Hypervisor Based Watchdog Timer
US-2018113764-A1 · Apr 26, 2018 · US
Watchdog timer hierarchy
US10942798B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10942798-B2 |
| Application number | US-201815994167-A |
| Country | US |
| Kind code | B2 |
| Filing date | May 31, 2018 |
| Priority date | May 31, 2018 |
| Publication date | Mar 9, 2021 |
| Grant date | Mar 9, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
In one example of the technology, via a first independent execution environment of a set of independent execution environments in an integrated circuit, a first watchdog timer is caused to reset on a periodic basis. The set of independent execution environments is configured to have a defense-in-depth hierarchy. The set of independent execution environments includes a first independent execution environment and a second independent execution environment. The first independent execution environment is a most trusted execution environment on the integrated circuit. Via the second independent execution environment: a second watchdog timer is periodically caused to reset on a periodic basis. In response to the second watchdog timer timing out, an interrupt is communicated from the second watchdog timer to the first independent execution environment. In response to the first watchdog timer timing out, at least a portion of the integrated circuit is reset.
First claim
Opening claim text (preview).
We claim: 1. An apparatus, comprising: a device including at least one memory adapted to store run-time data for the device, and at least one processor that is adapted to execute processor-executable code that, in response to execution, enables the device to perform actions, including: an integrated circuit, including: a set of independent execution environments configured to have a defense-in-depth hierarchy, wherein the set of independent execution environments includes a first independent execution environment and a second independent execution environment, and wherein the first independent execution environment is a most trusted execution environment on the integrated circuit; a first watchdog timer, wherein the first independent execution environment is configured to cause the first watchdog timer to reset on a periodic basis, and wherein the first watchdog timer is configured to cause at least part of the integrated circuit to reset in response to the first watchdog timer timing out; and a second watchdog timer, wherein the second independent execution environment is configured to cause the second watchdog timer to reset on a periodic basis, wherein the second watchdog timer is configured to send an interrupt to the first independent execution environment in response to the second watchdog timer timing out, and wherein the second watchdog timer is further configured to reset the second independent execution environment in response to the second watchdog timer timing out. 2. The apparatus of claim 1 , wherein the set of independent execution environments further includes a third independent execution environment that is less trusted than the second execution environment, the integrated circuit further includes a third watchdog timer, the third independent execution environment is configured to cause the third watchdog timer to reset on a periodic basis, and wherein the third watchdog timer is configured to send an interrupt to at least one of the first independent execution environment or the second independent execution environment in response to the third watchdog timer timing out. 3. The apparatus of claim 2 , wherein at least two independent execution environments in the set of independent execution environments are running on general purpose cores with differing capabilities from each other, and wherein the general purpose cores with differing capabilities from each other include at least a first microcontroller and a first central processing unit (CPU). 4. The apparatus of claim 3 , wherein the set of independent execution environments further include a secure world runtime on the first CPU, and a normal world operating system on the first CPU. 5. The apparatus of claim 1 , wherein the first independent execution environment includes a security complex that is configured as a hardware root of trust for the integrated circuit. 6. The apparatus of claim 5 , wherein the set of independent execution environments further includes a third independent execution environment that is less trusted than the second execution environment, the integrated circuit further includes a third watchdog timer, the third independent execution environment is configured to cause the third watchdog timer to reset on a periodic basis, and wherein the third watchdog timer is configured to send an interrupt to at least one of the first independent execution environment or the second independent execution environment in response to the third watchdog timer timing out. 7. The apparatus of claim 6 , wherein the second independent execution environment includes a first core, the third independent execution environment includes a second core, and wherein the second core is configured as an input/output core. 8. The apparatus of claim 6 , wherein the second independent execution environments includes a secure world runtime on a first core, and wherein the third independent execution environment includes a normal world operating system on the first core. 9. A method, comprising: via a first independent execution environment of a set of independent execution environments in an integrated circuit, wherein the set of independent execution environments is configured to have a defense-in-depth hierarchy, the set of independent execution environments includes a first independent execution environment and a second independent execution environment, and wherein the first independent execution environment is a most trusted execution environment on the integrated circuit: causing a first watchdog timer to reset on a periodic basis; via the second independent execution environment: periodically causing a second watchdog timer to reset on a periodic basis; in response to the second watchdog timer timing out, communicating an interrupt from the second watchdog timer to the first independent execution environment; in response to the first watchdog timer timing out, resetting at least a portion of the integrated circuit; and in response to the second watchdog timer timing out, resetting the second independent execution environment. 10. The method of claim 9 , wherein the first independent execution environment includes a security complex that is configured as a hardware root of trust for the integrated circuit. 11. The method of claim 10 , wherein the set of independent execution environments further includes a third independent execution environment that is less trusted than the second execution environment, and wherein the integrated circuit further includes a third watchdog timer, the third independent execution environment is configured to cause the third watchdog timer to reset on a periodic basis, the method further comprising, via the third watchdog timer, in response to the third watchdog timer timing out, sending an interrupt to at least one of the first independent execution environment or the second independent execution environment. 12. The method of claim 9 , wherein the set of independent execution environments further includes a third independent execution environment that is less trusted than the second execution environment, and wherein the integrated circuit further includes a third watchdog timer, the third independent execution environment is configured to cause the third watchdog timer to reset on a periodic basis, the method further comprising, via the third watchdog timer, in response to the third watchdog timer timing out, sending an interrupt to at least one of the first independent execution environment or the second independent execution environment. 13. The method of claim 12 , wherein at least two independent execution environments in the set of independent execution environments are running on general purpose cores with differing capabilities from each other, and wherein the general purpose cores with differing capabilities from each other include at least a first microcontroller and a first central processing unit (CPU). 14. The method of claim 13 , wherein the set of independent execution environments further include a secure world runtime on the first CPU, and a normal world operating system on the first CPU. 15. A method, comprising: configuring a watchdog timer to send an interrupt to a first independent execution environment of a set of independent execution environments on an integrated circuit in response to the first watchdog timer timing out, wherein the set of independent execution environments further includes a second independent execution environment, and wherein the first independent execution environment is a most trusted execution environment on the integrated circuit; configuring another watchdog timer to cause at
Assignees
Inventors
Classifications
to assure secure computing or processing of information · CPC title
in functional embedded systems, i.e. in a data processing system designed as a combination of hardware and software dedicated to performing a certain function (testing or monitoring of automated control systems G05B23/02) · CPC title
- G06F21/74Primary
operating in dual or compartmented mode, i.e. at least one secure mode · CPC title
to assure secure storage of data (address-based protection against unauthorised use of memory G06F12/14; record carriers for use with machines and with at least a part designed to carry digital markings G06K19/00) · CPC title
- G06F11/0757Primary
by exceeding a time limit, i.e. time-out, e.g. watchdogs · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10942798B2 cover?
- In one example of the technology, via a first independent execution environment of a set of independent execution environments in an integrated circuit, a first watchdog timer is caused to reset on a periodic basis. The set of independent execution environments is configured to have a defense-in-depth hierarchy. The set of independent execution environments includes a first independent executio…
- Who is the assignee on this patent?
- Microsoft Technology Licensing Llc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/74. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Mar 09 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).