Processor with non-volatile mode enable register entering secure execution mode and encrypting secure program for storage in secure memory via private bus
First Claim
1. An apparatus providing for a secure execution mode of operation, comprising:
- a microprocessor, comprising a single integrated circuit disposed on a single die, configured to execute non-secure application programs and a secure application program, wherein said secure application program is executed exclusively within the secure execution mode within said microprocessor, and wherein said non-secure application programs are accessed from a system memory via a system bus, said microprocessor comprising;
a non-volatile enabled indicator register, configured indicate whether said microprocessor is within the secure execution mode or a non-secure execution mode, wherein contents of said non-volatile enabled indicator register persist through power removal and reapplication to said microprocessor; and
a secure non-volatile memory, coupled to said microprocessor via a private bus, configured to store said secure application program, wherein transactions over said private bus between said microprocessor and said secure non-volatile memory are isolated from said system bus and corresponding system bus resources within said microprocessor, and wherein, upon enablement of said secure execution mode, said microprocessor encrypts said secure application program and transfers said secure application program to said secure non-volatile memory over said bus.
1 Assignment
0 Petitions
Accused Products
Abstract
An apparatus including a microprocessor and a secure non-volatile memory. The microprocessor is a single integrated circuit disposed on a single die, and executes non-secure application programs and a secure application program. The secure application program is executed in a secure execution mode. The non-secure application programs are accessed from a system memory via a system bus. The microprocessor has a non-volatile enabled indicator register that is configured indicate whether the microprocessor is within the secure execution mode or a non-secure execution mode, where contents of the non-volatile enabled indicator register persist through power removal and reapplication to the microprocessor. The secure non-volatile memory is coupled to the microprocessor via a private bus and is configured to store the secure application program, where transactions over the private bus between the microprocessor and the secure non-volatile memory are isolated from the system bus and corresponding system bus resources within the microprocessor.
96 Citations
21 Claims
-
1. An apparatus providing for a secure execution mode of operation, comprising:
-
a microprocessor, comprising a single integrated circuit disposed on a single die, configured to execute non-secure application programs and a secure application program, wherein said secure application program is executed exclusively within the secure execution mode within said microprocessor, and wherein said non-secure application programs are accessed from a system memory via a system bus, said microprocessor comprising; a non-volatile enabled indicator register, configured indicate whether said microprocessor is within the secure execution mode or a non-secure execution mode, wherein contents of said non-volatile enabled indicator register persist through power removal and reapplication to said microprocessor; and a secure non-volatile memory, coupled to said microprocessor via a private bus, configured to store said secure application program, wherein transactions over said private bus between said microprocessor and said secure non-volatile memory are isolated from said system bus and corresponding system bus resources within said microprocessor, and wherein, upon enablement of said secure execution mode, said microprocessor encrypts said secure application program and transfers said secure application program to said secure non-volatile memory over said bus. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A microprocessor apparatus, for executing secure code within a secure execution mode of operation, the microprocessor apparatus comprising:
-
a secure non-volatile memory, configured to store a secure application program, wherein said secure application program is encrypted and transferred over a private bus to said secure non-volatile memory; and a microprocessor, comprising a single integrated circuit disposed on a single die, coupled to said secure non-volatile memory via said private bus, configured to execute non-secure application programs and said secure application program, wherein said secure application program is executed exclusively within the secure execution mode, said microprocessor comprising; a bus interface unit, configured to accomplish system bus transactions over a system bus to access said non-secure applications in system memory; a secure non-volatile memory interface unit, configured to couple said microprocessor to said secure non-volatile memory via a private bus, wherein private bus transactions over said private bus to access said secure non-volatile memory are hidden from observation by system bus resources within said microprocessor and to any device coupled to said system bus; and a non-volatile enabled indicator register, configured indicate whether said microprocessor is within the secure execution mode or a non-secure execution mode, wherein contents of said non-volatile enabled indicator register persist through power removal and reapplication to said microprocessor. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A method for executing secure code within a secure execution mode of operation, the method comprising:
-
initializing the secure execution mode within a microprocessor for execution of the secure code, wherein the microprocessor comprises a single integrated circuit disposed on a single die; encrypting the secure code and transferring the secure code via private transactions over a private bus to a secure non-volatile memory for storage of the secure code; recording that the secure execution mode is enabled in a non-volatile enabled indicator register; and fetching the secure code from the secure non-volatile memory over the private bus for execution by the microprocessor; wherein the private bus is isolated from all system bus resources within the microprocessor and external to the microprocessor, and wherein the private bus is observable and accessible exclusively by secure execution logic within the microprocessor. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification