Managing a secure platform using a hierarchical executive architecture in isolated execution mode

US 6,957,332 B1
Filed: 03/31/2000
Issued: 10/18/2005
Est. Priority Date: 03/31/2000
Status: Expired due to Term

First Claim

Patent Images

1. An apparatus comprising:

a processor executive (PE) executable on a processor to load an operating system executive (OSE) in a secure environment, the secure environment having a fused key (FK) and associated with an isolated memory area in a platform having the processor, the OSE to manage a subset of an operating system (OS) running on the platform, the processor capable of selectively operating in a normal execution mode and, alternatively, in an isolated execution mode, the isolated memory area being accessible to the processor in the isolated execution mode;

a PE supplement comprising a PE manifest that represents the PE; and

a PE handler to verify the PE using the FK and the PE supplement.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A processor executive (PE) handles an operating system executive (OSE) in a secure environment. The secure environment has a fused key (FK) and is associated with an isolated memory area in the platform. The OSE manages a subset of an operating system (OS) running on the platform. The platform has a processor operating in one of a normal execution mode and an isolated execution mode. The isolated memory area is accessible to the processor in the isolated execution mode. A PE supplement supplements the PE with a PE manifest representing the PE and a PE identifier to identify the PE. A PE handler handles the PE using the FK and the PE supplement.

202 Citations

78 Claims

1. An apparatus comprising:
- a processor executive (PE) executable on a processor to load an operating system executive (OSE) in a secure environment, the secure environment having a fused key (FK) and associated with an isolated memory area in a platform having the processor, the OSE to manage a subset of an operating system (OS) running on the platform, the processor capable of selectively operating in a normal execution mode and, alternatively, in an isolated execution mode, the isolated memory area being accessible to the processor in the isolated execution mode;
  
  a PE supplement comprising a PE manifest that represents the PE; and
  
  a PE handler to verify the PE using the FK and the PE supplement.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The apparatus of claim 1 further comprising:
    - a boot-up code to load the PE handler into the isolated memory area during a process of booting up the platform.
  - 3. The apparatus of claim 1 wherein the secure environment includes an OSE supplement comprising an OSE manifest that represents the OSE.
  - 4. The apparatus of claim 1 wherein the PE handler comprises:
    - a PE loader to load the PE into the isolated memory area; and
      
      a verifier to verify the PE using the PE manifest.
  - 5. The apparatus of claim 1 wherein the PE handler comprises:
    - a PE key generator to generate a PE key using the FK;
      
      a PE identifier logger to log a PE identifier in a storage; and
      
      a PE entrance/exit handler to handle a PE entry and a PE exit.
  - 6. The apparatus of claim 5 wherein the PE key generator comprises:
    - a PE key combiner to combine the PE identifier and the FK, the combined PE identifier and FK corresponding to the PE key.
  - 7. The apparatus of claim 3 wherein the PE comprises:
    - an OSE loader to load the OSE and the OSE supplement into the isolated memory area;
      
      an OSE manifest verifier to verify the OSE manifest; and
      
      an OSE verifier to verify the OSE.
  - 8. The apparatus of claim 1 wherein the PE comprises:
    - an OSE key generator to generate an OSE key;
      
      an OSE identifier logger to log an OSE identifier in a storage; and
      
      an OSE entrance/exit handler to handle an OSE entry and an OSE exit.
  - 9. The apparatus of claim 8 wherein the OSE key generator comprises:
    - a binding key generator to generate a binding key (BK) using a PE key; and
      
      an OSE key combiner to combine the OSE identifier and the BK, the combined OSE identifier and BK corresponding to the OSE key.
  - 10. The apparatus of claim 1 wherein the OSE comprises:
    - a module loader to load a module into the isolated memory area;
      
      a page manager to manage paging in the isolated memory area; and
      
      an interface handler to handle interfacing with the OS.
  - 11. The apparatus of claim 10 wherein the module comprises one or more modules selected from the group consisting of an application module, an applet module, and a support module.
  - 12. The apparatus of claim 11 wherein the OSE further comprises:
    - an applet key generator to generate an applet key associated with the applet module.
  - 13. The apparatus of claim 12 wherein the applet key generator comprises:
    - an applet key combiner to combine an OSE key with an applet identifier identifying the applet module, the combined OSE key and applet identifier corresponding to the applet key.
  - 14. The apparatus of claim 4 wherein the boot-up code comprises:
    - a PE locator to locate the PE and the PE supplement, the PE locator transferring the PE and the PE supplement into the PE memory at a PE address;
      
      a PE recorder to record the PE address in a parameter block; and
      
      an instruction invoker to execute an isolated create instruction, the isolated create instruction loading the PE handler into the isolated memory area.
  - 15. The apparatus of claim 14 wherein the isolated create instruction performs an atomic sequence, the atomic sequence being non-interruptible.
  - 16. The apparatus of claim 15 wherein the atomic sequence includes operations comprising:
    - reading a thread count register in a chipset to determine if the processor is the first processor in the isolated execution mode;
      
      configuring the processor in the isolated execution mode; and
      
      loading the PE handler into the isolated memory area.
  - 17. The apparatus of claim 15 wherein the atomic sequence of operations comprises:
    - verifying a loaded PE handler; and
      
      transferring control to the loaded PE handler.
  - 18. The apparatus of claim 16 wherein the atomic sequence of operations further comprises:
    - reading a configuration storage in the chipset when the processor is not the first processor in the isolated execution mode; and
      
      configuring the processor according to the configuration storage in the chipset when the processor is not the first processor in the isolated execution mode.
  - 19. The apparatus of claim 18 wherein the chipset includes at least one hub selected from the group consisting of a memory controller hub (MCH) and an input/output controller hub (ICH).
  - 20. The apparatus of claim 8 wherein the storage is in an input/output controller hub (ICH) external to the processor.

21. A method comprising:
- loading an operating system executive (OSE) into an isolated memory area of a platform, the platform having a fused key (FK) and a processor capable of selectively operating in a normal execution mode and, alternatively, in an isolated execution mode, the OSE to manage a subset of an operating system (OS) running on the platform, the isolated memory area being accessible to the processor in the isolated execution mode, the loading of the OSE initiated by a processor executive (PE) executing on the processor; and
  
  verifying the PE using the FK and a PE supplement having a PE manifest that represents the PE, the verification to be performed by a PE handler.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
- - 22. The method of claim 21 further comprising:
    - loading the PE handler into the isolated memory area during a process of booting up the platform.
  - 23. The method of claim 21 wherein the PE handler performs operations comprising:
    - loading the PE into the isolated memory area; and
      
      verifying the PE using the PE manifest.
  - 24. The method of claim 23 wherein the PE handler performs operations comprising:
    - generating a PE key using the FK;
      
      logging a PE identifier in a storage; and
      
      handling a PE entry and a PE exit.
  - 25. The method of claim 24 wherein generating the PE key comprises:
    - combining the PE identifier and the FK, the combined PE identifier and FK corresponding to the PE key.
  - 26. The method of claim 21, further comprising:
    - verifying the OSE after loading the OSE into the isolated memory area.
  - 27. The method of claim 21 wherein the operations performed by the PE comprise:
    - generating an OSE key;
      
      logging an OSE identifier in a storage; and
      
      handling an OSE entry and an OSE exit.
  - 28. The method of claim 27 wherein generating the OSE key comprises:
    - generating a binding key (BK) using the PE key; and
      
      combining the OSE identifier and the BK, the combined OSE identifier and BK corresponding to the OSE key.
  - 29. The method of claim 21 wherein the OSE manages the subset of the OS by performing operations comprising:
    - loading a module into the isolated memory area;
      
      managing paging in the isolated memory area; and
      
      interfacing with the OS.
  - 30. The method of claim 29 wherein the module comprises one or more modules selected from the group consisting of an application module, an applet module, and a support module.
  - 31. The method of claim 30 wherein the OSE performs further operations comprising:
    - generating an applet key associated with the applet module.
  - 32. The method of claim 31 wherein:
    - the OSE combines an OSE key with an applet identifier identifying the applet module, the combined OSE key and applet identifier corresponding to the applet key.
  - 33. The method of claim 21, further comprising:
    - locating the PE and the PE supplement;
      
      transferring the PE and the PE supplement into the PE memory at a PE address during a process of booting the platform;
      
      recording the PE address in a parameter block; and
      
      executing an isolated create instruction during the process of booting the platform, the isolated create instruction loading the PE handler into the isolated memory area.
  - 34. The method of claim 33 wherein executing the isolated create instruction comprises performing an atomic sequence, the atomic sequence being non-interruptible.
  - 35. The method of claim 34 wherein performing the atomic sequence comprises:
    - reading a thread count register in a chipset to determine if the processor is the first processor in the isolated execution mode;
      
      configuring the processor in the isolated execution mode; and
      
      loading the PE handler into the isolated memory area.
  - 36. The method of claim 34 wherein performing the atomic sequence comprises:
    - verifying a loaded PE handler; and
      
      transferring control to the loaded PE handler.
  - 37. The method of claim 35 wherein configuring the processor in the isolated execution mode comprises:
    - reading a configuration storage in the chipset when the processor is not the first processor in the isolated execution mode; and
      
      configuring the processor according to the configuration storage in the chipset when the processor is not the first processor in the isolated execution mode.
  - 38. The method of claim 37 wherein the chipset includes at least one hub selected from the group consisting of a memory controller hub (MCH) and an input/output controller hub (ICH).
  - 39. The method of claim 27 wherein the storage is in an input/output controller hub (ICH) external to the processor.

40. A system comprising:
- a processor capable of selectively operating in a normal execution mode and, alternatively, in an isolated execution mode;
  
  a memory coupled to the processor having an isolated memory area accessible to the processor in the isolated execution mode;
  
  a processor executive (PE) executable on the processor to load an operating system executive (OSE) in a secure environment, the secure environment having a fused key (FK) and associated with the isolated memory area, the OSE to manage a subset of an operating system (OS);
  
  a PE supplement residing in storage within the system, the PE supplement comprising a PE manifest that represents the PE; and
  
  a PE handler to verify the PE using the FK and the PE supplement.
- View Dependent Claims (41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59)
- - 41. The system of claim 40 further comprising:
    - a boot-up code to load the PE handler into the isolated memory area during a process of booting up the platform.
  - 42. The system of claim 40 wherein the secure environment includes an OSE supplement comprising an OSE manifest that represents the OSE.
  - 43. The system of claim 40 wherein the PE handler comprises:
    - a PE loader to load the PE into the isolated memory area; and
      
      a verifier to verify the PE using the PE manifest.
  - 44. The system of claim 40 wherein the PE handler comprises:
    - a PE key generator to generate a PE key using the FK;
      
      a PE identifier logger to log a PE identifier in a storage; and
      
      a PE entrance/exit handler to handle a PE entry and a PE exit.
  - 45. The system of claim 44 wherein the PE key generator comprises:
    - a PE key combiner to combine the PE identifier and the FK, the combined PE identifier and FK corresponding to the PE key.
  - 46. The system of claim 42 wherein the PE comprises:
    - an OSE loader to load the OSE and the OSE supplement into the isolated memory area;
      
      an OSE manifest verifier to verify the OSE manifest; and
      
      an OSE verifier to verify the OSE.
  - 47. The system of claim 40 wherein the PE comprises:
    - an OSE key generator to generate an OSE key;
      
      an OSE identifier logger to log an OSE identifier in a storage; and
      
      an OSE entrance/exit handler to handle an OSE entry and an OSE exit.
  - 48. The system of claim 47 wherein the OSE key generator comprises:
    - a binding key generator to generate a binding key (BK) using a PE key; and
      
      an OSE key combiner to combine the OSE identifier and the BK, the combined OSE identifier and BK corresponding to the OSE key.
  - 49. The system of claim 40 wherein the OSE comprises:
    - a module loader to load a module into the isolated memory area;
      
      a page manager to manage paging in the isolated memory area; and
      
      an interface handler to handle interfacing with the OS.
  - 50. The system of claim 49 wherein the module comprises one or more modules selected from the group consisting of an application module, an applet module, and a support module.
  - 51. The system of claim 50 wherein the OSE further comprises:
    - an applet key generator to generate an applet key associated with the applet module.
  - 52. The system of claim 51 wherein the applet key generator comprises:
    - an applet key combiner to combine an OSE key with an applet identifier identifying the applet module, the combined OSE key and applet identifier corresponding to the applet key.
  - 53. The system of claim 43 wherein the boot-up code comprises:
    - a PE locator to locate the PE and the PE supplement, the PE locator transferring the PE and the PE supplement into the PE memory at a PE address;
      
      a PE recorder to record the PE address in a parameter block; and
      
      an instruction invoker to execute an isolated create instruction, the isolated create instruction loading the PE handler into the isolated memory area.
  - 54. The system of claim 53 wherein the isolated create instruction performs an atomic sequence, the atomic sequence being non-interruptible.
  - 55. The system of claim 54 wherein the atomic sequence includes operations comprising:
    - reading a thread count register in a chipset to determine if the processor is the first processor in the isolated execution mode;
      
      configuring the processor in the isolated execution mode; and
      
      loading the PE handler into the isolated memory area.
  - 56. The system of claim 54 wherein the atomic sequence of operations comprises:
    - verifying a loaded PE handler; and
      
      transferring control to the loaded PE handler.
  - 57. The system of claim 55 wherein the atomic sequence of operations further comprises:
    - reading a configuration storage in the chipset when the processor is not the first processor in the isolated execution mode; and
      
      configuring the processor according to the configuration storage in the chipset when the processor is not the first processor in the isolated execution mode.
  - 58. The system of claim 57 wherein the chipset includes at least one hub selected from the group consisting of a memory controller hub (MCH) and an input/output controller hub (ICH).
  - 59. The system of claim 47 wherein the storage is in an input/output controller hub (ICH) external to the processor.

60. An apparatus comprising:
- a machine accessible medium; and
  
  instructions encoded in the machine accessible medium, wherein the instructions, when executed in a platform, cause the platform to perform operations comprising;
  
  loading an operating system executive (OSE) into an isolated memory area of a platform, the platform having a fused key (FK) and a processor capable of selectively operating in a normal execution mode and, alternatively, in an isolated execution mode, the OSE to manage a subset of an operating system (OS) running on the platform, the isolated memory area being accessible to the processor in the isolated execution mode, the loading of the OSE initiated by a processor executive (PE) executing on the processor; and
  
  verifying the PE using the FK and a PE supplement having a PE manifest that represents the PE, the verification to be performed by a PE handler.
- View Dependent Claims (61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78)
- - 61. An apparatus according to claim 60, wherein the instructions implement boot-up code that performs operations comprising:
    - loading the PE handler into the isolated memory area during a process of booting up the platform.
  - 62. An apparatus according to claim 60, wherein the instructions implement a PE handler that performs operations comprising:
    - loading the PE into the isolated memory area; and
      
      verifying the PE using the PE manifest.
  - 63. An apparatus according to claim 60, wherein the instructions implement a PE handler that performs operations comprising:
    - generating a PE key using the FK;
      
      logging a PE identifier in a storage; and
      
      handling a PE entry and a PE exit.
  - 64. An apparatus according to claim 63, wherein the PE handler generates the PE key based at least in part on a combination of the PE identifier and the FK.
  - 65. An apparatus according to claim 60, wherein the instructions cause the platform to verify the OSE after loading the OSE into the isolated memory area.
  - 66. An apparatus according to claim 60, wherein the instructions implement the PE, and the operations performed by the PE comprise:
    - generating an OSE key;
      
      logging an OSE identifier in a storage; and
      
      handling an OSE entry and an OSE exit.
  - 67. An apparatus according to claim 66, wherein the PE stores the OSE identifier in an input/output controller hub (ICH) external to the processor.
  - 68. An apparatus according to claim 60, wherein the instructions cause the platform to perform operations comprising:
    - generating a binding key (BK) using a PE key; and
      
      generating an OSE key based at least in part on a combination of an OSE identifier and the BK.
  - 69. An apparatus according to claim 60, wherein the instructions implement the OSE, and the OSE manages the subset of the OS by performing operations comprising:
    - loading a module into the isolated memory area;
      
      managing paging in the isolated memory area; and
      
      interfacing with the OS.
  - 70. An apparatus according to claim 69, wherein the module loaded by the OSE comprises one or more modules selected from the group consisting of an application module, an applet module, and a support module.
  - 71. An apparatus according to claim 70 wherein the OSE performs further operations comprising:
    - generating an applet key associated with the applet module.
  - 72. An apparatus according to claim 71, wherein the OSE generates the applet key based at least in part on a combination of an OSE key with an applet identifier identifying the applet module.
  - 73. An apparatus according to claim 60, wherein the instructions cause the platform to perform operations comprising:
    - locating the PE and the PE supplement;
      
      transferring the PE and the PE supplement into PE memory at a PE address during a process of booting the platform;
      
      recording the PE address in a parameter block; and
      
      executing an isolated create instruction during the process of booting the platform, the isolated create instruction loading the PE handler into the isolated memory area.
  - 74. An apparatus according to claim 73, wherein executing the isolated create instruction comprises performing an atomic sequence, the atomic sequence being non-interruptible.
  - 75. An apparatus according to claim 74, wherein performing the atomic sequence comprises:
    - reading a thread count register in a chipset to determine if the processor is the first processor in the isolated execution mode;
      
      configuring the processor in the isolated execution mode; and
      
      loading the PE handler into the isolated memory area.
  - 76. An apparatus according to claim 74, wherein performing the atomic sequence comprises:
    - verifying a loaded PE handler; and
      
      transferring control to the loaded PE handler.
  - 77. An apparatus according to claim 75, wherein configuring the processor in the isolated execution mode comprises:
    - reading a configuration storage in the chipset when the processor is not the first processor in the isolated execution mode; and
      
      configuring the processor according to the configuration storage in the chipset when the processor is not the first processor in the isolated execution mode.
  - 78. An apparatus according to claim 75, wherein the chipset includes at least one hub selected from the group consisting of a memory controller hub (MCH) and an input/output controller hub (ICH).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Thakkar, Shreekant S., Neiger, Gilbert, Ellison, Carl M., Reneris, Ken, Lin, Derrick C., McKeen, Francis X., Sutton, James A., Herbert, Howard C., Golliver, Roger A., Mittal, Milland
Primary Examiner(s)
Barrón, Jr., Gilberto
Assistant Examiner(s)
Gurshman, Grigory

Application Number

US09/539,344
Time in Patent Office

2,027 Days
Field of Search

713/164, 713/166, 713/167, 713/200
US Class Current

713/164
CPC Class Codes

G06F 12/1491   in a hierarchical protectio...

G06F 21/57   Certifying or maintaining t...

G06F 21/74   operating in dual or compar...

Managing a secure platform using a hierarchical executive architecture in isolated execution mode

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

202 Citations

78 Claims

Specification

Use Cases

Quick Links

Others

Managing a secure platform using a hierarchical executive architecture in isolated execution mode

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

202 Citations

78 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others