Apparatus and method for controlling access to a memory unit
First Claim
1. A data processing apparatus, comprising:
- a processor operable in a plurality of modes and a plurality of domains, said plurality of domains comprising a secure domain and a non-secure domain, said plurality of modes including at least one non-secure mode being a mode in the non-secure domain and at least one secure mode being a mode in the secure domain,wherein when the processor is in the secure domain, a program executed by the processor has access to secure data which is not accessible from the non-secure domain;
a memory unit comprising a plurality of entries and operable to store data required by the processor, each entry being operable to store one orone or more data items including either secure data or non-secure data, the allocation of data as either secure or non-secure data being performed in the secure domain, and a flag being associated with each entry in the memory unit to store a value indicating whether the one or more data items stored in the associated entry are said secure data or said non-secure data;
wherein when the processor is operating in said at least one non-secure mode of the non-secure domain, the memory unit is operable, upon receipt of a memory access request issued by the processor when access to an item of data is required, to prevent access to any data item within an entry of the memory unit that the associated flag indicates has secure data stored therein.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention provides a data processing apparatus and method for controlling access to a memory unit. The data processing apparatus comprises a processor operable in a plurality of modes and a plurality of domains, said plurality of domains comprising a secure domain and a non-secure domain, said plurality of modes including at least one non-secure mode being a mode in the non-secure domain and at least one secure mode being a mode in the secure domain. The processor is operable such that when executing a program in a secure mode the program has access to secure data which is not accessible when the processor is operating in a non-secure mode. A memory unit is also provided that comprises a plurality of entries and is operable to store data required by the processor. Each entry is operable to store one or more data items consisting of either secure data or non-secure data, and a flag is associated with each entry in the memory unit to store a value indicating whether the one or more data items stored in the associated entry are secure data or non-secure data. When the processor is operating in the at least one non-secure mode, the memory unit is operable, upon receipt of a memory access request issued by the processor when access to an item of data is required, to prevent access to any data item within an entry of the memory unit that the associated flag indicates has secure data stored therein.
76 Citations
20 Claims
-
1. A data processing apparatus, comprising:
-
a processor operable in a plurality of modes and a plurality of domains, said plurality of domains comprising a secure domain and a non-secure domain, said plurality of modes including at least one non-secure mode being a mode in the non-secure domain and at least one secure mode being a mode in the secure domain, wherein when the processor is in the secure domain, a program executed by the processor has access to secure data which is not accessible from the non-secure domain; a memory unit comprising a plurality of entries and operable to store data required by the processor, each entry being operable to store one orone or more data items including either secure data or non-secure data, the allocation of data as either secure or non-secure data being performed in the secure domain, and a flag being associated with each entry in the memory unit to store a value indicating whether the one or more data items stored in the associated entry are said secure data or said non-secure data; wherein when the processor is operating in said at least one non-secure mode of the non-secure domain, the memory unit is operable, upon receipt of a memory access request issued by the processor when access to an item of data is required, to prevent access to any data item within an entry of the memory unit that the associated flag indicates has secure data stored therein. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of controlling access to a memory unit of a data processing apparatus, the data processing apparatus comprising a processor operable in a plurality of modes and a plurality of domains, said plurality of domains comprising a secure domain and a non-secure domain, said plurality of modes including at least one non-secure mode being a mode in the non-secure domain and at least one secure mode being a mode in the secure domain, wherein when the processor is in the secure domain, a program executed by said processor has access to secure data which is not accessible from the non-secure domain, the data processing apparatus further comprising a memory unit comprising a plurality of entries and operable to store data required by the processor, each entry being operable to store one or more data items including either secure data or non-secure data, the allocation of data as either secure data or non-secure data being performed in the secure domain, and the method comprising the steps of:
-
associating a flag with each entry in the memory unit; when said one or more data items are stored in an entry of the memory unit, storing a value within the associated flag indicating whether said one or more data items are said secure data or said non-secure data; when the processor is operating in said at least one non-secure mode of the non-secure domain, and upon receipt of a memory access request issued by the processor when access to an item of data is required, preventing access to any data item within an entry of the memory unit that the associated flag indicates has secure data stored therein. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification