Secure Processing Unit Systems and Methods
First Claim
1. A secure processing unit comprising:
- a memory unit;
a processor comprising a memory management unit and a plurality of security registers, the memory management unit storing a level-one page table, the level-one page table including a plurality of level-one page table entries, wherein the level-one page table entries each correspond to at least one level-two page table, and wherein the level-one page table entries each contain a predefined attribute, the predefined attribute being configured to indicate to the memory management unit whether entries in a corresponding level-two page table designate certain predefined memory regions; and
one or more busses configured to communicatively couple the memory unit and the processor.
4 Assignments
0 Petitions
Accused Products
Abstract
A hardware Secure Processing Unit (SPU) is described that can perform both security functions and other information appliance functions using the same set of hardware resources. Because the additional hardware required to support security functions is a relatively small fraction of the overall device hardware, this type of SPU can be competitive with ordinary non-secure CPUs or microcontrollers that perform the same functions. A set of minimal initialization and management hardware and software is added to, e.g., a standard CPU/microcontroller. The additional hardware and/or software creates an SPU environment and performs the functions needed to virtualize the SPU'"'"'s hardware resources so that they can be shared between security functions and other functions performed by the same CPU.
38 Citations
18 Claims
-
1. A secure processing unit comprising:
-
a memory unit; a processor comprising a memory management unit and a plurality of security registers, the memory management unit storing a level-one page table, the level-one page table including a plurality of level-one page table entries, wherein the level-one page table entries each correspond to at least one level-two page table, and wherein the level-one page table entries each contain a predefined attribute, the predefined attribute being configured to indicate to the memory management unit whether entries in a corresponding level-two page table designate certain predefined memory regions; and one or more busses configured to communicatively couple the memory unit and the processor. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. An information appliance, the information appliance comprising:
-
a memory unit; and a secure processing unit communicatively coupled to the memory unit, the secure processing unit comprising; a secure memory unit; and a processor communicatively coupled to the secure memory unit, the processor comprising a memory management unit and a plurality of security registers, the memory management unit storing a level-one page table, the level-one page table including a plurality of level-one page table entries, wherein the level-one page table entries each correspond to at least one level-two page table, and wherein the level-one page table entries each contain a predefined attribute, the predefined attribute being configured to indicate to the memory management unit whether entries in a corresponding level-two page table designate certain predefined memory regions. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
Specification