Apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment
First Claim
1. A method comprising:
- disregarding a received load instruction when a currently active load operation is detected;
otherwise, directing, in response to the received load instruction, a memory protection element to form a secure memory environment including one or more protected memory regions, such that unauthorized read/write access to the one or more protected memory regions is prohibited; and
storing, within a digest information repository, a cryptographic hash value of the one or more protected memory regions, thereby enabling establishment of security verification of the secure memory environment.
1 Assignment
0 Petitions
Accused Products
Abstract
An apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment are described. The method includes disregarding a received load secure region instruction when a currently active load secure region operation is detected. Otherwise, a memory protection element is directed, in response to the received load secure region instruction, to form a secure memory environment. Once directed, unauthorized read/write access to one or more protected memory regions are prohibited. Finally, a cryptographic hash value of the one or more protected memory regions is stored within a digest information repository as a secure software identification value. Once stored, outside agents may request access to a digitally signed software identification value in order to establish security verification of secure software within the secure memory environment.
-
Citations
38 Claims
-
1. A method comprising:
-
disregarding a received load instruction when a currently active load operation is detected;
otherwise, directing, in response to the received load instruction, a memory protection element to form a secure memory environment including one or more protected memory regions, such that unauthorized read/write access to the one or more protected memory regions is prohibited; and
storing, within a digest information repository, a cryptographic hash value of the one or more protected memory regions, thereby enabling establishment of security verification of the secure memory environment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method comprising:
-
resetting, in response to a secure reset request, one or more processors within a system, the secure reset request issued following completion of a load secure region operation; and
enabling processor read/write access to one or more protected memory regions of a secure memory environment formed in accordance with a load secure region instruction request to establish a secure environment. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A computer readable storage medium including program instructions that direct a computer to function in a specified manner when executed by a processor, the program instructions comprising:
-
disregarding a received load instruction when a currently active load instruction is detected;
otherwise, directing, in response to the received load instruction, a memory protection element to form a secure memory environment including one or more protected memory regions, such that unauthorized read/write access to the one or more protected memory regions is prohibited; and
storing, within a digest information repository, a cryptographic hash value of the one or more protected memory regions, thereby enabling establishment of security verification of the secure environment. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A computer readable storage medium comprising:
-
resetting, in response to a secure reset request, one or more processors within a system, the secure reset request issued following completion of a load secure region operation; and
re-enabling processor read/write access to one or more protected memory regions of a secure memory environment formed in accordance with a load secure region instruction to establish a secure environment. - View Dependent Claims (25, 26, 27, 28)
-
-
29. An apparatus, comprising:
-
a memory controller;
a plurality of processors, each coupled to the memory controller and each having circuitry to execute instructions;
a memory protection element coupled to the memory controller, the memory protection element to block unauthorized memory access to one or more protected memory regions;
a digest information repository coupled to the memory controller to store a secure software identification value; and
a memory device coupled to the memory controller, having sequences of instructions stored therein, including at least one loading instruction, which when executed by a processor cause the processor to;
disregard a received load secure region instruction when a currently active load secure region operation is detected, otherwise, direct, in accordance with a load secure region operation corresponding to the received load secure region instruction, a memory protection element to form a secure memory environment including one or more protected memory regions, such that unauthorized read/write access to the one or more protected memory regions is prohibited, and store, according to the load secure region operation, within the digest information repository, a cryptographic hash value of the one or more protected memory regions as the secure software identification value, thereby enabling establishment of security verification of the secure memory environment by an outside agent. - View Dependent Claims (30, 31, 32, 33)
-
-
34. A system comprises:
-
a memory controller;
a plurality of processors, each coupled to the memory controller and each having circuitry to execute instructions;
a memory protection element coupled to the memory controller, the memory protection element to block unauthorized memory access to one or more protected memory regions;
an I/O controller coupled to the memory controller;
a verification unit coupled to the I/O controller and including a digest information repository to store a secure software identification value and to provide security verification to an outside agent; and
a storage device coupled to the memory controller, having sequences of instructions stored therein including at least one load instruction, which when executed by a processor causes the processor to;
disregard a received load secure region operation when a currently active load instruction is detected, otherwise, direct, in accordance with a load secure region operation corresponding to the received load instruction, a memory protection element to form a secure memory environment including one or more protected memory regions, such that unauthorized read/write access to the one or more protected memory regions is prohibited, and store, within the digest information repository, a cryptographic hash value of the one or more protected memory regions, thereby enabling establishment of security verification of the secure memory environment by an outside agent. - View Dependent Claims (35, 36, 37, 38)
-
Specification