Microprocessor having secure non-volatile storage access
First Claim
1. An apparatus providing for a secure execution environment, comprising:
- an x86-compatible microprocessor, capable of executing all of the instructions in the x86 instruction set, and configured to execute non-secure application programs and a secure application program, wherein said non-secure application programs are accessed from a system memory via a system bus, and wherein said x86-compatible microprocessor is also configured to automatically transition to a degraded mode where BIOS instructions are allowed to execute in order to allow for user input and the display of messages, but the execution of more complicated software such as an operating system is not allowed, said x86-compatible microprocessor comprising;
a cryptographic unit, configured to encrypt said secure application program according to a cryptographic algorithm using a processor unique cryptographic key; and
a processor key register, configured to store said processor unique cryptographic key, wherein said processor key register can only be read by said cryptographic unit; and
a secure non-volatile memory, coupled to said microprocessor via a private serial bus, configured to store said secure application program in encrypted form, wherein transactions over said private serial bus between said x86-compatible microprocessor and said secure non-volatile memory are isolated from said system bus and corresponding system bus resources within said x86-compatible microprocessor.
1 Assignment
0 Petitions
Accused Products
Abstract
An apparatus providing for a secure execution environment. The apparatus includes a microprocessor and a secure non-volatile memory. The microprocessor is configured to execute non-secure application programs and a secure application program, where the non-secure application programs are accessed from a system memory via a system bus. The secure non-volatile memory is coupled to the microprocessor via a private bus. The secure non-volatile memory is configured to store the secure application program, where transactions over the private bus between the microprocessor and the secure non-volatile memory are isolated from the system bus and corresponding system bus resources within the microprocessor.
150 Citations
22 Claims
-
1. An apparatus providing for a secure execution environment, comprising:
-
an x86-compatible microprocessor, capable of executing all of the instructions in the x86 instruction set, and configured to execute non-secure application programs and a secure application program, wherein said non-secure application programs are accessed from a system memory via a system bus, and wherein said x86-compatible microprocessor is also configured to automatically transition to a degraded mode where BIOS instructions are allowed to execute in order to allow for user input and the display of messages, but the execution of more complicated software such as an operating system is not allowed, said x86-compatible microprocessor comprising; a cryptographic unit, configured to encrypt said secure application program according to a cryptographic algorithm using a processor unique cryptographic key; and a processor key register, configured to store said processor unique cryptographic key, wherein said processor key register can only be read by said cryptographic unit; and a secure non-volatile memory, coupled to said microprocessor via a private serial bus, configured to store said secure application program in encrypted form, wherein transactions over said private serial bus between said x86-compatible microprocessor and said secure non-volatile memory are isolated from said system bus and corresponding system bus resources within said x86-compatible microprocessor. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A microprocessor apparatus, for executing secure code within a secure execution environment, the microprocessor apparatus comprising:
-
a secure non-volatile memory, configured to store a secure application program; and an x86-compatible microprocessor, capable of executing all of the instructions in the x86 instruction set, coupled to said secure non-volatile memory via a private serial bus, configured to execute non-secure application programs and said secure application program, wherein said secure application program is encrypted according to a cryptographic algorithm using a processor unique cryptographic key, and wherein said x86-compatible microprocessor is also configured to automatically transition to a degraded mode where BIOS instructions are allowed to execute in order to allow for user input and the display of messages, but the execution of more complicated software such as an operating system is not allowed, said x86-compatible microprocessor comprising; a cryptographic unit, configured to encrypt said secure application program; and a processor key register, configured to store said processor unique cryptographic key, wherein said processor key register can only be read by said cryptographic unit; a bus interface unit, configured to accomplish system bus transactions over a system bus to access said non-secure applications in system memory; and a secure non-volatile memory interface unit, configured to couple said x86-compatible microprocessor to said secure non-volatile memory via a private serial bus, wherein private serial bus transactions over said private serial bus to access said secure non-volatile memory are hidden from observation by system bus resources within said x86-compatible microprocessor and to any device coupled to said system bus. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. A method for executing secure code within a secure execution environment, the method comprising:
-
providing a secure non-volatile memory for storage of the secure code; encrypting the secure code according to a cryptographic algorithm using a processor unique cryptographic key, wherein the processor unique cryptographic key can be accessed only by cryptographic logic disposed within an x86-compatible microprocessor, and wherein the x86-compatible microprocessor is capable of executing all of the instructions in the x86 instruction set, and wherein said x86-compatible microprocessor is also configured to automatically transition to a degraded mode where BIOS instructions are allowed to execute in order to allow for user input and the display of messages, but the execution of more complicated software such as an operating system is not allowed; employing the x86-compatible microprocessor to store the secure code within the secure non-volatile memory via private transactions accomplished over a private serial bus that is coupled to the secure non-volatile memory; and fetching the secure code from the secure non-volatile memory over the private serial bus for execution by the x86-compatible microprocessor; wherein the private serial bus is isolated from all system bus resources within the x86-compatible microprocessor and external to the x86-compatible microprocessor, and wherein the private serial bus is observable and accessible exclusively by secure execution logic within the x86-compatible microprocessor. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
Specification