公开(公告)号：US20140195821A1

公开(公告)日：2014-07-10

申请号：US14066350

申请日：2013-10-29

Applicant: VIA Technologies, Inc.

Inventor： G. Glenn Henry ,  Terry Parks ,  Brent Bean ,  Thomas A. Crispin

IPC: G06F21/60

CPC classification number: H04L9/0827 ,  G06F9/30003 ,  G06F9/30079 ,  G06F9/30178 ,  G06F9/30189 ,  G06F12/0875 ,  G06F21/52 ,  G06F21/54 ,  G06F21/602 ,  G06F21/71 ,  G06F21/72 ,  G06F2212/402 ,  G06F2212/452 ,  G06F2221/2107 ,  H04L9/0618 ,  H04L9/0861 ,  H04L9/0891 ,  H04L9/0894 ,  H04L2209/12 ,  H04L2209/20

Abstract: A method for encrypting a program for subsequent execution by a microprocessor configured to decrypt and execute the encrypted program includes receiving an object file specifying an unencrypted program that includes conventional branch instructions whose target address may be determined pre-run time. The method also includes analyzing the program to obtain chunk information that divides the program into a sequence of chunks each comprising a sequence of instructions and that includes encryption key data associated with each of the chunks. The encryption key data associated with each of the chunks is distinct. The method also includes replacing each of the conventional branch instructions that specifies a target address that is within a different chunk than the chunk in which the conventional branch instruction resides with a branch and switch key instruction. The method also includes encrypting the program based on the chunk information.

Abstract translation: 用于加密被配置为解密和执行加密程序的微处理器后续执行的程序的方法包括接收指定未加密程序的目标文件，其包括其目标地址可以被确定为预先运行时间的常规分支指令。 该方法还包括分析程序以获得将程序划分成每个包括指令序列并且包括与每个块相关联的加密密钥数据的块的序列的块信息。 与每个块相关联的加密密钥数据是不同的。 该方法还包括用分支和切换键指令代替指定与常规分支指令所在的块不同的块内的目标地址的每个常规分支指令。 该方法还包括基于块信息来加密程序。

公开(公告)号：US20140195820A1

公开(公告)日：2014-07-10

申请号：US14066270

申请日：2013-10-29

Applicant: VIA Technologies, Inc.

Inventor： G. Glenn Henry ,  Terry Parks ,  Brent Bean ,  Thomas A. Crispin

IPC: H04L9/08 ,  G06F12/08

CPC classification number: H04L9/0827 ,  G06F9/30003 ,  G06F9/30079 ,  G06F9/30178 ,  G06F9/30189 ,  G06F12/0875 ,  G06F21/52 ,  G06F21/54 ,  G06F21/602 ,  G06F21/71 ,  G06F21/72 ,  G06F2212/402 ,  G06F2212/452 ,  G06F2221/2107 ,  H04L9/0618 ,  H04L9/0861 ,  H04L9/0891 ,  H04L9/0894 ,  H04L2209/12 ,  H04L2209/20

Abstract: An apparatus for generating a decryption key for use to decrypt a block of encrypted instruction data being fetched from an instruction cache in a microprocessor at a fetch address includes a first multiplexer that selects a first key value from a plurality of key values based on a first portion of the fetch address. A second multiplexer selects a second key value from the plurality of key values based on the first portion of the fetch address. A rotater rotates the first key value based on a second portion of the fetch address. An arithmetic unit selectively adds or subtracts the rotated first key value to or from the second key value based on a third portion of the fetch address to generate the decryption key.

Abstract translation: 一种用于产生解密密钥的装置，用于解密从提取地址的微处理器中的指令高速缓存取出的加密指令数据块，其包括：第一多路复用器，其基于第一和第二多个键值从多个键值中选择第一键值 提取地址的一部分。 第二多路复用器根据提取地址的第一部分从多个键值中选择第二键值。 旋转器基于获取地址的第二部分旋转第一键值。 算术单元基于获取地址的第三部分，有选择地向第二密钥值添加或减去所转动的第一密钥值，以生成解密密钥。