System and Method for Securely Saving and Restoring a Context of a Secure Program Loader

US 20080066075A1
Filed: 09/12/2006
Published: 03/13/2008
Est. Priority Date: 09/12/2006
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method for managing a context of a secure program loader, the method comprising:

interrupting a secured program running on an special purpose processor core that is running in isolation mode and is included in a heterogeneous processor, wherein the heterogeneous processor includes the isolated special purpose processor core and one or more general purpose processor cores that can each access a shared memory, and wherein the isolated special purpose processor core includes a local memory that is inaccessible from the general purpose processors;

encrypting the secured program'"'"'s context using a randomly generated encryption key;

storing the secured program'"'"'s encrypted context to the shared memory using a secure loader;

updating the secure loader'"'"'s context with the generated encryption key; and

saving the secure loader'"'"'s context to the shared memory, the saving of the secure loader'"'"'s context including;

generating a random persistent security data;

encrypting the secure loader'"'"'s context using the generated persistent security data;

storing the secure loader'"'"'s encrypted context in the shared memory; and

storing the persistent security data in a persistent storage register.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method and program product that securely saves and restores the context of a secure program loader is presented. An interrupt is sent to a secured program running on an special purpose processor core that is running in isolation mode. The special purpose processor core is included in a heterogeneous processing environment that includes the special purpose processor cores (including the isolated special purpose processor core), and one or more general purpose processors. Each of the processors can access a shared memory. The isolated special purpose processor core includes a local memory that is inaccessible from the other processors. The system encrypts the secured program'"'"'s context using a randomly generated encryption key and stores the context in the shared memory. A secure loader'"'"'s context is updated with the generated encryption key and then the secure loader'"'"'s context is saved to the shared memory.

59 Citations

View as Search Results

23 Claims

1. A computer implemented method for managing a context of a secure program loader, the method comprising:
- interrupting a secured program running on an special purpose processor core that is running in isolation mode and is included in a heterogeneous processor, wherein the heterogeneous processor includes the isolated special purpose processor core and one or more general purpose processor cores that can each access a shared memory, and wherein the isolated special purpose processor core includes a local memory that is inaccessible from the general purpose processors;
  
  encrypting the secured program'"'"'s context using a randomly generated encryption key;
  
  storing the secured program'"'"'s encrypted context to the shared memory using a secure loader;
  
  updating the secure loader'"'"'s context with the generated encryption key; and
  
  saving the secure loader'"'"'s context to the shared memory, the saving of the secure loader'"'"'s context including;
  
  generating a random persistent security data;
  
  encrypting the secure loader'"'"'s context using the generated persistent security data;
  
  storing the secure loader'"'"'s encrypted context in the shared memory; and
  
  storing the persistent security data in a persistent storage register.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein the persistent security data is a nonce, and wherein the encrypting is performed using a static encryption key.
  - 3. The method of claim 1 wherein the persistent security data is a randomly generated encryption key used in performing the encrypting.
  - 4. The method of claim 1 wherein the secure loader'"'"'s context includes the encryption key, a program identifier that identifies the secured program, and a program counter that corresponds to a location in the secured program where the secured program was interrupted.
  - 5. The method of claim 4 wherein the secure loader'"'"'s context includes a plurality of encryption keys, program identifiers, and program counters that correspond to a plurality of secured programs being managed by the secure loader.
  - 6. The method of claim 5 further comprising:
    - after saving the secure loader'"'"'s context;
      
      clearing the isolated special purpose processor core'"'"'s local memory, the clearing leaving the persistent storage register intact;
      
      setting the special purpose processor core in the isolation mode, the setting resulting in loading of the secure loader into the isolated special purpose processor core'"'"'s local memory from a read-only memory;
      
      retrieving the persistent security data from the persistent storage register;
      
      restoring the secure loader'"'"'s context using the retrieved persistent security data;
      
      receiving a second secured program identifier corresponding to a second secured program to load in the isolated special purpose processor core'"'"'s local memory;
      
      retrieving a second encryption key and a second program counter from a record in the secure loader'"'"'s context that matches the received second secured program identifier;
      
      restoring the second secured program by;
      
      reading a second encrypted context corresponding to the second secured program from the shared memory;
      
      decrypting the second secured program'"'"'s encrypted context using the second encryption key;
      
      storing the second secured program'"'"'s decrypted context in the isolated special purpose processor core'"'"'s local memory; and
      
      branching to the second program counter to execute the second secured program at a location where the second secured program was previously interrupted.
  - 7. The method of claim 1 further comprising:
    - after saving the secure loader'"'"'s context;
      
      clearing the isolated special purpose processor core'"'"'s local memory, the clearing leaving the persistent storage register intact;
      
      returning the special purpose processor core to a non-isolation mode; and
      
      loading a second program in the special processing unit running in non-isolation mode, wherein the persistent storage register is only accessible when the special purpose processor core is running in isolation mode.
  - 8. The method of claim 1 further comprising:
    - inputting the secure loader'"'"'s encrypted context to a signature generation function, the signature generation function resulting in an signature result; and
      
      storing the signature result in the shared memory.

9. An information handling system comprising:
- a heterogeneous processor, that includes one or more special purpose processor cores, wherein one of the special processors is running in isolation mode, and one or more general purpose processor cores;
  
  a local memory corresponding to each of the plurality of heterogeneous processors, wherein the local memory corresponding to the isolated special purpose processor core is inaccessible by the other heterogeneous processors while the special purpose processor core is running in the isolation mode;
  
  one or more persistent storage registers, wherein each persistent storage register corresponds to one of the special purpose processor cores and wherein data stored in the persistent storage register is only accessible when the special purpose processor core is running in isolation mode;
  
  a shared memory accessible by the heterogeneous processors; and
  
  a set of instructions stored in one of the local memories, wherein one or more of the heterogeneous processors executes the set of instructions in order to perform actions of;
  
  interrupting a secured program running on the isolated special purpose processor core;
  
  encrypting the secured program'"'"'s context using a randomly generated encryption key;
  
  storing the secured program'"'"'s encrypted context to the shared memory using a secure loader;
  
  updating the secure loader'"'"'s context with the generated encryption key; and
  
  saving the secure loader'"'"'s context to the shared memory, the saving of the secure loader'"'"'s context including;
  
  generating a random persistent security data;
  
  encrypting the secure loader'"'"'s context using the generated persistent security data;
  
  storing the secure loader'"'"'s encrypted context in the shared memory; and
  
  storing the persistent security data in the isolated special purpose processor core'"'"'s persistent storage register.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The information handling system of claim 9 wherein the persistent security data is a nonce, and wherein the encrypting is performed using a static encryption key.
  - 11. The information handling system of claim 9 wherein the persistent security data is a randomly generated encryption key used in performing the encrypting.
  - 12. The information handling system of claim 9 wherein the secure loader'"'"'s context includes the encryption key, a program identifier that identifies the secured program, and a program counter that corresponds to a location in the secured program where the secured program was interrupted.
  - 13. The information handling system of claim 12 wherein the secure loader'"'"'s context includes a plurality of encryption keys, program identifiers, and program counters that correspond to a plurality of secured programs being managed by the secure loader.
  - 14. The information handling system of claim 13 comprising the set of instructions further performing actions of:
    - a read-only memory accessible by the processors, wherein a static copy of the secure loader is stored in the read-only memory, wherein, after saving the secure loader'"'"'s context, the set of instructions further perform actions of;
      
      clearing the isolated special purpose processor core'"'"'s local memory, the clearing leaving the persistent storage register intact;
      
      setting the special purpose processor core in the isolation mode, the setting resulting in loading the static copy of the secure loader from the read-only memory into the isolated special purpose processor core'"'"'s local memory;
      
      retrieving the persistent security data from the persistent storage register;
      
      restoring the secure loader'"'"'s context using the retrieved persistent security data;
      
      receiving a second secured program identifier corresponding to a second secured program to load in the isolated special purpose processor core'"'"'s local memory;
      
      retrieving a second encryption key and a second program counter from a record in the secure loader'"'"'s context that matches the received second secured program identifier;
      
      restoring the second secured program by;
      
      reading a second encrypted context corresponding to the second secured program from the shared memory;
      
      decrypting the second secured program'"'"'s encrypted context using the second encryption key;
      
      storing the second secured program'"'"'s decrypted context in the isolated special purpose processor core'"'"'s local memory; and
      
      branching to the second program counter to execute the second secured program at a location where the second secured program was previously interrupted.
  - 15. The information handling system of claim 9, wherein after saving the secure loader'"'"'s context, the set of instructions further performs actions of:
    - clearing the isolated special purpose processor core'"'"'s local memory, the clearing leaving the persistent storage register intact;
      
      returning the special purpose processor core to a non-isolation mode; and
      
      loading a second program in the special processing unit running in non-isolation mode, wherein the persistent storage register is only accessible when the special purpose processor core is running in isolation mode.
  - 16. The information handling system of claim 9 comprising the set of instructions further performing actions of:
    - inputting the secure loader'"'"'s encrypted context to a signature generation function, the signature generation function resulting in an signature result; and
      
      storing the signature result in the shared memory.

17. A computer program product stored in a computer readable medium, comprising functional descriptive material that, when executed by a information handling system, causes the information handling system to perform actions that include:
- interrupting a secured program running on an special purpose processor core that is running in isolation mode and is included in a heterogeneous processor, wherein the heterogeneous processor includes the isolated special purpose processor core and one or more general purpose processor cores that can each access a shared memory, and wherein the isolated special purpose processor core includes a local memory that is inaccessible from the general purpose processors while the special purpose processor core is running in the isolation mode;
  
  encrypting the secured program'"'"'s context using a randomly generated encryption key;
  
  storing the secured program'"'"'s encrypted context to the shared memory using a secure loader;
  
  updating the secure loader'"'"'s context with the generated encryption key; and
  
  saving the secure loader'"'"'s context to the shared memory, the saving of the secure loader'"'"'s context including;
  
  generating a random persistent security data;
  
  encrypting the secure loader'"'"'s context using the generated persistent security data;
  
  storing the secure loader'"'"'s encrypted context in the shared memory; and
  
  storing the persistent security data in a persistent storage register.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The computer program product of claim 17 wherein the persistent security data is a nonce, and wherein the encrypting is performed using a static encryption key.
  - 19. The computer program product of claim 17 wherein the persistent security data is a randomly generated encryption key used in performing the encrypting.
  - 20. The computer program product of claim 17 wherein the secure loader'"'"'s context includes a plurality of encryption keys, program identifiers, and program counters that correspond to a plurality of secured programs being managed by the secure loader.
  - 21. The computer program product of claim 20 further comprising functional descriptive material that, when executed by the information handling system, causes the information handling system to perform actions that include:
    - after saving the secure loader'"'"'s context;
      
      clearing the isolated special purpose processor core'"'"'s local memory, the clearing leaving the persistent storage register intact;
      
      setting the special purpose processor core in the isolation mode, the setting resulting in loading of the secure loader into the isolated special purpose processor core'"'"'s local memory from a read-only memory;
      
      retrieving the persistent security data from the persistent storage register;
      
      restoring the secure loader'"'"'s context using the retrieved persistent security data;
      
      receiving a second secured program identifier corresponding to a second secured program to load in the isolated special purpose processor core'"'"'s local memory;
      
      retrieving a second encryption key and a second program counter from a record in the secure loader'"'"'s context that matches the received second secured program identifier;
      
      restoring the second secured program by;
      
      reading a second encrypted context corresponding to the second secured program from the shared memory;
      
      decrypting the second secured program'"'"'s encrypted context using the second encryption key;
      
      storing the second secured program'"'"'s decrypted context in the isolated special purpose processor core'"'"'s local memory; and
      
      branching to the second program counter to execute the second secured program at a location where the second secured program was previously interrupted.
  - 22. The computer program product of claim 17 further comprising functional descriptive material that, when executed by a information handling system, causes the information handling system to perform actions that include:
    - after saving the secure loader'"'"'s context;
      
      clearing the isolated special purpose processor core'"'"'s local memory, the clearing leaving the persistent storage register intact;
      
      returning the special purpose processor core to a non-isolation mode; and
      
      loading a second program in the special processing unit running in non-isolation mode, wherein the persistent storage register is only accessible when the special purpose processor core is running in isolation mode.
  - 23. The computer program product of claim 17 further comprising functional descriptive material that, when executed by a information handling system, causes the information handling system to perform actions that include:
    - inputting the secure loader'"'"'s encrypted context to a signature generation function, the signature generation function resulting in an signature result; and
      
      storing the signature result in the shared memory.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Shimizu, Kanna, Nutter, Mark Richard

Granted Patent

US 8,190,917 B2
Time in Patent Office

Days
Field of Search
US Class Current

718/107
CPC Class Codes

G06F 9/485 Task life-cycle, e.g. stopp...

System and Method for Securely Saving and Restoring a Context of a Secure Program Loader

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

59 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

System and Method for Securely Saving and Restoring a Context of a Secure Program Loader

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

59 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links