公开(公告)号：US09189646B2

公开(公告)日：2015-11-17

申请号：US14173418

申请日：2014-02-05

Applicant: ARM LIMITED

Inventor： Ola Hugosson ,  Erik Persson ,  Dominic Hugo Symes

IPC: G06F21/00 ,  G06F21/62

CPC classification number: G06F21/6218 ,  G06F21/78

Abstract: A data processing apparatus is provided, comprising plural processing units configured to execute plural processes, a storage unit configured to store data required for the plural processes; and a protection unit configured to control access by the plural processes to the storage unit. The protection unit is configured to define an allocated access region of the storage unit for each process of the plural processes, wherein the protection unit is configured to deny access for each the process outside the allocated access region and wherein allocated access regions are defined to be non-overlapping. The protection unit is configured to define each allocated access region as a contiguous portion of the storage unit between a lower region limit and an upper region limit, and the protection unit is configured such that when the lower region limit is modified the lower region limit cannot be decreased and such that when the upper region limit is modified the upper region limit cannot be decreased.

Abstract translation: 提供了一种数据处理装置，包括被配置为执行多个处理的多个处理单元，被配置为存储多个处理所需的数据的存储单元; 以及保护单元，被配置为控制通过所述多个处理对所述存储单元的访问。 保护单元被配置为为多个进程的每个进程定义存储单元的分配的访问区域，其中保护单元被配置为拒绝对所分配的访问区域之外的每个进程的访问，并且其中分配的访问区域被定义为 不重叠。 保护单元被配置为将每个分配的访问区域定义为存储单元在下限区域和上区域限制之间的连续部分，并且保护单元被配置为使得当下区域限制被修改时，下区域限制不能 并且使得当上限区域被修改时，上限区域不能减小。

公开(公告)号：US08959304B2

公开(公告)日：2015-02-17

申请号：US13777338

申请日：2013-02-26

Applicant: ARM Limited

Inventor： Dominic Hugo Symes ,  Ola Hugosson ,  Donald Felton ,  Sean Tristram Ellis

IPC: G06F12/00 ,  G06F12/14

CPC classification number: G06F12/145

Abstract: A data processing apparatus comprises a primary processor, a secondary processor configured to perform secure data processing operations and non-secure data processing operations and a memory configured to store secure data used by the secondary processor when performing the secure data processing operations and configured to store non-secure data used by the secondary processor when performing the non-secure data processing operations, wherein the secure data cannot be accessed by the non-secure data processing operations, wherein the secondary processor comprises a memory management unit configured to administer accesses to the memory from the secondary processor, the memory management unit configured to perform translations between virtual memory addresses used by the secondary processor and physical memory addresses used by the memory, wherein the translations are configured in dependence on a page table base address, the page table base address identifying a storage location in the memory of a set of descriptors defining the translations, wherein the page table base address is defined by the primary processor and cannot be amended by the secondary processor.

Abstract translation: 数据处理装置包括主处理器，被配置为执行安全数据处理操作和非安全数据处理操作的辅助处理器，以及被配置为在执行安全数据处理操作时存储由辅助处理器使用的安全数据的存储器，并且被配置为存储 在执行非安全数据处理操作时由辅助处理器使用的非安全数据，其中所述安全数据不能被所述非安全数据处理操作访问，其中所述辅助处理器包括存储器管理单元，所述存储器管理单元被配置为管理对 来自二级处理器的存储器，所述存储器管理单元被配置为在所述辅助处理器使用的虚拟存储器地址和所述存储器使用的物理存储器地址之间执行转换，其中，所述转换根据页表基地址，所述页表基 地址识别存储位置 定义翻译的一组描述符的存储器，其中页表基地址由主处理器定义并且不能被辅助处理器修改。