Processors, methods and systems to allow secure communications between protected container memory and input/output devices

US 10,664,179 B2
Filed: 09/25/2015
Issued: 05/26/2020
Est. Priority Date: 09/25/2015
Status: Active Grant

First Claim

Patent Images

1. An integrated circuit comprising:

a protected container access control logic including at least some integrated circuitry, disposed on the integrated circuit, including a memory management unit (MMU), including one or more translation lookaside buffers (TLBs), and including a data structure to map device protected container modules (DPCMs) to input/output (I/O) devices, the protected container access control logic operative to perform a set of access control checks and to determine whether to allow a DPCM and an I/O device to communicate securely through one of direct memory access (DMA) and memory-mapped input/output (MMIO), the protected container access control logic, responsive to an attempt by the DPCM and the I/O device to said communicate securely, to allow the DPCM and the I/O device to said communicate securely if the set of access control checks determine that at least;

the DPCM and the I/O device are mapped to one another using the data structure;

an access address associated with the communication resolves into a protected container memory; and

a page of the protected container memory into which the access address resolves allows for said one of the DMA and the MMIO and has a page type dedicated to secure I/O instead of a plurality of other possible page types for pages of the protected container memory that are not dedicated to the secure I/O and that the protected container access control logic does not allow the I/O device to perform either one of the DMA or the MMIO to;

a decode unit to decode an instruction of an instruction set, wherein the integrated circuit is to perform the instruction to reconfigure the page from one of the plurality of other possible page types to the page type dedicated to the secure I/O in a protected container memory control structure.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An integrated circuit includes protected container access control logic to perform a set of access control checks and to determine whether to allow a device protected container module (DPCM) and an input and/or output (I/O) device to communicate securely through one of direct memory access (DMA) and memory-mapped input/output (MMIO). The DPCM and the I/O device are allowed to communicate securely if it is determined that at least the DPCM and the I/O device are mapped to one another, an access address associated with the communication resolves into a protected container memory, and a page of the protected container memory into which the access address resolves allows for the aforementioned one of DMA and MMIO. In some cases, a Security Attributes of Initiator (SAI) or security identifier may be used to obtain a DPCM identifier or attest that access is from a DPCM mapped to the I/O device. In some cases, a determination may be made that a type of access is compatible with one or more allowed access types for the page as represented in a protected container page metadata structure.

Citations

23 Claims

1. An integrated circuit comprising:
- a protected container access control logic including at least some integrated circuitry, disposed on the integrated circuit, including a memory management unit (MMU), including one or more translation lookaside buffers (TLBs), and including a data structure to map device protected container modules (DPCMs) to input/output (I/O) devices, the protected container access control logic operative to perform a set of access control checks and to determine whether to allow a DPCM and an I/O device to communicate securely through one of direct memory access (DMA) and memory-mapped input/output (MMIO), the protected container access control logic, responsive to an attempt by the DPCM and the I/O device to said communicate securely, to allow the DPCM and the I/O device to said communicate securely if the set of access control checks determine that at least;
  
  the DPCM and the I/O device are mapped to one another using the data structure;
  
  an access address associated with the communication resolves into a protected container memory; and
  
  a page of the protected container memory into which the access address resolves allows for said one of the DMA and the MMIO and has a page type dedicated to secure I/O instead of a plurality of other possible page types for pages of the protected container memory that are not dedicated to the secure I/O and that the protected container access control logic does not allow the I/O device to perform either one of the DMA or the MMIO to;
  
  a decode unit to decode an instruction of an instruction set, wherein the integrated circuit is to perform the instruction to reconfigure the page from one of the plurality of other possible page types to the page type dedicated to the secure I/O in a protected container memory control structure.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The integrated circuit of claim 1, wherein said one of the DMA and the MMIO is the DMA.
  - 3. The integrated circuit of claim 2, wherein the protected container access control logic is operative to determine to allow the I/O device to access the page of the protected container memory.
  - 4. The integrated circuit of claim 2, wherein the access address is from the I/O device and is accompanied by a Security Attributes of Initiator (SAI) corresponding to the I/O device, and wherein the protected container access control logic is operative to determine that the DPCM and the I/O device are mapped to one another by using the SAI of the I/O device to obtain a DPCM identifier mapped to the SAI of the I/O device in a device mapping table and is operative to determine that the DPCM identifier obtained from the table corresponds to the DPCM.
  - 5. The integrated circuit of claim 2, wherein the protected container access control logic is operative to access an allowed physical address from a protected container page metadata structure, and is configured to determine to allow the DPCM and the I/O device to communicate securely after it has been determined that the access address is compatible with the allowed physical address.
  - 6. The integrated circuit of claim 5, further comprising:
    - a decode unit to decode an instruction; and
      
      an execution unit coupled with the decode unit, the execution unit, in response to the instruction, to store the allowed physical address in the protected container page metadata structure.
  - 7. The integrated circuit of claim 2, wherein the protected container access control logic is operative to determine to allow the DPCM and the I/O device to communicate securely after it has been determined that the page has a type that is dedicated to allowing secure DMA.
  - 8. The integrated circuit of claim 2, wherein the MMU comprises an I/O memory management unit (MMU).
  - 9. The integrated circuit of claim 1, wherein said one of the DMA and the MMIO is the MMIO.
  - 10. The integrated circuit of claim 9, wherein the MMU is to convert the address that resolves to the page of the protected container memory to an MMIO address for the I/O device.
  - 11. The integrated circuit of claim 9, wherein the protected container access control logic is operative to provide a security identifier to accompany an access from the DPCM to the I/O device, and wherein the security identifier attests to the I/O device that the access is from a DPCM that is mapped to the I/O device.
  - 12. The integrated circuit of claim 9, wherein the protected container access control logic is operable to determine to allow the DPCM and the I/O device to communicate securely after a determination that the page has a type that is dedicated to allowing secure MMIO.
  - 13. The integrated circuit of claim 1, wherein the protected container access control logic is operative to determine to allow the DPCM and the I/O device to communicate securely after a determination that a type of access is compatible with one or more allowed access types for the page that are to be stored in a protected container page metadata structure.
  - 14. The integrated circuit of claim 1, wherein the protected container access control logic is operative to determine not to allow:
    - any other protected container modules to access the page of the protected container memory; and
      
      any privileged system software modules to access the page of the protected container memory.

15. A method comprising:
- decoding and executing an instruction of an instruction set to reconfigure, in a control structure in a protected container memory, a page of the protected container memory from one of a plurality of possible page types that are not dedicated to secure input/output (I/O) to a page type that is dedicated to the secure I/O;
  
  determining that a set of access control checks succeed, including;
  
  determining that a device protected container module (DPCM) and an I/O device are mapped to one another;
  
  determining that an access address associated with an attempted access by one of the DPCM and the I/O device resolves into the protected container memory; and
  
  determining that the page of the protected container memory into which the access address resolves has the page type that is dedicated to the secure I/O, wherein the page type that is dedicated to the secure I/O allows for at least one of direct memory access (DMA) and memory-mapped input/output (MMIO) into the page by the I/O device;
  
  allowing the DPCM and the I/O device to communicate securely with one another through the page of the protected container memory after and based on said determining that the set of access control checks succeed; and
  
  not allowing the I/O device to perform either the DMA or the MMIO into any pages of the plurality of possible page types that are not dedicated to the secure I/O.
- View Dependent Claims (16, 17)
- - 16. The method of claim 15, wherein the allowing of the DPCM and the I/O device to communicate securely with one another comprises allowing the DPCM and the I/O device to perform secure DMA, the method further comprising allowing the I/O device to access data in the page of the protected container memory.
  - 17. The method of claim 15, wherein the allowing of the DPCM and the I/O device to communicate securely with one another comprises allowing the DPCM and the I/O device to perform secure MMIO.

18. An article of manufacture comprising a non-transitory machine-readable storage medium, the non-transitory machine-readable storage medium storing instructions that if executed by a machine are to cause the machine to perform operations, the operations including:
- send for execution an instruction of an instruction set to reconfigure, in a control structure in a protected container memory, a page of the protected container memory from one of a plurality of possible page types that are not dedicated to secure input/output (I/O) to a page type that is dedicated to the secure I/O;
  
  request, from a protected container module in the protected container memory, that an I/O device be mapped to the protected container module;
  
  access the page in the protected container memory that has the page type that is dedicated to the secure I/O, wherein the page type that is dedicated to the secure I/O allows for at least one of direct memory access (DMA) and memory-mapped input/output (MMIO) into the page by the I/O device; and
  
  perform said one of the DMA and the MMIO with the I/O device into the page in the protected container memory.
- View Dependent Claims (19, 20, 21, 22)
- - 19. The article of manufacture of claim 18, wherein the instructions that if executed cause the machine to perform said one of the DMA and the MMIO with the I/O device comprise instructions that if executed cause the machine to perform the DMA with the I/O device.
  - 20. The article of manufacture of claim 19, wherein the instructions include a single instruction that if executed by the machine cause the machine to configure a page to be a type dedicated for secure DMA.
  - 21. The article of manufacture of claim 18, wherein the instructions that if executed cause the machine to perform said one of the DMA and the MMIO with the I/O device comprise instructions that if executed cause the machine to perform the MMIO with the I/O device.
  - 22. The article of manufacture of claim 21, wherein the instructions include a single instruction that if executed by the machine cause the machine to configure a page to be a type dedicated for secure MMIO.

23. An integrated circuit comprising:
- at least one memory management unit (MMU) and at least one translation lookaside buffer (TLB) that together are operative to perform a set of access control checks and to determine whether to allow a device protected container module (DPCM) and an input/output (I/O) device to communicate securely through one of direct memory access (DMA) and memory-mapped input/output (MMIO), the at least one MMU and the at least one TLB to allow the DPCM and the I/O device to said communicate securely through said one of the DMA and said MMIO only if the set of access control checks determine that at least;
  
  the DPCM and the I/O device are mapped to one another;
  
  an access address associated with the communication resolves into a protected container memory; and
  
  a page of the protected container memory into which the access address resolves has a given page type for which the integrated circuit allows the I/O device to perform at least said one of the DMA and the MMIO into the page instead of a plurality of other possible page types for pages of the protected container memory for which the integrated circuit does not allow the I/O device to perform either one of the DMA or the MMIO into the pages, wherein the page is reconfigurable from one of the plurality of other possible page types to the given page type by performance of an instruction of an instruction set.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Alexandrovich, Ilya, Beker, Vladimir, Gerzon, Gideon, Scarlata, Vincent R.
Primary Examiner(s)
Gossage, Glenn

Application Number

US14/866,478
Publication Number

US 20170090800A1
Time in Patent Office

1,705 Days
Field of Search
US Class Current
CPC Class Codes

G06F 13/16   for access to memory bus G0...

G06F 13/4068   Electrical coupling

G06F 21/78   to assure secure storage of...

G06F 21/79   in semiconductor storage me...

G06F 21/85   interconnection devices, e....

G06F 3/0622   in relation to access

G06F 3/0637   Permissions

G06F 3/0673   Single storage device

Processors, methods and systems to allow secure communications between protected container memory and input/output devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Processors, methods and systems to allow secure communications between protected container memory and input/output devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links