Patents by Inventor Vedvyas Shanbhogue

Vedvyas Shanbhogue has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11907744
    Abstract: In one embodiment, a processor comprises: a first configuration register to store quality of service (QoS) information for a process address space identifier (PASID) value associated with a first process; and an execution circuit coupled to the first configuration register, where the execution circuit, in response to a first instruction, is to obtain command data from a first location identified in a source operand of the first instruction, insert the QoS information and the PASID value into the command data, and send a request comprising the command data to a device coupled to the processor, to enable the device to use the QoS information of a plurality of requests to manage sharing between a plurality of processes. Other embodiments are described and claimed.
    Type: Grant
    Filed: June 25, 2020
    Date of Patent: February 20, 2024
    Assignee: Intel Corporation
    Inventors: Utkarsh Y. Kakaiya, Sanjay K. Kumar, Philip Lantz, Gilbert Neiger, Rajesh Sankaran, Vedvyas Shanbhogue
  • Publication number: 20240045709
    Abstract: Implementations describe a computing system that implements a plurality of virtual machines inside a trust domain (TD), enabled via a secure arbitration mode (SEAM) of the processor. A processor includes one or more registers to store a SEAM range of memory, a TD key identifier of a TD private encryption key. The processor is capable of initializing a trust domain resource manager (TDRM) to manage the TD, and a virtual machine monitor within the TD to manage the plurality of virtual machines therein. The processor is further capable of exclusively associating a plurality of memory pages with the TD, wherein the plurality of memory pages associated with the TD is encrypted with a TD private encryption key inaccessible to the TDRM. The processor is further capable of using the SEAM range of memory, inaccessible to the TDRM, to provide isolation between the TDRM and the plurality of virtual machines.
    Type: Application
    Filed: July 17, 2023
    Publication date: February 8, 2024
    Applicant: Intel Corporation
    Inventors: Ravi L. Sahita, Tin-Cheung Kung, Vedvyas Shanbhogue, Barry E. Huntley, Arie Aharon
  • Publication number: 20230421545
    Abstract: Methods, systems, and apparatuses associated with a secure stream protocol for a serial interconnect are disclosed. An apparatus comprises a first device comprising circuitry to, using an end-to-end protocol, secure a transaction in a first secure stream based at least in part on a transaction type of the transaction, where the first secure stream is separate from a second secure stream. The first device is further to send the transaction secured in the first secure stream to a second device over a link established between the first device and the second device, where the transaction is to traverse one or more intermediate devices from the first device to the second device. In more specific embodiments, the first secure stream is based on one of a posted transaction type, a non-posted transaction type, or completion transaction type.
    Type: Application
    Filed: June 30, 2023
    Publication date: December 28, 2023
    Applicant: Intel Corporation
    Inventors: Vedvyas Shanbhogue, Siddhartha Chhabra, David J. Harriman, Raghunandan Makaram, Ioannis T. Schoinas
  • Publication number: 20230409340
    Abstract: A processor includes a range register to store information that identifies a reserved range of memory associated with a secure arbitration mode (SEAM) and a core coupled to the range register. The core includes security logic to unlock the range register on a logical processor, of the processor core, that is to initiate the SEAM. The logical processor is to, via execution of the security logic, store, in the reserved range, a SEAM module and a manifest associated with the SEAM module, wherein the SEAM module supports execution of one or more trust domains; initialize a SEAM virtual machine control structure (VMCS) within the reserved range of the memory that is to control state transitions between a virtual machine monitor (VMM) and the SEAM module; and authenticate the SEAM module using a manifest signature of the manifest.
    Type: Application
    Filed: April 26, 2023
    Publication date: December 21, 2023
    Applicant: Intel Corporation
    Inventors: Vedvyas Shanbhogue, Ravi L. Sahita, Vincent Scarlata, Barry E. Huntley
  • Publication number: 20230401309
    Abstract: A processor implementing techniques for processor extensions to protect stacks during ring transitions is provided. In one embodiment, the processor includes a plurality of registers and a processor core, operatively coupled to the plurality of registers. The plurality of registers is used to store data used in privilege level transitions. Each register of the plurality of registers is associated with a privilege level. An indicator to change a first privilege level of a currently active application to a second privilege level is received. In view of the second privilege level, a shadow stack pointer (SSP) stored in a register of the plurality of registers is selected. The register is associated with the second privilege level. By using the SSP, a shadow stack for use by the processor at the second privilege level is identified.
    Type: Application
    Filed: August 10, 2023
    Publication date: December 14, 2023
    Inventors: Vedvyas Shanbhogue, Jason W. Brandt, Ravi L. Sahita, Barry E. Huntley, Baiju V. Patel, Deepak K. Gupta
  • Publication number: 20230376252
    Abstract: A processor of an aspect includes a decode unit to decode an instruction. The processor also includes an execution unit coupled with the decode unit. The execution unit, in response to the instruction, is to determine that an attempted change due to the instruction, to a shadow stack pointer of a shadow stack, would cause the shadow stack pointer to exceed an allowed range. The execution unit is also to take an exception in response to determining that the attempted change to the shadow stack pointer would cause the shadow stack pointer to exceed the allowed range. Other processors, methods, systems, and instructions are disclosed.
    Type: Application
    Filed: May 22, 2023
    Publication date: November 23, 2023
    Inventors: VEDVYAS SHANBHOGUE, JASON W. BRANDT, RAVI L. SAHITA, BARRY E. HUNTLEY, BAIJU V. PATEL
  • Patent number: 11789735
    Abstract: In an embodiment, the present invention includes a processor having an execution logic to execute instructions and a control transfer termination (CTT) logic coupled to the execution logic. This logic is to cause a CTT fault to be raised if a target instruction of a control transfer instruction is not a CTT instruction. Other embodiments are described and claimed.
    Type: Grant
    Filed: May 25, 2021
    Date of Patent: October 17, 2023
    Assignee: Intel Corporation
    Inventors: Vedvyas Shanbhogue, Jason W. Brandt, Uday R. Savagaonkar, Ravi L. Sahita
  • Patent number: 11782716
    Abstract: Systems, methods, and apparatuses relating to circuitry to implement individually revocable capabilities for enforcing temporal memory safety are described. In one embodiment, a hardware processor comprises an execution unit to execute an instruction to request access to a block of memory through a pointer to the block of memory, and a memory controller circuit to allow access to the block of memory when an allocated object tag in the pointer is validated with an allocated object tag in an entry of a capability table in memory that is indexed by an index value in the pointer, wherein the memory controller circuit is to clear the allocated object tag in the capability table when a corresponding object is deallocated.
    Type: Grant
    Filed: November 2, 2021
    Date of Patent: October 10, 2023
    Assignee: Intel Corporation
    Inventors: Michael LeMay, Vedvyas Shanbhogue, Deepak Gupta, Ravi Sahita, David M. Durham, Willem Pinckaers, Enrico Perla
  • Patent number: 11782849
    Abstract: A processor includes a decode unit to decode an instruction that is to indicate a page of a protected container memory, and a storage location outside of the protected container memory. An execution unit, in response to the instruction, is to ensure that there are no writable references to the page of the protected container memory while it has a write protected state. The execution unit is to encrypt a copy of the page of the protected container memory. The execution unit is to store the encrypted copy of the page to the storage location outside of the protected container memory, after it has been ensured that there are no writable references. The execution unit is to leave the page of the protected container memory in the write protected state, which is also valid and readable, after the encrypted copy has been stored to the storage location.
    Type: Grant
    Filed: July 3, 2021
    Date of Patent: October 10, 2023
    Assignee: Intel Corporation
    Inventors: Carlos V. Rozas, Mona Vij, Rebekah M. Leslie-Hurd, Krystof C. Zmudzinski, Somnath Chakrabarti, Francis X. Mckeen, Vincent R. Scarlata, Simon P. Johnson, Ilya Alexandrovich, Gilbert Neiger, Vedvyas Shanbhogue, Ittai Anati
  • Patent number: 11762982
    Abstract: A processor implementing techniques for processor extensions to protect stacks during ring transitions is provided. In one embodiment, the processor includes a plurality of registers and a processor core, operatively coupled to the plurality of registers. The plurality of registers is used to store data used in privilege level transitions. Each register of the plurality of registers is associated with a privilege level. An indicator to change a first privilege level of a currently active application to a second privilege level is received. In view of the second privilege level, a shadow stack pointer (SSP) stored in a register of the plurality of registers is selected. The register is associated with the second privilege level. By using the SSP, a shadow stack for use by the processor at the second privilege level is identified.
    Type: Grant
    Filed: August 19, 2021
    Date of Patent: September 19, 2023
    Assignee: Intel Corporation
    Inventors: Vedvyas Shanbhogue, Jason W. Brandt, Ravi L. Sahita, Barry E. Huntley, Baiju V. Patel, Deepak K. Gupta
  • Publication number: 20230291567
    Abstract: Described herein is a paging technique that can be implemented in any accelerator with attached memory and support for operating on encrypted data when the CPU is not within the trusted compute base (TCB). Memory storing data that is encrypted using hardware physical address (HPA)-based encrypted can be paged out of accelerator device memory by decoupling encryption from the hardware physical address and re-encrypting the data for page-out. Upon page-in, the data is decrypted, the integrity and authenticity of the data is verified, then the data is re-encrypted using HPA-based encryption.
    Type: Application
    Filed: March 11, 2022
    Publication date: September 14, 2023
    Applicant: Intel Corporation
    Inventors: VIDHYA KRISHNAN, SIDDHARTHA CHHABRA, VEDVYAS SHANBHOGUE, XIAOYU RUAN, ADITYA NAVALE, JULIEN CARRENO
  • Patent number: 11748146
    Abstract: Implementations describe a computing system that implements a plurality of virtual machines inside a trust domain (TD), enabled via a secure arbitration mode (SEAM) of the processor. A processor includes one or more registers to store a SEAM range of memory, a TD key identifier of a TD private encryption key. The processor is capable of initializing a trust domain resource manager (TDRM) to manage the TD, and a virtual machine monitor within the TD to manage the plurality of virtual machines therein. The processor is further capable of exclusively associating a plurality of memory pages with the TD, wherein the plurality of memory pages associated with the TD is encrypted with a TD private encryption key inaccessible to the TDRM. The processor is further capable of using the SEAM range of memory, inaccessible to the TDRM, to provide isolation between the TDRM and the plurality of virtual machines.
    Type: Grant
    Filed: August 17, 2021
    Date of Patent: September 5, 2023
    Assignee: Intel Corporation
    Inventors: Ravi L. Sahita, Tin-Cheung Kung, Vedvyas Shanbhogue, Barry E. Huntley, Arie Aharon
  • Patent number: 11743240
    Abstract: Methods, systems, and apparatuses associated with a secure stream protocol for a serial interconnect are disclosed. An apparatus comprises a first device comprising circuitry to, using an end-to-end protocol, secure a transaction in a first secure stream based at least in part on a transaction type of the transaction, where the first secure stream is separate from a second secure stream. The first device is further to send the transaction secured in the first secure stream to a second device over a link established between the first device and the second device, where the transaction is to traverse one or more intermediate devices from the first device to the second device. In more specific embodiments, the first secure stream is based on one of a posted transaction type, a non-posted transaction type, or completion transaction type.
    Type: Grant
    Filed: June 18, 2019
    Date of Patent: August 29, 2023
    Assignee: Intel Corporation
    Inventors: Vedvyas Shanbhogue, Siddhartha Chhabra, David J. Harriman, Raghunandan Makaram, Ioannis T. Schoinas
  • Publication number: 20230269076
    Abstract: System, method, and apparatus embodiments for creating, using, and managing protected cryptography keys are described. In an embodiment, an apparatus includes a decoder, an execution unit, and a cache. The decoder is to decode a single instruction into a decoded single instruction, the single instruction having a first source operand to specify encrypted data and a second source operand to specify a handle including a first including ciphertext of an encryption key, an integrity tag, and additional authentication data.
    Type: Application
    Filed: August 27, 2021
    Publication date: August 24, 2023
    Applicant: Intel Corporation
    Inventors: Jason W. BRANDT, Steven L. GROBMAN, Vedvyas SHANBHOGUE
  • Patent number: 11700135
    Abstract: Techniques for encrypting data using a key generated by a physical unclonable function (PUF) are described. An apparatus according to the present disclosure may include decoder circuitry to decode an instruction and generate a decoded instruction. The decoded instruction includes operands and an opcode. The opcode indicates that execution circuitry is to encrypt data using a key generated by a PUF. The apparatus may further include execution circuitry to execute the decoded instruction according to the opcode to encrypt the data to generate encrypted data using the key generated by the PUF.
    Type: Grant
    Filed: December 26, 2020
    Date of Patent: July 11, 2023
    Assignee: Intel Corporation
    Inventors: Siddhartha Chhabra, Prashant Dewan, Baiju Patel, Vedvyas Shanbhogue
  • Publication number: 20230205562
    Abstract: Systems, methods, and apparatuses for implementing input/output extensions for trust domains are described. In one example, a hardware processor includes a hardware processor core comprising a trust domain manager to manage one or more hardware isolated virtual machines as a respective trust domain with a region of protected memory, and input/output memory management unit (IOMMU) circuitry coupled between the hardware processor core and an input/output device, wherein the IOMMU circuitry is to, for a request from the input/output device for a direct memory access of a protected memory of a trust domain, allow the direct memory access in response to a field in the request being set to indicate the input/output device is in a trusted computing base of the trust domain.
    Type: Application
    Filed: December 23, 2021
    Publication date: June 29, 2023
    Inventors: Abhishek Basak, Vedvyas Shanbhogue, Rajesh Sankaran, Rupin Vakharwala, Utkarsh Y. Kakaiya, Eric Geisler, Ravi Sahita
  • Patent number: 11669335
    Abstract: A processor includes a range register to store information that identifies a reserved range of memory associated with a secure arbitration mode (SEAM) and a core coupled to the range register. The core includes security logic to unlock the range register on a logical processor, of the processor core, that is to initiate the SEAM. The logical processor is to, via execution of the security logic, store, in the reserved range, a SEAM module and a manifest associated with the SEAM module, wherein the SEAM module supports execution of one or more trust domains; initialize a SEAM virtual machine control structure (VMCS) within the reserved range of the memory that is to control state transitions between a virtual machine monitor (VMM) and the SEAM module; and authenticate the SEAM module using a manifest signature of the manifest.
    Type: Grant
    Filed: March 28, 2019
    Date of Patent: June 6, 2023
    Assignee: Intel Corporation
    Inventors: Vedvyas Shanbhogue, Ravi L. Sahita, Vincent Scarlata, Barry E. Huntley
  • Patent number: 11663006
    Abstract: Methods and apparatuses relating to switching of a shadow stack pointer are described. In one embodiment, a hardware processor includes a hardware decode unit to decode an instruction, and a hardware execution unit to execute the instruction to: pop a token for a thread from a shadow stack, wherein the token includes a shadow stack pointer for the thread with at least one least significant bit (LSB) of the shadow stack pointer overwritten with a bit value of an operating mode of the hardware processor for the thread, remove the bit value in the at least one LSB from the token to generate the shadow stack pointer, and set a current shadow stack pointer to the shadow stack pointer from the token when the operating mode from the token matches a current operating mode of the hardware processor.
    Type: Grant
    Filed: June 7, 2021
    Date of Patent: May 30, 2023
    Assignee: Intel Corporation
    Inventors: Vedvyas Shanbhogue, Jason W. Brandt, Ravi L. Sahita, Barry E. Huntley, Baiju V. Patel, Deepak K. Gupta
  • Patent number: 11656805
    Abstract: A processor of an aspect includes a decode unit to decode an instruction. The processor also includes an execution unit coupled with the decode unit. The execution unit, in response to the instruction, is to determine that an attempted change due to the instruction, to a shadow stack pointer of a shadow stack, would cause the shadow stack pointer to exceed an allowed range. The execution unit is also to take an exception in response to determining that the attempted change to the shadow stack pointer would cause the shadow stack pointer to exceed the allowed range. Other processors, methods, systems, and instructions are disclosed.
    Type: Grant
    Filed: December 22, 2020
    Date of Patent: May 23, 2023
    Assignee: INTEL CORPORATION
    Inventors: Vedvyas Shanbhogue, Jason W. Brandt, Ravi L. Sahita, Barry E. Huntley, Baiju V. Patel
  • Patent number: 11656873
    Abstract: An apparatus and method for efficiently managing shadow stacks. For example, one embodiment of a processor comprises: a plurality of registers to store a plurality of shadow stack pointers (SSPs); event processing circuitry to select a first SSP of the plurality of SSPs from a first register of the plurality of registers responsive to receipt of a first event associated with a first event priority level, the first SSP usable to identify a top of a first shadow stack; verification and utilization checking circuitry to determine whether the first SSP has been previously verified, wherein if the first SSP has not been previously verified then initiating a set of atomic operations to verify the first SSP and confirm that the first SSP is not in use, the set of atomic operations using a locking operation to lock data until the set of atomic operations are complete.
    Type: Grant
    Filed: February 1, 2022
    Date of Patent: May 23, 2023
    Assignee: Intel Corporation
    Inventors: Vedvyas Shanbhogue, Gilbert Neiger, Deepak K. Gupta, H. Peter Anvin