Apparatus and method for controlling access to a memory unit

US 7,340,573 B2
Filed: 11/17/2003
Issued: 03/04/2008
Est. Priority Date: 11/18/2002
Status: Active Grant

First Claim

Patent Images

1. A data processing apparatus, comprising:

a processor operable in a plurality of modes and a plurality of domains, said plurality of domains comprising a secure domain and a non-secure domain, said plurality of modes including at least one non-secure mode being a mode in the non-secure domain and at least one secure mode being a mode in the secure domain,wherein when the processor is in the secure domain, a program executed by the processor has access to secure data which is not accessible from the non-secure domain;

a memory unit comprising a plurality of entries and operable to store data required by the processor, each entry being operable to store one orone or more data items including either secure data or non-secure data, the allocation of data as either secure or non-secure data being performed in the secure domain, and a flag being associated with each entry in the memory unit to store a value indicating whether the one or more data items stored in the associated entry are said secure data or said non-secure data;

wherein when the processor is operating in said at least one non-secure mode of the non-secure domain, the memory unit is operable, upon receipt of a memory access request issued by the processor when access to an item of data is required, to prevent access to any data item within an entry of the memory unit that the associated flag indicates has secure data stored therein.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a data processing apparatus and method for controlling access to a memory unit. The data processing apparatus comprises a processor operable in a plurality of modes and a plurality of domains, said plurality of domains comprising a secure domain and a non-secure domain, said plurality of modes including at least one non-secure mode being a mode in the non-secure domain and at least one secure mode being a mode in the secure domain. The processor is operable such that when executing a program in a secure mode the program has access to secure data which is not accessible when the processor is operating in a non-secure mode. A memory unit is also provided that comprises a plurality of entries and is operable to store data required by the processor. Each entry is operable to store one or more data items consisting of either secure data or non-secure data, and a flag is associated with each entry in the memory unit to store a value indicating whether the one or more data items stored in the associated entry are secure data or non-secure data. When the processor is operating in the at least one non-secure mode, the memory unit is operable, upon receipt of a memory access request issued by the processor when access to an item of data is required, to prevent access to any data item within an entry of the memory unit that the associated flag indicates has secure data stored therein.

76 Citations

View as Search Results

20 Claims

1. A data processing apparatus, comprising:
- a processor operable in a plurality of modes and a plurality of domains, said plurality of domains comprising a secure domain and a non-secure domain, said plurality of modes including at least one non-secure mode being a mode in the non-secure domain and at least one secure mode being a mode in the secure domain,wherein when the processor is in the secure domain, a program executed by the processor has access to secure data which is not accessible from the non-secure domain;
  
  a memory unit comprising a plurality of entries and operable to store data required by the processor, each entry being operable to store one orone or more data items including either secure data or non-secure data, the allocation of data as either secure or non-secure data being performed in the secure domain, and a flag being associated with each entry in the memory unit to store a value indicating whether the one or more data items stored in the associated entry are said secure data or said non-secure data;
  
  wherein when the processor is operating in said at least one non-secure mode of the non-secure domain, the memory unit is operable, upon receipt of a memory access request issued by the processor when access to an item of data is required, to prevent access to any data item within an entry of the memory unit that the associated flag indicates has secure data stored therein.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A data processing apparatus as claimed in claim 1, wherein the memory unit is a cache, and each said entry is a cache line of the cache.
  - 3. A data processing apparatus as claimed in claim 1, wherein the memory unit is coupled to the processor via a processor bus, the memory unit and processor forming a device, and the data processing apparatus further comprises a device bus via which the device is connectable to a further memory unit, the further memory unit having secure memory for storing secure data and non-secure memory for storing non-secure data.
  - 4. A data processing apparatus as claimed in claim 3, wherein if the memory access request specifies a data item that is not stored within the memory unit, the memory access request is output on to the device bus to cause that data item to be accessed in the further memory unit, the data processing apparatus further comprising:
    - partition checking logic connected to the device bus and operable, whenever the memory access request is issued by the processor when operating in said at least one non-secure mode and is output onto the device bus, to detect if the memory access request is seeking to access the secure memory of the further memory unit, and upon such detection to prevent the access specified by that memory access request.
  - 5. A data processing apparatus as claimed in claim 4, wherein if the memory access request specifies a data item that is not stored within the memory unit, then if the partition checking logic determines that the processor is allowed to access that data item, that data item is retrieved from the further memory unit and stored in one of said entries of the memory unit, the value to be set for the flag associated with that entry being indicated by the partition checking logic.
  - 6. A data processing apparatus as claimed in claim 3, wherein the further memory unit is a main memory of the data processing apparatus.
  - 7. A data processing apparatus as claimed in claim 1, wherein the flag is contained within the memory unit and comprises a single bit set to indicate whether the associated entry has secure data or non-secure data stored therein.
  - 8. A data processing apparatus as claimed in claim 1, wherein the memory unit is operable to issue an abort signal if the processor, whilst operating in said at least one non-secure mode, seeks to access any data item within an entry of the memory unit that the associated flag indicates has secure data stored therein.
  - 9. A data processing apparatus as claimed in claim 1, wherein the processor is coupled to the memory unit via a memory management unit operable, upon receipt of the memory access request, to perform one or more predetermined access control functions to control issuance of the memory access request to the memory unit.
  - 10. A data processing apparatus as claimed in claim 9, wherein the memory access request specifies a virtual address, and one of said predetermined access control functions comprises conversion of the virtual address to a physical address.

11. A method of controlling access to a memory unit of a data processing apparatus, the data processing apparatus comprising a processor operable in a plurality of modes and a plurality of domains, said plurality of domains comprising a secure domain and a non-secure domain, said plurality of modes including at least one non-secure mode being a mode in the non-secure domain and at least one secure mode being a mode in the secure domain, wherein when the processor is in the secure domain, a program executed by said processor has access to secure data which is not accessible from the non-secure domain, the data processing apparatus further comprising a memory unit comprising a plurality of entries and operable to store data required by the processor, each entry being operable to store one or more data items including either secure data or non-secure data, the allocation of data as either secure data or non-secure data being performed in the secure domain, and the method comprising the steps of:
- associating a flag with each entry in the memory unit;
  
  when said one or more data items are stored in an entry of the memory unit, storing a value within the associated flag indicating whether said one or more data items are said secure data or said non-secure data;
  
  when the processor is operating in said at least one non-secure mode of the non-secure domain, and upon receipt of a memory access request issued by the processor when access to an item of data is required, preventing access to any data item within an entry of the memory unit that the associated flag indicates has secure data stored therein.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. A method as claimed in claim 11, wherein the memory unit is a cache, and each said entry is a cache line of the cache.
  - 13. A method as claimed in claim 11, wherein the memory unit is coupled to the processor via a processor bus, the memory unit and processor forming a device, and the method further comprises the step of:
    - connecting the device to a further memory unit via a device bus, the further memory unit having secure memory for storing secure data and non-secure memory for storing non-secure data.
  - 14. A method as claimed in claim 13, wherein if the memory access request specifies a data item that is not stored within the memory unit, the method further comprises the steps of:
    - outputting the memory access request on to the device bus to cause that data item to be accessed in the further memory unit;
      
      whenever the memory access request is issued by the processor when operating in said at least one non-secure mode and is output onto the device bus, employing partition checking logic to detect if the memory access request is seeking to access the secure memory of the further memory unit, and upon such detection to prevent the access specified by that memory access request.
  - 15. A method as claimed in claim 14, wherein if the memory access request specifies a data item that is not stored within the memory unit, the method further comprises the steps of:
    - employing the partition checking logic to determine whether the processor is allowed to access that data item; and
      
      if soretrieving that data item from the further memory unit and storing that data item in one of said entries of the memory unit; and
      
      employing the partition checking logic to determine the value to be set for the flag associated with that entry.
  - 16. A method as claimed in claim 13, wherein the further memory unit is a main memory of the data processing apparatus.
  - 17. A method as claimed in claim 11, wherein the flag is contained within the memory unit and comprises a single bit set to indicate whether the associated entry has secure data or non-secure data stored therein.
  - 18. A method as claimed in claim 11, wherein the memory unit is operable to issue an abort signal if the processor, whilst operating in said at least one non-secure mode, seeks to access any data item within an entry of the memory unit that the associated flag indicates has secure data stored therein.
  - 19. A method as claimed in claim 11, wherein the processor is coupled to the memory unit via a memory management unit operable, upon receipt of the memory access request, to perform one or more predetermined access control functions to control issuance of the memory access request to the memory unit.
  - 20. A method as claimed in claim 19, wherein the memory access request specifies a virtual address, and one of said predetermined access control functions comprises conversion of the virtual address to a physical address.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Arm Limited (SoftBank Group Corp.)
Original Assignee
Arm Limited (SoftBank Group Corp.)
Inventors
Watt, Simon Charles
Primary Examiner(s)
Bragdon; Reginald
Assistant Examiner(s)
Flournoy; Horace L.

Application Number

US10/714,481
Publication Number

US 20040143714A1
Time in Patent Office

1,569 Days
Field of Search

None
US Class Current

711/163
CPC Class Codes

G06F 12/0802 Addressing of a memory leve...

G06F 12/1491 in a hierarchical protectio...

Apparatus and method for controlling access to a memory unit

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

76 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for controlling access to a memory unit

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

76 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links