CN106055309B - Central processing unit and wherein execute Blinding Operations, co processor operation method - Google Patents

Central processing unit and wherein execute Blinding Operations, co processor operation method Download PDF

Info

Publication number
CN106055309B
CN106055309B CN201610378308.9A CN201610378308A CN106055309B CN 106055309 B CN106055309 B CN 106055309B CN 201610378308 A CN201610378308 A CN 201610378308A CN 106055309 B CN106055309 B CN 106055309B
Authority
CN
China
Prior art keywords
instruction
coprocessor
processing unit
central processing
secret
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610378308.9A
Other languages
Chinese (zh)
Other versions
CN106055309A (en
Inventor
李凯
沈昀
黄振华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Zhaoxin Semiconductor Co Ltd
Original Assignee
Shanghai Zhaoxin Integrated Circuit Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Zhaoxin Integrated Circuit Co Ltd filed Critical Shanghai Zhaoxin Integrated Circuit Co Ltd
Priority to CN201610378308.9A priority Critical patent/CN106055309B/en
Publication of CN106055309A publication Critical patent/CN106055309A/en
Application granted granted Critical
Publication of CN106055309B publication Critical patent/CN106055309B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/3017Runtime instruction translation, e.g. macros
    • G06F9/30178Runtime instruction translation, e.g. macros of compressed or encrypted instructions

Abstract

A kind of central processing unit and its operating method are provided.The central processing unit, comprising: concealed command memory, for the corresponding director data of concealed instruction relevant to Blinding Operations to be stored in advance, wherein forbidding from the central processing unit external access secret command memory;Instruction control unit searches the corresponding director data of secret instruction, and be at least one microoperation by the secret instruction translation according to the corresponding director data for instructing according to one in present procedure is concealed in the secret command memory;And execution unit, for executing the microoperation.

Description

Central processing unit and wherein execute Blinding Operations, co processor operation method
Technical field
The present invention relates to central processing unit and its operating methods, more particularly, to execution Blinding Operations or coprocessor The central processing unit and its operating method of operation.
Background technique
In computer systems, the software for executing specific function is realized by program code.For business benefit The consideration of benefit or safety, software developer are not intended to disclose code segment corresponding with Blinding Operations in program sometimes.For example, this is hidden Secret operation can be the operating procedure for being not intended to disclosed core algorithm, be also possible to security-related operation.For this purpose, can be with The code of the Blinding Operations is protected using means such as encryptions, but which increase the complexity of realization, Er Qie It is often difficult to obtain ideal compromise between confidentiality and efficiency.On the one hand, the raising of confidentiality is opened along with additional calculating Pin, another aspect, the secrecy realized using the enciphering and deciphering algorithm of lightweight are simultaneously unreliable.
Meanwhile for the angle of hardware quotient, the execution platform for limiting the software of its exploitation is sometimes wished, or to this Kind limitation is controlled.For example, central processing unit (CPU) manufacturer may want to so that certain software can only be in its production It executes, or can only be executed on the CPU of specific model or batch on CPU.Similarly, it in order to realize this limitation, causes multiple The increase of miscellaneous degree and expense.
In addition, coprocessor is widely used in executing load of the specific function to mitigate CPU in computer systems.At association It manages device usually to occur with the identity of system equipment, thus needs to write corresponding driver in every kind of operating system (OS). These drivers are different, increase the workload of exploitation, and lack flexibility ratio.In addition, passing through the side such as reverse-engineering Method analysis-driven program is possible to obtain the realization details that developer is reluctant disclosure without permission.
Summary of the invention
Therefore, to solve the above-mentioned problems, the present invention provides the central processing unit that can expeditiously execute Blinding Operations And its operating method.In addition, the present invention also provides central processing unit and its behaviour that can expeditiously execute co processor operation Make method.
According to an aspect of an embodiment of the present invention, a kind of central processing unit is provided, comprising: concealed command memory is used In the corresponding director data of concealed instruction relevant to Blinding Operations is stored in advance, wherein forbidding outside the central processing unit Access the secret command memory;Instruction control unit is deposited for instructing according to one in present procedure is concealed in secret instruction The corresponding director data of secret instruction is searched in reservoir, and is by the secret instruction translation according to the corresponding director data At least one microoperation;And execution unit, for executing the microoperation.
According to an embodiment of the invention, secret instruction can be the customized micro-code instruction of the central processing unit.
According to an embodiment of the invention, the secret command memory can be the microcode patch memory of the central processing unit At least part, and can use microcode patch to be stored in advance or update described instruction data.
According to an embodiment of the invention, when the instruction control unit does not find the corresponding director data of secret instruction, The central processing unit, which can terminate, executes the present procedure.
According to an embodiment of the invention, the secret in the present procedure is instructed in the developer of the present procedure and this Third party other than the manufacturer of central processor is secrecy.
According to another aspect of an embodiment of the present invention, a kind of method packet executing Blinding Operations in central processing unit is provided It includes: the corresponding director data of concealed instruction relevant to the Blinding Operations being stored in advance in the central processing unit, wherein prohibiting Only from the central processing unit external access described instruction data;Read the concealed instruction in present procedure;In stored finger It enables and searches the corresponding director data of secret instruction in data;It is by the secret instruction translation according to the corresponding director data At least one microoperation;And execute the microoperation.
According to an embodiment of the invention, secret instruction can be the customized micro-code instruction of the central processing unit.
According to an embodiment of the invention, can use microcode patch to be stored in advance or update described instruction data.
According to an embodiment of the invention, this method may further include: instructing corresponding finger when not finding the secret When enabling data, terminates and execute the present procedure.
According to an embodiment of the invention, the secret in the present procedure is instructed in the developer of the present procedure and this Third party other than the manufacturer of central processor is secrecy.
According to another aspect of an embodiment of the present invention, a kind of central processing unit is provided, comprising: coprocessor instruction storage Device, for director data corresponding to coprocessor instruction relevant to the operation of coprocessor is controlled to be stored in advance;Association's processing Device interface, for being communicated with the coprocessor;Instruction control unit, for according to the coprocessor instruction in present procedure, Director data corresponding to the coprocessor instruction is searched in the coprocessor instruction memory, and according to the corresponding instruction number At least one microoperation relevant to the coprocessor interface is translated as according to by the coprocessor instruction;And execution unit, it uses The operation of the coprocessor is controlled by the coprocessor interface in the execution microoperation.
According to an embodiment of the invention, the coprocessor instruction can be the customized micro-code instruction of the central processing unit.
According to an embodiment of the invention, the coprocessor instruction memory can be deposited for the microcode patch of the central processing unit At least part of reservoir, and can use microcode patch to be stored in advance or update described instruction data.
According to an embodiment of the invention, the operation of the coprocessor may include initialization, reading and writing, control, in read states At least one.
According to an embodiment of the invention, can forbid storing from the central processing unit external access coprocessor instruction Device.
According to another aspect of an embodiment of the present invention, a kind of side executing co processor operation in central processing unit is provided Method, comprising: be stored in advance in the central processing unit corresponding to coprocessor instruction relevant to the control operation of coprocessor Director data;Read the coprocessor instruction in present procedure;The coprocessor is searched in stored director data The corresponding director data of instruction;The coprocessor instruction is translated as and coprocessor interface according to the corresponding director data At least one relevant microoperation;And the microoperation is executed to control the behaviour of the coprocessor by the coprocessor interface Make.
According to an embodiment of the invention, the coprocessor instruction can be the customized micro-code instruction of the central processing unit.
According to an embodiment of the invention, can use microcode patch to be stored in advance or update described instruction data.
According to an embodiment of the invention, the operation of the coprocessor may include initialization, reading and writing, control, in read states At least one.
According to an embodiment of the invention, can forbid from the central processing unit external access described instruction data.
It, can be effectively hidden by using the central processing unit and its operating method according to the present invention for executing Blinding Operations The details for hiding Blinding Operations prevents application program from causing the leakage of know-how by the analysis of the methods of reverse-engineering, while can be with Easily execute Blinding Operations.Furthermore, it is possible to using customized Blinding Operations come the execution platform of restricted software.
It, can be efficient by using the central processing unit and its operating method according to the present invention for executing co processor operation Environment of the co processor operation without regard to operating system is executed to rate, to reduce the development cost of driver.Into One step can also hide the specific implementation details of the operation of coprocessor, to prevent because coprocessor driver is by reverse work The methods of journey analyzes the leakage for causing know-how.
Detailed description of the invention
Figure 1A shows the block diagram of the central processing unit according to the embodiment for executing Blinding Operations;
Figure 1B is shown according to the execution Blinding Operations by concealed instruction definition for the embodiment of new customized micro-code instruction Central processing unit block diagram;
Fig. 2 shows according to the embodiment in central processing unit execute Blinding Operations method flow chart;
Fig. 3 shows the block diagram of the central processing unit according to the embodiment for executing co processor operation;And
Fig. 4 shows the flow chart of the method according to the embodiment that co processor operation is executed in central processing unit.
Specific embodiment
It is described in detail with reference to the accompanying drawings according to an exemplary embodiment of the invention.It, will be same or similar attached in attached drawing Icon note assigns structure and function substantially the same composition part, and in order to keep specification conciser, be omitted about The redundancy description of essentially the same composition part.
Figure 1A shows the block diagram of the central processing unit (CPU) 100 according to the embodiment for executing Blinding Operations.
A referring to Fig.1, CPU 100 includes concealed command memory 101, instruction control unit 102 and execution unit 103.
The corresponding instruction number of concealed instruction relevant to Blinding Operations is stored in advance in concealed command memory 101 According to.Director data is revealed in order to prevent, is forbidden from 100 external access secret command memory 101 of CPU.
According to embodiment, which instructs the customized micro-code instruction (microcode that can be CPU 100 instruction).It should be pointed out that the microcode (microcode) in this specification refers to the hardware being solidificated in inside CPU Coding, for the complicated long instruction in instruction set to be translated as the microcommand (or microoperation or " μ ops ") that CPU is able to carry out, because And it is different from the term " microcode " of part manufacturer (e.g., IBM) for the nickname as firmware (firmware).
In the CPU production phase, solidify microcode as hardware encoding in circuit.After CPU factory, microcode cannot It is directly modified or replaces;In order to guarantee the flexibility of microcode execution, the function of CPU microcode can be upgraded after factory.It is micro- Code function upgrading can be written by software approach, and the code of write-in can be stored in the microcode patch memory of CPU.By This, microcode can inquire microcode patch memory in the process of implementation, if the code executed has updated by patch, execute micro- Code in code patch memory, to realize the target of microcode functions upgrading.The CPU microcode patch of the prior art is only limitted to pair The reparation and error correction for the microcode having been cured, and one embodiment of the invention system using microcode patch come the new function of extension CPU.
According to embodiment, concealed command memory 101 can be CPU 100 microcode patch memory or in which one Point, and the director data wherein stored is stored in advance or updated using microcode patch.I other words having when in an application program When one section of operation needs concealed, then at least one secret of code corresponding to this section of Blinding Operations in the application program is referred to It enables and replacing, it, should by way of microcode patch in the embodiment for being new customized micro-code instruction by concealed instruction definition The corresponding director data of secret instruction is stored in advance or is updated in concealed command memory 101.
During executing program, instruction control unit 102 is instructed according to the secret in currently performed program code, The corresponding director data of secret instruction is searched in concealed command memory 101, and according to the corresponding director data found It is at least one microoperation by the secret instruction translation, gives the microoperation to execution unit 103 and execute.
Figure 1B is according to by the execution Blinding Operations for the embodiment that concealed instruction definition is new customized micro-code instruction The block diagram of central processing unit (CPU) 100'.B referring to Fig.1, CPU 100' are in addition to including concealed command memory 101', instruction control It further include 104, Instruction decoding instruction cache (instruction cache) except device 102' and execution unit 103' processed Device (instruction decoder) 105,106, reservation station register alias table (Register Alias Table, RAT) (Reservation Station, RS) 107 and resequencing buffer (Reorder Buffer, ROB) 108.Here, instruction is high The macro-instruction of the instruction set architecture of speed 104 cache x86 instruction set architectures of caching etc.;Command decoder 105 is from instruction Macro-instruction is read in cache 104, wherein being directly translated as by command decoder 105 if macro-instruction is simple instruction It is sent after microoperation to the rear end of CPU 100' and (including register alias table 106, reservation station 107, resequencing buffer 108 and is held Row unit 103' etc.) it executes, if macro-instruction is concealed instruction of the invention, command decoder 105 can not be decoded directly, in It is that secret instruction is sent to instruction control unit 102';Instruction control unit 102' according in concealed command memory 101' in advance with The corresponding director data of the secret instruction of microcode patch form storage by the secret instruction translation for CPU be able to carry out to A few microoperation, specifically, instructing included operation code (such as " 0F 3B ") according to the secret is index in microcode benefit The corresponding director data including multiple microoperations is searched in fourth, these director datas are with script with software in software program The Blinding Operations that program code is realized are related, and in the present invention, these director datas are real with microcode language in microcode patch Existing, microcode writes language different from conventional programning languages, and it is just high that itself decodes difficulty;Then, these microoperations are provided to The register alias table 106 of the rear end CPU 100', register alias table 106 generate the dependence (dependency) of microoperation simultaneously Microoperation is sent to reservation station 107 according to program sequencing, and sends microoperation to resequencing buffer 108.Resequencing buffer 108 be that each microoperation distribution entry (entry) emitted from register alias table 106 is believed with storing the related of corresponding microoperation Breath.Microoperation is assigned to a suitable execution in multiple execution unit 103' by reservation station 107.Execution unit 103' by they Implementing result provide to resequencing buffer 108, exit (retire) according to the order in program with ensure microoperation.Figure 1B is according to CPU 100' be Out-of-order execution super scalar pipeline CPU for illustrate, however, the present invention is not limited thereto.
It is worth noting that, the present embodiment of the invention will when there is one section of operation to need concealed in an application program Code corresponding to this section of Blinding Operations in the application program is replaced at least one secret instruction, and passes through microcode patch The corresponding director data of secret instruction is stored in advance or is updated in concealed command memory 101 by mode.With X86-based For system, the general format of custom instruction may include instruction prefixes, operation code (Opcode), operand address (ModR/ The fields such as M), wherein only operation code be it is required, other fields are all optional.Customized micro-code instruction in the present invention exists Meet on the basis of the format using the operation code of secrecy to achieve the purpose that secret, for ease of description, makes in this specification Secret instruction only includes operation code (Opcode), however the invention is not limited thereto.Since concealed command memory 101 is forbidden From CPU external access, the safety of Blinding Operations ensure that, in addition, since application developer needs to be implemented in a program Secret instruction is added in the place of the Blinding Operations, and secret instruction only has the developer of present procedure and the system of CPU It makes quotient and knows its meaning, and be secrecy for third party, such as third party, only visible one unknown operation Code, therefore this instruction in application program can not be decoded by way of reverse-engineering, further improve safety.
It illustrates how to realize the concealed function of instructing by taking a modification national secret algorithm SM3 as an example below.
The calculating process of national secret algorithm SM3 is divided into three steps: filling, generates Hash Value at Iteration Contraction.In Iteration Contraction process In compression function it is as shown below:
Enabling A, B, C, D, E, F, G, H is word register, and SS1, SS2, TT1, TT2 are intermediate variable, compression function Vi+1=CF (V(i), B(i)), 0≤i≤n-1.Calculating process is described as follows:
ABCDEFGH←V(i)
FORj=0TO63
SS1 ← ((A < < < 12)+E+ (Tj< < < j)) < < < 7
TT1←FFj(A, B, C)+D+SS2+W 'j
TT2←GGj(E, F, G)+H+SS1+Wj
D←C
C ← B < < < 9
B←A
A←TT1
H←G
G ← F < < < 19
F←E
E←P0(TT2)
ENDFOR
In certain application scenarios (in military affairs), Encryption Algorithm will often limit use scope, so when algorithm for design Not only think the technical characterstic of reference public algorithm, but also want to reach " concealed safety (security through obscurity) " Purpose.For SM3 algorithm, reaching one of method of this purpose is exactly that above-mentioned compression algorithm is modified.With one For a simple amending method: can be by the first row ABCDEFGH ← V in the calculating process of the compression algorithm(i)It is revised as HGFEDCBA←V(i);By last line V(i+1)←ABCDEFGH⊕V(i)It is revised as V(i+1)←HGFEDCBA⊕V(i), other meters Calculation process is constant.
In order to hide above-mentioned modification SM3 algorithm, the concealed instruction of two byte lengths: " 0F 3B " can be designed.This refers to The operation code (Opcode) of order is " 0F 3B ", other fields are entirely absent.It is being the new of CPU 100 by concealed instruction definition Customized micro-code instruction embodiment in, by microcode patch by instruction number corresponding with the operation of above-mentioned modification SM3 algorithm According to concealed command memory 101 is written in the microoperation code including realizing above-mentioned calculating process in the form of microcode programming language In.
Furthermore, it is possible to define the parameter of the instruction: general register ECX (RCX) expression of such as CPU100 will make SM3 meter The data length of calculation, ESI (RSI) indicate the initial address of data, and EDI (RDI) indicates the storage address of calculated result.When making When with modification SM3 algorithm, program developer first defines the value of these general registers, then " 0F 3B " is added to program In suitable position, that is, above-mentioned modification SM3 algorithm can be used.
If attempting to the implementation procedure for speculating modification SM3 algorithm by reverse-engineering (e.g., dis-assembling technology), Then when seeing instruction " 0F 3B ", its behavior can not be guessd out, this has just reached the mesh for hiding the details of " secret algorithm/operation " , realize a kind of " concealed safety ".
As optional embodiment, when instruction control unit 102 does not find the corresponding director data of secret instruction, in Central processor 100 can terminate the execution of present procedure.The characteristic can be used for the execution platform of limiting program.For example, can be with It is added in a program for limiting the concealed instruction for executing platform, and only in the concealed instruction storage of corresponding platform (that is, CPU) The director data of secret instruction is stored in device.To when the program executes in the platform of not stored corresponding director data When, when going to secret instruction, program execution will be terminated, to achieve the effect that limitation executes platform.
Fig. 2 shows according to the embodiment in CPU execute Blinding Operations method flow chart.
In step S200, the corresponding director data of concealed instruction relevant to Blinding Operations is pre-stored in CPU, And forbid from CPU external access director data in order to avoid revealing the details about Blinding Operations.For example, described instruction data can be with It is director data relevant to the operation of above-mentioned national secret algorithm SM3.
As described above, secret instruction can be the customized micro-code instruction of CPU.Furthermore, it is possible to utilize microcode patch To be stored in advance or update director data.For example, can pass through when being new customized micro-code instruction by concealed instruction definition Microcode patch will be in the corresponding director data write-in CPU of secret instruction.
In step S201, the concealed instruction in currently performed program code is read.For example, high from the instruction in Figure 1B Secret instruction is read in speed caching 104.
In step S202, the corresponding director data of secret instruction is searched in stored director data.
In step S203, it is determined whether find corresponding director data.When finding director data, in step S204, root According to the corresponding director data found by the secret instruction translation be at least one microoperation.Later, in step S205, institute is executed State microoperation.
Optionally, when not finding director data corresponding to secret instruction, in step S206, future is worked as in CPU termination The execution of sequence.As described above, which can achieve the effect that limiting program executes platform.
Fig. 3 shows the block diagram of the CPU 300 according to the embodiment for executing co processor operation.
It include coprocessor instruction memory 301, instruction control unit 302,303 and of execution unit referring to Fig. 3, CPU 300 Coprocessor interface 304.
Coprocessor relevant to the control operation of coprocessor is previously stored in coprocessor instruction memory 301 to refer to Enable corresponding director data.
According to embodiment, which can be the customized micro-code instruction of CPU 300.
According to embodiment, coprocessor instruction memory 301 can be CPU 300 microcode patch memory or in which A part, and the director data wherein stored is stored in advance or updated using microcode patch.For example, by coprocessor instruction It is defined as in the embodiment of new customized micro-code instruction, it can be right by coprocessor instruction institute by way of microcode patch The director data answered is stored in advance in coprocessor instruction memory 301.
Coprocessor interface 304 is the interface for communicating with coprocessor (not being painted in figure).Coprocessor is independent Processor except CPU 300 assists CPU 300 to execute specific function to mitigate the load of CPU 300.
During executing program, if instruction control unit 302 receives at the association in currently performed program code Device instruction is managed, searches director data corresponding to the coprocessor instruction in coprocessor instruction memory 301, and according to looking for To corresponding instruction data the coprocessor instruction is translated as at least one microoperation relevant to coprocessor interface 304, It gives the microoperation to execution unit 303 to execute, to control the operation of the coprocessor by coprocessor interface 304.
According to embodiment, the co processor operation may include the initialization of coprocessor, reading and writing, control, in read states At least one.In the embodiment for realizing co processor operation by customized micro-code instruction, a kind of method is for each Operation defines one " customized micro-code instruction " respectively, and it is " customized that another method is merely co processor operation definition one Micro-code instruction ", and different operations is distinguished using different parameters.
The function of how realizing coprocessor instruction is exemplified below.
It is possible, firstly, to using the method for the first above-mentioned customized micro-code instruction, at the association of one two byte length of design Manage device instruction: " 0F 3C ".The operation code (Opcode) of the instruction is " 0F 3C ", other fields are entirely absent.Meanwhile when The value of the general register (e.g., EAX or RAX) of CPU 300 is 0x1,0x2,0x3, and when 0x4,0x5 corresponds respectively to coprocessor " initialization ", " reading ", " writing ", " control ", " read states " operation.Further, it is also possible to be transmitted using other general registers Some parameters, such as buffer zone address used in " reading ", " writing " operation etc..As set forth above, it is possible to will be with by microcode patch In the relevant director data write-in coprocessor instruction memory 301 of the operation of above-mentioned coprocessor.
As an example, coprocessor interface 304 may be coupled to four register interfaces of coprocessor: control deposit Device, status register, command description accord with address register.And response descriptor address register.To handle this association " initialization " that device carries out, " reading ", " writing ", " control ", the operations such as " read states " be all by read and write in sequence this four A register is completed.However, above-mentioned is only example, the invention is not limited thereto.
When needing to initialize coprocessor in the computer system starting where CPU 300, can need to call at association It manages to add in the application code of device and other language (is also possible to, the present invention is unlimited with assembler language sequence below for example In this) coprocessor instruction write:
Movl $ 0x1, %eax
.byte 0x0f,0x3c
Above-mentioned coprocessor instruction will be commanded controller 302 and be translated as co processor operation, thereby executing coprocessor " initialization " (0x1) operation, return state is saved in general register EAX.Certain general register EAX here is only For citing, the invention is not limited thereto.
It, can be in the application journey that need to call coprocessor when application program, which will transmit data to coprocessor, to be handled The coprocessor instruction write with assembler language sequence below for example is added in sequence code:
Movl address, %edi//by taking pointer register EDI saves writing buffer address as an example
Movl $ 0x3, %eax
.byte 0x0f,0x3c
Above-mentioned coprocessor instruction will be commanded controller 302 and be translated as co processor operation, thereby executing coprocessor " writing " (0x3) operation, return state is saved in general register EAX, processing result (if so) quilt of return It is stored in the buffer area of pointer register (such as EDI) direction.Certainly general register EAX and pointer register EDI here It is only for example, the invention is not limited thereto.
It, can be in the application code that need to call coprocessor when application program will read data from coprocessor The coprocessor instruction write with assembler language sequence below addition such as:
Movl address, %esi//by taking pointer register ESI saves reading buffer address as an example
Movl $ 0x2, %eax
.byte 0x0f,0x3c
Above-mentioned coprocessor instruction will be commanded controller 302 and be translated as co processor operation, thereby executing coprocessor " reading " (0x2) operation, the data of reading be saved in pointer register ESI direction buffer area in, return state is saved In general register EAX.Certainly general register EAX and pointer register ESI here is only for example, the present invention is not limited to This.
According to embodiment, can forbid from 300 external access coprocessor instruction memory 301 of CPU, to prevent at association The director data of reason device instruction is leaked.In one embodiment, which can be CPU's 300 Micro-code instruction memory is also possible to independent another command memory.In addition, by coprocessor interface 304 in centre The data transmitted between reason device 300 and coprocessor can be prohibited to access.If having physics between CPU 300 and coprocessor Channel is exposed on mainboard, can increase security protection means on physical channel according to actual needs (such as encryption and hashed value Verifying (HMAC) etc.) guarantee the safe and reliable of physical channel.
The present invention can replace the driver of coprocessor using one or several customized coprocessor instruction, all It is to call directly coprocessor instruction using the application program of this coprocessor to realize the operation of control coprocessor. In addition, in the embodiment that coprocessor instruction is realized with micro-code instruction, since micro-code instruction is to application developer and place Managing the third party except the manufacturer of device is secrecy, and the language of writing of director data corresponding to micro-code instruction is non-public , therefore the behavior of this coprocessor instruction is difficult to be arrived by " conjecture ", and then also just improves co processor operation Safety.
Fig. 4 shows the flow chart of the method according to the embodiment that co processor operation is executed in CPU.
In step S400, director data corresponding to coprocessor instruction relevant to the control operation of coprocessor is pre- It is first stored in CPU.For example, described instruction data can be " initialization " with the coprocessor in above example, " reading ", The corresponding director data (first method) of each of the operation such as " writing ", " control ", " read states ", or can be Director data corresponding with unified co processor operation (second method), and distinguished at specific association by register value Manage device operation.
As described above, which can be the customized micro-code instruction of CPU.Furthermore, it is possible to utilize microcode Patch is stored in advance or updates director data.For example, coprocessor instruction to be defined as to new customized micro-code instruction In embodiment, the director data of the coprocessor instruction can be written in CPU by microcode patch.
In step S401, the coprocessor instruction in currently performed program code is read.
In step S402, director data corresponding to the coprocessor instruction is searched in stored director data.
In step S403, the coprocessor instruction is translated as connecing with coprocessor according to the corresponding director data found At least one relevant microoperation of mouth.Later, in step S404, the microoperation is executed to control by the coprocessor interface The operation of the coprocessor.
According to embodiment, as described above, the director data wherein stored from CPU external access can be forbidden in order to avoid revealing Details about co processor operation.
Each embodiment of the invention is specifically described as described above, having been described above, but the invention is not restricted to this. It should be appreciated by those skilled in the art, can be carry out various modifications, be combined according to design requirement or other factors, sub-portfolio or Person's replacement, and they are in the range of the appended claims and its equivalent.

Claims (20)

1. a kind of central processing unit, comprising:
Concealed command memory, for the corresponding director data of concealed instruction relevant to Blinding Operations to be stored in advance, wherein Forbid from the central processing unit external access secret command memory;
Instruction control unit is instructed for the secret according to included by present procedure, and searching in the secret command memory should The corresponding director data of secret instruction, and be at least one micro- behaviour by the secret instruction translation according to the corresponding director data Make;And
Execution unit, for executing the microoperation,
Wherein, secret instruction uses the operation code to maintain secrecy.
2. central processing unit as described in claim 1, wherein secret instruction is that the customized microcode of the central processing unit refers to It enables.
3. central processing unit as described in claim 1, wherein the secret command memory is that the microcode of the central processing unit is mended At least part of fourth memory, and
Described instruction data are wherein stored in advance or updated using microcode patch.
4. central processing unit as described in claim 1, wherein when the instruction control unit is not found corresponding to secret instruction When director data, which, which terminates, executes the present procedure.
5. central processing unit as described in claim 1, wherein the secret in the present procedure is instructed to the present procedure Third party other than the manufacturer of developer and the central processing unit is secrecy.
6. a kind of method for executing Blinding Operations in central processing unit, comprising:
The corresponding director data of concealed instruction relevant to the Blinding Operations is stored in advance in the central processing unit, wherein prohibiting Only from the central processing unit external access described instruction data;
Read the instruction of the secret included by present procedure;
The corresponding director data of secret instruction is searched in stored director data;
According to the corresponding director data by the secret instruction translation be at least one microoperation;And
The microoperation is executed,
Wherein, secret instruction uses the operation code to maintain secrecy.
7. method as claimed in claim 6, the customized micro-code instruction that wherein secret instructs as the central processing unit.
8. method as claimed in claim 6, wherein described instruction data are stored in advance or updated using microcode patch.
9. method as claimed in claim 6, further comprising:
When not finding director data corresponding to secret instruction, terminates and execute the present procedure.
10. method as claimed in claim 6, wherein the secret in the present procedure instructs the developer to the present procedure And the third party other than the manufacturer of the central processing unit is secrecy.
11. a kind of central processing unit, comprising:
Coprocessor instruction memory, the relevant coprocessor instruction institute of operation for being stored in advance to controlling coprocessor are right The director data answered, wherein forbidding from the central processing unit external access coprocessor instruction memory;
Coprocessor interface, for being communicated with the coprocessor;
Instruction control unit, for the coprocessor instruction according to included by present procedure, in the coprocessor instruction memory Director data corresponding to middle lookup coprocessor instruction, and turned over the coprocessor instruction according to the corresponding director data It is translated at least one microoperation relevant to the coprocessor interface;And
Execution unit, for executing the microoperation to control the operation of the coprocessor by the coprocessor interface,
Wherein, which uses the operation code to maintain secrecy.
12. central processing unit as claimed in claim 11, wherein the coprocessor instruction is the customized of the central processing unit Micro-code instruction.
13. central processing unit as claimed in claim 11, wherein the coprocessor instruction memory is the central processing unit At least part of microcode patch memory, and
Described instruction data are wherein stored in advance or updated using microcode patch.
14. central processing unit as claimed in claim 11, wherein the operation of the coprocessor includes initialization, reading and writing, control At least one of system, read states.
15. central processing unit as claimed in claim 11, wherein forbidding from the central processing unit external access coprocessor Command memory.
16. a kind of method for executing co processor operation in central processing unit, comprising:
Finger corresponding to coprocessor instruction relevant to the control operation of coprocessor is stored in advance in the central processing unit Data are enabled, wherein forbidding from the central processing unit external access described instruction data;
Read the coprocessor instruction included by present procedure;
Director data corresponding to the coprocessor instruction is searched in stored director data;
The coprocessor instruction is translated as to relevant to coprocessor interface at least one is micro- according to the corresponding director data Operation;And
The microoperation is executed to control the operation of the coprocessor by the coprocessor interface,
Wherein, which uses the operation code to maintain secrecy.
17. the method described in claim 16, wherein the coprocessor instruction is that the customized microcode of the central processing unit refers to It enables.
18. the method described in claim 16, wherein described instruction data are stored in advance or updated using microcode patch.
19. the method described in claim 16, wherein the operation of the coprocessor includes initialization, reading and writing, control, reads shape At least one of state.
20. the method described in claim 16, wherein forbidding from the central processing unit external access described instruction data.
CN201610378308.9A 2016-05-27 2016-05-27 Central processing unit and wherein execute Blinding Operations, co processor operation method Active CN106055309B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610378308.9A CN106055309B (en) 2016-05-27 2016-05-27 Central processing unit and wherein execute Blinding Operations, co processor operation method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610378308.9A CN106055309B (en) 2016-05-27 2016-05-27 Central processing unit and wherein execute Blinding Operations, co processor operation method

Publications (2)

Publication Number Publication Date
CN106055309A CN106055309A (en) 2016-10-26
CN106055309B true CN106055309B (en) 2019-04-02

Family

ID=57172963

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610378308.9A Active CN106055309B (en) 2016-05-27 2016-05-27 Central processing unit and wherein execute Blinding Operations, co processor operation method

Country Status (1)

Country Link
CN (1) CN106055309B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101261664A (en) * 2008-04-10 2008-09-10 北京深思洛克数据保护中心 A method for realizing software protection based on the program code stored in the software protection device
CN102231180A (en) * 2011-07-30 2011-11-02 张鹏 Method capable of redefining command code of processor
CN102681819A (en) * 2011-03-10 2012-09-19 炬力集成电路设计有限公司 Method and device for realizing flexible and low-cost instruct replacement

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9846789B2 (en) * 2011-09-06 2017-12-19 International Business Machines Corporation Protecting application programs from malicious software or malware

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101261664A (en) * 2008-04-10 2008-09-10 北京深思洛克数据保护中心 A method for realizing software protection based on the program code stored in the software protection device
CN102681819A (en) * 2011-03-10 2012-09-19 炬力集成电路设计有限公司 Method and device for realizing flexible and low-cost instruct replacement
CN102231180A (en) * 2011-07-30 2011-11-02 张鹏 Method capable of redefining command code of processor

Also Published As

Publication number Publication date
CN106055309A (en) 2016-10-26

Similar Documents

Publication Publication Date Title
US11620391B2 (en) Data encryption based on immutable pointers
JP7101761B2 (en) Call path dependent authentication
US10691482B2 (en) Systems, methods, and apparatus for securing virtual machine control structures
US11138127B2 (en) Initializing a data structure for use in predicting table of contents pointer values
CN110352404B (en) Comparison string processing through micro-operation extension based on inline decoding
US10564967B2 (en) Move string processing via inline decode-based micro-operations expansion
US10747532B2 (en) Selecting processing based on expected value of selected character
US10884930B2 (en) Set table of contents (TOC) register instruction
KR20210084223A (en) Method and apparatus for multi-key total memory encryption based on dynamic key derivation
US10896030B2 (en) Code generation relating to providing table of contents pointer values
US10789069B2 (en) Dynamically selecting version of instruction to be executed
US10255068B2 (en) Dynamically selecting a memory boundary to be used in performing operations
US10613862B2 (en) String sequence operations with arbitrary terminators
CN111095201A (en) Predicting a table of contents pointer value in response to a branch to a subroutine
US10620956B2 (en) Search string processing via inline decode-based micro-operations expansion
EP3486826A1 (en) Address layout varying process
US20230018585A1 (en) Updating encrypted security context in stack pointers for exception handling and tight bounding of on-stack arguments
CN112596792B (en) Branch prediction method, apparatus, medium, and device
CN106055309B (en) Central processing unit and wherein execute Blinding Operations, co processor operation method
CN109426703B (en) Method and device for protecting core code on IOS platform
US11803381B2 (en) Instruction simulation device and method thereof
US20220335140A1 (en) Cryptographic computing isolation for multi-tenancy and secure software components
JP2023048100A (en) Isa accessible physical unclonable function

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address
CP03 Change of name, title or address

Address after: Room 301, 2537 Jinke Road, Zhangjiang High Tech Park, Pudong New Area, Shanghai 201203

Patentee after: Shanghai Zhaoxin Semiconductor Co.,Ltd.

Address before: Room 301, 2537 Jinke Road, Zhangjiang hi tech park, Shanghai 201203

Patentee before: VIA ALLIANCE SEMICONDUCTOR Co.,Ltd.