System and method for execution of a secured environment initialization instruction
First Claim
Patent Images
1. A computing system comprising:
- a storage device to store a first secure module and a second secure module; and
a processor coupled to the storage device, the processor to establish a root of trust usable to ensure that subsequent operations can be trusted, wherein the processor is to execute the first secure module to initialize a secure processing environment and authenticate the second secure module, and wherein the processor is to execute the second secure module after being authenticated by the first secure module and after the root of trust has been established, the second secure module to prevent direct access to hardware resources in the secure processing environment from an untrusted operating system.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for initiating secure operations in a microprocessor system is described. In one embodiment, one initiating logical processor initiates the process by halting the execution of the other logical processors, and then loading initialization and secure virtual machine monitor software into memory. The initiating processor then loads the initialization software into secure memory for authentication and execution. The initialization software then authenticates and registers the secure virtual machine monitor software prior to secure system operations.
270 Citations
4 Claims
-
1. A computing system comprising:
-
a storage device to store a first secure module and a second secure module; and a processor coupled to the storage device, the processor to establish a root of trust usable to ensure that subsequent operations can be trusted, wherein the processor is to execute the first secure module to initialize a secure processing environment and authenticate the second secure module, and wherein the processor is to execute the second secure module after being authenticated by the first secure module and after the root of trust has been established, the second secure module to prevent direct access to hardware resources in the secure processing environment from an untrusted operating system. - View Dependent Claims (2, 3, 4)
-
Specification