The present invention relates to methods and apparatus for providing a secure booting sequence in a processor, and preferably in a multi-processing system.
In recent years, there has been an insatiable desire for faster computer processing data throughputs because cutting-edge computer applications are becoming more and more complex, and are placing ever increasing demands on processing systems. Graphics applications are among those that place the highest demands on a processing system because they require such vast numbers of data accesses, data computations, and data manipulations in relatively short periods of time to achieve desirable visual results. Real-time, multimedia applications also place a high demand on processing systems; indeed, they require extremely fast processing speeds, such as many thousands of megabits of data per second.
While some processing systems employ a single processor to achieve fast processing speeds, others are implemented utilizing multi-processor architectures. In multi-processor systems, a plurality of sub-processors can operate in parallel (or at least in concert) to achieve desired processing results. It has also been contemplated to employ a modular structure in a multi-processing system, where the computing modules are accessible over a broadband network (such as the Internet) and the computing modules may be shared among many users. Details regarding this modular structure may be found in U.S. Pat. No. 6,526,491, the entire disclosure of which is hereby incorporated by reference.
A problem arises, however, when a processing system is used over a network or is part of a shared resource. In particular, the processor and its associated software (such as the boot code) are subject to outside influences such as intentional hacking and the like. A conventional boot-up sequence includes a power-on-reset, importation of configuration data (e.g., initial register data, base address information, etc.) and boot code from a flash ROM, configuration of hardware registers, and booting up the processor. In a multi-processor system, the configuration data and boot code may be shared among a number of processors for initial boot-up. Unfortunately, the boot code is not secure within the flash ROM and a hacker may easily tamper with the configuration data and the boot code prior to boot-up. This can have devastating consequences in a system where sensitive information is being processed. The fact that the boot code may have been tampered with mitigates the effectiveness of any security measures taken after boot up. Indeed, without a secure boot any subsequent security measures cannot be fully trusted. If a hacker tampers with the booting sequence, a subsequent security measure may be usurped.
Accordingly, there are needs in the art for new methods and apparatus for providing secure boot up processes for single and multi-processing systems that ensure a trusted environment from which to launch further security measures.