×

On-die cryptographic apparatus in a secure microprocessor

  • US 9,002,014 B2
  • Filed: 10/31/2008
  • Issued: 04/07/2015
  • Est. Priority Date: 05/24/2008
  • Status: Active Grant
First Claim
Patent Images

1. An apparatus providing for a secure execution environment, comprising:

  • a secure non-volatile memory, configured to store a secure application program, wherein said secure application program is encrypted according to a symmetric key algorithm; and

    a microprocessor, coupled to said secure non-volatile memory via a private bus and to a system memory via a system bus, configured to execute non-secure application programs and said secure application program, wherein said non-secure application programs are accessed from said system memory via said system bus, and wherein transactions over said private bus between said microprocessor and said secure non-volatile memory are isolated from said system bus and corresponding system bus resources within said microprocessor, said microprocessor comprising;

    a cryptographic unit, disposed within execution logic, configured to employ an authorized public key to decrypt an enable parameter according to an asymmetric key algorithm, said enable parameter having been encrypted according to said asymmetric key algorithm using a corresponding authorized private key, and configured to encrypt said secure application program for storage in said secure non-volatile memory, wherein said secure application program is encrypted in said system memory according to said asymmetric key algorithm, and wherein, upon enablement of a secure execution mode, said cryptographic unit is employed to decrypt said secure application program and to encrypt said secure application program according to said symmetric key algorithm and transfer said secure application program to said secure non-volatile memory over said private bus; and

    a processor key register, coupled to said cryptographic unit, configured to store a cryptographic key that is unique to said microprocessor, wherein said cryptographic key is programmed into said processor key register during fabrication of said microprocessor, and wherein said cryptographic key is employed to encrypt said secure application program for storage into said secure non-volatile memory, and wherein said processor key register can only be read by said cryptographic unit.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×