摘要:
In one embodiment, a processing node includes a plurality of processor cores and a reconfigurable interconnect. The processing node also includes a controller configured to schedule transactions received from each processor core. The interconnect may be coupled to convey between a first processor core and the controller, transactions that each include a first corresponding indicator that indicates the source of the transaction. The interconnect may also be coupled to convey transactions between a second processor core and the controller, transactions that each include a second corresponding indicator that indicates the source of the transaction. When operating in a first mode, the interconnect is configurable to cause the first indicator to indicate that the corresponding transactions were conveyed from the second processor core and to cause the second indicator to indicate that the corresponding transactions were conveyed from the first processor core.
摘要:
A computer system includes a processor which may initialize a secure execution mode by executing a security initialization instruction. Further, the processor may operate in the secure execution mode by executing a secure operating system code segment. The computer system also includes an input/output (I/O) interface coupled to the processor via an I/O link. The I/O interface may receive transactions performed as a result of the execution of the security initialization instruction. The transactions include at least a portion of the secure operating system code segment. The I/O interface may also determine whether the processor is a source of the transactions. The computer system further includes a security services processor coupled to the I/O interface via a peripheral bus. The I/O interface may convey the transactions to the security services processor dependent upon determining that the processor is the source of the transactions.
摘要翻译:计算机系统包括可以通过执行安全初始化指令来初始化安全执行模式的处理器。 此外,处理器可以通过执行安全操作系统代码段在安全执行模式下操作。 计算机系统还包括通过I / O链路耦合到处理器的输入/输出(I / O)接口。 I / O接口可以接收由于执行安全初始化指令而执行的事务。 交易包括安全操作系统代码段的至少一部分。 I / O接口还可以确定处理器是否是事务的来源。 计算机系统还包括通过外围总线耦合到I / O接口的安全服务处理器。 取决于确定处理器是交易的来源,I / O接口可以将交易传达给安全服务处理器。
摘要:
The initialization of a computer system including a secure execution mode-capable processor includes storing a secure operating system code segment loader to a plurality of locations corresponding to a particular range of addresses within a system memory. The method also includes executing a security initialization instruction. Executing the security initialization instruction may cause several operations to be performed including transmitting a start transaction including a base address of the particular range of addresses. In addition, executing the security instruction may also cause another operation to be performed including retrieving the secure operating system code segment loader from the system memory and transmitting the secure operating system code segment loader for validation as a plurality of data transactions.
摘要:
A processor generates a mode indication based on two or more other indications. The mode indication is indicative of whether or not a particular mode is active in the processor. Each indication is stored in a storage location which is addressable via a different instruction. In one embodiment, a long mode in which a 64 bit operating mode is selectable in addition to 32 bit and 16 bit modes may be activated via a long mode active indication. The long mode active indication may be generated by the processor, and may indicate that long mode is active if paging is enabled and a long mode enable indication indicates that long mode is enabled. In this manner, long mode may be activated after paging is enabled (with a set of long mode page tables indicated by the page table base address).
摘要:
A system is configured to selectively block peripheral accesses to system memory. The system includes a secure execution mode (SEM)-capable processor configured to operate in a trusted execution mode. The system also includes a system memory including a plurality of addressable locations. The system further includes a memory controller that may determine a source of an access request to one or more of the plurality of locations of the system memory. The memory controller may further allow the access request to proceed in response to determining that the source of the access request is the SEM-capable processor.
摘要:
A processor supports a processing mode in which the default address size is greater than 32 bits and the default operand size is 32 bits. The default address size may be nominally indicated as 64 bits, although various embodiments of the processor may implement any address size which exceeds 32 bits, up to and including 64 bits, in the processing mode. The processing mode may be established by placing an enable indication in a control register into an enabled state and by setting a first operating mode indication and a second operating mode indication in a segment descriptor to predefined states. Additionally, an instruction prefix may be coded into an instruction to override the default address and/or operand size. Thus, an address size of 32 bits may be used when desired, and an operand size of 64 bits may be used when desired.
摘要:
A method is provided for controlling interrupts in a secure execution mode-capable processor. The method includes detecting an interrupt and performing a predetermined routine in response to detecting the interrupt. The method further includes performing a second routine prior to performing the predetermined routine in response to detecting the interrupt depending upon whether the processor is operating in a secure execution mode.
摘要:
Controlling access to a control register of a microprocessor. A method of controlling access to a control register such as CR3, for example, of a processor having a normal execution mode and a secure execution mode may include storing address translation table information in the control register, allowing a software invoked write access to modify the address translation table information during the normal execution mode and selectively inhibiting the software invoked write during the secure execution mode.
摘要:
A method of controlling a secure execution mode-capable processor includes allowing a plurality of interrupts to interrupt the secure execution mode-capable processor when the secure execution mode-capable processor is operating in a non-secure execution mode. The method also includes disabling the plurality of interrupts from interrupting the secure execution mode-capable processor when the secure execution mode-capable processor is operating in a secure execution mode.
摘要:
A method of controlling access to an address translation data structure of a computer system. The computer system includes a processor having a normal execution mode and a secure execution mode. The method includes executing code and generating a linear address. During translation of the linear address into a physical address, the method also includes generating a read-only page fault exception during the normal execution mode in response to detecting a software invoked write access to an address translation data structure having a read/write attribute set to be read-only. The method further includes selectively generating either the read-only page fault exception or a security exception during the secure execution mode in response to detecting the software invoked write access.