-
公开(公告)号:US20080046762A1
公开(公告)日:2008-02-21
申请号:US11889644
申请日:2007-08-15
IPC分类号: G06F12/14
摘要: A data processing apparatus and method for protecting system control registers is provided. Processing logic is providing for executing software routines and a plurality of system control registers are used to store access control information for a plurality of system resources available to the processing logic when executing at least some of those software routines. Additionally, at least one write control register is provided, with each field of that register being associated with one or more of the system control registers. Disable control logic is used to generate a disable signal, and when that disable signal is clear access control information can be written into the system control registers, and write restriction data can be written into each of the fields of the at least one write control register. Then, when the disable control logic sets the disable signal, the at least one write control register becomes read only, and for each field that has write restriction data therein those associated system control registers indicated by the write restriction data also become read only. This mechanism provides a very flexible approach for programming which system control registers are to be treated as read only registers.
摘要翻译: 提供一种用于保护系统控制寄存器的数据处理装置和方法。 处理逻辑正在提供执行软件程序,并且当执行这些软件程序中的至少一些时,多个系统控制寄存器用于存储可用于处理逻辑的多个系统资源的访问控制信息。 此外,提供至少一个写入控制寄存器,该寄存器的每个字段与一个或多个系统控制寄存器相关联。 禁止控制逻辑用于产生禁用信号,当禁用信号清除时,访问控制信息可以写入系统控制寄存器,写入限制数据可写入至少一个写入控制寄存器的每个字段 。 然后,当禁用控制逻辑设置禁止信号时,至少一个写入控制寄存器变为只读,并且对于其中具有写入限制数据的每个字段,由写入限制数据指示的那些相关联的系统控制寄存器也变为只读。 这种机制提供了非常灵活的编程方式,哪些系统控制寄存器被视为只读寄存器。
-
公开(公告)号:US20070143515A1
公开(公告)日:2007-06-21
申请号:US11603091
申请日:2006-11-22
IPC分类号: G06F13/26
摘要: An interrupt controller 2 is provided with priority registers 6 storing priority values P0-P9 used to determine prioritisation between received interrupt signals I0-I9. A priority value accessing circuit 10 provides multiple mappings to the priority values stored in dependence upon the priority value manager 16, 18, seeking to make an access. In this way, a first priority value manager 18, such as a secure operating system, can be given exclusive access to the highest priority values whilst a second priority value manager 16, such as a non-secure operating system, can be given access to a range of priority values as stored which are of a lower priority and yet as written or read by the non-secure operating system appear to the non-secure operating system to have a different, such as higher, priority level.
摘要翻译: 中断控制器2设置有优先级寄存器6,优先级寄存器6存储优先级值P 0 -P 9,用于确定接收到的中断信号I 0至I 9之间的优先级。 优先级值访问电路10根据优先权值管理器16,18存储的优先权值提供多个映射,寻求进行访问。 以这种方式,诸如安全操作系统的第一优先级值管理器18可以被授予对最高优先级值的排他访问,而可以给予诸如非安全操作系统的第二优先级值管理器16访问 所存储的优先级较低的范围的优先权较低,但由非安全操作系统写入或读取,对于非安全操作系统来说,具有不同的,例如较高的优先级。
-
公开(公告)号:US08010772B2
公开(公告)日:2011-08-30
申请号:US12068448
申请日:2008-02-06
CPC分类号: G06F9/322 , G06F9/30054 , G06F9/30076 , G06F9/30101 , G06F12/145 , G06F2212/1004
摘要: Memory address space is divided into domains and instruction access control circuitry is used to detect when the memory address from which an instruction to be executed is fetched has crossed a domain boundary and changed and in such cases to conduct a check to ensure that the instruction within the new domain is a permitted instruction of a permitted form. The permitted instruction can be arranged to be a no operation instruction other than in respect of the instruction access control circuitry, in order to assist backward compatibility.
摘要翻译: 存储器地址空间被划分为域,并且指令访问控制电路用于检测何时提取要执行的指令的存储器地址已经越过域边界并被改变,并且在这种情况下进行检查以确保在 新域名是允许的表单的允许指令。 允许的指令可以被布置为除指令访问控制电路之外的不操作指令,以便有助于向后兼容性。
-
公开(公告)号:US07966466B2
公开(公告)日:2011-06-21
申请号:US12068449
申请日:2008-02-06
IPC分类号: G06F12/00
CPC分类号: G06F12/1483 , G06F9/30076
摘要: Access to memory address space is controlled by memory access control circuitry using access control data. The ability to change the access control data is controlled by domain control circuitry. Whether or not an instruction stored within a particular domain, being a set of memory addresses, is able to modify the access control data is dependent upon the domain concerned. Thus, the ability to change access control data can be restricted to instructions stored within particular defined locations within the memory address space thereby enhancing security. This capability allows systems to be provided in which call forwarding to an operating system can be enforced via call forwarding code and where trusted regions of the memory address space can be established into which a secure operating system may write data with increased confidence that that data will only be accessible by trusted software executing under control of a non-secure operating system.
摘要翻译: 使用访问控制数据的存储器访问控制电路控制对存储器地址空间的访问。 更改访问控制数据的能力由域控制电路控制。 作为一组存储器地址的存储在特定域内的指令是否能够修改访问控制数据取决于所涉及的域。 因此,改变访问控制数据的能力可以被限制为存储在存储器地址空间内的特定定义位置内的指令,从而增强安全性。 该功能允许提供系统,其中可以通过呼叫转移代码来实施对操作系统的呼叫转移,并且可以建立存储器地址空间的可信区域,安全操作系统可以以更高的置信度写入数据,该数据将 只能通过在非安全操作系统的控制下执行的可信软件来访问。
-
公开(公告)号:US07506091B2
公开(公告)日:2009-03-17
申请号:US11603091
申请日:2006-11-22
摘要: An interrupt controller 2 is provided with priority registers 6 storing priority values P0-P9 used to determine prioritisation between received interrupt signals I0-I9. A priority value accessing circuit 10 provides multiple mappings to the priority values stored in dependence upon the priority value manager 16, 18, seeking to make an access. In this way, a first priority value manager 18, such as a secure operating system, can be given exclusive access to the highest priority values whilst a second priority value manager 16, such as a non-secure operating system, can be given access to a range of priority values as stored which are of a lower priority and yet as written or read by the non-secure operating system appear to the non-secure operating system to have a different, such as higher, priority level.
摘要翻译: 中断控制器2设置有优先级寄存器6,优先级寄存器6存储用于确定接收的中断信号I0-I9之间的优先级的优先权值P0-P9。 优先级值访问电路10根据优先权值管理器16,18存储的优先权值提供多个映射,寻求进行访问。 以这种方式,诸如安全操作系统的第一优先级值管理器18可以被授予对最高优先级值的排他访问,而可以给予诸如非安全操作系统的第二优先级值管理器16访问 所存储的优先级较低的范围的优先权较低,但由非安全操作系统写入或读取,对于非安全操作系统来说,具有不同的,例如较高的优先级。
-
公开(公告)号:US08132254B2
公开(公告)日:2012-03-06
申请号:US11889644
申请日:2007-08-15
IPC分类号: G06F21/00
摘要: A data processing apparatus and method for protecting system control registers is provided. Processing logic is providing for executing software routines and a plurality of system control registers are used to store access control information for a plurality of system resources available to the processing logic when executing at least some of those software routines. Additionally, at least one write control register is provided, with each field of that register being associated with one or more of the system control registers. Disable control logic is used to generate a disable signal, and when that disable signal is clear access control information can be written into the system control registers, and write restriction data can be written into each of the fields of the at least one write control register. Then, when the disable control logic sets the disable signal, the at least one write control register becomes read only, and for each field that has write restriction data therein those associated system control registers indicated by the write restriction data also become read only. This mechanism provides a very flexible approach for programming which system control registers are to be treated as read only registers.
摘要翻译: 提供一种用于保护系统控制寄存器的数据处理装置和方法。 处理逻辑正在提供执行软件程序,并且当执行这些软件程序中的至少一些时,多个系统控制寄存器用于存储可用于处理逻辑的多个系统资源的访问控制信息。 此外,提供至少一个写入控制寄存器,该寄存器的每个字段与一个或多个系统控制寄存器相关联。 禁止控制逻辑用于产生禁用信号,当禁用信号清除时,访问控制信息可以写入系统控制寄存器,写入限制数据可写入至少一个写入控制寄存器的每个字段 。 然后,当禁用控制逻辑设置禁止信号时,至少一个写入控制寄存器变为只读,并且对于其中具有写入限制数据的每个字段,由写入限制数据指示的那些相关联的系统控制寄存器也变为只读。 这种机制提供了非常灵活的编程方式,哪些系统控制寄存器被视为只读寄存器。
-
公开(公告)号:US20080250217A1
公开(公告)日:2008-10-09
申请号:US12068449
申请日:2008-02-06
CPC分类号: G06F12/1483 , G06F9/30076
摘要: Access to memory address space is controlled by memory access control circuitry using access control data. The ability to change the access control data is controlled by domain control circuitry. Whether or not an instruction stored within a particular domain, being a set of memory addresses, is able to modify the access control data is dependent upon the domain concerned. Thus, the ability to change access control data can be restricted to instructions stored within particular defined locations within the memory address space thereby enhancing security. This capability allows systems to be provided in which call forwarding to an operating system can be enforced via call forwarding code and where trusted regions of the memory address space can be established into which a secure operating system may write data with increased confidence that that data will only be accessible by trusted software executing under control of a non-secure operating system.
摘要翻译: 使用访问控制数据的存储器访问控制电路控制对存储器地址空间的访问。 更改访问控制数据的能力由域控制电路控制。 作为一组存储器地址的存储在特定域内的指令是否能够修改访问控制数据取决于所涉及的域。 因此,改变访问控制数据的能力可以被限制为存储在存储器地址空间内的特定定义位置内的指令,从而增强安全性。 该功能允许提供系统,其中可以通过呼叫转移代码来实施对操作系统的呼叫转移,并且可以建立存储器地址空间的可信区域,安全操作系统可以以更高的置信度写入数据,该数据将 只能通过在非安全操作系统的控制下执行的可信软件来访问。
-
公开(公告)号:US20080250216A1
公开(公告)日:2008-10-09
申请号:US12068448
申请日:2008-02-06
CPC分类号: G06F9/322 , G06F9/30054 , G06F9/30076 , G06F9/30101 , G06F12/145 , G06F2212/1004
摘要: Memory address space is divided into domains and instruction access control circuitry is used to detect when the memory address from which an instruction to be executed is fetched has crossed a domain boundary and changed and in such cases to conduct a check to ensure that the instruction within the new domain is a permitted instruction of a permitted form. The permitted instruction can be arranged to be a no operation instruction other than in respect of the instruction access control circuitry, in order to assist backward compatibility.
摘要翻译: 存储器地址空间被划分为域,并且指令访问控制电路用于检测何时提取要执行的指令的存储器地址已经越过域边界并被改变,并且在这种情况下进行检查以确保在 新域名是允许的表单的允许指令。 允许的指令可以被布置为除指令访问控制电路之外的不操作指令,以便有助于向后兼容性。
-
9.发明授权Maintaining secure data isolated from non-secure access when switching between domains 有权在域之间切换时,维护与非安全访问隔离的安全数据公开(公告)号:US09477834B2
公开(公告)日:2016-10-25
申请号:US13368419
申请日:2012-02-08
CPC分类号: G06F21/52 , G06F9/30134 , G06F9/462 , G06F21/6245 , G06F2221/2105
摘要: A data processing apparatus including circuitry for performing data processing, a plurality of registers; and a data store including regions having different secure levels, at least one secure region (for storing sensitive data accessible by the data processing circuitry operating in the secure domain and not accessible by the data processing circuitry operating in a less secure domain) and a less secure region (for storing less secure data). The circuitry is configured to determine which stack to store data to, or load data from, in response to the storage location of the program code being executed. In response to program code calling a function to be executed, the function code being stored in a second region, the second region having a different secure level to the first region, the data processing circuitry is configured to determine which of the first and second region have a lower secure level.
摘要翻译: 一种数据处理装置,包括用于执行数据处理的电路,多个寄存器; 以及包括具有不同安全级别的区域的数据存储器,至少一个安全区域(用于存储由安全域中操作的数据处理电路可访问并且不能由不安全域中操作的数据处理电路访问的敏感数据)和少于 安全区域(用于存储较不安全的数据)。 电路被配置为响应于正在执行的程序代码的存储位置来确定将数据存储到数据或从其加载数据。 响应于调用要执行的功能的程序代码,存储在第二区域中的功能代码,第二区域具有与第一区域不同的安全级别,数据处理电路被配置为确定第一和第二区域中的哪一个 具有较低的安全级别。
-
公开(公告)号:US08856408B2
公开(公告)日:2014-10-07
申请号:US12923723
申请日:2010-10-05
申请人: Peter Andrew Riocreux , Bruce James Mathewson , Christopher William Laycock , Richard Roy Grisenthwaite
发明人: Peter Andrew Riocreux , Bruce James Mathewson , Christopher William Laycock , Richard Roy Grisenthwaite
IPC分类号: G06F3/00 , G06F5/00 , G06F13/362 , G06F13/364 , G06F13/16
CPC分类号: G06F13/362 , G06F13/1621 , G06F13/1689 , G06F13/364
摘要: Interconnect circuitry is configured to provide data routes via which at least one initiator device may access at least one recipient device, the circuitry including at least one input for receiving transaction requests; at least one output for outputting transaction requests; at least one path for transmitting the transaction requests between the input and the output. Control circuitry routes received transaction requests from the input to the output in response to a barrier transaction request. An ordering of at least some transaction requests is maintained with respect to the barrier transaction request within a stream of transaction requests passing along one of the at least one paths, by not allowing reordering of at least some of the transactions requests. The control circuitry includes a response signal generator, the response signal generator is responsive to receipt of the barrier transaction request to issue a response signal.
摘要翻译: 互连电路被配置为提供数据路由,至少一个发起者设备可经由该路径访问至少一个接收方设备,该电路包括用于接收交易请求的至少一个输入; 用于输出交易请求的至少一个输出; 用于在输入和输出之间传送事务请求的至少一个路径。 响应于屏障事务请求,控制电路将接收的事务请求从输入路由到输出。 通过不允许对至少一些交易请求进行重新排序,关于通过所述至少一个路径中的一个路径的事务请求流中的屏障事务请求来维护至少一些事务请求的排序。 控制电路包括响应信号发生器,响应信号发生器响应于接收到屏障事务请求以发出响应信号。
-
-
-
-
-
-
-
-
-
搜索结果
101 条记录 (耗时 0.022 秒)
