-
公开(公告)号:US08612729B2
公开(公告)日:2013-12-17
申请号:US11957930
申请日:2007-12-17
CPC分类号: G06F9/30145 , G06F9/30174 , G06F9/30178 , G06F9/30181 , G06F9/328 , G06F9/3885 , G06F21/572 , G06F21/76
摘要: In one embodiment, a processor comprises a programmable map and a circuit. The programmable map is configured to store data that identifies at least one instruction for which an architectural modification of an instruction set architecture implemented by the processor has been defined, wherein the processor does not implement the modification. The circuitry is configured to detect the instruction or its memory operands and cause a transition to Known Good Code (KGC), wherein the KGC is protected from unauthorized modification and is provided from an authenticated entity. The KGC comprises code that, when executed, emulates the modification. In another embodiment, an integrated circuit comprises at least one processor core; at least one other circuit; and a KGC source configured to supply KGC to the processor core for execution. The KGC comprises interface code for the other circuit whereby an application executing on the processor core interfaces to the other circuit through the KGC.
-
2.发明授权Uses of known good code for implementing processor architectural modifications 有权使用已知的良好代码来实现处理器架构修改公开(公告)号:US07831813B2
公开(公告)日:2010-11-09
申请号:US11957848
申请日:2007-12-17
IPC分类号: G06F9/455
CPC分类号: G06F9/30174 , G06F9/30178 , G06F9/30181 , G06F21/57
摘要: In one embodiment, a processor comprises a programmable map and a circuit. The programmable map is configured to store data that identifies at least one instruction for which an architectural modification of an instruction set architecture implemented by the processor has been defined, wherein the processor does not implement the modification. The circuitry is configured to detect the instruction or its memory operands and cause a transition to Known Good Code (KGC), wherein the KGC is protected from unauthorized modification and is provided from an authenticated entity. The KGC comprises code that, when executed, emulates the modification. In another embodiment, an integrated circuit comprises at least one processor core; at least one other circuit; and a KGC source configured to supply KGC to the processor core for execution. The KGC comprises interface code for the other circuit whereby an application executing on the processor core interfaces to the other circuit through the KGC.
摘要翻译: 在一个实施例中,处理器包括可编程映射和电路。 可编程映射被配置为存储标识至少一个指令的数据,对于该指令已经定义了由处理器实现的指令集架构的架构修改,其中处理器不实现修改。 电路被配置为检测指令或其存储器操作数并且导致转换到已知的良好代码(KGC),其中KGC被保护免受未经授权的修改,并且从认证实体提供。 KGC包括在执行时模拟修改的代码。 在另一实施例中,集成电路包括至少一个处理器核心; 至少一个其他电路; 以及配置为向处理器核心提供KGC以供执行的KGC源。 KGC包括用于另一电路的接口代码,由此在处理器核上执行的应用程序通过KGC与另一电路接口。
-
3.发明申请Uses of Known Good Code for Implementing Processor Architectural Modifications 有权使用已知的良好代码实现处理器架构修改公开(公告)号:US20090158015A1
公开(公告)日:2009-06-18
申请号:US11957848
申请日:2007-12-17
IPC分类号: G06F9/30
CPC分类号: G06F9/30174 , G06F9/30178 , G06F9/30181 , G06F21/57
摘要: In one embodiment, a processor comprises a programmable map and a circuit. The programmable map is configured to store data that identifies at least one instruction for which an architectural modification of an instruction set architecture implemented by the processor has been defined, wherein the processor does not implement the modification. The circuitry is configured to detect the instruction or its memory operands and cause a transition to Known Good Code (KGC), wherein the KGC is protected from unauthorized modification and is provided from an authenticated entity. The KGC comprises code that, when executed, emulates the modification. In another embodiment, an integrated circuit comprises at least one processor core; at least one other circuit; and a KGC source configured to supply KGC to the processor core for execution. The KGC comprises interface code for the other circuit whereby an application executing on the processor core interfaces to the other circuit through the KGC.
摘要翻译: 在一个实施例中,处理器包括可编程映射和电路。 可编程映射被配置为存储标识至少一个指令的数据,对于该指令已经定义了由处理器实现的指令集架构的架构修改,其中处理器不实现修改。 电路被配置为检测指令或其存储器操作数并且导致转换到已知的良好代码(KGC),其中KGC被保护免受未经授权的修改,并且从认证实体提供。 KGC包括在执行时模拟修改的代码。 在另一实施例中,集成电路包括至少一个处理器核心; 至少一个其他电路; 以及配置为向处理器核心提供KGC以供执行的KGC源。 KGC包括用于另一电路的接口代码,由此在处理器核上执行的应用程序通过KGC与另一电路接口。
-
公开(公告)号:US20100174890A1
公开(公告)日:2010-07-08
申请号:US11957930
申请日:2007-12-17
CPC分类号: G06F9/30145 , G06F9/30174 , G06F9/30178 , G06F9/30181 , G06F9/328 , G06F9/3885 , G06F21/572 , G06F21/76
摘要: In one embodiment, a processor comprises a programmable map and a circuit. The programmable map is configured to store data that identifies at least one instruction for which an architectural modification of an instruction set architecture implemented by the processor has been defined, wherein the processor does not implement the modification. The circuitry is configured to detect the instruction or its memory operands and cause a transition to Known Good Code (KGC), wherein the KGC is protected from unauthorized modification and is provided from an authenticated entity. The KGC comprises code that, when executed, emulates the modification. In another embodiment, an integrated circuit comprises at least one processor core; at least one other circuit; and a KGC source configured to supply KGC to the processor core for execution. The KGC comprises interface code for the other circuit whereby an application executing on the processor core interfaces to the other circuit through the KGC.
摘要翻译: 在一个实施例中,处理器包括可编程映射和电路。 可编程映射被配置为存储标识至少一个指令的数据,对于该指令已经定义了由处理器实现的指令集架构的架构修改,其中处理器不实现修改。 电路被配置为检测指令或其存储器操作数并且导致转换到已知的良好代码(KGC),其中KGC被保护免受未经授权的修改,并且从认证实体提供。 KGC包括在执行时模拟修改的代码。 在另一实施例中,集成电路包括至少一个处理器核心; 至少一个其他电路; 以及配置为向处理器核心提供KGC以供执行的KGC源。 KGC包括用于另一电路的接口代码,由此在处理器核上执行的应用程序通过KGC与另一电路接口。
-
5.发明申请Limited Functionality Mode for Secure, Remote, Decoupled Computer Ownership 审中-公开有限的功能模式,用于安全,远程,去耦计算机所有权公开(公告)号:US20090183245A1
公开(公告)日:2009-07-16
申请号:US11972351
申请日:2008-01-10
IPC分类号: H04L9/32
CPC分类号: G06F21/62 , G06F21/70 , G06F2221/2137
摘要: In one embodiment, a computer system comprises one or more components and a secure computing environment coupled to the components. The secure computing environment is configured to program at least one of the components to enter a limited functionality mode responsive to expiration of a use right to the computer system, wherein operation of the computer system in the limited functionality mode is reduced compared to operation when the use right has not expired. The secure computing environment is configured to monitor the components in the limited functionality mode to detect that a limited functionality mode configuration has been modified by an unauthorized entity and to cause the computer system to enter a second mode in which operation of the computer system is reduced compared to operation in the limited functionality mode in response. In another embodiment, the secure computing environment detects a non-temporal event that indicates a violation of an owner-imposed restriction and enters a limited functionality mode.
摘要翻译: 在一个实施例中,计算机系统包括耦合到组件的一个或多个组件和安全计算环境。 安全计算环境被配置为响应于对计算机系统的使用权限到期而对组件中的至少一个进行编程以进入有限的功能模式,其中与有限功能模式下的操作相比,有限功能模式中的计算机系统的操作被减少 使用权尚未到期。 安全计算环境被配置为以有限功能模式监视组件以检测受限制的功能模式配置已被未经授权的实体修改并且使得计算机系统进入计算机系统的操作减少的第二模式 与在有限功能模式下的操作相比。 在另一个实施例中,安全计算环境检测指示违反所有者施加的限制的非时间事件并进入有限的功能模式。
-
6.发明申请COMPUTER SYSTEM INCLUDING A MAIN PROCESSOR AND A BOUND SECURITY COPROCESSOR 审中-公开包括一个主处理器和一个重要的安全性共同计算机的计算机系统公开(公告)号:US20090193230A1
公开(公告)日:2009-07-30
申请号:US12022446
申请日:2008-01-30
IPC分类号: G06F15/80
CPC分类号: G06F21/74 , G06F21/445 , G06F21/575 , G06F21/71 , G06F2221/2101 , G06F2221/2105
摘要: A computer system includes a main processor and a security control processor that is coupled to the main processor and configured to control and monitor an operational state of the main processor. To ensure the computer system may be trusted, the security control processor may be configured to hold the main processor in a slave mode during initialization of the security control processor such that the main processor is not operable to fetch and execute instructions from an instruction source external to the main processor, for example. In addition, the security control processor may be configured to initialize the operational state of the main processor to a predetermined state by transferring to the main processor via a control interface one or more instructions and to cause the main processor to execute the one or more instructions while the main processor is held in the slave mode.
摘要翻译: 计算机系统包括主处理器和安全控制处理器,其连接到主处理器并且被配置为控制和监视主处理器的操作状态。 为了确保计算机系统可以被信任,安全控制处理器可以被配置为在安全控制处理器的初始化期间将主处理器保持在从模式,使得主处理器不可操作地从指令源外部获取和执行指令 以主处理器为例。 此外,安全控制处理器可以被配置为通过经由控制接口将一个或多个指令传送到主处理器来将主处理器的操作状态初始化到预定状态,并且使主处理器执行一个或多个指令 而主处理器则保持在从模式。
-
7.发明申请COMPUTER SYSTEM COMPRISING A SECURE BOOT MECHANISM ON THE BASIS OF SYMMETRIC KEY ENCRYPTION 有权基于对称密钥加密的安全引导机制的计算机系统公开(公告)号:US20090276617A1
公开(公告)日:2009-11-05
申请号:US12355900
申请日:2009-01-19
申请人: Michael Grell , Ralf Findeisen , Frank Schuecke
发明人: Michael Grell , Ralf Findeisen , Frank Schuecke
CPC分类号: G06F21/575
摘要: A CPU, a computer system and a secure boot mechanism are provided in which a symmetric encryption key may be incorporated into a non-volatile memory area of the CPU core, thereby substantially avoiding any tampering of the encryption key by external sources. Moreover, pre-boot information may be internally stored in the CPU and may be retrieved upon a reset or power-on event in order to verify a signed boot information on the basis of the internal symmetric encryption key. Furthermore, the BIOS information may be efficiently updated by generating a signature using the internal encryption key.
摘要翻译: 提供了CPU,计算机系统和安全引导机制,其中对称加密密钥可以被并入CPU核心的非易失性存储器区域中,从而基本上避免了外部源对加密密钥的任何篡改。 此外,预引导信息可以内部存储在CPU中,并且可以在复位或开机事件时检索,以便基于内部对称加密密钥来验证签名的引导信息。 此外,可以通过使用内部加密密钥生成签名来有效地更新BIOS信息。
-
公开(公告)号:US07492747B2
公开(公告)日:2009-02-17
申请号:US11316499
申请日:2005-12-21
申请人: Axel Wachtler , Richard Powell , Michael Grell , Ralf Findeisen
发明人: Axel Wachtler , Richard Powell , Michael Grell , Ralf Findeisen
IPC分类号: H04L9/32
CPC分类号: H04L9/3271 , H04L9/3247 , H04L2209/80 , H04W8/245 , H04W12/10 , H04W12/12 , H04W84/04 , H04W88/02
摘要: The present invention relates methods for patching WWAN (Wireless Wide Area Network) communication devices and corresponding WWAN communication devices, integrated circuit chips and computer-readable media. The WWAN communication device includes a first processor, a second processor and a memory. The first processor is arranged to process patches updating software running on the WWAN communication device. The second processor is arranged to provide a first set of the patches to the first processor. The memory stores a second set of the patches to be processed by the first processor. The second processor is further arranged to send a patch end signal to the first processor, the patch end signal causing the first processor to stop processing of patches provided by the second processor. The first processor is further arranged to process the patches stored in the memory independently of the patch end signal.
摘要翻译: 本发明涉及用于修补WWAN(无线广域网)通信设备和相应的WWAN通信设备,集成电路芯片和计算机可读介质的方法。 WWAN通信设备包括第一处理器,第二处理器和存储器。 第一处理器被设置为处理在WWAN通信设备上运行的更新软件的补丁。 第二处理器被布置成向第一处理器提供第一组补丁。 存储器存储要由第一处理器处理的第二组补丁。 第二处理器还被布置为向第一处理器发送补丁结束信号,补丁结束信号使得第一处理器停止对由第二处理器提供的补丁的处理。 第一处理器还被布置成独立于补丁结束信号来处理存储在存储器中的补丁。
-
公开(公告)号:US07672828B2
公开(公告)日:2010-03-02
申请号:US11315977
申请日:2005-12-21
申请人: Michael Fiedler , Ralf Findeisen , Michael Grell , Matthias Lenk
发明人: Michael Fiedler , Ralf Findeisen , Michael Grell , Matthias Lenk
IPC分类号: G06F9/44
摘要: A software development technique is provided using target system virtualization software simulating behaviour of a target system. A target device driver running on a host system issues memory access commands to the target system virtualization software rather than to a memory interface unit of the host system. The memory interface unit may be an SRAM (Static Random Access Memory) interface. The target system may be an EGPRS (Enhanced General Packet Radio Service) modem.
摘要翻译: 使用目标系统虚拟化软件模拟目标系统的行为来提供软件开发技术。 在主机系统上运行的目标设备驱动程序向目标系统虚拟化软件而不是主机系统的存储器接口单元发出内存访问命令。 存储器接口单元可以是SRAM(静态随机存取存储器)接口。 目标系统可以是EGPRS(增强型通用分组无线业务)调制解调器。
-
公开(公告)号:US08656146B2
公开(公告)日:2014-02-18
申请号:US12186821
申请日:2008-08-06
IPC分类号: G06F9/00 , G06F15/177
CPC分类号: G06F21/575 , G06F21/72
摘要: A secure boot processing may be accomplished on the basis of a non-volatile memory that is an integral part of the CPU and which may not be modified once a pre-boot information may be programmed into the non-volatile memory. During a reset event or a power-on event, execution may be started from the internal non-volatile memory, which may also include public decryption keys for verifying a signature of a portion of a boot routine. The verification of the respective portion of the boot routine may be accomplished by using internal random access memories, thereby avoiding external access during verification of the boot routine. Hence, a high degree of tamper resistance may be obtained, for instance, with respect to BIOS modification by exchanging BIOS chips.
摘要翻译: 可以基于作为CPU的组成部分的非易失性存储器来实现安全引导处理,并且一旦将预引导信息编程到非易失性存储器中,就可以不修改安全引导处理。 在复位事件或上电事件期间,可以从内部非易失性存储器开始执行,内部非易失性存储器还可以包括用于验证引导例程的一部分的签名的公共解密密钥。 可以通过使用内部随机存取存储器来实现引导程序的各个部分的验证,由此在验证引导例程期间避免外部访问。 因此,可以获得高度的防篡改,例如,通过交换BIOS芯片相对于BIOS修改。
-
-
-
-
-
-
-
-
-
搜索结果
16 条记录 (耗时 0.026 秒)
