CN116702129A - Safe calling method and device for power architecture running service code - Google Patents
Safe calling method and device for power architecture running service code Download PDFInfo
- Publication number
- CN116702129A CN116702129A CN202310680401.5A CN202310680401A CN116702129A CN 116702129 A CN116702129 A CN 116702129A CN 202310680401 A CN202310680401 A CN 202310680401A CN 116702129 A CN116702129 A CN 116702129A
- Authority
- CN
- China
- Prior art keywords
- random access
- service code
- access medium
- secure
- mode
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 42
- 230000008569 process Effects 0.000 claims description 8
- 230000009191 jumping Effects 0.000 claims description 6
- 230000007704 transition Effects 0.000 claims description 5
- 238000011084 recovery Methods 0.000 claims description 3
- 230000006870 function Effects 0.000 description 20
- 238000004590 computer program Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 230000002093 peripheral effect Effects 0.000 description 5
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Abstract
The application discloses a safe calling method, a safe calling device, electronic equipment and a computer readable storage medium of a power architecture operation service code, wherein the method comprises the following steps: when the computer system is powered on, copying the running service code of the power architecture into a safe random access medium for storage; locking the secure random access medium, wherein the locking is to adjust the read-write condition of the secure random access medium; after receiving the privilege command, calling and executing the operation service code of the secure random access medium based on the privilege command. The application can copy the operation service code into the safe random access medium for storage when power is on, and lock the safe random access medium at the same time, so that the operation service code can only be called by using the privilege command, and the operation service code is isolated from the virtual machine, thereby reducing the risk of tampering the operation service code and improving the safety coefficient of the operation service code.
Description
Technical Field
The application relates to the technical field of call execution of codes, in particular to a safe call method and device for a power architecture operation service code.
Background
Firmware (Firmware) is a program written in EPROM (erasable programmable read only memory) or EEPROM (electrically erasable programmable read only memory). The program in the firmware can realize the running action of the specific machine according to the standard device driving mode.
Currently, the running service code (run time code) of firmware is typically executed under a virtual machine monitor (hypervisor), and one or more virtual machines executed by the virtual machine monitor (hypervisor) are called guest machines (guest machines). The virtual machine monitor provides a virtual job platform to execute or manage the operating systems (guest operating systems) of the guest machines so that these operating systems can share virtualized hardware resources in common.
However, the method has the following technical problems: since all virtual machines can communicate with the virtual machine monitor, all virtual machines can access or modify the code of the firmware, thus causing errors in the running service code to be executed later, and presenting security risks.
Disclosure of Invention
The application provides a safe calling method and a safe calling device for a power architecture operation service code, wherein the method can copy the operation service code into a safe random access medium for storage during power-on, and lock the safe random access medium at the same time, so that the operation service code can only be called by using a privilege command, and the operation service code is isolated from a virtual machine, thereby reducing the risk of tampering of the operation service code and improving the safety coefficient of the operation service code.
A first aspect of an embodiment of the present application provides a secure invocation method of a power architecture running service code, where the method includes:
when the computer system is powered on, copying the running service code of the power architecture into a safe random access medium for storage;
locking the secure random access medium, wherein the locking is to adjust the read-write condition of the secure random access medium;
after receiving the privilege command, calling and executing the operation service code of the secure random access medium based on the privilege command.
In a possible implementation manner of the first aspect, the copying the running service code of the power architecture into the secure random access medium is stored, and includes:
converting the computer system into a privileged mode based on an instruction of a power architecture, and enabling a built-in register to generate a function number;
extracting running service codes in a privileged mode and copying the running service codes into a secure random access medium.
In a possible implementation manner of the first aspect, the performing a locking process on the secure random access medium includes:
and adjusting a CPU address decoder, decoding the address space of the random storage in a privilege mode, and decoding the address space of the random storage to other storage media in a common mode so as to lock the random storage.
In a possible implementation manner of the first aspect, the invoking and executing the running service code of the secure random access medium based on the privilege command includes:
judging whether the current working mode of the computer system is a privileged mode or not;
if the current working mode of the computer system is a privileged mode, opening a data channel of the secure random access medium, and jumping to a designated address of the secure random access medium based on the privileged command;
and searching a processing function corresponding to the fixed code according to the function number by the appointed address of the secure random access medium and executing processing.
In a possible implementation manner of the first aspect, after the step of calling and executing the running service code of the secure random access medium based on the privilege command, the method further includes:
a return instruction is sent to the computer system to transition the computer system from the privileged mode to the normal mode.
A second aspect of an embodiment of the present application provides a secure invocation apparatus for a power architecture running service code, the apparatus including:
the copying module is used for copying the running service code of the power architecture to a safe random access medium for storage when the computer system is powered on;
the locking module is used for carrying out locking treatment on the safe random access medium;
and the calling module is used for calling and executing the operation service code of the secure random access medium based on the privilege command after receiving the privilege command.
In a possible implementation manner of the second aspect, the copy module is further configured to:
converting the computer system into a privileged mode based on an instruction of a power architecture, and enabling a built-in register to generate a function number;
extracting running service codes in a privileged mode and copying the running service codes into a secure random access medium.
In a possible implementation manner of the second aspect, the locking processing is performed on the secure random access medium, specifically:
and adjusting a CPU address decoder, decoding the address space of the random storage in a privilege mode, and decoding the address space of the random storage to other storage media in a common mode so as to lock the random storage.
In a possible implementation manner of the second aspect, the calling module is further configured to:
judging whether the current working mode of the computer system is a privileged mode or not;
if the current working mode of the computer system is a privileged mode, opening a data channel of the secure random access medium, and jumping to a designated address of the secure random access medium based on the privileged command;
and searching a processing function corresponding to the fixed code according to the function number by the appointed address of the secure random access medium and executing processing.
In a possible implementation manner of the second aspect, the apparatus further includes:
and the recovery module is used for sending a return instruction to the computer system so as to enable the computer system to be converted from the privileged mode to the normal mode.
Compared with the prior art, the safe calling method and device for the power architecture operation service code provided by the embodiment of the application have the beneficial effects that: the application can copy the operation service code into the safe random access medium for storage when power is on, and lock the safe random access medium at the same time, so that the operation service code can only be called by using the privilege command, and the operation service code is isolated from the virtual machine, thereby reducing the risk of tampering the operation service code and improving the safety coefficient of the operation service code.
Drawings
FIG. 1 is a flowchart of a method for secure invocation of power architecture running service code according to an embodiment of the present application;
FIG. 2 is a flow chart of the operation of a method for secure invocation of power architecture running service code according to one embodiment of the present application;
FIG. 3 is a schematic diagram of a security call device for running service codes according to a power architecture according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
In order to solve the above-mentioned problems, a method for safely calling the power architecture operation service code provided by the embodiment of the present application will be described and illustrated in detail in the following specific embodiments.
Referring to fig. 1, a flow chart of a method for safely calling a power architecture running service code according to an embodiment of the present application is shown.
In one embodiment, the method is applicable to a management system internal to a computer, which may be installed in a CPU, for controlling or invoking code for firmware.
Wherein, as an example, the power architecture runs a safe calling method of service codes, which can include:
and S11, when the computer system is powered on, copying the running service code of the power architecture into a safe random access medium for storage.
When the computer system is powered on to start up, each firmware in the starting up stage has all privilege rights, and running service codes (run time service codes) are reserved in a privilege storage medium, so that the running service codes can be immediately uploaded to a secure Random-Access Memory (SRAM) in the stage, so that the running service codes can be immediately isolated from other virtual machines, and the situation that each virtual machine accesses or modifies the codes of the firmware after the subsequent starting up, thereby causing errors of the subsequently executed fixed running service codes is avoided.
As an example, step S11 may include the following sub-steps:
s111, converting the computer system into a privileged mode based on the power architecture instruction, and enabling the built-in register to generate a function number.
S112, extracting the operation service codes in the privilege mode, and copying the operation service codes into a safe random access medium.
In one implementation, the computer system transitions to privileged mode as follows: the system is in a non-privileged mode, by architecting ISA specific instructions to cause the system to enter a privileged mode (Enter supervisor mode, esm, enter super-privileged mode), the SAM table in privileged mode is special, and read-write commands sent in privileged mode are privileged bits. Therefore, when the service code needs to be read and written, each instruction must be attached with a special bit, and the service code cannot be read and written without the special bit, so that the effect of preventing malicious tampering can be achieved.
At the time of mode transition, since the Run service code (Run time) is in the boot phase (since the boot phase is a privileged level at which time the code is already placed), the Run service code can be directly extracted from the privileged storage medium and copied into the secure random access medium.
In one embodiment, the specific manner of operation of the computer system to transition to privileged mode may be: the CPU is first instructed to enter a privileged mode at a non-privileged level, and the associated data parameters and the function number (function ID number) to be executed are transferred through registers when entering.
In addition, the firmware of the Secure Random Access Medium (SRAM) refers to a run code placed in the Secure Random Access Medium (SRAM), and the run code is provided by the firmware.
S12, locking the secure random access medium.
In an embodiment, the locking process may be to set the secure random access medium to have a secure attribute, for example, when accessing registers to read and write, the judgment needs to be made according to the privilege mode, and only in the privilege mode, the registers can be read and written, and only the command sent in the secure mode will be corresponding.
In an embodiment, the locking process for the secure random access medium may specifically include:
and adjusting a CPU address decoder, decoding the address space of the random storage in a privilege mode, and decoding the address space of the random storage to other storage media in a common mode so as to lock the random storage.
Optionally, the locking process may also set all registers of the chip, and the peripheral, where the address space has security attributes, for example, when accessing the peripheral, it needs to be determined according to the privilege mode, and only in the privilege mode, these devices or the peripheral may read and write, and the access of the peripheral and MEM is similar to the access to the peripheral and the storage configured as the security attributes, and only the command sent in the security mode will be corresponding.
It should be noted that, the locking of the Secure Random Access Memory (SRAM) area or the locking of the Secure Random Access Memory (SRAM) is performed at a non-privileged level, and this address space is transparent to the normal program and is not accessible.
S13, after receiving the privilege command, calling and executing the operation service code of the secure random access medium based on the privilege command.
After the lock is completed, if the running service code in the Secure Random Access Medium (SRAM) needs to be called, a privileged command is received, and the privileged command is an instruction with a privilege bit. If a privileged command is received, running service code for a Secure Random Access Medium (SRAM) may be invoked and executed based on the privileged command.
In one embodiment, according to the disclosure of the above step, the Secure Random Access Medium (SRAM) is locked, and when called, a determination needs to be made according to a privilege mode, where, by way of example, step S13 may include the following sub-steps:
s131, judging whether the current working mode of the computer system is a privileged mode or not.
And S132, if the current working mode of the computer system is a privileged mode, opening a data channel of the secure random access medium, and jumping to a designated address of the secure random access medium based on the privileged command.
S133, searching a processing function corresponding to the fixed code according to the function number by the designated address of the secure random access medium and executing processing.
Specifically, when an instruction is received, all registers can be saved, and the system is switched into a privileged mode at proper time of a pipeline, meanwhile, a data path of a Secure Random Access Medium (SRAM) is opened, and the data path is jumped to a designated address of the Secure Random Access Medium (SRAM), and at the moment, a fixed code of the Secure Random Access Medium (SRAM) can find a specific processing Function according to a Function ID and data parameters transferred by the registers to execute the processing.
In this privileged mode, the firmware may execute special instructions, such as secure instructions, that may only be executed in this mode, increasing the security of the system.
After completing the call, to enable the computer system to resume normal use by the user, the method may further include, as an example:
s14, a return instruction is sent to the computer system so that the computer system is converted from the privileged mode to the normal mode.
Specifically, when the invoked operation is processed, the CPU may be returned to the normal mode by returning a special instruction accompanied by a privilege bit.
Referring to fig. 2, an operation flowchart of a secure call method for a power architecture to run service code according to an embodiment of the present application is shown.
Specifically, the safe calling method of the power architecture running service code specifically includes the following steps:
first, the SRAM can be accessed when power is turned on.
In the second step, the system firmware copies the running service code (runtime code) to the block of SRAM.
Third, the firmware sends a command to lock the block of SRAM (normal commands cannot be accessed) before the machine enters the operating system.
Fourth, in kernel mode of the operating system, the cpu is put into privileged mode by privileged instructions, and the processing functions of the firmware are executed in this mode.
In this embodiment, the embodiment of the present application provides a secure call method for a power architecture to run service codes, which has the following beneficial effects: the application can copy the operation service code into the safe random access medium for storage when power is on, and lock the safe random access medium at the same time, so that the operation service code can only be called by using the privilege command, and the operation service code is isolated from the virtual machine, thereby reducing the risk of tampering the operation service code and improving the safety coefficient of the operation service code.
The embodiment of the application also provides a safe calling device of the power architecture operation service code, and referring to fig. 3, a schematic structural diagram of the safe calling device of the power architecture operation service code is shown.
Wherein, as an example, the safe calling device of the power architecture running service code may include:
the copy module 301 is configured to copy an operation service code of the power architecture to a secure random access medium for storage when the computer system is powered on;
a locking module 302, configured to perform a locking process on the secure random access medium;
and the calling module 303 is used for calling and executing the running service code of the secure random access medium based on the privilege command after receiving the privilege command.
Optionally, the copy module is further configured to:
converting the computer system into a privileged mode based on an instruction of a power architecture, and enabling a built-in register to generate a function number;
the privileged storage medium of the computer system in the privileged mode extracts the operating service code and copies the operating service code into the secure random access medium. Optionally, the locking processing is performed on the secure random access medium, specifically:
and adjusting a CPU address decoder, decoding the address space of the random storage in a privilege mode, and decoding the address space of the random storage to other storage media in a common mode so as to lock the random storage.
Optionally, the calling module is further configured to:
judging whether the current working mode of the computer system is a privileged mode or not;
if the current working mode of the computer system is a privileged mode, opening a data channel of the secure random access medium, and jumping to a designated address of the secure random access medium based on the privileged command;
and searching a processing function corresponding to the fixed code according to the function number by the appointed address of the secure random access medium and executing processing.
Optionally, the apparatus further comprises:
and the recovery module is used for sending a return instruction to the computer system so as to enable the computer system to be converted from the privileged mode to the normal mode.
It will be clearly understood by those skilled in the art that, for convenience and brevity, the specific working process of the apparatus described above may refer to the corresponding process in the foregoing method embodiment, which is not described herein again.
Referring to fig. 4, a schematic structural diagram of an electronic device according to an embodiment of the present application is shown. As shown in fig. 4, the electronic apparatus 4 of this embodiment includes: at least one processor 40 (only one shown in fig. 4), a memory 41 and a computer program 42 stored in the memory 41 and executable on the at least one processor 40, the processor 40 implementing the steps in any of the method embodiments described above when executing the computer program 42.
The electronic device 101 may be a single-chip microcomputer, a tablet computer, a desktop computer, or other computing devices that constitute, for example, a vehicle-mounted control center. The electronic device may include, but is not limited to, a processor 40, a memory 41. It will be appreciated by those skilled in the art that fig. 4 is merely an example of the electronic device 101 and is not meant to be limiting of the electronic device 101, and may include more or fewer components than shown, or may combine certain components, or different components, such as may also include input-output devices, network access devices, etc.
The processor 40 may be a central processing unit (Central Processing Unit, CPU), the processor 40 may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), off-the-shelf programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 41 may in some embodiments be an internal storage unit of the electronic device 101, such as a hard disk or a memory of the electronic device 101. The memory 41 may also be an external storage device of the electronic device 101 in other embodiments, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash Card (Flash Card) or the like, which are provided on the electronic device 101. Further, the memory 41 may also include both an internal storage unit and an external storage device of the electronic device 101. The memory 41 is used for storing an operating system, application programs, boot loader (BootLoader), data, other programs, etc., such as program codes of the computer program. The memory 41 may also be used for temporarily storing data that has been output or is to be output.
In addition, the embodiment of the present application further provides a computer readable storage medium, where a computer program is stored, where the computer program is executed by a processor to implement steps in any of the above-mentioned method embodiments.
Embodiments of the present application provide a computer program product which, when run on an electronic device, causes the electronic device to perform steps that may be carried out in the various method embodiments described above.
In several embodiments provided by the present application, it will be understood that each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in the form of a software product stored in a storage medium, comprising several instructions for causing an electronic device to perform all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing embodiments have been provided for the purpose of illustrating the general principles of the present application, and are not to be construed as limiting the scope of the application. It should be noted that any modifications, equivalent substitutions, improvements, etc. made by those skilled in the art without departing from the spirit and principles of the present application are intended to be included in the scope of the present application.
Claims (10)
1. A secure call method for a power architecture running service code, the method comprising:
when the computer system is powered on, copying the running service code of the power architecture into a safe random access medium for storage;
locking the safe random access medium;
after receiving the privilege command, calling and executing the operation service code of the secure random access medium based on the privilege command.
2. The method for safely calling the power architecture running service code according to claim 1, wherein the copying the power architecture running service code into the secure random access medium for storage comprises:
converting the computer system into a privileged mode based on an instruction of a power architecture, and enabling a built-in register to generate a function number;
extracting running service codes in a privileged mode and copying the running service codes into a secure random access medium.
3. The method for safely invoking the power architecture running service code according to claim 2, wherein the locking the secure random access medium comprises:
and adjusting a CPU address decoder, decoding the address space of the random storage in a privilege mode, and decoding the address space of the random storage to other storage media in a common mode so as to lock the random storage.
4. The power architecture running service code secure invocation method of claim 2, wherein said running service code that invokes and executes said secure random access medium based on said privileged command comprises:
judging whether the current working mode of the computer system is a privileged mode or not;
if the current working mode of the computer system is a privileged mode, opening a data channel of the secure random access medium, and jumping to a designated address of the secure random access medium based on the privileged command;
and searching a processing function corresponding to the fixed code according to the function number by the appointed address of the secure random access medium and executing processing.
5. The method of claim 1-4, wherein after the step of calling and executing the running service code of the secure random access medium based on the privileged command, the method further comprises:
a return instruction is sent to the computer system to transition the computer system from the privileged mode to the normal mode.
6. A secure invocation apparatus for a power architecture running service code, the apparatus comprising:
the copying module is used for copying the running service code of the power architecture to a safe random access medium for storage when the computer system is powered on;
the locking module is used for carrying out locking treatment on the safe random access medium;
and the calling module is used for calling and executing the operation service code of the secure random access medium based on the privilege command after receiving the privilege command.
7. The power architecture running service code secure invocation apparatus of claim 6, wherein the copy module is further configured to:
converting the computer system into a privileged mode based on an instruction of a power architecture, and enabling a built-in register to generate a function number;
extracting running service codes in a privileged mode and copying the running service codes into a secure random access medium.
8. The safe calling device of the power architecture running service code according to claim 7, wherein the locking process is performed on the safe random access medium, specifically:
and adjusting a CPU address decoder, decoding the address space of the random storage in a privilege mode, and decoding the address space of the random storage to other storage media in a common mode so as to lock the random storage.
9. The power architecture running service code secure invocation apparatus of claim 7, wherein the invocation module is further configured to:
judging whether the current working mode of the computer system is a privileged mode or not;
if the current working mode of the computer system is a privileged mode, opening a data channel of the secure random access medium, and jumping to a designated address of the secure random access medium based on the privileged command;
and searching a processing function corresponding to the fixed code according to the function number by the appointed address of the secure random access medium and executing processing.
10. The power architecture execution service code secure invocation apparatus of any one of claims 6-9, further comprising:
and the recovery module is used for sending a return instruction to the computer system so as to enable the computer system to be converted from the privileged mode to the normal mode.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310680401.5A CN116702129A (en) | 2023-06-08 | 2023-06-08 | Safe calling method and device for power architecture running service code |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310680401.5A CN116702129A (en) | 2023-06-08 | 2023-06-08 | Safe calling method and device for power architecture running service code |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116702129A true CN116702129A (en) | 2023-09-05 |
Family
ID=87842829
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310680401.5A Pending CN116702129A (en) | 2023-06-08 | 2023-06-08 | Safe calling method and device for power architecture running service code |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116702129A (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5781750A (en) * | 1994-01-11 | 1998-07-14 | Exponential Technology, Inc. | Dual-instruction-set architecture CPU with hidden software emulation mode |
| CN101241530A (en) * | 2007-02-07 | 2008-08-13 | 和泽电子股份有限公司 | Method for preventing illegal copy and hardware storage device |
| CN101533438A (en) * | 2008-05-24 | 2009-09-16 | 威盛电子股份有限公司 | Microprocessor device for providing secure execution environment and method for executing secure code thereof |
| CN103748594A (en) * | 2011-07-29 | 2014-04-23 | 微软公司 | Firmware-based trusted platform module for arm processor architectures and trustzone security extensions |
| CN105431858A (en) * | 2013-06-14 | 2016-03-23 | 微软技术许可有限责任公司 | Secure privilege level execution and access protection |
| CN110659458A (en) * | 2019-10-10 | 2020-01-07 | 陈昶宇 | Central processor design method supporting software code data secret credible execution |
| CN110955888A (en) * | 2019-12-18 | 2020-04-03 | 海光信息技术有限公司 | Application program data protection method, device, equipment and storage medium |
| CN111143900A (en) * | 2019-12-24 | 2020-05-12 | 海光信息技术有限公司 | Data processing method, data access control method, data processing system, data access control system, data processing device, data processing apparatus, and storage medium |
| CN112148510A (en) * | 2019-06-29 | 2020-12-29 | 英特尔公司 | Apparatus, method and system for linear address mask architecture |
-
2023
- 2023-06-08 CN CN202310680401.5A patent/CN116702129A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5781750A (en) * | 1994-01-11 | 1998-07-14 | Exponential Technology, Inc. | Dual-instruction-set architecture CPU with hidden software emulation mode |
| CN101241530A (en) * | 2007-02-07 | 2008-08-13 | 和泽电子股份有限公司 | Method for preventing illegal copy and hardware storage device |
| CN101533438A (en) * | 2008-05-24 | 2009-09-16 | 威盛电子股份有限公司 | Microprocessor device for providing secure execution environment and method for executing secure code thereof |
| CN103748594A (en) * | 2011-07-29 | 2014-04-23 | 微软公司 | Firmware-based trusted platform module for arm processor architectures and trustzone security extensions |
| CN105431858A (en) * | 2013-06-14 | 2016-03-23 | 微软技术许可有限责任公司 | Secure privilege level execution and access protection |
| CN112148510A (en) * | 2019-06-29 | 2020-12-29 | 英特尔公司 | Apparatus, method and system for linear address mask architecture |
| CN110659458A (en) * | 2019-10-10 | 2020-01-07 | 陈昶宇 | Central processor design method supporting software code data secret credible execution |
| CN110955888A (en) * | 2019-12-18 | 2020-04-03 | 海光信息技术有限公司 | Application program data protection method, device, equipment and storage medium |
| CN111143900A (en) * | 2019-12-24 | 2020-05-12 | 海光信息技术有限公司 | Data processing method, data access control method, data processing system, data access control system, data processing device, data processing apparatus, and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10139876B2 (en) | Efficient reboot of an operating system executed in a virtual machine | |
| JP4708016B2 (en) | System and method for protection against unreliable system management code by re-instructing system management instructions and creating virtual machine containers | |
| US8341369B2 (en) | Providing protected access to critical memory regions | |
| US7209994B1 (en) | Processor that maintains virtual interrupt state and injects virtual interrupts into virtual machine guests | |
| US7356735B2 (en) | Providing support for single stepping a virtual machine in a virtual machine environment | |
| US6938164B1 (en) | Method and system for allowing code to be securely initialized in a computer | |
| US7827371B2 (en) | Method for isolating third party pre-boot firmware from trusted pre-boot firmware | |
| US7631196B2 (en) | Method and apparatus for loading a trustable operating system | |
| US7707341B1 (en) | Virtualizing an interrupt controller | |
| US8151264B2 (en) | Injecting virtualization events in a layered virtualization architecture | |
| EP1612669A2 (en) | Support for transitioning to a virtual machine monitor based upon the privilege level of guest software | |
| WO2006007361A2 (en) | Support for nested faults in a virtual machine environment | |
| US10545783B2 (en) | Technologies for securing data structures for controlling virtual machines | |
| US7287197B2 (en) | Vectoring an interrupt or exception upon resuming operation of a virtual machine | |
| US8843742B2 (en) | Hypervisor security using SMM | |
| US10586048B2 (en) | Efficient reboot of an operating system | |
| WO2005098621A1 (en) | Method and apparatus for facilitating recognition of an open event window during operation of guest software in a virtual machine environment | |
| US8473945B2 (en) | Enabling system management mode in a secure system | |
| CN116702129A (en) | Safe calling method and device for power architecture running service code | |
| US20230066447A1 (en) | Execution of code in system memory | |
| US20240078129A1 (en) | Execution of bios components with virtual machines | |
| US20060136679A1 (en) | Protected processing apparatus, systems, and methods | |
| US20090070565A1 (en) | Methods, systems, computer programs and apparatus for changing a processor state |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |