Protected configuration space in a protected environment
First Claim
1. A system, comprising:
- at least one processor;
a memory; and
a logic circuit having a set of registers and coupled to the at least one processor by a first bus and coupled to the memory by a second bus, the logic circuit to map an address within a predetermined range of addresses to a particular register in the set of registers in response to a command with the address being issued by the at least one processor, and to reject the command without mapping in response to the command being issued by a non-processor device, and wherein;
the logic circuit includes a first mode to accept protected commands and a second mode to accept at least one non-protected command, wherein the logic circuit includes control logic to execute a first command to write to the particular register, a second command to read from the particular register, a third command to perform an action in the logic circuit excluding a write to the set of registers and excluding a read to the set of registers, and a fourth command to be conveyed to a protected device external to the logic circuit, the processor includes first microcode to issue a first protected command to switch the logic circuit from the first mode to the second mode, and the processor includes second microcode to issue a second protected command to switch the logic circuit from the second mode to the first mode.
1 Assignment
0 Petitions
Accused Products
Abstract
A protected configuration space is implemented as at least one range of memory addresses that are mapped to logic external to system memory. The memory addresses access logic that performs control and status operations pertaining to a protected operating environment. Some of the addresses may access protected configuration registers. Commands having destination addresses within the protected configuration space may not be completed if the commands are not issued by a processor, or if the commands are not part of a group of one or more designated protected commands. A separately addressable non-protected configuration space may also be implemented, accessible by processors, non-processors and/or non-protected commands.
-
Citations
7 Claims
-
1. A system, comprising:
-
at least one processor;
a memory; and
a logic circuit having a set of registers and coupled to the at least one processor by a first bus and coupled to the memory by a second bus, the logic circuit to map an address within a predetermined range of addresses to a particular register in the set of registers in response to a command with the address being issued by the at least one processor, and to reject the command without mapping in response to the command being issued by a non-processor device, and wherein;
the logic circuit includes a first mode to accept protected commands and a second mode to accept at least one non-protected command, wherein the logic circuit includes control logic to execute a first command to write to the particular register, a second command to read from the particular register, a third command to perform an action in the logic circuit excluding a write to the set of registers and excluding a read to the set of registers, and a fourth command to be conveyed to a protected device external to the logic circuit, the processor includes first microcode to issue a first protected command to switch the logic circuit from the first mode to the second mode, and the processor includes second microcode to issue a second protected command to switch the logic circuit from the second mode to the first mode. - View Dependent Claims (2, 3, 4)
the at least one processor includes an instruction to place on the bus the command with an indicator to indicate the command is a protected command.
-
-
3. The system of claim 2, wherein:
the indicator to indicate the command is authorized to access the predetermined range of memory addresses.
-
4. The system of claim 1, wherein:
the first microcode and the second microcode are executable only in response to execution of protected software instructions.
-
5. A machine-readable medium that provides instructions, which when executed by a computing device, cause said computing device to perform operations comprising:
-
issuing a first protected command to render a protected configuration space accessible to a non-protected write command;
writing first data with the non-protected write command to a protected register in a set of protected registers addressable through the protected configuration space;
issuing a second protected command to render the protected configuration space inaccessible to the non-protected write command; and
issuing a third protected command addressed to an address within the protected configuration space to perform an action excluding access to the set of protected registers. - View Dependent Claims (6)
writing second data to the protected register with a third protected command.
-
-
7. A machine-readable medium that provides instructions, which when executed by a computing device, cause said computing device to perform operations comprising:
-
issuing a first protected command to render a protected configuration space accessible to a non-protected write command;
writing first data with the non-protected write command to a protected register in a set of protected registers addressable through the protected configuration space;
issuing a second protected command to render the protected configuration space inaccessible to the non-protected write command; and
issuing a third protected command addressed to an address within the protected configuration space to access a token.
-
Specification