Abstract: Embodiments of an invention for memory management in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction and a second instruction. The execution unit is to execute the first instruction, wherein execution of the first instruction includes allocating a page in an enclave page cache to a secure enclave. The execution unit is also to execute the second instruction, wherein execution of the second instruction includes confirming the allocation of the page.

Abstract: The present invention relates to the field of pharmaceutics and medicine, in particular, to a method for producing a suspended form of ground decellularized extracellular matrix with size-controlled structural components, the suspended form not 5 requiring pre-hydration, and to a product produced by this method, for stimulation of reparative regeneration of tissues.

Abstract: A secure migration enclave is provided to identify a launch of a particular virtual machine on a host computing system, where the particular virtual machine is launched to include a secure quoting enclave to perform an attestation of one or more aspects of the virtual machine. A root key for the particular virtual machine is generated using the secure migration enclave hosted on the host computing system for use in association with provisioning the secure quoting enclave with an attestation key to be used in the attestation. The migration enclave registers the root key with a virtual machine registration service.

Abstract: A secure enclave circuit stores an enclave page cache map to track contents of a secure enclave in system memory that stores secure data containing a page having a virtual address. An execution unit is to, in response to a request to evict the page from the secure enclave: block creation of translations of the virtual address; record one or more hardware threads currently accessing the secure data in the secure enclave; send an inter-processor interrupt to one or more cores associated with the one or more hardware threads, to cause the one or more hardware threads to exit the secure enclave and to flush translation lookaside buffers of the one or more cores; and in response to detection of a page fault associated with the virtual address for the page in the secure enclave, unblock the creation of translations of the virtual address.

Abstract: Implementations of the disclosure provide for supporting oversubscription of guest enclave memory pages. In one implementation, a processing device comprising a memory controller unit to access a secure enclave and a processor core, operatively coupled to the memory controller unit. The processing device is to identify a target memory page in memory. The target memory page is associated with a secure enclave of a virtual machine (VM). A data structure comprising context information corresponding to the target memory page is received. A state of the target memory page is determined based on the received data structure. The state indicating whether the target memory page is associated with at least one of: a child memory page or a parent memory page of the VM. Thereupon, an instruction to evict the target memory page from the secure enclave is generated based on the determined state.

Abstract: A processor implementing techniques to supporting fault information delivery is disclosed. In one embodiment, the processor includes a memory controller unit to access an enclave page cache (EPC) and a processor core coupled to the memory controller unit. The processor core to detect a fault associated with accessing the EPC and generate an error code associated with the fault. The error code reflects an EPC-related fault cause. The processor core is further to encode the error code into a data structure associated with the processor core. The data structure is for monitoring a hardware state related to the processor core.

Abstract: A processor for supporting secure memory intent is disclosed. The processor of the disclosure includes a memory execution unit to access memory and a processor core coupled to the memory execution unit. The processor core is to receive a request to access a convertible page of the memory. In response to the request, the processor core to determine an intent for the convertible page in view of a page table entry (PTE) corresponding to the convertible page. The intent indicates whether the convertible page is to be accessed as at least one of a secure page or a non-secure page.

Abstract: Cache behavior for secure memory repartitioning systems is described. Implementations may include a processing core and a memory controller coupled between the processor core and a memory device. The processor core is to receive a memory access request to a page in the memory device, the memory access request comprising a first guarded attribute (GA) indicator indicating whether the page is a secure page belonging to an enclave, determine whether the first GA indicator matches a second GA indicator in a cache line entry corresponding to the page, the cache line entry comprised in a cache, and responsive to a determination that the first GA indicator does not match the second GA indicator, apply an eviction policy to the cache line entry based on whether the cache line is indicated as a dirty cache line and accessing second data in the memory device for the page.

Abstract: A system includes a processor core and main memory. The processor core is to, in response to execution of a patch-load instruction, retrieve, from a predetermined area of the main memory, memory protection metadata and a memory range of reserved memory, wherein the reserved memory is not flexibly convertible to enclave pages. The processor core is further to retrieve a bit from an architectural control register, wherein a value of the bit is to indicate whether an operating system is capable of management of flexibly-convertible enclave pages. The processor core is further to activate, using the memory protection metadata and one of the first information or the second information, a mode of protected memory management for the processor core in response to the value of the bit in the architectural control register.

Abstract: Secure memory repartitioning technologies are described. Embodiments of the disclosure may include a processing device including a processing core and a memory controller coupled between the processor core and a memory device. The memory device includes a memory range including a section of convertible pages that are convertible to secure pages or non-secure pages. The processor core is to receive a non-secure access request to a page in the memory device, responsive to a determination, based on one or more secure state bits in one or more secure state bit arrays, that the page is a secure page, insert an abort page address into a translation lookaside buffer, and responsive to a determination, based on the one or more secure state bits in the one or more secure state bit arrays, that the page is a non-secure page, insert the page into the translation lookaside buffer.

Abstract: Embodiments of the present disclosure describe devices, methods, computer-readable media and systems configurations for transmission point indication in a coordinated multipoint (CoMP) system. A user equipment (UE) may receive common reference signal (CRS) parameters associated with individual base stations of a CoMP measurement set. The UE may also receive a transmission point index corresponding to a first base station of the CoMP measurement set that is scheduled for communications with the UE. A mapping module of the UE may produce a physical downlink shared channel (PDSCH) mapping pattern based on the CRS parameters associated with the scheduled base station.

Abstract: Embodiments of an invention for memory management in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction and a second instruction. The execution unit is to execute the first instruction, wherein execution of the first instruction includes allocating a page in an enclave page cache to a secure enclave. The execution unit is also to execute the second instruction, wherein execution of the second instruction includes confirming the allocation of the page.

Abstract: Embodiments of the present disclosure describe techniques and configurations for handling signal quality measurements by a wireless device in a wireless network environment, particularly in a coordinated transmission environment. An apparatus may include computer-readable media having instruments and one or more processors coupled with the media and configured to execute the instructions to generate a power parameter corresponding to a power adjustment associated with a reference signal, provide the reference signal generated based in part on the generated power parameter to a wireless device, and provide the power parameter to transmission points operating in the coordinated transmission environment. Each of the transmission points may be configured to communicate the power parameter to the wireless device, and the wireless device may be configured to determine, based at least in part on the power parameter, a power characteristics associated with a channel in which the reference signal is provided.

Abstract: A processing device includes a conflict resolution logic circuit to initiate a tracking phase to track translation look aside buffer (TLB) mappings to an enclave memory cache (EPC) page of a secure enclave. The conflict resolution logic circuit is further to execute a tracking instruction as part of the tracking phase, wherein the tracking instruction takes any page in the secure enclave as an argument parameter to the tracking instruction.

Abstract: Embodiments of the present disclosure describe techniques and configurations for handling signal quality measurements by a wireless device in a wireless network environment, particularly in a coordinated transmission environment. An apparatus may include computer-readable media having instructions and one or more processors coupled with the media and configured to execute the instructions to generate a power parameter corresponding to a power adjustment associated with a reference signal, provide the reference signal generated based in part on the generated power parameter to a wireless device, and provide the power parameter to transmission points operating in the coordinated transmission environment. Each of the transmission points may be configured to communicate the power parameter to the wireless device, and the wireless device may be configured to determine, based at least in part on the power parameter, a power characteristics associated with a channel in which the reference signal is provided.

Abstract: A processor for supporting secure memory intent is disclosed. The processor of the disclosure includes a memory execution unit to access memory and a processor core coupled to the memory execution unit. The processor core is to receive a request to access a convertible page of the memory. In response to the request, the processor core to determine an intent for the convertible page in view of a page table entry (PTE) corresponding to the convertible page. The intent indicates whether the convertible page is to be accessed as at least one of a secure page or a non-secure page.

Abstract: A processing device includes a conflict resolution logic circuit to initiate a tracking phase to track translation look aside buffer (TLB) mappings to an enclave memory cache (EPC) page of a secure enclave. The conflict resolution logic circuit is further to execute a tracking instruction as part of the tracking phase, wherein the tracking instruction takes any page in the secure enclave as an argument parameter to the tracking instruction.

Abstract: An apparatus and method for securely suspending and resuming the state of a processor. For example, one embodiment of a method comprises: generating a data structure including at least the monotonic counter value; generating a message authentication code (MAC) over the data structure using a first key; securely providing the data structure and the MAC to a module executed on the processor; the module verifying the MAC, comparing the monotonic counter value with a counter value stored during a previous suspend operation and, if the counter values match, then loading processor state required for the resume operation to complete. Another embodiment of a method comprises: generating a first key by a processor; securely sharing the first key with an off-processor component; and using the first key to generate a pairing ID usable to identify a pairing between the processor and the off-processor component.

Abstract: A secure migration enclave is provided to identify a launch of a particular virtual machine on a host computing system, where the particular virtual machine is launched to include a secure quoting enclave to perform an attestation of one or more aspects of the virtual machine. A root key for the particular virtual machine is generated using the secure migration enclave hosted on the host computing system for use in association with provisioning the secure quoting enclave with an attestation key to be used in the attestation. The migration enclave registers the root key with a virtual machine registration service.

Abstract: A secure key manager enclave is provided on a host computing system to send an attestation quote to a secure key store system identifying attributes of the key manager enclave and signed by a hardware-based key of the host computing system to attest to trustworthiness of the secure key manager enclave. The secure key manager enclave receives a request to provide a root key for a particular virtual machine to be run on the host computing system, generates a secure data structure in secure memory of the host computing system to be associated with the particular virtual machine, and provisions the root key in the secure data structure using the key manager enclave, where the key manager enclave is to have privileged access to the secure data structure.