Secure execution of program code
First Claim
Patent Images
1. A method of executing program code in a secure manner in a data processor, comprising:
- fetching an instruction for execution from a memory;
determining that the instruction has access privileges for accessing a specified location within the memory; and
accessing the specified location only when the instruction has privileges for accessing the specified location.
1 Assignment
0 Petitions
Accused Products
Abstract
Curtained operation provides trusted execution of code and secrecy of data in a secure memory. Curtained code can only be executed from within certain address ranges of a curtained memory region secure against access by code from without the region. Code entry points are restricted, and atomic execution is assured. The memory is organized into multiple hierarchically curtained rings, and peer subrings are denied access to each other as well as to more secure rings.
135 Citations
60 Claims
-
1. A method of executing program code in a secure manner in a data processor, comprising:
-
fetching an instruction for execution from a memory; determining that the instruction has access privileges for accessing a specified location within the memory; and accessing the specified location only when the instruction has privileges for accessing the specified location. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of executing program code in a secure manner in a data processor, comprising:
-
fetching an instruction for execution; determining that the instruction that the instruction has access privileges for accessing a specified location within a memory; and accessing the specified location only when the instruction has privileges for accessing the specified location, where the determining is performed in part by converting the specified location into a physical address via a memory control unit. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A method of executing program code in a secure manner in a data processor, comprising:
-
fetching an instruction for execution; determining that the instruction accesses a specified location within a secure region of the memory; accessing the specified location only when the instruction is accompanied by corresponding current privilege level data, where the determining is carried at least in part via conversion of the specified location to a physical address in the memory; and
further comprising;comparing the specified location with a set of predetermined entry locations; executing the instruction at the second location only if it is contained in the set of locations; comparing the current privilege level with a predetermined required privilege level associated with the second location; executing the instruction at the second location only if the current privilege level is at least as high as the required privilege level.
-
-
13. A method of executing program code in a secure manner in a data processor, comprising:
-
fetching a sequence of instructions in the code, the sequence of instructions including a privilege level associated with the sequence; determining virtual addresses that the code accesses; converting, by a control logic unit, the specific addresses to corresponding physical addresses; accessing the secure memory region only when privilege level associated with the sequence equals or exceeds a privilege level associated with the physical addresses; and executing at least a part of the sequence atomically. - View Dependent Claims (14, 15, 16)
-
-
17. A method of executing program code in a secure manner in a data processor, comprising:
-
fetching a sequence of instructions in the code, the sequence of instructions including a privilege level associated with the sequence; determining virtual addresses that the code accesses; converting, by a control logic unit, the specific addresses to corresponding physical addresses; determining that the physical addresses correspond to a secure region of a memory; accessing the secure memory region only when privilege level associated with the sequence equals or exceeds a privilege level associated with the physical addresses; and destroying at least some data upon occurrence of a specified event. - View Dependent Claims (18, 19, 20, 21, 22)
-
-
23. A method of executing program code in a secure manner in a data processor, comprising:
-
fetching a sequence of instructions in the code, the sequence of instructions including a privilege level associated with the sequence; determining virtual addresses that the code accesses; converting, by a control logic unit, the specific addresses to corresponding physical addresses; determining that the physical addresses correspond to a secure region of a memory; accessing the secure memory region only when privilege level associated with the sequence equals or exceeds a privilege level associated with the physical addresses; and restricting access to the secure memory region by devices external to a processor executing the code. - View Dependent Claims (24, 25, 26)
-
-
27. A method of executing program code in a secure manner in a data processor, comprising:
-
fetching a sequence of instructions in the code; determining specific addresses that the code accesses; converting, by a control logic unit, the specific addresses to corresponding physical addresses; determining privilege levels required in order to access the respective physical addresses; comparing the determined privilege levels to privilege levels associated with the sequence of instructions; and accessing the secure memory region only when the determined privilege levels meet or exceed a threshold privilege level determined from the associated privilege levels.
-
-
28. A method of executing program code in a secure manner in a data processor, comprising:
-
fetching code comprising a sequence of instructions, the sequence of instructions including a privilege level associated with the sequence; determining virtual addresses that the code accesses; converting, by a control logic unit, the specific addresses to corresponding physical addresses; determining that the physical addresses correspond to one of multiple secure rings within the memory; accessing the first ring only if the sequence includes a privilege level corresponding to the first ring to a ring higher in an hierarchy of the multiple secure rings of the memory. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36)
-
-
37. A data processor for executing secure code residing in a memory, comprising:
-
an instruction decoder for determining that a current instruction has an associated privilege level appropriate to a secure portion of a memory; an instruction pointer for holding an address of a current instruction in the memory; and control logic coupled to the instruction decoder for executing the current instruction only when the associated privilege level corresponds to one or more predetermined regions of the memory. - View Dependent Claims (38)
-
-
39. A data processor for executing secure code residing in a memory, comprising:
-
an instruction decoder for determining that a current instruction has an associated privilege level appropriate to a secure portion of a memory; an instruction pointer for holding an address of a current instruction in the memory; and control logic coupled to the instruction decoder for executing the current instruction only when the associated privilege level is appropriate to the secure portion of a memory, where at least a portion of one of the predetermined memory regions is implemented in a technology different from that of the remainder of the same portion.
-
-
40. A data processor for executing secure code residing in a memory, comprising:
-
an instruction decoder for determining that a current instruction has an associated privilege level appropriate to a secure portion of a memory; an instruction pointer for holding an address of a current instruction in the memory; control logic coupled to the instruction decoder for executing the current instruction only when the associated privilege level is appropriate to the secure portion of a memory, where at least a portion of one of the predetermined memory regions is implemented in a technology different from that of at least a portion of another one of the regions.
-
-
41. A data processor for executing secure code residing in a memory, comprising:
-
an instruction decoder for determining that a current instruction has an associated privilege level appropriate to a secure portion of a memory; an instruction pointer for holding an address of a current instruction in the memory; control logic coupled to the instruction decoder for executing the current instruction only when the associated privilege level is appropriate to the secure portion of a memory, where the memory is on the same module with the instruction decoder, the instruction pointer, and the control logic. - View Dependent Claims (42, 43, 44, 45, 46)
-
-
47. A data processor for executing secure code residing in a memory, comprising:
-
an instruction decoder for determining that a current instruction has an associated privilege level appropriate to a secure portion of a memory; an instruction pointer for holding an address of a current instruction in the memory; control logic coupled to the instruction decoder for executing the current instruction only when the associated privilege level is appropriate to the secure portion of the memory, where the instruction decoder responds to one of a defined set of distinguished operation codes for identifying the current instruction as accessing secure code, where the processor operates at multiple different privilege levels, and where the instruction decoder executes a current instruction having at least one of the distinguished operation codes only if the processor is currently operating at a particular one of the levels.
-
-
48. A data processor for executing secure code residing in a memory, comprising:
-
an instruction decoder for determining that a current instruction belongs to the secure code when the current instruction has an associated privilege level appropriate to a secure portion of a memory; an instruction pointer for holding an address of a current instruction in the memory; control logic coupled to the instruction decoder for executing the current instruction only when the associated privilege level is appropriate to the secure portion of the memory, and further comprising curtain logic coupled to the instruction decoder for restricting access to a predetermined range of addresses in the memory by any instruction not belonging to the secure code. - View Dependent Claims (49, 50)
-
-
51. A data processor for executing secure code residing in a memory, comprising:
-
an instruction decoder for determining that a current instruction belongs to the secure code when the current instruction has an associated privilege level appropriate to a secure portion of a memory; an instruction pointer for holding an address of a current instruction in the memory; control logic coupled to the instruction decoder for executing the current instruction only when the associated privilege level is appropriate to the secure portion of the memory, and further comprising an interrupt handler for restricting processing of interrupts during execution of the secure code. - View Dependent Claims (52, 53)
-
- 54. A medium bearing a computer readable representation configured to cause a processor to execute curtained code, wherein the computer readable representation is further configured to cause the processor to execute the curtained code in response to determining that the curtained code corresponds to a privilege level associated with physical addresses corresponding to virtual addresses accessed by the curtained code.
Specification