公开(公告)号：US20240176863A1

公开(公告)日：2024-05-30

申请号：US18514795

申请日：2023-11-20

Applicant: STMicroelectronics (Rousset) SAS ,  STMicroelectronics (Grand Quest) SAS ,  STMicroelectronics (Alps) SAS

Inventor： Fabrice Cheruel ,  Dragos Davidescu ,  Nicolas Anquet

IPC: G06F21/44 ,  G06F21/71

CPC classification number: G06F21/44 ,  G06F21/71

Abstract: The system-on-chip includes at least one microprocessor domain including a microprocessor and at least one resource; and a resource isolation system including a filtering circuit for each resource and configured to detect a security, privilege and compartmentalization access rights violation for the resource, by transactions arriving at the resource. The filtering circuit is configured, in the event of a violation of at least one access right to the resource by a transaction, to generate a first error signal representative of the violated access right to the resource, and a second error signal representative of at least one access right of this transaction.

公开(公告)号：US11928339B2

公开(公告)日：2024-03-12

申请号：US17825975

申请日：2022-05-26

Applicant: STMicroelectronics (Grand Ouest) SAS

Inventor： Frederic Ruelle ,  Michel Jaouen

IPC: G06F3/06

CPC classification number: G06F3/062 ,  G06F3/0604 ,  G06F3/064 ,  G06F3/0679

Abstract: System, method, and circuitry for generating content for a programmable computing device based on user-selected memory regions. Contiguous regions that share memory access attributes are merged, interleaved contiguous regions that share at least one nested attribute are defined into combined regions, and remaining regions are defined as separate independent regions. A memory protection unit (MPU) region size closest to a size of each defined region is identified. If the start address of each region aligns with the address structure of the MPU region size, then those regions are assigned to MPU regions having the MPU region size; otherwise, another MPU size that aligns with the size of the regions is selected and those regions are assigned to MPU regions having that size. Content is generated to configure settings of MPU regions of the programmable computing device for the merged contiguous regions, the combined region, and the independent regions.

公开(公告)号：US20230069651A1

公开(公告)日：2023-03-02

申请号：US17822272

申请日：2022-08-25

Applicant: STMicroelectronics (Grand Quest) SAS

Inventor： Franck Albesa

IPC: G06F21/57 ,  G06F9/30

Abstract: A method includes protecting a boot sequence of a processing device by incrementing a counting value generated by a monotonic counter, then a first time period after the beginning of the boot sequence, comparing, by the protection circuit, the counting value with a first reference value, and, if the counting value is smaller than the first reference value, changing, by the protection circuit, the counting value to the first reference value.

公开(公告)号：US11734415B2

公开(公告)日：2023-08-22

申请号：US16922120

申请日：2020-07-07

Applicant: STMicroelectronics (Grand Ouest) SAS

Inventor： Vincent Berthelot

IPC: G06F21/53 ,  G06F12/14 ,  G06F21/60 ,  G06F21/72

CPC classification number: G06F21/53 ,  G06F12/1408 ,  G06F12/1466 ,  G06F21/602 ,  G06F21/606 ,  G06F21/72

Abstract: An embodiment integrated circuit comprises a first memory zone having a first level of access rights that is configured to store at least one first software application containing encrypted instructions, means for verifying the integrity of the first software application, an encryption/decryption means, for example a first logic circuit, that is configured to decrypt the encrypted instructions which are considered to exhibit integrity, a processing unit that is configured to execute the decrypted instructions, the first logic circuit being further configured to encrypt the data generated by the execution operation and a second means, for example a second logic circuit, that is configured to store the encrypted data in a second memory zone having a second level of access rights that is identical to the first level of access rights.