Security Enclave Processor for a System on a Chip

US 20140089682A1
Filed: 09/25/2012
Published: 03/27/2014
Est. Priority Date: 09/25/2012
Status: Active Grant

First Claim

Patent Images

1. An integrated circuit comprising, all integrated on a single semiconductor substrate:

one or more application processors, wherein each application processor comprises hardware configured to execute instructions;

a memory controller coupled to the one or more application processors;

a security circuit including at least one additional processor and one or more security peripherals, wherein the additional processor comprises hardware configured to execute instructions, and the additional processor is separate from the one or more application processors, and wherein the security circuit is isolated from access by the application processors and other components of the integrated circuit except through a secure mailbox mechanism implemented in the security circuit, and wherein the one or more application processors are configured to write a message to the secure mailbox mechanism to request operation of the security circuit, and wherein the additional processor is configured to read the secure mailbox mechanism, determine whether or not the operation is permitted, and perform the operation responsive to determining that the operation is permitted.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An SOC implements a security enclave processor (SEP). The SEP may include a processor and one or more security peripherals. The SEP may be isolated from the rest of the SOC (e.g. one or more central processing units (CPUs) in the SOC, or application processors (APs) in the SOC). Access to the SEP may be strictly controlled by hardware. For example, a mechanism in which the CPUs/APs can only access a mailbox location in the SEP is described. The CPU/AP may write a message to the mailbox, which the SEP may read and respond to. The SEP may include one or more of the following in some embodiments: secure key management using wrapping keys, SEP control of boot and/or power management, and separate trust zones in memory.

35 Citations

19 Claims

1. An integrated circuit comprising, all integrated on a single semiconductor substrate:
- one or more application processors, wherein each application processor comprises hardware configured to execute instructions;
  
  a memory controller coupled to the one or more application processors;
  
  a security circuit including at least one additional processor and one or more security peripherals, wherein the additional processor comprises hardware configured to execute instructions, and the additional processor is separate from the one or more application processors, and wherein the security circuit is isolated from access by the application processors and other components of the integrated circuit except through a secure mailbox mechanism implemented in the security circuit, and wherein the one or more application processors are configured to write a message to the secure mailbox mechanism to request operation of the security circuit, and wherein the additional processor is configured to read the secure mailbox mechanism, determine whether or not the operation is permitted, and perform the operation responsive to determining that the operation is permitted.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The integrated circuit as recited in claim 1 wherein the one or more security peripherals comprise an authentication peripheral.
  - 3. The integrated circuit as recited in claim 1 wherein the one or more security peripherals comprise an encryption peripheral.
  - 4. The integrated circuit as recited in claim 1 wherein the one or more security peripherals comprise a boot read-only-memory (ROM) accessible only to the additional processor and configured to store code executable on the additional processor.
  - 5. The integrated circuit as recited in claim 4 further comprising a second boot ROM coupled to the one or more application processors, wherein the second boot ROM is configured to store second code executable by the application processors.

6. A system comprising:
- one or more processors forming a central processing unit (CPU) complex configured to execute an operating system in the system, wherein the one or more processors each comprise hardware configured to execute instructions included in the operating system; and
  
  a security circuit coupled to the one or more processors, wherein the security circuit comprises at least one secure processor and one or more security peripherals, wherein the security circuit is isolated from access by the CPU complex except through a secure mailbox mechanism implemented in the security circuit, and wherein the security circuit is configured to provide at least one secure service in response to a request by the CPU complex received in the secure mailbox mechanism, wherein the secure processor comprises hardware configured to execute instructions to perform at least a portion of the secure service, and wherein the secure processor is separate from the one or more processors, and wherein the secure processor is configured to determine whether or not the secure service is permitted to the CPU complex, and wherein the security circuit is configured perform the secure service responsive to the secure processor determining that the secure service is permitted.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The system as recited in claim 6 wherein the secure mailbox mechanism includes an inbox and an outbox, and wherein the security circuit is configured to accept write operations directed to the inbox and read operations directed to the outbox.
  - 8. The system as recited in claim 7 wherein the security circuit is configured to return nonce data for read operations not directed to the outbox.
  - 9. The system as recited in claim 7 wherein the security circuit is configured to discard a write operation that is not directed to the inbox.
  - 10. The system as recited in claim 6 further comprising an interrupt controller configured to assert interrupts to the one or more processors in the CPU complex, wherein the security circuit is configured to generate an interrupt message to the interrupt controller responsive to the secure processor writing data to the outbox.

11. An integrated circuit comprising, all integrated on a single semiconductor substrate:
- one or more first processors in a central processing unit (CPU) complex, wherein the one or more first processors execute an operating system and one or more applications during use, wherein the one or more first processors each comprise hardware configured to execute instructions included in the operating system and the one or more applications;
  
  a memory controller coupled to the one or more application processors, wherein the memory controller is configured to couple to a memory that stores the operating system and the one or more applications during use;
  
  a security circuit coupled to the memory controller, the security circuit including at least one second processor and one or more security peripherals, wherein the security circuit is configured to provide one or more secure services to the one or more first processors during use, wherein the at least one second processor comprises hardware configured to execute instructions to perform at least a portion of the one or more secure services, and wherein the at least one second processor is separate from the one or more first processors, and wherein the security circuit is isolated from access via secure mailbox mechanism, and wherein the one or more first processors are configured to write a message to the secure mailbox mechanism to request a first secure service, and wherein the second processor is configured to read the secure mailbox mechanism, determine whether or not the first secure service is permitted, and perform the operation responsive to determining that the secure service is permitted;
  
  one or more peripherals coupled to the CPU complex; and
  
  a boot read-only memory coupled to the CPU complex and configured to store boot code to boot the CPU complex and the one or more peripherals.
- View Dependent Claims (12, 13, 14)
- - 12. The integrated circuit as recited in claim 11 wherein the security circuit further comprises a second boot ROM accessible only to the second processor.
  - 13. The integrated circuit as recited in claim 11 wherein the security circuit comprises an inbox configured to receive write operations from external to the security circuit and an outbox configured to provide data for read operations from external to the security circuit.
  - 14. The integrated circuit as recited in claim 13 wherein the security circuit is not accessible by read/write operations other than the inbox and outbox.

15. A method comprising:
- a first processor in a central processing unit (CPU) complex writing a message to an inbox within a security circuit to request a secure service, wherein the first processor comprises hardware configured to execute instructions to write the message to the inbox;
  
  a second processor in the security circuit reading the message from the inbox, wherein the second processor comprises hardware configured to execute instructions to read the message from the inbox, wherein the second processor is separate from the first processor;
  
  the second processor determining if the secure service is permitted; and
  
  the second processor performing the secure service in response to determining that the secure service is permitted.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The method as recited in claim 15 further comprising:
    - the second processor writing a result of the secure service to an outbox within the security circuit; and
      
      the first processor reading the result of the secure service.
  - 17. The method as recited in claim 16 wherein the secure service comprises key generation.
  - 18. The method as recited in claim 16 wherein the secure service comprises authentication.
  - 19. The method as recited in claim 16 wherein the secure service comprises encryption.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Gulati, Manu, Smith, Michael J., Yu, Shu-Yi

Granted Patent

US 8,832,465 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/192
CPC Class Codes

G06F 21/575 Secure boot

G06F 21/72 in cryptographic circuits

Security Enclave Processor for a System on a Chip

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

35 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Security Enclave Processor for a System on a Chip

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links