Method to increase cloud availability and silicon isolation using secure enclaves

US 9,798,641 B2
Filed: 12/22/2015
Issued: 10/24/2017
Est. Priority Date: 12/22/2015
Status: Active Grant

First Claim

Patent Images

1. A method for handling hardware errors in a compute platform hosting a compute domain in which a plurality of secure enclaves are implemented, the method comprising:

detecting a platform error event corresponding to errant hardware in the compute platform;

identifying one or more of the plurality of secure enclaves that are effected by the errant hardware; and

directing an interrupt to each of the one or more of the plurality of secure enclaves that are identified.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus to increase cloud availability and silicon isolation using secure enclaves. A compute platform is configured to host a compute domain in which a plurality of secure enclaves are implemented. In conjunction with creating and deploying secure enclaves, mapping information is generated that maps the secure enclaves to platform/CPU resources, such as Intellectual Property blocks (IP) belong to the secure enclaves. In response to platform error events caused by errant platform/CPU resources, the secure enclave(s) belonging to the errant platform/CPU are identified via the mapping information, and an interrupt is directed to that/those secure enclave(s). In response to the interrupt, a secure enclave may be configured to one or more of handle the error, pass information to another secure enclave, and teardown the enclave. The secure enclave may execute an interrupt service routine that causes the errant platform/CPU resource to reset without resetting the entire platform or CPU, as applicable.

Citations

25 Claims

1. A method for handling hardware errors in a compute platform hosting a compute domain in which a plurality of secure enclaves are implemented, the method comprising:
- detecting a platform error event corresponding to errant hardware in the compute platform;
  
  identifying one or more of the plurality of secure enclaves that are effected by the errant hardware; and
  
  directing an interrupt to each of the one or more of the plurality of secure enclaves that are identified.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the errant hardware corresponds to an errant intellectual property block (IP) on a processor in the compute platform, the method further comprising:
    - for at least one secure enclave that is associated with the errant IP,executing, in response to receipt of an interrupt directed to the secure enclave, one of an error handling routine or an initial portion of an error handling routine that causes the errant IP to be reset while not resetting the processor.
  - 3. The method of claim 2, further comprising, for each of the at least one secure enclave that is associated with the errant IP:
    - tearing down the secure enclave; and
      
      creating a new secure enclave after the errant IP has been reset.
  - 4. The method of claim 2, wherein in response a first secure enclave receiving a directed interrupt, an interrupt service routine is executed by software running in the first secure enclave that copies at least a portion of data in the first secure enclave to a second secure enclave.
  - 5. The method of claim 1, wherein identifying the one or more of the plurality of secure enclaves that are effected by the errant hardware comprises:
    - classifying platform error sources as enclave-specific or system-wide;
      
      configuring mapping data that identifies the secure enclaves belonging to each of a plurality of intellectual property blocks (IPs) on the compute platform;
      
      determining one of the IPs is the error source for the platform error event; and
      
      using the mapping data to identify the secure enclaves belonging to the IP that is determined to be the error source.
  - 6. The method of claim 1, further comprising:
    - during setup of a secure enclave, creating an enclave platform interrupt handler, wherein the enclave platform interrupt handler is configured to one of handle an interrupt directed to the secure enclave in response to the platform error event or initiate handling of the interrupt directed to the secure enclave.
  - 7. The method of claim 6, wherein execution of the enclave platform interrupt handler by a first secure enclave copies at least a portion of data in the first secure enclave to a second secure enclave.
  - 8. The method of claim 1, wherein the plurality of secure enclaves are virtual secure enclaves.
  - 9. The method of claim 1, wherein the directed interrupt comprises a directed machine check.
  - 10. The method of claim 1, wherein the compute platform includes one or more processor, each having a plurality of intellectual property blocks (IPs), and one or more manageability components coupled in communication with at least one of the one or more processors, and wherein the errant hardware corresponds to an errant IP on a processor, the method further comprising:
    - storing mapping data that identifies the secure enclaves belonging to each of a plurality of intellectual property blocks (IPs) on the compute platform;
      
      asserting an error via a processor pin or interrupt detected by a manageability component; and
      
      employing the manageability component to access the mapping data to determine which secure enclaves are affected by the errant IP.
  - 11. The method of claim 10, wherein the manageability component comprises one of a manageability engine, an innovation engine, and a baseboard management controller.
  - 12. The method of claim 10, further comprising:
    - sending information from the manageability component to the processor containing the errant IP identifying one or more secure enclaves affected by the errant IP; and
      
      in response to receiving the information at the processor, directing an interrupt to each of the one or more secure enclaves affected by the errant IP.

13. A processor, comprising:
- a plurality of intellectual property blocks (IPs), interconnected via a plurality of interconnects, the plurality of IPs including a plurality of cores, a plurality of caches, a plurality of agents, one or more memory controllers, each having one or more memory channels, and one or more input/output (I/O) components,wherein the processor further includes microcode for a plurality of instructions used to implement a plurality of secure enclaves when the processor is installed and operating in a compute platform including one or more memory devices operatively coupled to the one or more memory controllers via the one or more memory channels, each secure enclave operating in a protected portion of memory in the one or more memory devices and having a portion of the plurality IPs belonging to it, and wherein the processor includes embedded logic configured to perform error recovery operations when installed and operating in the compute platform, the error recovery operations including,detecting an errant IP; and
  
  directing an interrupt to one or more of the plurality of secure enclaves to which the errant IP belongs.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The processor of claim 13, wherein the processor further comprises a register, and further includes embedded logic to enable the processor to:
    - store data in the register containing mappings between IPs and secure enclaves to which the IPs below; and
      
      determine, based on an identity of an IP that is detected to be errant, which of the plurality of secure enclaves to send directed interrupts to.
  - 15. The processor of claim 13, wherein the processor includes microcode instructions that enable the processor to reset individual IPs or selected sets of related IPs without resetting the entire processor.
  - 16. The processor of claim 13, wherein the embedded logic is further configured to receive identification of the one or more of the plurality of secure enclaves to which the errant IP belongs from a manageability component in the compute platform.
  - 17. The processor of claim 13, wherein the plurality of secure enclaves are virtual secure enclaves.
  - 18. The processor of claim 13, wherein the compute platform includes a manageability component to which the processor is communicatively coupled via at least one communication interface when installed in the compute platform, and wherein in response to detecting an errant IP the processor is configured to:
    - assert an error signal on a pin or assert an interrupt via a communication interface to inform the manageability component of an error; and
      
      receive information returned by the manageability component via a communication interface that identifies one or more secure enclaves to which to direct an interrupt.

19. A compute platform, comprising:
- a first processor including,a plurality of intellectual property blocks (IPs), interconnected via a plurality of interconnects, the plurality of IPs including a plurality of cores, a plurality of caches, a plurality of agents, one or more memory controllers, each having one or more memory channels, and one or more input/output (I/O) components; and
  
  one or more first memory devices operatively coupled to the one or more memory controllers of the first processor via the one or more memory channels,wherein the first processor further includes microcode for a plurality of instructions used to implement a plurality of secure enclaves when the compute platform is operating, each secure enclave operating in a protected portion of memory in the one or more memory devices and having a portion of the plurality IPs belonging to it, and wherein the first processor includes embedded logic configured to perform error recovery operations comprising,detecting an errant IP; and
  
  directing an interrupt to one or more of the plurality of secure enclaves to which the errant IP belongs.
- View Dependent Claims (20, 21, 22, 23, 24, 25)
- - 20. The compute platform of claim 19, further comprising:
    - a register; and
      
      a manageability component, operatively coupled to the first processor;
      
      wherein during operation of the compute platform mapping information is stored in the register that maps each secure enclave to the IPs belonging to that secure enclave, and wherein in response to detecting an errant IP,the first processor is configured assert an error via a processor pin or interrupt directed to the manageability component, the asserted error identifying the errant IP; and
      
      the manageability component is configured to retrieve data from the register to identify which secure enclaves the IP belongs to.
  - 21. The compute platform of claim 20, wherein the first processor is further configured to:
    - receive identification of the one or more of the plurality of secure enclaves to which the errant IP belongs from the manageability component in the compute platform; and
      
      direct an interrupt to each of the secure enclaves that are identified.
  - 22. The compute platform of claim 19, wherein the first processor includes microcode instructions that enable the processor to reset individual IPs or selected sets of related IPs without resetting the entire processor.
  - 23. The compute platform of claim 22, wherein in response to receiving a directed interrupt, a secure enclave executes an interrupt handler that causes the errant IP to be reset without resetting the first processor.
  - 24. The compute platform of claim 19, further comprising:
    - a second processor including,a plurality of intellectual property blocks (IPs), interconnected via a plurality of interconnects, the plurality of IPs including a plurality of cores, a plurality of caches, a plurality of agents, one or more memory controllers, each having one or more memory channels, and one or more input/output (I/O) components;
      
      one or more second memory devices operatively coupled to the one or more memory controllers of the second processor via the one or more memory channels; and
      
      a processor to processor interconnect coupling the first processor and second processor in communication;
      
      wherein the second processor further includes microcode for a plurality of instructions used to implement a plurality of secure enclaves when the compute platform is operating, each secure enclave operating in a protected portion of memory in the one or more memory devices and having a portion of the plurality IPs belonging to it, andwherein the compute platform is further configured to,store data classifying platform error sources as enclave-specific or system-wide;
      
      detect a system-wide platform error; and
      
      direct an interrupt to each secure enclave to cause each enclave to execute an interrupt handler; and
      
      subsequent to each secure enclave completing execution of its interrupt handler, reset the compute platform.
  - 25. The compute platform of claim 19, wherein the plurality of secure enclaves are virtual secure enclaves.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Swanson, Robert C., Yigzaw, Theodros, Nallusamy, Eswaramoorthi, Makaram, Raghunandan, Zimmer, Vincent J.
Primary Examiner(s)
Lottich, Joshua P

Application Number

US14/978,597
Publication Number

US 20170177457A1
Time in Patent Office

672 Days
Field of Search
US Class Current
CPC Class Codes

G06F 1/24   Resetting means

G06F 11/073   in a memory management cont...

G06F 11/0793   Remedial or corrective acti...

G06F 11/1016   Error in accessing a memory...

G06F 11/263   Generation of test inputs, ...

G06F 21/53   by executing in a restricte...

G06F 2221/034   Test or assess a computer o...

Method to increase cloud availability and silicon isolation using secure enclaves

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Method to increase cloud availability and silicon isolation using secure enclaves

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links