CN106055309B - Central processing unit and wherein execute Blinding Operations, co processor operation method - Google Patents
Central processing unit and wherein execute Blinding Operations, co processor operation method Download PDFInfo
- Publication number
- CN106055309B CN106055309B CN201610378308.9A CN201610378308A CN106055309B CN 106055309 B CN106055309 B CN 106055309B CN 201610378308 A CN201610378308 A CN 201610378308A CN 106055309 B CN106055309 B CN 106055309B
- Authority
- CN
- China
- Prior art keywords
- instruction
- coprocessor
- processing unit
- central processing
- secret
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/30—Arrangements for executing machine instructions, e.g. instruction decode
- G06F9/3017—Runtime instruction translation, e.g. macros
- G06F9/30178—Runtime instruction translation, e.g. macros of compressed or encrypted instructions
Abstract
A kind of central processing unit and its operating method are provided.The central processing unit, comprising: concealed command memory, for the corresponding director data of concealed instruction relevant to Blinding Operations to be stored in advance, wherein forbidding from the central processing unit external access secret command memory;Instruction control unit searches the corresponding director data of secret instruction, and be at least one microoperation by the secret instruction translation according to the corresponding director data for instructing according to one in present procedure is concealed in the secret command memory;And execution unit, for executing the microoperation.
Description
Technical field
The present invention relates to central processing unit and its operating methods, more particularly, to execution Blinding Operations or coprocessor
The central processing unit and its operating method of operation.
Background technique
In computer systems, the software for executing specific function is realized by program code.For business benefit
The consideration of benefit or safety, software developer are not intended to disclose code segment corresponding with Blinding Operations in program sometimes.For example, this is hidden
Secret operation can be the operating procedure for being not intended to disclosed core algorithm, be also possible to security-related operation.For this purpose, can be with
The code of the Blinding Operations is protected using means such as encryptions, but which increase the complexity of realization, Er Qie
It is often difficult to obtain ideal compromise between confidentiality and efficiency.On the one hand, the raising of confidentiality is opened along with additional calculating
Pin, another aspect, the secrecy realized using the enciphering and deciphering algorithm of lightweight are simultaneously unreliable.
Meanwhile for the angle of hardware quotient, the execution platform for limiting the software of its exploitation is sometimes wished, or to this
Kind limitation is controlled.For example, central processing unit (CPU) manufacturer may want to so that certain software can only be in its production
It executes, or can only be executed on the CPU of specific model or batch on CPU.Similarly, it in order to realize this limitation, causes multiple
The increase of miscellaneous degree and expense.
In addition, coprocessor is widely used in executing load of the specific function to mitigate CPU in computer systems.At association
It manages device usually to occur with the identity of system equipment, thus needs to write corresponding driver in every kind of operating system (OS).
These drivers are different, increase the workload of exploitation, and lack flexibility ratio.In addition, passing through the side such as reverse-engineering
Method analysis-driven program is possible to obtain the realization details that developer is reluctant disclosure without permission.
Summary of the invention
Therefore, to solve the above-mentioned problems, the present invention provides the central processing unit that can expeditiously execute Blinding Operations
And its operating method.In addition, the present invention also provides central processing unit and its behaviour that can expeditiously execute co processor operation
Make method.
According to an aspect of an embodiment of the present invention, a kind of central processing unit is provided, comprising: concealed command memory is used
In the corresponding director data of concealed instruction relevant to Blinding Operations is stored in advance, wherein forbidding outside the central processing unit
Access the secret command memory;Instruction control unit is deposited for instructing according to one in present procedure is concealed in secret instruction
The corresponding director data of secret instruction is searched in reservoir, and is by the secret instruction translation according to the corresponding director data
At least one microoperation;And execution unit, for executing the microoperation.
According to an embodiment of the invention, secret instruction can be the customized micro-code instruction of the central processing unit.
According to an embodiment of the invention, the secret command memory can be the microcode patch memory of the central processing unit
At least part, and can use microcode patch to be stored in advance or update described instruction data.
According to an embodiment of the invention, when the instruction control unit does not find the corresponding director data of secret instruction,
The central processing unit, which can terminate, executes the present procedure.
According to an embodiment of the invention, the secret in the present procedure is instructed in the developer of the present procedure and this
Third party other than the manufacturer of central processor is secrecy.
According to another aspect of an embodiment of the present invention, a kind of method packet executing Blinding Operations in central processing unit is provided
It includes: the corresponding director data of concealed instruction relevant to the Blinding Operations being stored in advance in the central processing unit, wherein prohibiting
Only from the central processing unit external access described instruction data;Read the concealed instruction in present procedure;In stored finger
It enables and searches the corresponding director data of secret instruction in data;It is by the secret instruction translation according to the corresponding director data
At least one microoperation;And execute the microoperation.
According to an embodiment of the invention, secret instruction can be the customized micro-code instruction of the central processing unit.
According to an embodiment of the invention, can use microcode patch to be stored in advance or update described instruction data.
According to an embodiment of the invention, this method may further include: instructing corresponding finger when not finding the secret
When enabling data, terminates and execute the present procedure.
According to an embodiment of the invention, the secret in the present procedure is instructed in the developer of the present procedure and this
Third party other than the manufacturer of central processor is secrecy.
According to another aspect of an embodiment of the present invention, a kind of central processing unit is provided, comprising: coprocessor instruction storage
Device, for director data corresponding to coprocessor instruction relevant to the operation of coprocessor is controlled to be stored in advance;Association's processing
Device interface, for being communicated with the coprocessor;Instruction control unit, for according to the coprocessor instruction in present procedure,
Director data corresponding to the coprocessor instruction is searched in the coprocessor instruction memory, and according to the corresponding instruction number
At least one microoperation relevant to the coprocessor interface is translated as according to by the coprocessor instruction;And execution unit, it uses
The operation of the coprocessor is controlled by the coprocessor interface in the execution microoperation.
According to an embodiment of the invention, the coprocessor instruction can be the customized micro-code instruction of the central processing unit.
According to an embodiment of the invention, the coprocessor instruction memory can be deposited for the microcode patch of the central processing unit
At least part of reservoir, and can use microcode patch to be stored in advance or update described instruction data.
According to an embodiment of the invention, the operation of the coprocessor may include initialization, reading and writing, control, in read states
At least one.
According to an embodiment of the invention, can forbid storing from the central processing unit external access coprocessor instruction
Device.
According to another aspect of an embodiment of the present invention, a kind of side executing co processor operation in central processing unit is provided
Method, comprising: be stored in advance in the central processing unit corresponding to coprocessor instruction relevant to the control operation of coprocessor
Director data;Read the coprocessor instruction in present procedure;The coprocessor is searched in stored director data
The corresponding director data of instruction;The coprocessor instruction is translated as and coprocessor interface according to the corresponding director data
At least one relevant microoperation;And the microoperation is executed to control the behaviour of the coprocessor by the coprocessor interface
Make.
According to an embodiment of the invention, the coprocessor instruction can be the customized micro-code instruction of the central processing unit.
According to an embodiment of the invention, can use microcode patch to be stored in advance or update described instruction data.
According to an embodiment of the invention, the operation of the coprocessor may include initialization, reading and writing, control, in read states
At least one.
According to an embodiment of the invention, can forbid from the central processing unit external access described instruction data.
It, can be effectively hidden by using the central processing unit and its operating method according to the present invention for executing Blinding Operations
The details for hiding Blinding Operations prevents application program from causing the leakage of know-how by the analysis of the methods of reverse-engineering, while can be with
Easily execute Blinding Operations.Furthermore, it is possible to using customized Blinding Operations come the execution platform of restricted software.
It, can be efficient by using the central processing unit and its operating method according to the present invention for executing co processor operation
Environment of the co processor operation without regard to operating system is executed to rate, to reduce the development cost of driver.Into
One step can also hide the specific implementation details of the operation of coprocessor, to prevent because coprocessor driver is by reverse work
The methods of journey analyzes the leakage for causing know-how.
Detailed description of the invention
Figure 1A shows the block diagram of the central processing unit according to the embodiment for executing Blinding Operations;
Figure 1B is shown according to the execution Blinding Operations by concealed instruction definition for the embodiment of new customized micro-code instruction
Central processing unit block diagram;
Fig. 2 shows according to the embodiment in central processing unit execute Blinding Operations method flow chart;
Fig. 3 shows the block diagram of the central processing unit according to the embodiment for executing co processor operation;And
Fig. 4 shows the flow chart of the method according to the embodiment that co processor operation is executed in central processing unit.
Specific embodiment
It is described in detail with reference to the accompanying drawings according to an exemplary embodiment of the invention.It, will be same or similar attached in attached drawing
Icon note assigns structure and function substantially the same composition part, and in order to keep specification conciser, be omitted about
The redundancy description of essentially the same composition part.
Figure 1A shows the block diagram of the central processing unit (CPU) 100 according to the embodiment for executing Blinding Operations.
A referring to Fig.1, CPU 100 includes concealed command memory 101, instruction control unit 102 and execution unit 103.
The corresponding instruction number of concealed instruction relevant to Blinding Operations is stored in advance in concealed command memory 101
According to.Director data is revealed in order to prevent, is forbidden from 100 external access secret command memory 101 of CPU.
According to embodiment, which instructs the customized micro-code instruction (microcode that can be CPU 100
instruction).It should be pointed out that the microcode (microcode) in this specification refers to the hardware being solidificated in inside CPU
Coding, for the complicated long instruction in instruction set to be translated as the microcommand (or microoperation or " μ ops ") that CPU is able to carry out, because
And it is different from the term " microcode " of part manufacturer (e.g., IBM) for the nickname as firmware (firmware).
In the CPU production phase, solidify microcode as hardware encoding in circuit.After CPU factory, microcode cannot
It is directly modified or replaces;In order to guarantee the flexibility of microcode execution, the function of CPU microcode can be upgraded after factory.It is micro-
Code function upgrading can be written by software approach, and the code of write-in can be stored in the microcode patch memory of CPU.By
This, microcode can inquire microcode patch memory in the process of implementation, if the code executed has updated by patch, execute micro-
Code in code patch memory, to realize the target of microcode functions upgrading.The CPU microcode patch of the prior art is only limitted to pair
The reparation and error correction for the microcode having been cured, and one embodiment of the invention system using microcode patch come the new function of extension CPU.
According to embodiment, concealed command memory 101 can be CPU 100 microcode patch memory or in which one
Point, and the director data wherein stored is stored in advance or updated using microcode patch.I other words having when in an application program
When one section of operation needs concealed, then at least one secret of code corresponding to this section of Blinding Operations in the application program is referred to
It enables and replacing, it, should by way of microcode patch in the embodiment for being new customized micro-code instruction by concealed instruction definition
The corresponding director data of secret instruction is stored in advance or is updated in concealed command memory 101.
During executing program, instruction control unit 102 is instructed according to the secret in currently performed program code,
The corresponding director data of secret instruction is searched in concealed command memory 101, and according to the corresponding director data found
It is at least one microoperation by the secret instruction translation, gives the microoperation to execution unit 103 and execute.
Figure 1B is according to by the execution Blinding Operations for the embodiment that concealed instruction definition is new customized micro-code instruction
The block diagram of central processing unit (CPU) 100'.B referring to Fig.1, CPU 100' are in addition to including concealed command memory 101', instruction control
It further include 104, Instruction decoding instruction cache (instruction cache) except device 102' and execution unit 103' processed
Device (instruction decoder) 105,106, reservation station register alias table (Register Alias Table, RAT)
(Reservation Station, RS) 107 and resequencing buffer (Reorder Buffer, ROB) 108.Here, instruction is high
The macro-instruction of the instruction set architecture of speed 104 cache x86 instruction set architectures of caching etc.;Command decoder 105 is from instruction
Macro-instruction is read in cache 104, wherein being directly translated as by command decoder 105 if macro-instruction is simple instruction
It is sent after microoperation to the rear end of CPU 100' and (including register alias table 106, reservation station 107, resequencing buffer 108 and is held
Row unit 103' etc.) it executes, if macro-instruction is concealed instruction of the invention, command decoder 105 can not be decoded directly, in
It is that secret instruction is sent to instruction control unit 102';Instruction control unit 102' according in concealed command memory 101' in advance with
The corresponding director data of the secret instruction of microcode patch form storage by the secret instruction translation for CPU be able to carry out to
A few microoperation, specifically, instructing included operation code (such as " 0F 3B ") according to the secret is index in microcode benefit
The corresponding director data including multiple microoperations is searched in fourth, these director datas are with script with software in software program
The Blinding Operations that program code is realized are related, and in the present invention, these director datas are real with microcode language in microcode patch
Existing, microcode writes language different from conventional programning languages, and it is just high that itself decodes difficulty;Then, these microoperations are provided to
The register alias table 106 of the rear end CPU 100', register alias table 106 generate the dependence (dependency) of microoperation simultaneously
Microoperation is sent to reservation station 107 according to program sequencing, and sends microoperation to resequencing buffer 108.Resequencing buffer
108 be that each microoperation distribution entry (entry) emitted from register alias table 106 is believed with storing the related of corresponding microoperation
Breath.Microoperation is assigned to a suitable execution in multiple execution unit 103' by reservation station 107.Execution unit 103' by they
Implementing result provide to resequencing buffer 108, exit (retire) according to the order in program with ensure microoperation.Figure
1B is according to CPU 100' be Out-of-order execution super scalar pipeline CPU for illustrate, however, the present invention is not limited thereto.
It is worth noting that, the present embodiment of the invention will when there is one section of operation to need concealed in an application program
Code corresponding to this section of Blinding Operations in the application program is replaced at least one secret instruction, and passes through microcode patch
The corresponding director data of secret instruction is stored in advance or is updated in concealed command memory 101 by mode.With X86-based
For system, the general format of custom instruction may include instruction prefixes, operation code (Opcode), operand address (ModR/
The fields such as M), wherein only operation code be it is required, other fields are all optional.Customized micro-code instruction in the present invention exists
Meet on the basis of the format using the operation code of secrecy to achieve the purpose that secret, for ease of description, makes in this specification
Secret instruction only includes operation code (Opcode), however the invention is not limited thereto.Since concealed command memory 101 is forbidden
From CPU external access, the safety of Blinding Operations ensure that, in addition, since application developer needs to be implemented in a program
Secret instruction is added in the place of the Blinding Operations, and secret instruction only has the developer of present procedure and the system of CPU
It makes quotient and knows its meaning, and be secrecy for third party, such as third party, only visible one unknown operation
Code, therefore this instruction in application program can not be decoded by way of reverse-engineering, further improve safety.
It illustrates how to realize the concealed function of instructing by taking a modification national secret algorithm SM3 as an example below.
The calculating process of national secret algorithm SM3 is divided into three steps: filling, generates Hash Value at Iteration Contraction.In Iteration Contraction process
In compression function it is as shown below:
Enabling A, B, C, D, E, F, G, H is word register, and SS1, SS2, TT1, TT2 are intermediate variable, compression function Vi+1=CF
(V(i), B(i)), 0≤i≤n-1.Calculating process is described as follows:
ABCDEFGH←V(i)
FORj=0TO63
SS1 ← ((A < < < 12)+E+ (Tj< < < j)) < < < 7
TT1←FFj(A, B, C)+D+SS2+W 'j
TT2←GGj(E, F, G)+H+SS1+Wj
D←C
C ← B < < < 9
B←A
A←TT1
H←G
G ← F < < < 19
F←E
E←P0(TT2)
ENDFOR
In certain application scenarios (in military affairs), Encryption Algorithm will often limit use scope, so when algorithm for design
Not only think the technical characterstic of reference public algorithm, but also want to reach " concealed safety (security through obscurity) "
Purpose.For SM3 algorithm, reaching one of method of this purpose is exactly that above-mentioned compression algorithm is modified.With one
For a simple amending method: can be by the first row ABCDEFGH ← V in the calculating process of the compression algorithm(i)It is revised as
HGFEDCBA←V(i);By last line V(i+1)←ABCDEFGH⊕V(i)It is revised as V(i+1)←HGFEDCBA⊕V(i), other meters
Calculation process is constant.
In order to hide above-mentioned modification SM3 algorithm, the concealed instruction of two byte lengths: " 0F 3B " can be designed.This refers to
The operation code (Opcode) of order is " 0F 3B ", other fields are entirely absent.It is being the new of CPU 100 by concealed instruction definition
Customized micro-code instruction embodiment in, by microcode patch by instruction number corresponding with the operation of above-mentioned modification SM3 algorithm
According to concealed command memory 101 is written in the microoperation code including realizing above-mentioned calculating process in the form of microcode programming language
In.
Furthermore, it is possible to define the parameter of the instruction: general register ECX (RCX) expression of such as CPU100 will make SM3 meter
The data length of calculation, ESI (RSI) indicate the initial address of data, and EDI (RDI) indicates the storage address of calculated result.When making
When with modification SM3 algorithm, program developer first defines the value of these general registers, then " 0F 3B " is added to program
In suitable position, that is, above-mentioned modification SM3 algorithm can be used.
If attempting to the implementation procedure for speculating modification SM3 algorithm by reverse-engineering (e.g., dis-assembling technology),
Then when seeing instruction " 0F 3B ", its behavior can not be guessd out, this has just reached the mesh for hiding the details of " secret algorithm/operation "
, realize a kind of " concealed safety ".
As optional embodiment, when instruction control unit 102 does not find the corresponding director data of secret instruction, in
Central processor 100 can terminate the execution of present procedure.The characteristic can be used for the execution platform of limiting program.For example, can be with
It is added in a program for limiting the concealed instruction for executing platform, and only in the concealed instruction storage of corresponding platform (that is, CPU)
The director data of secret instruction is stored in device.To when the program executes in the platform of not stored corresponding director data
When, when going to secret instruction, program execution will be terminated, to achieve the effect that limitation executes platform.
Fig. 2 shows according to the embodiment in CPU execute Blinding Operations method flow chart.
In step S200, the corresponding director data of concealed instruction relevant to Blinding Operations is pre-stored in CPU,
And forbid from CPU external access director data in order to avoid revealing the details about Blinding Operations.For example, described instruction data can be with
It is director data relevant to the operation of above-mentioned national secret algorithm SM3.
As described above, secret instruction can be the customized micro-code instruction of CPU.Furthermore, it is possible to utilize microcode patch
To be stored in advance or update director data.For example, can pass through when being new customized micro-code instruction by concealed instruction definition
Microcode patch will be in the corresponding director data write-in CPU of secret instruction.
In step S201, the concealed instruction in currently performed program code is read.For example, high from the instruction in Figure 1B
Secret instruction is read in speed caching 104.
In step S202, the corresponding director data of secret instruction is searched in stored director data.
In step S203, it is determined whether find corresponding director data.When finding director data, in step S204, root
According to the corresponding director data found by the secret instruction translation be at least one microoperation.Later, in step S205, institute is executed
State microoperation.
Optionally, when not finding director data corresponding to secret instruction, in step S206, future is worked as in CPU termination
The execution of sequence.As described above, which can achieve the effect that limiting program executes platform.
Fig. 3 shows the block diagram of the CPU 300 according to the embodiment for executing co processor operation.
It include coprocessor instruction memory 301, instruction control unit 302,303 and of execution unit referring to Fig. 3, CPU 300
Coprocessor interface 304.
Coprocessor relevant to the control operation of coprocessor is previously stored in coprocessor instruction memory 301 to refer to
Enable corresponding director data.
According to embodiment, which can be the customized micro-code instruction of CPU 300.
According to embodiment, coprocessor instruction memory 301 can be CPU 300 microcode patch memory or in which
A part, and the director data wherein stored is stored in advance or updated using microcode patch.For example, by coprocessor instruction
It is defined as in the embodiment of new customized micro-code instruction, it can be right by coprocessor instruction institute by way of microcode patch
The director data answered is stored in advance in coprocessor instruction memory 301.
Coprocessor interface 304 is the interface for communicating with coprocessor (not being painted in figure).Coprocessor is independent
Processor except CPU 300 assists CPU 300 to execute specific function to mitigate the load of CPU 300.
During executing program, if instruction control unit 302 receives at the association in currently performed program code
Device instruction is managed, searches director data corresponding to the coprocessor instruction in coprocessor instruction memory 301, and according to looking for
To corresponding instruction data the coprocessor instruction is translated as at least one microoperation relevant to coprocessor interface 304,
It gives the microoperation to execution unit 303 to execute, to control the operation of the coprocessor by coprocessor interface 304.
According to embodiment, the co processor operation may include the initialization of coprocessor, reading and writing, control, in read states
At least one.In the embodiment for realizing co processor operation by customized micro-code instruction, a kind of method is for each
Operation defines one " customized micro-code instruction " respectively, and it is " customized that another method is merely co processor operation definition one
Micro-code instruction ", and different operations is distinguished using different parameters.
The function of how realizing coprocessor instruction is exemplified below.
It is possible, firstly, to using the method for the first above-mentioned customized micro-code instruction, at the association of one two byte length of design
Manage device instruction: " 0F 3C ".The operation code (Opcode) of the instruction is " 0F 3C ", other fields are entirely absent.Meanwhile when
The value of the general register (e.g., EAX or RAX) of CPU 300 is 0x1,0x2,0x3, and when 0x4,0x5 corresponds respectively to coprocessor
" initialization ", " reading ", " writing ", " control ", " read states " operation.Further, it is also possible to be transmitted using other general registers
Some parameters, such as buffer zone address used in " reading ", " writing " operation etc..As set forth above, it is possible to will be with by microcode patch
In the relevant director data write-in coprocessor instruction memory 301 of the operation of above-mentioned coprocessor.
As an example, coprocessor interface 304 may be coupled to four register interfaces of coprocessor: control deposit
Device, status register, command description accord with address register.And response descriptor address register.To handle this association
" initialization " that device carries out, " reading ", " writing ", " control ", the operations such as " read states " be all by read and write in sequence this four
A register is completed.However, above-mentioned is only example, the invention is not limited thereto.
When needing to initialize coprocessor in the computer system starting where CPU 300, can need to call at association
It manages to add in the application code of device and other language (is also possible to, the present invention is unlimited with assembler language sequence below for example
In this) coprocessor instruction write:
Movl $ 0x1, %eax
.byte 0x0f,0x3c
Above-mentioned coprocessor instruction will be commanded controller 302 and be translated as co processor operation, thereby executing coprocessor
" initialization " (0x1) operation, return state is saved in general register EAX.Certain general register EAX here is only
For citing, the invention is not limited thereto.
It, can be in the application journey that need to call coprocessor when application program, which will transmit data to coprocessor, to be handled
The coprocessor instruction write with assembler language sequence below for example is added in sequence code:
Movl address, %edi//by taking pointer register EDI saves writing buffer address as an example
Movl $ 0x3, %eax
.byte 0x0f,0x3c
Above-mentioned coprocessor instruction will be commanded controller 302 and be translated as co processor operation, thereby executing coprocessor
" writing " (0x3) operation, return state is saved in general register EAX, processing result (if so) quilt of return
It is stored in the buffer area of pointer register (such as EDI) direction.Certainly general register EAX and pointer register EDI here
It is only for example, the invention is not limited thereto.
It, can be in the application code that need to call coprocessor when application program will read data from coprocessor
The coprocessor instruction write with assembler language sequence below addition such as:
Movl address, %esi//by taking pointer register ESI saves reading buffer address as an example
Movl $ 0x2, %eax
.byte 0x0f,0x3c
Above-mentioned coprocessor instruction will be commanded controller 302 and be translated as co processor operation, thereby executing coprocessor
" reading " (0x2) operation, the data of reading be saved in pointer register ESI direction buffer area in, return state is saved
In general register EAX.Certainly general register EAX and pointer register ESI here is only for example, the present invention is not limited to
This.
According to embodiment, can forbid from 300 external access coprocessor instruction memory 301 of CPU, to prevent at association
The director data of reason device instruction is leaked.In one embodiment, which can be CPU's 300
Micro-code instruction memory is also possible to independent another command memory.In addition, by coprocessor interface 304 in centre
The data transmitted between reason device 300 and coprocessor can be prohibited to access.If having physics between CPU 300 and coprocessor
Channel is exposed on mainboard, can increase security protection means on physical channel according to actual needs (such as encryption and hashed value
Verifying (HMAC) etc.) guarantee the safe and reliable of physical channel.
The present invention can replace the driver of coprocessor using one or several customized coprocessor instruction, all
It is to call directly coprocessor instruction using the application program of this coprocessor to realize the operation of control coprocessor.
In addition, in the embodiment that coprocessor instruction is realized with micro-code instruction, since micro-code instruction is to application developer and place
Managing the third party except the manufacturer of device is secrecy, and the language of writing of director data corresponding to micro-code instruction is non-public
, therefore the behavior of this coprocessor instruction is difficult to be arrived by " conjecture ", and then also just improves co processor operation
Safety.
Fig. 4 shows the flow chart of the method according to the embodiment that co processor operation is executed in CPU.
In step S400, director data corresponding to coprocessor instruction relevant to the control operation of coprocessor is pre-
It is first stored in CPU.For example, described instruction data can be " initialization " with the coprocessor in above example, " reading ",
The corresponding director data (first method) of each of the operation such as " writing ", " control ", " read states ", or can be
Director data corresponding with unified co processor operation (second method), and distinguished at specific association by register value
Manage device operation.
As described above, which can be the customized micro-code instruction of CPU.Furthermore, it is possible to utilize microcode
Patch is stored in advance or updates director data.For example, coprocessor instruction to be defined as to new customized micro-code instruction
In embodiment, the director data of the coprocessor instruction can be written in CPU by microcode patch.
In step S401, the coprocessor instruction in currently performed program code is read.
In step S402, director data corresponding to the coprocessor instruction is searched in stored director data.
In step S403, the coprocessor instruction is translated as connecing with coprocessor according to the corresponding director data found
At least one relevant microoperation of mouth.Later, in step S404, the microoperation is executed to control by the coprocessor interface
The operation of the coprocessor.
According to embodiment, as described above, the director data wherein stored from CPU external access can be forbidden in order to avoid revealing
Details about co processor operation.
Each embodiment of the invention is specifically described as described above, having been described above, but the invention is not restricted to this.
It should be appreciated by those skilled in the art, can be carry out various modifications, be combined according to design requirement or other factors, sub-portfolio or
Person's replacement, and they are in the range of the appended claims and its equivalent.
Claims (20)
1. a kind of central processing unit, comprising:
Concealed command memory, for the corresponding director data of concealed instruction relevant to Blinding Operations to be stored in advance, wherein
Forbid from the central processing unit external access secret command memory;
Instruction control unit is instructed for the secret according to included by present procedure, and searching in the secret command memory should
The corresponding director data of secret instruction, and be at least one micro- behaviour by the secret instruction translation according to the corresponding director data
Make;And
Execution unit, for executing the microoperation,
Wherein, secret instruction uses the operation code to maintain secrecy.
2. central processing unit as described in claim 1, wherein secret instruction is that the customized microcode of the central processing unit refers to
It enables.
3. central processing unit as described in claim 1, wherein the secret command memory is that the microcode of the central processing unit is mended
At least part of fourth memory, and
Described instruction data are wherein stored in advance or updated using microcode patch.
4. central processing unit as described in claim 1, wherein when the instruction control unit is not found corresponding to secret instruction
When director data, which, which terminates, executes the present procedure.
5. central processing unit as described in claim 1, wherein the secret in the present procedure is instructed to the present procedure
Third party other than the manufacturer of developer and the central processing unit is secrecy.
6. a kind of method for executing Blinding Operations in central processing unit, comprising:
The corresponding director data of concealed instruction relevant to the Blinding Operations is stored in advance in the central processing unit, wherein prohibiting
Only from the central processing unit external access described instruction data;
Read the instruction of the secret included by present procedure;
The corresponding director data of secret instruction is searched in stored director data;
According to the corresponding director data by the secret instruction translation be at least one microoperation;And
The microoperation is executed,
Wherein, secret instruction uses the operation code to maintain secrecy.
7. method as claimed in claim 6, the customized micro-code instruction that wherein secret instructs as the central processing unit.
8. method as claimed in claim 6, wherein described instruction data are stored in advance or updated using microcode patch.
9. method as claimed in claim 6, further comprising:
When not finding director data corresponding to secret instruction, terminates and execute the present procedure.
10. method as claimed in claim 6, wherein the secret in the present procedure instructs the developer to the present procedure
And the third party other than the manufacturer of the central processing unit is secrecy.
11. a kind of central processing unit, comprising:
Coprocessor instruction memory, the relevant coprocessor instruction institute of operation for being stored in advance to controlling coprocessor are right
The director data answered, wherein forbidding from the central processing unit external access coprocessor instruction memory;
Coprocessor interface, for being communicated with the coprocessor;
Instruction control unit, for the coprocessor instruction according to included by present procedure, in the coprocessor instruction memory
Director data corresponding to middle lookup coprocessor instruction, and turned over the coprocessor instruction according to the corresponding director data
It is translated at least one microoperation relevant to the coprocessor interface;And
Execution unit, for executing the microoperation to control the operation of the coprocessor by the coprocessor interface,
Wherein, which uses the operation code to maintain secrecy.
12. central processing unit as claimed in claim 11, wherein the coprocessor instruction is the customized of the central processing unit
Micro-code instruction.
13. central processing unit as claimed in claim 11, wherein the coprocessor instruction memory is the central processing unit
At least part of microcode patch memory, and
Described instruction data are wherein stored in advance or updated using microcode patch.
14. central processing unit as claimed in claim 11, wherein the operation of the coprocessor includes initialization, reading and writing, control
At least one of system, read states.
15. central processing unit as claimed in claim 11, wherein forbidding from the central processing unit external access coprocessor
Command memory.
16. a kind of method for executing co processor operation in central processing unit, comprising:
Finger corresponding to coprocessor instruction relevant to the control operation of coprocessor is stored in advance in the central processing unit
Data are enabled, wherein forbidding from the central processing unit external access described instruction data;
Read the coprocessor instruction included by present procedure;
Director data corresponding to the coprocessor instruction is searched in stored director data;
The coprocessor instruction is translated as to relevant to coprocessor interface at least one is micro- according to the corresponding director data
Operation;And
The microoperation is executed to control the operation of the coprocessor by the coprocessor interface,
Wherein, which uses the operation code to maintain secrecy.
17. the method described in claim 16, wherein the coprocessor instruction is that the customized microcode of the central processing unit refers to
It enables.
18. the method described in claim 16, wherein described instruction data are stored in advance or updated using microcode patch.
19. the method described in claim 16, wherein the operation of the coprocessor includes initialization, reading and writing, control, reads shape
At least one of state.
20. the method described in claim 16, wherein forbidding from the central processing unit external access described instruction data.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610378308.9A CN106055309B (en) | 2016-05-27 | 2016-05-27 | Central processing unit and wherein execute Blinding Operations, co processor operation method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610378308.9A CN106055309B (en) | 2016-05-27 | 2016-05-27 | Central processing unit and wherein execute Blinding Operations, co processor operation method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106055309A CN106055309A (en) | 2016-10-26 |
CN106055309B true CN106055309B (en) | 2019-04-02 |
Family
ID=57172963
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610378308.9A Active CN106055309B (en) | 2016-05-27 | 2016-05-27 | Central processing unit and wherein execute Blinding Operations, co processor operation method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106055309B (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101261664A (en) * | 2008-04-10 | 2008-09-10 | 北京深思洛克数据保护中心 | A method for realizing software protection based on the program code stored in the software protection device |
CN102231180A (en) * | 2011-07-30 | 2011-11-02 | 张鹏 | Method capable of redefining command code of processor |
CN102681819A (en) * | 2011-03-10 | 2012-09-19 | 炬力集成电路设计有限公司 | Method and device for realizing flexible and low-cost instruct replacement |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9846789B2 (en) * | 2011-09-06 | 2017-12-19 | International Business Machines Corporation | Protecting application programs from malicious software or malware |
-
2016
- 2016-05-27 CN CN201610378308.9A patent/CN106055309B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101261664A (en) * | 2008-04-10 | 2008-09-10 | 北京深思洛克数据保护中心 | A method for realizing software protection based on the program code stored in the software protection device |
CN102681819A (en) * | 2011-03-10 | 2012-09-19 | 炬力集成电路设计有限公司 | Method and device for realizing flexible and low-cost instruct replacement |
CN102231180A (en) * | 2011-07-30 | 2011-11-02 | 张鹏 | Method capable of redefining command code of processor |
Also Published As
Publication number | Publication date |
---|---|
CN106055309A (en) | 2016-10-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11620391B2 (en) | Data encryption based on immutable pointers | |
JP7101761B2 (en) | Call path dependent authentication | |
US10691482B2 (en) | Systems, methods, and apparatus for securing virtual machine control structures | |
US11138127B2 (en) | Initializing a data structure for use in predicting table of contents pointer values | |
CN110352404B (en) | Comparison string processing through micro-operation extension based on inline decoding | |
US10564967B2 (en) | Move string processing via inline decode-based micro-operations expansion | |
US10747532B2 (en) | Selecting processing based on expected value of selected character | |
US10884930B2 (en) | Set table of contents (TOC) register instruction | |
KR20210084223A (en) | Method and apparatus for multi-key total memory encryption based on dynamic key derivation | |
US10896030B2 (en) | Code generation relating to providing table of contents pointer values | |
US10789069B2 (en) | Dynamically selecting version of instruction to be executed | |
US10255068B2 (en) | Dynamically selecting a memory boundary to be used in performing operations | |
US10613862B2 (en) | String sequence operations with arbitrary terminators | |
CN111095201A (en) | Predicting a table of contents pointer value in response to a branch to a subroutine | |
US10620956B2 (en) | Search string processing via inline decode-based micro-operations expansion | |
EP3486826A1 (en) | Address layout varying process | |
US20230018585A1 (en) | Updating encrypted security context in stack pointers for exception handling and tight bounding of on-stack arguments | |
CN112596792B (en) | Branch prediction method, apparatus, medium, and device | |
CN106055309B (en) | Central processing unit and wherein execute Blinding Operations, co processor operation method | |
CN109426703B (en) | Method and device for protecting core code on IOS platform | |
US11803381B2 (en) | Instruction simulation device and method thereof | |
US20220335140A1 (en) | Cryptographic computing isolation for multi-tenancy and secure software components | |
JP2023048100A (en) | Isa accessible physical unclonable function |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CP03 | Change of name, title or address | ||
CP03 | Change of name, title or address |
Address after: Room 301, 2537 Jinke Road, Zhangjiang High Tech Park, Pudong New Area, Shanghai 201203 Patentee after: Shanghai Zhaoxin Semiconductor Co.,Ltd. Address before: Room 301, 2537 Jinke Road, Zhangjiang hi tech park, Shanghai 201203 Patentee before: VIA ALLIANCE SEMICONDUCTOR Co.,Ltd. |