DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-31 are pending in this office action and presented for examination. Claims 1, 3-6, 8-12, 26-27, and 29 are newly amended by the response received November 7, 2025.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13.
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer.
Claims 1 and 4-5 are rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1 of U.S. Patent No. 11635965. Although the claims at issue are not identical, they are not patentably distinct from each other because all the limitations of each of the aforementioned instant claims are taught by a corresponding claim of the ‘965 patent.
Claim 6 is rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1 of U.S. Patent No. 11635965 as applied to claim 1 above, and further in view of Bonzini (Reading privileged memory with a side-channel | Hacker News). Regarding the additional limitation(s) not taught by the applied reference(s) thus far, Bonzini is relied upon to render obvious the additional limitation(s) in an analogous manner as Bonzini is relied upon in the rejection(s) of the aforementioned instant claim(s) below; see the citations of Bonzini and corresponding rationale(s) for obviousness in the rejection(s) of the aforementioned instant claim(s) under 35 USC 103 below.
Claim 7 is rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1 of U.S. Patent No. 11635965 as applied to claim 1 above, and further in view of Horn (Project Zero: Reading privileged memory with a side-channel). Regarding the additional limitation(s) not taught by the applied reference(s) thus far (i.e., a more-privileged privilege level being a “supervisor” privilege level, and a less-privileged privilege level being a “user” privilege level), Horn is relied upon to render obvious the additional limitation(s); see the citation(s) of Horn in the rejection(s) of the aforementioned instant claim(s) below; note that it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the relied-upon teachings of Horn with the reference(s) thus far, as this modification merely entails combining prior art elements according to known methods to yield predictable results, which is an example of a rationale that may support a conclusion of obviousness as per MPEP 2143.
Claims 2-3 are rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1 of U.S. Patent No. 11635965 as applied to claim 1 above, and further in view of Wang et al. (Wang) (US 20120278598 A1). Regarding the additional limitation(s) not taught by the applied reference(s) thus far, Wang is relied upon to render obvious the additional limitation(s) in an analogous manner as Wang is relied upon in the rejection(s) of the aforementioned instant claim(s) below; see the citations of Wang and corresponding rationale(s) for obviousness in the rejection(s) of the aforementioned instant claim(s) under 35 USC 103 below.
Claims 8, 11, 13, and 16-17 are rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1 of U.S. Patent No. 11635965 in view of Gopal et al. (Gopal) (US 20140095844 A1). Regarding the additional limitation(s) not taught by the applied reference(s) thus far, Gopal is relied upon to render obvious the additional limitation(s) in an analogous manner as Gopal is relied upon in the rejection(s) of the aforementioned instant claim(s) below; see the citations of Gopal and corresponding rationale(s) for obviousness in the rejection(s) of the aforementioned instant claim(s) under 35 USC 103 below.
Claims 9-10 and 14-15 are rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1 of U.S. Patent No. 11635965 and Gopal as applied to claims 8 and 13 above, and further in view of Wang et al. (Wang) (US 20120278598 A1). Regarding the additional limitation(s) not taught by the applied reference(s) thus far, Wang is relied upon to render obvious the additional limitation(s) in an analogous manner as Wang is relied upon in the rejection(s) of the aforementioned instant claim(s) below; see the citations of Wang and corresponding rationale(s) for obviousness in the rejection(s) of the aforementioned instant claim(s) under 35 USC 103 below.
Claims 12 and 18-25 are rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1 of U.S. Patent No. 11635965 and Gopal as applied to claims 11 and 13 above, and further in view of Bonzini (Reading privileged memory with a side-channel | Hacker News). Regarding the additional limitation(s) not taught by the applied reference(s) thus far, Bonzini is relied upon to render obvious the additional limitation(s) in an analogous manner as Bonzini is relied upon in the rejection(s) of the aforementioned instant claim(s) below; see the citations of Bonzini and corresponding rationale(s) for obviousness in the rejection(s) of the aforementioned instant claim(s) under 35 USC 103 below.
Claims 26-27 and 29-31 are rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1 of U.S. Patent No. 11635965 in view of Horn (Project Zero: Reading privileged memory with a side-channel) in view of Mills et al. (Mills) (US 5721945) in view of Wang et al. (Wang) (US 20120278598 A1). See the citation(s) and rationale(s) for obviousness in the rejection(s) of the aforementioned instant claim(s) under 35 USC 103 below. Regarding the additional limitation(s) taught by Horn, see the citation(s) of Horn in the rejection(s) of the aforementioned instant claim(s) below; note that it would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to combine the relied-upon teachings of Horn (e.g., a plurality of cache levels) with the reference(s) thus far, as this modification merely entails combining prior art elements according to known methods to yield predictable results, which is an example of a rationale that may support a conclusion of obviousness as per MPEP 2143.
Claim 28 is rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1 of U.S. Patent No. 11635965 and Horn, Mills, and Wang as applied to claim 27 above, and further in view of Soltis, JR. et al. (Soltis, JR.) (US 20060031679 A1). Regarding the additional limitation(s) not taught by the applied reference(s) thus far, Soltis, JR. is relied upon to render obvious the additional limitation(s) in an analogous manner as Soltis, JR. is relied upon in the rejection(s) of the aforementioned instant claim(s) below; see the citations of Soltis, JR. and corresponding rationale(s) for obviousness in the rejection(s) of the aforementioned instant claim(s) under 35 USC 103 below.
Each of claims 1-31 are rejected on the ground of nonstatutory double patenting as being unpatentable over one of claims 1, 2, 5, 6, and 7 of U.S. Patent No. 12236243 in view of zero or more of Horn (Project Zero: Reading privileged memory with a side-channel), Bonzini (Reading privileged memory with a side-channel | Hacker News), Gopal et al. (Gopal) (US 20140095844 A1), and Soltis, JR. et al. (Soltis, JR.) (US 20060031679 A1). Examiner notes that the particular zero or more secondary references relied upon to reject each claim, the limitation(s) that each secondary reference is relied upon to teach, and the associated rationale(s) for obviousness, are readily recognizable in view of the citation(s) and associated rationale(s) for obviousness provided for the used secondary reference in the rejection of that claim under 35 USC 103 below. Regarding any limitations in a claim taught by the Horn reference (the primary reference in the rejections under 35 USC 103 below) but not the associated claim of U.S. Patent No. 12236243 (e.g., a plurality of cache levels), note that it would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to combine the cited elements of Horn teaching the aforementioned limitations with the other reference(s) used to reject that claim, as this modification merely entails combining prior art elements according to known methods to yield predictable results, which is an example of a rationale that may support a conclusion of obviousness as per MPEP 2143.
Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.
The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.
Claims 2, 9-10, 13-25, and 29 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Claim 2 recites the limitation “The apparatus of claim 1, wherein the value indicates an always on indirect branch prediction protection” in lines 1-2. The recited value, in view of the limitations of claim 1, appears to be IA32_SPEC_CTRL.IBRS of paragraph [00115]. (Examiner submits that this value does not appear to be bit 1 of the IA32_ARCH_CAPABILITIES MSR of paragraph [00115], because this bit merely appears to indicate whether the processor supports enhanced IBRS, rather than itself indicating the core is to indicate the core is to prevent use of branch history information by the branch predictor to predict a target instruction of an indirect branch instruction to be performed by the core at a second privilege level.) However, the original disclosure (e.g., paragraph [00115]) does not appear to provide support for IA32_SPEC_CTRL.IBRS itself indicating an “always on” indirect branch prediction protection.
Claim 9 recites the limitation “The SoC of claim 8, wherein the value indicates an always on indirect branch prediction protection” in lines 1-2. The recited value, in view of the limitations of claim 1, appears to be IA32_SPEC_CTRL.IBRS of paragraph [00115]. (Examiner submits that this value does not appear to be bit 1 of the IA32_ARCH_CAPABILITIES MSR of paragraph [00115], because this bit merely appears to indicate whether the processor supports enhanced IBRS, rather than itself indicating the core is to indicate the core is to prevent use of branch history information by the branch predictor to predict a target instruction of an indirect branch instruction to be performed by the core at a second privilege level.) However, the original disclosure (e.g., paragraph [00115]) does not appear to provide support for IA32_SPEC_CTRL.IBRS itself indicating an “always on” indirect branch prediction protection.
Claim 10 is rejected for failing to alleviate the rejection of claim 9 above.
Claim 13 recites the limitation “A method of manufacturing a processor core comprising: coupling a branch predictor of the processor core to a register of the processor core; coupling the branch predictor to an instruction fetch unit of the processor core; coupling the instruction fetch unit to an instruction cache of the processor core; coupling the instruction fetch unit to a decoder of the processor core; coupling the decoder to an execution unit of the processor core; and coupling the execution unit to general purpose registers of the processor core” in lines 1-15. However, the original disclosure does not appear to provide support for this limitation. For example, while the original disclosure may provide support for the aforementioned components of a processor core being coupled together in the manner recited, the original disclosure (e.g., paragraph [00304]) does not appear to provide support for “a method of manufacturing a processor core” comprising the recited coupling steps.
Claims 14-25 are rejected for failing to alleviate the rejection of claim 13 above.
Claim 14 recites the limitation “The method of claim 13, wherein the value indicates an always on indirect branch prediction protection” in lines 1-2. The recited value, in view of the limitations of claim 1, appears to be IA32_SPEC_CTRL.IBRS of paragraph [00115]. (Examiner submits that this value does not appear to be bit 1 of the IA32_ARCH_CAPABILITIES MSR of paragraph [00115], because this bit merely appears to indicate whether the processor supports enhanced IBRS, rather than itself indicating the core is to indicate the core is to prevent use of branch history information by the branch predictor to predict a target instruction of an indirect branch instruction to be performed by the core at a second privilege level.) However, the original disclosure (e.g., paragraph [00115]) does not appear to provide support for IA32_SPEC_CTRL.IBRS itself indicating an “always on” indirect branch prediction protection.
Claim 29 recites the limitation “a bit, when set to a value of zero, causes the hardware branch predictor to enable another indirect branch restricted speculation mode” in lines 2-3. However, the original disclosure (e.g., paragraph [00115]) does not appear to provide support for this limitation. Examiner notes that the original disclosure does not appear to convey that bit 1 of the IA32_ARCH_CAPABILITIES MSR “causes” the hardware branch predictor to enable another indirect branch restricted speculation mode. Examiner further notes that a value of 0 for bit 1 of the IA32_ARCH_CAPABILITIES MSR would appear to conflict with parent claim 26’s “always-on mode” subject matter.
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 3, 10, 15, 26-29, and 31 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claim 3 recites the limitation “the value cannot be changed by software executed by the hardware core” in lines 1-2. However, the metes and bounds of this limitation are indefinite. For example, it is indefinite as to whether the value cannot be changed by [any and all] software executed by the core, or whether the value cannot be changed by [first] software executed by the core, but can be changed by [second] software executed by the core.
Claim 10 recites the limitation “the value cannot be changed by software executed by the hardware core” in lines 1-2. However, the metes and bounds of this limitation are indefinite. For example, it is indefinite as to whether the value cannot be changed by [any and all] software executed by the core, or whether the value cannot be changed by [first] software executed by the core, but can be changed by [second] software executed by the core.
Claim 15 recites the limitation “the value cannot be changed by software executed by the processor core” in lines 1-2. However, the metes and bounds of this limitation are indefinite. For example, it is indefinite as to whether the value cannot be changed by [any and all] software executed by the core, or whether the value cannot be changed by [first] software executed by the core, but can be changed by [second] software executed by the core.
Claim 26 recites the limitation “a model specific register to store an indirect branch restricted speculation bit for the hardware core that when set to a value of one causes the hardware branch predictor to enable an always-on mode” in lines 6-8. However, the metes and bounds of this limitation are indefinite. For example, it is unclear as to how, if a mode is “always-on”, it would need to be caused to be enabled in the first place. For the purposes of this office action, Examiner is interpreting this limitation as if the “always-on” limitation was further limited by the subject matter of claim 30.
Claims 27-29 and 31 are rejected for failing to alleviate the rejection of claim 49 above.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1 and 4-7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Horn (Project Zero: Reading privileged memory with a side-channel) in view of Gilbert et al. (Gilbert) (US 20060136608 A1) in view of Bonzini (Reading privileged memory with a side-channel | Hacker News).
Consider claim 1, Horn discloses an apparatus comprising: a hardware core (page 2, processor core) comprising: a branch predictor to predict target instructions of indirect branch instructions to be performed by the hardware core (page 6, indirect call predictor that can store multiple targets per source address); and a register having a field to store a value, wherein the value is to indicate behavior (page 2, tested processors, each of which have a register having a field to store a value to indicate behavior), and the hardware core is to use branch history information by the branch predictor to predict a target instruction of an indirect branch instruction to be performed by the hardware core at a second privilege level, wherein the branch history information is to have been created based on software performed by the hardware core at a first privilege level, and wherein the second privilege level is more privileged than the first privilege level; wherein, after a transition of the hardware core from the first privilege level to the second privilege level, the hardware core is to use the branch history information by the branch predictor to predict target instructions at the second privilege level (page 5, which shows the attacker code at the userspace/guest privilege level performing a branch target injection on the victim code at the kernel/hypervisor privilege level)
To any extent to which Horn does not inherently disclose a register having a field to store a value to indicate behavior, Gilbert explicitly discloses a register having a field to store a value to indicate behavior ([0002], lines 1-18, microprocessor systems may use various forms of control registers to support their operation. One form of control register may be written to in order to set system parameters and otherwise configure the system. Various combinations of bits in such a register may set operational limits, such as depth of speculative execution or the size of a cache, or may turn on or off optional functional circuitry, such as branch predictors and prefetch units, or may enable or disable interrupts for certain events. Other forms of control registers may be read from in order to receive system status. Such control registers may also be called status registers. The status registers may provide information about system health, contents of program registers associated with a fault condition, operational temperature, and other forms of status. Many control registers may be both written to and read from. Examples of control registers may be the Model Specific Registers (MSRs) implemented in Pentium.RTM. class compatible microprocessors). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Gilbert with the invention of Horn in order to support operation of the system (Gilbert, [0002], lines 1-2) in a flexible manner. Alternatively, this modification merely entails combining prior art elements (the prior art elements of Horn cited above, and Gilbert’s teaching of a model specific register as cited above) according to known methods (Examiner submits that model specific registers were well-known to one of ordinary skill in the art before the effective filing date of the claimed invention) to yield predictable results (the invention of Horn, entailing a model specific register), which is a rationale that may support a conclusion of obviousness as per MPEP 2143.
However, the combination thus far does not entail that the value is to indicate the hardware core is to prevent use of branch history information by the branch predictor to predict a target instruction of an indirect branch instruction to be performed by the hardware core at a second privilege level, wherein the branch history information is to have been created based on software performed by the hardware core at a first privilege level, and wherein the second privilege level is more privileged than the first privilege level; wherein, after a transition of the core from the first privilege level to the second privilege level, the hardware core is to prevent the use of the branch history information by the branch predictor to predict target instructions at the second privilege level.
On the other hand, Bonzini discloses preventing use of branch history information by the branch predictor to predict a target instruction of an indirect branch instruction to be performed by the hardware core at a second privilege level, wherein the branch history information is to have been created based on software performed by the hardware core at a first privilege level, and wherein the second privilege level is more privileged than the first privilege level; wherein, after a transition of the hardware core from the first privilege level to the second privilege level, the hardware core is to prevent the use of the branch history information by the branch predictor to predict target instructions at the second privilege level (page 12, disabling indirect branch prediction (and thus speculation after indirect branches) while in kernel mode, or flushing the indirect branch predictor on kernel mode entry; page 12, chicken bit to disable indirect branch prediction).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Bonzini with the combination of Horn and Gilbert in order to increase security.
Consider claim 4, the overall combination entails the apparatus of claim 1 (see above), wherein the hardware core is to allow use of second branch history information by the branch predictor to predict the target instruction of the indirect branch instruction, wherein the second branch history information is to have been created based on software performed by the hardware core at the second privilege level (Bonzini, page 12, flushing the indirect branch predictor on kernel mode entry; Horn, page 6, indirect call predictor that can store multiple targets per source address).
Consider claim 5, the overall combination entails the apparatus of claim 1 (see above), wherein the hardware core is one of a plurality of hardware cores of the apparatus (Horn, page 2, cores).
Consider claim 6, the overall combination entails the apparatus of claim 1 (see above), wherein the hardware core, to prevent the use of the branch history information, is to disable the branch predictor or invalidate the branch predictor or stall the branch predictor or clear one or more entries of the branch predictor or flush one or more entries of the branch predictor or invalidate a prediction of the branch predictor or cause a query of the branch predictor to result in a miss (Bonzini, page 12, disabling indirect branch prediction (and thus speculation after indirect branches) while in kernel mode, or flushing the indirect branch predictor on kernel mode entry).
Consider claim 7, the overall combination entails the apparatus of claim 1 (see above), wherein the second privilege level is a supervisor privilege level, and wherein the first privilege level is a user privilege level (Horn, page 5, which shows the attacker code at the userspace/guest privilege level performing a branch target injection on the victim code at the kernel/hypervisor privilege level; Bonzini, page 12, kernel mode entry).
Claim(s) 2-3 is/are rejected under 35 U.S.C. 103 as being unpatentable over Horn, Gilbert, and Bonzini as applied to claim 1 above, and further in view of Wang et al. (Wang) (US 20120278598 A1).
Consider claim 2, the combination thus far entails the apparatus of claim 1 (see above), wherein the value indicates an indirect branch prediction protection (Gilbert, [0002], lines 1-18; Bonzini, page 12, disabling indirect branch prediction (and thus speculation after indirect branches) while in kernel mode, or flushing the indirect branch predictor on kernel mode entry; page 12, chicken bit to disable indirect branch prediction), but does not disclose that the indirect branch prediction protection is always on.
On the other hand, Wang discloses a mode being an always-on mode ([0010], lines 5-13, ports may be disabled using a reset write-once mechanism. In certain embodiments, a reset write-once mechanism is a mechanism where once information is written to a register, the register does not change state until the entire computing system is reset. In the example of a binary register, a 1 or a 0 can be written and not change from that state unless the computing system is reset. In certain embodiments, the computing system requires a hard reboot for the register to allow for a change; [0034], lines 9-11, the setting information can include a list of ports and a Boolean value as to whether respective ports should be disabled or enabled).
Wang’s teaching increases security by preventing circumventing of protection (Wang, [0009], line 4; [0010], line 1).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Wang with the combination of Horn, Gilbert, and Bonzini, in order to increase security. Alternatively, this modification merely entails combining prior art elements (the prior art elements of the combination of Horn, Gilbert, and Bonzini, cited above, including the indirect branch prediction protection mode, and the teaching of Wang of a mode being an always-on mode) according to known methods (as reflected by Wang, a mode being an always-on mode was known) to yield predictable results (the combination of Horn, Gilbert, and Bonzini, wherein the indirect branch prediction protection mode is an always-on mode), which is an example of a rationale that may support a conclusion of obviousness as per MPEP 2143.
Consider claim 3, the combination thus far entails the apparatus of claim 1 (see above), comprising the value (Gilbert, [0002], lines 1-18; Bonzini, page 12, disabling indirect branch prediction (and thus speculation after indirect branches) while in kernel mode, or flushing the indirect branch predictor on kernel mode entry; page 12, chicken bit to disable indirect branch prediction), but does not disclose that the value cannot be changed by software executed by the hardware core.
On the other hand, Wang discloses a value cannot be changed by software executed by the hardware core ([0010], lines 5-13, ports may be disabled using a reset write-once mechanism. In certain embodiments, a reset write-once mechanism is a mechanism where once information is written to a register, the register does not change state until the entire computing system is reset. In the example of a binary register, a 1 or a 0 can be written and not change from that state unless the computing system is reset. In certain embodiments, the computing system requires a hard reboot for the register to allow for a change; [0034], lines 9-11, the setting information can include a list of ports and a Boolean value as to whether respective ports should be disabled or enabled).
Wang’s teaching increases security by preventing circumventing of protection (Wang, [0009], line 4; [0010], line 1).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Wang with the combination of Horn, Gilbert, and Bonzini, in order to increase security. Alternatively, this modification merely entails combining prior art elements (the prior art elements of the combination of Horn, Gilbert, and Bonzini, cited above, including the indirect branch prediction protection mode, and the teaching of Wang that a value cannot be changed by software executed by the hardware core) according to known methods (as reflected by Wang, a value that cannot be changed by software executed by a hardware core was known) to yield predictable results (the combination of Horn, Gilbert, and Bonzini, wherein the value cannot be changed by software executed by the hardware core), which is an example of a rationale that may support a conclusion of obviousness as per MPEP 2143.
Claim(s) 8, 11-13, and 16-25 is/are rejected under 35 U.S.C. 103 as being unpatentable over Horn (Project Zero: Reading privileged memory with a side-channel) in view of Gilbert et al. (Gilbert) (US 20060136608 A1) in view of Bonzini (Reading privileged memory with a side-channel | Hacker News) in view of Gopal et al. (Gopal) (US 20140095844 A1).
Consider claim 8, Horn discloses a hardware core (page 2, processor core) coupled with the memory controller, the hardware core comprising: a branch predictor to predict target instructions of indirect branch instructions to be performed by the core (page 6, indirect call predictor that can store multiple targets per source address); and a register having a field to store a value to indicate behavior (page 2, tested processors, each of which have a register having a field to store a value to indicate behavior), and the hardware core is to use branch history information by the branch predictor to predict a target instruction of an indirect branch instruction to be performed by the hardware core at a second privilege level, wherein the branch history information is to have been created based on software performed by the hardware core at a first privilege level, and wherein the second privilege level is more privileged than the first privilege level; wherein, after a transition of the hardware core from the first privilege level to the second privilege level, the hardware core is to use the branch history information by the branch predictor to predict target instructions at the second privilege level (page 5, which shows the attacker code at the userspace/guest privilege level performing a branch target injection on the victim code at the kernel/hypervisor privilege level)
To any extent to which Horn does not inherently disclose a register having a field to store a value to indicate behavior, Gilbert explicitly discloses a register having a field to store a value to indicate behavior ([0002], lines 1-18, microprocessor systems may use various forms of control registers to support their operation. One form of control register may be written to in order to set system parameters and otherwise configure the system. Various combinations of bits in such a register may set operational limits, such as depth of speculative execution or the size of a cache, or may turn on or off optional functional circuitry, such as branch predictors and prefetch units, or may enable or disable interrupts for certain events. Other forms of control registers may be read from in order to receive system status. Such control registers may also be called status registers. The status registers may provide information about system health, contents of program registers associated with a fault condition, operational temperature, and other forms of status. Many control registers may be both written to and read from. Examples of control registers may be the Model Specific Registers (MSRs) implemented in Pentium.RTM. class compatible microprocessors).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Gilbert with the invention of Horn in order to support operation of the system (Gilbert, [0002], lines 1-2) in a flexible manner. Alternatively, this modification merely entails combining prior art elements (the prior art elements of Horn cited above, and Gilbert’s teaching of a model specific register as cited above) according to known methods (Examiner submits that model specific registers were well-known to one of ordinary skill in the art before the effective filing date of the claimed invention) to yield predictable results (the invention of Horn, entailing a model specific register), which is a rationale that may support a conclusion of obviousness as per MPEP 2143.
However, the combination thus far does not entail that the value is to indicate the hardware core is to prevent use of branch history information by the branch predictor to predict a target instruction of an indirect branch instruction to be performed by the hardware core at a second privilege level, wherein the branch history information is to have been created based on software performed by the core at a first privilege level, and wherein the second privilege level is more privileged than the first privilege level; wherein, after a transition of the hardware core from the first privilege level to the second privilege level, the hardware core is to prevent the use of the branch history information by the branch predictor to predict target instructions at the second privilege level.
On the other hand, Bonzini discloses preventing use of branch history information by the branch predictor to predict a target instruction of an indirect branch instruction to be performed by the hardware core at a second privilege level, wherein the branch history information is to have been created based on software performed by the hardware core at a first privilege level, and wherein the second privilege level is more privileged than the first privilege level; wherein, after a transition of the hardware core from the first privilege level to the second privilege level, the hardware core is to prevent the use of the branch history information by the branch predictor to predict target instructions at the second privilege level (page 12, disabling indirect branch prediction (and thus speculation after indirect branches) while in kernel mode, or flushing the indirect branch predictor on kernel mode entry; page 12, chicken bit to disable indirect branch prediction).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Bonzini with the combination of Horn and Gilbert in order to increase security.
In addition, to any extent to which Horn does not inherently disclose (via the disclosure on page 2 of the specific models of tested processors) a System-on-a-Chip (SoC) comprising: a memory controller coupled to the core, Gopal explicitly discloses a System-on-a-Chip (SoC) ([0120], line 2, SoC 1700) comprising: a memory controller (FIG. 17, integrated memory controller unit(s)) coupled to the hardware core (FIG. 17, core). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Gopal with the combination of Horn, Gilbert, and Bonzini, in order to facilitate memory control. Alternatively, this modification merely entails combining prior art elements (the cited prior art elements of Horn, Gilbert, and Bonzini, and Gopal’s explicit teaching of a System-on-a-Chip (SoC) comprising: a memory controller coupled to the hardware core) according to known methods (Examiner submits that an SoC and a memory controller were very well known to one of ordinary skill in the art before the effective filing date of the claimed invention) to yield predictable results (the combination of Horn, Gilbert, and Bonzini, further entailing a System-on-a-Chip (SoC) comprising: a memory controller coupled to the hardware core), which is an example of a rationale that may support a conclusion of obviousness as per MPEP 2143.
Consider claim 11, the overall combination entails the SoC of claim 8 (see above), wherein the hardware core is to allow use of second branch history information by the branch predictor to predict the target instruction of the indirect branch instruction, wherein the second branch history information is to have been created based on software performed by the hardware core at the second privilege level (Bonzini, page 12, flushing the indirect branch predictor on kernel mode entry; Horn, page 6, indirect call predictor that can store multiple targets per source address), and further comprising a direct memory access (DMA) unit coupled with the hardware core (Gopal, FIG, 17, DMA unit 1732).
Consider claim 12, the overall combination entails the SoC of claim 11 (see above), wherein the hardware core, to prevent the use of the branch history information, is to disable the branch predictor or invalidate the branch predictor or stall the branch predictor or clear one or more entries of the branch predictor or flush one or more entries of the branch predictor or invalidate a prediction of the branch predictor or cause a query of the branch predictor to result in a miss (Bonzini, page 12, disabling indirect branch prediction (and thus speculation after indirect branches) while in kernel mode, or flushing the indirect branch predictor on kernel mode entry).
Consider claim 13, Horn discloses a method of manufacturing a processor core comprising: coupling a branch predictor (page 6, indirect call predictor that can store multiple targets per source address) of the processor core (page 2, processor core) to a register of the processor core (page 2, tested processors, each of which have a register having a field to store a value to indicate behavior), the branch predictor to predict target instructions of indirect branch instructions to be performed by the processor core (page 6, indirect call predictor that can store multiple targets per source address), the register having a field to store a value, wherein the value is to indicate behavior (page 2, tested processors, each of which have a register having a field to store a value to indicate behavior), wherein the processor core is to use branch history information by the branch predictor to predict a target instruction of an indirect branch instruction to be performed by the processor core at a second privilege level, wherein the branch history information is to have been created based on software performed by the processor core at a first privilege level, and wherein the second privilege level is more privileged than the first privilege level (page 5, which shows the attacker code at the userspace/guest privilege level performing a branch target injection on the victim code at the kernel/hypervisor privilege level); coupling the branch predictor to an instruction fetch unit of the processor core (page 2, tested processors, each of which have a branch predictor coupled to an instruction fetch unit); coupling the instruction fetch unit to an instruction cache of the processor core (page 2, tested processors, each of which have an instruction fetch unit coupled to an instruction cache); coupling the instruction fetch unit to a decoder of the processor core (page 2, tested processors, each of which have an instruction fetch unit coupled to a decoder); coupling the decoder to an execution unit of the processor core (page 2, tested processors, each of which have a decoder coupled to an execution unit); and coupling the execution unit to general purpose registers of the processor core (page 2, tested processors, each of which have an execution unit coupled to general purpose registers); wherein, after a transition of the processor core from the first privilege level to the second privilege level, the processor core is to use the branch history information by the branch predictor to predict target instructions at the second privilege level (page 5, which shows the attacker code at the userspace/guest privilege level performing a branch target injection on the victim code at the kernel/hypervisor privilege level).
To any extent to which Horn does not inherently disclose a register having a field to store a value to indicate behavior, Gilbert explicitly discloses a register having a field to store a value to indicate behavior ([0002], lines 1-18, microprocessor systems may use various forms of control registers to support their operation. One form of control register may be written to in order to set system parameters and otherwise configure the system. Various combinations of bits in such a register may set operational limits, such as depth of speculative execution or the size of a cache, or may turn on or off optional functional circuitry, such as branch predictors and prefetch units, or may enable or disable interrupts for certain events. Other forms of control registers may be read from in order to receive system status. Such control registers may also be called status registers. The status registers may provide information about system health, contents of program registers associated with a fault condition, operational temperature, and other forms of status. Many control registers may be both written to and read from. Examples of control registers may be the Model Specific Registers (MSRs) implemented in Pentium.RTM. class compatible microprocessors).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Gilbert with the invention of Horn in order to support operation of the system (Gilbert, [0002], lines 1-2) in a flexible manner. Alternatively, this modification merely entails combining prior art elements (the prior art elements of Horn cited above, and Gilbert’s teaching of a model specific register as cited above) according to known methods (Examiner submits that model specific registers were well-known to one of ordinary skill in the art before the effective filing date of the claimed invention) to yield predictable results (the invention of Horn, entailing a model specific register), which is a rationale that may support a conclusion of obviousness as per MPEP 2143.
However, the combination thus far does not entail that the value is to indicate the core is to prevent use of branch history information by the branch predictor to predict a target instruction of an indirect branch instruction to be performed by the core at a second privilege level, wherein the branch history information is to have been created based on software performed by the core at a first privilege level, and wherein the second privilege level is more privileged than the first privilege level; wherein, after a transition of the core from the first privilege level to the second privilege level, the core is to prevent the use of the branch history information by the branch predictor to predict target instructions at the second privilege level.
On the other hand, Bonzini discloses preventing use of branch history information by the branch predictor to predict a target instruction of an indirect branch instruction to be performed by the core at a second privilege level, wherein the branch history information is to have been created based on software performed by the core at a first privilege level, and wherein the second privilege level is more privileged than the first privilege level; wherein, after a transition of the core from the first privilege level to the second privilege level, the core is to prevent the use of the branch history information by the branch predictor to predict target instructions at the second privilege level (page 12, disabling indirect branch prediction (and thus speculation after indirect branches) while in kernel mode, or flushing the indirect branch predictor on kernel mode entry; page 12, chicken bit to disable indirect branch prediction).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Bonzini with the combination of Horn and Gilbert in order to increase security.
In addition, to any extent to which Horn does not inherently disclose (via the disclosure on page 2 of the specific models of tested processors) coupling the branch predictor to an instruction fetch unit of the processor core; coupling the instruction fetch unit to an instruction cache of the processor core; coupling the instruction fetch unit to a decoder of the processor core; coupling the decoder to an execution unit of the processor core; and coupling the execution unit to general purpose registers of the processor core, Gopal explicitly discloses coupling the branch predictor to an instruction fetch unit of the processor core (FIG. 11B, branch prediction unit 1132 coupled to instruction fetch 1138); coupling the instruction fetch unit to an instruction cache of the processor core (FIG. 11B, instruction fetch 1138 coupled to instruction cache unit 1134, which is coupled