BRANCH AND SWITCH KEY INSTRUCTION IN A MICROPROCESSOR THAT FETCHES AND DECRYPTS ENCRYPTED INSTRUCTIONS
First Claim
1. A microprocessor, comprising:
- a fetch unit, configured to fetch and decrypt a branch and switch key instruction using first decryption key data; and
microcode, configured to;
cause the fetch unit to fetch and decrypt the next sequential instruction after the branch and switch key instruction using the first decryption key data, if the direction of the branch and switch key instruction is not taken; and
cause the fetch unit to fetch and decrypt a target instruction of the branch and switch key instruction using second decryption key data that is different from the first decryption key data, if the direction of the branch and switch key instruction is taken.
1 Assignment
0 Petitions
Accused Products
Abstract
A microprocessor includes a fetch unit that fetches and decrypts an (atomic) branch and switch key instruction using first decryption key data. If the branch direction is not taken, the fetch unit fetches and decrypts the next sequential instruction after the branch and switch key instruction using the first decryption key data. If the direction is taken, the fetch unit fetches and decrypts a target instruction of the branch and switch key instruction using second decryption key data that is different from the first decryption key data. The instruction points to the decryption key data; alternatively, the microprocessor consults a mapping of target address ranges to decryption key data. An encryption program replaces conventional inter-program-chunk branch instructions with branch and switch key instructions before encrypting the program using information that divides the program into a sequence of chunks each chunk being a sequence of instructions and having distinct associated encryption key data.
-
Citations
31 Claims
-
1. A microprocessor, comprising:
-
a fetch unit, configured to fetch and decrypt a branch and switch key instruction using first decryption key data; and microcode, configured to; cause the fetch unit to fetch and decrypt the next sequential instruction after the branch and switch key instruction using the first decryption key data, if the direction of the branch and switch key instruction is not taken; and cause the fetch unit to fetch and decrypt a target instruction of the branch and switch key instruction using second decryption key data that is different from the first decryption key data, if the direction of the branch and switch key instruction is taken. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for processing an encrypted program by a microprocessor, the method comprising:
-
fetching and decrypting a branch and switch key instruction using first decryption key data; if the direction of the branch and switch key instruction is not taken, fetching and decrypting the next sequential instruction after the branch and switch key instruction using the first decryption key data; and if the direction of the branch and switch key instruction is taken, fetching and decrypting a target instruction of the branch and switch key instruction using second decryption key data that is different from the first decryption key data. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A method for encrypting a program for subsequent execution by a microprocessor configured to decrypt and execute the encrypted program, the method comprising:
-
receiving an object file specifying an unencrypted program that includes conventional branch instructions whose target address may be determined prior to the time in which the microprocessor runs the program; analyzing the program to obtain chunk information, wherein the chunk information divides the program into a sequence of chunks, wherein each of the chunks comprises a sequence of instructions, wherein the chunk information further comprises encryption key data associated with each of the chunks, wherein the encryption key data associated with each of the chunks is distinct; replacing each of the conventional branch instructions that specifies a target address that is within a different chunk than the chunk in which the conventional branch instruction resides with a branch and switch key instruction; and encrypting the program based on the chunk information. - View Dependent Claims (26, 27)
-
-
28. A method for encrypting a program for subsequent execution by a microprocessor configured to decrypt and execute the encrypted program, the method comprising:
-
receiving an object file specifying an unencrypted program that includes conventional branch instructions whose target address may only be determined at the time in which the microprocessor runs the program; analyzing the program to obtain chunk information, wherein the chunk information divides the program into a sequence of chunks, wherein each of the chunks comprises a sequence of instructions, wherein the chunk information further comprises encryption key data associated with each of the chunks, wherein the encryption key data associated with each of the chunks is distinct; replacing each of the conventional branch instructions with a branch and switch key instruction; and encrypting the program based on the chunk information. - View Dependent Claims (29, 30, 31)
-
Specification