Processor with non-volatile mode enable register entering secure execution mode and encrypting secure program for storage in secure memory via private bus

US 8,209,763 B2
Filed: 10/31/2008
Issued: 06/26/2012
Est. Priority Date: 05/24/2008
Status: Active Grant

First Claim

Patent Images

1. An apparatus providing for a secure execution mode of operation, comprising:

a microprocessor, comprising a single integrated circuit disposed on a single die, configured to execute non-secure application programs and a secure application program, wherein said secure application program is executed exclusively within the secure execution mode within said microprocessor, and wherein said non-secure application programs are accessed from a system memory via a system bus, said microprocessor comprising;

a non-volatile enabled indicator register, configured indicate whether said microprocessor is within the secure execution mode or a non-secure execution mode, wherein contents of said non-volatile enabled indicator register persist through power removal and reapplication to said microprocessor; and

a secure non-volatile memory, coupled to said microprocessor via a private bus, configured to store said secure application program, wherein transactions over said private bus between said microprocessor and said secure non-volatile memory are isolated from said system bus and corresponding system bus resources within said microprocessor, and wherein, upon enablement of said secure execution mode, said microprocessor encrypts said secure application program and transfers said secure application program to said secure non-volatile memory over said bus.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus including a microprocessor and a secure non-volatile memory. The microprocessor is a single integrated circuit disposed on a single die, and executes non-secure application programs and a secure application program. The secure application program is executed in a secure execution mode. The non-secure application programs are accessed from a system memory via a system bus. The microprocessor has a non-volatile enabled indicator register that is configured indicate whether the microprocessor is within the secure execution mode or a non-secure execution mode, where contents of the non-volatile enabled indicator register persist through power removal and reapplication to the microprocessor. The secure non-volatile memory is coupled to the microprocessor via a private bus and is configured to store the secure application program, where transactions over the private bus between the microprocessor and the secure non-volatile memory are isolated from the system bus and corresponding system bus resources within the microprocessor.

96 Citations

View as Search Results

21 Claims

1. An apparatus providing for a secure execution mode of operation, comprising:
- a microprocessor, comprising a single integrated circuit disposed on a single die, configured to execute non-secure application programs and a secure application program, wherein said secure application program is executed exclusively within the secure execution mode within said microprocessor, and wherein said non-secure application programs are accessed from a system memory via a system bus, said microprocessor comprising;
  
  a non-volatile enabled indicator register, configured indicate whether said microprocessor is within the secure execution mode or a non-secure execution mode, wherein contents of said non-volatile enabled indicator register persist through power removal and reapplication to said microprocessor; and
  
  a secure non-volatile memory, coupled to said microprocessor via a private bus, configured to store said secure application program, wherein transactions over said private bus between said microprocessor and said secure non-volatile memory are isolated from said system bus and corresponding system bus resources within said microprocessor, and wherein, upon enablement of said secure execution mode, said microprocessor encrypts said secure application program and transfers said secure application program to said secure non-volatile memory over said bus.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The apparatus as recited in claim 1, wherein secure execution mode logic within said microprocessor performs a first write to said non-volatile enabled indicator register upon entry into the secure execution mode to indicate that said microprocessor is within the secure execution mode.
  - 3. The apparatus as recited in claim 2, wherein the secure execution mode logic performs a second write to said non-volatile enabled indicator register upon exit from the secure execution mode to indicate that sad microprocessor is within said non-secure execution mode.
  - 4. The apparatus as recited in claim 1, wherein said non-volatile enabled indicator register comprises a plurality of fuses disposed within said microprocessor.
  - 5. The apparatus as recited in claim 4, wherein the number of times that said microprocessor can transition between the secure execution mode and said non-secure execution mode corresponds to the number of said plurality of fuses.
  - 6. The apparatus as recited in claim 1, wherein, following a write to said non-volatile enabled indicator to indicate that said microprocessor is within the secure execution mode, secure execution mode logic within said microprocessor directs said microprocessor to perform a reset operation.
  - 7. The apparatus as recited in claim 1, wherein secure execution mode logic within said microprocessor evaluates contents of said non-volatile enabled register upon a request to return from the secure execution mode to said non-secure execution mode to determine whether return to said non-secure execution mode is supported, and wherein the secure execution mode is maintained if said non-secure execution mode is unsupported.

8. A microprocessor apparatus, for executing secure code within a secure execution mode of operation, the microprocessor apparatus comprising:
- a secure non-volatile memory, configured to store a secure application program, wherein said secure application program is encrypted and transferred over a private bus to said secure non-volatile memory; and
  
  a microprocessor, comprising a single integrated circuit disposed on a single die, coupled to said secure non-volatile memory via said private bus, configured to execute non-secure application programs and said secure application program, wherein said secure application program is executed exclusively within the secure execution mode, said microprocessor comprising;
  
  a bus interface unit, configured to accomplish system bus transactions over a system bus to access said non-secure applications in system memory;
  
  a secure non-volatile memory interface unit, configured to couple said microprocessor to said secure non-volatile memory via a private bus, wherein private bus transactions over said private bus to access said secure non-volatile memory are hidden from observation by system bus resources within said microprocessor and to any device coupled to said system bus; and
  
  a non-volatile enabled indicator register, configured indicate whether said microprocessor is within the secure execution mode or a non-secure execution mode, wherein contents of said non-volatile enabled indicator register persist through power removal and reapplication to said microprocessor.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The microprocessor apparatus as recited in claim 8, wherein secure execution mode logic within said microprocessor performs a first write to said non-volatile enabled indicator register upon entry into the secure execution mode to indicate that said microprocessor is within the secure execution mode.
  - 10. The microprocessor apparatus as recited in claim 9, wherein the secure execution mode logic performs a second write to said non-volatile enabled indicator register upon exit from the secure execution mode to indicate that sad microprocessor is within said non-secure execution mode.
  - 11. The microprocessor apparatus as recited in claim 8, wherein said non-volatile enabled indicator register comprises a plurality of fuses disposed within said microprocessor.
  - 12. The microprocessor apparatus as recited in claim 11, wherein the number of times that said microprocessor can transition between the secure execution mode and said non-secure execution mode corresponds to the number of said plurality of fuses.
  - 13. The microprocessor apparatus as recited in claim 8, wherein, following a write to said non-volatile enabled indicator to indicate that said microprocessor is within the secure execution mode, secure execution mode logic within said microprocessor directs said microprocessor to perform a reset operation.
  - 14. The microprocessor apparatus as recited in claim 8, wherein secure execution mode logic within said microprocessor evaluates contents of said non-volatile enabled register upon a request to return from the secure execution mode to said non-secure execution mode to determine whether return to said non-secure execution mode is supported, and wherein the secure execution mode is maintained if said non-secure execution mode is unsupported.

15. A method for executing secure code within a secure execution mode of operation, the method comprising:
- initializing the secure execution mode within a microprocessor for execution of the secure code, wherein the microprocessor comprises a single integrated circuit disposed on a single die;
  
  encrypting the secure code and transferring the secure code via private transactions over a private bus to a secure non-volatile memory for storage of the secure code;
  
  recording that the secure execution mode is enabled in a non-volatile enabled indicator register; and
  
  fetching the secure code from the secure non-volatile memory over the private bus for execution by the microprocessor;
  
  wherein the private bus is isolated from all system bus resources within the microprocessor and external to the microprocessor, and wherein the private bus is observable and accessible exclusively by secure execution logic within the microprocessor.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The method as recited in claim 15, wherein said recording comprises first writing to the non-volatile enabled indicator register upon entry into the secure execution mode to indicate that the microprocessor is within the secure execution mode.
  - 17. The method as recited in claim 16, wherein said recording comprises second writing to the non-volatile enabled indicator register upon exit from the secure execution mode to indicate that the microprocessor is within the non-secure execution mode.
  - 18. The method as recited in claim 15, wherein the non-volatile enabled indicator register comprises a plurality of fuses disposed within the microprocessor.
  - 19. The method as recited in claim 18, wherein the number of times that the microprocessor can transition between the secure execution mode and the non-secure execution mode corresponds to the number of the plurality of fuses.
  - 20. The method as recited in claim 15, wherein, following a write to the non-volatile enabled indicator to indicate that the microprocessor is within the secure execution mode, secure execution mode logic within the microprocessor directs the microprocessor to perform a reset operation.
  - 21. The method as recited in claim 15, wherein secure execution mode logic within the microprocessor evaluates contents of the non-volatile enabled register upon a request to return from the secure execution mode to the non-secure execution mode to determine whether return to the non-secure execution mode is supported, and wherein the secure execution mode is maintained if the non-secure execution mode is unsupported.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
VIA Technologies Incorporated (VIA Technologies)
Original Assignee
VIA Technologies Incorporated (VIA Technologies)
Inventors
Henry, G. Glenn, Parks, Terry
Primary Examiner(s)
Kim, Kenneth

Application Number

US12/263,221
Publication Number

US 20090292901A1
Time in Patent Office

1,334 Days
Field of Search

None
US Class Current

726/26
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/12   Protecting executable software

G06F 21/14   against software analysis o...

G06F 21/554   involving event detection a...

G06F 21/70   Protecting specific interna...

G06F 21/71   to assure secure computing ...

G06F 21/72   in cryptographic circuits

G06F 21/73   by creating or determining ...

G06F 21/74   operating in dual or compar...

G06F 21/82   Protecting input, output or...

Processor with non-volatile mode enable register entering secure execution mode and encrypting secure program for storage in secure memory via private bus

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

96 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Processor with non-volatile mode enable register entering secure execution mode and encrypting secure program for storage in secure memory via private bus

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

96 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links