TW526416B - Controlling access to multiple isolated memories in an isolated execution environment - Google Patents

Abstract

The present invention provides a method, apparatus, and system for controlling memory accesses to multiple isolated memory areas in an isolated execution environment. A page manager is used to distribute a plurality of pages to a plurality of different areas of a memory, respectively. The memory is divided into non-isolated areas and isolated areas. The page manager is located in an isolated area of memory. Further, a memory ownership page table describes each page of memory and is also located in an isolated area of memory. The page manager assigns an isolated attribute to a page if the page is distributed to an isolated area of memory. On the other hand, the page manager assigns a non-isolated attribute to a page if the page is distributed to a non-isolated area of memory. The memory ownership page table records the attribute for each page. In one embodiment, a processor having a normal execution mode and an isolated execution mode generates an access transaction. The access transaction is configured using a configuration storage that contains configuration settings related to a page and access information. An access checking circuit coupled to the configuration storage checks the access transaction using at least one of the configuration settings and the access information and generates an access grant signal if the access transaction is valid.

Description

526416 A7 --------- B7 V. Description of invention (彳)

1 · Relevant application claims This application claims priority of March 2000 with the number 60Π98,226. The U.S. provisional patent application proposed on 31st is about microprocessor processor security. 3. Chu Wu Poor Emperor Zhiming More specifically, the present invention is related to the evolution of microprocessors and communication technologies, which has created many opportunities for superb commercial applications. E-commerce and business-to-business (B2B) e-commerce have now become commonplace and continue to accelerate through the common market. Unfortunately, when today's microprocessor systems provide a convenient and efficient way for users to conduct business, communications and transactions, they have also resorted to unscrupulous attacks. Examples of these attacks include viruses, intrusions, security breaches, and tampering. Therefore, computer security becomes more important to protect the integrity of the computer system and increase user trust. The threat posed by unscrupulous attacks can take many forms. An intrusive remotely launched attack by a hacker can disrupt the normal operation of a system connected to thousands or even millions of users. A virus program can destroy code and / or data on a single user platform. = Some have some disadvantages to hacking protection technology. Antivirus programs can only scan and detect known viruses. Security co-processors or smart cards using encryption or other security technologies have many limitations on rate performance, memory capacity, and flexibility. In addition, the redesigned operating system generates software compatibility ___— -4 _ This paper size applies the Chinese National Standard (CNS) A4 specification (21〇X 297 public love)

Binding # 526416 A7 B7 5. Description of the invention (2) Sexual problems and require a large investment in research and development. BRIEF DESCRIPTION OF THE DRAWINGS The features and benefits of the present invention can be better understood through the following detailed description of the present invention, wherein: FIG. 1A shows an operating system according to a specific embodiment of the present invention. Figure 1B shows an operating system and accessibility of different components in the processor, and a single contiguous isolated memory area according to an embodiment of the present invention. 7F shown in FIG. 1C is similar to FIG. 1B, which shows the accessibility of different components in the operating system and the processor according to a specific embodiment of the present invention, especially multiple isolated memory regions and multiple non-isolated memory regions. ㈣ shows a flowchart of the process of-allocating a memory page of a quarantine execution in a specific embodiment according to the present invention. Hundred E! Jin: For a specific embodiment according to the present invention, -memory holding Figure 1F: = and processing of converting a virtual address to-physical address. Shi :. ...- Computer system 'A specific implementation in which the present invention can be implemented is shown in Figure 1F for isolation according to the present invention-specific example. Figure 2B shows a manager according to the present invention. Figure 2A shows an example according to the present invention (an access check circuit. A circuit to manage a logical processor second-specifically In the embodiment, the access check 3 V. Description of the invention (Figure 4 shows a detailed explanation of the access permission letter / explanation of a specific embodiment to generate a separate execution flow chart. The processing process is as follows: : Figure manages the operation of the thread according to the present invention-specific embodiment: "The device is a specific embodiment of the present invention and is shown in Fig. 1 F. •,-Access control of the isolated area in the spring state (MCH) .

Access check electricity = According to the present invention-the MCH legislative circle shown in country 6 with the ** embodiment: the second and second are stubs and the second is generated in the rr body embodiment- Flowchart 0 Description of the Invention The present invention is a method, device and system for controlling physical access in an isolated execution environment. A page manager number: faces to-a plurality of different areas of memory. The memory ′ is divided into a non-isolated area and an isolated area. The page manager is the isolated area of the second upper memory. Furthermore, '-memory ownership page description: each memory page' is also located in the -isolated area of the memory. The page J official assigns an isolated attribute to a-isolated region of λ 'memory. On the other hand, the; Isolate attribute to -page if the page is allocated to memory two non-isolated area ^. The memory ownership page table records the attributes of each page. Line 1 has-normal execution mode and-segregation framework using about-page and access information framework settings-6-This paper silver scale is applicable to China @ 家 标准 (CNS) M specification (21G χ 297 公 |] 526416 A7 B7 V. Description of the invention (4) The access transaction contains access information, such as the physical address of the memory to be accessed. The framework setting provides information about the memory page involved in the access transaction. The The architecture setting includes the attributes of the page, which defines the page as isolated or non-isolated, and establishes an execution mode character when the processor is set in an isolated execution mode. In a specific embodiment, the execution mode word The element is a single bit, which means that if the processor is in the isolated execution mode. An access check circuit coupled to the architecture storage uses at least one of the architecture settings and the access information to check the access transaction. In a specific embodiment, the access check circuit includes a TLB access check circuit. The TLB access check circuit generates an access consent signal when the access transaction is valid. In particular, such as If the attribute of the page is set to be isolated and the execution mode character signal is established, the TLB access check circuit generates an access consent signal to the isolated area of the memory. Therefore, when a processor requests the memory In the case of a physical address in an isolated area, the access transaction can be approved only when the processor operates in the isolated execution mode and the attribute of the page regarding the physical address is set to isolated. In the following description, many details are provided for the purpose of explanation to provide a complete understanding of the present invention. However, those skilled in the art will appreciate that 'these specific details are not necessary to implement the present invention. In other cases The well-known electronic structure and circuit are shown in the form of block diagrams so as not to confuse the present invention. The architecture overview provides the principle of the security of computer systems or platforms as the concept of an isolated execution structure. The isolated execution structure includes hardware and software Logic and entity of the components The paper size applies to China National Standard (CNS) A4 (210 X 297 mm)

5. Description of the invention (5 A7 B7 疋 我 'It can directly or indirectly interact with the operating system of the computer system or platform =. An operating system, system and processor can have several levels of architecture, called Rings 'correspond to different modes of operation. Rings are logical divisions of hardware or software components' and are designed to perform tasks unique to the operating system. The divisions are basically based on privilege levels or hierarchies, that is, the ability to change platforms For example, ring -0 is the innermost ring, which is the highest level of the architecture. ¥-0 contains the most critical and privileged components. In addition, the modules in ring_〇 also have less access. Privileged data, but not the other way around. Ring_3 is the outermost 5th, which is the lowest level of the architecture. Ring_3 basically contains the user or application level, and has the least privilege. Ring U and ring_ 2 Representing the middle ring, its security and / or protection gradually decreases. Figure 1A shows a logical operating structure 50 according to a specific embodiment of the present invention. The logical operating structure 50 is the essence of an operating system and the processor element. The logic The operation structure 50 includes a ring 10, a ring 20, a ring 2 30, a ring 3 40, and a processor core loader 52. The processor core loader 52 is executed by a processor (PE ) Manager instance. The pE manager is used to manage a processor execution (PE), which will be discussed later. The logical operation structure 50 has two modes of operation: normal execution mode and isolated execution mode. Each in The rings in the logical operation structure 50 operate in two modes. The processor core loader 52 only operates in the isolated execution mode. The ring-0 10 contains two parts: a normal execution ring-〇 丨 丨 and isolation Execution ring-0 15. The normal execution ring-〇11 contains software modules, which are the key to the operating system, and are often called kernels. These software modules include the main operating system (such as the kernel) 12, software Driver 13, and hardware driver-8- This paper size applies to China National Standard (CNS) A4 (210X 297mm) 526416

14. The isolated execution loop- 15 includes an operating system (OS) core 16 and a processing core 18. The OS core 16 and the processor core 18 are instances of a 103 execution (OSE) and a processor execution (pE), respectively. That. This is part of an implementation entity operating in a protected environment with respect to an isolated area and the isolated execution mode. The processor core loader 52 is a 1-compliant boot loader code included in the system chip, and is loaded by the processor or chipset into the processor core 18 to an isolated area. , Which will be explained later. Similarly, ring-1 20, ring-2 30, and ring-3 40 respectively include the normal execution 5a-1 21 'ring-2 31, ring-3 41, and the isolated execution ring ― 丨 25, ring 35, and soil- 3 45. In particular, the normal execution loop_3 contains 1 ^ applications A 'to 42N' and the isolated execution loop 3 contains κ applets 461 to 4 cores. The concept of an isolated execution structure is to create an isolated area in the system memory, called an isolated area, which is simultaneously protected by the processor and chipset in the computer system. This isolated area can also be located in cache memory, which is protected by a translation look-aside buffer (TLB) access check. Moreover, the isolated area can be further divided into multiple isolated memory areas, as described below. Access to this isolated area is allowed only by the processor's front side bus (FSB), which uses a special bus (such as memory read and write) cycle, which is called an isolated read and write cycle . This special bus cycle can also be used for probing. The isolated read and write cycles are performed by a processor executing in an isolated execution mode. The isolated execution mode uses a privileged command in the processor to initialize ' which is incorporated into the processor core loader 52. The processor core loader 52 verifies and loads a ring of _ core software modules (such as L_____-9 _ ϋ Zhang scales are applicable to China National Standards (CNS) see grid (21〇297297) ---- 526416 A7 _____ B7 V. Description of the invention (7) The processor core 18) to the isolation area. The processor core 18 provides hardware related services for isolated execution. One of the tasks of the processor core 18 is to verify and load the ring_003 core 16 into the isolated area, and generate the combination of the processor core 8 and the operating system core 16 as the only key The root of the architecture. The processor core 18 provides the initial setting and low-level management of the isolated area, which includes the authentication, loading, and login of the operating system core 16 and the symmetric keys of the machine education used to protect the operating system core. management. The processor core 18 can also provide the low-level security services provided by the essence of the application programming interface (API) to other hardware. The operating system core 16 provides services linked to the main OS 12 (such as the unprotected section of the operating system), provides page management in the isolated area, and is responsible for loading the ring-3 application module 45 Contains applets 46 to 46κ, to protected pages configured in this quarantine area. The operating system core 16 can also be loaded with ring-0 support modules. As described below, the main OS 12 management page is located outside the quarantine area. The operating system core 16 can be selected to support data page operations between the quarantine area and general (such as non-quarantine) memory. If so, the operating system core 16 is also responsible for encrypting and mixing the pages of the isolated area before retrieving the pages to general memory, and checking the contents of the page when returning the page. The isolation mode applets 46! To 46κ and their data are to prevent from other applets, and from non-isolated space applications (such as 42 ^ »] 42N), dynamic link libraries (DLLs), drivers, and even the main Intrusion and monitoring of all software attacks on operating system 12. Only this processor core j 8 -10-This paper size applies to China National Standard (CNS) A4 (210 X 297 mm) 526416

Or the operating system core 16 can interfere with or monitor the execution of the applet. Fig. 1B is not the accessibility of different components in the operating system and the process according to a specific embodiment of the present invention. For illustrative purposes, only the elements of Ring · 10 and 5-3-40 are shown. Different elements in the logical operation structure 50 access an accessible physical memory 4 according to its architecture and execution mode. The accessible physical memory 60 includes an isolated area 70 and a non- Isolation area 80. The child isolation area 70 includes an applet page 72 and a core page 74. The non-isolated area 80 includes an application page 82 and an operating system page material. The isolated area 70 can only access components of the operating system and the processor operating in the isolated execution mode. The non-isolated area 80 has access to all components of the ring operating system and processor. The normal execution loop n includes a main OSS 12, a software driver 13 and a hardware driver 14, which can access the OSS page 84 and the application page 82. The normal execution loop-3, which contains applications 421 to 4%, can only access the application page 82. However, the normal execution ring u and ring 41 cannot access the isolation region 70. The isolated execution ring-〇15 includes the OSS core 16 and the processor core 18 ′, which can access the isolated area 70 containing the applet page 72 and the core page 74, and contains the application page 82 and 〇s. Non-isolated area 80 of page 84. The isolated execution ring _3 45, which contains applets 461 to 4 hearts, can only be accessed to the application page 82 and applet page 72. The applet 46 ^ ·] 46κ is located in the isolated area 70. FIG. 1C is similar to FIG. 1B, which is a specific implementation according to the present invention: __-11-This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm)

Binding Xin 526416 V. Description of the invention (= 1 accessibility of different components in the pan operating system and the processor, in which the ^ away from the memory area of the body 70 〇F eight '非 non-η multi-isolated memory by the knife The body region 71 and the memory region 80 are divided into multiple non-isolated memory regions. For illustrative purposes, only the elements of ring-010 and ring-340 are shown. Different elements in the construction 50 are based on their rings. Architecture and the execution mode =! An accessible physical memory 60. The accessible physical memory also has multiple isolated areas 71 and multiple non-isolated areas M. / Multiple isolated areas 71 include a small program page 72 and an operating system (〇s) Core page 4 One of the isolated areas 71 also contains the processor core 18 (and the processor execution (PE)), which is contained in the processor core page 73. The multiple non-isolated area 83 contains Application page 82 and operating system (0s) page material. Many heavily-isolated areas 71 can only access the components that operate in the isolated execution mode, hands, and processors. The non-isolated area 83 is accessible All elements to the ring-0 operating system and processor In the specific embodiment shown in FIG. 1C, the isolated memory region 70 is divided into a plurality of multiple isolated memory regions 71, which allows the function of the platform to be increased when the isolated memory is used. A single block of the isolated memory region 70 shown. To support multiple isolated memory regions 71, the OS core 16 (ie, the OS execution (0SE)) is included in the core page 74, which contains a page manager 75 And a memory ownership page table 77. The 0s core controls the page manager 75. The page manager 75 is responsible for allocating pages to multiple isolated memory areas 71, such as OS core page 74 and applet page 72, and allocation Go to the non-isolated memory area 83, such as 0s page 84 and application page 82. The page manager 75 also manages and maintains the memory. This paper size applies the Chinese National Standard (CNS) A4 specification (210X297). Binding 526416 A7 I—_ B7 V. Description of the invention (10) Authorized page table 77. As described below, the memory ownership page table 77 describes each page and is used to assist a processor to set the memory. Fetch the transaction and further verify that the access transaction is valid. By allowing the page manager 75 to generate multiple isolated memory regions 71 and multiple non-isolated memory regions 83, the accessible physical memory 60 can be made easier To accommodate changes in system memory requirements. The normal execution loop-〇11 contains the main OSS 12, model driver 13 and hardware driver 14, which can simultaneously access the OSS page 84 and the application page 82. The The normal execution ring-3, which contains applications 42 to 42N, can only access the application page 82. However, the normal execution ring _ 〇 丨 丨 and ring_ 3 41 cannot access the multiple isolated memory area 71 . The isolated execution ring-015, which includes OSS core 16 and processor core 18, can simultaneously access the multiple isolated memory area 71 including the applet page 72 and the OSS core page 74, and contains the The multiple non-isolated memory regions 83 of the application page 82 and the os page 84. The isolated execution ring _ 3 45 includes the small red style 46! To 46κ ′, which can only access the application page 82 and the applet page 72. The children 46! To 46 & are located in the multiple isolated memory area 71. FIG. 1D is a flowchart of a process 86 for allocating memory pages to isolate execution in accordance with one embodiment of the present invention. At the beginning, the process 86 allocates memory pages to different areas of the accessible physical memory 60 (block 87). This page is allocated to both the isolated area 71 and the non-isolated area 83. In a preferred embodiment, the taxi size of the page is fixed. For example, each page can be 4μβ * 4κβ. In turn, the child process 86 assigns an attribute to each page (block 88). The processing

526416 A7 B7 V. Description of the invention ("86 specifies-isolated attributes to a page, if the page is allocated to an isolated area of memory, or the processing 86 specifies-non-isolated attributes to-page 'if If the child page is allocated to a non-isolated area of the memory. Then the process 86 is aborted. FIG. 1E shows the memory ownership page table 77 and converts a virtual address to The processing of a physical address. As mentioned earlier, the page manager 75 manages the memory ownership page table 77. The memory ownership page table 77 contains a plurality of page table entries%. Each page table entry 93 contains The following components: the basis of the page% and an attribute 96 (isolated or non-isolated) of the page. Only page managers can change the attribute 96 assigned to a page. Each page. Face% contains a plurality of physical bits Address 99. The page manager 75 clears the memory ownership page table 77, or invalidates a page table entry% when the isolated and non-isolated memory area changes. Then the page manager 75 re-points And initialize the isolated and non-isolated memory area. A virtual address 212 includes a page table element 91 and an offset 92. The process of converting the virtual address 2 12 to the physical address 99 will be explained later. Figure 1F shows a computer system 100, in which a specific embodiment of the present invention can be implemented. The computer system 100 includes a processor 丨 i 〇, a main bus 120, and a memory controller hub (MCH) 13 〇, a system memory 140, an input / output controller hub (ICH) 15〇, a non-volatile memory, or the system flash 160, a mass storage device 170, an input / output device 175, or a tag bus Row 18, a motherboard (MB) mark 182, a reader 184, and a mark 186. The MCH 130 can be integrated into μ-14.-This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 public love) Binding 526416 A7 B7 V. Description (12) Group, which integrates multiple functions, such as isolated execution mode, host to peripheral bus interface, memory control. Similarly, the ICH 150 can also be integrated together To a chipset, or standalone The MCH 130 performs I / O functions. For clarity, not all peripheral buses are shown. It may be noted that the system 100 may also include peripheral buses, such as peripheral component interconnect (PCI), accelerated graphics port (AGP), Industry Standard Architecture (ISA) bus, and Universal Serial Bus (USB), etc. The processor 110 represents a central processing unit of any kind of structure, such as a complex instruction set computer (CISC), a reduced instruction set Computer (RISC), extended instruction character (VLIW), or composite structure. In a specific embodiment, the processor 110 is compatible with Intel Architecture (IA) processors, such as the Pentium ™ system, J, IA-32 ™ and IA-64 ™. The processor 110 includes a normal execution mode 112 and an isolated execution circuit 115. The normal execution mode 112 is a mode in which the processor 110 operates in an unprotected environment, or a normal environment without the security features provided by the isolated execution mode. The isolated execution circuit 115 provides a mechanism to allow the processor 110 to operate in an isolated execution mode. The isolated execution circuit 115 provides hardware and software support for the isolated execution mode. This support includes the settings for isolated execution, the definition of an isolated area or multiple isolated areas, the definition of isolated instructions (such as decoding and execution), the generation of isolated access bus cycles, and the generation of isolated mode interrupts. In a specific embodiment, the computer system 100 may be a single processor system, such as a desktop computer, which has only one main central processing unit, such as the processor 110. In other specific embodiments, the computer system 100 may include -15- This paper size is applicable to China National Standard (CNS) A4 (210 X 297 mm)

526416 A7 --------- B7 V. Description of the invention Y 13) — ~ --- Contains multiple processors, such as processors u〇, u〇a, u〇b, etc. as shown in Figure 10 . Therefore, the computer system 100 may be a multi-processor computer system having any number of processors. For example, the multi-processor computer system ιο may be part of a server or workstation environment. The basic description and operation of the processor is described in detail below. Those skilled in the art can understand that the basic description and operation of the processor 110 are applied to the processor 110a and 11ob shown in FIG. 1D. JL can use any number according to the embodiment of the present invention. The other processors in the multi-processor computer system 100 may also have multiple logical processors. A logical processor, sometimes called a thread, is a function sheet 7L in a physical processor configured with a structural state and physical resources according to some segmentation strategies. In the context of the present invention, the terms, thread, and, logical processor, are used to represent the same object. A multithreaded processor is a processor with multiple threads or multiple logical processors. A multi-processor system (for example, the system includes processors 110, 110a, and 110b) may have multiple multi-threaded processors. The King Bus 120 provides an interface signal to allow the processor 10 or 110a and 110b to communicate with other processors or devices, such as MCH 130. In addition to the normal mode, the main bus provides an isolated access bus mode. When the processor 11 is set in the isolated execution mode, it has interface signals corresponding to the memory read and write cycles. The isolated access bus mode is that when the processor is in the isolated execution mode, it is advocated at the beginning of memory access. The isolated access bus mode is also Wang Zhang's instruction pre-calibration and cache write-back cycle. If the address is a bit

526416 A7 One One __ B7____ 5. Description of the invention (14) The address range in the isolated area and the processor 11 〇 started in isolated execution mode. The processor 110 responds to a cached address in the cache area within the address range of the isolated area. If the isolated access bus is established in Yuguo, and the processor 110 is initialized to the Isolated execution mode. The MCH 130 provides control and settings of memory and input / output devices, such as system memory 140 and ICH 150. The MCH 130 provides an interface circuit to identify and service the isolated access master on the memory reference bus cycle, which includes isolated memory read and write cycles. In addition, the MCH 130 has a memory range register (such as a base and length register) to represent the isolated region or multiple isolated regions in the system memory 140. Once set, the MCH 130 relinquishes any access to an isolated area that does not have an isolated access bus mode. The system memory 140 stores system codes and data. The system memory 14 is basically implemented by a dynamic random access memory (DRAM) or a static random access memory (SRAM). The system memory 140 includes an accessible physical memory 60 (as shown in FIGS. 1B and 1C). The accessible physical memory includes a loaded operating system 142, the isolated area 70 (Figure 1B) or multiple isolated areas 71 (Figure 1C), and an isolated control and state space 148. The loaded operating system 14 2 is the part of the operating system loaded into the memory 1 14 of the system 1. The loaded OS 142 is basically loaded by a mass storage device through some boot codes in a boot storage, such as boot read-only memory (ROM). The isolated region 70 (FIG. 1B) or multiple isolated regions 71 (FIG. 1C) are memory regions defined by the processor 110 when operating in an isolated execution mode. Access to this isolated area is restricted by the processor u〇 -17- This paper size applies Chinese National Standard (CNS) A4 specifications (210X297 mm) 526416 A7 B7

And / or MCH 130, or other chipset integrated into the function of the isolated area. The isolated control and status space 148 is a similar input / output (I / O), and an independent address space defined by the processor 11 and / SMCH no. The isolated control and state space 148 mainly contains the isolated execution control and state register. The isolated control and state space does not overlap any existing address space and is accessed using the isolated bus cycle. The system memory 140 may also include other programs or data not shown. The ICH 150 represents a known single point in a system with isolated execution functions. For clarity, only one ICH 15o is shown. The system 100 can carry many ICH similar to ICH 150. When there are multiple ICHs, a certain ICH is selected to control the isolated regional settings and status. In a concrete example, this selection is performed by an external binding pin. As is well known to those skilled in the art, other selection methods may be used, including the use of a programmable register. The ICH 150 has a number of functions that can be designed to support an isolated execution mode in addition to traditional I / O functions. In particular, the 150 includes an isolated bus cycle interface 152, a processor core loader 52 (as shown in Figure 1A), a digest memory 154, an encryption key 値 storage 155, and an isolated execution logic processing Manager 156, and a marker furnace interface 159. Don't w / Chenghu The isolated bus cycle interface 152 includes a circuit to connect to the isolated bus cycle, to identify and service the isolated bus, such as the isolated read and write bus cycles. The processor core loader is shown in FIG. 1A, which includes a processor core load code and its excerpts (2). The processor core loader 52 is implemented by-proper isolation;

Binding

-18- 526416 A7 _______ B7 ._ 5. The description of the invention (16) order (such as Iso-Init) is used and transmitted to the isolation area 70 or one of the isolation areas 71. From the isolation area, the processor core loader 52 is flashed by the system (such as the processor core code 18 in the non-volatile memory 160) to copy the processor core 18 to the isolation area 70, verify and log in to it. Integrated and manages a symmetric key to protect the confidentiality of the processor core. In a specific embodiment, the processor core loader 52 is implemented in read-only memory (R 0 M). For security purposes, the processor core loader 52 is immutable, tamper-resistant and irreplaceable. The summary memory 154 is basically implemented in RAM, which stores the summary (such as jumble) of the loaded processor core 18 値 'the operating system core 16 and any other key loaded into the isolated execution space Module (such as the ring-〇 module). The encryption key storage 155 maintains a symmetric encryption / decryption key 値, which is unique to the platform of the 泫 system 100. In a specific embodiment, the encryption key store 155 includes an internal fuse, which is programmed at the time of manufacture. In addition, the encryption key storage 155 can also be generated by a random number generator and a binding pin. The isolated execution logic processing manager 156 manages the operations of the logical processors operating in the isolated execution mode. In a specific embodiment, the isolated execution logic processing manager 156 includes a logical processor count register that tracks the number of logical processors participating in the isolated execution mode. The marker bus interface 159 is connected to the marker bus 180. The combination of the processor core loader digest, processor core summary, operating system core summary, and additional abstracts as needed represent the overall execution summary, called the isolation summary. The abstract of the isolation is a fingerprint to identify the ring_0 code that controls the execution setting and operation of the isolation. The quarantine summary is used for -19- 526416 A7 B7 V. Invention Description (17) confirms or proves the current status of quarantine execution. The non-volatile memory 160 stores non-volatile information. Basically, the non-volatile memory 160 is implemented in flash memory. The non-volatile memory 16 includes the processor core 18. The processor core 18 provides the initial setting and low-level management of the isolated area (in the system memory 14), which includes the authentication, loading and login of the operating system core, and protection of the operating system. Core's confidential symmetric key management. The processor core 18 also provides the essence of an application programming interface (API) for low-level security services provided by other hardware. The processor core 18 may also be distributed by an original equipment manufacturer (OEM) or an operating system manufacturer (OSV) through a boot disk. The mass storage device 170 stores filed information, such as code (such as processor core 18), programs, files, data, applications (such as applications 42 to 42N), applets (such as applets 46! To 46κ), and operating systems. . The mass storage device 170 may include a compact disk (CD ROM) 172, a floppy disk 174, and a hard disk 176 'and any other magnetic or optical storage device. The mass storage device 170 provides a mechanism to read machine-readable media. The I / O device 175 may include any I / O device to perform I / O functions. Examples of device 175 include controllers for input devices (such as keyboard, mouse, trackball 'pointing device), media cards (such as sound, video, margin maps), network cards, and any other peripheral controllers . The tag bus 180 provides an interface between the ICH 150 and different tags in the system. A device labeled as performing a dedicated input / output function with a security function. The characteristics of a mark are similar to those of a smart card, which contains up to -20- This paper size applies to China National Standard (CNS) A4 specification (210X297 mm)

Installation 526416 A7 B7 V. Description of the invention (18) One pair of public / private keys for reserved purposes and the ability to sign with private keys. Examples of tags connected to the tag bus 180 include a motherboard tag 1 82, a tag reader 84, and other portable tags 186 (such as a smart card). The tag bus interface ι59 in ICH 15〇 is connected to the ICH 15 through the tag bus 180, and guarantees that when an instruction is accepted to verify the status of the isolation execution, the corresponding tag (such as the host tag 1 82 ' Biaoer 1 86) Only effective quarantine summary information is signed. For security purposes, the tag must be connected to the digest memory. When implemented in software, the elements of the invention are the code segments that perform the necessary work. Programs or code segments can be stored in a machine-readable medium, such as a processor-readable medium, or transmitted by computer data signals contained in a carrier wave, or modulated by a carrier on a transmission medium. signal. This process is called “retrieving media” and may include any media that can store or transmit information. Examples of the processor-readable media include an electronic circuit, a semiconductor memory device, a ROM, a flash memory, and an erasable media. Except Programmable ROM (EPROM), a floppy disk, a CD ROM, an optical disk, a hard disk, a fiber optic media, a radio frequency (RF) link, etc. The computer data signal can include any transmission Signals on the transmission media, such as electronic network channels, optical fibers, airspace, electromagnetic waves, RF bonds, etc. The code segments can be downloaded through computer networks, such as the Internet, intranets, etc. Implemented in isolation Controlling access to multiple isolated memories in an environment The present invention is an announcement in an isolated execution environment | access to multiple isolated memories in Brother A's inspection: Wanfa 'device and system, as shown in Figure lc. Figure 2A Shown according to the present invention-specific: r example and shown in Figure 1? Isolated execution circuit η 5. The paper size suitable financial @ S 家 标准 (CNS) 城 格 -21-526416 A7 B7 V. Description of the invention ( 19) Isolated execution circuit 115 includes a core The execution circuit 205, an access manager 220 and a cache memory manager 230. The core execution unit 205 includes an instruction decoder and execution unit 210, and a translation look-aside buffer (TLB) 218. The instruction decodes The decoder and execution unit 2 10 receives an instruction stream 215 from an instruction correction unit. The instruction stream 215 contains some instructions. The instruction decoder and execution unit 210 decodes the instruction and executes the decoded instruction. These instructions can be located at micro- or macro-level. The instruction decoder and execution unit 210 may be a physical circuit, or an extraction of instruction decoding and execution processing. In addition, the instruction may include isolated instructions and non-isolated instructions. The instruction decoder and execution Unit 210 generates a virtual address 212 when it has an access transaction. The TLB 218 translates the virtual address 212 to a physical address 99. The TLB 218 contains a cache of the memory ownership page table (MOPT) 77 219. The TLB 2 18 first looks at the cache 219 to find the physical address, which can be registered with the virtual address 212 and a related page table. If the physical address is not in the cache 219 The Ding 1 ^ 218 searches 1 ^ 0? Ding 77 itself. The Ding 1 ^ 218 uses the basis of the MOPT 221 to search for the physical address. See also FIG. 1E, which uses the basis of the MOPT 221 and the virtual address. Beginning with the page table element 91 of 212, the TLB 21 8 searches for the page table entry 93 of the virtual address 212. As mentioned earlier, each page table entry 93 contains the basis of the page 95 and the attributes of the page 96 (isolated or Non-isolated). Using the base 95 of the page and the offset element 92 of the virtual address, the TLB 218 can look for the physical address 99 of the virtual address. It must be understood that the use of TLB to translate virtual addresses to physical addresses is well known in the art. As described later, this page -22-This paper size applies to China National Standard (CNS) A4 (210X297 mm)

Equipment • Line 526416 A7 B7 V. Description of the invention (20) — The attribute 96 (isolated or non-isolated) is important in setting an access transaction to be executed in isolation. Referring again to FIG. 2A, the core execution circuit 205 forms an interface with the access manager 220 through the control / state information 222 'operator 224' and the access information 226. The control / status information 222 includes control bits to manipulate different elements in the isolated bus cycle generator 220, and status data from the access manager 220. The operator 224 contains data to be written or read by the access manager 220. The access information 226 contains address information (such as the physical address provided by the TLB 2 18), read / write, and access type information 0 The access manager 220 receives and provides the control / status information 222 It receives and provides operator 224 information, receives access information 226 from the core execution circuit 205, as a result of instruction execution, receives a cache access signal 235 (such as a cache collision) and from the cache Take a property 96 (isolated or non-isolated) of the memory manager 23. The access manager 220 also receives an external isolated access signal 278 and a front side bus (FSB) address information signal 228 from other processors in the system. The external isolated access signal 278 is asserted when another processor in the system attempts to access one of the isolated memory regions. The access manager 220 generates an isolated access signal 272, an access consent signal 274, and a processor probe access signal 276. The isolated access number 272 can be used to generate an isolated bus cycle 23, which is transmitted to a device (such as a chipset) external to the processor 110 to represent that the processor 11 is executing an instruction in an isolated mode. The processor probe access signal 276 can be used by other devices or chipsets to determine whether a probe access is a hit or -23-

526416 A7 _________B7 ___ 5. Explanation of the invention (21) Missed. The isolated access signal 2 7 2, the access Tongsi k number 2 7 4 ′, and the processor probe access signal 276 may also be used by the processor 110 to control and monitor other isolated or non-isolated activities. The cache memory manager 230 receives the access information 226 from the core execution circuit 205, and generates the cache access signal 235 to the access manager 22 °. The cache memory manager 230 includes a cache The memory 232 is used to store cache information and other circuits to manage cache transactions, which is well known to those skilled in the art. The cache access signal 235 represents the result of the cache access. In a specific embodiment, the cache access signal 2 3 5 is a cache hit #shout 'which is asserted when there is a cache hit from a cache access. Fig. 2B shows an access manager shown in Fig. 2a according to a specific embodiment of the present invention. The access manager 22 includes a setting memory 25 and an access check circuit 270. The access manager 220 exchanges the operator 224 with the core execution circuit 205 shown in FIG. 2 and receives the access information 226 transmitted therefrom. The operator 224 information contains the attribute% (isolated or non-isolated) of the page about the physical address 99. The access manager 22 also receives a cache access signal 235 from the cache manager 230, an external isolated access signal 278, and FSB address information 228 from another processor shown in FIG. 2A. The access manager 220 further receives attributes 96 (quarantine or non-quarantine) from the cache manager 230. This attribute is based on each cache line. The access information 226 includes a physical address 99, a read / write (rd / wr #) signal 284, and an access type 286. The access information 226 is generated during the processor T access transaction. The access type 286 represents the type of access, which includes a memory reference, an input / output (1/0) reference, and a

526416 A7 B7 5. Description of the Invention (22) Logical processor access. The logical processor access includes a logical processor going green to an isolated enable state, and a logical processor exiting from an isolated enable state. The setting storage 250 includes setting parameters for setting an access transaction generated by the processor 110. The processor 110 has a normal execution mode and an isolated execution mode. The access transaction has access information. The setting stores 205 and receives the information of the operator 224 from the instruction decoder and the execution unit 210 (Fig. 2A). The setting storage 250 includes an attribute register of a page 251 and a processor control register 252. The attribute register 251 contains an attribute 96 for a page set as an isolated or non-isolated combination of physical addresses. The processor control register 252 includes an execution mode character 253. The execution mode character 253 is asserted when the processor 110 is set in the isolated execution mode. In a specific embodiment, the execution mode character 253 is a single bit, which represents whether the processor 110 is in the isolated execution mode. The access check circuit 270 uses at least one of the setting parameters (such as the execution mode character 253 and the attribute 96) and the access information 226 to check the access transaction. The access check circuit 270 uses at least one of the parameters in the setting storage 250, the access information 226 in the transaction generated by the processor 110, and one of the FSB address information 228 to generate the processor isolation. The access signal 272, the access consent signal 274, and the processor probe the access signal 276. The FSB address information 228 is basically provided by another processor and probed at the FSB. The isolated access signal 272 is asserted when the processor 110 is set in the isolated execution mode. The access consent signal 274 is used to indicate that an access has been granted. The processor probes and accesses -25- This paper size applies to China National Standard (CNS) A4 (210X297 mm)

Installation 526416 A7 B7 V. Description of Invention (23) The signal 276 is used to determine whether an access from another processor caused a hit or miss. Figure 3A shows an access check circuit 270 according to an embodiment of the present invention. The access check circuit 270 includes a TLB access check circuit 310 and an F SB probe check circuit 330. The TLB access check circuit 310 receives the attribute 96 and the execution mode character 253 to generate an access consent signal 274. The access approval signal 274 to the quarantine area is asserted when the attribute 96 is set to quarantine, and the execution mode character 253 is asserted to represent a quarantine access as valid or allowed as set. In a specific embodiment, the TLB access check circuit 310 executes a logic “exclude inverse OR 1 ′ load (: 11 ^ ¥ 心 1 ^ 〇1 *) operation. Therefore, when a processor requests an isolated area At the physical address, the access transaction can be approved only when the processor is operating in an isolated execution mode and the page attribute about the physical address is set to be isolated. The FSB probe check circuit 330 executes a similar Function in the TLB access check circuit 310. The FSB probe check circuit 330 generates the processor probe access signal 276 by synthesizing the cache access signal 235, the external isolated access signal 278, and the attribute 96. The The FSB probe inspection circuit 330 includes a first synthesizer 342 and a second synthesizer 344. The first synthesizer 342 receives an attribute 96 (isolated or non-isolated) of the line to be probed, which is from the cache memory Manager 230, and an externally isolated access signal 278 from another processor performing the probe. This attribute is based on each cache line. In a specific embodiment, the first synthesizer 342 executes a logic '' Exclude anti-OR '' ( Exclusive-Nor) operation. The second synthesizer 344 synthesizes the -26th-this paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm)

V. Invention description (24: The result of Chengluo 342 and the cache access signal 235 (such as cache life). In a specific embodiment, the second synthesizer 344 executes a logic = ND operation difference Therefore, a processor can only probe out the line of = processor from the —isolated area. When the probe processor operates in the isolated execution mode, the page property is set to isolated and has a fast When hitting. Only when these conditions are met, the access transaction can be approved, and the processor probe access signal 276 can be generated for an isolated area. = FSB probe check circuit 33. Guaranteed in multiprocessor systems The proper function of the system is that when not all processors are initialized for access to isolated memory areas. The X-NOR element 342 ensures that a probe hit will only occur from processors that have allowed isolated access. If the processor is not involved in the access to the isolated memory region, it will not be able to probe the line of another processor, which is involved in access to the isolated memory region. Similarly, one has been enabled The processor for isolated access will Will inadvertently probe the line of another processor that is still enabled. The processor probe access signal 276 is asserted for an isolated area, representing an access hit, when the cache access signal 235 is asserted , Represents a cache hit, and when the externally isolated access signal 278 is asserted, the attribute 96 is set to be isolated. Figure 3B does not show the access check private circuit 270 according to another embodiment of the present invention. Coming and processing logical processor operation. The access check circuit wo includes a logical processor manager 360. A solid processor may have some logical processors. Each logical processor may enter or leave an isolated processor state, It is called logical processor memory 526416 A7 B7. Fifth, the invention description (25). A logical processor access is basically generated when the corresponding logical processor executes an isolated instruction, such as an isolated input ( iso_enter) and iso_exit. The logical processor manager 360 manages a logical processor operation caused by the logical processor access. Basically, the logical processing The manager 360 continuously tracks the number of enabled logical processors in the processor. The logical processor manager 360 includes a logical processor register 370, a logical processor state enabler 382, and a logical processor update 380, a minimum detector 374, and a maximum detector 376. The logical processor register 370 stores a logical processor count 372 to represent the number of currently enabled logical processors. The logical processor The state enabler 382 enables a logical processor state when the logical processor access is valid. The logical processor updater 380 updates the logical processor count 372 according to the logical processor access. The logical processor updater 380 is enabled by the enabled logical processor state. In a specific embodiment, the logical processor register 370 and the logical processor updater 380 are implemented as an up / down counter that can be enabled. The minimum detector 374 determines whether the logical processor count 372 is equal to a minimum logical processor count (e.g., zero). The maximum detector 376 determines whether the logical processor count 372 exceeds a maximum logical processor count. The maximum number of logical processors represents the maximum number of logical processors supported by the processor 110 in the isolated execution mode. The logical processor updater 380 initializes the logical processor register 370 upon system reset. The logical processor updater 380 updates the logical -28 in the first direction (such as increasing) when the access transaction corresponds to the logical processor login.-This paper size applies the Chinese National Standard (CNS) A4 specification (210X297 (Mm) 526416 A7 B7 V. Description of Invention (26) Device:,. The logic processor updater 38 updates the logic in the inverse direction, the second direction (such as decreasing) when the access processor, the S logical processor leaves, or a logical processor exits. The processor count 372, the field processor logical processor count 372 is equal to the minimum logical processor time, and the avoidance processor manager 36 causes the processor 11 to clear the cache. U 232 (Figure 2A) '' It restores it here by writing it back to the main memory and the isolation setting register (Figure 2A) from all isolation messages, where the initial condition in the element is stored. When the logical processor count 372 exceeds When a large logical processor is fetched, the logical processor manager 36 causes the processor 110 to generate a failure or error condition because the logical processor's number of hearts exceeds the logical processing that can be supported in the processor. The maximum number of processors. Figure 4 shows a flowchart of a process 400 for generating an isolated access to the same thinking in accordance with an embodiment of the present invention. At the start, the process 400 allocates pages to multiple isolations. Memory area (box 4 10). The process 400 then asserts the execution mode character in the processor control register to set the processor in the isolated execution mode (block 420). The process 400 then receives from a processor Access information for the access transaction (block 425). The access information includes a physical address (as provided by the TLB), an attribute (isolated / non-isolated) of the page, and an access type. Then ' The process 400 determines whether the attribute is set to isolation and the execution mode character is asserted (represented as isolation block 430). If not, the process 400 generates a failure or error condition (block 43 5) and is then Abort. Otherwise, the process 400 asserts the access consent signal (block 440). Then the process 400 is aborted. -29-This paper size applies the Chinese National Standard (CNS) A4 specification (210X297 mm) 526416 A7 B7 V. Description of the Invention (27) FIG. 5 shows a flowchart of a process 500 for managing the operation of a processing logic processor in accordance with a specific embodiment of the present invention. At the time of START, the process 500 can To initialize the logical processor register (block 510). The process 500 then executes a logical processor access instruction (such as iso_enter, iso_exit). The logical processor access instruction asserts the execution mode word Next, the process 500 enables the logical processor state (block 525). Then, the process 500 determines the logical processor access type (block 530). If the logical processor access type is a logical processor Upon logging in, the process 500 updates the logical processor count (eg, increments) in a first direction (block 540). The process 500 then determines whether the logical processor count exceeds the maximum logical processor (block 550). If not, the process 500 proceeds to block 570. Otherwise, the process 500 generates a failure or error condition (block 560) and then aborts. If the logical processor access type is a logical processor leaving or a logical processor exiting, the process 5 00 updates the logical processor count in a second direction (eg, decrementing) opposite to the first direction (block 545) . The process 500 then determines whether the logical processor count is equal to the minimum value (e.g., zero) (block 555). If not, the process 500 proceeds to block 570. Otherwise, the process 500 initializes the cache memory and the isolation setting register from all the isolated information (block 565). The process 500 then determines whether there is a next logical processor access (block 5 70). If there is a next logical processor access, the process 500 returns to block 520 to execute a logical processor access instruction. If there is no more logic -30-This paper size applies the Chinese National Standard (CNS) A4 specification (210X297 mm) 526416 A7 _______B7 _ V. Description of the invention (28) The processor accesses and the processing 500 is aborted. Using a memory controller in an isolated execution environment to control access to multiple isolated memories The above description is about isolated execution processing in the processor 110. The multiple isolated memory area 71 is accessed, as shown in FIG. 1C, which is further controlled by the MCH 130 (FIG. 1F). Please refer to FIG. If, the processor 110 views the MCH 130 as an input / output device mapped to a bit location. In order to access the isolated memory area 70, especially the multiple isolated memory area 71 (FIG. 1C), the processor 110 needs to set the memory settings in sMCH 13. The MCH 130 also includes a control function to allow the processor 110 to simultaneously access the memory 140 in the multiple non-isolated memory area 83 (FIG. 1c). The MCH 130 receives signals from the processor 110 through the main bus 120, such as the isolated access signal or the bus cycle information. In FIG. 1F, the MCH 130 shown is external to the processor U0. However, the MCH 130 may also be included in the processor 110. In this example, the write cycle to the scratchpad in MCH 130 is externalized to allow any external cache to participate in cache consistency. Essentially, the access controller in MCH 130 performs a function similar to the access check circuit 270 in FIG. 38. By maintaining processor 11 and mch ^% access consistency, access memory can be tightly controlled. The access controller in MCh 30 determines whether the access transaction from the processor 110 is valid. If so, the access controller returns an access consent signal to allow the access transaction to be completed. Otherwise, a failure or error condition is generated. In addition, the access controller in MCH 130 also protects any intentional or extraneous -31-

526416

Write to its own settings and control storage. Because the mch is directly connected to the child memory 140, the access controller also provides initialization of the contents of the isolated memory area and its own internal storage during reset. Fig. 6 shows an isolated area controller 135 shown in the memory controller hub (MCH) 130 of Fig. 1 according to a specific embodiment of the present invention. The access controller 135 includes a setting memory 61, a setting controller 64, and an MCH access check circuit 810. The setting storage 610 sets an access transaction generated by the processor 110, as shown in FIG. 1F. The processor 110 has a normal execution mode and an isolated execution mode. The access transaction has access information 66. The access information 66 is carried on the main sink mud row 120 (FIG. 1F), and includes address information and an isolated access state. The address information is represented by a physical address 662. The isolated access state is represented by the isolated access signal 664. The isolated access signal 664 is substantially equal to the processor isolated access signal 272 shown in FIG. 2A. The isolated access signal 664 is asserted when the processor 11 generates a valid reference to one of the multiple isolated memory regions 71 (as shown in FIG. Ic). The setting stores 610 packets of the memory ownership page. Cache 660 for table (mopt) 77. The setting storage 610 executes the query of the physical address 662 in the cache 660 to find the physical address and a related page table to go green. If the physical address is not in the cache 2 19, the setting is stored in 61, that is, the physical address 662 in MOPT 77 (FIG. 1E) is queried by itself. The setting storage 61 uses the basis of the MOPT 221 to query the physical address 662 in the MOPT 77. Referring also to Figure 1E, starting from the basis of the MOPT 221, this setting stores 610 ___-32-This paper size applies the Chinese National Standard (CNS) A4 specification (210X 297 mm) 526416 A7 B7 V. Description of the invention (30) Implementation Lookup in MOPT 77 and look for page table entry 93 about the entity's address 662. The setting store searches the physical address of the page 98 to locate the page table registration 93 about the physical address. Each page table entry 93 contains an attribute 96 (isolated or non-isolated) about the page of the physical address, which is very important for setting the access transaction of the MCH 130. It must be understood that performing a query to a page table to locate an entity address and a related page table registration is well known in the art, and other methods of performing the query are also well known to the person skilled in the art. The setting store 250 also contains setting parameters to set an access transaction generated by the MCH 130. The setting store contains an attribute register 6 11 which contains the attribute 96 of the page about the entity address, which is set to the quarantine or non-quarantine found by the query. As mentioned earlier, the isolated memory area 71 can only be accessed by the processor 110 in the isolated execution mode. The setting controller 640 controls access to the setting storage 610 and provides some control functions to the memory 140. The MCH access check circuit 810 uses the access information 660, the attribute 96, the isolated access signal 664, and the isolated memory priority 736 to generate an access consent signal 652. The access approval signal 652 indicates whether the access transaction is valid. The access permission signal 652 can be used by the processor 110 or other chipset or peripheral device to determine whether the access to the isolated memory area 71 is approved. FIG. 7 shows an MCH access check circuit 810 shown in FIG. 6 according to a specific embodiment of the present invention. The MCH access check circuit 810 is based on the attribute 96 and the isolated access letter -33-This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) 526416 A7 B7 V. Inventive note (31) 664 to generate an access consent signal 652. The access approval signal 652 represents whether the access transaction is valid. The MCH access check circuit 810 receives the attribute 96 and the isolated access signal 664 to generate an access consent signal 652. The access approval signal 652 to the isolation area is asserted when the attribute 96 is set to isolation, and the isolation access signal 664 is asserted to represent that an isolation access is valid, or allowed as set. In a specific embodiment, the MCH access check circuit 810 performs a logic '' exclusive OR 'operation. Therefore, when a processor requests the physical address of an isolated area, the access transaction can only be performed when the processor operates in the isolated execution mode and the attribute of the page about the physical address is set to isolated. Agreed. FIG. 8 shows a process 800 for generating an access consent signal for an MCH isolated implementation according to a specific embodiment of the present invention. At START, the process 800 sets an access transaction for the MCH (block 810). The process 800 then receives the access information from an access transaction (block 820). The access information includes a physical address, an isolated access signal, and attributes of the page (isolated / non-isolated). Next, the process 800 determines whether the attribute is set to be isolated and whether the isolated access signal is being asserted (block 830). If not, the process 800 generates a failure or error condition (block 835) and then aborts. Otherwise, the process 800 asserts the access consent signal (block 840). The process 800 is then aborted. When the invention has been described with reference to specific embodiments, the description is not intended to be limiting. Various modifications of the specific embodiments described in this description, as well as other specific embodiments of the invention, can be understood by those skilled in the invention as falling within the spirit and scope of the invention. -34-This paper size applies to China National Standard (CNS) A4 (210X297 mm)

Claims (1)

526416 A8 B8 C8 D8 patent application No. 090117576 Chinese patent application scope replaces this leap year 丨 month) Patent application scope 1.-A device used to isolate the control to memory access device in the execution environment, which includes: dagger, 1 A mathematician allocates a number of pages to-different areas of the memory, the memory is divided into non-isolated areas and isolated areas, or the page manager is located in an isolated area of the memory; and-memory The ownership page table is located in an isolated area of the memory, and the m memory ownership page table describes each memory page. 2. For a device with a scope of patent application n, in which the page manager assigns an attribute to a page when the page is allocated to an isolated area of the memory. 3. If the device of the scope of patent application No. 2, wherein the page manager assigns a non-isolated attribute to the page when the page is allocated to a non-isolated area of the memory, the memory ownership page table records Properties of each page. 4. If the device of the scope of patent application item 3, further includes a set of storage, which includes a structural setting to set an access transaction generated by a processor having a normal execution mode and an isolated execution mode, the The access transaction has access information; and an access check circuit coupled to the setting store to check an access transaction using at least one of the configuration setting and the access information. 5. The device according to item 4 of the scope of patent application, wherein the structure setting includes a page attribute and an execution mode character. 6 · If the device in the scope of patent application No. 5, wherein the access information includes a physical address and an access type, the access type represents that if the access to this paper size applies the Chinese National Standard (CNS) Α4 specification ( 210X297 mm) 526416 Supplement A8 / 7 B8 I Patent application scope D8 One of memory access, one input / output access and one logic processor access. 7 · If the device is claimed as item 5 of the patent scope, the setting storage is further stored ^ " attribute storage to contain the attributes of a page, which defines the page as isolated or non-isolated. 8. The device according to item 5 of the scope of patent application, wherein the setting storage further includes a processor control register to contain the execution mode character, and the execution branch type character is set when the processor is set in isolation In the execution mode 9 .: The device under the scope of application for patent No. 5 wherein the access check circuit package " D ^ 18 access check circuit to detect whether the attribute of the page is set to be separated by _, and the execution mode The character is asserted, and the access check circuit generates an access consent signal. 10. The device of claim 5 in which the access check circuit is coupled. The FSB sniffer inspection circuit obtained by Jie Shan, the FSB sniffer inspection circuit combines this attribute, an externally isolated access signal from another processor, and a cache access signal. The FSB sniffer inspection circuit generates a processor sniffer access. signal. 11. A memory access method for controlling to multiple isolated memories in an isolated execution environment, comprising: utilizing a page manager to allocate a plurality of pages to a plurality of different areas of a memory, the memory The body is divided into non-isolated area and isolated area, and the page manager is located in the isolated area of memory; and-2-526416, please refer to AB c D patch 2 to interpolate each page of memory. 12. The method according to item 丨 丨 in the scope of patent application, wherein each page describing the memory includes assigning an isolation attribute to a page if the page is allocated to an isolated region of the memory. 13. The method of claim 12, wherein each page describing the memory further includes: if the page is allocated to a non-isolated area of the memory, assign non-isolated attributes to the page; and The attributes of each page are in a memory ownership page table. 14. The method according to item 13 of the scope of patent application, further comprising: setting up an access transaction generated by a processor having a configuration store containing a structural setting, the processor having a normal execution mode and an isolated execution mode, The access transaction has access information; and an access check circuit is used to check the access transaction using at least one of the configuration settings and the access information. 15. The method according to item 14 of the patent application scope, wherein the structure setting includes a page attribute and an execution mode character. 16. The method of claim 15 in which the access information includes a physical address and an access type, and the access type represents that if the access transaction is a memory access, an input / output storage Access one of a logical processor access. 17. The method of claiming item 15 of the patent scope, wherein setting the access transaction further includes: setting the attribute of the page to be segregated or non-segregated; and the paper standard IT Standard (CNS) A4 regulations. (X297 public love) 526416 The attribute is stored in an attribute store in the setting store. 18. The method of claim 5 in claim 5, wherein setting the access transaction further includes claiming the execution mode word stored in a processor control register when the processor is set in the isolated execution mode. yuan. 19. The method according to item 15 of the patent application scope, wherein checking the access transaction includes: detecting whether the attribute of the page is set to quarantine; detecting whether the execution mode character is claimed; and generating an access consent signal . 20. The method of claim 5 in claiming a patent, wherein checking the access transaction includes: combining the attribute, an externally isolated access signal from another processor 'and a cache access signal; and generating a process The device probes the access signal. 21. —A computer program product comprising: a machine-readable medium containing computer code, the computer filial king product includes: a computer-readable code for using a page manager to have multiple pages, respectively To-a plurality of different areas of the memory, the memory is divided into non-isolated areas and isolated areas, the page manager is located in an isolated area of the memory; and computer-readable code to describe the memory Every page. 22 · If the computer program product in the scope of patent application No. 21, which is used to describe-4-526416 A BCD > January, 2010, Cheng Zhizheng supplemented the patent scope 1 of each page of the computer readable program The code includes a computer-readable code for specifying an isolation attribute to a page if the page is allocated to an isolated area of the memory. 23. The computer program product of claim 22, wherein the computer-readable code used to describe each page of the memory further includes: If the page is allocated to a non-isolated area of the memory, Computer readable code for assigning a non-isolated attribute to the page; computer readable code for recording the attributes of each page in a memory ownership page table. 24. The computer program product according to item 23 of the scope of patent application, further comprising: computer-readable code for an access transaction generated by a processor having a configuration storage containing a configuration setting, The processor has a normal execution mode and an isolated execution mode, the access transaction has access information; and a computer for checking the access transaction by an access check circuit using at least one of the configuration settings and the access information Can read code. 25. For the computer program product under the scope of application for patent No. 24, the structure setting includes a page attribute and an execution mode character. 26. For a computer program product under the scope of application for a patent, the access information includes a physical address and an access type. The access type represents that if the access transaction is a memory access, an input / One of output access and a logical processor access. This paper size applies to China National Standard (CNS) A4 (210x 297 mm) A8 B8 C8 D8 526416 6. Scope of patent application 27. For the computer program product with the scope of patent application No. 25, the computer-readable code for setting the access transaction further includes: The attribute used to set the page is The isolated or non-isolated computer can read the code; and used to store the attribute in an attribute store in the setting store. 28. For example, the computer program product with the scope of application for patent No. 25, wherein the computer readable code for setting the access transaction further includes that the processor is set to isolate a processor when it is set in an isolated execution mode. Characters that control the execution mode of the register. 29. If the computer program product of item 25 of the scope of patent application, the electrically readable code for checking the access transaction includes: a computer readable program for detecting whether the attribute of the page is set to be isolated A computer-readable code for detecting whether the execution mode character is claimed; and a computer-readable code for generating an access consent signal. 30. For the computer program product with the scope of application for patent No. 25, the computer-readable code for checking the access transaction includes: Λ is used to combine the attribute and an external isolated access signal from another processor, And a computer-readable code that caches an access signal; and a computer-readable code that generates a processor to probe the access signal. 31. —A memory access system for controlling to multiple isolated memories in an isolated execution environment, including: -6-This paper size applies to the Chinese National Standard (CNS) A4 specification (210 X 297 public directors) A chipset; a memory coupled to the chipset; a processor coupled to the chipset and the memory, the processor having a normal execution mode and an isolated execution mode. /. A page manager under the control of the processor, the page manager allocates a plurality of pages to a plurality of pseudo-different regions of a memory, and the memory is divided into a non-isolated region and an isolated region. The page manager Is located in an isolated area of the memory; and a memory ownership page table is located in an isolated area of the memory, the memory ownership page table describes each memory page. 32. The system of claim 31, wherein the page manager assigns an isolated attribute to a page when the page is allocated to an isolated area of the memory. 33. The system of claim 32, wherein the page manager assigns a non-isolated attribute to the page when the page is allocated to a non-isolated area of the memory, and the memory ownership page table records Properties of each page. 34. The system according to item 33 of the scope of patent application, further comprising: a setting storage, which includes a structure setting to set an access transaction generated by a processor having a normal execution mode and an isolated execution mode, the access The transaction has access information; and an access check circuit coupled to the setting store to check an access transaction using at least one of the configuration setting and the access information. 35. If the system of item 34 of the scope of patent application is applied, the structure setting includes the Chinese paper standard (CNS) A4 specification (210X297 mm) applicable to this paper size. A8 Β8 C8 D8 The scope of the patent application, a page attribute and an execution mode word. yuan. 36. If the system of claim 35 of the patent scope is declared, the access information includes a consistent address and an access type, and the access type represents that if the access is easily a memory access, an input / output One of access and a logical processor access. 37. If the system of the scope of patent application is item No. 1, the setting is stored further, and an attribute is stored to include a page attribute, which defines the page as isolated or non-isolated. 38. The system of claim 35, wherein the setting storage further includes a processor control register to contain the execution mode character. When the processor is set in the isolated execution mode, Be asserted. 39. The system of claim 35, wherein the access check circuit includes a TLB access check circuit to detect whether the attribute of the page is set to be isolated and the execution mode character is claimed, the TLb The access check circuit generates an access consent signal. 40. The system of claim 35, wherein the access check circuit includes an FSB probe check circuit coupled to a cache, and the fsb probe check circuit combines the attribute with external isolated access from another processor Signal, and a cache access signal, the F s B probe check circuit generates a processor probe access signal. -8-This paper size applies to China National Standard (CNS) A4 (210 X 297 mm)