Protected configuration space in a protected environment

US 7,366,849 B2
Filed: 06/25/2004
Issued: 04/29/2008
Est. Priority Date: 06/12/2002
Status: Expired due to Fees

First Claim

Patent Images

1. An apparatus, comprising:

an interface coupled to at least one processor, the interface external to the at least one processor and to communicate with the at least one processor;

a first set of registers coupled to the interface, the first set of registers external to the interface and accessible within a first predetermined range of memory addresses, the first set of registers to include control information and status information for a protected operating environment;

a logic circuit coupled to the first set of registers to determine a source of a protected command; and

a control logic coupled between the interface and the first set of registers, the control logic to perform a first operation specified by the protected command, the first operation includes writing to at least one register in the first set of registers if the source is a processor in the at least one processor.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A protected configuration space is implemented as at least one range of memory addresses that are mapped to logic external to system memory. The memory addresses access logic that performs control and status operations pertaining to a protected operating environment. Some of the addresses may access protected configuration registers. Commands having destination addresses within the protected configuration space may not be completed if the commands are not issued by a processor, or if the commands are not part of a group of one or more designated protected commands. A separately addressable non-protected configuration space may also be implemented, accessible by processors, non-processors and/or non-protected commands.

125 Citations

17 Claims

1. An apparatus, comprising:
- an interface coupled to at least one processor, the interface external to the at least one processor and to communicate with the at least one processor;
  
  a first set of registers coupled to the interface, the first set of registers external to the interface and accessible within a first predetermined range of memory addresses, the first set of registers to include control information and status information for a protected operating environment;
  
  a logic circuit coupled to the first set of registers to determine a source of a protected command; and
  
  a control logic coupled between the interface and the first set of registers, the control logic to perform a first operation specified by the protected command, the first operation includes writing to at least one register in the first set of registers if the source is a processor in the at least one processor.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The apparatus of claim 1, wherein:
    - the first predetermined range of memory addresses are accessible by the at least one processor and are inaccessible by devices other than the at least one processor.
  - 3. The apparatus of claim 1,wherein the control logic is to direct commands addressed to one or more addresses within the first predetermined range of memory addresses to the first set of registers.
  - 4. The apparatus of claim 3, wherein:
    - the control logic includes first and second modes of operation;
      
      the control logic in the first mode is to accept protected commands addressed to the first predetermined range of memory addresses and is to reject non-protected commands addressed to the first predetermined range of memory addresses; and
      
      the control logic in the second mode is to accept the non-protected commands addressed to the first predetermined range of memory addresses.
  - 5. The apparatus of claim 4, wherein:
    - the control logic is to switch the control logic from the first mode to the second mode responsive to a first protected command and is to switch the control logic from the second mode to the first mode responsive to a second protected command.
  - 6. The apparatus of claim 3, wherein:
    - the control logic is to perform an operation not directed to the first set of registers, responsive to accepting a particular command having a particular address within the first predetermined range of memory addresses.
  - 7. The apparatus of claim 3, wherein:
    - the control logic includes a mapping of a particular address within the first predetermined range of memory addresses to a particular register in the first set of registers.
  - 8. The apparatus of claim 3, further comprising:
    - a second set of registers coupled to the interface and accessible within a second predetermined range of memory addresses, the second set of registers to include control information and status information for a non-protected operating environment.
  - 9. The apparatus of claim 8, wherein:
    - the second predetermined range of memory addresses are accessible by the at least one processor and are inaccessible by devices other than the at least one processor.
  - 10. The apparatus of claim 8, wherein:
    - the control logic includes a first mapping of a first particular address within the first predetermined range of memory addresses to a first particular register in the first set of registers and a second mapping of a second particular address within the second predetermined range of memory addresses to a second particular register in the second set of registers.
  - 11. The apparatus of claim 10, wherein:
    - the second particular register is the first particular register.

12. A method, comprising:
- issuing a protected command to a first memory address within a first range of memory addresses reserved for a protected configuration space;
  
  redirecting the protected command to a logic circuit external to the first memory;
  
  determining a source of the protected command; and
  
  performing a first operation specified by the protected command within the logic circuit including writing to a protected configuration register in response to detecting the source is a processor.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The method of claim 12, further comprising:
    - rejecting the protected command in response to detecting the source is a device other than the processor.
  - 14. The method of claim 12, further comprising:
    - issuing a non-protected command to a second memory address within a second range of memory addresses reserved for a non-protected configuration space;
      
      redirecting the non-protected command from the memory to the logic circuit;
      
      performing a second operation specified by the non-protected command within the logic circuit responsive to the non-protected command being issued by the processor; and
      
      rejecting the non-protected command responsive to the non-protected command being issued by a device other than the processor.
  - 15. The method of claim 14, wherein:
    - said performing a second operation includes writing to a non-protected configuration register.
  - 16. The method of claim 12, wherein:
    - said issuing the protected command, said redirecting the protected command, and said performing the first operation are included in a protected operating environment;
      
      said issuing the non-protected command, said redirecting the non-protected command, and said performing the second operation are included in a non-protected operating environment; and
      
      the protected operating environment and the non-protected operating environment operate concurrently.
  - 17. The method of claim 12, wherein determining a source of the protected command further comprises:
    - determining the source by any one of an indicator in the protected command and a source address in the protected command, the protected command in any one of a first format for the processor and a second format for a device other than the processor, the first format different from the second format.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Poisner, David I.
Primary Examiner(s)
Sparks; Donald
Assistant Examiner(s)
RUTZ, JARED IAN

Application Number

US10/877,582
Publication Number

US 20050022002A1
Time in Patent Office

1,404 Days
Field of Search

711/152, 711/156, 711/163, 710/200, 710/240, 713/200, 726/27
US Class Current

711/152
CPC Class Codes

G06F 12/1441 for a range

G06F 12/1458 by checking the subject acc...

Protected configuration space in a protected environment

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

125 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Protected configuration space in a protected environment

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

125 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links