Page granular curtained memory via mapping control
First Claim
Patent Images
1. A method of restricting access to memory, the method comprising:
- storing data in a memory location;
determining whether the data is trusted or non-trusted data; and
mapping the memory location with at least one page map page stored in a non-trusted memory section only when the data is non-trusted data.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods of providing and limiting access to trusted memory are provided. Trusted memory pages are not mapped with page map pages. When a central processor is operated in a page-mapping mode, access to the trusted memory is limited. In particular, without mapping information, software and hardware modules cannot access and modify the contents of trusted memory sections.
78 Citations
23 Claims
-
1. A method of restricting access to memory, the method comprising:
-
storing data in a memory location;
determining whether the data is trusted or non-trusted data; and
mapping the memory location with at least one page map page stored in a non-trusted memory section only when the data is non-trusted data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-readable medium contain computer-executable instructions for causing a computer device to perform the steps comprising:
-
storing data in a memory location;
determining whether the data is trusted or non-trusted data; and
mapping the memory location with at least one page map page stored in a non-trusted memory section only when the data is non-trusted data. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A device for restricting direct memory access to a first memory, the device coupled to a central processing unit and comprising:
-
a second memory containing a direct memory access exclusion vector containing access values that identify physical memory pages that do not allow direct memory access;
a restriction module coupled to the central processing unit, the first memory and the second memory, the restriction module configured to perform the steps comprising;
receiving an identification of a physical memory page in the first memory;
comparing the identification to an access value for the physical memory page in the direct memory access exclusion vector; and
allowing direct memory access to the physical memory page only when the access value allows direct memory access. - View Dependent Claims (19, 20, 21, 23)
-
-
22. A computer device configured to limit access to memory, the computer device comprising:
-
a central processor unit configured to operate in a trusted mode and a non-trusted mode;
a first memory containing physical memory pages;
a second memory containing at least one non-trusted page map page that only maps the physical memory pages that are identified as non-trusted.
-
Specification