Techniques and mechanisms to efficiently provide features of a secure authentication mode (SEAM) by a processor. In an embodiment, cores of the processor support an instruction set which comprises instructions to invoke the SEAM. One such core installs an authenticated code module (ACM), which is executed to load a persistent SEAM loader module (P-SEAMLDR) in a reserved region of a system memory. In turn, the P-SEAMLDR loads into the reserved region a SEAM module which facilitates trust domain extension (TDX) protections for a given trusted domain. In another embodiment, the instruction set supports a SEAM call instruction with which either of the P-SEAMLDR or the SEAM module is accessed in the reserved region.

A novel and useful neural network (NN) processing core adapted to implement artificial neural networks (ANNs) and incorporating configurable and programmable sliding window based memory access. The memory mapping and allocation scheme trades off random and full access in favor of high parallelism and static mapping to a subset of the overall address space. The NN processor is constructed from self-contained computational units organized in a hierarchical architecture. The homogeneity enables simpler management and control of similar computational units, aggregated in multiple levels of hierarchy. Computational units are designed with minimal overhead as possible, where additional features and capabilities are aggregated at higher levels in the hierarchy. On-chip memory provides storage for content inherently required for basic operation at a particular hierarchy and is coupled with the computational resources in an optimal ratio. Lean control provides just enough signaling to manage only the operations required at a particular hierarchical level. Dynamic resource assignment agility is provided which can be adjusted as required depending on resource availability and capacity of the device.

An apparatus and method are provided for managing a capability domain. The apparatus has processing circuitry for executing instructions, the processing circuitry when in a default state being arranged to operate in a capability domain comprising capabilities used to constrain operations performed by the processing circuitry when executing the instructions. A program counter capability storage element is also provided to store a program counter capability used by the processing circuitry to determine a program counter value. The program counter capability is arranged to identify a capability state for the processing circuitry. The processing circuitry is then arranged, when the capability state indicates the default state, to operate in the capability domain. However, when the capability state indicates the executive state, the processing circuitry is arranged to operate in a manner less constrained than when in the default state so as to allow modification of the capability domain. This provides a simple and effective mechanism for selectively allowing the apparatus to modify the capability domain.

A method for executing a binary code includes for each item of data to be recorded: executing an algorithm for constructing a data line containing a cryptogram of this item of data constructed using an initialization vector iv.sub.j associated with an address @.sub.j of the main memory using a relationship iv.sub.j=F.sub.iv(@.sub.j), where the function F.sub.iv, is a pre-programmed function that associates a different initialization vector iv.sub.j with each different address @.sub.j of a main memory, and then recording this constructed data line in the main memory at the address @.sub.j, where each instruction line of a basic block is constructed by executing the same construction algorithm as the one executed to construct the data line and using the same function F.sub.iv, the item of data for this purpose being taken to be equal to the instruction masked using a mask associated with this basic block.

An apparatus comprises processing circuitry to execute instructions, and decode circuitry to decode the instructions for execution by the processing circuitry. The decode circuitry is responsive to an authentication code generation instruction specifying a first source value to control the processing circuitry to generate an authentication code dependent on the first source value, and store the authentication code to a memory location associated with a store address formed using a value obtained from a register. By providing a single instruction, this reduces register pressure enabling improved performance by avoiding unnecessary load/store operations, and makes compilation of code using the authentication code generation instruction simpler. Because it does not store the result of the cryptographic function in the register bank, it also enables simple in-order CPU designs to hide the latency of slow cryptographic computations by allowing subsequent instructions to start executing before the cryptographic computation has completed.

In an embodiment, dynamically-generated code may be supported in the system by ensuring that the code either remains executing within a predefined region of memory or exits to one of a set of valid exit addresses. Software embodiments are described in which the dynamically-generated code is scanned prior to permitting execution of the dynamically-generated code to ensure that various criteria are met including exclusion of certain disallowed instructions and control of branch target addresses. Hardware embodiments are described in which the dynamically-generated code is permitted to executed but is monitored to ensure that the execution criteria are met.

An anomaly detection method includes: reading a branch target address corresponding to a branch instruction, twice or more; determining whether the branch target addresses read are identical; and executing the branch instruction when the branch target addresses read are identical, and executing anomaly detection processing when the branch target addresses read are not identical.

Various example embodiments for supporting processor capabilities are presented herein. Various example embodiments for supporting processor capabilities may be configured to provide a processor configured to support execution of a program that is based on an instruction set architecture of the processor, where the program includes a target instruction configured to mark a beginning of an execution sequence of the program, wherein the target instruction is a target of a branch instruction of the program.

Methods and systems described herein utilize a jump table in directly-addressable, near code, to facilitate improved execution of frequent calls to executable code from other workloads outside of the near code. By executing a directly-addressable call and jump instruction to access frequently-accessed executable code, indirect call instructions are avoided.

A processor includes an execution unit and a processing logic operatively coupled to the execution unit, the processing logic to: enter a first execution state and transition to a second execution state responsive to executing a control transfer instruction. Responsive to executing a target instruction of the control transfer instruction, the processing logic further transitions to the first execution state responsive to the target instruction being a control transfer termination instruction of a mode identical to a mode of the processing logic following the execution of the control transfer instruction; and raises an execution exception responsive to the target instruction being a control transfer termination instruction of a mode different than the mode of the processing logic following the execution of the control transfer instruction.