System and method for execution of a secured environment initialization instruction

US 9,361,121 B2
Filed: 03/24/2014
Issued: 06/07/2016
Est. Priority Date: 03/29/2002
Status: Expired due to Term

First Claim

Patent Images

1. A secure computing system having logic for initiating a secure processing environment comprising:

a processor to execute a first secure module to initialize the secure processing environment by establishing a root of trust usable to ensure that subsequent operations can be trusted;

a chipset having bus message security logic to monitor secure bus transactions associated with the first secure module and thereby verify that the first secure module and root of trust are secure; and

a secure virtual machine monitor (SVMM) module loaded in response to the first secure module after the root of trust has been established, the SVMM module preventing direct access to hardware resources from one or more untrusted operating systems, kernels, or applications.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for initiating secure operations in a microprocessor system is described. In one embodiment, one initiating logical processor initiates the process by halting the execution of the other logical processors, and then loading initialization and secure virtual machine monitor software into memory. The initiating processor then loads the initialization software into secure memory for authentication and execution. The initialization software then authenticates and registers the secure virtual machine monitor software prior to secure system operations.

239 Citations

9 Claims

1. A secure computing system having logic for initiating a secure processing environment comprising:
- a processor to execute a first secure module to initialize the secure processing environment by establishing a root of trust usable to ensure that subsequent operations can be trusted;
  
  a chipset having bus message security logic to monitor secure bus transactions associated with the first secure module and thereby verify that the first secure module and root of trust are secure; and
  
  a secure virtual machine monitor (SVMM) module loaded in response to the first secure module after the root of trust has been established, the SVMM module preventing direct access to hardware resources from one or more untrusted operating systems, kernels, or applications.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The secure computing system as in claim 1 wherein instructions or operations normally performed by the operating system, kernel, or applications are trapped by SVMM and selectively permitted, partially permitted, or rejected.
  - 3. The secure computing system as in claim 1 further comprising:
    - secure bus logic to monitor bus messages as the root of trust is established to ensure that the bus messages comply with a predefined security protocol.
  - 4. The secure computing system as in claim 1 further comprising:
    - a secure memory to contain the first secure module prior to and during execution of the first secure module.
  - 5. The secure computing system as in claim 4 further comprising:
    - secure load logic to load the first secure module prior to execution.
  - 6. The secure computing system of claim 4, wherein said secure memory includes a key for verifying the first secure module.
  - 7. The secure computing system of claim 6 further comprising:
    - secure validation logic to validate the first secure module with the key.
  - 8. The secure computing system as in claim 7 wherein the secure validation logic transfers execution control to the first secure module when validation completes.
  - 9. The processor of claim 1, wherein said first secure module transfers execution control to the SVMM module after the root of trust has been established.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tahoe Research Limited (f/k/a Learndale Limited) (Vector Capital Corporation)
Original Assignee
Intel Corporation
Inventors
Sutton, James A. II, Grawrock, David W.
Primary Examiner(s)
Smithers, Matthew

Application Number

US14/222,939
Publication Number

US 20140281467A1
Time in Patent Office

806 Days
Field of Search

726/26, 713/2, 713/164, 713/165, 713/166
US Class Current

1/1
CPC Class Codes

G01N 2223/076   X-ray fluorescence

G01N 23/223   by irradiating the sample w...

G01N 33/502   for testing non-proliferati...

G01N 33/6872   Intracellular protein regul...

G06F 12/0802   Addressing of a memory leve...

G06F 12/145   the protection being virtua...

G06F 12/1458   by checking the subject acc...

G06F 13/4282   on a serial bus, e.g. I2C b...

G06F 21/57   Certifying or maintaining t...

G06F 21/572   Secure firmware programming...

G06F 2212/1052   Security improvement

G06F 2212/60   Details of cache memory

G06F 2213/0026   PCI express

G06F 2221/033   Test or assess software

G06F 9/4403   Processor initialisation

G06F 9/44505   Configuring for program ini...

H04L 9/32   including means for verifyi...

H04L 9/3247   involving digital signatures

System and method for execution of a secured environment initialization instruction

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

239 Citations

9 Claims

Specification

Use Cases

Quick Links

Others

System and method for execution of a secured environment initialization instruction

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

239 Citations

9 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others