INFORMATION PROCESSING DEVICE AND COMPUTER PROGRAM PRODUCT
First Claim
1. An information processing device comprising:
- a main memory unit configured to store data;
a main processor unit configured toselectively switch between a secure mode and a non-secure mode,read and write data from and to the main memory unit, andwrite an OS execution image to the main memory unit, the main processor unit including a state sending unit for sending state information indicating the present mode to a bus;
a secure OS unit configured to be executed by the main processor unit in the secure mode;
an execution module configured to be executed by the main processor unit in the secure mode;
a non-secure OS unit configured to be executed by the main processor unit in the non-secure mode;
a secure monitor memory setting unit configured to set a shared memory area and an execution module memory area, the shared memory allowing reading and writing in the secure mode and the non-secure mode of the main processor unit, the execution module memory area allowing reading and writing in the secure mode of the main processor unit but not allowing reading or writing in the non-secure mode of the main processor unit;
an address space control unit configured todetermine the mode of the main processor unit based on the state information received from the bus, andcontrol allowing and disallowing of reading and writing with respect to the main memory unit from the main processor unit according to settings performed by the secure monitor memory unit;
a shared memory area writing unit configured to write an execution module to be executed in the secure OS unit to the shared memory area of the main memory unit;
an execution module loading unit configured to write the execution module that has been written to the shared memory area, to the execution module memory area; and
an application executing unit configured to execute the execution module that has been written to the execution module memory area.
1 Assignment
0 Petitions
Accused Products
Abstract
According to an embodiment, a device includes a processor unit, a control unit, a setting unit, a writing unit, and an executing unit. The processor unit is configured to switch between secure and non-secure modes, read/write data from/to a memory unit, and write an OS execution image of a secure OS unit to the memory unit. The setting unit is configured to set a shared memory area allowing reading and writing in both modes and an execution module memory area allowing reading and writing in the secure mode but not allowing reading or writing in the non-secure mode with respect to the control unit. The writing unit is configured to write an execution module to be executed in the secure OS unit to the shared memory area. The executing unit is configured to execute the execution module that has been written to the execution module memory area.
90 Citations
17 Claims
-
1. An information processing device comprising:
-
a main memory unit configured to store data; a main processor unit configured to selectively switch between a secure mode and a non-secure mode, read and write data from and to the main memory unit, and write an OS execution image to the main memory unit, the main processor unit including a state sending unit for sending state information indicating the present mode to a bus; a secure OS unit configured to be executed by the main processor unit in the secure mode; an execution module configured to be executed by the main processor unit in the secure mode; a non-secure OS unit configured to be executed by the main processor unit in the non-secure mode; a secure monitor memory setting unit configured to set a shared memory area and an execution module memory area, the shared memory allowing reading and writing in the secure mode and the non-secure mode of the main processor unit, the execution module memory area allowing reading and writing in the secure mode of the main processor unit but not allowing reading or writing in the non-secure mode of the main processor unit; an address space control unit configured to determine the mode of the main processor unit based on the state information received from the bus, and control allowing and disallowing of reading and writing with respect to the main memory unit from the main processor unit according to settings performed by the secure monitor memory unit; a shared memory area writing unit configured to write an execution module to be executed in the secure OS unit to the shared memory area of the main memory unit; an execution module loading unit configured to write the execution module that has been written to the shared memory area, to the execution module memory area; and an application executing unit configured to execute the execution module that has been written to the execution module memory area. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An information processing device comprising:
-
a main memory unit configured to store data; a main processor unit configured to selectively switch between a secure mode and a non-secure mode, the main processor unit including a state sending unit for sending state information indicating the present mode to a bus; a secure OS unit configured to be executed by the main processor unit in the secure mode; a non-secure OS unit configured to be executed by the main processor unit in the non-secure mode; a secure monitor memory setting unit configured to set a shared memory area and a non-secure OS unit memory area, the shared memory allowing reading and writing in the secure mode and the non-secure mode of the main processor unit, the non-secure OS unit memory area allowing writing an OS execution image of the non-secure OS unit; an address space control unit configured to determine the mode of the main processor unit based on the state information received from the bus, and control allowing and disallowing of reading and writing with respect to the main memory unit from the main processor unit according to settings performed by the secure monitor memory unit; a shared memory area writing unit configured to write an execution module to be executed in the secure OS unit to the shared memory area of the main memory unit; a boot loader unit configured to write the OS execution image of the non-secure OS unit to a predetermined memory area of the main memory unit in the non-secure mode at the time of booting of the device, wherein the secure OS unit is configured to compare a hash value calculated from the OS execution image of the non-secure OS unit that has been written to the non-secure OS unit memory area, with an expected value of the hash value of the OS execution image of the non-secure OS unit, and determine that the data of the non-secure OS unit is correct and allow execution of the non-secure OS unit when the hash value and the expected value are identical. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A computer program product comprising a computer-readable medium containing a program executed by a computer that includes a main memory unit configured to store data, and a main processor unit configured to selectively switch between a secure mode and a non-secure mode, read and write data from and to the main memory unit, and write an OS execution image to the main memory unit, the main processor unit including a state sending unit for sending state information indicating the present mode to a bus, the program causing the computer to execute:
-
executing, by the main processor unit, a secure OS unit in the secure mode; executing, by the main processor unit, an execution module in the secure mode; executing, by the main processor unit, a non-secure OS unit in the non-secure mode; setting a shared memory area and an execution module memory area, the shared memory allowing reading and writing in the secure mode and the non-secure mode of the main processor unit, the execution module memory area allowing reading and writing in the secure mode of the main processor unit but not allowing reading or writing in the non-secure mode of the main processor unit; determining the mode of the main processor unit based on the state information received from the bus; controlling allowing and disallowing of reading and writing with respect to the main memory unit from the main processor unit according to the settings; writing the execution module to be executed in the secure OS unit to the shared memory area of the main memory unit; writing the execution module that has been written to the shared memory area, to the execution module memory area; and executing the execution module that has been written to the execution module memory area. - View Dependent Claims (13, 14, 15, 16, 17)
-
Specification