公开(公告)号：US20240220297A1

公开(公告)日：2024-07-04

申请号：US18090740

申请日：2022-12-29

Applicant: ADVANCED MICRO DEVICES, INC. ,  ATI TECHNOLOGIES ULC

Inventor： David Kaplan ,  Jelena Ilic ,  Nippon Raval ,  Philip Ng

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F9/45545 ,  G06F2009/45579 ,  G06F2009/45587

Abstract: Techniques for implementing programmable control by a guest virtual machine (VM) of interrupts at a processing system using a guest owned backing page are disclosed. The VM programs a guest owned backing page (e.g., a data structure in memory) that designates particular interrupts that are to be blocked. In response to detecting a designated interrupt, system hardware or software blocks the interrupt, rather than executing an interrupt handler to process the interrupt. The VM is thereby able to protect confidential information and program behavior with less risk of a malicious hypervisor failing to protect the VM from, e.g., unexpected or unwanted interrupts, thereby improving overall system security and predictability.

公开(公告)号：US11842227B2

公开(公告)日：2023-12-12

申请号：US16712190

申请日：2019-12-12

Applicant: ADVANCED MICRO DEVICES, INC.

Inventor： David Kaplan ,  Jelena Ilic

IPC: G06F9/54 ,  G06F9/455 ,  G06F21/55 ,  G06F21/53

CPC classification number: G06F9/542 ,  G06F9/45533 ,  G06F9/45558 ,  G06F21/554 ,  G06F21/53 ,  G06F2009/45583 ,  G06F2009/45587 ,  G06F2221/033

Abstract: A virtualized computing environment is protected from a malicious hypervisor by restricting the hypervisor's access to one or more portions of an event (interrupt or exception) handling pathway of a guest virtual machine, wherein the guest virtual machine includes both a secure layer to manage security for the guest and one or more non-secure layers to handle event processing. The hypervisor is restricted from providing normal exception information to the guest virtual machine (referred to simply as a “guest” herein), and instead is only permitted to provide an event signal to the secure layer of the guest. In response to the event signal, the secure layer of the guest accesses a specified region of memory for the event information, reviews the information, and provides the information to another, non-secure, layer of the guest for processing only if the event information complies with specified security protocols.

公开(公告)号：US20240176638A1

公开(公告)日：2024-05-30

申请号：US18071049

申请日：2022-11-29

Applicant: ADVANCED MICRO DEVICES, INC.

Inventor： David Kaplan ,  Jelena Ilic ,  Jeremy W. Powell

IPC: G06F9/455 ,  G06F21/60

CPC classification number: G06F9/45558 ,  G06F21/602 ,  G06F2009/45583 ,  G06F2009/45587

Abstract: A processing system executing a virtual machine (VM) in a confidential computing environment selectively randomizes the values of registers before the register values are encrypted to ciphertext and written to a secure region of memory upon the VM exiting execution at a processor of the processing system. When the VM later resumes executing at the processor, the processor de-randomizes the register values. By randomizing the register values, the processor obfuscates the register values from a hypervisor or physical attack, thereby protecting against side channel attacks on the encrypted ciphertext.

公开(公告)号：US20190303230A1

公开(公告)日：2019-10-03

申请号：US15940693

申请日：2018-03-29

Applicant: Advanced Micro Devices, Inc.

Inventor： Dean A. Liberty ,  Vilas K. Sridharan ,  Michael T. Clark ,  Jelena Ilic ,  David S. Christie ,  James R. Williamson ,  Cristian Constantinescu

IPC: G06F11/07 ,  G06F9/48 ,  G06F9/30 ,  G06F9/455

Abstract: Systems, apparatuses, and methods for implementing a hardware enforcement mechanism to enable platform-specific firmware visibility into an error state ahead of the operating system are disclosed. A system includes at least one or more processor cores, control logic, a plurality of registers, platform-specific firmware, and an operating system (OS). The control logic allows the platform-specific firmware to decide if and when the error state is visible to the OS. In some cases, the platform-specific firmware blocks the OS from accessing the error state. In other cases, the platform-specific firmware allows the OS to access the error state such as when the OS needs to unmap a page. The control logic enables the platform-specific firmware, rather than the OS, to make decisions about the replacement of faulty components in the system.

公开(公告)号：US20240220417A1

公开(公告)日：2024-07-04

申请号：US18090631

申请日：2022-12-29

Applicant: ADVANCED MICRO DEVICES, INC. ,  ATI TECHNOLOGIES ULC

Inventor： David Kaplan ,  Jelena Ilic ,  Nippon Raval ,  Philip Ng

IPC: G06F12/1036

CPC classification number: G06F12/1036 ,  G06F2212/1052

Abstract: A computing device comprises a processor, a table walker, and a memory storing a segmented reverse map table in multiple non-contiguous portions of the memory. The table walker is configured to translate a virtual memory address specified by a memory access request to a physical memory address associated with the virtual memory address; and provide a requester associated with the memory access request with access to the associated physical memory address in response to an indication at the reverse map table that the requester is authorized to access the associated physical memory address.

公开(公告)号：US20240220295A1

公开(公告)日：2024-07-04

申请号：US18090604

申请日：2022-12-29

Applicant: ADVANCED MICRO DEVICES, INC.

Inventor： David Kaplan ,  Jelena Ilic

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/45587

Abstract: A processor supports programmable control, by a trusted layer of a virtual machine (VM), of the interception of events at the processor. The trusted layer of the VM programs security control information (e.g., a control register or other control structure) that designates particular events that are to be intercepted when triggered by another layer of the VM. In response to detecting a designated event, system hardware intercepts the event, rather than executing the event. The VM is thereby able to protect confidential information and program behavior without relying on a hypervisor, thus improving overall system security.

公开(公告)号：US20240111563A1

公开(公告)日：2024-04-04

申请号：US18088909

申请日：2022-12-27

Applicant: ADVANCED MICRO DEVICES, INC.

Inventor： David Kaplan ,  Jelena Ilic

IPC: G06F9/455 ,  G06F9/48

CPC classification number: G06F9/45558 ,  G06F9/4812 ,  G06F2009/45587

Abstract: A processor implements a simultaneous multithreading (SMT) protection mode that, when enabled, prevents execution of particular software (e.g., a virtual machine) at a processor core when a thread associated with different software (e.g., a different virtual machine or a hypervisor) is currently executing at the processor core. By preventing execution of the software, data, software execution patterns, and other potentially sensitive information is kept protected from unauthorized access or detection. Further, in at least some embodiments the SMT protection mode is implemented on a per-software basis, so that different software can choose whether to implement the protection mode, thereby allowing the processor to be employed in a wide variety of computing environments.

公开(公告)号：US11061753B2

公开(公告)日：2021-07-13

申请号：US15940693

申请日：2018-03-29

Applicant: Advanced Micro Devices, Inc.

Inventor： Dean A. Liberty ,  Vilas K. Sridharan ,  Michael T. Clark ,  Jelena Ilic ,  David S. Christie ,  James R. Williamson ,  Cristian Constantinescu

IPC: G06F11/07 ,  G06F9/48 ,  G06F9/455 ,  G06F9/30

Abstract: Systems, apparatuses, and methods for implementing a hardware enforcement mechanism to enable platform-specific firmware visibility into an error state ahead of the operating system are disclosed. A system includes at least one or more processor cores, control logic, a plurality of registers, platform-specific firmware, and an operating system (OS). The control logic allows the platform-specific firmware to decide if and when the error state is visible to the OS. In some cases, the platform-specific firmware blocks the OS from accessing the error state. In other cases, the platform-specific firmware allows the OS to access the error state such as when the OS needs to unmap a page. The control logic enables the platform-specific firmware, rather than the OS, to make decisions about the replacement of faulty components in the system.