US20070288761A1 - System and method for booting a multiprocessor device based on selection of encryption keys to be provided to processors - Google Patents

System and method for booting a multiprocessor device based on selection of encryption keys to be provided to processors Download PDF

Info

Publication number
US20070288761A1
US20070288761A1 US11/423,304 US42330406A US2007288761A1 US 20070288761 A1 US20070288761 A1 US 20070288761A1 US 42330406 A US42330406 A US 42330406A US 2007288761 A1 US2007288761 A1 US 2007288761A1
Authority
US
United States
Prior art keywords
processors
processor
boot
random
key value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US11/423,304
Inventor
Jason N. Dale
JONATHAN J. DeMENT
Clark M. O'niell
Christopher J. Spandikow
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Priority to US11/423,304 priority Critical patent/US20070288761A1/en
Assigned to INTERNATIONAL BUSINESS MACHINES CORPORATION reassignment INTERNATIONAL BUSINESS MACHINES CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: O'NIELL, CLARK M., SPANDIKOW, CHRISTOPHER J., DEMENT, JONATHAN J., DALE, JASON N.
Assigned to INTERNATIONAL BUSINESS MACHINES CORPORATION reassignment INTERNATIONAL BUSINESS MACHINES CORPORATION CORRECTIVE ASSIGNMENT TO CORRECT THE THE EXECUTION DATE OF THE PATENT APPLICATION PREVIOUSLY RECORDED ON REEL 017763 FRAME 0102. ASSIGNOR(S) HEREBY CONFIRMS THE JASON N. DALE, JONATHAN J. DEMENT, CLARK M. O'NIELL, CHRISTOPHER J. SPANDIKOW. Assignors: DALE, JASON N., DEMENT, JONATHAN J., O'NIELL, CLARK M., SPANDIKOW, CHRISTOPHER J.
Priority to CN200710105561.8A priority patent/CN100501756C/en
Publication of US20070288761A1 publication Critical patent/US20070288761A1/en
Priority to US12/120,808 priority patent/US7779273B2/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • G06F15/16Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
    • G06F15/177Initialisation or configuration control
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/4401Bootstrapping
    • G06F9/4405Initialisation of multiprocessor systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
    • H04L9/0662Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2123Dummy operation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/04Masking or blinding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/08Randomization, e.g. dummy operations or using noise

Definitions

  • the present application relates generally to an improved data processing system and method. More specifically, the present application is directed to a system and method for booting a multiprocessor device based on selection of encryption keys to be provided to processors.
  • an intruder may gain access to a computing system through electrical interfaces and other observable electromagnetic or thermal activity. By observing the boot activity in this way, the intruder may deduce what data signals are being input and output by the boot processor, what cryptographic algorithms are running on the processors, and the like. From this information, an intruder may detect points in the boot sequence where unauthorized intrusion may be made. Moreover, with secure boot sequences in which security keys are required for booting of the system, the intruder may reverse the cryptographic algorithm used by the boot processor to obtain access to the security keys and thereby be given complete access to the computing system. Since the overall security of the computing system is often dependent upon the security of the boot process, when the intruder gains access to the boot sequence, the security of the entire system may be at risk.
  • the illustrative embodiments provide a system and method for selecting a random processor to boot a multiprocessor system and for booting a multiprocessor device based on selection of encryption keys to be provided to processors.
  • randomizing which processor will be used to boot the multiprocessor system the ability of unauthorized persons to monitor the electrical interfaces, thermal activity, and other electromagnetic activity to obtain information about the boot sequence for purposes of defeating the security of the system is made more difficult.
  • the would-be intruder would either need to run the boot sequence many different times while monitoring a single processor in hopes that it may be randomly selected as the boot processor, or monitor all of the processors at boot in order to determine which one was the actual boot processor. Both options require considerable effort on the part of the would-be intruder that may act as a deterrent from actually attempting to monitor the system to obtain boot sequence information or at least add significant delay to the time it would take the would-be intruder to compromise the system.
  • pervasive logic is provided on a multiprocessor system, such as a system-on-a-chip, that controls the boot operation of the multiprocessor system.
  • the pervasive logic includes a random event generator which randomly selects which processor in the multiprocessor system is to be the boot processor that runs the boot code to thereby bring the system into an operational state. Based on the random selection of a boot processor, a configuration bit associated with the boot processor is set indicating that processor to be the boot processor. Thereafter, the selected boot processor is provided with the necessary security key(s) for secure booting of the multiprocessor system into an operational state.
  • the other processors of the multiprocessor system perform operations to mask the real secure boot operation.
  • This masking may involve executing other code sequences, other than the boot code sequence, that cause the processors to generate electromagnetic and/or thermal outputs that, if monitored by an interloper, would make it difficult for the interloper to distinguish which processor is performing the actual secure boot operation.
  • One way in which a different code sequence may be generated is by inserting random delay elements into the boot code that run loops which iterate a random amount. In this way, each processor may run the boot code but with differing delay amounts thereby causing different electromagnetic and thermal signatures to be generated. From an interloper's perspective, it will be very difficult to discern the actual boot processor from the other processors in the multiprocessor system due to such masking.
  • the code sequences performed by the other processors are the same boot code sequence that the randomly selected processor executes but with dummy security keys.
  • these other processors operate and look, to an interloper, as if they are performing the secure boot operation.
  • false electromagnetic and thermal outputs are identified that make it difficult for the interloper to determine if the monitored processor is the actual randomly selected processor that is performing the secure boot operation.
  • masking of the randomly selected boot processor may be performed by providing a dummy processor.
  • the dummy processor appears, from an electromagnetic, thermal, etc., monitoring apparatus perspective, as if it is unique by running processes different from the boot code sequence on this dummy processor to thereby redirect attacks on the system to this dummy processor.
  • the interloper when an interloper attempts to access the system by getting around the security mechanisms, the interloper only accesses a dummy processor that does not have actual access to the rest of the multiprocessor system.
  • the boot code sequence may be distributed across a plurality of processors in the multiprocessor system.
  • the number of processors that must be compromised in order to obtain complete information about the boot sequence and thereby circumvent security measures is increased.
  • the distributed boot operation of the illustrative embodiments is more secure than multiprocessor data processing systems that utilize a single secure core.
  • the boot operation fails, thereby preventing an unauthorized individual from circumventing the security of the system.
  • the boot code sequence is partitioned into a plurality of partitions such that each partition may be provided to a different processor of the multiprocessor system. As each partition of the boot code sequence is executed, that partition must complete correctly on its respective processor before the boot code sequence may proceed on another processor.
  • a secure communication mechanism is used to communicate satisfactory completion of a previous partition of the boot code sequence.
  • This secure communication mechanism may include a security token, such as an encrypted password or other security identifier, e.g., a public/private encryption key pair, that indicates that the previous session was not compromised. In this way, a chain of dependent “sessions” are created that must complete satisfactorily.
  • the processors that are involved in the distributed execution of the boot code may be all of the processors in the multiprocessor system or a sub-set of the processors in the multiprocessor system.
  • a random selection mechanism such as that described above for selecting a single boot processor, may be used to randomly select a plurality of boot processors to be used in booting the system in a distributed manner.
  • the particular partitions of the boot code that are executed by the processors may be randomly selected such that, with each power-on reset (POR) operation, the same processor may or may not execute the same boot code partition as in a previous POR operation.
  • POR power-on reset
  • processors of the multiprocessor system i.e. non-boot processors
  • the distributed boot code sequence operation of the present illustrative embodiment may be combined with one or more of the previously described illustrative embodiments.
  • a method in a data processing system having a plurality of processors, for booting the data processing system.
  • the method may comprise receiving, in each processor of the plurality of processors, a secret key value and at least one random key value.
  • One of the processors of the plurality of processors may be randomly selected to be a boot processor.
  • Each of the processors of the plurality of processors may select a key value for the processor based on the random selection of the boot processor. Only the boot processor is permitted to select the secret key as its corresponding key value with each of the other processors of the plurality of processors selecting one of the at least one random key value as their corresponding key value.
  • the boot processor may receive encrypted boot code from an encrypted boot code storage and may decrypt the encrypted boot code using the secret key value. The boot processor may then execute the decrypted boot code to thereby boot the data processing system to an operational state.
  • Each processor of the plurality of processors may receive the secret key value and a predetermined number of random key values.
  • the predetermined number of random key values may be equal to a number of processors in the plurality of processors.
  • Each processor of the plurality of processors that is not selected to be the boot processor may select a different key value from the at least one random key value.
  • Bach processor in the plurality of processors may comprise a multiplexer.
  • the secret key value and the at least one random key value may be provided as inputs to the multiplexer of each processor in the plurality of processors and a select signal may be provided to each multiplexer of each processor in the plurality of processors.
  • the select signal input to a multiplexer of a processor may have an associated value corresponding to the selection of the key value for the processor.
  • Randomly selecting one of the processors of the plurality of processors to be a boot processor may comprise using a random event generator provided in pervasive logic of the data processing system to generate a random value and decoding the random value to identify a processor from the plurality of processors in the data processing system to be the boot processor.
  • the random event generator may comprise a linear feedback shift register (LFSR) counter and a ring oscillator coupled to the LFSR. The ring oscillator may provide an input to the LFSR to thereby generate a random value.
  • LFSR linear feedback shift register
  • the at least one random key value may comprise a plurality of random key values.
  • Each random key value in the plurality of random key values may be generated by a separate random key value generator.
  • each random key value in the plurality of random key values may be generated by a same random key value generator.
  • the data processing system may be a heterogeneous multiprocessor system-on-a-chip.
  • the heterogeneous multiprocessor system-on-a-chip may have a first processor that operates according to a first instruction set and one or more second processors that operate according to a second instruction set different from the first instruction set.
  • the first instruction set may be, for example, a RISC instruction set and the second instruction set may be, for example, a SIMD instruction set.
  • a data processing system comprises a plurality of processors, pervasive logic coupled to the processors, at least one random key generator coupled to the plurality of processors, an encrypted boot code storage coupled to the plurality of processors, and a secret key storage coupled to the plurality of processors.
  • Each processor of the plurality of processors may receive a secret key value from the secret key storage and at least one random key value from the at least one random key generator.
  • the pervasive logic may randomly select one of the processors of the plurality of processors to be a boot processor.
  • Each processor of the processors of the plurality of processors may select a key value for the processor based on the random selection of the boot processor.
  • the boot processor may receive encrypted boot code from the encrypted boot code storage and may decrypt the encrypted boot code using the secret key value. The decrypted boot code may then be executed by the boot processor to thereby boot the data processing system to an operational state.
  • Each processor of the plurality of processors may receive the secret key value and a predetermined number of random key values.
  • the predetermined number of random key values may be equal to a number of processors in the plurality of processors.
  • Each processor of the plurality of processors that were not selected to be the boot processor may select a different key value from the at least one random key value.
  • Each processor in the plurality of processors may comprise a multiplexer.
  • the secret key value and the at least one random key value may be provided as inputs to the multiplexer of each processor in the plurality of processors and a select signal may be provided to each multiplexer of each processor in the plurality of processors.
  • the select signal input to a multiplexer of a processor may have an associated value corresponding to the selection of the key value for the processor.
  • the pervasive logic may comprise a random event generator and a decoder.
  • the pervasive logic may randomly select one of the processors of the plurality of processors to be a boot processor by using the random event generator to generate a random value and using the decoder to decode the random value to identify a processor from the plurality of processors in the data processing system to be the boot processor.
  • the random event generator may comprise a linear feedback shift register (LFSR) counter and a ring oscillator coupled to the LFSR. The ring oscillator may provide an input to the LFSR to thereby generate a random value.
  • LFSR linear feedback shift register
  • the at least one random key value may comprises a plurality of random key values.
  • Each random key value in the plurality of random key values may be generated by a separate random key value generator.
  • each random key value in the plurality of random key values may be generated by a same random key value generator.
  • a computer program product comprising a computer useable medium having a computer readable program.
  • the computer readable program when executed on a data processing system, may cause the data processing system to perform various ones, and combinations of, the operations outlined above with regard to the method illustrative embodiment described previously.
  • FIG. 1 is an exemplary block diagram of a multiprocessor system in which the illustrative embodiments may be implemented
  • FIG. 2 is an exemplary diagram illustrating the primary operational components of a random boot processor selection mechanism in accordance with one illustrative embodiment
  • FIG. 3A is an exemplary diagram illustrating a random selection mechanism in accordance with one illustrative embodiment
  • FIG. 3B is a graphical representation of jitter introduced into the input to a LFSR counter of a random event generator in accordance with one illustrative embodiment
  • FIG. 3C is an exemplary diagram illustrating an illustrative embodiment in which a secret key and a plurality of randomly generated key values are provided to processors using parallel signal lines;
  • FIGS. 4A-4D are exemplary diagrams illustrating masking operations for masking a secure boot operation of a randomly selected boot processor in accordance with illustrative embodiments
  • FIG. 5 is a flowchart outlining an exemplary operation for randomly selecting a processor in a multiprocessor system as a boot processor
  • FIG. 6 is a flowchart outlining an exemplary operation for masking a boot code sequence in accordance with one illustrative embodiment
  • FIG. 7A is an exemplary diagram illustrating a distributed boot operation configured as a daisy chain or ring arrangement in accordance with one illustrative embodiment
  • FIG. 7B is an exemplary diagram illustrating a distributed boot operation configured as a master/slave arrangement in accordance with one illustrative embodiment.
  • FIG. 8 is a flowchart outlining an exemplary operation for distributed booting of a multiprocessor system in accordance with one illustrative embodiment.
  • the illustrative embodiments provide an apparatus and method for selecting a random processor to boot on a multiprocessor system.
  • the illustrative embodiments may be implemented for use with any multiprocessor system in which one of the processors may be selected for booting the multiprocessor system.
  • the mechanisms of the illustrative embodiments are applicable to symmetric multiprocessor (SMP) systems, heterogeneous multiprocessor systems, non-coherent asymmetrical multiprocessor systems, and the like.
  • CBE Cell Broadband Engine
  • FIG. 1 is an exemplary block diagram of a data processing system in which aspects of the present invention may be implemented.
  • the exemplary data processing system shown in FIG. 1 is an example of the Cell Broadband Engine (CBE) data processing system. While the CBE will be used in the description of the preferred embodiments of the present invention, the present invention is not limited to such, as will be readily apparent to those of ordinary skill in the art upon reading the following description.
  • CBE Cell Broadband Engine
  • the CBE 100 includes a power processor element (PPE) 110 having a power processor unit (PPU) 116 and its L1 and L2 caches 112 and 114 , and multiple synergistic processor elements (SPEs) 120 - 134 that each has its own synergistic processor unit (SPU) 140 - 154 , memory flow control 155 - 162 , local memory or store (LS) 163 - 170 , and bus interface unit (BIU unit) 180 - 194 which may be, for example, a combination direct memory access (DMA), memory management unit (MMU), and bus interface unit.
  • a high bandwidth internal element interconnect bus (EIB) 196 , a bus interface controller (BIC) 197 , and a memory interface controller (MIC) 198 are also provided.
  • the CBE 100 may be a system-on-a-chip such that each of the elements depicted in FIG. 1 may be provided on a single microprocessor chip. Moreover, the CBE 100 is a heterogeneous processing environment in which each of the SPUs may receive different instructions from each of the other SPUs in the system. Moreover, the instruction set for the SPUs is different from that of the PPU, e.g., the PPU may execute Reduced Instruction Set Computer (RISC) based instructions while the SPUs execute Single Instruction Multiple Data (SIMD) instructions.
  • RISC Reduced Instruction Set Computer
  • SIMD Single Instruction Multiple Data
  • the SPEs 120 - 134 are coupled to each other and to the L2 cache 114 via the EIB 196 .
  • the SPEs 120 - 134 are coupled to MIC 198 and BIC 197 via the EIB 196 .
  • the MIC 198 provides a communication interface to shared memory 199 .
  • the BIC 197 provides a communication interface between the CBE 100 and other external buses and devices, such as a SouthBridgeTM communications processor, for example.
  • the PPE 110 is a dual threaded PPE 110 .
  • the combination of this dual threaded PPE 110 and the eight SPEs 120 - 134 makes the CBE 100 capable of handling 10 simultaneous threads and over 128 outstanding memory requests.
  • the PPE 110 acts as a controller for the other eight SPEs 120 - 134 which handle most of the computational workload.
  • the PPE 110 may be used to run conventional operating systems while the SPEs 120 - 134 perform vectorized floating point code execution, for example.
  • the SPEs 120 - 134 comprise a synergistic processing unit (SPU) 140 - 154 , memory flow control units 155 - 162 , local memory or store 163 - 170 , and bus interface units 180 - 194 .
  • the local memory or store 163 - 170 in one exemplary embodiment, comprises a 256 KB instruction and data memory which is visible to the PPE 110 and can be addressed directly by software.
  • the PPE 110 may load the SPEs 120 - 134 with small programs or threads, chaining the SPEs together to handle each step in a complex operation.
  • a set-top box incorporating the CBE 100 may load programs for reading a DVD, video and audio decoding, and display, and the data would be passed off from SPE to SPE until it finally ended up on the output display.
  • each SPE 120 - 134 gives a theoretical 32 GFLOPS of performance with the PPE 110 having a similar level of performance.
  • the memory flow control units (MFCs) 155 - 162 serve as an interface for an SPU to the rest of the system and other elements.
  • the MFCs 155 - 162 provide the primary mechanism for data transfer, protection, and synchronization between main storage and the local storages 163 - 170 .
  • Some implementations can share resources of a single MFC between multiple SPUs. In such a case, all the facilities and commands defined for the MFC must appear independent to software for each SPU. The effects of sharing an MFC are limited to implementation-dependent facilities and commands.
  • the illustrative embodiments provide an apparatus and method for selecting a random processor, such as one of the SPEs 120 - 134 , to boot a multiprocessor system, e.g., the CBE 100 .
  • a random processor such as one of the SPEs 120 - 134
  • the CBE 100 e.g., the CBE 100 .
  • pervasive logic 193 is provided on the CBE 100 which controls the boot operation of the CBE 100 .
  • the pervasive logic 193 includes a random event generator which randomly selects which SPE 120 - 134 is to be the boot processor that runs the boot code to thereby bring the system into an operational state. Based on the random selection of a boot SPE 120 - 134 , a configuration bit associated with the selected SPE, e.g., SPE 120 , is set indicating that SPE 120 to be the actual boot processor. Thereafter, the selected SPE 120 is provided with the necessary security key(s) for secure booting of the CBE 100 into an operational state.
  • the chosen SPE When the chosen SPE successfully completes the secure boot procedure, it will transition from a secure state, wherein the MIC 198 , Shared Memory 199 , and a portion of the BIC 197 other than the communication link to Flash ROM 230 in FIG. 2 hereafter, are shutdown and prevented from operation, to an unlocked state.
  • the secure SPE Once the secure SPE enters the unlocked state, it will initiate the process of fully enabling the MIC 198 , BIC 197 (a process referred to as “training”), and all other processors (SPEs and PPE) by executing the encrypted code provided by the Flash ROM 230 .
  • training a process referred to as “training”
  • SPEs and PPE all other processors
  • the other SPEs 122 - 134 perform operations to mask the real secure boot operation. This masking may involve executing other code sequences, other than the boot code sequence, that cause the SPEs 122 - 134 to generate electrical, electromagnetic, and/or thermal outputs that, if monitored by an interloper, would make it difficult for the interloper to distinguish which SPE 120 - 134 is performing the actual secure boot operation.
  • each SPE 120 - 134 may run the boot code but with differing delay amounts thereby causing different electromagnetic and thermal signatures to be generated. Moreover, the same SPE 120 - 134 will generate different electromagnetic and thermal signatures each time it runs the secure boot code. From an interloper's perspective, it will be very difficult to discern the actual boot SPE 120 from the other SPEs 122 - 134 in the CBE 100 due to such masking.
  • the code sequences performed by the other SPEs 122 - 134 are the same boot code sequence that the randomly selected SPE 120 executes but with dummy security keys.
  • these other SPEs 122 - 134 operate and look, to an interloper, as if they are performing the secure boot operation.
  • the SPEs 122 - 134 are monitored, false electrical, electromagnetic, and thermal outputs are identified that make it difficult for the interloper to determine if the monitored SPE is the actual randomly selected SPE 120 that is performing the secure boot operation.
  • masking of the randomly selected boot SPE 120 may be performed by providing a dummy SPE (not shown).
  • the dummy SPE appears, from an electromagnetic, thermal, etc., monitoring apparatus perspective, as if it is unique by running processes different from the boot code sequence on this dummy SPE to thereby redirect attacks on the CBE 100 to this dummy SPE.
  • the interloper when an interloper attempts to access the system by getting around the security mechanisms, the interloper only accesses a dummy SPE that does not have actual access to the rest of the CBE 100 .
  • the intruder compromises the dummy SPE and attempts to execute code, the dummy SPE can then shutdown the rest of the CBE 100 to prevent further intrusion attempts.
  • FIG. 2 is an exemplary diagram illustrating the primary operational components of a random boot processor selection mechanism in accordance with one illustrative embodiment. It should be appreciated that, for simplicity of the explanation of the illustrative embodiments, FIG. 2 only shows one processor of a multiprocessor system in detail. However, it should be appreciated that each of the processors of the multiprocessor system have a similar arrangement of elements and operate in a similar manner to that of the processor that is explicitly shown in FIG. 2 . Any number of processors may be included in the multiprocessor system without departing from the spirit and scope of the present invention. However, for purposes of explanation of the illustrative embodiments, it will be assumed that the number of processors is eight as in the CBE architecture shown in FIG. 1 .
  • the primary operational components of a random boot processor selection mechanism include a system controller 210 , a secure key storage 220 , a flash ROM 230 , and pervasive logic 240 .
  • elements 210 - 240 may be elements that are provided on the chip in which the CBE architecture is implemented. That is, these elements 210 - 240 may be built into the logic of a multiprocessor system-on-a-chip (SoC) and thus, the operations performed by these elements 210 - 240 may be performed on-chip.
  • SoC system-on-a-chip
  • one or more of the elements may be provided off chip, e.g., the flash ROM 230 may be provided off-chip.
  • the system controller 210 is responsible for performing the initial operations of a power on reset (POR) to bring the power of the system to an acceptable and stable level. That is, the system controller 210 is responsible for bringing up the voltages, turning on the system clock, and other initial operations required for bringing the multiprocessor system to a state where boot operations may begin, as is generally known in the art. As part of this POR operation, the processors 280 - 290 are brought up in a secure mode of operation. In this secure mode of operation, the processor's local stores are not accessible outside the processor. The system controller 210 , once these initial operations are completed and the system is at an acceptable power state, signals a “power good” state to the pervasive logic 240 .
  • POR power on reset
  • the pervasive logic 240 In response to the “power good” signal from the system controller 210 , the pervasive logic 240 begins a boot operation for booting the multiprocessor system into an operational state such that software programs may begin to execute. As part of this boot operation, a random event generator 242 of the pervasive logic 240 randomly selects one of the processors, e.g., processor 280 , to be the boot processor for the multiprocessor system. The random event generator 242 generates a signal that is sent to each of the processors of the multiprocessor system. The signal is logically high only for the processor that is selected as the boot processor.
  • This signal effectively sets the value in the configuration bit register 250 of the randomly selected processor 280 to a value, e.g., “1”, indicative of this processor 280 being the boot processor.
  • the other processors will have their configuration bit values in their respective configuration bit registers kept at an initial value, thereby indicating that these processors are not the randomly selected boot processor for the multiprocessor system.
  • the boot code for booting the multiprocessor system is stored in an encrypted format in flash ROM 230 .
  • the encrypted boot code 232 may be provided to each of the processors 280 - 290 . That is, as part of the boot sequence, each of the processors 280 - 290 may attempt to read the encrypted boot code 232 from the flash ROM 230 . However, since only one of the processors has been randomly selected as the boot processor, only one of the processors will be able to decrypt the encrypted boot code 232 and properly execute it so as to bring the multiprocessor system to an operational state.
  • selector 260 provided in each of the processors that selects between the secret key that is the key value used to decrypt the encrypted boot code 232 and a randomly generated key value that will not be able to decrypt the encrypted boot code 232 .
  • selector 260 may be a multiplexer that receives the secure key (Skey) from the secure key storage 220 as one input, a randomly generated key value from a random value generator 262 as a second input, and the select signal from the configuration bit register 250 indicating which of the two inputs to select. If the configuration bit register 250 stores a value indicative of the processor being the randomly selected boot processor, then the Skey input is selected. If the configuration bit register 250 stores a value indicative that the processor is not the randomly selected boot processor, then the randomly generated key value input may be selected by the selector 260 . The selected key value is then output to the SPE 270 .
  • Skey secure key
  • the SPE 270 receives the selected key value and the encrypted boot code 232 .
  • the SPE 270 attempts to decrypt the encrypted boot code 232 . If the selected key value is the Skey from the secure key storage 220 , then the SPE 270 will be able to properly decrypt the encrypted boot code 232 and execute the boot code instructions therein to bring the system to an operational state. If the selected key value is not the Skey from the secure key storage 220 , then the decryption will fail and the SPE 270 will not be able to execute the boot code instructions.
  • the above process for randomly selecting a boot processor and booting the multiprocessor system using the randomly selected boot processor may be performed with each power-on reset (POR) operation performed by the multiprocessor system.
  • POR power-on reset
  • a different one of the plurality of processors may be randomly selected to be the boot processor.
  • a potential intruder into the system will not be able to determine, a priori, which processor is the boot processor and direct measurements of electromagnetic and thermal conditions of the multiprocessor system to that particular processor.
  • the potential intruder must either monitor a single processor through multiple boot-up operations of the multiprocessor system in hopes that the single processor will eventually be selected as the random processor to be the boot processor or the potential intruder must monitor all of the processors to thereby identify which processor is the boot processor and attempt to obtain the necessary information through measurements of its individual electromagnetic and thermal conditions.
  • the difficulty in monitoring the boot sequence is made eight times more difficult since all eight processors must be monitored. Moreover, more probes and hardware would be need to do such monitoring, thereby adding to the difficulty of attempting such monitoring.
  • FIG. 3A is an exemplary diagram illustrating a random selection mechanism in accordance with one illustrative embodiment.
  • the principle idea behind the illustrative embodiments is the random selection of a processor, from a plurality of processors, to be the boot processor for the multiprocessor system.
  • a random event generator and selector mechanism are provided.
  • the random event generator is provided in pervasive logic of the multiprocessor system while a selector is provided in association with each of the processors, in the illustrative embodiments.
  • FIG. 3A provides a depiction of one implementation of a random event generator and selector in accordance with one illustrative embodiment.
  • the random event generator 310 which may correspond to the random event generator 242 in FIG. 2 , for example, includes a linear feedback shift register (LFSR) counter 320 , a ring oscillator 330 , and a selector signal register/decoder 340 .
  • the ring oscillator 330 is a device composed of an odd number of NOT gates whose output oscillates between two voltage levels.
  • the NOT gates, or inverters are attached in a chain with the output of the last inverter being fed back into the first inverter.
  • the last output of a chain of an odd number of inverters is the logical NOT of the first input. This final output is asserted a finite amount of time after the first input is asserted.
  • the feedback of this last output to the input causes an unstable oscillation that will vary in time according to random elements such as electromagnetic noise on the power supply and temperature.
  • the output of the ring oscillator 330 is provided as an input to the LFSR counter 320 along with a clock signal clk.
  • the LFSR counter 320 is a shift register whose input bit is a linear function of its previous state. The only linear functions of single bits are XOR and inverse-XOR and thus, the LFSR is a shift register whose input bit is driven by the exclusive-or (XOR) of some bits of the overall shift register value.
  • the initial value of the LFSR counter 320 is called the seed, and because the operation of the register is deterministic, the sequence of values produced by the LFSR counter 320 is completely determined by its current (or previous) state.
  • a LFSR counter 320 with a well-chosen feedback function can produce a sequence of bits which appears random and which has a very long cycle. In the illustrative embodiments, this randomness is made more apparent in that the input to the LFSR counter 320 is a product of the oscillation produced by the ring oscillator 330 and the discrepancy between the frequency of the ring oscillator 330 and the input clock clk which vary independently of one another.
  • the LFSR counter 320 receives, as input, the output from the ring oscillator 330 and the clock signal clk, and generates an output bit stream that is stored in selector signal register/decoder 340 .
  • the inverters of the ring oscillator 330 introduce a delay in the output signal to the LFSR counter 320 and thus, there is a discrepancy between the frequency of the ring oscillator 330 and the input clock clk. This discrepancy between the frequencies gives rise to jitter in the input to the LFSR counter 320 , as depicted in FIG. 3B . This jitter provides a measure of randomness which randomizes the output generated by the LFSR counter 320 .
  • the output of the LFSR counter 320 is stored in the selector signal register/decoder 340 .
  • the LFSR counter 320 is a 3-bit counter which generates a 3-bit output that is interpreted to encode a value 1-8.
  • a decoder function of the selector signal register/decoder 340 selects one of the 8 unique outputs based on the random 3-bit input value.
  • high or low state signals are output to the configuration bit registers of the various processors, e.g., SPE 0 -SPE 7 120 - 134 in FIG. 1 , to thereby set the values stored in the configuration bit registers and thus, select one of the processors to be the boot processor for the multiprocessor system.
  • the selector signal is provided to a multiplexer 352 , 362 , 372 , along with an Skey input and a random key value input. Based on the state of the selector signal, either the Skey input or the random key value input is selected by each of the multiplexers 352 , 362 , 372 .
  • the random key value inputs may be generated by one or more random value generators of the same or a different type from the random event generator configuration described above for selecting the boot processor. That is, a similar random event generator configuration as described above may be used to randomly generate a key value having a same length as the Skey. These random key values are then input to the multiplexers 352 , 362 , and 372 .
  • the system is designed such that, by way of the decoder function describe above, for example, only one of the selector signals that are input to the multiplexers 352 , 362 , 372 will select the Skey input while all the others will select a random key value input.
  • the outputs from the multiplexers 352 , 362 , and 372 are provide to the corresponding SPEs so that the SPEs may utilize these outputs for either decrypting boot code and executing the boot code, in the case of the randomly selected boot processor, or attempting to decrypt the boot code and failing to boot the multiprocessor system, as in the case of all other processors in the multiprocessor system.
  • random event generators and selectors are only exemplary and are not intended to state or imply any limitation with regard to the types of random event generators and selectors that may be used with the illustrative embodiments.
  • a thermal sensor may be used to measure thermal noise which may then be used to generate a random event for selecting one of the processors as a boot processor.
  • a quantum dot (q-dot), or semiconductor nanocrystals may be used to measure quantum source effects that may be used as a source of randomness for selecting a processor as the boot processor. Any strong source of randomness may be used with the illustrative embodiments to provide a random selection of a processor for use as the boot processor for the multiprocessor system.
  • FIG. 3A shows the ring oscillator 330 having five inverters
  • the illustrative embodiments are not limited to such. Rather, any number of inverters, so long as there are an odd number of inverters, may be used without departing from the spirit and scope of the present invention.
  • the amount of discrepancy may be selected based on the desired operational characteristics for the particular multiprocessor system in which the illustrative embodiments are implemented.
  • FIGS. 2 and 3A depict the random key value being generated by a separate random key value generator for each processor
  • the illustrative embodiments are not limited to such. Rather, a single random key value generator may be provided for all of the processors with the random key value generator generating one or more random key values that are input to the processors.
  • the random key value generator may generate a single random key value that is provided to all of the processors, a separate random key value for each individual processor (in which case seven different random key values may be generated, for example), or any number of random key values that may be selectively provided to the various processors of the multiprocessor system.
  • a plurality of random key value generators 390 may be provided that each output a different random key value.
  • a single random key value generator may be used in replacement of these separate random key value generators.
  • These random key values may be provided as inputs to the selectors, e.g., multiplexers 391 and 392 , of the processors, e.g., SPEs 393 and 394 , in the multiprocessor system along with the secure key (Skey) from an Skey storage 395 , e.g., an eFuse, that is actually used to decrypt the boot code for booting of the multiprocessor system.
  • Skey secure key
  • the randomly generated key values and the Skey value may be multiplexed and provided on eight identical signal lines to each of the multiplexers 391 and 392 so as to make it more difficult for an intruder to isolate one of the lines as being a signal line from the secure key storage 395 .
  • the eight total key value inputs may be provided to the multiplexers 391 and 392 and the select signals from the random event generator 396 in the pervasive logic 397 may be used to select one of the eight inputs.
  • the multiplexers 391 and 392 may select between the Skey input and seven random key values.
  • a first processor may select the Skey input, based on the random selection of this first processor as the boot processor, a second processor may select a third random key value, a third processor may select a fourth random key value, a fifth processor may select a first random key value, and so on.
  • each processor may receive a different key value, either the Skey or a randomly generated key value. As a result, it becomes difficult for an intruder to discern which key value is the correct key value when monitoring bus traffic of the multiprocessor system.
  • FIGS. 3A and 3C are preferably provided in lower layer metal layers of the ceramic package in which the multiprocessor system is provided, or the lowest layer of interconnect, if the design is on a single chip. Since the ability to probe electrical and thermal characteristics of a multiprocessor system is currently limited to the upper layers of the multiprocessor ceramic package, by placing these elements in the lower layer metal layers, the ability to probe the operation of these elements is made more difficult. Thus, it is very difficult, if not impossible, for a would-be intruder to monitor the thermal and electrical characteristics of the random event generator and selectors so as to determine the key values provided by these elements.
  • a processor within a plurality of processors of a multiprocessor system may be randomly selected to boot the multiprocessor system.
  • secret information e.g., the secret keys
  • the illustrative embodiments provide additional mechanisms for masking the boot sequence on the randomly selected processor such that the unauthorized individual is not able to discern which processor is correctly performing the actual boot sequence for booting the multiprocessor system.
  • the masking operation involves each of the processors that were not selected to be the boot processor running a different set of instructions to thereby generate masking electrical and thermal signatures that make it difficult to discern the boot processor from the other processors in the system.
  • the code sequences that are run by the different processors may be the same default code sequence that is provided either in a memory associated with the processor, or is otherwise accessible by the processors when the processors are not able to decrypt the boot code sequence.
  • the default code sequence may be provided in a secure portion of a local store associated with each of the processors.
  • the default code sequence may be provided in a flash ROM or other storage device provided on or off-chip.
  • the processor When the processor is not able to decrypt the actual encrypted boot code received from the flash ROM, the processor may default back to this secure portion of local storage which causes the processor to execute instructions to mask the boot code sequence being performed on another processor.
  • This sequence of instructions may not generate any useable information and may serve only a masking function. Alternatively, this sequence of instructions may be used to perform operations for monitoring the system during the boot operation, or other useful operations, for example.
  • the code that is executed on each of the non-selected processors i.e. the non-boot processors
  • the code that is executed by each of the non-selected processors is the same.
  • the code that is run on each of these non-selected processors preferably is code that generates electrical and thermal profiles that resemble the actual boot code but do not provide any of the secret information that an intruder would require in order to circumvent the security of the multiprocessor system.
  • Such code may perform similar operations to that of the actual boot code but not access the sensitive portions of the multiprocessor system.
  • the same boot code that is used to boot the multiprocessor system may be used by the non-selected processors but with access to the secure key (Skey) and other privileged information being made inaccessible.
  • Skey secure key
  • the thermal profile and bus traffic of these non-selected processors will approximate the actual boot sequence.
  • the intruder will be unable to decipher which core is performing the actual boot operation since all of the cores will look the same via the monitoring probes.
  • Such ambiguity deters tampering and makes it more difficult to isolate the real boot code sequence, secret key information, and the like.
  • each of the non-selected processors may execute a different set of instructions.
  • none of the processors look unique when monitored using electrical or thermal probes.
  • a distinguishing characteristic such as thermal profile or bus traffic, cannot be identified by probes so as to identify which processor is the boot processor.
  • These different sets of instructions may be randomly selected for each of the processors in the multiprocessor system.
  • differing start addresses for code sequences stored in an on-chip storage device e.g., a flash ROM or the like, may be randomly selected and provided to the processors of the multiprocessor system.
  • the processors may then begin executing instructions at the randomly selected start addresses thereby generating different thermal profiles and bus traffic that masks the actual boot code sequence.
  • One way in which to provide different code sequences for the different processors is to provide boot code that has random delay elements inserted into the boot code. These delay elements may be, for example, loops that iterate a random number of times. Such delay elements may be provided both in the actual boot code sequence run by the randomly selected boot processor and in the boot code sequences run by the non-selected processors. This random delay causes the boot code to “look” different on each of the processors from the perspective of an intruder monitoring the thermal and bus traffic characteristics of the processors. As a result, it is not possible for the intruder to discern which processor is running the actual boot code that boots the multiprocessor system.
  • a dummy processor looks as though it is unique when monitored by an intruder.
  • This illustrative embodiment is a combination of the previous embodiments in which one processor is randomly selected to be the boot processor, one processor of the non-selected processors is selected to be a dummy processor that runs code that provides a unique thermal and bus traffic profile from the boot code sequence, and the other processors run code sequences that replicate the thermal profile and bus traffic of the actual boot code sequence as close as possible. In this way, the intruder will detect the dummy processor as being unique from the other processors and will conclude that this processor is running the actual boot code sequence.
  • the intruder will direct its attacks to this dummy processor rather than the actual boot processor that appears to be similar to the other processors from a thermal profile and bus traffic standpoint. Furthermore, if the intruder attempts to run code or otherwise actively interfere with the dummy processor, the dummy processor can then signal a system shutdown.
  • FIGS. 4A-4D are exemplary diagrams illustrating masking operations for masking a secure boot operation of a randomly selected boot processor in accordance with illustrative embodiments.
  • FIG. 4A illustrates a first masking operation in which code that appears, from a monitoring probe standpoint, to be the same as the boot code sequence is run on each of the non-selected processors.
  • SPE 0 410 is randomly selected, such as by use of the mechanisms described previously, to be the boot processor for the multiprocessor system 400 .
  • SPE 0 410 receives the secret key, decrypts the boot code sequence from the flash ROM, and executes the actual boot code operations required to bring the multiprocessor system 400 into an operational state.
  • the other SPEs i.e. SPE 1 -SPE 7 412 - 424 , execute code that looks like the boot code sequence from the perspective of a monitoring probe.
  • the code sequence that the other SPEs 412 - 424 run may be default code sequences provided in a secure portion of local storage which causes the SPE 412 - 424 to execute instructions to mask the boot code sequence being performed on SPE 0 410 .
  • the code that is run on each of these non-selected SPEs 412 - 424 preferably is code that generates electrical and thermal profiles that resemble the actual boot code but do not provide any of the secret information that an intruder would require in order to circumvent the security of the multiprocessor system. Such code may perform similar operations to that of the actual boot code but not access the sensitive portions of the multiprocessor system 400 .
  • FIG. 4B illustrates another illustrative embodiment in which different randomly selected algorithms are run on each of the non-selected processors.
  • SPE 0 is again selected to be the boot processor and thus, runs the boot code for booting the multiprocessor system 400 into an operational state.
  • Each of the other SPEs 412 - 424 run a separate randomly selected algorithm that generates different thermal profiles and different bus traffic on the EIB.
  • each SPE 0 - 7 appears to be unique when compared to each of the other SPEs 410 - 424 .
  • these different algorithms may be randomly selected for each of the SPEs 412 - 424 in the multiprocessor system.
  • differing start addresses for code sequences stored in an on-chip storage device e.g., a flash ROM or the like, may be randomly selected and provided to the SPEs 412 - 424 .
  • the SPEs 412 - 424 may then begin executing instructions at the randomly selected start addresses thereby generating different thermal profiles and bus traffic that masks the actual boot code sequence.
  • the boot code may be provided to each of the SPEs 410 - 424 with random delay elements inserted into the boot code. These delay elements may be, for example, loops that iterate a random number of times. This random delay causes the boot code to “look” different on each of the SPEs 410 - 424 from the perspective of an intruder monitoring the thermal and bus traffic characteristics of the processors. As a result, it is not possible for the intruder to discern which processor is running the actual boot code that boots the multiprocessor system.
  • FIG. 4C illustrates another illustrative embodiment in which a dummy processor is provided to which attacks from an intruder may be redirected.
  • SPE 0 is the randomly selected boot processor executing the boot sequence.
  • SPE 1 -SPE 4 412 - 418 and SPE 6 -SPE 7 422 - 424 run code that looks like the boot code sequence from a thermal and bus traffic monitoring perspective, as in the embodiment described above with regard to FIG. 4A .
  • SPE 5 420 runs a randomly selected algorithm which may be randomly selected in a similar manner as described above with regard to FIG. 4B .
  • the dummy processor may be randomly selected from the non-selected processors as well.
  • POR power-on reset
  • a different boot processor and dummy processor may be selected, thereby making it more difficult for an intruder to deduce which processor is performing an actual boot sequence that may be compromised in order to obtain access to the multiprocessor system.
  • FIG. 4D illustrates the illustrative embodiment previously described above in which the boot code that is used to boot the system is executed by each of the processors.
  • the randomly selected boot processor is given access to the secret key (Skey) while the other processors receive randomly selected keys (Rkey 1 -Rkey 7 ).
  • Skey secret key
  • Rkey 1 -Rkey 7 randomly selected keys
  • Each of the processors attempts to decode and execute the boot code using the key that was supplied to them, e.g., the Skey or an Rkey. Only the randomly selected boot processor will be able to correctly decrypt the boot code and execute it to bring the data processing system into an operational state.
  • the multiprocessor system is made more secure from unauthorized access to the boot sequence.
  • FIGS. 5-6 are flowcharts outlining an exemplary operation for randomly selecting a processor in a multiprocessor system as a boot processor and for masking the boot code sequence. It will be understood that each block of the flowchart illustrations, and combinations of blocks in the flowchart illustrations, can be implemented by computer program instructions. These computer program instructions may be provided to a processor or other programmable data processing apparatus to produce a machine, such that the instructions which execute on the processor or other programmable data processing apparatus create means for implementing the functions specified in the flowchart block or blocks.
  • These computer program instructions may also be stored in a computer-readable memory or storage medium that can direct a processor or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory or storage medium produce an article of manufacture including instruction means which implement the functions specified in the flowchart block or blocks.
  • blocks of the flowchart illustrations support combinations of means for performing the specified functions, combinations of steps for performing the specified functions and program instruction means for performing the specified functions. It will also be understood that each block of the flowchart illustrations, and combinations of blocks in the flowchart illustrations, can be implemented by special purpose hardware-based computer systems which perform the specified functions or steps, or by combinations of special purpose hardware and computer instructions.
  • FIG. 5 outlines an exemplary operation for random selection of a boot processor for booting a multiprocessor system.
  • the operation starts with the system controller performing a power-on reset (POR) operation (step 510 ).
  • POR power-on reset
  • the system controller After performance of the initial POR operations, the system controller provides a “power good” signal to the pervasive logic of the multiprocessor system (step 520 ) and the pervasive logic initiates a random boot operation (step 530 ).
  • the pervasive logic randomly selects a processor from a plurality of processors to be the boot processor (step 540 ).
  • the pervasive logic then sets the configuration bits of the processors based on the random selection (step 550 ) and signals the processors to begin the boot operation (step 560 ).
  • a flash ROM provides the encrypted boot code to the processors and key values are provided to the processors from a secret key storage and random key generator (step 570 ).
  • the processors select the keys that are to be used by the processors based on the setting of their configuration bits (step 580 ).
  • the processors attempt to decrypt the boot code based on the selected keys (step 590 ).
  • the selected processor decrypts the boot code using the secret key and boots the system (step 595 ). It should be noted that the attempt to decrypt the boot code by all other non-selected processors will fail and only the selected processor will be able to boot the system. The operation then ends.
  • FIG. 6 is a flowchart outlining an exemplary operation for masking a boot code sequence in accordance with one illustrative embodiment. The operation outlined in FIG. 6 may be performed in each processor of a multiprocessor system, for example.
  • the processor receives a signal to begin a boot operation (step 610 ). This step may correspond to step 530 in FIG. 5 , for example.
  • the processor attempts to decrypt the boot code (step 620 ) and a determination is made as to whether the decrypt attempt failed (step 630 ). If the decrypt was successful, i.e. the processor is the randomly selected boot processor, then the boot code is executed to thereby bring the multiprocessor system to an operational state (step 640 ).
  • a code sequence to execute to mask the boot sequence is selected (step 650 ).
  • the selection of a masking code sequence may be based on a default code sequence in a secure portion of a local store, a randomly selected starting address, the use of boot code with random delay elements, or the like.
  • the masking code sequence is run (step 660 ) and a determination is made as to whether the system is in an operational state, i.e. the boot sequence has completed (step 670 ). If not, the operation returns to step 660 and continues to run the masking code sequence. If the system is in an operational state, then the execution of the masking code sequence is ended (step 680 ) and the operation terminates.
  • the above illustrative embodiments provide a mechanism by which a processor may be randomly selected from a plurality of processors as a boot processor for booting a multiprocessor system to an operational state.
  • the illustrative embodiments further provide a mechanism for masking the boot code sequence being executed by a randomly selected processor so as to make it difficult for an intruder to discern which processor has been randomly selected to execute the actual boot code sequence.
  • a multiprocessor system is made more secure by making it extremely difficult for an intruder to gain access to the system through monitoring the boot code sequence.
  • the boot code sequence may be distributed across a plurality of processors in the multiprocessor system, as described hereafter. By distributing the boot code sequence across a plurality of processors in the multiprocessor system, the number of processors that must be compromised in order to obtain complete information about the boot sequence and thereby circumvent security measures is increased.
  • the distributed boot operation of the illustrative embodiments described hereafter is more secure than multiprocessor data processing systems that utilize a single secure core. Furthermore, by distributing the boot operation, if any portion of the boot operation is compromised, the boot operation fails, thereby preventing an unauthorized individual from circumventing the security of the system. In other words, while the would-be intruder may compromise a portion of the boot operation, the would-be intruder is not able to compromise the all of the boot operation and thus, is not able to obtain access to the multiprocessor data processing system.
  • the boot code sequence is partitioned into a plurality of partitions such that each partition may be provided to a different processor of the multiprocessor system. As each partition of the boot code sequence is executed, that partition must complete correctly on its respective processor before the boot code sequence may proceed on another processor.
  • a secure communication mechanism is used to communicate satisfactory completion of a previous partition of the boot code sequence.
  • This secure communication mechanism may include a security token, such as an encrypted password or other security identifier, e.g., a public/private encryption key pair, that indicates that the previous session was not compromised. In this way, a chain of dependent “sessions” are created that must complete satisfactorily.
  • the processors that are involved in the distributed execution of the boot code may be all of the processors in the multiprocessor system or a sub-set of the processors in the multiprocessor system.
  • a random selection mechanism such as that described above for selecting a single boot processor, may be used to randomly select a plurality of boot processors to be used in booting the system in a distributed manner.
  • the particular partitions of the boot code that are executed by the processors may be randomly selected such that, with each power-on reset (POR) operation, the same processor may or may not execute the same boot code partition as in a previous POR operation.
  • POR power-on reset
  • processors of the multiprocessor system i.e. non-boot processors
  • the distributed boot code sequence operation of the present illustrative embodiment may be combined with one or more of the previously described illustrative embodiments without departing from the spirit and scope of the present invention.
  • FIG. 7A is an exemplary diagram illustrating a distributed boot operation configured as a daisy chain or ring arrangement in accordance with one illustrative embodiment.
  • a plurality of processors 720 - 750 are provided for booting the multiprocessor data processing system.
  • all of the co-processors i.e. SPEs
  • the control processor e.g., PPE
  • the PPE may also be included in the distributed boot operation.
  • only a sub-set of the processors in the multiprocessor data processing system may be used to perform the distributed boot operation.
  • the encrypted boot code 710 which may be stored in a storage device associated with the multiprocessor data processing system, such as in Flash ROM 230 in FIG. 2 , for example, may be partitioned into separately executable partitions, i.e. boot code partitions 1 to n.
  • the partitions may be provided as modules or routines in the encrypted boot code that are separately encrypted using the same encryption algorithm and the same secret key (Skey).
  • the number of boot code partitions is equal to the number of processors that will be involved in the distributed boot operation, i.e. the number of boot processors.
  • the number of boot code partitions is not limited the number of boot processors and may be any number of partitions less than or greater than the number of boot processors.
  • the distributed boot operation is performed under the control of the pervasive logic 790 , which may be the same pervasive logic 193 in FIG. 1 , for example.
  • the pervasive logic 790 through the user of the random event generator, for example, may randomly select the processors 720 - 750 to be used as boot processors as well as may randomly select which partition each of the randomly selected processors 720 - 750 will execute.
  • the pervasive logic 790 may keep track of the order in which the boot code partitions are to be executed in order to ensure the security of the boot code sequence through use of a secure communication mechanism that indicates whether or not a previous session of the distributed boot operation has been compromised.
  • the pervasive logic 790 provides selector signals to the processors 720 - 750 for selecting which boot code partition is to be executed by each of the processors 720 - 750 .
  • the pervasive logic 790 provides key value selector signals for causing the processor 720 - 750 to select the Skey, from Skey storage, as the key to be used to decrypt their corresponding boot code partitions.
  • the processors 720 - 750 decrypt their boot code partition using the supplied Skey and then execute the boot code partition in the proper sequence either by virtue of the arrangement of the processors 720 - 750 in a daisy chain architecture or under the control of the pervasive logic 790 , for example.
  • SPE 0 720 begins the distributed boot operation by decrypting its boot code partition 1 , executing the boot code partition, and then securely communicating the successful completion of the boot code partition 1 to SPE 1 730 .
  • a security mechanism may be utilized between the SPEs for indicating that the previous session, i.e. the session comprised of the execution of the previous boot code partition, was not compromised.
  • the security mechanism may be, for example, passing a security token, digital signature, password, a checksum of the previous boot code partition, using public key/private key encryption of the successful completion message, or the like. Any security mechanism that may be used to communicate whether or not the previous session of a distributed boot operation was compromised or not is intended to be within the spirit and scope of the present invention.
  • the SPE 1 730 may decrypt its boot code partition 2 , execute the boot code partition, and then communicate its successful completion of boot code partition 2 to SPE 2 740 . This process may continue until all of the processors have signaled that they have completed their portion of the distributed boot operation without being compromised. Any break in this dependency chain of boot code partitions, e.g., any signaling of unsuccessful execution or compromised execution, results in a failed boot which may be signaled to the system controller. Once all of the boot code partitions have completed successfully, the multiprocessor data processing system is in an operative state in which software applications may be executed on the various processors.
  • the illustrative embodiment described above utilizes a daisy-chain arrangement of the processors with regard to the boot code partitions that are executed on the processors.
  • Other arrangements that ensure a sequential execution of boot code partitions may be utilized without departing from the spirit and scope of the present invention.
  • an extension of the daisy-chain arrangement above is to provide a ring arrangement of the processors with regard to the distributed boot operation such that the last processor, e.g., SPE 7 750 , communicates back to the first processor, e.g., SPE 0 720 , which is selected as the “primary” boot processor, its successful and uncompromised completion of execution of its boot code partition.
  • the security mechanism e.g., the security token, an incremented count value, etc., which is passed from one session to the next through the ring arrangement may be used at the primary boot processor to verify uncompromised execution of the entire distributed boot operation.
  • a ring arrangement of processors allows a greater number of boot code partitions to be utilized than the number of boot processors.
  • this sub-set of processors may execute any number of boot code partitions when arranged in a ring arrangement with regard to the distributed boot operation.
  • the pervasive logic 790 may contain logic for randomly selecting a number of processors to select to be boot processors which then is used to control the random selection of processors as previously described above.
  • FIG. 7B is an exemplary diagram illustrating a distributed boot operation configured as a master/slave arrangement in accordance with one illustrative embodiment.
  • one processor 760 is designated the master processor.
  • This processor may be one of the co-processors, e.g., an SPE, or the control processor, e.g., the PPE.
  • the slave processors e.g., SPE 0 -SPE 7 720 - 750 , each are responsible for completing their boot code partition and securely communicating to the master core that they have finished execution and have not been compromised, in a similar manner as described above in FIG. 7A .
  • the master processor 760 has received signals from each of the slave processors 720 - 750 , and validated that it has not been compromised itself, then the multiprocessor data processing system is permitted to enter an operational state in which software applications may be executed.
  • FIG. 8 is a flowchart outlining an exemplary operation for distributed booting of a multiprocessor system in accordance with one illustrative embodiment.
  • the operation starts with the pervasive logic receiving a “power good” signal from the system controller (step 810 ).
  • the pervasive logic selects the processors to be boot processors from the plurality of processors in the multiprocessor data processing system (step 820 ). As mentioned above, such selection may result in all of the processors being selected or some sub-set of the processors in the multiprocessor data processing system being selected to be boot processors. Such selection may be performed using a random event generator in the pervasive logic, for example.
  • the pervasive logic selects the boot code partitions to be assigned to the selected boot processors (step 830 ).
  • a next boot code partition is executed by an associated boot processor (step 840 ).
  • the boot processor determines whether the execution of the boot code partition was successful and uncompromised (step 850 ). If not, a boot failure is signaled to the system controller (step 860 ) and the operation terminates.
  • the boot processor determines if the all boot code partitions have been executed successfully (step 870 ). If not, the operation returns to step 840 and the next boot code partition is executed by its associated boot processor. If all of the boot code partitions have been executed successfully, the boot processor signals the successful boot of the data processing system to the system controller (step 880 ) and the operation terminates.
  • the illustrative embodiments in addition to randomly selecting a single boot processor and performing masking operations on other processors of the multiprocessor data processing system, provides mechanisms for distributing the boot operation over a plurality of processors.
  • the illustrative embodiments provide mechanisms for randomly selecting boot processors, randomly selecting boot code partitions to be executed on selected boot processors, and to ensure the security of the execution of the boot code partitions by the various boot processors. All of these various mechanisms aid is increasing the security of the multiprocessor data processing system from unauthorized monitoring of the boot operation.
  • the illustrative embodiments may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment containing both hardware and software elements.
  • the invention is implemented in software, which includes but is not limited to firmware, resident software, microcode, etc.
  • the illustrative embodiments may take the form of a computer program product accessible from a computer-usable or computer-readable medium providing program code for use by or in connection with a computer or any instruction execution system.
  • a computer-usable or computer readable medium may be any apparatus that may contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.
  • the medium may be an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system (or apparatus or device) or a propagation medium.
  • Examples of a computer-readable medium include a semiconductor or solid state memory, magnetic tape, a removable computer diskette, a random access memory (RAM), a read-only memory (ROM), a rigid magnetic disk and an optical disk.
  • Current examples of optical disks include compact disk-read only memory (CD-ROM), compact disk-read/write (CD-R/W) and DVD.
  • the circuits as described above may be part of the design for an integrated circuit chip.
  • the chip design may be created in a graphical computer programming language, and stored in a computer storage medium (such as a disk, tape, physical hard drive, or virtual hard drive such as in a storage access network). If the designer does not fabricate chips or the photolithographic masks used to fabricate chips, the designer may transmit the resulting design by physical means (e.g., by providing a copy of the storage medium storing the design) or electronically (e.g., through the Internet) to such entities, directly or indirectly.
  • the stored design may then be converted into the appropriate format (e.g., GDSII) for the fabrication of photolithographic masks, which typically include multiple copies of the chip design in question that are to be formed on a wafer.
  • the photolithographic masks may be utilized to define areas of the wafer (and/or the layers thereon) to be etched or otherwise processed.
  • the resulting integrated circuit chips may be distributed by the fabricator in raw wafer form (that is, as a single wafer that has multiple unpackaged chips), as a bare die, or in a packaged form.
  • the chip may be mounted in a single chip package (such as a plastic carrier, with leads that are affixed to a motherboard or other higher level carrier) or in a multichip package (such as a ceramic carrier that has either or both surface interconnections or buried interconnections).
  • the chip may then be integrated with other chips, discrete circuit elements, and/or other signal processing devices as part of either (a) an intermediate product, such as a motherboard, or (b) an end product.
  • the end product may be any product that includes integrated circuit chips, ranging from toys and other low-end applications to advanced computer products having a display, a keyboard or other input device, and a central processor.
  • the end products in which the integrated circuit chips may be provided may include game machines, game consoles, hand-held computing devices, personal digital assistants, communication devices, such as wireless telephones and the like, laptop computing devices, desktop computing devices, server computing devices, or any other computing device.

Abstract

A system and method for booting a multiprocessor device based on selection of encryption keys to be provided to the processors are provided. With the system and method, a security key and one or more randomly generated key values are provided to a selector mechanism of each processor of the multiprocessor device. A random selection mechanism is provided in pervasive logic that randomly selects one of the processors to be a boot processor and thereby, provides a select signal to the selector of the boot processor such that the boot processor selects the security key. All other processors select one of the one or more randomly generated key values. As a result, only the randomly selected boot processor is able to use the proper security key to decrypt the boot code for execution.

Description

    BACKGROUND
  • 1. Technical Field
  • The present application relates generally to an improved data processing system and method. More specifically, the present application is directed to a system and method for booting a multiprocessor device based on selection of encryption keys to be provided to processors.
  • 2. Description of Related Art
  • As our society becomes increasingly dependent upon electronic communication and storage of information, concerns over the security of digital information, such as personal information and digital rights management (DRM), have increased. Moreover, the sophistication of computer hackers and other unauthorized interlopers into computing systems has increased in recent years. As a result, much effort has gone into the development of security systems for computing devices so that such sensitive digital information may be secured from unauthorized access.
  • One way in which an intruder may gain access to a computing system is to observe the boot activity of a computing system through electrical interfaces and other observable electromagnetic or thermal activity. By observing the boot activity in this way, the intruder may deduce what data signals are being input and output by the boot processor, what cryptographic algorithms are running on the processors, and the like. From this information, an intruder may detect points in the boot sequence where unauthorized intrusion may be made. Moreover, with secure boot sequences in which security keys are required for booting of the system, the intruder may reverse the cryptographic algorithm used by the boot processor to obtain access to the security keys and thereby be given complete access to the computing system. Since the overall security of the computing system is often dependent upon the security of the boot process, when the intruder gains access to the boot sequence, the security of the entire system may be at risk.
  • Thus, it would be beneficial to have an apparatus and method that increases the difficulty of monitoring the boot sequence of a processor so as to make the system more secure from unauthorized intrusion.
  • SUMMARY
  • The illustrative embodiments provide a system and method for selecting a random processor to boot a multiprocessor system and for booting a multiprocessor device based on selection of encryption keys to be provided to processors. By randomizing which processor will be used to boot the multiprocessor system, the ability of unauthorized persons to monitor the electrical interfaces, thermal activity, and other electromagnetic activity to obtain information about the boot sequence for purposes of defeating the security of the system is made more difficult. For example, in a multiprocessor system, the would-be intruder would either need to run the boot sequence many different times while monitoring a single processor in hopes that it may be randomly selected as the boot processor, or monitor all of the processors at boot in order to determine which one was the actual boot processor. Both options require considerable effort on the part of the would-be intruder that may act as a deterrent from actually attempting to monitor the system to obtain boot sequence information or at least add significant delay to the time it would take the would-be intruder to compromise the system.
  • With the mechanisms of the illustrative embodiments, pervasive logic is provided on a multiprocessor system, such as a system-on-a-chip, that controls the boot operation of the multiprocessor system. The pervasive logic includes a random event generator which randomly selects which processor in the multiprocessor system is to be the boot processor that runs the boot code to thereby bring the system into an operational state. Based on the random selection of a boot processor, a configuration bit associated with the boot processor is set indicating that processor to be the boot processor. Thereafter, the selected boot processor is provided with the necessary security key(s) for secure booting of the multiprocessor system into an operational state.
  • In some illustrative embodiments, while the randomly selected processor performs the secure boot operation, the other processors of the multiprocessor system perform operations to mask the real secure boot operation. This masking may involve executing other code sequences, other than the boot code sequence, that cause the processors to generate electromagnetic and/or thermal outputs that, if monitored by an interloper, would make it difficult for the interloper to distinguish which processor is performing the actual secure boot operation.
  • One way in which a different code sequence may be generated is by inserting random delay elements into the boot code that run loops which iterate a random amount. In this way, each processor may run the boot code but with differing delay amounts thereby causing different electromagnetic and thermal signatures to be generated. From an interloper's perspective, it will be very difficult to discern the actual boot processor from the other processors in the multiprocessor system due to such masking.
  • In a further illustrative embodiment, the code sequences performed by the other processors are the same boot code sequence that the randomly selected processor executes but with dummy security keys. Thus, these other processors operate and look, to an interloper, as if they are performing the secure boot operation. However, if the processors are monitored, false electromagnetic and thermal outputs are identified that make it difficult for the interloper to determine if the monitored processor is the actual randomly selected processor that is performing the secure boot operation.
  • In a still further illustrative embodiment, masking of the randomly selected boot processor may be performed by providing a dummy processor. The dummy processor appears, from an electromagnetic, thermal, etc., monitoring apparatus perspective, as if it is unique by running processes different from the boot code sequence on this dummy processor to thereby redirect attacks on the system to this dummy processor. In this way, when an interloper attempts to access the system by getting around the security mechanisms, the interloper only accesses a dummy processor that does not have actual access to the rest of the multiprocessor system.
  • In other illustrative embodiments, the boot code sequence may be distributed across a plurality of processors in the multiprocessor system. By distributing the boot code sequence across a plurality of processors in the multiprocessor system, the number of processors that must be compromised in order to obtain complete information about the boot sequence and thereby circumvent security measures is increased. Thus, the distributed boot operation of the illustrative embodiments is more secure than multiprocessor data processing systems that utilize a single secure core. Furthermore, by distributing the boot operation, if any portion of the boot operation is compromised, the boot operation fails, thereby preventing an unauthorized individual from circumventing the security of the system.
  • With this illustrative embodiment, the boot code sequence is partitioned into a plurality of partitions such that each partition may be provided to a different processor of the multiprocessor system. As each partition of the boot code sequence is executed, that partition must complete correctly on its respective processor before the boot code sequence may proceed on another processor. A secure communication mechanism is used to communicate satisfactory completion of a previous partition of the boot code sequence. This secure communication mechanism may include a security token, such as an encrypted password or other security identifier, e.g., a public/private encryption key pair, that indicates that the previous session was not compromised. In this way, a chain of dependent “sessions” are created that must complete satisfactorily.
  • The processors that are involved in the distributed execution of the boot code may be all of the processors in the multiprocessor system or a sub-set of the processors in the multiprocessor system. For example, a random selection mechanism, such as that described above for selecting a single boot processor, may be used to randomly select a plurality of boot processors to be used in booting the system in a distributed manner. Moreover, the particular partitions of the boot code that are executed by the processors may be randomly selected such that, with each power-on reset (POR) operation, the same processor may or may not execute the same boot code partition as in a previous POR operation. Thus, randomization may be performed with regard to which processors are involved in the distributed boot operation as well as with regard to what boot code partitions each processor will execute.
  • Other processors of the multiprocessor system, i.e. non-boot processors, may either not perform any work during the distributed boot operation or may execute masking code sequences, of one or more of the various masking code illustrative embodiments described previously, to mask the boot code execution on the randomly selected sub-set of processors. In other words, the distributed boot code sequence operation of the present illustrative embodiment may be combined with one or more of the previously described illustrative embodiments.
  • In one illustrative embodiment, a method is provided, in a data processing system having a plurality of processors, for booting the data processing system. The method may comprise receiving, in each processor of the plurality of processors, a secret key value and at least one random key value. One of the processors of the plurality of processors may be randomly selected to be a boot processor. Each of the processors of the plurality of processors may select a key value for the processor based on the random selection of the boot processor. Only the boot processor is permitted to select the secret key as its corresponding key value with each of the other processors of the plurality of processors selecting one of the at least one random key value as their corresponding key value. The boot processor may receive encrypted boot code from an encrypted boot code storage and may decrypt the encrypted boot code using the secret key value. The boot processor may then execute the decrypted boot code to thereby boot the data processing system to an operational state.
  • Each processor of the plurality of processors may receive the secret key value and a predetermined number of random key values. The predetermined number of random key values may be equal to a number of processors in the plurality of processors. Each processor of the plurality of processors that is not selected to be the boot processor may select a different key value from the at least one random key value.
  • Bach processor in the plurality of processors may comprise a multiplexer. The secret key value and the at least one random key value may be provided as inputs to the multiplexer of each processor in the plurality of processors and a select signal may be provided to each multiplexer of each processor in the plurality of processors. The select signal input to a multiplexer of a processor may have an associated value corresponding to the selection of the key value for the processor.
  • Randomly selecting one of the processors of the plurality of processors to be a boot processor may comprise using a random event generator provided in pervasive logic of the data processing system to generate a random value and decoding the random value to identify a processor from the plurality of processors in the data processing system to be the boot processor. The random event generator may comprise a linear feedback shift register (LFSR) counter and a ring oscillator coupled to the LFSR. The ring oscillator may provide an input to the LFSR to thereby generate a random value.
  • As mentioned above, the at least one random key value may comprise a plurality of random key values. Each random key value in the plurality of random key values may be generated by a separate random key value generator. Alternatively, each random key value in the plurality of random key values may be generated by a same random key value generator.
  • The data processing system may be a heterogeneous multiprocessor system-on-a-chip. The heterogeneous multiprocessor system-on-a-chip may have a first processor that operates according to a first instruction set and one or more second processors that operate according to a second instruction set different from the first instruction set. The first instruction set may be, for example, a RISC instruction set and the second instruction set may be, for example, a SIMD instruction set.
  • In another illustrative embodiment, a data processing system is provided that comprises a plurality of processors, pervasive logic coupled to the processors, at least one random key generator coupled to the plurality of processors, an encrypted boot code storage coupled to the plurality of processors, and a secret key storage coupled to the plurality of processors. Each processor of the plurality of processors may receive a secret key value from the secret key storage and at least one random key value from the at least one random key generator. The pervasive logic may randomly select one of the processors of the plurality of processors to be a boot processor. Each processor of the processors of the plurality of processors may select a key value for the processor based on the random selection of the boot processor. Only the boot processor is permitted to select the secret key as its corresponding key value and each of the other processors of the plurality of processors selects one of the at least one random key value as their corresponding key value. The boot processor may receive encrypted boot code from the encrypted boot code storage and may decrypt the encrypted boot code using the secret key value. The decrypted boot code may then be executed by the boot processor to thereby boot the data processing system to an operational state.
  • Each processor of the plurality of processors may receive the secret key value and a predetermined number of random key values. The predetermined number of random key values may be equal to a number of processors in the plurality of processors. Each processor of the plurality of processors that were not selected to be the boot processor may select a different key value from the at least one random key value.
  • Each processor in the plurality of processors may comprise a multiplexer. The secret key value and the at least one random key value may be provided as inputs to the multiplexer of each processor in the plurality of processors and a select signal may be provided to each multiplexer of each processor in the plurality of processors. The select signal input to a multiplexer of a processor may have an associated value corresponding to the selection of the key value for the processor.
  • The pervasive logic may comprise a random event generator and a decoder. The pervasive logic may randomly select one of the processors of the plurality of processors to be a boot processor by using the random event generator to generate a random value and using the decoder to decode the random value to identify a processor from the plurality of processors in the data processing system to be the boot processor. The random event generator may comprise a linear feedback shift register (LFSR) counter and a ring oscillator coupled to the LFSR. The ring oscillator may provide an input to the LFSR to thereby generate a random value.
  • As mentioned above, the at least one random key value may comprises a plurality of random key values. Each random key value in the plurality of random key values may be generated by a separate random key value generator. Alternatively, each random key value in the plurality of random key values may be generated by a same random key value generator.
  • In yet a further illustrative embodiment, a computer program product comprising a computer useable medium having a computer readable program is provided. The computer readable program, when executed on a data processing system, may cause the data processing system to perform various ones, and combinations of, the operations outlined above with regard to the method illustrative embodiment described previously.
  • These and other features and advantages of the present invention will be described in, or will become apparent to those of ordinary skill in the art in view of, the following detailed description of the exemplary embodiments of the present invention.
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • The novel features believed characteristic of the invention are set forth in the appended claims. The invention itself, however, as well as a preferred mode of use, further objectives and advantages thereof, will best be understood by reference to the following detailed description of an illustrative embodiment when read in conjunction with the accompanying drawings, wherein:
  • FIG. 1 is an exemplary block diagram of a multiprocessor system in which the illustrative embodiments may be implemented;
  • FIG. 2 is an exemplary diagram illustrating the primary operational components of a random boot processor selection mechanism in accordance with one illustrative embodiment;
  • FIG. 3A is an exemplary diagram illustrating a random selection mechanism in accordance with one illustrative embodiment;
  • FIG. 3B is a graphical representation of jitter introduced into the input to a LFSR counter of a random event generator in accordance with one illustrative embodiment;
  • FIG. 3C is an exemplary diagram illustrating an illustrative embodiment in which a secret key and a plurality of randomly generated key values are provided to processors using parallel signal lines;
  • FIGS. 4A-4D are exemplary diagrams illustrating masking operations for masking a secure boot operation of a randomly selected boot processor in accordance with illustrative embodiments;
  • FIG. 5 is a flowchart outlining an exemplary operation for randomly selecting a processor in a multiprocessor system as a boot processor;
  • FIG. 6 is a flowchart outlining an exemplary operation for masking a boot code sequence in accordance with one illustrative embodiment;
  • FIG. 7A is an exemplary diagram illustrating a distributed boot operation configured as a daisy chain or ring arrangement in accordance with one illustrative embodiment;
  • FIG. 7B is an exemplary diagram illustrating a distributed boot operation configured as a master/slave arrangement in accordance with one illustrative embodiment; and
  • FIG. 8 is a flowchart outlining an exemplary operation for distributed booting of a multiprocessor system in accordance with one illustrative embodiment.
  • DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
  • The illustrative embodiments provide an apparatus and method for selecting a random processor to boot on a multiprocessor system. The illustrative embodiments may be implemented for use with any multiprocessor system in which one of the processors may be selected for booting the multiprocessor system. Thus, the mechanisms of the illustrative embodiments are applicable to symmetric multiprocessor (SMP) systems, heterogeneous multiprocessor systems, non-coherent asymmetrical multiprocessor systems, and the like.
  • One multiprocessor system in which the illustrative embodiments may be implemented is the Cell Broadband Engine (CBE) available from International Business Machines, Inc. of Armonk, N.Y. The illustrative embodiments will be described with reference to the CBE architecture, however, it should be appreciated that the description of the illustrative embodiments is only exemplary and is not intended to state or imply any limitation with regard to the types or configurations of the multiprocessor systems in which the mechanisms of the illustrative embodiments may be implemented. Many modifications to the described CBE architecture may be made without departing from the spirit and scope of the present invention.
  • FIG. 1 is an exemplary block diagram of a data processing system in which aspects of the present invention may be implemented. The exemplary data processing system shown in FIG. 1 is an example of the Cell Broadband Engine (CBE) data processing system. While the CBE will be used in the description of the preferred embodiments of the present invention, the present invention is not limited to such, as will be readily apparent to those of ordinary skill in the art upon reading the following description.
  • As shown in FIG. 1, the CBE 100 includes a power processor element (PPE) 110 having a power processor unit (PPU) 116 and its L1 and L2 caches 112 and 114, and multiple synergistic processor elements (SPEs) 120-134 that each has its own synergistic processor unit (SPU) 140-154, memory flow control 155-162, local memory or store (LS) 163-170, and bus interface unit (BIU unit) 180-194 which may be, for example, a combination direct memory access (DMA), memory management unit (MMU), and bus interface unit. A high bandwidth internal element interconnect bus (EIB) 196, a bus interface controller (BIC) 197, and a memory interface controller (MIC) 198 are also provided.
  • The CBE 100 may be a system-on-a-chip such that each of the elements depicted in FIG. 1 may be provided on a single microprocessor chip. Moreover, the CBE 100 is a heterogeneous processing environment in which each of the SPUs may receive different instructions from each of the other SPUs in the system. Moreover, the instruction set for the SPUs is different from that of the PPU, e.g., the PPU may execute Reduced Instruction Set Computer (RISC) based instructions while the SPUs execute Single Instruction Multiple Data (SIMD) instructions.
  • The SPEs 120-134 are coupled to each other and to the L2 cache 114 via the EIB 196. In addition, the SPEs 120-134 are coupled to MIC 198 and BIC 197 via the EIB 196. The MIC 198 provides a communication interface to shared memory 199. The BIC 197 provides a communication interface between the CBE 100 and other external buses and devices, such as a SouthBridge™ communications processor, for example.
  • The PPE 110 is a dual threaded PPE 110. The combination of this dual threaded PPE 110 and the eight SPEs 120-134 makes the CBE 100 capable of handling 10 simultaneous threads and over 128 outstanding memory requests. The PPE 110 acts as a controller for the other eight SPEs 120-134 which handle most of the computational workload. The PPE 110 may be used to run conventional operating systems while the SPEs 120-134 perform vectorized floating point code execution, for example.
  • The SPEs 120-134 comprise a synergistic processing unit (SPU) 140-154, memory flow control units 155-162, local memory or store 163-170, and bus interface units 180-194. The local memory or store 163-170, in one exemplary embodiment, comprises a 256 KB instruction and data memory which is visible to the PPE 110 and can be addressed directly by software.
  • The PPE 110 may load the SPEs 120-134 with small programs or threads, chaining the SPEs together to handle each step in a complex operation. For example, a set-top box incorporating the CBE 100 may load programs for reading a DVD, video and audio decoding, and display, and the data would be passed off from SPE to SPE until it finally ended up on the output display. At 4 GHz, each SPE 120-134 gives a theoretical 32 GFLOPS of performance with the PPE 110 having a similar level of performance.
  • The memory flow control units (MFCs) 155-162 serve as an interface for an SPU to the rest of the system and other elements. The MFCs 155-162 provide the primary mechanism for data transfer, protection, and synchronization between main storage and the local storages 163-170. There is logically an MFC for each SPU in a processor. Some implementations can share resources of a single MFC between multiple SPUs. In such a case, all the facilities and commands defined for the MFC must appear independent to software for each SPU. The effects of sharing an MFC are limited to implementation-dependent facilities and commands.
  • The illustrative embodiments provide an apparatus and method for selecting a random processor, such as one of the SPEs 120-134, to boot a multiprocessor system, e.g., the CBE 100. By randomizing which SPE 120-134 will be used to boot the CBE 100, the ability of unauthorized persons to monitor the electrical interfaces, thermal activity, and other electromagnetic activity to obtain information about the boot sequence for purposes of defeating the security of the CBE 100 is made more difficult.
  • With the mechanisms of the illustrative embodiments, pervasive logic 193 is provided on the CBE 100 which controls the boot operation of the CBE 100. The pervasive logic 193 includes a random event generator which randomly selects which SPE 120-134 is to be the boot processor that runs the boot code to thereby bring the system into an operational state. Based on the random selection of a boot SPE 120-134, a configuration bit associated with the selected SPE, e.g., SPE 120, is set indicating that SPE 120 to be the actual boot processor. Thereafter, the selected SPE 120 is provided with the necessary security key(s) for secure booting of the CBE 100 into an operational state. When the chosen SPE successfully completes the secure boot procedure, it will transition from a secure state, wherein the MIC 198, Shared Memory 199, and a portion of the BIC 197 other than the communication link to Flash ROM 230 in FIG. 2 hereafter, are shutdown and prevented from operation, to an unlocked state. Once the secure SPE enters the unlocked state, it will initiate the process of fully enabling the MIC 198, BIC 197 (a process referred to as “training”), and all other processors (SPEs and PPE) by executing the encrypted code provided by the Flash ROM 230. For more information regarding the secure boot process used in the Cell Broadband Engine, reference is made to co-pending and commonly assigned U.S. Patent Application Publication No. 20050021944, which is hereby incorporated by reference.
  • In some illustrative embodiments, while the randomly selected SPE 120 performs the secure boot operation, the other SPEs 122-134 perform operations to mask the real secure boot operation. This masking may involve executing other code sequences, other than the boot code sequence, that cause the SPEs 122-134 to generate electrical, electromagnetic, and/or thermal outputs that, if monitored by an interloper, would make it difficult for the interloper to distinguish which SPE 120-134 is performing the actual secure boot operation.
  • One way in which a different code sequence may be generated is by inserting random delay elements into the boot code that run loops which iterate a random amount. These random delay elements are added so that while booting the processor, the secure-boot algorithm will change in a random way to cause different electromagnetic and thermal signatures, thereby making it difficult to compare two different boot operations over time. In this way, each SPE 120-134 may run the boot code but with differing delay amounts thereby causing different electromagnetic and thermal signatures to be generated. Moreover, the same SPE 120-134 will generate different electromagnetic and thermal signatures each time it runs the secure boot code. From an interloper's perspective, it will be very difficult to discern the actual boot SPE 120 from the other SPEs 122-134 in the CBE 100 due to such masking.
  • In a further illustrative embodiment, the code sequences performed by the other SPEs 122-134 are the same boot code sequence that the randomly selected SPE 120 executes but with dummy security keys. Thus, these other SPEs 122-134 operate and look, to an interloper, as if they are performing the secure boot operation. However, if the SPEs 122-134 are monitored, false electrical, electromagnetic, and thermal outputs are identified that make it difficult for the interloper to determine if the monitored SPE is the actual randomly selected SPE 120 that is performing the secure boot operation.
  • In a still further illustrative embodiment, masking of the randomly selected boot SPE 120 may be performed by providing a dummy SPE (not shown). The dummy SPE appears, from an electromagnetic, thermal, etc., monitoring apparatus perspective, as if it is unique by running processes different from the boot code sequence on this dummy SPE to thereby redirect attacks on the CBE 100 to this dummy SPE. In this way, when an interloper attempts to access the system by getting around the security mechanisms, the interloper only accesses a dummy SPE that does not have actual access to the rest of the CBE 100. Furthermore, if the intruder compromises the dummy SPE and attempts to execute code, the dummy SPE can then shutdown the rest of the CBE 100 to prevent further intrusion attempts.
  • Each of the above mentioned illustrative embodiments will now be described in greater detail. It should be appreciated that, while each illustrative embodiment will be described separately herein, the illustrative embodiments may be combined in various ways so as to achieve even greater security of the multiprocessor system, e.g., CBE 100. Thus, any combination of the illustrative embodiments that is deemed suitable to a particular situation and multiprocessor environment is intended to be within the spirit and scope of the present invention.
  • FIG. 2 is an exemplary diagram illustrating the primary operational components of a random boot processor selection mechanism in accordance with one illustrative embodiment. It should be appreciated that, for simplicity of the explanation of the illustrative embodiments, FIG. 2 only shows one processor of a multiprocessor system in detail. However, it should be appreciated that each of the processors of the multiprocessor system have a similar arrangement of elements and operate in a similar manner to that of the processor that is explicitly shown in FIG. 2. Any number of processors may be included in the multiprocessor system without departing from the spirit and scope of the present invention. However, for purposes of explanation of the illustrative embodiments, it will be assumed that the number of processors is eight as in the CBE architecture shown in FIG. 1.
  • As shown in FIG. 2, the primary operational components of a random boot processor selection mechanism include a system controller 210, a secure key storage 220, a flash ROM 230, and pervasive logic 240. In one illustrative embodiment, taking the CBE architecture of FIG. 1 as exemplary, elements 210-240 may be elements that are provided on the chip in which the CBE architecture is implemented. That is, these elements 210-240 may be built into the logic of a multiprocessor system-on-a-chip (SoC) and thus, the operations performed by these elements 210-240 may be performed on-chip. Alternatively, one or more of the elements may be provided off chip, e.g., the flash ROM 230 may be provided off-chip.
  • The system controller 210 is responsible for performing the initial operations of a power on reset (POR) to bring the power of the system to an acceptable and stable level. That is, the system controller 210 is responsible for bringing up the voltages, turning on the system clock, and other initial operations required for bringing the multiprocessor system to a state where boot operations may begin, as is generally known in the art. As part of this POR operation, the processors 280-290 are brought up in a secure mode of operation. In this secure mode of operation, the processor's local stores are not accessible outside the processor. The system controller 210, once these initial operations are completed and the system is at an acceptable power state, signals a “power good” state to the pervasive logic 240.
  • In response to the “power good” signal from the system controller 210, the pervasive logic 240 begins a boot operation for booting the multiprocessor system into an operational state such that software programs may begin to execute. As part of this boot operation, a random event generator 242 of the pervasive logic 240 randomly selects one of the processors, e.g., processor 280, to be the boot processor for the multiprocessor system. The random event generator 242 generates a signal that is sent to each of the processors of the multiprocessor system. The signal is logically high only for the processor that is selected as the boot processor. This signal effectively sets the value in the configuration bit register 250 of the randomly selected processor 280 to a value, e.g., “1”, indicative of this processor 280 being the boot processor. The other processors will have their configuration bit values in their respective configuration bit registers kept at an initial value, thereby indicating that these processors are not the randomly selected boot processor for the multiprocessor system.
  • The boot code for booting the multiprocessor system is stored in an encrypted format in flash ROM 230. The encrypted boot code 232 may be provided to each of the processors 280-290. That is, as part of the boot sequence, each of the processors 280-290 may attempt to read the encrypted boot code 232 from the flash ROM 230. However, since only one of the processors has been randomly selected as the boot processor, only one of the processors will be able to decrypt the encrypted boot code 232 and properly execute it so as to bring the multiprocessor system to an operational state. This is achieved through the use of a selector 260 provided in each of the processors that selects between the secret key that is the key value used to decrypt the encrypted boot code 232 and a randomly generated key value that will not be able to decrypt the encrypted boot code 232.
  • The value stored in the configuration bit register 250 is used to generate a selector signal that is provided to the selector 260. For example, selector 260 may be a multiplexer that receives the secure key (Skey) from the secure key storage 220 as one input, a randomly generated key value from a random value generator 262 as a second input, and the select signal from the configuration bit register 250 indicating which of the two inputs to select. If the configuration bit register 250 stores a value indicative of the processor being the randomly selected boot processor, then the Skey input is selected. If the configuration bit register 250 stores a value indicative that the processor is not the randomly selected boot processor, then the randomly generated key value input may be selected by the selector 260. The selected key value is then output to the SPE 270.
  • The SPE 270 receives the selected key value and the encrypted boot code 232. The SPE 270 then attempts to decrypt the encrypted boot code 232. If the selected key value is the Skey from the secure key storage 220, then the SPE 270 will be able to properly decrypt the encrypted boot code 232 and execute the boot code instructions therein to bring the system to an operational state. If the selected key value is not the Skey from the secure key storage 220, then the decryption will fail and the SPE 270 will not be able to execute the boot code instructions.
  • The above process for randomly selecting a boot processor and booting the multiprocessor system using the randomly selected boot processor may be performed with each power-on reset (POR) operation performed by the multiprocessor system. Thus, each time the multiprocessor system is booted, a different one of the plurality of processors may be randomly selected to be the boot processor. As a result, a potential intruder into the system will not be able to determine, a priori, which processor is the boot processor and direct measurements of electromagnetic and thermal conditions of the multiprocessor system to that particular processor.
  • On the contrary, the potential intruder must either monitor a single processor through multiple boot-up operations of the multiprocessor system in hopes that the single processor will eventually be selected as the random processor to be the boot processor or the potential intruder must monitor all of the processors to thereby identify which processor is the boot processor and attempt to obtain the necessary information through measurements of its individual electromagnetic and thermal conditions. In an eight processor system, for example, the difficulty in monitoring the boot sequence is made eight times more difficult since all eight processors must be monitored. Moreover, more probes and hardware would be need to do such monitoring, thereby adding to the difficulty of attempting such monitoring.
  • FIG. 3A is an exemplary diagram illustrating a random selection mechanism in accordance with one illustrative embodiment. As described above, the principle idea behind the illustrative embodiments is the random selection of a processor, from a plurality of processors, to be the boot processor for the multiprocessor system. In order to do this random selection, a random event generator and selector mechanism are provided. The random event generator is provided in pervasive logic of the multiprocessor system while a selector is provided in association with each of the processors, in the illustrative embodiments. FIG. 3A provides a depiction of one implementation of a random event generator and selector in accordance with one illustrative embodiment.
  • As shown in FIG. 3A, the random event generator 310, which may correspond to the random event generator 242 in FIG. 2, for example, includes a linear feedback shift register (LFSR) counter 320, a ring oscillator 330, and a selector signal register/decoder 340. The ring oscillator 330 is a device composed of an odd number of NOT gates whose output oscillates between two voltage levels. The NOT gates, or inverters, are attached in a chain with the output of the last inverter being fed back into the first inverter. The last output of a chain of an odd number of inverters is the logical NOT of the first input. This final output is asserted a finite amount of time after the first input is asserted. The feedback of this last output to the input causes an unstable oscillation that will vary in time according to random elements such as electromagnetic noise on the power supply and temperature.
  • The output of the ring oscillator 330 is provided as an input to the LFSR counter 320 along with a clock signal clk. The LFSR counter 320 is a shift register whose input bit is a linear function of its previous state. The only linear functions of single bits are XOR and inverse-XOR and thus, the LFSR is a shift register whose input bit is driven by the exclusive-or (XOR) of some bits of the overall shift register value.
  • The initial value of the LFSR counter 320 is called the seed, and because the operation of the register is deterministic, the sequence of values produced by the LFSR counter 320 is completely determined by its current (or previous) state. A LFSR counter 320 with a well-chosen feedback function can produce a sequence of bits which appears random and which has a very long cycle. In the illustrative embodiments, this randomness is made more apparent in that the input to the LFSR counter 320 is a product of the oscillation produced by the ring oscillator 330 and the discrepancy between the frequency of the ring oscillator 330 and the input clock clk which vary independently of one another.
  • The LFSR counter 320 receives, as input, the output from the ring oscillator 330 and the clock signal clk, and generates an output bit stream that is stored in selector signal register/decoder 340. The inverters of the ring oscillator 330 introduce a delay in the output signal to the LFSR counter 320 and thus, there is a discrepancy between the frequency of the ring oscillator 330 and the input clock clk. This discrepancy between the frequencies gives rise to jitter in the input to the LFSR counter 320, as depicted in FIG. 3B. This jitter provides a measure of randomness which randomizes the output generated by the LFSR counter 320.
  • The output of the LFSR counter 320 is stored in the selector signal register/decoder 340. In the depicted example, the LFSR counter 320 is a 3-bit counter which generates a 3-bit output that is interpreted to encode a value 1-8. A decoder function of the selector signal register/decoder 340 selects one of the 8 unique outputs based on the random 3-bit input value. Based on the state of the bits stored in the selector signal register 340, high or low state signals are output to the configuration bit registers of the various processors, e.g., SPE0-SPE7 120-134 in FIG. 1, to thereby set the values stored in the configuration bit registers and thus, select one of the processors to be the boot processor for the multiprocessor system.
  • Once the configuration bit register values are set, these values are used to provide selector signals to the corresponding selectors 350-370. As shown in FIG. 3A, the selector signal is provided to a multiplexer 352, 362, 372, along with an Skey input and a random key value input. Based on the state of the selector signal, either the Skey input or the random key value input is selected by each of the multiplexers 352, 362, 372. The random key value inputs may be generated by one or more random value generators of the same or a different type from the random event generator configuration described above for selecting the boot processor. That is, a similar random event generator configuration as described above may be used to randomly generate a key value having a same length as the Skey. These random key values are then input to the multiplexers 352, 362, and 372.
  • The system is designed such that, by way of the decoder function describe above, for example, only one of the selector signals that are input to the multiplexers 352, 362, 372 will select the Skey input while all the others will select a random key value input. The outputs from the multiplexers 352, 362, and 372 are provide to the corresponding SPEs so that the SPEs may utilize these outputs for either decrypting boot code and executing the boot code, in the case of the randomly selected boot processor, or attempting to decrypt the boot code and failing to boot the multiprocessor system, as in the case of all other processors in the multiprocessor system.
  • It should be appreciated that the mechanisms described above for providing a random event generator and selector are only exemplary and are not intended to state or imply any limitation with regard to the types of random event generators and selectors that may be used with the illustrative embodiments. For example, rather than using a ring oscillator and LFSR counter arrangement as shown in FIG. 3A, other random event generators may be utilized. For example, a thermal sensor may be used to measure thermal noise which may then be used to generate a random event for selecting one of the processors as a boot processor. Similarly, a quantum dot (q-dot), or semiconductor nanocrystals, may be used to measure quantum source effects that may be used as a source of randomness for selecting a processor as the boot processor. Any strong source of randomness may be used with the illustrative embodiments to provide a random selection of a processor for use as the boot processor for the multiprocessor system.
  • Moreover, it should be appreciated that while FIG. 3A shows the ring oscillator 330 having five inverters, the illustrative embodiments are not limited to such. Rather, any number of inverters, so long as there are an odd number of inverters, may be used without departing from the spirit and scope of the present invention. In fact, in order to provide additional jitter in the input to the LFSR counter 320, it may be desirable to add additional inverters to the chain of inverters in the ring oscillator 330 so as to introduce even more discrepancy between the frequency of the input clock signal clk and the input from the ring oscillator 330. The amount of discrepancy may be selected based on the desired operational characteristics for the particular multiprocessor system in which the illustrative embodiments are implemented.
  • Furthermore, while FIGS. 2 and 3A depict the random key value being generated by a separate random key value generator for each processor, the illustrative embodiments are not limited to such. Rather, a single random key value generator may be provided for all of the processors with the random key value generator generating one or more random key values that are input to the processors. Thus, for example, the random key value generator may generate a single random key value that is provided to all of the processors, a separate random key value for each individual processor (in which case seven different random key values may be generated, for example), or any number of random key values that may be selectively provided to the various processors of the multiprocessor system.
  • In one illustrative embodiment, as illustrated in FIG. 3C, a plurality of random key value generators 390 may be provided that each output a different random key value. Alternatively, as mentioned above, a single random key value generator may be used in replacement of these separate random key value generators. These random key values may be provided as inputs to the selectors, e.g., multiplexers 391 and 392, of the processors, e.g., SPEs 393 and 394, in the multiprocessor system along with the secure key (Skey) from an Skey storage 395, e.g., an eFuse, that is actually used to decrypt the boot code for booting of the multiprocessor system. As shown, the randomly generated key values and the Skey value may be multiplexed and provided on eight identical signal lines to each of the multiplexers 391 and 392 so as to make it more difficult for an intruder to isolate one of the lines as being a signal line from the secure key storage 395.
  • The eight total key value inputs may be provided to the multiplexers 391 and 392 and the select signals from the random event generator 396 in the pervasive logic 397 may be used to select one of the eight inputs. In this case, rather than simply selecting between the Skey input and a random key value, the multiplexers 391 and 392 may select between the Skey input and seven random key values. Thus, a first processor may select the Skey input, based on the random selection of this first processor as the boot processor, a second processor may select a third random key value, a third processor may select a fourth random key value, a fifth processor may select a first random key value, and so on. Thus, each processor may receive a different key value, either the Skey or a randomly generated key value. As a result, it becomes difficult for an intruder to discern which key value is the correct key value when monitoring bus traffic of the multiprocessor system.
  • It should be further appreciated that the mechanisms shown in FIGS. 3A and 3C are preferably provided in lower layer metal layers of the ceramic package in which the multiprocessor system is provided, or the lowest layer of interconnect, if the design is on a single chip. Since the ability to probe electrical and thermal characteristics of a multiprocessor system is currently limited to the upper layers of the multiprocessor ceramic package, by placing these elements in the lower layer metal layers, the ability to probe the operation of these elements is made more difficult. Thus, it is very difficult, if not impossible, for a would-be intruder to monitor the thermal and electrical characteristics of the random event generator and selectors so as to determine the key values provided by these elements.
  • Using the mechanisms above, a processor within a plurality of processors of a multiprocessor system may be randomly selected to boot the multiprocessor system. In this way, the ability to monitor the electrical and thermal characteristics of the processors so as to obtain secret information, e.g., the secret keys, used to boot the multiprocessor system is made more difficult and potentially becomes a deterrent to those who may wish to access the multiprocessor system without authorization.
  • While the above mechanism for randomly selecting a processor to boot the multiprocessor system provide a good amount of protection against monitoring of the boot sequence, it may still be possible for an unauthorized individual to “hack” the system if such an individual is persistent enough. In order to make such monitoring virtually impossible, the illustrative embodiments provide additional mechanisms for masking the boot sequence on the randomly selected processor such that the unauthorized individual is not able to discern which processor is correctly performing the actual boot sequence for booting the multiprocessor system.
  • In one illustrative embodiment, the masking operation involves each of the processors that were not selected to be the boot processor running a different set of instructions to thereby generate masking electrical and thermal signatures that make it difficult to discern the boot processor from the other processors in the system. The code sequences that are run by the different processors may be the same default code sequence that is provided either in a memory associated with the processor, or is otherwise accessible by the processors when the processors are not able to decrypt the boot code sequence. For example, the default code sequence may be provided in a secure portion of a local store associated with each of the processors. Alternatively, the default code sequence may be provided in a flash ROM or other storage device provided on or off-chip.
  • When the processor is not able to decrypt the actual encrypted boot code received from the flash ROM, the processor may default back to this secure portion of local storage which causes the processor to execute instructions to mask the boot code sequence being performed on another processor. This sequence of instructions may not generate any useable information and may serve only a masking function. Alternatively, this sequence of instructions may be used to perform operations for monitoring the system during the boot operation, or other useful operations, for example.
  • In one illustrative embodiment, the code that is executed on each of the non-selected processors, i.e. the non-boot processors, is the same. In illustrative embodiments where the code that is executed by each of the non-selected processors is the same, the code that is run on each of these non-selected processors preferably is code that generates electrical and thermal profiles that resemble the actual boot code but do not provide any of the secret information that an intruder would require in order to circumvent the security of the multiprocessor system. Such code may perform similar operations to that of the actual boot code but not access the sensitive portions of the multiprocessor system. In fact, in one illustrative embodiment, the same boot code that is used to boot the multiprocessor system may be used by the non-selected processors but with access to the secure key (Skey) and other privileged information being made inaccessible.
  • As a result, the thermal profile and bus traffic of these non-selected processors will approximate the actual boot sequence. Thus, from the perspective of an intruder using monitoring probes to monitor the thermal profile, bus traffic, and the like, the intruder will be unable to decipher which core is performing the actual boot operation since all of the cores will look the same via the monitoring probes. Such ambiguity deters tampering and makes it more difficult to isolate the real boot code sequence, secret key information, and the like.
  • In other illustrative embodiments, each of the non-selected processors may execute a different set of instructions. By executing different sets of instructions on each of the non-selected processors, none of the processors look unique when monitored using electrical or thermal probes. As a result, a distinguishing characteristic, such as thermal profile or bus traffic, cannot be identified by probes so as to identify which processor is the boot processor.
  • These different sets of instructions may be randomly selected for each of the processors in the multiprocessor system. Thus, for example, differing start addresses for code sequences stored in an on-chip storage device, e.g., a flash ROM or the like, may be randomly selected and provided to the processors of the multiprocessor system. The processors may then begin executing instructions at the randomly selected start addresses thereby generating different thermal profiles and bus traffic that masks the actual boot code sequence.
  • One way in which to provide different code sequences for the different processors is to provide boot code that has random delay elements inserted into the boot code. These delay elements may be, for example, loops that iterate a random number of times. Such delay elements may be provided both in the actual boot code sequence run by the randomly selected boot processor and in the boot code sequences run by the non-selected processors. This random delay causes the boot code to “look” different on each of the processors from the perspective of an intruder monitoring the thermal and bus traffic characteristics of the processors. As a result, it is not possible for the intruder to discern which processor is running the actual boot code that boots the multiprocessor system.
  • In yet another illustrative embodiment, a dummy processor is provided that looks as though it is unique when monitored by an intruder. This illustrative embodiment is a combination of the previous embodiments in which one processor is randomly selected to be the boot processor, one processor of the non-selected processors is selected to be a dummy processor that runs code that provides a unique thermal and bus traffic profile from the boot code sequence, and the other processors run code sequences that replicate the thermal profile and bus traffic of the actual boot code sequence as close as possible. In this way, the intruder will detect the dummy processor as being unique from the other processors and will conclude that this processor is running the actual boot code sequence. Thus, the intruder will direct its attacks to this dummy processor rather than the actual boot processor that appears to be similar to the other processors from a thermal profile and bus traffic standpoint. Furthermore, if the intruder attempts to run code or otherwise actively interfere with the dummy processor, the dummy processor can then signal a system shutdown.
  • FIGS. 4A-4D are exemplary diagrams illustrating masking operations for masking a secure boot operation of a randomly selected boot processor in accordance with illustrative embodiments. FIG. 4A illustrates a first masking operation in which code that appears, from a monitoring probe standpoint, to be the same as the boot code sequence is run on each of the non-selected processors. As shown in FIG. 4A, SPE0 410 is randomly selected, such as by use of the mechanisms described previously, to be the boot processor for the multiprocessor system 400. Thus, SPE0 410 receives the secret key, decrypts the boot code sequence from the flash ROM, and executes the actual boot code operations required to bring the multiprocessor system 400 into an operational state. The other SPEs, i.e. SPE1-SPE7 412-424, execute code that looks like the boot code sequence from the perspective of a monitoring probe.
  • As described above, the code sequence that the other SPEs 412-424 run may be default code sequences provided in a secure portion of local storage which causes the SPE 412-424 to execute instructions to mask the boot code sequence being performed on SPE0 410. The code that is run on each of these non-selected SPEs 412-424 preferably is code that generates electrical and thermal profiles that resemble the actual boot code but do not provide any of the secret information that an intruder would require in order to circumvent the security of the multiprocessor system. Such code may perform similar operations to that of the actual boot code but not access the sensitive portions of the multiprocessor system 400.
  • FIG. 4B illustrates another illustrative embodiment in which different randomly selected algorithms are run on each of the non-selected processors. As shown in FIG. 4B, SPE0 is again selected to be the boot processor and thus, runs the boot code for booting the multiprocessor system 400 into an operational state. Each of the other SPEs 412-424 run a separate randomly selected algorithm that generates different thermal profiles and different bus traffic on the EIB. Thus, each SPE0-7 appears to be unique when compared to each of the other SPEs 410-424. Thus, it is not possible to discern which SPE0-7 410-424 is the actual boot processor for booting the multiprocessor system 400.
  • As mentioned above, these different algorithms may be randomly selected for each of the SPEs 412-424 in the multiprocessor system. Thus, for example, differing start addresses for code sequences stored in an on-chip storage device, e.g., a flash ROM or the like, may be randomly selected and provided to the SPEs 412-424. The SPEs 412-424 may then begin executing instructions at the randomly selected start addresses thereby generating different thermal profiles and bus traffic that masks the actual boot code sequence.
  • Alternatively, the boot code may be provided to each of the SPEs 410-424 with random delay elements inserted into the boot code. These delay elements may be, for example, loops that iterate a random number of times. This random delay causes the boot code to “look” different on each of the SPEs 410-424 from the perspective of an intruder monitoring the thermal and bus traffic characteristics of the processors. As a result, it is not possible for the intruder to discern which processor is running the actual boot code that boots the multiprocessor system.
  • FIG. 4C illustrates another illustrative embodiment in which a dummy processor is provided to which attacks from an intruder may be redirected. As shown in FIG. 4C, SPE0 is the randomly selected boot processor executing the boot sequence. SPE1-SPE4 412-418 and SPE6-SPE7 422-424 run code that looks like the boot code sequence from a thermal and bus traffic monitoring perspective, as in the embodiment described above with regard to FIG. 4A. SPE5 420, on the other hand, runs a randomly selected algorithm which may be randomly selected in a similar manner as described above with regard to FIG. 4B.
  • Thus, from the perspective of an intruder monitoring the characteristics of the processors 410-424, all of the SPE0-SPE4 410-418 and SPE6-SPE7 422-424 look to be executing the same code. SPE5 420, however, appears to be unique from the other SPEs. Hence, an intruder wishing to attack the boot sequence of the multiprocessor system may redirect attacks against SPE5 420 rather than the actual boot processor SPE0 410 since, to the intruder, it appears that SPE5 420 is the actual boot processor.
  • Just as the actual boot processor is randomly selected with each power-on reset (POR) operation, the dummy processor may be randomly selected from the non-selected processors as well. Thus, with each POR operation, a different boot processor and dummy processor may be selected, thereby making it more difficult for an intruder to deduce which processor is performing an actual boot sequence that may be compromised in order to obtain access to the multiprocessor system.
  • For completeness, FIG. 4D illustrates the illustrative embodiment previously described above in which the boot code that is used to boot the system is executed by each of the processors. In this illustrative embodiment, only the randomly selected boot processor is given access to the secret key (Skey) while the other processors receive randomly selected keys (Rkey1-Rkey7). Each of the processors attempts to decode and execute the boot code using the key that was supplied to them, e.g., the Skey or an Rkey. Only the randomly selected boot processor will be able to correctly decrypt the boot code and execute it to bring the data processing system into an operational state. However, to an outside monitor, it will appear as if all of the processors are booting the system, thereby masking the actual boot processor, since each of them will be performing similar tasks to attempt to decrypt and boot the system. That is, each of the processors will generate a similar thermal and/or electrical signature that makes it difficult for a would-be intruder to discern which processor is the actual boot processor using measuring probes and the like.
  • Through the use of the random selection of the boot processor and the masking of the boot sequence, as provided by the illustrative embodiments, it becomes very difficult for any would-be intruder into the multiprocessor system to be able to discern which processor is performing a boot code sequence. Thus, it becomes very difficult for a would-be intruder to monitor thermal profiles and bus traffic of the processors and identify secret key information for use in accessing the encrypted boot code. Moreover, it becomes difficult for a would-be intruder to identify places in the boot code sequence where intrusion into the system is possible. Hence, the multiprocessor system is made more secure from unauthorized access to the boot sequence.
  • FIGS. 5-6 are flowcharts outlining an exemplary operation for randomly selecting a processor in a multiprocessor system as a boot processor and for masking the boot code sequence. It will be understood that each block of the flowchart illustrations, and combinations of blocks in the flowchart illustrations, can be implemented by computer program instructions. These computer program instructions may be provided to a processor or other programmable data processing apparatus to produce a machine, such that the instructions which execute on the processor or other programmable data processing apparatus create means for implementing the functions specified in the flowchart block or blocks. These computer program instructions may also be stored in a computer-readable memory or storage medium that can direct a processor or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory or storage medium produce an article of manufacture including instruction means which implement the functions specified in the flowchart block or blocks.
  • Accordingly, blocks of the flowchart illustrations support combinations of means for performing the specified functions, combinations of steps for performing the specified functions and program instruction means for performing the specified functions. It will also be understood that each block of the flowchart illustrations, and combinations of blocks in the flowchart illustrations, can be implemented by special purpose hardware-based computer systems which perform the specified functions or steps, or by combinations of special purpose hardware and computer instructions.
  • FIG. 5 outlines an exemplary operation for random selection of a boot processor for booting a multiprocessor system. As shown in FIG. 5, the operation starts with the system controller performing a power-on reset (POR) operation (step 510). After performance of the initial POR operations, the system controller provides a “power good” signal to the pervasive logic of the multiprocessor system (step 520) and the pervasive logic initiates a random boot operation (step 530).
  • The pervasive logic randomly selects a processor from a plurality of processors to be the boot processor (step 540). The pervasive logic then sets the configuration bits of the processors based on the random selection (step 550) and signals the processors to begin the boot operation (step 560). A flash ROM provides the encrypted boot code to the processors and key values are provided to the processors from a secret key storage and random key generator (step 570). The processors then select the keys that are to be used by the processors based on the setting of their configuration bits (step 580). The processors attempt to decrypt the boot code based on the selected keys (step 590). The selected processor decrypts the boot code using the secret key and boots the system (step 595). It should be noted that the attempt to decrypt the boot code by all other non-selected processors will fail and only the selected processor will be able to boot the system. The operation then ends.
  • FIG. 6 is a flowchart outlining an exemplary operation for masking a boot code sequence in accordance with one illustrative embodiment. The operation outlined in FIG. 6 may be performed in each processor of a multiprocessor system, for example.
  • As shown in FIG. 6, the processor receives a signal to begin a boot operation (step 610). This step may correspond to step 530 in FIG. 5, for example. The processor attempts to decrypt the boot code (step 620) and a determination is made as to whether the decrypt attempt failed (step 630). If the decrypt was successful, i.e. the processor is the randomly selected boot processor, then the boot code is executed to thereby bring the multiprocessor system to an operational state (step 640).
  • If the decryption failed, then a code sequence to execute to mask the boot sequence is selected (step 650). As mentioned above, depending upon the particular embodiment, the selection of a masking code sequence may be based on a default code sequence in a secure portion of a local store, a randomly selected starting address, the use of boot code with random delay elements, or the like. The masking code sequence is run (step 660) and a determination is made as to whether the system is in an operational state, i.e. the boot sequence has completed (step 670). If not, the operation returns to step 660 and continues to run the masking code sequence. If the system is in an operational state, then the execution of the masking code sequence is ended (step 680) and the operation terminates.
  • Thus, the above illustrative embodiments provide a mechanism by which a processor may be randomly selected from a plurality of processors as a boot processor for booting a multiprocessor system to an operational state. The illustrative embodiments further provide a mechanism for masking the boot code sequence being executed by a randomly selected processor so as to make it difficult for an intruder to discern which processor has been randomly selected to execute the actual boot code sequence. Using these mechanisms, a multiprocessor system is made more secure by making it extremely difficult for an intruder to gain access to the system through monitoring the boot code sequence.
  • The above illustrative embodiments are described in terms of the boot code sequence being performed by a single processor in a multiprocessor system. However, the illustrative embodiments are not limited to such. In other illustrative embodiments, the boot code sequence may be distributed across a plurality of processors in the multiprocessor system, as described hereafter. By distributing the boot code sequence across a plurality of processors in the multiprocessor system, the number of processors that must be compromised in order to obtain complete information about the boot sequence and thereby circumvent security measures is increased.
  • Thus, the distributed boot operation of the illustrative embodiments described hereafter is more secure than multiprocessor data processing systems that utilize a single secure core. Furthermore, by distributing the boot operation, if any portion of the boot operation is compromised, the boot operation fails, thereby preventing an unauthorized individual from circumventing the security of the system. In other words, while the would-be intruder may compromise a portion of the boot operation, the would-be intruder is not able to compromise the all of the boot operation and thus, is not able to obtain access to the multiprocessor data processing system.
  • With this illustrative embodiment, the boot code sequence is partitioned into a plurality of partitions such that each partition may be provided to a different processor of the multiprocessor system. As each partition of the boot code sequence is executed, that partition must complete correctly on its respective processor before the boot code sequence may proceed on another processor. A secure communication mechanism is used to communicate satisfactory completion of a previous partition of the boot code sequence. This secure communication mechanism may include a security token, such as an encrypted password or other security identifier, e.g., a public/private encryption key pair, that indicates that the previous session was not compromised. In this way, a chain of dependent “sessions” are created that must complete satisfactorily.
  • The processors that are involved in the distributed execution of the boot code may be all of the processors in the multiprocessor system or a sub-set of the processors in the multiprocessor system. For example, a random selection mechanism, such as that described above for selecting a single boot processor, may be used to randomly select a plurality of boot processors to be used in booting the system in a distributed manner. Moreover, the particular partitions of the boot code that are executed by the processors may be randomly selected such that, with each power-on reset (POR) operation, the same processor may or may not execute the same boot code partition as in a previous POR operation. Thus, randomization may be performed with regard to which processors are involved in the distributed boot operation as well as with regard to what boot code partitions each processor will execute.
  • Other processors of the multiprocessor system, i.e. non-boot processors, may either not perform any work during the distributed boot operation or may execute masking code sequences, of one or more of the various masking code illustrative embodiments described previously, to mask the boot code execution on the randomly selected sub-set of processors. In other words, the distributed boot code sequence operation of the present illustrative embodiment may be combined with one or more of the previously described illustrative embodiments without departing from the spirit and scope of the present invention.
  • FIG. 7A is an exemplary diagram illustrating a distributed boot operation configured as a daisy chain or ring arrangement in accordance with one illustrative embodiment. As shown in FIG. 7A, a plurality of processors 720-750 are provided for booting the multiprocessor data processing system. In the depicted example, all of the co-processors, i.e. SPEs, are utilized in the distributed boot operation while the control processor, e.g., PPE, does not execute the distributed boot code. Of course, in other illustrative embodiments, the PPE may also be included in the distributed boot operation. Moreover, in other illustrative embodiments, as mentioned previously, only a sub-set of the processors in the multiprocessor data processing system may be used to perform the distributed boot operation.
  • The encrypted boot code 710, which may be stored in a storage device associated with the multiprocessor data processing system, such as in Flash ROM 230 in FIG. 2, for example, may be partitioned into separately executable partitions, i.e. boot code partitions 1 to n. For example, the partitions may be provided as modules or routines in the encrypted boot code that are separately encrypted using the same encryption algorithm and the same secret key (Skey). Preferably, the number of boot code partitions is equal to the number of processors that will be involved in the distributed boot operation, i.e. the number of boot processors. However, in some illustrative embodiments, such as in a ring arrangement of the boot processors, the number of boot code partitions is not limited the number of boot processors and may be any number of partitions less than or greater than the number of boot processors.
  • The distributed boot operation is performed under the control of the pervasive logic 790, which may be the same pervasive logic 193 in FIG. 1, for example. The pervasive logic 790, through the user of the random event generator, for example, may randomly select the processors 720-750 to be used as boot processors as well as may randomly select which partition each of the randomly selected processors 720-750 will execute. In such an embodiment, the pervasive logic 790 may keep track of the order in which the boot code partitions are to be executed in order to ensure the security of the boot code sequence through use of a secure communication mechanism that indicates whether or not a previous session of the distributed boot operation has been compromised. For simplicity of the present description, however, it will be assumed that, in the depicted example, all of the processors, or at least the co-processors, of the multiprocessor system are utilized in the distributed boot operation and that boot code partitions are provided to the processors 720-750 in sequential order.
  • The pervasive logic 790 provides selector signals to the processors 720-750 for selecting which boot code partition is to be executed by each of the processors 720-750. In addition, the pervasive logic 790 provides key value selector signals for causing the processor 720-750 to select the Skey, from Skey storage, as the key to be used to decrypt their corresponding boot code partitions. The processors 720-750 decrypt their boot code partition using the supplied Skey and then execute the boot code partition in the proper sequence either by virtue of the arrangement of the processors 720-750 in a daisy chain architecture or under the control of the pervasive logic 790, for example.
  • In the depicted example, SPE0 720 begins the distributed boot operation by decrypting its boot code partition 1, executing the boot code partition, and then securely communicating the successful completion of the boot code partition 1 to SPE1 730. Moreover, a security mechanism may be utilized between the SPEs for indicating that the previous session, i.e. the session comprised of the execution of the previous boot code partition, was not compromised. The security mechanism may be, for example, passing a security token, digital signature, password, a checksum of the previous boot code partition, using public key/private key encryption of the successful completion message, or the like. Any security mechanism that may be used to communicate whether or not the previous session of a distributed boot operation was compromised or not is intended to be within the spirit and scope of the present invention.
  • After receiving confirmation of the successful and uncompromised completion of the boot code partition 1 execution, the SPE1 730 may decrypt its boot code partition 2, execute the boot code partition, and then communicate its successful completion of boot code partition 2 to SPE2 740. This process may continue until all of the processors have signaled that they have completed their portion of the distributed boot operation without being compromised. Any break in this dependency chain of boot code partitions, e.g., any signaling of unsuccessful execution or compromised execution, results in a failed boot which may be signaled to the system controller. Once all of the boot code partitions have completed successfully, the multiprocessor data processing system is in an operative state in which software applications may be executed on the various processors.
  • The illustrative embodiment described above utilizes a daisy-chain arrangement of the processors with regard to the boot code partitions that are executed on the processors. Other arrangements that ensure a sequential execution of boot code partitions may be utilized without departing from the spirit and scope of the present invention. For example, an extension of the daisy-chain arrangement above is to provide a ring arrangement of the processors with regard to the distributed boot operation such that the last processor, e.g., SPE7 750, communicates back to the first processor, e.g., SPE0 720, which is selected as the “primary” boot processor, its successful and uncompromised completion of execution of its boot code partition. In this way, the security mechanism, e.g., the security token, an incremented count value, etc., which is passed from one session to the next through the ring arrangement may be used at the primary boot processor to verify uncompromised execution of the entire distributed boot operation.
  • Moreover, a ring arrangement of processors allows a greater number of boot code partitions to be utilized than the number of boot processors. Thus, if only a sub-set of processors in the multiprocessor data processing system are selected to be boot processors, this sub-set of processors may execute any number of boot code partitions when arranged in a ring arrangement with regard to the distributed boot operation. This gives rise to the ability of the pervasive logic 790 to not only randomly select which processors in the multiprocessor data processing system are to be boot processors, but also to randomly select how many processors will be boot processors in the distributed boot operation. Thus, in a first POR operation, four processors may be selected to be boot processors while in a subsequent POR operation three boot processors may be selected. The pervasive logic 790 may contain logic for randomly selecting a number of processors to select to be boot processors which then is used to control the random selection of processors as previously described above.
  • Another possible arrangement of boot processors with regard to a distributed boot operation is to provide a master/slave arrangement. FIG. 7B is an exemplary diagram illustrating a distributed boot operation configured as a master/slave arrangement in accordance with one illustrative embodiment. As shown in FIG. 7B, one processor 760 is designated the master processor. This processor may be one of the co-processors, e.g., an SPE, or the control processor, e.g., the PPE. The slave processors, e.g., SPE0-SPE7 720-750, each are responsible for completing their boot code partition and securely communicating to the master core that they have finished execution and have not been compromised, in a similar manner as described above in FIG. 7A. Once the master processor 760 has received signals from each of the slave processors 720-750, and validated that it has not been compromised itself, then the multiprocessor data processing system is permitted to enter an operational state in which software applications may be executed.
  • It should be appreciated that while a daisy-chain, ring, and master/slave arrangement of processors with regard to a distributed boot operation have been described herein, the present invention is not limited to only these described arrangements. Rather any arrangement of processors with regard to a distributed boot operation may be used with the mechanisms of the illustrative embodiments without departing from the spirit and scope of the present invention.
  • FIG. 8 is a flowchart outlining an exemplary operation for distributed booting of a multiprocessor system in accordance with one illustrative embodiment. As shown in FIG. 8, the operation starts with the pervasive logic receiving a “power good” signal from the system controller (step 810). The pervasive logic selects the processors to be boot processors from the plurality of processors in the multiprocessor data processing system (step 820). As mentioned above, such selection may result in all of the processors being selected or some sub-set of the processors in the multiprocessor data processing system being selected to be boot processors. Such selection may be performed using a random event generator in the pervasive logic, for example.
  • The pervasive logic selects the boot code partitions to be assigned to the selected boot processors (step 830). A next boot code partition is executed by an associated boot processor (step 840). The boot processor determines whether the execution of the boot code partition was successful and uncompromised (step 850). If not, a boot failure is signaled to the system controller (step 860) and the operation terminates.
  • If the boot code partition executes successfully and is not compromised, then the boot processor determines if the all boot code partitions have been executed successfully (step 870). If not, the operation returns to step 840 and the next boot code partition is executed by its associated boot processor. If all of the boot code partitions have been executed successfully, the boot processor signals the successful boot of the data processing system to the system controller (step 880) and the operation terminates.
  • Thus, as set forth above, the illustrative embodiments, in addition to randomly selecting a single boot processor and performing masking operations on other processors of the multiprocessor data processing system, provides mechanisms for distributing the boot operation over a plurality of processors. The illustrative embodiments provide mechanisms for randomly selecting boot processors, randomly selecting boot code partitions to be executed on selected boot processors, and to ensure the security of the execution of the boot code partitions by the various boot processors. All of these various mechanisms aid is increasing the security of the multiprocessor data processing system from unauthorized monitoring of the boot operation.
  • The illustrative embodiments may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment containing both hardware and software elements. In a preferred embodiment, the invention is implemented in software, which includes but is not limited to firmware, resident software, microcode, etc.
  • Furthermore, the illustrative embodiments may take the form of a computer program product accessible from a computer-usable or computer-readable medium providing program code for use by or in connection with a computer or any instruction execution system. For the purposes of this description, a computer-usable or computer readable medium may be any apparatus that may contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.
  • The medium may be an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system (or apparatus or device) or a propagation medium. Examples of a computer-readable medium include a semiconductor or solid state memory, magnetic tape, a removable computer diskette, a random access memory (RAM), a read-only memory (ROM), a rigid magnetic disk and an optical disk. Current examples of optical disks include compact disk-read only memory (CD-ROM), compact disk-read/write (CD-R/W) and DVD.
  • The circuits as described above may be part of the design for an integrated circuit chip. The chip design may be created in a graphical computer programming language, and stored in a computer storage medium (such as a disk, tape, physical hard drive, or virtual hard drive such as in a storage access network). If the designer does not fabricate chips or the photolithographic masks used to fabricate chips, the designer may transmit the resulting design by physical means (e.g., by providing a copy of the storage medium storing the design) or electronically (e.g., through the Internet) to such entities, directly or indirectly. The stored design may then be converted into the appropriate format (e.g., GDSII) for the fabrication of photolithographic masks, which typically include multiple copies of the chip design in question that are to be formed on a wafer. The photolithographic masks may be utilized to define areas of the wafer (and/or the layers thereon) to be etched or otherwise processed.
  • The resulting integrated circuit chips may be distributed by the fabricator in raw wafer form (that is, as a single wafer that has multiple unpackaged chips), as a bare die, or in a packaged form. In the latter case the chip may be mounted in a single chip package (such as a plastic carrier, with leads that are affixed to a motherboard or other higher level carrier) or in a multichip package (such as a ceramic carrier that has either or both surface interconnections or buried interconnections). In any case the chip may then be integrated with other chips, discrete circuit elements, and/or other signal processing devices as part of either (a) an intermediate product, such as a motherboard, or (b) an end product. The end product may be any product that includes integrated circuit chips, ranging from toys and other low-end applications to advanced computer products having a display, a keyboard or other input device, and a central processor. Moreover, the end products in which the integrated circuit chips may be provided may include game machines, game consoles, hand-held computing devices, personal digital assistants, communication devices, such as wireless telephones and the like, laptop computing devices, desktop computing devices, server computing devices, or any other computing device.
  • The description of the present invention has been presented for purposes of illustration and description, and is not intended to be exhaustive or limited to the invention in the form disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art. The embodiment was chosen and described in order to best explain the principles of the invention, the practical application, and to enable others of ordinary skill in the art to understand the invention for various embodiments with various modifications as are suited to the particular use contemplated.

Claims (20)

1. A method, in a data processing system having a plurality of processors, for booting the data processing system, comprising:
receiving, in each processor of the plurality of processors, a secret key value;
receiving, in each processor of the plurality of processors, at least one random key value;
randomly selecting one of the processors of the plurality of processors to be a boot processor;
selecting, by each of the processors of the plurality of processors, a key value for the processor based on the random selection of the boot processor, wherein only the boot processor selects the secret key as its corresponding key value and each of the other processors of the plurality of processors selects one of the at least one random key value as their corresponding key value;
receiving, by the boot processor, encrypted boot code from an encrypted boot code storage;
decrypting, by the boot processor, the encrypted boot code using the secret key value; and
executing the decrypted boot code to thereby boot the data processing system to an operational state.
2. The method of claim 1, wherein each processor of the plurality of processors receives the secret key value and a predetermined number of random key values, and wherein the predetermined number is equal to a number of processors in the plurality of processors.
3. The method of claim 2, wherein each processor of the plurality of processors that is not selected to be the boot processor selects a different key value from the at least one random key value.
4. The method of claim 1, wherein each processor in the plurality of processors comprises a multiplexer, the secret key value and the at least one random key value are provided as inputs to the multiplexer of each processor in the plurality of processors, and a select signal is provided to each multiplexer of each processor in the plurality of processors, wherein the select signal input to a multiplexer of a processor has an associated value corresponding to the selection of the key value for the processor.
5. The method of claim 1, wherein randomly selecting one of the processors of the plurality of processors to be a boot processor comprises:
using a random event generator provided in pervasive logic of the data processing system to generate a random value; and
decoding the random value to identify a processor from the plurality of processors in the data processing system to be the boot processor.
6. The method of claim 5, wherein the random event generator comprises a linear feedback shift register (LFSR) counter and a ring oscillator coupled to the LFSR, wherein the ring oscillator provides an input to the LFSR to thereby generate a random value.
7. The method of claim 1, wherein the at least one random key value comprises a plurality of random key values, and wherein each random key value in the plurality of random key values is generated by a separate random key value generator.
8. The method of claim 1, wherein the at least one random key value comprises a plurality of random key values, and wherein each random key value in the plurality of random key values is generated by a same random key value generator.
9. The method of claim 1, wherein the data processing system is a heterogeneous multiprocessor system-on-a-chip having a first processor that operates according to a first instruction set and one or more second processors that operate according to a second instruction set different from the first instruction set.
10. The method of claim 9, wherein the first instruction set is a RISC instruction set and the second instruction set is a SIMD instruction set.
11. A data processing system comprising:
a plurality of processors;
pervasive logic coupled to the processors;
at least one random key generator coupled to the plurality of processors;
an encrypted boot code storage coupled to the plurality of processors; and
a secret key storage coupled to the plurality of processors, wherein:
each processor of the plurality of processors receives a secret key value from the secret key storage,
each processor of the plurality of processors receives at least one random key value from the at least one random key generator,
the pervasive logic randomly selects one of the processors of the plurality of processors to be a boot processor,
each processor of the processors of the plurality of processors selects a key value for the processor based on the random selection of the boot processor, wherein only the boot processor selects the secret key as its corresponding key value and each of the other processors of the plurality of processors selects one of the at least one random key value as their corresponding key value,
the boot processor receives encrypted boot code from the encrypted boot code storage,
the boot processor decrypts encrypted boot code using the secret key value, and
the decrypted boot code is executed by the boot processor to thereby boot the data processing system to an operational state.
12. The system of claim 11, wherein each processor of the plurality of processors receives the secret key value and a predetermined number of random key values, and wherein the predetermined number is equal to a number of processors in the plurality of processors.
13. The system of claim 12, wherein each processor of the plurality of processors that were not selected to be the boot processor selects a different key value from the at least one random key value.
14. The system of claim 11, wherein each processor in the plurality of processors comprises a multiplexer, the secret key value and the at least one random key value are provided as inputs to the multiplexer of each processor in the plurality of processors, and a select signal is provided to each multiplexer of each processor in the plurality of processors, wherein the select signal input to a multiplexer of a processor has an associated value corresponding to the selection of the key value for the processor.
15. The system of claim 11, wherein the pervasive logic comprises a random event generator and a decoder, and wherein the pervasive logic randomly selects one of the processors of the plurality of processors to be a boot processor by:
using the random event generator to generate a random value; and
using the decoder to decode the random value to identify a processor from the plurality of processors in the data processing system to be the boot processor.
16. The system of claim 15, wherein the random event generator comprises a linear feedback shift register (LFSR) counter and a ring oscillator coupled to the LFSR, wherein the ring oscillator provides an input to the LFSR to thereby generate a random value.
17. The system of claim 11, wherein the at least one random key value comprises a plurality of random key values, and wherein each random key value in the plurality of random key values is generated by a separate random key value generator.
18. The system of claim 11, wherein the at least one random key value comprises a plurality of random key values, and wherein each random key value in the plurality of random key values is generated by a same random key value generator.
19. The system of claim 11, wherein the data processing system is a heterogeneous multiprocessor system-on-a-chip having a first processor the operates according to a first instruction set and one or more second processors that operate according to a second instruction set different from the first instruction set.
20. A computer program product comprising a computer useable medium having a computer readable program, wherein the computer readable program, when executed on a data processing system, causes the data processing system to:
receive, in each processor of a plurality of processors in the data processing system, a secret key value;
receive, in each processor of the plurality of processors, at least one random key value;
randomly select one of the processors of the plurality of processors to be a boot processor;
select, in each of the processors of the plurality of processors, a key value for the processor based on the random selection of the boot processor, wherein only the boot processor selects the secret key as its corresponding key value and each of the other processors of the plurality of processors selects one of the at least one random key value as their corresponding key value;
decrypt, in the boot processor, encrypted boot code using the secret key value; and
execute the decrypted boot code to thereby boot the data processing system to an operational state.
US11/423,304 2006-06-09 2006-06-09 System and method for booting a multiprocessor device based on selection of encryption keys to be provided to processors Abandoned US20070288761A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
US11/423,304 US20070288761A1 (en) 2006-06-09 2006-06-09 System and method for booting a multiprocessor device based on selection of encryption keys to be provided to processors
CN200710105561.8A CN100501756C (en) 2006-06-09 2007-05-25 System and method for booting a multiprocessor device
US12/120,808 US7779273B2 (en) 2006-06-09 2008-05-15 Booting a multiprocessor device based on selection of encryption keys to be provided to processors

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US11/423,304 US20070288761A1 (en) 2006-06-09 2006-06-09 System and method for booting a multiprocessor device based on selection of encryption keys to be provided to processors

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US12/120,808 Continuation US7779273B2 (en) 2006-06-09 2008-05-15 Booting a multiprocessor device based on selection of encryption keys to be provided to processors

Publications (1)

Publication Number Publication Date
US20070288761A1 true US20070288761A1 (en) 2007-12-13

Family

ID=38823317

Family Applications (2)

Application Number Title Priority Date Filing Date
US11/423,304 Abandoned US20070288761A1 (en) 2006-06-09 2006-06-09 System and method for booting a multiprocessor device based on selection of encryption keys to be provided to processors
US12/120,808 Expired - Fee Related US7779273B2 (en) 2006-06-09 2008-05-15 Booting a multiprocessor device based on selection of encryption keys to be provided to processors

Family Applications After (1)

Application Number Title Priority Date Filing Date
US12/120,808 Expired - Fee Related US7779273B2 (en) 2006-06-09 2008-05-15 Booting a multiprocessor device based on selection of encryption keys to be provided to processors

Country Status (2)

Country Link
US (2) US20070288761A1 (en)
CN (1) CN100501756C (en)

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080215874A1 (en) * 2006-06-09 2008-09-04 International Business Machines Corporation System and Method for Masking a Boot Sequence by Providing a Dummy Processor
US20090055640A1 (en) * 2006-06-09 2009-02-26 International Business Machines Corporation Masking a Hardware Boot Sequence
US20090327680A1 (en) * 2006-06-09 2009-12-31 International Business Machines Corporation Selecting a Random Processor to Boot on a Multiprocessor System
US8046574B2 (en) 2006-06-09 2011-10-25 International Business Machines Corporation Secure boot across a plurality of processors
CN103853983A (en) * 2012-12-06 2014-06-11 三星电子株式会社 System on chip to perform secure boot, image forming apparatus using the same, and method thereof
US20140164753A1 (en) * 2012-12-06 2014-06-12 Samsung Electronics Co., Ltd System on chip for performing secure boot, image forming apparatus using the same, and method thereof
US20170039352A1 (en) * 2014-04-15 2017-02-09 Lantiq Beteiligungs-GmbH & Co. KG Root of trust
JP6221014B1 (en) * 2014-10-06 2017-10-25 マイクロン テクノロジー, インク. Secure shared key sharing system and method
US9881161B2 (en) 2012-12-06 2018-01-30 S-Printing Solution Co., Ltd. System on chip to perform a secure boot, an image forming apparatus using the same, and method thereof
US10778425B2 (en) 2014-09-26 2020-09-15 Intel Corporation Instructions and logic to provide SIMD SM4 cryptographic block cipher functionality
CN113485757A (en) * 2021-07-22 2021-10-08 北京青云科技股份有限公司 Decryption method, device, equipment and storage medium in system starting process
US11308217B2 (en) * 2017-08-31 2022-04-19 Texas Instruments Incorporated Randomized execution countermeasures against fault injection attacks during boot of an embedded device
US11423153B2 (en) * 2020-08-18 2022-08-23 Raytheon Company Detection of malicious operating system booting and operating system loading
US20230205547A1 (en) * 2021-12-29 2023-06-29 Ati Technologies Ulc Multiple module bootup operation

Families Citing this family (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070288761A1 (en) 2006-06-09 2007-12-13 Dale Jason N System and method for booting a multiprocessor device based on selection of encryption keys to be provided to processors
US20100083365A1 (en) * 2008-09-30 2010-04-01 Naga Gurumoorthy Apparatus and method to harden computer system
US8132267B2 (en) * 2008-09-30 2012-03-06 Intel Corporation Apparatus and method to harden computer system
US9461930B2 (en) 2009-04-27 2016-10-04 Intel Corporation Modifying data streams without reordering in a multi-thread, multi-flow network processor
US8683221B2 (en) * 2010-05-18 2014-03-25 Lsi Corporation Configurable memory encryption with constant pipeline delay in a multi-core processor
US8996851B2 (en) * 2010-08-10 2015-03-31 Sandisk Il Ltd. Host device and method for securely booting the host device with operating system code loaded from a storage device
WO2012122309A2 (en) * 2011-03-07 2012-09-13 University Of Connecticut Embedded ring oscillator network for integrated circuit security and threat detection
US9230112B1 (en) 2013-02-23 2016-01-05 Xilinx, Inc. Secured booting of a field programmable system-on-chip including authentication of a first stage boot loader to mitigate against differential power analysis
US9336010B2 (en) 2013-03-15 2016-05-10 Xilinx, Inc. Multi-boot or fallback boot of a system-on-chip using a file-based boot device
US9165143B1 (en) * 2013-03-15 2015-10-20 Xilinx, Inc. Image file generation and loading
CN103365687B (en) * 2013-06-28 2017-02-08 北京创毅讯联科技股份有限公司 Method and device for starting processor as well as device for providing IPL (Initial Program Loader)
US9152794B1 (en) 2013-09-05 2015-10-06 Xilinx, Inc. Secure key handling for authentication of software for a system-on-chip
US9411688B1 (en) 2013-12-11 2016-08-09 Xilinx, Inc. System and method for searching multiple boot devices for boot images
US9652252B1 (en) 2014-10-29 2017-05-16 Xilinx, Inc. System and method for power based selection of boot images
US10402567B2 (en) 2017-06-25 2019-09-03 Microsoft Technology Licensing, Llc Secure boot for multi-core processor
US10503892B2 (en) 2017-06-25 2019-12-10 Microsoft Technology Licensing, Llc Remote attestation for multi-core processor
US10708061B2 (en) 2017-06-25 2020-07-07 Microsoft Technology Licensing, Llc Secure key storage for multi-core processor
US11061997B2 (en) * 2017-08-03 2021-07-13 Regents Of The University Of Minnesota Dynamic functional obfuscation
US11321244B2 (en) 2019-12-16 2022-05-03 Samsung Electronics Co., Ltd. Block interface emulation for key value device

Citations (38)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5937063A (en) * 1996-09-30 1999-08-10 Intel Corporation Secure boot
US6141756A (en) * 1998-04-27 2000-10-31 Motorola, Inc. Apparatus and method of reading a program into a processor
US6192475B1 (en) * 1997-03-31 2001-02-20 David R. Wallace System and method for cloaking software
US6347372B1 (en) * 1998-03-20 2002-02-12 Fujitsu Limited Multiprocessor control system, and a boot device and a boot control device used therein
US20020029346A1 (en) * 1999-01-11 2002-03-07 Farhad Pezeshki Method and apparatus for minimizing differential power attacks on processors
US6415348B1 (en) * 1999-08-23 2002-07-02 Advanced Micro Devices, Inc. Flexible microcontroller architecture
US20020124178A1 (en) * 1998-01-02 2002-09-05 Kocher Paul C. Differential power analysis method and apparatus
US20020156819A1 (en) * 2001-04-23 2002-10-24 Pijnenburg Beheer B.V. Digital true random number generator circuit
US20030023859A1 (en) * 2001-07-25 2003-01-30 Kiddy Raymond R. Method of obfuscating computer instruction streams
US20030056107A1 (en) * 2001-09-17 2003-03-20 Cammack William E. Secure bootloader for securing digital devices
US6550019B1 (en) * 1999-11-04 2003-04-15 International Business Machines Corporation Method and apparatus for problem identification during initial program load in a multiprocessor system
US20030188144A1 (en) * 2002-03-28 2003-10-02 Sterling Du Personal computer integrated with personal digital assistant
US20040025032A1 (en) * 2000-02-18 2004-02-05 Chow Stanley T Method and system for resistance to statiscal power analysis
US20040039928A1 (en) * 2000-12-13 2004-02-26 Astrid Elbe Cryptographic processor
US6738478B1 (en) * 1998-10-28 2004-05-18 Certicom Corp. Power signature attack resistant cryptography
US6754818B1 (en) * 2000-08-31 2004-06-22 Sun Microsystems, Inc. Method and system for bootstrapping from a different boot image when computer system is turned on or reset
US20040199786A1 (en) * 2002-12-02 2004-10-07 Walmsley Simon Robert Randomisation of the location of secret information on each of a series of integrated circuits
US20040255172A1 (en) * 2003-06-13 2004-12-16 International Business Machines Corporation Remote power control in a multi-node, partitioned data processing system
US6839849B1 (en) * 1998-12-28 2005-01-04 Bull Cp8 Smart integrated circuit
US20050004960A1 (en) * 2003-03-14 2005-01-06 Laszlo Hars Electronic circuit for random number generation
US20050021944A1 (en) * 2003-06-23 2005-01-27 International Business Machines Corporation Security architecture for system on chip
US20050160255A1 (en) * 2004-01-15 2005-07-21 Fujitsu Limited Information processing device and program
US20050182952A1 (en) * 2004-02-12 2005-08-18 Sony Corporation Information processing apparatus and method and computer program
US20050273630A1 (en) * 2004-06-08 2005-12-08 Hrl Laboratories, Llc Cryptographic bus architecture for the prevention of differential power analysis
US20060036833A1 (en) * 2002-12-12 2006-02-16 Piry Frederic Claude M Processing activity masking in a data processing system
US7036023B2 (en) * 2001-01-19 2006-04-25 Microsoft Corporation Systems and methods for detecting tampering of a computer system by calculating a boot signature
US20060090084A1 (en) * 2004-10-22 2006-04-27 Mark Buer Secure processing environment
US20060129848A1 (en) * 2004-04-08 2006-06-15 Texas Instruments Incorporated Methods, apparatus, and systems for securing SIM (subscriber identity module) personalization and other data on a first processor and secure communication of the SIM data to a second processor
US7065654B1 (en) * 2001-05-10 2006-06-20 Advanced Micro Devices, Inc. Secure execution box
US20060179302A1 (en) * 2005-02-07 2006-08-10 Sony Computer Entertainment Inc. Methods and apparatus for providing a secure booting sequence in a processor
US20070079150A1 (en) * 2005-09-30 2007-04-05 Belmont Brian V Dynamic core swapping
US20070250691A1 (en) * 2006-04-19 2007-10-25 Lyle Cool Method and apparatus to support independent systems in partitions of a processing system
US7337314B2 (en) * 2003-04-12 2008-02-26 Cavium Networks, Inc. Apparatus and method for allocating resources within a security processor
US7424620B2 (en) * 2003-09-25 2008-09-09 Sun Microsystems, Inc. Interleaved data and instruction streams for application program obfuscation
US7424500B2 (en) * 2003-06-24 2008-09-09 Renesas Technology Corp. Random number generator with ring oscillation circuit
US7426749B2 (en) * 2004-01-20 2008-09-16 International Business Machines Corporation Distributed computation in untrusted computing environments using distractive computational units
US7500112B1 (en) * 2000-01-08 2009-03-03 Nxp B.V. Cryptographic device and methods for defeating physical analysis
US7506381B2 (en) * 2001-06-15 2009-03-17 Nokia Corporation Method for securing an electronic device, a security system and an electronic device

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6282601B1 (en) 1999-03-31 2001-08-28 International Business Machines Corporation Multiprocessor data processing system and method of interrupt handling that facilitate identification of a processor requesting a system management interrupt
US6578131B1 (en) 1999-04-27 2003-06-10 Microsoft Corporation Scaleable hash table for shared-memory multiprocessor system
US7203747B2 (en) 2001-05-25 2007-04-10 Overture Services Inc. Load balancing system and method in a multiprocessor system
US7065641B2 (en) 2002-06-13 2006-06-20 Intel Corporation Weighted processor selection apparatus and method for use in multiprocessor systems
US20070071233A1 (en) 2005-09-27 2007-03-29 Allot Communications Ltd. Hash function using arbitrary numbers
US8015565B2 (en) 2005-11-21 2011-09-06 International Business Machines Corporation Preventing livelocks in processor selection of load requests
US20070288740A1 (en) 2006-06-09 2007-12-13 Dale Jason N System and method for secure boot across a plurality of processors
US20070288739A1 (en) 2006-06-09 2007-12-13 Dale Jason N System and method for masking a boot sequence by running different code on each processor
US7594104B2 (en) 2006-06-09 2009-09-22 International Business Machines Corporation System and method for masking a hardware boot sequence
US20070288738A1 (en) 2006-06-09 2007-12-13 Dale Jason N System and method for selecting a random processor to boot on a multiprocessor system
US20070288761A1 (en) 2006-06-09 2007-12-13 Dale Jason N System and method for booting a multiprocessor device based on selection of encryption keys to be provided to processors
US7774616B2 (en) 2006-06-09 2010-08-10 International Business Machines Corporation Masking a boot sequence by providing a dummy processor

Patent Citations (47)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5937063A (en) * 1996-09-30 1999-08-10 Intel Corporation Secure boot
US6192475B1 (en) * 1997-03-31 2001-02-20 David R. Wallace System and method for cloaking software
US20020124178A1 (en) * 1998-01-02 2002-09-05 Kocher Paul C. Differential power analysis method and apparatus
US6347372B1 (en) * 1998-03-20 2002-02-12 Fujitsu Limited Multiprocessor control system, and a boot device and a boot control device used therein
US6141756A (en) * 1998-04-27 2000-10-31 Motorola, Inc. Apparatus and method of reading a program into a processor
US6738478B1 (en) * 1998-10-28 2004-05-18 Certicom Corp. Power signature attack resistant cryptography
US6839849B1 (en) * 1998-12-28 2005-01-04 Bull Cp8 Smart integrated circuit
US20020029346A1 (en) * 1999-01-11 2002-03-07 Farhad Pezeshki Method and apparatus for minimizing differential power attacks on processors
US7092523B2 (en) * 1999-01-11 2006-08-15 Certicom Corp. Method and apparatus for minimizing differential power attacks on processors
US6415348B1 (en) * 1999-08-23 2002-07-02 Advanced Micro Devices, Inc. Flexible microcontroller architecture
US6550019B1 (en) * 1999-11-04 2003-04-15 International Business Machines Corporation Method and apparatus for problem identification during initial program load in a multiprocessor system
US7500112B1 (en) * 2000-01-08 2009-03-03 Nxp B.V. Cryptographic device and methods for defeating physical analysis
US20040025032A1 (en) * 2000-02-18 2004-02-05 Chow Stanley T Method and system for resistance to statiscal power analysis
US20040078588A1 (en) * 2000-02-18 2004-04-22 Chow Stanley T Method and apparatus for balanced electronic operations
US6754818B1 (en) * 2000-08-31 2004-06-22 Sun Microsystems, Inc. Method and system for bootstrapping from a different boot image when computer system is turned on or reset
US20040039928A1 (en) * 2000-12-13 2004-02-26 Astrid Elbe Cryptographic processor
US7036023B2 (en) * 2001-01-19 2006-04-25 Microsoft Corporation Systems and methods for detecting tampering of a computer system by calculating a boot signature
US20020156819A1 (en) * 2001-04-23 2002-10-24 Pijnenburg Beheer B.V. Digital true random number generator circuit
US7065654B1 (en) * 2001-05-10 2006-06-20 Advanced Micro Devices, Inc. Secure execution box
US7506381B2 (en) * 2001-06-15 2009-03-17 Nokia Corporation Method for securing an electronic device, a security system and an electronic device
US6694435B2 (en) * 2001-07-25 2004-02-17 Apple Computer, Inc. Method of obfuscating computer instruction streams
US20030023859A1 (en) * 2001-07-25 2003-01-30 Kiddy Raymond R. Method of obfuscating computer instruction streams
US20030056107A1 (en) * 2001-09-17 2003-03-20 Cammack William E. Secure bootloader for securing digital devices
US20030188144A1 (en) * 2002-03-28 2003-10-02 Sterling Du Personal computer integrated with personal digital assistant
US20040199786A1 (en) * 2002-12-02 2004-10-07 Walmsley Simon Robert Randomisation of the location of secret information on each of a series of integrated circuits
US7313677B2 (en) * 2002-12-12 2007-12-25 Arm Limited Processing activity masking in a data processing system
US20060036833A1 (en) * 2002-12-12 2006-02-16 Piry Frederic Claude M Processing activity masking in a data processing system
US7426629B2 (en) * 2002-12-12 2008-09-16 Arm Limited Processing activity masking in a data processing system
US20060117167A1 (en) * 2002-12-12 2006-06-01 Evrard Christophe J Processing activity masking in a data processing system
US20060155962A1 (en) * 2002-12-12 2006-07-13 Piry Frederic C M Processing activity masking in a data processing system
US20050004960A1 (en) * 2003-03-14 2005-01-06 Laszlo Hars Electronic circuit for random number generation
US7337314B2 (en) * 2003-04-12 2008-02-26 Cavium Networks, Inc. Apparatus and method for allocating resources within a security processor
US20040255172A1 (en) * 2003-06-13 2004-12-16 International Business Machines Corporation Remote power control in a multi-node, partitioned data processing system
US20050021944A1 (en) * 2003-06-23 2005-01-27 International Business Machines Corporation Security architecture for system on chip
US7424500B2 (en) * 2003-06-24 2008-09-09 Renesas Technology Corp. Random number generator with ring oscillation circuit
US7424620B2 (en) * 2003-09-25 2008-09-09 Sun Microsystems, Inc. Interleaved data and instruction streams for application program obfuscation
US20050160255A1 (en) * 2004-01-15 2005-07-21 Fujitsu Limited Information processing device and program
US7426749B2 (en) * 2004-01-20 2008-09-16 International Business Machines Corporation Distributed computation in untrusted computing environments using distractive computational units
US20050182952A1 (en) * 2004-02-12 2005-08-18 Sony Corporation Information processing apparatus and method and computer program
US20060129848A1 (en) * 2004-04-08 2006-06-15 Texas Instruments Incorporated Methods, apparatus, and systems for securing SIM (subscriber identity module) personalization and other data on a first processor and secure communication of the SIM data to a second processor
US20050273631A1 (en) * 2004-06-08 2005-12-08 Hrl Laboratories, Llc Cryptographic CPU architecture with random instruction masking to thwart differential power analysis
US20050273630A1 (en) * 2004-06-08 2005-12-08 Hrl Laboratories, Llc Cryptographic bus architecture for the prevention of differential power analysis
US20050271202A1 (en) * 2004-06-08 2005-12-08 Hrl Laboratories, Llc Cryptographic architecture with random instruction masking to thwart differential power analysis
US20060090084A1 (en) * 2004-10-22 2006-04-27 Mark Buer Secure processing environment
US20060179302A1 (en) * 2005-02-07 2006-08-10 Sony Computer Entertainment Inc. Methods and apparatus for providing a secure booting sequence in a processor
US20070079150A1 (en) * 2005-09-30 2007-04-05 Belmont Brian V Dynamic core swapping
US20070250691A1 (en) * 2006-04-19 2007-10-25 Lyle Cool Method and apparatus to support independent systems in partitions of a processing system

Cited By (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080215874A1 (en) * 2006-06-09 2008-09-04 International Business Machines Corporation System and Method for Masking a Boot Sequence by Providing a Dummy Processor
US20090055640A1 (en) * 2006-06-09 2009-02-26 International Business Machines Corporation Masking a Hardware Boot Sequence
US20090327680A1 (en) * 2006-06-09 2009-12-31 International Business Machines Corporation Selecting a Random Processor to Boot on a Multiprocessor System
US7774617B2 (en) 2006-06-09 2010-08-10 International Business Machines Corporation Masking a boot sequence by providing a dummy processor
US8037293B2 (en) 2006-06-09 2011-10-11 International Business Machines Corporation Selecting a random processor to boot on a multiprocessor system
US8046573B2 (en) 2006-06-09 2011-10-25 International Business Machines Corporation Masking a hardware boot sequence
US8046574B2 (en) 2006-06-09 2011-10-25 International Business Machines Corporation Secure boot across a plurality of processors
US20140164753A1 (en) * 2012-12-06 2014-06-12 Samsung Electronics Co., Ltd System on chip for performing secure boot, image forming apparatus using the same, and method thereof
CN103853983A (en) * 2012-12-06 2014-06-11 三星电子株式会社 System on chip to perform secure boot, image forming apparatus using the same, and method thereof
US9881161B2 (en) 2012-12-06 2018-01-30 S-Printing Solution Co., Ltd. System on chip to perform a secure boot, an image forming apparatus using the same, and method thereof
US10878098B2 (en) 2012-12-06 2020-12-29 Hewlett-Packard Development Company, L.P. System on chip to perform a secure boot, an image forming apparatus using the same, and method thereof
US20170039352A1 (en) * 2014-04-15 2017-02-09 Lantiq Beteiligungs-GmbH & Co. KG Root of trust
US11550877B2 (en) * 2014-04-15 2023-01-10 Maxlinear, Inc. Root of trust
US11303438B2 (en) 2014-09-26 2022-04-12 Intel Corporation Instructions and logic to provide SIMD SM4 cryptographic block cipher functionality
US11849035B2 (en) 2014-09-26 2023-12-19 Intel Corporation Instructions and logic to provide SIMD SM4 cryptographic block cipher
US10778425B2 (en) 2014-09-26 2020-09-15 Intel Corporation Instructions and logic to provide SIMD SM4 cryptographic block cipher functionality
JP6221014B1 (en) * 2014-10-06 2017-10-25 マイクロン テクノロジー, インク. Secure shared key sharing system and method
JP2017536729A (en) * 2014-10-06 2017-12-07 マイクロン テクノロジー, インク. Secure shared key sharing system and method
US11308217B2 (en) * 2017-08-31 2022-04-19 Texas Instruments Incorporated Randomized execution countermeasures against fault injection attacks during boot of an embedded device
US11423153B2 (en) * 2020-08-18 2022-08-23 Raytheon Company Detection of malicious operating system booting and operating system loading
CN113485757A (en) * 2021-07-22 2021-10-08 北京青云科技股份有限公司 Decryption method, device, equipment and storage medium in system starting process
US20230205547A1 (en) * 2021-12-29 2023-06-29 Ati Technologies Ulc Multiple module bootup operation

Also Published As

Publication number Publication date
CN101086756A (en) 2007-12-12
CN100501756C (en) 2009-06-17
US20080256366A1 (en) 2008-10-16
US7779273B2 (en) 2010-08-17

Similar Documents

Publication Publication Date Title
US7774616B2 (en) Masking a boot sequence by providing a dummy processor
US7779273B2 (en) Booting a multiprocessor device based on selection of encryption keys to be provided to processors
US8046574B2 (en) Secure boot across a plurality of processors
US8037293B2 (en) Selecting a random processor to boot on a multiprocessor system
US7594104B2 (en) System and method for masking a hardware boot sequence
US20070288739A1 (en) System and method for masking a boot sequence by running different code on each processor
US9842212B2 (en) System and method for a renewable secure boot
US8438658B2 (en) Providing sealed storage in a data processing device
CN113065140B (en) Embedded safety protection system and method for chip control protection device
Mohammad et al. Required policies and properties of the security engine of an SoC
Durai et al. Real Time Implementation of QFT-PUF Architecture for Data Secure System-on-Chip
EP4281891A1 (en) Read-only memory (rom) security
EP4281893A1 (en) Read-only memory (rom) security

Legal Events

Date Code Title Description
AS Assignment

Owner name: INTERNATIONAL BUSINESS MACHINES CORPORATION, NEW Y

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:DALE, JASON N.;DEMENT, JONATHAN J.;O'NIELL, CLARK M.;AND OTHERS;REEL/FRAME:017763/0102;SIGNING DATES FROM 20060531 TO 20060607

AS Assignment

Owner name: INTERNATIONAL BUSINESS MACHINES CORPORATION, NEW Y

Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE THE EXECUTION DATE OF THE PATENT APPLICATION PREVIOUSLY RECORDED ON REEL 017763 FRAME 0102;ASSIGNORS:DALE, JASON N.;DEMENT, JONATHAN J.;O'NIELL, CLARK M.;AND OTHERS;REEL/FRAME:018067/0434;SIGNING DATES FROM 20060802 TO 20060807

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO PAY ISSUE FEE