Managing a secure platform using a hierarchical executive architecture in isolated execution mode
First Claim
Patent Images
1. An apparatus comprising:
- a processor executive (PE) executable on a processor to load an operating system executive (OSE) in a secure environment, the secure environment having a fused key (FK) and associated with an isolated memory area in a platform having the processor, the OSE to manage a subset of an operating system (OS) running on the platform, the processor capable of selectively operating in a normal execution mode and, alternatively, in an isolated execution mode, the isolated memory area being accessible to the processor in the isolated execution mode;
a PE supplement comprising a PE manifest that represents the PE; and
a PE handler to verify the PE using the FK and the PE supplement.
1 Assignment
0 Petitions
Accused Products
Abstract
A processor executive (PE) handles an operating system executive (OSE) in a secure environment. The secure environment has a fused key (FK) and is associated with an isolated memory area in the platform. The OSE manages a subset of an operating system (OS) running on the platform. The platform has a processor operating in one of a normal execution mode and an isolated execution mode. The isolated memory area is accessible to the processor in the isolated execution mode. A PE supplement supplements the PE with a PE manifest representing the PE and a PE identifier to identify the PE. A PE handler handles the PE using the FK and the PE supplement.
202 Citations
78 Claims
-
1. An apparatus comprising:
-
a processor executive (PE) executable on a processor to load an operating system executive (OSE) in a secure environment, the secure environment having a fused key (FK) and associated with an isolated memory area in a platform having the processor, the OSE to manage a subset of an operating system (OS) running on the platform, the processor capable of selectively operating in a normal execution mode and, alternatively, in an isolated execution mode, the isolated memory area being accessible to the processor in the isolated execution mode;
a PE supplement comprising a PE manifest that represents the PE; and
a PE handler to verify the PE using the FK and the PE supplement. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method comprising:
-
loading an operating system executive (OSE) into an isolated memory area of a platform, the platform having a fused key (FK) and a processor capable of selectively operating in a normal execution mode and, alternatively, in an isolated execution mode, the OSE to manage a subset of an operating system (OS) running on the platform, the isolated memory area being accessible to the processor in the isolated execution mode, the loading of the OSE initiated by a processor executive (PE) executing on the processor; and
verifying the PE using the FK and a PE supplement having a PE manifest that represents the PE, the verification to be performed by a PE handler. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
-
-
40. A system comprising:
-
a processor capable of selectively operating in a normal execution mode and, alternatively, in an isolated execution mode;
a memory coupled to the processor having an isolated memory area accessible to the processor in the isolated execution mode;
a processor executive (PE) executable on the processor to load an operating system executive (OSE) in a secure environment, the secure environment having a fused key (FK) and associated with the isolated memory area, the OSE to manage a subset of an operating system (OS);
a PE supplement residing in storage within the system, the PE supplement comprising a PE manifest that represents the PE; and
a PE handler to verify the PE using the FK and the PE supplement. - View Dependent Claims (41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59)
-
-
60. An apparatus comprising:
-
a machine accessible medium; and
instructions encoded in the machine accessible medium, wherein the instructions, when executed in a platform, cause the platform to perform operations comprising;
loading an operating system executive (OSE) into an isolated memory area of a platform, the platform having a fused key (FK) and a processor capable of selectively operating in a normal execution mode and, alternatively, in an isolated execution mode, the OSE to manage a subset of an operating system (OS) running on the platform, the isolated memory area being accessible to the processor in the isolated execution mode, the loading of the OSE initiated by a processor executive (PE) executing on the processor; and
verifying the PE using the FK and a PE supplement having a PE manifest that represents the PE, the verification to be performed by a PE handler. - View Dependent Claims (61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78)
-
Specification