MANAGEMENT OF DATA PROCESSING SECURITY IN A SECONDARY PROCESSOR
First Claim
1. A data processing apparatus configured to perform secure data processing operations and non-secure data processing operations, wherein secure data in said data processing apparatus cannot be accessed by said non-secure data processing operations, the data processing apparatus comprising:
- a master device comprising a secure domain and a non-secure domain, wherein components of said master device are configured to operate in said secure domain when performing said secure data processing operations and to operate in said non-secure domain when performing said non-secure data processing operations;
a slave device configured to perform a delegated data processing operation specified by said master device; and
a communication bus connecting said master device to said slave device,wherein said delegated data processing operation is initiated by an issuing component in said master device issuing a delegated task definition to said slave device on said communication bus, wherein said issuing component in said master device is a driver configured to operate in either said secure domain or said non-secure domain,wherein said slave device comprises a security inheritance mechanism configured to cause said delegated data processing operation to inherit a non-secure security status if said issuing component in said master device is operating in said non-secure domain and to cause said delegated data processing operation to inherit a secure security status if said issuing component in said master device is operating in said secure domain.
1 Assignment
0 Petitions
Accused Products
Abstract
A data processing apparatus is configured to perform secure data processing operations and non-secure data processing operations, wherein the apparatus includes a master device with a secure domain and a non-secure domain. Components of the master device operate in the secure domain when performing secure data processing operations and operate in the non-secure domain when performing the non-secure data processing operations. A slave device is configured to perform a delegated data processing operation specified by the master device and a communication bus connecting the master device to the slave device. The delegated operation is initiated by an issuing component in the master device, wherein the slave device includes a security inheritance mechanism configured to cause the delegated operation to inherit a non-secure security status or a secure status depending upon whether the issuing component in the master device is operating in the non-secure domain or the secure domain.
23 Citations
18 Claims
-
1. A data processing apparatus configured to perform secure data processing operations and non-secure data processing operations, wherein secure data in said data processing apparatus cannot be accessed by said non-secure data processing operations, the data processing apparatus comprising:
-
a master device comprising a secure domain and a non-secure domain, wherein components of said master device are configured to operate in said secure domain when performing said secure data processing operations and to operate in said non-secure domain when performing said non-secure data processing operations; a slave device configured to perform a delegated data processing operation specified by said master device; and a communication bus connecting said master device to said slave device, wherein said delegated data processing operation is initiated by an issuing component in said master device issuing a delegated task definition to said slave device on said communication bus, wherein said issuing component in said master device is a driver configured to operate in either said secure domain or said non-secure domain, wherein said slave device comprises a security inheritance mechanism configured to cause said delegated data processing operation to inherit a non-secure security status if said issuing component in said master device is operating in said non-secure domain and to cause said delegated data processing operation to inherit a secure security status if said issuing component in said master device is operating in said secure domain. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A data processing apparatus configured to perform secure data processing operations and non-secure data processing operations, wherein secure data in said data processing apparatus cannot be accessed by said non-secure data processing operations, the data processing apparatus comprising:
-
master device means comprising a secure domain and a non-secure domain, components of said master device means for operating in said secure domain when performing said secure data processing operations and for operating in said non-secure domain when performing said non-secure data processing operations; slave device means for performing a delegated data processing operation specified by said master device means; and communication bus means for connecting said master device to said slave device, wherein said delegated data processing operation is initiated by an issuing component in said master device means issuing a delegated task definition to said slave device means on said communication bus means, wherein said issuing component in said master device means is a driver configured to operate in either said secure domain or said non-secure domain, said slave device means comprising security inheritance means for causing said delegated data processing operation to inherit a non-secure security status if said issuing component in said master device means is operating in said non-secure domain and to cause said delegated data processing operation to inherit a secure security status if said issuing component in said master device means is operating in said secure domain.
-
-
18. A method of data processing in a data processing apparatus configured to perform secure data processing operations and non-secure data processing operations, wherein secure data in said data processing apparatus cannot be accessed by said non-secure data processing operations, the method comprising the steps of:
-
operating components of a master device in a secure domain when performing said secure data processing operations and operating components of said master device in said non-secure domain when performing said non-secure data processing operations; performing in a slave device a delegated data processing operation specified by said master device; connecting said master device to said slave device via a communication bus; initiating said delegated data processing operation by an issuing component in said master device issuing a delegated task definition to said slave device on said communication bus, wherein said issuing component in said master device is a driver configured to operate in either said secure domain or said non-secure domain; and causing said delegated data processing operation in said slave device to inherit a non-secure security status if said issuing component in said master device is operating in said non-secure domain and causing said delegated data processing operation to inherit a secure security status if said issuing component in said master device is operating in said secure domain.
-
Specification