1. Field of the Invention
This invention relates to computing systems, and more particularly, to controlling access to on-chip features of a processing device.
2. Description of the Relevant Art
A country's bureau of industry and security, in one example, typically sets export regulations based on economic and national security reasons. These regulations may facilitate trade to predetermined reliable foreign customers, while denying access to sensitive technologies to other foreign customers acting contrary to a nation's security and foreign policy interests. One example of sensitive technology is cryptographic processes. Cryptographic processes are used to protect information being sent and code to be executed.
In cryptography, a cipher is a series of well-defined steps, or an algorithm, for performing encryption and decryption. In one embodiment, the encrypting procedure may be varied based on a key—for example, a 128 bit value used during both the encryption and decryption steps. A key may need to be selected before using a cipher to encrypt a message. Without knowledge of the key, it may be difficult, if not nearly impossible, to decrypt the resulting cipher into readable plain text. Block ciphers work on blocks of symbols or data usually of a fixed size, and stream ciphers work on a continuous stream of symbols or data. Some examples of ciphers include Advanced Encryption Standard (AES), Secure Hash Algorithm 1 (SHA1), Rivest, Shamir, and Adleman (RSA); Rivest Cipher 4 (RC4); Message Digest algorithm 5 (MD5); Elliptic Curve Cryptosystem (ECC) algorithm; Data Encryption Standard (DES), and Triple DES (3DES).
Software, or off-chip hardware cards, have been used to execute cipher operations. However, security came at a price as system performance was reduced. Later, on-chip hardware accelerators were utilized to execute cipher operations. Integrated cryptographic acceleration enables applications to run securely without the extra cost of a separate cryptographic processor. In one embodiment, each processor core, or core, of a microprocessor may include both a floating point unit and a cryptographic processing unit separate from an integer execution unit, wherein the cryptographic processing unit provides on-chip cryptographic acceleration. Such a unit may include a modular arithmetic unit (MAU) and a cipher/hash unit (CHU), which facilitates high-speed encryption and decryption by executing in parallel with other processor functions. These cryptographic functions are used in commercial and financial applications and if the cipher is broken, the outcome could be devastating. In addition, it may be desired to restrict the export of these on-chip features for a government's economic, security, or other reasons.
One mechanism for restricting the export of certain on-chip features is to place on-chip hardware acceleration under hypervisor control. The system may be set up to allow only the hypervisor to access to the hardware. In such a case, the hypervisor must export an application programmer's interface (API) that can be used by the operating system and/or user-level applications. For export compliance, a special version, or less feature-enabled version, of the hypervisor is utilized. However, a hypervisor can be hacked. Moreover, due to the overhead in accessing the cryptographic hardware via a hyperprivileged API, it has become desirable to enable direct user-level access of cryptographic acceleration. This can be accomplished by providing user-level instructions, which accelerate a particular cryptographic function.
Another mechanism for restricting access to certain on-chip features is to utilize a fuse array, or a fuse read-only memory (ROM). Laser fuses, electronic fuses (Efuses), and soft fuses are examples of fuse technology used for increasing yield by being programmed to enable a redundant chip block, such as a large static random-access memory (SRAM) in the manufacturing process, but a continued ability to program is not available in the field. For purposes of discussion, the “Efuse” may be used herein to refer to laser, electronic, soft, or other fuse technologies. Typically, a fuse is blown at manufacturing time, and its state generally can't be changed once blown. Fuses may be used to minimize schedule risk and maximize yield. Also, fuses may be used to encode manufacturing information, such as a chip serial number. In addition, fuses may be used to enable certain features, such as cryptographic processes.
However, the fuses may be subsequently bypassed in order to allow for changes to the manufacturing configuration during subsequent testing. The fuses can be bypassed by using the highly available joint test action group (JTAG) interface. Chip-specific JTAG commands can be issued which set bits in a fuse shadow register, which overrides the value of the fuse. Also, it is possible to re-program a fuse array by blowing additional bits in a row, or entry, already programmed. This ability is used during manufacturing to correct mistakes, which invalidates the row due to an incorrect row parity value. Such a row would be discarded by hardware when it reads the fuse array to determine chip configuration. Thus, if a fuse is required to be blown to disable cryptographic access, a fuse entry disabling a cryptographic function could be rendered invalid by programming additional bits in the row.
In addition, a fuse array may allow for multiple rows to be programmed for a same destination or function, with a latter row's values replacing a former row's values. This allows manufacturing to replace an incorrect row with a second correct row without a need to mark the first row as unusable. Such a mechanism allows a fuse to be programmed without regard to ordering the entries. However, an exposure to this mechanism is someone could simply program additional latter rows in order to replace the former rows, which disable a certain cryptographic functionality.
In view of the above, efficient methods and mechanisms for restriction of export controlled features are desired.