APPARATUS AND METHOD FOR PERFORMING INTEGRITY CHECKS ON SOFWARE
First Claim
1. A data processing apparatus comprising:
- a processing unit operable to execute program code;
debug logic for use when debugging the program code executed by the processing unit;
trusted logic operable to perform trusted integrity checking operations on less-trusted program code executed by the processing unit;
the debug logic having an interface via which one or more control registers associated with the debug logic are programmable by the trusted logic, the interface not being accessible by the less-trusted program code;
the trusted logic being operable to program the one or more control registers to cause the debug logic to be re-used to detect one or more activities of the processing logic during execution of said less-trusted program code;
the trusted integrity checking operations performed by the trusted logic being influenced by the activities detected by the debug logic.
1 Assignment
0 Petitions
Accused Products
Abstract
An apparatus and method are provided for performing integrity checking of software code executing on a processing unit of the apparatus. The apparatus further includes debug logic used when debugging program code executed by the processing unit, and trusted logic for performing trusted integrity checking operations on less-trusted program code executed by the processing unit. The debug logic has an interface via which the trusted logic can program one or more control registers, that interface not being accessible by the less-trusted program code. The trusted logic programs the control registers so as to cause the debug logic to be re-used to detect one or more activities of the processing logic during execution of the less-trusted program code, and the trusted integrity checking operations performed by the trusted logic are influenced by the activities detected by the debug logic. Such an approach has been found to provide an efficient and secure technique for performing run-time integrity checking of program code.
36 Citations
23 Claims
-
1. A data processing apparatus comprising:
-
a processing unit operable to execute program code; debug logic for use when debugging the program code executed by the processing unit; trusted logic operable to perform trusted integrity checking operations on less-trusted program code executed by the processing unit; the debug logic having an interface via which one or more control registers associated with the debug logic are programmable by the trusted logic, the interface not being accessible by the less-trusted program code; the trusted logic being operable to program the one or more control registers to cause the debug logic to be re-used to detect one or more activities of the processing logic during execution of said less-trusted program code; the trusted integrity checking operations performed by the trusted logic being influenced by the activities detected by the debug logic. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A data processing apparatus comprising:
-
processing means for executing program code; debug means for use when debugging the program code executed by the processing means; trusted means for performing trusted integrity checking operations on less-trusted program code executed by the processing means; the debug means having interface means via which one or more control register means associated with the debug means are programmable by the trusted means, the interface means not being accessible by the less-trusted program code; the trusted means programming the one or more control register means to cause the debug means to be re-used to detect one or more activities of the processing means during execution of said less-trusted program code; the trusted integrity checking operations performed by the trusted means being influenced by the activities detected by the debug means.
-
-
23. A method of operating a data processing apparatus to perform integrity checking operations, the data processing apparatus having a processing unit for executing program code, and debug logic for use when debugging the program code executed by the processing unit, the method comprising the steps of:
-
employing trusted logic to perform trusted integrity checking operations on less-trusted program code executed by the processing unit; programming one or more control registers of the debug logic via an interface which is not accessible by the less-trusted program code, said programming causing the debug logic to be re-used to detect one or more activities of the processing logic during execution of said less-trusted program code; and performing the trusted integrity checking operations dependent on the activities detected by the debug logic.
-
Specification