-
公开(公告)号:US12130738B2
公开(公告)日:2024-10-29
申请号:US17130632
申请日:2020-12-22
申请人: Intel Corporation
IPC分类号: G06F12/0802 , H03M7/30
CPC分类号: G06F12/0802 , H03M7/60 , G06F2212/401 , G06F2212/60
摘要: An embodiment of an integrated circuit may comprise, coupled to a core, a hardware decompression accelerator, a compressed cache, a processor and communicatively coupled to the hardware decompression accelerator and the compressed cache, and memory and communicatively coupled to the processor, wherein the memory stores microcode instructions which when executed by the processor causes the processor to store a first address to a decompression work descriptor, retrieve a second address where a compressed page is stored in the compressed cache from the decompression work descriptor at the first address in response to an indication of a page fault, and send instructions to the hardware decompression accelerator to decompress the compressed page at the second address. Other embodiments are disclosed and claimed.
-
2.发明公开公开(公告)号:US20240320322A1
公开(公告)日:2024-09-26
申请号:US18575836
申请日:2021-12-20
申请人: Intel Corporation
发明人: Jiewen Yao , Vedvyas Shanbhogue , Ravi Sahita
摘要: Systems, methods, and apparatuses for implementing a trusted execution environment security manager are described. In one example, hardware processor includes a hardware processor core comprising a trust domain manager to manage one or more hardware isolated virtual machines as a respective trust domain, a coupling between the hardware processor core and an input/output device, and a secure startup service circuit separate from the trust domain manager to, in response to a request from the trust domain manager, generate a secure communication session between the trust domain manager and the input/output device.
-
3.发明授权公开(公告)号:US12086653B2
公开(公告)日:2024-09-10
申请号:US17134065
申请日:2020-12-24
申请人: Intel Corporation
发明人: Vedvyas Shanbhogue , Jeff A. Huxel , Jeffrey G. Wiedemeier , James D. Allen , Arvind Raman , Krishnakumar Ganapathy
CPC分类号: G06F9/52 , G06F9/30101 , G06F9/3885 , G06F11/0724 , G06F11/0751 , G06F11/0772 , G06F11/1629 , G06F11/1683 , G06F9/45558
摘要: A processor is described. The processor includes model specific register space that is visible to software above a BIOS level. The model specific register space is to specify a granularity of a processing entity of a lock-step group. The processor also includes logic circuitry to support dynamic entry/exit of the lock-step group's processing entities to/from lock-step mode including: i) termination of lock-step execution by the processing entities before the program code to be executed in lock-step is fully executed; and, ii) as part of the exit from the lock-step mode, restoration of a state of a shadow processing entity of the processing entities as the state existed before the shadow processing entity entered the lock-step mode and began lock-step execution of the program code.
-
4.发明授权公开(公告)号:US12086424B2
公开(公告)日:2024-09-10
申请号:US17349509
申请日:2021-06-16
申请人: Intel Corporation
CPC分类号: G06F3/0622 , G06F3/0631 , G06F3/0679 , G06F9/45558 , G06F9/5016 , H04L9/088
摘要: Securing communications over a compute express link (CXL) is performed by receiving allocation of memory in a memory device and a key identifier (ID) to a trusted execution environment virtual machine (TEE VM); configuring a random key for the key ID by sending a random key configuration request to instruct a device security manager (DSM) of the memory device to configure a memory encryption engine (MEE) of the memory device with the random key and the memory allocation; initializing the allocated memory using the random key; and enabling secure access by the TEE VM to the allocated memory over the CXL by encrypting data transfers from the TEE VM to the memory device using the random key or decrypting data transfers from the memory device to the TEE VM using the random key.
-
公开(公告)号:US12032485B2
公开(公告)日:2024-07-09
申请号:US17133570
申请日:2020-12-23
申请人: Intel Corporation
发明人: Vedvyas Shanbhogue , Gilbert Neiger , Stephen Robinson , Dan Baum , Ron Gabor
IPC分类号: G06F12/10 , G06F11/07 , G06F12/1027
CPC分类号: G06F12/1027 , G06F11/073 , G06F2212/657 , G06F2212/683
摘要: Techniques to allow use of metadata in unused bits of virtual addresses are described. A processor of an aspect includes a decode circuit to decode a memory access instruction. The instruction to indicate one or more memory address operands that are to have address generation information and metadata. An execution circuit coupled with the decode circuit to generate a 64-bit virtual address based on the one or more memory address operands. The 64-bit virtual address having a bit 63, an X-bit address field starting at a bit 0 to store an address generated from the address generation information, and one or more metadata bits to store the metadata. The execution circuit also to perform a canonicality check on the 64-bit virtual address that does not fail due to non-canonical values of the metadata stored in the one or more metadata bits. Other processors, methods, systems, and instructions are disclosed.
-
6.发明授权公开(公告)号:US12028094B2
公开(公告)日:2024-07-02
申请号:US17133622
申请日:2020-12-23
申请人: Intel Corporation
发明人: Jayesh Gaur , Adarsh Chauhan , Vinodh Gopal , Vedvyas Shanbhogue , Sreenivas Subramoney , Wajdi Feghali
CPC分类号: H03M7/6029 , G06F9/3877 , G06F9/541
摘要: Methods and apparatus relating to an Application Programming Interface (API) for fine grained low latency decompression within a processor core are described. In an embodiment, a decompression Application Programming Interface (API) receives an input handle to a data object. The data object includes compressed data and metadata. Decompression Engine (DE) circuitry decompresses the compressed data to generate uncompressed data. The DE circuitry decompress the compressed data in response to invocation of a decompression instruction by the decompression API. The metadata comprises a first operand to indicate a location of the compressed data, a second operand to indicate a size of the compressed data, a third operand to indicate a location to which decompressed data by the DE circuitry is to be stored, and a fourth operand to indicate a size of the decompressed data. Other embodiments are also disclosed and claimed.
-
公开(公告)号:US12013954B2
公开(公告)日:2024-06-18
申请号:US17710723
申请日:2022-03-31
申请人: Intel Corporation
发明人: Ravi Sahita , Dror Caspi , Vedvyas Shanbhogue , Vincent Scarlata , Anjo Lucas Vahldiek-Oberwagner , Haidong Xia , Mona Vij
CPC分类号: G06F21/602 , G06F9/45558 , G06F21/53 , G06F21/54 , G06F2009/4557 , G06F2009/45587 , G06F2009/45595
摘要: Scalable cloning and replication for trusted execution environments is described. An example of a computer-readable storage medium includes instructions for receiving a selection of a point to capture a snapshot of a baseline trust domain (TD) or secure enclave, the TD or secure enclave being associated with a trusted execution environment (TEE) of a processor utilized for processing of a workload; initiating cloning of the TD or secure enclave from a source platform to an escrow platform; generating an escrow key to export the snapshot to the escrow platform; and exporting a state of the TD or secure enclave to the escrow platform, the state being sealed with a sealing key.
-
公开(公告)号:US12001842B2
公开(公告)日:2024-06-04
申请号:US18324788
申请日:2023-05-26
申请人: Intel Corporation
发明人: Vedvyas Shanbhogue , Jason W. Brandt , Ravi L. Sahita , Barry E. Huntley , Baiju V. Patel , Deepak K. Gupta
CPC分类号: G06F9/3004 , G06F9/30134 , G06F9/461 , G06F21/52
摘要: Methods and apparatuses relating to switching of a shadow stack pointer are described. In one embodiment, a hardware processor includes a hardware decode unit to decode an instruction, and a hardware execution unit to execute the instruction to: pop a token for a thread from a shadow stack, wherein the token includes a shadow stack pointer for the thread with at least one least significant bit (LSB) of the shadow stack pointer overwritten with a bit value of an operating mode of the hardware processor for the thread, remove the bit value in the at least one LSB from the token to generate the shadow stack pointer, and set a current shadow stack pointer to the shadow stack pointer from the token when the operating mode from the token matches a current operating mode of the hardware processor.
-
公开(公告)号:US11995001B2
公开(公告)日:2024-05-28
申请号:US17867306
申请日:2022-07-18
申请人: Intel Corporation
发明人: Krystof C. Zmudzinski , Siddhartha Chhabra , Uday R. Savagaonkar , Simon P. Johnson , Rebekah M. Leslie-Hurd , Francis X. McKeen , Gilbert Neiger , Raghunandan Makaram , Carlos V. Rozas , Amy L. Santoni , Vincent R. Scarlata , Vedvyas Shanbhogue , Ilya Alexandrovich , Ittai Anati , Wesley H. Smith , Michael Goldsmith
IPC分类号: G06F12/1009 , G06F9/455 , G06F12/1027 , G06F12/1036 , G06F12/1045 , G06F12/109 , G06F12/14
CPC分类号: G06F12/1009 , G06F9/455 , G06F9/45558 , G06F12/1027 , G06F12/1036 , G06F12/109 , G06F12/1441 , G06F2009/45583 , G06F12/1045 , G06F2212/1016 , G06F2212/1052 , G06F2212/151 , G06F2212/657 , G06F2212/684
摘要: A processor for supporting secure memory intent is disclosed. The processor of the disclosure includes a memory execution unit to access memory and a processor core coupled to the memory execution unit. The processor core is to receive a request to access a convertible page of the memory. In response to the request, the processor core to determine an intent for the convertible page in view of a page table entry (PTE) corresponding to the convertible page. The intent indicates whether the convertible page is to be accessed as at least one of a secure page or a non-secure page.
-
公开(公告)号:US20230421545A1
公开(公告)日:2023-12-28
申请号:US18345278
申请日:2023-06-30
申请人: Intel Corporation
发明人: Vedvyas Shanbhogue , Siddhartha Chhabra , David J. Harriman , Raghunandan Makaram , Ioannis T. Schoinas
CPC分类号: H04L63/0457 , G06F21/606 , G06F21/64 , H04L9/3242 , G06F2213/0026 , H04L63/0464 , G06F13/4282
摘要: Methods, systems, and apparatuses associated with a secure stream protocol for a serial interconnect are disclosed. An apparatus comprises a first device comprising circuitry to, using an end-to-end protocol, secure a transaction in a first secure stream based at least in part on a transaction type of the transaction, where the first secure stream is separate from a second secure stream. The first device is further to send the transaction secured in the first secure stream to a second device over a link established between the first device and the second device, where the transaction is to traverse one or more intermediate devices from the first device to the second device. In more specific embodiments, the first secure stream is based on one of a posted transaction type, a non-posted transaction type, or completion transaction type.
-
-
-
-
-
-
-
-
-
搜索结果
246 条记录 (耗时 0.036 秒)
