Protecting software environment in isolated execution
First Claim
1. A processing system, comprising:
- a processor capable of operating in (a) a normal ring 0 operating mode, (b) one or more higher ring operating modes above the normal ring 0 operating mode, and (c) an isolated execution mode;
memory responsive to the processor, the memory to include (a) an ordinary memory area that can be accessed from the normal ring 0 operating mode, and (b) an isolated memory area that can be accessed from the isolated execution mode but not from the normal ring 0 operating mode;
an operating system (OS) nub in the processing system; and
a key generator to generate an OS nub key (OSNK) based at least in part on an identification of the OS nub and a master binding key (BK0) of the platform.
0 Assignments
0 Petitions
Accused Products
Abstract
A processing system has a processor that can operate in a normal ring 0 operating mode and one or more higher ring operating modes above the normal ring 0 operating mode. In addition, the processor can operate in an isolated execution mode. A memory in the processing system may include an ordinary memory area that can be accessed from the normal ring 0 operating mode, as well as an isolated memory area that can be accessed from the isolated execution mode but not from the normal ring 0 operating mode. The processing system may also include an operating system (OS) nub, as well as a key generator. The key generator may generate an OS nub key (OSNK) based at least in part on an identification of the OS nub and a master binding key (BK0) of the platform. Other embodiments are described and claimed.
-
Citations
18 Claims
-
1. A processing system, comprising:
-
a processor capable of operating in (a) a normal ring 0 operating mode, (b) one or more higher ring operating modes above the normal ring 0 operating mode, and (c) an isolated execution mode;
memory responsive to the processor, the memory to include (a) an ordinary memory area that can be accessed from the normal ring 0 operating mode, and (b) an isolated memory area that can be accessed from the isolated execution mode but not from the normal ring 0 operating mode;
an operating system (OS) nub in the processing system; and
a key generator to generate an OS nub key (OSNK) based at least in part on an identification of the OS nub and a master binding key (BK0) of the platform. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method to be performed by a processing system having a processor capable of operating in (a) a normal ring 0 operating mode, (b) one or more higher ring operating modes above the normal ring 0 operating mode, and (c) an isolated execution mode, the method comprising:
-
establishing an ordinary memory area in a memory responsive to the processor, the ordinary memory area to be accessible from the normal ring 0 operating mode;
establishing an isolated memory area in the memory, the isolated memory area to be accessible from the isolated execution mode and inaccessible from the normal ring 0 operating mode; and
generating an operating system (OS) nub key (OSNK) based at least in part on (a) an identification of an OS nub in the processing system and (b) a master binding key (BK0) of the platform. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A manufacture comprising:
-
a machine-accessible medium; and
instructions in the machine-accessible medium, wherein the instructions, when executed in a processing system with a processor capable of operating in (a) a normal ring 0 operating mode, (b) one or more higher ring operating modes above the normal ring 0 operating mode, and (c) an isolated execution mode, cause the processing system to perform operations comprising;
establishing an ordinary memory area in a memory responsive to the processor, the ordinary memory area to be accessible from the normal ring 0 operating mode;
establishing an isolated memory area in the memory, the isolated memory area to be accessible from the isolated execution mode and inaccessible from the normal ring 0 operating mode; and
generating an operating system (OS) nub key (OSNK) based at least in part on (a) an identification of an OS nub in the processing system and (b) a master binding key (BK0) of the platform. - View Dependent Claims (16, 17, 18)
-
Specification