Method and system for allowing code to be securely initialized in a computer
First Claim
Patent Images
1. An apparatus comprising:
- a processor reset portion to assert a reset signal to a processor;
a memory protector portion to prevent any bus master from accessing memory until the processor completes execution of a trusted core initialization process; and
a controller, coupled to the memory protector portion, to;
map a processor reset vector to an initialization vector;
receive a read request corresponding to the processor reset vector from the processor;
return, in response to the read request, the initialization vector to the processor; and
allow the processor to access the memory beginning with the initialization vector.
2 Assignments
0 Petitions
Accused Products
Abstract
A memory controller prevents CPUs and other I/O bus masters from accessing memory during a code (for example, trusted core) initialization process. The memory controller resets CPUs in the computer and allows a CPU to begin accessing memory at a particular location (identified to the CPU by the memory controller). Once an initialization process has been executed by that CPU, the code is operational and any other CPUs are allowed to access memory (after being reset), as are any other bus masters (subject to any controls imposed by the initiated code).
-
Citations
51 Claims
-
1. An apparatus comprising:
-
a processor reset portion to assert a reset signal to a processor; a memory protector portion to prevent any bus master from accessing memory until the processor completes execution of a trusted core initialization process; and a controller, coupled to the memory protector portion, to; map a processor reset vector to an initialization vector; receive a read request corresponding to the processor reset vector from the processor; return, in response to the read request, the initialization vector to the processor; and allow the processor to access the memory beginning with the initialization vector. - View Dependent Claims (2, 47, 48)
-
-
3. A memory controller comprising:
-
a first interface to allow communication with a processor; a second interface to allow communication with a system memory; and a controller, coupled to the first interface and the second interface, to reset a processor and to allow the processor to execute a code initialization process while preventing any other processors from accessing the system memory; wherein the controller is further to; map a processor reset vector to an initialization vector; receive a read request corresponding to the processor reset vector from the processor; return, in response to the read request, the initialization vector to the processor; and allow the processor to access the memory beginning with the initialization vector. - View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A method comprising;
-
allowing a computer to begin operation based on untrustworthy code; loading, under the control of the untrustworthy code, additional code into memory; initiating execution of the additional code in a secure manner despite the untrustworthy code in the computer; mapping a central processing unit reset vector to an initialization vector; receiving a read request corresponding to the central processing unit reset vector from one central processing unit; returning, in response to the read request, the initialization vector to the one central processing unit; and allowing the one central processing unit to access the memory beginning with the initialization vector. - View Dependent Claims (18, 19, 20, 21, 22)
-
-
23. A method comprising:
-
booting, based on untrustworthy code, a computer; loading a trusted core into memory; and initiating secure execution of the trusted core by; mapping a central processing unit reset vector to an initialization vector; resetting each of one or more central processing units in the computer; receiving, after the mapping and the resetting, a read request corresponding to the central processing unit reset vector from one of the one or more central processing units; returning, in response to the read request, the initialization vector to the one central processing unit; and allowing the one central processing unit to access the memory beginning with the initialization vector. - View Dependent Claims (24, 25, 26)
-
-
27. One or more computer-readable media having stored thereon a plurality of instructions that, when executed by one or more processors of a computer, causes the one or more processors to perform acts including:
-
allowing operation of the computer to begin based on untrusted code; loading, under control of the untrusted code, a trusted core into memory; preventing each of one or more central processing units and each of one or more bus masters in the computer from accessing the memory; resetting each of the one or more central processing units; allowing one central processing unit to access the memory and execute trusted core initialization code to initialize the trusted core; after execution of the trusted core has been initialized, allowing any other central processing units and any bus masters in the computer to access the memory; wherein the plurality of instructions further cause the one or more processors to perform acts including; mapping a central processing unit reset vector to an initialization vector; receiving a read request corresponding to the central processing unit reset vector from the one central processing unit; returning, in response to the read request, the initialization vector to the one central processing unit; and allowing the one central processing unit to access the memory beginning with the initialization vector. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 49, 50, 51)
-
Specification