System and Method for Securely Saving and Restoring a Context of a Secure Program Loader
First Claim
1. A computer implemented method for managing a context of a secure program loader, the method comprising:
- interrupting a secured program running on an special purpose processor core that is running in isolation mode and is included in a heterogeneous processor, wherein the heterogeneous processor includes the isolated special purpose processor core and one or more general purpose processor cores that can each access a shared memory, and wherein the isolated special purpose processor core includes a local memory that is inaccessible from the general purpose processors;
encrypting the secured program'"'"'s context using a randomly generated encryption key;
storing the secured program'"'"'s encrypted context to the shared memory using a secure loader;
updating the secure loader'"'"'s context with the generated encryption key; and
saving the secure loader'"'"'s context to the shared memory, the saving of the secure loader'"'"'s context including;
generating a random persistent security data;
encrypting the secure loader'"'"'s context using the generated persistent security data;
storing the secure loader'"'"'s encrypted context in the shared memory; and
storing the persistent security data in a persistent storage register.
1 Assignment
0 Petitions
Accused Products
Abstract
A system, method and program product that securely saves and restores the context of a secure program loader is presented. An interrupt is sent to a secured program running on an special purpose processor core that is running in isolation mode. The special purpose processor core is included in a heterogeneous processing environment that includes the special purpose processor cores (including the isolated special purpose processor core), and one or more general purpose processors. Each of the processors can access a shared memory. The isolated special purpose processor core includes a local memory that is inaccessible from the other processors. The system encrypts the secured program'"'"'s context using a randomly generated encryption key and stores the context in the shared memory. A secure loader'"'"'s context is updated with the generated encryption key and then the secure loader'"'"'s context is saved to the shared memory.
-
Citations
23 Claims
-
1. A computer implemented method for managing a context of a secure program loader, the method comprising:
-
interrupting a secured program running on an special purpose processor core that is running in isolation mode and is included in a heterogeneous processor, wherein the heterogeneous processor includes the isolated special purpose processor core and one or more general purpose processor cores that can each access a shared memory, and wherein the isolated special purpose processor core includes a local memory that is inaccessible from the general purpose processors; encrypting the secured program'"'"'s context using a randomly generated encryption key; storing the secured program'"'"'s encrypted context to the shared memory using a secure loader; updating the secure loader'"'"'s context with the generated encryption key; and saving the secure loader'"'"'s context to the shared memory, the saving of the secure loader'"'"'s context including; generating a random persistent security data; encrypting the secure loader'"'"'s context using the generated persistent security data; storing the secure loader'"'"'s encrypted context in the shared memory; and storing the persistent security data in a persistent storage register. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An information handling system comprising:
-
a heterogeneous processor, that includes one or more special purpose processor cores, wherein one of the special processors is running in isolation mode, and one or more general purpose processor cores; a local memory corresponding to each of the plurality of heterogeneous processors, wherein the local memory corresponding to the isolated special purpose processor core is inaccessible by the other heterogeneous processors while the special purpose processor core is running in the isolation mode; one or more persistent storage registers, wherein each persistent storage register corresponds to one of the special purpose processor cores and wherein data stored in the persistent storage register is only accessible when the special purpose processor core is running in isolation mode; a shared memory accessible by the heterogeneous processors; and a set of instructions stored in one of the local memories, wherein one or more of the heterogeneous processors executes the set of instructions in order to perform actions of; interrupting a secured program running on the isolated special purpose processor core; encrypting the secured program'"'"'s context using a randomly generated encryption key; storing the secured program'"'"'s encrypted context to the shared memory using a secure loader; updating the secure loader'"'"'s context with the generated encryption key; and saving the secure loader'"'"'s context to the shared memory, the saving of the secure loader'"'"'s context including; generating a random persistent security data; encrypting the secure loader'"'"'s context using the generated persistent security data; storing the secure loader'"'"'s encrypted context in the shared memory; and storing the persistent security data in the isolated special purpose processor core'"'"'s persistent storage register. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer program product stored in a computer readable medium, comprising functional descriptive material that, when executed by a information handling system, causes the information handling system to perform actions that include:
-
interrupting a secured program running on an special purpose processor core that is running in isolation mode and is included in a heterogeneous processor, wherein the heterogeneous processor includes the isolated special purpose processor core and one or more general purpose processor cores that can each access a shared memory, and wherein the isolated special purpose processor core includes a local memory that is inaccessible from the general purpose processors while the special purpose processor core is running in the isolation mode; encrypting the secured program'"'"'s context using a randomly generated encryption key; storing the secured program'"'"'s encrypted context to the shared memory using a secure loader; updating the secure loader'"'"'s context with the generated encryption key; and saving the secure loader'"'"'s context to the shared memory, the saving of the secure loader'"'"'s context including; generating a random persistent security data; encrypting the secure loader'"'"'s context using the generated persistent security data; storing the secure loader'"'"'s encrypted context in the shared memory; and storing the persistent security data in a persistent storage register. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
Specification