CN106055309A - Central processing unit, and method for executing secret operation and coprocessor operation in central processing unit - Google Patents

Central processing unit, and method for executing secret operation and coprocessor operation in central processing unit Download PDF

Info

Publication number
CN106055309A
CN106055309A CN201610378308.9A CN201610378308A CN106055309A CN 106055309 A CN106055309 A CN 106055309A CN 201610378308 A CN201610378308 A CN 201610378308A CN 106055309 A CN106055309 A CN 106055309A
Authority
CN
China
Prior art keywords
instruction
coprocessor
central processing
processing unit
director data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610378308.9A
Other languages
Chinese (zh)
Other versions
CN106055309B (en
Inventor
李凯
沈昀
黄振华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Zhaoxin Semiconductor Co Ltd
Original Assignee
Shanghai Zhaoxin Integrated Circuit Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Zhaoxin Integrated Circuit Co Ltd filed Critical Shanghai Zhaoxin Integrated Circuit Co Ltd
Priority to CN201610378308.9A priority Critical patent/CN106055309B/en
Publication of CN106055309A publication Critical patent/CN106055309A/en
Application granted granted Critical
Publication of CN106055309B publication Critical patent/CN106055309B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/3017Runtime instruction translation, e.g. macros
    • G06F9/30178Runtime instruction translation, e.g. macros of compressed or encrypted instructions

Abstract

The invention provides a central processing unit and an operation method thereof. The central processing unit comprises a secret instruction memory, an instruction controller and an execution unit, wherein the secret instruction memory is used for pre-storing instruction data corresponding to a secret instruction related to the secret operation, wherein the secret instruction memory is prevented from being accessed from outside of the central processing unit; the instruction controller is used for searching the instruction data corresponding to the secret instruction from the secret instruction memory according to the secret instruction in a current program, and translating the secret instruction into at least one micro-operation according to the corresponding instruction data; and the execution unit is used for executing the micro-operation.

Description

Central processing unit and the method performing Blinding Operations, co processor operation wherein
Technical field
The present invention relates to central processing unit and operational approach thereof, more particularly, to performing Blinding Operations or coprocessor The central processing unit of operation and operational approach thereof.
Background technology
In computer systems, the software being used for performing specific function is realized by program code.For business profit Beneficial or safe consideration, software developer is not intended to code segment corresponding with Blinding Operations in disclosure program sometimes.Such as, this is hidden Secret operation can be the operating procedure being not intended to disclosed core algorithm, it is also possible to be security-related operation.To this end, it is permissible Use the means such as such as encryption that the code of this Blinding Operations is protected, but which increase the complexity of realization, Er Qie Often it is difficult to obtain between confidentiality and efficiency preferably trade off.On the one hand, the raising of confidentiality is opened along with extra calculating Pin, on the other hand, uses the secrecy unreliable that the enciphering and deciphering algorithm of lightweight realizes.
Meanwhile, for the angle of hardware business, sometimes wish to limit the execution platform of the software of its exploitation, or to this Plant restriction to be controlled.Such as, central processing unit (CPU) manufacturer may want to produce at it so that certain software CPU is upper to be performed, or can only perform on the CPU of specific model or batch.Similarly, in order to realize this restriction, cause multiple Miscellaneous degree and the increase of expense.
Additionally, coprocessor is widely used in performing specific function to alleviate the load of CPU in computer systems.At association Reason device generally occurs, so that write corresponding driver in every kind of operating system (OS) with the identity of system equipment. These drivers are different, add the workload of exploitation, and lack flexibility ratio.It addition, by sides such as reverse-engineerings Method analysis-driven program, the most likely obtains developer and is reluctant that disclose realizes details.
Summary of the invention
Therefore, in order to solve the problems referred to above, the present invention provides the central processing unit that can perform Blinding Operations expeditiously And operational approach.Additionally, the present invention also provides for performing expeditiously central processing unit and the behaviour thereof of co processor operation Make method.
An aspect according to embodiments of the present invention, it is provided that a kind of central processing unit, including: concealed command memory, use In prestoring the director data corresponding to the concealed instruction relevant to Blinding Operations, wherein forbid outside this central processing unit Access this secret command memory;Instruction control unit, for according to the concealed instruction of in present procedure, depositing in the instruction of this secret Reservoir is searched the director data corresponding to the instruction of this secret, and according to the director data of this correspondence by this secret instruction translation is At least one microoperation;And performance element, it is used for performing described microoperation.
According to embodiments of the invention, the instruction of this secret can be the self-defined micro-code instruction of this central processing unit.
According to embodiments of the invention, this secret command memory can be the microcode patch memory of this central processing unit At least some of, and microcode patch can be utilized to prestore or update described director data.
According to embodiments of the invention, when director data corresponding to this instruction control unit does not finds the instruction of this secret, This central processing unit can terminate performing this present procedure.
According to embodiments of the invention, this secret instruction in this present procedure is in the developer of this present procedure and this Third party beyond the manufacturer of central processor is secrecy.
Another aspect according to embodiments of the present invention, it is provided that a kind of method bag performing Blinding Operations in central processing unit Include: in this central processing unit, prestore the director data concealed instruction corresponding to relevant to this Blinding Operations, Qi Zhongjin Only from director data described in this central processing unit external access;Read the concealed instruction of in present procedure;At the finger stored Make the director data searched in data corresponding to the instruction of this secret;This secret instruction translation is by the director data according to this correspondence At least one microoperation;And perform described microoperation.
According to embodiments of the invention, the instruction of this secret can be the self-defined micro-code instruction of this central processing unit.
According to embodiments of the invention, it is possible to use microcode patch prestores or updates described director data.
According to embodiments of the invention, the method may further include: when not finding the finger corresponding to the instruction of this secret When making data, terminate performing this present procedure.
According to embodiments of the invention, this secret instruction in this present procedure is in the developer of this present procedure and this Third party beyond the manufacturer of central processor is secrecy.
Another aspect according to embodiments of the present invention, it is provided that a kind of central processing unit, including: coprocessor instruction stores Device, for prestore with control coprocessor operate the director data corresponding to relevant coprocessor instruction;Association processes Device interface, for communicating with this coprocessor;Instruction control unit, for according to the coprocessor instruction in present procedure, This coprocessor instruction memorizer is searched the director data corresponding to this coprocessor instruction, and according to the instruction number of this correspondence According to this coprocessor instruction being translated as at least one microoperation relevant to this coprocessor interface;And performance element, use In performing described microoperation to be controlled the operation of this coprocessor by this coprocessor interface.
According to embodiments of the invention, this coprocessor instruction can be the self-defined micro-code instruction of this central processing unit.
According to embodiments of the invention, this coprocessor instruction memorizer can be that the microcode patch of this central processing unit is deposited Reservoir at least some of, and microcode patch can be utilized to prestore or update described director data.
According to embodiments of the invention, the operation of this coprocessor can include in initialization, reading and writing, control, read states At least one.
According to embodiments of the invention, can forbid storing from this this coprocessor instruction of central processing unit external access Device.
Another aspect according to embodiments of the present invention, it is provided that a kind of side performing co processor operation in central processing unit Method, including: prestore in this central processing unit corresponding to the coprocessor instruction relevant to the operation controlling coprocessor Director data;Read the coprocessor instruction in present procedure;This coprocessor is searched in the director data stored Director data corresponding to instruction;This coprocessor instruction is translated as and coprocessor interface by the director data according to this correspondence At least one relevant microoperation;And perform described microoperation to be controlled the behaviour of this coprocessor by this coprocessor interface Make.
According to embodiments of the invention, this coprocessor instruction can be the self-defined micro-code instruction of this central processing unit.
According to embodiments of the invention, it is possible to use microcode patch prestores or updates described director data.
According to embodiments of the invention, the operation of this coprocessor can include in initialization, reading and writing, control, read states At least one.
According to embodiments of the invention, can forbid from director data described in this central processing unit external access.
By using the central processing unit performing Blinding Operations according to the present invention and operational approach thereof, can be the most hidden Hide the details of Blinding Operations, prevent application program from being caused the leakage of know-how by methods analysts such as reverse-engineerings, the most permissible Perform Blinding Operations easily.Furthermore, it is possible to utilize self-defined Blinding Operations to carry out the execution platform of restricted software.
By using the central processing unit performing co processor operation according to the present invention and operational approach thereof, can be efficient Rate ground performs co processor operation and without considering the environment of operating system, thus decreases the development cost of driver.Enter One step, it is also possible to hide coprocessor operation implement details, to prevent because coprocessor driver is by reverse work The methods analysts such as journey cause the leakage of know-how.
Accompanying drawing explanation
Figure 1A illustrates the block diagram of the central processing unit performing Blinding Operations according to embodiment;
Figure 1B illustrates according to by the execution Blinding Operations of embodiment that concealed instruction definition is new self-defined micro-code instruction The block diagram of central processing unit;
Fig. 2 illustrates the flow chart of the method performing Blinding Operations in central processing unit according to embodiment;
Fig. 3 illustrates the block diagram of the central processing unit performing co processor operation according to embodiment;And
Fig. 4 illustrates the flow chart of the method performing co processor operation in central processing unit according to embodiment.
Detailed description of the invention
Describe in detail with reference to the accompanying drawings according to an exemplary embodiment of the invention.In accompanying drawing, by same or similar attached Figure labelling gives structure and function substantially the same composition part, and in order to make description more simple and clear, eliminate about The redundancy of essentially the same composition part describes.
Figure 1A illustrates the block diagram of the central processing unit (CPU) 100 performing Blinding Operations according to embodiment.
Concealed command memory 101, instruction control unit 102 and performance element 103 is included with reference to Figure 1A, CPU 100.
The instruction number concealed instruction corresponding to relevant to Blinding Operations is prestored in concealed command memory 101 According to.In order to prevent director data from revealing, forbid from CPU 100 external access secret command memory 101.
According to embodiment, the instruction of this secret can be the self-defined micro-code instruction (microcode of CPU 100 instruction).It is pointed out that the microcode in this specification (microcode) refers to the hardware being solidificated within CPU Coding, for the complicated long instruction in instruction set being translated as microcommand that CPU is able to carry out (or microoperation or " μ ops "), because of And it is different from the part manufacturer (e.g., the IBM) term " microcode " for the another name as firmware (firmware).
In the CPU production phase, microcode is solidified in circuit as hardware encoding.After CPU dispatches from the factory, microcode cannot It is directly modified or replaces;In order to ensure the motility that microcode performs, can dispatch from the factory afterwards upgrade CPU microcode function.Micro- Code function upgrading can be write by software approach, and the code of write can be stored in the microcode patch memory of CPU.By This, microcode can inquire about microcode patch memory in the process of implementation, if the code performed has by patch updated, then performs micro- Code in code patch memory, thus realize the target of microcode functions upgrading.It is right that the CPU microcode patch of prior art is only limitted to The reparation of the microcode having cured and error correction, and one embodiment of the invention system utilizes microcode patch to carry out the New function of extension CPU.
According to embodiment, concealed command memory 101 can be the microcode patch memory of CPU 100 or one therein Point, and utilize microcode patch to prestore or update the director data wherein stored.I other words, when an application program has When one section of operation needs concealed, then the code corresponding to this section of Blinding Operations in this application program is referred to by least one secret Order replaces, by embodiment that concealed instruction definition is new self-defined micro-code instruction, and should by the way of microcode patch Director data corresponding to concealed instruction prestores or is updated in concealed command memory 101.
During execution program, instruction control unit 102 instructs according to the secret in the current program code performed, Concealed command memory 101 is searched the director data corresponding to the instruction of this secret, and according to the corresponding director data found It is at least one microoperation by this secret instruction translation, gives performance element 103 by described microoperation and perform.
According to Figure 1B embodiment that concealed instruction definition is new self-defined micro-code instruction performed Blinding Operations The block diagram of central processing unit (CPU) 100'.With reference to Figure 1B, CPU 100' except including concealed command memory 101', instruction control Outside device 102' processed and performance element 103', also include instruction cache (instruction cache) 104, Instruction decoding Device (instruction decoder) 105, register alias table (Register Alias Table, RAT) 106, reservation station (Reservation Station, RS) 107 and resequencing buffer (Reorder Buffer, ROB) 108.Here, instruction height The macro-instruction of the instruction set architecture of speed caching 104 caches such as x86 instruction set architecture etc.;Command decoder 105 is from instruction Cache 104 reads macro-instruction, if wherein macro-instruction is simple instruction, is then directly translated as by command decoder 105 The rear end delivering to CPU 100' after microoperation (includes register alias table 106, reservation station 107, resequencing buffer 108 and holds Row unit 103' etc.) perform, if macro-instruction is the concealed instruction of the present invention, then command decoder 105 cannot directly decode, in It is that the instruction of this secret is sent to instruction control unit 102';Instruction control unit 102' according in concealed command memory 101' in advance with Microcode patch form storage this secret instruct corresponding to director data by this secret instruction translation be CPU be able to carry out to A few microoperation, specifically, mends at microcode for index according to the operation code (such as " 0F 3B ") that the instruction of this secret is comprised Fourth is searched the corresponding director data including multiple microoperation, these director datas and script in software program with software The Blinding Operations that program code realizes is correlated with, and in the present invention, these director datas are real with microcode language in microcode patch Existing, the language of writing of microcode is different from conventional programning languages, and it is the highest that itself decodes difficulty;Then, these microoperations are provided to The register alias table 106 of CPU 100' rear end, register alias table 106 produce microoperation dependency (dependency) and Send microoperation according to program sequencing to reservation station 107, and send microoperation to resequencing buffer 108.Resequencing buffer 108 is that each microoperation launched from register alias table 106 distributes the entry (entry) the relevant letter with the corresponding microoperation of storage Breath.Microoperation is assigned to a suitable execution in multiple performance element 103' by reservation station 107.Performance element 103' is by them Execution result resequencing buffer 108 is provided, exit (retire) with guarantee microoperation according to the order in program.Figure 1B be according to CPU 100' be Out-of-order execution super scalar pipeline CPU as a example by illustrate, but the invention is not restricted to this.
It should be noted that, when there being one section of operation to need concealed in an application program, the present embodiment of the present invention will The code corresponding to this section of Blinding Operations in this application program replaces with at least one concealed instruction, and by microcode patch Director data corresponding to the instruction of this secret is prestored or is updated in concealed command memory 101 by mode.With X86-based As a example by system, the general format of custom instruction can include instruction prefixes, operation code (Opcode), operand address (ModR/ Etc. M) field, the most only operation code are required, and other fields are all optional.Self-defined micro-code instruction in the present invention exists Use the operation code of secrecy to reach the purpose of secret on the basis of meeting this form, for the ease of describing, this specification makes Concealed instruction only include operation code (Opcode), but the invention is not restricted to this.Owing to concealed command memory 101 is forbidden From CPU external access, it is ensured that the safety of Blinding Operations, further, since application developer needs to perform in a program The place of this Blinding Operations is added this secret and is instructed, and the developer of this secret instruction only present procedure and the system of CPU Make business and know its implication, and for third party, be secrecy, such as third party, the operation of only visible the unknown Code, therefore cannot decode this instruction in application program by the way of reverse-engineering, further increase safety.
As a example by a modification state close algorithm SM3, illustrate how to realize the function of concealed instruction below.
The calculating process of state close algorithm SM3 is divided into three steps: filling, Iteration Contraction, generation Hash Value.In Iteration Contraction process In compression function as shown below:
Making A, B, C, D, E, F, G, H are word register, and SS1, SS2, TT1, TT2 are intermediate variable, compression function Vi+1=CF (V(i), B(i)), 0≤i≤n-1.Calculating process prescription is as follows:
ABCDEFGH←V(i)
FORj=0TO63
SS1 ← ((A < < < 12)+E+ (Tj< < < j)) < < < 7
TT1←FFj(A, B, C)+D+SS2+W 'j
TT2←GGj(E, F, G)+H+SS1+Wj
D←C
C ← B < < < 9
B←A
A←TT1
H←G
G ← F < < < 19
F←E
E←P0(TT2)
ENDFOR
In some application scenarios (in military affairs), AES range to be limited, so during algorithm for design Both want to use for reference the technical characterstic of public algorithm, want again to reach " concealed safety (security through obscurity) " Purpose.For SM3 algorithm, above-mentioned compression algorithm is modified by one of method reaching this purpose exactly.With one As a example by individual simple amending method: can be by the first row ABCDEFGH during the calculating of this compression algorithm ← V(i)It is revised as HGFEDCBA←V(i);By last column V(i+1)←ABCDEFGH⊕V(i)It is revised as V(i+1)←HGFEDCBA⊕V(i), other meters Calculation process is constant.
In order to hide above-mentioned modification SM3 algorithm, the concealed of two byte lengths can be designed and instruct: " 0F 3B ".This refers to The operation code (Opcode) of order is " 0F 3B ", and other fields are entirely absent.It is being the new of CPU 100 by concealed instruction definition Self-defined micro-code instruction embodiment in, by microcode patch by instruction number corresponding to operation with above-mentioned modification SM3 algorithm According to, including realizing the microoperation code of above-mentioned calculating process, write concealed command memory 101 with the form of microcode programming language In.
Furthermore, it is possible to define the parameter of this instruction: the general register ECX (RCX) of such as CPU100 represents SM3 to be meter The data length calculated, ESI (RSI) represents the initial address of data, and EDI (RDI) represents the storage address of result of calculation.When to make During with this modification SM3 algorithm, program developer first defines the value of these general registers, then " 0F 3B " is added to program In suitable position, above-mentioned modification SM3 algorithm can be used.
If one attempt to speculated the execution process of this modification SM3 algorithm by reverse-engineering (e.g., dis-assembling technology), Then when seeing instruction " 0F 3B ", it is impossible to guess out its behavior, this has just reached the mesh of the details hiding " secret algorithm/operation " , it is achieved that a kind of " concealed safety ".
As optional embodiment, when director data corresponding to instruction control unit 102 does not finds the instruction of this secret, in Central processor 100 can terminate the execution of present procedure.This characteristic may be used for the execution platform of limiting program.For example, it is possible to Add in a program for limiting the concealed instruction performing platform, and only in the concealed instruction storage of corresponding platform (that is, CPU) Device stores the director data of this secret instruction.Thus, when this program performs in the platform not storing corresponding director data Time, when going to the instruction of this secret, program performs to be terminated, thus reaches to limit the effect performing platform.
Fig. 2 illustrates the flow chart of the method performing Blinding Operations in CPU according to embodiment.
In step S200, the director data concealed instruction corresponding to relevant to Blinding Operations is pre-stored in CPU, And forbid from CPU external access director data in order to avoid revealing the details about Blinding Operations.Such as, described director data is permissible It it is the director data that the operation of algorithm SM3 close to above-mentioned state is relevant.
As described above, the instruction of this secret can be the self-defined micro-code instruction of CPU.Furthermore, it is possible to utilize microcode patch Prestore or update director data.Such as, when being new self-defined micro-code instruction by concealed instruction definition, can pass through Microcode patch is by the director data write CPU corresponding to the instruction of this secret.
In step S201, read the concealed instruction of in the current program code performed.Such as, the instruction from Figure 1B is high Speed caching 104 reads the instruction of this secret.
In step S202, the director data stored is searched the director data corresponding to the instruction of this secret.
In step S203, it is determined whether find the director data of correspondence.When finding director data, in step S204, root It is at least one microoperation according to the corresponding director data found by this secret instruction translation.Afterwards, in step S205, perform institute State microoperation.
Alternatively, when not finding the director data corresponding to the instruction of this secret, in step S206, CPU terminates working as future The execution of sequence.As described above, this optional step can reach the effect of limiting program execution platform.
Fig. 3 illustrates the block diagram of the CPU 300 performing co processor operation according to embodiment.
Coprocessor instruction memorizer 301, instruction control unit 302, performance element 303 and is included with reference to Fig. 3, CPU 300 Coprocessor interface 304.
The relevant coprocessor that operates being previously stored with in coprocessor instruction memorizer 301 and control coprocessor refers to Director data corresponding to order.
According to embodiment, this coprocessor instruction can be the self-defined micro-code instruction of CPU 300.
According to embodiment, coprocessor instruction memorizer 301 can be the microcode patch memory of CPU 300 or therein A part, and utilize microcode patch to prestore or update the director data wherein stored.Such as, by coprocessor instruction It is defined as in the embodiment of new self-defined micro-code instruction, can be by right for this coprocessor instruction institute by the way of microcode patch The director data answered prestores in coprocessor instruction memorizer 301.
Coprocessor interface 304 is the interface for communicating with coprocessor (not illustrating in figure).Coprocessor is independent Processor outside CPU 300, assists CPU 300 to perform specific function to alleviate the load of CPU 300.
During execution program, if instruction control unit 302 receives at the association in the program code of current execution Reason device instruction, searches the director data corresponding to this coprocessor instruction in coprocessor instruction memorizer 301, and according to looking for To corresponding director data this coprocessor instruction is translated as at least one microoperation relevant to coprocessor interface 304, Give performance element 303 by described microoperation to perform, to be controlled the operation of this coprocessor by coprocessor interface 304.
According to embodiment, this co processor operation can include in the initialization of coprocessor, reading and writing, control, read states At least one.In the embodiment being realized co processor operation by self-defined micro-code instruction, a kind of method is for each Operation one " self-defined micro-code instruction " of definition respectively, it is " self-defined that another kind of method is merely co processor operation definition one Micro-code instruction ", and use different parameters to distinguish different operations.
The function that how to realize coprocessor instruction is exemplified below.
It is possible, firstly, to the method using the first self-defined micro-code instruction above-mentioned, at the association of one two byte length of design Reason device instruction: " 0F 3C ".The operation code (Opcode) of this instruction is " 0F 3C ", and other fields are entirely absent.Meanwhile, when The value of the general register (e.g., EAX or RAX) of CPU 300 is 0x1, corresponds respectively to coprocessor when 0x2,0x3,0x4,0x5 " initialization ", " reading ", " writing ", " control ", " read states " operation.Further, it is also possible to utilize other general registers to transmit Some parameters, such as " read ", " writing " operation in use buffer zone address etc..As set forth above, it is possible to will be with by microcode patch The director data that the operation of above-mentioned coprocessor is relevant writes in coprocessor instruction memorizer 301.
As example, coprocessor interface 304 may be coupled to four register interfaces of coprocessor: controls to deposit Device, status register, command description symbol address register.And response descriptor address depositor.Thus, this association is processed The operation such as " initialization ", " reading ", " writing " that device is carried out, " control ", " read states " be all by read and write in sequence this four Individual depositor completes.But, above-mentioned is only example, the invention is not restricted to this.
When the computer system starting at CPU 300 place needs to initialize coprocessor, can need to call at association The application code of reason device adds such as below with assembler language sequence, (can also be other language, the present invention limit In this) coprocessor instruction write:
Movl $ 0x1, %eax
.byte 0x0f,0x3c
Above-mentioned coprocessor instruction will be commanded controller 302 and be translated as co processor operation, thus perform coprocessor " initialization " (0x1) operation, return state is stored in general register EAX.The most here general register EAX is only For citing, the invention is not restricted to this.
When application program coprocessor to be transmitted data to processes, the application journey of coprocessor can need to called Sequence code adds the coprocessor instruction write with assembler language sequence such as below:
Movl address, %edi//preserve as a example by Write post regional address by pointer register EDI
Movl $ 0x3, %eax
.byte 0x0f,0x3c
Above-mentioned coprocessor instruction will be commanded controller 302 and be translated as co processor operation, thus perform coprocessor " writing " (0x3) operation, return state is stored in general register EAX, result (if so) quilt of return It is saved in the relief area that pointer register (such as EDI) points to.The most here general register EAX and pointer register EDI It is only for example, the invention is not restricted to this.
When application program to read data from coprocessor, can be in the application code that need to call coprocessor The interpolation coprocessor instruction write with assembler language sequence such as below:
Movl address, %esi//preserve as a example by reading buffer zone address by pointer register ESI
Movl $ 0x2, %eax
.byte 0x0f,0x3c
Above-mentioned coprocessor instruction will be commanded controller 302 and be translated as co processor operation, thus perform coprocessor " reading " (0x2) operation, the data of reading be stored in pointer register ESI point to relief area in, return state is saved In general register EAX.The most here general register EAX and pointer register ESI are only for example, and the invention is not restricted to This.
According to embodiment, can forbid from CPU 300 external access coprocessor instruction memorizer 301, to prevent at association The director data of reason device instruction is compromised.In one embodiment, this coprocessor instruction memorizer 301 can be CPU 300 Micro-code instruction memorizer, it is also possible to be another independent command memory.Additionally, by coprocessor interface 304 in centre Between reason device 300 and coprocessor, the data of transmission can be prohibited to access.If having physics between CPU 300 and coprocessor Passage is exposed on mainboard, can increase security protection means according to actual needs (such as encryption and hashed value on physical channel Checking (HMAC) etc.) ensure the safe and reliable of physical channel.
The present invention uses one or several self-defining coprocessor instruction can replace the driver of coprocessor, all It is to use the application program of this coprocessor to directly invoke coprocessor instruction just to realize controlling the operation of coprocessor. Additionally, in the embodiment that coprocessor instruction realizes with micro-code instruction, owing to micro-code instruction is to application developer and place Third party outside the manufacturer of reason device is secrecy, and the language of writing of the director data corresponding to micro-code instruction is non-public , therefore the behavior very difficult " conjecture " of this coprocessor instruction is arrived, and then the most just improves co processor operation Safety.
Fig. 4 illustrates the flow chart of the method performing co processor operation in CPU according to embodiment.
In step S400, director data coprocessor instruction corresponding to relevant to the operation controlling coprocessor is by advance It is first stored in CPU.Such as, described director data can be " initialization ", " reading " with the coprocessor in above example, " write ", " control ", each the most corresponding director data (first method) in the operation such as " read states ", or can be The director data corresponding with unified co processor operation (second method), and distinguished at concrete association by register value Reason device operation.
As described above, this coprocessor instruction can be the self-defined micro-code instruction of CPU.Furthermore, it is possible to utilize microcode Patch prestores or updates director data.Such as, coprocessor instruction is being defined as new self-defined micro-code instruction In embodiment, by microcode patch, the director data of this coprocessor instruction can be write in CPU.
In step S401, read the coprocessor instruction in the current program code performed.
In step S402, the director data stored is searched the director data corresponding to this coprocessor instruction.
In step S403, this coprocessor instruction is translated as connecing with coprocessor by the corresponding director data according to finding At least one microoperation that mouth is relevant.Afterwards, in step S404, perform described microoperation to be controlled by this coprocessor interface The operation of this coprocessor.
According to embodiment, as described above, the director data wherein stored from CPU external access can be forbidden in order to avoid revealing Details about co processor operation.
As it has been described above, have been described above being specifically described each embodiment of the present invention, but the invention is not restricted to this. It should be appreciated by those skilled in the art, can according to design require or other factors carry out various amendment, combination, sub-portfolio or Person replaces, and they are in the range of appended claims and equivalent thereof.

Claims (20)

1. a central processing unit, including:
Concealed command memory, for prestoring the director data corresponding to the concealed instruction relevant to Blinding Operations, wherein Forbid from this secret command memory of this central processing unit external access;
Instruction control unit, for according to the concealed instruction of in present procedure, searching this secret in this secret command memory Director data corresponding to instruction, and be at least one microoperation according to the director data of this correspondence by this secret instruction translation; And
Performance element, is used for performing described microoperation.
2. central processing unit as claimed in claim 1, the self-defined microcode that wherein this secret instructs as this central processing unit refers to Order.
3. central processing unit as claimed in claim 1, wherein this secret command memory is the microcode benefit of this central processing unit Fourth memorizer at least some of, and
Wherein utilize microcode patch to prestore or update described director data.
4. central processing unit as claimed in claim 1, does not wherein find corresponding to the instruction of this secret when this instruction control unit During director data, this central processing unit terminates performing this present procedure.
5. central processing unit as claimed in claim 1, wherein this secret in this present procedure instructs this present procedure Third party beyond the manufacturer of developer and this central processing unit is secrecy.
6. the method performing Blinding Operations in central processing unit, including:
The director data concealed instruction corresponding to relevant to this Blinding Operations, Qi Zhongjin is prestored in this central processing unit Only from director data described in this central processing unit external access;
Read the concealed instruction of in present procedure;
The director data corresponding to the instruction of this secret is searched in the director data stored;
This secret instruction translation is at least one microoperation by the director data according to this correspondence;And
Perform described microoperation.
7. method as claimed in claim 6, wherein the instruction of this secret is the self-defined micro-code instruction of this central processing unit.
8. method as claimed in claim 6, wherein utilizes microcode patch to prestore or updates described director data.
9. method as claimed in claim 6, farther includes:
When not finding the director data corresponding to the instruction of this secret, terminate performing this present procedure.
10. method as claimed in claim 6, the wherein instruction of this secret in this present procedure developer to this present procedure And the third party beyond the manufacturer of this central processing unit is secrecy.
11. 1 kinds of central processing units, including:
Coprocessor instruction memorizer, for the relevant coprocessor instruction of operation that prestores and control coprocessor right The director data answered;
Coprocessor interface, for communicating with this coprocessor;
Instruction control unit, for according to the coprocessor instruction in present procedure, looks in this coprocessor instruction memorizer Look for the director data corresponding to this coprocessor instruction, and according to the director data of this correspondence, this coprocessor instruction is translated as At least one microoperation relevant to this coprocessor interface;And
Performance element, for performing described microoperation to be controlled the operation of this coprocessor by this coprocessor interface.
12. central processing units as claimed in claim 11, wherein this coprocessor instruction is the self-defined of this central processing unit Micro-code instruction.
13. central processing units as claimed in claim 11, wherein this coprocessor instruction memorizer is this central processing unit Microcode patch memory at least some of, and
Wherein utilize microcode patch to prestore or update described director data.
14. central processing units as claimed in claim 11, wherein the operation of this coprocessor includes initialization, reading and writing, control At least one in system, read states.
15. central processing units as claimed in claim 11, wherein forbid from this this coprocessor of central processing unit external access Command memory.
16. 1 kinds of methods performing co processor operation in central processing unit, including:
The finger corresponding to the relevant coprocessor instruction of operation prestored in this central processing unit and control coprocessor Make data;
Read the coprocessor instruction in present procedure;
The director data corresponding to this coprocessor instruction is searched in the director data stored;
It is micro-that this coprocessor instruction is translated as at least one relevant to coprocessor interface by the director data according to this correspondence Operation;And
Perform described microoperation to be controlled the operation of this coprocessor by this coprocessor interface.
17. methods as claimed in claim 16, wherein this coprocessor instruction is that the self-defined microcode of this central processing unit refers to Order.
18. methods as claimed in claim 16, wherein utilize microcode patch to prestore or update described director data.
19. methods as claimed in claim 16, wherein the operation of this coprocessor includes initialization, reading and writing, controls, reads shape At least one in state.
20. methods as claimed in claim 16, wherein forbid from director data described in this central processing unit external access.
CN201610378308.9A 2016-05-27 2016-05-27 Central processing unit and wherein execute Blinding Operations, co processor operation method Active CN106055309B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610378308.9A CN106055309B (en) 2016-05-27 2016-05-27 Central processing unit and wherein execute Blinding Operations, co processor operation method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610378308.9A CN106055309B (en) 2016-05-27 2016-05-27 Central processing unit and wherein execute Blinding Operations, co processor operation method

Publications (2)

Publication Number Publication Date
CN106055309A true CN106055309A (en) 2016-10-26
CN106055309B CN106055309B (en) 2019-04-02

Family

ID=57172963

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610378308.9A Active CN106055309B (en) 2016-05-27 2016-05-27 Central processing unit and wherein execute Blinding Operations, co processor operation method

Country Status (1)

Country Link
CN (1) CN106055309B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101261664A (en) * 2008-04-10 2008-09-10 北京深思洛克数据保护中心 A method for realizing software protection based on the program code stored in the software protection device
CN102231180A (en) * 2011-07-30 2011-11-02 张鹏 Method capable of redefining command code of processor
CN102681819A (en) * 2011-03-10 2012-09-19 炬力集成电路设计有限公司 Method and device for realizing flexible and low-cost instruct replacement
US20130061058A1 (en) * 2011-09-06 2013-03-07 International Business Machines Corporation Protecting application programs from malicious software or malware

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101261664A (en) * 2008-04-10 2008-09-10 北京深思洛克数据保护中心 A method for realizing software protection based on the program code stored in the software protection device
CN102681819A (en) * 2011-03-10 2012-09-19 炬力集成电路设计有限公司 Method and device for realizing flexible and low-cost instruct replacement
CN102231180A (en) * 2011-07-30 2011-11-02 张鹏 Method capable of redefining command code of processor
US20130061058A1 (en) * 2011-09-06 2013-03-07 International Business Machines Corporation Protecting application programs from malicious software or malware

Also Published As

Publication number Publication date
CN106055309B (en) 2019-04-02

Similar Documents

Publication Publication Date Title
US11620391B2 (en) Data encryption based on immutable pointers
EP3682362B1 (en) Call path dependent authentication
JP5437550B2 (en) System and method for reducing required memory capacity of firmware
CA2382913C (en) System and method for securely upgrading firmware
US9424055B2 (en) Multi-function instruction that determines whether functions are installed on a system
US10255443B2 (en) Method, apparatus, system and non-transitory computer readable medium for code protection
RU2620712C2 (en) Virtual machine device with driven key obfuscation and method
US20060031665A1 (en) Authentications integrated into a boot code image
KR20170018745A (en) System and method for application code obfuscation
KR20210084223A (en) Method and apparatus for multi-key total memory encryption based on dynamic key derivation
US10789173B2 (en) Installing or updating software using address layout varying process
CN110352404B (en) Comparison string processing through micro-operation extension based on inline decoding
CN111695166B (en) Disk encryption protection method and device
KR100745889B1 (en) Processing a security message authentication control instruction
US20230018585A1 (en) Updating encrypted security context in stack pointers for exception handling and tight bounding of on-stack arguments
KR20170018744A (en) System and method for protecting code of application
CN112596792B (en) Branch prediction method, apparatus, medium, and device
KR20170097362A (en) Method and system for enhancing loading velocity of intermediate language file
CN106055309A (en) Central processing unit, and method for executing secret operation and coprocessor operation in central processing unit
US20110314303A1 (en) Computing device configured for operating with instructions in unique code
JP2009104589A (en) Information processor and its method, program, and recording medium
KR102317471B1 (en) Electronic apparatus for determining whether program comprises malicious code and method for controlling thereof
CN109426703B (en) Method and device for protecting core code on IOS platform
US20190347385A1 (en) Security methods and systems by code mutation
EP3884412A1 (en) Computer implemented method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address
CP03 Change of name, title or address

Address after: Room 301, 2537 Jinke Road, Zhangjiang High Tech Park, Pudong New Area, Shanghai 201203

Patentee after: Shanghai Zhaoxin Semiconductor Co.,Ltd.

Address before: Room 301, 2537 Jinke Road, Zhangjiang hi tech park, Shanghai 201203

Patentee before: VIA ALLIANCE SEMICONDUCTOR Co.,Ltd.