Computer processing units (CPUs) may read instructions from a memory and read and write data to the memory in response to the instructions. The result of executing an instruction on given data is entirely predictable in the absence of an error in the CPU. However, it is possible that an error will occur in the CPU or that the data or instruction will be erroneously altered when being transferred between the memory and the CPU. Further the results of executing an instruction may depend on the data presented to the instruction. If unexpected data is presented, it is possible that logical errors in the instruction sequence will produce unexpected and undesirable results. In the extreme, the unexpected data could alter the instructions as stored in memory leading to severely compromised results from the execution of an instruction sequence, particularly if the unexpected data is maliciously introduced.
A computer system, which may include one or more CPUs coupled to one or more memories of various types, may load executable modules into the memory. The executable modules may contain executable instruction sequences, code, and data. The CPU may be instructed to execute the code using the provided data.
In an effort to reduce the susceptibility to unexpected and undesired results from the execution of instruction sequences in an executable module, the executable module may be tested to determine if it is as expected before the CPU is instructed to use the executable module. If the executable module as seen by the CPU does not exactly match what is expected, the results of executing the module become unpredictable. The contents of the executable module may be checked by computing a hash value.
A hash value is a value obtained by combining the contents of the executable module according to a defined logical procedure known as a hash function. The hash function is designed so that the value is highly unique to the contents of the executable module and extremely sensitive to any change in the contents. Further, the hash value may be such that it is extremely difficult to deliberately create content to produce a specific hash value. Thus if the executable module produces the expected hash value, it can be assumed that the module has the expected content with an extremely high degree of confidence.
It may be desirable to re-establish that the executable module is the expected module in a condition that can be executed to predictably produce the expected results. This may be accomplished by recomputing the hash value and checking the hash value obtained against the expected hash value.
If an expected hash value for the executable module was not available when the module was initially loaded, a hash value may be computed and saved at load time. The load time hash value may be used to re-establish the executable module as being in the same condition as on the initial load.
The executable module may contain data that is altered by the expected execution of the instructions. These expected alterations will change the hash value and lead to the determination that the executable module is not in the condition where execution of the module is known to produce the expected and desired results. Thus it may be necessary to reload the executable module to re-establish the condition where execution of the module is known to produce the expected and desired results.
Hashing a loaded executable module image may be part of establishing a trusted execution environment. Changed data within the module image in memory means that any hashing function applied to the module before execution will not have the same result if applied after the module starts executing. This means that in order to re-establish a trusted environment, the module may need to be reloaded from flash memory or disk. The reload processor can be slow and disruptive to other system operations. For example, reloading the image may require execution of an SMI (System Management Interrupt). This may block other system interrupts while the image is loaded and hashed by the SMI handler code.