摘要 |
Encryption of interrupt vectors and authentication of device drivers prevents unauthorized modules from interfering with an interrupt handler. An operating system may encrypt an interrupt vector for a PCI device, initializing a Local Interrupt Controller of a CPU with the key to enable decryption of the interrupt vector, initializing a redirection table on an I/O Interrupt Controller of the CPU with the encrypted interrupt vector, and initializing the PCI device with an encrypted MSI vector for subsequent use in an interrupt request. The PCI device may raise an interrupt that can only be decrypted by the Local Interrupt Controller and used be used by the processor to handle the interrupt. The operating system may also authenticate a driver before executing a request to register, deregister or change an interrupt handler. An authentication code is sent from the OS to the device driver for use in any request. The request is executed only if the operating system determines that the authentication code in the request matches the authentication code stored by the operating system for that device driver.
|