Abstract: A secure memory, key expansion logic, and decryption logic are provided for a microprocessor that executes encrypted instructions. The secure memory stores a plurality of decryption key primitives. The key expansion logic selects two or more decryption key primitives from the secure memory and then derives a decryption key from them. The decryption logic uses the decryption key to decrypt an encrypted instruction fetched from the instruction cache. The decryption key primitives are selected on the basis of an encrypted instruction address, one of them is rotated by an amount also determined by the encrypted instruction address, and then they are additively or subtractively accumulated, also on the basis of the encrypted instruction address.

Abstract: A microprocessor is provided in which an encrypted program can replace the decryption keys that are used to decrypt sections of the encrypted program. The microprocessor may be decrypting and executing a first section of the encrypted program when it encounters, decrypts, and executes an encrypted store-key instruction to store a new set of decryption keys. After executing the store-key instruction, the microprocessor decrypts and executes a subsequent section of the encrypted program using the new set of decryption keys. On-the-fly key switching may occur numerous times with successive encrypted store-key instructions and successive sets of encrypted instructions.

Abstract: A microprocessor and method are provided for securely decrypting and executing encrypted instructions within a microprocessor. A plurality of master keys are stored in a secure memory. Encrypted instructions are fetched from an instruction cache. A set of one or more master keys are selected from the secure memory based upon an encrypted instruction fetch address. The selected set of master keys or a decryption key derived therefrom is used to decrypt the encrypted instructions fetched from the instruction cache. The decrypted instructions are then securely executed within the microprocessor. In one implementation, the master keys are intervolved with each other to produce a new decryption key with every fetch quantum. Moreover, a new set of master keys is selected with every new block of instructions.

Abstract: A microprocessor conditionally grants a request to switch from a normal execution mode in which encrypted instructions cannot be executed, into a secure execution mode (SEM). Thereafter, the microprocessor executes a plurality of instructions, including a store-key instruction to write a set of one or more cryptographic key values into a secure memory of the microprocessor. After fetching an encrypted program from an instruction cache, the microprocessor decrypts the encrypted program into plaintext instructions using decryption logic within the microprocessor's instruction-processing pipeline.

Abstract: A method for encrypting a program for subsequent execution by a microprocessor configured to decrypt and execute the encrypted program includes receiving an object file specifying an unencrypted program that includes conventional branch instructions whose target address may be determined pre-run time. The method also includes analyzing the program to obtain chunk information that divides the program into a sequence of chunks each comprising a sequence of instructions and that includes encryption key data associated with each of the chunks. The encryption key data associated with each of the chunks is distinct. The method also includes replacing each of the conventional branch instructions that specifies a target address that is within a different chunk than the chunk in which the conventional branch instruction resides with a branch and switch key instruction. The method also includes encrypting the program based on the chunk information.

Abstract: A microprocessor and method are provided for securely decrypting and executing encrypted instructions within a microprocessor. A plurality of master keys are stored in a secure memory. Encrypted instructions are fetched from an instruction cache. A set of one or more master keys are selected from the secure memory based upon an encrypted instruction fetch address. The selected set of master keys or a decryption key derived therefrom is used to decrypt the encrypted instructions fetched from the instruction cache. The decrypted instructions are then securely executed within the microprocessor. In one implementation, the master keys are intervolved with each other to produce a new decryption key with every fetch quantum. Moreover, a new set of master keys is selected with every new block of instructions.

Abstract: A secure memory, key expansion logic, and decryption logic are provided for a microprocessor that executes encrypted instructions. The secure memory stores a plurality of decryption key primitives. The key expansion logic selects two or more decryption key primitives from the secure memory and then derives a decryption key from them. The decryption logic uses the decryption key to decrypt an encrypted instruction fetched from the instruction cache. The decryption key primitives are selected on the basis of an encrypted instruction address, one of them is rotated by an amount also determined by the encrypted instruction address, and then they are additively or subtractively accumulated, also on the basis of the encrypted instruction address.

Abstract: A microprocessor conditionally grants a request to switch from a normal execution mode in which encrypted instructions cannot be executed, into a secure execution mode (SEM). Thereafter, the microprocessor executes a plurality of instructions, including a store-key instruction to write a set of one or more cryptographic key values into a secure memory of the microprocessor. After fetching an encrypted program from an instruction cache, the microprocessor decrypts the encrypted program into plaintext instructions using decryption logic within the microprocessor's instruction-processing pipeline.

Abstract: A microprocessor is provided in which an encrypted program can replace the decryption keys that are used to decrypt sections of the encrypted program. The microprocessor may be decrypting and executing a first section of the encrypted program when it encounters, decrypts, and executes an encrypted store-key instruction to store a new set of decryption keys. After executing the store-key instruction, the microprocessor decrypts and executes a subsequent section of the encrypted program using the new set of decryption keys. On-the-fly key switching may occur numerous times with successive encrypted store-key instructions and successive sets of encrypted instructions.

Abstract: A microprocessor includes an architected register having a bit. The microprocessor sets the bit. The microprocessor also includes a fetch unit that fetches encrypted instructions from an instruction cache and decrypts them prior to executing them, in response to the microprocessor setting the bit. The microprocessor saves the value of the bit to a stack in memory and then clears the bit, in response to receiving an interrupt. The fetch unit fetches unencrypted instructions from the instruction cache and executes them without decrypting them, after the microprocessor clears the bit. The microprocessor restores the saved value from the stack in memory to the bit in the architected register, in response to executing a return from interrupt instruction. The fetch unit resumes fetching and decrypting the encrypted instructions, in response to determining that the restored value of the bit is set.

Abstract: A microprocessor is provided with a method for decrypting encrypted instruction data into plain text instruction data and securely executing the same. The microprocessor includes a master key register file comprising a plurality of master keys. Selection logic circuitry in the microprocessor selects a combination of at least two of the plurality of master keys. Key expansion circuitry in the microprocessor performs mathematical operations on the selected master keys to generate a decryption key having a long effective key length. Instruction decryption circuitry performs an efficient mathematical operation on the encrypted instruction data and the decryption key to decrypt the encrypted instruction data into plain text instruction data.

Abstract: An apparatus for generating a decryption key for use to decrypt a block of encrypted instruction data being fetched from an instruction cache in a microprocessor at a fetch address includes a first multiplexer that selects a first key value from a plurality of key values based on a first portion of the fetch address. A second multiplexer selects a second key value from the plurality of key values based on the first portion of the fetch address. A rotater rotates the first key value based on a second portion of the fetch address. An arithmetic unit selectively adds or subtracts the rotated first key value to or from the second key value based on a third portion of the fetch address to generate the decryption key.

Abstract: A microprocessor is provided with a method for decrypting encrypted instruction data into plain text instruction data and securely executing the same. The microprocessor includes a master key register file comprising a plurality of master keys. Selection logic circuitry in the microprocessor selects a combination of at least two of the plurality of master keys. Key expansion circuitry in the microprocessor performs mathematical operations on the selected master keys to generate a decryption key having a long effective key length. Instruction decryption circuitry performs an efficient mathematical operation on the encrypted instruction data and the decryption key to decrypt the encrypted instruction data into plain text instruction data.

Abstract: An apparatus for generating a decryption key for use to decrypt a block of encrypted instruction data being fetched from an instruction cache in a microprocessor at a fetch address includes a first multiplexer that selects a first key value from a plurality of key values based on a first portion of the fetch address. A second multiplexer selects a second key value from the plurality of key values based on the first portion of the fetch address. A rotater rotates the first key value based on a second portion of the fetch address. An arithmetic unit selectively adds or subtracts the rotated first key value to or from the second key value based on a third portion of the fetch address to generate the decryption key.

Abstract: A method for encrypting a program for subsequent execution by a microprocessor configured to decrypt and execute the encrypted program includes receiving an object file specifying an unencrypted program that includes conventional branch instructions whose target address may be determined pre-run time. The method also includes analyzing the program to obtain chunk information that divides the program into a sequence of chunks each comprising a sequence of instructions and that includes encryption key data associated with each of the chunks. The encryption key data associated with each of the chunks is distinct. The method also includes replacing each of the conventional branch instructions that specifies a target address that is within a different chunk than the chunk in which the conventional branch instruction resides with a branch and switch key instruction. The method also includes encrypting the program based on the chunk information.

Abstract: A microprocessor includes an architected register having a bit. The microprocessor sets the bit. The microprocessor also includes a fetch unit that fetches encrypted instructions from an instruction cache and decrypts them prior to executing them, in response to the microprocessor setting the bit. The microprocessor saves the value of the bit to a stack in memory and then clears the bit, in response to receiving an interrupt. The fetch unit fetches unencrypted instructions from the instruction cache and executes them without decrypting them, after the microprocessor clears the bit. The microprocessor restores the saved value from the stack in memory to the bit in the architected register, in response to executing a return from interrupt instruction. The fetch unit resumes fetching and decrypting the encrypted instructions, in response to determining that the restored value of the bit is set.

Abstract: A microprocessor includes a storage element having a plurality of locations each storing decryption key data associated with an encrypted program. A control register field (may be x86 EFLAGS register reserved field) specifies a storage element location associated with a currently executing encrypted program. The microprocessor restores from memory to the control register a previously saved value of the field in response to executing a return from interrupt instruction. A fetch unit fetches encrypted instructions of the currently executing encrypted program and decrypts them using the decryption key data stored the storage element location specified by the restored field value. A kill bit associated with each storage element location may be employed if the location is clobbered because more encrypted programs are multitasked than available locations in the storage element, in which case an exception is generated to re-load the clobbered decryption key data in response to the return from interrupt instruction.

Abstract: A fetch unit fetches a sequence of blocks of encrypted instructions of an encrypted program from an instruction cache at a corresponding sequence of fetch address values. While fetching each block of the sequence, the fetch unit generates a decryption key as a function of key values and the corresponding fetch address value, and decrypts the encrypted instructions using the generated decryption key by XORing them together. A switch key instruction instructs the microprocessor to update the key values in the fetch unit while the fetch unit is fetching the sequence of blocks. The fetch unit inherently provides an effective decryption key length that depends upon the function and amount of key values used. Including one or more switch key instructions within the encrypted program increases the effective decryption key length up to the encrypted program length.

Abstract: A microprocessor includes an architected register having a bit (may be x86 EFLAGS register reserved bit) set by the microprocessor. A fetch unit fetches encrypted instructions from an instruction cache and decrypts them (via XOR) prior to executing them, in response to the microprocessor setting the bit. The microprocessor saves the bit value to a stack in memory and then clears the bit in response to receiving an interrupt. The fetch unit fetches unencrypted instructions from the instruction cache and executes them without decrypting them after the microprocessor clears the bit. The microprocessor restores the saved value from the stack in memory to the bit in the architected register (and in one embodiment, also restores decryption key values) in response to executing a return from interrupt instruction. The fetch unit resumes fetching and decrypting the encrypted instructions in response to determining that the restored value of the bit is set.

Abstract: A fetch unit (a) fetches a block of instruction data from an instruction cache of the microprocessor; (b) performs an XOR on the block with a data entity to generate plain text instruction data; and (c) provides the plain text instruction data to an instruction decode unit. In a first instance the block comprises encrypted instruction data and the data entity is a decryption key. In a second instance the block comprises unencrypted instruction data and the data entity is Boolean zeroes. The time required to perform (a), (b), and (c) is the same in the first and second instances regardless of whether the block is encrypted or unencrypted. A decryption key generator selects first and second keys from a plurality of keys, rotates the first key, and adds/subtracts the rotated first key to/from the second key, all based on portions of the fetch address, to generate the decryption key.