| CPC H04L 9/3278 (2013.01) [G06F 9/30145 (2013.01); G06F 12/1408 (2013.01); H04L 9/0866 (2013.01); H04L 9/3242 (2013.01)] | 18 Claims |
|
1. An apparatus comprising:
decoder circuitry to decode an instance of a single instruction to generate a decoded instruction, the single instruction associated with a ring 0 protection level, the instance of the single instruction to include 1) one or more fields to identify a first destination operand, 2) one or more fields to identify a second destination operand, the second destination operand is to either store an output data structure having decrypted data after execution of the instruction, or a location to store an encrypted data structure having decrypted data after execution of the instruction, 3) one or more fields to identify a source operand, wherein the source operand is to either store an input data structure to be used in an decryption process or a location of an input data structure to be used in an decryption process, and 4) one more fields comprising an opcode, the opcode to indicate that execution circuitry is to at least encrypt secret information from the input data structure with a physical unclonable function (PUF) generated encryption key, bind the wrapped secret information to a target, update the input data structure, generate a MAC over the updated data structure, store the MAC in the input data structure to generate a wrapped output data structure, store the wrapped output data structure having the encrypted secret information and an indication of the target according to usage of the second destination operand's for the instruction; and
execution circuitry to execute the decoded instruction according to the opcode.
|