Patents by Inventor Baruch Chaikin

Baruch Chaikin has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20250111066
    Abstract: An apparatus and method for secure platform monitoring. For example, one embodiment of a processor comprises: a plurality of processing cores to execute instructions in different execution contexts, including a trusted execution context associated with a trusted execution environment; telemetry aggregation circuitry to aggregate telemetry data associated with one or more of the different execution contexts; a filter to prevent telemetry data associated with the trusted execution context from being aggregated by the telemetry aggregator; and an interface to communicate the telemetry data aggregated by the telemetry aggregation circuitry to an external agent.
    Type: Application
    Filed: September 29, 2023
    Publication date: April 3, 2025
    Inventors: Mariusz ORIOL, Baruch CHAIKIN, Arvind RAMAN, Piotr MATUSZCZAK, Ido OUZIEL, Ahmad YASIN, Jacob DOWECK
  • Patent number: 12248807
    Abstract: Techniques for migration of a source protected virtual machine from a source platform to a destination platform are descried. A method of an aspect includes enforcing that bundles of state, of a first protected virtual machine (VM), received at a second platform over a stream, during an in-order phase of a migration of the first protected VM from a first platform to the second platform, are imported to a second protected VM of the second platform, in a same order that they were exported from the first protected VM. Receiving a marker over the stream marking an end of the in-order phase. Determining that all bundles of state exported from the first protected VM prior to export of the marker have been imported to the second protected VM. Starting an out-of-order phase of the migration based on the determination that said all bundles of the state exported have been imported.
    Type: Grant
    Filed: December 26, 2020
    Date of Patent: March 11, 2025
    Assignee: Intel Corporation
    Inventors: Ravi Sahita, Dror Caspi, Vincent Scarlata, Sharon Yaniv, Baruch Chaikin, Vedvyas Shanbhogue, Jun Nakajima, Arumugam Thiyagarajah, Sean Christopherson, Haidong Xia, Vinay Awasthi, Isaku Yamahata, Wei Wang, Thomas Adelmeyer
  • Patent number: 12153665
    Abstract: Techniques and mechanisms to efficiently provide features of a secure authentication mode (SEAM) by a processor. In an embodiment, cores of the processor support an instruction set which comprises instructions to invoke the SEAM. One such core installs an authenticated code module (ACM), which is executed to load a persistent SEAM loader module (P-SEAMLDR) in a reserved region of a system memory. In turn, the P-SEAMLDR loads into the reserved region a SEAM module which facilitates trust domain extension (TDX) protections for a given trusted domain. In another embodiment, the instruction set supports a SEAM call instruction with which either of the P-SEAMLDR or the SEAM module is accessed in the reserved region.
    Type: Grant
    Filed: December 23, 2020
    Date of Patent: November 26, 2024
    Assignee: Intel Corporation
    Inventors: Vedvyas Shanbhogue, Baruch Chaikin
  • Publication number: 20240248722
    Abstract: Systems, methods, and apparatuses relating to instructions to reset software thread runtime property histories in a hardware processor are described. In one embodiment, a hardware processor includes a hardware guide scheduler comprising a plurality of software thread runtime property histories; a decoder to decode a single instruction into a decoded single instruction, the single instruction having a field that identifies a model-specific register; and an execution circuit to execute the decoded single instruction to check that an enable bit of the model-specific register is set, and when the enable bit is set, to reset the plurality of software thread runtime property histories of the hardware guide scheduler.
    Type: Application
    Filed: April 4, 2024
    Publication date: July 25, 2024
    Inventors: Eliezer WEISSMANN, Mark CHARNEY, Michael MISHAELI, Robert VALENTINE, Itai RAVID, Jason W. BRANDT, Gilbert NEIGER, Baruch CHAIKIN, Efraim ROTEM
  • Publication number: 20240220388
    Abstract: Techniques for flexible virtualization of performance monitoring are described. In an embodiment, an apparatus includes a plurality of performance monitoring hardware resources and an instruction decoder to decode a first instruction to access a first performance monitoring hardware resource of the plurality of performance monitoring hardware resources.
    Type: Application
    Filed: December 30, 2022
    Publication date: July 4, 2024
    Applicant: Intel Corporation
    Inventors: Baruch Chaikin, Ahmad Yasin
  • Patent number: 12021980
    Abstract: A processor includes a processor core. A register of the core is to store: a bit range for a number of address bits of physical memory addresses used for key identifiers (IDs), and a first key ID to identify a boundary between non-restricted key IDs and restricted key IDs of the key identifiers. A memory controller is to: determine, via access to bit range and the first key ID in the register, a key ID range of the restricted key IDs within the physical memory addresses; access a processor state that a first logical processor of the processor core executes in an untrusted domain mode; receive a memory transaction, from the first logical processor, including an address associated with a second key ID; and generate a fault in response to a determination that the second key ID is within a key ID range of the restricted key IDs.
    Type: Grant
    Filed: September 2, 2021
    Date of Patent: June 25, 2024
    Assignee: Intel Corporation
    Inventors: Ido Ouziel, Arie Aharon, Dror Caspi, Baruch Chaikin, Jacob Doweck, Gideon Gerzon, Barry E. Huntley, Francis X. McKeen, Gilbert Neiger, Carlos V. Rozas, Ravi L. Sahita, Vedvyas Shanbhogue, Assaf Zaltsman
  • Patent number: 11966742
    Abstract: Systems, methods, and apparatuses relating to instructions to reset software thread runtime property histories in a hardware processor are described. In one embodiment, a hardware processor includes a hardware guide scheduler comprising a plurality of software thread runtime property histories; a decoder to decode a single instruction into a decoded single instruction, the single instruction having a field that identifies a model-specific register; and an execution circuit to execute the decoded single instruction to check that an enable bit of the model-specific register is set, and when the enable bit is set, to reset the plurality of software thread runtime property histories of the hardware guide scheduler.
    Type: Grant
    Filed: May 3, 2023
    Date of Patent: April 23, 2024
    Assignee: Intel Corporation
    Inventors: Eliezer Weissmann, Mark Charney, Michael Mishaeli, Robert Valentine, Itai Ravid, Jason W. Brandt, Gilbert Neiger, Baruch Chaikin, Efraim Rotem
  • Publication number: 20230273795
    Abstract: Systems, methods, and apparatuses relating to instructions to reset software thread runtime property histories in a hardware processor are described. In one embodiment, a hardware processor includes a hardware guide scheduler comprising a plurality of software thread runtime property histories; a decoder to decode a single instruction into a decoded single instruction, the single instruction having a field that identifies a model-specific register; and an execution circuit to execute the decoded single instruction to check that an enable bit of the model-specific register is set, and when the enable bit is set, to reset the plurality of software thread runtime property histories of the hardware guide scheduler.
    Type: Application
    Filed: May 3, 2023
    Publication date: August 31, 2023
    Inventors: Eliezer WEISSMANN, Mark CHARNEY, Michael MISHAELI, Robert VALENTINE, Itai RAVID, Jason W. BRANDT, Gilbert NEIGER, Baruch CHAIKIN, Efraim ROTEM
  • Patent number: 11645080
    Abstract: Systems, methods, and apparatuses relating to instructions to reset software thread runtime property histories in a hardware processor are described. In one embodiment, a hardware processor includes a hardware guide scheduler comprising a plurality of software thread runtime property histories; a decoder to decode a single instruction into a decoded single instruction, the single instruction having a field that identifies a model-specific register; and an execution circuit to execute the decoded single instruction to check that an enable bit of the model-specific register is set, and when the enable bit is set, to reset the plurality of software thread runtime property histories of the hardware guide scheduler.
    Type: Grant
    Filed: September 6, 2022
    Date of Patent: May 9, 2023
    Assignee: Intel Corporation
    Inventors: Eliezer Weissmann, Mark Charney, Michael Mishaeli, Robert Valentine, Itai Ravid, Jason W. Brandt, Gilbert Neiger, Baruch Chaikin, Efraim Rotem
  • Publication number: 20230128711
    Abstract: Technologies for trusted I/O include a computing device having a processor, a channel identifier filter, and an I/O controller. The I/O controller may generate an I/O transaction that includes a channel identifier and a memory address. The channel identifier filter verifies that the memory address of the I/O transaction is within a processor reserved memory region associated with the channel identifier. The processor reserved memory region is not accessible to software executed by the computing device. The processor encrypts I/O data at the memory address in response to invocation of a processor feature and copies the encrypted data to a memory buffer outside of the processor reserved memory region. The processor may securely clean the processor reserved memory region before encrypting and copying the data. The processor may wrap and unwrap programming information for the channel identifier filter. Other embodiments are described and claimed.
    Type: Application
    Filed: December 7, 2022
    Publication date: April 27, 2023
    Applicant: Intel Corporation
    Inventors: Reshma Lal, Gideon Gerzon, Baruch Chaikin, Siddhartha Chhabra, Pradeep M. Pappachan, Bin Xing
  • Patent number: 11630904
    Abstract: In one embodiment, an apparatus includes a channel filter and a security processor. The security processor is to: receive a plurality of device access control policies from a protected non-volatile storage of a platform; determine whether the plurality of device access control policies are verified; program the channel filter with a plurality of filter entries each associated with one of the plurality of device access control policies based on the determination; and remove a security attribute of the security processor from a policy register of the channel filter, to lock the channel filter for a boot cycle of the platform. Other embodiments are described and claimed.
    Type: Grant
    Filed: June 21, 2021
    Date of Patent: April 18, 2023
    Assignee: Intel Corporation
    Inventors: Pradeep M. Pappachan, Siddhartha Chhabra, Bin Xing, Reshma Lal, Baruch Chaikin
  • Publication number: 20230076318
    Abstract: Systems, methods, and apparatuses relating to instructions to reset software thread runtime property histories in a hardware processor are described. In one embodiment, a hardware processor includes a hardware guide scheduler comprising a plurality of software thread runtime property histories; a decoder to decode a single instruction into a decoded single instruction, the single instruction having a field that identifies a model-specific register; and an execution circuit to execute the decoded single instruction to check that an enable bit of the model-specific register is set, and when the enable bit is set, to reset the plurality of software thread runtime property histories of the hardware guide scheduler.
    Type: Application
    Filed: September 6, 2022
    Publication date: March 9, 2023
    Inventors: ELIEZER WEISSMANN, MARK CHARNEY, MICHAEL MISHAELI, ROBERT VALENTINE, ITAI RAVID, JASON W. BRANDT, GILBERT NEIGER, BARUCH CHAIKIN, EFRAIM ROTEM
  • Patent number: 11461244
    Abstract: Implementations described provide hardware support for the co-existence of restricted and non-restricted encryption keys on a computing system. Such hardware support may comprise a processor having a core, a hardware register to store a bit range to identify a number of bits, of physical memory addresses, that define key identifiers (IDs) and a partition key ID identifying a boundary between non-restricted and restricted key IDs. The core may allocate at least one of the non-restricted key IDs to a software program, such as a hypervisor. The core may further allocate a restricted key ID to a trust domain whose trust computing base does not comprise the software program. A memory controller coupled to the core may allocate a physical page of a memory to the trust domain, wherein data of the physical page of the memory is to be encrypted with an encryption key associated with the restricted key ID.
    Type: Grant
    Filed: December 20, 2018
    Date of Patent: October 4, 2022
    Assignee: Intel Corporation
    Inventors: Ido Ouziel, Arie Aharon, Dror Caspi, Baruch Chaikin, Jacob Doweck, Gideon Gerzon, Barry E. Huntley, Francis X. McKeen, Gilbert Neiger, Carlos V. Rozas, Ravi L. Sahita, Vedvyas Shanbhogue, Assaf Zaltsman, Hormuzd M. Khosravi
  • Patent number: 11436018
    Abstract: Systems, methods, and apparatuses relating to instructions to reset software thread runtime property histories in a hardware processor are described. In one embodiment, a hardware processor includes a hardware guide scheduler comprising a plurality of software thread runtime property histories; a decoder to decode a single instruction into a decoded single instruction, the single instruction having a field that identifies a model-specific register; and an execution circuit to execute the decoded single instruction to check that an enable bit of the model-specific register is set, and when the enable bit is set, to reset the plurality of software thread runtime property histories of the hardware guide scheduler.
    Type: Grant
    Filed: December 17, 2020
    Date of Patent: September 6, 2022
    Assignee: Intel Corporation
    Inventors: Eliezer Weissmann, Mark Charney, Michael Mishaeli, Robert Valentine, Itai Ravid, Jason W. Brandt, Gilbert Neiger, Baruch Chaikin, Efraim Rotem
  • Patent number: 11392698
    Abstract: The present disclosure is directed to systems and methods of detecting a side-channel attack detecting a translation lookaside buffer (TLB) miss on a virtual address lookup caused by the speculative execution of an instruction and determining that the physical memory address associated with the virtual address lookup contains a privileged object or a secret object. Range register circuitry determines whether the physical memory address is located in an address range containing privileged objects or secret objects. Performance monitoring counter (PMC) circuitry generates an interrupt in response to receipt of information indicative of the TLB miss and information indicative that the physical memory address contains a privileged object or a secret object. The PMC circuitry causes the storage of information associated with the speculatively executed instruction causing the virtual address lookup.
    Type: Grant
    Filed: March 15, 2019
    Date of Patent: July 19, 2022
    Assignee: Intel Corporation
    Inventors: Chaim Shen-Orr, Baruch Chaikin, Ahmad Yasin, Reuven Elbaum
  • Publication number: 20220206842
    Abstract: Techniques for migration of a source protected virtual machine from a source platform to a destination platform are descried. A method of an aspect includes enforcing that bundles of state, of a first protected virtual machine (VM), received at a second platform over a stream, during an in-order phase of a migration of the first protected VM from a first platform to the second platform, are imported to a second protected VM of the second platform, in a same order that they were exported from the first protected VM. Receiving a marker over the stream marking an end of the in-order phase. Determining that all bundles of state exported from the first protected VM prior to export of the marker have been imported to the second protected VM. Starting an out-of-order phase of the migration based on the determination that said all bundles of the state exported have been imported.
    Type: Application
    Filed: December 26, 2020
    Publication date: June 30, 2022
    Inventors: Ravi SAHITA, Dror CASPI, Vincent SCARLATA, Sharon YANIV, Baruch CHAIKIN, Vedvyas SHANBHOGUE, Jun NAKAJIMA, Arumugam THIYAGARAJAH, Sean CHRISTOPHERSON, Haidong XIA, Vinay AWASTHI, Isaku YAMAHATA, Wei WANG, Thomas ADELMEYER
  • Publication number: 20220197995
    Abstract: Techniques and mechanisms to efficiently provide features of a secure authentication mode (SEAM) by a processor. In an embodiment, cores of the processor support an instruction set which comprises instructions to invoke the SEAM. One such core installs an authenticated code module (ACM), which is executed to load a persistent SEAM loader module (P-SEAMLDR) in a reserved region of a system memory. In turn, the P-SEAMLDR loads into the reserved region a SEAM module which facilitates trust domain extension (TDX) protections for a given trusted domain. In another embodiment, the instruction set supports a SEAM call instruction with which either of the P-SEAMLDR or the SEAM module is accessed in the reserved region.
    Type: Application
    Filed: December 23, 2020
    Publication date: June 23, 2022
    Applicant: Intel Corporation
    Inventors: Vedvyas Shanbhogue, Baruch Chaikin
  • Publication number: 20210399882
    Abstract: A processor includes a processor core. A register of the core is to store: a bit range for a number of address bits of physical memory addresses used for key identifiers (IDs), and a first key ID to identify a boundary between non-restricted key IDs and restricted key IDs of the key identifiers. A memory controller is to: determine, via access to bit range and the first key ID in the register, a key ID range of the restricted key IDs within the physical memory addresses; access a processor state that a first logical processor of the processor core executes in an untrusted domain mode; receive a memory transaction, from the first logical processor, including an address associated with a second key ID; and generate a fault in response to a determination that the second key ID is within a key ID range of the restricted key IDs.
    Type: Application
    Filed: September 2, 2021
    Publication date: December 23, 2021
    Inventors: Ido OUZIEL, Arie AHARON, Dror CASPI, Baruch CHAIKIN, Jacob DOWECK, Gideon GERZON, Barry E. HUNTLEY, Francis X. MCKEEN, Gilbert NEIGER, Carlos V. ROZAS, Ravi L. SAHITA, Vedvyas SHANBHOGUE, Assaf ZALTSMAN
  • Publication number: 20210319118
    Abstract: In one embodiment, an apparatus includes a channel filter and a security processor. The security processor is to: receive a plurality of device access control policies from a protected non-volatile storage of a platform; determine whether the plurality of device access control policies are verified; program the channel filter with a plurality of filter entries each associated with one of the plurality of device access control policies based on the determination; and remove a security attribute of the security processor from a policy register of the channel filter, to lock the channel filter for a boot cycle of the platform. Other embodiments are described and claimed.
    Type: Application
    Filed: June 21, 2021
    Publication date: October 14, 2021
    Inventors: Pradeep M. Pappachan, Siddhartha Chhabra, Bin Xing, Reshma Lal, Baruch Chaikin
  • Patent number: 11139967
    Abstract: A processor includes a processor core. A register of the core is to store: a bit range for a number of address bits of physical memory addresses used for key identifiers (IDs), and a first key ID to identify a boundary between non-restricted key IDs and restricted key IDs of the key identifiers. A memory controller is to: determine, via access to bit range and the first key ID in the register, a key ID range of the restricted key IDs within the physical memory addresses; access a processor state that a first logical processor of the processor core executes in an untrusted domain mode; receive a memory transaction, from the first logical processor, including an address associated with a second key ID; and generate a fault in response to a determination that the second key ID is within a key ID range of the restricted key IDs.
    Type: Grant
    Filed: December 20, 2018
    Date of Patent: October 5, 2021
    Assignee: Intel Corporation
    Inventors: Ido Ouziel, Arie Aharon, Dror Caspi, Baruch Chaikin, Jacob Doweck, Gideon Gerzon, Barry E. Huntley, Francis X. Mckeen, Gilbert Neiger, Carlos V. Rozas, Ravi L. Sahita, Vedvyas Shanbhogue, Assaf Zaltsman