-
公开(公告)号:US20240220603A1
公开(公告)日:2024-07-04
申请号:US18090831
申请日:2022-12-29
Applicant: ADVANCED MICRO DEVICES, INC.
Inventor: David Kaplan , Ruchir Dalal
IPC: G06F21/53
CPC classification number: G06F21/53 , G06F2221/034
Abstract: A processing system includes a memory configured to store encrypted information representing state and control information for a guest virtual machine. The processing system further includes a processor configured to selectively reserve exclusive use of a set of performance monitoring counters by the guest virtual machine during execution of the guest virtual machine based on a state of a first control field accessed from the encrypted information for the guest virtual machine. The processor further is configured to permit or deny use of the set of performance monitoring counters by the guest virtual machine based on a state of a second control field set by a hypervisor and accessed from the decryption of the encrypted information for the guest virtual machine accessed from the memory.
-
公开(公告)号:US20240220298A1
公开(公告)日:2024-07-04
申请号:US18090790
申请日:2022-12-29
Applicant: ADVANCED MICRO DEVICES, INC
Inventor: Jeremy W. Powell , David Kaplan
CPC classification number: G06F9/45558 , G06F21/64 , G06F2009/45579 , G06F2009/45583 , G06F2009/45587
Abstract: A security module of a processor manages the lifecycle of devices interfaces of input/output (I/O) devices within a virtualization environment in a secure and trusted manner. For example, the security module is configured to bind a device interface of an I/O device interface to a virtual machine (VM). Responsive to the device interface being bound, the security module is configured to attest at least one of the device interface and the I/O device. Responsive to the at least one of the device interface or the I/O device being attested, the security module is configured to configure an input-output memory management unit (IOMMU) and memory resources associated with the VM.
-
公开(公告)号:US20240176638A1
公开(公告)日:2024-05-30
申请号:US18071049
申请日:2022-11-29
Applicant: ADVANCED MICRO DEVICES, INC.
Inventor: David Kaplan , Jelena Ilic , Jeremy W. Powell
CPC classification number: G06F9/45558 , G06F21/602 , G06F2009/45583 , G06F2009/45587
Abstract: A processing system executing a virtual machine (VM) in a confidential computing environment selectively randomizes the values of registers before the register values are encrypted to ciphertext and written to a secure region of memory upon the VM exiting execution at a processor of the processing system. When the VM later resumes executing at the processor, the processor de-randomizes the register values. By randomizing the register values, the processor obfuscates the register values from a hypervisor or physical attack, thereby protecting against side channel attacks on the encrypted ciphertext.
-
公开(公告)号:US20180081830A1
公开(公告)日:2018-03-22
申请号:US15270708
申请日:2016-09-20
Applicant: Advanced Micro Devices, Inc.
Inventor: David Kaplan , Sebastien Nussbaum
IPC: G06F12/14 , G06F12/1009
CPC classification number: G06F12/1483 , G06F12/1009 , G06F2212/1052
Abstract: A processing system includes one or more processing units, a memory including a protected region, and a hardware security module. The hardware security module is configured to selectively modify a page table stored in the protected region of the memory in response to write or modify requests from the at least one processing unit. In some variations, the hardware security module can modify the page table in response to verifying that a security criterion is met by the requested modification of the page table. The hardware security module can also access a code signature in response to a request to mark a page in the page table as eligible for execution and selectively mark the page as executable based on whether the code signature matches a signature of code stored in the page.
-
公开(公告)号:US20240289151A1
公开(公告)日:2024-08-29
申请号:US18113912
申请日:2023-02-24
Applicant: ATI Technologies ULC , Advanced Micro Devices, Inc.
Inventor: Philip Ng , Nippon Raval , Jeremy W. Powell , Donald Matthews, JR. , David Kaplan
IPC: G06F9/455
CPC classification number: G06F9/45558 , G06F2009/45579 , G06F2009/45583 , G06F2009/45587
Abstract: A processor configured to execute one or more virtual machines (VMs) includes an input-output memory management unit (IOMMU) configured to handle memory-mapped input-output (MMIO) requests and direct memory access (DMA) requests from a processor core of the processor or one or more input/output (I/O) devices. In response to receiving an MMIO or DMA request, the IOMMU is configured to determine a VM associated with the request. The IOMMU then checks a security indicator field of an address space identifier (ASID) mask table to determine if the VM was previously the target of an attack by a malicious entity. In response to the VM previously being a target of an attack, the IOMMU denies the received MMIO or DMA request.
-
Patent Agency Ranking
公开(公告)号:US20240220296A1
公开(公告)日:2024-07-04
申请号:US18090605
申请日:2022-12-29
Applicant: ATI TECHNOLOGIES ULC , ADVANCED MICRO DEVICES, INC.
Inventor: Philip Ng , Nippon Raval , Jeremy W. Powell , Donald Matthews, JR. , David Kaplan
IPC: G06F9/455 , G06F12/1081
CPC classification number: G06F9/45558 , G06F12/1081 , G06F2009/45587
Abstract: A processor manages memory-mapped input/output (MMIO) accesses, in secure fashion, at an input/output memory management unit (IOMMU). The processor is configured to ensure that, for a given MMIO request issued by a processor core and associated with a particular executing VM, the request is targeted to a MMIO address that has been assigned to the VM by a security module (e.g., a security co-processor). The processor thus prevents a malicious entity from accessing confidential information of a VM via MMIO requests.
-
公开(公告)号:US20240193292A1
公开(公告)日:2024-06-13
申请号:US18212858
申请日:2023-06-22
Applicant: ADVANCED MICRO DEVICES, INC.
Inventor: Jagadish B. Kotra , David Kaplan , Kishore Punniyamurthy , Alexander Toufic Freij
IPC: G06F21/62
CPC classification number: G06F21/6218 , G06F2221/2113 , G06F2221/2141
Abstract: A processing system receives graph object data and graph object metadata. The processing system stores the graph object metadata inline with the graph object data. The graph object metadata indicates access permissions for corresponding graph objects. Because the graph object metadata is stored inline with the graph object data, the graph object metadata is more easily retrieved and fewer system resources are consumed to determine access permissions of a requester as compared to a system where graph object metadata is stored separately from the graph object data.
-
公开(公告)号:US11842227B2
公开(公告)日:2023-12-12
申请号:US16712190
申请日:2019-12-12
Applicant: ADVANCED MICRO DEVICES, INC.
Inventor: David Kaplan , Jelena Ilic
CPC classification number: G06F9/542 , G06F9/45533 , G06F9/45558 , G06F21/554 , G06F21/53 , G06F2009/45583 , G06F2009/45587 , G06F2221/033
Abstract: A virtualized computing environment is protected from a malicious hypervisor by restricting the hypervisor's access to one or more portions of an event (interrupt or exception) handling pathway of a guest virtual machine, wherein the guest virtual machine includes both a secure layer to manage security for the guest and one or more non-secure layers to handle event processing. The hypervisor is restricted from providing normal exception information to the guest virtual machine (referred to simply as a “guest” herein), and instead is only permitted to provide an event signal to the secure layer of the guest. In response to the event signal, the secure layer of the guest accesses a specified region of memory for the event information, reviews the information, and provides the information to another, non-secure, layer of the guest for processing only if the event information complies with specified security protocols.
-
公开(公告)号:US11822923B1
公开(公告)日:2023-11-21
申请号:US16451783
申请日:2019-06-25
Applicant: ADVANCED MICRO DEVICES, INC.
Inventor: David Kaplan
IPC: G06F9/38
CPC classification number: G06F9/3834 , G06F9/3842 , G06F9/3861
Abstract: A load/store unit includes a first queue including a first entry for a store operation and a second queue including a second entry for a load operation that includes a return instruction that redirects a program flow to a location indicated by the return instruction. The load/store unit also includes a processor to determine that the store operation matches the load operation and selectively perform store-to-load forwarding (STLF) of a return address for the return instruction from the first entry to the second entry based on whether the store operation is associated with a call instruction. The load/store unit forwards the return address to the second entry in response to the store operation being associated with the call instruction. The load/store unit blocks forwarding until the store operation retires in response to the store operation not being associated with the call instruction.
-
公开(公告)号:US11797665B1
公开(公告)日:2023-10-24
申请号:US16454690
申请日:2019-06-27
Applicant: ADVANCED MICRO DEVICES, INC.
Inventor: David Kaplan , Marius Evers
CPC classification number: G06F21/53 , G06F9/45558 , G06F21/74 , G06F9/3806 , G06F2009/45587 , G06F2221/033
Abstract: A processing system includes a branch prediction structure storing information used to predict the outcome of a branch instruction. The processing system also includes a register storing a first identifier of a first process in response to the processing system changing from a first mode that allows the first process to modify the branch prediction structure to a second mode in which the branch prediction structure is not modifiable. The processing system further includes a processor core that selectively flushes the branch prediction structure based on a comparison of a second identifier of a second process and the first identifier stored in the register. The comparison is performed in response to the second process causing a change from the second mode to the first mode.
-
-
-
-
-
-
-
-
-
Search Results
30
records
(took 0.024 seconds)
