System and method for validating program execution at run-time
First Claim
1. A microprocessor comprising:
- a multistage instruction processing pipeline, comprising at least one of branch prediction logic elements and speculative execution logic elements, and having a minimum pipeline latency between receipt of a first instruction of a sequence of instructions and readiness for commitment of execution of the first instruction, configured to;
receive a sequence of instructions for processing,concurrently decode the received instructions during the pipeline latency,dispatch the instructions,advance respective instructions of the sequence of instructions to a stage prior to commitment of instruction execution,commit execution of the sequence of instructions to produce at least one execution result comprising alteration of at least one register of the microprocessor external to the instruction processing pipeline in response to execution of at least one instruction and an availability of a verification signal, andrespond to at least one of a misprediction signal and failure of availability of the verification signal, to cause a rollback of the instruction processing pipeline to a state prior to an error which caused the at least one of the misprediction signal and the failure of availability of the verification signal;
a memory configured to store at least a predetermined encrypted reference digital signature;
decryption logic elements configured to decrypt the encrypted reference digital signature in dependence on a decryption key securely stored in, and received from a secure hardware environment to produce a reference digital signature corresponding to an expected digital signature of an authentic sequence of instructions;
verification logic elements configured to match the reference digital signature with a digital signature of the received sequence of instructions; and
authorization logic elements configured, within a first mode of operation, to generate the verification signal within the minimum pipeline latency, contingent upon verifying that the reference digital signature matches the digital signature.
1 Assignment
0 Petitions
Accused Products
Abstract
A pipelined processor comprising a cache memory system, fetching instructions for execution from a portion of said cache memory system, an instruction commencing processing before a digital signature of the cache line that contained the instruction is verified against a reference signature of the cache line, the verification being done at the point of decoding, dispatching, or committing execution of the instruction, the reference signature being stored in an encrypted form in the processor'"'"'s memory, and the key for decrypting the said reference signature being stored in a secure storage location. The instruction processing proceeds when the two signatures exactly match and, where further instruction processing is suspended or processing modified on a mismatch of the two said signatures.
2538 Citations
20 Claims
-
1. A microprocessor comprising:
-
a multistage instruction processing pipeline, comprising at least one of branch prediction logic elements and speculative execution logic elements, and having a minimum pipeline latency between receipt of a first instruction of a sequence of instructions and readiness for commitment of execution of the first instruction, configured to; receive a sequence of instructions for processing, concurrently decode the received instructions during the pipeline latency, dispatch the instructions, advance respective instructions of the sequence of instructions to a stage prior to commitment of instruction execution, commit execution of the sequence of instructions to produce at least one execution result comprising alteration of at least one register of the microprocessor external to the instruction processing pipeline in response to execution of at least one instruction and an availability of a verification signal, and respond to at least one of a misprediction signal and failure of availability of the verification signal, to cause a rollback of the instruction processing pipeline to a state prior to an error which caused the at least one of the misprediction signal and the failure of availability of the verification signal; a memory configured to store at least a predetermined encrypted reference digital signature; decryption logic elements configured to decrypt the encrypted reference digital signature in dependence on a decryption key securely stored in, and received from a secure hardware environment to produce a reference digital signature corresponding to an expected digital signature of an authentic sequence of instructions; verification logic elements configured to match the reference digital signature with a digital signature of the received sequence of instructions; and authorization logic elements configured, within a first mode of operation, to generate the verification signal within the minimum pipeline latency, contingent upon verifying that the reference digital signature matches the digital signature. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 15, 16, 17, 18, 19, 20)
-
-
13. A method for verifying instructions executed by a microprocessor, comprising:
-
receiving a sequence of instructions for processing by a multistage instruction processing pipeline having a minimum pipeline latency between receiving a first instruction of the sequence of instructions and readiness to commit execution of the first instruction, and comprising at least one of branch prediction logic elements and speculative execution logic elements responsive to at least one of a misprediction signal and failure of an availability of a verification signal to cause a rollback of the multistage instruction processing pipeline to a state prior to an error which caused the at least one of the misprediction signal and the failure of availability of the verification signal; concurrently decoding, and dispatching a plurality of the sequence of instructions to a stage prior to commitment of instruction execution during the pipeline latency; committing execution of the sequence of instructions to produce at least one execution result comprising alteration of at least one register of the microprocessor external to the instruction processing pipeline, in response to execution of at least one instruction and the availability of the verification signal; storing at least a predetermined encrypted reference digital signature in a memory; decrypting the encrypted reference signature in dependence on a securely received decryption key in a secure hardware environment, to produce a reference digital signature corresponding to an expected digital signature of an authentic sequence of instructions; and verifying that the reference digital signature matches a digital signature of the received sequence of instructions and generating the verification signal, contingent upon verifying that the reference digital signature matches the digital signature, in a secure hardware environment that generates the verification signal within the minimum pipeline latency. - View Dependent Claims (14)
-
Specification