Techniques for implementing a secure mailbox in resource-constrained embedded systems
First Claim
1. An apparatus comprising:
- a hardware processor component comprising a portion of a chipset, the hardware processor component to execute a host operating system component comprising one or more application components;
a hardware co-processor component comprising a portion of the chipset separate from the hardware processor component to execute a trusted execution environment, the trusted execution environment to perform secure operations for at least one of the one or more application components of the host operating system component, the trusted execution environment to include;
a mailbox array component to store one or more mailbox components, each mailbox component being associated with a mailbox identification number, the mailbox identification number to include a mailbox index number comprising a number of bits m, the number of bits m based on a total number of mailbox components n within the mailbox array component, m and n comprising positive integers;
a mailbox firewall initialization component to allocate firewall record slots for each of the one or more mailbox components, each firewall record slot including a mailbox identification number and an application component address; and
a mailbox firewall component to facilitate communication between the at least one of the one or more application components of the host operating system component and at least one of the one or more mailbox components of the trusted execution environment.
1 Assignment
0 Petitions
Accused Products
Abstract
Various embodiments are generally directed to implementing a secure mailbox in resource-constrained embedded systems. An apparatus to establish communication with a trusted execution environment includes a processor component, a co-processor component for executing the trusted execution environment, a host operating system component for execution by the processor component and including one or more application components, a mailbox array component for execution by the co-processor to store one or more mailbox components, each mailbox component being associated with a mailbox identification number, and a mailbox firewall component for execution by the co-processor component to facilitate communication between the one or more application components and the one or more mailbox components. Other embodiments are described and claimed.
21 Citations
19 Claims
-
1. An apparatus comprising:
-
a hardware processor component comprising a portion of a chipset, the hardware processor component to execute a host operating system component comprising one or more application components; a hardware co-processor component comprising a portion of the chipset separate from the hardware processor component to execute a trusted execution environment, the trusted execution environment to perform secure operations for at least one of the one or more application components of the host operating system component, the trusted execution environment to include; a mailbox array component to store one or more mailbox components, each mailbox component being associated with a mailbox identification number, the mailbox identification number to include a mailbox index number comprising a number of bits m, the number of bits m based on a total number of mailbox components n within the mailbox array component, m and n comprising positive integers; a mailbox firewall initialization component to allocate firewall record slots for each of the one or more mailbox components, each firewall record slot including a mailbox identification number and an application component address; and a mailbox firewall component to facilitate communication between the at least one of the one or more application components of the host operating system component and at least one of the one or more mailbox components of the trusted execution environment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-implemented method comprising:
-
allocating firewall record slots for each of one or more mailbox components within a mailbox array component of a trusted execution environment executed by a hardware co-processor component, the trusted execution environment for performing secure operations for one or more application components of a host operating system component executed by a hardware processor component separate from the hardware co-processor component, each firewall record slot including a mailbox identification number and an application component address; receiving a message from one or more application components of the host operating system component, the message including a mailbox identification number and an application component address associated with an application component, the mailbox identification number including a mailbox index number comprising a number of bits m, the number of bits m based on a total number of the one or more mailbox components n, m and n comprising positive integers; verifying the message by a firewall component of the trusted execution environment based on the mailbox identification number and the application component address associated with the application component; and storing the message in a mailbox component matching the mailbox identification number based on verification of the message by the firewall component. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. At least one non-transitory machine-readable storage medium comprising instructions that, when executed by a computing device, cause the computing device to:
-
allocate firewall record slots for each of one or more mailbox components within a mailbox array component of a trusted execution environment executed by a hardware co-processor component, the trusted execution environment to perform secure operations for one or more application components of a host operating system component executed by a hardware processor component separate from the hardware co-processor component, each firewall record slot including a mailbox identification number and an application component address; receive a message from one or more application components of a host operating system component, the message including a mailbox identification number and an application component address associated with an application component, the mailbox identification number including a mailbox index number comprising a number of bits m, the number of bits m based on a total number of the one or more mailbox components n, m and n comprising positive integers; verify the message by a firewall component of the trusted execution environment based on the mailbox identification number and the application component address associated with the application component; and store the message in a mailbox component matching the mailbox identification number based on verification of the message by the firewall component. - View Dependent Claims (16, 17, 18, 19)
-
Specification