Mechanism to handle events in a machine with isolated execution
First Claim
Patent Images
1. A method comprising:
- distinguishing between at least two execution modes of a central processing unit in an information processing system;
maintaining at least two sets of processor control registers within the central processing unit;
recognizing an asynchronous event;
determining which execution mode is desired for responding to the asynchronous event; and
if the current execution mode is not the same as the desired execution mode for responding to the asynchronous event, altering the current execution mode to the desired execution mode before responding to the asynchronous event, wherein at least one set of processor control registers is inaccessible to the processor in at least one of the execution modes.
0 Assignments
0 Petitions
Accused Products
Abstract
A platform and method for secure handling of events in an isolated execution environment. A processor executing in isolated execution “IsoX” mode may leak data when an event occurs as a result of the event being handled in a traditional manner based on the exception vector. By defining a class of events to be handled in IsoX mode, and switching between a normal memory map and an IsoX memory map dynamically in response to receipt of an event of the class, data security may be maintained in the face of such events.
-
Citations
15 Claims
-
1. A method comprising:
-
distinguishing between at least two execution modes of a central processing unit in an information processing system;
maintaining at least two sets of processor control registers within the central processing unit;
recognizing an asynchronous event;
determining which execution mode is desired for responding to the asynchronous event; and
if the current execution mode is not the same as the desired execution mode for responding to the asynchronous event, altering the current execution mode to the desired execution mode before responding to the asynchronous event, wherein at least one set of processor control registers is inaccessible to the processor in at least one of the execution modes. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An apparatus comprising:
-
a central processing unit (CPU) capable of operating in one of at least two execution modes;
a storage location that identifies a current execution mode of the CPU;
a plurality of resources operatively joined to the CPU; and
a mechanism to restrict access to a subset of the plurality of resources based on the current execution mode of the CPU. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A method of preventing inadvertent disclosure of information contained within a CPU comprising:
-
distinguishing between a normal and an isolated execution mode;
maintaining a separate set of control registers that are only accessible when the CPU is operating in the isolated execution mode;
defining a set of events that should be handled in the isolated execution mode;
determining if an event is a member of the set of events when the event occurs; and
if the event is a member of the set of events and the CPU is operating in the normal execution mode, switching to the isolated execution mode before executing instructions in response to said event. - View Dependent Claims (15)
-
Specification