Data processor with a multi-level protection mechanism, multi-level protection circuit, and method therefor

US 5,649,159 A
Filed: 05/22/1995
Issued: 07/15/1997
Est. Priority Date: 08/31/1994
Status: Expired due to Term

First Claim

Patent Images

1. A data processor (30) with a multi-level protection mechanism, comprising:

a central processing unit (CPU) (31) for generating an address and at least one corresponding control signal sequentially for each of a plurality of memory accesses, in response to a program; and

a multi-level protection circuit (50) coupled to said CPU (31), comprising;

a first decoder (51) having a first input for receiving said address, a second input for receiving said at least one corresponding control signal, a first output for providing a first address match signal if said address is within a first programmable region (41), and a second output for providing a first attribute match signal if said at least one corresponding control signal matches a first programmable protection attribute;

a second decoder (54) having a first input for receiving said address, a second input for receiving said at least one corresponding control signal, a first output for providing a second address match signal if said address is within a second programmable region (42), and a second output for providing a second attribute match signal if said at least one corresponding control signal matches a second programmable protection attribute; and

a priority enforcing circuit (58) having inputs for receiving said first and second outputs of each of said first (51) and second (54) decoders, and an output for providing an enable signal for enabling a generation of at least one external control signal for accessing an external device (22, 23, 24,

25),said priority enforcing circuit (58) activating said enable signal if only one of said first and second address match signals are active and a corresponding one of said first and second attribute match signals are active,said priority enforcing circuit (58) keeping said enable signal inactive if both said first and second address match signals are active and said second attribute match signal is inactive,whereby said second programmable region (42) may overlap said first programmable region (41).

View all claims

15 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data processor (30) includes a multi-level protection circuit (50) which enables the generation of external control signals. The multi-level protection circuit (50) defines regions of protection (41, 42), which may be nested. The protection circuit (50) checks access cycle attributes such as read or write, supervisor or user, and data or instruction. First (51) and second (54) decoders are associated with each other and define two regions (41, 42) which may overlap. When a CPU (31) accesses a memory location within both regions, the protection attributes of the second decoder (54), at a higher priority level than the first decoder (51), control. If an attempted access violates the programmable protection attributes of the second region (42), then the multi-level protection circuit (50) prevents the access from occurring, even though the access attributes of the first decoder (51) alone would enable the access. The protection circuit (50) thus allows the use of high-density memory or peripheral devices for multiple purposes.

Citations

15 Claims

1. A data processor (30) with a multi-level protection mechanism, comprising:
- a central processing unit (CPU) (31) for generating an address and at least one corresponding control signal sequentially for each of a plurality of memory accesses, in response to a program; and
  
  a multi-level protection circuit (50) coupled to said CPU (31), comprising;
  
  a first decoder (51) having a first input for receiving said address, a second input for receiving said at least one corresponding control signal, a first output for providing a first address match signal if said address is within a first programmable region (41), and a second output for providing a first attribute match signal if said at least one corresponding control signal matches a first programmable protection attribute;
  
  a second decoder (54) having a first input for receiving said address, a second input for receiving said at least one corresponding control signal, a first output for providing a second address match signal if said address is within a second programmable region (42), and a second output for providing a second attribute match signal if said at least one corresponding control signal matches a second programmable protection attribute; and
  
  a priority enforcing circuit (58) having inputs for receiving said first and second outputs of each of said first (51) and second (54) decoders, and an output for providing an enable signal for enabling a generation of at least one external control signal for accessing an external device (22, 23, 24,
  
  25),said priority enforcing circuit (58) activating said enable signal if only one of said first and second address match signals are active and a corresponding one of said first and second attribute match signals are active,said priority enforcing circuit (58) keeping said enable signal inactive if both said first and second address match signals are active and said second attribute match signal is inactive,whereby said second programmable region (42) may overlap said first programmable region (41).
- View Dependent Claims (2, 3, 4)
- - 2. The data processor (30) of claim 1 further comprising:
    - a third decoder (224) having a first input for receiving said address, a second input for receiving said at least one corresponding control signal, a first output for providing a third address match signal if said address is within a third programmable region, and a second output for providing a third attribute match signal if said at least one corresponding control signal matches a third programmable protection attribute,said priority enforcing circuit (58) further keeping said enable signal inactive if both said first and third address match signals are active and said third attribute match signal is inactive,said priority enforcing circuit (58) further keeping said enable signal inactive if both said second and third address match signals are active and said third attribute match signal is inactive,whereby said third programmable region may overlap either said first programmable region (41) or said second programmable region (42).
  - 3. The data processor (30) of claim 1 further comprising an access state machine (230) having an input for receiving said enable signal, said access state machine (230) providing said at least one external control signal to at least one corresponding output thereof, to control access to said external device.
  - 4. The data processor (30) of claim 3 wherein said at least one external control signal comprises a chip enable signal, an output enable signal, and at least one write enable signal.

5. A multi-level protection circuit (50), comprising:
- a first decoder (51) having a first input for receiving an input address, a second input for receiving an input attribute, a first output for providing a first address match signal if said input address is within a first programmable region (41), and a second output for providing a first attribute match signal if said input attribute matches a first programmable protection attribute;
  
  a second decoder (54) having a first input for receiving said input address, a second input for receiving said input attribute, a first output for providing a second address match signal if said input address is within a second programmable region (42), and a second output for providing a second attribute match signal if said input attribute matches a second programmable protection attribute; and
  
  a priority enforcing circuit (58) having inputs for receiving said first and second outputs of each of said first (51) and second (54) decoders, and an output for providing an enable signal for enabling a generation of at least one external control signal for accessing an external device,said priority enforcing circuit (58) activating said enable signal if only one of said first and second address match signals are active and a corresponding one of said first and second attribute match signals are active,said priority enforcing circuit (58) keeping said enable signal inactive if both said first and second address match signals are active and said second attribute match signal is inactive,whereby said second programmable region (42) may overlap said first programmable region (41).
- View Dependent Claims (6, 7, 8)
- - 6. The multi-level protection circuit (50) of claim 5 further comprising:
    - a third decoder (224) having a first input for receiving said input address, a second input for receiving said input attribute, a first output for providing a third address match signal if said input address is within a third programmable region, and a second output for providing a third attribute match signal if said input attribute matches a third programmable protection attribute,said priority enforcing circuit (58) further keeping said enable signal inactive if both said first and third address match signals are active and said third attribute match signal is inactive,said priority enforcing circuit (58) further keeping said enable signal inactive if both said second and third address match signals are active and said third attribute match signal is inactive,whereby said third programmable region may overlap either said first programmable region (41) or said second programmable region (42).
  - 7. The multi-level protection circuit (50) of claim 5 further comprising an access state machine having an input for receiving said enable signal, said access state machine providing said at least one external control signal to at least one corresponding output thereof, to control access to said external device.
  - 8. The multi-level protection circuit (50) of claim 7 wherein said at least one external control signal comprises a chip enable signal, an output enable signal, and at least one write enable signal.

9. A multi-level protection circuit (210), comprising:
- a plurality of decoders (224, 225,
  
       226) each having a first input for receiving an input address, a second input for receiving an input attribute, a first output for providing an address match signal if said input address is within a corresponding programmable region, and a second output for providing an attribute match signal if said input attribute matches a corresponding programmable protection attribute;
  
  a first decoder (224) of said plurality of decoders (224, 225,
  
       226) associated with a second decoder (225) of said plurality of decoders (224, 225,
  
       226) and having a first priority associated therewith lower than a second priority associated with said second decoder (225); and
  
  a priority enforcing circuit (58) having inputs for receiving said first and second outputs of each of said plurality of decoders (224, 225,
  
       226), and an output for providing at least one enable signal for enabling a generation of at least one external control signal for accessing an external device,said priority enforcing circuit (58) activating said at least one enable signal if only one address match signal of said first (224) and second (225) decoders is active, and a corresponding attribute match signal of said first (224) and second (225) decoders is active,said priority enforcing circuit (58) keeping said at least one enable signal inactive if both address match signals of said first (224) and second (225) decoders are active and said attribute match signal of said second decoder (225) is inactive,whereby said second decoder (225) defines a region which may overlap a region of said first decoder (224).
- View Dependent Claims (10, 11, 12)
- - 10. The multi-level protection circuit (210) of claim 9 further comprising:
    - a third decoder (226) of said plurality of decoders (224, 225,
      
      226) associated with said first (224) and second (225) decoders of said plurality of decoders (224, 225,
      
      226) and having a third priority associated therewith higher than said first and second priorities; and
      
      said priority enforcing circuit (58) further keeping said at least one enable signal inactive if both address match signals of said first (224) and third (226) decoders are active and said attribute match signal of said third decoder (226) is inactive,said priority enforcing circuit (58) further keeping said at least one enable signal inactive if both address match signals of said second (225) and third (226) decoders are active and said attribute match signal of said third decoder (226) is inactive,whereby said third decoder (226) defines a region which may overlap said region of said first decoder (224) and said region of said second decoder (225).
  - 11. The multi-level protection circuit (210) of claim 9 further comprising an access state machine having an input for receiving said at least one enable signal, said access state machine providing said at least one external control signal one at least one corresponding output, to control access to said external device.
  - 12. The multi-level protection circuit (210) of claim 11 wherein said at least one external control signal comprises a chip enable signal, an output enable signal, and at least one write enable signal.

13. A method for providing multi-level protection for a data processor, comprising the steps of:
- defining a first region of addresses (41) and a first programmable protection attribute associated with said first region of addresses;
  
  defining a second region of addresses (42) and a second programmable protection attribute associated with said second region of addresses, whereby said second region of addresses (42) at least partially overlaps said first region of addresses (41);
  
  receiving an input address having a corresponding input attribute;
  
  detecting a first address match if said input address is within said first region of addresses (41);
  
  detecting a second address match if said input address is within said second region of addresses (42);
  
  detecting a first attribute match if an input attribute matches said first programmable protection attribute;
  
  detecting a second attribute match if said input attribute matches said second programmable protection attribute;
  
  activating an enable signal in response to a detection of only one of said first and second address matches and a detection of a corresponding one of said first and second attribute matches; and
  
  keeping said enable signal inactive in response to a detection of both said first and second address matches and a failure to detect said second attribute match.
- View Dependent Claims (14, 15)
- - 14. The method of claim 13 further comprising the step of accessing an external device by activating at least one external control signal in a predetermined sequence in response to an activation of said enable signal.
  - 15. The method of claim 14 wherein said step of accessing said external device comprises the step of activating a chip enable signal, an output enable signal, and at least one write enable signal in response to an activation of said enable signal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Motorola, Inc. (Motorola Solutions, Inc.)
Inventors
Eifert, James B., Le, Chinh H.
Primary Examiner(s)
LANE, JOHN A

Application Number

US08/445,817
Time in Patent Office

785 Days
Field of Search

395/479, 395/483, 395/485, 395/490, 395/417, 395/410, 395/478, 395/405
US Class Current

711/163
CPC Class Codes

G06F 12/1441   for a range

G06F 13/28   using burst mode transfer, ...

G06F 13/4004   Coupling between buses

G06F 13/4018   with data-width conversion

G06F 13/4243   with synchronous protocol

Data processor with a multi-level protection mechanism, multi-level protection circuit, and method therefor

First Claim

15 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Data processor with a multi-level protection mechanism, multi-level protection circuit, and method therefor

First Claim

15 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links