Patents by Inventor Jonathan D. Bradbury

Jonathan D. Bradbury has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • SECURE EXECUTION GUEST OWNER CONTROLS FOR SECURE INTERFACE CONTROL
    Publication number: 20200285759
    Abstract: A method, computer program product, and a system where a secure interface control determines functionality of a secure guest based on metadata. The secure interface control (“SC”) obtains metadata linked to an image of a secure guest to be started by an owner and managed by the hypervisor, where the metadata comprises control(s) that indicate whether a secure guest generated with the image is permitted to obtain a response to a particular request. The SC intercepts, from the secure guest generated with the image, during runtime, a request. The SC determines, based on the control(s), if the secure guest is permitted to obtain a response to the request. If permitted, the SC commences fulfillment of the request, within the computing system. If not permitted, the SC ignores the request.
    Type: Application
    Filed: March 8, 2019
    Publication date: September 10, 2020
    Inventors: Reinhard T. Buendgen, Jonathan D. Bradbury
  • SECURE PAGING WITH PAGE CHANGE DETECTION
    Publication number: 20200287709
    Abstract: According to one or more embodiments of the present invention, a computer implemented method includes computing a hash value of a page of memory of a computer system and comparing the hash value with a previously computed hash value of the page. A per-encryption value per page can be used in encrypting the page based on determining that the hash value matches the previously computed hash value. A modified value of the per-encryption value per page can be used in encrypting the page based on determining that the hash value mismatches the previously computed hash value.
    Type: Application
    Filed: March 8, 2019
    Publication date: September 10, 2020
    Inventors: Jonathan D. Bradbury, Christian Borntraeger, Heiko Carstens, Martin Schwidefsky, Reinhard Theodor Buendgen
  • PROGRAM INTERRUPTIONS FOR PAGE IMPORTING/EXPORTING
    Publication number: 20200285762
    Abstract: An example computer-implemented method includes presenting, by a hardware control of a computing system, an exception to an untrusted entity when the untrusted entity accesses a secure page stored in a memory of the computing system, the exception preventing the untrusted entity from accessing the secure page. The method further includes, in response to the exception, issuing, by the untrusted entity, an export call routine. The method further includes executing, by a secure interface control of the computing system, the export call routine.
    Type: Application
    Filed: March 8, 2019
    Publication date: September 10, 2020
    Inventors: Jonathan D. Bradbury, Martin Schwidefsky, Christian Borntraeger, Lisa Cranton Heller, Heiko Carstens, Fadi Y. Busaba
  • HOST VIRTUAL ADDRESS SPACE FOR SECURE INTERFACE CONTROL STORAGE
    Publication number: 20200285589
    Abstract: According to one or more embodiments of the present invention, a computer implemented method includes receiving, at a secure interface control of a computer system, an access request for a data structure related to a secure entity in a secure domain of the computer system. The secure interface control can check for a virtual storage address associated with a location of the data structure. The secure interface control can request an address translation using a virtual address space of a non-secure entity of the computer system based on determining that the location of the data structure is associated with the virtual storage address. The secure interface control can access the data structure based on a result of the address translation.
    Type: Application
    Filed: March 8, 2019
    Publication date: September 10, 2020
    Inventors: Claudio Imbrenda, Christian Borntraeger, Lisa Cranton Heller, Fadi Y. Busaba, Jonathan D. Bradbury
  • CONTROLLING ACCESS TO SECURE STORAGE OF A VIRTUAL MACHINE
    Publication number: 20200285499
    Abstract: According to one or more embodiments of the present invention, a computer implemented method includes receiving a request from a requestor, to access a page of memory. The requestor is either a secure entity of a computer system or a secure interface control of the computer system. The request is tagged as a secure request from a secure domain of the computer system. It is verified that the request is making an access to a page that is both registered as secure and registered as belonging to the secure domain. The requestor is provided access to the page based at least in part on the page being registered as secure and as belonging to the secure domain. The requestor is prevented from accessing the page, based on one or both of the page not being registered as secure, and the page not being registered as belonging to the secure domain.
    Type: Application
    Filed: March 8, 2019
    Publication date: September 10, 2020
    Inventors: Lisa Cranton Heller, Fadi Y. Busaba, Jonathan D. Bradbury
  • SECURE INTERFACE CONTROL HIGH-LEVEL PAGE MANAGEMENT
    Publication number: 20200285758
    Abstract: A method is provided. The method is implemented by a secure interface control of a computer that prevents unauthorized accesses to locations in a memory of the computer. The secure interface control determines that a host absolute page is not previously mapped to a virtual page in accordance with securing the host absolute page and a host virtual page is not already mapped to an absolute page in accordance with securing the host absolute page.
    Type: Application
    Filed: March 8, 2019
    Publication date: September 10, 2020
    Inventors: Martin Schwidefsky, Heiko Carstens, Jonathan D. Bradbury, Lisa Cranton Heller
  • SECURE INTERFACE CONTROL SECURE STORAGE HARDWARE TAGGING
    Publication number: 20200287902
    Abstract: A method is provided. A secure interface control in communication with an untrusted entity perform the method. In this regard, the secure interface control implements an initialization instruction to set donated storage as secure. The implementing of the initialization instruction is responsive to an instruction call issued from the untrusted entity.
    Type: Application
    Filed: March 8, 2019
    Publication date: September 10, 2020
    Inventors: Lisa Cranton Heller, Fadi Y. Busaba, Jonathan D. Bradbury
  • INJECT INTERRUPTS AND EXCEPTIONS INTO SECURE VIRTUAL MACHINE
    Publication number: 20200285495
    Abstract: According to one or more embodiments of the present invention, a computer implemented method includes initiating, by a non-secure entity that is executing on a host server, a secure entity, the non-secure entity prohibited from directly accessing any data of the secure entity. The method further includes injecting, into the secure entity, an interrupt that is generated by the host server. The injecting includes adding, by the non-secure entity, information about the interrupt into a portion of non-secure storage, which is then associated with the secure entity. The injecting further includes injecting, by a secure interface control of the host server, the interrupt into the secure entity.
    Type: Application
    Filed: March 8, 2019
    Publication date: September 10, 2020
    Inventors: Claudio Imbrenda, Fadi Y. Busaba, Lisa Cranton Heller, Jonathan D. Bradbury
  • FUNCTIONAL COMPLETION WHEN RETRYING A NON-INTERRUPTIBLE INSTRUCTION IN A BI-MODAL EXECUTION ENVIRONMENT
    Publication number: 20200272528
    Abstract: A method is provided that includes receiving, by a firmware from an originating software, an asynchronous request for an instruction of an algorithm for compression of data. The firmware operates on a first processor and the originating software operates on a second processor. The firmware issues a synchronous request to the first processor to cause the processor to execute the instruction synchronously. It is determined, by the firmware, whether an interrupt is received from the first processor with respect to the first processor executing the instruction. The firmware retries the issuance of the synchronous request each time the interrupt is received until a retry threshold is reached.
    Type: Application
    Filed: February 27, 2019
    Publication date: August 27, 2020
    Inventors: Matthias Klein, Simon Weishaupt, Anthony Thomas Sofia, Jonathan D. Bradbury, Mark S. Farrell, Mahmoud Amin, Timothy Slegel
  • DETECTION OF ALTERATION OF STORAGE KEYS USED TO PROTECT MEMORY
    Publication number: 20200272341
    Abstract: Detection of alteration of storage keys used to protect memory includes determining whether a storage key alteration event has occurred within a processor of a computing environment. The determining includes checking whether one or more selected fields of a storage key have been updated. The storage key is associated with a block of memory and controls access to the block of memory. Based on the checking indicating that the one or more selected fields of the storage key have been updated, a storage key alteration event has been detected. Based on determining the storage key alteration event has occurred, a notification is provided.
    Type: Application
    Filed: February 25, 2019
    Publication date: August 27, 2020
    Inventors: Timothy Slegel, Jonathan D. Bradbury, Bruce C. Giamei, James H. Mulder, Peter J. Relson
  • LOAD/STORE ELEMENTS REVERSED INSTRUCTIONS
    Publication number: 20200264877
    Abstract: A single architected instruction to perform a data reversal operation is executed. The executing includes obtaining input data and a modifier control of the instruction. The modifier control has one value of a plurality of values defined for the instruction and indicates an element size. The data reversal operation is performed on the input data. The performing includes placing an element of the input data in a selected location in reverse element order from an order of the element in the input data, the element having the element size indicated by the modifier control. The placing is repeated, based on the input data having one or more other elements to be processed. The output of the performing includes one or more elements of data in the selected location in a reversed order from the corresponding one or more elements in the input data.
    Type: Application
    Filed: February 19, 2019
    Publication date: August 20, 2020
    Inventors: Cedric Lichtenau, Jonathan D. Bradbury, Razvan Peter Figuli, Gregory Miaskovsky
  • COMPUTE DIGITAL SIGNATURE AUTHENTICATION SIGN WITH ENCRYPTED KEY INSTRUCTION
    Publication number: 20200266999
    Abstract: A single architected instruction to produce a signature for a message is executed. The executing includes determining an encrypted sign function of a plurality of encrypted sign functions supported by the instruction to be performed and obtaining input for the instruction. The input includes a message and an encrypted cryptographic key. Based on the encrypted sign function to be performed and the input, a signature to be used to verify the message is produced.
    Type: Application
    Filed: February 15, 2019
    Publication date: August 20, 2020
    Inventors: Eric M. Schwarz, Jonathan D. Bradbury, Edward T. Malley, Christian Jacobi
  • COMPUTE DIGITAL SIGNATURE AUTHENTICATION SIGN INSTRUCTION
    Publication number: 20200267001
    Abstract: A single architected instruction to produce a signature for a message is obtained. The instruction is executed, and the executing includes determining a sign function of a plurality of sign functions supported by the instruction to be performed. Input for the instruction is obtained, and the input includes a message and a cryptographic key. A signature is produced based on the sign function to be performed and the input. The signature is to be used to verify the message.
    Type: Application
    Filed: February 15, 2019
    Publication date: August 20, 2020
    Inventors: Eric M. Schwarz, Jonathan D. Bradbury, Edward T. Malley, Christian Jacobi
  • NEGATIVE ZERO CONTROL IN INSTRUCTION EXECUTION
    Publication number: 20200264840
    Abstract: Negative zero control for execution of an instruction. A process obtains an instruction to perform operation(s) using an input value. The instruction includes a negative zero control indicator indicating whether negative zero control is enabled for execution of the instruction. The process executes the instruction, the executing including performing the operation(s) using the input value to obtain a result having a sign, determining whether to control the sign of the result, the determining being based at least in part on the negative zero control indicator being set to a defined value, and performing further processing, as part the executing the instruction, based on the determining.
    Type: Application
    Filed: February 15, 2019
    Publication date: August 20, 2020
    Inventors: Cedric LICHTENAU, Reid COPELAND, Petra LEBER, Silvia M. MUELLER, Jonathan D. BRADBURY, Xin GUO
  • PERFORM CRYPTOGRAPHIC COMPUTATION SCALAR MULTIPLY INSTRUCTION
    Publication number: 20200264843
    Abstract: A single architected instruction to perform scalar multiplication for cryptographic operations is obtained. The instruction is executed, and the executing includes determining a scalar multiply function of a plurality of scalar multiply functions supported by the instruction to be performed. Input for the scalar multiply function is obtained, and the input includes at least one source component and a scalar value. The scalar multiply function is performed using the input to provide an output to be used in a cryptographic operation.
    Type: Application
    Filed: February 15, 2019
    Publication date: August 20, 2020
    Inventors: Eric M. Schwarz, Jonathan D. Bradbury, Edward T. Malley, Christian Jacobi
  • DIGIT VALIDATION CHECK CONTROL IN INSTRUCTION EXECUTION
    Publication number: 20200264890
    Abstract: Digit validation check control for execution of an instruction. A process obtains an instruction to perform operation(s) using input value(s). The instruction includes a no validation indicator for controlling whether digit validation check control is enabled for execution of the instruction. The process executes the instruction, including determining, based on the no validation indicator, whether digit validation check control is enabled for execution of the instruction, and performing processing based on the determining. Based on the no validation indicator being set to a defined value, digit validation check control is enabled and the processing includes forcing a digit check error indicator output by the executing to indicate no digit check error with respect to the at least one input value.
    Type: Application
    Filed: February 15, 2019
    Publication date: August 20, 2020
    Inventors: Cedric LICHTENAU, Reid COPELAND, Petra LEBER, Silvia M. MUELLER, Jonathan D. BRADBURY, Xin GUO
  • VECTOR STRING SEARCH INSTRUCTION
    Publication number: 20200265097
    Abstract: An instruction is provided for performing a vector string search. The instruction to be processed is obtained, with the instruction being defined to be a string search instruction to locate occurrence of a substring within a string. The instruction is processed, with the processing including searching the string specified in one operand of the instruction using the substring specified in another operand of the instruction. Based on the searching locating a first full match of the substring within the string, a full match condition indication is returned with position of the first full match in the string, and based on the searching locating only a partial match of the substring at a termination of the string, a partial match condition indication is returned, with the position of the partial match in the string.
    Type: Application
    Filed: February 15, 2019
    Publication date: August 20, 2020
    Inventors: Cedric LICHTENAU, Jonathan D. BRADBURY, Eric M. SCHWARZ, Razvan Peter FIGULI, Stefan PAYER
  • LOAD/STORE BYTES REVERSED ELEMENTS INSTRUCTIONS
    Publication number: 20200264883
    Abstract: A single architected instruction to perform a data reversal operation is executed. The executing includes obtaining input data and a modifier control of the instruction. The modifier control has one value of a plurality of values defined for the instruction and indicates an element size. The data reversal operation is performed on the input data. The performing includes placing, in a selected location, an element of the input data, the element having the element size indicated by the modifier control; reversing an order of the input data in the element; and repeating the placing and the reversing, based on the input data having one or more other elements to be processed. The output of the performing includes one or more elements of data that include output data in a reversed order from the input data of the corresponding one or more elements.
    Type: Application
    Filed: February 19, 2019
    Publication date: August 20, 2020
    Inventors: Cedric Lichtenau, Jonathan D. Bradbury, Razvan Peter Figuli, Gregory Miaskovsky
  • COMPUTE DIGITAL SIGNATURE AUTHENTICATION VERIFY INSTRUCTION
    Publication number: 20200267000
    Abstract: A single architected instruction to verify a signed message is executed. The executing includes determining a verify function of a plurality of verify functions supported by the instruction to be performed and obtaining input for the instruction. The input includes a message and a key. Based on the verify function to be performed and the input, a signature of the message is verified.
    Type: Application
    Filed: February 15, 2019
    Publication date: August 20, 2020
    Inventors: Eric M. Schwarz, Jonathan D. Bradbury, Edward T. Malley, Christian Jacobi
  • HANDLING AN INPUT/OUTPUT STORE INSTRUCTION
    Publication number: 20200250115
    Abstract: An input/output store instruction is handled. A data processing system includes a system nest coupled to at least one input/output bus by an input/output bus controller. The data processing system further includes at least a data processing unit including a core, system firmware and an asynchronous core-nest interface. The data processing unit is coupled to the system nest via an aggregation buffer. The system nest is configured to asynchronously load from and/or store data to at least one external device which is coupled to the at least one input/output bus. The data processing unit is configured to complete the input/output store instruction before an execution of the input/output store instruction in the system nest is completed. The asynchronous core-nest interface includes an input/output status array with multiple input/output status buffers.
    Type: Application
    Filed: January 29, 2020
    Publication date: August 6, 2020
    Inventors: Christoph Raisch, Marco Kraemer, Frank Siegfried Lehnert, Matthias Klein, Jonathan D. Bradbury, Christian Jacobi, Peter Dana Driever, Brenton Belmar