IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0263221
(2008-10-31)
|
등록번호 |
US-8209763
(2012-06-26)
|
발명자
/ 주소 |
- Henry, G. Glenn
- Parks, Terry
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 |
피인용 횟수 :
0 인용 특허 :
42 |
초록
▼
An apparatus including a microprocessor and a secure non-volatile memory. The microprocessor is a single integrated circuit disposed on a single die, and executes non-secure application programs and a secure application program. The secure application program is executed in a secure execution mode.
An apparatus including a microprocessor and a secure non-volatile memory. The microprocessor is a single integrated circuit disposed on a single die, and executes non-secure application programs and a secure application program. The secure application program is executed in a secure execution mode. The non-secure application programs are accessed from a system memory via a system bus. The microprocessor has a non-volatile enabled indicator register that is configured indicate whether the microprocessor is within the secure execution mode or a non-secure execution mode, where contents of the non-volatile enabled indicator register persist through power removal and reapplication to the microprocessor. The secure non-volatile memory is coupled to the microprocessor via a private bus and is configured to store the secure application program, where transactions over the private bus between the microprocessor and the secure non-volatile memory are isolated from the system bus and corresponding system bus resources within the microprocessor.
대표청구항
▼
1. An apparatus providing for a secure execution mode of operation, comprising: a microprocessor, comprising a single integrated circuit disposed on a single die, configured to execute non-secure application programs and a secure application program, wherein said secure application program is execut
1. An apparatus providing for a secure execution mode of operation, comprising: a microprocessor, comprising a single integrated circuit disposed on a single die, configured to execute non-secure application programs and a secure application program, wherein said secure application program is executed exclusively within the secure execution mode within said microprocessor, and wherein said non-secure application programs are accessed from a system memory via a system bus, said microprocessor comprising: a non-volatile enabled indicator register, configured indicate whether said microprocessor is within the secure execution mode or a non-secure execution mode, wherein contents of said non-volatile enabled indicator register persist through power removal and reapplication to said microprocessor; anda secure non-volatile memory, coupled to said microprocessor via a private bus, configured to store said secure application program, wherein transactions over said private bus between said microprocessor and said secure non-volatile memory are isolated from said system bus and corresponding system bus resources within said microprocessor, and wherein, upon enablement of said secure execution mode, said microprocessor encrypts said secure application program and transfers said secure application program to said secure non-volatile memory over said bus. 2. The apparatus as recited in claim 1, wherein secure execution mode logic within said microprocessor performs a first write to said non-volatile enabled indicator register upon entry into the secure execution mode to indicate that said microprocessor is within the secure execution mode. 3. The apparatus as recited in claim 2, wherein the secure execution mode logic performs a second write to said non-volatile enabled indicator register upon exit from the secure execution mode to indicate that sad microprocessor is within said non-secure execution mode. 4. The apparatus as recited in claim 1, wherein said non-volatile enabled indicator register comprises a plurality of fuses disposed within said microprocessor. 5. The apparatus as recited in claim 4, wherein the number of times that said microprocessor can transition between the secure execution mode and said non-secure execution mode corresponds to the number of said plurality of fuses. 6. The apparatus as recited in claim 1, wherein, following a write to said non-volatile enabled indicator to indicate that said microprocessor is within the secure execution mode, secure execution mode logic within said microprocessor directs said microprocessor to perform a reset operation. 7. The apparatus as recited in claim 1, wherein secure execution mode logic within said microprocessor evaluates contents of said non-volatile enabled register upon a request to return from the secure execution mode to said non-secure execution mode to determine whether return to said non-secure execution mode is supported, and wherein the secure execution mode is maintained if said non-secure execution mode is unsupported. 8. A microprocessor apparatus, for executing secure code within a secure execution mode of operation, the microprocessor apparatus comprising: a secure non-volatile memory, configured to store a secure application program, wherein said secure application program is encrypted and transferred over a private bus to said secure non-volatile memory; anda microprocessor, comprising a single integrated circuit disposed on a single die, coupled to said secure non-volatile memory via said private bus, configured to execute non-secure application programs and said secure application program, wherein said secure application program is executed exclusively within the secure execution mode, said microprocessor comprising: a bus interface unit, configured to accomplish system bus transactions over a system bus to access said non-secure applications in system memory;a secure non-volatile memory interface unit, configured to couple said microprocessor to said secure non-volatile memory via a private bus, wherein private bus transactions over said private bus to access said secure non-volatile memory are hidden from observation by system bus resources within said microprocessor and to any device coupled to said system bus; anda non-volatile enabled indicator register, configured indicate whether said microprocessor is within the secure execution mode or a non-secure execution mode, wherein contents of said non-volatile enabled indicator register persist through power removal and reapplication to said microprocessor. 9. The microprocessor apparatus as recited in claim 8, wherein secure execution mode logic within said microprocessor performs a first write to said non-volatile enabled indicator register upon entry into the secure execution mode to indicate that said microprocessor is within the secure execution mode. 10. The microprocessor apparatus as recited in claim 9, wherein the secure execution mode logic performs a second write to said non-volatile enabled indicator register upon exit from the secure execution mode to indicate that sad microprocessor is within said non-secure execution mode. 11. The microprocessor apparatus as recited in claim 8, wherein said non-volatile enabled indicator register comprises a plurality of fuses disposed within said microprocessor. 12. The microprocessor apparatus as recited in claim 11, wherein the number of times that said microprocessor can transition between the secure execution mode and said non-secure execution mode corresponds to the number of said plurality of fuses. 13. The microprocessor apparatus as recited in claim 8, wherein, following a write to said non-volatile enabled indicator to indicate that said microprocessor is within the secure execution mode, secure execution mode logic within said microprocessor directs said microprocessor to perform a reset operation. 14. The microprocessor apparatus as recited in claim 8, wherein secure execution mode logic within said microprocessor evaluates contents of said non-volatile enabled register upon a request to return from the secure execution mode to said non-secure execution mode to determine whether return to said non-secure execution mode is supported, and wherein the secure execution mode is maintained if said non-secure execution mode is unsupported. 15. A method for executing secure code within a secure execution mode of operation, the method comprising: initializing the secure execution mode within a microprocessor for execution of the secure code, wherein the microprocessor comprises a single integrated circuit disposed on a single die;encrypting the secure code and transferring the secure code via private transactions over a private bus to a secure non-volatile memory for storage of the secure code;recording that the secure execution mode is enabled in a non-volatile enabled indicator register; andfetching the secure code from the secure non-volatile memory over the private bus for execution by the microprocessor;wherein the private bus is isolated from all system bus resources within the microprocessor and external to the microprocessor, and wherein the private bus is observable and accessible exclusively by secure execution logic within the microprocessor. 16. The method as recited in claim 15, wherein said recording comprises first writing to the non-volatile enabled indicator register upon entry into the secure execution mode to indicate that the microprocessor is within the secure execution mode. 17. The method as recited in claim 16, wherein said recording comprises second writing to the non-volatile enabled indicator register upon exit from the secure execution mode to indicate that the microprocessor is within the non-secure execution mode. 18. The method as recited in claim 15, wherein the non-volatile enabled indicator register comprises a plurality of fuses disposed within the microprocessor. 19. The method as recited in claim 18, wherein the number of times that the microprocessor can transition between the secure execution mode and the non-secure execution mode corresponds to the number of the plurality of fuses. 20. The method as recited in claim 15, wherein, following a write to the non-volatile enabled indicator to indicate that the microprocessor is within the secure execution mode, secure execution mode logic within the microprocessor directs the microprocessor to perform a reset operation. 21. The method as recited in claim 15, wherein secure execution mode logic within the microprocessor evaluates contents of the non-volatile enabled register upon a request to return from the secure execution mode to the non-secure execution mode to determine whether return to the non-secure execution mode is supported, and wherein the secure execution mode is maintained if the non-secure execution mode is unsupported.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.