公开(公告)号：US20250053318A1

公开(公告)日：2025-02-13

申请号：US18932199

申请日：2024-10-30

Applicant: STMicroelectronics (Grand Ouest) SAS

Inventor： Loic Pallardy ,  Michel Jaouen

IPC: G06F3/06

Abstract: In embodiments, a system includes a first and a second processing unit, a memory, and a firewall device. The first processing unit operates in a secure mode and generates memory access requests having a secure level. The second processing unit operates in a non-secure mode and generates memory access requests having a non-secure level. The memory includes a first memory area that can be shared between the first and second processing units. The firewall device includes a first firewall circuit with a first configuration authorizing access to the first memory area in the presence of a secure or non-secure level access request. The firewall circuit includes a second configuration prohibiting access to the first memory area in the presence of a secure level access request and authorizing access to the first memory area only in the presence of a non-secure level access request.

公开(公告)号：US20230015027A1

公开(公告)日：2023-01-19

申请号：US17812883

申请日：2022-07-15

Applicant: STMicroelectronics (Grand Ouest) SAS

Inventor： Michel Jaouen ,  Loic Pallardy

IPC: G06F21/62 ,  G06F12/0802

Abstract: In an embodiment a method for managing access rights of software tasks executed by a processing unit (CPU) using a cache memory containing execution data of the tasks in memory locations, each execution data having an attribute representative of a level of access right of the respective task, includes changing the attributes of the locations of the cache memory when the access rights of at least one task changes and retaining the execution data contained in the locations of the cache memory.

公开(公告)号：US11893370B2

公开(公告)日：2024-02-06

申请号：US17451394

申请日：2021-10-19

Applicant: STMicroelectronics (Grand Ouest) SAS

Inventor： Michel Jaouen ,  Stephane Le Roy ,  Moise Gergaud

IPC: G06F8/41 ,  G06F21/54 ,  G06F21/55

CPC classification number: G06F8/44 ,  G06F21/54 ,  G06F21/55 ,  G06F2221/033

Abstract: According to one aspect, a method for compiling by a compilation tool a source code into a computer-executable code comprises receiving the source code as input of the compilation tool, translating the source code into an object code comprising machine instructions executable by a processor, then introducing, between machine instructions of the object code, additional instructions selected from illegal instructions and no-operation instructions so as to obtain the executable code, then delivering the executable code as output of the compilation tool.

公开(公告)号：US12242393B2

公开(公告)日：2025-03-04

申请号：US17010072

申请日：2020-09-02

Applicant: STMicroelectronics (Grand Ouest) SAS

Inventor： Michel Jaouen

IPC: G06F12/00 ,  G06F12/14 ,  G06F13/00 ,  G06F21/62 ,  G06F21/78

Abstract: An embodiment system for protecting a memory comprises security software configured to determine, from an exception generated during an unauthorized action attempt in the memory, whether the security software can perform the action.

公开(公告)号：US12159043B2

公开(公告)日：2024-12-03

申请号：US17989389

申请日：2022-11-17

Applicant: STMicroelectronics (Grand Ouest) SAS

Inventor： Loic Pallardy ,  Michel Jaouen

IPC: G06F3/06

Abstract: In embodiments, a system includes a first and a second processing unit, a memory, and a firewall device. The first processing unit operates in a secure mode and generates memory access requests having a secure level. The second processing unit operates in a non-secure mode and generates memory access requests having a non-secure level. The memory includes a first memory area that can be shared between the first and second processing units. The firewall device includes a first firewall circuit with a first configuration authorizing access to the first memory area in the presence of a secure or non-secure level access request. The firewall circuit includes a second configuration prohibiting access to the first memory area in the presence of a secure level access request and authorizing access to the first memory area only in the presence of a non-secure level access request.

公开(公告)号：US11928339B2

公开(公告)日：2024-03-12

申请号：US17825975

申请日：2022-05-26

Applicant: STMicroelectronics (Grand Ouest) SAS

Inventor： Frederic Ruelle ,  Michel Jaouen

IPC: G06F3/06

CPC classification number: G06F3/062 ,  G06F3/0604 ,  G06F3/064 ,  G06F3/0679

Abstract: System, method, and circuitry for generating content for a programmable computing device based on user-selected memory regions. Contiguous regions that share memory access attributes are merged, interleaved contiguous regions that share at least one nested attribute are defined into combined regions, and remaining regions are defined as separate independent regions. A memory protection unit (MPU) region size closest to a size of each defined region is identified. If the start address of each region aligns with the address structure of the MPU region size, then those regions are assigned to MPU regions having the MPU region size; otherwise, another MPU size that aligns with the size of the regions is selected and those regions are assigned to MPU regions having that size. Content is generated to configure settings of MPU regions of the programmable computing device for the merged contiguous regions, the combined region, and the independent regions.

公开(公告)号：US12061888B2

公开(公告)日：2024-08-13

申请号：US17882292

申请日：2022-08-05

Applicant: STMicroelectronics (Grand Ouest) SAS

Inventor： Michel Jaouen ,  Gilles Trottier

IPC: G06F8/60 ,  G06F9/445 ,  G06F21/52

CPC classification number: G06F8/60 ,  G06F9/445 ,  G06F21/52

Abstract: A method can be used for verifying an execution of a compiled software program stored in a program memory of a processor and executed by the processor. A write operation includes assigning a destination address in a register of the processor and writing a datum at a location pointed to by the destination address contained in the register. A verification operation includes reassigning the same destination address in the same register, reading the datum contained at the location pointed to by the destination address contained in the register after the reassignment, and comparing the read datum and the written datum.

公开(公告)号：US20230161486A1

公开(公告)日：2023-05-25

申请号：US18058613

申请日：2022-11-23

Applicant: STMicroelectronics (Grand Ouest)SAS

Inventor： Loic Pallardy ,  Michel Jaouen

IPC: G06F3/06

CPC classification number: G06F3/0622 ,  G06F3/0637 ,  G06F3/0673

Abstract: In accordance with an embodiment, a method for managing a memory within a system-on-a-chip including a processor, a memory and a firewall device, includes: generating, by the processor, a request to access the memory, where the request has a access permission level; controlling, by the firewall device, access to the at least one memory region of the memory as a function of the access permission level of the request and a respective access permission level associated with at least one memory region; and erasing, by the firewall device, the at least one memory regions when its respective access permission level is modified, where erasing comprises performing a hardware-implemented erasure.

公开(公告)号：US20230161484A1

公开(公告)日：2023-05-25

申请号：US17989389

申请日：2022-11-17

Applicant: STMicroelectronics (Grand Ouest) SAS

Inventor： Loic Pallardy ,  Michel Jaouen

IPC: G06F3/06

CPC classification number: G06F3/0622 ,  G06F3/0655 ,  G06F3/0673

Abstract: In embodiments, a system includes a first and a second processing unit, a memory, and a firewall device. The first processing unit operates in a secure mode and generates memory access requests having a secure level. The second processing unit operates in a non-secure mode and generates memory access requests having a non-secure level. The memory includes a first memory area that can be shared between the first and second processing units. The firewall device includes a first firewall circuit with a first configuration authorizing access to the first memory area in the presence of a secure or non-secure level access request. The firewall circuit includes a second configuration prohibiting access to the first memory area in the presence of a secure level access request and authorizing access to the first memory area only in the presence of a non-secure level access request.

公开(公告)号：US12175095B2

公开(公告)日：2024-12-24

申请号：US18424549

申请日：2024-01-26

Applicant: STMicroelectronics (Grand Ouest) SAS

Inventor： Frederic Ruelle ,  Michel Jaouen

IPC: G06F3/06

Abstract: System, method, and circuitry for generating content for a programmable computing device based on user-selected memory regions. Contiguous regions that share memory access attributes are merged, interleaved contiguous regions that share at least one nested attribute are defined into combined regions, and remaining regions are defined as separate independent regions. A memory protection unit (MPU) region size closest to a size of each defined region is identified. If the start address of each region aligns with the address structure of the MPU region size, then those regions are assigned to MPU regions having the MPU region size; otherwise, another MPU size that aligns with the size of the regions is selected and those regions are assigned to MPU regions having that size. Content is generated to configure settings of MPU regions of the programmable computing device for the merged contiguous regions, the combined region, and the independent regions.