Patents by Inventor Barry E. Huntley

Barry E. Huntley has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10713177
    Abstract: A processing system includes a processing core to execute a virtual machine (VM) comprising a guest operating system (OS) and a memory management unit, communicatively coupled to the processing core, comprising a storage device to store an extended page table entry (EPTE) comprising a mapping from a guest physical address (GPA) associated with the guest OS to an identifier of a memory frame, a first plurality of access right flags associated with accessing the memory frame in a first page mode referenced by an attribute of a memory page identified by the GPA, and a second plurality of access right flags associated with accessing the memory frame in a second page mode referenced by the attribute of the memory page identified by the GPA.
    Type: Grant
    Filed: September 9, 2016
    Date of Patent: July 14, 2020
    Assignee: Intel Corporation
    Inventors: Gilbert Neiger, Baiju V. Patel, Gur Hildesheim, Ron Rais, Andrew V. Anderson, Jason W. Brandt, David M. Durham, Barry E. Huntley, Raanan Sade, Ravi L. Sahita, Vedvyas Shanbhogue, Arumugam Thiyagarajah
  • Patent number: 10713195
    Abstract: Embodiments of an invention interrupts between virtual machines are disclosed. In an embodiment, a processor includes an instruction unit and an execution unit, both implemented at least partially in hardware of the processor. The instruction unit is to receive an instruction to send an interrupt to a target virtual machine. The execution unit is to execute the instruction on a sending virtual machine without exiting the sending virtual machine. Execution of the instruction includes using a handle specified by the instruction to find a posted interrupt descriptor.
    Type: Grant
    Filed: January 15, 2016
    Date of Patent: July 14, 2020
    Assignee: Intel Corporation
    Inventors: Jr-Shian Tsai, Ravi L Sahita, Mesut A Ergin, Rajesh M Sankaran, Gilbert Neiger, Jun Nakajima, Edwin Verplanke, Barry E Huntley, Tsung-Yuan C Tai
  • Patent number: 10705976
    Abstract: Examples include a processor including at least one untrusted extended page table (EPT), circuitry to execute a set of instructions of the instruction set architecture (ISA) of the processor to manage at least one secure extended page table (SEPT), and a physical address translation component to translate a guest physical address of a guest physical memory to a host physical address of a host physical memory using one of the at least one untrusted EPT and the at least one SEPT.
    Type: Grant
    Filed: June 29, 2018
    Date of Patent: July 7, 2020
    Assignee: Intel Corporation
    Inventors: Ravi Sahita, Barry E. Huntley, Vedvyas Shanbhogue, Dror Caspi, Baruch Chaikin, Gilbert Neiger, Arie Aharon, Arumugam Thiyagarajah
  • Publication number: 20200201786
    Abstract: Implementations described provide hardware support for the co-existence of restricted and non-restricted encryption keys on a computing system. Such hardware support may comprise a processor having a core, a hardware register to store a bit range to identify a number of bits, of physical memory addresses, that define key identifiers (IDs) and a partition key ID identifying a boundary between non-restricted and restricted key IDs. The core may allocate at least one of the non-restricted key IDs to a software program, such as a hypervisor. The core may further allocate a restricted key ID to a trust domain whose trust computing base does not comprise the software program. A memory controller coupled to the core may allocate a physical page of a memory to the trust domain, wherein data of the physical page of the memory is to be encrypted with an encryption key associated with the restricted key ID.
    Type: Application
    Filed: December 20, 2018
    Publication date: June 25, 2020
    Inventors: Ido OUZIEL, Arie AHARON, Dror CASPI, Baruch CHAIKIN, Jacob DOWECK, Gideon GERZON, Barry E. HUNTLEY, Francis X. MCKEEN, Gilbert NEIGER, Carlos V. ROZAS, Ravi L. SAHITA, Vedvyas SHANBHOGUE, Assaf ZALTSMAN, Hormuzd M. KHOSRAVI
  • Publication number: 20200202012
    Abstract: An integrated circuit includes a core and memory controller coupled to a last level cache (LLC). A first key identifier for a first program is associated with physical addresses of memory that store data of the first program. To flush and invalidate cache lines associated with the first key identifier, the core is to execute an instruction (having the first key identifier) to generate a transaction with the first key identifier. In response to the transaction, a cache controller of the LLC is to: identify matching entries in the LLC by comparison of first key identifier with at least part of an address tag of a plurality of entries in a tag storage structure of the LLC, the matching entries associated with cache lines of the LLC; write back, to the memory, data stored in the cache lines; and mark the matching entries of the tag storage structure as invalid.
    Type: Application
    Filed: December 20, 2018
    Publication date: June 25, 2020
    Inventors: Vedvyas SHANBHOGUE, Stephen VAN DOREN, Gilbert NEIGER, Barry E. HUNTLEY, Amy L. SANTONI, Raghunandan MAKARAM, Hormuzd KHOSRAVI, Siddhartha CHHABRA
  • Publication number: 20200201787
    Abstract: A processor includes a processor core to execute an application; a key attribute table (KAT) register to store a plurality of key identifiers (KeyIDs) associated with the application, wherein a KeyID identifies an encryption key; a selection circuit coupled to the KAT register to select the KeyID from the KAT register based on a KeyID selector (KSEL), wherein the KSEL is associated with a page of memory to which access is performed; a cache coupled to the processor core, the cache to store a physical address, data, and the KeyID of the page of memory, wherein the KeyID is an attribute associated with the page of memory; and a memory controller coupled to the cache to encrypt, based on the encryption key identified by the KeyID, the data of the page of memory stored in the cache as it is evicted from the cache to main memory.
    Type: Application
    Filed: December 20, 2018
    Publication date: June 25, 2020
    Inventors: Vedvyas Shanbhogue, Stephen R. Van Doren, Gilbert Neiger, Barry E. Huntley, Amy Santoni, Raghunandan Makaram, Rajat Agarwal, Ronald Perez, Hormuzd Khosravi, Manjula Peddireddy, Siddhartha Chhabra
  • Publication number: 20200204356
    Abstract: A processor includes a processor core. A register of the core is to store: a bit range for a number of address bits of physical memory addresses used for key identifiers (IDs), and a first key ID to identify a boundary between non-restricted key IDs and restricted key IDs of the key identifiers. A memory controller is to: determine, via access to bit range and the first key ID in the register, a key ID range of the restricted key IDs within the physical memory addresses; access a processor state that a first logical processor of the processor core executes in an untrusted domain mode; receive a memory transaction, from the first logical processor, including an address associated with a second key ID; and generate a fault in response to a determination that the second key ID is within a key ID range of the restricted key IDs.
    Type: Application
    Filed: December 20, 2018
    Publication date: June 25, 2020
    Inventors: Ido OUZIEL, Arie AHARON, Dror CASPI, Baruch CHAIKIN, Jacob DOWECK, Gideon GERZON, Barry E. HUNTLEY, Francis X. MCKEEN, Gilbert NEIGER, Carlos V. ROZAS, Ravi L. SAHITA, Vedvyas SHANBHOGUE, Assaf ZALTSMAN
  • Patent number: 10678575
    Abstract: A processing core comprising instruction execution logic circuitry and register space. The register space to be loaded from a VMCS, commensurate with a VM entry, with information indicating whether a service provided by the processing core on behalf of the VMM is enabled. The instruction execution logic to, in response to guest software invoking an instruction: refer to the register space to confirm that the service has been enabled, and, refer to second register space or memory space to fetch input parameters for said service written by said guest software.
    Type: Grant
    Filed: October 30, 2017
    Date of Patent: June 9, 2020
    Assignee: Intel Corporation
    Inventors: Gilbert Neiger, Barry E. Huntley, Ravi L. Sahita, Vedvyas Shanbhogue, Jason W. Brandt
  • Patent number: 10671737
    Abstract: In a public cloud environment, each consumer's/guest's workload is encrypted in a cloud service provider's (CSP's) server memory using a consumer-provided key unknown to the CSP's workload management software. An encrypted consumer/guest workload image is loaded into the CSP's server memory at a memory location specified by the CSP's workload management software. Based upon the CSP-designated memory location, the guest workload determines expected hardware physical addresses into which memory mapping structures and other types of consumer data should be loaded. These expected hardware physical addresses are specified by the guest workload in a memory ownership table (MOT), which is used to check that subsequently CSP-designated memory mappings are as expected. Memory ownership table entries also may be encrypted by the consumer-provided key unknown to the CSP.
    Type: Grant
    Filed: November 10, 2017
    Date of Patent: June 2, 2020
    Assignee: Intel Corporation
    Inventors: David M. Durham, Siddhartha Chhabra, Ravi L. Sahita, Barry E. Huntley, Gilbert Neiger, Gideon Gerzon, Baiju V. Patel
  • Publication number: 20200159673
    Abstract: This disclosure is directed to a system for address mapping and translation protection. In one embodiment, processing circuitry may include a virtual machine manager (VMM) to control specific guest linear address (GLA) translations. Control may be implemented in a performance sensitive and secure manner, and may be capable of improving performance for critical linear address page walks over legacy operation by removing some or all of the cost of page walking extended page tables (EPTs) for critical mappings. Alone or in combination with the above, certain portions of a page table structure may be selectively made immutable by a VMM or early boot process using a sub-page policy (SPP). For example, SPP may enable non-volatile kernel and/or user space code and data virtual-to-physical memory mappings to be made immutable (e.g., non-writable) while allowing for modifications to non-protected portions of the OS paging structures and particularly the user space.
    Type: Application
    Filed: November 18, 2019
    Publication date: May 21, 2020
    Applicant: Intel Corporation
    Inventors: RAVI L. SAHITA, GILBERT NEIGER, VEDVYAS SHANBHOGUE, DAVID M. DURHAM, ANDREW V. ANDERSON, DAVID A. KOUFATY, ASIT K. MALLICK, ARUMUGAM THIYAGARAJAH, BARRY E. HUNTLEY, DEEPAK K. GUPTA, MICHAEL LEMAY, JOSEPH F. CIHULA, BAIJU V. PATEL
  • Patent number: 10657071
    Abstract: In one embodiment, a cryptographic circuit is adapted to receive a data line including at least an encrypted portion from a memory in response to a read request having a memory address from a first agent, obtain a key identifier for a key of the first agent from the data line, obtain the key using the key identifier, decrypt the at least encrypted portion of the data line using the key and send decrypted data of the at least encrypted portion of the data line to the first agent. Other embodiments are described and claimed.
    Type: Grant
    Filed: September 25, 2017
    Date of Patent: May 19, 2020
    Assignee: Intel Corporation
    Inventors: David M. Durham, Siddhartha Chhabra, Amy L. Santoni, Gilbert Neiger, Barry E. Huntley, Hormuzd M. Khosravi, Baiju V. Patel, Ravi L. Sahita, Gideon Gerzon, Ido Ouziel, Ioannis T. Schoinas, Rajesh M. Sankaran
  • Patent number: 10628612
    Abstract: According to one embodiment, a method comprises executing an untrusted host virtual machine monitor (VMM) to manage execution of at least one guest virtual machine (VM). The VMM receives an encrypted key domain key, an encrypted guest code image, and an encrypted guest control structure. The VM also issues a create command. In response, a processor creates a first key domain comprising a region of memory to be encrypted by a key domain key. The encrypted key domain key is decrypted to produce the key domain key, which is inaccessible to the VMM. The VMM issues a launch command. In response, a first guest VM is launched within the first key domain. In response to a second launch command, a second guest VM is launched within the first key domain. The second guest VM provides an agent to act on behalf of the VMM. Other embodiments are described and claimed.
    Type: Grant
    Filed: March 25, 2019
    Date of Patent: April 21, 2020
    Assignee: Intel Corporation
    Inventors: David M. Durham, Gilbert Neiger, Barry E. Huntley, Ravi L. Sahita, Baiju V. Patel
  • Patent number: 10599455
    Abstract: Embodiments of apparatuses and methods for processing virtualization events in a layered virtualization architecture are disclosed. In one embodiment, an apparatus includes a hardware processor including event circuit to recognize a virtualization event, and evaluation circuit to determine whether to transfer control of the apparatus from a child guest to a parent guest in response to the virtualization event, wherein the child guest and the parent guest each include a bit per virtualization event to indicate whether the parent guest is to gain control when the virtualization event occurs.
    Type: Grant
    Filed: May 14, 2018
    Date of Patent: March 24, 2020
    Assignee: Intel Corporation
    Inventors: Steven M. Bennett, Andrew V. Anderson, Gilbert Neiger, Dion Rodgers, Richard A. Uhlig, Lawrence O. Smith, Barry E. Huntley
  • Publication number: 20200089871
    Abstract: A processor implementing techniques for processor extensions to protect stacks during ring transitions is provided. In one embodiment, the processor includes a plurality of registers and a processor core, operatively coupled to the plurality of registers. The plurality of registers is used to store data used in privilege level transitions. Each register of the plurality of registers is associated with a privilege level. An indicator to change a first privilege level of a currently active application to a second privilege level is received. In view of the second privilege level, a shadow stack pointer (SSP) stored in a register of the plurality of registers is selected. The register is associated with the second privilege level. By using the SSP, a shadow stack for use by the processor at the second privilege level is identified.
    Type: Application
    Filed: September 27, 2019
    Publication date: March 19, 2020
    Inventors: Vedvyas Shanbhogue, Jason W. Brandt, Ravi L. Sahita, Barry E. Huntley, Baiju V. Patel, Deepak K. Gupta
  • Patent number: 10592421
    Abstract: Instructions and logic provide advanced paging capabilities for secure enclave page caches. Embodiments include multiple hardware threads or processing cores, a cache to store secure data for a shared page address allocated to a secure enclave accessible by the hardware threads. A decode stage decodes a first instruction specifying said shared page address as an operand, and execution units mark an entry corresponding to an enclave page cache mapping for the shared page address to block creation of a new translation for either of said first or second hardware threads to access the shared page. A second instruction is decoded for execution, the second instruction specifying said secure enclave as an operand, and execution units record hardware threads currently accessing secure data in the enclave page cache corresponding to the secure enclave, and decrement the recorded number of hardware threads when any of the hardware threads exits the secure enclave.
    Type: Grant
    Filed: August 29, 2016
    Date of Patent: March 17, 2020
    Assignee: Intel Corporation
    Inventors: Carlos V. Rozas, Ilya Alexandrovich, Ittai Anati, Alex Berenzon, Michael A. Goldsmith, Barry E. Huntley, Anton Ivanov, Simon P. Johnson, Rebekah M. Leslie-Hurd, Francis X. McKeen, Gilbert Neiger, Rinat Rappoport, Scott D. Rodgers, Uday R. Savagaonkar, Vincent R. Scarlata, Vedvyas Shanbhogue, Wesley H. Smith, William C. Wood
  • Publication number: 20200042318
    Abstract: Methods and apparatuses relating to switching of a shadow stack pointer are described. In one embodiment, a hardware processor includes a hardware decode unit to decode an instruction, and a hardware execution unit to execute the instruction to: pop a token for a thread from a shadow stack, wherein the token includes a shadow stack pointer for the thread with at least one least significant bit (LSB) of the shadow stack pointer overwritten with a bit value of an operating mode of the hardware processor for the thread, remove the bit value in the at least one LSB from the token to generate the shadow stack pointer, and set a current shadow stack pointer to the shadow stack pointer from the token when the operating mode from the token matches a current operating mode of the hardware processor.
    Type: Application
    Filed: August 7, 2019
    Publication date: February 6, 2020
    Inventors: Vedvyas Shanbhogue, Jason W. Brandt, Ravi L. Sahita, Barry E. Huntley, Baiju V. Patel, Deepak K. Gupta
  • Patent number: 10552168
    Abstract: A method dynamically reconfigures a system on a chip (SOC) comprising multiple semiconductor intellectual property (IP) blocks. The method comprises, when booting a data processing system (DPS) comprising the SOC, automatically allocating different IP blocks to multiple different microsystems within the DPS, based on a static partitioning policy (SPP). The method also comprises, after booting the DPS, determining that reallocation of at least one of the IP blocks is desired, based on (a) monitored conditions of at least one of the microsystems and (b) a dynamic partitioning policy (DPP). The method also comprises, in response to determining that reallocation of at least one of the IP blocks is desired, automatically reallocating at least one of the IP blocks from one of the microsystems to another of the microsystems without resetting at least one of the microsystems. Other embodiments are described and claimed.
    Type: Grant
    Filed: May 25, 2017
    Date of Patent: February 4, 2020
    Assignee: Intel Corporation
    Inventors: Barry E. Huntley, Ned M. Smith, Rajesh Poornachandran, Simon Hunt, Priyadarsini Devanand
  • Patent number: 10545883
    Abstract: An embodiment of a semiconductor package apparatus may include technology to identify a first encrypted memory alias corresponding to a first portion of memory based on a verification indicator, where the first portion is decryptable and readable by both a privileged component and an unprivileged component, and identify a second encrypted memory alias corresponding to a second portion of memory based on the verification indicator, where the second portion is accessible by only the unprivileged component. Other embodiments are disclosed and claimed.
    Type: Grant
    Filed: September 29, 2017
    Date of Patent: January 28, 2020
    Assignee: Intel Corporation
    Inventors: David M. Durham, Kai Cong, Vedvyas Shanbhogue, Barry E. Huntley, Jason W. Brandt, Siddhartha Chhabra, Ravi L. Sahita
  • Patent number: 10528746
    Abstract: In one embodiment, an apparatus includes a first virtual machine (VM) including an encryption logic to encrypt first information. The encryption logic may include a first code block stored in a first execute-only region of a memory to encrypt the first information with a first key provisioned by a trusted agent, the first key stored in the first code block. The apparatus may further include a second VM including a decryption logic to decrypt the first information, and a shared buffer to enable secure communication of the encrypted first information from the first VM to the second VM, without involvement of the trusted agent. Other embodiments are described and claimed.
    Type: Grant
    Filed: December 27, 2016
    Date of Patent: January 7, 2020
    Assignee: Intel Corporation
    Inventor: Barry E. Huntley
  • Publication number: 20200004953
    Abstract: Disclosed embodiments relate to encoded inline capabilities. In one example, a system includes a trusted execution environment (TEE) to partition an address space within a memory into a plurality of compartments each associated with code to execute a function, the TEE further to assign a message object in a heap to each compartment, receive a request from a first compartment to send a message block to a specified destination compartment, respond to the request by authenticating the request, generating a corresponding encoded capability, conveying the encoded capability to the destination compartment, and scheduling the destination compartment to respond to the request, and subsequently, respond to a check capability request from the destination compartment by checking the encoded capability and, when the check passes, providing a memory address to access the message block, and, otherwise, generating a fault, wherein each compartment is isolated from other compartments.
    Type: Application
    Filed: June 29, 2018
    Publication date: January 2, 2020
    Inventors: Michael LEMAY, David M. DURHAM, Michael E. KOUNAVIS, Barry E. HUNTLEY, Vedvyas SHANBHOGUE, Jason W. BRANDT, Josh TRIPLETT, Gilbert NEIGER, Karanvir GREWAL, Baiju V. PATEL, Ye ZHUANG, Jr-Shian TSAI, Vadim SUKHOMLINOV, Ravi SAHITA, Mingwei ZHANG, James C. FARWELL, Amitabh DAS, Krishna BHUYAN