US 12,021,980 B2
Restricting usage of encryption keys by untrusted software
Ido Ouziel, Ein Carmel (IL); Arie Aharon, Haifa (IL); Dror Caspi, Kiryat Yam (IL); Baruch Chaikin, D.N. Misagv (IL); Jacob Doweck, Haifa (IL); Gideon Gerzon, Zichron Yaakov (IL); Barry E. Huntley, Hillsboro, OR (US); Francis X. McKeen, Portland, OR (US); Gilbert Neiger, Portland, OR (US); Carlos V. Rozas, Portland, OR (US); Ravi L. Sahita, Portland, OR (US); Vedvyas Shanbhogue, Austin, TX (US); and Assaf Zaltsman, Haifa (IL)
Assigned to Intel Corporation, Santa Clara, CA (US)
Filed by Intel Corporation, Santa Clara, CA (US)
Filed on Sep. 2, 2021, as Appl. No. 17/465,311.
Application 17/465,311 is a continuation of application No. 16/228,002, filed on Dec. 20, 2018, granted, now 11,139,967.
Prior Publication US 2021/0399882 A1, Dec. 23, 2021
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/08 (2006.01); G06F 9/455 (2018.01); G06F 12/1009 (2016.01); G06F 21/60 (2013.01); G06F 21/62 (2013.01)
CPC H04L 9/088 (2013.01) [G06F 9/45558 (2013.01); G06F 12/1009 (2013.01); G06F 21/602 (2013.01); G06F 21/62 (2013.01); G06F 2009/45583 (2013.01); G06F 2009/45587 (2013.01); G06F 2212/1044 (2013.01); G06F 2212/657 (2013.01)] 23 Claims
OG exemplary drawing
 
17. A method comprising:
retrieving a number of address bits of physical memory addresses used for key identifiers (IDs);
retrieving a first key identifier (ID), of the key identifiers, to identify a boundary between non-restricted key IDs and restricted key IDs of the key identifiers;
determining, by a memory controller of a processor, a key ID range of the restricted key IDs within the physical memory addresses;
accessing, by the processor, a processor state comprising an indication that a first logical processor is executing in an untrusted domain mode;
intercepting, by the memory controller, a memory transaction from the first logical processor, the memory transaction comprising an address associated with a key ID; and
generating, by the processor, a fault in response to a determination that the key ID is within the key ID range of the restricted key IDs.