公开(公告)号：US12001541B2

公开(公告)日：2024-06-04

申请号：US17267193

申请日：2019-09-05

Applicant: Arm Limited

Inventor： Nicholas Wood

IPC: G06F21/62 ,  G06F12/14 ,  G06F21/51 ,  H04L9/32

CPC classification number: G06F21/51 ,  G06F12/1458 ,  G06F21/62 ,  H04L9/3247 ,  G06F2212/1052 ,  G06F2221/033 ,  G06F2221/2145

Abstract: Memory access circuitry 26 controls access to memory based on ownership information defining, for a given memory region, an owner realm specified from among two or more realms, each realm corresponding to at least a portion of a software processes miming on processing circuitry 8. The owner realm has a right to exclude other realms from accessing data stored within the given memory region. On activation of a target realm, it is detected whether a parameter signature derived from security configuration parameters established for the target realm matches an expected signature; and in response to detecting a mismatch between the parameter signature and the expected signature, an activation restriction is applied to the target realm to prevent the activation of target realm or prevent correct functioning of the target realm following activation.

公开(公告)号：US11481339B2

公开(公告)日：2022-10-25

申请号：US17267941

申请日：2019-09-03

Applicant: Arm Limited

Inventor： Nicholas Wood

IPC: G06F12/14 ,  G06F21/60 ,  G06F21/79

Abstract: Memory access circuitry controls access to memory based on ownership information defining, for a given memory region, an owner realm specified from among two or more realms, each realm corresponding to at least a portion of a software processes running on processing circuitry. The owner realm has a right to exclude other realms from accessing data stored within the given memory region. When security configuration parameters for a given realm specify that the given realm is associated with a trusted intermediary realm identified by the security configuration parameters, the trusted intermediary realm may be allowed to perform at least one realm management function for the given realm, e.g. provision of secret keys and/or saving/restoring of security configuration parameters. This can enable use cases where multiple instances of the same realm with common parameters need to be established on the same system at different times or on different systems.

公开(公告)号：US11546165B2

公开(公告)日：2023-01-03

申请号：US16972326

申请日：2019-05-24

Applicant: Arm Limited

Inventor： Nicholas Wood

IPC: H04L9/40 ,  H04L9/32 ,  G06F21/44 ,  G06F21/57 ,  H04L9/08

Abstract: A method comprises: a first data processing device requesting attestation of a second data processing device; the second data processing device generating a device-specific attestation message in dependence upon a device-specific key, a hardware configuration of the second data processing device and a software configuration of software running on the second data processing device; the second data processing device generating an application-specific attestation message in dependence upon an interaction protocol by which the first data processing device and the second data processing device interact; the second data processing device cryptographically binding the application-specific attestation message to the device-specific attestation message; the first data processing device verifying the application-specific attestation message, the verifying step comprising detecting a trusted status of the application-specific attestation message by verifying the device-specific attestation message cryptographically bound to the application-specific attestation message; and the first data processing device establishing an interaction with the second data processing device according to the interaction protocol, in dependence upon the verified application-specific attestation message.