公开(公告)号：US20140223229A1

公开(公告)日：2014-08-07

申请号：US14246162

申请日：2014-04-07

Applicant: ARM Limited

Inventor： Emre OZER ,  Yiannakis SAZEIDES ,  Daniel KERSHAW ,  Stuart David BILES

IPC: G06F11/14

CPC classification number: G06F11/1415 ,  G06F11/0727 ,  G06F11/076 ,  G06F11/0787 ,  G06F2201/86

Abstract: A data processing apparatus has a plurality of storage elements residing at different physical locations within the apparatus, and fault history circuitry for detecting local transient faults occurring in each storage element, and for maintaining global transient fault history data based on the detected local transient faults. Analysis circuitry monitors the global transient fault history data to determine, based on predetermined criteria, whether the global transient fault history data is indicative of random transient faults occurring within the data processing apparatus, or is indicative of a coordinated transient fault attack. The analysis circuitry is then configured to initiate a countermeasure action on determination of a coordinated transient fault attack. This provides a simple and effective mechanism for distinguishing between random transient faults that may naturally occur, and a coordinated transient fault attack that may be initiated in an attempt to circumvent the security of the data processing apparatus.

Abstract translation: 数据处理装置具有驻留在装置内的不同物理位置的多个存储元件，以及故障历史电路，用于检测每个存储元件中发生的局部瞬态故障，并且用于基于检测到的局部瞬态故障来维护全局瞬态故障历史数据。 分析电路监视全局瞬态故障历史数据，以基于预定标准确定全局瞬态故障历史数据是否表示在数据处理装置内发生的随机瞬态故障，或指示协调的瞬时故障攻击。 分析电路然后被配置为启动对协调的瞬态故障攻击的确定的对策动作。 这提供了一种用于区分可能自然发生的随机瞬态故障的简单和有效的机制，以及可以在试图绕过数据处理设备的安全性时发起的协调的瞬态故障攻击。

公开(公告)号：US20150121036A1

公开(公告)日：2015-04-30

申请号：US14585900

申请日：2014-12-30

Applicant: ARM LIMITED

Inventor： Matthew James HORSNELL ,  Richard Roy GRISENTHWAITE ,  Stuart David BILES ,  Daniel KERSHAW

IPC: G06F9/30

CPC classification number: G06F21/602 ,  G06F9/30007 ,  G06F9/30029 ,  G06F9/30032 ,  G06F9/30036 ,  G06F9/30145 ,  G06F9/3887 ,  G09C1/00 ,  H04L9/0643 ,  H04L9/3239 ,  H04L2209/12 ,  H04L2209/125

Abstract: A data processing system 2 includes a single instruction multiple data register file 12 and single instruction multiple processing circuitry 14. The single instruction multiple data processing circuitry 14 supports execution of cryptographic processing instructions for performing parts of a hash algorithm. The operands are stored within the single instruction multiple data register file 12. The cryptographic support instructions do not follow normal lane-based processing and generate output operands in which the different portions of the output operand depend upon multiple different elements within the input operand.

Abstract translation: 数据处理系统2包括单指令多数据寄存器文件12和单指令多处理电路14.单指令多数据处理电路14支持执行用于执行散列算法部分的密码处理指令。 操作数存储在单指令多数据寄存器文件12中。加密支持指令不遵循正常的基于通道的处理，并且生成输出操作数，其中输出操作数的不同部分取决于输入操作数中的多个不同元素。

公开(公告)号：US20190095389A1

公开(公告)日：2019-03-28

申请号：US16094224

申请日：2017-03-29

Applicant: ARM LIMITED

Inventor： Graeme Peter BARNES ,  Stuart David BILES

IPC: G06F16/23 ,  G06F16/245 ,  G06F16/22 ,  G06F9/30 ,  G06F13/28

Abstract: An apparatus is provided comprising storage elements to store data blocks, where each data block has capability metadata associated therewith identifying whether the data block specifies a capability, at least one capability type being a bounded pointer. Processing circuitry is then arranged to be responsive to a bulk capability metadata operation identifying a plurality of the storage elements, to perform an operation on the capability metadata associated with each data block stored in the plurality of storage elements. Via a single specified operation, this hence enables query and/or modification operations to be performed on multiple items of capability metadata, hence providing more efficient access to such capability metadata.

公开(公告)号：US20160026806A1

公开(公告)日：2016-01-28

申请号：US14792796

申请日：2015-07-07

Applicant: ARM Limited

Inventor： Matthew James HORSNELL ,  Richard Roy GRISENTHWAITE ,  Stuart David BILES ,  Daniel KERSHAW

IPC: G06F21/60 ,  G06F9/38 ,  G06F9/30

CPC classification number: G06F21/602 ,  G06F9/30007 ,  G06F9/30029 ,  G06F9/30032 ,  G06F9/30036 ,  G06F9/30145 ,  G06F9/3887 ,  G09C1/00 ,  H04L9/0643 ,  H04L9/3239 ,  H04L2209/12 ,  H04L2209/125

Abstract: A data processing system includes a single instruction multiple data register file and single instruction multiple processing circuitry. The single instruction multiple data processing circuitry supports execution of cryptographic processing instructions for performing parts of a hash algorithm. The operands are stored within the single instruction multiple data register file. The cryptographic support instructions do not follow normal lane-based processing and generate output operands in which the different portions of the output operand depend upon multiple different elements within the input operand.

Abstract translation: 数据处理系统包括单指令多数据寄存器文件和单指令多处理电路。 单指令多数据处理电路支持执行用于执行散列算法部分的密码处理指令。 操作数存储在单指令多数据寄存器文件中。 加密支持指令不遵循正常的基于通道的处理，并且生成输出操作数，其中输出操作数的不同部分取决于输入操作数中的多个不同元素。

公开(公告)号：US20170017583A1

公开(公告)日：2017-01-19

申请号：US15123805

申请日：2015-03-04

Applicant: ARM LIMITED

Inventor： Matthew James HORSNELL ,  Richard Roy GRISENTHWAITE ,  Stuart David BILES

IPC: G06F12/14 ,  G06F9/46

CPC classification number: G06F12/1475 ,  G06F9/467 ,  G06F2212/1052

Abstract: An asymmetric multiprocessor system (2) includes a plurality of processor cores (4, 6) supporting transactional memory via controllers (14, 16) as well as one or more processor cores 8 which do not support transactional memory via hardware. The controllers respond to receipt of a request for exclusive access to a lock address by determining whether or not their associated processing element is currently executing a memory transaction guarded by a lock value stored at that lock address and if their processing element is executing such a transaction, then delaying releasing the lock address for exclusive access until a predetermined condition is met. If the processing element is not executing such a guarded memory transaction, then the lock address may be unconditionally released for exclusive access. The predetermined condition may be that a threshold delay has been exceeded since the request was received and/or that the request has previously been received and refused a threshold number of times. The request may arise through execution of a transaction start instruction which serves to read a lock address from an architectural register (76) storing the lock address should the processor executing that transaction start instruction not already be executing a pending memory transaction. If the processor is already executing a memory transaction, then the transaction start instruction need not access the lock value stored at the lock address held within the lock address register (76) as it may be assumed that the lock value has already been checked.

Abstract translation: 非对称多处理器系统（2）包括经由控制器（14,16）支持事务存储器的多个处理器核心（4,6）以及不经由硬件支持事务存储器的一个或多个处理器核心8。 控制器通过确定其相关联的处理元件当前是否正在执行由在该锁定地址处存储的锁定值保护的存储器事务以及它们的处理元件是否正在执行这样的事务来响应对独占访问锁定地址的请求的接收 ，然后延迟释放用于独占访问的锁定地址，直到满足预定条件。 如果处理元件没有执行这样的保护的存储器事务，则可以无条件地释放锁定地址以进行独占访问。 预定条件可以是从接收到请求和/或先前已经接收到请求并拒绝了阈值次数以来已经超过阈值延迟。 如果处理器执行该事务开始指令还没有执行未完成的存储器事务，则可以通过执行事务开始指令来产生请求，该事务开始指令用于从存储锁定地址的架构寄存器（76）读取锁定地址。 如果处理器已经在执行存储器事务处理，则事务开始指令不需要访问存储在锁定地址寄存器（76）内的锁定地址处的锁定值，因为可以假定已经检查了锁定值。

公开(公告)号：US20140075581A1

公开(公告)日：2014-03-13

申请号：US14019580

申请日：2013-09-06

Applicant: ARM LIMITED

Inventor： Thomas Christopher GROCUTT ,  Stuart David BILES ,  Simon John CRASKE

IPC: G06F21/62

CPC classification number: G06F21/629 ,  G06F21/50 ,  G06F21/52 ,  G06F21/54 ,  G06F21/554 ,  G06F21/74 ,  G06F2221/2105

Abstract: A data processing apparatus including processing circuitry having a secure domain and a further different secure domain and a data store for storing data and instructions. The data store includes a plurality of regions each corresponding to a domain, and at least one secure region for storing sensitive data accessible by the data processing circuitry operating in the secure domain and not accessible by the data processing circuitry operating in the further different secure domain and a less secure region for storing less sensitive data. The processing circuitry is configured to verify that a region of the data store storing the program instruction corresponds to a current domain of operation of the processing circuitry and, if not, to verify whether the program instruction includes a guard instruction and, if so, to switch to the domain corresponding to the region of the data store storing the program instruction.

Abstract translation: 一种数据处理装置，包括具有安全域和另一不同安全域的处理电路以及用于存储数据和指令的数据存储。 数据存储器包括多个区域，每个区域各自对应于域，以及至少一个安全区域，用于存储由安全域中操作的数据处理电路可访问的敏感数据，并且不能由在另外不同的安全域中操作的数据处理电路访问 以及用于存储较不敏感数据的较不安全的区域。 处理电路被配置为验证存储程序指令的数据存储区域对应于处理电路的当前操作区域，如果不是，则验证程序指令是否包括保护指令，并且如果是，则 切换到与存储程序指令的数据存储区域对应的域。

公开(公告)号：US20160098555A1

公开(公告)日：2016-04-07

申请号：US14504815

申请日：2014-10-02

Applicant: ARM LIMITED

Inventor： John David MERSH ,  Stuart David BILES

IPC: G06F21/51 ,  H04L9/32 ,  G06F21/57

CPC classification number: G06F21/51 ,  G06F21/57 ,  G06F21/575 ,  G06F2221/033 ,  H04L9/3236 ,  H04L9/3247

Abstract: Program code attestation circuitry and a method of operating such circuitry are provided. The program code attestation circuitry includes first storage, and measurement value generation circuitry that is arranged to store within that first storage a measurement value that is determined by applying a first hash algorithm to input data determined from a code block of the program code. Within a second storage a private key is stored. Further, signature generator circuitry is responsive to an attestation request from a request source external to the program code attestation circuitry to apply, to a derived value derived from the measurement value, a signature algorithm using the private key, in order to generate a signature for output to the request source. From this signature, the request source can then derive information about the stored measurement value sufficient to enable it to ascertain whether that stored measurement value agrees with an expected measurement value for the code block in question. This provides a simple and secure mechanism for attesting as to the correctness of code blocks of program code within a data processing apparatus.

Abstract translation: 提供了程序代码证明电路和操作这种电路的方法。 程序代码认证电路包括第一存储器和测量值生成电路，其被布置为在该第一存储器内存储通过将第一散列算法应用于从程序代码的代码块确定的输入数据而确定的测量值。 在第二个存储器中存储私钥。 此外，签名生成器电路响应来自程序代码认证电路外部的请求源的认证请求，以将从测量值导出的导出值应用于使用私钥的签名算法，以便生成用于 输出到请求源。 根据该签名，请求源可以导出关于所存储的测量值的信息，足以使其能够确定所存储的测量值是否与所讨论的代码块的预期测量值一致。 这提供了一种用于证明数据处理装置内的程序代码块的正确性的简单和安全的机制。

公开(公告)号：US20130132737A1

公开(公告)日：2013-05-23

申请号：US13627209

申请日：2012-09-26

Applicant: ARM LIMITED

Inventor： Matthew James HORSNELL ,  Richard Roy GRISENTHWAITE ,  Daniel KERSHAW ,  Stuart David BILES

IPC: G06F9/30 ,  G06F21/60

CPC classification number: G06F21/602 ,  G06F9/30007 ,  G06F9/30029 ,  G06F9/30032 ,  G06F9/30036 ,  G06F9/30145 ,  G06F9/3887 ,  G09C1/00 ,  H04L9/0643 ,  H04L9/3239 ,  H04L2209/12 ,  H04L2209/125

Abstract: A data processing system 2 includes a single instruction multiple data register file 12 and single instruction multiple processing circuitry 14. The single instruction multiple data processing circuitry 14 supports execution of cryptographic processing instructions for performing parts of a hash algorithm. The operands are stored within the single instruction multiple data register file 12. The cryptographic support instructions do not follow normal lane-based processing and generate output operands in which the different portions of the output operand depend upon multiple different elements within the input operand.