公开(公告)号：US20140195822A1

公开(公告)日：2014-07-10

申请号：US14066428

申请日：2013-10-29

Applicant: VIA Technologies, Inc.

Inventor： G. Glenn Henry ,  Terry Parks ,  Brent Bean ,  Thomas A. Crispin

IPC: H04L9/06 ,  H04L9/08 ,  G06F21/60

CPC classification number: H04L9/0827 ,  G06F9/30003 ,  G06F9/30079 ,  G06F9/30178 ,  G06F9/30189 ,  G06F12/0875 ,  G06F21/52 ,  G06F21/54 ,  G06F21/602 ,  G06F21/71 ,  G06F21/72 ,  G06F2212/402 ,  G06F2212/452 ,  G06F2221/2107 ,  H04L9/0618 ,  H04L9/0861 ,  H04L9/0891 ,  H04L9/0894 ,  H04L2209/12 ,  H04L2209/20

Abstract: A microprocessor is provided with a method for decrypting encrypted instruction data into plain text instruction data and securely executing the same. The microprocessor includes a master key register file comprising a plurality of master keys. Selection logic circuitry in the microprocessor selects a combination of at least two of the plurality of master keys. Key expansion circuitry in the microprocessor performs mathematical operations on the selected master keys to generate a decryption key having a long effective key length. Instruction decryption circuitry performs an efficient mathematical operation on the encrypted instruction data and the decryption key to decrypt the encrypted instruction data into plain text instruction data.

Abstract translation: 微处理器具有用于将加密指令数据解密为明文指令数据并安全执行该方法。 微处理器包括一个包含多个主密钥的主密钥寄存器文件。 微处理器中的选择逻辑电路选择多个主密钥中的至少两个的组合。 微处理器中的密钥扩展电路对所选择的主密钥执行数学运算，以产生具有长的有效密钥长度的解密密钥。 指令解密电路对加密指令数据和解密密钥进行有效的数学运算，将加密指令数据解密为明文指令数据。

公开(公告)号：US20140195821A1

公开(公告)日：2014-07-10

申请号：US14066350

申请日：2013-10-29

Applicant: VIA Technologies, Inc.

Inventor： G. Glenn Henry ,  Terry Parks ,  Brent Bean ,  Thomas A. Crispin

IPC: G06F21/60

CPC classification number: H04L9/0827 ,  G06F9/30003 ,  G06F9/30079 ,  G06F9/30178 ,  G06F9/30189 ,  G06F12/0875 ,  G06F21/52 ,  G06F21/54 ,  G06F21/602 ,  G06F21/71 ,  G06F21/72 ,  G06F2212/402 ,  G06F2212/452 ,  G06F2221/2107 ,  H04L9/0618 ,  H04L9/0861 ,  H04L9/0891 ,  H04L9/0894 ,  H04L2209/12 ,  H04L2209/20

Abstract: A method for encrypting a program for subsequent execution by a microprocessor configured to decrypt and execute the encrypted program includes receiving an object file specifying an unencrypted program that includes conventional branch instructions whose target address may be determined pre-run time. The method also includes analyzing the program to obtain chunk information that divides the program into a sequence of chunks each comprising a sequence of instructions and that includes encryption key data associated with each of the chunks. The encryption key data associated with each of the chunks is distinct. The method also includes replacing each of the conventional branch instructions that specifies a target address that is within a different chunk than the chunk in which the conventional branch instruction resides with a branch and switch key instruction. The method also includes encrypting the program based on the chunk information.

Abstract translation: 用于加密被配置为解密和执行加密程序的微处理器后续执行的程序的方法包括接收指定未加密程序的目标文件，其包括其目标地址可以被确定为预先运行时间的常规分支指令。 该方法还包括分析程序以获得将程序划分成每个包括指令序列并且包括与每个块相关联的加密密钥数据的块的序列的块信息。 与每个块相关联的加密密钥数据是不同的。 该方法还包括用分支和切换键指令代替指定与常规分支指令所在的块不同的块内的目标地址的每个常规分支指令。 该方法还包括基于块信息来加密程序。

公开(公告)号：US20140195820A1

公开(公告)日：2014-07-10

申请号：US14066270

申请日：2013-10-29

Applicant: VIA Technologies, Inc.

Inventor： G. Glenn Henry ,  Terry Parks ,  Brent Bean ,  Thomas A. Crispin

IPC: H04L9/08 ,  G06F12/08

CPC classification number: H04L9/0827 ,  G06F9/30003 ,  G06F9/30079 ,  G06F9/30178 ,  G06F9/30189 ,  G06F12/0875 ,  G06F21/52 ,  G06F21/54 ,  G06F21/602 ,  G06F21/71 ,  G06F21/72 ,  G06F2212/402 ,  G06F2212/452 ,  G06F2221/2107 ,  H04L9/0618 ,  H04L9/0861 ,  H04L9/0891 ,  H04L9/0894 ,  H04L2209/12 ,  H04L2209/20

Abstract: An apparatus for generating a decryption key for use to decrypt a block of encrypted instruction data being fetched from an instruction cache in a microprocessor at a fetch address includes a first multiplexer that selects a first key value from a plurality of key values based on a first portion of the fetch address. A second multiplexer selects a second key value from the plurality of key values based on the first portion of the fetch address. A rotater rotates the first key value based on a second portion of the fetch address. An arithmetic unit selectively adds or subtracts the rotated first key value to or from the second key value based on a third portion of the fetch address to generate the decryption key.

Abstract translation: 一种用于产生解密密钥的装置，用于解密从提取地址的微处理器中的指令高速缓存取出的加密指令数据块，其包括：第一多路复用器，其基于第一和第二多个键值从多个键值中选择第一键值 提取地址的一部分。 第二多路复用器根据提取地址的第一部分从多个键值中选择第二键值。 旋转器基于获取地址的第二部分旋转第一键值。 算术单元基于获取地址的第三部分，有选择地向第二密钥值添加或减去所转动的第一密钥值，以生成解密密钥。

公开(公告)号：US20130311755A1

公开(公告)日：2013-11-21

申请号：US13777104

申请日：2013-02-26

Applicant: VIA TECHNOLOGIES, INC.

Inventor： G. Glenn Henry ,  Terry Parks

IPC: G06F9/30

CPC classification number: G06F9/30189 ,  G06F1/3206 ,  G06F1/324 ,  G06F1/3243 ,  G06F1/3275 ,  G06F1/329 ,  Y02D10/126 ,  Y02D10/13 ,  Y02D10/14 ,  Y02D10/24

Abstract: A microprocessor includes functional units and control registers writeable to cause the functional units to institute actions that reduce the instructions-per-clock rate of the microprocessor to reduce power consumption when the microprocessor is operating in its lowest performance running state. Examples of the actions include in-order vs. out-of-order execution, serial vs. parallel cache access and single vs. multiple instruction issue, retire, translation and/or formatting per clock cycle. The actions may be instituted only if additional conditions exist, such as residing in the lowest performance running state for a minimum time, not running in a higher performance state for more than a maximum time, a user did not disable the feature, the microprocessor supports multiple running states and the operating system supports multiple running states.

Abstract translation: 微处理器包括可写的功能单元和控制寄存器，以使功能单元执行动作，以减少微处理器的每时钟指令的指令，以在微处理器以最低性能运行状态运行时降低功耗。 这些操作的示例包括按顺序执行，无序执行，串行与并行缓存访问以及每个时钟周期中的单个或多个指令发出，退出，转换和/或格式化。 只有在存在附加条件的情况下，才能设置动作，例如最低运行时间停留在最低运行状态，不超过最长时间运行在较高的运行状态，用户没有禁用该功能，微处理器支持 多个运行状态和操作系统支持多个运行状态。

公开(公告)号：US10204056B2

公开(公告)日：2019-02-12

申请号：US14188905

申请日：2014-02-25

Applicant: VIA TECHNOLOGIES, INC.

Inventor： G. Glenn Henry ,  Stephan Gaskins

IPC: G06F12/0891 ,  G06F12/0842 ,  G06F1/32 ,  G06F12/0864 ,  G06F12/0893 ,  G06F9/50

Abstract: A microprocessor includes a cache memory and a control module. The control module makes the cache size zero and subsequently make it between zero and a full size of the cache, counts a number of evictions from the cache after making the size between zero and full and increase the size when the number of evictions reaches a predetermined number of evictions. Alternatively, a microprocessor includes: multiple cores, each having a first cache memory; a second cache memory shared by the cores; and a control module. The control module puts all the cores to sleep and makes the second cache size zero and receives a command to wakeup one of the cores. The control module counts a number of evictions from the first cache of the awakened core after receiving the command and makes the second cache size non-zero when the number of evictions reaches a predetermined number of evictions.

公开(公告)号：US10198269B2

公开(公告)日：2019-02-05

申请号：US14281657

申请日：2014-05-19

Applicant: VIA TECHNOLOGIES, INC.

Inventor： G. Glenn Henry ,  Terry Parks ,  Darius D. Gaskins

IPC: G06F9/44 ,  G06F1/32 ,  G06F9/38 ,  G06F12/084 ,  G06F13/24 ,  G06F9/4401 ,  G06F13/364 ,  G06F12/0808 ,  G06F9/30 ,  G06F12/0875 ,  G06F1/04 ,  G06F1/12 ,  G06F13/42 ,  G06F21/53 ,  G06F21/57 ,  H04L9/08 ,  H01L21/66

Abstract: A microprocessor includes a plurality of processing cores and a configuration register configured to indicate whether each of the plurality of processing cores is enabled or disabled. Each enabled one of the plurality of processing cores is configured to read the configuration register in a first instance to determine which of the plurality of processing cores is enabled or disabled and generate a respective configuration-related value based on the read of the configuration register in the first instance. The configuration register is updated to indicate that a previously enabled one of the plurality of processing cores is disabled. Each enabled one of the plurality of processing cores is configured to read the configuration register in a second instance to determine which of the plurality of processing cores is enabled or disabled and generate the respective configuration-related value based on the read of the configuration register in the second instance.

公开(公告)号：US09836610B2

公开(公告)日：2017-12-05

申请号：US15380015

申请日：2016-12-15

Applicant: VIA TECHNOLOGIES, INC.

Inventor： G. Glenn Henry

IPC: G06F21/57 ,  G06F9/44 ,  H04L29/06 ,  G06F13/24 ,  G06F13/42 ,  H04L9/32

CPC classification number: G06F21/572 ,  G06F9/4401 ,  G06F13/24 ,  G06F13/4282 ,  G06F21/554 ,  G06F2221/2107 ,  H04L9/06 ,  H04L9/0618 ,  H04L9/0869 ,  H04L9/3231 ,  H04L9/3242 ,  H04L63/0435 ,  H04L63/0876 ,  H04L63/123

Abstract: An apparatus is provided for protecting a basic input/output system (BIOS) in a computing system. The apparatus includes a BIOS read only memory (ROM), an event detector, and a tamper detector. The BIOS ROM has BIOS contents that are stored as plaintext, and an encrypted message digest, where the encrypted message digest comprises an encrypted version of a first message digest that corresponds to the BIOS contents, and where and the encrypted version is generated via a symmetric key algorithm and a key. The event detector is configured to generate a BIOS check interrupt that interrupts normal operation of the computing system upon the occurrence of an event, where the event includes one or more occurrences of a change in virtual memory mapping. The tamper detector is operatively coupled to the BIOS ROM and is configured to access the BIOS contents and the encrypted message digest upon assertion of the BIOS check interrupt, and is configured to direct a microprocessor to generate a second message digest corresponding to the BIOS contents and a decrypted message digest corresponding to the encrypted message digest using the symmetric key algorithm and the key, and is configured to compare the second message digest with the decrypted message digest, and configured to preclude the operation of the microprocessor if the second message digest and the decrypted message digest are not equal. The microprocessor includes a dedicated crypto/hash unit disposed within execution logic, where the crypto/hash unit generates the second message digest and the decrypted message digest, and where the key is exclusively accessed by the crypto/hash unit. The microprocessor further has a random number generator disposed within the execution logic, where the random number generator generates a random number at completion of a current BIOS check, which is employed by the event detector to randomly set a number of occurrences of the event that are to occur before a following BIOS check.

公开(公告)号：US09798880B2

公开(公告)日：2017-10-24

申请号：US15338620

申请日：2016-10-31

Applicant: VIA TECHNOLOGIES, INC.

Inventor： G. Glenn Henry

IPC: G06F21/57 ,  H04L9/06 ,  G06F21/78

CPC classification number: G06F21/572 ,  G06F21/78 ,  G06F2221/2139 ,  H04L9/0631 ,  H04L9/0643

Abstract: An apparatus for protecting BIOS, including a BIOS ROM, a detector, a generator, JTAG control, a machine specific register, and a controller. The BIOS ROM stores plaintext and an encrypted digest that is an encrypted version of a first digest corresponding to BIOS contents. The detector generates an interrupt at a combination of prescribed intervals and event occurrences, accesses the BIOS contents and the encrypted digest upon the interrupt, and directs a microprocessor to generate a second digest of the BIOS contents and a decrypted digest corresponding to the encrypted digest, compares the second digest with the decrypted digest, and precludes operation of the microprocessor when the second digest and decrypted digest are unequal. A random number is generated at completion of a current BIOS check, and sets a following prescribed interval. JTAG control programs the combination of prescribed intervals and event occurrences.

公开(公告)号：US09792112B2

公开(公告)日：2017-10-17

申请号：US14281786

申请日：2014-05-19

Applicant: VIA TECHNOLOGIES, INC.

Inventor： G. Glenn Henry ,  Stephan Gaskins

IPC: G06F9/445 ,  G06F9/44 ,  G06F11/36 ,  G06F9/32 ,  G06F9/26

CPC classification number: G06F8/665 ,  G06F8/654 ,  G06F8/656 ,  G06F8/67 ,  G06F9/268 ,  G06F9/328 ,  G06F11/366 ,  Y02B60/183 ,  Y02D10/42

Abstract: A microprocessor includes a plurality of processing cores, wherein each of the plurality of processing cores executes microcode and comprises hardware to patch the microcode. A first core of the plurality of processing cores is configured to encounter an instruction that instructs the first core to apply a microcode patch. The first core of the plurality of processing cores is further configured to, in response to encountering the instruction, inform each core of the other of the plurality of processing cores of the microcode patch and apply the microcode patch to the hardware of the first core. Each core of the plurality of processing cores other than the first core is configured to apply the microcode patch to the hardware of the core, in response to being informed by the first core.

公开(公告)号：US09779243B2

公开(公告)日：2017-10-03

申请号：US15338607

申请日：2016-10-31

Applicant: VIA TECHNOLOGIES, INC.

Inventor： G. Glenn Henry

IPC: G06F21/57 ,  G06F9/44 ,  H04L29/06 ,  H04L9/32

CPC classification number: G06F21/572 ,  G06F9/4406 ,  G06F2221/2139 ,  H04L9/3234 ,  H04L63/0876 ,  H04L63/123

Abstract: An apparatus for protecting BIOS, including a BIOS ROM, a detector, a generator, JTAG control, a fuse, and a controller. The BIOS ROM stores plaintext and an encrypted digest that is an encrypted version of a first digest corresponding to BIOS contents. The detector generates an interrupt at a combination of prescribed intervals and event occurrences, accesses the BIOS contents and the encrypted digest upon the interrupt, and directs a microprocessor to generate a second digest of the BIOS contents and a decrypted digest corresponding to the encrypted digest, compares the second digest with the decrypted digest, and precludes operation of the microprocessor when the second digest and decrypted digest are unequal. A random number is generated completion of a current BIOS check, and sets a following prescribed interval. JTAG control programs the combination of prescribed intervals and event occurrences.