Microprocessor that facilitates task switching between encrypted and unencrypted programs

US 8,683,225 B2
Filed: 04/21/2011
Issued: 03/25/2014
Est. Priority Date: 05/25/2010
Status: Active Grant

First Claim

Patent Images

1. A microprocessor, comprising:

an architected register, having a bit; and

a fetch unit;

wherein the microprocessor is configured to save a value of the bit, in response to receiving a request to interrupt a currently executing program, wherein the bit indicates whether the currently executing program is encrypted or unencrypted;

wherein the microprocessor is further configured to restore the saved value to the bit and to resume fetching the interrupted program as the currently executing program, in response to executing a return from interrupt instruction;

wherein if the restored value of the bit is set, the microprocessor is configured to restore decryption key values associated with the currently executing program, prior to resuming fetching the interrupted program, and to decrypt fetched instructions thereof using the restored decryption key values;

wherein to restore the decryption key values, the microprocessor is configured to load the decryption key values from a storage element to a register file, wherein the storage element is configured to store decryption key values associated with each of a plurality of encrypted programs;

wherein if the restored value of the bit is clear, the microprocessor is configured to refrain from decrypting the fetched instructions of the currently executing program.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A microprocessor includes an architected register having a bit (may be x86 EFLAGS register reserved bit) set by the microprocessor. A fetch unit fetches encrypted instructions from an instruction cache and decrypts them (via XOR) prior to executing them, in response to the microprocessor setting the bit. The microprocessor saves the bit value to a stack in memory and then clears the bit in response to receiving an interrupt. The fetch unit fetches unencrypted instructions from the instruction cache and executes them without decrypting them after the microprocessor clears the bit. The microprocessor restores the saved value from the stack in memory to the bit in the architected register (and in one embodiment, also restores decryption key values) in response to executing a return from interrupt instruction. The fetch unit resumes fetching and decrypting the encrypted instructions in response to determining that the restored value of the bit is set.

Citations

10 Claims

1. A microprocessor, comprising:
- an architected register, having a bit; and
  
  a fetch unit;
  
  wherein the microprocessor is configured to save a value of the bit, in response to receiving a request to interrupt a currently executing program, wherein the bit indicates whether the currently executing program is encrypted or unencrypted;
  
  wherein the microprocessor is further configured to restore the saved value to the bit and to resume fetching the interrupted program as the currently executing program, in response to executing a return from interrupt instruction;
  
  wherein if the restored value of the bit is set, the microprocessor is configured to restore decryption key values associated with the currently executing program, prior to resuming fetching the interrupted program, and to decrypt fetched instructions thereof using the restored decryption key values;
  
  wherein to restore the decryption key values, the microprocessor is configured to load the decryption key values from a storage element to a register file, wherein the storage element is configured to store decryption key values associated with each of a plurality of encrypted programs;
  
  wherein if the restored value of the bit is clear, the microprocessor is configured to refrain from decrypting the fetched instructions of the currently executing program.
- View Dependent Claims (2, 3, 5)
- - 2. The microprocessor of claim 1, wherein the bit is a bit in a x86 architecture EFLAGS register.
  - 3. The microprocessor of claim 1, wherein the microprocessor is configured to save the value of the bit to a stack in memory, wherein the microprocessor is configured to restore the saved value from the stack in memory to the bit.
  - 5. The microprocessor of claim 1, wherein the microprocessor is further configured to execute system software that receives a request to run a new encrypted program and, if insufficient free space in the storage element exists to store decryption key values for the new encrypted program, waits to run the new encrypted program until sufficient free space in the storage element exists.

4. A microprocessor, comprising:
- an architected register, having a bit; and
  
  a fetch unit;
  
  wherein the microprocessor is configured to save a value of the bit, in response to receiving a request to interrupt a currently executing program, wherein the bit indicates whether the currently executing program is encrypted or unencrypted;
  
  wherein the microprocessor is further configured to restore the saved value to the bit and to resume fetching the interrupted program as the currently executing program, in response to executing a return from interrupt instruction;
  
  wherein if the restored value of the bit is set, the microprocessor is configured to restore decryption key values associated with the currently executing program, prior to resuming fetching the interrupted program, and to decrypt fetched instructions thereof using the restored decryption key values;
  
  wherein if the restored value of the bit is clear, the microprocessor is configured to refrain from restoring decryption key values and from decrypting the fetched instructions of the currently executing program;
  
  wherein to decrypt the fetched instructions using the restored decryption key values the microprocessor is configured to perform a Boolean exclusive-OR (XOR) operation of the fetched instructions with a decryption key derived from the decryption key values; and
  
  wherein to refrain from decrypting the fetched instructions the microprocessor is configured to perform a Boolean exclusive-OR (XOR) operation of the fetched instructions with zeroes.

6. A method for operating a microprocessor, the method comprising:
- saving a value of a bit of the microprocessor, in response to receiving a request to interrupt a currently executing program, wherein the bit indicates whether the currently executing program is encrypted or unencrypted;
  
  in response to executing a return from interrupt instruction, restoring the saved value to the bit and resuming fetching the interrupted program as the currently executing program;
  
  if the restored value of the bit is set, restoring decryption key values associated with the currently executing program, prior to said resuming fetching the interrupted program, and decrypting fetched instructions thereof using the restored decryption key values;
  
  wherein said restoring decryption key values comprises loading the decryption key values from a storage element to a register file, wherein the storage element is configured to store decryption key values associated with each of a plurality of encrypted programs; and
  
  if the restored value of the bit is clear, refraining from decrypting the fetched instructions of the currently executing program.
- View Dependent Claims (7, 8, 9)
- - 7. The method of claim 6, wherein the bit is a bit in a x86 architecture EFLAGS register.
  - 8. The method of claim 6, wherein said saving the value of the bit comprises saving the value of the bit to a stack in memory, wherein said restoring the saved value to the bit comprises restoring the saved value from the stack in memory to the bit.
  - 9. The method of claim 6, further comprising:
    - receiving a request to run a new encrypted program; and
      
      if insufficient free space in the storage element exists to store decryption key values for the new encrypted program, waiting to run the new encrypted program until sufficient free space in the storage element exists.

10. A method for operating a microprocessor, the method comprising:
- saving a value of a bit of the microprocessor, in response to receiving a request to interrupt a currently executing program wherein the bit indicates whether the currently executing program is encrypted or unencrypted;
  
  in response to executing a return from interrupt instruction, restoring the saved value to the bit and resuming fetching the interrupted program as the currently executing program;
  
  if the restored value of the bit is set, restoring decryption key values associated with the currently executing program, prior to said resuming fetching the interrupted program, and decrypting fetched instructions thereof using the restored decryption key values;
  
  if the restored value of the bit is clear, refraining from restoring decryption key values and from decrypting the fetched instructions of the currently executing program;
  
  wherein said decrypting the fetched instructions using the restored decryption key values comprises performing a Boolean exclusive-OR (XOR) operation of the fetched instructions with a decryption key derived from the decryption key values; and
  
  wherein said refraining from decrypting the fetched instructions comprises performing a Boolean exclusive-OR (XOR) operation of the fetched instructions with zeroes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
VIA Technologies Incorporated (VIA Technologies)
Original Assignee
VIA Technologies Incorporated (VIA Technologies)
Inventors
Henry, G. Glenn, Parks, Terry, Bean, Brent, Crispin, Thomas A.
Primary Examiner(s)
Rahman, Mahfuzur

Application Number

US13/091,698
Publication Number

US 20110296204A1
Time in Patent Office

1,069 Days
Field of Search

713/190
US Class Current

713/190
CPC Class Codes

G06F 12/0875   with dedicated cache, e.g. ...

G06F 21/52   during program execution, e...

G06F 21/54   by adding security routines...

G06F 21/602   Providing cryptographic fac...

G06F 21/71   to assure secure computing ...

G06F 21/72   in cryptographic circuits

G06F 2212/402   Encrypted data

G06F 2212/452   Instruction code

G06F 2221/2107   File encryption

G06F 9/30003   Arrangements for executing ...

G06F 9/30058   Conditional branch instruct...

G06F 9/30079   Pipeline control instructio...

G06F 9/30178   of compressed or encrypted ...

G06F 9/30189   according to execution mode...

H04L 2209/12   Details relating to cryptog...

H04L 2209/20   Manipulating the length of ...

H04L 9/0618   Block ciphers, i.e. encrypt...

H04L 9/0827   involving distinctive inter...

H04L 9/0861   Generation of secret inform...

H04L 9/0891   Revocation or update of sec...

H04L 9/0894 : Escrow, recovery or storing...

View All

Microprocessor that facilitates task switching between encrypted and unencrypted programs

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Microprocessor that facilitates task switching between encrypted and unencrypted programs

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links