Protecting software environment in isolated execution
First Claim
1. A processing system, comprising:
- a processor capable of operating in (a) a normal ring 0 operating mode, (b) one or more higher ring operating modes above the normal ring 0 operating mode, and (c) an isolated execution mode;
random access memory responsive to the processor, the random access memory to include (a) an ordinary memory area that can be accessed from the normal ring 0 operating mode, and (b) an isolated memory area that can be accessed from the isolated execution mode but not from the normal ring 0 operating mode;
an operating system (OS) nub in the processing system;
a key generator to generate an OS nub key (OSNK) based at least in part on an identification of the OS nub and a master binding key (BK0) of the processing system;
a usage protector to utilize the OSNK to detect modification of a software environment in the processing system; and
wherein the OS nub comprises part of an OS to run on the processing system.
0 Assignments
0 Petitions
Accused Products
Abstract
A processing system has a processor that can operate in a normal ring 0 operating mode and one or more higher ring operating modes above the normal ring 0 operating mode. In addition, the processor can operate in an isolated execution mode. A memory in the processing system may include an ordinary memory area that can be accessed from the normal ring 0 operating mode, as well as an isolated memory area that can be accessed from the isolated execution mode but not from the normal ring 0 operating mode. The processing system may also include an operating system (OS) nub, as well as a key generator. The key generator may generate an OS nub key (OSNK) based at least in part on an identification of the OS nub and a master binding key (BK0) of the platform. Other embodiments are described and claimed.
28 Citations
14 Claims
-
1. A processing system, comprising:
-
a processor capable of operating in (a) a normal ring 0 operating mode, (b) one or more higher ring operating modes above the normal ring 0 operating mode, and (c) an isolated execution mode; random access memory responsive to the processor, the random access memory to include (a) an ordinary memory area that can be accessed from the normal ring 0 operating mode, and (b) an isolated memory area that can be accessed from the isolated execution mode but not from the normal ring 0 operating mode; an operating system (OS) nub in the processing system; a key generator to generate an OS nub key (OSNK) based at least in part on an identification of the OS nub and a master binding key (BK0) of the processing system; a usage protector to utilize the OSNK to detect modification of a software environment in the processing system; and wherein the OS nub comprises part of an OS to run on the processing system. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method to be performed by a processing system having a processor capable of operating in (a) a normal ring 0 operating mode, (b) one or more higher ring operating modes above the normal ring 0 operating mode, and (c) an isolated execution mode;
- the method comprising;
establishing an ordinary memory area in a random access memory responsive to the processor, the ordinary memory area to be accessible from the normal ring 0 operating mode; establishing an isolated memory area in the random access memory, the isolated memory area to be accessible from the isolated execution mode and inaccessible from the normal ring 0 operating mode; generating an operating system (OS) nub key (OSNK) based at least in part on (a) an identification of an OS nub in the processing system and (b) a master binding key (BK0) of the processing system; utilizing the OSNK to detect modification of a software environment in the processing system; and wherein the OS nub comprises part of an OS to run on the processing system. - View Dependent Claims (9, 10, 11)
- the method comprising;
-
12. A manufacture comprising:
-
processor-readable medium; and instructions in the processor-readable medium, wherein the instructions, when executed in a processing system with a processor capable of operating in (a) a normal ring 0 operating mode, (b) one or more higher ring operating modes above the normal ring 0 operating mode, and (c) an isolated execution mode, cause the processing system to perform operations comprising; establishing an ordinary memory area in a random access memory responsive to the processor, the ordinary memory area to be accessible from the normal ring 0 operating mode; establishing an isolated memory area in the random access memory, the isolated memory area to be accessible from the isolated execution mode and inaccessible from the normal ring 0 operating mode; generating an operating system (OS) nub key (OSNK) based at least in part on (a) an identification of an OS nub in the processing system and (b) a master binding key (BK0) of the processing system utilizing the OSNK to detect modification of a software environment in the processing system; and wherein the OS nub comprises part of the part of an OS to run on the processing system. - View Dependent Claims (13, 14)
-
Specification