1. Field
This invention relates to the field of data security. More particularly, the invention relates to an apparatus and method for authenticating code that is stored off-chip.
2. Related Art
Normally, one of the most critical elements for an electronic device is its processor. In general, a processor is an embedded controller that comprises an integrated circuit (IC) including processing logic and on-chip memory. Memory is considered to be xe2x80x9con-chipxe2x80x9d if placed on a die forming the IC. For 32-bit Intel(copyright) microprocessor architectures (e.g., Intel(copyright) IA-32 processors), all architecture functionality is implemented on-chip using a combination of hardware and microcode stored in the on-chip memory.
With the development of 64-bit Intel(copyright) microprocessor architectures (e.g., Intel(copyright) IA-64 processors), some firmware code involving non-performance critical architecture functionality is being considered for off-chip implementation. The use of off-chip firmware code provides a number of advantages.
One advantage is that the current die size constraints associated with IA-32 processors can be maintained or even reduced for subsequent generation technologies. For instance, additional run-time services can be added without increasing the size of the on-chip memory, and hence, the die size of the processor. Another advantage is that the overall performance of the processor can be enhanced. This is due to the fact that a lesser amount of architecture functionality is required to be placed in on-chip memory so that more die area is available for processing logic.
However, the use of off-chip firmware code offers disadvantages as well. For instance, when moving architectural functionality off-chip, the firmware code is more susceptible to corruption and other malicious attacks.
Hence, it would be desirable to develop an electronic system and method of operation which ensure that the firmware code is free from corruption or unauthorized replacement. Also, the electronic system and method would ensure that the firmware code originated from a particular source.
Briefly, one embodiment of the invention relates to an electronic system comprising a memory element to contain firmware and a digital signature of the firmware signed by a signatory. The electronic system further comprises a processor, coupled to the memory element, to authenticate the firmware during a predetermined condition and prior to execution of the firmware through use of a pre-stored public key of the signatory and a pre-stored digital signature function.