公开(公告)号：US09967092B2

公开(公告)日：2018-05-08

申请号：US14884416

申请日：2015-10-15

Applicant: VIA TECHNOLOGIES, INC.

Inventor： G. Glenn Henry ,  Terry Parks ,  Brent Bean ,  Thomas A. Crispin

IPC: H04L29/06 ,  H04L9/08 ,  G06F12/14 ,  G06F12/0862 ,  G06F12/0855 ,  G06F12/0875 ,  G06F9/30 ,  G06F21/52 ,  G06F21/54 ,  G06F21/60 ,  G06F21/71 ,  G06F21/72 ,  H04L9/06

CPC classification number: H04L9/0825 ,  G06F9/30003 ,  G06F9/30079 ,  G06F9/30178 ,  G06F9/30189 ,  G06F12/0855 ,  G06F12/0862 ,  G06F12/0875 ,  G06F12/1408 ,  G06F21/52 ,  G06F21/54 ,  G06F21/602 ,  G06F21/71 ,  G06F21/72 ,  G06F2212/1052 ,  G06F2212/402 ,  G06F2212/452 ,  G06F2212/6026 ,  G06F2221/2107 ,  H04L9/0618 ,  H04L9/0827 ,  H04L9/0861 ,  H04L9/0891 ,  H04L9/0894 ,  H04L2209/12 ,  H04L2209/20

Abstract: A secure memory, key expansion logic, and decryption logic are provided for a microprocessor that executes encrypted instructions. The secure memory stores a plurality of decryption key primitives. The key expansion logic selects two or more decryption key primitives from the secure memory and then derives a decryption key from them. The decryption logic uses the decryption key to decrypt an encrypted instruction fetched from the instruction cache. The decryption key primitives are selected on the basis of an encrypted instruction address, one of them is rotated by an amount also determined by the encrypted instruction address, and then they are additively or subtractively accumulated, also on the basis of the encrypted instruction address.

公开(公告)号：US09461818B2

公开(公告)日：2016-10-04

申请号：US14066350

申请日：2013-10-29

Applicant: VIA Technologies, Inc.

Inventor： G. Glenn Henry ,  Terry Parks ,  Brent Bean ,  Thomas A. Crispin

IPC: G06F11/30 ,  H04L9/08 ,  G06F12/08 ,  G06F21/52 ,  G06F21/71 ,  G06F21/72 ,  G06F9/30 ,  G06F21/60 ,  H04L9/06 ,  G06F21/54

CPC classification number: H04L9/0827 ,  G06F9/30003 ,  G06F9/30079 ,  G06F9/30178 ,  G06F9/30189 ,  G06F12/0875 ,  G06F21/52 ,  G06F21/54 ,  G06F21/602 ,  G06F21/71 ,  G06F21/72 ,  G06F2212/402 ,  G06F2212/452 ,  G06F2221/2107 ,  H04L9/0618 ,  H04L9/0861 ,  H04L9/0891 ,  H04L9/0894 ,  H04L2209/12 ,  H04L2209/20

Abstract: A method for encrypting a program for subsequent execution by a microprocessor configured to decrypt and execute the encrypted program includes receiving an object file specifying an unencrypted program that includes conventional branch instructions whose target address may be determined pre-run time. The method also includes analyzing the program to obtain chunk information that divides the program into a sequence of chunks each comprising a sequence of instructions and that includes encryption key data associated with each of the chunks. The encryption key data associated with each of the chunks is distinct. The method also includes replacing each of the conventional branch instructions that specifies a target address that is within a different chunk than the chunk in which the conventional branch instruction resides with a branch and switch key instruction. The method also includes encrypting the program based on the chunk information.

Abstract translation: 用于加密被配置为解密和执行加密程序的微处理器后续执行的程序的方法包括接收指定未加密程序的目标文件，其包括其目标地址可以被确定为预先运行时间的常规分支指令。 该方法还包括分析程序以获得将程序划分成每个包括指令序列并且包括与每个块相关联的加密密钥数据的块的序列的块信息。 与每个块相关联的加密密钥数据是不同的。 该方法还包括用分支和切换键指令代替指定与常规分支指令所在的块不同的块内的目标地址的每个常规分支指令。 该方法还包括基于块信息来加密程序。