Patents by Inventor Amy L. Santoni

Amy L. Santoni has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20200226074
    Abstract: In one embodiment, an apparatus comprises a processor to read a data line from memory in response to a read request from a VM. The data line comprises encrypted memory data. The apparatus also comprises a memory encryption circuit in the processor. The memory encryption circuit is to use an address of the read request to select an entry from a P2K table; obtain a key identifier from the selected entry of the P2K table; use the key identifier to select a key for the read request; and use the selected key to decrypt the encrypted memory data into decrypted memory data. The processor is further to make the decrypted memory data available to the VM. The P2K table comprises multiple entries, each comprising (a) a key identifier for a page of memory and (b) an encrypted address for that page of memory. Other embodiments are described and claimed.
    Type: Application
    Filed: March 27, 2020
    Publication date: July 16, 2020
    Inventors: David M. Durham, Siddhartha Chhabra, Amy L. Santoni, Gilbert Neiger, Barry E. Huntley, Hormuzd M. Khosravi, Baiju V. Patel, Ravi L. Sahita, Gideon Gerzon, Ido Ouziel, Ioannis T. Schoinas, Rajesh M. Sankaran
  • Publication number: 20200202012
    Abstract: An integrated circuit includes a core and memory controller coupled to a last level cache (LLC). A first key identifier for a first program is associated with physical addresses of memory that store data of the first program. To flush and invalidate cache lines associated with the first key identifier, the core is to execute an instruction (having the first key identifier) to generate a transaction with the first key identifier. In response to the transaction, a cache controller of the LLC is to: identify matching entries in the LLC by comparison of first key identifier with at least part of an address tag of a plurality of entries in a tag storage structure of the LLC, the matching entries associated with cache lines of the LLC; write back, to the memory, data stored in the cache lines; and mark the matching entries of the tag storage structure as invalid.
    Type: Application
    Filed: December 20, 2018
    Publication date: June 25, 2020
    Inventors: Vedvyas SHANBHOGUE, Stephen VAN DOREN, Gilbert NEIGER, Barry E. HUNTLEY, Amy L. SANTONI, Raghunandan MAKARAM, Hormuzd KHOSRAVI, Siddhartha CHHABRA
  • Patent number: 10671740
    Abstract: A processor implementing techniques for supporting configurable security levels for memory address ranges is disclosed. In one embodiment, the processor includes a processing core a memory controller, operatively coupled to the processing core, to access data in an off-chip memory and a memory encryption engine (MEE) operatively coupled to the memory controller. The MEE is to responsive to detecting a memory access operation with respect to a memory location identified by a memory address within a memory address range associated with the off-chip memory, identify a security level indicator associated with the memory location based on a value stored on a security range register. The MEE is further to access at least a portion of a data item associated with the memory address range of the off-chip memory in view of the security level indicator.
    Type: Grant
    Filed: April 5, 2018
    Date of Patent: June 2, 2020
    Assignee: Intel Corporation
    Inventors: Binata Bhattacharyya, Raghunandan Makaram, Amy L. Santoni, George Z. Chrysos, Simon P. Johnson, Brian S. Morris, Francis X. McKeen
  • Patent number: 10657071
    Abstract: In one embodiment, a cryptographic circuit is adapted to receive a data line including at least an encrypted portion from a memory in response to a read request having a memory address from a first agent, obtain a key identifier for a key of the first agent from the data line, obtain the key using the key identifier, decrypt the at least encrypted portion of the data line using the key and send decrypted data of the at least encrypted portion of the data line to the first agent. Other embodiments are described and claimed.
    Type: Grant
    Filed: September 25, 2017
    Date of Patent: May 19, 2020
    Assignee: Intel Corporation
    Inventors: David M. Durham, Siddhartha Chhabra, Amy L. Santoni, Gilbert Neiger, Barry E. Huntley, Hormuzd M. Khosravi, Baiju V. Patel, Ravi L. Sahita, Gideon Gerzon, Ido Ouziel, Ioannis T. Schoinas, Rajesh M. Sankaran
  • Patent number: 10491381
    Abstract: A processor, including: a core; system test circuitry, the system test circuitry configured to be locked except during an in-field system test (IFST) mode; IFST control circuitry; and a test interface controller, including: a data interface to receive a test packet; a parser to parse the test packet into a key, a signature, and a stored hash-of-hashes; a decryption circuit to decrypt the signature according to the key and to generate a computed hash-of-hashes; a hash circuit to verify the stored hash-of-hashes against the computed hash-of-hashes; and an IFST interface, wherein the test interface controller is to signal the IFST control circuitry to place the system test circuitry in IFST mode.
    Type: Grant
    Filed: June 29, 2017
    Date of Patent: November 26, 2019
    Assignee: Intel Corporation
    Inventors: Neel Shah, Kirk S. Yap, Amy L. Santoni, Michael Neve de Mevergnies, Oscar Mendoza, Sreejit Chakravarty, Ramasubramanian Rajamani, Bryan J. Gran, Sorin Iacobovici
  • Publication number: 20190324918
    Abstract: A processor for supporting secure memory intent is disclosed. The processor of the disclosure includes a memory execution unit to access memory and a processor core coupled to the memory execution unit. The processor core is to receive a request to access a convertible page of the memory. In response to the request, the processor core to determine an intent for the convertible page in view of a page table entry (PTE) corresponding to the convertible page. The intent indicates whether the convertible page is to be accessed as at least one of a secure page or a non-secure page.
    Type: Application
    Filed: May 3, 2019
    Publication date: October 24, 2019
    Inventors: Krystof C. Zmudzinski, Siddhartha Chhabra, Uday R. Savagaonkar, Simon P. Johnson, Rebekah M. Leslie-Hurd, Francis X. McKeen, Gilbert Neiger, Raghunandan Makaram, Carlos V. Rozas, Amy L. Santoni, Vincent R. Scarlata, Vedvyas Shanbhogue, Ilya Alexandrovich, Ittai Anati, Wesley H. Smith, Michael Goldsmith
  • Patent number: 10282306
    Abstract: A processor for supporting secure memory intent is disclosed. The processor of the disclosure includes a memory execution unit to access memory and a processor core coupled to the memory execution unit. The processor core is to receive a request to access a convertible page of the memory. In response to the request, the processor core to determine an intent for the convertible page in view of a page table entry (PTE) corresponding to the convertible page. The intent indicates whether the convertible page is to be accessed as at least one of a secure page or a non-secure page.
    Type: Grant
    Filed: January 3, 2018
    Date of Patent: May 7, 2019
    Assignee: Intel Corporation
    Inventors: Krystof C. Zmudzinski, Siddhartha Chhabra, Uday R. Savagaonkar, Simon P. Johnson, Rebekah M. Leslie-Hurd, Francis X. McKeen, Gilbert Neiger, Raghunandan Makaram, Carlos V. Rozas, Amy L. Santoni, Vincent R. Scarlata, Vedvyas Shanbhogue, Ilya Alexandrovich, Ittai Anati, Wesley H. Smith, Michael Goldsmith
  • Publication number: 20190095350
    Abstract: In one embodiment, a cryptographic circuit is adapted to receive a data line including at least an encrypted portion from a memory in response to a read request having a memory address from a first agent, obtain a key identifier for a key of the first agent from the data line, obtain the key using the key identifier, decrypt the at least encrypted portion of the data line using the key and send decrypted data of the at least encrypted portion of the data line to the first agent. Other embodiments are described and claimed.
    Type: Application
    Filed: September 25, 2017
    Publication date: March 28, 2019
    Inventors: David M. Durham, Siddhartha Chhabra, Amy L. Santoni, Gilbert Neiger, Barry E. Huntley, Hormuzd M. Khosravi, Baiju V. Patel, Ravi L. Sahita, Gideon Gerzon, Ido Ouziel, Ioannis T. Schoinas, Rajesh M. Sankaran
  • Patent number: 10230528
    Abstract: Systems and methods for memory protection for implementing trusted execution environment. An example processing system comprises: an on-package memory; a memory encryption engine (MEE) comprising a MEE cache, the MEE to: responsive to failing to locate, within the MEE cache, an encryption metadata associated with a data item loaded from an external memory, retrieve at least part of the encryption metadata from the OPM, and validate the data item using the encryption metadata.
    Type: Grant
    Filed: May 4, 2015
    Date of Patent: March 12, 2019
    Assignee: Intel Corporation
    Inventors: Binata Bhattacharyya, Amy L. Santoni, Raghunandan Makaram, Francis X. McKeen, Simon P. Johnson, George Z. Chrysos, Siddhartha Chhabra
  • Publication number: 20190004973
    Abstract: In one embodiment, an apparatus comprises a processor to execute instruction(s), wherein the instructions comprise a memory access operation associated with a memory location of a memory. The apparatus further comprises a memory encryption controller to: identify the memory access operation; determine that the memory location is associated with a protected domain, wherein the protected domain is associated with a protected memory region of the memory, and wherein the protected domain is identified from a plurality of protected domains associated with a plurality of protected memory regions of the memory; identify an encryption key associated with the protected domain; perform a cryptography operation on data associated with the memory access operation, wherein the cryptography operation is performed based on the encryption key associated with the protected domain; and return a result of the cryptography operation, wherein the result is to be used for the memory access operation.
    Type: Application
    Filed: June 28, 2017
    Publication date: January 3, 2019
    Applicant: Intel Corporation
    Inventors: Siddhartha Chhabra, Hormuzd M. Khosravi, Gideon Gerzon, Barry E. Huntley, Gilbert Neiger, Ido Ouziel, Baiju Patel, Ravi L. Sahita, Amy L. Santoni, Ioannis T. Schoinas
  • Publication number: 20190004112
    Abstract: A processor, including: a core; system test circuitry, the system test circuitry to be locked during operational processor operation; reset circuitry including a kick-off test (KOT) input, the reset circuitry to detect a reset with the KOT input asserted, and to initiate an in-field system test (IFST) mode; a test interface controller to receive in IFST mode an encrypted test packet having a signature, verify the signature of the test packet, and decrypt the test packet; and IFST control circuitry to cause the system test circuitry to perform an IFST test according to the decrypted test packet and to log or report results.
    Type: Application
    Filed: June 29, 2017
    Publication date: January 3, 2019
    Inventors: Sreejit Chakravarty, Oscar Mendoza, Ramasubramanian Rajamani, Bryan J. Gran, Sorin Iacobovici, Neel Shah, Michael Neve de Mevergnies, John Cruz Mejia, Amy L. Santoni
  • Publication number: 20190007200
    Abstract: A processor, including: a core; system test circuitry, the system test circuitry configured to be locked except during an in-field system test (IFST) mode; IFST control circuitry; and a test interface controller, including: a data interface to receive a test packet; a parser to parse the test packet into a key, a signature, and a stored hash-of-hashes; a decryption circuit to decrypt the signature according to the key and to generate a computed hash-of-hashes; a hash circuit to verify the stored hash-of-hashes against the computed hash-of-hashes; and an IFST interface, wherein the test interface controller is to signal the IFST control circuitry to place the system test circuitry in IFST mode.
    Type: Application
    Filed: June 29, 2017
    Publication date: January 3, 2019
    Inventors: Neel Shah, Kirk S. Yap, Amy L. Santoni, Michael Neve de Mevergnies, Oscar Mendoza, Sreejit Chakravarty, Ramasubramanian Rajamani, Bryan J. Gran, Sorin Iacobovici
  • Publication number: 20180365438
    Abstract: A processor implementing techniques for supporting configurable security levels for memory address ranges is disclosed. In one embodiment, the processor includes a processing core a memory controller, operatively coupled to the processing core, to access data in an off-chip memory and a memory encryption engine (MEE) operatively coupled to the memory controller. The MEE is to responsive to detecting a memory access operation with respect to a memory location identified by a memory address within a memory address range associated with the off-chip memory, identify a security level indicator associated with the memory location based on a value stored on a security range register. The MEE is further to access at least a portion of a data item associated with the memory address range of the off-chip memory in view of the security level indicator.
    Type: Application
    Filed: April 5, 2018
    Publication date: December 20, 2018
    Inventors: Binata Bhattacharyya, Raghunandan Makaram, Amy L. Santoni, George Z. Chrysos, Simon P. Johnson, Brian S. Morris, Francis X. McKeen
  • Publication number: 20180239713
    Abstract: A processor for supporting secure memory intent is disclosed. The processor of the disclosure includes a memory execution unit to access memory and a processor core coupled to the memory execution unit. The processor core is to receive a request to access a convertible page of the memory. In response to the request, the processor core to determine an intent for the convertible page in view of a page table entry (PTE) corresponding to the convertible page. The intent indicates whether the convertible page is to be accessed as at least one of a secure page or a non-secure page.
    Type: Application
    Filed: January 3, 2018
    Publication date: August 23, 2018
    Inventors: Krystof C. Zmudzinski, Siddhartha Chhabra, Uday R. Savagaonkar, Simon P. Johnson, Rebekah M. Leslie-Hurd, Francis X. McKeen, Gilbert Neiger, Raghunandan Makaram, Carlos V. Rozas, Amy L. Santoni, Vincent R. Scarlata, Vedvyas Shanbhogue, Ilya Alexandrovich, Ittai Anati, Wesley H. Smith, Michael Goldsmith
  • Patent number: 9959418
    Abstract: A processor implementing techniques for supporting configurable security levels for memory address ranges is disclosed. In one embodiment, the processor includes a processing core a memory controller, operatively coupled to the processing core, to access data in an off-chip memory and a memory encryption engine (MEE) operatively coupled to the memory controller. The MEE is to responsive to detecting a memory access operation with respect to a memory location identified by a memory address within a memory address range associated with the off-chip memory, identify a security level indicator associated with the memory location based on a value stored on a security range register. The MEE is further to access at least a portion of a data item associated with the memory address range of the off-chip memory in view of the security level indicator.
    Type: Grant
    Filed: July 20, 2015
    Date of Patent: May 1, 2018
    Assignee: Intel Corporation
    Inventors: Binata Bhattacharyya, Raghunandan Makaram, Amy L. Santoni, George Z. Chrysos, Simon P. Johnson, Brian S. Morris, Francis X. McKeen
  • Patent number: 9875189
    Abstract: A processor for supporting secure memory intent is disclosed. The processor of the disclosure includes a memory execution unit to access memory and a processor core coupled to the memory execution unit. The processor core is to receive a request to access a convertible page of the memory. In response to the request, the processor core to determine an intent for the convertible page in view of a page table entry (PTE) corresponding to the convertible page. The intent indicates whether the convertible page is to be accessed as at least one of a secure page or a non-secure page.
    Type: Grant
    Filed: June 12, 2015
    Date of Patent: January 23, 2018
    Assignee: Intel Corporation
    Inventors: Krystof C. Zmudzinski, Siddhartha Chhabra, Uday R. Savagaonkar, Simon P. Johnson, Rebekah M. Leslie-Hurd, Francis X. McKeen, Gilbert Neiger, Raghunandan Makaram, Carlos V. Rozas, Amy L. Santoni, Vincent R. Scarlata, Vedvyas Shanbhogue, Ilya Alexandrovich, Ittai Anati, Wesley H. Smith, Michael Goldsmith
  • Patent number: 9767044
    Abstract: Secure memory repartitioning technologies are described. A processor includes a processor core and a memory controller coupled between the processor core and main memory. The main memory includes a memory range including a section of convertible pages that are convertible to secure pages or non-secure pages. The processor core, in response to a page conversion instruction, is to determine from the instruction a convertible page in the memory range to be converted and convert the convertible page to be at least one of a secure page or a non-secure page. The memory range may also include a hardware reserved section that is convertible in response to a section conversion instruction.
    Type: Grant
    Filed: September 24, 2013
    Date of Patent: September 19, 2017
    Assignee: Intel Corporation
    Inventors: Siddhartha Chhabra, Uday R. Savagaonkar, Michael A. Goldsmith, Simon P. Johnson, Rebekah M. Leslie-Hurd, Francis X. McKeen, Gilbert Neiger, Raghunandan Makaram, Carlos V. Rozas, Amy L. Santoni, Vincent R. Scarlata, Vedvyas Shanbhogue, Wesley H. Smith, Ittai Anati, Ilya Alexandrovich
  • Patent number: 9612930
    Abstract: In an embodiment, a processor includes at least one core, a power management unit having a first test register including a first field to store a test patch identifier associated with a test patch and a second field to store a test mode indicator to request a core functionality test, and a microcode storage to store microcode to be executed by the at least one core. Responsive to the test patch identifier, the microcode may access a firmware interface table and obtain the test patch from a non-volatile storage according to an address obtained from the firmware interface table. Other embodiments are described and claimed.
    Type: Grant
    Filed: June 12, 2015
    Date of Patent: April 4, 2017
    Assignee: Intel Corporation
    Inventors: Vedvyas Shanbhogue, Eric Rasmussen, Deep K. Buch, Gordon McFadden, Kameswar Subramaniam, Amy L. Santoni, Willard M. Wiseman, Bret L. Toll
  • Publication number: 20170024573
    Abstract: A processor implementing techniques for supporting configurable security levels for memory address ranges is disclosed. In one embodiment, the processor includes a processing core a memory controller, operatively coupled to the processing core, to access data in an off-chip memory and a memory encryption engine (MEE) operatively coupled to the memory controller. The MEE is to responsive to detecting a memory access operation with respect to a memory location identified by a memory address within a memory address range associated with the off-chip memory, identify a security level indicator associated with the memory location based on a value stored on a security range register. The MEE is further to access at least a portion of a data item associated with the memory address range of the off-chip memory in view of the security level indicator.
    Type: Application
    Filed: July 20, 2015
    Publication date: January 26, 2017
    Inventors: Binata Bhattacharyya, Raghunandan Makaram, Amy L. Santoni, George Z. Chrysos, Simon P. Johnson, Brian S. Morris, Francis X. McKeen
  • Publication number: 20160364308
    Abstract: In an embodiment, a processor includes at least one core, a power management unit having a first test register including a first field to store a test patch identifier associated with a test patch and a second field to store a test mode indicator to request a core functionality test, and a microcode storage to store microcode to be executed by the at least one core. Responsive to the test patch identifier, the microcode may access a firmware interface table and obtain the test patch from a non-volatile storage according to an address obtained from the firmware interface table. Other embodiments are described and claimed.
    Type: Application
    Filed: June 12, 2015
    Publication date: December 15, 2016
    Inventors: Vedvyas Shanbhogue, Eric Rasmussen, Deep K. Buch, Gordon McFadden, Kameswar Subramaniam, Amy L. Santoni, Willard M. Wiseman, Bret L. Toll