KEY EXPANSION LOGIC USING DECRYPTION KEY PRIMITIVES
First Claim
1. A microprocessor comprising:
- an instruction cache operable to store encrypted instructions;
fetch logic configured to fetch encrypted instructions from the instruction cache;
a secure memory configured to store a plurality of decryption key primitives;
key expansion logic configured to derive a decryption key from two or more of the plurality of decryption key primitives; and
decryption logic configured to decrypt an encrypted instruction fetched from the instruction cache with the decryption key derived from the two or more decryption key primitives.
1 Assignment
0 Petitions
Accused Products
Abstract
A secure memory, key expansion logic, and decryption logic are provided for a microprocessor that executes encrypted instructions. The secure memory stores a plurality of decryption key primitives. The key expansion logic selects two or more decryption key primitives from the secure memory and then derives a decryption key from them. The decryption logic uses the decryption key to decrypt an encrypted instruction fetched from the instruction cache. The decryption key primitives are selected on the basis of an encrypted instruction address, one of them is rotated by an amount also determined by the encrypted instruction address, and then they are additively or subtractively accumulated, also on the basis of the encrypted instruction address.
-
Citations
27 Claims
-
1. A microprocessor comprising:
-
an instruction cache operable to store encrypted instructions; fetch logic configured to fetch encrypted instructions from the instruction cache; a secure memory configured to store a plurality of decryption key primitives; key expansion logic configured to derive a decryption key from two or more of the plurality of decryption key primitives; and decryption logic configured to decrypt an encrypted instruction fetched from the instruction cache with the decryption key derived from the two or more decryption key primitives. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method of securely executing encrypted instructions within a microprocessor, the method comprising:
-
storing a plurality of decryption key primitives in a secure memory; fetching encrypted instructions from an instruction cache; receiving two or more of the plurality of decryption key primitives from the secure memory; deriving a decryption key from the two or more decryption key primitives received from the secure memory; decrypting an encrypted instruction fetched from the instruction cache with the decryption key derived from the two or more decryption key primitives; and securely executing the decrypted instruction within the microprocessor. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A computer program product encoded in at least one non-transitory computer usable medium for use with a computing device, the computer program product comprising:
computer usable program code embodied in said medium, for specifying a microprocessor, the computer usable program code comprising; first program code for specifying an instruction cache operable to store encrypted instructions; second program code for specifying fetch logic configured to fetch encrypted instructions from the instruction cache; third program code for specifying a secure memory configured to store a plurality of decryption key primitives; fourth program code for specifying key expansion logic configured to derive a decryption key from two or more of the plurality of decryption key primitives; and fifth program code for specifying decryption logic configured to decrypt an encrypted instruction fetched from the instruction cache with the decryption key derived from the two or more decryption key primitives.
Specification