Secure processor and a program for a secure processor
First Claim
Patent Images
1. A secure processor, comprisingan instruction execution circuit configured to execute an execution code of a process in a memory;
- a secure process identifier generation circuit configured to generate a secure process identifier when an instruction to generate the process is issued;
a process information retention circuit configured to retain the secure process identifier and an authentication key for authentication of the execution code while the process is still present as information related to the process;
a translation look aside buffer including a page table entry of a page storing the execution code, the secure process identifier read from the process information retention circuit being set up in the page table entry when paging-in the execution code into the memory;
an authentication circuit configured to set a secure page flag in the page table entry when the execution code corresponding to the process is successfully authenticated using the authentication key, after the execution code corresponding to the process is stored in an unused page in the memory and the secure process identifier corresponding to an address of the unused page is stored in the page table entry; and
a memory access control circuit configured to compare the secure process identifier stored in the page table entry, in which the corresponding secure page flag is set, with the secure process identifier which is retained in the process information retention circuit, and to permit the instruction execution circuit to access the page in the memory where the execution code is stored and execute the execution code when the secure process identifier retained by the process information retention circuit matches the secure process identifier stored in the page table entry.
1 Assignment
0 Petitions
Accused Products
Abstract
The instruction code including an instruction code stored in the area where the encrypted instruction code is stored in a non-rewritable format is authenticated using a specific key which is specific to the core where the instruction code is executed or an authenticated key by a specific key to perform an encryption processing for the input and output data between the core and the outside.
64 Citations
14 Claims
-
1. A secure processor, comprising
an instruction execution circuit configured to execute an execution code of a process in a memory; -
a secure process identifier generation circuit configured to generate a secure process identifier when an instruction to generate the process is issued; a process information retention circuit configured to retain the secure process identifier and an authentication key for authentication of the execution code while the process is still present as information related to the process; a translation look aside buffer including a page table entry of a page storing the execution code, the secure process identifier read from the process information retention circuit being set up in the page table entry when paging-in the execution code into the memory; an authentication circuit configured to set a secure page flag in the page table entry when the execution code corresponding to the process is successfully authenticated using the authentication key, after the execution code corresponding to the process is stored in an unused page in the memory and the secure process identifier corresponding to an address of the unused page is stored in the page table entry; and a memory access control circuit configured to compare the secure process identifier stored in the page table entry, in which the corresponding secure page flag is set, with the secure process identifier which is retained in the process information retention circuit, and to permit the instruction execution circuit to access the page in the memory where the execution code is stored and execute the execution code when the secure process identifier retained by the process information retention circuit matches the secure process identifier stored in the page table entry. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A non-transitory computer readable storage medium used by a computer when paging-in an execution code into a memory, storing a program for causing the computer to execute the following operations:
-
generating a secure process identifier and retaining the secure process identifier by a process information retention circuit when an instruction to generate a process corresponding to the execution code is issued, prior to the execution of the process corresponding to the execution code; requesting a direct memory access mechanism in the computer to transfer a page storing the execution code in an unused page in a memory; setting up data regarding the page in a page table entry in a translation look aside buffer of the computer and storing the secure process identifier corresponding to an address of the unused page in the page table entry, after the page is transferred successfully; requesting hardware to perform authentication of the page and to set a secure page flag in the page table entry when the execution code corresponding to the process is successfully authenticated by using an authentication key after the execution code is stored in the unused page in the memory and the secure process identifier corresponding to an address of the unused page is stored in the page table entry; and comparing the secure process identifier retained by the process information retention circuit with the secure process identifier stored in the page table entry, in which the corresponding secure page flag is set, before an instruction execution circuit of the computer executes the execution code, and permitting the instruction execution circuit to execute the execution code when the secure process identifier retained by the process information retention circuit matches the secure process identifier stored in the page entry table.
-
-
14. A non-transitory computer readable storage medium used by a computer when a page including an execution code is authenticated, storing a program for causing the computer to execute the following operations:
-
performing a hash calculation for the page read into a main memory from a secondary memory storing the page and a first electronic signature, the first electronic signature corresponding to the page; decrypting a second electronic signature stored in a storage circuit of a processor of the computer, the second electronic signature corresponding to the first electronic signature, by using an authentication key generated with a specific key retained inside the processor; comparing the decryption result of the second electronic signature with the result of the hash calculation; and setting a secure page flag, indicating that authentication of the page is successful, in a page table entry within a translation look aside buffer in the computer when the decryption result of the second electronic signature matches the result of the hash calculation.
-
Specification