Microprocessor providing isolated timers and counters for execution of secure code
First Claim
1. An apparatus providing for a secure execution environment, comprising:
- an x86-compatible microprocessor, capable of executing all of the instructions in the x86 instruction set, and configured to execute non-secure application programs and a secure application program, wherein said non-secure application programs are accessed from a system memory via a system bus, and wherein said x86-compatible microprocessor is also configured to automatically transition to a degraded mode where BIOS instructions are allowed to execute in order to allow for user input and the display of messages, but the execution of more complicated software such as an operating system is not allowed, said x86-compatible microprocessor comprising;
a cryptographic unit, configured to encrypt said secure application program according to a symmetric key algorithm using a processor unique cryptographic key, wherein said processor unique cryptographic key can only be read by said cryptographic unit; and
a plurality of timers which are visible and accessible only by said secure application program when executing in a secure execution mode; and
a secure non-volatile memory, coupled to said x86-compatible microprocessor via a private bus, configured to store said secure application program in encrypted form, wherein transactions over said private bus between said x86-compatible microprocessor and said secure non-volatile memory are isolated from said system bus, said system memory, and corresponding system bus resources within said x86-compatible microprocessor.
1 Assignment
0 Petitions
Accused Products
Abstract
An apparatus providing for a secure execution environment is presented. The apparatus includes a microprocessor and a secure non-volatile memory. The a microprocessor is configured to execute non-secure application programs and a secure application program, where the non-secure application programs are accessed from a system memory via a system bus. The microprocessor has a plurality of timers which are visible and accessible only by the secure application program when executing in a secure execution mode. The secure non-volatile memory is coupled to the microprocessor via a private bus and is configured to store the secure application program in encrypted form. Transactions over the private bus between the microprocessor and the secure non-volatile memory are isolated from the system bus, the system memory, and corresponding system bus resources within the microprocessor.
134 Citations
23 Claims
-
1. An apparatus providing for a secure execution environment, comprising:
-
an x86-compatible microprocessor, capable of executing all of the instructions in the x86 instruction set, and configured to execute non-secure application programs and a secure application program, wherein said non-secure application programs are accessed from a system memory via a system bus, and wherein said x86-compatible microprocessor is also configured to automatically transition to a degraded mode where BIOS instructions are allowed to execute in order to allow for user input and the display of messages, but the execution of more complicated software such as an operating system is not allowed, said x86-compatible microprocessor comprising; a cryptographic unit, configured to encrypt said secure application program according to a symmetric key algorithm using a processor unique cryptographic key, wherein said processor unique cryptographic key can only be read by said cryptographic unit; and a plurality of timers which are visible and accessible only by said secure application program when executing in a secure execution mode; and a secure non-volatile memory, coupled to said x86-compatible microprocessor via a private bus, configured to store said secure application program in encrypted form, wherein transactions over said private bus between said x86-compatible microprocessor and said secure non-volatile memory are isolated from said system bus, said system memory, and corresponding system bus resources within said x86-compatible microprocessor. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A microprocessor apparatus, for executing secure code within a secure execution environment, the microprocessor apparatus comprising:
-
a secure non-volatile memory, configured to store a secure application program; and an x86-compatible microprocessor, capable of executing all of the instructions in the x86 instruction set, and configured to execute non-secure application programs and said secure application program, wherein said non-secure application programs are accessed from a system memory via a system bus, and wherein a cryptography unit in said x86-compatible microprocessor is employed to encrypt said secure application program according to a symmetric key algorithm using a processor unique cryptographic key, and wherein said processor unique cryptographic key can only be read by said cryptography unit, and wherein said secure application program in encrypted form is accessed from said secure non-volatile memory via a private bus, and wherein transactions over said private bus between said x86-compatible microprocessor and said secure non-volatile memory are isolated from said system bus and said system memory, and wherein said x86-compatible microprocessor is also configured to automatically transition to a degraded mode where BIOS instructions are allowed to execute in order to allow for user input and the display of messages, but the execution of more complicated software such as an operating system is not allowed, said x86-compatible microprocessor comprising; a plurality of timers which are visible and accessible only by said secure application program when executing in a secure execution mode. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. A method for executing secure code within a secure execution environment, the method comprising:
-
employing a cryptographic unit within an x86-compatible microprocessor to encrypt the secure code according to a symmetric key algorithm using a processor unique cryptographic key, wherein the processor unique cryptographic key can only be read by the cryptographic unit, and storing the secure code in encrypted form in a secure non-volatile memory, and wherein the x86-compatible microprocessor is capable of executing all of the instructions in the x86 instruction set, and wherein the x86-compatible microprocessor is also configured to automatically transition to a degraded mode where BIOS instructions are allowed to execute in order to allow for user input and the display of messages, but the execution of more complicated software such as an operating system is not allowed; fetching the secure code in encrypted form from the secure non-volatile memory over a private bus for execution by the x86-compatible microprocessor that is coupled to the secure non-volatile memory, wherein the private bus is isolated from a system memory that is employed to store and access non-secure code for execution by the x86-compatible microprocessor, and from all system bus resources within the x86-compatible microprocessor and external to the microprocessor, and wherein the private bus is observable and accessible exclusively by secure execution logic within the x86-compatible microprocessor; and first providing a plurality of timers within the x86-compatible microprocessor for access by the secure code executing in a secure execution mode, wherein the plurality of timers are only visible to the secure code when executing in the secure execution mode. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
-
Specification