Methods, apparatus, and systems for secure demand paging and other paging operations for processor devices
First Claim
1. A secure demand paging system comprisinga processor;
- a cryptographic accelerator;
a hash accelerator; and
a secure memory coupled to said processor and coupled to transfer the same secure memory data to the cryptographic accelerator and the hash accelerator in parallel, the hashing accelerator operable to securely deliver a hash result directly to said processor, wherein the cryptographic accelerator is operable to encrypt the hash result upon completion of the parallel transfer of the data.
0 Assignments
0 Petitions
Accused Products
Abstract
A secure demand paging system includes a processor operable for executing instructions, an internal memory for a first page in a first virtual machine context, an external memory for a second page in a second virtual machine context, and a security circuit coupled to the processor and to the internal memory for maintaining the first page secure in the internal memory. The processor is operable to execute sets of instructions representing: a central controller, an abort handler coupled to supply to the central controller at least one signal representing a page fault by an instruction in the processor, a scavenger responsive to the central controller and operable to identify the first page as a page to free, a virtual machine context switcher responsive to the central controller to change from the first virtual machine context to the second virtual machine context; and a swapper manager operable to swap in the second page from the external memory with decryption and integrity check, to the internal memory in place of the first page.
-
Citations
56 Claims
-
1. A secure demand paging system comprising
a processor; -
a cryptographic accelerator; a hash accelerator; and a secure memory coupled to said processor and coupled to transfer the same secure memory data to the cryptographic accelerator and the hash accelerator in parallel, the hashing accelerator operable to securely deliver a hash result directly to said processor, wherein the cryptographic accelerator is operable to encrypt the hash result upon completion of the parallel transfer of the data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A secure demand paging system comprising
a processor; -
a cryptographic accelerator; a hash accelerator; a secure memory coupled to said processor and coupled to transfer the same secure memory data to the cryptographic accelerator and the hash accelerator in parallel, the hashing accelerator operable to securely deliver a hash result directly to said processor; and a DMA (direct memory access) circuit operable to couple said secure memory to said cryptographic accelerator for encryption and to said hash accelerator, wherein said DMA circuit is coupled to activate said cryptographic accelerator and said hash accelerator by said DMA circuit itself.
-
-
14. A secure demand paging system comprising
a processor; -
a cryptographic accelerator; a hash accelerator; a secure memory coupled to said processor and coupled to transfer the same secure memory data to the cryptographic accelerator and the hash accelerator in parallel, the hashing accelerator operable to securely deliver a hash result directly to said processor; a DMA (direct memory access) circuit operable to couple a decryption stream from said cryptographic accelerator concurrently to said secure memory and to said hash accelerator; and an external volatile memory and wherein said DMA circuit is operable to couple said external volatile memory to said cryptographic accelerator for decryption.
-
-
15. A secure demand paging system comprising
a processor; -
a cryptographic accelerator; a hash accelerator, wherein said hash accelerator supplies an interrupt request, and said processor is responsive to the interrupt request to read the hash result directly from the hashing accelerator; and a secure memory coupled to said processor and coupled to transfer the same secure memory data to the cryptographic accelerator and the hash accelerator in parallel, the hashing accelerator operable to securely deliver a hash result directly to said processor.
-
-
16. A secure demand paging system comprising
a processor; -
a cryptographic accelerator; a hash accelerator; a secure memory coupled to said processor and coupled to transfer the same secure memory data to the cryptographic accelerator and the hash accelerator in parallel, the hashing accelerator operable to securely deliver a hash result directly to said processor; and an external volatile memory coupled to said secure memory to receive pages from said secure memory hashed by said hash accelerator and encrypted by said cryptographic accelerator.
-
-
17. A secure demand paging system comprising
a processor; -
a cryptographic accelerator; a hash accelerator; and a secure memory coupled to said processor and coupled to transfer the same secure memory data to the cryptographic accelerator and the hash accelerator in parallel, the hashing accelerator operable to securely deliver a hash result directly to said processor; and an external memory coupled to said secure memory to feed pages from said external memory to said secure memory, the pages decrypted by said cryptographic accelerator and hash-checked by said hash accelerator in parallel.
-
-
18. A secure demand paging system comprising
a processor; -
a cryptographic accelerator; a hash accelerator; and a secure memory coupled to said processor and coupled to transfer the same secure memory data to the cryptographic accelerator and the hash accelerator in parallel, the hashing accelerator operable to securely deliver a hash result directly to said processor; and a source of rotating cryptographic keys coupled to said cryptographic accelerator.
-
-
19. A secure demand paging system comprising
a processor; -
a cryptographic accelerator; a hash accelerator; and a secure memory coupled to said processor and coupled to transfer the same secure memory data to the cryptographic accelerator and the hash accelerator in parallel, the hashing accelerator operable to securely deliver a hash result directly to said processor; and a source of rotating cryptographic keys coupled to said hash accelerator.
-
-
20. A method of secure demand paging in a system comprising:
-
a processor; a cryptographic accelerator; a hash accelerator; and a secure memory including data, said method comprising; transferring the same secure memory data to the cryptographic accelerator and to the hash accelerator in parallel; and delivering a hash result from said hash accelerator to said processor; and encrypting said hash result. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A method of secure demand paging in a system comprising:
-
a processor; a cryptographic accelerator; a hash accelerator; a secure memory including data, said method comprising; transferring the same secure memory data to the cryptographic accelerator and to the hash accelerator in parallel; delivering a hash result from said hash accelerator to said processor; and wherein said system comprises a direct memory access (DMA) circuit, and wherein said method further comprises the step of coupling said secure memory to said cryptographic accelerator and to said hash accelerator through said DMA circuit; and performing a scatter/gather operation with said DMA circuit subsequent to performing virtual to physical lookups. - View Dependent Claims (31, 32)
-
-
33. A method of secure demand paging in a system comprising:
-
a processor; a cryptographic accelerator; a hash accelerator; and a secure memory including data, said method comprising; transferring the same secure memory data to the cryptographic accelerator and to the hash accelerator in parallel; and delivering a hash result from said hash accelerator to said processor; and reading said hash result from said hashing accelerator in response from an interrupt request from said hash accelerator to said processor.
-
-
34. A method of secure demand paging in a system comprising:
-
a processor; a cryptographic accelerator; a hash accelerator; and a secure memory including data, said method comprising; transferring the same secure memory data to the cryptographic accelerator and to the hash accelerator in parallel; delivering a hash result from said hash accelerator to said processor; and a volatile memory coupled to said secure memory, said method further comprising the step of hashing and encrypting pages from said secure memory and sending the results to said volatile memory.
-
-
35. A method of secure demand paging in a system comprising:
-
a processor; a cryptographic accelerator; a hash accelerator; and a secure memory including data, said method comprising; transferring the same secure memory data to the cryptographic accelerator and to the hash accelerator in parallel; delivering a hash result from said hash accelerator to said processor; and a second memory coupled to said secure memory, wherein said method further comprises the step of decrypting and hash-checking pages transferred from said second memory to said secure memory in parallel.
-
-
36. A method of secure demand paging in a system comprising:
-
a processor; a cryptographic accelerator; a hash accelerator; and a secure memory including data, said method comprising; transferring the same secure memory data to the cryptographic accelerator and to the hash accelerator in parallel; delivering a hash result from said hash accelerator to said processor; and supplying said cryptographic accelerator with a rotating source of cryptographic keys.
-
-
37. A method of secure demand paging in a system comprising:
-
a processor; a cryptographic accelerator; a hash accelerator; and a secure memory including data, said method comprising; transferring the same secure memory data to the cryptographic accelerator and to the hash accelerator in parallel; delivering a hash result from said hash accelerator to said processor; and supplying said hash accelerator with a rotating source of cryptographic keys.
-
-
38. A communications apparatus, comprising:
-
an antenna; a receiver and a transmitter coupled to said antenna; a processor coupled to the receiver and transmitter, said processor having a cryptographic accelerator and a hash accelerator; a secure memory coupled to said processor and coupled to transfer the same secure memory data to the cryptographic accelerator and the hash accelerator in parallel, the hashing accelerator operable to securely deliver a hash result directly to said processor; a DMA circuit coupled to activate said cryptographic accelerator and said hash accelerator by said DMA circuit itself; and a user interface coupled to the processor. - View Dependent Claims (39, 40, 41, 42, 43, 44, 45)
-
-
46. A communications apparatus, comprising:
-
an antenna; a receiver and a transmitter coupled to said antenna; a processor coupled to the receiver and transmitter, said processor having a cryptographic accelerator and a hash accelerator; a secure memory coupled to said processor and coupled to transfer the same secure memory data to the cryptographic accelerator and the hash accelerator in parallel, the hashing accelerator operable to securely deliver a hash result directly to said processor, wherein the hash accelerator is further operable to perform a key hash before said transfer in parallel, and wherein the cryptographic accelerator is operable to encrypt the has result upon completion of the parallel transfer of the data; and a user interface coupled to the processor. - View Dependent Claims (47, 48, 49, 50)
-
-
51. A communications apparatus, comprising:
-
an antenna; a receiver and a transmitter coupled to said antenna; a processor coupled to the receiver and transmitter, said processor having a cryptographic accelerator and a hash accelerator; a secure memory coupled to said processor and coupled to transfer the same secure memory data to the cryptographic accelerator and the hash accelerator in parallel, the hashing accelerator operable to securely deliver a hash result directly to said processor, wherein the hash accelerator is further operable to perform a hash on identification information before said transfer in parallel; a DMA (direct memory access) circuit operable to couple a decryption stream from said cryptographic accelerator concurrently to said secure memory and to said hash accelerator; an external volatile memory and wherein said DMA circuit is operable to couple said external volatile memory to said cryptographic accelerator for decryption; and a user interface coupled to the processor.
-
-
52. A communications apparatus, comprising;
-
an antenna; a receiver and a transmitter coupled to said antenna; a processor coupled to the receiver and transmitter, said processor having a cryptographic accelerator and a hash accelerator; a secure memory coupled to said processor and coupled to transfer the same secure memory data to the cryptographic accelerator and the hash accelerator in parallel, the hashing accelerator operable to securely deliver a hash result directly to said processor, wherein the hash accelerator is further operable to perform a hash on identification information before said transfer in parallel, wherein said hash accelerator supplies an interrupt request, and said processor is responsive to the interrupt request to read the hash result directly from the hashing accelerator; and a user interface coupled to the processor.
-
-
53. A communications apparatus, comprising:
-
an antenna; a receiver and a transmitter coupled to said antenna; a processor coupled to the receiver and transmitter, said processor having a cryptographic accelerator and a hash accelerator; a secure memory coupled to said processor and coupled to transfer the same secure memory data to the cryptographic accelerator and the hash accelerator in parallel, the hashing accelerator operable to securely deliver a hash result directly to said processor, wherein the hash accelerator is further operable to perform a hash on identification information before said transfer in parallel; an external volatile memory coupled to said secure memory to receive pages from said secure memory hashed by said hash accelerator and encrypted by said cryptographic accelerator; and a user interface coupled to the processor.
-
-
54. A communications apparatus, comprising:
-
an antenna; a receiver and a transmitter coupled to said antenna; a processor coupled to the receiver and transmitter, said processor having a cryptographic accelerator and a hash accelerator; a secure memory coupled to said processor and coupled to transfer the same secure memory data to the cryptographic accelerator and the hash accelerator in parallel, the hashing accelerator operable to securely deliver a hash result directly to said processor, wherein the hash accelerator is further operable to perform a hash on identification information before said transfer in parallel; an external memory coupled to said secure memory to feed pages from said external memory to said secure memory, the pages decrypted by said cryptographic accelerator and hash-checked by said hash accelerator in parallel; and a user interface coupled to the processor.
-
-
55. A communications apparatus, comprising:
-
an antenna; a receiver and a transmitter coupled to said antenna; a processor coupled to the receiver and transmitter, said processor having a cryptographic accelerator and a hash accelerator; a secure memory coupled to said processor and coupled to transfer the same secure memory data to the cryptographic accelerator and the hash accelerator in parallel, the hashing accelerator operable to securely deliver a hash result directly to said processor, wherein the hash accelerator is further operable to perform a hash on identification information before said transfer in parallel; a source of rotating cryptographic keys coupled to said cryptographic accelerator; and a user interface coupled to the processor.
-
-
56. A communications apparatus, comprising:
-
an antenna; a receiver and a transmitter coupled to said antenna; a processor coupled to the receiver and transmitter, said processor having a cryptographic accelerator and a hash accelerator; a secure memory coupled to said processor and coupled to transfer the same secure memory data to the cryptographic accelerator and the hash accelerator in parallel, the hashing accelerator operable to securely deliver a hash result directly to said processor, wherein the hash accelerator is further operable to perform a hash on identification information before said transfer in parallel; a source of rotating cryptographic keys coupled to said hash accelerator; and a user interface coupled to the processor.
-
Specification