CN107102843A

CN107102843A - Microprocessor and the method for wherein safe execute instruction

Info

Publication number: CN107102843A
Application number: CN201611195519.5A
Authority: CN
Inventors: G.葛兰.亨利; 泰瑞.派克斯; 布兰特.比恩; 汤姆士.A.克理斯宾
Original assignee: Via Technologies Inc
Current assignee: Via Technologies Inc
Priority date: 2010-05-25
Filing date: 2011-05-25
Publication date: 2017-08-29
Anticipated expiration: 2031-05-25
Also published as: CN107015926A; CN107102843B; CN102221989B; CN107015926B; CN102221989A

Abstract

The present invention relates to microprocessor and the operating method of correlation.A safe storage is planned in the microprocessor, stores the information needed for decryption.The access of the safe storage has been limited, to avoid maliciously being stolen.In if secure execution, address of the access based on the encrypted instruction to be decrypted of the safe storage.The microprocessor can be more adjusted to the data for being derived from safe storage, more lift the complexity of decruption key.

Description

Microprocessor and the method for wherein safe execute instruction

It is on May 25th, 2011, entitled " micro- place of Application No. 201310681951.5 applying date that the application, which is, Manage the operating method and encryption method of device and correlation " application case (the wherein applying date of the original application of this application case and Shen Please number be respectively on May 25th, 2011 and divisional application 201110136447.8).

Technical field

The present invention relates to microprocessor (microprocessor) field, more particularly to held for increasing microprocessor The security of capable program.

Background technology

Many software programs, when facing the attack of destruction of computer systems safety, are typically what fragility can't bear.For example, black Visitor can run buffering overflow area leak (the buffer overflow vulnerability) implantation of Program not by attack one When procedure code and ownership is shifted to the improper procedure code.Consequently, it is possible to which the procedure code being implanted into will dominate the journey attacked Sequence.The scheme that a kind of strick precaution software program is attacked is instruction set randomization (instruction set randomization). Brief explanation it, program encryption (encrypt) can be first some forms by instruction set randomized technique, then at processor by the journey Sequence is from after memory extraction, in decryption (decrypt) program in the processor.Consequently, it is possible to which hacker is just difficult implantation malice Instruction, because the instruction being implanted into must be encrypted suitably (for example, using with institute's attacker identical encryption key or drilling Algorithm) it can just be performed correctly.For example, refering to file " Counter Code-Injection Attacks with Instruction-Set Randomization,by Gaurav S.Kc,Angelos D.Keromytis,and Vassilis Prevelakis,CCS’03,October 27-30,2003,Washington,DC,USA,ACM 1-58113-738-9/03/ 0010 ", wherein the modified version of narration Bochs-x86Pentium simulators (emulator).The shortcoming of correlation technique is wide It is general to discuss.For example, refering to data " Where ' s the FEEBThe Effectiveness of Instruction Set Randomization,by Ana Nora Sovarel,David Evans,and Nathanael Paul,http:// www.cs.virginia.edu/feeb」。

The content of the invention

The present invention may be characterized as disclosing a kind of method for performing encrypted instruction safely in a microprocessor.Multiple decryption are close Key member is stored in a safe storage.Encrypted instruction is speed buffering from an instruction cache.On two or more State decruption key member and be received from the safe storage.One decruption key is to be derived from above-mentioned two or more decruption key member. Speed buffering is first using above-mentioned two or more decruption key is derived from from the encrypted instruction of the instruction cache Decruption key be decrypted.Then, the instruction of decryption is performed in the microprocessor.

It is further discussed, disclosed method includes providing a kind of microprocessor architecture, to avoid from microprocessor External observation goes out encrypted instruction.

More on the one hand order discusses it again, and the microprocessor is instructed by a decryption logic (for example, a decryption circuit) from one Both cache memory and pipeline speed buffering pure words and encrypted instruction.A kind of embodiment is included to speed buffering The encrypted instruction deposited from the instruction cache and the decryption for being derived from above-mentioned two or more decruption key member Key carries out xor.In preferred embodiment, the setting of the microprocessor is further included：With speed buffering and decrypt above-mentioned pure words The time of equivalent is adopted in instruction, and speed buffering simultaneously decrypts above-mentioned encrypted instruction.

In a kind of embodiment, disclosed method further relates to update decoding key member before the decruption key is derived.

In another embodiment, the derivation of the decruption key includes：Based on an encrypted instruction address choice two or more Decruption key member；With the above-mentioned decruption key member of a numerical value rotation displacement obtained by the encrypted instruction address of a function computing one wherein it One, to produce rotation displacement decruption key member；And, from selection in subtraction accumulation and addition accumulation first, being somebody's turn to do with accumulating Rotation displacement decruption key member is to one second decruption key member, and the selection of above-mentioned subtraction accumulation and addition accumulation is based on encryption One function operation result of IA.

In a more specific embodiment, deriving the action of a decruption key includes：To above-mentioned at least two solution used Key member carries out a numerical operation；And a decruption key is produced, the effective key length of the decruption key is equal to one first number The product of value and a second value, first numerical value is the optional quantity for producing the decruption key member of decruption key, The second value is the quantity of the possibility combinations of values for the key that the numerical operation can be generated.

In another embodiment, decruption key is used for multiple encrypted instruction blocks, and the length of above-mentioned encrypted instruction block is no longer than The effective key length, and the encrypted instruction block respectively continued is new by one from least one different decruption key member And different decruption keys.

The present invention be may also be characterized as providing a microcontroller, including an instruction cache, a speed buffering are patrolled Volume (for example, a speed buffering circuit), a safe storage, a cipher key spreading logic (for example, a cipher key spreading circuit) and One decryption logic (for example, a decryption circuit).The instruction cache is used to store encrypted instruction.The speed buffering is patrolled Collect to set to come from the instruction cache speed buffering encrypted instruction.The safe storage sets to store multiple decryption Key member.The cipher key spreading logic, which is set, to be come from two or more decruption keys member one solution of export among the plurality of decruption key member Key.The decryption logic set come with the derived decruption key of two or more above-mentioned decruption keys member to speed buffering from One encrypted instruction of the instruction cache is decrypted.

In one embodiment, the instruction cache is also used for storage pure words instruction, and speed buffering is certainly The above-mentioned pure words instruction of the instruction cache and encrypted instruction are all arranged to Pipelining by the decryption logic. The setting of the microprocessor is further included：With speed buffering and the time that equivalent is adopted in the instruction of above-mentioned pure words is decrypted, speed buffering is simultaneously Decrypt above-mentioned encrypted instruction.

In another embodiment, the decryption logic includes different logic gate, sets and comes with two or more above-mentioned decryption The derived decruption key of key member carries out xor to speed buffering from an encrypted instruction of the instruction cache.

In another embodiment, the storage area of the safe storage only allows the program of if secure execution to deposit Take.In another embodiment, the renewal of above-mentioned decruption key member is to be pushed away in the cipher key spreading logic using decruption key member Lead progress before the decruption key.

In one embodiment, the cipher key spreading logic is more arranged to：Based on an encrypted instruction address from the plurality of solution Required above-mentioned two or more decruption key member is selected in key member；With obtained by the encrypted instruction address of a function computing one One numerical value rotation displacement decruption key member；And, one is selected from subtraction accumulation and addition accumulation, to accumulate the rotation displacement Decruption key member is to one second decruption key member, and the selection system of the accumulation of above-mentioned subtraction and addition accumulation is based on an encrypted instruction One function operation result of address.

In another embodiment, the cipher key spreading logic is set come to above-mentioned at least two decruption key used Member carries out a numerical operation, to derive decruption key.One effective key length of the decruption key be equal to one first numerical value with And one second value product.First numerical value is the optional quantity for producing the decruption key member of decruption key.This Two numerical value are the quantity of the possibility combinations of values for the key that the numerical operation can be generated.

In another embodiment, the cipher key spreading logic is set is used for multiple encrypted instructions by multiple decruption keys Block.The length of above-mentioned encrypted instruction block is no longer than the effective key length, and the cipher key spreading logic is the encryption to respectively continuing Instruction block bestows a new and different decruption key from least one different decruption key member.

The present invention may be characterized as disclosing a kind of method for performing encrypted instruction safely in a microprocessor.Multiple master keys It is stored in a safe storage.Encrypted instruction speed buffering is from an instruction cache.Based on an encrypted instruction at a high speed Buffer address, one group of one or more master key is selected from the safe storage.Selected this group of master key is derived from selected One decruption key of this group of master key is for decrypting encrypted instruction of the speed buffering from the instruction cache.Decryption Instruction afterwards is then safely performed in the microprocessor.

In another embodiment, disclosed method is further included derives from selected one or more master keys of the group Decruption key.It is more particularly described, disclosed method, which is further included, is based on an encryption to each speed buffering amount (fetch quantum) Command high speed buffer address derives a new decruption key.In one embodiment, the bit length t of each decruption key is 2^s, Wherein s is the byte number of a speed buffering amount.In addition, above-mentioned encrypted instruction is grouped into instruction block, above-mentioned instruction block Length is not more than the length of decruption key.Disclosed method is further included：High speed based on the encrypted instruction in above-mentioned instruction block Buffer address, is that each instruction block derives new decruption key.

In another embodiment, disclosed method further includes the selected group one or more master keys of rotation displacement First, producing a new decruption key according to this, the amount of wherein institute's rotation displacement is to be based on the encrypted instruction speed buffering address. In one embodiment, the position [b of the encrypted instruction speed buffering address:0] subset does not influence the rotation displacement amount of master key, Wherein numeral 0 and b is respectively used to indicate the least significant bit and b significance bits of the encrypted instruction speed buffering address. In another embodiment, the position [d of the encrypted instruction speed buffering address:C] subset defines the rotation displacement amount of master key, digital c And d is respectively used to indicate the c significance bits and d significance bits of the encrypted instruction speed buffering address.More specifically It is bright it, the action of rotation displacement be with n may rotation displacement amount one do the rotation displacement of master key, wherein n=2^m, m is Position [the d of the encrypted instruction speed buffering address:C] subset digit.

In another embodiment, disclosed method is further included based on a new encrypted instruction speed buffering address choice One group of new one or more master key, and a new decruption key is derived according to this.In one embodiment, new one group is selected The action of one or more master keys is decided by the position [f of the new encrypted instruction speed buffering address:E] number representated by subset Value, wherein numeral e and f be respectively used to indicate the encrypted instruction speed buffering address e significance bits and f it is effective Position.In one embodiment, the selection action selection of one group of new one or more master key include selecting available q groups one or Any group, wherein p=2 in multiple master keys^q, and q is the position [f of the new encryption key speed buffering address:E] can in subset One of energy numerical value.

The present invention can be more characterized as disclosing a microprocessor, and encrypted instruction safely can be decrypted and held by the microprocessor OK.The microcontroller includes an instruction cache, a speed buffering logic (for example, a speed buffering circuit), one Safe storage, key selection logic (for example, a key selection circuit) and a decryption logic are (for example, a solution cipher telegram Road).The instruction cache is used to store encrypted instruction.The speed buffering logic, which is set, to be come from the command high speed buffer Memory speed buffering goes out encrypted instruction.The safe storage sets to store multiple master keys.Key selection logic is set To be based on one group of one or more master key of encrypted instruction speed buffering address choice.In addition, the decryption logic sets to use Selected one or more master keys of the group are derived from a decruption key of selected one or more master keys of the group to decrypt height Encrypted instruction of the speed buffering from the instruction cache.

In one embodiment, the microprocessor further includes a decruption key and produces logic (for example, decruption key is produced Circuit), set to derive decruption key from selected one or more master keys of the group.In a more specific embodiment, the solution Close key generation logic, which is set, to derive each speed buffering amount a new decruption key.In one embodiment, each decryption The bit length t of key is 2^s, wherein s is the byte number of a speed buffering amount.In addition, above-mentioned encrypted instruction is grouped into instruction area Block, the length of above-mentioned instruction block is not more than the length of decruption key, and the decruption key produces logic and sets above-mentioned to be based on The speed buffering address of encrypted instruction in instruction block is that each instruction block derives new decruption key.

In another embodiment, the decruption key produce logic set come the selected group of rotation displacement one or more Master key first, produce a new decruption key according to this, and institute's rotation displacement amount with being based on the encrypted instruction speed buffering Location.In one embodiment, the position [b of the encrypted instruction speed buffering address:0] subset does not influence the rotation displacement of master key Amount, numeral 0 and b is respectively used to indicate the least significant bit and b significance bits of the encrypted instruction speed buffering address.More very Person, the position [d of the encrypted instruction speed buffering address:C] subset defines the width of master key rotation displacement, digital c and d difference C significance bits and d significance bits for indicating the encrypted instruction speed buffering address.It is more particularly described, the solution Close key generation logic sets to do the rotation displacement of master key, wherein n=2 with n possible rotation displacement amount one^m, and m is Position [the d of the encrypted instruction speed buffering address:C] subset digit.

In another embodiment, the decruption key produces logic and set to come based on a new encryption key speed buffering One group of new one or more master key of address choice, and a new decruption key is derived according to this.In one embodiment, it is new Position [the f of the encrypted instruction speed buffering address:E] subset determines the modifications of new one or more master keys of the group, digital e and F is respectively used to indicate the e significance bits and f significance bits of the encrypted instruction speed buffering address.What is more, the decryption Cipher key logic sets to select any group, p=2 in available one or more master keys of q groups^q, q is new encryption key high speed Position [the f of buffer address:E] may one of numerical value in subset.

The present invention may be characterized as disclosing a kind of method for performing encrypted instruction safely in a microprocessor.Decryption is any to be added Before close instruction, the microprocessor receives a request (for example, instruction pattern), makes the general execution that can not be performed from encrypted instruction The if secure execution (SEM) that pattern switching to encrypted instruction is carried out.The microcontroller conditionally allows the request. The condition that need to meet itself can be certain cipher authentication.For example, in one embodiment, the microprocessor is set to be referred to perform Order, the safe storage is write with a real time data field of the instruction by encryption key numerical value.

Then, the microprocessor receives one and instructed, and the group encryption keys numerical value for the decryption of an encipheror is write Enter the safe storage of the microprocessor.This instruction is different from any finger for requiring that general execution pattern performs switching to safety Order.

Hereafter, the microprocessor is from the encipheror of an instruction cache speed buffering one, and decrypts and should add Close program instructs for pure words.Decrypting process is using one or more groups one or more encryption keys stored in the safe storage Numerical value or one or more numerical value derived.

During by encryption program instructions decryption for pure words instruction, the instruction of above-mentioned pure words is not exposed to by the microprocessor appoints Any resource outside what non-privileged program or the microprocessor.

In one embodiment, the safe storage of storage encryption key numerical value can not be through at the one of the microprocessor Device bus access is managed, and is not belonging to a part for a cache hierarchy.In addition, a non-privileged program can not be right The safe storage is read or write-in encryption key numerical value.

The present invention characterizes a kind of microprocessor in addition, including：One instruction processing pipeline；One processor bus；One is slow at a high speed Rush memory hierarchy；And a safe storage of storage encryption key.

The microprocessor, which is set, to be come：Receive one to ask, make the general execution pattern switching that can not be performed from encrypted instruction extremely The if secure execution that encrypted instruction is carried out；Conditionally allow the request；Execute instruction, by one group one or more add Close cipher key values write the safe storage of the microprocessor；And encrypted from an instruction cache speed buffering one Program.The microprocessor is more set to be instructed to decrypt the encipheror for pure words, wherein using in the instruction processing pipeline One decryption logic.The decryption logic uses the encryption key numerical value stored in the safe storage or derivative one or more numbers Value, to decrypt the encipheror.

In one embodiment, the microprocessor, which is set, carrys out configuration processor, is exposed wherein not instructing above-mentioned pure words To any resource outside any non-privileged program or the microprocessor.In another embodiment, the safe storage can not Accessed through the processor bus, and a part for the non-cache hierarchy.Therefore, the microprocessor avoids one Non-privileged program reads to the safe storage or writes encryption key numerical value, to limit the access of the safe storage.

In another embodiment, the microprocessor sets to decrypt the successive passage of the encipheror, wherein basis The address of the above-mentioned successive passage storage of the encipheror selects one or more multigroup encryption key numerical value from the safe storage Or decrypted with its derivative numerical value.

In another embodiment, whether it is to be loaded with encryption parameter that the microprocessor is set come the form according to the request An instruction, conditionally allow the request, to switch to the if secure execution.The instruction is a privileged program or program A part, and above-mentioned encryption parameter meets the preset standard for performing the encipheror during decryption.In one embodiment, on The encryption for stating encryption parameter and encipheror is to use different encryption mechanisms.

In another embodiment, the encryption of the successive passage of the encipheror is the continuous segment based on the encipheror The storage address fallen.

In another embodiment, the microprocessor further includes the program run under general execution pattern and can not accessed A secure execution mode exceptions processing logic and if secure execution interrupt handling logic, and the microprocessor is arranged to Handled in the case where operating on if secure execution using above-mentioned secure execution mode exceptions at logic and if secure execution interruption Manage logic.What is more, the microprocessor avoids the decryption of encrypted instruction, unless the microprocessor is in above-mentioned safety and performs mould Formula.

In another embodiment, the safe storage, which is set, to receive encryption key numerical value by an encrypted tunnel. In another embodiment, the microprocessor sets to avoid the decryption of encrypted instruction, unless the microprocessor operation is in x86 framves The SMM of structure.

One embodiment of the present invention discloses a microprocessor.The microprocessor include an instruction cache, One instruction decoding unit and an extraction unit.The extraction unit is used for：(a) one is extracted from the instruction cache The director data of block；(b) with a data entity to the cloth woods xor of onblock executing one, to produce pure words director data； And above-mentioned pure words director data is supplied to the instruction decoding unit by (c).Under one first situation, the block includes encryption Director data and the data entity are decruption key.Under one second situation, the block includes non-encrypted director data and should Data entity is the binary bit null value of multiple.No matter the director data of the block is encryption or non-encrypted, carries out the above (a), the time required for (b) and (c) is identical under first situation and under second situation.

Another embodiment of the invention discloses a method, has the one of an instruction cache to operate Microprocessor.This method includes：(a) director data of a block is extracted from the instruction cache；(b) with a data Entity carries out a cloth woods xor to the block, to produce pure words director data；And (c) supplies above-mentioned pure words instruction number According to an instruction decoding unit.Under one first situation, the block includes encrypted instruction data and the data entity is close to decrypt Key.Under one second situation, the block includes the binary bit null value that non-encrypted director data and the data entity are multiple. No matter the director data of the block is encryption or non-encrypted, and the time required for implementation the above (a), (b) and (c) is at this It is identical under first situation and under second situation.

One embodiment of the present invention provides a microprocessor.The microprocessor include an instruction cache with And an extraction unit.The extraction unit can extract the encryption journey of address extraction one from the sequence of instruction cache one is multiple The encrypted instruction of the multiple blocks of the sequence of sequence one.Extract each block of the sequence when, extraction unit more with multiple cipher key values with And extract the block extraction address part content be a function, generate decruption key.It is each for the sequence that extracts Individual block, extraction unit also uses corresponding decryption key decryption wherein encrypted instruction.The microprocessor is also cut including a key Instruction is changed, when the extraction unit extracts the above-mentioned multiple blocks of the sequence from the instruction cache, micro- place is indicated Reason device updates these cipher key values in the extraction unit.

Another embodiment of the invention discloses a kind of method, and operation one with an instruction cache is micro- Processor.This method includes extracting multiple first encrypted instructions of a program from the instruction cache, and by it with one First decryption key decryption is the multiple first non-encrypted instructions.This method is also included first decruption key with one second decryption Key replaces, and responds the key switching command in these first non-encrypted instructions.This method also includes slow from the instruction cache Rush multiple second encrypted instructions that memory extracts the program, and by it using second decryption key decryption as multiple second it is non-plus Close instruction.

Another embodiment of the invention discloses a kind of method, for operating a microprocessor.This method is included from one The multiple encrypted instructions for extracting the multiple blocks of sequence of one encipheror of address extraction one of the sequence of instruction cache one.Should When method is additionally included in extraction each block of the sequence, with multiple cipher key values and the portion for extracting address of institute's extraction block Part content is that a function generates decruption key.This method is also included for each block in the sequence, uses corresponding above-mentioned decryption Secret key decryption encrypted instruction therein.When this method is additionally included in the extraction sequence above-mentioned multiple blocks, key switching is performed Instruction.Performing above-mentioned key switching command includes updating these cipher key values for being used for generating above-mentioned decruption key.

One embodiment of the present invention discloses a kind of microprocessor.The microprocessor includes an extraction unit, uses first Decruption key data are extracted and decrypt a branch and instructed with handover key.The microprocessor also includes microcode.Above-mentioned micro- generation Code makes the extraction unit close using the above-mentioned first decryption under the not adopted situation in direction that the branch and handover key are instructed Key data are extracted and decrypt the following instructions after the branch instructs with handover key.The microcode is also in the branch and switching Key is instructed under adopted situation, makes the extraction unit use the second decryption different from above-mentioned first decruption key data close The target instruction target word that the branch instructs with handover key is extracted and decrypted to key data.

Another embodiment of the invention discloses a method, with the encipheror of a microprocessor processes one.This method bag Include and a branch and handover key instruction are extracted and decrypted using the first decruption key data.The method also includes, in the branch Under the situation that the direction instructed with handover key is not taken, extracted with above-mentioned first decruption key data and decrypt the branch Following instructions after being instructed with handover key.This method also includes, and the direction instructed in the branch with handover key is taken Situation under, with different from the second decruption key data of above-mentioned first decruption key data extract and decrypt the branch with cutting Change a target instruction target word of key instruction.

Another embodiment of the invention also discloses a method, for encrypting a program, for for decrypting and performing One microprocessor of encipheror is performed in the future.This method includes receiving the file of a mesh of a non-encrypted program, including Conditional branch is instructed, and indicated destination address can be performed in the microprocessor to be judged before the program.This method also includes analysis The program is to obtain block message.Above-mentioned block message is by the procedure division into multiple pieces an of sequence.Each piece includes the multiple fingers of a sequence Order.Above-mentioned block message also includes each piece of related encryption key data.Each piece of corresponding encryption key data is differed.This method Also including destination address during above-mentioned conditional branch is instructed, person is each referred to a branch with handover key with itself being located at different masses Order substitution.This method also includes encrypting the program based on above-mentioned block message.

Another embodiment of this present invention also discloses a method, for encrypting a program, for for decrypting and holding One microprocessor of row encipheror is performed in the future.This method includes receiving the file of a mesh of a non-encrypted program, wherein wrapping Conditional branch instruction is included, indicated destination address is only capable of judging when the microprocessor performs the program.This method also includes The program is analyzed to obtain block message.Above-mentioned block message is by the procedure division into multiple pieces an of sequence.Each piece more including a sequence Individual instruction.Above-mentioned block message also includes each piece of related encryption key data.Each piece of corresponding encryption key data is differed.Should Method also includes instructing above-mentioned conditional branch each to instruct with a branch and handover key replacing.This method is also included based on upper Block message is stated, the program is encrypted.

One embodiment of the present invention discloses a microprocessor.The microprocessor includes an architectural registers, and the framework is posted Storage includes one.The microprocessor is responsible for setting the position.The microprocessor also includes an extraction unit.The extraction unit is from one Instruction cache extracts encrypted instruction and decrypts above-mentioned encrypted instruction before above-mentioned encrypted instruction is performed, to return Should the microprocessor operation that sets this.If receiving an interruption, the microprocessor stores the numerical value of this and stacked to one Internal memory and then by the bit clear.After microprocessor removes the position, extraction instruction is from command high speed buffer storage Device extracts non-encrypted instruction, is execution as decryption oprerations not to above-mentioned non-encrypted instruction.The microprocessor is also stacked from this The numerical value previously stored is used for repairing the position of the architectural registers by internal memory, to respond the operation returned from interrupt instruction.If The numerical value after this reparation is judged as setting state, and the extraction unit extracts and decrypts encrypted instruction again.

Another of the invention embodiment discloses a kind of method, for operate have an instruction cache with And one architectural registers a microprocessor.This method includes setting one in the architectural registers, and then refers to from this Make cache memory extract encrypted instruction, and decrypt above-mentioned encrypted instruction before above-mentioned encrypted instruction is performed.In face When being interrupted to one, this method also includes the numerical value for storing this of the architectural registers, and then removes the position.Removing the position Afterwards, this method also includes extracting non-encrypted instruction from the instruction cache, and do not make to decrypt perform it is above-mentioned non- Encrypted instruction.This method also includes repairing the architectural registers position with the numerical value previously stored, is returned with responding from interrupt instruction The operation returned.If it is determined that the numerical value after this repairs is setting state, this method also includes extracting again and decrypting and hold Row encrypted instruction.

Another embodiment of the invention discloses a microprocessor.The microprocessor includes an architectural registers and one Extraction unit, the architectural registers include one.The microprocessor stores the numerical value of this, and Program is performed to respond to interrupt One requires.It is encryption or non-encrypted that position sign, which performs Program,.The microprocessor repairs the position with the numerical value previously stored, and And the program being interrupted is extracted again as Program is performed, to respond the operation returned from interrupt instruction.If after the position is repaired Numerical value be setting state, the microprocessor first repairs decruption key numerical value before the program of interruption is extracted again so that Extracted instruction is decrypted with the decruption key numerical value of reparation.If the numerical value after this repairs is removing state, the microprocessor Do not make the reparation of decruption key numerical value and the instruction extracted is not decrypted.

Another embodiment of the invention discloses a kind of method, to operate a microprocessor.This method includes storage The numerical value of the microprocessor one, the requirement for performing Program is interrupted to respond.The position sign perform Program for encryption or It is non-encrypted.The operation returned from interrupt instruction is responded, this method also includes repairing the position with the numerical value previously stored, and again The program interrupted is extracted as execution Program.If the numerical value after this repairs is setting state, this method is additionally included in again Extract before interrupt routine, decruption key numerical value is repaired, and with the extracted finger of the decruption key numerical value decryption after reparation Order.If the numerical value after this repairs is removing state, this method will not make decruption key reparation operation, also instruction not to extraction Decrypt.

One embodiment of the present invention discloses a kind of microprocessor.The microprocessor includes a storage element, with multiple Position each stores the decruption key data of an encipheror.The microprocessor also includes a control register, with a field Indicate in the above-mentioned multiple positions of the storage element with executory encipheror relative.Respond the behaviour returned from interrupt instruction Make, the numerical value of the field previously stored is used for repairing the control register by the microprocessor from memory.The microprocessor Also include an extraction unit, to extract executory encipheror encrypted instruction and by it with the field repair after The decruption key data deciphering stored by position that numerical value is indicated in the storage element.

Another embodiment of the invention discloses a method, has a control register and a storage member to operate Multiple positions each store the decruption key data of an encipheror in one microprocessor of part, the storage element.This method Including being used for the numerical value of the field previously stored from memory to repair a field in the control register, to respond from interruption The operation returned is instructed, wherein, with encipheror in execution in the above-mentioned multiple positions of the numerical marker of the field storage element It is relevant.This method also includes the encrypted instruction for extracting executory encipheror.This method is also included after being repaired with the field The encrypted instruction that the decruption key data deciphering stored by position that numerical value is indicated in the storage element is extracted.

One embodiment of the present invention discloses a kind of microprocessor.It is slow at a high speed that the microprocessor includes a branch target address Rush branch and the historical information of handover key instruction that memory (BTAC) record was previously performed.Above-mentioned historical information includes institute Destination address and identifier that the branch of record instructs with handover key.Above-mentioned identifier sign and affiliated branch and switching The related multiple cipher key values of key instruction.The microprocessor also includes an extraction unit, couples the branch target address at a high speed Buffer storage.When the extraction unit extracts the branch previously performed with handover key instruction, the branch target can be received Prediction that location cache memory is made and received from the branch target address cache on being extracted Above-mentioned destination address and identifier that branch instructs with handover key.The extraction unit is carried always according to the destination address received The multiple cipher key values for taking encrypted instruction data and being indicated according to the identifier received decrypt extracted encrypted instruction Data, to respond the above-mentioned prediction received.

Another embodiment of the invention discloses a kind of method, for operating a microprocessor.This method is included with one The historical information that the branch that branch target address cache (BTAC) record was previously performed instructs with handover key. Above-mentioned historical information includes destination address and the identifier that recorded branch instructs with handover key.Above-mentioned identifier sign The multiple cipher key values related with handover key instruction to affiliated branch.This method is more in the branch and switching that had previously performed Key instruction receives the prediction that the branch target address cache made when being extracted and from the branch target Location cache memory receives the above-mentioned destination address instructed on the branch extracted with handover key and identifier.Should Method more according to the destination address that is received extract encrypted instruction data and according to the identifier received indicated it is multiple Cipher key values decrypt extracted encrypted instruction data, to respond the above-mentioned prediction received.

Brief description of the drawings

Fig. 1 is a block diagram, illustrates the microprocessor realized according to the technology of the present invention；

Fig. 2 is a block diagram, the extraction unit to describe schematic thinking 1 in detail；

Fig. 3 is a flow chart, according to the technology of the present invention, the operation of the extraction unit of schematic thinking 2；

Fig. 4 is a block diagram, according to the technology of the present invention, the field of the flag register of schematic thinking 1；

Fig. 5 is a block diagram, according to the technology of the present invention, illustrates the form of a key load instruction；

Fig. 6 is a block diagram, according to the technology of the present invention, illustrates the form of a key switching command；

Fig. 7 is a flow chart, according to the technology of the present invention, the operation of the microprocessor of schematic thinking 1, wherein performing Fig. 6 key Switching command；

Fig. 8 is a block diagram, according to the technology of the present invention, illustrates the memory usage of an encipheror, the encipheror bag Include the key switching command that multiple Fig. 6 are uncovered；

Fig. 9 is a block diagram, the form instructed according to the technology of the present invention, one branch of diagram with handover key；

Figure 10 is a flow chart, according to the technology of the present invention, the operation of the microprocessor of schematic thinking 1, wherein performing Fig. 9 branch Instructed with handover key；

Figure 11 is a flow chart, according to the technology of the present invention, illustrates the operation of a preprocessor, is realized by Software tool, can A program is handled for rear portion and it is encrypted, to be performed by Fig. 1 microprocessors；

Figure 12 is a block diagram, the branch of diagram another embodiment of the invention and the form of handover key instruction；

Figure 13 is a block diagram, according to the technology of the present invention, illustrates block address range table；

Figure 14 is a flow chart, according to the technology of the present invention, the operation of the microprocessor of schematic thinking 1, wherein performing Figure 12 point Branch is instructed with handover key；

Figure 15 is a block diagram, the branch of diagram another embodiment of the invention and the form of handover key instruction；

Figure 16 is a block diagram, according to the technology of the present invention, illustrates block address range table；

Figure 17 is a flow chart, according to the technology of the present invention, the operation of the microprocessor of schematic thinking 1, wherein performing Figure 15 point Branch is instructed with handover key；

Figure 18 is a flow chart, another embodiment of diagram the technology of the present invention, wherein describing the behaviour of a preprocessor Make, handle a program for rear portion and encrypt it, performed by Fig. 1 microprocessors；

Figure 19 is a flow chart, and according to the technology of the present invention, the operation of the microprocessor of schematic thinking 1 is cut for dealing with a task Change, switch between an encipheror and a pure words program；

Figure 20 illustrates a flow chart, according to the technology of the present invention, the behaviour of the system software performed by the microprocessor of schematic thinking 1 Make；

Figure 21 illustrates a block diagram, according to another embodiment of the invention, the field of the flag register of schematic thinking 1；

Figure 22 is a flow chart, and according to the technology of the present invention, diagram is using Fig. 1 microprocessors of Figure 21 flag register Operation, for dealing with task switching, is switched between multiple encipherors；

Figure 23 is a flow chart, and according to the technology of the present invention, diagram is using Fig. 1 microprocessors of Figure 21 flag register Operation, for dealing with task switching, is switched between multiple encipherors；

Figure 24 is a block diagram, according to another of the invention embodiment, the list in the cipher key register document of schematic thinking 1 One register；

Figure 25 is a flow chart, according to another of the invention embodiment, diagram using Figure 21 flag registers and The operation of Fig. 1 microprocessors of Figure 24 cipher key register documents, with deal with a task switching, switch on multiple encipherors it Between；

Figure 26 is a flow chart, according to another of the invention embodiment, diagram using Figure 21 flag registers and The operation of Fig. 1 microprocessors of Figure 24 cipher key register documents, with deal with a task switching, switch on multiple encipherors it Between；

Figure 27 is a block diagram, the other embodiment of the partial content of 1 microprocessor of schematic thinking 100；

Figure 28 is a block diagram, according to the technology of the present invention, and the branch target address cache of detailed schematic thinking 27 is stored Device (BTAC)；

Figure 29 is a block diagram, according to the technology of the present invention, the content of the BTAC each units of detailed schematic thinking 28；

Figure 30 is a flow chart, and according to the technology of the present invention, the microprocessor of schematic thinking 27 uses Figure 28 BTAC operation；

Figure 31 is a flow chart, and according to the technology of the present invention, the microprocessor of schematic thinking 27 uses Figure 28 BTAC operation；And

Figure 32 is a flow chart, according to the technology of the present invention, and the microprocessor of schematic thinking 27 is instructed to a branch and handover key Operation；And

Reference numeral explanation

100~microprocessor；102~instruction cache；

104~extraction unit；106~director data (can be encryption)；

108~decoding unit；112~execution unit；

114~draw unit；118~general register；

122~secure storage areas；124~cipher key register document；

128~flag register；132~microcode unit；

134~extract address；142~master key register；

144~control register；148~E；

152~cipher key spreading device；154~multiplexer；

156~different logic；162~pure words director data；

164~extract command generator；172~two group keys；

174~decruption key；The binary bit null value of 176~multidigit；

The output of 178~multiplexer 154；

212~multiplexer A；214~multiplexer B；

216~circulator；218~addition/subtraction device；

234~first key；236~the second keys；

The output of 238~circulator；302-316~step square；

402~E bit fields；

The standard x86 marks of 408~multiple；

500~key load instruction；502~command code；

504~cipher key register document objectives address；

506~secure storage areas source address；

600~key switching command；602~command code；

The document index of 604~cipher key register；

702-708~square step；800~memory usage；

900~branch instructs with handover key；

902~command code；The document index of 904~cipher key register；

906~branch information；1002-1018~step square；

1102-1106~step square；1200~branch instructs with handover key；

1202~command code；1300~block address range table：

1302~address realm；The document index of 1304~cipher key register；

1402-1418~step square；1500~branch instructs with handover key；

1502~command code；1600~block address range table：

1604~secure storage areas address；

1714~step square；1802-1806~step square；

1902-1944~step square；2002-2008~step square；

2104~index；2202-2216~step square；

2302-2316~step square；2402~eliminate position；

2506~step square；2607th, 2609~step square；

2702~branch target address cache (BTAC)；

2706~destination address；2708~use/do not use index；

2712~key switch logic；2714~pattern index；

The document index of 2716~cipher key register；

2802~BTAC array；2808~BTAC units；

2902~significance bit；2904~tag field；

2906~destination address；2908~use/do not use field；

The document index of 2912~cipher key register；

2914~type field；3002-3004~step square；

3102-3116~step square；3208-3222~step square；And

The binary bit null value of ZEROS~multidigit.

Embodiment

Refering to Fig. 1, the microprocessor 100 that a block diagram illustration is realized according to the technology of the present invention.Microprocessor 100 is wrapped A pipeline (pipeline) is included, is extracted including an instruction cache (instruction cache) 102, one The execution unit (execution unit) 112 of 104, one decoding unit (decode unit) of unit (fetch unit) 108, one, And one draw unit (retire unit) 114.Microprocessor 100 also includes a microcode unit (microcode unit) 132, to provide microcode instruction (microcode instructions) to the execution unit 112.Microprocessor 100 is also wrapped General register (general purpose registers) 118 and flag register (EFLAGS register) 128 are included, To provide ordering calculation first (instruction operands) to execution unit 112.Moreover, by drawing unit 114, will refer to Implementing result is made to update in general register 118 and flag register 128.In one embodiment, flag register 128 It is to be changed to realize by traditional x86 flag registers, detailed embodiment will be in follow-up length explanation.

Extraction unit 104 extracts director data (instruction data) 106 from instruction cache 102. Extraction unit 104 operates in both of which：One is decryption mode (decryption mode), and another is pure words pattern (plain text mode).An E (E of a control register (control register) 144 in extraction unit 104 Bit) 148 determine that the extraction unit 104 is operate within decryption mode (setting E) or operates in pure words pattern (to empty E Position).Under pure words pattern, extraction unit 104 is depending on the director data 106 that is extracted from the instruction cache 102 For unencryption or pure words director data, therefore, director data 106 is not decrypted.However, under decryption mode, extracting single Member 104 regards the director data 106 extracted from the instruction cache 102 as encrypted instruction data, therefore, need to make With the decruption key stored by a master key register (master key register) 142 for the extraction unit 104 (decryption keys) by decryption be pure words director data, detailed technology content will be begged for reference to Fig. 2 and Fig. 3 By.

Extraction unit 104 also includes one and extracts command generator (fetch address generator) 164, to produce Raw one extracts address (fetch address) 134, to extract director data 106 from the instruction cache 102.Carry Address 134 is taken to be also supplied to a cipher key spreading device (key expander) 152 for extraction unit 104.Cipher key spreading device 152 is autonomous Two group keys 172 are chosen in key temporary 142, and computing is implemented to it to produce a decruption key 174, multiplexer 154 is used as First input.Second input of multiplexer 154 is the binary bit null value (binary zeros) 176 of multidigit.E positions 148 are controlled Multiplexer 154.If E positions 148 are set, the selection of multiplexer 154 exports the encryption key 174.If E positions 148 are eliminated, multiplexer The binary bit null value 176 of 154 selection output multidigits.The output 178 of multiplexer 154 be supplied to different logic 156 as its first Input.Cloth woods XOR is implemented in director data 106 and the multiplexer output 178 that different logic 156 is responsible for extraction (Boolean exclusive-OR, XOR), to produce pure words director data 162.The director data 106 of encryption be in advance with The pure words director data of its script is encrypted different logic with an encryption key, wherein the numerical value of the encryption key and the solution Key 174 is identical.The detailed embodiment of extraction unit 104 will be combined to be dissolved in Fig. 2 and Fig. 3 and described later.

Pure words director data 162 is supplied to decoding unit 108.Decoding unit 108 is responsible for pure words director data 162 crossfire decodes and is divided into multiple X86 instructions, transfers to execution unit 112 to perform.In one embodiment, decode single Member 108 includes buffer (buffers) or queue (queus), with before decoding or period, the pure words instruction of buffer-stored The crossfire of data 162.In one embodiment, decoding unit 108 includes an instruction translator (instruction Translator), to be microcommand microinstructions or micro-ops by X86 instruction translations, transfer to perform list Member 112 is performed.Can be more with the instruction edge for one place value of each instruction output, the place value during 108 output order of decoding unit The line construction is advanced and arrived all the way, to indicate whether the instruction is encrypted instruction.The place value will control the execution unit 112 and the extraction unit 114, make according to the instruction from the instruction cache 102 take out when be encrypted instruction Or pure words instruct and carry out decision-making and take action.In one embodiment, pure words instruction is not allowed to perform specially For the specific operation of instruction decryption Model Design.

In one embodiment, microprocessor 100 is an x86 architecture processors, however, microprocessor 100 can also The processor of other frameworks is realized.If a processor can correctly perform most of application programs of the design to x86 computing devices, Then regard its processor as x86 frameworks.If application program perform after can obtain expected results, can determine whether the application program be by It is correct to perform.Particularly, microprocessor 100 is the instruction for performing x86 instruction set, and with x86 user visible register groups (x86user-visible register set)。

In one embodiment, microprocessor 100 is designed for answering a composite safe framework (comprehensive Security architecture)-be referred to as if secure execution (secure execution mode, abbreviation SEM)-with Wherein configuration processor.According to a kind of embodiment, the execution of SEM programs can be by several process device event (processor Events) trigger, and do not blocked by general (non-SEM) operation.The program illustrated below that performed under SEM that is defined in is realized Function, including key safety task (critical security tasks) such as：Voucher check and data encryption, System software activity monitoring, system software integrity verification, resource are controlled using tracking, the installation of new software ... etc..On SEM Embodiment refer to U.S. patent application case filed in 31 days October in 2008 of our company, Reference Number 12/263,131 is (beautiful State's patent publication No. is 2009-0292893, open on November 26th, 2009)；The claim of priority of the case is traced back and 2008 5 The U.S. Provisional Patent Application case (Reference Number 61/055,980) on the moon 24；Present application correlation technique part can refer to above-mentioned case Content.In one embodiment, for storing SEM data for secure non-volatile memory (being not shown in diagram)-such as height Fast buffer storage (flash memory)-available for storage decruption key, and by an isolation universal serial bus (private Serial bus) microprocessor 100 is coupled, and wherein all data are AES encryption (AES-encrypted) and tested by signature Just (signature-verified).In one embodiment, microprocessor 100 is non-including a small amount of single write-once Volatile memory (non-volatile write-once memory are not depicted in diagram), for storing decruption key；Its A kind of middle embodiment refers to the fuse-type nonvolatile memory disclosed in United States Patent (USP) case 7,663,957；It can refer to Above-mentioned case content is applied to the present invention.The one of which advantage of disclosed instruction decryption feature is：Extension safety The application of execution pattern (SEM), makes security procedures (secure program) get stored in outside microprocessor 100 Memory, without restriction full storage inside microprocessor 100.Therefore, security procedures can utilize memory level framework The holonmic space and function provided.In one embodiment, all or part of structural exception/interrupt (architectural exceptions/interrupts, for example, page fault page faults, except wrong point of interruption debug Breakpoints) ... etc., it is decapacitation (disable) under SEM patterns.In one embodiment, all or part of knot Structure sexual abnormality/interruption is decapacitation (disable) under decryption mode (i.e. E positions 148 are setting).

Microprocessor 100 also includes a cipher key register document (key register file) 124.Cipher key register text Shelves 124 include multiple registers, wherein the key stored can by key switching command (switch key instruction, It is subsequently discussed) the master key register 142 of extraction unit 104 is loaded into, to decrypt extracted encrypted instruction data 106.

Microprocessor 100 also includes a secure storage areas (secure memory area, be abbreviated as SMA) 122, for depositing Decruption key is stored up, the decruption key is treated through the key load instruction (load key instruction) 500 shown in Fig. 5 and then carried Enter cipher key register document 124.In one embodiment, secure storage areas 122 is limited with SEM program access.That is, Secure storage areas 122 can not be by program access performed under general execution pattern (non-SEM).In addition, secure storage areas 122 It can not be accessed by processor bus, and be not belonging to some of the cache memory stratum of microprocessor 100.Therefore, lift Example explanation, speed buffering null clear operation (cache flush operation) will not cause the content of secure storage areas 122 to be write Enter memory.On the read-write of secure storage areas 122, specific instruction is designed with the instruction set architecture of microprocessor 100.It is a kind of real The mode of applying is one isolated random access memory (private RAM) of design, correlation technique content in secure storage areas 122 Referring to 2 months 2008 U.S. patent application cases filed in 20 days 12/034,503, (case is open on October 16th, 2008, public 2008/0256336) number of opening is；It can refer to above-mentioned case content and be applied to the present invention.

At first, operating system or other privileged programs (privileged program) download the initializing set of key in The secure storage areas 122, cipher key register document 124 and master key register 142.Microprocessor 100 at first can be close with this The initializing set of key is to decrypt an encipheror.In addition, encipheror can continue in itself, the new key of write-in to safety is stored Area 122 and from secure storage areas 122 by key loading secrete key register document 124 (by key load instruction) and from key Key is loaded into master key register 142 (by key switching command) by register document 124.The advantage of the operation is： Disclosed key switching command causes encipheror to be able to switching decruption key group (on-the-fly instantly in execution Switching), it is will be described below.New key can be made up of the instant data of encryption program instructions itself.In one kind implementation In mode, whether the field meeting instruction program instruction of documentation of program header is encryption pattern.

Technology described by Fig. 1 has multiple advantages.First, the pure words decrypted from encrypted instruction data 106 refer to Make data can not be obtained by the outside of microprocessor 100.

Second, extraction unit 104 extract encrypted instruction data needed for time with extract pure words director data needed for Time is identical.Whether safe this characteristic be related to.If conversely, with the presence of the time difference, hacker can thereby crack encryption technology.

3rd, compared to traditional design, disclosed instruction decryption technology will not additionally increase extraction unit 104 The clock quantity consumed.As discussed below, cipher key spreading device 152 increases the effective length of decruption key, and the decruption key is used for Decrypt an encipheror, and this mode will not make extraction encrypted program data needed for time be longer than extraction pure words routine data The required time.Particularly because the running of cipher key spreading device 152 in limited time in extract address 134 table look-up the instruction cache delay Rush memory 102 obtain director data 106 within complete, cipher key spreading device 152 can't increase general extraction procedure when Between.In addition, because multiplexer 154 and cipher key spreading device 152 delay in extract the instruction cache of tabling look-up of address 134 in limited time in the lump Rush memory 102 and obtain completion within director data 106, therefore the time of general extraction procedure will not be increased.Different logic 156 is Unique to make an addition to the general logical operation for extracting path, fortunately the propagation delay of ETTHER-OR operation 156 is fairly small, will not increase work week Phase.Therefore, disclosed instruction decryption technology will not increase the clock quantity burden of extraction unit 104.In addition, compared to General technology is applied to the complicated decryption mechanisms of decryption instructions data 106, such as S boxes (S-boxes), and general technology can increase Required work period and/or the clock quantity consumed when extracting and decoding director data 106.

Then, with reference to Fig. 2, the extraction unit 104 of the detailed schematic thinking 1 of a block diagram.Particularly, Fig. 1 cipher key spreading device 152 also scheme row wherein in detail.The advantage that above-mentioned encrypted instruction data 106 are decrypted using different logic has previously been discussed.However, it is fast and Small different logic has its shortcoming：If keys for encryption/decryption is reused, different logic belongs to a kind of fragile encryption method (weak encryption method).But, if the length of the equivalent program for being intended to encrypt/decrypt of the effective length of key, Different logic add secret meeting is a kind of high encryption technology of intensity.Microprocessor 100 is characterised by that having for decruption key can be increased Length is imitated, to reduce the demand of key reuse.First, the numerical value (document) stored by master key register 142 is big in being Molded dimension：In one embodiment, the equivalent director data 106 taken out from instruction cache 102 of its size Extracted amount or resource block size, be 128 (16 bytes).Second, Cryptographic Extensions device 152 is used to increase the effective of decruption key Length, for example, increasing to 2084 bytes disclosed in an embodiment, will be described in detail in follow-up length.3rd, encipheror can be by Key switching command (or its deformation) changes the numerical value in master key register 142 in operation, and paragraph will be described it afterwards.

In the exemplary embodiment illustrated in fig. 2, five master key registers 142, numbering 0-4 have been used.However, in other implementations , can also less or more amount the quantity of master key register 142 growth decruption key length in mode.For example, a kind of implement Mode is using 12 master key registers 142.Key expander 152 includes one first multiplexer A 212 and one second multiplexing Device B 214, to receive the key that master key register 142 is supplied.Extracting the partial content of address 134 is used to control multiplexing Device 212/214.In the exemplary embodiment illustrated in fig. 2, multiplexer B 214 is three turn of one multiplexer, and multiplexer A 212 is four turn one Multiplexer.Form 1 show multiplexer 212/214 how according to respective selection input choose these master key registers 142 (with Above-mentioned numbering identification).Form 2 shows the producing method of above-mentioned selection input, and based on the position [10 for extracting address 134:8] institute The master key register 142 for being in is combined.

Form 1

Form 2

Multiplexer B 214 output 236 is supplied to addition/subtraction device 218.Multiplexer A 212 output 234 is supply To a circulator (rotator) 216.Circulator 216 receives the position [7 for extracting address 134:4], rotation multiplexer output according to this 234, determine the byte quantity of rotation.In one embodiment, the position [7 of address 134 is extracted:4] it is being supplied to circulator 216 Increment before the byte quantity of rotation is controlled, is shown with above table 3.The output 238 of circulator 216 is supplied to addition/subtraction Device 218.Adder/subtracter 218 receives the position [7] for extracting address 134.If the position [7] is empties, addition/subtraction device 218 will The output 238 of circulator 216 is subtracted from multiplexer B 214 output 236.If the position [7] is setting, addition/subtraction device 218 will The output 238 of circulator 216 adds multiplexer B 214 output 236.The output of addition/subtraction device 218 is the solution shown in Fig. 1 Key 174, is supplied to multiplexer 154.Correlation technique is described in detail with Fig. 3 flow chart below.

Then, refering to Fig. 3, operation of the flow chart based on the extraction unit 104 of the technology of the present invention schematic thinking 2.Flow is started from Square 302.

In square 302, extraction unit 104 reads instruction cache 102 to extract address 134, to start to carry Take the director data 106 of the block of one 16 bytes.Director data 106 can be encrypted state or be pure words state, depending on instruction number It is depending on the part for an encipheror or a pure words program, to be indicated by E positions 148 according to 106.Flow subsequently enters square 304。

214 points of refrence square 304, the several positions higher according to address 134 is extracted, multiplexer A 212 and multiplexer B A first key 234 and one second key 236 are selected in the key 172 that not autonomous cipher key register 142 is supplied.One Plant in embodiment, extract those positions supplied address 134 and put on multiplexer 212/214, to produce specific key pair (234/236key pair) is combined.In the embodiment shown in figure 2, the quantity of master key register 142 supplied is 5, because , there are 10 groups of possible keys pair in this.In order to simplify hardware design, wherein 8 groups are only used；This design will supply 2048 bytes Effective key, will be discussed in detail in subsequent paragraph.However, other embodiment is it is also possible that with the key deposit of other quantity Device 142.Exemplified by supplying the embodiment of 12 master key registers 142, the possibility combination of master key register 142 has 66 Group, according to wherein 64 groups, produced effective key will be 16384 bytes.Generally speaking, it is assumed that above-mentioned multiple cipher key values Total amount be K (for example：5, and using all combinations), the decruption key and the above-mentioned respective length of multiple cipher key values are W words Section is (for example：16 bytes), then the effective key produced will be W²*(K！/(2*(K-2)！)) byte.Flow subsequently enters square 306。

In square 306, based on the position [7 for extracting address 134:4], circulator 216 makes first key 234 rotate respective numbers Byte.If for example, extracting the position [7 of address 134:4] it is numerical value 9, circulator 216 is by first key 234 towards 9 words of right rotation Section.Flow subsequently enters square 308.

In square 308, postrotational first key 238 is added to/subtracted from second key 236 by addition/subtraction device 218, To produce Fig. 1 decruption key 174.In one embodiment, if the position [7] for extracting address 134 is 1, addition/subtraction device Postrotational first key 234 is added to second key 236 by 218；If the position [7] for extracting address 134 is 0, addition/subtraction Device 218 subtracts postrotational first key 234 from second key 236.Then, flow enters square 312.

The director data 106 for the block for judging to be extracted according to its control signal in decision block 312, multiplexer 154 It is to come from an encipheror or a pure words program, the position E 148 that the control signal is supplied from control register 144. If director data 106 is encrypted state, flow enters square 314, conversely, then flow enters square 316.

In square 314, the selection output decruption key 174 of multiplexer 154, and different logic 156 make encrypted instruction data 106 with And decruption key 174 carries out a cloth woods xor, to produce Fig. 1 pure words director data 162.Flow terminates in square 314.

In square 316, the binary bit null value 176 of selection 16 bytes of output of multiplexer 154, and the order instruction number of different logic 156 A cloth woods xor is carried out according to 106 (being pure words) and the binary bit null value of 16 byte, is referred to the pure words for producing same Make data 162.Flow terminates in this square 316.

With reference to Fig. 2 and Fig. 3 disclosures, decruption key 174 is supplied to the block director data 106 extracted to enter Row xor, and the decruption key 174 is selected master key to 234/236 and extracts the function of address 134.Compared to Legacy decryption program-make the function that decruption key is earlier key value, wherein persistently amendment key is new next to supply Task interval is used-and disclosed decryption technology is entirely different.So that master key is to 234/236 and extracts address 134 modes for obtaining decruption key 174 for function have at least following two advantages.First, as discussed above, encrypted instruction number According to this and pure words director data 106 extraction it is time-consuming suitable, the work clock needed for microprocessor 100 will not be increased.Second, The branch instruction (branch instruction) in program is run into, the time needed for extracting director data 106 will not increase. In a kind of embodiment, a branch predictor (branch predictor), which is received, extracts address 134, and predicts the extraction address The director data 106 of the 134 signified blocks whether there is a branch instruction, and predict its direction and destination address.With Fig. 2 Exemplified by illustrated embodiment, the decruption key 174 of output is master key to 234/236 and extracts a function of address 134, will The destination address of the same time output prediction of the different logic 156 is delivered in the signified block director data 106 of destination address Appropriate decruption key 174.With legacy decryption key computing gimmick for destination address calculate decruption key necessary to it is multiple " Rewinding (rewind) " step is compared, and disclosed technology will not produce extra delay when handling encrypted instruction data.

In addition, as shown in FIG. 2 and 3, the circulator 216 of cipher key spreading device 152 and the connection of addition/subtraction device 218 Close design so that decruption key length effectively extends, and surmounts the length of master key.For example, master key contributes 32 byte (2*16 altogether Byte)；What is more, for judging the angle why of decruption key 174 with hacking attempt, circulator 216 and addition/subtraction device 218 will effectively expand to the key sequence of 256 bytes positioned at the master key of 32 bytes of master key register 142.More specifically Say that the byte n of the effectively key sequence after extension is in ground：

For the byte n of the first master key 234, andFor the byte n+x of the second master key.As described above, close The first eight byte decruption key 174 of set 16 produced by key expander 152 is produced by subtractive way, and latter eight sets are by addition side Formula is produced.Specifically, the byte content that selected master key is each provided 234/236 is used for for 16 continuous 16 words The director data of block each byte generation byte of decruption key 174 is saved, detail as per form 3.For example, form 3 the 1st is arranged Symbol " 15-00 " represents that the content of byte 0 of the second master key 236 can be through 8 arithmetic operator (an eight-bit Arithmetic operation) subtracted from the byte 15 of the first master key 234, to obtain effective decruption key of a byte 174, to carry out xor with the byte 15 in the director data 106 of one 16 byte blocks.

Form 3

, can be effectively pre- for the expanded keys statistics produced by cipher key spreading device 152 after given appropriate master key numerical value Prevent the common attack of different encryption, including make the cryptographic block of file implement different in the lump with key length displacement and to cryptographic block Computing, is discussed more fully below.152 pairs of selected master keys of cipher key spreading device are to 234/236 influence：In the embodiment In, 256 bytes may be up to the span of two encrypted bytes of director data 106 of identical key in program.At it He has in the director data 106 of different blocks size and the embodiment of different master key length, is encrypted with same key The maximum outreaches of two bytes of director data 106 can have different amounts.

For selecting master key to the multiplexer in 234/236 master key register 142 and cipher key spreading device 152 212/214 can also determine the degree of expansion of effective key length.As discussed above, it is close that Fig. 2 illustrated embodiments are supplied with 5 masters Therefore key register 142, the content that master key register 142 is supplied can be combined in 10 kinds of modes, and multiplexer 212/214 is For selecting eight kinds of effects from above-mentioned 10 kinds of possible combinations.Each key is to 256 corresponding to 234/236 shown in form 3 After byte effective key length arranges in pairs or groups eight kinds of master keys to 234/236 combination, produced effective key length is 2048 bytes. That is, the span for two bytes of director data 106 encrypted in program with identical key may be up to 2048 bytes.

In order to more illustrate advantage that cipher key spreading device 152 is brought, different encipheror is briefly described below common Attack.If the key length that different cryptographic calculation is used is shorter than in the length of the program instruction data of encrypted/decryption, key Many bytes must be reused, and depending on the length for the byte quantity visual range sequence being reused.This weakness makes different finger Encipheror is made to be cracked.First, hacker attempts the length for judging to repeat key, explanation (1) to (3) order presented below Be n+1.Second, hacker assumes that each key length block (key-length block) is with same key in director data Encryption.It is exemplified below the data of two key length blocks obtained according to a traditional different cryptographic calculation encryption：

(1)

Wherein,For the byte n of the data of first key length block, it will be encrypted；For the second key length area The byte n of the data of block, will be encrypted；And k_nFor the byte n of key.3rd, hacker carries out xor to two block, makes Wherein key contribution is mutually sold each other, solely stays herein below：

(3)

Finally, due to which the byte calculated is the function of simple two pure words bytes, hacker can be with the pure text of statistical analysis The frequency of occurrences of word content, to attempt the numerical value for trying to achieve pure words byte.

However, the pattern for the byte of encrypted instruction data 106 that the mode according to disclosed in Fig. 2 and Fig. 3 is calculated is for example following Illustrate shown in (4) and (5)：

(4)

(5)

WhereinThe byte n of the director data of the one 16 encrypted byte block of sign,Sign encrypted the The byte n of the director data of 2 16 byte blocks,Master key x byte n is indicated, andIndicate master key y byte n.It has been observed that master key x is different keys from y.It is assumed that a kind of embodiment provides eight kinds of masters with five master key registers 142 Key is combined to 234/236, in 2048 byte sequences each byte be the one of the master key byte independent with two combine carry out it is different Computing.Therefore, when encryption data is shifted in the block of 256 bytes in any way and makees xor each other, tried to achieve Byte can all have the complicated ingredient of two master keys, therefore, if not illustrating the content of (3), and the operation result of gained is not herein It is pure words byte merely.For example, it is assumed that hacker's selection makes 16 byte blocks in same 256 byte block align and each other Carrying out ETTHER-OR operation makes the same byte of key zero be used in each section, and the operation result of byte 0 is as illustrated shown in (6), to be obtained There is the complex combination of two master keys in the byte obtained：

(6)

Wherein n is not 1.

Furthermore, if hacker changes into the 16 byte blocks alignment in different 256 byte blocks and makees different fortune each other Calculate, the byte 0 of operation result is as illustrated shown in (7)：

(7)

At least one in wherein master key u and v is different from master key x and y.Produced by simulating random master key numerical value The xor of effective key byte, it is possible to find operation resultPresent relatively smooth Distribution.

Certainly, if 16 byte blocks in 2048 different byte length blocks are alignd and entered each other by hacker's selection Row ETTHER-OR operation, hacker may obtain the result similar with illustrating (3).However, refer to herein below.First, some programs - for example, security relative program-may be shorter than 2048 bytes.Second, at a distance of the statistical correlation of the command byte of 2048 bytes Property (statistical correlation) be likely to very small, cause be difficult crack.3rd, such as foregoing teachings, the technology Embodiment master key register 142 can be realized with a greater number, extend the effective length of decruption key；For example, with 12 Individual master key register 142 supplies the decruption key of 16384 byte lengths, or even other longer decruption keys.4th, below Programmer is more set to be loaded into new numerical value to master the key download instruction 500 and key switching command 600 of discussion Cipher key register 142, with effective expanded keys length more than 2048 bytes, or, if necessary, also expansible key length is extremely The complete length of program.

Now, with reference to Fig. 4, a block diagram is according to the flag register 128 of the technology of the present invention schematic thinking 1.According to Fig. 4 Embodiment, flag register 128 includes multiple positions 408 of standard x86 registers；But, for new work(described here Can, Fig. 4 illustrated embodiments can employ one of generally reserved (RESERVED) in x86 frameworks.Special instruction, mark deposit Device 128 includes an E bit fields 402.E bit fields 402 are used for the numerical value of E positions 148 for repairing control register 144, in encryption And switching and/or the switching between different encipherors between pure words program, it is discussed more fully below.E bit fields 402 are indicated Whether performed program has encryption at present.If performed program has encryption at present, E bit fields 402 are setting state, no Then, it is removing state.When interrupt event occurs, control is switched to other programs (for example, interrupting interrupt, exception Exception such as page mistake page fault or task switching task switch), store flag register 128.If conversely, Control returns the program previously interrupted by interrupt event, then repairs flag register 128.The design meeting of microprocessor 100 exists The E positions 148 for updating control register 144 when flag register 128 is repaired with the field values of E positions 402 of flag register 128 are counted Value, it is discussed more fully below.Therefore, if one encipheror is carrying out when interrupt event occurs, (i.e. extraction unit 104, which is in, solves Close pattern), when control gives back the encipheror, E positions 148 are made for setting state with the E bit fields 402 of reparation, to repair Multiple extraction unit 104 is decryption mode.In one embodiment, E positions 148 and E bit fields 402 are same particular hardware Position, therefore, it is storage E positions 148 to store numerical value in the E bit fields 402 of flag register 128, and repairs flag register 128 The numerical value of E bit fields 402 be to repair E positions 148.

Refering to Fig. 5, the form for the key download instruction 500 that a block diagram illustration is realized according to the technology of the present invention.It is close Key download instruction 500 includes the field of a command code (opcode) 502, and it is close in the instruction set of microprocessor 100 specially to indicate it Key download instruction 500.In one embodiment, the numerical value of opcode field 502 is 0FA6/4 (x86 fields).Key, which is downloaded, to be referred to Making 500 includes two operands：One cipher key register document objectives address 504 and a secure storage areas source address 506.Should Secure storage areas source address 506 is an address of one 16 byte master keys of storage in secure storage areas 122.Cipher key register text The address of a register in shelves address 504 sign cipher key register document 124, this register is loaded onto from secure storage areas The 122 16 byte master keys set out.In one embodiment, if a program attempts in microprocessor 100 not being safety operation Key load instruction 500 is performed under pattern, then regards it abnormal as illegal command；If in addition, secure storage areas source address 506 is counted Value is located at outside effective and safe memory block 122, then regards it as general protection exception.In one embodiment, if a program is tried Figure when microprocessor 100 is not highest Permission Levels (for example, 0 authority of x86 rings/x86ring 0) performs key download instruction 500, then regard it abnormal as illegal command.In some cases, the composition of 16 byte master keys may be included in encrypted instruction In instant data field.The instant data can move to the key that secure storage areas 122 constitutes 16 bytes by one piece one piece.

Now, refering to Fig. 6, the lattice for the key switching command 600 that a block diagram illustration is realized according to the technology of the present invention Formula.Key switching command 600 includes the field of a command code 602, and specially it refers to for the key switching in the instruction set of microprocessor 100 Make 600.Key switching command 600 also includes a cipher key register document index field 604, sign cipher key register document 124 Beginning in one sequential register, so that key is loaded into master key register 142 since then.In one embodiment, if a journey Sequence is attempted to perform a key switching command 600 when microprocessor 100 is not secure mode of operation, then regards it different as illegal command Often.In one embodiment, if a program intent microprocessor 100 for highest Permission Levels (for example, x86 rings 0 are weighed Limit) when perform a key switching command 600, then regard it for illegal command exception.In one embodiment, key switching command 600 be atomic operation pattern (atomic), i.e., can not interrupt；It is described herein, for loading secrete key to master key register 142 Other instructions be also such-for example, the branch that is discussed below instructs with handover key.

Now, refering to Fig. 7, the operation of the microprocessor 100 of a flow chart schematic thinking 1, wherein, held according to the technology of the present invention The key switching command 600 that row Fig. 6 is introduced.Flow starts from square 702.

In square 702, decoding unit 108 decodes a key switching command 600, and decoded result is substituted into microcode list The microcode routine of key switching command 600 is realized in member 132.Flow subsequently enters square 704.

In square 704, microcode can be according to cipher key register document index field 604 under cipher key register document 124 Carry the content of master key register 142.Better embodiment is：Microcode is marked with cipher key register document index field 604 The cipher key register shown is starting, downloads continuous n content of registers from cipher key register document 124 and is deposited as n key Cipher key register 142 is become owner of, wherein n is the sum of main cipher key register 142.In one embodiment, numerical value n it is signable in One exceptional space of key switching command 600, is set as the sum less than master key register 142.Flow subsequently enters square 706。

In square 706, microcode makes microprocessor 100 branch to x86 instruction (the i.e. key switching commands 600 continued Instruction afterwards), all x86 instructions new compared with key switching command 600 in microprocessor 100 will be caused to be cleared, cause micro- Processor 100 is interior, relatively switch to all microoperations of the microoperation for the x86 instructions that continue newly is cleared.The above-mentioned instruction being cleared Waited including extracting, being buffered in from instruction cache 102 in extraction unit 104 and decoding unit 108 All command bytes 106 of decryption and decoding.Flow subsequently enters square 708.

In square 708, the operation of following instructions is branched to based on square 706, extraction unit 104 starts with square 704 The new group key value for being loaded into master key register 142 is extracted and decryption instructions data from instruction cache 102 106.Flow ends at square 708.

As shown in fig. 7, key switching command 600 makes the encipheror in being carrying out from instruction cache 102 be changed while extracting in master key register 142 it is stored, for decrypting the content that the encipheror is used. The dynamic development adjustment of master key register 142 causes the effective key length for encrypting the program to surmount extraction unit 104 first Its length (for example, 2048 bytes that Fig. 2 embodiments are provided) supported；Program as shown in Figure 8, if by it with the micro- places of Fig. 1 Reason device 100 is operated, and hacker can be less susceptible to break through the security protection of computer system.

Now, refering to Fig. 8, a memory of the encipheror that a block diagram illustration is realized according to the technology of the present invention is used (memory footprint) 800 is measured, wherein using the key switching command 600 shown in Fig. 6.Encipheror shown in Fig. 8 is deposited Reservoir consumption 800 includes consecutive numbers " block chunk " instruction data bytes.The content of each " block " is a sequence multiple instruction data Byte (data wherein to encrypt in advance), and belonging to the instruction data byte of same " block " is posted by same a set of master key The numerical value of storage 142 is decrypted.Therefore, the boundary line of different two " blocks " is defined by key switching command 600.That is, each " block " Lower and upper bounds be by key switching command 600 position distinguish (or, by taking first " block " of a program as an example, its upper bound for should The section start of program；In addition, by taking last " block " of the program as an example, its lower bound is at the end of the program).Therefore, each " Block " instruction data byte is to be based on the different numerical value decryption of set master key register 142 by extraction unit 104, implies that each " block " refers to The decryption for making data byte is the master key register 142 according to loaded by the key switching command 600 that previous " block " is supplied Numerical value.The preprocessor (post-processor) for encrypting a program will recognize that the memory at each place of key switching command 600 Address, and this information-the relative address position for extracting address-can be utilized with reference to the production of the cipher key values of key switching command 600 Raw encryption key byte, to encrypt the program.Some purpose file formats (object file format) allow programming Person's sign program is loaded into memory where, or at least states clearly the alignment form of particular size (for example, page boundary page Boundary), the program is encrypted to provide enough address informations.In addition, certain operations systemic presupposition value is to be loaded into program In page boundary.

Key switching command 600 can be placed in from anywhere in program.If however, key switching command 600 be loaded into it is specific Value is to master key register 142 is for next " block " instruction data byte decryption use and key switching command 600 is (or even close Key load instruction 500) position cause being shorter in length than or effective close equal to what extraction unit 104 can be dealt with for each " block " Key length (for example, 2048 bytes disclosed in Fig. 2 embodiments), then program can be by with the equivalent global procedures length of effective length Key encryption, this is quite strong cipher mode.Even if in addition, key switching command 600 is used so that effective key Length is still shorter than the length of encipheror, and (that is, same a set of numerical value of master key register 142 be used to encrypt many of a program Individual " block "), the degree of difficulty of hack system can be increased by changing " block " size (being all 2048 bytes for example, not limiting), because, Hacker must first judge that " block " encrypted with the same set of numerical value of master key register 142 is located at where, and must judge those " block " respective size that length differs.

It is worth noting that, the dynamic key switching realized with key switching command 600 expends a considerable amount of clock number Mesh, being primarily due to pipeline must empty.In addition, in one embodiment, key switching command 600 is mainly with microcode (microcede) realize, the instruction that generally more non-microcode is realized is slow.Therefore, procedure code developer must consider that key switching refers to The influence to efficiency is made, equalization point is sought between the security for performing speed and application-specific is considered.

Now, refering to Fig. 9, a branch and handover key instruction 900 that a block diagram illustration is realized according to the technology of the present invention Form.The necessity that the branch instructs 900 with handover key is described first.

According to above example disclosure, encipheror transfers to each 16 byte block that extraction unit 104 is extracted Director data be to first pass through cryptographic calculation (adopting different technology), the equivalent extraction unit 104 of the encryption key used is used for solving The decruption key 174 of each 16 byte long of the director data 106 for each block that close (xor) is extracted.As previously discussed, The byte value of decruption key 174 is to be based on following two input calculating by extraction unit 104 and obtained：It is stored in master key deposit The part of the extraction address 134 of the director data 106 of the master key byte value of device 142 and the 16 byte blocks extracted Position (is position [10 by taking embodiment disclosed in Fig. 2 as an example:4]).Therefore, one program of encryption being performed by microprocessor 100 of making One preprocessor will recognize that the master key byte value and an address that will be stored in master key register 142 (or are more defined to Several relevant bits of the address)；The address indicates that encipheror will be loaded into memory where and microprocessor 100 will since then Place extracts the director data of the several blocks of the encipheror in a series.Based on above- mentioned information, preprocessor is able to appropriate production The raw numerical value of decruption key 174, the director data of each 16 byte block for encrypting the program.

As discussed above, when a branch instruction is predicted to and/or is performed, extraction unit 104 can be with branch target Address, which updates, extracts address 134.As long as encipheror never changes (via key switching command 600) master key register 142 The master key numerical value of interior storage, branch instruction is by the transparent control of extraction unit 104.That is, extraction unit 104 can be used The same numerical estimation decruption key 174 of master key register 142, so that decryption includes the instruction of a block of the branch instruction Data 106 and decrypt the branch instruction the signified block of destination address director data 106 in instruction.However, journey Sequence change (via key switching command 600) ability of the numerical value of master key register 142 mean extraction unit 104 be possible to The a set of numerical estimation decruption key 174 of master key register 142 decryption includes the director data of a block of the branch instruction 106, and decrypt with the different numerical estimation decruption key 174 of other set master key register 142 target of the branch instruction Instruction in the director data 106 of the signified block in address.A kind of method for solving this problem is to limit branch target address In program same " block ".Another settling mode is using the branch disclosed in Fig. 9 and handover key instruction 900.

Referring again to Fig. 9, the branch that a block diagram illustration is realized according to the technology of the present invention instructs 900 with handover key Form.Branch includes the field of a command code 902 with handover key instruction 900, and it is point in the instruction set of microprocessor 100 to indicate it Branch and handover key instruction 900.Branch also includes a cipher key register document index field 904, mark with handover key instruction 900 Show the beginning in a succession of register in cipher key register document 124, so that key is loaded into master key register 142 since then.Point Branch also includes a branch information field 906 with handover key instruction 900, records the typical information of branch instruction-such as, calculate mesh Mark the information and branch condition of address.In one embodiment, if a program is not safety execution in microprocessor 100 Attempt to perform a branch and handover key instruction 900 during pattern, then regard it abnormal as illegal command.In one embodiment, If a program attempts to perform branch and switching when microprocessor 100 is not highest authority level (for example, x86 authority of ring 0) Key instruction 900, then regard it abnormal as illegal command.In one embodiment, branch and handover key instruction 900 are atom Manipulation type (atomic).

Refering to Figure 10, the operation of the microprocessor 100 of a flow chart schematic thinking 1, wherein, Fig. 9 is performed according to the technology of the present invention Disclosed branch and handover key instruction 900.Flow starts from square 1002.

In square 1002, decoding unit 108 decode a branch and handover key instruct 900 and by substitution microcode unit Realize that the branch instructs 900 microcode routine with handover key in 132.Flow subsequently enters square 1006.

In square 1006, microcode solves branch direction (use or do not use) and destination address.It is noticeable It is that, for unconditional type branch instruction (unconditional branch instruction), the direction weighing apparatus is use.Stream Journey subsequently enters decision block 1008.

In decision block 1008, whether the direction that microcode decision block 1006 is solved is use.If using flow Into square 1014.Conversely, flow enters square 1012.

In square 1012, microcode handover key or does not skip to destination address, because branch operation is not used.Flow End at square 1012.

In square 1014, microcode is according to cipher key register document index field 904, by key from cipher key register document 124 are loaded into master key register 142.Preferred embodiment is that microcode is indicated with cipher key register document index field 904 Position is starting, and n key described in n neighbor registers in cipher key register document 124 is loaded into master key register 142, wherein n are the sum of main cipher key register 142.In one embodiment, n values can record refers in branch with handover key Make 900 an exceptional space, be set smaller than the value of the sum of master key register 142.Flow subsequently enters square 1016.

In square 1016, microcode causes microprocessor 100 to skip to the destination address that square 1006 is solved, and will cause micro- Instruct 900 new all x86 instructions to be cleared compared with branch and handover key in processor 100, cause in microprocessor 100, compared with All microoperations of the microoperation of destination address newly are branched to be cleared.The above-mentioned instruction being cleared is included from command high speed buffer Memory 102 extracts, be buffered in extraction unit 104 and decoding unit 108 in etc. all fingers to be decrypted with decoding Make byte 106.Flow subsequently enters square 1008.

In square 1018, as square 1016 branches to the operation of destination address, extraction unit 104 is carried using square 1014 The new group key numerical value for becoming owner of cipher key register 142 starts to extract from instruction cache 102 and decryption instructions number According to 106.Flow ends at square 1018.

Now, refering to Figure 11, the operation for the preprocessor that a flowchart illustration is realized according to the technology of the present invention.It is described Preprocessor is Software tool, one program and is encrypted available for post processing, to transfer to Fig. 1 microprocessor 100 to perform.Flow begins In square 1102.

In square 1102, preprocessor receives the file of a mesh of a program.According to a kind of embodiment, the purpose file The destination address of interior branch instruction can be determined before program is performed；For example, pointing to the branch instruction of fixed destination address.In journey The branch instruction of destination address has been determined before sort run still another form, for example, an opposed branch instructs (relative Branch instruction), an offset described in it, for plus the storage address where branch instruction, in the hope of Branch target address.Conversely, the branch instruction that will not be determined on destination address before program is performed, one of which example is base Destination address is calculated in the operand stored by register or memory, therefore, its value there may be change among program execution It is dynamic.Flow subsequently enters square 1104.

In square 1104, rear microprocessor will across block branch instruction (inter-chunk branch instruction) with Branch replaces with handover key instruction 900, and it is appropriate that the instruction 900 is stored in cipher key register document index space 904 Numerical value, the numerical value is " block " that the destination address based on branch instruction is located and set.Such as Fig. 8 disclosures, one " block " It is made up of, will be decrypted by the same set of numerical value of master key register 142 a sequence multiple instruction data byte.Therefore, across block " block " that the destination address of branch instruction is located is different from " block " of branch instruction in itself.It is worth noting that, Kuai Nei branches - i.e. destination address is located at the branch instruction of same " block " with itself-is without being substituted.It is worth noting that, producing original Shelves (source file) include branch and switching with the programming of output purpose file and/or the visual explicit requirement of compiler Key instruction 900, to reduce the burden of preprocessor substitution operation.Flow subsequently enters square 1106.

In square 1106, preprocessor encrypts the program.Preprocessor knows memory location and the master of each " block " The numerical value of cipher key register 142, and by it for encrypting the program.Flow ends at square 1106.

Now, refering to Figure 12, the branch that block diagram illustration the technology of the present invention another embodiment is realized is with cutting Change the form of key instruction 1200.Branch shown in Figure 12 is applied to destination address with handover key instruction 1200 and performed in program Preceding is unknown branch operation, discussed more fully below.Branch includes the field of a command code 1202 with handover key instruction 1200, It is the branch in the instruction set of microprocessor 100 and handover key instruction 1200 to indicate it.Branch instructs with handover key 1200 equally include a branch information field 906, and function is similar with the field of handover key instruction 900 with Fig. 9 branch. In a kind of embodiment, if a program attempts to perform branch and handover key when microprocessor 100 is not if secure execution Instruction 1200, then regard it abnormal as illegal command.In one embodiment, if a program is not highest in microprocessor 100 Attempt to perform a branch and handover key instruction 1200 during Permission Levels (for example, the authority of x86 rings 0), then regard it as illegal command It is abnormal.In one embodiment, branch and handover key instruction 1200 are atom pattern.

Now, refering to Figure 13, " block " the address realm table 1300 that a block diagram illustration is realized according to the technology of the present invention.Form 1300 include multiple units.Each unit is related to one " block " of encipheror.Each unit includes a range-of-addresses field 1302 and a cipher key register document index field 1304.Range-of-addresses field 1302 is with indicating the memory of corresponding " block " Location scope.Register in the sign cipher key register of cipher key register document index field 1304 document 124, by branch and switching The cipher key values indexed stored by signified register are loaded into master key register 142 by key instruction 1200, for extraction unit 104 decryption are somebody's turn to do " block " and used.Discussed below with reference to Figure 18, form 1300 in need the branch of the content of access table 1300 with Handover key instruction 1200 performs front bearing and enters microprocessor 100.

Now, refering to Figure 14, the operation of the microprocessor 100 of a flow chart schematic thinking 1, wherein, held according to the technology of the present invention Row Figure 12 branch and handover key instruction 1200.Flow starts from square 1402.

In square 1402, decoding unit 108 decode a branch and handover key instruct 1200 and by substitution microcode list Realize that branch instructs 1200 microcode routine with handover key in member 132.Flow subsequently enters square 1406.

In square 1406, microcode solves branch direction (use or do not use) and finds out destination address.Flow is then Into decision block 1408.

In decision block 1408, whether the branch direction that microcode decision block 1406 is solved is use.If using, Flow enters square 1414.Conversely, flow enters square 1412.

In square 1412, microcode handover key or does not skip to destination address, because the branch is not used.Flow knot Beam is in square 1412.

The form 1300 shown in destination address query graph 13 solved in square 1414, microcode based on square 1406, Obtain the content of the cipher key register document index field 1304 corresponding to " block " that the destination address is located.Microcode is then Based on index described in cipher key register document index field 1304, cipher key values are carried from cipher key register document 124 Become owner of cipher key register 142.Better embodiment is that microcode is according to stored by cipher key register document index field 1304 Index, the n key value from cipher key register document 124 by n adjunct register storage is loaded into master key register 142 , wherein, n is the sum of main cipher key register 142.In one embodiment, numerical value n can record in branch and handover key In one extra field of instruction 1200, it is set as less than the sum of master key register 142.Flow subsequently enters square 1416.

In square 1416, microcode causes microprocessor 100 to branch to the destination address that square 1406 is solved, and will cause 1200 new all x86 instructions are instructed to be cleared with handover key compared with branch in microprocessor 100, cause in microprocessor 100, All microoperations of the microoperation of destination address newly are relatively branched to be cleared.The above-mentioned instruction being cleared includes slow from instruction cache Rush memory 102 extract, be buffered in extraction unit 104 and decoding unit 108 etc. it is to be decrypted all with decoding Command byte 106.Flow subsequently enters square 1418.

In square 1418, as square 1416 branches to the operation of destination address, extraction unit 104 is carried using square 1414 New a set of key value of cipher key register 142 is become owner of, starts to extract from instruction cache 102 and decryption instructions number According to 106.Flow ends at square 1418.

Now, with reference to Figure 15, realized according to the technology of the present invention another embodiment one point of a block diagram illustration Branch instructs 1500 form with handover key.Branch shown in Figure 15 instructs 1500 and similar Figure 12 of its operation with handover key Shown branch and handover key instruction 1200.However, substitution is deposited from the loading secrete key of cipher key register document 124 to master key Device 142, branch is, from the loading secrete key of secure storage areas 122 to master key register 142, to beg for below with handover key instruction 1500 By it.

Now, with reference to Figure 16, " block " the address realm table 1600 that a block diagram illustration is realized according to the technology of the present invention. Form 1300 shown in the similar Figure 13 of form 1600 shown in Figure 16.However, substitution includes a cipher key register document index field 1304, form 1600 includes a secure storage areas address field 1604.Secure storage areas address field 1604 records safe storage An address in area 122, the key value of address storage must be loaded into master key register by branch and handover key instruction 1500 142, so that the extraction unit 1046 decryption should be used when " block ".Following discussion refers to Figure 18 contents, and form 1600 is in needs The branch and handover key instruction 1500 for inquiring about the form 1600 are performed front bearing and enter microprocessor 100.In a kind of embodiment In, relatively low several positions of the address of secure storage areas 122 need not be stored in secure storage areas address field 1604, especially because peace The total amount quite big (for example, 16 byte x 5) and the group key that the position of a group key is stored in full memory block 122 can be along One is sized model to align.

Now, refering to Figure 17, the operation of the microprocessor 100 of a flow chart schematic thinking 1, wherein being performed according to the technology of the present invention Figure 15 branch and handover key instruction 1500.Flow starts from square 1702.Many squares of Figure 17 flow chart and Figure 14's Many squares are similar, therefore adopt like numbering.However, square 1414 is replaced by square 1714, microcode is based on square 1406 destination addresses tried to achieve are tabled look-up Figure 16 form 1600, to obtain the secure storage areas of " block " that destination address is located The numerical value of address field 1604.Microcode will be close from secure storage areas 122 then according to the numerical value of secure storage areas address field 1604 Key numerical value is loaded into master key register 142.Better embodiment is, microcode by the numerical value of secure storage areas address field 1604 from N cipher key values stored in n neighbouring 16 byte space positions are loaded into master key register 142 by secure storage areas 122, Wherein n is the sum of main cipher key register 142.In one embodiment, numerical value n can be recorded in branch and be instructed with handover key An extra field in 1500, is set as less than the sum of master key register 142.

Now, refering to Figure 18, the post processing that a flowchart illustration is realized according to another embodiment of the invention The operation of device.The preprocessor can be used for one program of post processing and encrypt, to transfer to Fig. 1 microprocessor 100 to perform.Flow Start from square 1802.

In square 1802, preprocessor receives the purpose file of a program.According to a kind of embodiment, in the purpose file Branch instruction, can be destination address judging before program is performed, preceding judgement can not be being performed in program as destination address.Flow Subsequently enter square 1803.

In square 1803, preprocessor sets up Figure 13 or Figure 16 " block " address realm table 1300 or 1600, to be included in this Target shift.In one embodiment, form 1300/1600 is loaded into micro- by operating system before being loaded into and performing an encipheror Processor 100, enables what branch accessed with handover key instruction 1200/1500.In one embodiment, preprocessor exists Inserting instruction in program, to be loaded into form 1300/1600 before any branch and handover key instruction 1200/1500 is performed to micro- Processor 100.Flow subsequently enters square 1804.

In square 1804, it is similar be previously discussed as, on Figure 11 square 1104 operation, preprocessor will perform each Preceding decidable across the block branch instruction of destination address is replaced with Fig. 9 branch with handover key instruction 900, and instruction 900 is based on dividing " block " records the suitable numerical value of cipher key register document index field 904 where branch instruction target address.Flow is subsequently entered Square 1805.

In square 1805, form kenel (1300/1600) of the preprocessor according to produced by square 1803 is limited to each In implementation procedure determine destination address branch instruction with the branch shown in Figure 12 or Figure 15 and handover key instruction 1200 or 1500 substitutions.Flow subsequently enters square 1806.

In square 1806, preprocessor encrypts the program.The preprocessor know memory location on each " block " with The numerical value of master key register 142, will be used to encrypt the program.Flow ends at square 1806.

Now, refering to Figure 19, the operation of the microprocessor 100 of a flow chart schematic thinking 1, wherein, at the technology of the present invention Manage the task switching between encipheror and pure words program.Flow starts from square 1902.

In square 1902, the E positions of the E bit fields 402 of flag register 128 and the E positions 148 of Fig. 1 control registers 144 Emptied by a replacement operation of microprocessor 100.Flow subsequently enters square 1904.

In square 1904, microprocessor 100 is reset after microcode initialized performing it, is started to extract and is performed User's programmed instruction (for example, system firmware), it is pure words programmed instruction.Especially since E positions 128 is empty, as before Described, extraction unit 104 regards the director data 106 extracted and instructed as pure words.Flow subsequently enters square 1906.

In square 1906, system firmware (for example, operating system, firmware, basic input-output system BIOS ... etc.) is received One requires (request), to perform an encipheror.In one embodiment, the above-mentioned requirements companion of an encipheror is performed Switch operation instruction with or by one, to switch to an if secure execution of microprocessor 100, content as discussed above.One In kind of embodiment, microprocessor 100 only allows to operate in a decryption mode that (that is, E positions 148 are in if secure execution, just Setting state).In one embodiment, microprocessor 100 is only in SMM (system management Mode, for example, SSM common in x86 frameworks), just allow to operate in the decrypted mode.Flow subsequently enters square 1908.

In square 1908, system software, which is loaded into master key register 142 in its initial value, with program, to be performed First " block " is related.In one embodiment, system software performs a key switching command 600 download key to master key and posted Storage 142.Before loading secrete key to master key register 142, the content of cipher key register document 124 can be by one or more Key load instruction 500 is loaded into.In one embodiment, loading secrete key is to master key register 142 and cipher key register Before document 124, secure storage areas 122 can first be written into cipher key values, wherein, said write is via common escape way Technology, for example, AES or rsa encryption passage, to prevent hacker from spying upon its value.As discussed above, above cipher key values can be stored In a random bytes memory (such as flash memory) via an isolation universal serial bus (private serial Bus microprocessor 100) is coupled, or, a non-volatile property single write-in memory of microprocessor 100 can be stored in.Such as with Upper to discuss, described program can be included in single " block ".That is, described program may not include key switching command 600, it is whole Individual program can be decrypted by a single set of numerical value of master key register 142.Flow subsequently enters square 1916.

In square 1916, with control right transfer to encipheror, microprocessor 100 sets the E positions of flag register 128 It is encryption pattern that field 402, which indicates program performed at present, and sets the E positions 148 of control register 144, makes extraction unit 104 are in decryption mode.Microprocessor 100 more causes the instruction in pipeline to be refreshed, and it is real that it acts the similar institute of Fig. 7 squares 706 Capable refresh operation.Flow subsequently enters square 1918.

In square 1918, extraction unit 104 extracts the instruction 106 in encipheror, and referring to figs. 1 to disclosed in Fig. 3 Technology it is decrypted and performed in the decrypted mode.Flow subsequently enters square 1922.

In square 1922, when microprocessor 100 extracts and performs encipheror, microprocessor 100 receives interruption thing Part.For example, the interrupt event can interrupt interrupt, an exception exception (such as page fault page for one ) or task switching task switch fault.When an interrupt event occurs, the pipeline institutes pending processing of microprocessor 100 is instructed It can be cleared.So, if there is any encrypted instruction previously extracted in pipeline, it is emptied.In addition, being deposited from command high speed buffer Reservoir 102 extracts, may wait decrypted, decoding in extraction unit 104 and decoding unit 108 in buffer storage All command bytes can be cleared.In one embodiment, microcode is invoked response interrupt event.The flow side of subsequently entering Block 1924.

In square 1924, the storage of microprocessor 100 flag register 128 (and the other structures state of microprocessor 100, Including the current instruction pointer numerical value of the encipheror interrupted) to a stacking type memory (stack memory).Storage adds The numerical value of E bit fields 402 of close program will enable it repair (in square 1934) in subsequent operation.Flow subsequently enters square 1926。

In square 1926, when control right transfer to new program (for example, interrupt handling routine interrupt handler, Exception handler exception handler or new task), microprocessor 100 empties the E bit fields of flag register 128 402 and the E positions 148 of control register 144, to deal with the new procedures of pure words.That is, embodiment illustrated in fig. 19 is false If the same time of microprocessor 100 only allows to operate an encipheror, and an existing encipheror performing (but by It is disconnected).Figure 22 to Figure 26 discloses the embodiment of other kinds in addition.Flow subsequently enters square 1928.

In square 1928, extraction unit 104 is referring to figs. 1 to Fig. 3 disclosures with pure words schema extraction new procedures Instruction 106.Particularly, in control register 144 empty of E positions 148 cause multiplexer 154 by director data 106 with it is many The binary bit null value 176 of position carries out xor so that director data 106 is not decrypted operation.Flow subsequently enters square 1932.

In square 1932, new procedures perform a return operation and returned from interrupt instruction (for example, x86IRET) or near order Return so that control returns encipheror.In one embodiment, the operation returned from interrupt instruction is realized by microcode. Flow subsequently enters square 1934.

In square 1934, the foregoing operation returned from interrupt instruction is responded, because control transfers back encipheror, micro- place Manage device 100 and repair flag register 128, make the E bit fields 402 of flag register 128 return stored by previous blocks 1924 Setting state.Flow subsequently enters square 1938.

In square 1938, because control transfers back encipheror, microprocessor 100 is with the E positions word of flag register 128 402 numerical value of section update the E positions 148 of control register 144 so that extraction unit 104 extracts and decrypts the encipheror again Director data 106.Flow subsequently enters square 1942.

In square 1942, microcode makes microprocessor 100 branch to previous blocks 1924 and is stored in stacking type memory Instruction pointer numerical value so that all x86 instruction empties and causes all microoperations in microprocessor 100 in microprocessor 100 Empty.Emptied content includes extracting from instruction cache 102, buffer in extraction unit 104 and decoding All command bytes 106 of decrypted decoding are waited in unit 108.Flow subsequently enters square 1944.

In square 1944, extraction unit 104 restart extract the encipheror in instruction 106, and referring to figs. 1 to Fig. 3 disclosed technologies are decrypted and performed in the decrypted mode.Flow ends at square 1944.

Now, with reference to Figure 20, the operation for the system software that a flowchart illustration is realized according to the technology of the present invention, by Fig. 1 Microprocessor 100 perform.Figure 20 flows can combine Figure 19 contents and perform.Flow starts from square 2002.

In square 2002, system software receives a requirement, is intended to perform a new encipheror.Flow subsequently enters decision-making Square 2004.

In decision block 2004, system software judges whether this encipheror is system in one of program of execution. In one embodiment, system software with a mark indicate an encipheror whether be in system execution program it One.If this encipheror be system in one of program of execution, flow enters square 2006, conversely, then flow enters square 2008。

In square 2006, system software wait the encipheror be finished and be no longer the executory program of system it One.Flow subsequently enters square 2008.

In square 2008, microprocessor 100 allows new encipheror to start execution.Flow ends at square 2008.

Now, with reference to Figure 21, a block diagram is according to another embodiment of the technology of the present invention, the mark deposit of schematic thinking 1 The field of device 128.Figure 21 embodiment similar to Figure 4 of flag register 128, is compared, in addition to index field (index bits)2104.According to a kind of embodiment, including the similar E positions 402 of index field 2104 are typically that x86 frameworks institute is pre- The position stayed.Index field 2104 is used for the switching for dealing with multiple encipherors, discussed further below.Better embodiment is, close Key switching command 600 and branch are with handover key instruction 900/1200 with the cipher key register index field 604/904/ of itself 1304 update the index field 2104 of flag register 128.

Now, with reference to Figure 22, the operation of the microprocessor 100 of a flow chart schematic thinking 1, wherein, adopted according to the technology of the present invention Being carried out with the flag register 128 shown in Figure 21 between multiple encipherors for task switches.Flow subsequently enters square 2202.

In square 2202, one requires to be sent to the system software, to perform a new encipheror.Flow is subsequently entered certainly Plan square 2204.

In decision block 2204, system software judge whether to have in cipher key register document 124 space deal with one it is new Encipheror.In one embodiment, the requirement produced by square 2202 would indicate that and need in cipher key register document 124 How many space.If there is space to deal with new encipheror in cipher key register document 124, flow enters square 2208, conversely, stream Journey enters square 2206.

In square 2206, system software waits one or more encipherors to complete, vacate cipher key register document 124 Deal with new encipheror in space.Flow subsequently enters square 2208.

In square 2208, the space configuration in cipher key register document 124 is given new encipheror by system software, and The index field 2104 in flag register 128 is filled in therewith, to indicate the space newly configured in cipher key register document 124. Flow subsequently enters square 2212.

In square 2212, system software is loaded into the position of cipher key register document 124 that square 2208 is configured and supplies new journey The cipher key values that sequence is used.As discussed above, loaded cipher key values can use key download instruction 500 from secure storage areas 122 are loaded into, or, when necessary, it can be obtained with safety corridor by the external position of microprocessor 100.Flow is subsequently entered Square 2214.

In square 2214, system software is based on cipher key register document index field 604/904/1304 by key from key Register document 124 is loaded into master key register 142.In one embodiment, system software performs a key switching command 600 loading secrete keys are to master key register 142.Flow subsequently enters square 2216.

In square 2216, because control is passed to encipheror, microprocessor 100 sets the E positions of flag register 128 Field 402 sets the E positions 148 of control register 144 to set extraction to indicate the program performed at present as encryption pattern Unit 104 is decryption mode.Flow ends at square 2216.

Now, with reference to Figure 23, the operation of the microprocessor 100 of a flow chart schematic thinking 1, wherein, adopted according to the technology of the present invention Being dealt with the flag register 128 shown in Figure 21 between multiple encipherors for task switches.Flow starts from square 2302.

In square 2302, the program performed at present performs one and returns to operation, is returned from an interrupt instruction, triggers a task to cut Shift to new procedures；The new procedures be previously once performed but by tripping, and its configuration state (for example, flag register 128, Instruction pointer register and general register) once it was stored in stacking type memory.Cross as previously noted, a kind of real Apply in mode, the operation returned from interrupt instruction is realized by microcode.Present executory program and new program can be Encipheror or pure words program.Flow enters square 2304.

In square 2304, microprocessor 100 is returned according to stacking type memory repair flag register 128 with dealing with to continue The program returned.That is, microprocessor 100 is stored when the program of continuing (program that i.e. current hop jump is returned) previously hop jump is gone out Flag register 128 is loaded into again in the numerical value of flag register 128 of stacking type memory.Flow subsequently enters decision block 2306。

In decision block 2306, microprocessor 100 judges whether the E positions 402 of the flag register 128 after repairing are setting State.If so, then flow enters square 2308；Conversely, then flow enters square 2312.

The index field 2104 of EFLAGS register 128 repaired in square 2308, microprocessor 100 according to square 2304 Numerical value is by key loading secrete key register document 124.Flow subsequently enters square 2312.

In square 2312, microprocessor 100 is repaired the content of the E positions 148 of control register 144 with square 2304 The numerical value of E bit fields 402 of flag register 128 updates.Therefore, if the program continued is an encipheror, extraction unit 104 Decryption mode can be set to, conversely, being then set as pure words pattern.Flow subsequently enters square 2314.

In square 2314, microprocessor 100 repairs instruction pointer register and branch with the content of stacking type memory The signified position of instruction pointer is jumped to, the action will remove all x86 of microprocessor 100 instructions, and remove microprocessor All microoperations of device.Removed include extracted from instruction cache 102, be buffered in extraction unit 104th, the medium all command bytes 106 to be decrypted, decoding of decoding unit 108.Flow subsequently enters square 2316.

In square 2316, extraction unit 104 restarts to extract from the program that continues referring to figs. 1 to Fig. 3 technologies to be instructed 106, and the control register 144 repaired depending on square 2312 the numerical value of E positions 148 in the decrypted mode or pure words pattern operation. Flow ends at square 2316.

Now, with reference to Figure 24, a block diagram is according to the present invention, single deposit of the cipher key register document 124 of schematic thinking 1 Another embodiment of device.Embodiment according to Figure 24, each cipher key register document 124 also includes one- To eliminate position 2402 (kill bit, hereinafter referred to as K).K positions 2402 are used to deal with microprocessor 100 to multiple encipherors Multitask (multitasking) is operated, and the multiple encipheror, which is amounted to, to be needed to be more than the space chi of cipher key register document 124 Very little key storage area, will be described it below.

Now, with reference to Figure 25, the operation of the microprocessor 100 of a flow chart schematic thinking 1, wherein according to the technology of the present invention to scheme 21 flag register 128 and Figure 24 cipher key register document 124 realize the task switching between multiple encipherors Another embodiment.Flow shown in the similar Figure 22 of flow shown in Figure 25.Difference is in judges key in decision block 2204 When not having enough free spaces in register document 124, Figure 25 flows can enter square 2506 rather than be not present in Figure 25 side Block 2204.If in addition, decision block 2204 judges still there is enough free spaces, Figure 25 flows in cipher key register document 124 Figure 22 square 2208 is likewise entered to square 2216.

In square 2506, system software will be used (i.e. in cipher key register document 124 by other encipherors Be configured) space (i.e. register) configure, and set the K positions 2402 of institute's configuration register for setting state, and The index field 2104 of flag register 128 is set therewith to indicate position of the new configuration space in cipher key register document 124 Put.The setting state of K positions 2402, be indicate the register on other encipherors key value by by the behaviour of square 2212 Make key value of the overriding for new encipheror.However, as figure 26 below is described, the key value of other encipherors will be at it It is loaded into again by square 2609 in return program.Figure 25 flows enter square 2506, can then be oriented to the square shown in Figure 22 2212, end at square 2216.

Now, refering to Figure 26, the operation of the microprocessor 100 of a flow chart schematic thinking 1, wherein according to the technology of the present invention to scheme 21 flag register 128 and Figure 24 cipher key register document 124 realize the task switching between multiple encipherors Another embodiment.Flow shown in the similar Figure 23 of flow shown in Figure 26.Difference is in if decision block 2306 judges mark The E positions 402 of will register 128 are setting, and Figure 26 makes flow enter decision block 2607 rather than square 2308.

In decision block 2607, microprocessor 100 is judged in cipher key register document 124, is indexed by flag register 128 Whether the K positions 2402 for any register that the numerical value of field 2104 (being repaired in square 2304) is indicated are setting state.If so, Then flow enters square 2609；If it is not, then flow enters square 2308.

In square 2609, microprocessor 100 produces an abnormal warning (exception) and transferred at an exception handler Reason.In one embodiment, exception handler is designed in system software.In one embodiment, abnormality processing journey Sequence is provided by if secure execution framework.The numerical value of 128 index field of flag register 2104 repaired according to square 2304, The key of the encipheror repaired at present (encipheror for returning to execution now) is loaded into close by exception handler again Key register document 124.Exception handler can be mentioned by similar previous Figure 19 the start of square 1908, by the encryption journey of reparation The key loading secrete key register document 124 of sequence, or, when necessary, key is loaded into from outside microprocessor 100 and pacified Full memory block 122.Similarly, made if the register being loaded into again in cipher key register document 124 has by other encipherors With system software can make the K positions 2402 of its register be setting state.Flow then enters 2308, and square from square 2609 2308 to 2316 be to refer to Figure 23 contents.

As Figure 24 to Figure 26 is taught, embodiment described herein makes microprocessor 100 be able to carry out multiple encryptions The multi-job operation of program, even if above-mentioned encipheror needs key temporarily providing room, sum total is more than the space chi of cipher key register 124 It is very little.

Now, with reference to Figure 27, a block diagram illustration changes another embodiment party of the invention from Fig. 1 microprocessors 100 Formula.The element similar with Fig. 1 is to use same label；For example, instruction cache 102, extraction unit 104 and close Key register document 124.However, extraction unit 104 is modified into also including key switch logic 2712, coupling Fig. 1 institutes herein The master key register document 142 and cipher key register document 124 of introduction.Figure 27 microprocessor 100 also includes a branch Target address cache (branch target address cache, BTAC) 2702.BTAC 2702 receives Fig. 1 Disclosed extraction address 134, and it is parallel with the access of instruction cache 102, all it is to be based on the extraction address 134.According to address 134 is extracted, the supply branch target address 2706 of BTAC 2702 is to the extraction address generator disclosed in Fig. 1 164, one use of supply/do not use index (T/NT indicator) 2708 and a pattern index (type indicator) 2714 give key switch logic 2712, and supply a cipher key register document (KRF) index 2716 to cipher key register document 124。

Now, refering to Figure 28, a block diagram is according to the BTAC 2702 of the more detailed schematic thinking 27 of the technology of the present invention.BTAC 2702 include a BTAC matrixes 2802, wherein with multiple BTAC units 2808, the content of Figure 29 diagram BTAC units 2808. The information that BTAC 2802 is stored includes the historical information of the branch instruction previously performed, is referred to the branch for predicting the execution that continues The direction of order and destination address.Particularly, BTAC 2802 can be using the historical information stored, and the address 134 based on extraction is pre- Survey the extraction operation that the branch instruction previously performed subsequently occurs.The operation of branch target address cache refers to common Branch prediction techniques.However, disclosed BTAC 2802 is more to be modified to the previous branch performed of record with cutting The historical information of key instruction 900/1200 is changed, to carry out the predicted operation of correlation.Particularly, the historical record of storage causes BTAC 2802 is able to the branch that is extracted in extraction time interior prediction and is loaded onto master key with handover key instruction 900/1200 to post This group of numerical value of storage 142.This operation enable key switch logic 2712 is actual in branch and handover key instruction 900/1200 Cipher key values are loaded into before performing, it is to avoid be limited to according to branch and handover key 900/1200 execution need to be instructed to empty micro- place The pipeline content of device 100 is managed, it is discussed more fully below.In addition, according to a kind of embodiment, BTAC 2802 is more modified into storage Bag deposit includes the historical information of the key switching command 600 previously performed, to reach identical effect.

Now, refering to Figure 29, a block diagram is according to the contents of the more detailed schematic thinking 28BTAC units 2808 of the technology of the present invention. Each unit 2808 includes a significance bit 2902 and indicates whether said units 2808 are effective.Each unit 2808 also includes a mark Remember field 2904, compared to the partial content with extracting address 134.If extracting the unit of the index part selection of address 134 2808 cause the identical wherein significant notation 2904 of the mark part for extracting address 134, then extract the center of address 134 BTAC 2802. Each array element 2808 also includes a DAF destination address field 2906, for storing the branch instruction previously performed-including dividing Branch with handover key instruction 900/1200-destination address.Each array element 2808 also includes a use/do not use field 2908, the direction to store the branch instruction previously performed-instructing 900/1200 including branch and handover key-(is adopted With/do not use) record.Each array element 2808 also includes a cipher key register index field 2912, is previously held for storing The branch gone instructs 900/1200 cipher key register document index 904/1304 to record with handover key, will beg in detail below By.According to a kind of embodiment, BTAC 2802 is to store previously to perform in its cipher key register document index field 2912 The cipher key register document index 604 of key switching command 600 is recorded.Each array element 2808 also includes a type field 2914, indicate the pattern of recorded instruction.For example, signable the recorded history direction of type field 2914 is a calling (call) (return), conditional jump (conditional jump), unconditional jump (unconditional, are returned Jump), branch and handover key instruction 900/1200 or key switching command 600.

Now, refering to Figure 30, the operation of the microprocessor 100 of a flow chart schematic thinking 27, wherein, according to the technology of the present invention, The microprocessor 100 includes the BTAC 2802 that Figure 28 is disclosed.Flow starts from square 3002.

In square 3002, microprocessor 100 performs a branch and handover key instruction 900/1200, below will be detailed with Figure 32 State.Flow subsequently enters square 3004.

In square 3004, microprocessor 100 configured in BTAC 2802 individual array element 2808 to the branch that performed with Handover key instruction 900/1200, instructs 900/1200 direction solved, destination address, key to post the branch with handover key Storage document index 904/1304 and instruction pattern are recorded in the use of the array element 2808 configured/do not adopt respectively With in field 2908, DAF destination address field 2906, cipher key register document index field 2912 and type field 2914, with It is used as the branch and the historical information of handover key instruction 900/1200.Flow ends at square 3004.

Now, refering to Figure 31, the operation of the microprocessor 100 of a flow chart schematic thinking 27, wherein, according to the technology of the present invention, The microprocessor 100 includes the BTAC 2802 that Figure 28 is disclosed.Flow starts from square 3102.

In square 3102, extract address 134 and be supplied to instruction cache 102 and BTCA2802.Flow connects Into square 3104.

In square 3104, the center of address 134 BTAC 2802 is extracted, and BTAC 2802 is by corresponding array element 2808 Destination address 2906, using/do not use the content of 2908, cipher key register document index 2912 and the field of pattern 2914 to distinguish With destination address 2706, using/do not use index 2708, cipher key register document index 2712 and pattern index 2714 defeated Go out.Particularly, type field 2914 is used to indicate that stored instruction is a branch and handover key instruction 900/1200.Flow connects Into decision block 3106.

In decision block 3106, key switch logic 2712 by examine use/do not use output 2708 judge branch and Handover key instruction 900/1200 is predicted as using by BTAC 2802.According to/do not use output 2708 to show branch with cutting Change key instruction 900/1200 and be predicted to be use, flow subsequently enters square 3112；Conversely, flow subsequently enters square 3108。

In square 3108, microprocessor 100 is indicated with branch and handover key instruction 900/1200 along conveying one, is shown Show that BTAC 2802 predicts that it is not used.(in addition, according to/do not use output 2708 to show that the branch instructs with handover key Use is predicted to be, microprocessor 100 is in square 3112 as the branch and handover key instruct 900/1200 along conveying one Indicate, display BTAC 2802 predicts that it can be used).Flow ends at 3108

In square 3112, the destination address 2706 that address generator 164 is predicted with BTAC 2802 in square 3104 is extracted Update and extract address 134.Flow subsequently enters square 3114.

In square 3114, the cipher key register document index 2712 predicted according to BTAC 2802 in square 3104, key Switch logic 2712 is with the cipher key values in the location updating master key register 142 of cipher key register document 124 indicated by it. In one embodiment, under necessary situation, key switch logic 2712 can delay extraction unit 104 and extract director data 106 Interior block, until master key register 142 is updated.Flow subsequently enters square 3116.

In square 3116, extraction unit 104 is persistently carried using the content of new master key register 142 loaded by square 3114 Take and decryption instructions data 106.Flow ends at square 3116.

Now, refering to Figure 32, the operation of the microprocessor 100 of a flow chart schematic thinking 27, wherein, according to the technology of the present invention, Perform a branch and handover key instruction 900/1200.Figure 32 flows similar Figure 10 flows, and similar square in one aspect It is to adopt with same label.Although Figure 32 discussion is the content of reference picture 10, its application can more consider branch that Figure 14 introduced with Handover key instruction 1200 is operated.Figure 32 flows start from square 1002.

In square 1002, decoding unit 108 decodes a branch and handover key instruction 900/1200, and by substitution micro- generation Code unit 132 realizes that branch instructs 900/1200 microcode routine with handover key.Flow subsequently enters square 1006.

In square 1006, microcode solves branch direction (i.e. use/do not use) and destination address.Flow is subsequently entered Square 3208.

In square 3208, microcode judges whether BTAC 2802 is that the branch provides with handover key instruction 900/1200 One prediction.If being provided with, flow subsequently enters decision block 3214；If without offer, flow subsequently enters Figure 10 square 1008.

In decision block 3214, microcode is by the use for transferring out BTAC 2802/do not use index 2708 and mesh The direction and destination address that mark address 2706 and square 1006 are solved judge that what BTAC2802 done predicts whether correctly.If BTAC 2802 prediction is correct, then flow terminates；Conversely, then flow comes decision block 3216.

In decision block 3216, microcode judges that this incorrect BTAC 2802 is predicted either with or without being used.If being adopted With flow enters square 3222；If nothing, flow enters Figure 10 square 1014.

In square 3222, microcode repairs the content of master key register 142, because BTAC 2802 is to branch and switching The error prediction that key instruction 900/1200 is done is used, and causes Figure 31 squares 3104 that the cipher key values of mistake are loaded into it In.In one embodiment, storage element of the key switch logic 2712 needed for including repairing master key register 142 is with patrolling Volume.In one embodiment, microcode produces an abnormal warning and transfers to exception handler reparation master key register 142. In addition, microcode causes the branch of microprocessor 100 to jump to the branch and instruct the x86 continued after 900/1200 with handover key Instruction so that new in microprocessor 100 to instruct 900/1200 all x86 instructions to empty with handover key in the branch, and All microcodes for making the microcode for relatively branching to destination address in microprocessor 100 new are emptied.The content being cleared includes reading It is derived from instruction cache 102 and is buffered in waiting the institute being decoded in extraction unit 104, decoding unit 108 There is command byte 106.The instruction continued with branching to, extraction unit 104 begins to use the group in master key register 142 Cipher key values after reparation are extracted and decryption instructions data 106 from instruction cache 102.Flow ends at square 3222。

Except the security advantages that instruction decryption embodiment described above, being realized by microprocessor 100 is brought, invention People more develops suggestion encoded guidelines, and its use can combine embodiment of above, weakens by analysis x86 instruction actual uses Amount, the assault developed to encryption x86 codes with Statistical problems existing.

First, by hacker usually assumes that the director data 106 of 16 extracted bytes is totally x86 instructions, therefore, phase For program execution flow, " hole (holes) " should be added between 16 byte blocks during coding.That is, its coding should Jumped some command bytes when with multiple instruction, multiple " holes " is produced with the byte of unencryption, wherein appropriate numerical value can be inserted, To increase the entropy (entropy) of pure words byte.In addition, if the entropy of pure words byte can be lifted more, its coding can use up Instant data value may be used.In addition, the instant data value as line simulator rope, can point to the instruction operation code address of mistake.

Second, the coding may include special NOP instruction, including " ignoring " field, be filled with appropriate numerical value with Increase above-mentioned entropy.For example, x86 instructions 0x0F0D05xxxxxxxx belongs to the NOP of 7 bytes, wherein last four bytes can be Arbitrary value.In addition, the command code pattern of NOP instruction and its quantity for " ignoring " byte can more have other changes.

3rd, many x86 instructions have instructs identical basic function with other x86.On the instruction of equivalent function, its Coding, which can be given up, reuses same instruction, changes using multiple pattern and/or using the pattern for lifting pure words entropy.Example Such as, what instruction 0xC10107 and instruction 0xC10025 made is same thing.Even, some equivalent instructions are with different length Version present, for example, 0xEB22 and 0xE90022；Therefore, the instruction of different lengths but same effect can be used during coding.

4th, x86 framework allow to use redundancy and insignificant command code prefix (opcode predix), therefore, coding When can carefully apply, more to increase above-mentioned entropy.For example, instruction 0x40 and 0x2627646567F2F340 works is complete one The thing of sample.Because wherein only having the x86 prefixes of 8 safety, they carefully need to be assigned into coding, to avoid excessive frequency Occur numerously.

Although having enumerated various embodiments to carry out the logarithm value in master key register value with cipher key spreading device Rotation and plus/minus computing, still have other embodiment to be contemplated that and use, wherein, cipher key spreading device can be to more than two master Cipher key register numerical value carries out computing, in addition, the computing carried out may differ from rotation and plus/minus computing.In addition, Fig. 6 takes off Can also there be other embodiment in the branch that the key switching command 600 and Fig. 9 shown is disclosed with handover key instruction 900, for example, New cipher key values are loaded into master key register 142 by secure storage areas 122 rather than are loaded into by cipher key register document 124, Also, the branch that Figure 15 is introduced and the other embodiment of handover key instruction 1500 are to store safety with index field 2104 The address of memory block 122.In addition, although enumerated various embodiments adjustment BTAC 2702 and stored KRF index conjugate branch with cutting Change key instruction 900/1200 to use, it is the adjustment storages of BTAC 2702 secure storage areas address still to have other embodiment, to tie Branch is closed to use with handover key instruction 1500.

Many embodiments of the invention listed above are used only as explanation example, are not intended to limit invention scope. The technical staff in related computer technology field can make all of form and details wthout departing from the scope of the present invention Shape changeable.For example, can be realized with software mode it is described such as function, making, modularity, simulation, illustrate, and/or test this institute The mode of the apparatus and method for of discussion.Implementation, which includes general procedure language (for example, C, C++), hardware description language, to be included Verilog HDL, VHDL ... are waited or other available program means.The software can be loaded in any of computer-readable Media, for example, tape, semiconductor, disk or CD (for example, CD-ROM, DVD-ROM etc.), networking, wire transmission, it is wireless or Other communication mediums.The embodiment of the apparatus and method for may be included in semiconductor intellectual property core, such as a microprocessor Device core (for example realized) with HDL, and can be changed into hardware and realized with integrated circuit.In addition, described apparatus and method for can by it is soft, Combination of hardware mode is realized.Therefore, the scope of the invention should not be limited to any embodiment, it may be that with the power of the present invention Profit is required and its equivalence techniques is defined.Particularly, the microprocessor that the technology of the present invention can be used with general service computer Realize.It is worth noting that, those skilled in the art may be without departing from invention scope defined in claim, with disclosed Based on concept and specific embodiments, design or amendment other frameworks of proposition generation and identical effect of the present invention.

Claims

1. a kind of microprocessor, including：

One instruction cache, to store encrypted instruction；

One speed buffering logic, sets and comes from the instruction cache speed buffering encrypted instruction；

One safe storage, sets to store multiple decruption key members；

One cipher key spreading logic, sets and comes from two or more decruption keys member one decryption of export among the plurality of decruption key member Key；And

One decryption logic, is set and certainly should to speed buffering with the derived decruption key of two or more above-mentioned decruption keys member One encrypted instruction of instruction cache is decrypted.

2. microprocessor as claimed in claim 1, the wherein instruction cache are also used for storage pure words instruction.

3. microprocessor as claimed in claim 2, wherein, above-mentioned pure text of the speed buffering from the instruction cache Word instruction and encrypted instruction are all arranged to Pipelining (pipelined) by the decryption logic.

4. microprocessor as claimed in claim 3, with speed buffering and the time that equivalent is adopted in above-mentioned pure words instruction is decrypted, it is high Speed buffers and decrypts above-mentioned encrypted instruction.

5. microprocessor as claimed in claim 1, wherein, the decryption logic includes different logic gate, sets and comes with above-mentioned two Or more the derived decruption key of decruption key member to speed buffering from an encrypted instruction of the instruction cache Carry out xor.

6. microprocessor as claimed in claim 1, wherein, the storage area of the safe storage only allows if secure execution Program access.

7. microprocessor as claimed in claim 1, wherein, the renewal of above-mentioned decruption key member is made in the cipher key spreading logic Carried out before deriving the decruption key with decruption key member.

8. microprocessor as claimed in claim 1, wherein, the cipher key spreading logic is positioned to be based on an encrypted instruction address Required above-mentioned two or more decruption key member is selected from the plurality of decruption key member.

9. microprocessor as claimed in claim 1, wherein, the cipher key spreading logic is positioned to the decruption key of rotation displacement one Member, to produce rotation displacement decruption key member.

10. microprocessor as claimed in claim 9, wherein, the cipher key spreading logic is positioned to add with a function computing one A numerical value rotation displacement decruption key member obtained by close IA.

11. microprocessor as claimed in claim 9, wherein, the cipher key spreading logic is positioned to accumulate the rotation displacement solution Key member is first to one second decruption key.

12. microprocessor as claimed in claim 11, wherein, the cipher key spreading logic is positioned to accumulate from subtraction and added Selection in method accumulation with accumulating rotation displacement decruption key member to one second decruption key member, and above-mentioned subtraction first, accumulated And the selection of addition accumulation is the function operation result based on an encrypted instruction address.

13. microprocessor as claimed in claim 1, wherein：

The cipher key spreading logic is positioned to carry out a numerical operation to the above-mentioned at least two decruption key member used, to push away Export decruption key；

One effective key length of the decruption key that the setting of the cipher key spreading logic is derived is equal to one first numerical value and one The product of second value, first numerical value is the optional quantity for producing the decruption key member of decruption key, second number It is worth the quantity of the possibility combinations of values for the key that can be generated for the numerical operation；And

The cipher key spreading logic is positioned to multiple decruption keys being used for multiple encrypted instruction blocks, the length of above-mentioned encrypted instruction block Degree is no longer than the effective key length, and the cipher key spreading logic is that the encrypted instruction block respectively continued is bestowed from least one One new and different decruption key of different decruption key members.

14. a kind of encrypted instruction performs safely method, encrypted instruction is performed safely in a microprocessor, including：

Multiple decruption key members are stored in a safe storage；

Go out encrypted instruction from an instruction cache speed buffering；

Two or more decruption keys member among the plurality of decruption key member of safe storage reception；

A decruption key is derived from above-mentioned two for being received from the safe storage or more decruption key member；

The decruption key derived using above-mentioned two or more decruption key member, decrypts speed buffering from the instruction according to this One encrypted instruction of cache memory；And

Perform the instruction after decryption safely in the microprocessor.

15. encrypted instruction as claimed in claim 14 performs safely method, further including prevents from being somebody's turn to do from outside the microprocessor Encrypted instruction.

16. encrypted instruction as claimed in claim 14 performs safely method, further include high from the instruction cache Speed buffers out pure words instruction.

17. encrypted instruction as claimed in claim 14 performs safely method, further include above-mentioned pure text by the decryption logic Word instruction and encrypted instruction are all Pipelining.

18. encrypted instruction as claimed in claim 14 performs safely method, further include：

With speed buffering and the time that equivalent is adopted in the instruction of above-mentioned pure words is decrypted, speed buffering simultaneously decrypts above-mentioned encrypted instruction.

19. encrypted instruction as claimed in claim 14 performs safely method, wherein the action for decrypting an encrypted instruction include with The derived decruption key of above-mentioned two or more decruption key member is to speed buffering from the instruction cache One encrypted instruction carries out xor.

20. encrypted instruction as claimed in claim 14 performs safely method, further include and updated before the decruption key is derived Above-mentioned decruption key member.

21. encrypted instruction as claimed in claim 14 performs safely method, further include based on an encrypted instruction address choice institute Above-mentioned two needed or more decruption key member.

22. encrypted instruction as claimed in claim 14 performs safely method, the decruption key of rotation displacement one member is further included, to produce Raw rotation displacement decruption key member.

23. encrypted instruction as claimed in claim 22 performs safely method, with further including with the encrypted instruction of a function computing one A numerical value rotation displacement decruption key member obtained by location.

24. encrypted instruction as claimed in claim 22 performs safely method, accumulation rotation displacement decruption key member is further included To one second decruption key member.

25. encrypted instruction as claimed in claim 24 performs safely method, further include from subtraction accumulation and addition accumulation Selection with accumulating rotation displacement decruption key member to one second decruption key member, and above-mentioned subtraction first, accumulated and addition The selection of accumulation is the function operation result based on an encrypted instruction address.

26. encrypted instruction as claimed in claim 14 performs safely method, wherein：

Decruption key derivation action carries out a numerical operation to the above-mentioned at least two decruption key member used；

One effective key length of the decruption key produced by decruption key derivation action is equal to one first numerical value and one second The product of numerical value, first numerical value is the optional quantity for producing the decruption key member of decruption key, and the second value is The quantity of the possibility combinations of values for the key that the numerical operation can be generated；And

The safe execution method of the encrypted instruction is further included is used for multiple encrypted instruction blocks, above-mentioned encrypted instruction by multiple decruption keys The length of block is no longer than the effective key length, and the encrypted instruction block respectively continued is bestowed from least one different decryption A first new and different decruption key of key.

27. a kind of microprocessor, including：

One instruction cache, for storing encrypted instruction；

One speed buffering logic, sets to go out encrypted instruction from the instruction cache speed buffering；

One safe storage, sets to store multiple master keys；

One key selects logic, sets to be based on one group of one or more master key of encrypted instruction speed buffering address choice；With And

One decryption logic, set come use select one or more master keys of the group or be derived from the selected group one or more One decruption key of master key decrypts encrypted instruction of the speed buffering from the instruction cache.

28. microprocessor as claimed in claim 27, further includes a decruption key and produces logic, set and come from the selected group One or more master keys derive decruption key.

29. microprocessor as claimed in claim 28, wherein, the decruption key produces logic and is positioned to each speed buffering Amount derives a new decruption key.

30. microprocessor as claimed in claim 29, wherein the bit length t of each decruption key is 2^s, s is a speed buffering The byte number of amount.

31. microprocessor as claimed in claim 28, wherein above-mentioned encrypted instruction is grouped into instruction block, above-mentioned instruction block Length be not more than the length of decruption key, and the decruption key produces logic and set to come based on the encryption in above-mentioned instruction block The speed buffering address of instruction is that each instruction block derives new decruption key.

32. microprocessor as claimed in claim 28, the wherein decruption key, which produce logic and set, comes what rotation displacement was selected One or more master keys of the group first, produce a new decruption key, and the amount of institute's rotation displacement is to be based on the encryption according to this Command high speed buffer address.

33. position [the b of microprocessor as claimed in claim 32, wherein the encrypted instruction speed buffering address:0] subset not shadow Ring master key rotation displacement amount, numeral 0 with b be respectively used to indicate the encrypted instruction speed buffering address least significant bit with And b significance bits.

34. micro- position [d for sentencing device, wherein the encrypted instruction speed buffering address as claimed in claim 32:C] subset definition The width of master key rotation displacement, digital c and d are respectively used to c of the sign encrypted instruction speed buffering address effectively Position and d significance bits.

35. microprocessor as claimed in claim 34, the wherein decruption key produce logic and set that with n shifting may be rotated Position amount one does the rotation displacement of master key, n=2^m, m is the position [d of the encrypted instruction speed buffering address:C] subset position Number.

36. microprocessor as claimed in claim 35, the wherein decruption key produce logic and set to come based on a new encryption One group of new one or more master key of command high speed buffer address choice, and a new decruption key is derived according to this.

37. microprocessor as claimed in claim 36 the, wherein position [f of the new encrypted instruction speed buffering address:E] subset The modification of new one or more master keys of the group is determined, digital e and f are respectively used to indicate the encrypted instruction speed buffering address E significance bits and f significance bits.

38. microprocessor as claimed in claim 37, wherein the decruption key logic set to select available q groups one or more Any group, p=2 in individual master key^q, q is the position [f of the new encrypted instruction speed buffering address:E] in subset may numerical value it One.

39. a kind of encrypted instruction performs safely method, encrypted instruction is performed safely in a microprocessor, including：

Multiple master keys are stored in a safe storage；

Go out encrypted instruction from an instruction cache speed buffering；

One group of one or more master key is selected from the safe storage based on an encrypted instruction speed buffering address；

Using selected one or more master keys of the group or it is derived from a decruption key of selected one or more master keys of the group To decrypt encrypted instruction of the speed buffering from the instruction cache；

Perform the instruction after decryption safely in the microprocessor.

40. encrypted instruction as claimed in claim 39 performs safely method, one or more masters from the selected group are further included close Key derives decruption key.

41. encrypted instruction as claimed in claim 40 performs safely method, further include and an encryption is based on to each speed buffering amount Command high speed buffer address derives a new decruption key.

42. encrypted instruction as claimed in claim 41 performs safely method, wherein the bit length t of each decruption key is 2^s, s is The byte number of one speed buffering amount.

43. encrypted instruction as claimed in claim 40 performs safely method, wherein, above-mentioned encrypted instruction is grouped into instruction area Block, the length of above-mentioned instruction block is not more than the length of decruption key, and the safe execution method of the encrypted instruction is further included and is based on The encrypted instruction speed buffering address of each instruction block derives new decruption key.

44. encrypted instruction as claimed in claim 40 performs safely method, the selected group of rotation displacement is further included one or more Individual master key first, produce a new decruption key according to this, and the amount of institute's rotation displacement is to be based on the encrypted instruction speed buffering Address.

45. encrypted instruction as claimed in claim 44 performs safely the position of method, wherein the encrypted instruction speed buffering address [b:0] subset does not influence the rotation displacement amount of master key, and numeral 0 and b is respectively used to indicate the encrypted instruction speed buffering address Least significant bit and b significance bits.

46. encrypted instruction as claimed in claim 44 performs safely method, wherein rotation displacement action is included according to the encryption Position [the d of command high speed buffer address:C] amount defined in the numerical value that represents of subset does rotation displacement to master key, digital c and D is respectively used to indicate the c significance bits and d significance bits of the encrypted instruction speed buffering address.

47. encrypted instruction as claimed in claim 46 performs safely method, wherein rotation displacement action may be rotated with n and be moved Position amount one does the rotation displacement of master key, n=2^m, m is the position [d of the encrypted instruction speed buffering address:C] subset position Number.

48. encrypted instruction as claimed in claim 40 performs safely method, further include slow at a high speed based on a new encrypted instruction One group of new one or more master key of address choice are rushed, and derive a new decruption key according to this.

49. encrypted instruction as claimed in claim 40 performs safely method, wherein selecting one group of new one or more master key Action be the position [f for being decided by the new encrypted instruction speed buffering address:E] subset, digital e and f are respectively used to sign The e significance bits and f significance bits of the encrypted instruction speed buffering address.

50. encrypted instruction as claimed in claim 49 performs safely method, wherein selecting one group of new one or more master key Action include selecting any group, p=2 in available one or more master keys of q groups^q, q is the new encrypted instruction speed buffering Position [the f of address:E] may one of numerical value in subset.

51. a kind of microprocessor, including：

One instruction processing pipeline；

One processor bus；

One cache hierarchy；And

One safe storage, can not be accessed through the processor bus, and a part for the non-cache hierarchy, Set to store encryption key；

Wherein, the microprocessor sets to avoid a non-privileged program from reading the safe storage or write encryption key number Value, to limit the access of the safe storage；

Wherein, the microprocessor, which is more set, comes：

Receive one to ask, the peace for being carried out general execution pattern switching to the encrypted instruction that can not be performed from encrypted instruction Full execution pattern；

Conditionally allow the request；

Execute instruction, one group of one or more encryption key numerical value is write the safe storage of the microprocessor；

From the encipheror of an instruction cache speed buffering one；And

Decrypt the encipheror to instruct for pure words, wherein using the decryption logic in the instruction processing pipeline, the decryption is patrolled Collect and use the encryption key numerical value stored in the safe storage or derivative numerical value to decrypt the encipheror；And

Configuration processor, wherein above-mentioned pure words not instructed to any money being exposed to outside any non-privileged program or the microprocessor Source.

52. microprocessor as claimed in claim 51, sets to decrypt the successive passage of the encipheror, wherein adding according to being somebody's turn to do The address of the above-mentioned successive passage storage of close program from the safe storage select multigroup one or more encryption key numerical value or with It derives numerical value and decrypted.

53. whether it is the instruction that is loaded with encryption parameter according to the form of the request microprocessor as claimed in claim 51, Conditionally allow the request to switch to the if secure execution, the instruction is a part for a privileged program or program, and Above-mentioned encryption parameter meets the preset standard for performing the encipheror during decryption.

54. microprocessor as claimed in claim 53, wherein the encryption of above-mentioned encryption parameter and encipheror is using different Encryption mechanism.

55. microprocessor as claimed in claim 54, wherein, the encryption of the successive passage of the encipheror is to be based on the encryption The storage address of the successive passage of program.

56. microprocessor as claimed in claim 51, sets to perform an instruction, by a real time data field of the instruction Encryption key numerical value is write into the safe storage.

Add 57. microprocessor as claimed in claim 51, the wherein safe storage set to receive by an encrypted tunnel Close cipher key values.

58. the program run under microprocessor as claimed in claim 51, including general execution pattern can not access one Secure execution mode exceptions handle logic and an if secure execution interrupt handling logic, and the microprocessor is arranged in fortune Make in handle logic using above-mentioned secure execution mode exceptions under if secure execution and if secure execution interrupt processing is patrolled Volume.

59. microprocessor as claimed in claim 51, sets to avoid the decryption of encrypted instruction, unless the microprocessor is in Above-mentioned if secure execution.

60. microprocessor as claimed in claim 51, sets to avoid the decryption of encrypted instruction, unless the microprocessor operation In the SMM of x86 frameworks.

61. a kind of encrypted instruction performs safely method, encrypted instruction is performed safely in a microprocessor, including：

Conditionally allow the request；

Execute instruction, a group encryption keys numerical value is write a safe storage of the microprocessor, the wherein safe storage Can not the processor bus through the microprocessor access, an and part for a non-cache hierarchy, and non- Privileged program can not read or write encryption key numerical value to the safe storage；

From the encipheror of an instruction cache speed buffering one；And

It is that pure words are instructed to decrypt the encipheror, wherein using the decryption logic in the instruction processing pipeline, and use should One or more groups one or more encryption key numerical value of safe storage storage or the decryption of derivative Numerical Implementation；And

62. the encrypted instruction as described in claim 61 performs safely method, further include：

One or more encryption key numerical value are continuously organized in the address stored according to the successive passage of the encipheror, selection, for decryption The encipheror is used；And

One or more encryption key numerical value are organized using those of selection, the successive passage of the encipheror is decrypted.

63. the encrypted instruction as described in claim 61 performs safely method, wherein having ready conditions allows the request to switch to The action of the if secure execution is whether the form based on the request is the instruction for being loaded with encryption parameter, and the instruction is one special A part for power program or program, and above-mentioned encryption parameter meets the preset standard for performing the encipheror during decryption.

64. the encrypted instruction as described in claim 63 performs safely method, further include and encrypted using different encryption mechanisms Above-mentioned encryption parameter and encipheror.

65. the encrypted instruction as described in claim 64 performs safely method, the continuous segment based on the encipheror is further included The storage address fallen is encrypted by the successive passage of the encipheror.

66. the encrypted instruction as described in claim 61 performs safely method, wherein encryption key numerical value is write into the safety The instruction of memory stores encryption key numerical value in a real time data field of instruction.

67. the encrypted instruction as described in claim 61 performs safely method, further include to receive by an encrypted tunnel and encrypt Cipher key values.

68. the encrypted instruction as described in claim 61 performs safely method, further include and run using under general execution pattern A secure execution mode exceptions processing logic and if secure execution interrupt handling logic that can not access of program, with Handle abnormal and interrupt when if secure execution is operated on.

69. the encrypted instruction as described in claim 61 performs safely method, the decryption for avoiding encrypted instruction is further included, unless The microprocessor is in above-mentioned if secure execution.

70. the encrypted instruction as described in claim 61 performs safely method, the decryption for avoiding encrypted instruction is further included, unless SMM of the microprocessor operation in x86 frameworks.