Trusted processing location within a graphics processing unit

US 9,183,606 B1
Filed: 07/10/2013
Issued: 11/10/2015
Est. Priority Date: 07/10/2013
Status: Active Grant

First Claim

Patent Images

1. A method of extending trust from a trusted processor to a graphics processing unit to expand trusted processing in an electronic device, comprising:

inserting, from a trusted security zone of the electronic device, a trusted kernel into the graphics processing unit of the electronic device, wherein the trusted security zone comprises a secure subsystem that is not accessible to hardware and software components outside the secure subsystem, and wherein the graphics processing unit is outside of the secure subsystem;

monitoring, by the trusted kernel in the graphics processing unit, an activity level of the graphics processing unit;

suspending, via the trusted kernel in the graphics processing unit, graphics processing on at least a portion of the graphics processing unit based on the monitoring;

repurposing, via the trusted kernel, at least the portion of the graphics processing unit to perform trusted processing by bringing at least the portion of the graphics processing unit into the secure subsystem; and

releasing, by the trusted processor of the trusted security zone, at least the portion of the graphics processing unit from trusted processing in the secure subsystem.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of extending trust from a trusted processor to a graphics processing unit to expand trusted processing in an electronic device comprises inserting a trusted kernel into the graphics processing unit, monitoring the activity level of the graphics processing unit, suspending graphics processing on at least a portion of the graphics processing unit, repurposing a portion of the graphics processing unit to perform trusted processing, and releasing the portion of the graphics processing unit from trusted processing.

437 Citations

19 Claims

1. A method of extending trust from a trusted processor to a graphics processing unit to expand trusted processing in an electronic device, comprising:
- inserting, from a trusted security zone of the electronic device, a trusted kernel into the graphics processing unit of the electronic device, wherein the trusted security zone comprises a secure subsystem that is not accessible to hardware and software components outside the secure subsystem, and wherein the graphics processing unit is outside of the secure subsystem;
  
  monitoring, by the trusted kernel in the graphics processing unit, an activity level of the graphics processing unit;
  
  suspending, via the trusted kernel in the graphics processing unit, graphics processing on at least a portion of the graphics processing unit based on the monitoring;
  
  repurposing, via the trusted kernel, at least the portion of the graphics processing unit to perform trusted processing by bringing at least the portion of the graphics processing unit into the secure subsystem; and
  
  releasing, by the trusted processor of the trusted security zone, at least the portion of the graphics processing unit from trusted processing in the secure subsystem.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the repurposing comprises:
    - establishing trusted security zone control over the portion of the graphics processing unit; and
      
      configuring the portion of the graphics processing unit to perform tasks other than graphics processing.
  - 3. The method of claim 1, wherein at least one of the monitoring, the suspending, the repurposing, or the releasing is done via the trusted kernel.
  - 4. The method of claim 1, wherein the trusted kernel is inserted at the time of manufacture.
  - 5. The method of claim 1, wherein at least one of the suspending or the repurposing is done in response to a graphics processing activity level falling below a threshold.
  - 6. The method of claim 5, wherein the graphics processing activity level falling below the threshold corresponds with at least 10% of the graphics processing unit not processing graphics.

7. A computer-implemented method of increasing a trusted processing capacity of an electronic device, comprising:
- providing, in a trusted security zone of the electronic device on a trusted processor, a trusted kernel, wherein the trusted security zone comprises a secure subsystem;
  
  inserting, from the trusted security zone of the trusted processor, the trusted kernel into a graphics processing unit of the electronic device;
  
  determining, by the trusted kernel, that the graphics processing unit has processing resources available based on an activity level of the graphics processing unit;
  
  repurposing, via the trusted kernel, a portion of the graphics processing unit from a graphics processing state to a trusted processing state in response to determining that the graphics processing unit has processing resources available, wherein the graphics processing state is outside of the secure subsystem and the trusted processing state is within the secure subsystem; and
  
  returning, by the trusted kernel, the portion of the graphics processing unit to the graphics processing state in response to a trigger.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, wherein the graphics processing state is a state in which the graphics processing unit is functioning in a permissive sector on the electronic device, and wherein the permissive sector is outside of the secure subsystem.
  - 9. The method of claim 7, wherein the trusted kernel is inserted into the graphics processing unit in response to instructions from the trusted security zone of the electronic device.
  - 10. The method of claim 7, wherein the trigger is an indication of a demand for graphics processing outside of the secure subsystem of the trusted security zone.
  - 11. The method of claim 7, wherein the portion of the graphics processing unit that is repurposed is at least about 10% of the graphics processing unit.
  - 12. The method of claim 7, further comprising:
    - establishing communication between the trusted kernel inserted in the graphics processing unit and the trusted security zone of the electronic device.

13. A computer-implemented method of evaluating a graphics processing unit in an electronic device, comprising:
- performing, by a trusted security zone of the electronic device, a confidence check on at least one kernel of the graphics processing unit of the electronic device, wherein the graphics processing unit is outside of a secure subsystem of the trusted security zone;
  
  comparing a current state of the graphics processing unit with an uncompromised state of the graphics processing unit stored in the trusted security zone of the electronic device;
  
  evaluating the integrity of the graphics processing unit based on the comparing;
  
  inserting, from the trusted security zone of the electronic device, a trusted kernel into the graphics processing unit of the electronic device responsive to the evaluating;
  
  suspending, via the trusted kernel inserted in the graphics processing unit, graphics processing on at least a portion of the graphics processing unit; and
  
  repurposing at least the portion of the graphics processing unit to perform non-graphics processing related tasks within the secure subsystem via the graphics processing unit and the trusted kernel in response to the suspending.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The method of claim 13, wherein performing the confidence check comprises performing an error detection action, and wherein performing an error detection action comprises at least one of:
    - comparing a checksum value of the uncompromised state of the kernel with a checksum value of the current state of the kernel, comparing a bit count of the uncompromised state of the kernel with a bit count of the current state of the kernel, performing a cyclic redundancy check, performing a repetition code check, performing a horizontal redundancy check, performing a vertical redundancy check, checking information about a parity bit, checking a digital signature, or comparing a digest of a cryptographic hash function applied to the uncompromised state of the kernel with a digest of the current state of the kernel.
  - 15. The method of claim 13, wherein evaluating the integrity of the graphics processing unit comprises comparing a result of the confidence check to information about the uncompromised state of the kernel stored in the trusted security zone of the electronic device.
  - 16. The method of claim 15, wherein the uncompromised state of the graphics processing unit is a state in which the kernel is free from sniffers, malware, spyware, trojans, viruses, and nefarious programs.
  - 17. The method of claim 13, wherein the current state of the graphics processing unit is the state of the graphics processing unit at the time of the confidence check.
  - 18. The method of claim 13, further comprising allowing the graphics processing unit to continue to function normally in response to a result from the evaluating indicating that the graphics processing unit is uncompromised.
  - 19. The method of claim 13, further comprising initiating an attempt to return the graphics processing unit to the uncompromised state in response to a result from the evaluating indicating that the graphics processing unit has been compromised.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile Innovations LLC (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Paczkowski, Lyle W., Parsel, William M., Persson, Carl J., Schlesener, Matthew C.
Primary Examiner(s)
Crawford, Jacinta M

Application Number

US13/939,175
Time in Patent Office

853 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 21/84   output devices, e.g. displa...

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2149   Restricted operating enviro...

G06T 1/20   Processor architectures; Pr...

Trusted processing location within a graphics processing unit

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

437 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Trusted processing location within a graphics processing unit

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

437 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others