System and method for execution of a secured environment initialization instruction

US 7,546,457 B2
Filed: 03/31/2005
Issued: 06/09/2009
Est. Priority Date: 03/29/2002
Status: Expired due to Term

First Claim

Patent Images

1. A processor, comprising:

a secure memory to contain a secure initialization authenticated code; and

secure enter logic responsive to execution of a first instruction to invoke secure operation initialization, and to detect a point in time to proceed with execution of said secure initialization authenticated code.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for initiating secure operations in a microprocessor system is described. In one embodiment, one initiating logical processor initiates the process by halting the execution of the other logical processors, and then loading initialization and secure virtual machine monitor software into memory. The initiating processor then loads the initialization software into secure memory for authentication and execution. The initialization software then authenticates and registers the secure virtual machine monitor software prior to secure system operations.

Citations

19 Claims

1. A processor, comprising:
- a secure memory to contain a secure initialization authenticated code; and
  
  secure enter logic responsive to execution of a first instruction to invoke secure operation initialization, and to detect a point in time to proceed with execution of said secure initialization authenticated code.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The processor of claim 1, wherein said secure memory includes first logic to load said secure initialization authenticated code.
  - 3. The processor of claim 1, wherein said secure memory includes second logic to load keying material.
  - 4. The processor of claim 1, wherein said secure memory includes keying material.
  - 5. The processor of claim 1, wherein said secure enter logic to validate said secure initialization authenticated code with keying material.
  - 6. The processor of claim 5, wherein said secure enter logic to transfer execution control to said secure initialization authenticated code when validation completes.
  - 7. The processor of claim 5, wherein said keying material is related to a key used to encrypt a digital signature of said secure initialization authenticated code.
  - 8. The processor of claim 5, wherein said keying material is a cryptographic digest of a key included in said secure initialization authenticated code.

9. A chipset, comprising:
- a bus messaging logic responsive to a first special bus message from a first logical processor to prepare for secure operation; and
  
  a key register to store keying material to be sent to said first logical processor responsive to said first special bus message.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The chipset of claim 9, wherein said key register to send said keying material to said first logical processor after a second logical processor sends an acknowledgment to said first special bus message.
  - 11. The chipset of claim 10, wherein said chipset sets a flag after said bus messaging logic receives said acknowledgment.
  - 12. The chipset of claim 9, further comprising a device access logic to lock a secure virtual machine monitor.
  - 13. The chipset of claim 12, wherein said device access logic to receive configuration from said secure virtual machine monitor.

14. An apparatus, comprising:
- means for transmitting a special bus message;
  
  means for authenticating an initialization code within a first logical processor;
  
  means for authenticating a secure virtual machine monitor; and
  
  means for executing said secure virtual machine monitor in said first logical processor.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The apparatus of claim 14, further comprising means for transmitting an acknowledgement responsive to said first bus message.
  - 16. The apparatus of claim 14, further comprising means for halting execution in a second logical processor and means for sending an acknowledgement.
  - 17. The apparatus of claim 16, further comprising means for setting a flag in a chipset responsive to said acknowledgement.
  - 18. The apparatus of claim 14, wherein said means for authenticating an initialization code includes means for moving a copy of said initialization code and a public key to a secure memory.
  - 19. The apparatus of claim 14, wherein said means for authenticating a secure virtual machine monitor includes means for executing said initialization code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tahoe Research Limited (f/k/a Learndale Limited) (Vector Capital Corporation)
Original Assignee
Intel Corporation
Inventors
Sutton, James A. II, Grawrock, David W.
Primary Examiner(s)
SMITHERS, MATTHEW

Application Number

US11/096,618
Publication Number

US 20050182940A1
Time in Patent Office

1,531 Days
Field of Search

713/190
US Class Current

713/164
CPC Class Codes

G01N 2223/076   X-ray fluorescence

G01N 23/223   by irradiating the sample w...

G01N 33/502   for testing non-proliferati...

G01N 33/6872   Intracellular protein regul...

G06F 12/0802   Addressing of a memory leve...

G06F 12/145   the protection being virtua...

G06F 12/1458   by checking the subject acc...

G06F 13/4282   on a serial bus, e.g. I2C b...

G06F 21/57   Certifying or maintaining t...

G06F 21/572   Secure firmware programming...

G06F 2212/1052   Security improvement

G06F 2212/60   Details of cache memory

G06F 2213/0026   PCI express

G06F 2221/033   Test or assess software

G06F 9/4403   Processor initialisation

G06F 9/44505   Configuring for program ini...

H04L 9/32   including means for verifyi...

H04L 9/3247   involving digital signatures

System and method for execution of a secured environment initialization instruction

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for execution of a secured environment initialization instruction

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links