Abstract: An apparatus and method for switching between different types of paging using separate control registers and without disabling paging. For example, one embodiment of a processor comprises: a first control register to store a first base address of a first paging structure associated with a first type of paging having a first number of paging structure levels; a second control register to store a second base address of a second paging structure associated with a first type of paging having a second number of paging structure levels greater than the first number of paging structure levels; page walk circuitry to select either the first base address from the first control register or the second base address from the second control register responsive to a first address translation request, the selection based on a characteristic of program code initiating the address translation request.

Abstract: An apparatus and method for implementing a new virtualized execution environment while supporting instructions and operations of a legacy virtualized execution environment.

Abstract: Techniques for using CPUID for showing features that are deprecated are described. In some examples, CPUID is to include at least one field for an opcode, one or more fields to identify a source operand which is to store a LSL selector value, and one or more fields to identify a destination register operand, wherein the opcode is to indicate that execution circuitry is to, when the single instruction has been enabled by a setting of a bit in a control register, write a LSL value stored in the control register to the destination operand when the LSL selector value of the first source register operand matches a LSL selector value stored in the control register, and set a flag in a flags register.

Abstract: Techniques relating to virtual idle loops are described. In an embodiment, decoder circuitry decodes a single instruction. The single instruction includes a field for an identifier of a first source operand, a field for an identifier of a second source operand, a field for an identifier of a destination operand, and a field for an opcode. Execution circuitry executes the decoded instruction according to the opcode to: write the first source operand to a memory location identified by the second source operand; compute an index into a control array based at least in part on the destination operand; and determine whether to exit to a hypervisor of a Virtual Machine (VM) based at least in part on data stored at a location in the control array, wherein the location is to be identified by the computed index. Other embodiments are also disclosed and claimed.

Abstract: Techniques for CPUID are described. In some examples, a CPUID instruction is to include at least one field for an opcode, the opcode to indicate execution circuitry is to return processor identification and feature information determined by input into a first register and a second register, wherein the processor identification and feature information is to include an indication of an availability of a second execution mode that at least deprecates features of a first execution.

Abstract: Techniques for supporting a far jump and IRET are described. An example far jump instruction support includes support for a single instruction to include at least one field for an opcode and one or more fields for an operand, wherein the opcode is to indicate execution circuitry is to perform a far jump and the operand is to specify an address to be jumped to, wherein an operand size attribute of the instance of the instruction is 32-bit or greater and the instruction has been enabled by a setting of a bit in a compatibility control register.

Abstract: Systems, methods, and apparatuses relating to performing hashing operations on packed data elements are described.

Abstract: Detailed herein are examples of determining when to allow access to a trusted execution environment (TEE). For example, using TEE logic associated with software to at least in part: determine that a TEE feature is supported based at least on a value of a bit position in a data structure; and not allow a TEE entry instruction to access to a TEE when the bit position of the data structure is reserved.

Abstract: A processor includes a decode unit to decode an instruction that is to indicate a page of a protected container memory, and a storage location outside of the protected container memory. An execution unit, in response to the instruction, is to ensure that there are no writable references to the page of the protected container memory while it has a write protected state. The execution unit is to encrypt a copy of the page of the protected container memory. The execution unit is to store the encrypted copy of the page to the storage location outside of the protected container memory, after it has been ensured that there are no writable references. The execution unit is to leave the page of the protected container memory in the write protected state, which is also valid and readable, after the encrypted copy has been stored to the storage location.

Abstract: Systems and techniques of the present disclosure may provide remote debugging of an integrated circuit (IC) device while preventing unauthorized access of device intellectual property (IP). A system may include an IC device that generates an encrypted session key and an interface that enables communication between the IC device and a remote debugging site. The interface may enable the IC device to send the encrypted the encrypted session key to initiate a remote debug process, receive an acknowledgement from the remote debugging session, and authenticate the acknowledgement. Further, the interface may enable to the IC device to initiate a secure debug session between the IC device and the remote debugging site.

Abstract: Systems, methods, and apparatuses relating efficient exception handling in trusted execution environments are described. In an embodiment, a hardware processor includes a register, a decoder, and execution circuitry. The register has a field to be set to enable an architecturally protected execution environment at one of a plurality of contexts for code in an architecturally protected enclave in memory. The decoder is to decode an instruction having a format including a field for an opcode, the opcode to indicate that the execution circuitry is to perform a context change. The execution circuitry is to perform one or more operations corresponding to the instruction, the one or more operations including changing, within the architecturally protected enclave, from a first context to a second context.

Abstract: Systems, methods, and apparatuses relating to performing hashing operations on packed data elements are described.

Abstract: A processor for supporting secure memory intent is disclosed. The processor of the disclosure includes a memory execution unit to access memory and a processor core coupled to the memory execution unit. The processor core is to receive a request to access a convertible page of the memory. In response to the request, the processor core to determine an intent for the convertible page in view of a page table entry (PTE) corresponding to the convertible page. The intent indicates whether the convertible page is to be accessed as at least one of a secure page or a non-secure page.

Abstract: Systems, methods, and apparatuses relating to performing hashing operations on packed data elements are described.

Abstract: A processor for supporting secure memory intent is disclosed. The processor of the disclosure includes a memory execution unit to access memory and a processor core coupled to the memory execution unit. The processor core is to receive a request to access a convertible page of the memory. In response to the request, the processor core to determine an intent for the convertible page in view of a page table entry (PTE) corresponding to the convertible page. The intent indicates whether the convertible page is to be accessed as at least one of a secure page or a non-secure page.

Abstract: Systems, methods, and apparatuses relating to performing hashing operations on packed data elements are described.

Abstract: Systems, methods, and apparatuses relating to performing hashing operations on packed data elements are described.

Abstract: Processors in computerized systems can be targeted by hostile actors seeking to bypass security policies and may employ published or otherwise known vulnerabilities. Embodiments may include security subsystems and methods of operation that identify known vulnerabilities during execution and implement countermeasures or enforce security policies.

Abstract: A processor or system includes a processor core to execute a set of instructions to determine that a memory encryption mode is enabled. The memory encryption mode is to cause data stored to memory to be encrypted and data retrieved from the memory to be decrypted. The processor core is further to determine that a debug mode has been enabled and, responsive to a determination that the debug mode has been enabled, generate a second encryption key different than a first encryption key employed before reboot of a computing system. The processor core is further to transmit the second encryption key to a cryptographic engine for use in encryption and decryption of the data according to the memory encryption mode.

Abstract: A processor includes a decode unit to decode an instruction that is to indicate a page of a protected container memory, and a storage location outside of the protected container memory. An execution unit, in response to the instruction, is to ensure that there are no writable references to the page of the protected container memory while it has a write protected state. The execution unit is to encrypt a copy of the page of the protected container memory. The execution unit is to store the encrypted copy of the page to the storage location outside of the protected container memory, after it has been ensured that there are no writable references. The execution unit is to leave the page of the protected container memory in the write protected state, which is also valid and readable, after the encrypted copy has been stored to the storage location.