CPC H04L 9/088 (2013.01) [G06F 9/45558 (2013.01); G06F 12/1009 (2013.01); G06F 21/602 (2013.01); G06F 21/62 (2013.01); G06F 2009/45583 (2013.01); G06F 2009/45587 (2013.01); G06F 2212/1044 (2013.01); G06F 2212/657 (2013.01)] | 23 Claims |
17. A method comprising:
retrieving a number of address bits of physical memory addresses used for key identifiers (IDs);
retrieving a first key identifier (ID), of the key identifiers, to identify a boundary between non-restricted key IDs and restricted key IDs of the key identifiers;
determining, by a memory controller of a processor, a key ID range of the restricted key IDs within the physical memory addresses;
accessing, by the processor, a processor state comprising an indication that a first logical processor is executing in an untrusted domain mode;
intercepting, by the memory controller, a memory transaction from the first logical processor, the memory transaction comprising an address associated with a key ID; and
generating, by the processor, a fault in response to a determination that the key ID is within the key ID range of the restricted key IDs.
|