Microcode patch authentication
First Claim
1. A machine-readable medium that provides instructions, which when executed by a set of one or more processors, cause said set of processors to perform operations comprising:
- generating a hash digest for a microcode patch;
encrypting the hash digest to generate a digital signature; and
combining the digital signature and the microcode patch for delivery to a target processor to patch microcode in the target processor.
1 Assignment
0 Petitions
Accused Products
Abstract
Microcode patches are encoded before delivery to a target processor that is to install the microcode patches. The target processor validates the microcode patches before installation. The security of the process may be enhanced by one or more of: 1) performing the validation in a secure memory, 2) using a public/private key pair for encryption and decryption of the microcode patch, 3) using at least one key that is embedded in the target processor and that cannot be read by non-secure software, and 4) using a hash value that is embedded in the target processor to validate at least one non-embedded key.
223 Citations
30 Claims
-
1. A machine-readable medium that provides instructions, which when executed by a set of one or more processors, cause said set of processors to perform operations comprising:
-
generating a hash digest for a microcode patch;
encrypting the hash digest to generate a digital signature; and
combining the digital signature and the microcode patch for delivery to a target processor to patch microcode in the target processor. - View Dependent Claims (2, 3)
-
-
4. A method, comprising:
-
generating a hash digest for a microcode patch;
encrypting the hash digest with a private key for an asymmetric cryptographic algorithm to generate a digital signature; and
combining the digital signature and the microcode patch for delivery to a processor to patch microcode of the processor. - View Dependent Claims (5, 6)
-
-
7. A machine-readable medium containing data comprising:
-
a microcode patch to patch microcode in a target system; and
a digital signature produced by encrypting a digest created by performing a hash operation on the microcode patch. - View Dependent Claims (8, 9, 10)
-
-
11. An apparatus, comprising:
-
a processor having microcode;
a secure memory coupled to the processor to decode an encoded microcode patch; and
a microcode patch memory coupled to the microcode to contain the decoded microcode patch. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A method, comprising:
-
obtaining a microcode patch and an associated digital signature;
decrypting the digital signature in a secure memory to obtain a first hash digest;
calculating a second hash digest with the microcode patch;
comparing the first hash digest with the second hash digest; and
installing the microcode patch in a microcode patch memory responsive to a match between the first and second hash digests. - View Dependent Claims (17, 18, 19, 20, 21)
-
-
22. A machine-readable medium that provides instructions, which when executed by a set of one or more processors, cause said set of processors to perform operations comprising:
-
obtaining a microcode patch and an associated digital signature;
decrypting the digital signature to obtain a first hash digest;
calculating a second hash digest with the microcode patch;
comparing the first hash digest with the second hash digest; and
installing the microcode patch responsive to a match between the first hash digest and the second hash digest. - View Dependent Claims (23, 24, 25, 26, 27)
-
-
28. A system, comprising:
-
a processor having microcode and an embedded key; and
a microcode patch package residing in at least one of a storage device and a basic input-output system coupled with the processor, the microcode patch package including a microcode patch to patch the microcode and a digital signature to validate the microcode patch using the embedded key. - View Dependent Claims (29, 30)
-
Specification