Patent Application
20080244267
Embodiments of the invention generally relate to the field of integrated circuits and, more particularly, to systems, methods and apparatuses for local and remote access control of a resource.
Processors and chipsets typically include on-die hardware components that are configured before (or while) a computer's operating system is booted. In “many core” systems, these components include, for example, system address decoders, router table arrays, and other components that support the interconnection of cores. These configurable components are vulnerable to errant and malicious programming.
In conventional systems, access to configurable hardware resources is frequently determined by the mode of a system. For example, certain registers might only be written to if the system is in a system management mode. In addition, conventional systems may allow nearly any out-of-band agent to configure hardware resources, if the out-of-band agent uses a particular communication path (e.g., a system management bus).
Embodiments of the invention are illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings in which like reference numerals refer to similar elements.
Embodiments of the invention are generally directed to systems, methods, and apparatuses for local and remote access control of configurable hardware. In some embodiments, an integrated circuit includes logic to control the access to configurable resources such as control and status registers, router table arrays, core enable/disable logic, and the like. As is further discussed below, in some embodiments, the access control logic uses a cryptographic authentication protocol to regulate access to configurable hardware.
Integrated circuit 130 includes, inter alia, access control logic 132 and resource 134. Resource 134 may be nearly any configurable hardware resource or an element of a configurable hardware resource. For example, resource 134 may be a control and status register, a processor core, a graphics core, a model specific register, an accelerator, and the like.
Access control logic 132 authenticates an agent (e.g., agent 110) that attempts to configure resource 134. The term “authenticates” broadly refers to requiring evidence that an agent is authorized to configure resource 134. In some embodiments, access control logic 132 implements a cryptographic authentication protocol to authenticate the agent. In such embodiments, access control logic 132 may be provisioned with key 136. For example, during manufacturing, soft fuses may be blown to provision key 136. Alternatively, a different provisioning mechanism may be used. Key 136 may be, for example, a private key of a cryptographic public/private key pair. For ease of illustration, key 136 is illustrated as being part of access control logic 132. It is to be appreciated, however, that key 136 may located nearly anywhere on integrated circuit 130 or may be located on a different integrated circuit.
In some embodiments, access control logic 132 exchanges a nonce with agent 110, as part of the cryptographic authentication protocol to, for example, prevent (or attempt to prevent) replay attacks. In such embodiments, integrated circuit 130 may include random number generator (RNG) 138 to provide the nonce. In alternative embodiments, RNG 138 may be located on a different integrated circuit.
Routing logic 214 may include the address decoders and/or route tables that are used to interconnect cores 212. Various aspects of routing logic 214 may be configurable. For example, how physical addresses are decoded may be configurable and/or the values in the route tables may be configurable.
In some embodiments, at least some of the instances of routing logic 214 include access control logic 218 and CSR 220. Access control logic 218 determines whether an agent is authorized to change the values stored in CSR 220. In some embodiments, access control logic 218 requires that an agent seeking to access CSR 220 provides a public key matching a private key that was previously provisioned within system 200. In alternative embodiments, a different mechanism may be used to authenticate an agent. As is further described below, in some embodiments, access control logic 218 uses a cryptographic authentication protocol to authenticate an agent. In some embodiments, access control logic 218 is implemented, at least in part, in hardware. In alternative embodiments, access control logic 218 may be implemented, at least in part, in platform microcode.
Access control logic 330 determines whether the PuKA matches a private key (PrKA) that was previously provisioned on the platform with which access control logic 330 is associated. If the PuKA matches the PrKA, then access control logic 330 acknowledges that agent 320 can write to the CSR at 304 (without disclosing the PrKA).
Agent 320 starts a block write to the CSR at 306. In some embodiments, access control logic 330 returns at least a portion of the write data and a nonce at 308. The nonce can be used to protect against a replay attack by providing an indication that this is a “fresh” transaction. For example, in the illustrated embodiment, agent 320 encrypts the write value and the nonce and provides it to access control logic 330 at 310. Access control logic 330 acknowledges the write request (and returns the CSR value) at 312. In alternative embodiments, the encryption protocol may have more elements, fewer elements, different elements, and/or may occur in a different order.
If the system is not in an owner mode then, in some embodiments, initialization may proceed in a substantially conventional manner (e.g., 406 and 408). If, however, the system is in an owner mode, then access control logic (ACL) determines whether the CSR is access controlled at 410. The ACL determines whether the agent is attempting to write to the CSR at 412. If the agent is attempting to write to the CSR, then the ACL may determine whether write access is set at 414.
If write access is set, then the agent may use an encryption protocol to write data to the CSR as shown by 416 and 418. In some embodiments, the agent may use an encryption protocol that is substantially similar to the protocol described above with reference to
Out-of-band (OOB) agent 506 may be any of wide variety of remote agents capable of configuring one or more hardware resources of computer system 502. In some embodiments, OOB 506 is a management server. Since ACL 502 can authenticate OOB agent 506, the configuration of hardware resources can be delegated beyond traditional schemes such as the system management bus. Rather, OOB 506 can access system 502 over nearly any wired and/or wireless communication path (e.g., via network 508) and authenticate itself to ACL 502. Thus, an original equipment manufacturer (OEM) can be brought within the “trust perimeter” by provisioning an integrated circuit (e.g., a processor die, chipset, etc.) with its own encryption key during, for example, manufacturing.
In-band agent 510 may be any of a wide variety of local agents including, for example, on-package read only memory (ROM), agents that use JTag/SMbus, direct connect ROM, and the like. In some embodiments, in-band agent 510 configures one or more hardware resources of system 502 during initiation.
Elements of embodiments of the present invention may also be provided as a machine-readable medium for storing the machine-executable instructions. The machine-readable medium may include, but is not limited to, flash memory, optical disks, compact disks-read only memory (CD-ROM), digital versatile/video disks (DVD) ROM, random access memory (RAM), erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), magnetic or optical cards, propagation media or other type of machine-readable media suitable for storing electronic instructions. For example, embodiments of the invention may be downloaded as a computer program which may be transferred from a remote computer (e.g., a server) to a requesting computer (e.g., a client) by way of data signals embodied in a carrier wave or other propagation medium via a communication link (e.g., a modem or network connection).
It should be appreciated that reference throughout this specification to “one embodiment” or “an embodiment” means that a particular feature, structure or characteristic described in connection with the embodiment is included in at least one embodiment of the present invention. Therefore, it is emphasized and should be appreciated that two or more references to “an embodiment” or “one embodiment” or “an alternative embodiment” in various portions of this specification are not necessarily all referring to the same embodiment. Furthermore, the particular features, structures or characteristics may be combined as suitable in one or more embodiments of the invention.
Similarly, it should be appreciated that in the foregoing description of embodiments of the invention, various features are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure aiding in the understanding of one or more of the various inventive aspects. This method of disclosure, however, is not to be interpreted as reflecting an intention that the claimed subject matter requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description.
