Access control in a data processing apparatus
First Claim
1. A data processing apparatus operable to control access to a slave device, the slave device having an address range associated therewith, the apparatus comprising:
- control storage programmable to define a partition identifying a secure region and a non-secure region in said address range, the data processing apparatus supporting a plurality of modes of operation including a secure mode, and the control storage being programmable only by software executing in said secure mode;
a master device operable to issue an access request onto a bus, the access request identifying a sequence of addresses within said address range and including a control signal indicating whether the access request is a secure access request or a non-secure access request, the secure region only being accessible by a secure access request; and
access control logic associated with the slave device, the access control logic being operable to receive the access request from the bus and an indication of the partition from the control storage and, if the access request is a non-secure access request, to prevent access to the secure region.
1 Assignment
0 Petitions
Accused Products
Abstract
A data processing apparatus and method are provided for controlling access to a slave device, the slave device having an address range associated therewith. The apparatus comprises control storage programmable to define a partition identifying a secure region and a non-secure region in the address range, with the data processing apparatus supporting a plurality of modes of operation including a secure mode, and the control storage being programmable only by software executing in the secure mode. A master device is arranged to issue an access request onto a bus, the access request identifying a sequence of addresses within the address range and including a control signal indicating whether the access request is a secure access request or a non-secure access request. The secure region is only accessible by a secure access request. Further, access control logic is provided which is associated with the slave device, the access control logic being operable to receive the access request from the bus and an indication of the partition from the control storage and, if the access request is a non-secure access request, to prevent access to the secure region.
-
Citations
31 Claims
-
1. A data processing apparatus operable to control access to a slave device, the slave device having an address range associated therewith, the apparatus comprising:
-
control storage programmable to define a partition identifying a secure region and a non-secure region in said address range, the data processing apparatus supporting a plurality of modes of operation including a secure mode, and the control storage being programmable only by software executing in said secure mode;
a master device operable to issue an access request onto a bus, the access request identifying a sequence of addresses within said address range and including a control signal indicating whether the access request is a secure access request or a non-secure access request, the secure region only being accessible by a secure access request; and
access control logic associated with the slave device, the access control logic being operable to receive the access request from the bus and an indication of the partition from the control storage and, if the access request is a non-secure access request, to prevent access to the secure region. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. Slave device control logic for use in a data processing apparatus to control access to a slave device, the slave device having an address range associated therewith, the slave device control logic comprising:
-
control storage programmable to define a partition identifying a secure region and a non-secure region in said address range, the data processing apparatus supporting a plurality of modes of operation including a secure mode, and the control storage being programmable only by software executing in said secure mode; and
access control logic associated with the slave device, the access control logic being operable to receive an access request from a bus and an indication of the partition from the control storage and, if the access request is a non-secure access request, to prevent access to the secure region.
-
-
17. A method of operating a data processing apparatus to control access to a slave device, the slave device having an address range associated therewith, the method comprising the steps of:
-
(a) programming within a control storage a partition identifying a secure region and a non-secure region in said address range, the data processing apparatus supporting a plurality of modes of operation including a secure mode, and the control storage being programmable only by software executing in said secure mode;
(b) issuing from a master device an access request onto a bus, the access request identifying a sequence of addresses within said address range and including a control signal indicating whether the access request is a secure access request or a non-secure access request, the secure region only being accessible by a secure access request; and
(c) employing access control logic associated with the slave device to receive the access request from the bus and an indication of the partition from the control storage and, if the access request is a non-secure access request, to prevent access to the secure region. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
-
Specification