Termination of secure execution mode in a microprocessor providing for execution of secure code
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06Q-099/00
G06F-021/72
G06F-021/70
출원번호
US-0263230
(2008-10-31)
등록번호
US-8793803
(2014-07-29)
발명자
/ 주소
Henry, G. Glenn
Parks, Terry
출원인 / 주소
Via Technologies, Inc.
대리인 / 주소
Huffman, Richard K.
인용정보
피인용 횟수 :
2인용 특허 :
67
초록▼
An apparatus including a microprocessor, a system memory, and a secure non-volatile memory. The microprocessor is mounted to a motherboard, and executes non-secure application programs and a secure application program. The system memory stores non-secure application programs, and is mounted to the m
An apparatus including a microprocessor, a system memory, and a secure non-volatile memory. The microprocessor is mounted to a motherboard, and executes non-secure application programs and a secure application program. The system memory stores non-secure application programs, and is mounted to the motherboard and coupled to the microprocessor via a system bus. The microprocessor has secure execution mode logic that detects execution of a secure execution mode return event, and that terminates a secure execution mode within the microprocessor, where the secure execution mode exclusively supports execution of the secure application program. The secure non-volatile memory is coupled to the microprocessor via a private bus and stores the secure application program prior to termination of the secure execution mode, where transactions over the private bus between the microprocessor and the secure non-volatile memory are isolated from the system bus and corresponding system bus resources within the microprocessor.
대표청구항▼
1. An apparatus providing for a secure execution environment, comprising: a microprocessor, mounted to a motherboard, that executes non-secure application programs and a secure application program, said microprocessor comprising: secure execution mode logic, that detects execution of a secure execut
1. An apparatus providing for a secure execution environment, comprising: a microprocessor, mounted to a motherboard, that executes non-secure application programs and a secure application program, said microprocessor comprising: secure execution mode logic, that detects execution of a secure execution mode return event, and that terminates a secure execution mode within said microprocessor, wherein said secure execution mode exclusively supports execution of said secure application program;a system memory, mounted to said motherboard and coupled to said microprocessor via a system bus, said system memory having said non-secure application programs stored therein, wherein said system memory transfers said non-secure application programs to said microprocessor; anda secure non-volatile memory, coupled to said microprocessor via a private bus, that stores said secure application program prior to termination of said secure execution mode, wherein transactions over said private bus between said microprocessor and said secure non-volatile memory are isolated from said system bus and corresponding system bus resources within said microprocessor. 2. The apparatus as recited in claim 1, wherein said secure execution mode return event comprises execution of an instruction in said secure execution mode by said secure application program directing said microprocessor to terminate said secure execution mode and return to a non-secure execution mode. 3. The apparatus as recited in claim 1, wherein said secure execution mode return event comprises execution of a first write to a secure execution mode control register by said secure application program executing in said secure execution mode, said write directing said microprocessor to terminate said secure execution mode and return to a non-secure execution mode. 4. The apparatus as recited in claim 3, wherein said write to said secure execution mode control register is detected by said secure execution mode logic as an exception, and wherein program control is directed to a secure exception handler within said secure application program. 5. The apparatus as recited in claim 4, wherein said secure exception handler resides at an address provided by a secure interrupt descriptor table within said secure execution mode logic. 6. The apparatus as recited in claim 5, wherein one or more instructions within said secure exception handler direct said microprocessor to perform a second write to a secure execution mode confirmation register indicating acceptance of said secure execution mode return event. 7. The apparatus as recited in claim 6, wherein said microprocessor, upon acceptance of said secure execution mode return event, employs a random number generator to generate data for writes to all locations in said secure non-volatile memory, and wherein said microprocessor writes said data to said all locations. 8. The apparatus as recited in claim 7, wherein said secure application program writes a non-volatile enabled register within said microprocessor to indicate that said microprocessor is operating in non-secure execution mode. 9. The apparatus as recited in claim 8, wherein said secure execution mode logic transfers program control to one of said non-secure application programs by generating a non-secure exception. 10. A microprocessor apparatus, for executing secure code within a secure execution environment, the microprocessor apparatus comprising: a system memory, mounted to a motherboard, said system memory having non-secure application programs stored therein, wherein said system memory transfers said non-secure application program to the microprocessor for execution;a secure non-volatile memory, mounted to said motherboard, that stores a secure application program; anda microprocessor, mounted to said motherboard, coupled to said system memory by a system bus disposed on said motherboard, coupled to said secure non-volatile memory via a private bus disposed on said motherboard, that executes said non-secure application programs and said secure application program, said microprocessor comprising: secure execution mode logic, that detects execution of a secure execution mode return event, and that terminates a secure execution mode within said microprocessor, wherein said secure execution mode exclusively supports execution of said secure application program. 11. The apparatus as recited in claim 10, wherein said secure execution mode return event comprises execution of an instruction in said secure execution mode by said secure application program directing said microprocessor to terminate said secure execution mode and return to a non-secure execution mode. 12. The apparatus as recited in claim 10, wherein said secure execution mode return event comprises execution of a first write to a secure execution mode control register by said secure application program executing in said secure execution mode, said write directing said microprocessor to terminate said secure execution mode and return to a non-secure execution mode. 13. The apparatus as recited in claim 12, wherein said write to said secure execution mode control register is detected by said secure execution mode logic as an exception, and wherein program control is directed to a secure exception handler within said secure application program. 14. The apparatus as recited in claim 13, wherein said secure exception handler resides at an address provided by a secure interrupt descriptor table within said secure execution mode logic. 15. The apparatus as recited in claim 14, wherein one or more instructions within said secure exception handler direct said microprocessor to perform a second write to a secure execution mode confirmation register indicating acceptance of said secure execution mode return event. 16. The apparatus as recited in claim 15, wherein said microprocessor, upon acceptance of said secure execution mode return event, employs a random number generator to generate data for writes to all locations in said secure non-volatile memory, and wherein said microprocessor writes said data to said all locations. 17. The apparatus as recited in claim 16, wherein said secure application program writes a non-volatile enabled register within said microprocessor to indicate that said microprocessor is operating in non-secure execution mode. 18. The apparatus as recited in claim 17, wherein said secure execution mode logic transfers program control to one of said non-secure application programs by generating a non-secure exception. 19. A method for executing secure code within a secure execution environment, the method comprising: disposing a microprocessor, a system memory, a system bus, a private bus, and a secure non-volatile memory on a motherboard;storing the secure code in the secure non-volatile memory by executing private transactions over the private bus that is coupled to the secure non-volatile memory;isolating the private bus from all system bus resources in the microprocessor and external to the microprocessor, and enabling only secure execution logic in the microprocessor to observe and access the private bus;placing the microprocessor in a secure execution mode; andexecuting the secure code by the microprocessor, said executing comprising: terminating the secure execution mode by executing and detecting a secure execution mode return event. 20. The method as recited in claim 19, wherein the secure execution mode return event comprises executing an instruction in the secure execution mode by the secure code that causes the microprocessor to terminate the secure execution mode and return to a non-secure execution mode. 21. The method as recited in claim 19, wherein the secure execution mode return event comprises first writing data to a secure execution mode control register, wherein said first writing is prescribed by the secure code executing in the secure execution mode, and wherein said first writing directs the microprocessor to terminate the secure execution mode and return to a non-secure execution mode. 22. The method as recited in claim 21, wherein the secure execution mode logic detects the write to the secure execution mode control register as an exception, and wherein the secure code transfers program control to a secure exception handler. 23. The method as recited in claim 22, wherein the secure exception handler is stored at an address provided by a secure interrupt descriptor table within the secure execution mode logic. 24. The method as recited in claim 23, wherein one or more instructions within the secure exception handler direct the microprocessor to perform a second write to a secure execution mode confirmation register indicating acceptance of the secure execution mode return event. 25. The method as recited in claim 24, wherein the microprocessor, upon acceptance of the secure execution mode return event, employs a random number generator to generate data for writes to all locations in the secure non-volatile memory, and wherein the microprocessor writes the data to the all locations. 26. The method as recited in claim 25, wherein said terminating further comprises: writing a non-volatile enabled register within the microprocessor to indicate that the microprocessor is operating in non-secure execution mode. 27. The method as recited in claim 26, wherein said terminating further comprises: transferring program control to non-secure code by generating a non-secure exception.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (67)
Watt,Simon Charles, Apparatus and method for controlling access to a memory unit.
Johnson, Richard C.; Morgan, Andrew; Anvin, H. Peter; Torvalds, Linus, Architecture, system, and method for operating on encrypted and/or hidden information.
Sibigtroth James M. (Round Rock TX) Rhoades Michael W. (Austin TX) Grimmer ; Jr. George G. (Austin TX) Longwell Susan W. (Austin TX), Integrated circuit microcontroller with on-chip memory and external bus interface and programmable mechanism for securin.
McDevitt,Hugh W.; Spanel,Carol; Walls,Andrew D., Method, apparatus and program storage device for providing clocks to multiple frequency domains using a single input clock of variable frequency.
Little Wendell L. ; Curry Stephen M. ; Grider Steven N. ; Thrower Mark L. ; Hass Steven N. ; Bolan Michael L. ; Fieseler Ricky D. ; Harrington Bradley M., Microcircuit with memory that is protected by both hardware and software.
Okada, Takayuki, Processor with a function to prevent illegal execution of a program, an instruction executed by a processor and a method of preventing illegal execution of a program.
Force Gordon (San Jose CA) Davis Timothy D. (Arlington TX) Duncan Richard L. (Bedford TX) Norcross Thomas M. (Arlington TX) Shay Michael J. (Arlington TX) Short Timothy A. (Duncanville TX), Programmable distributed personal security.
Hartmann Robert F. (San Jose CA) Chan Yiu-Fai (Saratoga CA) Frankovich Robert J. (Cupertino CA) Ou Jung-Hsing (Sunnyvale CA) So Hock C. (Milpitas CA) Wong Sau-Ching (Hillsborough CA), Programmable macrocell using eprom or eeprom transistors for architecture control in programmable logic circuits.
Guttag Karl M. (Houston TX) Nussrallah Steve (Richardson TX), Security bit for designating the security status of information stored in a nonvolatile memory.
Padgaonkar Ajay J. (9617 S. 43rd Pl. Phoenix AZ 85044) Mitra Sumit K. (8860 S. Drea La. Tempe AZ 85284), Security for digital signal processor program memory.
Burghardt Martin (Oberneuching NY DEX) Berman Eric (Hicksville NY) Padgaonkar Ajay (Sugarland TX) Allen Ray (Mesa AZ), System and method for protecting contents of microcontroller memory by providing scrambled data in response to an unauth.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Watt, Simon Charles; Dornan, Christopher Bentley; Orion, Luc; Chaussade, Nicolas; Belnet, Lionel; Brochier, Stephane Eric Sebastian; Mansell, David Hennah; Symes, Dominic Hugo, Task following between multiple operating systems.
Watt,Simon Charles; Dornan,Christopher Bentley; Orion,Luc; Chaussade,Nicolas; Belnet,Lionel; Brochier,Stephane Eric Sebastien; Mansell,David Hennah; Callan,Jonathan Sean, Vectored interrupt control within a system having a secure domain and a non-secure domain.
Doi Bryan C. (Fremont CA) Thomas Steven D. (Palm Dale CA) Coli Vincent J. (San Jose CA) Giglio Vito D. (Canoga Park CA), Verifiable security circuitry for preventing unauthorized access to programmed read only memory.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.