公开(公告)号：JP2009054164A

公开(公告)日：2009-03-12

申请号：JP2008236958

申请日：2008-09-16

Applicant: Intel Corp ,  インテル コーポレイション

Inventor： SUTTON II JAMES ,  GRAWROCK DAVID

IPC: G06F12/14 ,  G06F21/22 ,  G06F1/00 ,  G06F1/24 ,  G06F21/24

CPC classification number: G06F9/4403 ,  G01N23/223 ,  G01N33/502 ,  G01N33/6872 ,  G01N2223/076 ,  G06F9/44505 ,  G06F12/0802 ,  G06F12/145 ,  G06F12/1458 ,  G06F13/4282 ,  G06F21/57 ,  G06F21/572 ,  G06F2212/1052 ,  G06F2212/60 ,  G06F2213/0026 ,  G06F2221/033 ,  H04L9/32 ,  H04L9/3247

Abstract: PROBLEM TO BE SOLVED: To provide a system and method for execution of a secured environment initialization instruction. SOLUTION: A method and apparatus for initiating secure operations in a microprocessor system is described. In one embodiment, one initiating logical processor initiates a process by halting the execution of the other logical processors and then loading initialization and secure virtual machine monitor software into a memory. The initiating processor then loads initialization software into a secure memory for authentication and execution. The initialization software authenticates and registers the secure virtual machine monitor software prior to secure system operations. COPYRIGHT: (C)2009,JPO&INPIT

Abstract translation: 要解决的问题：提供用于执行安全环境初始化指令的系统和方法。 描述了一种用于在微处理器系统中发起安全操作的方法和装置。 在一个实施例中，一个起始逻辑处理器通过停止其他逻辑处理器的执行，然后加载初始化并将虚拟机监视软件保护到存储器中来发起进程。 启动处理器然后将初始化软件加载到安全存储器中以进行认证和执行。 初始化软件在安全系统操作之前对安全虚拟机监控软件进行认证和注册。 版权所有（C）2009，JPO＆INPIT

公开(公告)号：DE10394383B4

公开(公告)日：2014-01-16

申请号：DE10394383

申请日：2003-02-13

Applicant: INTEL CORP

Inventor： SUTTON II JAMES ,  KOZUCH MICHAEL ,  GRAWROCK DAVID

IPC: G06F9/445 ,  G06F21/00

Abstract: Ein Verfahren und eine Vorrichtung werden zur Verfügung gestellt, bei welchen ein vertrauenswürdiges Betriebssystem in einen Bereich in einem Speicher geladen wird. Eine Start-Sichern-Operation (SSO) löst eine Verknüpfe-Sichern-Operation (JSO) aus, um alle CPUs bis auf eine in einem Multiprozessorcomputer anzuhalten. Die SSO veranlasst die aktive CPU, eine Komponente eines Betriebssystems in einen spezifizierten Bereich in dem Speicher zu laden, die Identität des geladenen Betriebssystems durch Aufzeichnen eines kryptographischen Hashs des Inhalts des spezifizierten Bereichs in dem Speicher zu registrieren, die Ausführung bei einem bekannten Eintrittspunkt in dem spezifizierten Bereich zu beginnen und die JSO auszulösen, so dass sie die angehaltenen CPUs veranlasst, das gleiche zu tun.

公开(公告)号：GB2402521B

公开(公告)日：2005-10-12

申请号：GB0419314

申请日：2003-02-13

Applicant: INTEL CORP

Inventor： SUTTON II JAMES ,  KOZUCH MICHAEL ,  GRAWROCK DAVID W

IPC: G06F21/00 ,  G06F9/445 ,  G06F9/40

Abstract: The method involves loading a component of an operating system into a specific region (275) of a memory by the active one of the CPUs (210,220,230) of a multi-processor system (200). The identity of the loaded component is registered. The active CPU is made to jump to a known entry point in the specific region. Independent claims are also included for the following: (1) article of manufacture comprising computer readable medium storing operating system loading program; (2) method of securing a region in computer memory; and (3) apparatus to load trustable operating system.

公开(公告)号：GB2402788A

公开(公告)日：2004-12-15

申请号：GB0422078

申请日：2003-03-20

Applicant: INTEL CORP

Inventor： SUTTON II JAMES ,  GRAWROCK DAVID W

IPC: G06F12/14 ,  G06F1/00 ,  G06F21/24

Abstract: A method and apparatus for initiating secure operations in a microprocessor system is described. In one embodiment, one initiating logical processor initiates the process by halting the execution of the other logical processors, and then loading initialization and secure virtual machine monitor software into memory. The initiating processor then loads the initialization software into secure memory for authentication and execution. The initialization software then authenticates and registers the secure virtual machine monitor software prior to secure system operations.

公开(公告)号：DE10392470B4

公开(公告)日：2007-02-15

申请号：DE10392470

申请日：2003-03-20

Applicant: INTEL CORP

Inventor： SUTTON II JAMES ,  GRAWROCK DAVID

IPC: G06F12/14 ,  G06F21/00 ,  G06F1/00 ,  G06F21/24

Abstract: A method and apparatus for initiating secure operations in a microprocessor system is described. In one embodiment, one initiating logical processor initiates the process by halting the execution of the other logical processors, and then loading initialization and secure virtual machine monitor software into memory. The initiating processor then loads the initialization software into secure memory for authentication and execution. The initialization software then authenticates and registers the secure virtual machine monitor software prior to secure system operations.

公开(公告)号：GB2403832A

公开(公告)日：2005-01-12

申请号：GB0422099

申请日：2003-03-20

Applicant: INTEL CORP

Inventor： SUTTON II JAMES ,  GRAWROCK DAVID W

IPC: G06F1/00 ,  G06F21/00

Abstract: A method and apparatus for resetting and modifying special registers in a security token is described. In one embodiment, a register may be reset when a reset flag is true when a special transmission on a bus demonstrates the mutual locality of the associated processor and chipset. A modify flag may also be used to indicate whether the register contents may be modified. Modifications may also be dependent upon demonstration of mutual locality.

公开(公告)号：GB2403047A

公开(公告)日：2004-12-22

申请号：GB0422098

申请日：2003-03-28

Applicant: INTEL CORP

Inventor： SUTTON II JAMES

IPC: G06F21/00 ,  G06F1/00 ,  G06F9/445

Abstract: Microcode patches are encoded before delivery to a target processor that is to install the microcode patches. The target processor validates the microcode patches before installation. The security of the process may be enhanced by one or more of: 1) performing the validation in a secure memory, 2) using a public/private key pair for encryption and decryption of the microcode patch, 3) using at least one key that is embedded in the target processor and that cannot be read by non-secure software, and 4) using a hash value that is embedded in the target processor to validate at least one non-embedded key.

公开(公告)号：DE10397004A5

公开(公告)日：2014-01-30

申请号：DE10397004

申请日：2003-02-13

Applicant: INTEL CORP

Inventor： SUTTON II JAMES ,  GRAWROCK DAVID ,  KOZUCH MICHAEL

IPC: G06F9/445 ,  G06F21/00

公开(公告)号：DE10392470T5

公开(公告)日：2005-04-07

申请号：DE10392470

申请日：2003-03-20

Applicant: INTEL CORP

Inventor： SUTTON II JAMES ,  GRAWROCK DAVID

IPC: G06F12/14 ,  G06F1/00 ,  G06F21/24

Abstract: A method and apparatus for initiating secure operations in a microprocessor system is described. In one embodiment, one initiating logical processor initiates the process by halting the execution of the other logical processors, and then loading initialization and secure virtual machine monitor software into memory. The initiating processor then loads the initialization software into secure memory for authentication and execution. The initialization software then authenticates and registers the secure virtual machine monitor software prior to secure system operations.

公开(公告)号：DE10196440T5

公开(公告)日：2004-04-29

申请号：DE10196440

申请日：2001-07-13

Applicant: INTEL CORP

Inventor： GOLLIVER ROGER ,  SUTTON II JAMES ,  LIN DERRICK ,  THAKKAR SHREEKANT ,  NEIGER GILBERT ,  MCKEEN FRANCIS ,  HERBERT HOWARD ,  RENERIS KENNETH ,  ELLISON CARL

IPC: G06F12/14 ,  G06F1/00