Patents by Inventor Baruch Chaikin

Baruch Chaikin has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20240220388
    Abstract: Techniques for flexible virtualization of performance monitoring are described. In an embodiment, an apparatus includes a plurality of performance monitoring hardware resources and an instruction decoder to decode a first instruction to access a first performance monitoring hardware resource of the plurality of performance monitoring hardware resources.
    Type: Application
    Filed: December 30, 2022
    Publication date: July 4, 2024
    Applicant: Intel Corporation
    Inventors: Baruch Chaikin, Ahmad Yasin
  • Patent number: 12021980
    Abstract: A processor includes a processor core. A register of the core is to store: a bit range for a number of address bits of physical memory addresses used for key identifiers (IDs), and a first key ID to identify a boundary between non-restricted key IDs and restricted key IDs of the key identifiers. A memory controller is to: determine, via access to bit range and the first key ID in the register, a key ID range of the restricted key IDs within the physical memory addresses; access a processor state that a first logical processor of the processor core executes in an untrusted domain mode; receive a memory transaction, from the first logical processor, including an address associated with a second key ID; and generate a fault in response to a determination that the second key ID is within a key ID range of the restricted key IDs.
    Type: Grant
    Filed: September 2, 2021
    Date of Patent: June 25, 2024
    Assignee: Intel Corporation
    Inventors: Ido Ouziel, Arie Aharon, Dror Caspi, Baruch Chaikin, Jacob Doweck, Gideon Gerzon, Barry E. Huntley, Francis X. McKeen, Gilbert Neiger, Carlos V. Rozas, Ravi L. Sahita, Vedvyas Shanbhogue, Assaf Zaltsman
  • Patent number: 11966742
    Abstract: Systems, methods, and apparatuses relating to instructions to reset software thread runtime property histories in a hardware processor are described. In one embodiment, a hardware processor includes a hardware guide scheduler comprising a plurality of software thread runtime property histories; a decoder to decode a single instruction into a decoded single instruction, the single instruction having a field that identifies a model-specific register; and an execution circuit to execute the decoded single instruction to check that an enable bit of the model-specific register is set, and when the enable bit is set, to reset the plurality of software thread runtime property histories of the hardware guide scheduler.
    Type: Grant
    Filed: May 3, 2023
    Date of Patent: April 23, 2024
    Assignee: Intel Corporation
    Inventors: Eliezer Weissmann, Mark Charney, Michael Mishaeli, Robert Valentine, Itai Ravid, Jason W. Brandt, Gilbert Neiger, Baruch Chaikin, Efraim Rotem
  • Publication number: 20230273795
    Abstract: Systems, methods, and apparatuses relating to instructions to reset software thread runtime property histories in a hardware processor are described. In one embodiment, a hardware processor includes a hardware guide scheduler comprising a plurality of software thread runtime property histories; a decoder to decode a single instruction into a decoded single instruction, the single instruction having a field that identifies a model-specific register; and an execution circuit to execute the decoded single instruction to check that an enable bit of the model-specific register is set, and when the enable bit is set, to reset the plurality of software thread runtime property histories of the hardware guide scheduler.
    Type: Application
    Filed: May 3, 2023
    Publication date: August 31, 2023
    Inventors: Eliezer WEISSMANN, Mark CHARNEY, Michael MISHAELI, Robert VALENTINE, Itai RAVID, Jason W. BRANDT, Gilbert NEIGER, Baruch CHAIKIN, Efraim ROTEM
  • Patent number: 11645080
    Abstract: Systems, methods, and apparatuses relating to instructions to reset software thread runtime property histories in a hardware processor are described. In one embodiment, a hardware processor includes a hardware guide scheduler comprising a plurality of software thread runtime property histories; a decoder to decode a single instruction into a decoded single instruction, the single instruction having a field that identifies a model-specific register; and an execution circuit to execute the decoded single instruction to check that an enable bit of the model-specific register is set, and when the enable bit is set, to reset the plurality of software thread runtime property histories of the hardware guide scheduler.
    Type: Grant
    Filed: September 6, 2022
    Date of Patent: May 9, 2023
    Assignee: Intel Corporation
    Inventors: Eliezer Weissmann, Mark Charney, Michael Mishaeli, Robert Valentine, Itai Ravid, Jason W. Brandt, Gilbert Neiger, Baruch Chaikin, Efraim Rotem
  • Publication number: 20230128711
    Abstract: Technologies for trusted I/O include a computing device having a processor, a channel identifier filter, and an I/O controller. The I/O controller may generate an I/O transaction that includes a channel identifier and a memory address. The channel identifier filter verifies that the memory address of the I/O transaction is within a processor reserved memory region associated with the channel identifier. The processor reserved memory region is not accessible to software executed by the computing device. The processor encrypts I/O data at the memory address in response to invocation of a processor feature and copies the encrypted data to a memory buffer outside of the processor reserved memory region. The processor may securely clean the processor reserved memory region before encrypting and copying the data. The processor may wrap and unwrap programming information for the channel identifier filter. Other embodiments are described and claimed.
    Type: Application
    Filed: December 7, 2022
    Publication date: April 27, 2023
    Applicant: Intel Corporation
    Inventors: Reshma Lal, Gideon Gerzon, Baruch Chaikin, Siddhartha Chhabra, Pradeep M. Pappachan, Bin Xing
  • Patent number: 11630904
    Abstract: In one embodiment, an apparatus includes a channel filter and a security processor. The security processor is to: receive a plurality of device access control policies from a protected non-volatile storage of a platform; determine whether the plurality of device access control policies are verified; program the channel filter with a plurality of filter entries each associated with one of the plurality of device access control policies based on the determination; and remove a security attribute of the security processor from a policy register of the channel filter, to lock the channel filter for a boot cycle of the platform. Other embodiments are described and claimed.
    Type: Grant
    Filed: June 21, 2021
    Date of Patent: April 18, 2023
    Assignee: Intel Corporation
    Inventors: Pradeep M. Pappachan, Siddhartha Chhabra, Bin Xing, Reshma Lal, Baruch Chaikin
  • Publication number: 20230076318
    Abstract: Systems, methods, and apparatuses relating to instructions to reset software thread runtime property histories in a hardware processor are described. In one embodiment, a hardware processor includes a hardware guide scheduler comprising a plurality of software thread runtime property histories; a decoder to decode a single instruction into a decoded single instruction, the single instruction having a field that identifies a model-specific register; and an execution circuit to execute the decoded single instruction to check that an enable bit of the model-specific register is set, and when the enable bit is set, to reset the plurality of software thread runtime property histories of the hardware guide scheduler.
    Type: Application
    Filed: September 6, 2022
    Publication date: March 9, 2023
    Inventors: ELIEZER WEISSMANN, MARK CHARNEY, MICHAEL MISHAELI, ROBERT VALENTINE, ITAI RAVID, JASON W. BRANDT, GILBERT NEIGER, BARUCH CHAIKIN, EFRAIM ROTEM
  • Patent number: 11461244
    Abstract: Implementations described provide hardware support for the co-existence of restricted and non-restricted encryption keys on a computing system. Such hardware support may comprise a processor having a core, a hardware register to store a bit range to identify a number of bits, of physical memory addresses, that define key identifiers (IDs) and a partition key ID identifying a boundary between non-restricted and restricted key IDs. The core may allocate at least one of the non-restricted key IDs to a software program, such as a hypervisor. The core may further allocate a restricted key ID to a trust domain whose trust computing base does not comprise the software program. A memory controller coupled to the core may allocate a physical page of a memory to the trust domain, wherein data of the physical page of the memory is to be encrypted with an encryption key associated with the restricted key ID.
    Type: Grant
    Filed: December 20, 2018
    Date of Patent: October 4, 2022
    Assignee: Intel Corporation
    Inventors: Ido Ouziel, Arie Aharon, Dror Caspi, Baruch Chaikin, Jacob Doweck, Gideon Gerzon, Barry E. Huntley, Francis X. McKeen, Gilbert Neiger, Carlos V. Rozas, Ravi L. Sahita, Vedvyas Shanbhogue, Assaf Zaltsman, Hormuzd M. Khosravi
  • Patent number: 11436018
    Abstract: Systems, methods, and apparatuses relating to instructions to reset software thread runtime property histories in a hardware processor are described. In one embodiment, a hardware processor includes a hardware guide scheduler comprising a plurality of software thread runtime property histories; a decoder to decode a single instruction into a decoded single instruction, the single instruction having a field that identifies a model-specific register; and an execution circuit to execute the decoded single instruction to check that an enable bit of the model-specific register is set, and when the enable bit is set, to reset the plurality of software thread runtime property histories of the hardware guide scheduler.
    Type: Grant
    Filed: December 17, 2020
    Date of Patent: September 6, 2022
    Assignee: Intel Corporation
    Inventors: Eliezer Weissmann, Mark Charney, Michael Mishaeli, Robert Valentine, Itai Ravid, Jason W. Brandt, Gilbert Neiger, Baruch Chaikin, Efraim Rotem
  • Patent number: 11392698
    Abstract: The present disclosure is directed to systems and methods of detecting a side-channel attack detecting a translation lookaside buffer (TLB) miss on a virtual address lookup caused by the speculative execution of an instruction and determining that the physical memory address associated with the virtual address lookup contains a privileged object or a secret object. Range register circuitry determines whether the physical memory address is located in an address range containing privileged objects or secret objects. Performance monitoring counter (PMC) circuitry generates an interrupt in response to receipt of information indicative of the TLB miss and information indicative that the physical memory address contains a privileged object or a secret object. The PMC circuitry causes the storage of information associated with the speculatively executed instruction causing the virtual address lookup.
    Type: Grant
    Filed: March 15, 2019
    Date of Patent: July 19, 2022
    Assignee: Intel Corporation
    Inventors: Chaim Shen-Orr, Baruch Chaikin, Ahmad Yasin, Reuven Elbaum
  • Publication number: 20220206842
    Abstract: Techniques for migration of a source protected virtual machine from a source platform to a destination platform are descried. A method of an aspect includes enforcing that bundles of state, of a first protected virtual machine (VM), received at a second platform over a stream, during an in-order phase of a migration of the first protected VM from a first platform to the second platform, are imported to a second protected VM of the second platform, in a same order that they were exported from the first protected VM. Receiving a marker over the stream marking an end of the in-order phase. Determining that all bundles of state exported from the first protected VM prior to export of the marker have been imported to the second protected VM. Starting an out-of-order phase of the migration based on the determination that said all bundles of the state exported have been imported.
    Type: Application
    Filed: December 26, 2020
    Publication date: June 30, 2022
    Inventors: Ravi SAHITA, Dror CASPI, Vincent SCARLATA, Sharon YANIV, Baruch CHAIKIN, Vedvyas SHANBHOGUE, Jun NAKAJIMA, Arumugam THIYAGARAJAH, Sean CHRISTOPHERSON, Haidong XIA, Vinay AWASTHI, Isaku YAMAHATA, Wei WANG, Thomas ADELMEYER
  • Publication number: 20220197995
    Abstract: Techniques and mechanisms to efficiently provide features of a secure authentication mode (SEAM) by a processor. In an embodiment, cores of the processor support an instruction set which comprises instructions to invoke the SEAM. One such core installs an authenticated code module (ACM), which is executed to load a persistent SEAM loader module (P-SEAMLDR) in a reserved region of a system memory. In turn, the P-SEAMLDR loads into the reserved region a SEAM module which facilitates trust domain extension (TDX) protections for a given trusted domain. In another embodiment, the instruction set supports a SEAM call instruction with which either of the P-SEAMLDR or the SEAM module is accessed in the reserved region.
    Type: Application
    Filed: December 23, 2020
    Publication date: June 23, 2022
    Applicant: Intel Corporation
    Inventors: Vedvyas Shanbhogue, Baruch Chaikin
  • Publication number: 20210399882
    Abstract: A processor includes a processor core. A register of the core is to store: a bit range for a number of address bits of physical memory addresses used for key identifiers (IDs), and a first key ID to identify a boundary between non-restricted key IDs and restricted key IDs of the key identifiers. A memory controller is to: determine, via access to bit range and the first key ID in the register, a key ID range of the restricted key IDs within the physical memory addresses; access a processor state that a first logical processor of the processor core executes in an untrusted domain mode; receive a memory transaction, from the first logical processor, including an address associated with a second key ID; and generate a fault in response to a determination that the second key ID is within a key ID range of the restricted key IDs.
    Type: Application
    Filed: September 2, 2021
    Publication date: December 23, 2021
    Inventors: Ido OUZIEL, Arie AHARON, Dror CASPI, Baruch CHAIKIN, Jacob DOWECK, Gideon GERZON, Barry E. HUNTLEY, Francis X. MCKEEN, Gilbert NEIGER, Carlos V. ROZAS, Ravi L. SAHITA, Vedvyas SHANBHOGUE, Assaf ZALTSMAN
  • Publication number: 20210319118
    Abstract: In one embodiment, an apparatus includes a channel filter and a security processor. The security processor is to: receive a plurality of device access control policies from a protected non-volatile storage of a platform; determine whether the plurality of device access control policies are verified; program the channel filter with a plurality of filter entries each associated with one of the plurality of device access control policies based on the determination; and remove a security attribute of the security processor from a policy register of the channel filter, to lock the channel filter for a boot cycle of the platform. Other embodiments are described and claimed.
    Type: Application
    Filed: June 21, 2021
    Publication date: October 14, 2021
    Inventors: Pradeep M. Pappachan, Siddhartha Chhabra, Bin Xing, Reshma Lal, Baruch Chaikin
  • Patent number: 11139967
    Abstract: A processor includes a processor core. A register of the core is to store: a bit range for a number of address bits of physical memory addresses used for key identifiers (IDs), and a first key ID to identify a boundary between non-restricted key IDs and restricted key IDs of the key identifiers. A memory controller is to: determine, via access to bit range and the first key ID in the register, a key ID range of the restricted key IDs within the physical memory addresses; access a processor state that a first logical processor of the processor core executes in an untrusted domain mode; receive a memory transaction, from the first logical processor, including an address associated with a second key ID; and generate a fault in response to a determination that the second key ID is within a key ID range of the restricted key IDs.
    Type: Grant
    Filed: December 20, 2018
    Date of Patent: October 5, 2021
    Assignee: Intel Corporation
    Inventors: Ido Ouziel, Arie Aharon, Dror Caspi, Baruch Chaikin, Jacob Doweck, Gideon Gerzon, Barry E. Huntley, Francis X. Mckeen, Gilbert Neiger, Carlos V. Rozas, Ravi L. Sahita, Vedvyas Shanbhogue, Assaf Zaltsman
  • Patent number: 11126733
    Abstract: In one embodiment, an apparatus includes: a memory encryption circuit to encrypt data from a protected device, the data to be stored to a memory; and a filter circuit coupled to the memory encryption circuit, the filter circuit including a plurality of filter entries, each filter entry to store a channel identifier corresponding to a protected device, an access control policy for the protected device, and a session encryption key provided by an enclave, the enclave permitted to access the data according to the access control policy, where the filter circuit is to receive the session encryption key from the enclave in response to validation of the enclave. Other embodiments are described and claimed.
    Type: Grant
    Filed: August 27, 2018
    Date of Patent: September 21, 2021
    Assignee: Intel Corporation
    Inventors: Pradeep M. Pappachan, Siddhartha Chhabra, Bin Xing, Reshma Lal, Baruch Chaikin
  • Publication number: 20210240475
    Abstract: Systems, methods, and apparatuses relating to instructions to reset software thread runtime property histories in a hardware processor are described. In one embodiment, a hardware processor includes a hardware guide scheduler comprising a plurality of software thread runtime property histories; a decoder to decode a single instruction into a decoded single instruction, the single instruction having a field that identifies a model-specific register; and an execution circuit to execute the decoded single instruction to check that an enable bit of the model-specific register is set, and when the enable bit is set, to reset the plurality of software thread runtime property histories of the hardware guide scheduler.
    Type: Application
    Filed: December 17, 2020
    Publication date: August 5, 2021
    Inventors: ELIEZER WEISSMANN, MARK CHARNEY, MICHAEL MISHAELI, ROBERT VALENTINE, ITAI RAVID, JASON W. BRANDT, GILBERT NEIGER, BARUCH CHAIKIN, EFRAIM ROTEM
  • Publication number: 20210200858
    Abstract: Embodiments of processors, methods, and systems for executing code in a protected memory container by a trust domain are disclosed. In an embodiment, a processor includes a memory controller to enable creation of a trust domain and a core to enable the trust domain to execute code in a protected memory container.
    Type: Application
    Filed: December 28, 2019
    Publication date: July 1, 2021
    Applicant: Intel Corporation
    Inventors: Dror Caspi, Vedvyas Shanbhogue, Ido Ouziel, Francis McKeen, Baruch Chaikin, Carlos V. Rozas
  • Publication number: 20200349265
    Abstract: Technologies for trusted I/O include a computing device having a processor, a channel identifier filter, and an I/O controller. The I/O controller may generate an I/O transaction that includes a channel identifier and a memory address. The channel identifier filter verifies that the memory address of the I/O transaction is within a processor reserved memory region associated with the channel identifier. The processor reserved memory region is not accessible to software executed by the computing device. The processor encrypts I/O data at the memory address in response to invocation of a processor feature and copies the encrypted data to a memory buffer outside of the processor reserved memory region. The processor may securely clean the processor reserved memory region before encrypting and copying the data. The processor may wrap and unwrap programming information for the channel identifier filter. Other embodiments are described and claimed.
    Type: Application
    Filed: July 17, 2020
    Publication date: November 5, 2020
    Inventors: Reshma Lal, Gideon Gerzon, Baruch Chaikin, Siddhartha Chhabra, Pradeep M. Pappachan, Bin Xing