Access control in a data processing apparatus

US 20050114616A1
Filed: 09/03/2004
Published: 05/26/2005
Est. Priority Date: 11/18/2002
Status: Active Grant

First Claim

Patent Images

1. A data processing apparatus operable to control access to a slave device, the slave device having an address range associated therewith, the apparatus comprising:

control storage programmable to define a partition identifying a secure region and a non-secure region in said address range, the data processing apparatus supporting a plurality of modes of operation including a secure mode, and the control storage being programmable only by software executing in said secure mode;

a master device operable to issue an access request onto a bus, the access request identifying a sequence of addresses within said address range and including a control signal indicating whether the access request is a secure access request or a non-secure access request, the secure region only being accessible by a secure access request; and

access control logic associated with the slave device, the access control logic being operable to receive the access request from the bus and an indication of the partition from the control storage and, if the access request is a non-secure access request, to prevent access to the secure region.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data processing apparatus and method are provided for controlling access to a slave device, the slave device having an address range associated therewith. The apparatus comprises control storage programmable to define a partition identifying a secure region and a non-secure region in the address range, with the data processing apparatus supporting a plurality of modes of operation including a secure mode, and the control storage being programmable only by software executing in the secure mode. A master device is arranged to issue an access request onto a bus, the access request identifying a sequence of addresses within the address range and including a control signal indicating whether the access request is a secure access request or a non-secure access request. The secure region is only accessible by a secure access request. Further, access control logic is provided which is associated with the slave device, the access control logic being operable to receive the access request from the bus and an indication of the partition from the control storage and, if the access request is a non-secure access request, to prevent access to the secure region.

Citations

31 Claims

1. A data processing apparatus operable to control access to a slave device, the slave device having an address range associated therewith, the apparatus comprising:
- control storage programmable to define a partition identifying a secure region and a non-secure region in said address range, the data processing apparatus supporting a plurality of modes of operation including a secure mode, and the control storage being programmable only by software executing in said secure mode;
  
  a master device operable to issue an access request onto a bus, the access request identifying a sequence of addresses within said address range and including a control signal indicating whether the access request is a secure access request or a non-secure access request, the secure region only being accessible by a secure access request; and
  
  access control logic associated with the slave device, the access control logic being operable to receive the access request from the bus and an indication of the partition from the control storage and, if the access request is a non-secure access request, to prevent access to the secure region.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. A data processing apparatus as claimed in claim 1, wherein the address range has a base address associated therewith and the control storage contains an offset value that identifies relative to the base address a boundary forming the partition between the secure region and the non-secure region.
  - 3. A data processing apparatus as claimed in claim 1, wherein the data processing apparatus has a secure domain and a non-secure domain, in the secure domain the data processing apparatus having access to secure data which is not accessible in the non-secure domain, the secure region containing said secure data.
  - 4. A data processing apparatus as claimed in claim 3, wherein the control signal included within the access request is a domain signal identifying whether the access request pertains to said secure domain or said non-secure domain.
  - 5. A data processing apparatus as claimed in claim 1, wherein the master device is operable in said plurality of modes and a plurality of domains, said plurality of domains comprising a secure domain and a non-secure domain, said plurality of modes including at least one non-secure mode being a mode in the non-secure domain and at least one secure mode being a mode in the secure domain, said master device being operable such that when executing a program in a secure mode said program has access to secure data which is not accessible when said master device is operating in a non-secure mode, the secure region containing said secure data.
  - 6. A data processing apparatus as claimed in claim 5, wherein when operating in said at least one secure mode, the access request issued by the master device is said secure access request, and when operating in said at least one non-secure mode, the access request issued by the master device is said non-secure access request.
  - 7. A data processing apparatus as claimed in claim 1, wherein the access control logic comprises determination logic operable to determine having regard to the indication of the partition whether the sequence of addresses identified by the access request at least partly lies within the secure region, and if so to check that the control signal included within the access request indicates that the access request is a secure access request.
  - 8. A data processing apparatus as claimed in claim 7, wherein the address range comprises a plurality of blocks of a predetermined size, the partition is located at a boundary between two adjacent blocks of said plurality of blocks, and the sequence of addresses identified by the access request are required to be within one of said blocks, the determination logic being operable to determine whether a first address of said sequence is within the secure region or the non-secure region.
  - 9. A data processing apparatus as claimed in claim 7, wherein the address range exceeds the physical size of storage within the slave device, the determination logic being further operable to determine whether the sequence of addresses at least partly exceeds the physical size, and if so to prevent the slave device being accessed.
  - 10. A data processing apparatus as claimed in claim 7, wherein the access request includes a valid signal which is asserted by the master device when the access request is issued, the access control logic comprising valid signal propagation logic operable to receive the valid signal and to generate a replacement valid signal for routing to the slave device, the valid signal propagation logic being operable to de-assert the replacement valid signal in the event that the determination logic determines that a non-secure access request is attempting to access the secure region.
  - 11. A data processing apparatus as claimed in claim 7, wherein the access control logic is operable in the event of a non-secure access request specifying a write operation to prevent the write data of the access request being provided to the slave device if the determination logic determines that that non-secure access request is attempting to access the secure region.
  - 12. A data processing apparatus as claimed in claim 7, wherein the access control logic is operable in the event of a non-secure access request specifying a read operation to cause a default read response to be returned to the master device if the determination logic determines that that non-secure access request is attempting to access the secure region.
  - 13. A data processing apparatus as claimed in claim 1, wherein the slave device is a memory.
  - 14. A data processing apparatus as claimed in claim 13, further comprising a memory interface operable to access said memory, the access control logic being coupled between the bus and the memory interface.
  - 15. A data processing apparatus as claimed in claim 1, wherein the data processing apparatus is a System-on-Chip, and further comprises an on-chip memory forming said slave device.

16. Slave device control logic for use in a data processing apparatus to control access to a slave device, the slave device having an address range associated therewith, the slave device control logic comprising:
- control storage programmable to define a partition identifying a secure region and a non-secure region in said address range, the data processing apparatus supporting a plurality of modes of operation including a secure mode, and the control storage being programmable only by software executing in said secure mode; and
  
  access control logic associated with the slave device, the access control logic being operable to receive an access request from a bus and an indication of the partition from the control storage and, if the access request is a non-secure access request, to prevent access to the secure region.

17. A method of operating a data processing apparatus to control access to a slave device, the slave device having an address range associated therewith, the method comprising the steps of:
- (a) programming within a control storage a partition identifying a secure region and a non-secure region in said address range, the data processing apparatus supporting a plurality of modes of operation including a secure mode, and the control storage being programmable only by software executing in said secure mode;
  
  (b) issuing from a master device an access request onto a bus, the access request identifying a sequence of addresses within said address range and including a control signal indicating whether the access request is a secure access request or a non-secure access request, the secure region only being accessible by a secure access request; and
  
  (c) employing access control logic associated with the slave device to receive the access request from the bus and an indication of the partition from the control storage and, if the access request is a non-secure access request, to prevent access to the secure region.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 18. A method as claimed in claim 17, wherein the address range has a base address associated therewith and the programming step comprises programming an offset value into the control storage that identifies relative to the base address a boundary forming the partition between the secure region and the non-secure region.
  - 19. A method as claimed in claim 17, wherein the data processing apparatus has a secure domain and a non-secure domain, in the secure domain the data processing apparatus having access to secure data which is not accessible in the non-secure domain, the secure region containing said secure data.
  - 20. A method as claimed in claim 19, wherein the control signal included within the access request is a domain signal identifying whether the access request pertains to said secure domain or said non-secure domain.
  - 21. A method as claimed in claim 17, wherein the master device is operable in said plurality of modes and a plurality of domains, said plurality of domains comprising a secure domain and a non-secure domain, said plurality of modes including at least one non-secure mode being a mode in the non-secure domain and at least one secure mode being a mode in the secure domain, said master device being operable such that when executing a program in a secure mode said program has access to secure data which is not accessible when said master device is operating in a non-secure mode, the secure region containing said secure data.
  - 22. A method as claimed in claim 21, wherein when operating in said at least one secure mode, the access request issued by the master device is said secure access request, and when operating in said at least one non-secure mode, the access request issued by the master device is said non-secure access request.
  - 23. A method as claimed in claim 17, wherein said step (c) comprises the steps of:
    - determining having regard to the indication of the partition whether the sequence of addresses identified by the access request at least partly lies within the secure region, and if so checking that the control signal included within the access request indicates that the access request is a secure access request.
  - 24. A method as claimed in claim 23, wherein the address range comprises a plurality of blocks of a predetermined size, the partition is located at a boundary between two adjacent blocks of said plurality of blocks, and the sequence of addresses identified by the access request are required to be within one of said blocks, said determining step comprising determining whether a first address of said sequence is within the secure region or the non-secure region.
  - 25. A method as claimed in claim 23, wherein the address range exceeds the physical size of storage within the slave device, the method further comprising the steps of:
    - determining whether the sequence of addresses at least partly exceeds the physical size, and if so preventing the slave device being accessed.
  - 26. A method as claimed in claim 23, wherein the access request includes a valid signal which is asserted by the master device when the access request is issued, said step (c) further comprising the steps of:
    - receiving the valid signal;
      
      generating a replacement valid signal for routing to the slave device; and
      
      de-asserting the replacement valid signal in the event that said determining step determines that a non-secure access request is attempting to access the secure region.
  - 27. A method as claimed in claim 23, wherein in the event of a non-secure access request specifying a write operation, the method further comprises the step of preventing the write data of the access request being provided to the slave device if the determination step determines that that non-secure access request is attempting to access the secure region.
  - 28. A method as claimed in claim 23, wherein in the event of a non-secure access request specifying a read operation, the method further comprises the step of causing a default read response to be returned to the master device if the determination step determines that that non-secure access request is attempting to access the secure region.
  - 29. A method as claimed in claim 17, wherein the slave device is a memory.
  - 30. A method as claimed in claim 29, further comprising the step of employing a memory interface to access said memory, the access control logic being coupled between the bus and the memory interface.
  - 31. A method as claimed in claim 17, wherein the data processing apparatus is a System-on-Chip having an on-chip memory forming said slave device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Arm Ltd. (United Kingdom) (SoftBank Group Corp.)
Original Assignee
Arm Ltd. (United Kingdom) (SoftBank Group Corp.)
Inventors
Tune, Andrew David, Mansell, David Hennah, Watt, Simon Charles, Belnet, Lionel, Aldworth, Peter James

Granted Patent

US 7,149,862 B2
Time in Patent Office

Days
Field of Search
US Class Current

711/163
CPC Class Codes

G06F 12/1441 for a range

Access control in a data processing apparatus

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Access control in a data processing apparatus

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links