Microprocessor that facilitates task switching between multiple encrypted programs having different associated decryption key values
First Claim
1. A microprocessor, comprising:
- a storage element, comprising a plurality of locations each configured to store decryption key data associated with an encrypted program;
a control register, comprising a field for specifying one of the plurality of locations of the storage element associated with a currently executing encrypted program, wherein the microprocessor is configured to restore from memory to the control register a previously saved value of the field in response to executing a return from interrupt instruction; and
a fetch unit, configured to fetch encrypted instructions of the currently executing encrypted program and to decrypt them using the decryption key data stored in the one of the plurality of locations of the storage element specified by the restored previously saved value of the field, wherein the fetch unit is configured to decrypt the fetched encrypted instructions by performing a Boolean exclusive-OR (XOR) operation of the fetched encrypted instructions with the decryption key data stored in the one of the plurality of locations of the storage element specified by the restored previously saved field value.
1 Assignment
0 Petitions
Accused Products
Abstract
A microprocessor includes a storage element having a plurality of locations each storing decryption key data associated with an encrypted program. A control register field (may be x86 EFLAGS register reserved field) specifies a storage element location associated with a currently executing encrypted program. The microprocessor restores from memory to the control register a previously saved value of the field in response to executing a return from interrupt instruction. A fetch unit fetches encrypted instructions of the currently executing encrypted program and decrypts them using the decryption key data stored the storage element location specified by the restored field value. A kill bit associated with each storage element location may be employed if the location is clobbered because more encrypted programs are multitasked than available locations in the storage element, in which case an exception is generated to re-load the clobbered decryption key data in response to the return from interrupt instruction.
-
Citations
29 Claims
-
1. A microprocessor, comprising:
-
a storage element, comprising a plurality of locations each configured to store decryption key data associated with an encrypted program; a control register, comprising a field for specifying one of the plurality of locations of the storage element associated with a currently executing encrypted program, wherein the microprocessor is configured to restore from memory to the control register a previously saved value of the field in response to executing a return from interrupt instruction; and a fetch unit, configured to fetch encrypted instructions of the currently executing encrypted program and to decrypt them using the decryption key data stored in the one of the plurality of locations of the storage element specified by the restored previously saved value of the field, wherein the fetch unit is configured to decrypt the fetched encrypted instructions by performing a Boolean exclusive-OR (XOR) operation of the fetched encrypted instructions with the decryption key data stored in the one of the plurality of locations of the storage element specified by the restored previously saved field value. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method for operating a microprocessor having a control register and a storage element comprising a plurality of locations each configured to store decryption key data associated with an encrypted program, the method comprising:
-
restoring from memory to a field of the control register a previously saved value of the field, in response to executing a return from interrupt instruction, wherein the previously saved value of the field specifies one of the plurality of locations of the storage element associated with a currently executing encrypted program; fetching encrypted instructions of the currently executing encrypted program; and decrypting the fetched encrypted instructions using the decryption key data stored in the one of the plurality of locations of the storage element specified by the restored previously saved value of the field, wherein said decrypting the fetched encrypted instructions comprises performing a Boolean exclusive-OR (XOR) operation of the fetched encrypted instructions with the decryption key data stored in the one of the plurality of locations of the storage element specified by the restored previously saved field value. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A computer program product encoded in at least one non-transitory computer readable storage medium for use with a computing device, the computer program product comprising:
computer readable program code embodied in said medium, for specifying a microprocessor, the computer readable program code comprising; first program code for specifying a storage element, comprising a plurality of locations each configured to store decryption key data associated with an encrypted program; second program code for specifying a control register, comprising a field for specifying one of the plurality of locations of the storage element associated with a currently executing encrypted program, wherein the microprocessor is configured to restore from memory to the control register a previously saved value of the field in response to executing a return from interrupt instruction; and third program code for specifying a fetch unit, configured to fetch encrypted instructions of the currently executing encrypted program and to decrypt them using the decryption key data stored in the one of the plurality of locations of the storage element specified by the restored previously saved value of the field, wherein the fetch unit is configured to decrypt the fetched encrypted instructions by performing a Boolean exclusive-OR (XOR) operation of the fetched encrypted instructions with the decryption key data stored in the one of the plurality of locations of the storage element specified by the restored previously saved field value. - View Dependent Claims (29)
Specification