Secure and backward-compatible processor and secure software execution thereon
3 Assignments
0 Petitions
Accused Products
Abstract
A secure processor assuring application software is executed securely, and assuring only authorized software is executed, monitored modes and secure modes of operation. The former executes application software transparently to that software. The latter verifies execution of the application software is authorized, performs any extraordinary services required by the application software, and verifies the processor has obtained rights to execute the content. The secure processor (1) appears hardware-identical to an ordinary processor, with the effect that application software written for ordinary processors can be executed on the secure processor without substantial change, (2) needs only a minimal degree of additional hardware over and above those portions appearing hardware-identical to an ordinary processor. The secure processor operates without substantial reduction in speed or other resources available to the application software. Functions operating in secure mode might reside in an on-chip non-volatile memory, or might be loaded from external storage with authentication.
140 Citations
188 Claims
-
1-115. -115. (canceled)
-
116. A method comprising:
-
distinguishing between a monitored mode and a secure mode;
when in the secure mode;
executing software loaded using a bootstrap loader that cryptographically authenticates the software; and
exiting the secure mode;
when in the monitored mode;
performing application software without substantial change in original code for that application software, wherein the application software sees a processor environment that is not substantially different from an ordinary processor. - View Dependent Claims (117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127)
-
-
128. A method comprising:
-
when a security signal indicates monitored mode;
refusing access to a secure function in response to the security signal;
when the security signal indicates secure mode;
accessing the secure function in response to the security signal;
accessing at least one secure circuit, wherein said secure function includes instructions for launching software content from an external source, measuring trustworthiness of the external source, and facilitating verification of the software content. - View Dependent Claims (129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140)
-
-
141. A method of reading secure information from non-volatile memory associated with a secure processor, comprising:
-
disabling writing to non-volatile memory when a processor with which the non-volatile memory is associated is packaged; and
maintaining secure information within the non-volatile memory.
-
- 142. The method of claim 142, wherein said disabling includes making substantially inaccessible a non-bonded pin.
-
145. A processor chip apparatus comprising:
-
a secure switch for switching between a monitored mode and a secure mode;
memory, coupled to the secure switch, including;
security information;
a bootstrap loader, wherein, using the security information, the bootstrap loader cryptographically authenticates software loaded in response to execution of the bootstrap loader;
a processor coupled to the secure switch and the memory, wherein, in operation;
the processor executes the bootstrap loader, in the secure mode, the processor executes the software loaded in response to execution of the bootstrap loader and exits the secure mode, and wherein in the monitored mode, the processor performs application software transparently to the application software. - View Dependent Claims (146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173)
-
-
174. A method comprising:
-
including a security code verification module in a bootstrap loader;
implementing the bootstrap loader in firmware;
initializing non-volatile memory with a first security code verification value associated with the security code module, wherein security code includes instructions to enable access rights to hardware and software resources, wherein the access rights to resources are issued from a trust verifiable source, and wherein access rights data is verifiable as authentic from a source using a public key cryptographic verification method. - View Dependent Claims (175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188)
-
Specification