Restricting usage of encryption keys by untrusted software

Assignee

• Intel Corporation · US

Inventors

• Ido Ouziel · Atlit, IL
• Arie Aharon · Haifa, IL
• Dror Caspi · Kiryat Yam, IL
• Baruch Chaikin · Kiryat Shmona, IL
• Jacob Doweck · Haifa, IL
• Gideon Gerzon · Jerusalem, IL
• Barry E. Huntley · Hillsboro, US
• Francis X. McKeen · Portland, US
• Gilbert Neiger · Hillsboro, US
• Carlos V. Rozas · Portland, US
• Ravi L. Sahita · Portland, US
• Vedvyas Shanbhogue · Austin, US
• Assaf Zaltsman · Haifa, IL

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/2149
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A processor includes a processor core. A register of the core is to store: a bit range for a number of address bits of physical memory addresses used for key identifiers (IDs), and a first key ID to identify a boundary between non-restricted key IDs and restricted key IDs of the key identifiers. A memory controller is to: determine, via access to bit range and the first key ID in the register, a key ID range of the restricted key IDs within the physical memory addresses; access a processor state that a first logical processor of the processor core executes in an untrusted domain mode; receive a memory transaction, from the first logical processor, including an address associated with a second key ID; and generate a fault in response to a determination that the second key ID is within a key ID range of the restricted key IDs.