Protecting software environment in isolated execution
First Claim
Patent Images
1. A processing system, comprising:
- a processor capable of operating in (a) a normal ring 0 operating mode, (b) one or more higher ring operating modes above the normal ring 0 operating mode, and (c) an isolated execution mode;
memory responsive to the processor, the memory to include (a) an ordinary memory area that can be accessed from the normal ring 0 operating mode, and (b) an isolated memory area that can be accessed from the isolated execution mode but not from the normal ring 0 operating mode;
an operating system (OS) nub in the processing system; and
a key generator to generate an OS nub key (OSNK) based at least in part on an identification of the OS nub and a master binding key (BK0) of the platform.
0 Assignments
0 Petitions
Accused Products
Abstract
A processing system has a processor that can operate in a normal ring 0 operating mode and one or more higher ring operating modes above the normal ring 0 operating mode. In addition, the processor can operate in an isolated execution mode. A memory in the processing system may include an ordinary memory area that can be accessed from the normal ring 0 operating mode, as well as an isolated memory area that can be accessed from the isolated execution mode but not from the normal ring 0 operating mode. The processing system may also include an operating system (OS) nub, as well as a key generator. The key generator may generate an OS nub key (OSNK) based at least in part on an identification of the OS nub and a master binding key (BK0) of the platform. Other embodiments are described and claimed.
-
Citations
18 Claims
-
1. A processing system, comprising:
-
a processor capable of operating in (a) a normal ring 0 operating mode, (b) one or more higher ring operating modes above the normal ring 0 operating mode, and (c) an isolated execution mode;
memory responsive to the processor, the memory to include (a) an ordinary memory area that can be accessed from the normal ring 0 operating mode, and (b) an isolated memory area that can be accessed from the isolated execution mode but not from the normal ring 0 operating mode;
an operating system (OS) nub in the processing system; and
a key generator to generate an OS nub key (OSNK) based at least in part on an identification of the OS nub and a master binding key (BK0) of the platform. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method to be performed by a processing system having a processor capable of operating in (a) a normal ring 0 operating mode, (b) one or more higher ring operating modes above the normal ring 0 operating mode, and (c) an isolated execution mode, the method comprising:
-
establishing an ordinary memory area in a memory responsive to the processor, the ordinary memory area to be accessible from the normal ring 0 operating mode;
establishing an isolated memory area in the memory, the isolated memory area to be accessible from the isolated execution mode and inaccessible from the normal ring 0 operating mode; and
generating an operating system (OS) nub key (OSNK) based at least in part on (a) an identification of an OS nub in the processing system and (b) a master binding key (BK0) of the platform. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A manufacture comprising:
-
a machine-accessible medium; and
instructions in the machine-accessible medium, wherein the instructions, when executed in a processing system with a processor capable of operating in (a) a normal ring 0 operating mode, (b) one or more higher ring operating modes above the normal ring 0 operating mode, and (c) an isolated execution mode, cause the processing system to perform operations comprising;
establishing an ordinary memory area in a memory responsive to the processor, the ordinary memory area to be accessible from the normal ring 0 operating mode;
establishing an isolated memory area in the memory, the isolated memory area to be accessible from the isolated execution mode and inaccessible from the normal ring 0 operating mode; and
generating an operating system (OS) nub key (OSNK) based at least in part on (a) an identification of an OS nub in the processing system and (b) a master binding key (BK0) of the platform. - View Dependent Claims (16, 17, 18)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeCarl M. Ellison, Derrick C. Lin, Francis X. Mckeen, Gilbert Neiger, Howard C. Herbert, James A. Sutton, Ken Reneris, Millind Mittal, Roger A. Golliver, Shreekant S. Thakkar
-
Original AssigneeCarl M. Ellison, Derrick C. Lin, Francis X. Mckeen, Gilbert Neiger, Howard C. Herbert, James A. Sutton, Ken Reneris, Millind Mittal, Roger A. Golliver, Shreekant S. Thakkar
-
InventorsThakkar, Shreekant S., Neiger, Gilbert, Ellison, Carl M., Mittal, Millind, Reneris, Ken, Lin, Derrick C., McKeen, Francis X., Sutton, James A., Herbert, Howard C., Golliver, Roger A.
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current726/26
-
CPC Class CodesG06F 21/53 by executing in a restricte...G06F 21/562 Static detectionG06F 21/57 Certifying or maintaining t...G06F 21/74 operating in dual or compar...G06F 2221/2105 Dual mode as a secondary as...G06F 9/468 Specific access rights for ...
