Patents by Inventor Vedvyas Shanbhogue

Vedvyas Shanbhogue has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20250117329
    Abstract: Methods and apparatus relating to an instruction and/or micro-architecture support for decompression on core are described. In an embodiment, decode circuitry decodes a decompression instruction into a first micro operation and a second micro operation. The first micro operation causes one or more load operations to fetch data into one or more cachelines of a cache of a processor core. Decompression Engine (DE) circuitry decompresses the fetched data from the one or more cachelines of the cache of the processor core in response to the second micro operation. Other embodiments are also disclosed and claimed.
    Type: Application
    Filed: November 14, 2024
    Publication date: April 10, 2025
    Applicant: Intel Corporation
    Inventors: Jayesh Gaur, Adarsh Chauhan, Vinodh Gopal, Vedvyas Shanbhogue, Sreenivas Subramoney, Wajdi Feghali
  • Patent number: 12271616
    Abstract: An embodiment of an integrated circuit comprises circuitry to share page tables associated with a page between a processor memory management unit (MMU) and an input/output memory management unit (IOMMU), store a page table entry in the memory associated with the page, and separately control access to the page from a processor and from a direct memory access (DMA) request based on one or more fields of the stored page table entry. Other embodiments are disclosed and claimed.
    Type: Grant
    Filed: June 15, 2021
    Date of Patent: April 8, 2025
    Assignee: Intel Corporation
    Inventors: Utkarsh Y. Kakaiya, David Koufaty, Rajesh Sankaran, Vedvyas Shanbhogue
  • Publication number: 20250103514
    Abstract: Technologies for secure device configuration and management include a computing device having an I/O device. A trusted agent of the computing device is trusted by a virtual machine monitor of the computing device. The trusted agent securely commands the I/O device to enter a trusted I/O mode, securely commands the I/O device to set a global lock on configuration registers, receives configuration data from the I/O device, and provides the configuration data to a trusted execution environment. In the trusted I/O mode, the I/O device rejects a configuration command if a configuration register associated with the configuration command is locked and the configuration command is not received from the trusted agent. The trusted agent may provide attestation information to the trusted execution environment. The trusted execution environment may verify the configuration data and the attestation information. Other embodiments are described and claimed.
    Type: Application
    Filed: December 9, 2024
    Publication date: March 27, 2025
    Applicant: Intel Corporation
    Inventors: Reshma Lal, Pradeep M. Pappachan, Luis Kida, Krystof Zmudzinski, Siddhartha Chhabra, Abhishek Basak, Alpa Narendra Trivedi, Anna Trikalinou, David M. Lee, Vedvyas Shanbhogue, Utkarsh Y. Kakaiya
  • Patent number: 12261941
    Abstract: System, method, and apparatus embodiments for creating, using, and managing protected cryptography keys are described. In an embodiment, an apparatus includes a decoder, an execution unit, and a cache. The decoder is to decode a single instruction into a decoded single instruction, the single instruction having a first source operand to specify encrypted data and a second source operand to specify a handle including a first including ciphertext of an encryption key, an integrity tag, and additional authentication data.
    Type: Grant
    Filed: August 27, 2021
    Date of Patent: March 25, 2025
    Assignee: Intel Corporation
    Inventors: Jason W. Brandt, Steven L. Grobman, Vedvyas Shanbhogue
  • Patent number: 12254341
    Abstract: Implementations describe a computing system that implements a plurality of virtual machines inside a trust domain (TD), enabled via a secure arbitration mode (SEAM) of the processor. A processor includes one or more registers to store a SEAM range of memory, a TD key identifier of a TD private encryption key. The processor is capable of initializing a trust domain resource manager (TDRM) to manage the TD, and a virtual machine monitor within the TD to manage the plurality of virtual machines therein. The processor is further capable of exclusively associating a plurality of memory pages with the TD, wherein the plurality of memory pages associated with the TD is encrypted with a TD private encryption key inaccessible to the TDRM. The processor is further capable of using the SEAM range of memory, inaccessible to the TDRM, to provide isolation between the TDRM and the plurality of virtual machines.
    Type: Grant
    Filed: July 17, 2023
    Date of Patent: March 18, 2025
    Assignee: Intel Corporation
    Inventors: Ravi L. Sahita, Tin-Cheung Kung, Vedvyas Shanbhogue, Barry E. Huntley, Arie Aharon
  • Patent number: 12253958
    Abstract: This disclosure is directed to a system for address mapping and translation protection. In one embodiment, processing circuitry may include a virtual machine manager (VMM) to control specific guest linear address (GLA) translations. Control may be implemented in a performance sensitive and secure manner, and may be capable of improving performance for critical linear address page walks over legacy operation by removing some or all of the cost of page walking extended page tables (EPTs) for critical mappings. Alone or in combination with the above, certain portions of a page table structure may be selectively made immutable by a VMM or early boot process using a sub-page policy (SPP). For example, SPP may enable non-volatile kernel and/or user space code and data virtual-to-physical memory mappings to be made immutable (e.g., non-writable) while allowing for modifications to non-protected portions of the OS paging structures and particularly the user space.
    Type: Grant
    Filed: October 7, 2021
    Date of Patent: March 18, 2025
    Assignee: Intel Corporation
    Inventors: Ravi L. Sahita, Gilbert Neiger, Vedvyas Shanbhogue, David M. Durham, Andrew V. Anderson, David A. Koufaty, Asit K. Mallick, Arumugam Thiyagarajah, Barry E. Huntley, Deepak K. Gupta, Michael Lemay, Joseph F. Cihula, Baiju V. Patel
  • Patent number: 12248807
    Abstract: Techniques for migration of a source protected virtual machine from a source platform to a destination platform are descried. A method of an aspect includes enforcing that bundles of state, of a first protected virtual machine (VM), received at a second platform over a stream, during an in-order phase of a migration of the first protected VM from a first platform to the second platform, are imported to a second protected VM of the second platform, in a same order that they were exported from the first protected VM. Receiving a marker over the stream marking an end of the in-order phase. Determining that all bundles of state exported from the first protected VM prior to export of the marker have been imported to the second protected VM. Starting an out-of-order phase of the migration based on the determination that said all bundles of the state exported have been imported.
    Type: Grant
    Filed: December 26, 2020
    Date of Patent: March 11, 2025
    Assignee: Intel Corporation
    Inventors: Ravi Sahita, Dror Caspi, Vincent Scarlata, Sharon Yaniv, Baruch Chaikin, Vedvyas Shanbhogue, Jun Nakajima, Arumugam Thiyagarajah, Sean Christopherson, Haidong Xia, Vinay Awasthi, Isaku Yamahata, Wei Wang, Thomas Adelmeyer
  • Patent number: 12248561
    Abstract: Apparatus and method for role-based register protection. For example, one embodiment of an apparatus comprises: one or more processor cores to execute instructions and process data, the one or more processor cores to execute one or more security instructions to protect a virtual machine or trusted application from a virtual machine monitor (VMM) or operating system (OS); an interconnect fabric to couple the one or more processor cores to a device; and security hardware logic to determine whether to allow a read or write transaction directed to a protected register to proceed over the interconnect fabric, the security hardware logic to evaluate one or more security attributes associated with an initiator of the transaction to make the determination.
    Type: Grant
    Filed: September 25, 2021
    Date of Patent: March 11, 2025
    Assignee: Intel Corporation
    Inventors: Vedvyas Shanbhogue, Ravi Sahita, Utkarsh Y KAKAIYA, Abhishek Basak, Lee Albion, Filip Schmole, Rupin Vakharwala, Vinit M Abraham, Raghunandan Makaram
  • Patent number: 12242391
    Abstract: A processor includes a decode unit to decode an instruction that is to indicate a page of a protected container memory, and a storage location outside of the protected container memory. An execution unit, in response to the instruction, is to ensure that there are no writable references to the page of the protected container memory while it has a write protected state. The execution unit is to encrypt a copy of the page of the protected container memory. The execution unit is to store the encrypted copy of the page to the storage location outside of the protected container memory, after it has been ensured that there are no writable references. The execution unit is to leave the page of the protected container memory in the write protected state, which is also valid and readable, after the encrypted copy has been stored to the storage location.
    Type: Grant
    Filed: October 9, 2023
    Date of Patent: March 4, 2025
    Assignee: Intel Corporation
    Inventors: Carlos V. Rozas, Mona Vij, Rebekah M. Leslie-Hurd, Krystof C. Zmudzinski, Somnath Chakrabarti, Francis X. McKeen, Vincent R. Scarlata, Simon P. Johnson, Ilya Alexandrovich, Gilbert Neiger, Vedvyas Shanbhogue, Ittai Anati
  • Patent number: 12229453
    Abstract: A processor of an aspect includes a decode unit to decode an instruction. The processor also includes an execution unit coupled with the decode unit. The execution unit, in response to the instruction, is to determine that an attempted change due to the instruction, to a shadow stack pointer of a shadow stack, would cause the shadow stack pointer to exceed an allowed range. The execution unit is also to take an exception in response to determining that the attempted change to the shadow stack pointer would cause the shadow stack pointer to exceed the allowed range. Other processors, methods, systems, and instructions are disclosed.
    Type: Grant
    Filed: May 22, 2023
    Date of Patent: February 18, 2025
    Assignee: Intel Corporation
    Inventors: Vedvyas Shanbhogue, Jason W. Brandt, Ravi L. Sahita, Barry E. Huntley, Baiju V. Patel
  • Publication number: 20250053641
    Abstract: A processor implementing techniques for processor extensions to protect stacks during ring transitions is provided. In one embodiment, the processor includes a plurality of registers and a processor core, operatively coupled to the plurality of registers. The plurality of registers is used to store data used in privilege level transitions. Each register of the plurality of registers is associated with a privilege level. An indicator to change a first privilege level of a currently active application to a second privilege level is received. In view of the second privilege level, a shadow stack pointer (SSP) stored in a register of the plurality of registers is selected. The register is associated with the second privilege level. By using the SSP, a shadow stack for use by the processor at the second privilege level is identified.
    Type: Application
    Filed: October 2, 2024
    Publication date: February 13, 2025
    Applicant: Intel Corporation
    Inventors: Vedvyas Shanbhogue, Jason W. Brandt, Ravi L. Sahita, Barry E. Huntley, Baiju V. Patel, Deepak K. Gupta
  • Patent number: 12222873
    Abstract: Embodiments described herein may include apparatus, systems, techniques, or processes that are directed to PCIe Address Translation Service (ATS) to allow devices to have a DevTLB that caches address translation (per page) information in conjunction with a Device ProcessInfoCache (DevPIC) that will store process specific information. Other embodiments may be described and/or claimed.
    Type: Grant
    Filed: September 13, 2021
    Date of Patent: February 11, 2025
    Assignee: Intel Corporation
    Inventors: Rupin Vakharwala, Vedvyas Shanbhogue
  • Patent number: 12204903
    Abstract: Techniques for matrix multiplication are described. In some examples, a single instruction having a format of fields for an opcode, one or more fields to indicate a location of a source/destination operand, one or more fields to indicate a location of a first source operand, and one or more fields to indicate a location of a second source operand is used. Wherein the opcode is to indicate that execution circuitry is to: multiply values from corresponding data elements of the first and second sources, add a first subset of the multiplied values to a first value from the source/destination operand and store in a first data element position of the source/destination operand, and add a second subset of the multiplied values to a second value from the source/destination operand and store in a second data element position of the source/destination operand.
    Type: Grant
    Filed: June 26, 2021
    Date of Patent: January 21, 2025
    Assignee: Intel Corporation
    Inventors: Venkateswara Madduri, Cristina Anderson, Robert Valentine, Mark Charney, Vedvyas Shanbhogue
  • Patent number: 12189542
    Abstract: Technologies for secure device configuration and management include a computing device having an I/O device. A trusted agent of the computing device is trusted by a virtual machine monitor of the computing device. The trusted agent securely commands the I/O device to enter a trusted I/O mode, securely commands the I/O device to set a global lock on configuration registers, receives configuration data from the I/O device, and provides the configuration data to a trusted execution environment. In the trusted I/O mode, the I/O device rejects a configuration command if a configuration register associated with the configuration command is locked and the configuration command is not received from the trusted agent. The trusted agent may provide attestation information to the trusted execution environment. The trusted execution environment may verify the configuration data and the attestation information. Other embodiments are described and claimed.
    Type: Grant
    Filed: December 6, 2021
    Date of Patent: January 7, 2025
    Assignee: Intel Corporation
    Inventors: Reshma Lal, Pradeep M. Pappachan, Luis Kida, Krystof Zmudzinski, Siddhartha Chhabra, Abhishek Basak, Alpa Narendra Trivedi, Anna Trikalinou, David M. Lee, Vedvyas Shanbhogue, Utkarsh Y. Kakaiya
  • Patent number: 12182018
    Abstract: Methods and apparatus relating to an instruction and/or micro-architecture support for decompression on core are described. In an embodiment, decode circuitry decodes a decompression instruction into a first micro operation and a second micro operation. The first micro operation causes one or more load operations to fetch data into one or more cachelines of a cache of a processor core. Decompression Engine (DE) circuitry decompresses the fetched data from the one or more cachelines of the cache of the processor core in response to the second micro operation. Other embodiments are also disclosed and claimed.
    Type: Grant
    Filed: December 23, 2020
    Date of Patent: December 31, 2024
    Assignee: Intel Corporation
    Inventors: Jayesh Gaur, Adarsh Chauhan, Vinodh Gopal, Vedvyas Shanbhogue, Sreenivas Subramoney, Wajdi Feghali
  • Publication number: 20240427728
    Abstract: A processor includes a widest set of data registers that corresponds to a given logical processor. Each of the data registers of the widest set have a first width in bits. A decode unit that corresponds to the given logical processor is to decode instructions that specify the data registers of the widest set, and is to decode an atomic store to memory instruction. The atomic store to memory instruction is to indicate data that is to have a second width in bits that is wider than the first width in bits. The atomic store to memory instruction is to indicate memory address information associated with a memory location. An execution unit is coupled with the decode unit. The execution unit, in response to the atomic store to memory instruction, is to atomically store the indicated data to the memory location.
    Type: Application
    Filed: May 21, 2024
    Publication date: December 26, 2024
    Inventors: Vedvyas Shanbhogue, Stephen J. Robinson, Christopher D. Bryant, Jason W. Brandt
  • Patent number: 12153665
    Abstract: Techniques and mechanisms to efficiently provide features of a secure authentication mode (SEAM) by a processor. In an embodiment, cores of the processor support an instruction set which comprises instructions to invoke the SEAM. One such core installs an authenticated code module (ACM), which is executed to load a persistent SEAM loader module (P-SEAMLDR) in a reserved region of a system memory. In turn, the P-SEAMLDR loads into the reserved region a SEAM module which facilitates trust domain extension (TDX) protections for a given trusted domain. In another embodiment, the instruction set supports a SEAM call instruction with which either of the P-SEAMLDR or the SEAM module is accessed in the reserved region.
    Type: Grant
    Filed: December 23, 2020
    Date of Patent: November 26, 2024
    Assignee: Intel Corporation
    Inventors: Vedvyas Shanbhogue, Baruch Chaikin
  • Publication number: 20240370312
    Abstract: A processor is described. The processor includes model specific register space that is visible to software above a BIOS level. The model specific register space is to specify a granularity of a processing entity of a lock-step group. The processor also includes logic circuitry to support dynamic entry/exit of the lock-step group's processing entities to/from lock-step mode including: i) termination of lock-step execution by the processing entities before the program code to be executed in lock-step is fully executed; and, ii) as part of the exit from the lock-step mode, restoration of a state of a shadow processing entity of the processing entities as the state existed before the shadow processing entity entered the lock-step mode and began lock-step execution of the program code.
    Type: Application
    Filed: July 17, 2024
    Publication date: November 7, 2024
    Inventors: Vedvyas SHANBHOGUE, Jeff A. HUXEL, Jeffrey G. WIEDEMEIER, James D. ALLEN, Arvind RAMAN, Krishnakumar GANAPATHY
  • Patent number: 12135780
    Abstract: A processor implementing techniques for processor extensions to protect stacks during ring transitions is provided. In one embodiment, the processor includes a plurality of registers and a processor core, operatively coupled to the plurality of registers. The plurality of registers is used to store data used in privilege level transitions. Each register of the plurality of registers is associated with a privilege level. An indicator to change a first privilege level of a currently active application to a second privilege level is received. In view of the second privilege level, a shadow stack pointer (SSP) stored in a register of the plurality of registers is selected. The register is associated with the second privilege level. By using the SSP, a shadow stack for use by the processor at the second privilege level is identified.
    Type: Grant
    Filed: August 10, 2023
    Date of Patent: November 5, 2024
    Assignee: Intel Corporation
    Inventors: Vedvyas Shanbhogue, Jason W. Brandt, Ravi L. Sahita, Barry E. Huntley, Baiju V. Patel, Deepak K. Gupta
  • Patent number: 12130738
    Abstract: An embodiment of an integrated circuit may comprise, coupled to a core, a hardware decompression accelerator, a compressed cache, a processor and communicatively coupled to the hardware decompression accelerator and the compressed cache, and memory and communicatively coupled to the processor, wherein the memory stores microcode instructions which when executed by the processor causes the processor to store a first address to a decompression work descriptor, retrieve a second address where a compressed page is stored in the compressed cache from the decompression work descriptor at the first address in response to an indication of a page fault, and send instructions to the hardware decompression accelerator to decompress the compressed page at the second address. Other embodiments are disclosed and claimed.
    Type: Grant
    Filed: December 22, 2020
    Date of Patent: October 29, 2024
    Assignee: Intel Corporation
    Inventors: Vedvyas Shanbhogue, Jayesh Gaur, Wajdi K. Feghali, Vinodh Gopal, Utkarsh Kakaiya