Switch key instruction in a microprocessor that fetches and decrypts encrypted instructions
First Claim
1. A microprocessor that includes a pipeline comprising:
- an instruction cache;
a fetch unit, configured to fetch a sequence of blocks of encrypted instructions of an encrypted program from the instruction cache at a corresponding sequence of fetch address values, wherein while fetching each block of the sequence the fetch unit is further configured to generate a decryption key as a function of key values in the fetch unit and a portion of the corresponding fetch address value, wherein for each fetched block of the sequence the fetch unit is further configured to decrypt the encrypted instructions in the fetched block using the generated decryption key;
an execution unit that follows the fetch unit; and
a switch key instruction, configured to instruct the microprocessor to update the key values in the fetch unit while the fetch unit is fetching the sequence of blocks from the instruction cache;
wherein the fetch unit fetches a first encrypted instruction and decrypts it using a first key value;
the execution unit replaces the first key value with a second key value in response to executing the switch key instruction; and
the fetch unit fetches a second encrypted instruction and decrypts it using the second key value.
1 Assignment
0 Petitions
Accused Products
Abstract
A fetch unit fetches a sequence of blocks of encrypted instructions of an encrypted program from an instruction cache at a corresponding sequence of fetch address values. While fetching each block of the sequence, the fetch unit generates a decryption key as a function of key values and the corresponding fetch address value, and decrypts the encrypted instructions using the generated decryption key by XORing them together. A switch key instruction instructs the microprocessor to update the key values in the fetch unit while the fetch unit is fetching the sequence of blocks. The fetch unit inherently provides an effective decryption key length that depends upon the function and amount of key values used. Including one or more switch key instructions within the encrypted program increases the effective decryption key length up to the encrypted program length.
-
Citations
20 Claims
-
1. A microprocessor that includes a pipeline comprising:
-
an instruction cache; a fetch unit, configured to fetch a sequence of blocks of encrypted instructions of an encrypted program from the instruction cache at a corresponding sequence of fetch address values, wherein while fetching each block of the sequence the fetch unit is further configured to generate a decryption key as a function of key values in the fetch unit and a portion of the corresponding fetch address value, wherein for each fetched block of the sequence the fetch unit is further configured to decrypt the encrypted instructions in the fetched block using the generated decryption key; an execution unit that follows the fetch unit; and a switch key instruction, configured to instruct the microprocessor to update the key values in the fetch unit while the fetch unit is fetching the sequence of blocks from the instruction cache; wherein the fetch unit fetches a first encrypted instruction and decrypts it using a first key value;
the execution unit replaces the first key value with a second key value in response to executing the switch key instruction; and
the fetch unit fetches a second encrypted instruction and decrypts it using the second key value. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A microprocessor comprising:
-
an instruction cache; a fetch unit, configured to fetch a sequence of blocks of encrypted instructions of an encrypted program from the instruction cache at a corresponding sequence of fetch address values, wherein while fetching each block of the sequence the fetch unit is further configured to generate a decryption key as a function of key values in the fetch unit and a portion of the corresponding fetch address value, wherein for each fetched block of the sequence the fetch unit is further configured to decrypt the encrypted instructions in the fetched block using the generated decryption key; and a switch key instruction, configured to instruct the microprocessor to update the key values in the fetch unit while the fetch unit is fetching the sequence of blocks from the instruction cache; wherein the fetch unit inherently provides an effective decryption key length used to decrypt the encrypted program, wherein the effective decryption key length depends upon how many key values are available in the fetch unit and the function used to generate decryption keys used by the fetch unit to decrypt each block of the sequence, wherein the update of the key values in the fetch unit by one or more switch key instructions within the encrypted program increases the effective decryption key length beyond the inherently provided effective decryption key length. - View Dependent Claims (8)
-
-
9. A microprocessor comprising:
-
an instruction cache; a fetch unit, configured to fetch sequence of blocks encrypted instructions of an encrypted program from the instruction cache at a corresponding sequence of fetch address values, wherein while fetching each block of the sequence the fetch unit is further configured to generate a decryption key as a function of key values in the fetch unit and a portion of the corresponding fetch address value, wherein for each fetched block of the sequence the fetch unit is further configured to decrypt the encrypted instructions in the fetched block using the generated decryption key; and a register file, configured to store a plurality of sets of key values; and a switch key instruction, configured to instruct the microprocessor to update the key values in the fetch unit while the fetch unit is fetching the sequence of blocks from the instruction cache; wherein the switch key instruction specifies an index value that specifies a location of one of the plurality of sets of key values within the register file, wherein the microprocessor is configured to update the key values in the fetch unit used to generate the decryption key with the one of the plurality of sets of key values within the register file location specified by the index value specified by the switch key instruction.
-
-
10. A microprocessor-implemented method for securely operating a program in a microprocessor having an instruction cache, the method comprising:
-
fetching first encrypted instructions of the program from the instruction cache and decrypting them using a first decryption key value into first unencrypted instructions; replacing the first decryption key with a second decryption key, in response to executing a switch key instruction among the first unencrypted instructions; and fetching second encrypted instructions of the program from the instruction cache and decrypting them using the second decryption key value into second unencrypted instructions; wherein the program comprises a first chunk of sequential instructions immediately followed by a second chunk of sequential instructions, wherein the first chunk comprises the first encrypted instructions and the second chunk comprises the second encrypted instructions, wherein the first chuck is encrypted with the first decryption key and the second chunk is encrypted with the second decryption key, and wherein the switch key instruction is the last instruction in the first chunk. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A microprocessor-implemented method for securely operating an encrypted program in a microprocessor, the method comprising:
-
fetching a sequence of blocks of encrypted instructions of the encrypted program from an instruction cache at a corresponding sequence of fetch address values; while said fetching each block of the sequence, generating a decryption key as a function of key values and a portion of the corresponding fetch address value; for each fetched block of the sequence, decrypting the encrypted instructions in the fetched block using the generated decryption key; and executing a switch key instruction during said fetching the sequence of blocks, wherein said executing the switch key instruction comprises updating the key values used to perform said generating the decryption key; wherein the function of the key values and the portion of the corresponding fetch address value inherently provides an effective decryption key length used to decrypt the encrypted program, wherein the inherently provided effective decryption key length depends upon how many key values are available for generating the decryption key and the function used to generate the decryption keys, wherein updating the key values by one or more switch key instructions within the encrypted program increases the effective decryption key length beyond the inherently provided effective decryption key length. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification