公开(公告)号：US20170024238A1

公开(公告)日：2017-01-26

申请号：US15175874

申请日：2016-06-07

申请人： Intel Corporation

发明人： Radhakrishna RK Hiremane ,  Anil S. Keshavamurthy

IPC分类号： G06F9/455 ,  G06F3/06

CPC分类号： G06F9/45558 ,  G06F9/45541 ,  G06F11/07 ,  G06F11/0712 ,  G06F11/0766 ,  G06F21/54 ,  G06F2009/45583 ,  G06F2009/45591

摘要： Techniques are described for providing processor-based dedicated fixed function hardware to perform runtime integrity measurements for detecting attacks on system supervisory software, such as a hypervisor or native Operating System (OS). The dedicated fixed function hardware is provided with memory addresses of the system supervisory software for monitoring. After obtaining the memory addresses and other information required to facilitate integrity monitoring, the dedicated fixed function hardware activates a lock-out to prevent reception of any additional information, such as information from a corrupted version of the system supervisory software. The dedicated fixed function hardware then automatically performs periodic integrity measurements of the system supervisory software. Upon detection of an integrity failure, the dedicated fixed function hardware uses out-of-band signaling to report that an integrity failure has occurred.The dedicated fixed function hardware provides for runtime integrity verification of a platform in a secure manner without impacting the performance of the platform.

摘要翻译： 专用固定功能硬件以安全的方式提供平台的运行时完整性验证，而不会影响平台的性能。