公开(公告)号：US20130276096A1

公开(公告)日：2013-10-17

申请号：US13777309

申请日：2013-02-26

Applicant: ARM LIMITED

Inventor： Dominic Hugo SYMES ,  Ola HUGOSSON ,  Donald FELTON ,  Erik PERSSON

IPC: G06F21/60

CPC classification number: G06F21/606 ,  G06F12/1027 ,  G06F12/1072 ,  G06F21/74 ,  G06F2212/302

Abstract: A data processing apparatus is configured to perform secure data processing operations and non-secure data processing operations, wherein the apparatus includes a master device with a secure domain and a non-secure domain. Components of the master device operate in the secure domain when performing secure data processing operations and operate in the non-secure domain when performing the non-secure data processing operations. A slave device is configured to perform a delegated data processing operation specified by the master device and a communication bus connecting the master device to the slave device. The delegated operation is initiated by an issuing component in the master device, wherein the slave device includes a security inheritance mechanism configured to cause the delegated operation to inherit a non-secure security status or a secure status depending upon whether the issuing component in the master device is operating in the non-secure domain or the secure domain.

Abstract translation: 数据处理装置被配置为执行安全数据处理操作和非安全数据处理操作，其中该装置包括具有安全域和非安全域的主设备。 当执行安全数据处理操作时，主设备的组件在安全域中操作，并且在执行非安全数据处理操作时在非安全域中操作。 从设备被配置为执行由主设备指定的委托数据处理操作和将主设备连接到从设备的通信总线。 委托操作由主设备中的发布组件启动，其中从设备包括安全继承机制，该安全继承机制被配置为使得委托操作继承非安全安全状态或安全状态，这取决于主设备中的发布组件 设备在非安全域或安全域中运行。

公开(公告)号：US20130275701A1

公开(公告)日：2013-10-17

申请号：US13777338

申请日：2013-02-26

Applicant: ARM LIMITED

Inventor： Dominic Hugo SYMES ,  Ola HUGOSSON ,  Donald FELTON ,  Sean Tristram ELLIS

IPC: G06F12/14

CPC classification number: G06F12/145

Abstract: A data processing apparatus comprises a primary processor, a secondary processor configured to perform secure data processing operations and non-secure data processing operations and a memory configured to store secure data used by the secondary processor when performing the secure data processing operations and configured to store non-secure data used by the secondary processor when performing the non-secure data processing operations, wherein the secure data cannot be accessed by the non-secure data processing operations, wherein the secondary processor comprises a memory management unit configured to administer accesses to the memory from the secondary processor, the memory management unit configured to perform translations between virtual memory addresses used by the secondary processor and physical memory addresses used by the memory, wherein the translations are configured in dependence on a page table base address, the page table base address identifying a storage location in the memory of a set of descriptors defining the translations, wherein the page table base address is defined by the primary processor and cannot be amended by the secondary processor.

Abstract translation: 数据处理装置包括主处理器，被配置为执行安全数据处理操作和非安全数据处理操作的辅助处理器，以及被配置为在执行安全数据处理操作时存储由辅助处理器使用的安全数据的存储器，并且被配置为存储 在执行非安全数据处理操作时由辅助处理器使用的非安全数据，其中所述安全数据不能被所述非安全数据处理操作访问，其中所述辅助处理器包括存储器管理单元，所述存储器管理单元被配置为管理对 来自二级处理器的存储器，所述存储器管理单元被配置为在所述辅助处理器使用的虚拟存储器地址和所述存储器使用的物理存储器地址之间执行转换，其中，所述转换根据页表基地址，所述页表基 地址识别存储位置 定义翻译的一组描述符的存储器，其中页表基地址由主处理器定义并且不能被辅助处理器修改。