Abstract: An apparatus comprising a CPU core configured to execute instructions and consume data. The apparatus includes a memory configured to store the instructions and the data. A memory protection shim is coupled to the CPU core and the memory. The memory protection shim is configured to perform transformations over digital blocks to perform at least one of authentication or decryption of the digital blocks received from the memory. The memory protection shim is coupled to the CPU core in a fashion that prevents egress of the digital blocks or ingress of other external digital blocks between the memory protection shim and the CPU core.

Abstract: An apparatus comprising a CPU core configured to execute instructions and consume data. The apparatus includes a memory configured to store the instructions and the data. A memory protection shim is coupled to the CPU core and the memory. The memory protection shim is configured to perform transformations over digital blocks to perform at least one of authentication or decryption of the digital blocks received from the memory. The memory protection shim is coupled to the CPU core in a fashion that prevents egress of the digital blocks or ingress of other external digital blocks between the memory protection shim and the CPU core.

Abstract: An apparatus comprising a CPU core configured to execute instructions and consume data. The apparatus includes a memory configured to store the instructions and the data. A memory protection shim is coupled to the CPU core and the memory. The memory protection shim is configured to perform transformations over digital blocks to perform at least one of authentication or decryption of the digital blocks received from the memory. The memory protection shim is coupled to the CPU core in a fashion that prevents egress of the digital blocks or ingress of other external digital blocks between the memory protection shim and the CPU core.

Abstract: Hardware enforced CPU core protection by identification of digital blocks as instructions or data. A method includes, at a memory controller shim, receiving, from a CPU core, a memory read request. The memory read request comprises an address for a block. The block at the address is requested from a memory. The block is received from the memory. At least one of a decryption key or an authentication key is accessed. At least one of a decryption transformation or an authentication transformation is performed on the block using the decryption key or the authentication key. When the decryption transformation or authentication transformation is deemed valid, a plain text version of the block is returned to the CPU core for consumption. When the decryption transformation or authentication transformation is deemed invalid, the CPU core is prevented from consuming the plain text version of the block.

Abstract: Hardware enforced CPU core protection by identification of digital blocks as instructions or data. A method includes, at a memory controller shim, receiving, from a CPU core, a memory read request. The memory read request comprises an address for a block. The block at the address is requested from a memory. The block is received from the memory. At least one of a decryption key or an authentication key is accessed. At least one of a decryption transformation or an authentication transformation is performed on the block using the decryption key or the authentication key. When the decryption transformation or authentication transformation is deemed valid, a plain text version of the block is returned to the CPU core for consumption. When the decryption transformation or authentication transformation is deemed invalid, the CPU core is prevented from consuming the plain text version of the block.

Abstract: In one embodiment, an encoded pointer is constructed from a stack pointer that includes offset. The encoded pointer includes the offset value and ciphertext that is based on encrypting a portion of a decorated pointer that includes a maximum offset value. Stack data is encrypted based on the encoded pointer, and the encoded pointer is stored in a stack pointer register of a processor. To access memory, a decoded pointer is constructed based on decrypting the ciphertext of the encoded pointer and the offset value. Encrypted stack data is accessed based on the decoded pointer, and the encrypted stack is decrypted based on the encoded pointer.

Abstract: A processor includes a register to store an encoded pointer to a variable in stack memory. The encoded pointer includes an encrypted portion and a fixed plaintext portion of a memory address corresponding to the variable. The processor further includes circuitry to, in response to a memory access request for associated with the variable, decrypt the encrypted portion of the encoded pointer to obtain first upper address bits of the memory address and a memory allocation size for a variable, decode the encoded pointer to obtain the memory address, verify the memory address is valid based, at least in part on the memory allocation size, and in response to determining that the memory address is valid, allow the memory access request.

Abstract: A processor, a system, a machine readable medium, and a method.

Abstract: In one embodiment, an encoded pointer is constructed from a stack pointer that includes offset. The encoded pointer includes the offset value and ciphertext that is based on encrypting a portion of a decorated pointer that includes a maximum offset value. Stack data is encrypted based on the encoded pointer, and the encoded pointer is stored in a stack pointer register of a processor. To access memory, a decoded pointer is constructed based on decrypting the ciphertext of the encoded pointer and the offset value. Encrypted stack data is accessed based on the decoded pointer, and the encrypted stack is decrypted based on the encoded pointer.

Abstract: A processor includes a register to store an encoded pointer to a variable in stack memory. The encoded pointer includes an encrypted portion and a fixed plaintext portion of a memory address corresponding to the variable. The processor further includes circuitry to, in response to a memory access request for associated with the variable, decrypt the encrypted portion of the encoded pointer to obtain first upper address bits of the memory address and a memory allocation size for a variable, decode the encoded pointer to obtain the memory address, verify the memory address is valid based, at least in part on the memory allocation size, and in response to determining that the memory address is valid, allow the memory access request.