Decryption of encrypted instructions using keys selected on basis of instruction fetch address
First Claim
1. A microprocessor for executing encrypted instructions and non encrypted (plain text) instructions comprising:
- an instruction cache for storing both the encrypted instructions and the non encrypted instructions;
fetch logic configured to fetch both the encrypted instructions and the non encrypted instructions from the instruction cache, the fetch logic further comprising;
a key expander;
a secure memory configured to store a plurality of master keys;
key selection logic configured to select a set of one or more master keys from the secure memory based upon an instruction fetch address for an encrypted instruction, wherein the selected master keys are used by the key expander, along with the instruction fetch address, to decrypt the encrypted instructions fetched from the instruction cache;
decryption logic configured to use the selected set of one or more master keys, or a decryption key provided by the key expander derived from the selected set of one or more master keys, to decrypt the encrypted instructions fetched from the instruction cache; and
decryption key generation logic configured to derive a decryption key from the selected set of one or more master keys;
wherein the encrypted instructions are grouped into blocks of instructions having a length not greater than the decryption key'"'"'s length, and the decryption key generation logic is configured to derive a new decryption key for each block of instructions based upon a fetch address of an encrypted instruction in the block of instructions; and
wherein the microprocessor executes the decrypted instructions.
1 Assignment
0 Petitions
Accused Products
Abstract
A microprocessor and method are provided for securely decrypting and executing encrypted instructions within a microprocessor. A plurality of master keys are stored in a secure memory. Encrypted instructions are fetched from an instruction cache. A set of one or more master keys are selected from the secure memory based upon an encrypted instruction fetch address. The selected set of master keys or a decryption key derived therefrom is used to decrypt the encrypted instructions fetched from the instruction cache. The decrypted instructions are then securely executed within the microprocessor. In one implementation, the master keys are intervolved with each other to produce a new decryption key with every fetch quantum. Moreover, a new set of master keys is selected with every new block of instructions.
-
Citations
20 Claims
-
1. A microprocessor for executing encrypted instructions and non encrypted (plain text) instructions comprising:
-
an instruction cache for storing both the encrypted instructions and the non encrypted instructions; fetch logic configured to fetch both the encrypted instructions and the non encrypted instructions from the instruction cache, the fetch logic further comprising; a key expander; a secure memory configured to store a plurality of master keys; key selection logic configured to select a set of one or more master keys from the secure memory based upon an instruction fetch address for an encrypted instruction, wherein the selected master keys are used by the key expander, along with the instruction fetch address, to decrypt the encrypted instructions fetched from the instruction cache; decryption logic configured to use the selected set of one or more master keys, or a decryption key provided by the key expander derived from the selected set of one or more master keys, to decrypt the encrypted instructions fetched from the instruction cache; and decryption key generation logic configured to derive a decryption key from the selected set of one or more master keys; wherein the encrypted instructions are grouped into blocks of instructions having a length not greater than the decryption key'"'"'s length, and the decryption key generation logic is configured to derive a new decryption key for each block of instructions based upon a fetch address of an encrypted instruction in the block of instructions; and wherein the microprocessor executes the decrypted instructions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of securely executing encrypted instructions within a microprocessor, the method comprising:
-
providing an instruction cache for storing both the encrypted instructions and non encrypted instructions; storing a plurality of master keys in a secure memory; fetching encrypted instructions from the instruction cache, the fetching utilizing fetch logic having a key expander; selecting a set of one or more master keys from the secure memory based upon an instruction fetch address for an encrypted instruction; decrypting the encrypted instruction fetched from the instruction cache using the selected set of one or more master keys or a decryption key derived by the key expander from the selected set of one or more master keys to decrypt the encrypted instructions fetched from the instruction cache wherein the encrypted instructions are grouped into blocks of instructions having a length not greater than the decryption key'"'"'s length; deriving a new decryption key from the selected set of one or more master keys based upon an encrypted instruction fetch address for each block of instructions; and securely executing the decrypted instructions within the microprocessor. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification