System and method for execution of a secured environment initialization instruction

US 8,645,688 B2
Filed: 04/11/2012
Issued: 02/04/2014
Est. Priority Date: 03/29/2002
Status: Expired due to Term

First Claim

Patent Images

1. A processor comprising:

bus transaction logic to cause the processor to issue special bus transactions, only in response to a security instruction, to support initialization of a secure system environment,wherein the initialization includes verification of a secure virtual machine monitor and beginning of secure virtual machine monitor operations.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for initiating secure operations in a microprocessor system is described. In one embodiment, one initiating logical processor initiates the process by halting the execution of the other logical processors, and then loading initialization and secure virtual machine monitor software into memory. The initiating processor then loads the initialization software into secure memory for authentication and execution. The initialization software then authenticates and registers the secure virtual machine monitor software prior to secure system operations.

235 Citations

18 Claims

1. A processor comprising:
- bus transaction logic to cause the processor to issue special bus transactions, only in response to a security instruction, to support initialization of a secure system environment,wherein the initialization includes verification of a secure virtual machine monitor and beginning of secure virtual machine monitor operations.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The processor of claim 1, wherein the special bus transactions include a first special bus transaction to be responded to by responding logical processors with a non-maskable internal event.
  - 3. The processor of claim 2, wherein the responding logical processors are to terminate current operations, send an acknowledge special bus transaction, and enter a wait state in response to the first special bus transaction.
  - 4. The processor of claim 2, wherein the bus transaction logic is also to poll a flag to confirm that an other processor has properly responded to the first special bus transaction.
  - 5. The processor of claim 4, wherein the special bus transactions include a second special bus transaction to signal that secure operations are going to be initiated.
  - 6. The processor of claim 1, wherein the special bus transactions are to transfer information to support initialization of the secure system environment.
  - 7. The processor of claim 6, wherein the information includes a key.

8. A method comprising:
- executing, by a first processor, a security instruction, including issuing special bus transactions, only in response to the security instruction, to support initialization of a secure system environment,wherein the initialization includes verification of a secure virtual machine monitor and beginning of secure virtual machine monitor operations.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein the special bus transactions are to transfer information to support initialization of the secure system environment.
  - 10. The method of claim 9, wherein the information includes a key.
  - 11. The method of claim 8, wherein the special bus transactions include a first special bus transaction to be responded to by responding logical processors with a non-maskable internal event.
  - 12. The method of claim 11, wherein responding logical processors are to terminate current operations, send an acknowledge special bus transactions, and enter a wait state in response to the first special bus message.
  - 13. The method of claim 11, including polling a flag to confirm that an other processor has properly responded to the first special bus transaction.
  - 14. The method of claim 13, wherein the special bus transactions include a second special bus transaction to signal that secure operations are going to be initiated.

15. A system comprising:
- a first processor to, in response to a secure environment initialization instruction,issue special bus transactions, only in response to a security instruction, to support initialization of a secure system environment, wherein the initialization includes verification of a secure virtual machine monitor and beginning of secure virtual machine monitor operations; and
  
  a second processor to respond to a first special bus transaction by terminating current operations, sending an acknowledge special bus transaction, and entering a wait state.
- View Dependent Claims (16, 17)
- - 16. The system of claim 15, wherein the first processor is also to poll a flag to confirm that the second processor has properly responded to the first special bus transaction.
  - 17. The system of claim 15, wherein special bus transactions also include a second special bus transaction to signal that secure operations are going to be initiated.

18. A non-transitory machine-readable medium storing a security instruction that, when executed by a processor, causes the processor to:
- issue special bus transactions, only in response to the security instruction, to support initialization of a secure system environment,wherein the initialization includes verification of a secure virtual machine monitor and beginning of secure virtual machine monitor operations.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tahoe Research Limited (f/k/a Learndale Limited) (Vector Capital Corporation)
Original Assignee
Intel Corporation
Inventors
Sutton, James A. II, Grawrock, David W.
Primary Examiner(s)
Smithers, Matthew

Application Number

US13/444,450
Publication Number

US 20120216025A1
Time in Patent Office

664 Days
Field of Search

713/164, 713/165
US Class Current

713/165
CPC Class Codes

G01N 2223/076   X-ray fluorescence

G01N 23/223   by irradiating the sample w...

G01N 33/502   for testing non-proliferati...

G01N 33/6872   Intracellular protein regul...

G06F 12/0802   Addressing of a memory leve...

G06F 12/145   the protection being virtua...

G06F 12/1458   by checking the subject acc...

G06F 13/4282   on a serial bus, e.g. I2C b...

G06F 21/57   Certifying or maintaining t...

G06F 21/572   Secure firmware programming...

G06F 2212/1052   Security improvement

G06F 2212/60   Details of cache memory

G06F 2213/0026   PCI express

G06F 2221/033   Test or assess software

G06F 9/4403   Processor initialisation

G06F 9/44505   Configuring for program ini...

H04L 9/32   including means for verifyi...

H04L 9/3247   involving digital signatures

System and method for execution of a secured environment initialization instruction

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

235 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for execution of a secured environment initialization instruction

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

235 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links