摘要:
A method and apparatus for limiting the exposure of hardware failure information is described. In one embodiment, an error reporting system of a processor may log various status and error address data into registers that retain their contents through a warm reset event. But the error reporting system of the processor may then determine whether the processor is operating in a trusted or secure mode. If not, then the processor's architectural state variables may also be logged into registers. But if the processor is operating in a trusted or secure mode, then the logging of the architectural state variables may be inhibited, or flagged as invalid.
摘要:
An apparatus and method for hardware protection of a virtual machine monitor (VMM) runtime integrity watcher is described. A set of one or more hardware range registers that protect a contiguous memory space that is to store the VMM runtime integrity watcher. The set of hardware range registers are to protect the VMM runtime integrity watcher from being modified when loaded into the contiguous memory space. The VMM runtime integrity watcher, when executed, performs an integrity check on a VMM during runtime of the VMM.
摘要:
A method is described that includes detecting that a memory access of system management mode program code is attempting to reach program code outside of a protected region of memory by comparing a target memory address of a memory access instruction of the system management program code again information that defines confines of the protection region. The method also includes raising an error signal in response to the detecting.
摘要:
Methods and apparatus for initiating secure operations in a microprocessor system are described. In one embodiment, a system includes a processor to execute a secured enter instruction, and a chipset to cause the system to enter a quiescent state during execution of the secured enter instruction.
摘要:
In one embodiment, the present invention includes a processor that has an on-die storage such as a static random access memory to store an architectural state of one or more threads that are swapped out of architectural state storage of the processor on entry to a system management mode (SMM). In this way communication of this state information to a system management memory can be avoided, reducing latency associated with entry into SMM. Embodiments may also enable the processor to update a status of executing agents that are either in a long instruction flow or in a system management interrupt (SMI) blocked state, in order to provide an indication to agents inside the SMM. Other embodiments are described and claimed.
摘要:
Methods and apparatus for initiating secure operations in a microprocessor system are described. In one embodiment, a system includes a processor to execute a secured enter instruction, and a chipset to cause the system to enter a quiescent state during execution of the secured enter instruction.
摘要:
A method is described that includes detecting that a memory access of system management mode program code is attempting to reach program code outside of a protected region of memory by comparing a target memory address of a memory access instruction of the system management program code again information that defines confines of the protection region. The method also includes raising an error signal in response to the detecting.
摘要:
An apparatus and method for hardware protection of a virtual machine monitor (VMM) runtime integrity watcher is described. A set of one or more hardware range registers that protect a contiguous memory space that is to store the VMM runtime integrity watcher. The set of hardware range registers are to protect the VMM runtime integrity watcher from being modified when loaded into the contiguous memory space. The VMM runtime integrity watcher, when executed, performs an integrity check on a VMM during runtime of the VMM.
摘要:
Methods and systems to perform platform security in conjunction with hardware-base root of trust logic are presented. In one embodiment, a method includes determining whether a status from an authenticated code module is indicative of an error or not. The method further includes determining whether the hardware-based root of trust logic is enabled based on content in a non-volatile memory location. If the hardware-based root of trust is enabled and the status is indicative of an error, the method further includes writing to the non-volatile memory location to disable hardware-based root of trust logic during a next boot sequence. In one embodiment, a platform initializes and uses the trusted platform module in conjunction with the hardware-based root of trust logic or with a platform-based root of trust logic.
摘要:
In some embodiments, the invention involves extending trusted computing environments to the boot firmware. In at least one embodiment, the present invention is intended to enable the trusted environment to be extended forward to the pre-boot environment in addition to post-OS load environment. Embodiments of the present invention enable the trusted environment to extend to the firmware at power-on. The firmware is integrated within the secure perimeter which was previously only available to the OS. In other words, the BIOS is made to be a trusted entity, as well as the OS. Extensible firmware interface (EFI) modules are signed with a public key. The processor has an embedded private key. EFI modules are verified using the keys to ensure a trusted environment from boot to OS launch. Other embodiments are described and claimed.