Apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment

US 7,921,293 B2
Filed: 01/24/2006
Issued: 04/05/2011
Est. Priority Date: 11/01/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method for loading secure software within a multiprocessor system, comprising:

disregarding a load secure region instruction received from security initiation software if a currently active load secure region operation is detected, the load secure region instruction to indicate one or more memory regions loaded with software code selected by the security initiation software as the secure software;

otherwise, forming, according to the received load secure region instruction, a secure memory environment from the one or more memory regions including the software code, such that unauthorized read/write access to the one or more memory regions is prohibited to secure the software code to form the secure software; and

storing, within a digest information repository, a cryptographic hash value of the one or more protected memory regions as a secure software identification value, to enable establishment of security verification of the secure software within the secure memory environment.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment are described. The method includes disregarding a received load secure region instruction when a currently active load secure region operation is detected. Otherwise, a memory protection element is directed, in response to the received load secure region instruction, to form a secure memory environment. Once directed, unauthorized read/write access to one or more protected memory regions are prohibited. Finally, a cryptographic hash value of the one or more protected memory regions is stored within a digest information repository as a secure software identification value. Once stored, outside agents may request access to a digitally signed software identification value to establish security verification of secure software within the secure memory environment.

220 Citations

18 Claims

1. A method for loading secure software within a multiprocessor system, comprising:
- disregarding a load secure region instruction received from security initiation software if a currently active load secure region operation is detected, the load secure region instruction to indicate one or more memory regions loaded with software code selected by the security initiation software as the secure software;
  
  otherwise, forming, according to the received load secure region instruction, a secure memory environment from the one or more memory regions including the software code, such that unauthorized read/write access to the one or more memory regions is prohibited to secure the software code to form the secure software; and
  
  storing, within a digest information repository, a cryptographic hash value of the one or more protected memory regions as a secure software identification value, to enable establishment of security verification of the secure software within the secure memory environment.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein disregarding comprises:
    - verifying that the security initiation software possesses a sufficient privilege level to issue the load secure region instruction;
      
      once verified, determining whether a currently active load secure region operation exclusivity mutex exists;
      
      when a currently active load secure region operation exclusivity mutex is detected, disregarding the received load secure region instruction request; and
      
      otherwise establishing a load secure region instruction exclusivity mutex.
  - 3. The method of claim 1, wherein disregarding further comprises:
    - determining the one or more memory regions from the received load secure region instruction request; and
      
      providing a request, including parameters of the one or more protected memory regions, to a memory protection element, such that the memory protection element establishes the secure memory environment requested by the load secure region operation according to the load secure region instruction.
  - 4. The method of claim 1, wherein storing further comprises:
    - hashing contents of the secure memory environment to generate a cryptographic hash identification value as the secure software identification value for the software code contained within the secure memory environment;
      
      storing the secure software identification value within the digest information repository; and
      
      releasing a load operation exclusivity mutex.
  - 5. The method of claim 1, comprising:
    - receiving a security authentication request from an outside agent;
      
      accessing, via a secure channel, a secure software identification value;
      
      digitally signing the software identification value; and
      
      transmitting the digitally signed secure software identification value to the outside agent, such that the outside agent may examine a component state of the secure software within the secure memory environment and decide whether to trust the secure software.
  - 6. The method of claim 1, further comprising:
    - resetting, in response to a secure reset request, one or more processors within the multiprocessor system, the secure reset request issued following completion of a load secure region operation; and
      
      enabling processor read/write access to the one or more memory regions of the secure memory environment formed in accordance with the load secure region instruction request to establish the secure memory environment.
  - 7. The method of claim 6, wherein resetting comprises:
    - issuing, to a system chipset platform, a processor reset command; and
      
      issuing, by the chipset platform, a reset request to each of the one or more processors.
  - 8. The method of claim 7, wherein issuing comprises:
    - performing a data write to an input/output port address; and
      
      decoding, by the chipset platform, the data write to detect a processor reset command.
  - 9. The method of claim 6, wherein re-enabling comprises:
    - committing data within a digest information repository to indicate a currently active reset command;
      
      causing each of the processors coupled to the system to enter a known privilege state; and
      
      directing a memory protection element to re-enable processor read/write access to the secure memory environment.
  - 10. The method of claim 9, wherein causing comprises:
    - setting data storage elements within the one or more processors to one of the constant values stored in/generated by the processor and values derived from parameters specified by security initiation software at issuance of the load secure region instruction.

11. A system comprises:
- a memory controller including a memory protection element coupled to the memory controller, the memory protection element to block unauthorized memory access to one or more protected memory regions;
  
  an I/O controller coupled to the memory controller including a non-volatile memory to store security initiation software, the security initiation software to load one or more memory regions with software code selected as secure software and to issue a load secure region instruction;
  
  a plurality of processors, each coupled to the memory controller, a processor from the plurality of processors to direct, in accordance with a load secure region operation corresponding to the issued load secure region instruction, the memory protection element to form a secure memory environment from the one or more memory regions including the software code as the one or more protected memory regions to secure the software code to form the secure software;
  
  a verification unit coupled to the I/O controller and including a digest information repository to store a secure software identification value for the secure software and to provide security verification of the secure software to an outside agent, wherein the verification unit comprises;
  
  a digest signing engine to digitally sign the secure software identification value and to transmit the digitally signed secure software identification value to the outside agent, such that the outside agent may examine a component state of the secure software within the secure memory environment and decide whether to trust the secure software.
- View Dependent Claims (12, 13)
- - 12. The system of claim 11, wherein the security initiation software is to issue a secure reset request to each of the plurality of processors, the secure reset request issued following completion of the load secure region instruction request and to re-enable processor read/write access to the one or more protected memory regions of the secure memory environment formed in accordance with the load secure region operation to establish a secure environment.
  - 13. The system of claim 11, comprising:
    - a memory hashing engine to generate a hash value according to the secure memory environment as the secure software identification value.

14. An article of manufacture including a machine accessible storage medium having stored thereon instructions which, when executed by a machine, cause the machine to perform a method comprising:
- disregarding a load secure region instruction received from security initiation software if a currently active load secure region operation is detected;
  
  otherwise, forming, according to the load secure region instruction received from the security initiation software, a secure memory environment from one or more memory regions loaded with software code selected by the security initiation software, such that unauthorized read/write access to the one or more memory regions is prohibited to secure the software code to form secure software; and
  
  storing, within a digest information repository, a cryptographic hash value of the one or more protected memory regions as a secure software identification value, to enable establishment of security verification of the secure software within the secure memory environment.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The article of manufacture of claim 14, the method further performing:
    - verifying that the security initiation software possesses a sufficient privilege level to issue the load secure region instruction;
      
      once verified, determining whether a currently active load secure region operation exclusivity mutex exists;
      
      when a currently active load secure region operation exclusivity mutex is detected, disregarding the received load secure region instruction request; and
      
      otherwise establishing a load secure region instruction exclusivity mutex.
  - 16. The article of manufacture of claim 14, the method further performing:
    - receiving a security authentication request from an outside agent;
      
      accessing, via a secure channel, a secure software identification value;
      
      digitally signing the software identification value; and
      
      transmitting the digitally signed secure software identification value to the outside agent, such that the outside agent may examine a component state of the secure software within the secure memory environment and decide whether to trust the secure software.
  - 17. The article of manufacture of claim 14, the method further performing:
    - resetting, in response to a secure reset request, one or more processors within the multiprocessor system, the secure reset request issued following completion of a load secure region operation; and
      
      enabling processor read/write access to the one or more memory regions of the secure memory environment formed in accordance with the load secure region instruction request to establish the secure memory environment.
  - 18. The article of manufacture of claim 17, the method further performing:
    - committing data within a digest information repository to indicate a currently active reset command;
      
      causing each of the processors coupled to the system to enter a known privilege state; and
      
      directing a memory protection element to re-enable processor read/write access to the secure memory environment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
George, Robert, Kozuch, Michael A., Sutton, James A. II, Smith, Lawrence O. III, Glew, Andy, Burgess, Bradley G., Neiger, Gilbert, Uhlig, Richard A., Hall, Clifford D., Poisner, David I., Grawrock, David
Primary Examiner(s)
Dinh; Minh

Application Number

US11/340,181
Publication Number

US 20070192577A1
Time in Patent Office

1,897 Days
Field of Search

713/165, 713/168, 713/189, 713/193, 713/200, 713/201
US Class Current

713/176
CPC Class Codes

G06F 21/57 Certifying or maintaining t...

Apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

220 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

220 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others