Method and apparatus for secure execution using a secure memory partition

摘要

A processor includes a plurality of general purpose registers and cryptographic logic to encrypt and decrypt information. The cryptographic logic is to support a Data Encryption Standard (DES) algorithm, a triple DES (3DES) algorithm, a Rivest-Shamir-Adleman (RSA) algorithm, and a Diffie Hellman algorithm. The processor also includes a plurality of memory partition registers to define a physical address range in a dynamic random access memory for use as a secure memory partition. The processor also includes a plurality of execution units coupled to the plurality of general purpose registers, the plurality of memory partition registers, and the cryptographic logic. The processor also includes secure partition enforcement logic coupled to the plurality of execution units and the memory partition registers, the secure partition enforcement logic to selectively permit read or write access to the dynamic random access memory.

主权项

1. A processor comprising:
a plurality of general purpose registers; cryptographic logic to encrypt and decrypt information, the cryptographic logic to support a Data Encryption Standard (DES) algorithm, a triple DES (3DES) algorithm, a Rivest-Shamir-Adleman (RSA) algorithm, and a Diffie Hellman algorithm; a plurality of memory partition registers to define a physical address range in a dynamic random access memory for use as a secure memory partition; a plurality of execution units coupled to the plurality of general purpose registers, the plurality of memory partition registers, and the cryptographic logic; and secure partition enforcement logic coupled to the plurality of execution units and the memory partition registers, the secure partition enforcement logic to selectively permit read or write access to the dynamic random access memory, wherein the processor is to support a first security privilege level to execute security functions or services, a second security privilege level to execute third-party supplied security code, and access to virtual address spaces inside and outside the secure memory partition by code at the first security privilege level.