1. Technical Field
The present invention relates generally to protected operating kernels for data processing systems. Specifically, the present invention is directed to an encrypted operating kernel that is updateable through extensions.
2. Description of the Related Art
Many, if not most, modern operating systems and the hardware platforms that support them provide some form of facility for “memory protection.” Each application is allocated memory by the operating system and must access only those addresses in memory allocated to it. If a process attempts to access memory that is outside of the memory regions allocated to it, the illegal access attempt is detected by the operating system as an error (often called a “protection fault” or “segmentation fault”) and the offending process is terminated before disaster occurs. Memory protection can prevent many system crashes or other destructive behavior caused by software errors or malicious code (“malware”). Another important reason for restricting access to certain memory locations is to prevent proprietary or security-sensitive data or code from being examined by user-level processes, so as to prevent the creation of malware or the reverse engineering or unauthorized copying of proprietary information.
Although memory protection schemes are very useful, particularly for running today's very complex software, the protection schemes themselves increase the complexity of the computing hardware and the operating systems it supports. In some applications, this added complexity is highly undesirable. For example, a processor intended for high-end multimedia or real-time computationally intensive applications may have multiple specialized processor cores (such as specialized vector processing cores) on a single chip for intensive number-crunching. In such instances, the added hardware and software complexity involved in implementing conventional memory protection for each core's local memory could severely impact the attainable degree of parallelism as well as the performance of each individual processor core.
Further, it may be desirable for certain kinds of program code to have different levels of privilege with regard to a system's memory protection and other resources. For example, some operating systems, such as the open-source Linux operating system, have extensible kernels, which allow additional kernel-level code (such as a device driver) to be loaded in at runtime (in the form of “kernel modules”) to augment an existing operating system kernel. Because they fulfill a supervisory and administrative role in a computer, operating system kernels are generally designed to operate in a “privileged mode,” in which the kernel has access to all memory addresses and other system resources. Where kernel modules may come from untrusted sources, however, it may not be desirable to provide a kernel module unfettered access to all memory addresses and system resources. It would be safer to allow the module only the degree of privilege necessary to accomplish its intended purpose.
What is needed, therefore, is a method of protecting sensitive data and code from unauthorized reads and writes without relying on the additional complexity of protection-fault-detection mechanisms, which also allows for differing levels of privilege. The present invention provides a solution to this and other problems, and offers other advantages over previous solutions.