Data processor with a multi-level protection mechanism, multi-level protection circuit, and method therefor
First Claim
1. A data processor (30) with a multi-level protection mechanism, comprising:
- a central processing unit (CPU) (31) for generating an address and at least one corresponding control signal sequentially for each of a plurality of memory accesses, in response to a program; and
a multi-level protection circuit (50) coupled to said CPU (31), comprising;
a first decoder (51) having a first input for receiving said address, a second input for receiving said at least one corresponding control signal, a first output for providing a first address match signal if said address is within a first programmable region (41), and a second output for providing a first attribute match signal if said at least one corresponding control signal matches a first programmable protection attribute;
a second decoder (54) having a first input for receiving said address, a second input for receiving said at least one corresponding control signal, a first output for providing a second address match signal if said address is within a second programmable region (42), and a second output for providing a second attribute match signal if said at least one corresponding control signal matches a second programmable protection attribute; and
a priority enforcing circuit (58) having inputs for receiving said first and second outputs of each of said first (51) and second (54) decoders, and an output for providing an enable signal for enabling a generation of at least one external control signal for accessing an external device (22, 23, 24,
25),said priority enforcing circuit (58) activating said enable signal if only one of said first and second address match signals are active and a corresponding one of said first and second attribute match signals are active,said priority enforcing circuit (58) keeping said enable signal inactive if both said first and second address match signals are active and said second attribute match signal is inactive,whereby said second programmable region (42) may overlap said first programmable region (41).
15 Assignments
0 Petitions
Accused Products
Abstract
A data processor (30) includes a multi-level protection circuit (50) which enables the generation of external control signals. The multi-level protection circuit (50) defines regions of protection (41, 42), which may be nested. The protection circuit (50) checks access cycle attributes such as read or write, supervisor or user, and data or instruction. First (51) and second (54) decoders are associated with each other and define two regions (41, 42) which may overlap. When a CPU (31) accesses a memory location within both regions, the protection attributes of the second decoder (54), at a higher priority level than the first decoder (51), control. If an attempted access violates the programmable protection attributes of the second region (42), then the multi-level protection circuit (50) prevents the access from occurring, even though the access attributes of the first decoder (51) alone would enable the access. The protection circuit (50) thus allows the use of high-density memory or peripheral devices for multiple purposes.
-
Citations
15 Claims
-
1. A data processor (30) with a multi-level protection mechanism, comprising:
-
a central processing unit (CPU) (31) for generating an address and at least one corresponding control signal sequentially for each of a plurality of memory accesses, in response to a program; and a multi-level protection circuit (50) coupled to said CPU (31), comprising; a first decoder (51) having a first input for receiving said address, a second input for receiving said at least one corresponding control signal, a first output for providing a first address match signal if said address is within a first programmable region (41), and a second output for providing a first attribute match signal if said at least one corresponding control signal matches a first programmable protection attribute; a second decoder (54) having a first input for receiving said address, a second input for receiving said at least one corresponding control signal, a first output for providing a second address match signal if said address is within a second programmable region (42), and a second output for providing a second attribute match signal if said at least one corresponding control signal matches a second programmable protection attribute; and a priority enforcing circuit (58) having inputs for receiving said first and second outputs of each of said first (51) and second (54) decoders, and an output for providing an enable signal for enabling a generation of at least one external control signal for accessing an external device (22, 23, 24,
25),said priority enforcing circuit (58) activating said enable signal if only one of said first and second address match signals are active and a corresponding one of said first and second attribute match signals are active, said priority enforcing circuit (58) keeping said enable signal inactive if both said first and second address match signals are active and said second attribute match signal is inactive, whereby said second programmable region (42) may overlap said first programmable region (41). - View Dependent Claims (2, 3, 4)
-
-
5. A multi-level protection circuit (50), comprising:
-
a first decoder (51) having a first input for receiving an input address, a second input for receiving an input attribute, a first output for providing a first address match signal if said input address is within a first programmable region (41), and a second output for providing a first attribute match signal if said input attribute matches a first programmable protection attribute; a second decoder (54) having a first input for receiving said input address, a second input for receiving said input attribute, a first output for providing a second address match signal if said input address is within a second programmable region (42), and a second output for providing a second attribute match signal if said input attribute matches a second programmable protection attribute; and a priority enforcing circuit (58) having inputs for receiving said first and second outputs of each of said first (51) and second (54) decoders, and an output for providing an enable signal for enabling a generation of at least one external control signal for accessing an external device, said priority enforcing circuit (58) activating said enable signal if only one of said first and second address match signals are active and a corresponding one of said first and second attribute match signals are active, said priority enforcing circuit (58) keeping said enable signal inactive if both said first and second address match signals are active and said second attribute match signal is inactive, whereby said second programmable region (42) may overlap said first programmable region (41). - View Dependent Claims (6, 7, 8)
-
-
9. A multi-level protection circuit (210), comprising:
-
a plurality of decoders (224, 225,
226) each having a first input for receiving an input address, a second input for receiving an input attribute, a first output for providing an address match signal if said input address is within a corresponding programmable region, and a second output for providing an attribute match signal if said input attribute matches a corresponding programmable protection attribute;a first decoder (224) of said plurality of decoders (224, 225,
226) associated with a second decoder (225) of said plurality of decoders (224, 225,
226) and having a first priority associated therewith lower than a second priority associated with said second decoder (225); anda priority enforcing circuit (58) having inputs for receiving said first and second outputs of each of said plurality of decoders (224, 225,
226), and an output for providing at least one enable signal for enabling a generation of at least one external control signal for accessing an external device,said priority enforcing circuit (58) activating said at least one enable signal if only one address match signal of said first (224) and second (225) decoders is active, and a corresponding attribute match signal of said first (224) and second (225) decoders is active, said priority enforcing circuit (58) keeping said at least one enable signal inactive if both address match signals of said first (224) and second (225) decoders are active and said attribute match signal of said second decoder (225) is inactive, whereby said second decoder (225) defines a region which may overlap a region of said first decoder (224). - View Dependent Claims (10, 11, 12)
-
-
13. A method for providing multi-level protection for a data processor, comprising the steps of:
-
defining a first region of addresses (41) and a first programmable protection attribute associated with said first region of addresses; defining a second region of addresses (42) and a second programmable protection attribute associated with said second region of addresses, whereby said second region of addresses (42) at least partially overlaps said first region of addresses (41); receiving an input address having a corresponding input attribute; detecting a first address match if said input address is within said first region of addresses (41); detecting a second address match if said input address is within said second region of addresses (42); detecting a first attribute match if an input attribute matches said first programmable protection attribute; detecting a second attribute match if said input attribute matches said second programmable protection attribute; activating an enable signal in response to a detection of only one of said first and second address matches and a detection of a corresponding one of said first and second attribute matches; and keeping said enable signal inactive in response to a detection of both said first and second address matches and a failure to detect said second attribute match. - View Dependent Claims (14, 15)
-
Specification