开(公告)日：2015-04-16

申请号：US14052182

申请日：2013-10-11

Applicant: ATI Technologies ULC ,  Advanced Micro Devices, Inc.

Inventor： David A. Kaplan ,  Philip Ng

IPC: G06F21/85 ,  G06F3/00

CPC classification number: G06F9/4411 ,  G06F9/30145 ,  G06F9/3881

Abstract: A method includes executing microcode in a processing unit of a processor to implement a machine instruction, wherein the microcode is to manipulate the processing unit to access a peripheral device on a public communication bus at a private address not visible to other devices on the public communication bus and not specified in the machine instruction. A processor includes a public communication bus, a peripheral device coupled to the public communication bus, and a processing unit. The processing unit is to execute microcode to implement a machine instruction. The microcode is to manipulate the processing unit to access a peripheral device on a public communication bus at a private address not visible to other devices on the public communication bus and not specified in the machine instruction.

Abstract translation: 一种方法包括在处理器的处理单元中执行微代码以实现机器指令，其中微代码是操纵处理单元以公共通信总线上的外部设备访问公用通信上的其他设备不可见的专用地址 总线，并未在机器指令中指定。 处理器包括公共通信总线，耦合到公共通信总线的外围设备和处理单元。 处理单元是执行微代码来实现机器指令。 微代码是操纵处理单元以公用通信总线上的公共通信总线上的外部设备访问公共通信总线上的其他设备不可见的私有地址，并且未在机器指令中指定。

公开(公告)号：US20140129806A1

公开(公告)日：2014-05-08

申请号：US13672224

申请日：2012-11-08

Applicant: Advanced Micro Devices, Inc.

Inventor： David A. Kaplan

IPC: G06F9/30

CPC classification number: G06F9/3836 ,  G06F9/3824 ,  G06F9/3834 ,  G06F9/3855

Abstract: A method and apparatus for picking load or store instructions is presented. Some embodiments of the method include determining that the entry in the queue includes an instruction that is ready to be executed by the processor based on at least one instruction-based event and concurrently determining cancel conditions based on global events of the processor. Some embodiments also include selecting the instruction for execution when the cancel conditions are not satisfied.

Abstract translation: 提出了一种用于拾取装载或存储指令的方法和装置。 该方法的一些实施例包括确定队列中的条目包括基于至少一个基于指令的事件准备好由处理器执行的指令，并且基于处理器的全局事件同时确定取消条件。 一些实施例还包括当不满足取消条件时选择执行指令。

公开(公告)号：US10459850B2

公开(公告)日：2019-10-29

申请号：US15270231

申请日：2016-09-20

Applicant: Advanced Micro Devices, Inc.

Inventor： David A. Kaplan

IPC: G06F12/14 ,  G06F9/355 ,  G06F12/1009 ,  G06F9/455 ,  G06F21/62

Abstract: Systems, apparatuses, and methods for implementing virtualized process isolation are disclosed. A system includes a kernel and multiple guest virtual machines (VMs) executing on the system's processing hardware. Each guest VM includes a vShim layer for managing kernel accesses to user space and guest accesses to kernel space. The vShim layer also maintains a set of page tables separate from the kernel page tables. In one embodiment, data in the user space is encrypted and the kernel goes through the vShim layer to access user space data. When the kernel attempts to access a user space address, the kernel exits and the vShim layer is launched to process the request. If the kernel has permission to access the user space address, the vShim layer copies the data to a region in kernel space and then returns execution to the kernel. The vShim layer prevents the kernel from accessing the user space address if the kernel does not have permission to access the user space address. In one embodiment, the kernel space is unencrypted and the user space is encrypted. A state of a guest VM and the vShim layer may be stored in virtual machine control blocks (VMCBs) when exiting the guest VM or vShim layer.

公开(公告)号：US20180189190A1

公开(公告)日：2018-07-05

申请号：US15907593

申请日：2018-02-28

Applicant: Advanced Micro Devices, Inc.

Inventor： David A. Kaplan ,  Jeremy W. Powell ,  Thomas R. Woller

IPC: G06F12/1009 ,  G06F9/455

CPC classification number: G06F12/1009 ,  G06F9/45545 ,  G06F9/45558 ,  G06F12/1018 ,  G06F12/109 ,  G06F2009/45583 ,  G06F2212/1044 ,  G06F2212/151 ,  G06F2212/152 ,  G06F2212/657

Abstract: A computing device that handles address translations is described. The computing device includes a hardware table walker and a memory that stores a reverse map table and a plurality of pages of memory. The table walker is configured to use validated indicators in entries in the reverse map table to determine if page accesses are made to pages for which entries are validated. The table walker is further configured to use virtual machine permissions levels information in entries in the reverse map table determine if page accesses for specified operation types are permitted.

公开(公告)号：US09471799B2

公开(公告)日：2016-10-18

申请号：US14492786

申请日：2014-09-22

Applicant: Advanced Micro Devices, Inc.

Inventor： Joshua S. Schiffman ,  David A. Kaplan

IPC: G06F21/62 ,  G06F21/60

CPC classification number: G06F21/62 ,  G06F21/606 ,  G06F21/74 ,  G06F21/83

Abstract: A system and method are disclosed for securely receiving data from an input device coupled to a computing system. The system includes an interface configured to receive data from an input device, a coprocessor, and a host computer, wherein the host computer includes an input handler and a host processor. The host processor is configured to execute code in a normal mode and in a privileged mode. The host processor switches from the normal mode to the secure mode upon data being available from the interface while the host computer is in a secure input mode. The input handler receives the data from the interface and sends the received data to the coprocessor responsive to receiving the data while operating in the secure mode.

Abstract translation: 公开了用于从耦合到计算系统的输入设备安全地接收数据的系统和方法。 该系统包括被配置为从输入设备，协处理器和主计算机接收数据的接口，其中主机包括输入处理器和主机处理器。 主机处理器被配置为以正常模式和特权模式执行代码。 当主机处于安全输入模式时，主机处理器可以从接口获得数据，从正常模式切换到安全模式。 输入处理器接收来自接口的数据，并且响应于在安全模式下操作时接收数据而将接收到的数据发送到协处理器。

公开(公告)号：US20150248357A1

公开(公告)日：2015-09-03

申请号：US14494643

申请日：2014-09-24

Applicant: Advanced Micro Devices, Inc.

Inventor： David A. Kaplan ,  Thomas Roy Woller ,  Ronald Perez

IPC: G06F12/14

CPC classification number: G06F21/602 ,  G06F9/45558 ,  G06F12/1036 ,  G06F12/1408 ,  G06F21/53 ,  G06F2009/4557 ,  G06F2009/45583 ,  G06F2009/45587 ,  G06F2212/402

Abstract: A processor employs a hardware encryption module in the processor's memory access path to cryptographically isolate secure information. In some embodiments, the encryption module is located at a memory controller (e.g. northbridge) of the processor, and each memory access provided to the memory controller indicates whether the access is a secure memory access, indicating the data associated with the memory access is designated for cryptographic protection, or a non-secure memory access. For secure memory accesses, the encryption module performs encryption (for write accesses) or decryption (for read accesses) of the data associated with the memory access.

Abstract translation: 处理器在处理器的存储器访问路径中使用硬件加密模块来加密地隔离安全信息。 在一些实施例中，加密模块位于处理器的存储器控​​制器（例如北桥）处，并且提供给存储器控制器的每个存储器访问指示访问是否是安全存储器访问，指示与存储器访问相关联的数据被指定 用于加密保护或非安全存储器访问。 对于安全存储器访问，加密模块对与存储器访问相关联的数据进行加密（用于写访问）或解密（用于读访问）。

公开(公告)号：US20140195576A1

公开(公告)日：2014-07-10

申请号：US13738899

申请日：2013-01-10

Applicant: ADVANCED MICRO DEVICES, INC.

Inventor： David A. Kaplan ,  Winthrop J. Wu

IPC: G06F7/58

CPC classification number: G06F7/588

Abstract: A random number generator may include an input configured to receive a plurality of entropy bits generated by an entropy source of a random number generator, wherein the random number generator is configured to generate a plurality of random numbers; and an entropy health monitor coupled with the input, wherein the entropy health monitor is configured to perform a corrective action based on the plurality of entropy bits.

Abstract translation: 随机数生成器可以包括被配置为接收由随机数发生器的熵源生成的多个熵位的输入，其中所述随机数生成器被配置为生成多个随机数; 以及与所述输入端耦合的熵健康监视器，其中所述熵健康监视器被配置为基于所述多个熵位执行校正动作。

公开(公告)号：US11860797B2

公开(公告)日：2024-01-02

申请号：US17565666

申请日：2021-12-30

Applicant: ADVANCED MICRO DEVICES, INC. ,  ATI TECHNOLOGIES ULC

Inventor： Philip Ng ,  Nippon Raval ,  David A. Kaplan ,  Donald P. Matthews, Jr.

IPC: G06F13/10 ,  G06F12/084 ,  G06F12/1081

CPC classification number: G06F13/102 ,  G06F12/084 ,  G06F12/1081 ,  G06F2212/603

Abstract: Restricting peripheral device protocols in confidential compute architectures, the method including: receiving a first address translation request from a peripheral device supporting a first protocol, wherein the first protocol supports cache coherency between the peripheral device and a processor cache; determining that a confidential compute architecture is enabled; and providing, in response to the first address translation request, a response including an indication to the peripheral device to not use the first protocol.