Method and apparatus for secure execution using a secure memory partition

摘要

A processor capable of secure execution. The processor contains an execution unit and secure partition logic that secures a partition in memory. The processor also contains cryptographic logic coupled to the execution unit that encrypts and decrypts secure data and code.

主权项

1. A processor comprising:
a plurality of general purpose registers; cryptographic logic to encrypt and decrypt information, the cryptographic logic to support a Data Encryption Standard (DES) algorithm, a triple DES (3DES) algorithm, a Rivest-Shamir-Adleman (RSA) algorithm, and a Diffie Hellman algorithm; a plurality of memory partition registers to define a physical address range in a dynamic random access memory for use as a secure memory partition; secure partition enforcement logic coupled to the memory partition registers, the secure partition enforcement logic to selectively permit read or write access to the dynamic random access memory; an on-chip read only memory to store bootstrap security logic to copy code from a non-volatile memory device to the dynamic random access memory and to verify authenticity and integrity of the code; and a plurality of execution units coupled to the plurality of general purpose registers, the plurality of memory partition registers, the on-chip read only memory, the secure partition enforcement logic, and the cryptographic logic; wherein the processor is to execute the bootstrap security logic when booted up to enable a secure execution environment; and wherein the processor is to support a first security privilege level to execute security functions or services, a second security privilege level to execute third-party supplied security code, and access to virtual address spaces inside and outside a secure memory partition by code at the first security privilege level.