System and method for securely saving and restoring a context of a secure program loader

US 8,190,917 B2
Filed: 09/12/2006
Issued: 05/29/2012
Est. Priority Date: 09/12/2006
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method for managing a context of a secure program loader, the method comprising:

receiving an interrupt from a general purpose processor core at a special purpose processor core that is running in an isolation mode and executing a secured program, wherein;

a heterogeneous processor includes the isolated special purpose processor core and the general purpose processor core that can each access a shared memory; and

the isolated special purpose processor core includes a local memory that is inaccessible from the general purpose processor core;

encrypting the secured program'"'"'s context using a first randomly generated encryption key;

storing the secured program'"'"'s encrypted context to the shared memory using a secure loader;

updating the secure loader'"'"'s context with the first randomly generated encryption key; and

saving the secure loader'"'"'s context to the shared memory, the saving of the secure loader'"'"'s context including;

generating a random persistent security data, wherein the random persistent security data is a second randomly generated encryption key;

encrypting the secure loader'"'"'s context using the persistent security data, wherein the secure loader'"'"'s context includes a program counter that corresponds to a location in the secured program where the secured program was interrupted;

storing the secure loader'"'"'s encrypted context in the shared memory; and

storing the persistent security data in a persistent storage register.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method and program product that securely saves and restores the context of a secure program loader is presented. An interrupt is sent to a secured program running on an special purpose processor core that is running in isolation mode. The special purpose processor core is included in a heterogeneous processing environment that includes the special purpose processor cores (including the isolated special purpose processor core), and one or more general purpose processors. Each of the processors can access a shared memory. The isolated special purpose processor core includes a local memory that is inaccessible from the other processors. The system encrypts the secured program'"'"'s context using a randomly generated encryption key and stores the context in the shared memory. A secure loader'"'"'s context is updated with the generated encryption key and then the secure loader'"'"'s context is saved to the shared memory.

Citations

17 Claims

1. A computer implemented method for managing a context of a secure program loader, the method comprising:
- receiving an interrupt from a general purpose processor core at a special purpose processor core that is running in an isolation mode and executing a secured program, wherein;
  
  a heterogeneous processor includes the isolated special purpose processor core and the general purpose processor core that can each access a shared memory; and
  
  the isolated special purpose processor core includes a local memory that is inaccessible from the general purpose processor core;
  
  encrypting the secured program'"'"'s context using a first randomly generated encryption key;
  
  storing the secured program'"'"'s encrypted context to the shared memory using a secure loader;
  
  updating the secure loader'"'"'s context with the first randomly generated encryption key; and
  
  saving the secure loader'"'"'s context to the shared memory, the saving of the secure loader'"'"'s context including;
  
  generating a random persistent security data, wherein the random persistent security data is a second randomly generated encryption key;
  
  encrypting the secure loader'"'"'s context using the persistent security data, wherein the secure loader'"'"'s context includes a program counter that corresponds to a location in the secured program where the secured program was interrupted;
  
  storing the secure loader'"'"'s encrypted context in the shared memory; and
  
  storing the persistent security data in a persistent storage register.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 wherein the secure loader'"'"'s context includes the first randomly generated encryption key and a program identifier that identifies the secured program.
  - 3. The method of claim 2 wherein the secure loader'"'"'s context includes a plurality of encryption keys, program identifiers, and program counters that correspond to a plurality of secured programs being managed by the secure loader.
  - 4. The method of claim 3 further comprising:
    - after saving the secure loader'"'"'s context;
      
      clearing the isolated special purpose processor core'"'"'s local memory, the clearing leaving the persistent storage register intact;
      
      setting the special purpose processor core in the isolation mode, the setting resulting in loading of the secure loader into the isolated special purpose processor core'"'"'s local memory from a read-only memory;
      
      retrieving the persistent security data from the persistent storage register;
      
      restoring the secure loader'"'"'s context using the retrieved persistent security data;
      
      receiving a second secured program identifier corresponding to a second secured program to load in the isolated special purpose processor core'"'"'s local memory;
      
      retrieving a stored encryption key and a second program counter from a record in the secure loader'"'"'s context that matches the received second secured program identifier; and
      
      restoring the second secured program by;
      
      reading a second encrypted context corresponding to the second secured program from the shared memory;
      
      decrypting the second secured program'"'"'s encrypted context using the retrieved encryption key;
      
      storing the second secured program'"'"'s decrypted context in the isolated special purpose processor core'"'"'s local memory; and
      
      branching to the second program counter to execute the second secured program at a location where the second secured program was previously interrupted.
  - 5. The method of claim 1 further comprising:
    - after saving the secure loader'"'"'s context;
      
      clearing the isolated special purpose processor core'"'"'s local memory, the clearing leaving the persistent storage register intact;
      
      returning the special purpose processor core to a non-isolation mode; and
      
      loading a second program in the special processing unit running in non-isolation mode, wherein the persistent storage register is only accessible when the special purpose processor core is running in isolation mode.
  - 6. The method of claim 1 further comprising:
    - inputting the secure loader'"'"'s encrypted context to a signature generation function, the signature generation function resulting in an signature result; and
      
      storing the signature result in the shared memory.

7. An information handling system comprising:
- a heterogeneous processor that includes one or more special purpose processor cores, wherein one of the special processors is running in isolation mode, and one or more general purpose processor cores;
  
  a local memory corresponding to each of the plurality of heterogeneous processors, wherein the local memory corresponding to the isolated special purpose processor core is inaccessible by the other heterogeneous processors while the special purpose processor core is running in the isolation mode;
  
  one or more persistent storage registers, wherein each persistent storage register corresponds to one of the special purpose processor cores and wherein data stored in the persistent storage register is only accessible when the special purpose processor core is running in isolation mode;
  
  a shared memory accessible by the heterogeneous processors; and
  
  a set of instructions stored in one of the local memories, wherein one or more of the heterogeneous processors executes the set of instructions in order to perform actions of;
  
  receiving an interrupt from one of the general purpose processor cores at the isolated special purpose processor core that is executing a secured program;
  
  encrypting the secured program'"'"'s context using a first randomly generated encryption key;
  
  storing the secured program'"'"'s encrypted context to the shared memory using a secure loader;
  
  updating the secure loader'"'"'s context with the first randomly generated encryption key; and
  
  saving the secure loader'"'"'s context to the shared memory, the saving of the secure loader'"'"'s context including;
  
  generating a random persistent security data, wherein the random persistent security data is a second randomly generated encryption key;
  
  encrypting the secure loader'"'"'s context using the persistent security data, wherein the secure loader'"'"'s context includes a program counter that corresponds to a location in the secured program where the secured program was interrupted;
  
  storing the secure loader'"'"'s encrypted context in the shared memory; and
  
  storing the persistent security data in the isolated special purpose processor core'"'"'s persistent storage register.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The information handling system of claim 7 wherein the secure loader'"'"'s context includes the first randomly generated encryption key and a program identifier that identifies the secured program.
  - 9. The information handling system of claim 8 wherein the secure loader'"'"'s context includes a plurality of encryption keys, program identifiers, and program counters that correspond to a plurality of secured programs being managed by the secure loader.
  - 10. The information handling system of claim 9 comprising the set of instructions further performing actions of:
    - a read-only memory accessible by the processors, wherein a static copy of the secure loader is stored in the read-only memory, wherein, after saving the secure loader'"'"'s context, the set of instructions further perform actions of;
      
      clearing the isolated special purpose processor core'"'"'s local memory, the clearing leaving the persistent storage register intact;
      
      setting the special purpose processor core in the isolation mode, the setting resulting in loading the static copy of the secure loader from the read-only memory into the isolated special purpose processor core'"'"'s local memory;
      
      retrieving the persistent security data from the persistent storage register;
      
      restoring the secure loader'"'"'s context using the retrieved persistent security data;
      
      receiving a second secured program identifier corresponding to a second secured program to load in the isolated special purpose processor core'"'"'s local memory;
      
      retrieving a stored encryption key and a second program counter from a record in the secure loader'"'"'s context that matches the received second secured program identifier; and
      
      restoring the second secured program by;
      
      reading a second encrypted context corresponding to the second secured program from the shared memory;
      
      decrypting the second secured program'"'"'s encrypted context using the retrieved encryption key;
      
      storing the second secured program'"'"'s decrypted context in the isolated special purpose processor core'"'"'s local memory; and
      
      branching to the second program counter to execute the second secured program at a location where the second secured program was previously interrupted.
  - 11. The information handling system of claim 7, wherein after saving the secure loader'"'"'s context, the set of instructions further performs actions of:
    - clearing the isolated special purpose processor core'"'"'s local memory, the clearing leaving the persistent storage register intact;
      
      returning the special purpose processor core to a non-isolation mode; and
      
      loading a second program in the special processing unit running in non-isolation mode, wherein the persistent storage register is only accessible when the special purpose processor core is running in isolation mode.
  - 12. The information handling system of claim 7 comprising the set of instructions further performing actions of:
    - inputting the secure loader'"'"'s encrypted context to a signature generation function, the signature generation function resulting in an signature result; and
      
      storing the signature result in the shared memory.

13. A computer program product stored in computer readable memory, comprising functional descriptive material that, when executed by a information handling system, causes the information handling system to perform actions that include:
- receiving an interrupt from a general purpose processor core at a special purpose processor core that is running in an isolation mode and executing a secured program, wherein;
  
  a heterogeneous processor includes the isolated special purpose processor core and the general purpose processor core that can each access a shared memory; and
  
  the isolated special purpose processor core includes a local memory that is inaccessible from the general purpose processor core;
  
  encrypting the secured program'"'"'s context using a first randomly generated encryption key;
  
  storing the secured program'"'"'s encrypted context to the shared memory using a secure loader;
  
  updating the secure loader'"'"'s context with the first randomly generated encryption key; and
  
  saving the secure loader'"'"'s context to the shared memory, the saving of the secure loader'"'"'s context including;
  
  generating a random persistent security data, wherein the random persistent security data is a second randomly generated encryption key;
  
  encrypting the secure loader'"'"'s context using the persistent security data, wherein the secure loader'"'"'s context includes a program counter that corresponds to a location in the secured program where the secured program was interrupted;
  
  storing the secure loader'"'"'s encrypted context in the shared memory; and
  
  storing the persistent security data in a persistent storage register.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The computer program product of claim 13 wherein the secure loader'"'"'s context includes a plurality of encryption keys, program identifiers, and program counters that correspond to a plurality of secured programs being managed by the secure loader.
  - 15. The computer program product of claim 14 further comprising functional descriptive material that, when executed by the information handling system, causes the information handling system to perform actions that include:
    - after saving the secure loader'"'"'s context;
      
      clearing the isolated special purpose processor core'"'"'s local memory, the clearing leaving the persistent storage register intact;
      
      setting the special purpose processor core in the isolation mode, the setting resulting in loading of the secure loader into the isolated special purpose processor core'"'"'s local memory from a read-only memory;
      
      retrieving the persistent security data from the persistent storage register;
      
      restoring the secure loader'"'"'s context using the retrieved persistent security data;
      
      receiving a second secured program identifier corresponding to a second secured program to load in the isolated special purpose processor core'"'"'s local memory;
      
      retrieving a stored encryption key and a second program counter from a record in the secure loader'"'"'s context that matches the received second secured program identifier; and
      
      restoring the second secured program by;
      
      reading a second encrypted context corresponding to the second secured program from the shared memory;
      
      decrypting the second secured program'"'"'s encrypted context using the retrieved encryption key;
      
      storing the second secured program'"'"'s decrypted context in the isolated special purpose processor core'"'"'s local memory; and
      
      branching to the second program counter to execute the second secured program at a location where the second secured program was previously interrupted.
  - 16. The computer program product of claim 13 further comprising functional descriptive material that, when executed by a information handling system, causes the information handling system to perform actions that include:
    - after saving the secure loader'"'"'s context;
      
      clearing the isolated special purpose processor core'"'"'s local memory, the clearing leaving the persistent storage register intact;
      
      returning the special purpose processor core to a non-isolation mode; and
      
      loading a second program in the special processing unit running in non-isolation mode, wherein the persistent storage register is only accessible when the special purpose processor core is running in isolation mode.
  - 17. The computer program product of claim 13 further comprising functional descriptive material that, when executed by a information handling system, causes the information handling system to perform actions that include:
    - inputting the secure loader'"'"'s encrypted context to a signature generation function, the signature generation function resulting in an signature result; and
      
      storing the signature result in the shared memory.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Nutter, Mark Richard, Shimizu, Kanna
Primary Examiner(s)
McNally, Michael S

Application Number

US11/530,942
Publication Number

US 20080066075A1
Time in Patent Office

2,086 Days
Field of Search

713/193
US Class Current

713/193
CPC Class Codes

G06F 9/485 Task life-cycle, e.g. stopp...

System and method for securely saving and restoring a context of a secure program loader

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for securely saving and restoring a context of a secure program loader

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links