-
1.发明授权Data processing apparatus and method for controlling thread access of register sets when selectively operating in secure and non-secure domains 有权当选择性地在安全和非安全域中操作时,用于控制寄存器组的线程访问的数据处理装置和方法公开(公告)号:US08041930B2
公开(公告)日:2011-10-18
申请号:US11919757
申请日:2005-05-11
IPC分类号: G06F9/00
CPC分类号: G06F9/30123 , G06F9/3012 , G06F9/3851
摘要: The data processing apparatus has processing logic for performing data processing operations and a register bank for storing data associated with the processing logic. The register bank has at least one register group, each register group having a plurality of register sets. The processing logic has an operating state associated with each register group defining how that register group is used, a first operating state being a state in which each register set in the register group is used to support an independent execution thread of the processing logic, and a second operating state being a state in which the register sets of the register group are collectively used to support a single execution thread of the processing logic. Control logic is provided to control how the register sets of each register group are used dependent on the operating state associated with that register group.
摘要翻译: 数据处理装置具有用于执行数据处理操作的处理逻辑和用于存储与处理逻辑相关联的数据的寄存器组。 寄存器组具有至少一个寄存器组,每个寄存器组具有多个寄存器组。 处理逻辑具有与定义如何使用该寄存器组的每个寄存器组相关联的操作状态,第一操作状态是其中在寄存器组中设置的每个寄存器用于支持处理逻辑的独立执行线程的状态,以及 第二操作状态是将寄存器组的寄存器组集中用于支持处理逻辑的单个执行线程的状态。 提供控制逻辑以根据与该寄存器组相关联的操作状态来控制如何使用每个寄存器组的寄存器组。
-
公开(公告)号:US20070143515A1
公开(公告)日:2007-06-21
申请号:US11603091
申请日:2006-11-22
IPC分类号: G06F13/26
摘要: An interrupt controller 2 is provided with priority registers 6 storing priority values P0-P9 used to determine prioritisation between received interrupt signals I0-I9. A priority value accessing circuit 10 provides multiple mappings to the priority values stored in dependence upon the priority value manager 16, 18, seeking to make an access. In this way, a first priority value manager 18, such as a secure operating system, can be given exclusive access to the highest priority values whilst a second priority value manager 16, such as a non-secure operating system, can be given access to a range of priority values as stored which are of a lower priority and yet as written or read by the non-secure operating system appear to the non-secure operating system to have a different, such as higher, priority level.
摘要翻译: 中断控制器2设置有优先级寄存器6,优先级寄存器6存储优先级值P 0 -P 9,用于确定接收到的中断信号I 0至I 9之间的优先级。 优先级值访问电路10根据优先权值管理器16,18存储的优先权值提供多个映射,寻求进行访问。 以这种方式,诸如安全操作系统的第一优先级值管理器18可以被授予对最高优先级值的排他访问,而可以给予诸如非安全操作系统的第二优先级值管理器16访问 所存储的优先级较低的范围的优先权较低,但由非安全操作系统写入或读取,对于非安全操作系统来说,具有不同的,例如较高的优先级。
-
公开(公告)号:US07506091B2
公开(公告)日:2009-03-17
申请号:US11603091
申请日:2006-11-22
摘要: An interrupt controller 2 is provided with priority registers 6 storing priority values P0-P9 used to determine prioritisation between received interrupt signals I0-I9. A priority value accessing circuit 10 provides multiple mappings to the priority values stored in dependence upon the priority value manager 16, 18, seeking to make an access. In this way, a first priority value manager 18, such as a secure operating system, can be given exclusive access to the highest priority values whilst a second priority value manager 16, such as a non-secure operating system, can be given access to a range of priority values as stored which are of a lower priority and yet as written or read by the non-secure operating system appear to the non-secure operating system to have a different, such as higher, priority level.
摘要翻译: 中断控制器2设置有优先级寄存器6,优先级寄存器6存储用于确定接收的中断信号I0-I9之间的优先级的优先权值P0-P9。 优先级值访问电路10根据优先权值管理器16,18存储的优先权值提供多个映射,寻求进行访问。 以这种方式,诸如安全操作系统的第一优先级值管理器18可以被授予对最高优先级值的排他访问,而可以给予诸如非安全操作系统的第二优先级值管理器16访问 所存储的优先级较低的范围的优先权较低,但由非安全操作系统写入或读取,对于非安全操作系统来说,具有不同的,例如较高的优先级。
-
4.发明授权公开(公告)号:US07529916B2
公开(公告)日:2009-05-05
申请号:US11504780
申请日:2006-08-16
IPC分类号: G06F9/00
CPC分类号: G06F9/45533 , G06F9/30101 , G06F9/30181 , G06F9/30189 , G06F9/462 , G06F9/468 , G06F9/4812 , G06F21/74
摘要: A data processing apparatus and method are provided for controlling access to registers. The data processing apparatus comprises a processing unit for performing data processing operations on data values, the processing unit having a plurality of modes of operation. A plurality of registers are provided for storing data values for access by the processing unit, with a subset of those registers being mode specific registers. Each mode specific register is used by the processing unit when operating in an associated mode of operation. The processing unit is switchable between a plurality of contexts, the data values stored in the plurality of registers being dependent on a current context of the processing unit. The processing unit performs a switch operation to switch from the current context to a new context, during which the data values in the registers are updated having regard to the new context. A control register is provided which, for at least one mode of operation having at least one mode specific register associated therewith, has an access field which is programmable by the processing unit when operating in a predetermined mode of operation. When the access field is set, the processing unit is selectively denied access to the associated at least one mode specific register, whereby updating of the data values in the associated at least one mode specific register is avoided during the switch operation. This significantly increases the speed of the switch operation.
摘要翻译: 提供了一种用于控制对寄存器的访问的数据处理装置和方法。 数据处理装置包括用于对数据值执行数据处理操作的处理单元,所述处理单元具有多种操作模式。 提供多个寄存器用于存储用于由处理单元访问的数据值,其中这些寄存器的子集是模式特定寄存器。 当在相关联的操作模式下操作时,处理单元使用每个模式特定寄存器。 处理单元可在多个上下文之间切换,存储在多个寄存器中的数据值取决于处理单元的当前上下文。 处理单元执行切换操作以从当前上下文切换到新的上下文,在此期间,考虑到新的上下文,更新寄存器中的数据值。 提供控制寄存器,对于具有与其相关联的至少一个模式特定寄存器的至少一种操作模式,具有在以预定操作模式操作时由处理单元可编程的访问字段。 当访问字段被设置时,处理单元被选择性地拒绝对相关联的至少一个模式特定寄存器的访问,由此在切换操作期间避免在相关联的至少一个模式特定寄存器中更新数据值。 这显着提高了开关操作的速度。
-
5.发明申请公开(公告)号:US20080046701A1
公开(公告)日:2008-02-21
申请号:US11504780
申请日:2006-08-16
IPC分类号: G06F9/44
CPC分类号: G06F9/45533 , G06F9/30101 , G06F9/30181 , G06F9/30189 , G06F9/462 , G06F9/468 , G06F9/4812 , G06F21/74
摘要: A data processing apparatus and method are provided for controlling access to registers. The data processing apparatus comprises a processing unit for performing data processing operations on data values, the processing unit having a plurality of modes of operation. A plurality of registers are provided for storing data values for access by the processing unit, with a subset of those registers being mode specific registers. Each mode specific register is used by the processing unit when operating in an associated mode of operation. The processing unit is switchable between a plurality of contexts, the data values stored in the plurality of registers being dependent on a current context of the processing unit. The processing unit performs a switch operation to switch from the current context to a new context, during which the data values in the registers are updated having regard to the new context. A control register is provided which, for at least one mode of operation having at least one mode specific register associated therewith, has an access field which is programmable by the processing unit when operating in a predetermined mode of operation. When the access field is set, the processing unit is selectively denied access to the associated at least one mode specific register, whereby updating of the data values in the associated at least one mode specific register is avoided during the switch operation. This significantly increases the speed of the switch operation.
摘要翻译: 提供了一种用于控制对寄存器的访问的数据处理装置和方法。 数据处理装置包括用于对数据值执行数据处理操作的处理单元,所述处理单元具有多种操作模式。 提供多个寄存器用于存储用于由处理单元访问的数据值,其中这些寄存器的子集是模式特定寄存器。 当在相关联的操作模式下操作时,处理单元使用每个模式特定寄存器。 处理单元可在多个上下文之间切换,存储在多个寄存器中的数据值取决于处理单元的当前上下文。 处理单元执行切换操作以从当前上下文切换到新的上下文,在此期间,考虑到新的上下文,更新寄存器中的数据值。 提供控制寄存器,对于具有与其相关联的至少一个模式特定寄存器的至少一种操作模式,具有在以预定操作模式操作时由处理单元可编程的访问字段。 当访问字段被设置时,处理单元被选择性地拒绝对相关联的至少一个模式特定寄存器的访问,由此在切换操作期间避免在相关联的至少一个模式特定寄存器中更新数据值。 这显着提高了开关操作的速度。
-
公开(公告)号:US07886098B2
公开(公告)日:2011-02-08
申请号:US11898640
申请日:2007-09-13
申请人: Daniel Kershaw , Stuart David Biles
发明人: Daniel Kershaw , Stuart David Biles
CPC分类号: G06F12/1416 , G06F12/1491
摘要: A data processing apparatus and method for generating access requests is provided. A bus master is provided which can operate either in a secure domain or a non-secure domain of the data processing apparatus, according to a signal received from external to the bus master. The signal is generated to be fixed during normal operation of the bus master. Control logic is provided which, when the bus master device is operating in a secure domain, is operable to generate a domain specifying signal associated with an access request generated by the bus master core indicating either secure or non-secure access, in dependence on either a default memory map or securely defined memory region descriptors. Thus, the bus master operating in a secure domain can generate both secure and non-secure accesses, without itself being able to switch between secure and non-secure operation.
摘要翻译: 提供了一种用于产生访问请求的数据处理装置和方法。 根据从总线主机外部接收的信号,提供可以在数据处理装置的安全域或非安全域中操作的总线主机。 在总线主机的正常工作期间,生成固定信号。 提供控制逻辑,当总线主设备在安全域中操作时,可以根据总线主机核心生成的指示安全或非安全访问的访问请求产生一个域指定信号, 默认内存映射或安全定义的内存区域描述符。 因此,在安全域中操作的总线主机可以生成安全和非安全访问,而无需在安全和非安全操作之间进行切换。
-
公开(公告)号:US20130103972A1
公开(公告)日:2013-04-25
申请号:US13317593
申请日:2011-10-24
IPC分类号: G06F11/07
CPC分类号: G06F11/1415 , G06F11/0727 , G06F11/076 , G06F11/0787 , G06F2201/86
摘要: A data processing apparatus has a plurality of storage elements residing at different physical locations within the apparatus, and fault history circuitry for detecting local transient faults occurring in each storage element, and for maintaining global transient fault history data based on the detected local transient faults. Analysis circuitry monitors the global transient fault history data to determine, based on predetermined criteria, whether the global transient fault history data is indicative of random transient faults occurring within the data processing apparatus, or is indicative of a coordinated transient fault attack. The analysis circuitry is then configured to initiate a countermeasure action on determination of a coordinated transient fault attack. This provides a simple and effective mechanism for distinguishing between random transient faults that may naturally occur, and a coordinated transient fault attack that may be initiated in an attempt to circumvent the security of the data processing apparatus.
-
公开(公告)号:US07966466B2
公开(公告)日:2011-06-21
申请号:US12068449
申请日:2008-02-06
IPC分类号: G06F12/00
CPC分类号: G06F12/1483 , G06F9/30076
摘要: Access to memory address space is controlled by memory access control circuitry using access control data. The ability to change the access control data is controlled by domain control circuitry. Whether or not an instruction stored within a particular domain, being a set of memory addresses, is able to modify the access control data is dependent upon the domain concerned. Thus, the ability to change access control data can be restricted to instructions stored within particular defined locations within the memory address space thereby enhancing security. This capability allows systems to be provided in which call forwarding to an operating system can be enforced via call forwarding code and where trusted regions of the memory address space can be established into which a secure operating system may write data with increased confidence that that data will only be accessible by trusted software executing under control of a non-secure operating system.
摘要翻译: 使用访问控制数据的存储器访问控制电路控制对存储器地址空间的访问。 更改访问控制数据的能力由域控制电路控制。 作为一组存储器地址的存储在特定域内的指令是否能够修改访问控制数据取决于所涉及的域。 因此,改变访问控制数据的能力可以被限制为存储在存储器地址空间内的特定定义位置内的指令,从而增强安全性。 该功能允许提供系统,其中可以通过呼叫转移代码来实施对操作系统的呼叫转移,并且可以建立存储器地址空间的可信区域,安全操作系统可以以更高的置信度写入数据,该数据将 只能通过在非安全操作系统的控制下执行的可信软件来访问。
-
9.发明授权Data processing apparatus and method for analysing transient faults occurring within storage elements of the data processing apparatus 有权用于分析数据处理装置的存储元件内发生的瞬态故障的数据处理装置和方法公开(公告)号:US08732523B2
公开(公告)日:2014-05-20
申请号:US13317593
申请日:2011-10-24
IPC分类号: G06F11/00
CPC分类号: G06F11/1415 , G06F11/0727 , G06F11/076 , G06F11/0787 , G06F2201/86
摘要: A data processing apparatus has a plurality of storage elements residing at different physical locations within the apparatus, and fault history circuitry for detecting local transient faults occurring in each storage element, and for maintaining global transient fault history data based on the detected local transient faults. Analysis circuitry monitors the global transient fault history data to determine, based on predetermined criteria, whether the global transient fault history data is indicative of random transient faults occurring within the data processing apparatus, or is indicative of a coordinated transient fault attack. The analysis circuitry is then configured to initiate a countermeasure action on determination of a coordinated transient fault attack. This provides a simple and effective mechanism for distinguishing between random transient faults that may naturally occur, and a coordinated transient fault attack that may be initiated in an attempt to circumvent the security of the data processing apparatus.
摘要翻译: 数据处理装置具有驻留在装置内的不同物理位置的多个存储元件,以及故障历史电路,用于检测每个存储元件中发生的局部瞬态故障,并且用于基于检测到的局部瞬态故障来维护全局瞬态故障历史数据。 分析电路监视全局瞬态故障历史数据,以基于预定标准确定全局瞬态故障历史数据是否表示在数据处理装置内发生的随机瞬态故障,或指示协调的瞬时故障攻击。 分析电路然后被配置为启动对协调的瞬态故障攻击的确定的对策动作。 这提供了一种用于区分可能自然发生的随机瞬态故障的简单和有效的机制,以及可以在试图绕过数据处理设备的安全性时发起的协调的瞬态故障攻击。
-
公开(公告)号:US20080250217A1
公开(公告)日:2008-10-09
申请号:US12068449
申请日:2008-02-06
CPC分类号: G06F12/1483 , G06F9/30076
摘要: Access to memory address space is controlled by memory access control circuitry using access control data. The ability to change the access control data is controlled by domain control circuitry. Whether or not an instruction stored within a particular domain, being a set of memory addresses, is able to modify the access control data is dependent upon the domain concerned. Thus, the ability to change access control data can be restricted to instructions stored within particular defined locations within the memory address space thereby enhancing security. This capability allows systems to be provided in which call forwarding to an operating system can be enforced via call forwarding code and where trusted regions of the memory address space can be established into which a secure operating system may write data with increased confidence that that data will only be accessible by trusted software executing under control of a non-secure operating system.
摘要翻译: 使用访问控制数据的存储器访问控制电路控制对存储器地址空间的访问。 更改访问控制数据的能力由域控制电路控制。 作为一组存储器地址的存储在特定域内的指令是否能够修改访问控制数据取决于所涉及的域。 因此,改变访问控制数据的能力可以被限制为存储在存储器地址空间内的特定定义位置内的指令,从而增强安全性。 该功能允许提供系统,其中可以通过呼叫转移代码来实施对操作系统的呼叫转移,并且可以建立存储器地址空间的可信区域,安全操作系统可以以更高的置信度写入数据,该数据将 只能通过在非安全操作系统的控制下执行的可信软件来访问。
-
-
-
-
-
-
-
-
-
搜索结果
65 条记录 (耗时 0.025 秒)
