Providing a trusted execution environment using a processor
First Claim
Patent Images
1. A system on a chip (SoC) comprising:
- a single core to execute a legacy instruction set, wherein the single core comprises the only core of the SoC, and wherein the single core is configured to enter a system management mode (SMM) to provide a trusted execution environment (TEE) to perform at least one secure operation, wherein in the TEE, the single core is to emulate at least one security instruction of an instruction set unsupported by the single core; and
a memory controller coupled to the single core, the memory controller to interface with a system memory, wherein a portion of the system memory comprises a secure memory for the SMM, and wherein the single core is to authenticate a boot firmware, execute the boot firmware, and pass control to the SMM.
0 Assignments
0 Petitions
Accused Products
Abstract
In an embodiment, a system on a chip includes: a single core to execute a legacy instruction set, the single core configured to enter a system management mode (SMM) to provide a trusted execution environment to perform at least one secure operation; and a memory controller coupled to the single core, the memory controller to interface with a system memory, where a portion of the system memory comprises a secure memory for the SMM, and the single core is to authenticate and execute a boot firmware, and pass control to the SMM to obtain a key pair from a protected storage and store the key pair in the secure memory. Other embodiments are described and claimed.
-
Citations
20 Claims
-
1. A system on a chip (SoC) comprising:
-
a single core to execute a legacy instruction set, wherein the single core comprises the only core of the SoC, and wherein the single core is configured to enter a system management mode (SMM) to provide a trusted execution environment (TEE) to perform at least one secure operation, wherein in the TEE, the single core is to emulate at least one security instruction of an instruction set unsupported by the single core; and a memory controller coupled to the single core, the memory controller to interface with a system memory, wherein a portion of the system memory comprises a secure memory for the SMM, and wherein the single core is to authenticate a boot firmware, execute the boot firmware, and pass control to the SMM. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. At least one computer non-transitory readable medium including instructions that when executed cause a system to:
-
execute at least a portion of a firmware of a pre-boot environment in a single core of a processor to create a trusted portion of a system memory, wherein the single core comprises the only core of a system on a chip (SoC); transfer execution to a trusted agent associated with the trusted portion; enter a trusted execution environment via the trusted agent; and emulate at least one security instruction of an instruction set unsupported by the single core while in the trusted execution environment. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A system comprising:
-
a processor having a single core to execute a legacy instruction set, wherein the single core comprises the only core of the processor, and wherein the single core is configured to enter a system management mode (SMM) to instantiate a trusted execution environment (TEE), the single core further having a secure storage and a memory controller to interface with a memory, wherein the memory comprises a secure portion for the SMM, and wherein the single core is to authenticate a boot firmware, execute the boot firmware, and pass control to the SMM, and wherein in the TEE, the single core is to emulate at least one security instruction of an instruction set unsupported by the single core; a display device coupled to the processor, the display device including a frame buffer to store processed data to be displayed on the display device; and the memory coupled to the processor, the memory including the secure portion to store an endorsement key and an unprotected portion to store one or more decryption keys, wherein in the TEE the processor is to receive encrypted content, decrypt the encrypted content using the one or more decryption keys, and output the decrypted content to the display device. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification