公开(公告)号：US20150268706A1

公开(公告)日：2015-09-24

申请号：US14304894

申请日：2014-06-14

Applicant: QUALCOMM INCORPORATED

Inventor： TERO KUKOLA ,  CARL VICTOR STREETER ,  THOMAS ZENG ,  AJAYKUMAR SHANKARGOUDA PATIL ,  CHRISTOPHER ALAN PAGNOTTA ,  VINAY JAIN ,  SATYAKI MUKHERJEE ,  AZZEDINE TOUZNI

IPC: G06F1/26 ,  G06F21/64

CPC classification number: G06F21/64 ,  G06F21/81

Abstract: Various embodiments of methods and systems for hardware-based memory power management (“HMPM”) in a portable computing device (“PCD”) running secure and non-secure execution environments are disclosed. Hardware-based state machines are uniquely associated with, and under the control of, the non-secure execution environment, the secure execution environment and a virtual manager, respectively. The states of the state machines constitute votes by each of the execution environments and the virtual manager to control the power supply state to the memory component, such as a cache memory. The votes are monitored by a digital circuit that, based on a combination logic of the votes, generates an output signal to trigger a power management component to maintain, supply or remove power on a rail associated with the memory component. In this way, the power supply state to the memory component cannot be unilaterally changed by an application running in the non-secure execution environment.

Abstract translation: 公开了在运行安全和非安全执行环境的便携式计算设备（“PCD”）中用于基于硬件的存储器功率管理（“HMPM”）的方法和系统的各种实施例。 基于硬件的状态机分别与非安全执行环境，安全执行环境和虚拟管理器独立地相关联并在其控制下。 状态机的状态由每个执行环境和虚拟管理器构成投票，以控制诸如高速缓冲存储器的存储器组件的电源状态。 投票由数字电路监控，该数字电路基于投票的组合逻辑产生输出信号以触发电力管理组件以维持，提供或移除与存储器组件相关联的轨道上的电力。 以这种方式，通过在非安全执行环境中运行的应用程序不能单方面地改变对存储器组件的供电状态。

公开(公告)号：US20150002523A1

公开(公告)日：2015-01-01

申请号：US14014032

申请日：2013-08-29

Applicant: Qualcomm Incorporated

Inventor： THOMAS ZENG ,  AZZEDINE TOUZNI ,  WILLIAM TORZEWSKI

IPC: G06F21/71 ,  G06T1/20

CPC classification number: G06F21/71 ,  G06F21/74 ,  G06F2221/2113 ,  G06T1/20

Abstract: Systems, methods, and computer programs are disclosed for providing secure access control to a graphics processing unit (GPU). One system includes a GPU, a plurality GPU programming interfaces, and a command processor. Each GPU programming interface is dynamically assigned to a different one of a plurality of security zones. Each GPU programming interface is configured to receive work orders issued by one or more applications associated with the corresponding security zone. The work orders comprise instructions to be executed by the GPU. The command processor is in communication with the plurality of GPU programming interfaces. The command processor is configured to control execution of the work orders received by the plurality of GPU programming interfaces using separate secure memory regions. Each secure memory region is allocated to one of the plurality of security zones.

Abstract translation: 公开了用于向图形处理单元（GPU）提供安全访问控制的系统，方法和计算机程序。 一个系统包括GPU，多个GPU编程接口和命令处理器。 每个GPU编程接口被动态分配给多个安全区中的不同的一个。 每个GPU编程接口被配置为接收由与相应安全区相关联的一个或多个应用发出的工作命令。 工作单包括由GPU执行的指令。 命令处理器与多个GPU编程接口通信。 命令处理器被配置为使用单独的安全存储器区域来控制由多个GPU编程接口接收的工作订单的执行。 每个安全存储器区域被分配给多个安全区域中的一个。

公开(公告)号：US20170083456A1

公开(公告)日：2017-03-23

申请号：US15086128

申请日：2016-03-31

Applicant: QUALCOMM INCORPORATED

Inventor： THOMAS ZENG ,  AZZEDINE TOUZNI ,  TZUNG REN TZENG ,  PHIL J. BOSTLEY

IPC: G06F12/14 ,  G06F9/455 ,  G06F12/1027

CPC classification number: G06F12/145 ,  G06F9/45504 ,  G06F12/1027 ,  G06F12/1491 ,  G06F21/79 ,  G06F2212/1032 ,  G06F2212/151 ,  G06F2212/152 ,  G06F2212/654 ,  G06F2212/68

Abstract: A security apparatus and method are provided for performing a security algorithm that prevents unauthorized access to contents of a physical address (PA) that have been loaded into a storage element of the computer system as a result of performing a prediction algorithm during a hardware table walk that uses a predictor to predict a PA based on a virtual address (VA). When the predictor is enabled, it might be possible for a person with knowledge of the system to configure the predictor to cause contents stored at a PA of a secure portion of the main memory to be loaded into a register in the TLB. In this way, a person who should not have access to contents stored in secure portions of the main memory could indirectly gain unauthorized access to those contents. The apparatus and method prevent such unauthorized access to the contents by masking the contents under certain conditions.

公开(公告)号：US20190163645A1

公开(公告)日：2019-05-30

申请号：US16204965

申请日：2018-11-29

Applicant: QUALCOMM INCORPORATED

Inventor： THOMAS ZENG ,  Samar Asbe ,  Adam Openshaw

IPC: G06F12/1027 ,  G06F9/455

Abstract: Systems, methods, and computer programs are disclosed for optimizing headless virtual memory management in a system on chip (SoC) with global translation lookaside buffer shootdown. The SoC comprises an application processor configured to execute a headful virtual machine and one or more SoC processing devices configured to execute a corresponding headless virtual machine. The method comprises issuing a virtual machine mapping command with a headless virtual machine having a first virtual machine identifier. In response to the virtual machine mapping command, a current value stored in a hardware register in the application processor is saved. The first virtual machine identifier associated with the headless virtual machine is loaded into the hardware register. A translation lookaside buffer (TLB) invalidate command is issued while the first virtual machine identifier is loaded in the hardware register. Upon completion of translation lookaside buffer synchronization, the current value is restored to the hardware register.