Mechanism to handle events in a machine with isolated execution

US 7,793,111 B1
Filed: 09/28/2000
Issued: 09/07/2010
Est. Priority Date: 09/28/2000
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

maintaining a first page table map for use in an isolated execution mode and a second page table map for use in a normal execution mode;

restricting access to an isolated area of memory to bus cycles performed in the isolated execution mode by a processor operating in the isolation execution mode, the isolated area of memory having an associated audit log to contain hash values representing information that has been successfully loaded into the isolated area of memory, the audit log to further act as a fingerprint that identifies the information loaded into the isolated area of memory, the audit log to further prove current status of the isolated execution mode;

dynamically swapping between the first page table map and the second page table map responsive to a change in execution mode;

identifying if an event is one of a class of events to be handled in the isolated execution mode;

asserting a selection signal to select the first page table map if the event is identified as one of the class of events to be handled in the isolated execution mode;

handling the event using a table map selected by the selection signal;

determining if a current mode is the isolated execution mode;

loading a set of control registers with values corresponding to the first page table map if the current mode is not the isolated execution mode and the event is one of the class; and

dispatching an exception vector after the loading is complete.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A platform and method for secure handling of events in an isolated environment. A processor executing in isolated execution “IsoX” mode may leak data when an event occurs as a result of the event being handled in a traditional manner based on the exception vector. By defining a class of events to be handled in IsoX mode, and switching between a normal memory map and an IsoX memory map dynamically in response to receipt of an event of the class, data security may be maintained in the face of such events.

166 Citations

18 Claims

1. A method comprising:
- maintaining a first page table map for use in an isolated execution mode and a second page table map for use in a normal execution mode;
  
  restricting access to an isolated area of memory to bus cycles performed in the isolated execution mode by a processor operating in the isolation execution mode, the isolated area of memory having an associated audit log to contain hash values representing information that has been successfully loaded into the isolated area of memory, the audit log to further act as a fingerprint that identifies the information loaded into the isolated area of memory, the audit log to further prove current status of the isolated execution mode;
  
  dynamically swapping between the first page table map and the second page table map responsive to a change in execution mode;
  
  identifying if an event is one of a class of events to be handled in the isolated execution mode;
  
  asserting a selection signal to select the first page table map if the event is identified as one of the class of events to be handled in the isolated execution mode;
  
  handling the event using a table map selected by the selection signal;
  
  determining if a current mode is the isolated execution mode;
  
  loading a set of control registers with values corresponding to the first page table map if the current mode is not the isolated execution mode and the event is one of the class; and
  
  dispatching an exception vector after the loading is complete.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 14)
- - 2. The method of claim 1 further comprising:
    - identifying if the event is one of a class of events to be handled in the isolated execution mode;
      
      handling the event using the first page table map if the event is identified as one of the class of events to be handled in the isolated execution mode; and
      
      wherein identifying comprises indexing into a lookup table with a exception vector of the event.
  - 3. The method of claim 1 wherein dynamically swapping comprises:
    - loading a set of control registers selected based on an exception vector of the event.
  - 4. The method of claim 3 wherein the set of control registers comprises:
    - a global descriptor table register;
      
      an interrupt descriptor table register; and
      
      a page table map base address register.
  - 5. The method of claim 1 wherein maintaining comprises:
    - mirroring a page table base address register.
  - 6. The method of claim 1 further comprising:
    - defining a set of events that should be handled in isolated execution mode.
  - 7. The method of claim 6 wherein the set of events to be handled in the isolated execution mode comprises:
    - machine check events and clock events.
  - 14. The method of claim 1, wherein the isolated area being accessible by the processor operating in the isolation execution mode via an isolated execution circuitry at the processor, and wherein restricting access includes protecting the isolated area by access checks, and permitting access to the isolated area via special bus cycles issued by a processor.

8. An apparatus comprising:
- a first storage location storing control data for a first page table map for use in an isolation execution mode;
  
  a second storage location storing control data for a second page table map for use in a normal execution mode;
  
  a selection unit to select which page table map is applied responsive to receipt of an event, the selection unit to dynamically swap between the first page table map and the second page table map responsive to a change in execution mode; and
  
  an isolated execution circuit at a processor to generate isolated access bus cycles to permit the processor to access an isolated area of memory and operate in the isolated execution mode, and further to restrict access to the isolated area, the isolated area of memory having an associated audit log to contain hash values representing information that has been successfully loaded into the isolated area of memory, the audit log to further act as a fingerprint that identifies the information loaded into the isolated area of memory, the audit log to further prove current status of the isolated execution mode,wherein isolated access bus cycles are to be used if the apparatus operates in an isolated execution mode.
- View Dependent Claims (9, 10)
- - 9. The apparatus of claim 8 wherein the selection unit comprises:
    - a multiplexer that selects between the first and the second storage locations based on an exception vector of the event.
  - 10. The apparatus of claim 8 wherein the first storage location contains a base address for the first page table map and the second storage location contains a base address for the second page table map.

11. A computer system comprising:
- a processor executing in one of a normal execution mode and an isolated execution mode associated with an isolated area of memory;
  
  a first set of control registers to define a current memory map of the platform;
  
  a mapping unit to dynamically load the first set of control registers responsive to an event if the event should be handled using an alternate memory map, the mapping unit including a second set of registers having a first subset corresponding to control register values for a normal execution mode memory map and a second subset corresponding to control register values for an isolated execution mode memory map, the mapping unit further including a selection unit to select and dynamically swap between the first subset and the second subset, the isolated area of memory having an associated audit log to contain hash values representing information that has been successfully loaded into the isolated area of memory, the audit log to further act as a fingerprint that identifies the information loaded into the isolated area of memory, the audit log to further prove current status of the isolated execution mode; and
  
  an isolated execution circuit to generate isolated access bus cycles if the processor is executing in the isolated execution mode, the isolated execution circuit to permit the processor to access the isolated area to operate in the isolated execution mode, and further to restrict access to the isolated area.
- View Dependent Claims (12, 13)
- - 12. The computer system of claim 11 wherein the selection unit comprises:
    - a plurality of multiplexers having selection driven by an exception vector of an incoming event.
  - 13. The computer system of claim 11 wherein the first set of control registers comprises:
    - a global descriptor table register;
      
      an interrupt description table register; and
      
      a page table map base address register.

15. A non-transitory processor readable medium comprising instructions that when executed, cause a machine to:
- maintain a first page table map for use in an isolated execution mode and a second page table map for use in a normal execution mode;
  
  restrict access to an isolated area of memory to bus cycles performed in the isolated execution mode by a processor operating in the isolation execution mode, the isolated area of memory having an associated audit log to contain hash values representing information that has been successfully loaded into the isolated area of memory, the audit log to further act as a fingerprint that identifies the information loaded into the isolated area of memory, the audit log to further prove current status of the isolated execution mode;
  
  dynamically swap between the first page table map and the second page table map responsive to a change in execution mode;
  
  identify if an event is one of a class of events to be handled in the isolated execution mode;
  
  assert a selection signal to select the first page table map if the event is identified as one of the class of events to be handled in the isolated execution mode;
  
  handle the event using a table map selected by the selection signal;
  
  determine if a current mode is the isolated execution mode;
  
  load a set of control registers with values corresponding to the first page table map if the current mode is not the isolated execution mode and the event is one of the class; and
  
  dispatch an exception vector after the load is complete.
- View Dependent Claims (16, 17, 18)
- - 16. The processor readable medium of claim 15 wherein the instructions that when executed, further cause the machine to:
    - identify if the event is one of a class of events to be handled in the isolated execution mode;
      
      handle the event using the first page table map if the event is identified as one of the class of events to be handled in the isolated execution mode; and
      
      wherein identifying comprises indexing into a lookup table with a exception vector of the event.
  - 17. The processor readable medium of claim 15 wherein the instructions that when executed to dynamically swap, cause the machine to:
    - load a set of control registers selected based on an exception vector of the event.
  - 18. The processor readable medium of claim 17 wherein the set of control registers comprises:
    - a global descriptor table register;
      
      an interrupt descriptor table register; and
      
      a page table map base address register.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Bigbee, Bryant, Smith, Lawrence O., McKeen, Francis X., Chaffin, Benjamin Crawford, Cornaby, Michael P.
Primary Examiner(s)
Lanier; Benjamin E

Application Number

US09/672,368
Time in Patent Office

3,631 Days
Field of Search

712/229, 380/205, 380/207, 711/164, 711/208, 711/209, 711/163, 710/200, 710/22, 709/400, 709/210, 707/8, 718/107, 719/318, 713/1, 713/187, 713/189
US Class Current

713/189
CPC Class Codes

G06F 12/145   the protection being virtua...

G06F 12/1491   in a hierarchical protectio...

G06F 21/52   during program execution, e...

G06F 21/53   by executing in a restricte...

G06F 21/74   operating in dual or compar...

Mechanism to handle events in a machine with isolated execution

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

166 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Mechanism to handle events in a machine with isolated execution

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

166 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links