System and Method for Securely Restoring a Program Context from a Shared Memory
First Claim
1. A computer implemented method for restoring a secured program, the method comprising:
- setting a special purpose processor core in an isolation mode, wherein the special purpose processor core is included in a heterogeneous processor that includes the isolated special purpose processor core and one or more general purpose processor cores that can each access a shared memory, and wherein the isolated special purpose processor core includes a local memory that is inaccessible from the other heterogeneous processing cores while the special purpose processor core is running in the isolation mode;
receiving, at the isolated special purpose processor core, an identifier corresponding to the secured program;
reading an encrypted context corresponding to the identified secured program from the shared memory;
decrypting the encrypted context using an encryption key;
storing the decrypted context in the isolated special purpose processor core'"'"'s local memory, the decrypted context including the restored secured program;
verifying context integrity using a persistent security data that is retrieved from a secure location; and
executing instructions included in the restored secured program in response to the verification.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for securely restoring software program context is presented. A special purpose processor core is included in a heterogeneous processing environment where each processor can access a shared memory. The isolated special purpose processor core includes an isolated local memory. The isolated special purpose processor core receives an identifier corresponding to the secured program. The identifier is used to read an encrypted context of the secured program from the shared memory. The encrypted context is decrypted using an encryption key. The decrypted context is stored in the isolated special purpose processor core'"'"'s local memory. The secured program'"'"'s context integrity is verified by using a persistent security data that is retrieved from a secure location, such as a persistent storage register that can only be accessed when the special purpose processor core is running in isolation mode. If the context is verified, the secured program is executed.
24 Citations
23 Claims
-
1. A computer implemented method for restoring a secured program, the method comprising:
-
setting a special purpose processor core in an isolation mode, wherein the special purpose processor core is included in a heterogeneous processor that includes the isolated special purpose processor core and one or more general purpose processor cores that can each access a shared memory, and wherein the isolated special purpose processor core includes a local memory that is inaccessible from the other heterogeneous processing cores while the special purpose processor core is running in the isolation mode; receiving, at the isolated special purpose processor core, an identifier corresponding to the secured program; reading an encrypted context corresponding to the identified secured program from the shared memory; decrypting the encrypted context using an encryption key; storing the decrypted context in the isolated special purpose processor core'"'"'s local memory, the decrypted context including the restored secured program; verifying context integrity using a persistent security data that is retrieved from a secure location; and executing instructions included in the restored secured program in response to the verification. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An information handling system comprising:
-
a heterogeneous processor that includes one or more special purpose processor cores, wherein one of the special processors is running in an isolation mode, and one or more general purpose processor cores; a local memory corresponding to each of the plurality of heterogeneous processors, wherein the local memory corresponding to the isolated special purpose processor core is inaccessible by the other heterogeneous processor cores while the special purpose processor core is running in the isolation mode; a shared memory accessible by the heterogeneous processors; and a set of instructions stored in one of the local memories, wherein one or more of the heterogeneous processors executes the set of instructions in order to perform actions of; receiving, at the isolated special purpose processor core, an identifier corresponding to the secured program; reading an encrypted context corresponding to the identified secured program from the shared memory; decrypting the encrypted context using an encryption key; storing the decrypted context in the isolated special purpose processor core'"'"'s local memory, the decrypted context including the restored secured program; verifying context integrity using a persistent security data that is retrieved from a secure location; and executing instructions included in the restored secured program in response to the verification. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer program product stored in a computer readable medium, comprising functional descriptive material that, when executed by a information handling system, causes the information handling system to perform actions that include:
-
setting a special purpose processor core in an isolation mode, wherein the special purpose processor core is included in a heterogeneous processor that includes the isolated special purpose processor core and one or more general purpose processor cores that can each access a shared memory, and wherein the isolated special purpose processor core includes a local memory that is inaccessible from the other heterogeneous processing cores while the special purpose processor core is running in the isolation mode; receiving, at the isolated special purpose processor core, an identifier corresponding to the secured program; reading an encrypted context corresponding to the identified secured program from the shared memory; decrypting the encrypted context using an encryption key; storing the decrypted context in the isolated special purpose processor core'"'"'s local memory; verifying context integrity using a persistent security data that is retrieved from a secure location; and executing instructions included in the decrypted context in response to the verification. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
Specification