公开(公告)号：US20230259660A1

公开(公告)日：2023-08-17

申请号：US18003841

申请日：2021-06-25

Applicant: Arm Limited

Inventor： Andreas Lars SANDBERG ,  Roberto AVANZI

IPC: G06F21/78 ,  G06F21/64 ,  G06F21/72

CPC classification number: G06F21/78 ,  G06F21/64 ,  G06F21/72

Abstract: A data integrity tree for memory security comprises a plurality of nodes, wherein a linked series of nodes of the data integrity tree protects a data item stored in memory. A parent node in the linked series of nodes comprises a plurality of counters, each associated with a respective child node and providing an input to a protection function associated with the respective child node. A node authentication code protects the plurality of counters in each parent node and is dependent on a counter in a node above the parent node in the data integrity tree. A plurality of hash value child nodes each comprises a plurality of encrypted hash values generated as a function of a respective block of data stored in the memory and as a function of a counter comprised in a node above the hash value child node in the data integrity tree.

公开(公告)号：US20230113906A1

公开(公告)日：2023-04-13

申请号：US17756877

申请日：2020-11-12

Applicant: Arm Limited

Inventor： Hector MONTANER MAS ,  Andreas Lars SANDBERG ,  Roberto AVANZI

IPC: G06F12/14 ,  G06F12/0866

Abstract: An apparatus including memory access circuitry for controlling access to data stored in the non-trusted memory, and memory security circuitry to verify integrity of data stored in the non-trusted memory. The memory security circuitry has authentication code generation circuitry for generating authentication codes to be associated with the data stored in the non-trusted memory, for use when verifying the integrity of the data. The apparatus also has a trusted storage, and the authentication code generation circuitry is arranged to generate different authentication codes, dependent on whether the authentication code is to be stored in the non-trusted memory or the trusted storage.

公开(公告)号：US20220014379A1

公开(公告)日：2022-01-13

申请号：US16925723

申请日：2020-07-10

Applicant: Arm Limited

Inventor： Roberto AVANZI ,  Andreas Lars SANDBERG ,  Michael Andrew CAMPBELL ,  Matthias Lothar BOETTCHER ,  Prakash S. RAMRAKHYANI

IPC: H04L9/32 ,  G06F21/64 ,  G06F21/57 ,  H04W12/06

Abstract: Apparatuses and method are disclosed for protecting the integrity of data stored in a protected area of memory. Data in the protected area of memory is retrieved in data blocks and an authentication code is associated with a memory granule contiguously comprising a first data block and a second data block. Calculation of the authentication code comprises a cryptographic calculation based on a first hash value determined from the first data block and a second hash value determined from the second data block. A hash value cache is provided to store hash values determined from data blocks retrieved from the protected area of the memory. When the first data block and its associated authentication code are retrieved from memory, a lookup for the second hash value in the hash value cache is performed, and a verification authentication code is calculated for the memory granule to which that data block belongs. The integrity of the first data block is contingent on the verification authentication code matching the retrieved authentication code.

公开(公告)号：US20210042227A1

公开(公告)日：2021-02-11

申请号：US16979624

申请日：2019-03-12

Applicant: Arm Limited

Inventor： Andreas Lars SANDBERG ,  Stephan DIESTELHORST ,  Nikos NIKOLERIS ,  Ian Michael CAULFIELD ,  Peter Richard GREENHALGH ,  Frederic Claude Marie PIRY ,  Albin Pierrick TONNERRE

IPC: G06F12/0802

Abstract: Coherency control circuitry (10) supports processing of a safe-speculative-read transaction received from a requesting master device (4). The safe-speculative-read transaction is of a type requesting that target data is returned to a requesting cache (11) of the requesting master device (4) while prohibiting any change in coherency state associated with the target data in other caches (12) in response to the safe-speculative-read transaction. In response, at least when the target data is cached in a second cache associated with a second master device, at least one of the coherency control circuitry (10) and the second cache (12) is configured to return a safe-speculative-read response while maintaining the target data in the same coherency state within the second cache. This helps to mitigate against speculative side-channel attacks.

公开(公告)号：US20200293457A1

公开(公告)日：2020-09-17

申请号：US16778040

申请日：2020-01-31

Applicant: Arm Limited

Inventor： Ilias VOUGIOUKAS ,  Nikos NIKOLERIS ,  Andreas Lars SANDBERG ,  Stephan DIESTELHORST

IPC: G06F12/1027 ,  G06N5/04

Abstract: Apparatus comprises two or more processing devices each having an associated translation lookaside buffer to store translation data defining address translations between virtual and physical memory addresses, each address translation being associated with a respective virtual address space; and control circuitry to control the transfer of at least a subset of the translation data from the translation lookaside buffer associated with a first processing device to the translation lookaside buffer associated with a second, different, processing device.

公开(公告)号：US20190361707A1

公开(公告)日：2019-11-28

申请号：US16018440

申请日：2018-06-26

Applicant: Arm Limited

Inventor： Ilias VOUGIOUKAS ,  Stephan DIESTELHORST ,  Andreas Lars SANDBERG ,  Nikos NIKOLERIS

IPC: G06F9/38 ,  G06F9/30

Abstract: A TAGE branch predictor has, as its fallback predictor, a perceptron predictor. This provides a branch predictor which reduces the penalty of context switches and branch prediction state flushes.

公开(公告)号：US20190243778A1

公开(公告)日：2019-08-08

申请号：US16342644

申请日：2017-11-29

Applicant: ARM LIMITED

Inventor： Nikos NIKOLERIS ,  Andreas Lars SANDBERG ,  Prakash S. RAMRAKHYANI ,  Stephan DIESTELHORST

IPC: G06F12/1009 ,  G11C11/408 ,  G11C11/4096

CPC classification number: G06F12/1009 ,  G06F12/1027 ,  G06F2212/65 ,  G06F2212/657 ,  G11C8/06 ,  G11C11/4082 ,  G11C11/4096

Abstract: Memory address translation apparatus comprises page table access circuitry to access a page table to retrieve translation data defining an address translation between an initial memory address in an initial memory address space, and a corresponding output memory address in an output address space; a translation data buffer to store, for a subset of the initial address space, one or more instances of the translation data; the translation data buffer comprising: an array of storage locations arranged in rows and columns; a row buffer comprising a plurality of entries each to store information from a respective portion of a row of the array; and comparison circuitry responsive to a key value dependent upon at least the initial memory address, to compare the key value with information stored in each of at least one key entry of the row buffer, each key entry having an associated value entry for storing at least a representation of a corresponding output memory address, and to identify which of the at least one key entry, if any, is a matching key entry storing information matching the key value; and output circuitry to output, when there is a matching key entry, at least the representation of the output memory address in the value entry associated with the matching key entry.

公开(公告)号：US20180232313A1

公开(公告)日：2018-08-16

申请号：US15882104

申请日：2018-01-29

Applicant: ARM Limited

Inventor： Nikos NIKOLERIS ,  Andreas Lars SANDBERG ,  Jonas SVEDAS ,  Stephan DIESTELHORST

IPC: G06F12/0871 ,  G06F12/084 ,  G06F12/0862 ,  G06F12/0808 ,  G06F12/0811 ,  G06F3/06

CPC classification number: G06F12/0871 ,  G06F3/064 ,  G06F12/0808 ,  G06F12/0811 ,  G06F12/084 ,  G06F12/0862 ,  G06F12/0895 ,  G06F2212/6026

Abstract: A system cache and method of operating a system cache are provided. The system cache provides data caching in response to data access requests from plural system components. The system cache has data caching storage with plural entries, each entry storing a block of data items and each block of data items comprising plural sectors of data items, and each block of data items being stored in an entry of the data caching storage with an associated address portion. Sector use prediction circuitry is provided which has a set of pattern entries to store a set of sector use patterns. In response to a data access request received from a system component specifying one or more data items a selected pattern entry is selected in dependence on a system component identifier in the data access request and a sector use prediction is generated in dependence on a sector use pattern in the selected pattern entry. Further data items may then be retrieved which are not specified in the data access request but are indicated by the sector use prediction, and memory bandwidth usage is thereby improved.

公开(公告)号：US20180203802A1

公开(公告)日：2018-07-19

申请号：US15864062

申请日：2018-01-08

Applicant: ARM Limited

Inventor： Ricardo Daniel Queiros ALVES ,  Nikos NIKOLERIS ,  Shidhartha DAS ,  Andreas Lars SANDBERG

IPC: G06F12/0864 ,  G06F12/0888 ,  G06F12/0862

CPC classification number: G06F12/0864 ,  G06F12/0862 ,  G06F12/0888 ,  G06F12/0895 ,  G06F12/0897 ,  G06F2212/1024 ,  G06F2212/1028 ,  G06F2212/507 ,  G06F2212/602 ,  Y02D10/13

Abstract: A cache apparatus is provided comprising a data storage structure providing N cache ways that each store data as a plurality of cache blocks. The data storage structure is organised as a plurality of sets, where each set comprises a cache block from each way, and further the data storage structure comprises a first data array and a second data array, where at least the second data array is set associative. A set associative tag storage structure stores a tag value for each cache block, with that set associative tag storage structure being shared by the first and second data arrays. Control circuitry applies an access likelihood policy to determine, for each set, a subset of the cache blocks of that set to be stored within the first data array. Access circuitry is then responsive to an access request to perform a lookup operation within an identified set of the set associative tag storage structure overlapped with an access operation to access within the first data array the subset of the cache blocks for the identified set. In the event of a hit condition being detected that identifies a cache block present in the first data array, that access request is then processed using the cache block accessed within the first data array. If instead a hit condition is detected that identifies a cache block absent in the first data array, then a further access operation is performed to access the identified cache block within a selected way of the second data array. Such a cache structure provides a high performance and energy efficient mechanism for storing cached data.