Abstract: In one embodiment, a processor comprises a programmable map and a circuit. The programmable map is configured to store data that identifies at least one instruction for which an architectural modification of an instruction set architecture implemented by the processor has been defined, wherein the processor does not implement the modification. The circuitry is configured to detect the instruction or its memory operands and cause a transition to Known Good Code (KGC), wherein the KGC is protected from unauthorized modification and is provided from an authenticated entity. The KGC comprises code that, when executed, emulates the modification. In another embodiment, an integrated circuit comprises at least one processor core; at least one other circuit; and a KGC source configured to supply KGC to the processor core for execution. The KGC comprises interface code for the other circuit whereby an application executing on the processor core interfaces to the other circuit through the KGC.

Abstract: In one embodiment, a processor comprises a programmable map and a circuit. The programmable map is configured to store data that identifies at least one instruction for which an architectural modification of an instruction set architecture implemented by the processor has been defined, wherein the processor does not implement the modification. The circuitry is configured to detect the instruction or its memory operands and cause a transition to Known Good Code (KGC), wherein the KGC is protected from unauthorized modification and is provided from an authenticated entity. The KGC comprises code that, when executed, emulates the modification. In another embodiment, an integrated circuit comprises at least one processor core; at least one other circuit; and a KGC source configured to supply KGC to the processor core for execution. The KGC comprises interface code for the other circuit whereby an application executing on the processor core interfaces to the other circuit through the KGC.

Abstract: A secure boot processing may be accomplished on the basis of a non-volatile memory that is an integral part of the CPU and which may not be modified once a pre-boot information may be programmed into the non-volatile memory. During a reset event or a power-on event, execution may be started from the internal non-volatile memory, which may also include public decryption keys for verifying a signature of a portion of a boot routine. The verification of the respective portion of the boot routine may be accomplished by using internal random access memories, thereby avoiding external access during verification of the boot routine. Hence, a high degree of tamper resistance may be obtained, for instance, with respect to BIOS modification by exchanging BIOS chips.

Abstract: In one embodiment, a processor comprises a programmable map and a circuit. The programmable map is configured to store data that identifies at least one instruction for which an architectural modification of an instruction set architecture implemented by the processor has been defined, wherein the processor does not implement the modification. The circuitry is configured to detect the instruction or its memory operands and cause a transition to Known Good Code (KGC), wherein the KGC is protected from unauthorized modification and is provided from an authenticated entity. The KGC comprises code that, when executed, emulates the modification. In another embodiment, an integrated circuit comprises at least one processor core; at least one other circuit; and a KGC source configured to supply KGC to the processor core for execution. The KGC comprises interface code for the other circuit whereby an application executing on the processor core interfaces to the other circuit through the KGC.

Abstract: A CPU, a computer system and a secure boot mechanism are provided in which a symmetric encryption key may be incorporated into a non-volatile memory area of the CPU core, thereby substantially avoiding any tampering of the encryption key by external sources. Moreover, pre-boot information may be internally stored in the CPU and may be retrieved upon a reset or power-on event in order to verify a signed boot information on the basis of the internal symmetric encryption key. Furthermore, the BIOS information may be efficiently updated by generating a signature using the internal encryption key.

Abstract: A wireless communications device includes a host processing unit, a modem processing unit, and a memory transport interface. The wireless communications device typically runs a variety of software tasks, some of which require considerably more memory than others. By processing the memory intensive tasks with the host processing unit and assigning tasks requiring high computing power but relatively smaller memory to the modem processor unit, a smaller on-chip memory can be used for the modem processor unit tasks. In addition, by using a messaging transport interface to transfer data between tasks running on different processing units, smaller local memories can be used in place of a shared memory. For example, by allocating and storing L1 tasks at the modem processing unit and allocating/storing L2 and L3 tasks at the host processing unit, duplicate memory components may be reduced or removed, thereby lowering system costs and improving system efficiency.

Abstract: In one embodiment, a processor comprises a programmable map and a circuit. The programmable map is configured to store data that identifies at least one instruction for which an architectural modification of an instruction set architecture implemented by the processor has been defined, wherein the processor does not implement the modification. The circuitry is configured to detect the instruction or its memory operands and cause a transition to Known Good Code (KGC), wherein the KGC is protected from unauthorized modification and is provided from an authenticated entity. The KGC comprises code that, when executed, emulates the modification. In another embodiment, an integrated circuit comprises at least one processor core; at least one other circuit; and a KGC source configured to supply KGC to the processor core for execution. The KGC comprises interface code for the other circuit whereby an application executing on the processor core interfaces to the other circuit through the KGC.

Abstract: In one embodiment, a processor comprises a programmable map and a circuit. The programmable map is configured to store data that identifies at least one instruction for which an architectural modification of an instruction set architecture implemented by the processor has been defined, wherein the processor does not implement the modification. The circuitry is configured to detect the instruction or its memory operands and cause a transition to Known Good Code (KGC), wherein the KGC is protected from unauthorized modification and is provided from an authenticated entity. The KGC comprises code that, when executed, emulates the modification. In another embodiment, an integrated circuit comprises at least one processor core; at least one other circuit; and a KGC source configured to supply KGC to the processor core for execution. The KGC comprises interface code for the other circuit whereby an application executing on the processor core interfaces to the other circuit through the KGC.

Abstract: A software development technique is provided using target system virtualization software simulating behaviour of a target system. A target device driver running on a host system issues memory access commands to the target system virtualization software rather than to a memory interface unit of the host system. The memory interface unit may be an SRAM (Static Random Access Memory) interface. The target system may be an EGPRS (Enhanced General Packet Radio Service) modem.

Abstract: A CPU, a computer system and a secure boot mechanism are provided in which a symmetric encryption key may be incorporated into a non-volatile memory area of the CPU core, thereby substantially avoiding any tampering of the encryption key by external sources. Moreover, pre-boot information may be internally stored in the CPU and may be retrieved upon a reset or power-on event in order to verify a signed boot information on the basis of the internal symmetric encryption key. Furthermore, the BIOS information may be efficiently updated by generating a signature using the internal encryption key.

Abstract: A secure boot processing may be accomplished on the basis of a non-volatile memory that is an integral part of the CPU and which may not be modified once a pre-boot information may be programmed into the non-volatile memory. During a reset event or a power-on event, execution may be started from the internal non-volatile memory, which may also include public decryption keys for verifying a signature of a portion of a boot routine. The verification of the respective portion of the boot routine may be accomplished by using internal random access memories, thereby avoiding external access during verification of the boot routine. Hence, a high degree of tamper resistance may be obtained, for instance, with respect to BIOS modification by exchanging BIOS chips.

Abstract: A computer system includes a main processor and a security control processor that is coupled to the main processor and configured to control and monitor an operational state of the main processor. To ensure the computer system may be trusted, the security control processor may be configured to hold the main processor in a slave mode during initialization of the security control processor such that the main processor is not operable to fetch and execute instructions from an instruction source external to the main processor, for example. In addition, the security control processor may be configured to initialize the operational state of the main processor to a predetermined state by transferring to the main processor via a control interface one or more instructions and to cause the main processor to execute the one or more instructions while the main processor is held in the slave mode.

Abstract: In one embodiment, a computer system comprises one or more components and a secure computing environment coupled to the components. The secure computing environment is configured to program at least one of the components to enter a limited functionality mode responsive to expiration of a use right to the computer system, wherein operation of the computer system in the limited functionality mode is reduced compared to operation when the use right has not expired. The secure computing environment is configured to monitor the components in the limited functionality mode to detect that a limited functionality mode configuration has been modified by an unauthorized entity and to cause the computer system to enter a second mode in which operation of the computer system is reduced compared to operation in the limited functionality mode in response.

Abstract: In one embodiment, a processor comprises a programmable map and a circuit. The programmable map is configured to store data that identifies at least one instruction for which an architectural modification of an instruction set architecture implemented by the processor has been defined, wherein the processor does not implement the modification. The circuitry is configured to detect the instruction or its memory operands and cause a transition to Known Good Code (KGC), wherein the KGC is protected from unauthorized modification and is provided from an authenticated entity. The KGC comprises code that, when executed, emulates the modification. In another embodiment, an integrated circuit comprises at least one processor core; at least one other circuit; and a KGC source configured to supply KGC to the processor core for execution. The KGC comprises interface code for the other circuit whereby an application executing on the processor core interfaces to the other circuit through the KGC.

Abstract: The present invention relates methods for patching WWAN (Wireless Wide Area Network) communication devices and corresponding WWAN communication devices, integrated circuit chips and computer-readable media. The WWAN communication device includes a first processor, a second processor and a memory. The first processor is arranged to process patches updating software running on the WWAN communication device. The second processor is arranged to provide a first set of the patches to the first processor. The memory stores a second set of the patches to be processed by the first processor. The second processor is further arranged to send a patch end signal to the first processor, the patch end signal causing the first processor to stop processing of patches provided by the second processor. The first processor is further arranged to process the patches stored in the memory independently of the patch end signal.

Abstract: A software development technique is provided using target system virtualization software simulating behaviour of a target system. A target device driver running on a host system issues memory access commands to the target system virtualization software rather than to a memory interface unit of the host system. The memory interface unit may be an SRAM (Static Random Access Memory) interface. The target system may be an EGPRS (Enhanced General Packet Radio Service) modem.

Abstract: The present invention relates methods for patching WWAN (Wireless Wide Area Network) communication devices and corresponding WWAN communication devices, integrated circuit chips and computer-readable media. The WWAN communication device includes a first processor, a second processor and a memory. The first processor is arranged to process patches updating software running on the WWAN communication device. The second processor is arranged to provide a first set of the patches to the first processor. The memory stores a second set of the patches to be processed by the first processor. The second processor is further arranged to send a patch end signal to the first processor, the patch end signal causing the first processor to stop processing of patches provided by the second processor. The first processor is further arranged to process the patches stored in the memory independently of the patch end signal.

Abstract: Patch servers, patch clients and corresponding methods are provided that may increase secret protection and key loss tolerance. A patch server includes a first key generation platform and a second key generation platform different from the first one. A first and second private key group containing a plurality of first or second private keys, respectively, is generated using the first or second key generation platform, respectively. One of the first private keys is selected from the first private key group, and one of the second private keys is selected from the second private key group. A first digital signature is generated based on the patch and the first selected private key. A second digital signature is generated based on the patch and the second selected private key. The patch is transmitted to the patch client together with the first and second digital signatures.