利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

39 条记录 (耗时 0.046 秒)

    Control of access to a memory by a device
    1.
    发明授权
    Control of access to a memory by a device 有权
    控制设备对存储器的访问

    公开(公告)号:US07305534B2

    公开(公告)日:2007-12-04

    申请号:US10714561

    申请日:2003-11-17

    申请人: Simon Charles Watt Lionel Belnet David Hennah Mansell Nicolas Chaussade Peter Guy Middleton

    发明人: Simon Charles Watt Lionel Belnet David Hennah Mansell Nicolas Chaussade Peter Guy Middleton

    IPC分类号: G06F12/00

    CPC分类号: G06F12/1491 G06F21/6218 G06F21/71 G06F21/74 G06F21/79 G06F21/85 G06F2221/2105 G06F2221/2141 G06F2221/2149

    摘要: The present invention provides a data processing apparatus and method for controlling access to a memory. The data processing apparatus has a secure domain and a non-secure domain, in the secure domain the data processing apparatus having access to secure data which is not accessible in the non-secure domain. The data processing apparatus comprises a device coupled to a memory via a device bus, and operable, when an item of data in the memory is required by the device, to issue onto the device bus a memory access request pertaining to either the secure domain or the non-secure domain. The memory is operable to store data required by the device, and contains secure memory for storing secure data and non-secure memory for storing non-secure data. In accordance with the present invention, the data processing apparatus further comprises partition checking logic coupled to the device bus and operable whenever the memory access request as issued by the device pertains to the non-secure domain, to detect if the memory access request is seeking to access the secure memory and upon such detection to prevent the access specified by that memory request. This approach significantly improves the security of data contained within a secure portion of memory.

    摘要翻译: 本发明提供一种用于控制对存储器的访问的数据处理装置和方法。 数据处理装置具有安全域和非安全域,在安全域中,数据处理装置具有对非安全域中不可访问的安全数据的访问。 数据处理装置包括经由设备总线耦合到存储器的设备,并且当设备需要存储器中的数据项时,可以向设备总线发出存储器访问请求,该存储器访问请求涉及安全域或 非安全域。 存储器可操作以存储设备所需的数据,并且包含用于存储安全数据的安全存储器和用于存储非安全数据的非安全存储器。 根据本发明,数据处理装置还包括耦合到设备总线的分区检查逻辑,每当由设备发布的存储器访问请求与非安全域相关时,可操作,以检测存储器访问请求是否正在寻找 以访问安全存储器并且在这种检测时防止由该存储器请求指定的访问。 这种方法显着提高了包含在存储器安全部分内的数据的安全性。

    Vectored interrupt control within a system having a secure domain and a non-secure domain
    6.
    发明授权
    Vectored interrupt control within a system having a secure domain and a non-secure domain 有权
    具有安全域和非安全域的系统内的向量中断控制

    公开(公告)号:US07117284B2

    公开(公告)日:2006-10-03

    申请号:US10714562

    申请日:2003-11-17

    申请人: Simon Charles Watt Christopher Bentley Dornan Luc Orion Nicolas Chaussade Lionel Belnet Stephane Eric Sebastien Brochier David Hennah Mansell Jonathan Sean Callan

    发明人: Simon Charles Watt Christopher Bentley Dornan Luc Orion Nicolas Chaussade Lionel Belnet Stephane Eric Sebastien Brochier David Hennah Mansell Jonathan Sean Callan

    IPC分类号: G06F13/24

    CPC分类号: G06F9/4812

    摘要: A data processing apparatus is operable in a plurality of modes and in either a secure domain or a non-secure domain. When operating in a secure mode within the secure domain a program has access to secure data which is not accessible when the processor is operating in a non-secure mode. A vectored interrupt controller is provided to generate an exception handler address in response to an occurrence of an except condition. The vectored interrupt controller is programmable with parameters specifying for each exception condition whether an exception handler in the secure or the non-secure domain should be triggered and an exception handler address for use if the exception occurs when in the appropriate domain. The vectored interrupt controller also includes a parameter specifying a domain switching exception handler address for use if the exception condition occurs when the processor is not in the appropriate domain.

    摘要翻译: 数据处理装置可以以多种模式操作,也可以在安全域或非安全域中操作。 当在安全域内以安全模式操作时,程序可以访问当处理器以非安全模式操作时无法访问的安全数据。 提供向量中断控制器以响应于发生除了条件而产生异常处理程序地址。 向量中断控制器是可编程的,参数指定每个异常情况是否应触发安全或非安全域中的异常处理程序,如果在适当的域中发生异常,则使用异常处理程序地址。 向量中断控制器还包括指定域切换异常处理程序地址的参数,以便在处理器不在适当域中时发生异常情况时使用。

    Apparatus and method for managing access to a memory
    7.
    发明授权
    Apparatus and method for managing access to a memory 有权

    公开(公告)号:US07487367B2

    公开(公告)日:2009-02-03

    申请号:US10714521

    申请日:2003-11-17

    申请人: Lionel Belnet Nicolas Chaussade Simon Charles Watt Peter Guy Middleton

    发明人: Lionel Belnet Nicolas Chaussade Simon Charles Watt Peter Guy Middleton

    IPC分类号: H04L9/06 G06F12/00

    CPC分类号: G06F12/1491

    摘要: The present invention provides a data processing apparatus and method for managing access to a memory within the data processing apparatus. The data processing apparatus comprises a processor operable in a plurality of modes and a plurality of domains, said plurality of domains comprising a secure domain and a non-secure domain, said plurality of modes including at least one non-secure mode being a mode in the non-secure domain and at least one secure mode being a mode in the secure domain, said processor being operable such that when executing a program in a secure mode said program has access to secure data which is not accessible when said processor is operating in a non-secure mode. Further, a memory is provided for storing data required by the processor, and consists of secure memory for storing secure data and non-secure memory for storing non-secure data. The memory further contains a non-secure table and a secure table, the non-secure table being within the non-secure memory and arranged to contain for each of a number of first memory regions an associated descriptor, and the secure table being within the secure memory and arranged to contain for each of a number of second memory regions an associated descriptor. When access to an item of data in the memory is required by the processor, the processor issues a memory access request, and a memory management unit is provided to perform one or more predetermined access control functions to control issuance of the memory access request to the memory. The memory management unit comprises an internal storage unit operable to store descriptors retrieved by the memory management unit from either the non-secure table or the secure table, and in accordance with the present invention the internal storage unit comprises a flag associated with each descriptor stored within the internal storage unit to identify whether that descriptor is from the non-secure table or the secure table. By this approach, when the processor is operating in a non-secure mode, the memory management unit is operable to perform the predetermined access control functions for the memory access request with reference to access control information derived from the descriptors in the internal storage unit retrieved from the non-secure table. In contrast, when the processor is operating in a secure mode, the memory management unit is operable to perform the predetermined access control functions for the memory access request with reference to access control information derived from the descriptors in the internal storage unit retrieved from the secure table. This approach enables different descriptors to be used for the control of accesses to memory in either the secure domain or the non-secure domain, whilst enabling such different descriptors to co-exist within the memory management unit's internal storage unit, thereby avoiding the requirement to flush the contents of such an internal storage unit when the operation of the processor changes from the secure domain to the non-secure domain, or vice versa.

    Exception types within a secure processing system
    10.
    发明授权
    Exception types within a secure processing system 有权
    安全处理系统中的异常类型

    公开(公告)号:US07949866B2

    公开(公告)日:2011-05-24

    申请号:US12382647

    申请日:2009-03-20

    申请人: Simon Charles Watt Christopher Bentley Dornan Luc Orion Nicolas Chaussade Lionel Belnet Stephane Eric Sebastien Brochier

    发明人: Simon Charles Watt Christopher Bentley Dornan Luc Orion Nicolas Chaussade Lionel Belnet Stephane Eric Sebastien Brochier

    IPC分类号: G06F1/24

    CPC分类号: G06F21/74 G06F9/4812 G06F2209/481

    摘要: An apparatus for processing data includes a processor operable in a plurality modes including at least one secure mode being a mode in a secure domain and at least one non-secure mode being a mode in a non-secure domain. When the processor is executing a program in a secure mode the program has access to secure data which is not accessible when the processor is operating in a non-secure mode. The processor is responsive to one or more exception conditions for triggering exception processing using an exception handler. The processor is operable to select the exception handler from among a plurality of possible exception handlers in dependence upon whether the processor is operating in the secure domain or the non-secure domain.

    摘要翻译: 一种用于处理数据的装置包括可以以多种模式操作的处理器,包括至少一种安全模式,即安全域中的模式,以及至少一种非安全模式是非安全域中的模式。 当处理器以安全模式执行程序时,程序可以访问当处理器以非安全模式运行时无法访问的安全数据。 处理器响应于一个或多个异常条件,以使用异常处理程序触发异常处理。 处理器可操作以依赖于处理器是否在安全域或非安全域中操作从多个可能的异常处理程序中选择异常处理程序。