Method to increase cloud availability and silicon isolation using secure enclaves
First Claim
1. A method for handling hardware errors in a compute platform hosting a compute domain in which a plurality of secure enclaves are implemented, the method comprising:
- detecting a platform error event corresponding to errant hardware in the compute platform;
identifying one or more of the plurality of secure enclaves that are effected by the errant hardware; and
directing an interrupt to each of the one or more of the plurality of secure enclaves that are identified.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and apparatus to increase cloud availability and silicon isolation using secure enclaves. A compute platform is configured to host a compute domain in which a plurality of secure enclaves are implemented. In conjunction with creating and deploying secure enclaves, mapping information is generated that maps the secure enclaves to platform/CPU resources, such as Intellectual Property blocks (IP) belong to the secure enclaves. In response to platform error events caused by errant platform/CPU resources, the secure enclave(s) belonging to the errant platform/CPU are identified via the mapping information, and an interrupt is directed to that/those secure enclave(s). In response to the interrupt, a secure enclave may be configured to one or more of handle the error, pass information to another secure enclave, and teardown the enclave. The secure enclave may execute an interrupt service routine that causes the errant platform/CPU resource to reset without resetting the entire platform or CPU, as applicable.
-
Citations
25 Claims
-
1. A method for handling hardware errors in a compute platform hosting a compute domain in which a plurality of secure enclaves are implemented, the method comprising:
-
detecting a platform error event corresponding to errant hardware in the compute platform; identifying one or more of the plurality of secure enclaves that are effected by the errant hardware; and directing an interrupt to each of the one or more of the plurality of secure enclaves that are identified. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A processor, comprising:
-
a plurality of intellectual property blocks (IPs), interconnected via a plurality of interconnects, the plurality of IPs including a plurality of cores, a plurality of caches, a plurality of agents, one or more memory controllers, each having one or more memory channels, and one or more input/output (I/O) components, wherein the processor further includes microcode for a plurality of instructions used to implement a plurality of secure enclaves when the processor is installed and operating in a compute platform including one or more memory devices operatively coupled to the one or more memory controllers via the one or more memory channels, each secure enclave operating in a protected portion of memory in the one or more memory devices and having a portion of the plurality IPs belonging to it, and wherein the processor includes embedded logic configured to perform error recovery operations when installed and operating in the compute platform, the error recovery operations including, detecting an errant IP; and directing an interrupt to one or more of the plurality of secure enclaves to which the errant IP belongs. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A compute platform, comprising:
-
a first processor including, a plurality of intellectual property blocks (IPs), interconnected via a plurality of interconnects, the plurality of IPs including a plurality of cores, a plurality of caches, a plurality of agents, one or more memory controllers, each having one or more memory channels, and one or more input/output (I/O) components; and one or more first memory devices operatively coupled to the one or more memory controllers of the first processor via the one or more memory channels, wherein the first processor further includes microcode for a plurality of instructions used to implement a plurality of secure enclaves when the compute platform is operating, each secure enclave operating in a protected portion of memory in the one or more memory devices and having a portion of the plurality IPs belonging to it, and wherein the first processor includes embedded logic configured to perform error recovery operations comprising, detecting an errant IP; and directing an interrupt to one or more of the plurality of secure enclaves to which the errant IP belongs. - View Dependent Claims (20, 21, 22, 23, 24, 25)
-
Specification