Patents by Inventor Barry E. Huntley
Barry E. Huntley has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11669335Abstract: A processor includes a range register to store information that identifies a reserved range of memory associated with a secure arbitration mode (SEAM) and a core coupled to the range register. The core includes security logic to unlock the range register on a logical processor, of the processor core, that is to initiate the SEAM. The logical processor is to, via execution of the security logic, store, in the reserved range, a SEAM module and a manifest associated with the SEAM module, wherein the SEAM module supports execution of one or more trust domains; initialize a SEAM virtual machine control structure (VMCS) within the reserved range of the memory that is to control state transitions between a virtual machine monitor (VMM) and the SEAM module; and authenticate the SEAM module using a manifest signature of the manifest.Type: GrantFiled: March 28, 2019Date of Patent: June 6, 2023Assignee: Intel CorporationInventors: Vedvyas Shanbhogue, Ravi L. Sahita, Vincent Scarlata, Barry E. Huntley
-
Patent number: 11663006Abstract: Methods and apparatuses relating to switching of a shadow stack pointer are described. In one embodiment, a hardware processor includes a hardware decode unit to decode an instruction, and a hardware execution unit to execute the instruction to: pop a token for a thread from a shadow stack, wherein the token includes a shadow stack pointer for the thread with at least one least significant bit (LSB) of the shadow stack pointer overwritten with a bit value of an operating mode of the hardware processor for the thread, remove the bit value in the at least one LSB from the token to generate the shadow stack pointer, and set a current shadow stack pointer to the shadow stack pointer from the token when the operating mode from the token matches a current operating mode of the hardware processor.Type: GrantFiled: June 7, 2021Date of Patent: May 30, 2023Assignee: Intel CorporationInventors: Vedvyas Shanbhogue, Jason W. Brandt, Ravi L. Sahita, Barry E. Huntley, Baiju V. Patel, Deepak K. Gupta
-
Patent number: 11656805Abstract: A processor of an aspect includes a decode unit to decode an instruction. The processor also includes an execution unit coupled with the decode unit. The execution unit, in response to the instruction, is to determine that an attempted change due to the instruction, to a shadow stack pointer of a shadow stack, would cause the shadow stack pointer to exceed an allowed range. The execution unit is also to take an exception in response to determining that the attempted change to the shadow stack pointer would cause the shadow stack pointer to exceed the allowed range. Other processors, methods, systems, and instructions are disclosed.Type: GrantFiled: December 22, 2020Date of Patent: May 23, 2023Assignee: INTEL CORPORATIONInventors: Vedvyas Shanbhogue, Jason W. Brandt, Ravi L. Sahita, Barry E. Huntley, Baiju V. Patel
-
Patent number: 11651085Abstract: A processor executes an untrusted VMM that manages execution of a guest workload. The processor also populates an entry in a memory ownership table for the guest workload. The memory ownership table is indexed by an original hardware physical address, the entry comprises an expected guest address that corresponds to the original hardware physical address, and the entry is encrypted with a key domain key. In response to receiving a request from the guest workload to access memory using a requested guest address, the processor (a) obtains, from the untrusted VMM, a hardware physical address that corresponds to the requested guest address; (b) uses that physical address as an index to find an entry in the memory ownership table; and (c) verifies whether the expected guest address from the found entry matches the requested guest address. Other embodiments are described and claimed.Type: GrantFiled: July 21, 2020Date of Patent: May 16, 2023Assignee: Intel CorporationInventors: David M. Durham, Siddhartha Chhabra, Ravi L. Sahita, Barry E. Huntley, Gilbert Neiger, Gideon Gerzon, Baiju V. Patel
-
Publication number: 20230109637Abstract: A processor of an aspect includes a decode unit to decode an aperture access instruction, and an execution unit coupled with the decode unit. The execution unit, in response to the aperture access instruction, is to read a host physical memory address, which is to be associated with an aperture that is to be in system memory, from an access protected structure, and access data within the aperture at a host physical memory address that is not to be obtained through address translation. Other processors are also disclosed, as are methods, systems, and machine-readable medium storing aperture access instructions.Type: ApplicationFiled: August 29, 2022Publication date: April 6, 2023Inventors: Barry E. Huntley, Jr-Shian Tsai, Gilbert Neiger, Rajesh M. Sankaran, Mesut A. Ergin, Ravi L. Sahita, Andrew J. Herdrich, Wei Wang
-
Patent number: 11615031Abstract: An apparatus and method for managing different page tables for different privilege levels. For example, one embodiment of a processor comprises: a first control register to store a first base address associated with program code executed at a first privilege level; a second control register to store a second base address associated with program code executed at a second privilege level lower than the first privilege level; and address translation circuitry to identify a first base translation table using the first base address responsive to a first address translation request originating from the program code executed at the first privilege level and to identify a second base translation table using the second base address responsive to a second address translation request originating from the program code executed at the second privilege level.Type: GrantFiled: October 11, 2021Date of Patent: March 28, 2023Assignee: Intel CorporationInventors: Scott Dion Rodgers, Robert S. Chappell, Barry E. Huntley
-
Patent number: 11562063Abstract: Disclosed embodiments relate to encoded inline capabilities. In one example, a system includes a trusted execution environment (TEE) to partition an address space within a memory into a plurality of compartments each associated with code to execute a function, the TEE further to assign a message object in a heap to each compartment, receive a request from a first compartment to send a message block to a specified destination compartment, respond to the request by authenticating the request, generating a corresponding encoded capability, conveying the encoded capability to the destination compartment, and scheduling the destination compartment to respond to the request, and subsequently, respond to a check capability request from the destination compartment by checking the encoded capability and, when the check passes, providing a memory address to access the message block, and, otherwise, generating a fault, wherein each compartment is isolated from other compartments.Type: GrantFiled: December 7, 2020Date of Patent: January 24, 2023Assignee: Intel CorporationInventors: Michael Lemay, David M. Durham, Michael E. Kounavis, Barry E. Huntley, Vedvyas Shanbhogue, Jason W. Brandt, Josh Triplett, Gilbert Neiger, Karanvir Grewal, Baiju Patel, Ye Zhuang, Jr-Shian Tsai, Vadim Sukhomlinov, Ravi Sahita, Mingwei Zhang, James C. Farwell, Amitabh Das, Krishna Bhuyan
-
Patent number: 11520906Abstract: A computer-readable medium comprises instructions that, when executed, cause a processor to execute an untrusted workload manager to manage execution of at least one guest workload.Type: GrantFiled: March 26, 2020Date of Patent: December 6, 2022Assignee: Intel CorporationInventors: David M. Durham, Siddhartha Chhabra, Ravi L. Sahita, Barry E. Huntley, Gilbert Neiger, Gideon Gerzon, Baiju V. Patel
-
Publication number: 20220335117Abstract: Data integrity logic is executable by a processor to generate a data integrity code using a hardware-based secret. A container manager, executable by the processor, creates a secured container including report generation logic that determines measurements of the secured container, generates a report according to a defined report format, and sends a quote request including the report. The defined report format includes a field to include the measurements and a field to include the data integrity code, and the report format is compatible for consumption by any one of a plurality of different quote creator types.Type: ApplicationFiled: July 1, 2022Publication date: October 20, 2022Applicant: Intel CorporationInventors: Vincent R. Scarlata, Carlos V. Rozas, Baiju Patel, Barry E. Huntley, Ravi L. Sahita, Hormuzd M. Khosravi
-
Patent number: 11461244Abstract: Implementations described provide hardware support for the co-existence of restricted and non-restricted encryption keys on a computing system. Such hardware support may comprise a processor having a core, a hardware register to store a bit range to identify a number of bits, of physical memory addresses, that define key identifiers (IDs) and a partition key ID identifying a boundary between non-restricted and restricted key IDs. The core may allocate at least one of the non-restricted key IDs to a software program, such as a hypervisor. The core may further allocate a restricted key ID to a trust domain whose trust computing base does not comprise the software program. A memory controller coupled to the core may allocate a physical page of a memory to the trust domain, wherein data of the physical page of the memory is to be encrypted with an encryption key associated with the restricted key ID.Type: GrantFiled: December 20, 2018Date of Patent: October 4, 2022Assignee: Intel CorporationInventors: Ido Ouziel, Arie Aharon, Dror Caspi, Baruch Chaikin, Jacob Doweck, Gideon Gerzon, Barry E. Huntley, Francis X. McKeen, Gilbert Neiger, Carlos V. Rozas, Ravi L. Sahita, Vedvyas Shanbhogue, Assaf Zaltsman, Hormuzd M. Khosravi
-
Patent number: 11461098Abstract: Systems, methods, and apparatuses relating to an instruction for operating system transparent instruction state management of new instructions for application threads are described. In one embodiment, a hardware processor includes a decoder to decode a single instruction into a decoded single instruction, and an execution circuit to execute the decoded single instruction to cause a context switch from a current state to a state comprising additional state data that is not supported by an execution environment of an operating system that executes on the hardware processor.Type: GrantFiled: June 27, 2020Date of Patent: October 4, 2022Assignee: Intel CorporationInventors: Toby Opferman, Prashant Sethi, Abhimanyu K. Varde, Barry E. Huntley, Michael W. Chynoweth, Jason W. Brandt
-
Patent number: 11442760Abstract: A processor of an aspect includes a decode unit to decode an aperture access instruction, and an execution unit coupled with the decode unit. The execution unit, in response to the aperture access instruction, is to read a host physical memory address, which is to be associated with an aperture that is to be in system memory, from an access protected structure, and access data within the aperture at a host physical memory address that is not to be obtained through address translation. Other processors are also disclosed, as are methods, systems, and machine-readable medium storing aperture access instructions.Type: GrantFiled: July 1, 2016Date of Patent: September 13, 2022Assignee: Intel CorporationInventors: Barry E. Huntley, Jr-Shian Tsai, Gilbert Neiger, Rajesh M. Sankaran, Mesut A. Ergin, Ravi L. Sahita, Andrew J. Herdrich, Wei Wang
-
Patent number: 11436161Abstract: This disclosure is directed to a system for address mapping and translation protection. In one embodiment, processing circuitry may include a virtual machine manager (VMM) to control specific guest linear address (GLA) translations. Control may be implemented in a performance sensitive and secure manner, and may be capable of improving performance for critical linear address page walks over legacy operation by removing some or all of the cost of page walking extended page tables (EPTs) for critical mappings. Alone or in combination with the above, certain portions of a page table structure may be selectively made immutable by a VMM or early boot process using a sub-page policy (SPP). For example, SPP may enable non-volatile kernel and/or user space code and data virtual-to-physical memory mappings to be made immutable (e.g., non-writable) while allowing for modifications to non-protected portions of the OS paging structures and particularly the user space.Type: GrantFiled: November 18, 2019Date of Patent: September 6, 2022Assignee: Intel CorporationInventors: Ravi L. Sahita, Gilbert Neiger, Vedvyas Shanbhogue, David M. Durham, Andrew V. Anderson, David A. Koufaty, Asit K. Mallick, Arumugam Thiyagarajah, Barry E. Huntley, Deepak K. Gupta, Michael Lemay, Joseph F. Cihula, Baiju V. Patel
-
Patent number: 11436342Abstract: Disclosed embodiments relate to trust domain islands with self-contained scope. In one example, a system includes multiple sockets, each including multiple cores, multiple multi-key total memory encryption (MK-TME) circuits, multiple memory controllers, and a trust domain island resource manager (TDIRM) to: initialize a trust domain island (TDI) island control structure (TDICS) associated with a TD island, initialize a trust domain island protected memory (TDIPM) associated with the TD island, identify a host key identifier (HKID) in a key ownership table (KOT), assign the HKID to a cryptographic key and store the HKID in the TDICS, associate one of the plurality of cores with the TD island, add a memory page from an address space of the first core to the TDIPM, and transfer execution control to the first core to execute the TDI, and wherein a number of HKIDs available in the system is increased as the memory mapped to the TD island is decreased.Type: GrantFiled: December 26, 2019Date of Patent: September 6, 2022Assignee: Intel CorporationInventors: Gideon Gerzon, Hormuzd M. Khosravi, Vincent Von Bokern, Barry E. Huntley, Dror Caspi
-
Patent number: 11403005Abstract: There is disclosed a microprocessor, including: a processing core; and a total memory encryption (TME) engine to provide TME for a first trust domain (TD), and further to: allocate a block of physical memory to the first TD and a first cryptographic key to the first TD; map within an extended page table (EPT) a host physical address (HPA) space to a guest physical address (GPA) space of the TD; create a memory ownership table (MOT) entry for a memory page within the block of physical memory, wherein the MOT table comprises a GPA reverse mapping; encrypt the MOT entry using the first cryptographic key; and append to the MOT entry verification data, wherein the MOT entry verification data enables detection of an attack on the MOT entry.Type: GrantFiled: September 29, 2017Date of Patent: August 2, 2022Assignee: Intel CorporationInventors: David M. Durham, Ravi L. Sahita, Vedvyas Shanbhogue, Barry E. Huntley, Baiju Patel, Gideon Gerzon, Ioannis T. Schoinas, Hormuzd M. Khosravi, Siddhartha Chhabra, Carlos V. Rozas
-
Patent number: 11379592Abstract: An integrated circuit includes a core and memory controller coupled to a last level cache (LLC). A first key identifier for a first program is associated with physical addresses of memory that store data of the first program. To flush and invalidate cache lines associated with the first key identifier, the core is to execute an instruction (having the first key identifier) to generate a transaction with the first key identifier. In response to the transaction, a cache controller of the LLC is to: identify matching entries in the LLC by comparison of first key identifier with at least part of an address tag of a plurality of entries in a tag storage structure of the LLC, the matching entries associated with cache lines of the LLC; write back, to the memory, data stored in the cache lines; and mark the matching entries of the tag storage structure as invalid.Type: GrantFiled: December 20, 2018Date of Patent: July 5, 2022Assignee: Intel CorporationInventors: Vedvyas Shanbhogue, Stephen Van Doren, Gilbert Neiger, Barry E. Huntley, Amy L. Santoni, Raghunandan Makaram, Hormuzd Khosravi, Siddhartha Chhabra
-
Publication number: 20220206951Abstract: A method is described. The method includes executing a memory access instruction for a software process or thread. The method includes creating a memory access request for the memory access instruction having a physical memory address and a first identifier of a realm that the software process or thread execute from. The method includes receiving the memory access request and determining a second identifier of a realm from the physical memory address. The method also includes servicing the memory access request because the first identifier matches the second identifier.Type: ApplicationFiled: December 24, 2020Publication date: June 30, 2022Inventors: Thomas TOLL, Ramya JAYARAM MASTI, Barry E. HUNTLEY, Vincent VON BOKERN, Siddhartha CHHABRA, Hormuzd M. KHOSRAVI, Vedvyas SHANBHOGUE, Gideon GERZON
-
Publication number: 20220100871Abstract: Embodiments of apparatuses, methods, and systems for scalable multi-key memory encryption are disclosed. In an embodiment, an apparatus includes a core, an encryption unit, and key identification hardware. The core is to write data to and read data from memory regions, each to be identified by a corresponding address. The encryption unit to encrypt data to be written and decrypt data to be read. The key identification hardware is to use a portion of the corresponding address to look up a corresponding key identifier in a key information data structure. The corresponding key identifier is one multiple key identifiers. The corresponding key identifier is to identify which one of multiple encryption keys is to be used to encrypt and decrypt the data.Type: ApplicationFiled: September 26, 2020Publication date: March 31, 2022Applicant: Intel CorporationInventors: Barry E. Huntley, Hormuzd M. Khosravi, Thomas Toll, Ramya Jayaram Masti, Siddhartha Chhabra, Vincent Von Bokern
-
Publication number: 20220091995Abstract: An apparatus and method for managing different page tables for different privilege levels. For example, one embodiment of a processor comprises: a first control register to store a first base address associated with program code executed at a first privilege level; a second control register to store a second base address associated with program code executed at a second privilege level lower than the first privilege level; and address translation circuitry to identify a first base translation table using the first base address responsive to a first address translation request originating from the program code executed at the first privilege level and to identify a second base translation table using the second base address responsive to a second address translation request originating from the program code executed at the second privilege level.Type: ApplicationFiled: October 11, 2021Publication date: March 24, 2022Inventors: Scott Dion RODGERS, Robert S. CHAPPELL, Barry E. HUNTLEY
-
Publication number: 20220083647Abstract: Technologies for memory management with memory protection extension include a computing device having a processor with one or more protection extensions. The processor may load a logical address including a segment base, effective limit, and effective address and generate a linear address as a function of the logical address with the effective limit as a mask. The processor may switch to a new task described by a task state segment extension. The task state extension may specify a low-latency segmentation mode. The processor may prohibit access to a descriptor in a local descriptor table with a descriptor privilege level lower than the current privilege level of the processor. The computing device may load a secure enclave using secure enclave support of the processor. The secure enclave may load an unsandbox and a sandboxed application in a user privilege level of the processor. Other embodiments are described and claimed.Type: ApplicationFiled: November 29, 2021Publication date: March 17, 2022Applicant: Intel CorporationInventors: Michael LeMay, Barry E. Huntley, Ravi Sahita