-
1.发明授权Computer system including a secure execution mode-capable CPU and a security services processor connected via a secure communication path 有权计算机系统包括安全执行模式的CPU和通过安全通信路径连接的安全服务处理器公开(公告)号:US07603550B2
公开(公告)日:2009-10-13
申请号:US10419082
申请日:2003-04-18
申请人: Kevin J. McGrath , Geoffrey S. Strongin , Dale E. Gulick , William A. Hughes , David S. Christie
发明人: Kevin J. McGrath , Geoffrey S. Strongin , Dale E. Gulick , William A. Hughes , David S. Christie
CPC分类号: G06F9/4403 , G06F21/10 , G06F21/74
摘要: A computer system includes a processor which may initialize a secure execution mode by executing a security initialization instruction. Further, the processor may operate in the secure execution mode by executing a secure operating system code segment. The computer system also includes an input/output (I/O) interface coupled to the processor via an I/O link. The I/O interface may receive transactions performed as a result of the execution of the security initialization instruction. The transactions include at least a portion of the secure operating system code segment. The I/O interface may also determine whether the processor is a source of the transactions. The computer system further includes a security services processor coupled to the I/O interface via a peripheral bus. The I/O interface may convey the transactions to the security services processor dependent upon determining that the processor is the source of the transactions.
摘要翻译: 计算机系统包括可以通过执行安全初始化指令来初始化安全执行模式的处理器。 此外,处理器可以通过执行安全操作系统代码段在安全执行模式下操作。 计算机系统还包括通过I / O链路耦合到处理器的输入/输出(I / O)接口。 I / O接口可以接收由于执行安全初始化指令而执行的事务。 交易包括安全操作系统代码段的至少一部分。 I / O接口还可以确定处理器是否是事务的来源。 计算机系统还包括通过外围总线耦合到I / O接口的安全服务处理器。 取决于确定处理器是交易的来源,I / O接口可以将交易传达给安全服务处理器。
-
2.发明授权Address size and operand size prefix overrides for default sizes defined by an operating mode of a processor 有权由处理器的操作模式定义的默认大小的地址大小和操作数大小前缀替换公开(公告)号:US06571330B1
公开(公告)日:2003-05-27
申请号:US09483560
申请日:2000-01-14
申请人: Kevin J. McGrath , Michael T. Clark
发明人: Kevin J. McGrath , Michael T. Clark
IPC分类号: G06F934
CPC分类号: G06F9/30192 , G06F9/30185 , G06F9/30189 , G06F9/342
摘要: A processor supports a processing mode in which the default address size is greater than 32 bits and the default operand size is 32 bits. The default address size may be nominally indicated as 64 bits, although various embodiments of the processor may implement any address size which exceeds 32 bits, up to and including 64 bits, in the processing mode. The processing mode may be established by placing an enable indication in a control register into an enabled state and by setting a first operating mode indication and a second operating mode indication in a segment descriptor to predefined states. Additionally, an instruction prefix may be coded into an instruction to override the default address and/or operand size. Thus, an address size of 32 bits may be used when desired, and an operand size of 64 bits may be used when desired.
摘要翻译: 处理器支持默认地址大小大于32位,默认操作数大小为32位的处理模式。 默认地址大小可以标称地指示为64位,尽管处理器的各种实施例可以在处理模式中实现超过32位,高达并包括64位的任何地址大小。 可以通过将控制寄存器中的使能指示置于使能状态并且通过将段描述符中的第一操作模式指示和第二操作模式指示设置为预定状态来建立处理模式。 另外,指令前缀可以被编码到用于覆盖默认地址和/或操作数大小的指令中。 因此,如果需要,可以使用32位的地址大小,并且当需要时可以使用64位的操作数大小。
-
3.发明授权Method and apparatus for controlling operation of a secure execution mode-capable processor in system management mode 有权用于在系统管理模式下控制具有安全执行模式的处理器的操作的方法和装置公开(公告)号:US07496966B1
公开(公告)日:2009-02-24
申请号:US10419120
申请日:2003-04-18
CPC分类号: G06F9/4403 , G06F21/10 , G06F21/74
摘要: A method for controlling operation of a secure execution mode-capable processor includes receiving access requests to a plurality of addressable locations within a system memory. The method may further include preventing the access requests from completing in response to determining that the secure execution mode-capable processor is operating in a secure execution mode.
摘要翻译: 一种用于控制具有安全执行模式的处理器的操作的方法,包括:接收对系统存储器内的多个可寻址位置的访问请求。 所述方法可以进一步包括响应于确定具有安全执行模式的处理器在安全执行模式中操作来防止访问请求完成。
-
公开(公告)号:US07418584B1
公开(公告)日:2008-08-26
申请号:US11066752
申请日:2005-02-25
CPC分类号: G06F9/45533
摘要: In one embodiment, a register in a processor is programmable with an intercept indication indicative of whether or not an event that would cause a transition by the processor to a first mode is to be intercepted during execution of a guest. Responsive to the intercept indication and further responsive to detecting the event, execution circuitry in the processor is configured to exit the guest. In another embodiment, a method comprises: detecting an event that would cause a processor to transition to a first mode, wherein first code is to be executed in the first mode; and causing the first code to be executed in a guest responsive to the detecting. In still another embodiment, a computer accessible medium comprising instructions which when executed in response to detecting the event, cause the first code to be executed in a guest.
摘要翻译: 在一个实施例中,处理器中的寄存器是可编程的,其中拦截指示指示在执行客户期间是否将由处理器转换到第一模式的事件被拦截。 响应于拦截指示并进一步响应于检测事件,处理器中的执行电路被配置为退出客人。 在另一个实施例中,一种方法包括:检测将导致处理器转换到第一模式的事件,其中第一代码将以第一模式执行; 并且响应于检测使得在客人中执行第一代码。 在另一个实施例中,一种包括指令的计算机可访问介质,当被响应于检测到事件而被执行时,导致第一代码在客户机中被执行。
-
5.发明授权Mechanism for selectively blocking peripheral device accesses to system memory 有权选择性地阻止外围设备访问系统内存的机制公开(公告)号:US07146477B1
公开(公告)日:2006-12-05
申请号:US10419090
申请日:2003-04-18
IPC分类号: G06F12/00
CPC分类号: G06F12/1475
摘要: A system is configured to selectively block peripheral accesses to system memory. The system includes a secure execution mode (SEM)-capable processor configured to operate in a trusted execution mode. The system also includes a system memory including a plurality of addressable locations. The system further includes a memory controller that may determine a source of an access request to one or more of the plurality of locations of the system memory. The memory controller may further allow the access request to proceed in response to determining that the source of the access request is the SEM-capable processor.
摘要翻译: 系统被配置为选择性地阻止对系统存储器的外围访问。 该系统包括被配置为以可信执行模式操作的安全执行模式(SEM)能力处理器。 该系统还包括包括多个可寻址位置的系统存储器。 系统还包括存储器控制器,其可以确定对系统存储器的多个位置中的一个或多个的访问请求的来源。 响应于确定访问请求的源是具有SEM能力的处理器,存储器控制器还可以允许访问请求继续进行。
-
公开(公告)号:US06973562B1
公开(公告)日:2005-12-06
申请号:US09483101
申请日:2000-01-14
申请人: Kevin J. McGrath , Michael T. Clark
发明人: Kevin J. McGrath , Michael T. Clark
CPC分类号: G06F9/30189 , G06F9/30185 , G06F9/342
摘要: A processor supports a processing mode in which the address size is greater than 32 bits and the operand size may be 32 or 64 bits. The address size may be nominally indicated as 64 bits, although various embodiments of the processor may implement any address size which exceeds 32 bits, up to and including 64 bits, in the processing mode. The processing mode may be established by placing an enable indication in a control register into an enabled state and by setting a first operating mode indication and a second operating mode indication in a segment descriptor to predefined states. Other combinations of the first operating mode indication and the second operating mode indication may be used to provide compatibility modes for 32 bit and 16 bit processing compatible with the x86 processor architecture (with the enable indication remaining in the enabled state).
摘要翻译: 处理器支持地址大小大于32位的处理模式,操作数大小可以是32位或64位。 地址大小可以名义上表示为64位,尽管在处理模式下,处理器的各种实施例可以实现超过32位,高达并包括64位的任何地址大小。 可以通过将控制寄存器中的使能指示置于使能状态并且通过将段描述符中的第一操作模式指示和第二操作模式指示设置为预定状态来建立处理模式。 可以使用第一操作模式指示和第二操作模式指示的其他组合来提供与x86处理器架构兼容的32位和16位处理的兼容性模式(使能指示保持在使能状态)。
-
7.发明授权Instruction causing swap of base address from segment register with address from another register 有权指令引起来自段寄存器的基地址与另一寄存器的地址的交换公开(公告)号:US06901505B2
公开(公告)日:2005-05-31
申请号:US09927054
申请日:2001-08-09
申请人: Kevin J. McGrath
发明人: Kevin J. McGrath
CPC分类号: G06F9/30032 , G06F9/30036 , G06F9/3004 , G06F9/30101 , G06F9/3013 , G06F9/30192
摘要: A processor is described which executes an instruction defined to swap the contents of at least one special purpose register (e.g. an MSR or a segment register) and another register. In some implementations, both of the registers are special purpose registers (e.g. a segment register and an MSR). The instruction may be used to provide a pointer to an operating system data structure in a register useable for address generation, and to preserve the content of that register in the other register involved in the swap. For example, in the segment register/MSR embodiment, the MSR may store the pointer and the segment register base address may be used in address generation operations.
摘要翻译: 描述了处理器,其执行定义为交换至少一个专用寄存器(例如,MSR或段寄存器)和另一个寄存器的内容的指令。 在一些实现中,这两个寄存器是专用寄存器(例如,段寄存器和MSR)。 该指令可用于提供指向可用于地址生成的寄存器中的操作系统数据结构的指针,并且将该寄存器的内容保留在交换中涉及的另一个寄存器中。 例如,在段寄存器/ MSR实施例中,MSR可以存储指针,并且可以在地址生成操作中使用段寄存器基地址。
-
8.发明授权Processor which overrides default operand size for implicit stack pointer references and near branches 有权处理器覆盖隐式堆栈指针引用和附近分支的默认操作数大小公开(公告)号:US06807622B1
公开(公告)日:2004-10-19
申请号:US09824992
申请日:2001-04-02
申请人: Kevin J. McGrath
发明人: Kevin J. McGrath
IPC分类号: G06F934
CPC分类号: G06F9/30101 , G06F9/30185 , G06F9/30189 , G06F9/342
摘要: A processor supports a mode in which the default operand size is 32 bits, but which supports operand size overrides to 64 bits. Furthermore, the default operand size may automatically be overridden to 64 bits for instructions having an implicit stack pointer reference and for near branch instructions. The overriding of the default operand size may occur without requiring an operand size override encoding in these instructions. In one embodiment, the instruction set specifying the instructions may be a variable byte length instruction set (e.g. x86), and the operand size override encoding may be a prefix byte which increases the instruction length.
摘要翻译: 处理器支持默认操作数大小为32位,但支持操作数大小为64位的模式。 此外,对于具有隐式堆栈指针引用和近分支指令的指令,默认操作数大小可以自动被重写为64位。 默认操作数大小的覆盖可能会发生,而不需要这些指令中的操作数大小覆盖编码。 在一个实施例中,指定指令的指令集可以是可变字节长度指令集(例如x86),并且操作数大小覆盖编码可以是增加指令长度的前缀字节。
-
公开(公告)号:US06715063B1
公开(公告)日:2004-03-30
申请号:US09483078
申请日:2000-01-14
申请人: Kevin J. McGrath
发明人: Kevin J. McGrath
IPC分类号: G06F934
CPC分类号: G06F9/342 , G06F9/30185 , G06F9/30189 , G06F9/322 , G06F9/34
摘要: A processor supports a first processing mode in which the address size is greater than 32 bits. The address size may be nominally indicated as 64 bits, although various embodiments of the processor may implement any address size which exceeds 32 bits, up to and including 64 bits, in the first processing mode. The first processing mode may be established by placing an enable indication in a control register into an enabled state and by setting a first operating mode indication and a second operating mode indication in a segment descriptor to predefined states. Other combinations of the first operating mode indication and the second operating mode indication may be used to provide compatibility modes for 32 bit and 16 bit processing compatible with the x86 processor architecture (with the enable indication remaining in the enabled state). To call code operating in the first processing mode from the 32 bit or 16 bit code, a call gate descriptor is defined which occupies two entries in a segment descriptor table. By occupying two entries, each of which may otherwise store a segment descriptor, the call gate descriptor may include enough space to store an address in excess of 32 bits. Thus, a calling code segment may reference a call gate descriptor, which may reference the target code segment and may provide an address within the address space of the target code segment, even if the address exceeds the address size in the calling code segment.
摘要翻译: 处理器支持地址大小大于32位的第一处理模式。 尽管处理器的各种实施例可以在第一处理模式中实现超过32位,直到并包括64位的任何地址大小,但地址大小可以名义上表示为64位。 可以通过将控制寄存器中的使能指示置于使能状态,并通过将段描述符中的第一操作模式指示和第二操作模式指示设置为预定状态来建立第一处理模式。 可以使用第一操作模式指示和第二操作模式指示的其他组合来提供与x86处理器架构兼容的32位和16位处理的兼容性模式(使能指示保持在使能状态)。 为了从32位或16位代码调用以第一处理模式运行的代码,定义了占用段描述符表中两个条目的调用门限描述符。 通过占用两个条目,每个条目可以另外存储段描述符,呼叫门描述符可以包括足够的空间来存储超过32位的地址。 因此,呼叫代码段可以引用呼叫门描述符,其可以引用目标代码段,并且可以在目标代码段的地址空间内提供地址,即使地址超过调用代码段中的地址大小。
-
公开(公告)号:US06604187B1
公开(公告)日:2003-08-05
申请号:US09596636
申请日:2000-06-19
申请人: Kevin J. McGrath , Stephan G. Meier
发明人: Kevin J. McGrath , Stephan G. Meier
IPC分类号: G06F1208
CPC分类号: G06F12/1036 , G06F2212/656 , G06F2212/683
摘要: A processor provides a register for storing an address space number (ASN). Operating system software may assign different ASNs to different processes. The processor may include a TLB to cache translations, and the TLB may record the ASN from the ASN register in a TLB entry being loaded. Thus, translations may be associated with processes through the ASNs. Generally, a TLB hit will be detected in an entry if the virtual address to be translated matches the virtual address tag and the ASN matches the ASN stored in the register. Additionally, the processor may use an indication from the translation table entries to indicate whether or not a translation is global. If a translation is global, then the ASN comparison is not included in detecting a hit in the TLB. Thus, translations which are used by more than one process may not occupy multiple TLB entries. Instead, a hit may be detected on the TLB entry storing the global translation even though the recorded ASN may not match the current ASN. In one embodiment, if ASNs are disabled, the TLB may be flushed on context switches. However, the indication from the translation table entries used to indicate that the translation is global may be used (when ASNs are disabled) by the TLB to selectively invalidate non-global translations on a context switch while not invalidating global translations.
摘要翻译: 处理器提供用于存储地址空间号(ASN)的寄存器。 操作系统软件可以将不同的ASN分配给不同的进程。 处理器可以包括用于高速缓存转换的TLB,并且TLB可以在正在加载的TLB条目中从ASN寄存器记录ASN。 因此,翻译可以通过ASN与进程相关联。 通常,如果要转换的虚拟地址与虚拟地址标签匹配并且ASN与存储在寄存器中的ASN相匹配,则将在条目中检测到TLB命中。 另外,处理器可以使用来自转换表条目的指示来指示翻译是否是全局的。 如果翻译是全局的,则在检测到TLB中的命中时不包括ASN比较。 因此,由多个进程使用的转换可能不占用多个TLB条目。 相反,即使记录的ASN可能与当前ASN不匹配,也可以在存储全局转换的TLB条目上检测到命中。 在一个实施例中,如果ASN被禁用,则可以在上下文切换上刷新TLB。 然而,可以使用用于指示翻译是全局的翻译表条目的指示(当ASN被禁用时)由TLB选择性地使上下文切换上的非全局翻译无效,而不会使全局翻译无效。
-
-
-
-
-
-
-
-
-
搜索结果
38 条记录 (耗时 0.027 秒)
