IDiyas

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 11461244 B1

PDFFull Text
Date of Patent:
Oct. 04, 2022

Filed:

Dec. 20, 2018

Co-existence of trust domain architecture with multi-key total memory encryption technology in servers

Applicant:

Intel Corporation, Santa Clara, CA (US);

Inventors:

Ido Ouziel, Ein Carmel, IL;

Arie Aharon, Haifa, IL;

Dror Caspi, Kiryat Yam, IL;

Baruch Chaikin, D.N. Misagv, IL;

Jacob Doweck, Haifa, IL;

Gideon Gerzon, Zichron Yaakov, IL;

Barry E. Huntley, Hillsboro, OR (US);

Francis X. McKeen, Portland, OR (US);

Gilbert Neiger, Portland, OR (US);

Carlos V. Rozas, Portland, OR (US);

Ravi L. Sahita, Portland, OR (US);

Vedvyas Shanbhogue, Austin, TX (US);

Assaf Zaltsman, Tel Aviv, IL;

Hormuzd M. Khosravi, Portland, OR (US);

Assignee:

Intel Corporation, Santa Clara, CA (US);

Attorney:

Nicholson De Vos Webster & Elliott LLP

Primary Examiner:

Gary S Gracia

Int. Cl.
CPC ...
G06F 11/30 (2006.01); G06F 12/14 (2006.01); G06F 9/455 (2018.01); G06F 11/07 (2006.01); G06F 12/02 (2006.01); G06F 12/0817 (2016.01); G06F 21/53 (2013.01); G06F 21/57 (2013.01); G06F 21/60 (2013.01); G06F 21/79 (2013.01);
U.S. Cl.
CPC ...
G06F 12/1408 (2013.01); G06F 9/45558 (2013.01); G06F 11/0745 (2013.01); G06F 12/0246 (2013.01); G06F 12/0828 (2013.01); G06F 12/1475 (2013.01); G06F 12/1483 (2013.01); G06F 21/53 (2013.01); G06F 21/57 (2013.01); G06F 21/602 (2013.01); G06F 21/79 (2013.01); G06F 2212/1052 (2013.01); G06F 2212/2022 (2013.01); G06F 2212/402 (2013.01); G06F 2212/7201 (2013.01); G06F 2212/7202 (2013.01);
Abstract

Implementations described provide hardware support for the co-existence of restricted and non-restricted encryption keys on a computing system. Such hardware support may comprise a processor having a core, a hardware register to store a bit range to identify a number of bits, of physical memory addresses, that define key identifiers (IDs) and a partition key ID identifying a boundary between non-restricted and restricted key IDs. The core may allocate at least one of the non-restricted key IDs to a software program, such as a hypervisor. The core may further allocate a restricted key ID to a trust domain whose trust computing base does not comprise the software program. A memory controller coupled to the core may allocate a physical page of a memory to the trust domain, wherein data of the physical page of the memory is to be encrypted with an encryption key associated with the restricted key ID.

Find Patent Forward Citations

Loading…