公开(公告)号：US20150002523A1

公开(公告)日：2015-01-01

申请号：US14014032

申请日：2013-08-29

Applicant: Qualcomm Incorporated

Inventor： THOMAS ZENG ,  AZZEDINE TOUZNI ,  WILLIAM TORZEWSKI

IPC: G06F21/71 ,  G06T1/20

CPC classification number: G06F21/71 ,  G06F21/74 ,  G06F2221/2113 ,  G06T1/20

Abstract: Systems, methods, and computer programs are disclosed for providing secure access control to a graphics processing unit (GPU). One system includes a GPU, a plurality GPU programming interfaces, and a command processor. Each GPU programming interface is dynamically assigned to a different one of a plurality of security zones. Each GPU programming interface is configured to receive work orders issued by one or more applications associated with the corresponding security zone. The work orders comprise instructions to be executed by the GPU. The command processor is in communication with the plurality of GPU programming interfaces. The command processor is configured to control execution of the work orders received by the plurality of GPU programming interfaces using separate secure memory regions. Each secure memory region is allocated to one of the plurality of security zones.

Abstract translation: 公开了用于向图形处理单元（GPU）提供安全访问控制的系统，方法和计算机程序。 一个系统包括GPU，多个GPU编程接口和命令处理器。 每个GPU编程接口被动态分配给多个安全区中的不同的一个。 每个GPU编程接口被配置为接收由与相应安全区相关联的一个或多个应用发出的工作命令。 工作单包括由GPU执行的指令。 命令处理器与多个GPU编程接口通信。 命令处理器被配置为使用单独的安全存储器区域来控制由多个GPU编程接口接收的工作订单的执行。 每个安全存储器区域被分配给多个安全区域中的一个。

公开(公告)号：US20160012241A1

公开(公告)日：2016-01-14

申请号：US14861206

申请日：2015-09-22

Applicant: Qualcomm Incorporated

Inventor： AZZEDINE TOUZNI ,  Thomas Zeng

IPC: G06F21/60 ,  G06F15/167 ,  G06F12/14 ,  G06F21/76

CPC classification number: G06F21/606 ,  G06F12/1009 ,  G06F12/1475 ,  G06F12/1483 ,  G06F15/167 ,  G06F21/76 ,  G06F21/79 ,  G06F2212/1052

Abstract: A first processor and a second processor are configured to communicate secure inter-processor communications (IPCs) with each other. The first processor effects secure IPCs and non-secure IPCs using a first memory management unit (MMU) to route the secure and non-secure IPCs via a memory system. The first MMU accesses a first page table stored in the memory system to route the secure IPCs and accesses a second page table stored in the memory system to route the non-secure IPCs. The second processor effects at least secure IPCs using a second MMU to route the secure IPCs via the memory system. The second MMU accesses the second page table to route the secure IPCs.

公开(公告)号：US20150268706A1

公开(公告)日：2015-09-24

申请号：US14304894

申请日：2014-06-14

Applicant: QUALCOMM INCORPORATED

Inventor： TERO KUKOLA ,  CARL VICTOR STREETER ,  THOMAS ZENG ,  AJAYKUMAR SHANKARGOUDA PATIL ,  CHRISTOPHER ALAN PAGNOTTA ,  VINAY JAIN ,  SATYAKI MUKHERJEE ,  AZZEDINE TOUZNI

IPC: G06F1/26 ,  G06F21/64

CPC classification number: G06F21/64 ,  G06F21/81

Abstract: Various embodiments of methods and systems for hardware-based memory power management (“HMPM”) in a portable computing device (“PCD”) running secure and non-secure execution environments are disclosed. Hardware-based state machines are uniquely associated with, and under the control of, the non-secure execution environment, the secure execution environment and a virtual manager, respectively. The states of the state machines constitute votes by each of the execution environments and the virtual manager to control the power supply state to the memory component, such as a cache memory. The votes are monitored by a digital circuit that, based on a combination logic of the votes, generates an output signal to trigger a power management component to maintain, supply or remove power on a rail associated with the memory component. In this way, the power supply state to the memory component cannot be unilaterally changed by an application running in the non-secure execution environment.

Abstract translation: 公开了在运行安全和非安全执行环境的便携式计算设备（“PCD”）中用于基于硬件的存储器功率管理（“HMPM”）的方法和系统的各种实施例。 基于硬件的状态机分别与非安全执行环境，安全执行环境和虚拟管理器独立地相关联并在其控制下。 状态机的状态由每个执行环境和虚拟管理器构成投票，以控制诸如高速缓冲存储器的存储器组件的电源状态。 投票由数字电路监控，该数字电路基于投票的组合逻辑产生输出信号以触发电力管理组件以维持，提供或移除与存储器组件相关联的轨道上的电力。 以这种方式，通过在非安全执行环境中运行的应用程序不能单方面地改变对存储器组件的供电状态。

公开(公告)号：US20150161057A1

公开(公告)日：2015-06-11

申请号：US14147555

申请日：2014-01-05

Applicant: Qualcomm Incorporated

Inventor： THOMAS M. ZENG ,  AZZEDINE TOUZNI ,  STEPHEN A. MOLLOY ,  SATYAKI MUKHERJEE ,  ABHIRAMI SENTHILKUMARAN ,  OLAV HAUGAN ,  TZUNG REN TZENG ,  TAREK ZGHAL ,  JEAN-LOUIS O. TARDIEUX ,  AJAY UPADHYAYA ,  ZHURANG ZHAO ,  PAWAN CHHABRA ,  SUBRAHMANYAM MOOLA ,  PAVAN KUMAR ,  JAYDEEP R. CHOKSHI ,  VICTOR K. WONG ,  VIPUL C. GANDHI

IPC: G06F12/10

CPC classification number: G06F12/1027 ,  G06F11/2221 ,  G11C29/18

Abstract: Systems and methods are disclosed for providing memory address translation for a memory management system. One embodiment of such a system comprises a memory device and an application processor in communication via a system interconnect. The application processor comprises test code for testing one or more of a plurality of hardware devices. Each of the hardware devices has a corresponding system memory management unit (SMMU) for processing memory requests associated with the hardware device to the memory device. The system further comprises a client-side address translation system in communication with the system interconnect and the plurality of SMMUs. The client-side address translation system is configured to selectively route stimulus traffic associated with the test code to a client port on one or more of the plurality of SMMUs for testing the corresponding hardware devices.

Abstract translation: 公开了用于为存储器管理系统提供存储器地址转换的系统和方法。 这种系统的一个实施例包括存储器设备和经由系统互连进行通信的应用处理器。 应用处理器包括用于测试多个硬件设备中的一个或多个的测试代码。 每个硬件设备具有相应的系统存储器管理单元（SMMU），用于处理与硬件设备相关联的存储器请求到存储器设备。 该系统还包括与系统互连和多个SMMU通信的客户端地址转换系统。 客户端地址转换系统被配置为选择性地将与测试代码相关联的刺激流量路由到多个SMMU中的一个或多个SMMU上的客户端口，以测试对应的硬件设备。

公开(公告)号：US20170083456A1

公开(公告)日：2017-03-23

申请号：US15086128

申请日：2016-03-31

Applicant: QUALCOMM INCORPORATED

Inventor： THOMAS ZENG ,  AZZEDINE TOUZNI ,  TZUNG REN TZENG ,  PHIL J. BOSTLEY

IPC: G06F12/14 ,  G06F9/455 ,  G06F12/1027

CPC classification number: G06F12/145 ,  G06F9/45504 ,  G06F12/1027 ,  G06F12/1491 ,  G06F21/79 ,  G06F2212/1032 ,  G06F2212/151 ,  G06F2212/152 ,  G06F2212/654 ,  G06F2212/68

Abstract: A security apparatus and method are provided for performing a security algorithm that prevents unauthorized access to contents of a physical address (PA) that have been loaded into a storage element of the computer system as a result of performing a prediction algorithm during a hardware table walk that uses a predictor to predict a PA based on a virtual address (VA). When the predictor is enabled, it might be possible for a person with knowledge of the system to configure the predictor to cause contents stored at a PA of a secure portion of the main memory to be loaded into a register in the TLB. In this way, a person who should not have access to contents stored in secure portions of the main memory could indirectly gain unauthorized access to those contents. The apparatus and method prevent such unauthorized access to the contents by masking the contents under certain conditions.

公开(公告)号：US20150261686A1

公开(公告)日：2015-09-17

申请号：US14210512

申请日：2014-03-14

Applicant: QUALCOMM INCORPORATED

Inventor： SANKARAN NAMPOOTHIRI ,  ARUN VALIAPARAMBIL ,  SUBODH SINGH ,  AZZEDINE TOUZNI

IPC: G06F12/10 ,  G06F9/455 ,  G06F11/16 ,  G06F13/28 ,  G06F13/24

CPC classification number: G06F9/45533 ,  G06F9/45558 ,  G06F12/08 ,  G06F13/24 ,  G06F13/28 ,  G06F2009/45575 ,  G06F2009/45583 ,  G06F2212/151 ,  G06F2212/171 ,  G06F2212/403

Abstract: A portable computing device is arranged with one or more subsystems that include a processor and a memory management unit arranged to execute threads under a subsystem level operating system. The processor is in communication with a primary memory. A first area of the primary memory is used for storing time critical code and data. A second area is available for demand pages required by a thread executing in the processor. A secondary memory is accessible to a hypervisor. The processor generates an interrupt when a page fault is detected. The hypervisor, in response to the interrupt, initiates a direct memory transfer of information in the secondary memory to the second area available for demand pages in the primary memory. Upon completion of the transfer, the hypervisor communicates a task complete acknowledgement to the processor.

Abstract translation: 便携式计算设备布置有一个或多个子系统，其包括处理器和布​​置成在子系统级操作系统下执行线程的存储器管理单元。 处理器与主存储器通信。 主存储器的第一个区域用于存储时间关键代码和数据。 第二个区域可用于在处理器中执行的线程所需的需求页面。 管理程序可访问辅助内存。 当检测到页面错误时，处理器会产生中断。 管理程序响应于中断，启动将辅助存储器中的信息的直接存储器传送到可用于主存储器中的需求页面的第二区域。 完成传输后，管理程序将任务完成确认通知给处理器。