Managing a secure platform using a hierarchical executive architecture in isolated execution mode

US 6,941,458 B1
Filed: 09/22/2000
Issued: 09/06/2005
Est. Priority Date: 03/31/2000
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

in a platform with a processor and a memory, configuring the processor to run in an isolated execution mode within a ring 0 operating mode, wherein the processor also supports one or more higher ring operating modes, as well as a non-isolated execution mode within at least the ring 0 operating mode;

configuring the platform to establish an isolated memory area in the memory and a non-isolated memory area in the memory, wherein the platform does not allow access to the isolated memory area if the processor is not in the isolated execution mode;

executing a processor executive on the processor, with the processor running in the isolated execution mode;

loading an operating system (OS) executive into the isolated memory area, the OS executive to manage at least a subset of an OS to run on the platform;

verifying the OS executive, using the processor executive; and

after verifying the OS executive, launching the OS executive, the launching of the OS executive performed by the processor executive.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A processor executive (PE) handles an operating system executive (OSE) in a secure environment. The secure environment has a platform key (PK) and is associated with an isolated memory area in the platform. The OSE manages a subset of an operating system (OS) running on the platform. The platform has a processor operating in one of a normal execution mode and an isolated execution mode. The isolated memory area is accessible to the processor in the isolated execution mode. A PE supplement supplements the PE with a PE manifest representing the PE and a PE identifier to identify the PE. A PE handler handles the PE using the PK and the PE supplement.

Citations

44 Claims

1. A method comprising:
- in a platform with a processor and a memory, configuring the processor to run in an isolated execution mode within a ring 0 operating mode, wherein the processor also supports one or more higher ring operating modes, as well as a non-isolated execution mode within at least the ring 0 operating mode;
  
  configuring the platform to establish an isolated memory area in the memory and a non-isolated memory area in the memory, wherein the platform does not allow access to the isolated memory area if the processor is not in the isolated execution mode;
  
  executing a processor executive on the processor, with the processor running in the isolated execution mode;
  
  loading an operating system (OS) executive into the isolated memory area, the OS executive to manage at least a subset of an OS to run on the platform;
  
  verifying the OS executive, using the processor executive; and
  
  after verifying the OS executive, launching the OS executive, the launching of the OS executive performed by the processor executive.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, wherein the operation of verifying the OS executive comprises:
    - verifying the OS executive during a process of booting the platform.
  - 3. The method of claim 2, further comprising:
    - logging a processor executive identifier during the process of booting the platform; and
      
      logging an OS executive identifier during the process of booting the platform.
  - 4. The method of claim 1, further comprising:
    - loading the processor executive into the isolated memory area; and
      
      verifying the processor executive, based at least in part on a processor executive manifest.
  - 5. The method of claim 1, wherein the operation of launching the OS executive comprises:
    - launching the OS executive to run in the isolated execution mode.
  - 6. The method of claim 1, further comprising:
    - switching from the isolated execution mode to the non-isolated execution mode;
      
      loading an OS kernel into non-isolated memory; and
      
      executing the OS kernel in the non-isolated mode of the processor.
  - 7. The method of claim 1, wherein:
    - the platform comprises a platform key (PK); and
      
      verification of the OS executive is based at least in part on the PK.
  - 8. The method of claim 7, wherein the PK comprises a symmetric encryption/decryption key that is substantially uniquely assigned to the platform.
  - 9. The method of claim 7, further comprising:
    - generating a processor executive key (PEK), based at least in part on a processor executive identifier and the PK.
  - 10. The method of claim 9, further comprising:
    - generating a binding key (BK), based at least in part on the PEK.
  - 11. The method of claim 10, further comprising:
    - generating an OS executive key (OSEK), based at least in part on an OS executive identifier and the BK.
  - 12. The method of claim 1, wherein the OS executive manages at least the subset of the OS by performing operations comprising:
    - loading a module into the isolated memory area;
      
      managing paging in the isolated memory area; and
      
      interfacing with an OS kernel.
  - 13. The method of claim 1, wherein the OS executive performs operations comprising:
    - loading a module into the isolated memory area, the module selected from a group consisting of an application module, an applet module, and a support module.
  - 14. The method of claim 13, wherein the OS executive performs further operations comprising:
    - generating an applet key associated with the applet module.
  - 15. The method of claim 14, wherein the OS executive generates the applet key based at least in part on an OS executive key and an applet identifier identifying the applet module.
  - 16. The method of claim 1, further comprising:
    - executing an isolated create instruction during a process of booting the platform, wherein execution of the isolated create instruction launches an atomic sequence of operations, the atomic sequence being non-interruptible, the atomic sequence of operations comprising;
      
      reading a thread count register in a chipset to determine if the processor is the first processor in the isolated execution mode;
      
      configuring the processor in the isolated execution mode;
      
      loading a processor executive handler into the isolated memory area, verifying the loaded processor executive handler; and
      
      transferring control to the loaded processor executive handler.
  - 17. The method of claim 16, wherein the chipset includes at least one hub selected from a group consisting of a memory controller hub (MCH) and an input/output controller hub (ICH).

18. An apparatus comprising:
- a machine accessible medium; and
  
  instructions encoded in the machine accessible medium, wherein the instructions, when executed in a platform featuring a processor and a memory, cause the platform to perform operations comprising;
  
  configuring the processor to run in an isolated execution mode within a ring 0 operating mode, wherein the processor also supports one or more higher ring operating modes, as well as a non-isolated execution mode within at least the ring 0 operating mode;
  
  establishing an isolated memory area in the memory and a non-isolated memory area in the memory, wherein the platform does not allow access to the isolated memory area if the processor is not in the isolated execution mode;
  
  executing a processor executive on the processor, with the processor running in the isolated execution mode;
  
  loading an operating system (OS) executive into the isolated memory area, the OS executive to manage at least a subset of an OS to run on the platform;
  
  verifying the OS executive, using the processor executive; and
  
  after verifying the OS executive, launching the OS executive, the launching of the OS executive performed by the processor executive.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 19. The apparatus of claim 18, wherein the operation of verifying the OS executive comprises:
    - verifying the OS executive during a process of booting the platform.
  - 20. The apparatus of claim 19, wherein the instructions cause the platform to perform further operations comprising:
    - logging a processor executive identifier during the process of booting the platform; and
      
      logging an OS executive identifier during the process of booting the platform.
  - 21. The apparatus of claim 18, wherein the instructions cause the platform to perform further operations comprising:
    - loading the processor executive into the isolated memory area; and
      
      verifying the processor executive, based at least in part on a processor executive manifest.
  - 22. The apparatus of claim 18, wherein the operation of launching the OS executive comprises:
    - launching the OS executive to run in the isolated execution mode.
  - 23. The apparatus of claim 18, wherein the instructions cause the platform to perform further operations comprising:
    - switching the processor from the isolated execution mode to the non-isolated execution mode;
      
      loading an OS kernel into non-isolated memory; and
      
      executing the OS kernel in the non-isolated mode of the processor.
  - 24. The apparatus of claim 18, wherein:
    - the platform comprises a platform key (PK); and
      
      the platform verifies the OS executive, based at least in part on the PK.
  - 25. The apparatus of claim 24, wherein the instructions cause the platform to perform further operations comprising:
    - generating a processor executive key (PEK), based at least in part on a processor executive identifier and the PK.
  - 26. The apparatus of claim 25, wherein the instructions cause the platform to perform further operations comprising:
    - generating a binding key (BK), based at least in part on the PEK; and
      
      generating an OS executive key (OSEK), based at least in part on an OS executive identifier and the BK.
  - 27. The apparatus of claim 18, wherein:
    - the instructions comprise the OS executive; and
      
      the OS executive manages at least the subset of the OS by performing operations comprising;
      
      loading a module into the isolated memory area;
      
      managing paging in the isolated memory area; and
      
      interfacing with an OS kernel.
  - 28. The apparatus of claim 18, wherein:
    - the instructions comprise the OS executive; and
      
      the OS executive loads a module into the isolated memory area, the module selected from a group consisting of an application module, an applet module, and a support module.
  - 29. The apparatus of claim 28, wherein the OS executive generates an applet key associated with the applet module, the applet key based at least in part on an OS executive key and an applet identifier identifying the applet module.
  - 30. The apparatus of claim 18, wherein the instructions cause the platform to perform further operations comprising:
    - executing an isolated create instruction during a process of booting the platform, wherein execution of the isolated create instruction launches an atomic sequence of operations, the atomic sequence being non-interruptible, the atomic sequence of operations comprising;
      
      reading a thread count register in a chipset to determine if the processor is the first processor in the isolated execution mode;
      
      configuring the processor in the isolated execution mode;
      
      loading a processor executive handler into the isolated memory area;
      
      verifying the loaded processor executive handler; and
      
      transferring control to the loaded processor executive handler.

31. A system comprising:
- a platform featuring memory and a processor, wherein the processor is capable of running in an isolated execution mode within a ring 0 operating mode, wherein the processor supports one or more higher ring operating modes, and wherein the processor supports a non-isolated execution mode within at least the ring 0 operating mode;
  
  multiple machine accessible media in the platform, the multiple machine accessible media comprising at least non-volatile memory and storage within the processor; and
  
  instructions encoded in at least one of the machine accessible media, wherein the instructions, when executed in the platform, cause the platform to perform operations comprising;
  
  configuring the processor to run in the isolated execution mode;
  
  establishing an isolated memory area in the memory and a non-isolated memory area in the memory, wherein the platform does not allow access to the isolated memory area if the processor is not in the isolated execution mode;
  
  executing a processor executive on the processor, with the processor running in the isolated execution mode;
  
  loading an operating system (OS) executive into the isolated memory area, the OS executive to manage at least a subset of an OS to run on the platform;
  
  verifying the OS executive, using the processor executive; and
  
  after verifying the OS executive, launching the OS executive, the launching of the OS executive performed by the processor executive.
- View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
- - 32. The system of claim 31, wherein the operation of verifying the OS executive comprises:
    - verifying the OS executive during a process of booting the platform.
  - 33. The system of claim 32, wherein the instructions cause the platform to perform further operations comprising:
    - logging a processor executive identifier during the process of booting the platform; and
      
      logging an OS executive identifier during the process of booting the platform.
  - 34. The system of claim 31, wherein the instructions cause the platform to perform further operations comprising:
    - loading the processor executive into the isolated memory area; and
      
      verifying the processor executive, based at least in part on a processor executive manifest.
  - 35. The system of claim 31, wherein the operation of launching the OS executive comprises:
    - launching the OS executive to run in the isolated execution mode.
  - 36. The system of claim 31, wherein the instructions cause the platform to perform further operations comprising:
    - switching the processor from the isolated execution mode to the non-isolated execution mode;
      
      loading an OS kernel into non-isolated memory; and
      
      executing the OS kernel in the non-isolated mode of the processor.
  - 37. The system of claim 31, wherein:
    - the system further comprises a platform key (PK); and
      
      the platform verifies the OS executive, based at least in part on the PK.
  - 38. The system of claim 31, wherein he platform further comprises:
    - a chipset communicatively coupled to the processor;
      
      an input/output controller hub in the chipset; and
      
      a platform key (PK) stored in the input/output controller hub; and
      
      wherein the platform verifies the OS executive, based at least in part on the PK.
  - 39. The system of claim 38, wherein the instructions cause the platform to perform further operations comprising:
    - generating a processor executive key (PEK), based at least in part on a processor executive identifier and the PK.
  - 40. The system of claim 39, wherein the instructions cause the platform to perform further operations comprising:
    - generating a binding key (BK), based at least in part on the PEK; and
      
      generating an OS executive key (OSEK), based at least in part on an OS executive identifier and the BK.
  - 41. The system of claim 31, wherein:
    - the instructions comprise the OS executive; and
      
      the OS executive manages at least the subset of the OS by performing operations comprising;
      
      loading a module into the isolated memory area;
      
      managing paging in the isolated memory area; and
      
      interfacing with an OS kernel.
  - 42. The system of claim 31, wherein:
    - the instructions comprise the OS executive; and
      
      the OS executive loads a module into the isolated memory area, the module selected from a group consisting of an application module, an applet module, and a support module.
  - 43. The system of claim 42, wherein the OS executive generates an applet key associated with the applet module, the applet key based at least in part on an OS executive key and an applet identifier identifying the applet module.
  - 44. The system of claim 31, wherein the instructions cause the platform to perform further operations comprising:
    - executing an isolated create instruction during a process of booting the platform, wherein execution of the isolated create instruction launches an atomic sequence of operations, the atomic sequence being non-interruptible, the atomic sequence of operations comprising;
      
      reading a thread count register in a chipset to determine if the processor is the first processor in the isolated execution mode;
      
      configuring the processor in the isolated execution mode;
      
      loading a processor executive handler into the isolated memory area;
      
      verifying the loaded processor executive handler; and
      
      transferring control to the loaded processor executive handler.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Mittal, Milland, Thakkar, Shreekant S., Neiger, Gilbert, Ellison, Carl M., Reneris, Ken, Lin, Derrick C., McKeen, Francis X., Sutton, James A., Herbert, Howard C., Golliver, Roger A.
Primary Examiner(s)
Barrón, Jr., Gilberto
Assistant Examiner(s)
Gurshman, Grigory

Application Number

US09/668,585
Time in Patent Office

1,810 Days
Field of Search

713/164, 713/166, 713/167
US Class Current

713/164
CPC Class Codes

G06F 12/1491   in a hierarchical protectio...

G06F 21/57   Certifying or maintaining t...

G06F 21/74   operating in dual or compar...

Managing a secure platform using a hierarchical executive architecture in isolated execution mode

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

44 Claims

Specification

Solutions

Use Cases

Quick Links

Managing a secure platform using a hierarchical executive architecture in isolated execution mode

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

44 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links