Security Enclave Processor for a System on a Chip
First Claim
1. An integrated circuit comprising, all integrated on a single semiconductor substrate:
- one or more application processors, wherein each application processor comprises hardware configured to execute instructions;
a memory controller coupled to the one or more application processors;
a security circuit including at least one additional processor and one or more security peripherals, wherein the additional processor comprises hardware configured to execute instructions, and the additional processor is separate from the one or more application processors, and wherein the security circuit is isolated from access by the application processors and other components of the integrated circuit except through a secure mailbox mechanism implemented in the security circuit, and wherein the one or more application processors are configured to write a message to the secure mailbox mechanism to request operation of the security circuit, and wherein the additional processor is configured to read the secure mailbox mechanism, determine whether or not the operation is permitted, and perform the operation responsive to determining that the operation is permitted.
1 Assignment
0 Petitions
Accused Products
Abstract
An SOC implements a security enclave processor (SEP). The SEP may include a processor and one or more security peripherals. The SEP may be isolated from the rest of the SOC (e.g. one or more central processing units (CPUs) in the SOC, or application processors (APs) in the SOC). Access to the SEP may be strictly controlled by hardware. For example, a mechanism in which the CPUs/APs can only access a mailbox location in the SEP is described. The CPU/AP may write a message to the mailbox, which the SEP may read and respond to. The SEP may include one or more of the following in some embodiments: secure key management using wrapping keys, SEP control of boot and/or power management, and separate trust zones in memory.
-
Citations
19 Claims
-
1. An integrated circuit comprising, all integrated on a single semiconductor substrate:
-
one or more application processors, wherein each application processor comprises hardware configured to execute instructions; a memory controller coupled to the one or more application processors; a security circuit including at least one additional processor and one or more security peripherals, wherein the additional processor comprises hardware configured to execute instructions, and the additional processor is separate from the one or more application processors, and wherein the security circuit is isolated from access by the application processors and other components of the integrated circuit except through a secure mailbox mechanism implemented in the security circuit, and wherein the one or more application processors are configured to write a message to the secure mailbox mechanism to request operation of the security circuit, and wherein the additional processor is configured to read the secure mailbox mechanism, determine whether or not the operation is permitted, and perform the operation responsive to determining that the operation is permitted. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system comprising:
-
one or more processors forming a central processing unit (CPU) complex configured to execute an operating system in the system, wherein the one or more processors each comprise hardware configured to execute instructions included in the operating system; and a security circuit coupled to the one or more processors, wherein the security circuit comprises at least one secure processor and one or more security peripherals, wherein the security circuit is isolated from access by the CPU complex except through a secure mailbox mechanism implemented in the security circuit, and wherein the security circuit is configured to provide at least one secure service in response to a request by the CPU complex received in the secure mailbox mechanism, wherein the secure processor comprises hardware configured to execute instructions to perform at least a portion of the secure service, and wherein the secure processor is separate from the one or more processors, and wherein the secure processor is configured to determine whether or not the secure service is permitted to the CPU complex, and wherein the security circuit is configured perform the secure service responsive to the secure processor determining that the secure service is permitted. - View Dependent Claims (7, 8, 9, 10)
-
-
11. An integrated circuit comprising, all integrated on a single semiconductor substrate:
-
one or more first processors in a central processing unit (CPU) complex, wherein the one or more first processors execute an operating system and one or more applications during use, wherein the one or more first processors each comprise hardware configured to execute instructions included in the operating system and the one or more applications; a memory controller coupled to the one or more application processors, wherein the memory controller is configured to couple to a memory that stores the operating system and the one or more applications during use; a security circuit coupled to the memory controller, the security circuit including at least one second processor and one or more security peripherals, wherein the security circuit is configured to provide one or more secure services to the one or more first processors during use, wherein the at least one second processor comprises hardware configured to execute instructions to perform at least a portion of the one or more secure services, and wherein the at least one second processor is separate from the one or more first processors, and wherein the security circuit is isolated from access via secure mailbox mechanism, and wherein the one or more first processors are configured to write a message to the secure mailbox mechanism to request a first secure service, and wherein the second processor is configured to read the secure mailbox mechanism, determine whether or not the first secure service is permitted, and perform the operation responsive to determining that the secure service is permitted; one or more peripherals coupled to the CPU complex; and a boot read-only memory coupled to the CPU complex and configured to store boot code to boot the CPU complex and the one or more peripherals. - View Dependent Claims (12, 13, 14)
-
-
15. A method comprising:
-
a first processor in a central processing unit (CPU) complex writing a message to an inbox within a security circuit to request a secure service, wherein the first processor comprises hardware configured to execute instructions to write the message to the inbox; a second processor in the security circuit reading the message from the inbox, wherein the second processor comprises hardware configured to execute instructions to read the message from the inbox, wherein the second processor is separate from the first processor; the second processor determining if the secure service is permitted; and the second processor performing the secure service in response to determining that the secure service is permitted. - View Dependent Claims (16, 17, 18, 19)
-
Specification