MICROPROCESSOR HAVING A SECURE EXECUTION MODE WITH PROVISIONS FOR MONITORING, INDICATING, AND MANAGING SECURITY LEVELS

US 20090293130A1
Filed: 10/31/2008
Published: 11/26/2009
Est. Priority Date: 05/24/2008
Status: Active Grant

First Claim

Patent Images

1. An apparatus providing for a secure execution environment, comprising:

a microprocessor, configured to execute non-secure application programs and a secure application program, wherein said non-secure application programs are accessed from a system memory via a system bus, and wherein said secure application program is executed in a secure execution mode, said microprocessor comprising;

a watchdog manager, configured to dynamically monitor physical and operating environments of said microprocessor by noting and evaluating data communicated by a plurality of monitors, and configured to classify said data to indicate a security level associated with execution of said secure application program, and configured to direct secure execution mode logic within said microprocessor to perform responsive actions in accordance with said security level, wherein said plurality of monitors operates independently of execution of said secure application program.a secure non-volatile memory, coupled to said microprocessor via a private bus, configured to store said secure application program, wherein transactions over said private bus between said microprocessor and said secure non-volatile memory are isolated from said system bus and corresponding system bus resources within said microprocessor.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus providing for a secure execution environment including a microprocessor and a secure non-volatile memory. The microprocessor executes non-secure application programs and a secure application program. The non-secure application programs are accessed from a system memory via a system bus, and the secure application program is executed in a secure execution mode. The microprocessor has a watchdog manager that monitors environments of the microprocessor by noting and evaluating data communicated by a plurality of monitors, and that classifies the data to indicate a security level associated with execution of the secure application program, and that directs secure execution mode logic to perform responsive actions in accordance with the security level. The secure non-volatile memory is coupled to the microprocessor via a private bus, and stores the secure application program. Transactions over the private bus are isolated from the system bus and corresponding system bus resources within the microprocessor.

Citations

24 Claims

1. An apparatus providing for a secure execution environment, comprising:
- a microprocessor, configured to execute non-secure application programs and a secure application program, wherein said non-secure application programs are accessed from a system memory via a system bus, and wherein said secure application program is executed in a secure execution mode, said microprocessor comprising;
  
  a watchdog manager, configured to dynamically monitor physical and operating environments of said microprocessor by noting and evaluating data communicated by a plurality of monitors, and configured to classify said data to indicate a security level associated with execution of said secure application program, and configured to direct secure execution mode logic within said microprocessor to perform responsive actions in accordance with said security level, wherein said plurality of monitors operates independently of execution of said secure application program.a secure non-volatile memory, coupled to said microprocessor via a private bus, configured to store said secure application program, wherein transactions over said private bus between said microprocessor and said secure non-volatile memory are isolated from said system bus and corresponding system bus resources within said microprocessor.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The apparatus as recited in claim 1, wherein said plurality of monitors comprises:
    - a processor voltage monitor, configured to monitor to power and bus termination voltages provided to said microprocessor from a system board, wherein low and high limits for said voltages are programmed via a machine specific register within said secure execution mode logic, and wherein excursions from said limits are reported to said watchdog manager.
  - 3. The apparatus as recited in claim 1, wherein said plurality of monitors comprises:
    - an accurate thermal monitor, configured to constantly monitor die temperature of said microprocessor, wherein low and high temperature limits for said die temperature are programmed via a machine specific register within said secure execution mode logic, and wherein excursions from said limits are reported to said watchdog manager.
  - 4. The apparatus as recited in claim 1, wherein said plurality of monitors comprises:
    - a data monitor, configured to detect cryptographic and configuration errors associated with said secure application program when fetching said secure application program from said secure non-volatile memory, wherein said errors are reported to said watchdog manager.
  - 5. The apparatus as recited in claim 1, wherein said plurality of monitors comprises:
    - a secure time stamp counter, configured to count the number of cycles of a core clock signal during execution of said secure application program, and configured to compare said number of cycles to a value of a normal time stamp counter, and configured to report that a ratio is exceeded to said watchdog manager, wherein said ratio is programmed via a machine specific register within said secure execution mode logic.
  - 6. The apparatus as recited in claim 1, wherein said plurality of monitors comprises:
    - a bus clock monitor, configured to determine both short term and long term integrity of a system bus clock which is provided to said microprocessor, and configured to report to said watchdog logic if said system bus clock is held flat for an undue number of cycles, and configured to report to said watchdog logic if said system bus clock is frequency of said system bus clock experiences a gradual frequency variation.
  - 7. The apparatus as recited in claim 6, wherein said bus clock monitor determines clock-to-clock variation of said bus clock, and wherein an unacceptable clock-to-clock variation is reported to said watchdog logic.
  - 8. The apparatus as recited in claim 6, wherein said bus clock monitor comprises:
    - a frequency reference unit, configured to generate a frequency reference that is proportional to said system bus clock, wherein a derivative of said system bus clock is compared to said frequency reference to determine frequency variation of said system bus clock.

9. A microprocessor apparatus, for executing secure code within a secure execution environment, the microprocessor apparatus comprising:
- a secure non-volatile memory, configured to store a secure application program; and
  
  a microprocessor, coupled to said secure non-volatile memory via a private bus, configured to execute non-secure application programs and said secure application program, wherein said secure application program is executed in a secure execution mode, said microprocessor comprising;
  
  a watchdog manager, configured to dynamically monitor physical and operating environments of said microprocessor by noting and evaluating data communicated by a plurality of monitors, and configured to classify said data to indicate a security level associated with execution of said secure application program, and configured to direct secure execution mode logic within said microprocessor to perform responsive actions in accordance with said security level, wherein said plurality of monitors operates independently of execution of said secure application program.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The microprocessor apparatus as recited in claim 9, wherein said plurality of monitors comprises:
    - a processor voltage monitor, configured to monitor to power and bus termination voltages provided to said microprocessor from a system board, wherein low and high limits for said voltages are programmed via a machine specific register within said secure execution mode logic, and wherein excursions from said limits are reported to said watchdog manager.
  - 11. The microprocessor apparatus as recited in claim 9, wherein said plurality of monitors comprises:
    - an accurate thermal monitor, configured to constantly monitor die temperature of said microprocessor, wherein low and high temperature limits for said die temperature are programmed via a machine specific register within said secure execution mode logic, and wherein excursions from said limits are reported to said watchdog manager.
  - 12. The microprocessor apparatus as recited in claim 9, wherein said plurality of monitors comprises:
    - a data monitor, configured to detect cryptographic and configuration errors associated with said secure application program when fetching said secure application program from said secure non-volatile memory, wherein said errors are reported to said watchdog manager.
  - 13. The microprocessor apparatus as recited in claim 9, wherein said plurality of monitors comprises:
    - a secure time stamp counter, configured to count the number of cycles of a core clock signal during execution of said secure application program, and configured to compare said number of cycles to a value of a normal time stamp counter, and configured to report that a ratio is exceeded to said watchdog manager, wherein said ratio is programmed via a machine specific register within said secure execution mode logic.
  - 14. The microprocessor apparatus as recited in claim 9, wherein said plurality of monitors comprises:
    - a bus clock monitor, configured to determine both short term and long term integrity of a system bus clock which is provided to said microprocessor, and configured to report to said watchdog logic if said system bus clock is held flat for an undue number of cycles, and configured to report to said watchdog logic if said system bus clock is frequency of said system bus clock experiences a gradual frequency variation.
  - 15. The microprocessor apparatus as recited in claim 14, wherein said bus clock monitor determines clock-to-clock variation of said bus clock, and wherein an unacceptable clock-to-clock variation is reported to said watchdog logic.
  - 16. The microprocessor apparatus as recited in claim 14, wherein said bus clock monitor comprises:
    - a frequency reference unit, configured to generate a frequency reference that is proportional to said system bus clock, wherein a derivative of said system bus clock is compared to said frequency reference to determine frequency variation of said system bus clock.

17. A method for executing secure code within a secure execution environment, the method comprising:
- providing a secure non-volatile memory for storage of the secure code, wherein the secure code is within the secure non-volatile memory via private transactions accomplished over a private bus that is coupled between the secure non-volatile memory and a microprocessor, wherein the private bus is isolated from all system bus resources within the microprocessor and external to the microprocessor, and wherein the private bus is observable and accessible exclusively by secure execution logic within the microprocessor;
  
  first monitoring physical and operating environments of the microprocessor by noting and evaluating data communicated by a plurality of monitors, wherein the plurality of monitors operates independently of execution of the secure code;
  
  classifying the data to indicate a security level associated with execution of the secure code; and
  
  performing responsive actions in accordance with the security level.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The method as recited in claim 17, wherein said first monitoring comprises:
    - second monitoring power and bus termination voltages provided to the microprocessor from a system board, wherein low and high limits for the voltages are programmed via a machine specific register within the secure execution mode logic, and wherein excursions from the limits are reported to the watchdog manager.
  - 19. The method as recited in claim 17, wherein said first monitoring comprises:
    - second monitoring die temperature of the microprocessor, wherein low and high temperature limits for the die temperature are programmed via a machine specific register within the secure execution mode logic, and wherein excursions from the limits are reported to the watchdog manager.
  - 20. The method as recited in claim 17, wherein said first monitoring comprises:
    - detecting cryptographic and configuration errors associated with the secure application program when fetching the secure application program from the secure non-volatile memory, wherein the errors are reported to the watchdog manager.
  - 21. The method as recited in claim 17, wherein said first monitoring comprises:
    - counting the number of cycles of a core clock signal during execution of the secure application program, and comparing the number of cycles to a value of a normal time stamp counter, and reporting that a ratio is exceeded to the watchdog manager, wherein the ratio is programmed via a machine specific register within the secure execution mode logic.
  - 22. The method as recited in claim 17, wherein said first monitoring comprises:
    - determining both short term and long term integrity of a system bus clock which is provided to the microprocessor, and first reporting to the watchdog logic if the system bus clock is held flat for an undue number of cycles, and second reporting to the watchdog logic if the system bus clock is frequency of the system bus clock experiences a gradual frequency variation.
  - 23. The method as recited in claim 22, wherein the bus clock monitor determines clock-to-clock variation of the bus clock, and wherein an unacceptable clock-to-clock variation is reported to the watchdog logic.
  - 24. The method as recited in claim 22, wherein said determining comprises:
    - generating a frequency reference that is proportional to the system bus clock, wherein a derivative of the system bus clock is compared to the frequency reference to determine frequency variation of the system bus clock.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
VIA Technologies Incorporated (VIA Technologies)
Original Assignee
VIA Technologies Incorporated (VIA Technologies)
Inventors
Parks, Terry, Henry, G. Glenn

Granted Patent

US 8,819,839 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/26
CPC Class Codes

G06F 21/72   in cryptographic circuits

G06F 21/74   operating in dual or compar...

G06F 21/79   in semiconductor storage me...

MICROPROCESSOR HAVING A SECURE EXECUTION MODE WITH PROVISIONS FOR MONITORING, INDICATING, AND MANAGING SECURITY LEVELS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

MICROPROCESSOR HAVING A SECURE EXECUTION MODE WITH PROVISIONS FOR MONITORING, INDICATING, AND MANAGING SECURITY LEVELS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links