US 12,135,800 B2
Cryptographic computing in multitenant environments
David M. Durham, Beaverton, OR (US); Michael D. LeMay, Hillsboro, OR (US); Salmin Sultana, Hillsboro, OR (US); Karanvir S. Grewal, Hillsboro, OR (US); Michael E. Kounavis, Portland, OR (US); Sergej Deutsch, Hillsboro, OR (US); Andrew James Weiler, Hillsboro, OR (US); Abhishek Basak, Bothell, WA (US); Dan Baum, Haifa (IL); and Santosh Ghosh, Hillsboro, OR (US)
Assigned to Intel Corporation, Santa Clara, CA (US)
Appl. No. 17/791,000
Filed by Intel Corporation, Santa Clara, CA (US)
PCT Filed Dec. 26, 2020, PCT No. PCT/US2020/067072
§ 371(c)(1), (2) Date Jul. 6, 2022,
PCT Pub. No. WO2021/162792, PCT Pub. Date Aug. 19, 2021.
Claims priority of provisional application 63/122,444, filed on Dec. 7, 2020.
Claims priority of provisional application 62/976,319, filed on Feb. 13, 2020.
Prior Publication US 2023/0027329 A1, Jan. 26, 2023
Int. Cl. G06F 21/00 (2013.01); G06F 21/54 (2013.01); G06F 21/60 (2013.01); G06F 21/79 (2013.01)
CPC G06F 21/602 (2013.01) [G06F 21/54 (2013.01); G06F 21/79 (2013.01)] 25 Claims
OG exemplary drawing
 
1. A processor comprising:
first circuitry to:
encrypt a first code image using a first code key to generate an encrypted first code image;
load the encrypted first code image into a memory area allocated in memory for the first code image by an operating system running on the processor; and
send to the operating system a substitute key that corresponds to the first code key, wherein the first code key is concealed from the operating system; and
an instruction cache including control circuitry; and
second circuitry coupled to the instruction cache, the second circuitry to:
receive the substitute key from the operating system;
in response to a first request from the operating system to execute the first code image to instantiate a first process, perform a first cryptographic function using a hardware key to generate the first code key from the substitute key; and
program the control circuitry of the instruction cache with the first code key to enable the first code image to be decrypted using the first code key.