Apparatus and method for managing processor configuration data

US 7,370,210 B2
Filed: 11/17/2003
Issued: 05/06/2008
Est. Priority Date: 11/18/2002
Status: Active Grant

First Claim

Patent Images

1. A data processing apparatus, comprising:

a processor configured in a plurality of modes and a plurality of domains, said plurality of domains comprising a secure domain and a non-secure domain, said plurality of modes including at least one non-secure mode being a mode in the non-secure domain, at least one secure mode being a mode in the secure domain, and a monitor mode, said processor being operable such that when executing a program in a secure mode said program has access to secure data which is not accessible when said processor is operating in a non-secure mode;

a storage unit configured to store processor configuration data comprising data controlling access to memory by the processor;

said processor being configured at least partially in said monitor mode to execute a monitor program to manage switching between said secure domain and said non-secure domain, said switching including switching the processor configuration data in the storage unit between secure processor configuration data and non-secure processor configuration data;

when in said monitor mode, said monitor program being configured to use monitor mode specific processor configuration data, thereby ensuring that operation of the processor in said monitor mode is unaffected by the switching of the processor configuration data so that the ability of the monitor program to perform the switching of processor configuration data is not comprised.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a data processing apparatus and method for managing processor configuration data. The data processing apparatus comprises a processor operable in a plurality of modes and a plurality of domains, said plurality of domains comprising a secure domain and a non-secure domain, said plurality of modes including at least one non-secure mode being a mode in the non-secure domain, at least one secure mode being a mode in the secure domain, and a monitor mode. The processor is operable such that when executing a program in a secure mode the program has access to secure data which is not accessible when said processor is operating in a non-secure mode. A storage unit is used to store processor configuration data, and the processor is operable at least partially in the monitor mode to execute a monitor program to manage switching between the secure domain and the non-secure domain, the switching including switching the processor configuration data in the storage unit between secure processor configuration data and non-secure processor configuration data. When in the monitor mode, the monitor program is operable to use monitor mode specific processor configuration data, thereby ensuring that operation of the processor in the monitor mode is unaffected by the switching of the processor configuration data.

70 Citations

View as Search Results

27 Claims

1. A data processing apparatus, comprising:
- a processor configured in a plurality of modes and a plurality of domains, said plurality of domains comprising a secure domain and a non-secure domain, said plurality of modes including at least one non-secure mode being a mode in the non-secure domain, at least one secure mode being a mode in the secure domain, and a monitor mode, said processor being operable such that when executing a program in a secure mode said program has access to secure data which is not accessible when said processor is operating in a non-secure mode;
  
  a storage unit configured to store processor configuration data comprising data controlling access to memory by the processor;
  
  said processor being configured at least partially in said monitor mode to execute a monitor program to manage switching between said secure domain and said non-secure domain, said switching including switching the processor configuration data in the storage unit between secure processor configuration data and non-secure processor configuration data;
  
  when in said monitor mode, said monitor program being configured to use monitor mode specific processor configuration data, thereby ensuring that operation of the processor in said monitor mode is unaffected by the switching of the processor configuration data so that the ability of the monitor program to perform the switching of processor configuration data is not comprised.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. A data processing apparatus as claimed in claim 1, wherein the memory is configured to store data required by the processor and comprises secure memory for storing the secure data and non-secure memory for storing non-secure data, said processor configuration data comprising memory permission data identifying whether the processor is allowed to access said secure data.
  - 3. A data processing apparatus as claimed in claim 2, wherein said monitor mode specific processor configuration data comprises memory permission data that indicates that the processor is allowed to access said secure data in said monitor mode.
  - 4. A data processing apparatus as claimed in claim 3, wherein at least a portion of said monitor mode specific processor configuration data is derived from the secure processor configuration data.
  - 5. A data processing apparatus as claimed in claim 1, wherein said processor configuration data comprises memory space configuration data identifying which areas of memory are accessible by the processor.
  - 6. A data processing apparatus as claimed in claim 5, wherein said memory includes a tightly coupled memory, and said memory space configuration data includes data for controlling the processor'"'"'s access to said tightly coupled memory.
  - 7. A data processing apparatus as claimed in claim 5, wherein said memory includes a cache, and said memory space configuration data includes data for controlling the processor'"'"'s access to said cache.
  - 8. A data processing apparatus as claimed in claim 1, wherein said storage unit comprises one or more system configuration registers.
  - 9. A data processing apparatus as claimed in claim 1, wherein said monitor mode specific processor configuration data is hard-coded.
  - 10. A data processing apparatus as claimed in claim 1, further comprising:
    - selection logic configured to select between said processor configuration data stored in the storage unit and said monitor mode specific processor configuration data in dependence on a control signal identifying whether the processor is operating in said monitor mode.
  - 11. A data processing apparatus as claimed in claim 1, wherein in said at least one non-secure mode the processor is configured under the control of a non-secure operating system and in said at least one secure mode the processor is configured under the control of a secure operating system.
  - 12. A data processing apparatus as claimed in claim 1, further comprising:
    - a memory management unit configured, upon receipt of a memory access request from the processor, to perform one or more predetermined access control functions to control issuance of the memory access request to the memory;
      
      said monitor mode specific processor configuration data indicating that said memory management unit is disabled in said monitor mode.
  - 13. A data processing apparatus as claimed in claim 1, wherein said memory includes a cache, and said monitor mode specific processor configuration data indicates that the processor is not allowed to use said cache to access data in said monitor mode.

14. A method of managing processor configuration data in a data processing apparatus comprising a processor configured in a plurality of modes and a plurality of domains, said plurality of domains comprising a secure domain and a non-secure domain, said plurality of modes including at least one non-secure mode being a mode in the non-secure domain, at least one secure mode being a mode in the secure domain, and a monitor mode, said processor being operable such that when executing a program in a secure mode said program has access to secure data which is not accessible when said processor is operating in a non-secure mode, said method comprising the steps of:
- executing on said processor at least partially in said monitor mode a monitor program to manage switching between said secure domain and said non-secure domain, including performing the step of switching the processor configuration data comprising data controlling access to memory by the processor between secure processor configuration data and non-secure processor configuration data;
  
  when in said monitor mode, said monitor program using monitor mode specific processor configuration data, thereby ensuring that operation of the processor in said monitor mode is unaffected by the switching of the processor configuration data so that the ability of the monitor program to perform the switching of processor configuration data is not compromised.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 15. A method as claimed in claim 14, wherein the memory is configured to store data required by the processor and comprises secure memory for storing the secure data and non-secure memory for storing non-secure data, said processor configuration data comprising memory permission data identifying whether the processor is allowed to access said secure data.
  - 16. A method as claimed in claim 15, wherein said monitor mode specific processor configuration data comprises memory permission data that indicates that the processor is allowed to access said secure data in said monitor mode.
  - 17. A method as claimed in claim 16, wherein at least a portion of said monitor mode specific processor configuration data is derived from the secure processor configuration data.
  - 18. A method as claimed in claim 14, wherein said processor configuration data comprises memory space configuration data identifying which areas of memory are accessible by the processor.
  - 19. A method as claimed in claim 18, wherein said memory includes a tightly coupled memory, and said memory space configuration data includes data for controlling the processor'"'"'s access to said tightly coupled memory.
  - 20. A method as claimed in claim 18, wherein said memory includes a cache, and said memory space configuration data includes data for controlling the processor'"'"'s access to said cache.
  - 21. A method as claimed in claim 14, further comprising the step of storing said processor configuration data in one or more system configuration registers.
  - 22. A method as claimed in claim 14, wherein said monitor mode specific processor configuration data is hard-coded.
  - 23. A method as claimed in claim 14, further comprising the step of:
    - selecting between said processor configuration data and said monitor mode specific processor configuration data in dependence on a control signal identifying whether the processor is operating in said monitor mode.
  - 24. A method as claimed in claim 14, wherein in said at least one non-secure mode the processor is configured under the control of a non-secure operating system and in said at least one secure mode the processor is configured under the control of a secure operating system.
  - 25. A method as claimed in claim 14, further comprising the step of:
    - upon receipt of a memory access request from the processor, employing a memory management unit to perform one or more predetermined access control functions to control issuance of the memory access request to the memory;
      
      said monitor mode specific processor configuration data indicating that said memory management unit is disabled in said monitor mode.
  - 26. A method as claimed in claim 14, wherein said memory includes a cache, and said monitor mode specific processor configuration data indicates that the processor is not allowed to use said cache to access data in said monitor mode.

27. A computer program encoded in a computer-readable medium executable to configure a processor in a data processing apparatus to manage processor configuration data, the processor, when executing the computer program, being configured in a plurality of modes and a plurality of domains, said plurality of domains comprising a secure domain and a non-secure domain, said plurality of modes including at least one non-secure mode being a mode in the non-secure domain, at least one secure mode being a mode in the secure domain, and a monitor mode, said processor being configured such that when executing a program in a secure mode said program has access to secure data which is not accessible when said processor is operating in a non-secure mode, the processor, when executing said computer program being configured to perform the steps of:
- while at least partially in said monitor mode, managing switching between said secure domain and said non-secure domain, including performing the step of switching the processor configuration data comprising data controlling access to memory by the processor between secure processor configuration data and non-secure processor configuration data; and
  
  when in said monitor mode, using monitor mode specific processor configuration data, thereby ensuring that operation of the processor in said monitor mode is unaffected by the switching of the processor configuration data so that the ability of the monitor program to perform the switching of processor configuration data is not compromised.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Arm Limited (SoftBank Group Corp.)
Original Assignee
Arm Limited (SoftBank Group Corp.)
Inventors
Symes, Dominic Hugo
Primary Examiner(s)
Sheikh; Ayaz
Assistant Examiner(s)
Chai; Longbit

Application Number

US10/713,303
Publication Number

US 20040105298A1
Time in Patent Office

1,632 Days
Field of Search

713/189
US Class Current

713/189
CPC Class Codes

G06F 9/4812 by interrupt, e.g. masked

Apparatus and method for managing processor configuration data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

70 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for managing processor configuration data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

70 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links