System and method for execution of a secured environment initialization instruction
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-009/00
G06F-015/00
출원번호
US-0112169
(2002-03-29)
발명자
/ 주소
Sutton, II,James A.
Grawrock,David W.
출원인 / 주소
Intel Corporation
인용정보
피인용 횟수 :
37인용 특허 :
193
초록▼
A method and apparatus for initiating secure operations in a microprocessor system is described. In one embodiment, one initiating logical processor initiates the process by halting the execution of the other logical processors, and then loading initialization and secure virtual machine monitor soft
A method and apparatus for initiating secure operations in a microprocessor system is described. In one embodiment, one initiating logical processor initiates the process by halting the execution of the other logical processors, and then loading initialization and secure virtual machine monitor software into memory. The initiating processor then loads the initialization software into secure memory for authentication and execution. The initialization software then authenticates and registers the secure virtual machine monitor software prior to secure system operations.
대표청구항▼
What is claimed is: 1. A system, comprising: a first logical processor including a secure memory to execute a secured enter instruction; and a chipset to prevent access to a secured virtual machine monitor by a non-processor device. 2. The system of claim 1, wherein said secured enter instruct
What is claimed is: 1. A system, comprising: a first logical processor including a secure memory to execute a secured enter instruction; and a chipset to prevent access to a secured virtual machine monitor by a non-processor device. 2. The system of claim 1, wherein said secured enter instruction is to cause said first logical processor to issue a special bus message to a second logical processor to synchronize said second logical processor with said first logical processor in secure operations. 3. The system of claim 1, wherein said secure memory is in a cache of said first logical processor. 4. The system of claim 1, wherein said secure memory is protected from access by circuits other than said first logical processor. 5. The system of claim 1, further comprising a security token including a platform configuration register to store a digest. 6. The system of claim 1, further comprising a second logical processor to respond to a first special bus message from said secured enter instruction. 7. The system of claim 6, wherein said second logical processor is to finish execution of a current instruction and to issue a second special bus message in response to said first special bus message. 8. The system of claim 7, wherein said chipset is to set a flag in response to receiving said second special bus message. 9. The system of claim 8, wherein said second logical processor jumps to an entry point of said secure virtual machine monitor responsive to a third special bus message. 10. A method, comprising: synchronizing a first logical processor and a second logical processor; authenticating an initialization code module; authenticating a secure virtual machine monitor; and executing said secure virtual machine monitor. 11. The method of claim 10, further comprising sending a special bus message to said second logical processor to responsively execute said secure virtual machine monitor on said second logical processor. 12. The method of claim 10, wherein said synchronizing includes a special bus message to cause said second logical processor to halt execution and send an acknowledgement. 13. The method of claim 12, wherein said synchronization includes setting a flag in a chipset responsively to said acknowledgement. 14. The method of claim 10, wherein said authenticating an initialization code module comprises moving a copy of said initialization code module and a public key to a secure memory. 15. The method of claim 14, wherein said authenticating an initialization code module includes comparing a first digest of said initialization code module to a second digest of said initialization code module. 16. The method of claim 10, wherein said authenticating a secure virtual machine monitor includes executing said initialization code module. 17. The method of claim 16, wherein said authenticating a secure virtual machine monitor includes registering said virtual machine monitor in a platform configuration register. 18. An apparatus, comprising means for synchronizing a first logical processor and a second logical processor; means for authenticating an initialization code module; means for authenticating a secure virtual machine monitor; and means for execution of said secure virtual machine monitor in said first logical processor. 19. The apparatus of claim 18, further comprising means for sending a first special bus message to said second logical processor to execute said secure virtual machine monitor on said second logical processor. 20. The apparatus of claim 18, further comprising means for moving a copy of said initialization code and a public key to a secure memory. 21. The apparatus of claim 20, further comprising means for comparing a first digest of said initialization code module to a second digest of said initialization code module. 22. The apparatus of claim 18, further comprising means for registering said secure virtual machine monitor. 23. A processor, comprising: secure enter logic to execute a first instruction to invoke secure operation initialization, and to detect a point in time to proceed with execution of a secure initialization authenticated code; and bus messaging logic to send a first special bus message responsive to said first instruction, and to send a second special bus message responsive to said detected point in time. 24. The processor of claim 23, when said point in time is subsequent to a first logical processor issuing an acknowledgement. 25. The processor of claim 23, wherein said secure enter logic is further to poll a flag register in a chipset to determine said point in time. 26. The processor of claim 23, wherein said secure enter logic is further to input a key and to authenticate a code module subsequent to said point in time. 27. The processor of claim 23, wherein said bus messaging logic is further to send a third special bus message including a code entry point. 28. A chipset, comprising: a bus messaging logic responsive to a first special bus message from a first logical processor to prepare for secure operation; and a register to store an acknowledgement from a second logical processor responsive to said first special bus message. 29. The chipset of claim 28, wherein said chipset is to compare said register to logical processor activity to determine when to signal the first logical processor to proceed with secure operation initialization. 30. The chipset of claim 29, wherein said signal includes setting a flag. 31. The chipset of claim 28, further comprising a device access logic to lock a secure virtual machine monitor. 32. The chipset of claim 28, further comprising a key register to send a key to said first logical processor subsequent to said first special bus message. 33. A system, comprising: a logical processor having a secure enter logic, and a first bus messaging logic responsive to said secure enter logic; and a chipset having a second bus messaging logic to receive a first special bus message from said first bus messaging logic, and a flag to set responsive to an acknowledgement. 34. The system of claim 33, further comprising a secure initialization authenticated code to initiate secure operations responsive to said secure enter logic. 35. The system of claim 34, further comprising a key to be used by said logical processor to authenticate said secure initialization authenticated code. 36. The system of claim 34, wherein said first bus messaging logic issues a second special bus message, and wherein said logical processor moves said secure initialization authenticated code into a secure memory subsequent to said second special bus message. 37. The system of claim 34, further comprising a secure virtual machine monitor. 38. The system of claim 37, wherein said secure initialization authenticated code performs an initialization of said secure virtual machine monitor. 39. The system of claim 38, wherein said initialization includes authentication, and wherein said chipset includes device access logic to prevent non-processor access to said secure virtual machine monitor responsive to said initialization. 40. The system of claim 38, wherein said first bus messaging logic issues a third special bus message responsive to said initialization. 41. The system of claim 40, wherein said third special bus message includes a code entry point for said secure virtual machine monitor. 42. A method, comprising: transmitting a special bus message; authenticating an initialization code within a first logical processor; authenticating a secure virtual machine monitor; and executing said secure virtual machine monitor in said first logical processor. 43. The method of claim 42, further comprising transmitting an acknowledgement responsive to said first bus message. 44. The method of claim 42, further comprising halting execution in a second logical processor and sending an acknowledgement. 45. The method of claim 44, further comprising setting a flag in a chipset responsive to said acknowledgement. 46. The method of claim 42, wherein said authenticating an initialization code comprises moving a copy of said initialization code and a public key to a secure memory. 47. The method of claim 46, wherein said authenticating an initialization code includes comparing a first digest of said initialization code to a second digest of said initialization code. 48. The method of claim 42, wherein said authenticating a secure virtual machine monitor includes executing said initialization code. 49. The method of claim 48, wherein said authenticating a secure virtual machine monitor includes registering said virtual machine monitor in a platform configuration register.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (193)
Ryba Edward G. (Milpitas CA) Lipman Peter H. (Cupertino CA) Connell Jefferson J. (Cupertino CA) Weiss David (Palo Alto CA), Access control mechanism controlling access to and logical purging of access register translation lookaside buffer (ALB).
Gannon Patrick M. (Poughkeepsie NY) Gum Peter H. (Poughkeepsie NY) Hough Roger E. (Highland NY) Murray Robert E. (Woodstock NY), Apparatus and method for TLB purge reduction in a multi-level machine system.
Bealkowski Richard (Delray Beach FL) Blackledge ; Jr. John W. (Boca Raton FL) Cronk Doyle S. (Boca Raton FL) Dayan Richard A. (Boca Raton FL) Dixon Jerry D. (Boca Raton FL) Kinnear Scott G. (Boca Rat, Apparatus and method for preventing unauthorized access to BIOS in a personal computer system.
Brelsford David P. (Hyde Park NY) Cutler Melvin M. (Los Angeles CA) Lafitte Jean-Louis (Moens NY FRX) Gdaniec Joseph M. (Hyde Park NY) Osisek Damian L. (Vestal NY) Plambeck Kenneth E. (Poughkeepsie N, Apparatus and method for providing private and shared access to host address and data spaces by guest programs in a virt.
Heller Andrew R. (Morgan Hill CA) Worley ; Jr. William S. (Endicott NY), Authorization mechanism for transfer of program control or data between different address spaces having different storag.
Ermolovich Thomas R. (Lexington MA) Stewart Robert E. (Stow MA) Leonard Judson S. (Acton MA) Cutler David N. (Nashua NH), Communications device for data processing system.
Satou Mitsugu,JPX ; Iwata Shunichi,JPX, Computer system and semiconductor device on one chip including a memory and central processing unit for making interlock access to the memory.
Ellison, Carl M.; Golliver, Roger A.; Herbert, Howard C.; Lin, Derrick C.; McKeen, Francis X.; Neiger, Gilbert; Reneris, Ken; Sutton, James A.; Thakkar, Shreekant S.; Mittal, Millind, Controlling access to multiple isolated memories in an isolated execution environment.
Ellison, Carl M.; Golliver, Roger A.; Herbert, Howard C.; Lin, Derrick C.; McKeen, Francis X.; Neiger, Gilbert; Reneris, Ken; Sutton, James A.; Thakkar, Shreekant S.; Mittal, Millind, Controlling access to multiple memory zones in an isolated execution environment.
Ellison, Carl M.; Golliver, Roger A.; Herbert, Howard C.; Lin, Derrick C.; McKeen, Francis X.; Neiger, Gilbert; Reneris, Ken; Sutton, James A.; Thakkar, Shreekant S.; Mittal, Millind, Controlling accesses to isolated memory using a memory controller for isolated execution.
Curtis, Bryce Allen, Cross-platform program, system, and method having a global registry object for mapping registry equivalent functions in an OS/2 operating system environment.
Morley Richard E. (Greenville NH), Digital computer with multi-processor capability utilizing intelligent composite memory and input/output modules and met.
Ellison, Carl M.; Golliver, Roger A.; Herbert, Howard C.; Lin, Derrick C.; McKeen, Francis X.; Neiger, Gilbert; Reneris, Ken; Sutton, James A.; Thakkar, Shreekant S.; Mittal, Millind, Executing isolated mode instructions in a secure system running in privilege rings.
Nakamura Kouji,JPX, Exposure apparatus, output control method for energy source, laser device using the control method, and method of producing microdevice.
Ellison, Carl M.; Golliver, Roger A.; Herbert, Howard C.; Lin, Derrick C.; McKeen, Francis X.; Neiger, Gilbert; Reneris, Ken; Sutton, James A.; Thakkar, Shreekant S.; Mittal, Millind, Generating a key hieararchy for use in an isolated execution environment.
Raman Nayyar ; Douglas R. Moran ; Leonard W. Cross, Graphics address relocation table (GART) stored entirely in a local memory of an expansion bridge for address translation.
Adams Phillip M. (Parowan UT) Holmstron Larry W. (Salt Lake City UT) Jacob Steve A. (South Weber UT) Powell Steven H. (Ogden UT) Condie Robert F. (Tuscon AZ) Culley Martin L. (Tuscon AZ), Kernels, description tables, and device drivers.
Johnson James Scott (Fort Worth TX) Short Tim (Duncanville TX) Intrater Gideon (Sunnyvale CA), Memory management circuit which provides simulated privilege levels.
Barnett Philip C.,GBX, Memory management method and apparatus for partitioning homogeneous memory and restricting access of installed applications to predetermined memory ranges.
Chemin Francois (Plaisir FRX) Ugon Michel (Maurepas FRX), Method and apparatus for certifying services obtained using a portable carrier such as a memory card.
Harold L. McFarland ; David R. Stiles ; Korbin S. Van Dyke ; Shrenik Mehta ; John Gregory Favor ; Dale R. Greenley ; Robert A. Cargnoni, Method and apparatus for debugging an integrated circuit.
Miller David A. ; Jansen Kenneth A. ; Culley Paul R. ; Taylor Mark ; Izquierdo Javier F., Method and apparatus for independently resetting processors and cache controllers in multiple processor systems.
Cotichini Christian,CAX ; Cain Fraser,CAX ; Ashworth David G.,CAX ; Livingston Peter Michael Bruce,CAX ; Solymar Gabor,CAX ; Gardner Philip B.,CAX ; Woinoski Timothy S.,CAX, Method and apparatus to monitor and locate an electronic device using a secured intelligent agent.
Luiz Fernando A. (Monte Sereno CA) Snyder Harlan C. (Saratoga CA) Sorg ; Jr. John H. (Los Gatos CA), Method and means for path independent device reservation and reconnection in a multi-CPU and shared device access system.
Kahle James Allan ; Loper Albert J. ; Mallick Soummya ; Ogden Aubrey Deene ; Sell John Victor, Method and system for enhanced management operation utilizing intermixed user level and supervisory level instructions w.
Ellison, Carl M.; Golliver, Roger A.; Herbert, Howard C.; Lin, Derrick C.; McKeen, Francis X.; Neiger, Gilbert; Reneris, Ken; Sutton, James A.; Thakkar, Shreekant S.; Mittal, Millind, Method and system for scrubbing an isolated area of memory after reset of a processor operating in isolated execution mode if a cleanup flag is set.
Hazard Michel (Mareil/Mauldre FRX) Ugon Michel (Maurepas FRX), Method for authenticating an external authorizing datum by a portable object, such as a memory card.
Melo Michael D. (Billerica MA), Method for automatically transitioning from V86 mode to protected mode in a computer system using an Intel 80386 or 8048.
Hazard Michel (Mareil/Mauldre FRX), Method for certifying the authenticity of a datum exchanged between two devices connected locally or remotely by a trans.
Ugon Michel (Maurepas FRX) Oisel Andr (Elancourt FRX), Method for checking the integrity of a program or data, and apparatus for implementing this method.
Greenstein Paul Gregory ; Guyette Richard Roland ; Rodell John Ted, Method for managing I/O buffers in shared storage by structuring buffer table having entries including storage keys for.
Panwar Ramesh ; Chamdani Joseph I., Method of executing coded instructions in a multiprocessor having shared execution resources including active, nap, and sleep states in accordance with cache miss latency.
Scalzi Casper A. (Poughkeepsie NY) Starke William J. (Austin TX), Method of using a target processor to execute programs of a source architecture that uses multiple address spaces.
Ganapathy Narayanan ; Stevens Luis F. ; Schimmel Curt F., Method, system and computer program product for dynamically allocating large memory pages of different sizes.
Eugene Feng ; Gary Phillips, Microcontroller system having allocation circuitry to selectively allocate and/or hide portions of a program memory address space.
Grimmer ; Jr. George G. ; Rhoades Michael W., Microcontroller with security logic circuit which prevents reading of internal memory by external program.
Goetz John W. ; Mahin Stephen W. ; Bergkvist John J., Microprocessor with an architecture mode control capable of supporting extensions of two distinct instruction-set archi.
Blomgren James S. (San Jose CA) Bracking Jimmy (San Jose CA) Richter David (San Jose CA) Spahn Francis (El Cerrito CA), Microprocessor with operation capture facility.
Hough Roger E. (Austin TX) Murray Robert E. (Kingston NY), Multiprocessing system including gating of host I/O and external enablement to guest enablement at polling intervals.
McDonald, Michael F.; Arora, Sumeet; Chu, Mark, Mutual exclusion at the record level with priority inheritance for embedded systems using one semaphore.
Reardon David C., Network security system allowing access and modification to a security subsystem after initial installation when a master token is in place.
Neufeld E. David (Tomball TX), Posted disk read operations performed by signalling a disk read complete to the system prior to completion of data trans.
Provanzano Salvatore R. (Melrose MA) Aldrich Wilbert H. (Winchester MA) D\Angelo Robert A. (Windham NH) Drottar Emil P. (Ipswich MA) Finnegan ; Jr. John J. (Hudson NH) Heom James (Bedford MA) Hill La, Programmable controller.
Robinson Paul T. (Arlington MA) Mason Andrew H. (Hollis NH) Hall Judith S. (Sudbury MA), Protection ring extension for computers having distinct virtual machine monitor and virtual machine address spaces.
John K. Gee ; David A. Greve ; David S. Hardin ; Allen P. Mass ; Michael H. Masters ; Nick M. Mykris ; Matthew M. Wilding, Real time processor capable of concurrently running multiple independent JAVA machines.
Ellison, Carl M.; Golliver, Roger A.; Herbert, Howard C.; Lin, Derrick C.; McKeen, Francis X.; Neiger, Gilbert; Sutton, James A.; Thakkar, Shreekant S.; Mittal, Millind; Reneris, Ken, Resetting a processor in an isolated execution environment.
Goire Christian (Les Clayes Sous Bois FRX) Sigaud Alain (Elancourt FRX) Moyal Eric (Paris FRX), Safeguarded remote loading of service programs by authorizing loading in protected memory zones in a terminal.
Browne Hendrik A., Secure computer system and method of providing secure access to a computer system including a stand alone switch operable to inhibit data corruption on a storage device.
Mark J. Foster ; Saifuddin T. Fakhruddin ; James L. Walker ; Matthew B. Mendelow ; Jiming Sun ; Rodman S. Brahman ; Michael P. Krau ; Brian D. Willoughby ; Michael D. Maddix ; Steven L. Belt, Suspend/resume capability for a protected mode microprocesser.
Hudson Jerome D. ; Champagne Jean-Paul,FRX ; Galindo Mary A. ; Hickerson Cynthia M. K. ; Hickman Donna R. ; Lockhart Robert P. ; Saddler Nancy B. ; Stange Patricia A., System and method for accessing enterprise-wide resources by presenting to the resource a temporary credential.
Angelo Michael F. ; Olarig Sompong P. ; Wooten David R. ; Driscoll Dan J., System and method for performing secure device communications in a peer-to-peer bus architecture.
Inoue Taro (Sagamihara JPX) Umeno Hidenori (Kanagawa JPX) Tanaka Shunji (Sagamihara JPX) Yamamoto Tadashi (Kanagawa JPX) Ohtsuki Toru (Hadano JPX), System for recovery from a virtual machine monitor failure with a continuous guest dispatched to a nonguest mode.
Nardone Joseph M. ; Mangold Richard P. ; Pfotenhauer Jody L. ; Shippy Keith L. ; Aucsmith David W. ; Maliszewski Richard L. ; Graunke Gary L., Tamper resistant methods and apparatus.
Nardone Joseph M. ; Mangold Richard T. ; Pfotenhauer Jody L. ; Shippy Keith L. ; Aucsmith David W. ; Maliszewski Richard L. ; Graunke Gary L., Tamper resistant methods and apparatus.
Nardone Joseph M. ; Mangold Richard P. ; Pfotenhauer Jody L. ; Shippy Keith L. ; Aucsmith David W. ; Maliszewski Richard L. ; Graunke Gary L., Tamper resistant player for scrambled contents.
Mason Andrew H. (Hollis NH) Hall Judith S. (Sudbury MA) Robinson Paul T. (Arlington MA) Witek Richard T. (Littleton MA), Translation buffer for virtual machines with address space match.
Bryant Barbara J. (Clinton Corners NY) Garrison Glen E. (Wallkill NY) Sutherland Danny R. (Poughkeepsie NY) Rubsam Kenneth G. (Poughkeepsie NY), Virtual storage computer system having methods and apparatus for providing token-controlled access to protected pages of.
Scott W. Devine ; Edouard Bugnion ; Mendel Rosenblum, Virtualization system including a virtual machine monitor for a computer with a segmented architecture.
McGrath, Kevin J.; Strongin, Geoffrey S.; Gulick, Dale E.; Hughes, William A.; Christie, David S., Computer system including a secure execution mode-capable CPU and a security services processor connected via a secure communication path.
Bourne, Steve; Dillaway, Blair Brewster; Jacomet, Pierre; Malaviarachchi, Rushmi U.; Parambir, Kumar B.; Rozenfeld, Yevgeniy Eugene; Venkatesh, Chandramouli; Rose, Charles F., Issuing a publisher use license off-line in a digital rights management (DRM) system.
Bourne, Steve; Dillaway, Blair Brewster; Jacomet, Pierre; Malviarachchi, Rushmi U; Parambir, Kumar B; Rozenfeld, Yevgeniy Eugene; Venkatesh, Chandramouli; Rose, III, Charles F, Issuing a publisher use license off-line in a digital rights management (DRM) system.
Peterson, Zachary Nathaniel Joseph; Stubblefield, Adam Bradley; Bono, Stephen C.; Green, Matthew Daniel, Method and apparatus for limiting access to sensitive data.
Hall, William E.; Hunt, Guerney D. H.; Karger, Paul A.; McIntosh, Suzanne K.; Mergen, Mark F.; Safford, David R.; Toll, David C., Secure recursive virtualization.
Hall, William E.; Hunt, Guerney D. H.; Karger, Paul A.; McIntosh, Suzanne K.; Mergen, Mark F.; Safford, David R.; Toll, David C., Secure recursive virtualization.
Frank, Alexander; Steeb, Curt A.; Ahdout, Isaac P.; Duffus, James S.; Hall, Martin; Temple, Nicholas; Venkatachalam, Rajagopal; Phillips, Thomas; Xu, Zhangwei, Special PC mode entered upon detection of undesired state.
Lo, Yuan-Chang; Dandekar, Shree, System and method for pre-boot authentication of a secure client hosted virtualization in an information handling system.
Konetski, David; Stufflebeam, Kenneth W.; Dandekar, Shree, System and method for supporting full volume encryption devices in a client hosted virtualization system.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.