Abstract: A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.

Abstract: Embodiments of an invention for maintaining a secure processing environment across power cycles are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction to evict a root version array page entry from a secure cache. The execution unit is to execute the instruction. Execution of the instruction includes generating a blob to contain information to maintain a secure processing environment across a power cycle and storing the blob in a non-volatile memory.

Abstract: A computing platform implements one or more secure enclaves including a first provisioning enclave to interface with a first provisioning service to obtain a first attestation key from the first provisioning service, a second provisioning enclave to interface with a different, second provisioning service to obtain a second attestation key from the second provisioning service, and a provisioning certification enclave to sign first data from the first provisioning enclave and second data from the second provisioning enclave using a hardware-based provisioning attestation key. The signed first data is used by the first provisioning enclave to authenticate to the first provisioning service to obtain the first attestation key and the signed second data is used by the second provisioning enclave to authenticate to the second provisioning service to obtain the second attestation key.

Abstract: Data integrity logic is executable by a processor to generate a data integrity code using a hardware-based secret. A container manager, executable by the processor, creates a secured container including report generation logic that determines measurements of the secured container, generates a report according to a defined report format, and sends a quote request including the report. The defined report format includes a field to include the measurements and a field to include the data integrity code, and the report format is compatible for consumption by any one of a plurality of different quote creator types.

Abstract: A processing system includes an execution unit, communicatively coupled to an architecturally-protected memory, the execution unit comprising a logic circuit to execute a virtual machine monitor (VMM) that supports a virtual machine (VM) comprising a guest operating system (OS) and to implement an architecturally-protected execution environment, wherein the logic circuit is to responsive to executing a blocking instruction by the guest OS directed at a first page stored in the architecturally-protected memory during a first time period identified by a value stored in a first counter, copy the value from the first counter to a second counter, responsive to executing a first tracking instruction issued by the VMM, increment the value stored in the first counter, and set a flag to indicate successful execution of the second tracking instruction.

Abstract: Secure memory allocation technologies are described. A processor includes a processor core and a memory controller that is coupled between the processor core and main memory. The main memory comprises a protected region including secured pages. The processor, in response to a content copy instruction, is to initialize a target page in the protected region of an application address space. The processor, in response to the content copy instruction, is also to select content of a source page in the protected region to be copied. The processor, in response to the content copy instruction, is also to copy the selected content to the target page in the protected region of the application address space.

Abstract: An embodiment: (a) receives a request for a measurement of a hypervisor from at least one computing node that is external to the at least one machine; (b) executes a previously measured measuring agent to measure the hypervisor, after the hypervisor is measured and booted, to generate a measurement while: (b)(i) the at least one machine is in virtual machine extension (VMX) root operation, and (b)(ii) the measuring agent is in a protected mode; (c) attest to the measurement, based on at least one encryption credential, to generate an attested measurement output; and (d) communicate the attested measurement output to the at least one computing node. The hypervisor does not include the at least one encryption credential while the measuring agent is measuring the booted hypervisor. Other embodiments are described herein.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to determine that a secure domain has been created on a device, where keys are required to access the secure domain, obtain the keys that are required to access the secure domain from a network element, and encrypt the keys and store the encrypted keys on the device. In an example, only the secure domain can decrypt the encrypted keys and the device is a virtual machine.

Abstract: A computing platform implements one or more secure enclaves including a first provisioning enclave to interface with a first provisioning service to obtain a first attestation key from the first provisioning service, a second provisioning enclave to interface with a different, second provisioning service to obtain a second attestation key from the second provisioning service, and a provisioning certification enclave to sign first data from the first provisioning enclave and second data from the second provisioning enclave using a hardware-based provisioning attestation key. The signed first data is used by the first provisioning enclave to authenticate to the first provisioning service to obtain the first attestation key and the signed second data is used by the second provisioning enclave to authenticate to the second provisioning service to obtain the second attestation key.

Abstract: Embodiments of an invention for memory management in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction and a second instruction. The execution unit is to execute the first instruction, wherein execution of the first instruction includes allocating a page in an enclave page cache to a secure enclave. The execution unit is also to execute the second instruction, wherein execution of the second instruction includes confirming the allocation of the page.

Abstract: Translation lookaside buffer (TLB) tracking and managing technologies are described. A processing device comprises a translation lookaside buffer (TLB) and a processing core to execute a virtual machine monitor (VMM), the VMM to manage a virtual machine (VM) including virtual processors. The processing core to execute, via the VM, a plurality of conversion instructions on at least one of the virtual processors to convert a plurality of non-secure pages to a plurality of secure pages. The processing core also to execute, via the VM, one or more allocation instructions on the at least one of the virtual processors to allocate at least one secure page of the plurality of secure pages, execution of the one or more allocation instructions to include determining whether the TLB is cleared of mappings to the at least one secure page prior to allocating the at least one secure page.

Abstract: A processing device includes a conflict resolution logic circuit to initiate a tracking phase to track translation look aside buffer (TLB) mappings to an enclave memory cache (EPC) page of a secure enclave. The conflict resolution logic circuit is further to execute a tracking instruction as part of the tracking phase, wherein the tracking instruction takes any page in the secure enclave as an argument parameter to the tracking instruction.

Abstract: A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.

Abstract: A processor for supporting secure memory intent is disclosed. The processor of the disclosure includes a memory execution unit to access memory and a processor core coupled to the memory execution unit. The processor core is to receive a request to access a convertible page of the memory. In response to the request, the processor core to determine an intent for the convertible page in view of a page table entry (PTE) corresponding to the convertible page. The intent indicates whether the convertible page is to be accessed as at least one of a secure page or a non-secure page.

Abstract: Memory security technologies are described. An example processing system includes a processor core and a memory controller coupled to the processor core and a memory. The processor core can receive a content read instruction from an application. The processor core can identify a cache line (CL) from a plurality of CLs of a cryptographic cache block (CCB) requested in the content read instruction. The processor core can load, from a cryptographic tree, tree nodes with security metadata. The processor core can retrieve, from the memory, the CCB. The processor core can generate a second MAC from the CCB. The processor core can compare the first MAC with the second MAC. The processor core can decrypt the CCB using security metadata when the first MAC matches the second MAC. The processor core can send at least the identified CL from the decrypted CCB to the application.

Abstract: A processing device includes a conflict resolution logic circuit to initiate a tracking phase to track translation look aside buffer (TLB) mappings to an enclave memory cache (EPC) page of a secure enclave. The conflict resolution logic circuit is further to execute a tracking instruction as part of the tracking phase, wherein the tracking instruction takes any page in the secure enclave as an argument parameter to the tracking instruction.

Abstract: An apparatus and method for securely suspending and resuming the state of a processor. For example, one embodiment of a method comprises: generating a data structure including at least the monotonic counter value; generating a message authentication code (MAC) over the data structure using a first key; securely providing the data structure and the MAC to a module executed on the processor; the module verifying the MAC, comparing the monotonic counter value with a counter value stored during a previous suspend operation and, if the counter values match, then loading processor state required for the resume operation to complete. Another embodiment of a method comprises: generating a first key by a processor; securely sharing the first key with an off-processor component; and using the first key to generate a pairing ID usable to identify a pairing between the processor and the off-processor component.

Abstract: A secure migration enclave is provided to identify a launch of a particular virtual machine on a host computing system, where the particular virtual machine is launched to include a secure quoting enclave to perform an attestation of one or more aspects of the virtual machine. A root key for the particular virtual machine is generated using the secure migration enclave hosted on the host computing system for use in association with provisioning the secure quoting enclave with an attestation key to be used in the attestation. The migration enclave registers the root key with a virtual machine registration service.

Abstract: A secure key manager enclave is provided on a host computing system to send an attestation quote to a secure key store system identifying attributes of the key manager enclave and signed by a hardware-based key of the host computing system to attest to trustworthiness of the secure key manager enclave. The secure key manager enclave receives a request to provide a root key for a particular virtual machine to be run on the host computing system, generates a secure data structure in secure memory of the host computing system to be associated with the particular virtual machine, and provisions the root key in the secure data structure using the key manager enclave, where the key manager enclave is to have privileged access to the secure data structure.

Abstract: Embodiments of an invention for memory management in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction and a second instruction. The execution unit is to execute the first instruction, wherein execution of the first instruction includes allocating a page in an enclave page cache to a secure enclave. The execution unit is also to execute the second instruction, wherein execution of the second instruction includes confirming the allocation of the page.