Method of controlling access to control registers of a microprocessor

US 7,401,358 B1
Filed: 04/18/2003
Issued: 07/15/2008
Est. Priority Date: 04/18/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method of controlling accesses to control register zero (CR0) of a processor configured to operate in a normal execution mode and a secure execution mode, said method comprising:

storing state and mode information in said (CR0);

protection logic allowing a software invoked write access to modify said state and mode information within said (CR0) during operation in said normal execution mode;

security logic selectively inhibiting said software invoked write access during operation in said secure execution mode;

determining whether control bits, within said CR0, which said software invoked write access is attempting to modify, are safe to modify in a normal kernel mode of said secure execution mode;

wherein said normal kernel mode includes a current privilege level state being equal to zero within a code segment descriptor corresponding to a currently executing code sequence during operation in said secure execution mode, but not in a trusted execution mode;

allowing said software invoked write access to proceed in response to determining that said control bits that said software invoked write access is attempting to modify, within said CR0, are safe in said normal kernel mode;

inhibiting said software invoked write access from proceeding and generating a security exception in response to determining that said control bits within said CR0 are not safe in said normal kernel mode; and

enabling the secure execution mode during operation in the normal execution mode by executing a secure operating system code segment that has been validated using a separate security processor that is external to the processor.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of controlling access to a control register of a microprocessor. The method of controlling access to a control register of a processor having a normal execution mode and a secure execution mode may include storing state and mode information in the control register, allowing a software invoked write access to modify the state and mode information within the control register during the normal execution mode and selectively inhibiting the software invoked write access during the secure execution mode.

113 Citations

15 Claims

1. A method of controlling accesses to control register zero (CR0) of a processor configured to operate in a normal execution mode and a secure execution mode, said method comprising:
- storing state and mode information in said (CR0);
  
  protection logic allowing a software invoked write access to modify said state and mode information within said (CR0) during operation in said normal execution mode;
  
  security logic selectively inhibiting said software invoked write access during operation in said secure execution mode;
  
  determining whether control bits, within said CR0, which said software invoked write access is attempting to modify, are safe to modify in a normal kernel mode of said secure execution mode;
  
  wherein said normal kernel mode includes a current privilege level state being equal to zero within a code segment descriptor corresponding to a currently executing code sequence during operation in said secure execution mode, but not in a trusted execution mode;
  
  allowing said software invoked write access to proceed in response to determining that said control bits that said software invoked write access is attempting to modify, within said CR0, are safe in said normal kernel mode;
  
  inhibiting said software invoked write access from proceeding and generating a security exception in response to determining that said control bits within said CR0 are not safe in said normal kernel mode; and
  
  enabling the secure execution mode during operation in the normal execution mode by executing a secure operating system code segment that has been validated using a separate security processor that is external to the processor.
- View Dependent Claims (2, 3, 4)
- - 2. The method as recited in claim 1 further comprising allowing said software invoked write access to modify said state and mode information within said (CR0) in response to said processor is operating in a secure kernel mode.
  - 3. The method as recited in claim 2, wherein said secure kernel mode includes:
    - a current privilege level state being equal to zero within a code segment descriptor corresponding to a currently executing code sequence during said secure execution mode; and
      
      said processor entering said trusted execution mode.
  - 4. The method as recited in claim 1, wherein said software invoked write access includes a load instruction specifying said CR0 as a destination operand.

5. A processor comprising:
- execution logic configured to execute code in a normal execution mode and a secure execution mode;
  
  a control register zero (CR0) coupled to said execution logic and configured to store control information corresponding to an operating state and mode of said processor; and
  
  protection logic coupled to said (CR0) and configured to allow a software invoked write access to modify said control information within said (CR0) during operation in said normal execution mode;
  
  wherein said protection logic includes security logic coupled to said (CR0) and configured to selectively inhibit said software invoked write access during operation in said secure execution mode;
  
  wherein said security logic is further configured to determine whether control bits, within said CR0, which said software invoked write access is attempting to modify, are safe to modify in a normal kernel mode of said secure execution mode;
  
  wherein said security logic is further configured to allow said software invoked write access to proceed in response to determining that said control bits that said software invoked write access is attempting to modify, within said CR0, are safe in said normal kernel mode;
  
  wherein said security logic is further configured to inhibit said software invoked write access from proceeding and generating a security exception in response to determining that said control bits within said CR0 are not safe in said normal kernel mode;
  
  wherein the secure execution mode is enabled during operation in the normal execution mode in response to execution of a secure operating system code segment that has been validated using a separate security processor that is external to the processor; and
  
  wherein said normal kernel mode includes a current privilege level state being equal to zero within a code segment descriptor corresponding to a currently executing code sequence during operation in said secure execution mode, but not in a trusted execution mode.
- View Dependent Claims (6, 7, 8)
- - 6. The processor as recited in claim 5, wherein said security logic is further configured to allow said software invoked write access to control information within said (CR0) in response to said processor is operating in a secure kernel mode.
  - 7. The processor as recited in claim 6, wherein said secure kernel mode includes:
    - a current privilege level state being equal to zero within a code segment descriptor corresponding to a currently executing code sequence during said secure execution mode; and
      
      said processor entering said trusted execution mode.
  - 8. The processor as recited in claim 6, wherein said software invoked write access includes a load instruction specifying said CR0 as a destination operand.

9. A computer system comprising:
- a processor configured to operate in a normal execution mode and a secure execution mode, wherein the secure execution mode is enabled during operation in the normal execution mode and in response to execution of a secure operating system code segment that has been validated using a separate security processor that is external to the processor; and
  
  a memory coupled to said processor and configured to store instructions and data;
  
  wherein said processor includes;
  
  execution logic configured to execute code;
  
  a control register zero (CR0) coupled to said execution logic and configured to store control information corresponding to an operating state and mode of said processor; and
  
  protection logic coupled to said (CR0) and configured to allow a software invoked write access to modify said control information within said (CR0) during operation in said normal execution mode;
  
  wherein said protection logic includes security logic coupled to said control register (CR0) and configured to selectively inhibit said software invoked write access during operation in said secure execution modeswherein said security logic is further configured to determine whether control bits, within said CR0, which said software invoked write access is attempting to modify, are safe to modify in a normal kernel mode of said secure execution mode;
  
  wherein said normal kernel mode includes a current privilege level state being equal to zero within a code segment descriptor corresponding to a currently executing code sequence during operation in said secure execution mode, but not in a trusted execution mode;
  
  wherein said security logic is further configured to allow said software invoked write access to proceed in response to determining that said control bits that said software invoked write access is attempting to modify, within said CR0, are safe in said normal kernel mode; and
  
  wherein said security logic is further configured to inhibit said software invoked write access from proceeding and generating a security exception in response to determining that said control bits within said CR0 are not safe in said normal kernel mode.
- View Dependent Claims (10, 11, 12)
- - 10. The computer system as recited in claim 9, wherein said security logic is further configured to allow said software invoked write access to modify said control information corresponding to said operating state and mode, within said (CR0), in response to said processor operating in a secure kernel mode.
  - 11. The computer system as recited in claim 10, wherein said secure kernel mode includes:
    - a current privilege level state being equal to zero within a code segment descriptor corresponding to a currently executing code sequence during said secure execution mode; and
      
      said processor entering said trusted execution mode.
  - 12. The computer system as recited in claim 9, wherein said software invoked write access includes a load instruction specifying said CR0 as a destination operand.

13. A processor comprising:
- execution logic configured to execute code in a normal execution mode and a secure execution mode;
  
  means for storing state and mode information in a control register zero (CR0) of the processor;
  
  means for allowing a software invoked write access to modify said state and mode information within said (CR0) during operation in said normal execution mode;
  
  means for selectively inhibiting said software invoked write access during operation in said secure execution mode;
  
  means for determining whether control bits, within said CR0, which said software invoked write access is attempting to modify, are safe to modify in a normal kernel mode of said secure execution mode;
  
  wherein said normal kernel mode includes a current privilege level state being equal to zero within a code segment descriptor corresponding to a currently executing code sequence during operation in said secure execution mode, but not in a trusted execution mode;
  
  means for allowing said software invoked write access to proceed in response to determining that said control bits that said software invoked write access is attempting to modify, within said CR0, are safe in said normal kernel mode; and
  
  means for inhibiting said software invoked write access from proceeding and generating a security exception in response to determining that said control bits within said CR0 are not safe in said normal kernel mode;
  
  wherein the secure execution mode is enabled during operation in the normal execution mode in response to execution of a secure operating system code segment that has been validated using a separate security processor that is external to the processor.
- View Dependent Claims (14, 15)
- - 14. The processor as recited in claim 13 further comprising a means for allowing said software invoked write access to modify said state and mode information within said CR0 in response to said processor is operating in a secure kernel mode.
  - 15. The processor as recited in claim 14, wherein said secure kernel mode includes:
    - a current privilege level state being equal to zero within a code segment descriptor corresponding to a currently executing code sequence during said secure execution mode; and
      
      said processor entering said trusted execution mode.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Advanced Silicon Technologies LLC
Original Assignee
Advanced Micro Devices, Inc.
Inventors
Christie, David S., McGrath, Kevin J.
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
NOBAHAR, ABDULHAKIM

Application Number

US10/419,038
Time in Patent Office

1,915 Days
Field of Search

726/21, 726/27
US Class Current

726/21
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/74   operating in dual or compar...

G06F 9/4403   Processor initialisation

Method of controlling access to control registers of a microprocessor

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

113 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Method of controlling access to control registers of a microprocessor

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

113 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links