System and method for selecting and using a signal processor in a multiprocessor system to operate as a security for encryption/decryption of data
First Claim
1. A method, in a multiprocessor system, the multiprocessor system comprising a control processor and a plurality of controlled processors, the method comprising:
- selecting at least one controlled processor of the plurality of controlled processors to operate in a shared operational state;
selecting a second controlled processor from the plurality of controlled processors to operate in an isolated operational state;
configuring the at least one first controlled processor of the multiprocessor system to be in the shared operational state, wherein the shared operational state causes the at least one first controlled processor to operate using a common memory accessible by the plurality of controlled processors in the multiprocessor system;
configuring the second controlled processor of the multiprocessor system, via loading and executing initialization code in the second controlled processor, to be in the isolated operational state, wherein the isolated operational state causes a local memory associated with the second controlled processor to be not accessible by the at least one first controlled processor;
executing first code within the second controlled processor in a secure manner by virtue of the isolated operational state; and
executing second code within the at least one first controlled processor in an unsecured manner by virtue of the shared operational state.
5 Assignments
0 Petitions
Accused Products
Abstract
A system and method are provided to dedicate one or more processors in a multiprocessing system to performing encryption functions. When the system initializes, one of the synergistic processing unit (SPU) processors is configured to run in a secure mode wherein the local memory included with the dedicated SPU is not shared with the other processors. One or more encryption keys are stored in the local memory during initialization. During initialization, the SPUs receive nonvolatile data, such as the encryption keys, from nonvolatile register space. This information is made available to the SPU during initialization before the SPUs local storage might be mapped to a common memory map. In one embodiment, the mapping is performed by another processing unit (PU) that maps the shared SPUs'"'"' local storage to a common memory map.
105 Citations
36 Claims
-
1. A method, in a multiprocessor system, the multiprocessor system comprising a control processor and a plurality of controlled processors, the method comprising:
-
selecting at least one controlled processor of the plurality of controlled processors to operate in a shared operational state; selecting a second controlled processor from the plurality of controlled processors to operate in an isolated operational state; configuring the at least one first controlled processor of the multiprocessor system to be in the shared operational state, wherein the shared operational state causes the at least one first controlled processor to operate using a common memory accessible by the plurality of controlled processors in the multiprocessor system; configuring the second controlled processor of the multiprocessor system, via loading and executing initialization code in the second controlled processor, to be in the isolated operational state, wherein the isolated operational state causes a local memory associated with the second controlled processor to be not accessible by the at least one first controlled processor; executing first code within the second controlled processor in a secure manner by virtue of the isolated operational state; and executing second code within the at least one first controlled processor in an unsecured manner by virtue of the shared operational state. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. An information handling system, comprising:
-
a control processor; a plurality of controlled processors, wherein each of the plurality of controlled processors comprises a local memory; and a common memory shared by the control processor and the plurality of controlled processors in the information handling system, wherein the plurality of controlled processors comprises; at least one first controlled processor selected and configured to be in a shared operational state, wherein the shared operation state causes the at least one first controlled processor to operate using the common memory; and a second controlled processor selected and configured, via loading and executing initialization code in the second controlled processor, to be in an isolated operational state, wherein the isolated operational state causes a local memory associated with the second controlled processor to be not accessible by the at least one first controlled processor, wherein the second controlled processor executes first code in a secure manner by virtue of the isolated operational state, and wherein the at least one first controlled processor executes in an unsecured manner by virtue of the shared operational state. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A computer program product comprising a computer useable medium having a computer readable program, wherein the computer readable program, when executed on a computing device comprising a control processor and a plurality of controlled processors, causes the computing device to:
-
select at least one first controlled processor of the plurality of controlled processors to operate in a shared operational state; select a second controlled processor from the plurality of controlled processors to operate in an isolated operational state; configure the at least one first controlled processor of the computing device to be in the shared operational state, wherein the shared operational state causes the at least one first controlled processor to operate using a common memory accessible by the plurality of controlled processors in the computing device; configure the second controlled processor of the computing device, via loading and executing initialization code in the second controlled processor, to be in the isolated operational state, wherein the isolated operational state causes a local memory associated with the second controlled processor to be not accessible by the at least one first controlled processor; execute first code within the second controlled processor in a secure manner by virtue of the isolated operational state; and execute second code within the at least one first controlled processor in an unsecured manner by virtue of the shared operational state. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36)
-
Specification