Attestation key memory device and bus
First Claim
Patent Images
1. An apparatus comprising:
- a digest memory to store an isolated digest in a secure environment for an isolated execution mode, the secure environment being associated with an isolated memory area accessible by at least one processor, the at least one processor operating in one of a normal execution mode and the isolated execution mode; and
an attestation key memory (AKM) device coupled to the digest memory to attest the isolated execution mode and prove validity of a program loaded into the isolated memory area using the isolated digest;
wherein the isolated digest includes at least a digest of one of a processor nub loader, a processor nub, an operating system nub, and a supervisory module loaded in an isolated execution space.
0 Assignments
0 Petitions
Accused Products
Abstract
In an embodiment of the present invention, a technique is provided for remote attestation. An interface maps a device via a bus to an address space of a chipset in a secure environment for an isolated execution mode. The secure environment is associated with an isolated memory area accessible by at least one processor. The at least one processor operates in one of a normal execution mode and the isolated execution mode. A communication storage corresponding to the address space allows the device to exchange security information with the at least one processor in the isolated execution mode in a remote attestation.
161 Citations
76 Claims
-
1. An apparatus comprising:
-
a digest memory to store an isolated digest in a secure environment for an isolated execution mode, the secure environment being associated with an isolated memory area accessible by at least one processor, the at least one processor operating in one of a normal execution mode and the isolated execution mode; and an attestation key memory (AKM) device coupled to the digest memory to attest the isolated execution mode and prove validity of a program loaded into the isolated memory area using the isolated digest; wherein the isolated digest includes at least a digest of one of a processor nub loader, a processor nub, an operating system nub, and a supervisory module loaded in an isolated execution space. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method comprising:
-
storing an isolated digest in a digest memory in a secure environment for an isolated execution mode, the secure environment being associated with an isolated memory area accessible by at least one processor, the at least one processor operating in one of a normal execution mode and the isolated execution mode; and attesting the isolated execution mode and proving validity of a program loaded into the isolated memory area using an attestation key memory (AKM) device and the isolated digest; wherein the isolated digest includes at least a digest of one of a processor nub loader, a processor nub, an operating system nub, and a supervisory module loaded in an isolated execution space. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
-
-
39. A computer program product comprising:
-
a machine readable medium having program code embedded therein, the computer program product comprising; computer readable program code to store an isolated digest in a digest memory in a secure environment for an isolated execution mode, the secure environment being associated with an isolated memory area accessible by at least one processor, the at least one processor operating in one of a normal execution mode and the isolated execution mode; and computer readable program code to attest the isolated execution mode and proving validity of a program loaded into the isolated memory area using an attestation key memory (AKM) device and the isolated digest; wherein the isolated digest includes at least a digest of one of a processor nub loader, a processor nub, an operating system nub, and a supervisory module loaded in an isolated execution space. - View Dependent Claims (40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57)
-
-
58. A system comprising:
-
an attestation key memory (AKM) device; at least one processor operating in a secure environment, the at least one processor having one of a normal execution mode and an isolated execution mode; a memory coupled to the at least one processor, the memory having an isolated memory area accessible to the at least one processor in the isolated execution mode; and a chipset coupled to the at least one processor and the memory, the chipset having a circuit, the circuit comprising; a digest memory to store an isolated digest used with the device to attest the isolated execution mode and prove validity of a program loaded into the isolated memory area; wherein the isolated digest includes at least a digest of one of a processor nub loader, a processor nub, an operating system nub, and a supervisory module loaded in an isolated execution space. - View Dependent Claims (59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76)
-
Specification