INITIALIZATION OF A MICROPROCESSOR PROVIDING FOR EXECUTION OF SECURE CODE
First Claim
1. An apparatus providing for a secure execution environment, comprising:
- a microprocessor, configured to execute non-secure application programs and a secure application program, wherein said non-secure application programs are accessed from a system memory via a system bus, said microprocessor comprising;
secure execution mode initialization logic, configured to provide for initialization of a secure execution mode within said microprocessor for execution of said secure application program, wherein said secure execution mode initialization logic employs an asymmetric key algorithm to decrypt an enable parameter that directs said microprocessor to enter said secure execution mode; and
an authorized public key, configured for employment by a cryptographic unit within said microprocessor to decrypt said enable parameter, said enable parameter having been encrypted according to said asymmetric key algorithm using an authorized private key that corresponds to said authorized public key; and
a secure non-volatile memory, coupled to said microprocessor via a private bus, configured to store said secure application program following initialization of said secure execution mode, wherein transactions over said private bus between said microprocessor and said secure non-volatile memory are isolated from said system bus and corresponding system bus resources within said microprocessor.
1 Assignment
0 Petitions
Accused Products
Abstract
An apparatus including a microprocessor and a secure non-volatile memory. The microprocessor executes non-secure application programs and a secure application program. The microprocessor has secure execution mode initialization logic and an authorized public key. The secure execution mode initialization logic provides for initialization of a secure execution mode within the microprocessor. The secure execution mode initialization logic employs an asymmetric key algorithm to decrypt an enable parameter directing entry into the secure execution mode. The authorized public key is used to decrypt the enable parameter, the enable parameter having been encrypted according to the asymmetric key algorithm using an authorized private key that corresponds to the authorized public key. The secure non-volatile memory stores the secure application program, where transactions over the private bus between the microprocessor and the secure non-volatile memory are isolated from the system bus and corresponding system bus resources within the microprocessor.
-
Citations
30 Claims
-
1. An apparatus providing for a secure execution environment, comprising:
-
a microprocessor, configured to execute non-secure application programs and a secure application program, wherein said non-secure application programs are accessed from a system memory via a system bus, said microprocessor comprising; secure execution mode initialization logic, configured to provide for initialization of a secure execution mode within said microprocessor for execution of said secure application program, wherein said secure execution mode initialization logic employs an asymmetric key algorithm to decrypt an enable parameter that directs said microprocessor to enter said secure execution mode; and an authorized public key, configured for employment by a cryptographic unit within said microprocessor to decrypt said enable parameter, said enable parameter having been encrypted according to said asymmetric key algorithm using an authorized private key that corresponds to said authorized public key; and a secure non-volatile memory, coupled to said microprocessor via a private bus, configured to store said secure application program following initialization of said secure execution mode, wherein transactions over said private bus between said microprocessor and said secure non-volatile memory are isolated from said system bus and corresponding system bus resources within said microprocessor. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A microprocessor apparatus, for executing secure code within a secure execution environment, the microprocessor apparatus comprising:
-
a secure non-volatile memory, configured to store a secure application program; and a microprocessor, coupled to said secure non-volatile memory via a private bus, configured to execute non-secure application programs and said secure application program, said microprocessor comprising; secure execution mode initialization logic, configured to provide for initialization of a secure execution mode within said microprocessor for execution of said secure application program, wherein said secure execution mode initialization logic employs an asymmetric key algorithm to decrypt an enable parameter that directs said microprocessor to enter said secure execution mode; and an authorized public key, configured for employment by a cryptographic unit within said microprocessor to decrypt said enable parameter, said enable parameter having been encrypted according to said asymmetric key algorithm using an authorized private key that corresponds to said authorized public key. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method for executing secure code within a secure execution environment, the method comprising:
-
providing a secure non-volatile memory for storage of the secure code, wherein the secure code is to be stored within the secure non-volatile memory via private transactions accomplished over a private bus that is coupled to the secure non-volatile memory; and initializing a secure execution mode within a microprocessor for execution of the secure code, said initializing comprising; via a cryptographic unit within the microprocessor, employing an authorized public key to decrypt an enable parameter according to an asymmetric key algorithm, the enable parameter having been encrypted according to the asymmetric key algorithm using a corresponding authorized private key; wherein the private bus is isolated from all system bus resources within the microprocessor and external to the microprocessor, and wherein the private bus is observable and accessible exclusively by secure execution logic within the microprocessor. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification