Patent application number | Description | Published |
20100169635 | METHOD AND SYSTEM TO FACILITATE CONFIGURATION OF A HARDWARE DEVICE IN A PLATFORM - A method and system to allow the secure configuration of the configurable feature(s) of a hardware device in a platform. The configuration of the configurable feature(s) of the hardware device is performed with protection against software attacks. A management module determines that the platform is authorized to configure at least one configurable feature of the hardware device and configures each of the configurable feature(s) based on a received configuration message. | 07-01-2010 |
20120079285 | TWEAKABLE ENCRYPION MODE FOR MEMORY ENCRYPTION WITH PROTECTION AGAINST REPLAY ATTACKS - A method and apparatus for protecting against hardware attacks on system memory is provided. A mode of operation for block ciphers enhances the standard XTS-AES mode of operation to perform memory encryption by extending a tweak to include a “time stamp” indicator. An incrementing mechanism using the “time stamp” indicator generates a tweak which separates different contexts over different times such that the effect of “Type 2 replay attacks” is mitigated. | 03-29-2012 |
20130031557 | System To Profile And Optimize User Software In A Managed Run-Time Environment - Method, apparatus, and system for monitoring performance within a processing resource, which may be used to modify user-level software. Some embodiments of the invention pertain to an architecture to allow a user to improve software running on a processing resources on a per-thread basis in real-time and without incurring significant processing overhead. | 01-31-2013 |
20130042093 | CONTEXT STATE MANAGEMENT FOR PROCESSOR FEATURE SETS - Embodiments of an invention related to context state management based on processor features are disclosed. In one embodiment, a processor includes instruction logic and state management logic. The instruction logic is to receive a state management instruction having a parameter to identify a subset of the features supported by the processor. The state management logic is to perform a state management operation specified by the state management instruction. | 02-14-2013 |
20130219154 | CONTEXT STATE MANAGEMENT FOR PROCESSOR FEATURE SETS - Embodiments of an invention related to context state management based on processor features are disclosed. In one embodiment, a processor includes instruction logic and state management logic. The instruction logic is to receive a state management instruction having a parameter to identify a subset of the features supported by the processor. The state management logic is to perform a state management operation specified by the state management instruction. | 08-22-2013 |
20140006746 | VIRTUAL MEMORY ADDRESS RANGE REGISTER | 01-02-2014 |
20140089942 | SYSTEM TO PROFILE AND OPTIMIZE USER SOFTWARE IN A MANAGED RUN-TIME ENVIRONMENT - Method, apparatus, and system for monitoring performance within a processing resource, which may be used to modify user-level software. Some embodiments of the invention pertain to an architecture to allow a user to improve software running on a processing resources on a per-thread basis in real-time and without incurring significant processing overhead. | 03-27-2014 |
20140189261 | ACCESS TYPE PROTECTION OF MEMORY RESERVED FOR USE BY PROCESSOR LOGIC - A processor of an aspect includes operation mode check logic to determine whether to allow an attempted access to an operation mode and access type protected memory based on an operation mode that is to indicate whether the attempted access is by an on-die processor logic. Access type check logic is to determine whether to allow the attempted access to the operation mode and access type protected memory based on an access type of the attempted access to the operation mode and access type protected memory. Protection logic is coupled with the operation mode check logic and is coupled with the access type check logic. The protection logic is to deny the attempted access to the operation mode and access type protected memory if at least one of the operation mode check logic and the access type check logic determines not to allow the attempted access. | 07-03-2014 |
20140189274 | APPARATUS AND METHOD FOR PAGE WALK EXTENSION FOR ENHANCED SECURITY CHECKS - An apparatus and method for managing a protection table by a processor. For example, a processor according to one embodiment of the invention comprises: protection table management logic to manage a protection table, the protection table having an entry for each protected page or each group of protected pages in memory; wherein the protection table management logic prevents direct access to the protection table by user application program code and operating system program code but permits direct access by the processor. | 07-03-2014 |
20140189325 | PAGING IN SECURE ENCLAVES - Embodiments of an invention for paging in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction. The execution unit is to execute the first instruction, wherein execution of the first instruction includes evicting a first page from an enclave page cache. | 07-03-2014 |
20140189326 | MEMORY MANAGEMENT IN SECURE ENCLAVES - Embodiments of an invention for memory management in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction and a second instruction. The execution unit is to execute the first instruction, wherein execution of the first instruction includes allocating a page in an enclave page cache to a secure enclave. The execution unit is also to execute the second instruction, wherein execution of the second instruction includes confirming the allocation of the page. | 07-03-2014 |
20140223197 | METHOD AND APPARATUS FOR MEMORY ENCRYPTION WITH INTEGRITY CHECK AND PROTECTION AGAINST REPLAY ATTACKS - A method and apparatus to provide cryptographic integrity checks and replay protection to protect against hardware attacks on system memory is provided. A mode of operation for block ciphers enhances the standard XTS-AES mode of operation to perform memory encryption by extending a tweak to include a “time stamp” indicator. A tree-based replay protection scheme uses standard XTS-AES to encrypt contents of a cache line in the system memory. A Message-Authentication Code (MAC) for the cache line is encrypted using enhanced XTS-AES and a “time stamp” indicator associated with the cache line. The “time stamp indicator” is stored in a processor. | 08-07-2014 |
20140297962 | INSTRUCTIONS AND LOGIC TO PROVIDE ADVANCED PAGING CAPABILITIES FOR SECURE ENCLAVE PAGE CACHES - Instructions and logic provide advanced paging capabilities for secure enclave page caches. Embodiments include multiple hardware threads or processing cores, a cache to store secure data for a shared page address allocated to a secure enclave accessible by the hardware threads. A decode stage decodes a first instruction specifying said shared page address as an operand, and execution units mark an entry corresponding to an enclave page cache mapping for the shared page address to block creation of a new translation for either of said first or second hardware threads to access the shared page. A second instruction is decoded for execution, the second instruction specifying said secure enclave as an operand, and execution units record hardware threads currently accessing secure data in the enclave page cache corresponding to the secure enclave, and decrement the recorded number of hardware threads when any of the hardware threads exits the secure enclave. | 10-02-2014 |
20150033012 | SECURE PROCESSING ENVIRONMENT MEASUREMENT AND ATTESTATION - Embodiments of an invention for secure processing environment measurement and attestation are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction associated with a build or a rebuild of a secure enclave. The execution unit is to execute the first instruction. Execution of the first instruction, when associated with the build, includes calculation of a first measurement and a second measurement of the secure enclave. Execution of the first instruction, when associated with the rebuild, includes calculation of the second measurement without calculation of the first measurement. | 01-29-2015 |
20150033034 | MEASURING A SECURE ENCLAVE - Embodiments of an invention for measuring a secure enclave are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first, a second, and a third instruction. The execution unit is to execute the first, the second, and the third instruction. Execution of the first instruction includes initializing a measurement field in a control structure of a secure enclave with an initial value. Execution of the second instruction includes adding a region to the secure enclave. Execution of the third instruction includes measuring a subregion of the region. | 01-29-2015 |
20150033316 | FEATURE LICENSING IN A SECURE PROCESSING ENVIRONMENT - Embodiments of an invention for feature licensing in a secure processing environment are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction to initialize a secure enclave. The execution unit is to execute the instruction. Execution of the instruction includes determining whether a requested feature is licensed for use in the secure enclave. | 01-29-2015 |
20150089173 | SECURE MEMORY REPARTITIONING - Secure memory repartitioning technologies are described. A processor includes a processor core and a memory controller coupled between the processor core and main memory. The main memory includes a memory range including a section of convertible pages are convertible to secure pages or non-secure pages. The processor core, in response to a page conversion instruction, is to determine from the instruction a convertible page in the memory range to be converted and convert the convertible page to be at least one of a secure page or a non-secure page. The memory range may also include a hardware reserved section are convertible in response to a section conversion instruction. | 03-26-2015 |