Microprocessor having a secure execution mode with provisions for monitoring, indicating, and managing security levels
First Claim
1. An apparatus providing for a secure execution environment, comprising:
- a microprocessor, that executes non-secure application programs and a secure application program, wherein said non-secure application programs are accessed from a system memory via a system bus, and wherein said secure application program is executed in a secure execution mode, said microprocessor comprising;
a watchdog manager, that monitors physical and operating environments of said microprocessor by noting and evaluating data communicated by a plurality of monitors, and that classifies said data to indicate a security level associated with execution of said secure application program, and that directs secure execution mode logic within said microprocessor to perform responsive actions in accordance with said security level, wherein said plurality of monitors operates independently of execution of said secure application program; and
a secure non-volatile memory, coupled to said microprocessor via a private bus, that stores said secure application program, wherein said secure application program is encrypted in system memory according to an asymmetric cryptographic algorithm, and wherein, upon enablement of said secure execution mode, said microprocessor encrypts said secure application program according to a symmetric key algorithm and transfers said secure application program to said secure non-volatile memory over said private bus.
1 Assignment
0 Petitions
Accused Products
Abstract
An apparatus including a microprocessor and a secure non-volatile memory. The microprocessor executes non-secure application programs and a secure application program. The non-secure application programs are accessed from a system memory via a system bus, and the secure application program is executed in a secure execution mode. The microprocessor has a watchdog manager that monitors environments of the microprocessor by noting and evaluating data communicated by a plurality of monitors, and that classifies the data to indicate a security level associated with execution of the secure application program, and that directs secure execution mode logic to perform responsive actions in accordance with the security level. The secure non-volatile memory is coupled to the microprocessor via a private bus, and stores the secure application program. The secure application program is encrypted. Transactions over the private bus are isolated from the system bus and corresponding system bus resources within the microprocessor.
-
Citations
24 Claims
-
1. An apparatus providing for a secure execution environment, comprising:
-
a microprocessor, that executes non-secure application programs and a secure application program, wherein said non-secure application programs are accessed from a system memory via a system bus, and wherein said secure application program is executed in a secure execution mode, said microprocessor comprising; a watchdog manager, that monitors physical and operating environments of said microprocessor by noting and evaluating data communicated by a plurality of monitors, and that classifies said data to indicate a security level associated with execution of said secure application program, and that directs secure execution mode logic within said microprocessor to perform responsive actions in accordance with said security level, wherein said plurality of monitors operates independently of execution of said secure application program; and a secure non-volatile memory, coupled to said microprocessor via a private bus, that stores said secure application program, wherein said secure application program is encrypted in system memory according to an asymmetric cryptographic algorithm, and wherein, upon enablement of said secure execution mode, said microprocessor encrypts said secure application program according to a symmetric key algorithm and transfers said secure application program to said secure non-volatile memory over said private bus. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A microprocessor apparatus, for executing secure code within a secure execution environment, the microprocessor apparatus comprising:
-
a secure non-volatile memory, that stores a secure application program, wherein said secure application program is encrypted in a system memory according to an asymmetric cryptographic algorithm; and a microprocessor, coupled to said secure non-volatile memory via a private bus, that executes non-secure application programs and said secure application program, wherein said secure application program is executed in a secure execution mode, and wherein, upon enablement of said secure execution mode, said microprocessor encrypts said secure application program according to a symmetric key algorithm and transfers said secure application program to said secure non-volatile memory over said private bus, said microprocessor comprising; a watchdog manager, that monitors physical and operating environments of said microprocessor by noting and evaluating data communicated by a plurality of monitors, and configured to classify said data to indicate a security level associated with execution of said secure application program, and that directs secure execution mode logic within said microprocessor to perform responsive actions in accordance with said security level, wherein said plurality of monitors operates independently of execution of said secure application program. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A method for executing secure code within a secure execution environment, the method comprising:
-
accessing the secure code in a system memory, wherein the secure code is encrypted according to an asymmetric cryptographic algorithm; providing a secure non-volatile memory for storage of the secure code; upon enablement of a secure execution mode, encrypting the secure application code according to a symmetric key algorithm and transferring the secure application program to a secure non-volatile memory over a private bus that is coupled between the secure non-volatile memory and a microprocessor, wherein the private bus is isolated from all system bus resources within the microprocessor and external to the microprocessor, and wherein the private bus is observable and accessible exclusively by secure execution logic within the microprocessor; first monitoring physical and operating environments of the microprocessor by noting and evaluating data communicated by a plurality of monitors, wherein the plurality of monitors operates independently of execution of the secure code; classifying the data to indicate a security level associated with execution of the secure code; and performing responsive actions in accordance with the security level. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification