Secure processor for multi-tenant cloud workloads

Assignee

• LENOVO ENTERPRISE SOLUTIONS (SINGAPORE) PTE. LTD. · SG

Inventors

• Fred Allison Bower, III · Durham, US
• William G. Holland · Cary, US
• Scott Kelso · Cary, US
• Christopher L. Wood · Austin, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L2209/24
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A CPU package includes an encryption and decryption module disposed in a communication path between an instruction path of a processor core and a data register that is externally accessible through a debug port, and a key store accessible to the module. The module is configured to encrypt and store data in the data register for each of a plurality of processes being handled in the instruction path, wherein data owned by each process is encrypted and decrypted by the module using an encryption key assigned to the process. The key store is configured to store the encryption key assigned to each of a plurality of processes, wherein the key store is inaccessible outside the CPU package. The data is only decrypted for a requesting process having a process identifier that matches the process identifier stored in the processor data structure along with the requested data.