Controlling access to multiple memory zones in an isolated execution environment
First Claim
1. An apparatus comprising:
- a configuration storage storing configuration settings to configure an access transaction generated by a processor having a normal execution mode and an isolated execution mode, the configuration settings including a plurality of subsystem memory range settings, the access transaction including access information; and
a multi-memory zone access checking circuit coupled to the configuration storage to check the access transaction using at least one of the configuration settings and the access information, the multi-memory zone access checking circuit generating an access grant signal if the access transaction is valid.
0 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides a method, apparatus, and system for controlling memory accesses to multiple memory zones in an isolated execution environment. A processor having a normal execution mode and an isolated execution mode generates an access transaction. The access transaction is configured using a configuration storage that stores configuration settings. The configuration settings include a plurality of subsystem memory range settings defining memory zones. The access transaction also includes access information. A multi-memory zone access checking circuit, coupled to the configuration storage, checks the access transaction using at least one of the configuration settings and the access information. The multi-memory zone access checking circuit generates an access grant signal if the access transaction is valid.
113 Citations
36 Claims
-
1. An apparatus comprising:
-
a configuration storage storing configuration settings to configure an access transaction generated by a processor having a normal execution mode and an isolated execution mode, the configuration settings including a plurality of subsystem memory range settings, the access transaction including access information; and
a multi-memory zone access checking circuit coupled to the configuration storage to check the access transaction using at least one of the configuration settings and the access information, the multi-memory zone access checking circuit generating an access grant signal if the access transaction is valid. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method comprising:
-
configuring an access transaction generated by a processor having a normal execution mode and an isolated execution mode using a configuration storage storing configuration settings, the configuration settings including a plurality of subsystem memory range settings, the access transaction including access information;
checking the access transaction by a multi-memory zone access checking circuit using at least one of the configuration settings and the access information; and
generating an access grant signal if the access transaction is valid. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer program product comprising:
a machine readable medium having computer program code therein, the computer program product comprising;
computer readable program code for configuring an access transaction generated by a processor having a normal execution mode and an isolated execution mode using a configuration storage storing configuration settings, the configuration settings including a plurality of subsystem memory range settings, the access transaction including access information;
computer readable program code for checking the access transaction by a multi-memory zone access checking circuit using at least one of the configuration settings and the access information; and
computer readable program code for generating an access grant signal if the access transaction is valid. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
-
28. A system comprising:
-
a chipset;
a memory coupled to the chipset having an isolated memory area;
a processor coupled to the chipset and the memory having an access manager, the processor having a normal execution mode and an isolate execution mode, the processor generating an access transaction having access information, the access manager comprising;
a configuration storage storing configuration settings to configure an access transaction generated by the processor, the configuration settings including a plurality of subsystem memory range settings; and
a multi-memory zone access checking circuit coupled to the configuration storage to check the access transaction using at least one of the configuration settings and the access information, the multi-memory zone access checking circuit generating an access grant signal if the access transaction is valid. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36)
-
Specification