| CPC G06F 21/54 (2013.01) [G06F 9/45558 (2013.01); G06F 13/4027 (2013.01); G06F 21/567 (2013.01); G06F 2009/45591 (2013.01); G06F 2221/034 (2013.01)] | 18 Claims |
|
1. An apparatus comprising:
one or more processor cores to execute instructions and process data, the one or more processor cores to execute one or more security instructions to protect a virtual machine or trusted application from a virtual machine monitor (VMM) or operating system (OS);
a plurality of control registers and protected registers for the one or more processor cores to be logically arranged in groups in accordance with a security policy, a group within the groups comprising a subset of the plurality of control registers including at least a first control register to store a first one or more security identifiers, a second control register to store a second one or more security identifiers, and a third control register to store a third one or more security identifiers, wherein an agent asserting one of the first one or more security identifiers is to be permitted to write to the second control register and the third control register, wherein the agent or a different agent asserting one of the second one or more security identifiers is to be permitted to write to one or more of the protected registers in the group, and wherein the agent or a different agent asserting one of the third one or more security identifiers is to be permitted to read the one or more of the protected registers in the group;
an interconnect fabric to couple the one or more processor cores to a device; and
security hardware logic to determine whether to allow a read or write attempt by an initiator directed to a protected register of the one or more of the protected registers in the group to proceed over the interconnect fabric based on an asserted security identifier corresponding to the read or write attempt.
|