Sleep protection

US 7,392,415 B2
Filed: 06/26/2002
Issued: 06/24/2008
Est. Priority Date: 06/26/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprisingstoring unencrypted secrets in a memory of a system;

setting a first flag in a secrets store to indicate that the memory contains unencrypted secrets;

setting a second flag in a sleep enable store to request a sleep controller to cause the system to enter one of a plurality of sleep states by powering down at least one of a plurality of system components;

determining which of the plurality of sleep states to enter based on a sleep type store, wherein the type of sleep state determines which of the plurality of system components to power down and the wake-up latency of the system;

detecting a sleep attack,determining that the memory contains unencrypted secrets based on the secrets store; and

before entering a sleep state, in response to determining that the memory contains unencrypted secrets based on the secrets store, invoking a sleep attack response that protects the unencrypted secrets from the sleep attack, the sleep attack response including one or more from the group of generating a system reset event, generating a system halt event, generating a system shutdown event, generating a system power off event, powering circuitry used to protect the unencrypted secrets during the sleep state, or erasing the memory.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, apparatus and machine-readable medium are described that attempt to protect secrets from sleep attacks. In some embodiments, the secrets are encrypted and a security enhanced environment dismantled prior to entering a sleep state. Some embodiments further re-establish a security enhanced environment and decrypt the secrets in response to a wake event.

Citations

23 Claims

1. A method comprisingstoring unencrypted secrets in a memory of a system;
- setting a first flag in a secrets store to indicate that the memory contains unencrypted secrets;
  
  setting a second flag in a sleep enable store to request a sleep controller to cause the system to enter one of a plurality of sleep states by powering down at least one of a plurality of system components;
  
  determining which of the plurality of sleep states to enter based on a sleep type store, wherein the type of sleep state determines which of the plurality of system components to power down and the wake-up latency of the system;
  
  detecting a sleep attack,determining that the memory contains unencrypted secrets based on the secrets store; and
  
  before entering a sleep state, in response to determining that the memory contains unencrypted secrets based on the secrets store, invoking a sleep attack response that protects the unencrypted secrets from the sleep attack, the sleep attack response including one or more from the group of generating a system reset event, generating a system halt event, generating a system shutdown event, generating a system power off event, powering circuitry used to protect the unencrypted secrets during the sleep state, or erasing the memory.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1wherein setting the second flag in the sleep enable store is in response to a sleep event.
  - 3. The method of claim 1 further comprisingencrypting one or more portions of the memory in response to a sleep event.
  - 4. The method of claim 3 further comprisinggenerating a contents attestation that attests to the one or more portions of the memory.
  - 5. The method of claim 3 further comprisinggenerating a structure that identifies the one or more portions of the memory;
    - andgenerating one or more attestations that attest to the structure and the one or more portions of the memory.
  - 6. The method of claim 5 further comprisingsealing the structure and the one or more attestations to a monitor of a computing device.

7. A chipset to support a processor in a system, comprisinga secrets store to indicate whether a memory in the system contains unencrypted secrets;
- a sleep controller;
  
  a sleep enable store to request the sleep controller to cause the system to enter one of a plurality of sleep states by powering down at least one of a plurality of system components;
  
  a sleep type store to indicate which of the plurality of sleep states to enter, wherein the indication determines which of the plurality of system components to power down and the wake-up latency of the system;
  
  sleep attack detection logic to detect a sleep attack and determine that the memory contains secrets based on the secrets store, in response to a request from the processor to enter the sleep state and to invoke an attack response before entering the sleep state, where the sleep attack response includes one or more from the group of generating a system reset event, generating a system halt event, generating a system shutdown event, generating a system power off event, powering circuitry used to protect the unencrypted secrets during the sleep state, or erasing the memory.
- View Dependent Claims (8, 9)
- - 8. The chipset of claim 7 further comprising an interface that prevents untrusted modification of the secrets store.
  - 9. The chipset of claim 7 further comprising an interface that requires receipt of one or more messages prior to allowing updates to the secrets store.

10. A system comprising an operating system and a more privileged monitor,the operating system tostore unencrypted secrets in system memory;
- receive a first flag in a secrets store to indicate the memory contains unencrypted secrets;
  
  receive a second flag in a sleep enable store to request a sleep controller, to enter a sleep state by powering down at least one of a plurality of system components based on the sleep state type,determine which of the plurality of sleep states to enter based on a sleep type store, wherein the type of sleep state determines which of the plurality of system components to power down and the wake-up latency of the system, and to transfer processing of the sleep event to the monitor, andthe monitor, based on a secrets store that indicates whether a memory contains unencrypted secrets and in response to the sleep event and before the system enters the sleep state, to encrypt one or more pages of the memory and to indicate that the memory contains no unencrypted secrets.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The system of claim 10, wherein the monitor is to further update the secrets store to indicate that the memory contains no unencrypted secrets.
  - 12. The system of claim 10, whereinthe monitor is to return processing of the sleep event to the operating system, andthe operating system is to write encrypted and non-encrypted pages of memory to non-volatile storage.
  - 13. The system of claim 10, whereinthe monitor is to return processing of the sleep event to the operating system, andthe operating system is to cause the system to enter the sleep state.
  - 14. The system of claim 10, wherein the monitor is to further generate a contents attestation that attests to the encrypted pages of the memory.
  - 15. The system of claim 14, wherein the monitor is to further generate a structure that identifies the encrypted pages, and is to generate a structure attestation that attests to the structure.
  - 16. The system of claim 15, wherein the monitor is to further seal to the monitor the contents attestation, the structure attestation, and a monitor key to decrypt the encrypted pages.

17. A system comprisingvolatile memory comprising security enhanced regions,a secrets store to indicate whether the volatile memory contains unencrypted secrets,a sleep controller;
- a sleep enable store to request the sleep controller, in response to a sleep event, to cause the system to enter one of a plurality of sleep states by powering down at least one of a plurality of system components;
  
  a sleep type store to indicate which of the plurality of sleep states to enter, wherein the indication determines which of the plurality of system components to power down and the wake-up latency of the system;
  
  sleep attack detection logic to invoke a sleep attack response before entry into the sleep state, in response to the sleep enable store being updated to invoke entry into the sleep state and the secrets store indicating that the volatile memory contains unencrypted secrets, where the sleep attack response includes one or more from the group of;
  
  generating a system reset event,generating a system halt event,generating a system shutdown event,generating a system power off event,powering circuitry used to protect the unencrypted secrets during the sleep state such as a processor to encrypt the security enhanced regions in response to the sleep event and to update the secrets store to indicate that the volatile memory contains no unencrypted secrets in response to encrypting the security enhanced regions,or erasing the memory.
- View Dependent Claims (18, 19, 20)
- - 18. The system of claim 17, wherein the processor is to further generate a contents attestation that attests to the security enhanced regions and is to invoke the sleep attack response in response to a wake event if the contents attestation indicates that the security enhanced regions are not authentic.
  - 19. The system of claim 18, wherein the processor is to further seal the contents attestation and a key to decrypt the security enhanced regions to the system.
  - 20. The system of claim 19, wherein the processor is to further invoke the sleep attack response in response to a wake event if unsealing the contents attestation and the key fails.

21. A machine-readable medium comprising a plurality of instructions that in response to being executed, result in a systemsetting a first flag in a secrets store to indicate that the memory contains unencrypted secrets;
- in response to a sleep event, setting a second flag in a sleep enable store to request a sleep controller to cause the system to enter one of a plurality of sleep states by powering down at least one of a plurality of system components;
  
  determining which of the plurality of sleep states to enter based on a sleep type store, wherein the type of sleep state determines which of the plurality of system components to power down and the wake-up latency of the system;
  
  detecting a sleep attack;
  
  determining that the memory contains unencrypted secrets based on the secrets store;
  
  before entering the sleep state, in response to determining that the memory contains unencrypted secrets based on the secrets store, encrypting contents of the memory, andgenerating a contents attestation that attests to the contents of the memory.
- View Dependent Claims (22, 23)
- - 22. The machine-readable medium of claim 21 wherein the plurality of instructions in response to being executed further result in the systemusing the contents attestation to verify the authenticity of the contents in response to a wake event, andinvoking a sleep attack response in response to determining that the contents of the memory are not authentic.
  - 23. The machine-readable medium of claim 22 wherein the plurality of instructions in response to being executed further result in the systemsealing the contents attestation and a key to decrypt the contents of the memory to the system in response to the sleep event,unsealing the contents attestation and the key in response to a wake event, andinvoking the sleep attack response in response to a failure in unsealing the contents attestation and the key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Poisner, David I., Grawrock, David W.
Primary Examiner(s)
TRAN, ELLEN C

Application Number

US10/185,887
Publication Number

US 20040003273A1
Time in Patent Office

2,190 Days
Field of Search

713/193, 713/191, 713/323, 726/34, 726/36, 726/22, 726/23, 726/25
US Class Current

713/323
CPC Class Codes

G06F 21/57 Certifying or maintaining t...

G06F 21/79 in semiconductor storage me...

Sleep protection

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Sleep protection

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links