WO2023099137A1 - Operating a secure code segment on a processor core of a processing unit - Google Patents

Operating a secure code segment on a processor core of a processing unit Download PDF

Info

Publication number
WO2023099137A1
WO2023099137A1 PCT/EP2022/081213 EP2022081213W WO2023099137A1 WO 2023099137 A1 WO2023099137 A1 WO 2023099137A1 EP 2022081213 W EP2022081213 W EP 2022081213W WO 2023099137 A1 WO2023099137 A1 WO 2023099137A1
Authority
WO
WIPO (PCT)
Prior art keywords
processor core
secure
code segment
execution
executing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/EP2022/081213
Other languages
English (en)
French (fr)
Inventor
Cedric Lichtenau
Jakob Lang
Eberhard Pasch
Christian Borntraeger
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
IBM Deutschland GmbH
International Business Machines Corp
Original Assignee
IBM Deutschland GmbH
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by IBM Deutschland GmbH, International Business Machines Corp filed Critical IBM Deutschland GmbH
Priority to EP22813607.3A priority Critical patent/EP4441601A1/en
Priority to JP2024531100A priority patent/JP2024541488A/ja
Publication of WO2023099137A1 publication Critical patent/WO2023099137A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5027Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/48Program initiating; Program switching, e.g. by interrupt
    • G06F9/4806Task transfer initiation or dispatching
    • G06F9/4812Task transfer initiation or dispatching by interrupt, e.g. masked
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/48Program initiating; Program switching, e.g. by interrupt
    • G06F9/4806Task transfer initiation or dispatching
    • G06F9/4843Task transfer initiation or dispatching by program, e.g. task dispatcher, supervisor, operating system
    • G06F9/4881Scheduling strategies for dispatcher, e.g. round robin, multi-level priority queues
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2143Clearing memory, e.g. to prevent the data from being stolen

Definitions

  • the present invention relates in general to data processing systems, in particular, to a computer implemented method, a computer system, a computer program product and a data processing system for operating a secure code segment on a processor core of a processing unit.
  • Multi -threaded processors may include a plurality of hardware threads that can execute concurrently.
  • One example of a multi -threaded processor may be a simultaneous multithreaded (SMT) processor.
  • SMT simultaneous multithreaded
  • simultaneous multithreading instructions from more than one thread can be executing in any given instruction pipeline stage at a time.
  • simultaneous multithreading may allow multiple independent threads of execution to better utilize the resources provided by the processor architecture.
  • Simultaneous multithreading may make each processor of a virtual machine appear as n-processors, called threads, to applications.
  • Processes or threads from different customers in the cloud or on premise may be virtualized on a virtual machine (VM) or on a container and may run on the same physical core. It is common to request for the thread to run in single-threaded mode.
  • VM virtual machine
  • One implementation of a pipeline for secure multithread execution may be an integrated circuit for executing instructions that includes: a processor pipeline configured to execute instructions from two or more threads in parallel using execution units of the processor pipeline; and a thread hazard circuitry configured to detect that an instruction of a first thread has been designated as a sensitive instruction, and, responsive to detection of the sensitive instruction, block instructions of threads other than the first thread from being executed using execution units of processor pipeline while the sensitive instruction is being executed by an execution unit of the processor pipeline.
  • a computer-implemented method for operating a secure code segment on a processor core of a processing unit, wherein the processing unit is configured with at least one processor core for running a first execution mode for executing program code on the at least one processor core and executing a program code of operating instructions on the at least one processor core.
  • the method at least comprises: (i) requesting exclusive secure execution of a secure code segment of the program code on the at least one processor core; (ii) setting the at least one processor core to exclusive secure execution for the secure code segment; (iii) executing the secure code segment on the at least one processor core uninterruptably; (iv) wiping an architected state and a non-architected state of a physical processor core from the at least one processor core; (v) setting the at least one processor core to the first execution mode for executing program code on the at least one processor core.
  • a secure code segment may request an exclusive secure context for at least a minimum time and a minimum count of operating instructions. This comprises, under hardware control, at least securely setting the physical core to an exclusive secure mode, executing without interruption for a minimum time and/or number of operating instructions and finally wiping out at least an architected and nonarchitected state of the physical core from a cache storage or a register or a memory, when finishing the secure code segment or taking any interruption after the initial period of time and/or number of operating instructions.
  • interferences between different code segments in the processor core may be avoided.
  • a number of failures during execution of the code segments may be reduced.
  • a performance of a computer system may favorably be enhanced by the proposed method of secure operation of a secure code segment in the processor core.
  • At least the architected and non-architected state of the physical processor core may be saved before setting the processor core to an exclusive secure mode. Thus, it is possible to restore, after finishing the execution of the secure code segment, the architected and non-architected state of the physical processor core in order to continue normal execution of program code.
  • at least the architected and non-architected state of the physical processor core may be restored before setting the processor core to the first execution mode. Thus, after finishing the execution of the secure code segment, the architected and non-architected state of the physical processor core may be restored in order to continue normal execution of program code.
  • the non- architected state of the physical processor core may be wiped, in particular from at least one cache storage of the physical processor core, before executing the secure code segment. By this way, no interference with already existing data may occur if the secure code segment is executed.
  • wiping the non-architected state of the physical processor core may be performed in a hardware- controlled manner by hardware of the processing unit.
  • the risk of software failures followed by insufficient wiping may be reduced.
  • the first execution mode of the processor core may be a simultaneous multithreading mode. Simultaneous multithreading allows multiple independent threads of execution to better utilize the resources provided by the processor architecture and is a normal execution mode of a usual processor core.
  • the uninterruptable execution of the secure code segment may be defined for a minimum period of time and/or a minimum number of instructions. Thus, an undisturbed execution of the secure code segment may be guaranteed for efficient processing.
  • the uninterruptable execution of the secure code segment may be controlled by a state machine.
  • a state machine may prove as an efficient way of controlling the uninterruptable execution of the secure code segment.
  • an interrupt may be blocked during execution of the secure code segment.
  • the secure code segment may be executed without disturbance for a minimum amount of time and/or number of operating instructions.
  • wiping the architected and non-architected state from the at least one processor core after execution of the secure code segment may be initiated by an interrupt request.
  • further normal execution of program code in the first execution state may be achieved without interference with remaining data from an execution of the secure code segment.
  • operating instructions may be implemented on a virtual machine or on a container.
  • Processes/threads running on the same physical core from different customers in the cloud or on premise may favorably be virtualized on a virtual machine or on a container.
  • a computer system for operating a secure code segment on a processor core of a processing unit, wherein the processing unit is configured with at least one processor core.
  • the computer system comprises at least one processor unit with at least one processor core, the processor core being configured to running a first execution mode for executing program code on the at least one processor core and executing a program code of operating instructions on the at least one processor core.
  • the computer system is configured to perform a method, at least comprising: (i) requesting exclusive secure execution of a secure code segment of the program code on the at least one processor core; (ii) setting the at least one processor core to exclusive secure execution for the secure code segment; (iii) executing the secure code segment on the at least one processor core uninterruptably; (iv) wiping an architected state and a non-architected state of a physical processor core from the at least one processor core; (v) setting the at least one processor core to the first execution mode for executing program code on the at least one processor core.
  • a secure code segment may request an exclusive secure context for at least a minimum time and/or a minimum count of operating instructions. This comprises, under hardware control, at least securely setting the physical core to an exclusive secure mode, executing without interruption for a minimum time and/or number of operating instructions and finally wiping out at least an architected and non- architected state from a cache storage or a register or a memory of the physical core when finishing the secure code segment or taking any interruption after the initial period of time and/or number of operating instructions.
  • interferences between different code segments in the processor core may be avoided.
  • a number of failures during execution of the code segments may be reduced.
  • a performance of a computer system may favorably be enhanced by the proposed method of secure operation of a secure code segment in the processor core.
  • the computer system may be configured to save at least the architected and non-architected state of the physical processor core before setting the processor core to an exclusive secure mode.
  • the computer system may be configured to save at least the architected and non-architected state of the physical processor core before setting the processor core to an exclusive secure mode.
  • the computer system may be configured to restore at least the architected and non-architected state of the physical processor core before the processor core is set to the first execution mode.
  • the architected and non-architected state of the physical processor core may be restored in order to continue normal execution of program code.
  • the computer system may be configured to wipe the non-architected state of the physical processor core, in particular from at least one cache storage of the physical processor core, before the secure code segment is executed. By this way, no interference with already existing data may occur if the secure code segment is executed.
  • the computer system may be configured to wipe the non-architected state of the physical processor core in a hardware-controlled manner by hardware of the processing unit.
  • the risk of softwre failures followed by insufficient wiping may be reduced.
  • the first execution mode of the processor core may be a simultaneous multithreading mode. Simultaneous multithreading allows multiple independent threads of execution to better utilize the resources provided by the processor architecture and is a normal execution mode of a usual processor core.
  • the computer system may be configured to execute the secure code segment uninterruptably for a minimum period of time and/or a minimum number of instructions. Thus, an undisturbed execution of the secure code segment may be guaranteed for efficient processing.
  • the uninterruptable execution of the secure code segment may be controlled by a state machine. A state machine may prove as an efficient way of controlling the uninterruptable execution of the secure code segment.
  • the computer system may be configured to block an interrupt during execution of the secure code segment.
  • the secure code segment may be executed without disturbance for a minimum amount of time and/or number of operating instructions.
  • wiping the architected and non-architected state from the at least one processor core after execution of the secure code segment may be initiated by an interrupt request.
  • further normal execution of program code in the first execution state may be achieved without interference with remaining data from an execution of the secure code segment.
  • operating instructions may be implemented on a virtual machine or on a container.
  • Processes/threads running on the same physical core from different customers in the cloud or on premise may favorably be virtualized on a virtual machine or on a container.
  • a favorable computer program product for operating a secure code segment on a processor core of a processing unit, wherein the processing unit is configured with at least one processor core.
  • the computer system comprises at least one processor unit with at least one processor core, the processor core being configured to running a first execution mode for executing program code on the at least one processor core and executing a program code of operating instructions on the at least one processor core.
  • the computer program product comprises a computer readable storage medium having program instructions embodied therewith, the program instructions executable by the computer system to cause the computer system to perform a method comprising: (i) requesting exclusive secure execution of a secure code segment of the program code on the at least one processor core; (ii) setting the at least one processor core to exclusive secure execution for the secure code segment; (iii) executing the secure code segment on the at least one processor core uninterruptably; (iv) wiping an architected state and a non-architected state of a physical processor core from the at least one processor core; (v) setting the at least one processor core to the first execution mode for executing program code on the at least one processor core.
  • Figure 1 depicts a flow chart of a computer implemented method for operating a secure code segment on a processor core of a processing unit according to an embodiment of the invention.
  • Figure 2 depicts an example embodiment of a data processing system for executing a method according to the invention.
  • the illustrative embodiments described herein provide a computer system for operating a secure code segment on a processor core of a processing unit, wherein the processing unit is configured with at least one processor core.
  • the computer system comprises at least one processor unit with at least one processor core, the processor core being configured to running a first execution mode for executing program code on the at least one processor core and executing a program code of operating instructions on the at least one processor core.
  • the illustrative embodiments may further be used for a method, at least comprising: (i) requesting exclusive secure execution of a secure code segment of the program code on the at least one processor core; (ii) setting the at least one processor core to exclusive secure execution for the secure code segment; (iii) executing the secure code segment on the at least one processor core uninterruptably; (iv) wiping an architected and non-architected state from the at least one processor core; (v) setting the at least one processor core to the first execution mode for program code on the at least one processor core.
  • Figure 1 depicts a flow chart of a computer implemented method for operating a secure code segment on a processor core of a processing unit 216, as depicted in Figure 2, according to an embodiment of the invention.
  • the processing unit 216 is configured with at least one processor core for running a first execution mode for executing program code on the at least one processor core as a normal execution.
  • the first execution mode of the processor core may be a simultaneous multithreading mode. Simultaneous multithreading allows multiple independent threads of execution to better utilize the resources provided by the processor architecture and is a normal execution mode of a usual processor core.
  • Operating instructions may be implemented on a virtual machine or on a container. Processes/threads running on the same physical core from different customers in the cloud or on premise may favorably be virtualized on a virtual machine or on a container.
  • step SI 00 a program code of operating instructions is executed on the at least one processor core in the first execution mode.
  • step SI 02 an exclusive secure mode is requested for exclusive secure execution of a secure code segment of the program code on the at least one processor core.
  • step SI 04 at least the architected and non-architected state of the physical processor core may be saved before setting the processor core to the exclusive secure mode.
  • step SI 06 the at least one processor core is set to exclusive secure execution for the secure code segment.
  • the non-architected state of the physical processor core may be wiped before executing the secure code segment.
  • the non-architected state may be wiped from the at least one cache storage or from a register or from a memory of the physical processor core. Wiping the non-architected state of the physical processor core may be performed in a hardware-controlled manner by hardware of the processing unit 216.
  • the risk of software failures followed by insufficient wiping may be reduced. By this way, no interference with already existing data may occur if the secure code segment is executed.
  • step SI 10 the secure code segment is executed on the at least one processor core.
  • the secure code segment is executed uninterruptably for a minimum period of time and/or a minimum number of instructions.
  • the uninterruptable execution of the secure code segment may be controlled by a state machine.
  • a state machine may prove as an efficient way of controlling the uninterruptable execution of the secure code segment.
  • Any interrupt may be blocked during execution of the secure code segment.
  • an undisturbed execution of the secure code segment may be guaranteed for efficient processing.
  • the secure code segment may be executed without disturbance for a minimum amount of time and/or number of operating instructions.
  • an architected and non-architected state may be wiped, in particular from at least one cache storage or from a register or from a memory of the at least one processor core. Wiping the architected and non-architected state from the at least one processor core after execution of the secure code segment may be initiated by an interrupt request. Thus, further normal execution of program code in the first execution state may be achieved without interference with remaining data from an execution of the secure code segment.
  • step SI 12 at least the architected and non-architected state of the physical processor core may be restored before setting the processor core to the first execution mode, if the architected and non-architected state was saved in step SI 04.
  • the architected and non-architected state of the physical processor core may be restored in order to continue normal execution of program code.
  • step SI 14 the at least one processor core is set to the first execution mode for program code on the at least one processor core, in order to continue normal execution in step SI 16.
  • step SI 14 the at least one processor core is set to the first execution mode for program code on the at least one processor core, in order to continue normal execution in step SI 16.
  • n data processing system 210 there is a computer system/server 212, which is operational with numerous other general-purpose or special-purpose computing system environments or configurations.
  • Examples of well-known computing systems, environments, and/or configurations that may be suitable for use with computer system/server 212 include, but are not limited to, personal computer systems, server computer systems, thin clients, thick clients, handheld or laptop devices, multiprocessor systems, microprocessor-based systems, set top boxes, programmable consumer electronics, network PCs, minicomputer systems, mainframe computer systems, and distributed cloud computing environments that include any of the above systems or devices, and the like.
  • Computer system/server 212 may be described in the general context of computer system executable instructions, such as program modules, being executed by a computer system.
  • program modules may include routines, programs, objects, components, logic, data structures, and so on that perform particular tasks or implement particular abstract data types.
  • Computer system/server 212 may be practiced in distributed cloud computing environments where tasks are performed by remote processing devices that are linked through a communications network.
  • program modules may be located in both local and remote computer system storage media including memory storage devices.
  • computer system/server 212 in data processing system 210 is shown in the form of a general-purpose computing device.
  • the components of computer system/server 212 may include, but are not limited to, one or more processors or processing units 216, a system memory 228, and a bus 218 that couples various system components including system memory 228 to processing unit 216.
  • Bus 218 represents one or more of any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, and a processor or local bus using any of a variety of bus architectures.
  • bus architectures include Industry Standard Architecture (ISA) bus, Micro Channel Architecture (MCA) bus, Enhanced ISA (EISA) bus, Video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnect (PCI) bus.
  • Computer system/server 212 typically includes a variety of computer system readable media. Such media may be any available media that is accessible by computer system/server 212, and it includes both volatile and non-volatile media, removable and nonremovable media.
  • System memory 228 can include computer system readable media in the form of volatile memory, such as random-access memory (RAM) 230 and/or cache memory 232.
  • Computer system/server 212 may further include other removable/non-removable, volatile/non-volatile computer system storage media.
  • storage system 234 can be provided for reading from and writing to a non-removable, non-volatile magnetic media (not shown and typically called a "hard drive").
  • a magnetic disk drive for reading from and writing to a removable, non-volatile magnetic disk (e.g., a "floppy disk")
  • an optical disk drive for reading from or writing to a removable, non-volatile optical disk such as a CD-ROM, DVD-ROM or other optical media
  • each can be connected to bus 218 by one or more data media interfaces.
  • memory 228 may include at least one program product having a set (e.g., at least one) of program modules that are configured to carry out the functions of embodiments of the invention.
  • Program/utility 240 having a set (at least one) of program modules 242, may be stored in memory 228 by way of example, and not limitation, as well as an operating system, one or more application programs, other program modules, and program data. Each of the operating system, one or more application programs, other program modules, and program data or some combination thereof, may include an implementation of a networking environment.
  • Program modules 242 generally carry out the functions and/or methodologies of embodiments of the invention as described herein.
  • Computer system/server 212 may also communicate with one or more external devices 214 such as a keyboard, a pointing device, a display 224, etc.; one or more devices that enable a user to interact with computer system/server 212; and/or any devices (e.g., network card, modem, etc.) that enable computer system/server 212 to communicate with one or more other computing devices. Such communication can occur via Input/Output (I/O) interfaces 222. Still yet, computer system/server 212 can communicate with one or more networks such as a local area network (LAN), a general wide area network (WAN), and/or a public network (e.g., the Internet) via network adapter 220.
  • LAN local area network
  • WAN wide area network
  • public network e.g., the Internet
  • network adapter 220 communicates with the other components of computer system/server 212 via bus 218. It should be understood that although not shown, other hardware and/or software components could be used in conjunction with computer system/server 212. Examples, include, but are not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data archival storage systems, etc.
  • the present invention may be a system, a method, and/or a computer program product.
  • the computer program product may include a computer readable storage medium (or media) having computer readable program instructions thereon for causing a processor to carry out aspects of the present invention.
  • the computer readable storage medium can be a tangible device that can retain and store instructions for use by an instruction execution device.
  • the computer readable storage medium may be, for example, but is not limited to, an electronic storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any suitable combination of the foregoing.
  • a non-exhaustive list of more specific examples of the computer readable storage medium includes the following: a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), a static random access memory (SRAM), a portable compact disc read-only memory (CD- ROM), a digital versatile disk (DVD), a memory stick, a floppy disk, a mechanically encoded device such as punch-cards or raised structures in a groove having instructions recorded thereon, and any suitable combination of the foregoing.
  • RAM random access memory
  • ROM read-only memory
  • EPROM or Flash memory erasable programmable read-only memory
  • SRAM static random access memory
  • CD- ROM compact disc read-only memory
  • DVD digital versatile disk
  • memory stick a floppy disk
  • a mechanically encoded device such as punch-cards or raised structures in a groove having instructions recorded thereon
  • a computer readable storage medium is not to be construed as being transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or other transmission media (e.g., light pulses passing through a fiber-optic cable), or electrical signals transmitted through a wire.
  • Computer readable program instructions described herein can be downloaded to respective computing/processing devices from a computer readable storage medium or to an external computer or external storage device via a network, for example, the Internet, a local area network, a wide area network and/or a wireless network.
  • the network may comprise copper transmission cables, optical transmission fibers, wireless transmission, routers, firewalls, switches, gateway computers and/or edge servers.
  • a network adapter card or network interface in each computing/processing device receives computer readable program instructions from the network and forwards the computer readable program instructions for storage in a computer readable storage medium within the respective computing/processing device.
  • Computer readable program instructions for carrying out operations of the present invention may be assembler instructions, instruction-set-architecture (ISA) instructions, machine instructions, machine dependent instructions, microcode, firmware instructions, state-setting data, or either source code or object code written in any combination of one or more programming languages, including an object oriented programming language such as Smalltalk, C++ or the like, and conventional procedural programming languages, such as the "C" programming language or similar programming languages.
  • the computer readable program instructions may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server.
  • the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider).
  • electronic circuitry including, for example, programmable logic circuitry, field-programmable gate arrays (FPGA), or programmable logic arrays (PLA) may execute the computer readable program instructions by utilizing state information of the computer readable program instructions to personalize the electronic circuitry, in order to perform aspects of the present invention.
  • These computer readable program instructions may be provided to a processor of a general-purpose computer, special-purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
  • These computer readable program instructions may also be stored in a computer readable storage medium that can direct a computer, a programmable data processing apparatus, and/or other devices to function in a particular manner, such that the computer readable storage medium having instructions stored therein comprises an article of manufacture including instructions which implement aspects of the function/act specified in the flowchart and/or block diagram block or blocks.
  • the computer readable program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other device to cause a series of operational steps to be performed on the computer, other programmable apparatus or other device to produce a computer implemented process, such that the instructions which execute on the computer, other programmable apparatus, or other device implement the functions/acts specified in the flowchart and/or block diagram block or blocks.
  • each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions, which comprises one or more executable instructions for implementing the specified logical function(s).
  • the functions noted in the block may occur out of the order noted in the figures.
  • two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved.
  • Numbered clause 2 The method according to numbered clause 1, further saving at least the architected state and the non-architected state of the physical processor core before setting the processor core to an exclusive secure mode.
  • Numbered clause 3 The method according to numbered clause 1 or 2, further restoring at least the architected state and the non-architected state of the physical processor core before setting the processor core to the first execution mode.
  • Numbered clause 4 The method according to any one of numbered clauses 1 to 3, further wiping the non-architected state of the physical processor core from at least one cache storage of the physical processor core before executing the secure code segment.
  • Numbered clause 5 The method according to numbered clause 4, wherein wiping the non-architected state of the physical processor core is performed in a hardware- controlled manner by hardware of the processing unit (216).
  • Numbered clause 6 The method according to any one of numbered clauses 1 to 5, wherein the first execution mode for executing program code on the processor core is a simultaneous multithreading mode.
  • Numbered clause 7 The method according to any one of numbered clauses 1 to 6, wherein executing the secure code segment on the at least one processor core uninterruptably is defined for a minimum period of time and/or a minimum number of instructions.
  • Numbered clause 8 The method according to any one of numbered clauses 1 to 7, wherein executing the secure code segment on the at least one processor core uninterruptably is controlled by a state machine.
  • Numbered clause 9 The method according to any one of numbered clauses 1 to 8, wherein an interrupt is blocked during execution of the secure code segment.
  • Numbered clause 10 The method according to any one of numbered clauses 1 to 9, wherein wiping the architected state and the non-architected state of the physical processor core from the at least one processor core after execution of the secure code segment is initiated by an interrupt request.
  • Numbered clause 11 The method according to any one of numbered clauses 1 to 10, wherein operating instructions are implemented on a virtual machine or on a container.
  • Numbered clause 13 The computer system according to numbered clause 12, being configured to save at least the architected state and the non-architected state of the physical processor core before setting the processor core to an exclusive secure mode.
  • Numbered clause 14 The computer system according to numbered clause 12 or 13, being configured to restore at least the architected state and the non-architected state of the physical processor core before the processor core is set to the first execution mode.
  • Numbered clause 15 The computer system according to any one of numbered clauses 12 to 14, being configured to wipe the non-architected state of the physical processor core from at least one cache storage of the physical processor core before the secure code segment is executed.
  • Numbered clause 16 The computer system according to any one of numbered clauses 12 to 15, being configured to wipe the non-architected state of the physical processor core in a hardware-controlled manner by hardware of the processing unit.
  • Numbered clause 17 The computer system according to any one of numbered clauses 12 to 16, wherein the first execution mode for executing program code on the processor core is a simultaneous multithreading mode.
  • Numbered clause 18 The computer system according to any one of numbered clauses 12 to 17, being configured to execute the secure code segment on the at least one processor core uninterruptably for a minimum period of time and/or a minimum number of instructions.
  • Numbered clause 19 The computer system according to any one of numbered clauses 12 to 18, wherein executing the secure code segment on the at least one processor core uninterruptably is controlled by a state machine.
  • Numbered clause 20 The computer system according to any one of numbered clauses 12 to 19, being configured to block an interrupt during execution of the secure code segment.
  • Numbered clause 21 The computer system according to any one of numbered clauses 12 to 20, wherein wiping the architected state and the non-architected state of the physical processor core from the at least one processor core after execution of the secure code segment is initiated by an interrupt request.
  • Numbered clause 22 The computer system according to any one of numbered clauses 12 to 21, wherein operating instructions are implemented on a virtual machine or on a container.
  • Numbered clause 24 A data processing system (210) for execution of a data processing program (240) comprising computer readable program instructions for performing a method according to any one of numbered clauses 1 to 11.
  • Numbered clause 25 An integrated circuit for executing instructions for operating a secure code segment on a processor core of a processing unit, wherein the processing unit is configured with at least one processor core, the computer system comprising at least one processor unit with at least one processor core, the processor core being configured to running a first execution mode for executing program code on the at least one processor core and executing a program code of operating instructions on the at least one processor core, wherein the integrated circuit is configured to perform a method according to any one of numbered clauses 1 to 11, at least comprising: (i) requesting exclusive secure execution of a secure code segment of the program code on the at least one processor core;

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Mathematical Physics (AREA)
  • Executing Machine-Instructions (AREA)
  • Advance Control (AREA)
  • Hardware Redundancy (AREA)
  • Multi Processors (AREA)
PCT/EP2022/081213 2021-12-03 2022-11-09 Operating a secure code segment on a processor core of a processing unit Ceased WO2023099137A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP22813607.3A EP4441601A1 (en) 2021-12-03 2022-11-09 Operating a secure code segment on a processor core of a processing unit
JP2024531100A JP2024541488A (ja) 2021-12-03 2022-11-09 処理ユニットのプロセッサ・コア上のセキュア・コード・セグメントの動作

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US17/457,446 US12602466B2 (en) 2021-12-03 2021-12-03 Operating a secure code segment on a processor core of a processing unit
US17/457,446 2021-12-03

Publications (1)

Publication Number Publication Date
WO2023099137A1 true WO2023099137A1 (en) 2023-06-08

Family

ID=84363637

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2022/081213 Ceased WO2023099137A1 (en) 2021-12-03 2022-11-09 Operating a secure code segment on a processor core of a processing unit

Country Status (5)

Country Link
US (1) US12602466B2 (https=)
EP (1) EP4441601A1 (https=)
JP (1) JP2024541488A (https=)
TW (1) TWI804388B (https=)
WO (1) WO2023099137A1 (https=)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US12602466B2 (en) 2021-12-03 2026-04-14 International Business Machines Corporation Operating a secure code segment on a processor core of a processing unit

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US12045181B2 (en) * 2022-01-27 2024-07-23 Cypress Semiconductor Corporation System and method for blocking non-secure interrupts
TWI867608B (zh) * 2023-07-04 2024-12-21 新唐科技股份有限公司 處理裝置、韌體更新裝置及其韌體更新方法

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140230077A1 (en) * 2013-02-14 2014-08-14 International Business Machines Corporation Instruction set architecture with secure clear instructions for protecting processing unit architected state information
US20190034357A1 (en) * 2017-07-25 2019-01-31 International Business Machines Corporation Computer system software/firmware and a processor unit with a security module
EP3462362A1 (en) * 2017-09-29 2019-04-03 STMicroelectronics Inc Secure environment in a non-secure microcontroller
CN112800431A (zh) * 2020-08-28 2021-05-14 支付宝(杭州)信息技术有限公司 超线程场景下安全进入可信执行环境的方法及装置

Family Cites Families (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7225333B2 (en) * 1999-03-27 2007-05-29 Microsoft Corporation Secure processor architecture for use with a digital rights management (DRM) system on a computing device
US7003676B1 (en) * 2001-05-10 2006-02-21 Advanced Micro Devices, Inc. Locking mechanism override and disable for personal computer ROM access protection
EP1870814B1 (en) 2006-06-19 2014-08-13 Texas Instruments France Method and apparatus for secure demand paging for processor devices
US7707578B1 (en) 2004-12-16 2010-04-27 Vmware, Inc. Mechanism for scheduling execution of threads for fair resource allocation in a multi-threaded and/or multi-core processing system
US20080271027A1 (en) 2007-04-27 2008-10-30 Norton Scott J Fair share scheduling with hardware multithreading
US8219996B1 (en) 2007-05-09 2012-07-10 Hewlett-Packard Development Company, L.P. Computer processor with fairness monitor
US20090031314A1 (en) 2007-07-25 2009-01-29 Microsoft Corporation Fairness in memory systems
US7996663B2 (en) 2007-12-27 2011-08-09 Intel Corporation Saving and restoring architectural state for processor cores
US8522354B2 (en) * 2008-05-24 2013-08-27 Via Technologies, Inc. Microprocessor apparatus for secure on-die real-time clock
JP4778035B2 (ja) 2008-11-07 2011-09-21 インターナショナル・ビジネス・マシーンズ・コーポレーション 外部資源を排他使用しながら実行される命令の実行時間の遅延を防ぐためのコンピュータ・システム、並びにその方法及びコンピュータ・プログラム
JP2013152636A (ja) 2012-01-25 2013-08-08 Toyota Motor Corp 情報処理装置、タスクスケジューリング方法
WO2014108743A1 (en) * 2013-01-09 2014-07-17 Freescale Semiconductor, Inc. A method and apparatus for using a cpu cache memory for non-cpu related tasks
CA2915620C (en) 2013-06-18 2022-12-13 Ciambella Ltd. Method and apparatus for code virtualization and remote process call generation
JP2015014966A (ja) 2013-07-05 2015-01-22 日本電気株式会社 情報処理装置、情報処理方法、および、情報処理プログラム
US9594927B2 (en) 2014-09-10 2017-03-14 Intel Corporation Providing a trusted execution environment using a processor
WO2016094840A2 (en) 2014-12-11 2016-06-16 Ghosh Sudeep System, method & computer readable medium for software protection via composable process-level virtual machines
US10719420B2 (en) 2015-02-10 2020-07-21 International Business Machines Corporation System level testing of multi-threading functionality including building independent instruction streams while honoring architecturally imposed common fields and constraints
US11354128B2 (en) * 2015-03-04 2022-06-07 Intel Corporation Optimized mode transitions through predicting target state
DE102015213263A1 (de) * 2015-07-15 2017-01-19 Siemens Aktiengesellschaft Prozessor mit wahlweise einschaltbaren Sicherheitsfunktionen
US9864879B2 (en) 2015-10-06 2018-01-09 Micron Technology, Inc. Secure subsystem
JP7021594B2 (ja) 2018-04-02 2022-02-17 大日本印刷株式会社 デバイス、プログラム、インジケータ情報送信方法、及びインジケータ情報表示方法
CN109858288B (zh) 2018-12-26 2021-04-13 中国科学院信息工程研究所 实现虚拟机安全隔离的方法与装置
US11307857B2 (en) 2019-12-05 2022-04-19 Marvell Asia Pte, Ltd. Dynamic designation of instructions as sensitive for constraining multithreaded execution
US11372647B2 (en) 2019-12-05 2022-06-28 Marvell Asia Pte, Ltd. Pipelines for secure multithread execution
US12602466B2 (en) 2021-12-03 2026-04-14 International Business Machines Corporation Operating a secure code segment on a processor core of a processing unit
US12314755B2 (en) 2021-12-03 2025-05-27 International Business Machines Corporation Scheduling a secure code segment on a processor core of a processing unit
US12185029B2 (en) * 2021-12-13 2024-12-31 Hanwha Vision Co., Ltd. Apparatus and method for transmitting images and apparatus and method for receiving images
US12368908B2 (en) * 2022-04-19 2025-07-22 Nvidia Corporation Video streaming scaling using virtual resolution adjustment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140230077A1 (en) * 2013-02-14 2014-08-14 International Business Machines Corporation Instruction set architecture with secure clear instructions for protecting processing unit architected state information
US20190034357A1 (en) * 2017-07-25 2019-01-31 International Business Machines Corporation Computer system software/firmware and a processor unit with a security module
EP3462362A1 (en) * 2017-09-29 2019-04-03 STMicroelectronics Inc Secure environment in a non-secure microcontroller
CN112800431A (zh) * 2020-08-28 2021-05-14 支付宝(杭州)信息技术有限公司 超线程场景下安全进入可信执行环境的方法及装置
EP3961446A1 (en) * 2020-08-28 2022-03-02 Alipay (Hangzhou) Information Technology Co., Ltd. Method and apparatus for securely entering trusted execution environment in hyper-threading scenario

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US12602466B2 (en) 2021-12-03 2026-04-14 International Business Machines Corporation Operating a secure code segment on a processor core of a processing unit

Also Published As

Publication number Publication date
EP4441601A1 (en) 2024-10-09
TWI804388B (zh) 2023-06-01
TW202324078A (zh) 2023-06-16
JP2024541488A (ja) 2024-11-08
US12602466B2 (en) 2026-04-14
US20230177143A1 (en) 2023-06-08

Similar Documents

Publication Publication Date Title
WO2023099137A1 (en) Operating a secure code segment on a processor core of a processing unit
US9753851B2 (en) Multi-section garbage collection system including real-time garbage collection scheduling
US11061693B2 (en) Reprogramming a field programmable device on-demand
US11150905B2 (en) Efficiency for coordinated start interpretive execution exit for a multithreaded processor
CA2961690C (en) Efficient interruption routing for a multithreaded processor
US20180203724A1 (en) Fast task dispatching using a dispatching processor
US20160216902A1 (en) Clearing specified blocks of main storage
US20170371549A1 (en) Servicing multiple counters based on a single access check
US9747204B2 (en) Multi-section garbage collection system including shared performance monitor register
US20180081723A1 (en) Managing workload distribution among processing systems based on field programmable devices
US9678830B2 (en) Recovery improvement for quiesced systems
US20230176901A1 (en) Scheduling a secure code segment on a processor core of a processing unit
US10831493B2 (en) Hardware apparatus to measure memory locality
US10002022B2 (en) Processing interrupt requests
US10599479B2 (en) Resource sharing management of a field programmable device
US10310860B2 (en) Starting and stopping instruction dispatch to execution unit queues in a multi-pipeline processor
US20170123800A1 (en) Selective resource activation based on privilege level
US10606663B2 (en) Processor mode switching
US20120054773A1 (en) Processor support for secure device driver architecture
CN110930485B (zh) 基于动画的角色旋转方法、装置、服务器及存储介质
US20220146464A1 (en) Performing a separation on a field flow fractonator
US9628323B1 (en) Selective routing of asynchronous event notifications

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22813607

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2024531100

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2022813607

Country of ref document: EP

Effective date: 20240703