Method and apparatus for loading a trustable operating system

US 8,386,788 B2
Filed: 11/10/2009
Issued: 02/26/2013
Est. Priority Date: 02/25/2002
Status: Expired due to Term

First Claim

Patent Images

1. A method of securing a region in a memory of a computer comprising:

causing all but one of a plurality of processing elements in a computer to enter into a special halted state as part of a join secure operation;

receiving a region parameter that identifies a region in a memory of the computer for use in trust measurement;

using a signed cryptographic hash of the identified region to verify whether content in the identified region can be trusted;

placing the non-halted processing element into a known privileged state; and

after the non-halted processing element has been placed into the known privileged state, generating a signal that causes the processing elements associated with the special halted state to exit the special halted state and resume activity, wherein each of the plurality of processing elements associated with the special halted state exits the special halted state as part of the join secure operation, in response to a signal from the non-halted processing element indicating that a start secure operation is complete, and wherein the join secure operation is performed atomically.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus is provided for securing a region in a memory of a computer. According to one embodiment, the method comprises halting of all but one of a plurality of processors in a computer. The halted processors entering into a special halted state. Content is loaded into the region only after the halting of all but the one of the plurality of processors and the region is protected from access by the halted processors. The method further comprises placing the non-halted processor into a known privileged state, and causing the halted processors to exit the halted state after the non-halted processor has been placed into the known privileged state.

265 Citations

30 Claims

1. A method of securing a region in a memory of a computer comprising:
- causing all but one of a plurality of processing elements in a computer to enter into a special halted state as part of a join secure operation;
  
  receiving a region parameter that identifies a region in a memory of the computer for use in trust measurement;
  
  using a signed cryptographic hash of the identified region to verify whether content in the identified region can be trusted;
  
  placing the non-halted processing element into a known privileged state; and
  
  after the non-halted processing element has been placed into the known privileged state, generating a signal that causes the processing elements associated with the special halted state to exit the special halted state and resume activity, wherein each of the plurality of processing elements associated with the special halted state exits the special halted state as part of the join secure operation, in response to a signal from the non-halted processing element indicating that a start secure operation is complete, and wherein the join secure operation is performed atomically.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 further comprising:
    - causing the non-halted processing element to jump to a known entry point in the identified region in the memory.
  - 3. The method of claim 1 further comprising:
    - causing at least one of the processing elements associated with the special halted state to jump to a known entry point in the identified region in the memory upon exiting the special halted state; and
      
      wherein the signal that causes the processing elements associated with the special halted state to resume activity comprises a signal indicating that the non-halted processing element has completed initialization of trustable software.
  - 4. The method of claim 1 wherein the region parameter specifies a location of the region to be used for trust measurement.
  - 5. The method of claim 4 whereinthe location comprises a range of addresses in the memory of the computer within which the region is located.
  - 6. The method of claim 4 whereinthe location comprises a start address and a length of the memory of the computer within which the region is located.
  - 7. The method of claim 1 wherein the content is a component of an operating system to operate the computer.
  - 8. The method of claim 7 whereinthe component of the operating system is one item from the group consisting of a virtual machine monitor and a privileged software nucleus.
  - 9. The method of claim 1 further comprising:
    - blocking access to the identified region of the memory for a duration of time even after the processing elements associated with the special halted state have entered the special halted state when the plurality of processing elements are implemented within a computer system that supports direct memory access (DMA).
  - 10. The method of claim 1 wherein:
    - the all but one of the plurality of processing elements enter into the special halted state in response to the join secure operation;
      
      the operation of generating a signal that causes the processing elements associated with the special halted state to exit the special halted state and resume activity is performed by a start secure operation; and
      
      the start secure operation is executed atomically with the join secure operation.

11. An apparatus comprising:
- a plurality of processing elements; and
  
  a memory comprising instructions to execute on the plurality of processing elements, wherein the instructions, when executed, cause the plurality of processing elements to perform operations comprising;
  
  causing all but one of the plurality of processing elements to enter into a special halted state as part of a join secure operation;
  
  receiving a region parameter that identifies a region in the memory for use in trust measurement;
  
  using a signed cryptographic hash of the identified region to verify whether content in the identified region can be trusted;
  
  placing the non-halted processing element into a known privileged state; and
  
  after the non-halted processing element has been placed into the known privileged state, generating a signal that causes the processing elements associated with the special halted state to exit the special halted state and resume activity, wherein each of the plurality of processing elements associated with the special halted state exits the special halted state as part of the join secure operation, in response to a signal from the non-halted processing element indicating that a start secure operation is complete, and wherein the join secure operation is performed atomically.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The apparatus of claim 11 wherein the instructions further cause the non-halted processing element to perform operations comprising:
    - jumping to a known entry point in the identified region in the memory.
  - 13. The apparatus of claim 11 wherein the instructions further cause the plurality of processing elements to perform operations comprising:
    - causing at least one of the processing elements associated with the special halted state to jump to a known entry point in the identified region in the memory upon exiting the special halted state; and
      
      wherein the signal that causes the processing elements associated with the special halted state to resume activity comprises a signal indicating that the non-halted processing element has completed initialization of trustable software.
  - 14. The apparatus of claim 11 wherein the region parameter specifies a location of the region to be used for trust measurement.
  - 15. The apparatus of claim 14 wherein the location comprises a range of addresses in the memory.
  - 16. The apparatus of claim 14 wherein the location comprises a start address and a length of the memory.
  - 17. The apparatus of claim 11 wherein the content is a component of an operating system.
  - 18. The apparatus of claim 17 wherein the component of the operating system is one item from the group consisting of a virtual machine monitor and a privileged software nucleus.
  - 19. The apparatus of claim 11 wherein the instructions further cause the plurality of processing elements to perform operations comprising:
    - blocking access to the identified region of the memory for a duration of time even after the processing elements associated with the special halted state have entered the special halted state when the plurality of processing elements are implemented within a computer system that supports direct memory access (DMA).
  - 20. The apparatus of claim 11 wherein:
    - the all but one of the plurality of processing elements enter into the special halted state in response to the join secure operation;
      
      the operation of generating a signal that causes the processing elements associated with the special halted state to exit the special halted state and resume activity is performed by a start secure operation; and
      
      the start secure operation is executed atomically with the join secure operation.

21. A computer program product comprising:
- a non-transitory computer-readable storage medium; and
  
  instructions in the non-transitory computer-readable storage medium, wherein the instructions, when executed in a computer, cause the computer to perform operations comprising;
  
  causing all but one of a plurality of processing elements in the computer to enter into a special halted state as part of a join secure operation;
  
  receiving a region parameter that identifies a region in a memory of the computer for use in trust measurement;
  
  using a signed cryptographic hash of the identified region to verify whether content in the identified region can be trusted;
  
  placing the non-halted processing element into a known privileged state; and
  
  after the non-halted processing element has been placed into the known privileged state, generating a signal that causes the processing elements associated with the special halted state to exit the special halted state and resume activity, wherein each of the plurality of processing elements associated with the special halted state exits the special halted state as part of the join secure operation, in response to a signal from the non-halted processing element indicating that a start secure operation is complete, and wherein the join secure operation is performed atomically.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 22. The computer program product of claim 21 wherein the instructions further cause the computer to perform operations comprising:
    - causing the non-halted processing element to jump to a known entry point in the identified region in the memory.
  - 23. The computer program product of claim 21 wherein the instructions further cause the computer to perform operations comprising:
    - causing at least one of the processing elements associated with the special halted state to jump to a known entry point in the region in the memory upon exiting the special halted state; and
      
      wherein the signal that causes the processing elements associated with the special halted state to resume activity comprises a signal indicating that the non-halted processing element has completed initialization of trustable software.
  - 24. The computer program product of claim 21 wherein the region parameter specifies a location of the region to be used for trust measurement.
  - 25. The computer program product of claim 24 wherein the location comprises a range of addresses in the memory of the computer within which the region is located.
  - 26. The computer program product of claim 24 wherein the location comprises a start address and a length of the memory of the computer within which the region is located.
  - 27. The computer program product of claim 21 wherein the content is a component of an operating system to operate the computer.
  - 28. The computer program product of claim 27 wherein the component of the operating system is one item from the group consisting of a virtual machine monitor and a privileged software nucleus.
  - 29. The computer program product of claim 21 wherein the instructions further cause the computer to perform operations comprising:
    - blocking access to the identified region of the memory for a duration of time even after the processing elements associated with the special halted state have entered the special halted state when the plurality of processing elements are implemented within a computer system that supports direct memory access (DMA).
  - 30. The computer program product of claim 21 wherein:
    - the all but one of the plurality of processing elements enter into the special halted state in response to the join secure operation;
      
      the operation of generating a signal that causes the processing elements associated with the special halted state to exit the special halted state and resume activity is performed by a start secure operation; and
      
      the start secure operation is executed atomically with the join secure operation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tahoe Research Limited (f/k/a Learndale Limited) (Vector Capital Corporation)
Original Assignee
Intel Corporation
Inventors
Kozuch, Michael A., Sutton, James A. II, Grawrock, David
Primary Examiner(s)
Gee, Jason

Application Number

US12/615,475
Publication Number

US 20100058075A1
Time in Patent Office

1,204 Days
Field of Search

713/176
US Class Current

713/176
CPC Class Codes

G06F 2009/45583   Memory management, e.g. acc...

G06F 2009/45587   Isolation or security of vi...

G06F 21/57   Certifying or maintaining t...

G06F 21/575   Secure boot

G06F 9/445   Program loading or initiati...

G06F 9/45533   Hypervisors; Virtual machin...

Method and apparatus for loading a trustable operating system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

265 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for loading a trustable operating system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

265 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links