Publication number: 20210117535
Abstract: Disclosed embodiments relate to encoded inline capabilities. In one example, a system includes a trusted execution environment (TEE) to partition an address space within a memory into a plurality of compartments each associated with code to execute a function, the TEE further to assign a message object in a heap to each compartment, receive a request from a first compartment to send a message block to a specified destination compartment, respond to the request by authenticating the request, generating a corresponding encoded capability, conveying the encoded capability to the destination compartment, and scheduling the destination compartment to respond to the request, and subsequently, respond to a check capability request from the destination compartment by checking the encoded capability and, when the check passes, providing a memory address to access the message block, and, otherwise, generating a fault, wherein each compartment is isolated from other compartments.
Type:
Application
Filed:
December 7, 2020
Publication date:
April 22, 2021
Inventors:
Michael LEMAY, David M. DURHAM, Michael E. KOUNAVIS, Barry E. HUNTLEY, Vedvyas SHANBHOGUE, Jason W. BRANDT, Josh TRIPLETT, Gilbert NEIGER, Karanvir GREWAL, Baiju PATEL, Ye ZHUANG, Jr-Shian TSAI, Vadim SUKHOMLINOV, Ravi SAHITA, Mingwei ZHANG, James C. FARWELL, Amitabh DAS, Krishna BHUYAN
Patent number: 10860709
Abstract: Disclosed embodiments relate to encoded inline capabilities. In one example, a system includes a trusted execution environment (TEE) to partition an address space within a memory into a plurality of compartments each associated with code to execute a function, the TEE further to assign a message object in a heap to each compartment, receive a request from a first compartment to send a message block to a specified destination compartment, respond to the request by authenticating the request, generating a corresponding encoded capability, conveying the encoded capability to the destination compartment, and scheduling the destination compartment to respond to the request, and subsequently, respond to a check capability request from the destination compartment by checking the encoded capability and, when the check passes, providing a memory address to access the message block, and, otherwise, generating a fault, wherein each compartment is isolated from other compartments.
Type:
Grant
Filed:
June 29, 2018
Date of Patent:
December 8, 2020
Assignee:
Intel Corporation
Inventors:
Michael Lemay, David M. Durham, Michael E. Kounavis, Barry E. Huntley, Vedvyas Shanbhogue, Jason W. Brandt, Josh Triplett, Gilbert Neiger, Karanvir Grewal, Baiju V. Patel, Ye Zhuang, Jr-Shian Tsai, Vadim Sukhomlinov, Ravi Sahita, Mingwei Zhang, James C. Farwell, Amitabh Das, Krishna Bhuyan