Processors, methods, systems, and instructions to determine whether to load encrypted copies of protected container pages into protected container memory
First Claim
1. A processor comprising:
- a die;
a decode unit included on the die to decode an instruction that is to indicate a source encrypted copy of a protected container page that is to be stored in a regular memory, and that is to indicate a destination page that is to be in a first protected container memory; and
an execution unit, included on the die and coupled with the decode unit, and including at least some hardware, the execution unit, in response to the instruction, to;
determine whether the protected container page was live stored out, while able to remain useable in, protected container type memory; and
perform a given security check, before a determination to store the protected container page to the destination page, if the determination is that the protected container page was live stored out;
ornot perform the given security check, if the determination is that the protected container page was not live stored out.
1 Assignment
0 Petitions
Accused Products
Abstract
A method performed by a processor of an aspect includes accessing an encrypted copy of a protected container page stored in a regular memory. A determination is made whether the protected container page was live stored out, while able to remain useable in, protected container memory. The method also includes either performing a given security check, before determining to store the protected container page to a destination page in a first protected container memory, if it was determined that the protected container page was live stored out, or not performing the given security check, if it was determined that the protected container page was not live stored out. Other methods, as well as processors, computer systems, and machine-readable medium providing instructions are also disclosed.
17 Citations
25 Claims
-
1. A processor comprising:
-
a die; a decode unit included on the die to decode an instruction that is to indicate a source encrypted copy of a protected container page that is to be stored in a regular memory, and that is to indicate a destination page that is to be in a first protected container memory; and an execution unit, included on the die and coupled with the decode unit, and including at least some hardware, the execution unit, in response to the instruction, to; determine whether the protected container page was live stored out, while able to remain useable in, protected container type memory; and perform a given security check, before a determination to store the protected container page to the destination page, if the determination is that the protected container page was live stored out;
ornot perform the given security check, if the determination is that the protected container page was not live stored out. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A processor comprising:
-
an interface to receive a control primitive; and a core coupled with the interface, in response to the control primitive, to; access an encrypted copy of a protected container page that is to be stored in a regular memory; determine whether the protected container page was live stored out, while able to remain useable in, a second protected container memory; and perform a given security check, before determining to store the protected container page to a destination page that is to be in a first protected container memory, if the determination is that the protected container page is to have been live stored out;
ornot perform the given security check, if the determination is that the protected container page is not to have been live stored out. - View Dependent Claims (15, 16)
-
-
17. A method performed by a processor comprising:
-
accessing an encrypted copy of a protected container page stored in a regular memory; determining whether the protected container page was live stored out, while able to remain useable in, protected container type memory; and performing a given security check, before determining to store the protected container page to a destination page in a first protected container memory, if it was determined that the protected container page was live stored out;
ornot performing the given security check, if it was determined that the protected container page was not live stored out. - View Dependent Claims (18, 19, 20)
-
-
21. A computer system comprising:
-
an interconnect; a processor coupled with the interconnect, the processor to receive an instruction that is to indicate a source encrypted copy of a protected container page that is to be stored in a regular memory, and that is to indicate a destination page that is to be in a first protected container memory, the processor, in response to the instruction, to; determine whether the protected container page was live stored out, while able to remain useable in, protected container type memory; and perform a given security check, before a determination to store the protected container page to the destination page, if the determination is that the protected container page was live stored out, wherein the given security check is to include a determination whether a live protected container page group store operation, which is to have been used to store a group of protected container pages including the protected container page out of the protected container type memory, is to have been completed;
ornot perform the given security check, if the determination is that the protected container page was not live stored out; and a memory coupled with the interconnect, the memory storing a set of instructions, the set of instructions, when executed by the processor, to cause the processor to perform operations comprising; store an indication that the live protected container page group store operation has been completed when it has been completed. - View Dependent Claims (22)
-
-
23. An article of manufacture comprising a non-transitory machine-readable storage medium, the non-transitory machine-readable storage medium storing one or more instructions that, if performed by a machine, are to cause the machine to perform operations comprising:
-
access an encrypted copy of a protected container page that is to be stored in a regular memory; determine whether the protected container page was live stored out, while able to remain useable in, protected container type memory; and perform a given security check, before a determination to store the protected container page to a destination page in a first protected container memory, if it was determined that the protected container page was live stored out;
ornot perform the given security check, if it was determined that the protected container page was not live stored out. - View Dependent Claims (24, 25)
-
Specification