1
Carl M Ellison, Roger A Golliver, Howard C Herbert, Derrick C Lin, Francis X McKeen, Gilbert Neiger, Ken Reneris, James A Sutton, Shreekant S Thakkar, Millind Mittal: Executing isolated mode instructions in a secure system running in privilege rings. Intel Corporation, Blakely Sokoloff Taylor & Zafman, January 14, 2003: US06507904 (189 worldwide citation)

A technique is provided to execute isolated instructions according to an embodiment of the present invention. An execution unit executes an isolated instruction in a processor operating in a platform. The processor is configured in one of a normal execution mode and an isolated execution mode. A par ...


2
Carl M Ellison, Roger A Golliver, Howard C Herbert, Derrick C Lin, Francis X McKeen, Gilbert Neiger, Ken Reneris, James A Sutton, Shreekant S Thakkar, Millind Mittal: Controlling access to multiple memory zones in an isolated execution environment. Intel Corporation, Blakely Sokoloff Taylor & Zafman, October 14, 2003: US06633963 (153 worldwide citation)

A processor having a normal execution mode and an isolated execution mode generates an access transaction. The access transaction is configured using a configuration storage that stores configuration settings. The configuration settings include a plurality of subsystem memory range settings defining ...


3
Gilbert Neiger, Stephen Chou, Erik Cota Robles, Stalinselvaraj Jeyasingh, Alain Kagi, Michael Kozuch, Richard Uhlig, Sebastian Schoenberg: Virtual translation lookaside buffer. Intel Corporation, Blakely Sokoloff Taylor & Zafman, June 14, 2005: US06907600 (135 worldwide citation)

In one embodiment, a method for supporting address translation in a virtual-machine environment includes creating a guest translation data structure to be used by a guest operating system for address translation operations, creating an active translation data structure based on the guest translation ...


4
Carl M Ellison, Roger A Golliver, Howard C Herbert, Derrick C Lin, Francis X McKeen, Gilbert Neiger, Ken Reneris, James A Sutton, Shreekant S Thakkar, Millind Mittal: Controlling access to multiple isolated memories in an isolated execution environment. Intel Corporation, Blakley Sokoloff Taylor & Zafman, January 13, 2004: US06678825 (106 worldwide citation)

The present invention provides a method, apparatus, and system for controlling memory accesses to multiple isolated memory areas in an isolated execution environment. A page manager is used to distribute a plurality of pages to a plurality of different areas of a memory, respectively. The memory is ...


5
Erik Cota Robles, Sebastian Schoenberg, Stalinselvaraj Jeyasingh, Alain Kagi, Michael Kozuch, Gilbert Neiger, Richard Uhlig: Tracking operating system process and thread execution and virtual machine execution in hardware or in a virtual machine monitor. Intel Corporation, Thomas R Lane, March 13, 2007: US07191440 (79 worldwide citation)

Transitions among schedulable entities executing in a computer system are tracked in computer hardware or in a virtual machine monitor. In one aspect, the schedulable entities are operating system processes and threads, virtual machines, and instruction streams executing on the hardware. In another ...


6
Michael Kozuch, Stephen Chou, Erik Cota Robles, Stalinselvaraj Jeyasingh, Alain Kagi, Gilbert Neiger, Sebastian Schoenberg, Richard Uhlig: Mechanism for providing power management through virtualization. Intel Corporation, Derek J Reynolds, May 29, 2007: US07225441 (60 worldwide citation)

In one embodiment, a method for providing power management via virtualization includes monitoring the utilization of a host platform device by one or more virtual machines and managing power consumption of the host platform device based on the results of monitoring.


7
Erik C Cota Robles, Randolph L Campbell, Clifford D Hall, Gilbert Neiger, Richard A Uhlig: System and method for binding virtual machines to hardware contexts. Intel Corporation, Blakely Sokoloff Taylor & Zafman, November 13, 2007: US07296267 (54 worldwide citation)

System and method for binding virtual machines to hardware contexts. A method includes obtaining resource requirements for a plurality of virtual machines, and binding one or more of the plurality of virtual machines to one or more of a plurality of hardware contexts associated with a processor base ...


8
Ioannis Schoinas, Rajesh Madukkarumukumana, Gilbert Neiger, Richard Uhlig, Balaji Vembu: Caching support for direct memory access address translation. Intel Corporation, Philip A Pedigo, February 19, 2008: US07334107 (49 worldwide citation)

An embodiment of the present invention is a technique to provide cache support for direct memory access address translation. A cache structure stores cached entries used in address translation of a guest physical address to a host physical address. The guest physical address corresponds to a guest d ...


9
Carl M Ellison, Roger A Golliver, Howard C Herbert, Derrick C Lin, Francis X McKeen, Gilbert Neiger, Ken Reneris, James A Sutton, Shreekant S Thakkar, Millind Mittal: Generating a key hieararchy for use in an isolated execution environment. Intel Corporation, Blakely Sokoloff Taylor & Zafman, July 6, 2004: US06760441 (47 worldwide citation)

The present invention is a method, apparatus, and system to generate a key hierarchy for use in an isolated execution environment of a protected platform. In order to bind secrets to particular code operating in isolated execution, a key hierarchy comprising a series of symmetric keys for a standard ...


10
Ioannis Schoinas, Rajesh Madukkarumakumana, Gilbert Neiger, Richard Uhlig, Ku jei King: Address translation for input/output devices using hierarchical translation tables. Intel Corporation, Grossman Tucker Perreault & Pfleger PLLC, October 28, 2008: US07444493 (44 worldwide citation)

An embodiment of the present invention is a technique to perform address translation. A table structure is indexed by a source identifier of an input/output (I/O) transaction specifying a guest physical address and requested by an I/O device to map the I/O device to a domain assigned to the I/O devi ...