Erik Jan Marinissen - Leuven, BE Sergej Deutsch - Durham NC, US
Assignee:
Cadence Design Systems, Inc. - San Jose CA
International Classification:
G06F 11/263
US Classification:
714 34, 714E11177
Abstract:
A method is provided to test a modular integrated circuit (IC) comprising: testing a module-under-test (MUT) within the IC while causing a controlled toggle rate within a first neighbor module of the MUT; wherein the controlled toggle rate within the first neighbor module is selected so that toggling within the first neighbor module has substantially the same effect upon operation of the MUT that operation of the first neighbor module would have during actual normal functional operation of the first neighbor module.
Collision-Free Hashing For Accessing Cryptographic Computing Metadata And For Cache Expansion
- Santa Clara CA, US Santosh Ghosh - Hillsboro OR, US Sergej Deutsch - Hillsboro OR, US Michael LeMay - Hillsboro OR, US David M. Durham - Beaverton OR, US
Embodiments are directed to collision-free hashing for accessing cryptographic computing metadata and for cache expansion. An embodiment of an apparatus includes one or more processors to: receive a physical address; compute a set of hash functions using a set of different indexes corresponding to the set of hash functions, wherein the set of hash functions combine additions, bit-level reordering, bit-linear mixing, and wide substitutions, wherein the plurality of hash functions differ in the bit-linear mixing; access a plurality of cache units utilizing the set of hash functions; read different sets of the plurality of cache units in parallel, where a set of the different sets is obtained from each cache unit of the plurality of cache units; and responsive to the physical address being located one of the different sets, return cache line data of the set corresponding to the set of the cache unit having the physical address.
Stateless And Low-Overhead Domain Isolation Using Cryptographic Computing
- Santa Clara CA, US Michael LeMay - Hillsboro OR, US David M. Durham - Beaverton OR, US Karanvir S. Grewal - Hillsboro OR, US Sergej Deutsch - Hillsboro OR, US
Assignee:
Intel Corporation - Santa Clara CA
International Classification:
G06F 21/71 G06F 9/30
Abstract:
Technologies provide domain isolation using encoded pointers to data and code. A system may be configured for decoding an encoded pointer to obtain a linear address of an encrypted code block of a first software component in memory. The first software component shares a linear address space of the memory with a plurality of software components. A processor uses the linear address to access the encrypted code block, determines a relative position of the encrypted code block within a memory slot of the linear address space, and decrypts the encrypted code block to generate a decrypted code block using a code key and a code tweak. The code tweak includes a relative position of the encrypted code block in the address space and domain metadata that uniquely identifies the software component. In some scenarios, the software component may be position independent code and may be relocatable to different address spaces.
Cryptographic Computing Isolation For Multi-Tenancy And Secure Software Components
- Santa Clara CA, US David M. Durham - Beaverton OR, US Michael LeMay - Hillsboro OR, US Karanvir S. Grewal - Hillsboro OR, US Sergej Deutsch - Hillsboro OR, US
Assignee:
Intel Corporation - Santa Clara CA
International Classification:
G06F 21/60 G06F 21/31 G06F 21/80 G06F 9/30
Abstract:
Techniques for cryptographic computing isolation are described. A processor includes circuitry to be coupled to memory configured to store one or more instructions. The circuitry is to execute the one or more instructions to instantiate a first process based on an application. To instantiate the first process is to include creating a context table to be used by the first process, identifying a software component to be invoked during the first process, encrypting the software component using a first cryptographic key, and creating a first entry in the context table. The first entry is to include first context information identifying the encrypted software component and second context information representing the first cryptographic key. In more specific embodiments, third context information representing a first load address of the encrypted software component is stored in the first entry of the context table.
Cryptographic Isolation Of Memory Compartments In A Computing Environment
- Santa Clara CA, US Santosh Ghosh - Hillsboro OR, US Sergej Deutsch - Hillsboro OR, US Michael LeMay - Hillsboro OR, US David M. Durham - Beaverton OR, US
Technologies disclosed herein provide cryptographic computing. An example method comprises executing a first instruction of a first software entity to receive a first input operand indicating a first key associated with a first memory compartment of a plurality of memory compartments stored in a first memory unit, and execute a cryptographic algorithm in a core of a processor to compute first encrypted contents based at least in part on the first key. Subsequent to computing the first encrypted contents in the core, the first encrypted contents are stored at a memory location in the first memory compartment of the first memory unit. More specific embodiments include, prior to storing the first encrypted contents at the memory location in the first memory compartment and subsequent to computing the first encrypted contents in the core, moving the first encrypted contents into a level one (L1) cache outside a boundary of the core.
Aggregate Ghash-Based Message Authentication Code (Mac) Over Multiple Cachelines With Incremental Updates
Embodiments are directed to aggregate GHASH-based message authentication code (MAC) over multiple cachelines with incremental updates. An embodiment of a system includes a controller comprising circuitry, the controller to generate an error correction code for a memory line, the memory line comprising a plurality of first data blocks, generate a metadata block corresponding to the memory line, the metadata block comprising the error correction code for the memory line and at least one metadata bit, generate an aggregate GHASH corresponding to a region of memory comprising a cacheline set comprising at least the memory line, encode the first data blocks and the metadata block, encrypt the aggregate GHASH as an aggregate message authentication code (AMAC), provide the encoded first data blocks and the encoded metadata block for storage on a memory module comprising the memory line, and provide the AMAC for storage on a device separate from the memory module.
Cryptographic Computing In Multitenant Environments
- Santa Clara CA, US Michael D. LeMay - Hillsboro OR, US Salmin Sultana - Hillsboro OR, US Karanvir S. Grewal - Hillsboro OR, US Michael E. Kounavis - Portland OR, US Sergej Deutsch - Hillsboro OR, US Andrew James Weiler - Hillsboro OR, US Abhishek Basak - Bothell WA, US Dan Baum - Haifa, IL Santosh Ghosh - Hillsboro OR, US
Assignee:
Intel Corporation - Santa Clara CA
International Classification:
G06F 21/60 G06F 21/79 G06F 21/54
Abstract:
A processor, a system, a machine readable medium, and a method. The processor comprises first circuitry to: encrypt a first code image using a first code key; load the encrypted first code image into a memory area allocated in memory for the first code image by an operating system miming on the processor; and send to the operating system a substitute key that corresponds to the first code key, wherein the first code key is concealed from the operating system; and an instruction cache including control circuitry; and second circuitry coupled to the instruction cache, the second circuitry to: receive the substitute key from the operating system; in response to a first request from the operating system to execute the first code image to instantiate a first process, perform a first cryptographic function using a hardware key to generate the first code key from the substitute key; and program the control circuitry of the instruction cache with the first code key to enable the first code image to be decrypted using the first code key.
- Santa Clara CA, US Michael D. LeMay - Hillsboro OR, US Sergej Deutsch - Hillsboro OR, US Joydeep Rakshit - Burdwan, IN Anant Vithal Nori - Bangalore, IN Jayesh Gaur - Bangalore, IN Sreenivas Subramoney - Bangalore, IN
Assignee:
Intel Corporation - Santa Clara CA
International Classification:
G06F 3/06 G06F 12/1027 G06F 12/02
Abstract:
Technologies disclosed herein provide one example of a system that includes processor circuitry to be communicatively coupled to a memory circuitry. The processor circuitry is to receive a memory access request corresponding to an application for access to an address range in a memory allocation of the memory circuitry and to locate a metadata region within the memory allocation. The processor circuitry is also to, in response to a determination that the address range includes at least a portion of the metadata region, obtain first metadata stored in the metadata region, use the first metadata to determine an alternate memory address in a relocation region, and read, at the alternate memory address, displaced data from the portion of the metadata region included in the address range of the memory allocation. The address range includes one or more bytes of an expected allocation region of the memory allocation.