An apparatus providing for a secure execution environment. The apparatus includes a microprocessor that is configured to execute non-secure application programs and a secure application program, where the non-secure application programs are accessed from a system memory via a system bus. The micropr
An apparatus providing for a secure execution environment. The apparatus includes a microprocessor that is configured to execute non-secure application programs and a secure application program, where the non-secure application programs are accessed from a system memory via a system bus. The microprocessor has a non-secure memory and a secure volatile memory. The non-secure memory is configured to store portions of the non-secure application programs for execution by the microprocessor, where the non-secure memory is observable and accessible by the non-secure application programs and by system bus resources within the microprocessor. The secure volatile memory is configured to store the secure application program for execution by the microprocessor, where the secure volatile memory is isolated from the non-secure application programs and the system bus resources within the microprocessor. The secure application program is decrypted using a processor unique key and is written to the secure volatile memory.
대표청구항▼
1. An apparatus providing for a secure execution environment, comprising: a microprocessor, coupled to a system bus, configured to execute non-secure application programs and a secure application program, wherein said non-secure application programs are accessed from a system memory via said system
1. An apparatus providing for a secure execution environment, comprising: a microprocessor, coupled to a system bus, configured to execute non-secure application programs and a secure application program, wherein said non-secure application programs are accessed from a system memory via said system bus, and wherein said microprocessor is also configured to automatically transition to a degraded mode where only BIOS instructions are allowed to execute in order to allow for user input and the display of messages, said microprocessor comprising: a non-secure memory, configured to store portions of said non-secure application programs for execution by the microprocessor, wherein said non-secure memory is observable and accessible by said non-secure application programs and by system bus resources within said microprocessor;a secure volatile memory, configured to store said secure application program for execution by said microprocessor, wherein said secure volatile memory is isolated from said non-secure application programs and said system bus resources within said microprocessor, and wherein said secure application program is retrieved from a secure non-volatile memory over a private bus, decrypted using a processor unique key, and is written to said secure volatile memory;a cryptographic unit, isolated from said system bus and disposed within execution logic in said microprocessor, configured to employ said processor unique key to decrypt said secure application program; anda processor key register, coupled to said cryptographic unit, configured to store said processor unique key, wherein said processor key register can only be read by said cryptographic unit. 2. The apparatus as recited in claim 1, wherein said secure volatile memory comprises an instruction cache and a data cache for said secure application program. 3. The apparatus as recited in claim 1, wherein said secure volatile memory comprises a stack for storage and retrieval of the state of said microprocessor corresponding to said non-secure application programs. 4. The apparatus as recited in claim 1, wherein said secure application program accesses said secure volatile memory to read and write secure data by employing load and store instructions. 5. The apparatus as recited in claim 4, wherein said load and store instructions reference segment registers in address logic which are initialized upon entry into secure execution to point to said secure volatile memory instead of said system memory. 6. The apparatus as recited in claim 1, wherein said secure volatile memory comprises a 64-bit cache memory having 4096 locations, and wherein each of said locations comprises an internal attribute that completely isolates each of said locations. 7. The apparatus as recited in claim 1, further comprising: SEM logic, coupled to said secure volatile memory and to address logic in said microprocessor, configured to disable virtual address translation by said address logic when said microprocessor is executing said secure application program. 8. The apparatus as recited in claim 7, wherein, upon execution of a secure mode enabled reset sequence by said microprocessor, said SEM logic initializes said secure volatile memory to random values. 9. A microprocessor apparatus, for executing secure code within a secure execution environment, the microprocessor apparatus comprising: a secure non-volatile memory, coupled to a private bus, configured to store a secure application program; anda microprocessor, coupled to said private bus, configured to execute non-secure application programs and said secure application program, wherein said non-secure application programs are accessed from a system memory via a system bus, and wherein said secure application program is accessed from said secure non-volatile memory, and wherein transactions over said private bus are isolated from said system bus and corresponding system bus resources within said microprocessor, and wherein said microprocessor is also configured to automatically transition to a degraded mode where only BIOS instructions are allowed to execute in order to allow for user input and the display of messages, said microprocessor comprising: a non-secure memory, configured to store portions of said non-secure application programs for execution by said microprocessor, wherein said non-secure memory is observable and accessible by said non-secure application programs and by system bus resources within said microprocessor, and;a secure volatile memory, configured to store said secure application program for execution by said microprocessor, wherein said secure volatile memory is isolated from said non-secure application programs and said system bus resources within said microprocessor, and wherein said secure application program is retrieved from said secure non-volatile memory, decrypted using a processor unique key, and is written to said secure volatile memory;a cryptographic unit, isolated from said system bus and disposed within execution logic in said microprocessor, configured to employ said processor unique key to decrypt said secure application program; anda processor key register, coupled to said cryptographic unit, configured to store said processor unique key, wherein said processor key register can only be read by said cryptographic unit. 10. The microprocessor apparatus as recited in claim 9, wherein said secure volatile memory comprises an instruction cache and a data cache for said secure application program. 11. The microprocessor apparatus as recited in claim 9, wherein said secure volatile memory comprises a stack for storage and retrieval of the state of said microprocessor corresponding to said non-secure application programs. 12. The microprocessor apparatus as recited in claim 9, wherein said secure application program accesses said secure volatile memory to read and write secure data by employing load and store instructions. 13. The microprocessor apparatus as recited in claim 12, wherein said load and store instructions reference segment registers in address logic which are initialized upon entry into secure execution to point to said secure volatile memory instead of said system memory. 14. The microprocessor apparatus as recited in claim 9, wherein said secure volatile memory comprises a 64-bit cache memory having 4096 locations, and wherein each of said locations comprises an internal attribute that completely isolates each of said locations. 15. The microprocessor apparatus as recited in claim 9, further comprising: SEM logic, coupled to said secure volatile memory and to address logic in said microprocessor, configured to disable virtual address translation by said address logic when said microprocessor is executing said secure application program. 16. The microprocessor apparatus as recited in claim 15, wherein, upon execution of a secure mode enabled reset sequence by said microprocessor, said SEM logic initializes said secure volatile memory to random values. 17. A method for executing secure code within a secure execution environment, the method comprising: providing a secure non-volatile memory for storage of the secure code;storing the secure code within the secure non-volatile memory via private transactions accomplished over a private bus that is coupled to the secure non-volatile memory; andfetching the secure code from the secure non-volatile memory over the private bus for execution by a microprocessor, and employing a cryptographic unit disposed within the microprocessor to decrypt the secure code using a processor unique key, wherein the processor unique key is stored in a processor key register within the microprocessor, and wherein the processor key register can only be read by the cryptographic unit, and storing the secure code in a secure volatile memory, wherein the secure volatile memory and the cryptographic unit are isolated from non-secure code and system bus resources within the microprocessor, and wherein the microprocessor is also configured to automatically transition to a degraded mode where only BIOS instructions are allowed to execute in order to allow for user input and the display of messages;wherein the private bus is isolated from all system bus resources within the microprocessor and external to the microprocessor, and wherein the private bus is observable and accessible exclusively by secure execution logic within the microprocessor. 18. The method as recited in claim 17, wherein said storing said secure code in a secure volatile memory comprises employing the secure volatile memory as an instruction cache and a data cache. 19. The method as recited in claim 17, wherein the secure volatile memory comprises a stack for storage and retrieval of the state of the microprocessor corresponding to the non-secure code. 20. The method as recited in claim 17, wherein the secure code accesses the secure volatile memory to read and write secure data by employing load and store instructions. 21. The method as recited in claim 20, wherein the load and store instructions reference segment registers in address logic which are initialized upon entry into secure execution to point to the secure volatile memory instead of system memory. 22. The method as recited in claim 17, wherein the secure volatile memory comprises a 64-bit cache memory having 4096 locations, and wherein each of the locations comprises an internal attribute that completely isolates each of the locations. 23. The method as recited in claim 17, further comprising: via SEM logic that is coupled to the secure volatile memory and to address logic in the microprocessor, disabling virtual address translation by the address logic when the microprocessor is executing the secure code. 24. The method as recited in claim 23, wherein, upon execution of a secure mode enabled reset sequence by the microprocessor, initializing the secure volatile memory to random values.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (69)
Watt,Simon Charles, Apparatus and method for controlling access to a memory unit.
Johnson, Richard C.; Morgan, Andrew; Anvin, H. Peter; Torvalds, Linus, Architecture, system, and method for operating on encrypted and/or hidden information.
Sibigtroth James M. (Round Rock TX) Rhoades Michael W. (Austin TX) Grimmer ; Jr. George G. (Austin TX) Longwell Susan W. (Austin TX), Integrated circuit microcontroller with on-chip memory and external bus interface and programmable mechanism for securin.
McDevitt,Hugh W.; Spanel,Carol; Walls,Andrew D., Method, apparatus and program storage device for providing clocks to multiple frequency domains using a single input clock of variable frequency.
Little Wendell L. ; Curry Stephen M. ; Grider Steven N. ; Thrower Mark L. ; Hass Steven N. ; Bolan Michael L. ; Fieseler Ricky D. ; Harrington Bradley M., Microcircuit with memory that is protected by both hardware and software.
Okada, Takayuki, Processor with a function to prevent illegal execution of a program, an instruction executed by a processor and a method of preventing illegal execution of a program.
Force Gordon (San Jose CA) Davis Timothy D. (Arlington TX) Duncan Richard L. (Bedford TX) Norcross Thomas M. (Arlington TX) Shay Michael J. (Arlington TX) Short Timothy A. (Duncanville TX), Programmable distributed personal security.
Hartmann Robert F. (San Jose CA) Chan Yiu-Fai (Saratoga CA) Frankovich Robert J. (Cupertino CA) Ou Jung-Hsing (Sunnyvale CA) So Hock C. (Milpitas CA) Wong Sau-Ching (Hillsborough CA), Programmable macrocell using eprom or eeprom transistors for architecture control in programmable logic circuits.
Guttag Karl M. (Houston TX) Nussrallah Steve (Richardson TX), Security bit for designating the security status of information stored in a nonvolatile memory.
Padgaonkar Ajay J. (9617 S. 43rd Pl. Phoenix AZ 85044) Mitra Sumit K. (8860 S. Drea La. Tempe AZ 85284), Security for digital signal processor program memory.
Burghardt Martin (Oberneuching NY DEX) Berman Eric (Hicksville NY) Padgaonkar Ajay (Sugarland TX) Allen Ray (Mesa AZ), System and method for protecting contents of microcontroller memory by providing scrambled data in response to an unauth.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Watt, Simon Charles; Dornan, Christopher Bentley; Orion, Luc; Chaussade, Nicolas; Belnet, Lionel; Brochier, Stephane Eric Sebastian; Mansell, David Hennah; Symes, Dominic Hugo, Task following between multiple operating systems.
Watt,Simon Charles; Dornan,Christopher Bentley; Orion,Luc; Chaussade,Nicolas; Belnet,Lionel; Brochier,Stephane Eric Sebastien; Mansell,David Hennah; Callan,Jonathan Sean, Vectored interrupt control within a system having a secure domain and a non-secure domain.
Doi Bryan C. (Fremont CA) Thomas Steven D. (Palm Dale CA) Coli Vincent J. (San Jose CA) Giglio Vito D. (Canoga Park CA), Verifiable security circuitry for preventing unauthorized access to programmed read only memory.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.