-
1.发明授权公开(公告)号:US09566158B2
公开(公告)日:2017-02-14
申请号:US13995742
申请日:2011-12-31
CPC分类号: A61F2/34 , A61B17/8066 , A61B17/82 , A61B17/866 , A61B17/8685 , A61F2/30734 , A61F2/30749 , A61F2/30771 , A61F2/30907 , A61F2/30965 , A61F2002/30011 , A61F2002/30169 , A61F2002/30189 , A61F2002/30326 , A61F2002/3038 , A61F2002/30387 , A61F2002/30449 , A61F2002/30462 , A61F2002/30471 , A61F2002/30474 , A61F2002/30507 , A61F2002/30538 , A61F2002/30578 , A61F2002/30579 , A61F2002/30611 , A61F2002/30617 , A61F2002/30736 , A61F2002/3082 , A61F2002/30841 , A61F2002/3092 , A61F2002/3096 , A61F2002/3412 , A61F2002/3429 , A61F2002/3441 , A61F2002/3448 , A61F2002/348 , A61F2002/3487 , A61F2002/4615 , A61F2002/4619 , G06F9/45533 , G06F9/45558 , G06F21/53 , G06F2009/45583 , G06F2221/2149
摘要: An apparatus and method for hardware protection of a virtual machine monitor (VMM) runtime integrity watcher is described. A set of one or more hardware range registers that protect a contiguous memory space that is to store the VMM runtime integrity watcher. The set of hardware range registers are to protect the VMM runtime integrity watcher from being modified when loaded into the contiguous memory space. The VMM runtime integrity watcher, when executed, performs an integrity check on a VMM during runtime of the VMM.
摘要翻译: 描述了用于虚拟机监视器(VMM)运行时完整性监视器的硬件保护的装置和方法。 一组一个或多个硬件范围寄存器,用于保护存储VMM运行时完整性监视器的连续内存空间。 该组硬件范围寄存器用于保护VMM运行时完整性监视器在加载到连续的内存空间时被修改。 VMM运行时完整性观察器在执行时,在VMM的运行期间对VMM执行完整性检查。
-
2.发明申请公开(公告)号:US20130275980A1
公开(公告)日:2013-10-17
申请号:US13995742
申请日:2011-06-08
IPC分类号: G06F9/455
CPC分类号: A61F2/34 , A61B17/8066 , A61B17/82 , A61B17/866 , A61B17/8685 , A61F2/30734 , A61F2/30749 , A61F2/30771 , A61F2/30907 , A61F2/30965 , A61F2002/30011 , A61F2002/30169 , A61F2002/30189 , A61F2002/30326 , A61F2002/3038 , A61F2002/30387 , A61F2002/30449 , A61F2002/30462 , A61F2002/30471 , A61F2002/30474 , A61F2002/30507 , A61F2002/30538 , A61F2002/30578 , A61F2002/30579 , A61F2002/30611 , A61F2002/30617 , A61F2002/30736 , A61F2002/3082 , A61F2002/30841 , A61F2002/3092 , A61F2002/3096 , A61F2002/3412 , A61F2002/3429 , A61F2002/3441 , A61F2002/3448 , A61F2002/348 , A61F2002/3487 , A61F2002/4615 , A61F2002/4619 , G06F9/45533 , G06F9/45558 , G06F21/53 , G06F2009/45583 , G06F2221/2149
摘要: An apparatus and method for hardware protection of a virtual machine monitor (VMM) runtime integrity watcher is described. A set of one or more hardware range registers that protect a contiguous memory space that is to store the VMM runtime integrity watcher. The set of hardware range registers are to protect the VMM runtime integrity watcher from being modified when loaded into the contiguous memory space. The VMM runtime integrity watcher, when executed, performs an integrity check on a VMM during runtime of the VMM.
摘要翻译: 描述了用于虚拟机监视器(VMM)运行时完整性监视器的硬件保护的装置和方法。 一组一个或多个硬件范围寄存器,用于保护存储VMM运行时完整性监视器的连续内存空间。 该组硬件范围寄存器用于保护VMM运行时完整性监视器在加载到连续的内存空间时被修改。 VMM运行时完整性观察器在执行时,在VMM的运行期间对VMM执行完整性检查。
-
3.发明申请PROCESSOR THAT DETECTS WHEN SYSTEM MANAGEMENT MODE ATTEMPTS TO REACH PROGRAM CODE OUTSIDE OF PROTECTED SPACE 审中-公开当系统管理模式尝试达到保护空间外的程序代码时,检测器的处理器公开(公告)号:US20130326288A1
公开(公告)日:2013-12-05
申请号:US13997046
申请日:2011-12-31
IPC分类号: G06F11/07
CPC分类号: G06F11/0754 , G06F12/1441 , G06F21/52
摘要: A method is described that includes detecting that a memory access of system management mode program code is attempting to reach program code outside of a protected region of memory by comparing a target memory address of a memory access instruction of the system management program code again information that defines confines of the protection region. The method also includes raising an error signal in response to the detecting.
摘要翻译: 描述了一种方法,其包括通过将系统管理程序代码的存储器访问指令的目标存储器地址再次比较来检测系统管理模式程序代码的存储器访问尝试到达存储器的受保护区域之外的程序代码, 定义保护区域的范围。 该方法还包括响应于检测而提高误差信号。
-
4.发明授权Processor that detects when system management mode attempts to reach program code outside of protected space 有权检测系统管理模式何时尝试到达受保护的空间之外的程序代码的处理器公开(公告)号:US09448867B2
公开(公告)日:2016-09-20
申请号:US13997046
申请日:2011-12-31
CPC分类号: G06F11/0754 , G06F12/1441 , G06F21/52
摘要: A method is described that includes detecting that a memory access of system management mode program code is attempting to reach program code outside of a protected region of memory by comparing a target memory address of a memory access instruction of the system management program code again information that defines confines of the protection region. The method also includes raising an error signal in response to the detecting.
摘要翻译: 描述了一种方法,其包括通过将系统管理程序代码的存储器访问指令的目标存储器地址再次比较来检测系统管理模式程序代码的存储器访问尝试到达存储器的受保护区域之外的程序代码, 定义保护区域的范围。 该方法还包括响应于检测而提高误差信号。
-
公开(公告)号:US08812828B2
公开(公告)日:2014-08-19
申请号:US12947218
申请日:2010-11-16
申请人: Shamanna M. Datta , Mahesh S. Natu
发明人: Shamanna M. Datta , Mahesh S. Natu
CPC分类号: G06F21/57 , G06F11/0793 , G06F21/00 , G06F21/575
摘要: Methods and systems to perform platform security in conjunction with hardware-base root of trust logic are presented. In one embodiment, a method includes determining whether a status from an authenticated code module is indicative of an error or not. The method further includes determining whether the hardware-based root of trust logic is enabled based on content in a non-volatile memory location. If the hardware-based root of trust is enabled and the status is indicative of an error, the method further includes writing to the non-volatile memory location to disable hardware-based root of trust logic during a next boot sequence. In one embodiment, a platform initializes and uses the trusted platform module in conjunction with the hardware-based root of trust logic or with a platform-based root of trust logic.
摘要翻译: 提出了结合信任逻辑的硬件根本来执行平台安全性的方法和系统。 在一个实施例中,一种方法包括确定来自认证代码模块的状态是否指示错误。 该方法还包括基于非易失性存储器位置中的内容来确定信任逻辑的基于硬件的根是否被启用。 如果启用了基于硬件的信任根,并且状态指示了错误,则该方法还包括在下一个引导序列期间写入非易失性存储器位置以禁用基于硬件的信任逻辑根。 在一个实施例中,平台与基于硬件的信任逻辑根或基于平台的信任逻辑逻辑基础一起初始化并使用可信平台模块。
-
公开(公告)号:US20120124356A1
公开(公告)日:2012-05-17
申请号:US12947218
申请日:2010-11-16
申请人: Shamanna M. Datta , Mahesh S. Natu
发明人: Shamanna M. Datta , Mahesh S. Natu
IPC分类号: G06F9/24
CPC分类号: G06F21/57 , G06F11/0793 , G06F21/00 , G06F21/575
摘要: Methods and systems to perform platform security in conjunction with hardware-base root of trust logic are presented. In one embodiment, a method includes determining whether a status from an authenticated code module is indicative of an error or not. The method further includes determining whether the hardware-based root of trust logic is enabled based on content in a non-volatile memory location. If the hardware-based root of trust is enabled and the status is indicative of an error, the method further includes writing to the non-volatile memory location to disable hardware-based root of trust logic during a next boot sequence. In one embodiment, a platform initializes and uses the trusted platform module in conjunction with the hardware-based root of trust logic or with a platform-based root of trust logic.
摘要翻译: 提出了结合信任逻辑的硬件根本来执行平台安全性的方法和系统。 在一个实施例中,一种方法包括确定来自认证代码模块的状态是否指示错误。 该方法还包括基于非易失性存储器位置中的内容来确定信任逻辑的基于硬件的根是否被启用。 如果启用了基于硬件的信任根,并且状态指示了错误,则该方法还包括在下一个引导序列期间写入非易失性存储器位置以禁用基于硬件的信任逻辑根。 在一个实施例中,平台与基于硬件的信任逻辑根或基于平台的信任逻辑逻辑基础一起初始化并使用可信平台模块。
-
7.发明申请EXECUTION OF A SECURED ENVIRONMENT INITIALIZATION INSTRUCTION ON A POINT-TO-POINT INTERCONNECT SYSTEM 审中-公开一个点到点互连系统的安全环境初始化指导的执行公开(公告)号:US20130212672A1
公开(公告)日:2013-08-15
申请号:US13837498
申请日:2013-03-15
申请人: Shamanna M. Datta , Mohan J. Kumar
发明人: Shamanna M. Datta , Mohan J. Kumar
IPC分类号: G06F21/00
摘要: Methods and apparatus for initiating secure operations in a microprocessor system are described. In one embodiment, a system includes a processor to execute a secured enter instruction, and a chipset to cause the system to enter a quiescent state during execution of the secured enter instruction.
摘要翻译: 描述了在微处理器系统中启动安全操作的方法和装置。 在一个实施例中,系统包括执行安全输入指令的处理器和芯片组,以使系统在执行安全输入指令期间进入静止状态。
-
公开(公告)号:US20140040543A1
公开(公告)日:2014-02-06
申请号:US14048451
申请日:2013-10-08
申请人: Mahesh Natu , Thanunathan Rangarajan , Gautam Doshi , Shamanna M. Datta , Baskaran Ganesan , Mohan J. Kumar , Rajesh S. Parthasarathy , Frank Binns , Rajesh Nagaraja Murthy , Robert C. Swanson
发明人: Mahesh Natu , Thanunathan Rangarajan , Gautam Doshi , Shamanna M. Datta , Baskaran Ganesan , Mohan J. Kumar , Rajesh S. Parthasarathy , Frank Binns , Rajesh Nagaraja Murthy , Robert C. Swanson
IPC分类号: G11C7/10
CPC分类号: G06F13/24 , G06F9/30101 , G06F9/3017 , G06F9/30189 , G06F9/3851 , G06F9/461 , G11C7/1072 , G11C11/40615
摘要: In one embodiment, the present invention includes a processor that has an on-die storage such as a static random access memory to store an architectural state of one or more threads that are swapped out of architectural state storage of the processor on entry to a system management mode (SMM). In this way communication of this state information to a system management memory can be avoided, reducing latency associated with entry into SMM. Embodiments may also enable the processor to update a status of executing agents that are either in a long instruction flow or in a system management interrupt (SMI) blocked state, in order to provide an indication to agents inside the SMM. Other embodiments are described and claimed.
摘要翻译: 在一个实施例中,本发明包括具有诸如静态随机存取存储器之类的片上存储器的处理器,用于存储在进入系统时从处理器的架构状态存储器交换的一个或多个线程的架构状态 管理模式(SMM)。 以这种方式,可以避免该状态信息与系统管理存储器的通信,减少与进入SMM相关联的延迟。 实施例还可以使处理器更新处于长指令流或处于系统管理中断(SMI)阻塞状态中的执行代理的状态,以向SMM内的代理提供指示。 描述和要求保护其他实施例。
-
9.发明申请公开(公告)号:US20070277223A1
公开(公告)日:2007-11-29
申请号:US11442230
申请日:2006-05-26
申请人: Shamanna M. Datta , Mohan J. Kumar
发明人: Shamanna M. Datta , Mohan J. Kumar
IPC分类号: H04L9/32
摘要: Methods and apparatus for initiating secure operations in a microprocessor system are described. In one embodiment, a system includes a processor to execute a secured enter instruction, and a chipset to cause the system to enter a quiescent state during execution of the secured enter instruction.
摘要翻译: 描述了在微处理器系统中启动安全操作的方法和装置。 在一个实施例中,系统包括执行安全输入指令的处理器和芯片组,以使系统在执行安全输入指令期间进入静止状态。
-
10.发明授权System and method for limiting exposure of hardware failure information for a secured execution environment 有权用于限制安全执行环境的硬件故障信息暴露的系统和方法公开(公告)号:US07934076B2
公开(公告)日:2011-04-26
申请号:US10956322
申请日:2004-09-30
IPC分类号: G06F9/00
CPC分类号: G06F21/74 , G06F2221/2101
摘要: A method and apparatus for limiting the exposure of hardware failure information is described. In one embodiment, an error reporting system of a processor may log various status and error address data into registers that retain their contents through a warm reset event. But the error reporting system of the processor may then determine whether the processor is operating in a trusted or secure mode. If not, then the processor's architectural state variables may also be logged into registers. But if the processor is operating in a trusted or secure mode, then the logging of the architectural state variables may be inhibited, or flagged as invalid.
摘要翻译: 描述了用于限制硬件故障信息的暴露的方法和装置。 在一个实施例中,处理器的错误报告系统可以将各种状态和错误地址数据记录到通过热复位事件保留其内容的寄存器中。 但是处理器的错误报告系统然后可以确定处理器是否以可信任或安全模式操作。 如果没有,则处理器的体系结构状态变量也可能被记录到寄存器中。 但是,如果处理器以可信任或安全模式运行,则可能会禁止对架构状态变量的日志记录或标记为无效。
-
-
-
-
-
-
-
-
-
搜索结果
13 条记录 (耗时 0.023 秒)