TW201714114A - Microprocessor and method for securely executing instructions therein - Google Patents

Abstract

A microprocessor is provided in which an encrypted program can replace the decryption keys that are used to decrypt sections of the encrypted program. The microprocessor may be decrypting and executing a first section of the encrypted program when it encounters, decrypts, and executes an encrypted store-key instruction to store a new set of decryption keys. After executing the store-key instruction, the microprocessor decrypts and executes a subsequent section of the encrypted program using the new set of decryption keys. On-the-fly key switching may occur numerous times with successive encrypted store-key instructions and successive sets of encrypted instructions.

Description

Microprocessor and method for safely executing instructions therein

The present invention relates to the field of microprocessors, and in particular to increasing the security of programs executed by microprocessors.

Many software programs are often vulnerable to attacks that compromise the security of computer systems. For example, a hacker can embed an inappropriate code by attacking a buffer overflow vulnerability of a running program and transfer the mastership to the inappropriate code. As a result, the embedded code will dominate the attacked program. One scheme for preventing software programs from being attacked is instruction set randomization. To be explained in outline, the instruction set randomization technique encrypts the program into some form, and then decrypts the program in the processor after the processor extracts the program from the memory. As a result, the hacker is less likely to embed malicious instructions because the embedded instructions must be properly encrypted (eg, using the same encryption key or algorithm as the attacked program) to be executed correctly. See, for example, the file "Counter Code-Injection Attacks with Instruction-Set Randomization, by Gaurav S. Kc, Angelos D. Keromytis, and Vassilis Prevelakis, CCS '03, October 27-30, 2003, Washington, DC, USA, ACM 1 -58113-738-9/03/0010", which describes an improved version of the Bochs-x86 Pentium emulator. The disadvantages of the related art have been widely discussed. E.g, See "Where’s the FEEB? The Effectiveness of Instruction Set Randomization, by Ana Nora Sovarel, David Evans, and Nathanael Paul, http://www.cs.virginia.edu/feeb".

The features of the present invention can be implemented in a variety of ways, one of which is a microprocessor including a secure memory and an instruction processing pipeline. The secure memory stores and provides a key for key writing for decryption of the encrypted instructions. The instruction processing pipeline extracts and executes instructions from a cache. The instruction processing pipeline includes an extraction unit, a decryption circuit, and one or more execution units. The extracting unit extracts an unencrypted and encrypted instruction in an instruction set architecture supported by the microprocessor. The instruction set architecture includes a key storage instruction for storing one or more keys written by the key to the secure memory. The microprocessor supports encrypted key storage instructions.

The decryption circuit decrypts the encrypted command with a key written from the key of the secure memory. The one or more execution units are used to execute an instruction, or execute a micro-instruction that is translated by the instruction.

When the microprocessor uses the encrypted key storage instruction, the encrypted key storage instruction is decrypted by a key written by one or more keys of the first group, and then the decrypted key storage instruction is executed. And then decrypting one or more encrypted instructions of a subsequent group by using a second set of one or more key-written keys provided by the encrypted key storage instruction. The microprocessor thus enables an encrypted program to provide a plurality of sets of key-written keys in response to subsequent decryption changes of the plurality of sets of program instructions.

In one embodiment, the instruction set architecture includes a secure execution The mode command requires switching from a general execution mode to a secure execution mode. The microprocessor limits decryption of the encrypted program until the microprocessor enters the secure execution mode.

In one embodiment, the microprocessor condition allows the request according to whether the format of a required instruction to switch to the secure execution mode carries an encrypted parameter, and the conforming instruction is part of a privileged program or program, and the encryption The parameters are decrypted to meet the preset requirements for running the encrypted program. In one embodiment, the encryption parameter and the program are encoded by different key writers.

In one embodiment, the key storage instruction provides the content of one or more key-written keys in the immediate data field.

In one embodiment, the microprocessor executes the decrypted instruction or the decrypted instruction translated microinstruction and does not expose the decrypted instruction or microinstruction.

In one embodiment, the secure memory is not accessible by the processor bus and does not belong to a portion of a cache memory class. In addition, the secure memory cannot be accessed by programs executing in the non-privileged execution mode. Moreover, in one embodiment, an AES or RSA encryption channel causes the value of the key written by the key to be written to the secure memory.

The feature of the present invention can be implemented as a method for safely executing instructions in a microprocessor. First, the method stores a first set of one or more key-written keys to a secure memory for decryption of the encrypted instructions, caches a first set of encrypted instructions, and employs the first set The one or more key-written keys decrypt the first set of encrypted instructions. At some point in time, the method includes caching an encrypted key storage instruction to store a second set of one or more keys. The key is sent to the secure memory for decryption of the encrypted command. The encrypted key storage instruction is decrypted by a key written by one or more keys of the first group prior to storing the key of the second set of one or more keys. Then, the key of the second group of one or more keys is stored to the secure memory for decryption of the execution of the key storage instruction. Then (or at the same time - the microprocessor is a pipelined processor), a second set of encrypted instructions is cached. After obtaining the key for writing the one or more keys of the second group, the method decrypts the encrypted command of the second group by using the key written by the one or more keys of the second group. Most of the above steps can be repeated, for processing a plurality of encrypted key storage instructions and a plurality of sets of encrypted instructions.

The invention has various characterizations and protections and is not intended to be limited to the above description. Alternative characterizations of the present invention may include only a subset of the content of the abstract description, or a subset of other unmentioned content. The actual definition of the scope of patent protection should be interpreted in accordance with its description.

100‧‧‧Microprocessor

102‧‧‧ instruction cache memory

104‧‧‧Extraction unit

106‧‧‧Instruction data (can be encrypted)

108‧‧‧Decoding unit

112‧‧‧Execution unit

114‧‧‧Exporting unit

118‧‧‧Universal register

122‧‧‧Safe storage area

124‧‧‧Key Register File

128‧‧‧flag register

132‧‧‧microcode unit

134‧‧‧ extract address

142‧‧‧Master Key Register

144‧‧‧Control register

148‧‧‧E-bit

152‧‧‧Key Expander

154‧‧‧Multiplexer

156‧‧‧ mutually exclusive logic

162‧‧‧ plain text instruction data

164‧‧‧ extract address generator

172‧‧‧Two sets of keys

174‧‧‧ decryption key

176‧‧‧Multi-digit binary zero value

178‧‧‧ Output of multiplexer 154

212‧‧‧Multiplexer A

214‧‧‧Multiplexer B

216‧‧‧ rotator

218‧‧‧Addition/Subtractor

234‧‧‧First key

236‧‧‧second key

238‧‧‧ rotator output

302-316‧‧‧Steps

402‧‧‧E bit field

408‧‧‧Standard x86 logo with multiple digits

500‧‧‧Key Loading Instructions

502‧‧‧Operational Code

504‧‧‧Key Register File Destination Address

506‧‧‧secure storage source address

600‧‧‧Key Switching Instructions

602‧‧‧Operation Code

604‧‧‧Key Register File Index

702-708‧‧‧block steps

800‧‧‧ memory usage

900‧‧‧ Branch and Switch Key Instructions

902‧‧‧Operation Code

904‧‧‧Key Register File Index

906‧‧‧ branch information

1002-1018‧‧‧Steps

1102-1106‧‧‧Steps

1200‧‧‧ branch and switch key instructions

1202‧‧‧Operation Code

1300‧‧‧ Block address range table:

1302‧‧‧Address range

1304‧‧‧Key Register File Index

1402-1418‧‧‧Steps

1500‧‧‧ branch and switch key instructions

1502‧‧‧Operation Code

1600‧‧‧block address range table

1604‧‧‧Secure storage area address

1714‧‧‧Steps

1802-1806‧‧‧Steps

1902-1944‧‧‧Steps

2002-2008‧‧‧Steps

2104‧‧‧ index

2202-2216‧‧‧Steps

2302-2316‧‧‧Steps

2402‧‧‧Retired bits

2506‧‧‧Steps

2607, 2609‧‧‧step blocks

2702‧‧‧Branch Target Address Cache Memory (BTAC)

2706‧‧‧ Target address

2708‧‧‧ Adoption/non-use of indicators

2712‧‧‧Key Switching Logic

2714‧‧‧ Type indicator

2716‧‧‧Key register file index

2802‧‧‧BTAC array

2808‧‧‧BTAC unit

2902‧‧‧ Valid Bits

2904‧‧‧Marking field

2906‧‧‧Target address

2908‧‧‧With/without field

2912‧‧‧Key Register File Index

2914‧‧‧Type field

3002-3004‧‧‧Steps

3102-3116‧‧‧Steps

3208-3222‧‧‧Steps

ZEROES‧‧‧ multi-digit binary zero value

1 is a block diagram illustrating a microprocessor implemented in accordance with the teachings of the present invention; FIG. 2 is a block diagram for illustrating the extraction unit of FIG. 1 in detail; FIG. 3 is a flowchart, The invention shows the operation of the extraction unit of FIG. 2; FIG. 4 is a block diagram illustrating the field of the flag register of FIG. 1 according to the technology of the present invention; FIG. 5 is a block diagram, according to the technique of the present invention, Graphical one key load instruction Figure 6 is a block diagram illustrating the format of a key switching instruction in accordance with the teachings of the present invention; and Figure 7 is a flow chart illustrating the operation of the microprocessor of Figure 1 in accordance with the teachings of the present invention, wherein FIG. 8 is a block diagram showing a memory usage of an encryption program according to the present invention. The encryption program includes a plurality of key switching instructions disclosed in FIG. 6; The figure is a block diagram illustrating the format of a branch and switch key instruction in accordance with the teachings of the present invention; FIG. 10 is a flow chart illustrating the operation of the microprocessor of FIG. 1 in accordance with the teachings of the present invention, wherein FIG. Branch and switching key instruction; FIG. 11 is a flowchart illustrating the operation of a post-processor according to the technique of the present invention, implemented by a software tool, which can be used for post processing a program and encrypted by the first figure 12 is a block diagram illustrating a format of a branch and switch key instruction according to another embodiment of the present invention; and FIG. 13 is a block diagram illustrating a block address range table according to the present technology; 1st 4 is a flow chart illustrating the operation of the microprocessor of FIG. 1 in which the branch and switch key instructions of FIG. 12 are performed in accordance with the teachings of the present invention; and FIG. 15 is a block diagram illustrating another embodiment of the present invention. a branch and switch key instruction format; FIG. 16 is a block diagram illustrating a block address range table in accordance with the teachings of the present invention; and FIG. 17 is a flow chart illustrating the microprocessor of FIG. 1 in accordance with the teachings of the present invention Operation in which the branch and switch key instruction of FIG. 15 is performed; FIG. 18 is a flowchart illustrating another embodiment of the present technology, in which the operation of a post processor is described for the post processing of a program, and Encrypted, executed by the microprocessor of FIG. 1; FIG. 19 is a flowchart illustrating the operation of the microprocessor of FIG. 1 for coping with a task switching, switching to an encryption program, and a pure Figure 20 illustrates a flow chart illustrating the operation of the system software executed by the microprocessor of Figure 1 in accordance with the teachings of the present invention; and Figure 21 illustrates a block diagram illustrating, in accordance with another embodiment of the present invention, Figure 1 shows the field of the register; Figure 22 is a flow chart illustrating the operation of the microprocessor of Figure 1 using the flag register of Figure 21 for handling a task switch in accordance with the teachings of the present invention. Switching between multiple encryption programs; FIG. 23 is a flow chart illustrating the operation of the microprocessor of FIG. 1 using the flag register of FIG. 21 for coping with a task switching, in accordance with the teachings of the present invention, Switch Between the plurality of encryption programs; FIG. 24 is a block diagram illustrating a single register in the key register file of FIG. 1 according to another embodiment of the present invention; FIG. 25 is a flowchart, according to a flowchart, Another embodiment of the present invention illustrates the operation of the microprocessor of FIG. 1 using the flag register of FIG. 21 and the key register file of FIG. 24 to cope with a task switching and switching between multiple encryption programs. Figure 26 is a flow chart, according to another embodiment of the present invention, illustrated The operation of the microprocessor of Fig. 21 using the flag register of Fig. 21 and the file of the key register file of Fig. 24 to cope with a task switching and switching between multiple encryption programs; Fig. 27 is a block diagram FIG. 28 is a block diagram showing the branch target address cache memory (BTAC) of FIG. 27 in detail according to the technique of the present invention; FIG. For a block diagram, the contents of the BTAC units of FIG. 28 are illustrated in detail in accordance with the teachings of the present invention; and FIG. 30 is a flow chart illustrating the operation of the microprocessor of FIG. 28 using the BTAC of FIG. 28 in accordance with the teachings of the present invention; Figure 31 is a flow chart showing the operation of the microprocessor of Figure 27 using the BTAC of Figure 28 in accordance with the teachings of the present invention; and Figure 32 is a flow chart illustrating the microprocessor pair of Figure 27 in accordance with the teachings of the present invention. A branch and the operation of switching key instructions.

Referring to Figure 1, a block diagram illustrates a microprocessor 100 implemented in accordance with the teachings of the present invention. The microprocessor 100 includes a pipeline including an instruction cache 108, a fetch unit 104, a decode unit 108, and an execution unit. 112, and a retire unit 114. The microprocessor 100 further includes a microcode unit 132 for providing microcode instructions to the execution unit 112. The microprocessor 100 further includes a general purpose registers 118 and a flag register. (EFLAGS register) 128 to provide instruction operands to the execution unit 112. Moreover, the instruction execution result is updated by the lead-out unit 114 to the general-purpose register 118 and the flag register 128. In one embodiment, the flag register 128 is implemented by a conventional x86 flag register modification, and the detailed implementation will be described in subsequent pages.

The extracting unit 104 extracts instruction data 106 from the instruction cache 102. The extracting unit 104 operates in two modes: one is a decryption mode and the other is a plain text mode. An E bit 148 of a control register 144 in the extracting unit 104 determines whether the extracting unit 104 operates in a decryption mode (set E bit) or operates in a text mode (empty E). Bit). In the plain text mode, the extracting unit 104 regards the command data 106 extracted from the instruction cache 102 as unencrypted or plain text command data, and therefore does not decrypt the command data 106. However, in the decryption mode, the extracting unit 104 regards the instruction data 106 extracted from the instruction cache 102 as the encrypted instruction data, and therefore, a master key register (master key) of the extracting unit 104 is used. The decryption keys stored in register 142 are decrypted into plain text command data. The detailed technical content will be discussed with reference to FIG. 2 and FIG.

The extracting unit 104 also includes a fetch address generator 164 for generating a fetch address 134 for extracting the instruction data 106 from the instruction cache 102. The extracted address 134 is further supplied to a key expander 152 of the extracting unit 104. The key expander 152 selects two sets of keys 172 from the autonomous key register 142 and operates on it to generate a decryption key 174 as the first input to the multiplexer 154. Multiplex The second input of the 154 is a multi-bit binary zeroes 176. The E bit 148 controls the multiplexer 154. If the E bit 148 is set, the multiplexer 154 selects to output the decryption key 174. If the E bit 148 is cleared, the multiplexer 154 selects to output the binary zero value 176 of the multi-bit. The output 178 of multiplexer 154 will be supplied to mutual exclusion logic 156 as its first input. The exclusive logic 156 is responsible for performing Boolean exclusive-OR (XOR) on the extracted instruction data 106 and the multiplexer output 178 to generate plain text instruction data 162. The encrypted instruction data 106 is pre-encrypted with its original plain text instruction data as an encryption key, wherein the value of the encryption key is the same as the decryption key 174. The detailed embodiment of the extracting unit 104 will be described later in conjunction with the contents of the second and third figures.

The plain text instruction data 162 will be supplied to the decoding unit 108. The decoding unit 108 is responsible for decoding the stream of the plain text instruction data 162 and dividing it into a plurality of X86 instructions for execution by the execution unit 112. In one embodiment, decoding unit 108 includes buffers or queues to buffer the stream of stored plain text instruction data 162 before or during decoding. In one embodiment, decoding unit 108 includes an instruction translator for translating X86 instructions into microinstructions or micro-ops for execution by execution unit 112. When the decoding unit 108 outputs the instruction, a one-bit value is output for each instruction, and the bit value is accompanied by the instruction along the pipeline structure to indicate whether the instruction is an encryption instruction. The bit value will control the execution unit 112 and the lead-out unit 114 to make an decision and take an action when the instruction is fetched from the instruction cache memory 102 as an encrypted instruction or a plain text instruction. In one embodiment, plain text instructions are not allowed to execute exclusively. The specific operation of the instruction decryption mode design.

In one embodiment, the microprocessor 100 is an x86 architecture processor, however, the microprocessor 100 can also be implemented by other architecture processors. If a processor can properly execute most of the applications designed for x86 processor execution, it is considered an x86 architecture processor. If the application can get the expected results after execution, it can be judged that the application is executed correctly. In particular, microprocessor 100 is an instruction that executes the x86 instruction set and has an x86 user-visible register set.

In one embodiment, the microprocessor 100 is designed to supply a comprehensive security architecture - referred to as a secure execution mode (SEM) - to execute the program therein. According to one embodiment, execution of the SEM program can be initiated by several processor events and is not blocked by normal (non-SEM) operations. In addition, the SEMENABLE instruction can initiate a transition from a normal execution mode to a SEM mode. In one embodiment, the SEMENABLE instruction has an encrypted parameter that is encrypted by a private key of the authorized unit and is a cryptographic mechanism that is different from the symmetric key encryption used by the encryption of the encryption program. Symmetric key encryption cryptographic mechanism. The security code interface logic within microprocessor 100 employs a public key that is stored in the manufacturing program to decrypt and identify the parameter. After the parameter is decrypted, the security execution mode initial logic initializes the security mode.

In one embodiment, the data is provided for the safe execution mode. The safe non-volatile memory (not shown) - for example, flash memory - can be used to store the decryption key. The secure non-volatile memory is coupled to the microprocessor 100 via a private serial bus, and wherein all of the data is AES encrypted and signed for authentication. In one embodiment, the microcontroller 100 includes small size non-volatile memory (not shown) that can be used to store decryption keys. In one embodiment, the non-volatile memory is a fuse-embodied non-volatile storage, which is described in detail in U.S. Patent No. 7,663,957. . The advantage of the instruction decryption feature described herein is that the secure execution mode is extended such that the security program is stored in memory external to the microprocessor 100 without the need to store the security program in the microprocessor 100. Therefore, the secure code can take advantage of the full size and functionality of the memory hierarchy. In one embodiment, architectural exceptions/interruptions (eg, page faults, debug breakpoints, etc.) are partially or fully disabled in a safe execution mode run. In one embodiment, the architectural exception/interrupt is partially or fully disabled in the decrypted mode operation (ie, the state set at E-bit 148).

There are many examples of functions performed by programs running in secure execution mode, including critical security tasks such as identifying credentials and encrypting data, monitoring system software activity, identifying system software integrity, tracking resource usage, and controlling new Software installation...etc. An example of a safe execution mode is described in detail in U.S. Patent No. 8,615,799, issued on Dec. The above documents are hereby incorporated by reference in their entirety.

In one embodiment, the microprocessor architecture performs instruction execution for both the general mode and the secure mode. If operating in the normal mode, none of the resources associated with the secure execution of the secure application are observable or operational. Watchdog logic monitors the authenticity of security codes, data, and environmental and physical attributes to collect tamper evidence. The interrupt handling and exception logic supplied for the secure execution mode are different from the normal mode interrupt handling and exception logic.

The microprocessor 100 further includes a key register file 124. The key register file 124 includes a plurality of registers, wherein the stored keys can be loaded into the master key register 142 of the extracting unit 104 by a switch key instruction (discussed later). The extracted encrypted instruction data 106 is decrypted.

The microprocessor 100 further includes a secure memory area (SMA) 122 for storing a decryption key to be subjected to a load key instruction as shown in FIG. 500 is in turn loaded into the key register file 124. In one embodiment, the secure storage area 122 is defined to be accessed by an SEM program. That is, the secure storage area 122 is not accessible by programs executed in the normal execution mode (non-SEM). In addition, the secure storage area 122 is also not accessible by the processor bus and is not part of the cache memory hierarchy of the microprocessor 100. Thus, by way of example, a cache flush operation does not cause the contents of secure storage area 122 to be written to the memory. Regarding the read and write of secure storage area 122, specific instructions are designed in the instruction set architecture of microprocessor 100. One embodiment is to design an isolated random access memory (private RAM) in the secure storage area 122. For related art, reference is made to U.S. Patent Application Serial No. 12/034,503, filed on Feb. 20, 2008. October 16th Open, publication number is 2008/0256336); can refer to the above case content for the invention of the present invention.

Initially, the initialization of the operating system or other privileged program download key is set in the secure storage area 122, the key register file 124, and the master key register 142. The microprocessor 100 initially sets the initialization of the key to decrypt an encryption program. In addition, the encryption program itself can continue to write a new key to the secure storage area 122, and load the key from the secure storage area 122 into the key register file 124 (by the key load command), and the self-density The key register file 124 loads the key into the master key register 142 (by the key switch instruction). An advantage of the described operation is that the disclosed key switching instructions cause the encryption program to switch on-the-fly switching during execution, as will be described in more detail below. The new key can be composed of the instant data of the encryption program instruction itself. In one embodiment, a field in the program file header indicates whether the program instruction is an encrypted version.

The technique described in Figure 1 has several advantages. First, the plain text instruction data decrypted from the encrypted instruction data 106 cannot be obtained externally by the microprocessor 100.

Second, the time required for the extraction unit 104 to extract the encrypted instruction data is the same as the time required to extract the plain text instruction data. This feature is related to security. On the other hand, if there is a time difference, the hacker can use this to crack the encryption technology.

Third, compared to the conventional design, the instruction decryption technique disclosed in the present case does not additionally increase the number of clocks consumed by the extracting unit 104. As discussed below, the key expander 152 increases the effective length of the decryption key, which is used to decrypt an encryption program, and this way does not cause the time required to extract the encrypted program data. Longer than the time required to extract plain text program data. In particular, since the operation of the key expander 152 is limited to completion by the fetch address 134 to read the instruction cache 102 to obtain the instruction data 106, the key expander 152 does not increase the time of the general fetch program. . In addition, since the multiplexer 154 and the key expander 152 are collectively limited in time to perform the lookup of the instruction cache memory 102 to obtain the instruction data 106 by extracting the address 134, the general extraction procedure time is not increased. The exclusive logic 156 is the only logical operation added to the general extraction path. Fortunately, the propagation delay of the exclusive operation 156 is relatively small and does not increase the duty cycle. Therefore, the instruction decryption technique disclosed in the present application does not increase the clock amount burden of the extracting unit 104. Moreover, in contrast to the complex decryption mechanisms used by the general techniques to decrypt instruction data 106, such as S-boxes, the general technique increases the duty cycle and/or consumption required to extract and decode the instruction data 106. Number of clocks.

Next, referring to FIG. 2, a block diagram illustrates the extraction unit 104 of FIG. 1 in detail. In particular, the key expander 152 of Fig. 1 is also shown in detail. The advantages of using the mutually exclusive logic to decrypt the encrypted instruction data 106 have been discussed previously. However, fast and small mutual exclusion logic has its disadvantages: if the encryption/decryption key is reused, the mutual exclusion logic belongs to a weak encryption method. However, if the effective length of the key is equal to the length of the program to be encrypted/decrypted, mutual exclusion logic encryption is an extremely powerful encryption technique. The microprocessor 100 is characterized in that the effective length of the decryption key can be increased to reduce the need for key reuse. First, the value stored in the master key register file 142 is a medium to large size: in one embodiment, the size is equivalent to the amount of instruction data 106 fetched from the instruction cache 102, or the block size. , is 128 bits (16 bytes). Second, the encryption expander 152 is used to increase the validity of the decryption key. The length, for example, is increased to the 2048 byte disclosed in an embodiment, which will be detailed later. Third, the encryption program can change the value in the master key register 142 in operation by a key switch instruction (or a variant thereof), as will be detailed later in the paragraph.

In the embodiment shown in Figure 2, 142 uses five master key registers, numbered 0-4. However, in other embodiments, the number of master key registers 142 may be increased by a smaller or greater amount to increase the decryption key length. For example, one embodiment employs twelve master key registers 142. The key extender 152 includes a first multiplexer A 212 and a second multiplexer B 214 for receiving the key supplied by the master key register 142. A portion of the content of the extracted address 134 is used to control the multiplexer 212/214. In the embodiment shown in Fig. 2, the multiplexer B 214 is a three-turn multiplexer, and the multiplexer A 212 is a four-turn multiplexer. Table 1 shows how multiplexers 212/214 select such master key registers 142 (identified by the above numbers) according to their respective selection inputs. Table 2 shows the manner in which the above-described selection input is generated, and the combination of the master key registers 142 represented by the bits [10:8] of the extracted address 134.

The output 236 of multiplexer B 214 is supplied to adder/subtractor 218. The output 234 of multiplexer A 212 is supplied to a rotator 216. The rotator 216 receives the bits [7:4] of the extracted address 134, based on which the multiplexer output 234 is rotated to determine the number of bytes to rotate. In one embodiment, the bits [7:4] of the extracted address 134 are incremented before being supplied to the rotator 216 to control the number of bytes rotated, as shown in Table 3. Output 238 of rotator 216 is supplied to adder/subtractor 218. Adder/subtractor 218 receives the bit [7] of the extracted address 134. If the bit [7] is empty, the adder/subtractor 218 subtracts the output 238 of the rotator 216 from the output 236 of the multiplexer B 214. If the bit [7] is set, the adder/subtractor 218 adds the output 238 of the rotator 216 to the output 236 of the multiplexer B 214. The output of the adder/subtracter 218, that is, the decryption key 174 shown in Fig. 1, is supplied to the multiplexer 154. The related art will be described in detail below with reference to the flowchart of FIG.

Next, referring to FIG. 3, a flowchart is based on the operation of the second drawing extraction unit 104 of the technical diagram of the present invention. The process begins at block 302.

At block 302, the fetch unit 104 reads the instruction cache 102 with the fetch address 134 to begin fetching the instruction data 106 for a block of 16 bytes. The command data 106 can be in an encrypted state or in a plain text state, depending on whether the command data 106 is part of an encryption program or a plain text program, as indicated by E bit 148. Flow then proceeds to block 304.

Referring to block 304, multiplexer A 212 and multiplexer B 214 respectively select a first key from the key 172 supplied by the autonomous key register 142 according to the higher number of bits of the extracted address 134. 234 and a second key 236. In one embodiment, the bits supplied by the extraction address 134 are applied to the multiplexer 212/214 to produce a particular key pair (234/236 key pair) combination. In the embodiment shown in Fig. 2, the number of supplied master key registers 142 is five, so there are 10 sets of possible key pairs. To simplify the hardware design, only 8 of them are used; this design will supply a valid key of 2048 bytes, which will be discussed in detail in subsequent paragraphs. However, other embodiments may also use other numbers of key registers 142. Taking the implementation of the 12 master key registers 142 as an example, the possible combinations of the master key registers 142 are 66 groups. If 64 groups are used, the generated valid keys will be 16384 bytes. In general, assuming that the total number of the plurality of key values is K (for example, 5, and all combinations are used), the decryption key and the plurality of key values each have a length of W bytes (for example, 16). The byte generated, the resulting valid key will be the W ² * (K!/(2*(K-2)!)) byte. Flow then proceeds to block 306.

At block 306, based on the bit [7:4] of the extracted address 134, the rotation The 216 rotates the first key 234 by a corresponding number of bytes. For example, if the bit [7:4] of the extracted address 134 is a value of 9, the rotator 216 rotates the first key 234 to the right by 9 bytes. Flow then proceeds to block 308.

At block 308, the adder/subtractor 218 adds/subtracts the rotated first key 238 from the second key 236 to produce the decryption key 174 of FIG. In an embodiment, if the bit [7] of the extracted address 134 is 1, the adder/subtractor 218 adds the rotated first key 234 to the second key 236; if the address 134 is extracted The bit [7] is 0, and the adder/subtractor 218 subtracts the rotated first key 234 from the second key 236. Next, the flow proceeds to block 312.

At decision block 312, the multiplexer 154 determines, based on its control signal, that the extracted instruction data 106 for the block is from an encryption program or a plain text program, the control signal being derived from the bit supplied by the control register 144. E 148. If the command data 106 is in an encrypted state, the flow proceeds to block 314, otherwise, the flow proceeds to block 316.

At block 314, multiplexer 154 selects output decryption key 174, and mutual exclusion logic 156 causes encryption instruction data 106 and decryption key 174 to perform a Boolean mutual exclusion operation to produce plain text instruction data 162 of FIG. The process ends at block 314.

At block 316, the multiplexer 154 selects to output a binary zero value 176 of 16 bytes, and the exclusive logic 156 causes the command data 106 (which is plain text) and the binary zero value of the 16-bit tuple to be a Brin. Mutually exclusive operations to produce the same plain text instruction data 162. The process ends at block 316.

Referring to the contents disclosed in FIG. 2 and FIG. 3, the decryption key 174 is supplied to the extracted block instruction data 106 for mutual exclusion operation, and the decryption key is used. Key 174 is a function of selected master key pair 234/236 and extracted address 134. Compared to the traditional decryption procedure - making the decryption key a function of the previous key value, where the key is continuously modified to supply a new use in the next working interval - the decryption technique disclosed in this case is completely different. The manner in which the decryption key 174 is obtained by the master key pair 234/236 and the extracted address 134 as a function has at least the following two advantages. First, as discussed above, the extraction of encrypted instruction data and plain text instruction data 106 is time consuming and does not increase the operational clock required by microprocessor 100. Second, when the branch instruction in the program is encountered, the time required to extract the instruction data 106 does not increase. In one embodiment, a branch predictor receives the extracted address 134 and predicts whether the instruction data 106 of the block indicated by the extracted address 134 has a branch instruction and predicts its direction and target bit. site. Taking the implementation shown in FIG. 2 as an example, the generated decryption key 174 is a function of the master key pair 234/236 and the extracted address 134, and the block instruction data 106 to be referred to at the target address. The appropriate decryption key 174 of the target address of the predicted output is sent to the mutually exclusive logic 156 at the same time. In contrast to the plurality of "rewind" steps necessary for the conventional decryption key operation method to calculate the decryption key for the target address, the technique disclosed herein does not introduce additional delay in processing the encrypted instruction data.

Further, as shown in Figs. 2 and 3, the joint design of the rotator 216 of the key expander 152 and the adder/subtractor 218 allows the decryption key length to be effectively expanded beyond the length of the master key. For example, the master key contributes a total of 32 bytes (2*16 bytes); moreover, the rotator 216 and the adder/subtractor 218 are effective in terms of the hacker's attempt to determine the decryption key 174. The master key of the 32-bit tuple located in the master key register 142 is expanded to a key sequence of 256 bytes. More specifically, the byte n of the effectively extended key sequence is: Is the byte n of the first master key 234, and It is the byte n+x of the second master key 236. As described above, the first eight sets of 16-byte decryption keys 174 generated by the key expander 152 are generated by subtraction, and the last eight sets are generated by addition. Specifically, the byte content provided by each of the selected master key pairs 234/236 is used to generate a decryption key 174 byte for each byte of the instruction data of 16 consecutive 16-bit block blocks. See Table 3 for details. For example, the symbol "15-00" in the first column of Table 3 indicates that the contents of the byte 0 of the second master key 236 are subjected to an eight-bit arithmetic operation from the first primary key. The byte 15 of the key 234 is subtracted to obtain a one-tuple valid decryption key 174 for mutual exclusion with the byte 15 in the instruction data 106 of a 16-bit block.

Given the appropriate master key value, the extended key statistics generated by the key expander 152 can effectively prevent common attacks of mutual exclusion encryption, including causing the encrypted block of the file to be shifted by the key length and encrypted. The blocks are also mutually exclusive, as discussed in more detail below. The effect of key expander 152 on selected master key pair 234/236 is that in the embodiment, the span of two instruction data 106 bytes encrypted with the exact same key in the program can be as high as 256. Bytes. In other embodiments of instruction data 106 having different block sizes, and different master key lengths, the maximum span of two instruction data 106 bytes encrypted with the same key may be of different amounts.

The master key register 142 for selecting the master key pair 234/236 and the multiplexer 212/214 within the key expander 152 also determine the extent of the effective key length. As discussed above, the embodiment shown in FIG. 2 is supplied with five master key registers 142, and the contents supplied by the master key register 142 can thus be combined in 10 ways, and the multiplexer 212/214 is used. Eight effects were selected from the above 10 possible combinations. After the 256-bit effective key length corresponding to each key pair 234/236 shown in Table 3 is combined with the eight master key pairs 234/236, the generated effective key length is 2048 bytes. In other words, the program is exactly the same The span of the two instruction data 106 bytes of the key encryption can be as high as 2048 bytes.

To further illustrate the advantages of the key extender 152, the following is a brief description of the attacks common to mutually exclusive encryption programs. If the length of the key used in the mutex encryption operation is shorter than the length of the program data of the encrypted/decrypted program, many of the bytes in the key must be reused, and the number of bytes that are reused depends on the length of the program. And set. This weakness allows the mutex command encryption program to be cracked. First, the hacker attempts to determine the length of the duplicate key. The instructions (1) through (3) shown below make it n+1. Second, the hacker assumes that each key-length block in the command data is encrypted with the same key. The following lists the data of the two-key length block obtained by encrypting according to a conventional mutual exclusion encryption operation:

among them, The byte n of the data of the first key length block will be encrypted; The byte n of the data of the second key length block will be encrypted; and k _n is the byte _n of the key. Third, the hacker performs a mutually exclusive operation on the two blocks, so that the key components are mutually exclusive, leaving the following contents:

Finally, since the calculated byte is a function of two purely literal bytes, the hacker can statistically analyze the frequency of occurrence of the plain text content in an attempt to obtain the value of the plain text byte.

However, the pattern of the encrypted instruction data 106 bytes calculated according to the manner disclosed in FIGS. 2 and 3 is as shown in the following descriptions (4) and (5):

among them a byte n indicating the instruction data of the encrypted first 16-bit block, a byte n indicating the instruction data of the encrypted second 16-bit block block, Indicates the byte n of the master key x, and A byte n indicating the master key y. As mentioned above, the master keys x and y are different keys. Assume that one embodiment provides eight master key pairs 234/236 combinations in five master key registers 142, each of which is a combination of two independent master key bytes in a 2048 byte sequence Perform a mutually exclusive operation. Therefore, when the encrypted data is shifted in any way in the 256-bit block and mutually exclusive, the obtained byte has a complex component of the two master keys, and therefore, it is not explained ( 3) The content of the calculations obtained here is not simply a plain text byte. For example, suppose the hacker chooses to align 16-bit tuple blocks in the same 256-bit tuple block and mutually exclusive operations so that the same key zeros are used in each segment, byte 0 The result of the operation is as shown in the description (6). The obtained byte has a complex combination of two master keys: Where n is not 1.

Furthermore, if the hacker is replaced by aligning 16-bit blocks selected from different 256-byte blocks and mutually exclusive operations, the byte 0 of the operation result is as shown in the description (7): Wherein at least one of the master keys u and v is different from the master keys x and y. Simulate the mutually exclusive operation of the valid key bytes generated by the random master key value to find the operation result A fairly smooth distribution is presented.

Of course, if the hacker chooses to align the 16-bit tuple blocks in different 2048-byte length blocks and mutually exclusive operations, the hacker may obtain similar results as the description (3). However, please refer to the following. First, some programs - for example, security-related programs - may be shorter than 2048 bytes. Second, the statistical correlation of the instruction bits of the 2048-bit tuple is likely to be very small, making it difficult to crack. Third, as described above, the implementation of the techniques may implement the master key register 142 in a larger number to extend the effective length of the decryption key; for example, to supply 16384 bits in 12 master key registers 142. The decryption key of the tuple length, and even other longer decryption keys. Fourth, the key download instruction 500 and the key switch instruction 600, which will be discussed below, further enable the programmer to load new values into the master key register 142 to effectively extend the key length by more than 2048 bytes. Or, if necessary, extend the key length to the full length of the program.

Referring now to Figure 4, a block diagram illustrates the flag register 128 of Figure 1 in accordance with the teachings of the present invention. According to the embodiment shown in FIG. 4, the flag register 128 includes a plurality of bits 408 of a standard x86 register; however, for the new functions described herein, the embodiment shown in FIG. 4 will be implemented in the x86 architecture. Usually one bit reserved (RESERVED). In particular, the flag register 128 includes an E-bit field 402. The E-bit field 402 is used to repair the value of the E-bit 148 of the control register 144 for switching between encryption and plain text programs and/or between different encryption programs, as discussed in more detail below. E bit field 402 indicates the target Whether the previously executed program is encrypted. If the currently executed program is encrypted, the E bit field 402 is set to the state, otherwise, it is cleared. When an interrupt event occurs and control is transferred to another program (eg, interrupt interrupt, exception exception such as page fault page fault, or task switch task switch), flag register 128 is stored. Conversely, if the control returns to the program previously interrupted by the interrupt event, the flag register 128 is repaired. The design of the microprocessor 100 updates the value of the E bit 148 of the control register 144 with the value of the E bit 402 field of the flag register 128 when the flag register 128 is repaired, as discussed in more detail below. Therefore, if an encryption program is being executed when the interruption event occurs (ie, the extraction unit 104 is in the decryption mode), when the control is returned to the encryption program, the restored E-bit field 402 causes the E-bit 148 to be set. The repair extraction unit 104 is in the decryption mode. In one embodiment, the E bit 148 and the E bit field 402 are the same specific hardware bit. Therefore, the value in the E bit field 402 of the storage flag register 128 is the storage E bit 148. And the value of the E-bit field 402 of the repair flag register 128 is the repair E-bit 148.

Referring to Figure 5, a block diagram illustrates the format of a key load instruction 500 implemented in accordance with the teachings of the present invention. The key load instruction 500 includes an opcode 502 field, which is specifically indicated as a key load instruction 500 within the microprocessor 100 instruction set. In one embodiment, the value of the opcode field 502 is 0FA6/4 (x86 field). The key load instruction 500 includes two operands: a key register file target address 504 and a secure memory source address 506. The secure storage source address 506 is a single address in the secure storage area 122 that stores a 16-bit tuple master key. Key register file address 504 identifies the address of a scratchpad in key register file 124, which will be loaded from secure storage area 122. The 16-bit tuple master key is loaded. In one embodiment, if a program attempts to execute the key load instruction 500 in the safe mode of operation of the microprocessor 100, it is considered an invalid instruction exception; in addition, if the value of the secure memory source address 506 is valid. Outside the secure storage area 122, it is considered a general protection exception. In one embodiment, if a program attempts to execute the key load instruction 500 when the microprocessor 100 is not at the highest privilege level (eg, x86 ring 0 privilege/x86 ring 0), then it is considered an invalid instruction exception. In some cases, the composition of the 16-bit tuple master key may be included in the immediate data field of the encrypted instruction. The instant data can be moved piece by piece to the secure storage area 122 to form a 16-bit tuple key.

Referring now to Figure 6, a block diagram illustrates the format of a key switch instruction 600 implemented in accordance with the teachings of the present invention. The key switch instruction 600 includes an opcode 602 field, specifically referred to as a key switch instruction 600 within the instruction set of the microprocessor 100. The key switch instruction 600 further includes a key register file index field 604 indicating the start of the key register file 124 in a sequence register to load the key into the master key register. 142. In one embodiment, if a program attempts to execute a key switch instruction 600 when the microprocessor 100 is not in the secure mode of operation, then it is considered an invalid command exception. In one embodiment, if a program intends to execute a key switch instruction 600 when the microprocessor 100 is not at the highest privilege level (e.g., x86 ring 0 privilege), then it is considered an invalid instruction exception. In one embodiment, the key switch instruction 600 is atomic, i.e., non-interruptible; as discussed herein, other instructions for loading the key to the master key register 142 are also the same - for example, The branch and switching key instructions will be discussed.

Referring now to Figure 7, a flowchart illustrates the operation of the microprocessor 100 of Figure 1, wherein the key cut described in Figure 6 is performed in accordance with the teachings of the present invention. Change instruction 600. The flow begins at block 702.

At block 702, decoding unit 108 decodes a key switch instruction 600 and substitutes the decoded result into a microcode program that implements key switch instruction 600 within microcode unit 132. Flow then proceeds to block 704.

At block 704, the microcode downloads the contents of the master key register 142 from the key register file 124 in accordance with the key register file index field 604. In a preferred embodiment, the microcode starts with a key register indicated by the key register file index field 604, and downloads n consecutive register contents from the key register file 124 as n. The keys are stored in master key register 142, where n is the total number of master key registers 142. In one embodiment, the value n may be indicated in an additional space of the key switch instruction 600, which is set to be less than the total number of master key registers 142. Flow then proceeds to block 706.

At block 706, the microcode branches the microprocessor 100 to a subsequent x86 instruction (i.e., the instruction following the key switch instruction 600), which causes all of the x86 instructions in the microprocessor 100 to be flushed with the new key switch instruction 600. All micro-ops within the microprocessor 100 that are new to the micro-ops that are switched to the subsequent x86 instructions are cleared. The emptied instructions include all of the instruction octets 106 that are extracted from the instruction cache 102, buffered in the fetch unit 104, and decoded in the decoding unit 108 for decryption and decoding. Flow then proceeds to block 708.

At block 708, based on the operation of branch 706 branching to the continuation instruction, extraction unit 104 begins to extract and decrypt instruction data 106 from instruction cache 102 using a new set of key values loaded into master key register 142 using block 704. . Flow ends at block 708.

As shown in FIG. 7, the key switching instruction 600 is in execution. The encryption program, upon being extracted from the instruction cache 102, changes the content stored in the master key register 142 for decryption of the encryption program. The master key register 142 dynamically adjusts the technique so that the effective key length of the encrypted program exceeds the length supported by the extraction unit 104 (for example, the 2048 byte provided in the embodiment of FIG. 2); The program shown, if it is operated by the microprocessor 100 of Figure 1, will be more difficult for the hacker to break the security protection of the computer system.

Referring now to Figure 8, a block diagram illustrates a memory footprint 800 of an encryption program implemented in accordance with the teachings of the present invention, wherein the key switching instruction 600 illustrated in Figure 6 is employed. The encryption program memory usage 800 shown in FIG. 8 includes a continuous number of "chun chunk" instruction data bytes. The content of each "block" is a sequence of multiple instruction data bytes (where pre-encrypted data), and the instruction data bytes belonging to the same "block" are from the same set of master key registers. 142 value decryption. Therefore, the boundaries of the two different "blocks" are defined by the key switch instruction 600. That is to say, the upper and lower bounds of each "block" are distinguished by the location of the key switching instruction 600 (or, for example, the first "block" of a program whose upper bound is the beginning of the program; Take the last "block" of the program as an example, the lower bound is the end of the program). Therefore, each "block" instruction data byte is decrypted by the extraction unit 104 based on the value of the different sets of master key register 142, meaning that the decryption of each "block" instruction data byte is based on the previous "block". The key switch instruction 600 supplied is loaded with the value of the master key register 142. The post-processor of the encryption program will know the memory address of each key switching instruction 600, and will use this information - that is, extract the relevant address bit of the address - match the key switching instruction 600 The key value generates an encryption key byte to encrypt the program. Some object file formats allow programming The meter indicates where the program is loaded into the memory, or at least specifies a specific size alignment (eg, page boundary) to provide sufficient address information to encrypt the program. In addition, some operating system presets load the program onto the page boundaries.

The key switch instruction 600 can be placed anywhere in the program. However, if the key switch instruction 600 loads a particular value into the master key register 142 for use by the next "block" instruction data byte decryption, and the key switch instruction 600 (or even the key load instruction 500) The position of each "block" is shorter than or equal to the effective key length that the extraction unit 104 can handle (for example, the 2048 byte disclosed in the embodiment of Fig. 2), the program can be used with an effective length. A key encryption equivalent to the overall program length, which is a fairly robust encryption method. Moreover, even if the use of the key switch instruction 600 is such that the effective key length is still shorter than the length of the encryption program (ie, the same set of master key register 142 values are used to encrypt multiple "blocks" of a program), Changing the "block" size (for example, not limited to all 2048 bytes) can increase the difficulty of the hacker cracking system, because the hacker must first determine the "block" encrypted by the same set of master key register 142. Where is it, and the size of the "blocks" of different lengths must be determined.

It is worth noting that the dynamic key switching implemented by the key switch instruction 600 consumes a relatively large number of clocks, mainly because the pipeline must be emptied. Moreover, in one embodiment, the key switch instruction 600 is implemented primarily in microcode, typically slower than instructions implemented in non-microcode. Therefore, code developers must consider the impact of key-switching instructions on performance and strike a balance between execution speed and security considerations for specific applications.

Referring now to Figure 9, a block diagram illustrates the technique in accordance with the present invention. A branch of the implementation and the format of the switch key instruction 900. First, the necessity of the branch and switching key command 900 will be described.

According to the disclosure of the foregoing embodiment, the instruction data of each 16-bit tuple block extracted by the extraction unit 104 by the encryption unit is a cryptographic operation (exclusive technique), and the encryption key equivalent extraction unit 104 is adopted. A decryption key 174 for each 16-bit tuple length of the instruction data 106 used to decrypt (mutually exclusive) the extracted blocks. As described above, the byte value of the decryption key 174 is calculated by the extraction unit 104 based on the following two inputs: the primary key byte value stored in the master key register 142, and the extracted value. A portion of the bit 134 of the instruction data 106 of the 16-bit block is extracted (for example, the embodiment disclosed in FIG. 2 is a bit [10:4]). Thus, a post processor that encrypts a program for execution by microprocessor 100 will know the master key byte value to be stored in master key register 142, and the address (or more limited to this bit). The number of associated bits of the address); the address indicates where the encryption program will be loaded into the memory, and the microprocessor 100 will extract the instruction data of the plurality of blocks of the encryption program from the series. Based on the above information, the post processor can appropriately generate the value of the decryption key 174 for encrypting the instruction data of each 16-bit block of the program.

As discussed above, when a branch instruction is predicted and/or executed, the extraction unit 104 updates the extraction address 134 with the branch target address. The branch instruction is transparently controlled by the extraction unit 104 as long as the encryption program has never changed (via the key switch instruction 600) the master key value stored in the master key register 142. That is, the extracting unit 104 estimates the decryption key 174 using the same master key register 142 value for decrypting the instruction data 106 of a block including the branch instruction, and decrypting the target address of the branch instruction. The instruction data of a block indicated Instructions within. However, the ability of the program to change (via the key switch instruction 600) the value of the master key register 142 means that the extracting unit 104 is likely to decrypt the decryption key 174 with a set of master key registers 142, including the branch instruction. The instruction data 106 of one block and the decryption key 174 of the different set of master key register 142 are used to decrypt the instruction in the instruction data 106 of a block indicated by the target address of the branch instruction. . One way to solve this problem is to limit the branch target address to the same "block" of the program. Another solution is to use the branch and switch key command 900 disclosed in FIG.

Referring again to Figure 9, a block diagram illustrates the format of a branch and switch key instruction 900 implemented in accordance with the teachings of the present invention. The branch and switch key instruction 900 includes an opcode 902 field indicating that it is a branch and switch key instruction 900 within the instruction set of the microprocessor 100. The branch and switch key instruction 900 further includes a key register file index field 904 indicating the beginning of a series of scratchpads in the key register file 124 to load the key into the master key. 142. The branch and switch key instruction 900 further includes a branch information field 906 that records typical information of the branch instruction - for example, information on the target address, and branch conditions. In one embodiment, a program is considered to be an invalid instruction exception if it attempts to execute a branch and switch key instruction 900 when the microprocessor 100 is not in the secure execution mode. In one embodiment, if a program attempts to execute the branch and switch key instruction 900 when the microprocessor 100 is not at the highest privilege level (eg, x86 ring 0 privilege), then the program is considered an invalid instruction exception. In one embodiment, the branch and switch key instruction 900 is atomic.

Referring to FIG. 10, a flowchart illustrates the operation of the microprocessor 100 of FIG. 1, wherein the branching and switching disclosed in FIG. 9 is performed according to the techniques of the present invention. Key instruction 900. The process begins at block 1002.

At block 1002, decoding unit 108 decodes a branch and switch key instruction 900 and substitutes it into microcode unit 132 to implement the microcode program of branch and switch key instruction 900. Flow then proceeds to block 1006.

At block 1006, the microcode resolves the branch direction (with or without) and the target address. It is worth noting that for unconditional branch instructions, the direction is adopted. Flow then proceeds to decision block 1008.

At decision block 1008, the direction in which the microcode decision block 1006 is resolved is taken. If so, the flow proceeds to block 1014. Otherwise, the flow proceeds to block 1012.

At block 1012, the microcode does not switch the key, or jumps to the target address because the branching operation is not taken. Flow ends at block 1012.

At block 1014, the microcode loads the key from the key register file 124 into the master key register 142 based on the key register file index field 904. In a preferred embodiment, the microcode starts with the location indicated by the key register file index field 904, and the n keys recorded by the n adjacent registers in the key register file 124 are carried. The master key register 142, where n is the total number of master key registers 142. In one embodiment, the value of n may be recorded in an additional space of the branch and switch key instruction 900, set to a value less than the total number of master key registers 142. Flow then proceeds to block 1016.

At block 1016, the microcode causes the microprocessor 100 to jump to the target address resolved by block 1006, which causes all x86 instructions in the microprocessor 100 to branch and switch key instruction 900 to be emptied, causing the microprocessor Within 100, All micro-ops that are new to the micro-ops that branch to the target address are emptied. The emptied instructions include all of the instruction octets 106 that are extracted from the instruction cache 102, buffered in the fetch unit 104, and decoded in the decoding unit 108 for decryption and decoding. Flow then proceeds to block 1008.

At block 1018, as block 1016 branches to the target address, extraction unit 104 begins with block 1014 loading a new set of key values for master key register 142 to begin extracting from instruction cache 102 and decrypting the instruction. Data 106. Flow ends at block 1018.

Referring now to Figure 11, a flowchart illustrates the operation of a post processor implemented in accordance with the teachings of the present invention. The post processor is a software tool that can be used to post-process a program and encrypt it for execution by the microprocessor 100 of FIG. The flow begins at block 1102.

At block 1102, the post processor receives a destination file of a program. According to one embodiment, the target address of the branch instruction within the destination file can be determined prior to execution of the program; for example, a branch instruction directed to a fixed target address. The branch instruction that determines the target address before the program runs has another form, for example, a relative branch instruction, in which an offset is recorded, which is used to add the memory address of the branch instruction to Find the branch target address. Conversely, the branch instruction that the target address does not determine before the execution of the program, one example is based on the operand stored in the scratchpad or the memory to calculate the target address, so its value may change during program execution. . Flow then proceeds to block 1104.

At block 1104, the post-processor will take the inter-chunk branch instruction with the branch and switch key instruction 900. Alternatively, the instruction 900 stores an appropriate value in the key register file index space 904, which is set based on the "block" in which the target address of the branch instruction is located. As disclosed in Figure 8, a "block" consists of a sequence of multiple instruction data bytes that will be decrypted by the same set of master key registers 142. Therefore, the "block" in which the target address of the cross-block branch instruction is located is different from the "block" of the branch instruction itself. It is worth noting that the intra-block branch - the branch instruction whose target address is in the same "block" as itself - does not have to be replaced. It is worth noting that the program that produces the source file to produce the destination file and/or the visual requirements of the compiler explicitly includes the branch and switch key instructions 900 to reduce the burden of the post processor replacing the operation. Flow then proceeds to block 1106.

At block 1106, the post processor encrypts the program. The post processor knows the memory location of each "block" and the value of the master key register 142 and uses it to encrypt the program. Flow ends at block 1106.

Referring now to Figure 12, a block diagram illustrates the format of a branch and switch key instruction 1200 implemented in accordance with another embodiment of the present technology. The branch and switch key instruction 1200 shown in FIG. 12 is applicable to branch operations where the target address is unknown before program execution, as discussed in more detail below. The branch and switch key instruction 1200 includes an opcode 1202 field to indicate that it is a branch and switch key instruction 1200 within the microprocessor 100 instruction set. Branch and switch key instruction 1200 also includes a branch information field 906 that functions similarly to the field of branch 9 of the switch key instruction 900. In one embodiment, a program is considered an invalid instruction exception if it attempts to execute the branch and switch key instruction 1200 when the microprocessor 100 is not in the secure execution mode. In one embodiment, if a program is not at the highest privilege level (eg, x86 ring 0 privilege) When the map executes a branch and switch key instruction 1200, it is regarded as an invalid instruction exception. In one embodiment, the branch and switch key instructions 1200 are atomic.

Referring now to Figure 13, a block diagram illustrates a "Block" address range table 1300 implemented in accordance with the teachings of the present invention. Table 1300 includes a plurality of units. Each unit is associated with a "block" of the encryption program. Each unit includes a location range field 1302 and a key register file index field 1304. The address range field 1302 indicates the memory address range of the corresponding "block". The key register file index field 1304 indicates the register in the key register file 124. The branch and switch key instruction 1200 loads the key value stored in the register indicated by the index into the primary key. The key register 142 is used by the extracting unit 104 to decrypt the "block" for use. As discussed below with reference to FIG. 18, table 1300 is loaded into microprocessor 100 prior to execution of the branch and switch key instruction 1200 that requires access to the contents of table 1300.

Referring now to Figure 14, a flowchart illustrates the operation of microprocessor 100 of Figure 1, wherein branch and switch key instructions 1200 of Figure 12 are performed in accordance with the teachings of the present invention. The process begins at block 1402.

At block 1402, decoding unit 108 decodes a branch and switch key instruction 1200 and substitutes it into microcode unit 132 to implement the branch and switch key instruction 1200 microcode program. Flow then proceeds to block 1406.

At block 1406, the microcode resolves the branch direction (with or without) and finds the target address. Flow then proceeds to decision block 1408.

At decision block 1408, the microcode determines whether the branch direction solved by block 1406 is taken. If so, the flow proceeds to block 1414. Otherwise, the flow proceeds to block 1412.

At block 1412, the microcode does not switch the key, or jumps to the target bit. Address because the branch was not taken. Flow ends at block 1412.

At block 1414, the microcode queries the table 1300 shown in FIG. 13 based on the target address solved by the block 1406, and obtains the key register file index field 1304 corresponding to the "block" in which the target address is located. Content. The microcode then loads the key value from the key register file 124 into the master key register 142 based on the index recorded in the key register file index field 1304. In a preferred embodiment, the microcode loads the n key values stored in the n adjacent registers from the key register file 124 according to the index stored in the key register file index field 1304. Key register 142, where n is the total number of master key registers 142. In one embodiment, the value n may be recorded in an additional field of the branch and switch key instruction 1200, less than the total number of master key registers 142. Flow then proceeds to block 1416.

At block 1416, the microcode causes the microprocessor 100 to branch to the target address resolved by block 1406, which causes all x86 instructions in the microprocessor 100 to branch and switch key instruction 1200 to be emptied, causing the microprocessor All micro-ops within the 100 micro-operations that are branched to the target address are emptied. The emptied instructions include all of the instruction octets 106 that are extracted from the instruction cache 102, buffered in the fetch unit 104, and decoded in the decoding unit 108 for decryption and decoding. Flow then proceeds to block 1418.

At block 1418, as block 1416 branches to the target address, extraction unit 104 loads the new set of key values of master key register 142 using block 1414, begins to extract and decrypt from instruction cache 102. Instruction data 106. Flow ends at block 1418.

Now, referring to Fig. 15, a block diagram illustrates the technique according to the present invention. A branch and switch key instruction 1500 format implemented by another embodiment. The branch and switch key instruction 1500 shown in Fig. 15 and its operation are similar to the branch and switch key command 1200 shown in Fig. 12. However, instead of loading the key from the key register file 124 to the master key register 142, the branch and switch key instruction 1500 loads the key from the secure storage area 122 to the master key register 142. Discussed below.

Referring now to Figure 16, a block diagram illustrates a "block" address range table 1600 implemented in accordance with the teachings of the present invention. The table 1600 shown in Fig. 16 is similar to the table 1300 shown in Fig. 13. However, instead of including a key register file index field 1304, table 1600 includes a secure memory address field 1604. The secure memory area address field 1604 records a single address in the secure memory area 122, and the key value stored in the address must be loaded into the master key register 142 by the branch and switch key instruction 1500 for the extracting unit. 104 is used when decrypting the "block". The following discussion refers to the contents of Figure 18, which is loaded into the microprocessor 100 before the branch and switch key instructions 1500 that need to query the table 1600 are executed. In one embodiment, the lower number of bits of the secure storage area 122 address need not be stored in the secure storage area address field 1604, particularly since the total amount of locations in the secure storage area 122 where a set of keys are stored is quite large. (eg, 16-bit tuple x 5), and the set of keys can be aligned along a set size range.

Referring now to Figure 17, a flowchart illustrates the operation of microprocessor 100 of Figure 1, wherein branch and switch key instructions 1500 of Figure 15 are performed in accordance with the teachings of the present invention. The process begins at block 1702. The many blocks of the flow chart of Figure 17 are similar to the many blocks of Figure 14, and are therefore numbered the same. However, block 1414 is replaced by block 1714, and the microcode is based on the target address found in block 1406. Table 1600 of Table 16 is used to obtain the value of the secure storage address field 1604 of the "block" in which the target address is located. The microcode then loads the key value from the secure storage area 122 into the master key register 142 based on the secure storage area address field 1604 value. In a preferred embodiment, the microcode loads the n key values stored in n adjacent 16-bit space locations from the secure storage area 122 from the secure memory area 122 by the secure memory address field 1604 value into the master key register 142. Where n is the total number of master key registers 142. In one embodiment, the value n can be written in an additional field in the branch and switch key instruction 1500, which is set to be less than the total number of master key registers 142.

Referring now to Figure 18, a flow diagram illustrates the operation of a post processor implemented in accordance with another embodiment of the present invention. The post processor can be used to post-process a program and encrypt it for execution by the microprocessor 100 of FIG. The flow begins at block 1802.

At block 1802, the post processor receives the destination file of a program. According to an embodiment, the branch instruction in the destination file may be determined before the execution of the program by the target address, and may be determined before the execution of the program by the target address. Flow then proceeds to block 1803.

At block 1803, the post processor creates a "block" address range table 1300 or 1600 of Figure 13 or Figure 16 for inclusion in the target file. In one embodiment, the operating system loads the table 1300/1600 into the microprocessor 100 prior to loading and executing an encryption program to enable branch and switch key commands 1200/1500 to be accessed. In one embodiment, the post processor inserts an instruction into the program to load the table 1300/1600 to the microprocessor 100 before any branch and switch key instructions 1200/1500 are executed. Flow then proceeds to block 1804.

At block 1804, similar to the previously discussed, regarding the 11th figure In operation of block 1104, the post-processor replaces each of the pre-execution target address-determinable cross-block branch instructions with the branch and switch key instruction 900 of FIG. 9, and the instruction 900 records based on the "block" of the branch instruction target address. There is a suitable key register file index field 904 value. Flow then proceeds to block 1805.

At block 1805, the post processor limits each branch instruction that determines the target address during execution to the branch and switch key shown in FIG. 12 or FIG. 15 according to the table type (1300/1600) generated by block 1803. The key instruction 1200 or 1500 is replaced. Flow then proceeds to block 1806.

At block 1806, the post processor encrypts the program. The post processor knows the location of the memory for each "block" and the value of the master key register 142, which will be used to encrypt the program. Flow ends at block 1806.

Referring now to Figure 19, a flow diagram illustrates the operation of microprocessor 100 of Figure 1, wherein the task switching between the encryption program and the plain text program is handled in accordance with the teachings of the present invention. The process begins at block 1902.

At block 1902, the E bit of the E bit field 402 of the flag register 128 and the E bit 148 of the first picture control register 144 are cleared by a reset operation of the microprocessor 100. Flow then proceeds to block 1904.

At block 1904, after performing its reset microcode initialization, the microprocessor 100 begins fetching and executing user program instructions (eg, system firmware), which are plain text program instructions. In particular, since the E bit 128 is emptied, as described above, the extracting unit 104 regards the extracted command data 106 as a plain text command. Flow then proceeds to block 1906.

At block 1906, the system firmware (eg, operating system, firmware, basic input/output system BIOS, etc.) receives a request to perform a request Encryption program. In one embodiment, the above-described requirements for executing an encryption program are accompanied by, or indicated by, a switching operation to switch to a secure execution mode of the microprocessor 100, as discussed above. In one embodiment, the microprocessor 100 is allowed to operate in a decryption mode only when in the secure execution mode (ie, the E bit 148 is in the set state). In one embodiment, the microprocessor 100 is only allowed to operate in a decryption mode in a system management mode, such as the SSM common in the x86 architecture. Flow then proceeds to block 1908.

At block 1908, the system software loads its initial value in the master key register 142, associated with the first "block" to be executed in the program. In one embodiment, the system software executes a key switch instruction 600 to download the key to the master key register 142. The contents of the key register file 124 may be loaded by one or more key load instructions 500 prior to loading the key into the master key register 142. In one embodiment, the secure storage area 122 may be first written to the key value before the key is loaded into the master key register 142 and the key register file 124, wherein the write is via a common Secure channel technology, for example, AES or RSA encryption channels to prevent hackers from snooping their values. As discussed above, the above key values may be stored in a secure non-volatile memory (eg, flash memory) coupled to the microprocessor 100 via a separate serial bus, or may be stored in the micro A non-volatile single write memory of processor 100. As discussed above, the program can be included in a single "block." That is, the program may not include the key switch instruction 600, and the entire program may be decrypted by a single set of master key registers 142. Flow then proceeds to block 1916.

At block 1916, as control transfers to the encryption program, microprocessor 100 sets E-bit field 402 of flag register 128 to indicate that it is currently executing. The program is in an encrypted version and is set to control the E bit 148 of the register 144 to cause the extraction unit 104 to be in the decryption mode. The microprocessor 100 causes the instructions within the pipeline to be refreshed, similar to the refresh operation performed by block 706 of FIG. Flow then proceeds to block 1918.

At block 1918, the extraction unit 104 extracts the instructions 106 within the encryption program and decrypts and executes it in a decryption mode with reference to the techniques disclosed in Figures 1 through 3. Flow then proceeds to block 1922.

At block 1922, when the microprocessor 100 extracts and executes the encryption program, the microprocessor 100 receives the interrupt event. For example, the interrupt event may be an interrupt interrupt, an exception exception (such as a page fault page fault), or a task switch task switch. When an interrupt event occurs, all pending instructions of the microprocessor 100 pipeline are cleared. So, if there are any previously extracted encryption instructions in the pipeline, clear them. In addition, all instruction bytes extracted from the instruction cache 102, possibly buffered in the extraction unit 104 and the decoding unit 108, waiting to be decrypted, decoded, are emptied. In one embodiment, the microcode is evoked to respond to an interrupt event. Flow then proceeds to block 1924.

At block 1924, the microprocessor 100 stores the flag register 128 (and other structural states of the microprocessor 100, including the current command index values of the interrupted encryption program) to a stack memory. Storing the E-bit field 402 value of the encryption program will cause it to be repaired in subsequent operations (at block 1934). Flow then proceeds to block 1926.

At block 1926, when control transfers to a new program (eg, interrupt handler, exception handler, or new task), microprocessor 100 clears E-bit field 402 of flag register 128, And control the E bit 148 of the register 144 to cope with the new program of plain text. That is, the embodiment shown in Fig. 19 assumes that the microprocessor 100 is only allowed to operate an encryption program at the same time, and that an encryption program is already executing (but is interrupted). Figures 22 through 26 additionally disclose other embodiments. Flow then proceeds to block 1928.

At block 1928, the extracting unit 104 extracts the instructions 106 of the new program in plain text mode with reference to the content disclosed in Figures 1 through 3. In particular, the clear state of the E bit 148 in the control register 144 causes the multiplexer 154 to mutually exclusive operation of the instruction data 106 with the multi-bit binary zero value 176 such that the instruction data 106 is not decrypted. Flow then proceeds to block 1932.

At block 1932, the new program executes a return operation from an interrupt instruction (e.g., x86 IRET) or a similar instruction return, causing control to return to the encryption program. In one embodiment, the operation returned from the interrupt instruction is implemented by microcode. Flow then proceeds to block 1934.

At block 1934, in response to the operation returned by the self-interrupt instruction, the microprocessor 100 repairs the flag register 128, causing the E-bit field 402 of the flag register 128 to return to the previous block as control moves back to the encryption program. The setting status stored in 1924. Flow then proceeds to block 1938.

At block 1938, the microprocessor 100 updates the E bit 148 of the control register 144 with the value of the E bit field 402 of the flag register 128 as the control moves back to the encryption program, causing the extraction unit 104 to re-extract and The instruction data 106 of the encryption program is decrypted. Flow then proceeds to block 1942.

At block 1942, the microcode causes the microprocessor 100 to branch to the instruction index value stored in the stacked memory in block 1924, such that the microprocessor All x86 instructions in 100 are emptied and all micro-ops in microprocessor 100 are emptied. The emptied content includes all instruction octets 106 extracted from the instruction cache 102, the buffer escaping extraction unit 104, and the decoding unit 108 waiting to be decrypted and decoded. Flow then proceeds to block 1944.

At block 1944, extraction unit 104 resumes fetching instructions 106 within the encryption program and decrypts and executes it in a decryption mode with reference to the techniques disclosed in Figures 1 through 3. Flow ends at block 1944.

Referring now to Figure 20, a flow diagram illustrates the operation of a system software implemented in accordance with the teachings of the present invention, executed by microprocessor 100 of Figure 1. The process of Fig. 20 can be executed in conjunction with the contents of Fig. 19. The process begins at block 2002.

At block 2002, the system software receives a request to execute a new encryption program. The flow then proceeds to decision block 2004.

At decision block 2004, the system software determines if the encryption program is one of the programs that the system is already executing. In one embodiment, the system software indicates by a flag whether an encryption program is one of the programs already executing in the system. If the encryption program is one of the programs that the system is already executing, the flow proceeds to block 2006, otherwise, the flow proceeds to block 2008.

At block 2006, the system software waits for the encryption program to execute and is no longer one of the programs in the system execution. The flow then proceeds to block 2008.

At block 2008, the microprocessor 100 allows the new encryption program to begin execution. The process ends at block 2008.

Referring now to Figure 21, a block diagram illustrates the field of the flag register 128 of Figure 1 in accordance with another embodiment of the present technology. The flag register 128 of Fig. 21 is similar to the embodiment shown in Fig. 4, and includes an index. The index bits are 2104. According to one embodiment, index field 2104 (similar to E bit 402) is typically a bit reserved by the x86 architecture. The index field 2104 is used to handle the switching of multiple encryption programs, as discussed in detail below. In a preferred embodiment, the key switch instruction 600 and the branch and switch key command 900/1200 update the index field 2104 of the flag register 128 with its own key register index field 604/904/1304.

Referring now to Figure 22, a flow chart illustrates the operation of microprocessor 100 of Figure 1, wherein task switching between a plurality of encryption programs is performed using flag register 128 shown in Figure 21 in accordance with the teachings of the present invention. Flow then proceeds to block 2202.

At block 2202, a request is sent to the system software to execute a new encryption program. Flow then proceeds to decision block 2204.

At decision block 2204, the system software determines if there is room in the key register file 124 for a new encryption program. In one embodiment, the request generated by block 2202 will indicate how much space is needed in the key register file 124. If there is space in the key register file 124 for the new encryption program, the flow proceeds to block 2208, otherwise, the flow proceeds to block 2206.

At block 2206, the system software waits for one or more encryption programs to complete, freeing the key register file 124 to cope with the new encryption program. Flow then proceeds to block 2208.

At block 2208, the system software configures the space in the key register file 124 to the new encryption program, and then fills in the index field 2104 in the flag register 128 to indicate the key register file 124. Newly configured space. Flow then proceeds to block 2212.

At block 2212, the system software loads the key value for use by the new program at the location of the key register file 124 configured at block 2208. As discussed above, the loaded key value may be loaded from secure storage area 122 using key load instruction 500 or, if necessary, may be securely piped from an external location of microprocessor 100. Flow then proceeds to block 2214.

At block 2214, the system software loads the key from the key register file 124 into the master key register 142 based on the key register file index field 604/904/1304. In one embodiment, the system software executes a key switch instruction 600 to load the key into the master key register 142. Flow then proceeds to block 2216.

At block 2216, as control transfers to the encryption program, microprocessor 100 sets E-bit field 402 of flag register 128 to indicate that the currently executing program is an encrypted version and sets the E-bit of control register 144. The element 148 sets the extraction unit 104 to the decryption mode. Flow ends at block 2216.

Referring now to Figure 23, a flow chart illustrates the operation of microprocessor 100 of Figure 1, wherein the flag register 128 shown in Figure 21 is utilized to cope with task switching between multiple encryption programs in accordance with the teachings of the present invention. The process begins at block 2302.

At block 2302, the currently executing program performs a return operation, returning from an interrupt instruction, causing a task to switch to the new program; the new program was previously executed but was skipped, and its structural state (eg, flag temporary) The buffer 128, the instruction indicator register, and the general purpose register are stored in the stacked memory. As previously mentioned, in one embodiment, the operation returned from the interrupt instruction is implemented by microcode. The currently executing program and the new program can be an encryption program or a plain text program. Flow proceeds to block 2304.

At block 2304, the microprocessor 100 repairs the flag register 128 in accordance with the stacked memory to cope with the program that continues to return. That is, the microprocessor 100 reloads the value of the flag register 128 stored in the stacked memory when the continuation program (ie, the program currently swapped back) is previously swapped out, to the flag register 128. Flow then proceeds to decision block 2306.

At decision block 2306, the microprocessor 100 determines if the E bit 402 of the repaired flag register 128 is in the set state. If so, the flow proceeds to block 2308; otherwise, the flow proceeds to block 2312.

At block 2308, the microprocessor 100 loads the key into the key register file 124 in accordance with the EFLAGS register 128 index field 2104 value as fixed at block 2304. Flow then proceeds to block 2312.

At block 2312, the microprocessor 100 updates the contents of the E bit 148 of the control register 144 to the value of the E bit field 402 of the flag register 128 repaired by block 2304. Therefore, if the subsequent program is an encryption program, the extraction unit 104 is set to the decryption mode, and vice versa, the text mode is set to the plain text mode. Flow then proceeds to block 2314.

At block 2314, the microprocessor 100 repairs the instruction pointer register with the contents of the stacked memory and branches to the location indicated by the instruction index, which will clear all x86 instructions of the microprocessor 100 and clear the microprocessor. All micro-operations. The cleared includes all the instruction byte groups 106 extracted from the instruction cache 102 and buffered in the extraction unit 104 and the decoding unit 108 for decryption and decoding. Flow then proceeds to block 2316.

At block 2316, the extraction unit 104 re-starts the extraction of the instruction 106 from the continuation program with reference to the techniques of Figures 1 through 3, and repairs the block as determined by block 2312. The E bit 148 value of the control register 144 operates in a decrypted mode or a plain text mode. Flow ends at block 2316.

Referring now to Figure 24, a block diagram illustrates another embodiment of a single register of the key register file 124 of Figure 1 in accordance with the present invention. According to the embodiment shown in FIG. 24, each key register file 124 further includes a bit-kill bit 2402 (kill bit, hereinafter referred to as K bit). The K bit 2402 is used to cope with the multitasking operation of the microprocessor 100 for a plurality of encryption programs, the total of which requires a key storage space larger than the space size of the key register file 124, below It will be detailed.

Referring now to Figure 25, a flow chart illustrates the operation of the microprocessor 100 of Figure 1, wherein the flag register 128 of Figure 21 and the key register file 124 of Figure 24 are implemented in accordance with the teachings of the present invention. Another implementation of task switching between encryption programs. The process shown in Figure 25 is similar to the process shown in Figure 22. The difference is that decision block 2204 determines that there is not enough free space in key register file 124, and flow of Figure 25 proceeds to block 2506 instead of block 2204 that is not present at Figure 25. Additionally, if decision block 2204 determines that there is sufficient free space in key register file 124, then the process of FIG. 25 also proceeds to block 2208 through block 2216 of FIG.

At block 2506, the system software configures the space in the key register file 124 that has been used (ie, has been configured) by other encryption programs (ie, the scratchpad) and sets the K bit 2402 of the configured scratchpad. To set the state, and then index field 2104 of flag register 128 is set to indicate the location of the new configuration space in key register file 124. The setting state of the K bit 2402 is to indicate that the key value of the other encryption program in the register is to be operated by the block 2212. Overwrite the key value of the new encryption program. However, as described in Figure 26 below, the key values of the other encryption programs will be reloaded by block 2609 in their return program. The flow of Fig. 25 proceeds to block 2506, which in turn leads to block 2212 shown in Fig. 22, ending at block 2216.

Referring now to Figure 26, a flow chart illustrates the operation of the microprocessor 100 of Figure 1, wherein the flag register 128 of Figure 21 and the key register file 124 of Figure 24 are implemented in accordance with the teachings of the present invention. Another implementation of task switching between encryption programs. The process shown in Figure 26 is similar to the process shown in Figure 23. The difference is that if decision block 2306 determines that E bit 402 of flag register 128 is set, then process 26 proceeds to decision block 2607 instead of block 2308.

At decision block 2607, the microprocessor 100 determines whether the K-bit 2402 of any register indicated by the flag register 2104 (fixed in block 2304) is indexed by the flag register 128 in the key register file 124. To set the status. If so, the flow proceeds to block 2609; if not, the flow proceeds to block 2308.

At block 2609, the microprocessor 100 generates an exception alert for processing by an exception handler. In one embodiment, the exception handler is designed in the system software. In one embodiment, the exception handler is provided by a secure execution mode architecture. Based on the flag register 128 fixed in block 2304 indexing the field 2104 value, the exception handler reloads the key of the currently repaired encryption program (i.e., the encryption program now returned) into the key register file 124. The exception handler can be actuated like block 1908 mentioned in the previous Figure 19 to load the key of the repaired encryption program into the key register file 124 or, if necessary, from the outside of the microprocessor 100. The key is loaded into secure storage area 122. Similarly, if the key register file 124 is reloaded in the temporary storage The device is used by other encryption programs, and the system software will make the K bit 2402 of its scratchpad set. Flow then proceeds to block 2308 from block 2609, and blocks 2308 through 2316 refer to FIG.

As illustrated in Figures 24 through 26, the embodiments described herein enable the microprocessor 100 to perform multi-tasking operations of multiple encryption programs, even if the encryption program requires a total of key temporary storage space more than the key. The memory 124 has a spatial size.

Referring now to Figure 27, a block diagram illustrates another embodiment of the present invention modified from microprocessor 100 of Figure 1. Elements similar to those of FIG. 1 are labeled with the same reference; for example, the instruction cache 102, the extraction unit 104, and the key register file 124. However, the extraction unit 104 is modified to include a key switching logic 2712 coupled to the master key register file 142 and the key register file 124 as described in FIG. The microprocessor 100 of FIG. 27 further includes a branch target address cache (BTAC) 2702. The BTAC 2702 receives the extracted address 134 as disclosed in FIG. 1 and is parallel to the access of the instruction cache 102, based on the extracted address 134. Based on the extracted address 134, the BTAC 2702 supplies the branch target address 2706 to the extracted address generator 164 disclosed in FIG. 1, supplying a T/NT indicator 2708 and a type indicator. 2714 gives the key switch logic 2712 and supplies a Key Register Profile (KRF) index 2716 to the Key Holder File 124.

Referring now to Figure 28, a block diagram illustrates the BTAC 2702 of Figure 27 in more detail in accordance with the teachings of the present invention. BTAC 2702 includes a BTAC matrix 2802 with a plurality of BTAC units 2808, and FIG. 29 illustrates a BTAC unit 2808 content. The information stored by the BTAC 2802 includes historical information of previously executed branch instructions to predict the direction of the branch instruction to be executed and the target address. In particular, the BTAC 2802 will use the stored history information to predict the subsequent extraction operations of the previously executed branch instructions based on the extracted address 134. Branch target address cache operations can refer to common branch prediction techniques. However, the BTAC 2802 disclosed herein is further modified to record historical information of previously executed branch and handover key commands 900/1200 for related prediction operations. In particular, the stored history record enables the BTAC 2802 to predict the set of values that the extracted branch and switch key instructions 900/1200 will load into the master key register 142 during the fetch time. This operation enables the key switch logic 2712 to load the key value before the branch and switch key instructions 900/1200 are actually executed, avoiding the need to clear the microprocessor according to the branch and switch key instructions 900/1200. The pipeline content of 100 will be discussed in detail below. Moreover, according to one embodiment, the BTAC 2802 is further modified to store historical information including previously executed key switching instructions 600 to achieve the same effect.

Referring now to Figure 29, a block diagram illustrates the contents of BTAC unit 2808 of Figure 28 in greater detail in accordance with the teachings of the present invention. Each unit 2808 includes a valid bit 2902 indicating whether the belonging unit 2808 is active. Each unit 2808 further includes a flag field 2904 for comparison with a portion of the content of the extracted address 134. If the selected portion 2808 of the index portion of the extracted address 134 is such that the marked portion of the extracted address 134 matches the valid flag 2904 therein, the address 134 is extracted to center the BTAC 2802. Each array unit 2808 further includes a target address field 2906 for storing the target address of the previously executed branch instruction - including the branch and switch key instruction 900/1200. Each array unit 2808 further includes an adoption/not Field 2908 is used to store the previously executed branch instructions - including the direction of the branch and switch key instructions 900/1200 - (taken/not taken). Each array unit 2808 further includes a key register file index 2912 field for storing the previously executed branch and switch key instructions 900/1200 key register file index 904/1304 records, Discuss it in detail. According to one embodiment, the BTAC 2802 stores a key register file index 604 record of the previously executed key switch instruction 600 in its key register file index 2912 field. Each array unit 2808 further includes a type field 2914 indicating the type of command being recorded. For example, the type field 2914 may indicate that the recorded history command is a call, a return, a conditional jump, an unconditional jump, a branch and switch key instruction 900/1200, or Key switch instruction 600.

Referring now to Figure 30, a flowchart illustrates the operation of microprocessor 100 of Figure 27, wherein microprocessor 100 includes BTAC 2802 as disclosed in Figure 28 in accordance with the teachings of the present invention. The process begins at block 3002.

At block 3002, the microprocessor 100 executes a branch and switch key instruction 900/1200, which will be detailed below in FIG. Flow then proceeds to block 3004.

At block 3004, the microprocessor 100 configures an array unit 2808 in the BTAC 2802 for the executed branch and handover key commands 900/1200, the direction and destination address from which the branch and handover key commands 900/1200 are resolved. The key register file index 904/1304 and the command pattern are respectively recorded in the configured/not used field 2908 of the array unit 2808, the target address field 2906, and the key register file index 2912. Bit, and type field 2914, as This branch and switch key command 900/1200 history information. Flow ends at block 3004.

Referring now to Figure 31, a flowchart illustrates the operation of microprocessor 100 of Figure 27, wherein microprocessor 100 includes BTAC 2802 disclosed in Figure 28 in accordance with the teachings of the present invention. The process begins at block 3102.

At block 3102, the fetch address 134 is supplied to the instruction cache 102 and the BTCA 2802. Flow then proceeds to block 3104.

At block 3104, the address 134 is extracted in the middle of the BTAC 2802, and the BTAC 2802 will correspond to the target address 2906 of the array unit 2808, with/without 2908, the key register file index 2912 field, and the content of the type 2914 field. Output is performed by target address 2706, adoption/non-use indicator 2708, key register file index 2716, and type indicator 2714, respectively. In particular, the pattern field 2914 is used to indicate that the stored instruction is a branch and switch key instruction 900/1200. Flow then proceeds to decision block 3106.

At decision block 3106, the key switch logic 2712 determines that the branch and switch key command 900/1200 is predicted to be employed by the BTAC 2802 by verifying the adopt/disuse output 2708. If the take/not output 2708 display branch and switch key command 900/1200 is predicted to be employed, the flow then proceeds to block 3112; otherwise, the flow proceeds to block 3108.

At block 3108, the microprocessor 100, along with the branch and switch key command 900/1200, transmits an indication that the BTAC 2802 predicts that it is not being taken. (In addition, if the branch/switch key instruction is predicted to be employed with/without output 2708, microprocessor 100 displays BTAC along block 3112 along with the branch and switch key command 900/1200. 2802 predicts that it will be picked use). The process ends at 3108.

At block 3112, the extracted address generator 164 updates the extracted address 134 with the target address 2706 predicted by the BTAC 2802 at block 3104. Flow then proceeds to block 3114.

At block 3114, based on the key register file index 2712 predicted by the BTAC 2802 at block 3104, the key switch logic 2712 updates the location in the master key register 142 with the location of the key register file 124 indicated therein. Key value. In one embodiment, the key switch logic 2712 will delay the extraction unit 104 to extract the blocks within the instruction data 106 until necessary, until the master key register 142 is updated, as necessary. Flow then proceeds to block 3116.

At block 3116, the extraction unit 104 continues to extract and decrypt the instruction data 106 using the new master key register 142 content loaded by the block 3114. Flow ends at block 3116.

Referring now to Figure 32, a flowchart illustrates the operation of microprocessor 100 of Figure 27, in which a branch and switch key instruction 900/1200 is performed in accordance with the teachings of the present invention. The flowchart of Fig. 32 is similar to the flow of Fig. 10 in a certain aspect, and similar blocks are given the same reference numerals. Although the discussion of FIG. 32 is based on the contents of FIG. 10, its application may further consider the branch and switch key instruction 1200 operations described in FIG. The process of Figure 32 begins at block 1002.

At block 1002, decoding unit 108 decodes a branch and switch key instruction 900/1200 and substitutes it into microcode unit 132 to implement the microcode program for branch and switch key instructions 900/1200. Flow then proceeds to block 1006.

At block 1006, the microcode resolves the branch direction (ie, taken/not taken) and the target address. Flow then proceeds to block 3208.

At block 3208, the microcode determines if the BTAC 2802 provides a prediction for the branch and handover key command 900/1200. If so, the flow then proceeds to decision block 3214; if not, the flow then proceeds to block 1008 of FIG.

At decision block 3214, the microcode determines whether the prediction made by the BTAC 2802 is correct by using the direction of the adoption/non-use indicator 2708 and the target address 2706 delivered by the BTAC 2802 and the block 1006 and the target address. If the prediction of BTAC 2802 is correct, the process ends; otherwise, the flow proceeds to decision block 3216.

At decision block 3216, the microcode determines if this incorrect BTAC 2802 prediction has been taken. If so, the flow proceeds to block 3222; if not, the flow proceeds to block 1014 of FIG.

At block 3222, the microcode repairs the contents of the master key register 142 because the BTAC 2802's erroneous prediction of the branch and switch key instructions 900/1200 is employed, resulting in the incorrect key value of block 31, block 31. Load it. In one embodiment, key switching logic 2712 includes the storage elements and logic required to repair master key register 142. In one embodiment, the microcode generates an exception alert to an exception handler to repair the master key register 142. In addition, the microcode causes the microprocessor 100 to branch to jump to the x86 instruction following the branch and switch key instruction 900/1200, causing all x86 instructions in the microprocessor 100 to be new to the branch and switch key instructions 900/1200. It is emptied and all microcodes in the microprocessor 100 that are newer than the microcode that branches to the target address are emptied. The emptied content includes all instruction byte groups 106 that are read from the instruction cache 102 and buffered in the extraction unit 104 and the decoding unit 108 for decoding. With the branch-to-continuous instruction, the extraction unit 104 begins extracting and decrypting the instruction data 106 from the instruction cache 102 using the set of repaired key values in the master key register 142. Flow ends at block 3222.

In addition to the security advantages brought by the instruction decryption implementation implemented by the microprocessor 100 described above, the inventors have developed a recommended coding guide, which can be used in conjunction with the above embodiments to reduce the actual usage of x86 instructions. A hacking attack developed with statistical techniques for encrypting x86 code.

First, since the hacker usually assumes that the extracted 16-byte tuple instruction data 106 is all x86 instructions, the "holes" should be added between the 16-bit tuple blocks in the encoding process relative to the program execution flow. "." That is to say, its encoding should jump some instruction bytes with multiple instructions, and generate multiple "holes" with unencrypted bytes, which can be filled with appropriate values to increase the entropy of plain text bytes. (entropy). In addition, if the entropy value of a pure text byte is further improved, the encoding can use real-time data values whenever possible. In addition, the immediate data value can be used as a false clue to point to the wrong instruction opcode address.

Second, the encoding may include a special NOP instruction including a "disregard" field filled with appropriate values to increase the entropy value described above. For example, the x86 instruction 0x0F0D05xxxxxxxx belongs to a 7-byte NOP, where the last four bytes can be any value. In addition, there are other variations in the opcode format of the NOP instruction and the number of "don't care" bytes.

Third, many x86 instructions have the same basic functionality as other x86 instructions. For an equivalent function instruction, the code can discard the same instruction repeatedly, use multiple patterns and/or adopt a pattern that increases the pure text entropy value. For example, the instruction 0xC10107 and the instruction 0xC10025 do the same thing. very To that, some equivalent instructions are presented in versions of different lengths, for example, 0xEB22 and 0xE90022; therefore, encodings of various lengths but with the same effect can be used for encoding.

Fourth, the x86 architecture allows for the use of redundant and meaningless opcode prefixes, so the encoding can be applied with care to increase the entropy. For example, the instructions 0x40 and 0x2627646567F2F340 do exactly the same thing. Because there are only 8 secure x86 prefixes, they need to be carefully placed in the code to avoid excessive frequency.

Although various embodiments have been described in which the key expander rotates and adds/subtracts a pair of values in the master key register value, other embodiments may be considered, wherein the key expander may be more The operations are performed on the two master key register values, and in addition, the operations performed may be different from the rotation and addition/subtraction operations. In addition, the key switching instruction 600 disclosed in FIG. 6 and the branch and handover key instruction 900 disclosed in FIG. 9 may have other embodiments, for example, loading a new key value from the secure storage area 122 into the master key. The scratchpad 142 is instead loaded by the key register file 124, and other implementations of the branch and switch key instructions 1500 introduced in FIG. 15 store the address of the secure memory area 122 in the index field 2104. . In addition, although various embodiments have been described to adjust the BTAC 2702 storage KRF index mate branch and switch key command 900/1200 usage, there are other embodiments for adjusting the BTAC 2702 storage secure memory address to match the branch and switch key command 1500. use.

In particular, since the decryption key 174 is derived from the first and second keys 234 and 236, the master key 172 (including the first and second keys 234 and 236 that make up any particular key pair) can be replaced by decryption. Key element Primitives). "Primary" is used herein as an antonym of "derivative".

The various embodiments of the invention described above are merely illustrative and are not intended to limit the scope of the invention. Many variations in form and detail may be made by those skilled in the art of the related art without departing from the scope of the invention. For example, the manner in which the apparatus, methods, and methods discussed in this section can be implemented in a software, such as a function, fabrication, modularization, simulation, description, and/or testing. Implementations include general programming languages (eg, C, C++), hardware description languages including Verilog HDL, VHDL, etc., or other available programming tools. The software can be embodied on any known computer readable medium, such as a magnetic tape, semiconductor, magnetic disk, or optical disk (eg, CD-ROM, DVD-ROM, etc.), network, wired transmission, wireless, or other communication medium. . Embodiments of the apparatus and method may be embodied in a semiconductor intellectual property core, such as a microprocessor core (eg, implemented in HDL), and may be implemented in hardware as an integrated circuit. In addition, the apparatus and method described can be implemented by a combination of soft and hard. Therefore, the scope of the invention should not be limited to any of the described embodiments, and should be defined by the following claims and their equivalents. In particular, the techniques of the present invention can be implemented in a microprocessor employed in a general purpose computer. It should be noted that those skilled in the art may have the same effect as the present invention without departing from the scope of the invention as defined by the claims, and the design or modification of other architectures based on the disclosed embodiments.

100‧‧‧Microprocessor

102‧‧‧ instruction cache memory

104‧‧‧Extraction unit

106‧‧‧Instruction data (can be encrypted)

108‧‧‧Decoding unit

112‧‧‧Execution unit

114‧‧‧Exporting unit

118‧‧‧Universal register

122‧‧‧Safe storage area

124‧‧‧Key Register File

128‧‧‧flag register

132‧‧‧microcode unit

134‧‧‧ extract address

142‧‧‧Master Key Register

144‧‧‧Control register

148‧‧‧E-bit

152‧‧‧Key Expander

154‧‧‧Multiplexer

156‧‧‧ mutually exclusive logic

162‧‧‧ plain text instruction data

164‧‧‧ extract address generator

172‧‧‧Two sets of keys

174‧‧‧ decryption key

176‧‧‧Multi-digit binary zero value

178‧‧‧ Output of multiplexer 154

ZEROES‧‧‧ multi-digit binary zero value

Claims (17)

A microprocessor comprising: a secure memory, configured to store and provide a key for key writing, for decrypting an encrypted instruction; an instruction processing pipeline for setting up and executing instructions from a cache memory, The method further includes: an extracting unit extracting an unencrypted and encrypted instruction in an instruction set architecture supported by the microprocessor; and a decrypting circuit for receiving an encryption key from the key of the secure memory Decryption; and one or more execution units, executing instructions, or executing micro instructions that are translated by the instructions, wherein the instruction set architecture includes a key storage instruction for storing one or more key secrets Key to the secure memory, wherein the microprocessor supports an encrypted key storage instruction, wherein the microprocessor uses an encrypted key storage instruction with a first set of one or more keys The written key decrypts the encrypted key storage instruction, and then executes the decrypted key storage instruction, and then uses a second set of ones provided by the encrypted key storage instruction Or a key written by a plurality of keys decrypts one or more encrypted instructions of a subsequent group, and the microprocessor thus enables an encrypted program to provide a plurality of sets of keys for subsequent decryption changes of the plurality of sets of program instructions. Key. The microprocessor of claim 1, wherein the instruction set architecture includes a secure execution mode instruction, requiring switching from a general execution mode to a A secure execution mode in which the microprocessor limits decryption of the encrypted program until the microprocessor enters the secure execution mode. The microprocessor of claim 2, wherein the microprocessor condition allows the request according to whether the format of a required instruction to switch to the secure execution mode has an encrypted parameter, and the matching instruction is one. A privileged program or part of a program whose decrypted parameters are decrypted to meet the preset requirements for running the encrypted program. The microprocessor of claim 3, wherein the encryption parameter and the program are encoded by different key writers. The microprocessor of claim 1, wherein the key storage instruction provides the content of the key written by one or more keys in an immediate data field. The microprocessor of claim 1, wherein the decrypted instruction or the decrypted instruction is executed and the decrypted instruction or microinstruction is not exposed. The microprocessor of claim 1, further comprising a processor bus, wherein the secure memory is not accessible by the processor bus. The microprocessor of claim 1, further comprising a cache memory, the hierarchy isolating the secure memory. The microprocessor of claim 1 further includes an AES or RSA encryption channel, such that the value of the key written by the key is written to the secure memory. The microprocessor of claim 1, wherein the secure memory is not accessible by a program executing in a non-privileged execution mode. A method for securely executing instructions in a microprocessor, comprising: storing a first set of one or more key-written keys to a secure memory, Decryption of instructions for encryption; caching a first set of encrypted instructions; decrypting the first set of encrypted instructions using the keys of the first set of one or more keys; cache encryption a key storage instruction for storing a key of a second set of one or more keys to the secure memory for decryption of the encrypted instruction; using the first set of one or more keys Writing the key to decrypt the encrypted key storage instruction; storing the key of the second group of one or more keys to the secure memory for decryption of the key storage instruction; a second set of encrypted instructions; the second set of encrypted instructions are decrypted using the keys of the second set of one or more keys. The method of claim 11, further comprising performing a secure execution mode switch, requiring switching from a general execution mode to a secure execution mode, wherein the microprocessor limits decryption of the encrypted instruction until the micro process The device enters this secure execution mode. According to the method of claim 12, according to whether the format of the instruction to switch to the security execution mode has an encrypted parameter, the requirement to switch to the security execution mode is allowed, and the matching instruction is one. A privileged program or part of a program whose decrypted parameters are decrypted to meet the preset requirements for running the encrypted program. For example, the method described in claim 13 is written with a different key. The machine creates the encryption parameters and the encryption of the program. The method of claim 11, wherein the key storage instruction provides the content of the key written by one or more keys in the immediate data field. For example, in the method described in claim 11, the value of the key written by the key is written into the secure memory via an AES or RSA encryption channel. A computer program product, encoded in at least one non-transitory computer medium, operated by an computing device, the computer program product further comprising: a computer program code, the microprocessor described in the non-transitory computer medium, the computer The code includes: a first code, describing a secure memory storage, and providing a key for key writing, decryption of an instruction for encryption; and a second code describing a command processing pipeline from a cache The memory extracts and executes the instruction, and the instruction processing pipeline further includes: a third code, describing an extracting unit extracting an unencrypted and encrypted instruction in an instruction set architecture supported by the microprocessor, wherein the instruction set architecture a key storage instruction for storing one or more key coded keys to the secure memory, and the microprocessor supports an encrypted key storage instruction; a fourth code describing a decryption circuit Decryption of the encrypted key received from the key of the secure memory; and a fifth code describing one or more execution units executing the instruction, Executed instruction was translated microinstructions, a sixth code describes the architecture of the microprocessor, in response to an encryption key store instructions, wherein in the preparation of a, or a plurality of keys of the first group The key decrypts the encrypted key storage instruction, and then executes the decrypted key storage instruction, and then uses the key of the second group of one or more keys provided by the encrypted key storage instruction. Decrypting one or more encrypted instructions of a subsequent group.