Method of controlling access to control registers of a microprocessor
First Claim
Patent Images
1. A method of controlling accesses to control register zero (CR0) of a processor configured to operate in a normal execution mode and a secure execution mode, said method comprising:
- storing state and mode information in said (CR0);
protection logic allowing a software invoked write access to modify said state and mode information within said (CR0) during operation in said normal execution mode;
security logic selectively inhibiting said software invoked write access during operation in said secure execution mode;
determining whether control bits, within said CR0, which said software invoked write access is attempting to modify, are safe to modify in a normal kernel mode of said secure execution mode;
wherein said normal kernel mode includes a current privilege level state being equal to zero within a code segment descriptor corresponding to a currently executing code sequence during operation in said secure execution mode, but not in a trusted execution mode;
allowing said software invoked write access to proceed in response to determining that said control bits that said software invoked write access is attempting to modify, within said CR0, are safe in said normal kernel mode;
inhibiting said software invoked write access from proceeding and generating a security exception in response to determining that said control bits within said CR0 are not safe in said normal kernel mode; and
enabling the secure execution mode during operation in the normal execution mode by executing a secure operating system code segment that has been validated using a separate security processor that is external to the processor.
3 Assignments
0 Petitions
Accused Products
Abstract
A method of controlling access to a control register of a microprocessor. The method of controlling access to a control register of a processor having a normal execution mode and a secure execution mode may include storing state and mode information in the control register, allowing a software invoked write access to modify the state and mode information within the control register during the normal execution mode and selectively inhibiting the software invoked write access during the secure execution mode.
113 Citations
15 Claims
-
1. A method of controlling accesses to control register zero (CR0) of a processor configured to operate in a normal execution mode and a secure execution mode, said method comprising:
-
storing state and mode information in said (CR0); protection logic allowing a software invoked write access to modify said state and mode information within said (CR0) during operation in said normal execution mode; security logic selectively inhibiting said software invoked write access during operation in said secure execution mode; determining whether control bits, within said CR0, which said software invoked write access is attempting to modify, are safe to modify in a normal kernel mode of said secure execution mode; wherein said normal kernel mode includes a current privilege level state being equal to zero within a code segment descriptor corresponding to a currently executing code sequence during operation in said secure execution mode, but not in a trusted execution mode; allowing said software invoked write access to proceed in response to determining that said control bits that said software invoked write access is attempting to modify, within said CR0, are safe in said normal kernel mode; inhibiting said software invoked write access from proceeding and generating a security exception in response to determining that said control bits within said CR0 are not safe in said normal kernel mode; and enabling the secure execution mode during operation in the normal execution mode by executing a secure operating system code segment that has been validated using a separate security processor that is external to the processor. - View Dependent Claims (2, 3, 4)
-
-
5. A processor comprising:
-
execution logic configured to execute code in a normal execution mode and a secure execution mode; a control register zero (CR0) coupled to said execution logic and configured to store control information corresponding to an operating state and mode of said processor; and protection logic coupled to said (CR0) and configured to allow a software invoked write access to modify said control information within said (CR0) during operation in said normal execution mode; wherein said protection logic includes security logic coupled to said (CR0) and configured to selectively inhibit said software invoked write access during operation in said secure execution mode; wherein said security logic is further configured to determine whether control bits, within said CR0, which said software invoked write access is attempting to modify, are safe to modify in a normal kernel mode of said secure execution mode; wherein said security logic is further configured to allow said software invoked write access to proceed in response to determining that said control bits that said software invoked write access is attempting to modify, within said CR0, are safe in said normal kernel mode; wherein said security logic is further configured to inhibit said software invoked write access from proceeding and generating a security exception in response to determining that said control bits within said CR0 are not safe in said normal kernel mode; wherein the secure execution mode is enabled during operation in the normal execution mode in response to execution of a secure operating system code segment that has been validated using a separate security processor that is external to the processor; and wherein said normal kernel mode includes a current privilege level state being equal to zero within a code segment descriptor corresponding to a currently executing code sequence during operation in said secure execution mode, but not in a trusted execution mode. - View Dependent Claims (6, 7, 8)
-
-
9. A computer system comprising:
-
a processor configured to operate in a normal execution mode and a secure execution mode, wherein the secure execution mode is enabled during operation in the normal execution mode and in response to execution of a secure operating system code segment that has been validated using a separate security processor that is external to the processor; and a memory coupled to said processor and configured to store instructions and data; wherein said processor includes; execution logic configured to execute code; a control register zero (CR0) coupled to said execution logic and configured to store control information corresponding to an operating state and mode of said processor; and protection logic coupled to said (CR0) and configured to allow a software invoked write access to modify said control information within said (CR0) during operation in said normal execution mode; wherein said protection logic includes security logic coupled to said control register (CR0) and configured to selectively inhibit said software invoked write access during operation in said secure execution modes wherein said security logic is further configured to determine whether control bits, within said CR0, which said software invoked write access is attempting to modify, are safe to modify in a normal kernel mode of said secure execution mode; wherein said normal kernel mode includes a current privilege level state being equal to zero within a code segment descriptor corresponding to a currently executing code sequence during operation in said secure execution mode, but not in a trusted execution mode; wherein said security logic is further configured to allow said software invoked write access to proceed in response to determining that said control bits that said software invoked write access is attempting to modify, within said CR0, are safe in said normal kernel mode; and wherein said security logic is further configured to inhibit said software invoked write access from proceeding and generating a security exception in response to determining that said control bits within said CR0 are not safe in said normal kernel mode. - View Dependent Claims (10, 11, 12)
-
-
13. A processor comprising:
-
execution logic configured to execute code in a normal execution mode and a secure execution mode; means for storing state and mode information in a control register zero (CR0) of the processor; means for allowing a software invoked write access to modify said state and mode information within said (CR0) during operation in said normal execution mode; means for selectively inhibiting said software invoked write access during operation in said secure execution mode; means for determining whether control bits, within said CR0, which said software invoked write access is attempting to modify, are safe to modify in a normal kernel mode of said secure execution mode; wherein said normal kernel mode includes a current privilege level state being equal to zero within a code segment descriptor corresponding to a currently executing code sequence during operation in said secure execution mode, but not in a trusted execution mode; means for allowing said software invoked write access to proceed in response to determining that said control bits that said software invoked write access is attempting to modify, within said CR0, are safe in said normal kernel mode; and means for inhibiting said software invoked write access from proceeding and generating a security exception in response to determining that said control bits within said CR0 are not safe in said normal kernel mode; wherein the secure execution mode is enabled during operation in the normal execution mode in response to execution of a secure operating system code segment that has been validated using a separate security processor that is external to the processor. - View Dependent Claims (14, 15)
-
Specification