Abstract: An apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment are described. The method includes disregarding a received load secure region instruction when a currently active load secure region operation is detected. Otherwise, a memory protection element is directed, in response to the received load secure region instruction, to form a secure memory environment. Once directed, unauthorized read/write access to one or more protected memory regions are prohibited. Finally, a cryptographic hash value of the one or more protected memory regions is stored within a digest information repository as a secure software identification value. Once stored, outside agents may request access to a digitally signed software identification value in order to establish security verification of secure software within the secure memory environment.

Abstract: A microprocessor uses broadcast state renaming to reduce processing delays and microcode overhead which would otherwise result from rebroadcasts of state due to register renaming. The microprocessor comprises a memory execution unit, a microcode sequencer, and various functional units. The memory execution unit includes a segment register, content of which represents state of the processor. The microcode sequencer sets an identifier field in at least some microinstructions, indicating which of multiple copies of broadcast state are to be used in processing each such microinstruction. Each functional unit receives and internally stores multiple copies of broadcast state, each of which may correspond to a different renamed version of the segment register. Each functional unit selects, based on the identifier field of a microinstruction, one of its internally stored copies of broadcast state for use in processing the microinstruction.

Abstract: In a multithreaded processor, events are categorized according to which of a “soft” state clearing (“nuke”) process and a “hard” nuke process should be performed in response to each event. When an event is detected for a thread, either the soft nuke or hard nuke process is executed, according to the type of event, prior to invoking an event handler. The soft nuke process performs less than all of the actions performed by the hard nuke process and requires much less time to execute. If multiple threads are being processed, the hard nuke process requires synchronization between the threads and clears state for each thread, whereas the soft nuke process does not require cross-thread synchronization and clears state only for the thread in which the event was detected. In one embodiment, the soft nuke process is implemented in microcode, while the hard nuke process is hardware-implemented.

Abstract: A system is initialized for operation in a protected operating environment by executing authenticated code that prepares various portions of the hardware for protection from non-trusted software. In one embodiment, initialization includes identifying and locking down specified areas of memory for protected processing, then placing trusted software into the specified areas of memory and validating the trusted software. In a particular embodiment, initialization may also include deriving and protectively storing identifying characteristics of the trusted software.

Abstract: A system and method for permitting the execution of system management mode (SMM) code during secure operations in a microprocessor system is described. In one embodiment, the system management interrupt (SMI) may be first directed to a handler in a secured virtual machine monitor (SVMM). The SMI may then be re-directed to SMM code located in a virtual machine (VM) that is under the security control of the SVMM. This redirection may be accomplished by allowing the SVMM to read and write the system management (SM) base register in the processor.

Abstract: A method and an apparatus are used to efficiently translate memory addresses. The translation scheme yields a translated address, a memory type for the translated address, and a fault bit for the translation.

Abstract: An authenticated code module comprises a value that attests to the authenticity of the module. The value is encrypted with a key corresponding to a key of a computing device that is to execute the module.

Abstract: A processor loads, authenticates, and/or initiates execution of authenticated code modules in response to executing launch authenticated code instructions.

Abstract: Apparatus and method load, authenticate, and/or execute authenticated code modules stored in a private memory.

Abstract: A microprocessor uses broadcast state renaming to reduce processing delays and microcode overhead which would otherwise result from rebroadcasts of state due to register renaming. The microprocessor comprises a memory execution unit, a microcode sequencer, and various functional units. The memory execution unit includes a segment register, content of which represents state of the processor. The microcode sequencer sets an identifier field in at least some microinstructions, indicating which of multiple copies of broadcast state are to be used in processing each such microinstruction. Each functional unit receives and internally stores multiple copies of broadcast state, each of which may correspond to a different renamed version of the segment register. Each functional unit selects, based on the identifier field of a microinstruction, one of its internally stored copies of broadcast state for use in processing the microinstruction.

Abstract: An apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment are described. The method includes disregarding a received load secure region instruction when a currently active load secure region operation is detected. Otherwise, a memory protection element is directed, in response to the received load secure region instruction, to form a secure memory environment. Once directed, unauthorized read/write access to one or more protected memory regions are prohibited. Finally, a cryptographic hash value of the one or more protected memory regions is stored within a digest information repository as a secure software identification value. Once stored, outside agents may request access to a digitally signed software identification value in order to establish security verification of secure software within the secure memory environment.

Abstract: In a multithreaded processor, events are categorized according to which of a “soft” state clearing (“nuke”) process and a “hard” nuke process should be performed in response to each event. When an event is detected for a thread, either the soft nuke or hard nuke process is executed, according to the type of event, prior to invoking an event handler. The soft nuke process performs less than all of the actions performed by the hard nuke process and requires much less time to execute. If multiple threads are being processed, the hard nuke process requires synchronization between the threads and clears state for each thread, whereas the soft nuke process does not require cross-thread synchronization and clears state only for the thread in which the event was detected. In one embodiment, the soft nuke process is implemented in microcode, while the hard nuke process is hardware-implemented.

Abstract: In a pipelined processor, an apparatus for handling string operations. When a string operation is received by the processor, the length of the string as specified by the programmer is stored in a register. Next, an instruction sequencer issues an instruction that computes the register value minus a pre-determined number of iterations to be issued into the pipeline. Following the instruction, the pre-determined number of iterations are issued to the pipeline. When the instruction returns with the calculated number, the instruction sequencer then knows exactly how many iterations should be executed. Any extra iterations that had initially been issued are canceled by the execution unit, and additional iterations are issued as necessary. A loop counter in the instruction sequencer is used to track the number of iterations.