Key expansion logic using decryption key primitives
First Claim
1. A microprocessor comprising:
- an instruction cache storing both encrypted instructions and non-encrypted instructions;
an instruction fetcher, coupled to the instruction cache, for fetching both the encrypted instructions and the non-encrypted instructions from the instruction cache;
a secure memory, coupled to the instruction fetcher, having a secure memory area for storing a plurality of decryption key primitives;
a key expander, coupled to the secure memory, having a plurality of multiplexers to select two or more of the plurality of decryption key primitives and to derive a singular decryption key from the two or more of the plurality of decryption key primitives;
a decryptor for decrypting an encrypted instruction fetched from the instruction cache by the instruction fetcher using the singular decryption key derived from the two or more decryption key primitives; and
an execution unit, coupled to the decryptor, for executing both instructions decrypted by the decrypter and the non-encrypted instructions wherein the key expander, couple to the secure memory is configured to rotate a decryption key primitive to generate a rotated decryption key primitive; and
wherein the key expander, couple to the secure memory is configured to accumulate the rotated decryption key primitive to a second decryption key primitive; and
securely executing the decrypted instruction within the microprocessor.
1 Assignment
0 Petitions
Accused Products
Abstract
A secure memory, key expansion logic, and decryption logic are provided for a microprocessor that executes encrypted instructions. The secure memory stores a plurality of decryption key primitives. The key expansion logic selects two or more decryption key primitives from the secure memory and then derives a decryption key from them. The decryption logic uses the decryption key to decrypt an encrypted instruction fetched from the instruction cache. The decryption key primitives are selected on the basis of an encrypted instruction address, one of them is rotated by an amount also determined by the encrypted instruction address, and then they are additively or subtractively accumulated, also on the basis of the encrypted instruction address.
-
Citations
21 Claims
-
1. A microprocessor comprising:
-
an instruction cache storing both encrypted instructions and non-encrypted instructions; an instruction fetcher, coupled to the instruction cache, for fetching both the encrypted instructions and the non-encrypted instructions from the instruction cache; a secure memory, coupled to the instruction fetcher, having a secure memory area for storing a plurality of decryption key primitives; a key expander, coupled to the secure memory, having a plurality of multiplexers to select two or more of the plurality of decryption key primitives and to derive a singular decryption key from the two or more of the plurality of decryption key primitives; a decryptor for decrypting an encrypted instruction fetched from the instruction cache by the instruction fetcher using the singular decryption key derived from the two or more decryption key primitives; and an execution unit, coupled to the decryptor, for executing both instructions decrypted by the decrypter and the non-encrypted instructions wherein the key expander, couple to the secure memory is configured to rotate a decryption key primitive to generate a rotated decryption key primitive; and wherein the key expander, couple to the secure memory is configured to accumulate the rotated decryption key primitive to a second decryption key primitive; and securely executing the decrypted instruction within the microprocessor. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of securely executing both non encrypted instructions and encrypted instructions within a microprocessor, the method comprising:
-
storing a plurality of decryption key primitives in a secure memory, and storing non encrypted instructions in an instruction cache; fetching both non encrypted instructions and encrypted instructions from an instruction cache; selecting two or more of the plurality of decryption key primitives from the secure memory; utilizing a key expander, coupled to the secure memory, for deriving a singular decryption key from the two or more decryption key primitives received from the secure memory; decrypting an encrypted instruction fetched from the instruction cache with the singular decryption key derived from the two or more decryption key primitives; and utilizing an execution unit, coupled to the decryptor, for securely executing the decrypted instruction within the microprocessor wherein the key expander is configured to rotate a decryption key primitive to generate a rotated decryption key primitive; and wherein the key expander is further configured to accumulate the rotated decryption key primitive to a second decryption key primitive. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
Specification