Method and apparatus for loading a trustable operating system
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-011/30
G06F-012/14
출원번호
UP-0085839
(2002-02-25)
등록번호
US-7631196
(2009-12-16)
발명자
/ 주소
Kozuch, Michael A.
Sutton, James A.
Grawrock, David
출원인 / 주소
Intel Corporation
대리인 / 주소
Blakely, Sokoloff, Taylor & Zafman LLP
인용정보
피인용 횟수 :
5인용 특허 :
197
초록▼
A method and apparatus is provided in which a trustable operating system is loaded into a region in memory. A start secure operation (SSO) triggers a join secure operation (JSO) to halt all but one central processing unit (CPU) in a multi-processor computer. The SSO causes the active CPU to load a c
A method and apparatus is provided in which a trustable operating system is loaded into a region in memory. A start secure operation (SSO) triggers a join secure operation (JSO) to halt all but one central processing unit (CPU) in a multi-processor computer. The SSO causes the active CPU to load a component of an operating system into a specified region in memory, register the identity of the loaded operating system by recording a cryptographic hash of the contents of the specified region in memory, begin executing at a known entry point in the specified region and trigger the JSO to cause the halted CPUs to do the same.
대표청구항▼
What is claimed is: 1. A method of loading a trustable operating system comprising: performing a start secure operation by a first processor of a plurality of processors; performing a join secure operation by remaining processors of the plurality of processors excluding the first processor, the joi
What is claimed is: 1. A method of loading a trustable operating system comprising: performing a start secure operation by a first processor of a plurality of processors; performing a join secure operation by remaining processors of the plurality of processors excluding the first processor, the join secure operation performed from the start secure operation and forces the remaining processors of the plurality of processors to enter into a halted state that prevents the remaining processors from interfering with the operations of the first processor; receiving signals by the first processor from the remaining processors that the remaining processors have entered the halted state; identifying a secure region in a memory of a computer; loading a content into the identified region under control by the first processor after receiving the signals that the remaining processors have entered the halted state; registering an identity of the content after the content is loaded into the identified region, the registering comprises: recording a hash digest of the content of the identified region, and signing the hash digest with a hash signing engine having a secure channel to access the hash digest, the signed hash digest being stored in a register in the memory of the computer that is accessible by an outside entity to verify whether the content can be trusted; causing the first processor to jump to a known entry point in the identified region in the memory; and completing the start secure operation by the first processor and signaling the remaining processors to resume activity by exiting the halted state and jumping to the known entry point in the identified region in the memory. 2. The method of claim 1, further comprising: preventing interference with the identifying, loading, and registering by at least a second processor of the plurality of processors while the first processor is loading the content into the identified region. 3. The method of claim 2, wherein preventing interference comprises halting at least the second processor of the plurality of processors until the identifying, loading, and registering is complete. 4. The method of claim 1, further comprising: blocking access to the secure region of the memory for a duration of the start secure operation even after receiving the signals that the remaining processors have entered the halted state when the plurality of processors are implemented within a computer system that supports direct memory access (DMA). 5. The method of claim 1, wherein identifying comprises receiving a region parameter, the region parameter specifying a location of the region. 6. The method of claim 5, wherein the location comprises a range of addresses in the memory of the computer within which the region is located. 7. The method of claim 5, wherein the location comprises a start address and a length of the memory of the computer within which the region is located. 8. The method of claim 1 wherein the content is a component of an operating system to operate the computer. 9. The method of claim 8, wherein the component of the operating system is a one of a virtual machine monitor, and a privileged software nucleus. 10. The method of claim 1 wherein identifying, loading and registering are uninterruptible. 11. The method of claim 1, wherein the join secure operation is performed atomically from the start secure operation. 12. An article of manufacture comprising: a machine-accessible medium including a data that, when accessed by a machine cause the machine to, halt all but one of a plurality of central processing units (CPUs) in a computer; identify a region in a memory of the computer; block access to the identified region by all resources except the non-halted CPU only after receiving signals by the one of the plurality of CPUs that a remainder of the plurality of CPUs have entered into a halted state; load a content into the identified region; register an identity of the content of the identified region, the registering comprises: computing the cryptographic hash of the identified region, recording the computed cryptographic hash of the content in the identified region, and signing the computed cryptographic hash with a hash signing engine having a secure channel to access the cryptographic hash, the signed cryptographic hash being stored in a register in the memory of the computer that is accessible by an outside entity to verify whether the content can be trusted; and cause the non-halted CPU to begin executing at a known entry point in the identified region after the identity of the content has been registered. 13. The article of manufacture of claim 12, wherein the data that causes the machine to halt the all but one of a plurality of CPUs comprises data causing the all but one of a plurality of CPUs to enter a halted state. 14. The article of manufacture of claim 13, wherein the data further causes the halted CPUs to exit the halted state after the one of the plurality of CPUs has begun executing at the known entry point in the identified region. 15. The article of manufacture of claim 14, wherein the data further causes the previously halted CPUs to begin executing at the known entry point in the identified region upon exiting the halted state. 16. The article of manufacture of claim 13, wherein the data that causes the machine to record the cryptographic hash includes data that further causes the machine to, erase a hash digest area in the memory of the computer; and record a platform information in the hash digest area; the platform information includes a version number of the one of the plurality of CPUs. 17. The article of manufacture of claim 13, wherein the data that causes the machine to identify the region in memory of the computer includes data that further causes the machine to receive at least one region parameter containing a location of the identified region. 18. The article of manufacture of claim 13, wherein the location includes an address of the identified region. 19. The article of manufacture of claim 13, wherein the location includes a length of the identified region. 20. A method of securing a region in a memory of a computer comprising: halting all but one of a plurality of processors in a computer, the halted processors entering into a special halted state; identifying a region in a memory of a computer; loading content into the region only after the halting of all but the one of the plurality of processors; blocking access to the region in a memory of the computer by all resources except the non-halted processor; registering an identity of the content of the region in the memory, the registering comprises: recording a cryptographic hash of the region, and; signing the cryptographic hash with a digest signing engine coupled to the memory of the computer having a secure channel to access the cryptographic hash, the signed cryptographic hash being stored in a register in the memory of the computer that is accessible by an outside entity to verify whether the content can be trusted; and placing the non-halted processor into a known privileged state; releasing the halted processors after the non-halted processor has been placed into the known privileged state. 21. The method of claim 20, further comprising causing the non-halted processor to jump to a known entry point in the region. 22. The method of claim 21, further comprising causing the halted processors to exit the special halted state so as to release the halted processors after the non-halted processor has been placed into the known privileged state. 23. The method of claim 20, further comprising causing the previously halted processors to begin executing at a known entry point in the region upon exiting the special halted state. 24. The method of claim 20, wherein recording the cryptographic hash comprises: erasing a hash digest area in the memory of the computer; recording a platform information in the hash digest area, the platform information including a version number of the non-halted processor; computing the cryptographic hash of the content of the region; and recording the computed cryptographic hash in the hash digest area. 25. The method claim 24, wherein the hash digest area is a register in the memory of the computer. 26. The method of claim 20, wherein the region is specified in at least one region parameter. 27. The method of claim 26, wherein the at least one region parameter is an address of the region in the memory of the computer that is to be secured. 28. The method of claim 26, wherein the at least one region parameter is a length of the region in the memory of the computer that is to be secured. 29. A method of loading a trustable operating system comprising: selecting an area in a memory accessible to a first processor of a plurality of processors the plurality of processors including the first processor and at least one processor; halting all processors of the plurality of processors except for the first processor from accessing the memory; loading data into the selected area after the first processor receiving signaling from the at least one processor to indicate that the at least one processor is in a halted state; registering an identity of the data loaded in the selected area by recording a unique cryptographic function of the data loaded in the selected area, and signing the unique cryptographic function with a hash signing engine having a secure channel to access the unique cryptographic function, the signed unique cryptographic function being stored in a register in memory and accessible by an outside entity to verify whether the data is trustworthy; directing the first processor to commence processing at an entry point in the selected area; and releasing all of the halted processors and directing the released processors to commence processing at the entry point of the selected area. 30. The method of claim 29, wherein preventing interruption comprises halting any other processors having access to the memory until the selecting, loading, and directing is complete. 31. The method of claim 30, further comprising: causing the other processors to commence processing at an entry point in the selected area. 32. The method of claim 29, wherein selecting comprises receiving a parameter specifying a location of the selected area. 33. The method of claim 32, wherein the location is a range of addresses in memory within which the selected area is located. 34. The method of claim 32, wherein the location comprises a start address and a length of memory within which the area is located. 35. The method of claim 29 wherein the data is a component of an operating system to operate a device in which the memory resides. 36. The method of claim 35, wherein the operating system has a graphical user interface.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (197)
Ryba Edward G. (Milpitas CA) Lipman Peter H. (Cupertino CA) Connell Jefferson J. (Cupertino CA) Weiss David (Palo Alto CA), Access control mechanism controlling access to and logical purging of access register translation lookaside buffer (ALB).
Gannon Patrick M. (Poughkeepsie NY) Gum Peter H. (Poughkeepsie NY) Hough Roger E. (Highland NY) Murray Robert E. (Woodstock NY), Apparatus and method for TLB purge reduction in a multi-level machine system.
Bealkowski Richard (Delray Beach FL) Blackledge ; Jr. John W. (Boca Raton FL) Cronk Doyle S. (Boca Raton FL) Dayan Richard A. (Boca Raton FL) Dixon Jerry D. (Boca Raton FL) Kinnear Scott G. (Boca Rat, Apparatus and method for preventing unauthorized access to BIOS in a personal computer system.
Brelsford David P. (Hyde Park NY) Cutler Melvin M. (Los Angeles CA) Lafitte Jean-Louis (Moens NY FRX) Gdaniec Joseph M. (Hyde Park NY) Osisek Damian L. (Vestal NY) Plambeck Kenneth E. (Poughkeepsie N, Apparatus and method for providing private and shared access to host address and data spaces by guest programs in a virt.
Heller Andrew R. (Morgan Hill CA) Worley ; Jr. William S. (Endicott NY), Authorization mechanism for transfer of program control or data between different address spaces having different storag.
Ermolovich Thomas R. (Lexington MA) Stewart Robert E. (Stow MA) Leonard Judson S. (Acton MA) Cutler David N. (Nashua NH), Communications device for data processing system.
Satou Mitsugu,JPX ; Iwata Shunichi,JPX, Computer system and semiconductor device on one chip including a memory and central processing unit for making interlock access to the memory.
Ellison, Carl M.; Golliver, Roger A.; Herbert, Howard C.; Lin, Derrick C.; McKeen, Francis X.; Neiger, Gilbert; Reneris, Ken; Sutton, James A.; Thakkar, Shreekant S.; Mittal, Millind, Controlling access to multiple isolated memories in an isolated execution environment.
Ellison, Carl M.; Golliver, Roger A.; Herbert, Howard C.; Lin, Derrick C.; McKeen, Francis X.; Neiger, Gilbert; Reneris, Ken; Sutton, James A.; Thakkar, Shreekant S.; Mittal, Millind, Controlling access to multiple memory zones in an isolated execution environment.
Curtis, Bryce Allen, Cross-platform program, system, and method having a global registry object for mapping registry equivalent functions in an OS/2 operating system environment.
Morley Richard E. (Greenville NH), Digital computer with multi-processor capability utilizing intelligent composite memory and input/output modules and met.
Ellison, Carl M.; Golliver, Roger A.; Herbert, Howard C.; Lin, Derrick C.; McKeen, Francis X.; Neiger, Gilbert; Reneris, Ken; Sutton, James A.; Thakkar, Shreekant S.; Mittal, Millind, Executing isolated mode instructions in a secure system running in privilege rings.
Nakamura Kouji,JPX, Exposure apparatus, output control method for energy source, laser device using the control method, and method of producing microdevice.
Schneider Fred B. (Ithaca NY) Lampson Butler (Cambridge MA) Balkovich Edward (Acton MA) Thiel David (Colorado Springs CO), Fault tolerant computer system with shadow virtual processor.
Adams Phillip M. (Parowan UT) Holmstron Larry W. (Salt Lake City UT) Jacob Steve A. (South Weber UT) Powell Steven H. (Ogden UT) Condie Robert F. (Tuscon AZ) Culley Martin L. (Tuscon AZ), Kernels, description tables, and device drivers.
Bean George H. (Kingston NY) Borden Terry L. (Poughkeepsie NY) Farrell Mark S. (Pleasant Valley NY) Gum Peter H. (Poughkeepsie NY) Hough Roger E. (Highland NY) Johnson Francis E. (Poughkeepsie NY) Mc, Logical resource partitioning of a data processing system.
Lim, Beng-Hong; Bugnion, Edouard; Devine, Scott W., Mechanism for restoring, porting, replicating and checkpointing computer systems using state extraction.
Johnson James Scott (Fort Worth TX) Short Tim (Duncanville TX) Intrater Gideon (Sunnyvale CA), Memory management circuit which provides simulated privilege levels.
Barnett Philip C.,GBX, Memory management method and apparatus for partitioning homogeneous memory and restricting access of installed applications to predetermined memory ranges.
Harold L. McFarland ; David R. Stiles ; Korbin S. Van Dyke ; Shrenik Mehta ; John Gregory Favor ; Dale R. Greenley ; Robert A. Cargnoni, Method and apparatus for debugging an integrated circuit.
Miller David A. ; Jansen Kenneth A. ; Culley Paul R. ; Taylor Mark ; Izquierdo Javier F., Method and apparatus for independently resetting processors and cache controllers in multiple processor systems.
Cotichini Christian,CAX ; Cain Fraser,CAX ; Ashworth David G.,CAX ; Livingston Peter Michael Bruce,CAX ; Solymar Gabor,CAX ; Gardner Philip B.,CAX ; Woinoski Timothy S.,CAX, Method and apparatus to monitor and locate an electronic device using a secured intelligent agent.
Luiz Fernando A. (Monte Sereno CA) Snyder Harlan C. (Saratoga CA) Sorg ; Jr. John H. (Los Gatos CA), Method and means for path independent device reservation and reconnection in a multi-CPU and shared device access system.
Kahle James Allan ; Loper Albert J. ; Mallick Soummya ; Ogden Aubrey Deene ; Sell John Victor, Method and system for enhanced management operation utilizing intermixed user level and supervisory level instructions w.
Melo Michael D. (Billerica MA), Method for automatically transitioning from V86 mode to protected mode in a computer system using an Intel 80386 or 8048.
Greenstein Paul Gregory ; Guyette Richard Roland ; Rodell John Ted, Method for managing I/O buffers in shared storage by structuring buffer table having entries including storage keys for.
Panwar Ramesh ; Chamdani Joseph I., Method of executing coded instructions in a multiprocessor having shared execution resources including active, nap, and sleep states in accordance with cache miss latency.
Hargrove Richard R. (Redmond WA) Barrett Phillip R. (Redmond WA) Lipe Ralph A. (Redmond WA) Reynolds Aaron R. (Redmond WA) Wilson Marc D. (Seattle WA), Method of transferring control in a multitasking computer system.
Scalzi Casper A. (Poughkeepsie NY) Starke William J. (Austin TX), Method of using a target processor to execute programs of a source architecture that uses multiple address spaces.
Ganapathy Narayanan ; Stevens Luis F. ; Schimmel Curt F., Method, system and computer program product for dynamically allocating large memory pages of different sizes.
Eugene Feng ; Gary Phillips, Microcontroller system having allocation circuitry to selectively allocate and/or hide portions of a program memory address space.
Grimmer ; Jr. George G. ; Rhoades Michael W., Microcontroller with security logic circuit which prevents reading of internal memory by external program.
Goetz John W. ; Mahin Stephen W. ; Bergkvist John J., Microprocessor with an architecture mode control capable of supporting extensions of two distinct instruction-set archi.
Blomgren James S. (San Jose CA) Bracking Jimmy (San Jose CA) Richter David (San Jose CA) Spahn Francis (El Cerrito CA), Microprocessor with operation capture facility.
Hough Roger E. (Austin TX) Murray Robert E. (Kingston NY), Multiprocessing system including gating of host I/O and external enablement to guest enablement at polling intervals.
McDonald, Michael F.; Arora, Sumeet; Chu, Mark, Mutual exclusion at the record level with priority inheritance for embedded systems using one semaphore.
Reardon David C., Network security system allowing access and modification to a security subsystem after initial installation when a master token is in place.
Neufeld E. David (Tomball TX), Posted disk read operations performed by signalling a disk read complete to the system prior to completion of data trans.
Provanzano Salvatore R. (Melrose MA) Aldrich Wilbert H. (Winchester MA) D\Angelo Robert A. (Windham NH) Drottar Emil P. (Ipswich MA) Finnegan ; Jr. John J. (Hudson NH) Heom James (Bedford MA) Hill La, Programmable controller.
Robinson Paul T. (Arlington MA) Mason Andrew H. (Hollis NH) Hall Judith S. (Sudbury MA), Protection ring extension for computers having distinct virtual machine monitor and virtual machine address spaces.
John K. Gee ; David A. Greve ; David S. Hardin ; Allen P. Mass ; Michael H. Masters ; Nick M. Mykris ; Matthew M. Wilding, Real time processor capable of concurrently running multiple independent JAVA machines.
Browne Hendrik A., Secure computer system and method of providing secure access to a computer system including a stand alone switch operable to inhibit data corruption on a storage device.
Mark J. Foster ; Saifuddin T. Fakhruddin ; James L. Walker ; Matthew B. Mendelow ; Jiming Sun ; Rodman S. Brahman ; Michael P. Krau ; Brian D. Willoughby ; Michael D. Maddix ; Steven L. Belt, Suspend/resume capability for a protected mode microprocesser.
Hudson Jerome D. ; Champagne Jean-Paul,FRX ; Galindo Mary A. ; Hickerson Cynthia M. K. ; Hickman Donna R. ; Lockhart Robert P. ; Saddler Nancy B. ; Stange Patricia A., System and method for accessing enterprise-wide resources by presenting to the resource a temporary credential.
Angelo Michael F. ; Olarig Sompong P. ; Wooten David R. ; Driscoll Dan J., System and method for performing secure device communications in a peer-to-peer bus architecture.
Teper Jeffrey A. ; Koneru Sudheer ; Mangione Gordon ; Balaz Rudolph ; Contorer Aaron M. ; Chao Lucy, System and method for providing trusted brokering services over a distributed network.
Inoue Taro (Sagamihara JPX) Umeno Hidenori (Kanagawa JPX) Tanaka Shunji (Sagamihara JPX) Yamamoto Tadashi (Kanagawa JPX) Ohtsuki Toru (Hadano JPX), System for recovery from a virtual machine monitor failure with a continuous guest dispatched to a nonguest mode.
Nardone Joseph M. ; Mangold Richard P. ; Pfotenhauer Jody L. ; Shippy Keith L. ; Aucsmith David W. ; Maliszewski Richard L. ; Graunke Gary L., Tamper resistant methods and apparatus.
Nardone Joseph M. ; Mangold Richard T. ; Pfotenhauer Jody L. ; Shippy Keith L. ; Aucsmith David W. ; Maliszewski Richard L. ; Graunke Gary L., Tamper resistant methods and apparatus.
Nardone Joseph M. ; Mangold Richard P. ; Pfotenhauer Jody L. ; Shippy Keith L. ; Aucsmith David W. ; Maliszewski Richard L. ; Graunke Gary L., Tamper resistant player for scrambled contents.
Mason Andrew H. (Hollis NH) Hall Judith S. (Sudbury MA) Robinson Paul T. (Arlington MA) Witek Richard T. (Littleton MA), Translation buffer for virtual machines with address space match.
Bryant Barbara J. (Clinton Corners NY) Garrison Glen E. (Wallkill NY) Sutherland Danny R. (Poughkeepsie NY) Rubsam Kenneth G. (Poughkeepsie NY), Virtual storage computer system having methods and apparatus for providing token-controlled access to protected pages of.
Scott W. Devine ; Edouard Bugnion ; Mendel Rosenblum, Virtualization system including a virtual machine monitor for a computer with a segmented architecture.
Peterson, Zachary Nathaniel Joseph; Stubblefield, Adam Bradley; Bono, Stephen C.; Green, Matthew Daniel, Method and apparatus for limiting access to sensitive data.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.