公开(公告)号：US10152602B2

公开(公告)日：2018-12-11

申请号：US14748883

申请日：2015-06-24

Applicant: Advanced Micro Devices, Inc.

Inventor： David Kaplan ,  Leendert van Doorn ,  Joshua Schiffman

IPC: G06F9/455 ,  G06F21/60 ,  G06F12/14 ,  G06F12/1036 ,  G06F21/53

Abstract: A processing system includes a processor that implements registers to define a state of a virtual machine (VM) running on the processor. The processor detects exit conditions of the VM. The processing system also includes a memory element to store contents of the registers in a first data structure that is isolated from a hypervisor of the VM in response to the processor detecting an exit condition. The VM is to selectively expose contents of a subset of the registers to the hypervisor.

公开(公告)号：US20240311167A1

公开(公告)日：2024-09-19

申请号：US18122505

申请日：2023-03-16

Applicant: Advanced Micro Devices, Inc.

Inventor： Jeremy W. Powell ,  David Kaplan

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/45579 ,  G06F2009/45587

Abstract: A processor includes a virtual machine manager (VMM) configured to map a guest process address space identifier (PASID) associated with a virtual machine (VM) to a host PASID associated with a host machine of the VM. The processor further includes a processor core configured to maintain, responsive to the guest PASID being mapped to the host PASID, an entry in a PASID reverse mapping table (PMP) including one or more security attributes associated with the host PASID.

公开(公告)号：US20240220429A1

公开(公告)日：2024-07-04

申请号：US18090601

申请日：2022-12-29

Applicant: ATI TECHNOLOGIES ULC ,  ADVANCED MICRO DEVICES, INC.

Inventor： Philip Ng ,  Nippon Raval ,  Jeremy W. Powell ,  Donald Matthews, JR. ,  David Kaplan

IPC: G06F13/28 ,  G06F9/455 ,  G06F21/57

CPC classification number: G06F13/28 ,  G06F9/45558 ,  G06F21/57 ,  G06F2009/45579 ,  G06F2009/45587

Abstract: A processor supports managing DMA accesses, in secure fashion, at an IOMMU. The IOMMU is configured to ensure that, for a given DMA request issued by an I/O device and associated with a particular executing VM, the device is bound to the VM according to a specified security registration process, and the request is targeted to a region of memory that has been assigned to the VM. The IOMMU thus prevents a malicious entity from accessing confidential information of a VM via DMA requests.

公开(公告)号：US20240220417A1

公开(公告)日：2024-07-04

申请号：US18090631

申请日：2022-12-29

Applicant: ADVANCED MICRO DEVICES, INC. ,  ATI TECHNOLOGIES ULC

Inventor： David Kaplan ,  Jelena Ilic ,  Nippon Raval ,  Philip Ng

IPC: G06F12/1036

CPC classification number: G06F12/1036 ,  G06F2212/1052

Abstract: A computing device comprises a processor, a table walker, and a memory storing a segmented reverse map table in multiple non-contiguous portions of the memory. The table walker is configured to translate a virtual memory address specified by a memory access request to a physical memory address associated with the virtual memory address; and provide a requester associated with the memory access request with access to the associated physical memory address in response to an indication at the reverse map table that the requester is authorized to access the associated physical memory address.

公开(公告)号：US20240220295A1

公开(公告)日：2024-07-04

申请号：US18090604

申请日：2022-12-29

Applicant: ADVANCED MICRO DEVICES, INC.

Inventor： David Kaplan ,  Jelena Ilic

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/45587

Abstract: A processor supports programmable control, by a trusted layer of a virtual machine (VM), of the interception of events at the processor. The trusted layer of the VM programs security control information (e.g., a control register or other control structure) that designates particular events that are to be intercepted when triggered by another layer of the VM. In response to detecting a designated event, system hardware intercepts the event, rather than executing the event. The VM is thereby able to protect confidential information and program behavior without relying on a hypervisor, thus improving overall system security.

公开(公告)号：US20240111563A1

公开(公告)日：2024-04-04

申请号：US18088909

申请日：2022-12-27

Applicant: ADVANCED MICRO DEVICES, INC.

Inventor： David Kaplan ,  Jelena Ilic

IPC: G06F9/455 ,  G06F9/48

CPC classification number: G06F9/45558 ,  G06F9/4812 ,  G06F2009/45587

Abstract: A processor implements a simultaneous multithreading (SMT) protection mode that, when enabled, prevents execution of particular software (e.g., a virtual machine) at a processor core when a thread associated with different software (e.g., a different virtual machine or a hypervisor) is currently executing at the processor core. By preventing execution of the software, data, software execution patterns, and other potentially sensitive information is kept protected from unauthorized access or detection. Further, in at least some embodiments the SMT protection mode is implemented on a per-software basis, so that different software can choose whether to implement the protection mode, thereby allowing the processor to be employed in a wide variety of computing environments.

公开(公告)号：US11734011B1

公开(公告)日：2023-08-22

申请号：US15968389

申请日：2018-05-01

Applicant: ADVANCED MICRO DEVICES, INC.

Inventor： Marius Evers ,  David Kaplan

IPC: G06F9/38 ,  G06F9/30 ,  G06F9/455

CPC classification number: G06F9/3806 ,  G06F9/30058 ,  G06F9/45558 ,  G06F2009/45591

Abstract: A processor core executes a first process. The first process is associated with a first context tag that is generated based on context information controlled by an operating system or hypervisor of the processing system. A branch prediction structure selectively provides the processor core with access to an entry in the branch prediction structure based on the first context tag and a second context tag associated with the entry. The branch prediction structure selectively provides the processor core with access to the entry in response to the first process executing a branch instruction. Tagging entries in the branch prediction structure reduces, or eliminates, aliasing between information used to predict branches taken by different processes at a branch instruction.

公开(公告)号：US10176122B2

公开(公告)日：2019-01-08

申请号：US15297868

申请日：2016-10-19

Applicant: Advanced Micro Devices, Inc. ,  ATI TECHNOLOGIES ULC

Inventor： David Kaplan ,  Maggie Chan ,  Philip Ng

IPC: G06F11/30 ,  G06F12/14 ,  G06F3/06 ,  G06F9/455 ,  G06F13/28

Abstract: A processor employs a hardware encryption module in the memory access path between an input/out device and memory to cryptographically isolate secure information. In some embodiments, the encryption module is located at a memory controller of the processor, and each memory access request provided to the memory controller includes VM tag value identifying the source of the memory access request. The VM tag is determined based on a requestor ID identifying the source of the memory access request. The encryption module performs encryption (for write accesses) or decryption (for read accesses) of the data associated with the memory access based on an encryption key associated with the VM tag.

公开(公告)号：US20160378522A1

公开(公告)日：2016-12-29

申请号：US14748883

申请日：2015-06-24

Applicant: Advanced Micro Devices, Inc.

Inventor： David Kaplan ,  Leendert van Doorn ,  Joshua Schiffman

IPC: G06F9/455 ,  G06F21/60

CPC classification number: G06F21/602 ,  G06F9/45558 ,  G06F12/1036 ,  G06F12/1408 ,  G06F21/53 ,  G06F2009/4557 ,  G06F2009/45583 ,  G06F2009/45587 ,  G06F2212/402

Abstract: A processing system includes a processor that implements registers to define a state of a virtual machine (VM) running on the processor. The processor detects exit conditions of the VM. The processing system also includes a memory element to store contents of the registers in a first data structure that is isolated from a hypervisor of the VM in response to the processor detecting an exit condition. The VM is to selectively expose contents of a subset of the registers to the hypervisor.

Abstract translation: 处理系统包括执行寄存器以定义在处理器上运行的虚拟机（VM）的状态的处理器。 处理器检测VM的退出条件。 处理系统还包括存储元件，用于响应于处理器检测退出条件，将寄存器的内容存储在与VM的管理程序隔离的第一数据结构中。 VM将选择性地将寄存器子集的内容公开到管理程序。

公开(公告)号：US20160352509A1

公开(公告)日：2016-12-01

申请号：US14529238

申请日：2014-10-31

Applicant: ATI Technologies ULC ,  Advanced Micro Devices, Inc.

Inventor： Winthrop Wu ,  James Goodman ,  Martin Kiernicki ,  Yoichi Shimokawa ,  William Thomas Morrison ,  Creighton Eldridge ,  David Kaplan

IPC: H04L9/00 ,  H04L9/30 ,  H04L9/06

CPC classification number: H04L9/003 ,  G09C1/00 ,  H04L9/0631 ,  H04L9/302 ,  H04L9/3066 ,  H04L2209/08

Abstract: The present disclosure presents methods, apparatuses, and systems to bolster communication security, and more particularly to utilize a constant time cryptographic co-processor engine for such communication security. For example, the disclosure includes a method for secure communication, comprising receiving encrypted data at a receiving device; obtaining a randomization for at least one bit of the encrypted data; modifying an execution of a cryptographic algorithm on the at least one bit to obtain a randomized cryptographic algorithm based on the randomization; and executing the randomized cryptographic algorithm on the at least one bit of encrypted data to recover original data associated with the encrypted data.

Abstract translation: 本公开提供了用于加强通信安全性的方法，装置和系统，更具体地，涉及利用用于这种通信安全性的恒定时间密码协处理器引擎。 例如，本公开包括一种用于安全通信的方法，包括在接收设备处接收加密数据; 获得加密数据的至少一位的随机化; 修改所述至少一个比特上的加密算法的执行以获得基于所述随机化的随机加密算法; 以及对所述加密数据的至少一位执行所述随机加密算法，以恢复与所述加密数据相关联的原始数据。