Providing sealed storage in a data processing device

Assignee

• International Business Machines Corporation · US

Inventors

• H. Peter Hofstee · Austin, US
• Kanna Shimizu · Austin, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L2209/80
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Mechanisms that provide a sealed storage in a data processing device are provided. Processors of the data processing device may operate in a hardware isolation mode which allows a process to execute in an isolated environment on a processor and associated memory thereby being protected from access by other elements of the data processing device. In addition, a hardware controlled authentication and decryption mechanism is provided that is based on a hardware core key. These two features are tied together such that authentication occurs every time the isolation mode is entered. Based on the core key, which is only accessible from the hardware when in isolation mode, a chain of trust is generated by providing authentication keys for authenticating a next piece of software in the chain, in each piece of software that must be loaded, starting with the core key.