Methods and apparatus for a configurable protection architecture for on-chip systems
First Claim
Patent Images
1. An apparatus, comprising:
- an interconnect coupled and shared amongst a plurality of target intellectual property blocks including a first target intellectual property block, and a plurality of initiator intellectual property blocks including a first initiator intellectual property block, where the first target intellectual property block is configured to service and respond to transactions from the first initiator intellectual property block over the interconnect, wherein the interconnect has an associated protection mechanism with protection logic configured to restrict access for the transactions to the first target intellectual property block based on criteria including access permissions associated with a protection region for the first target intellectual property block, where the access permissions associated with the protection region at least include who is the source requesting access to the first target intellectual property block and the type of access being requested, where the interconnect is configured to route the transactions between the first initiator intellectual property block and the first target intellectual property block, where the protection logic is configurable to set the access permissions for two or more protection regions in the integrated circuit, where each protection region is associated with address spacing in the integrated circuit, where the protection mechanism compares to determine when attributes of the transaction satisfy the access permissions of a given protection region, where the protection mechanism is a firewall that is programmable to prevent unauthorized access to or from the two or more protection regions, and where at least the protection mechanism, the interconnect, the first initiator intellectual property block and the first target intellectual property block are located on and part of a System on a Chip.
2 Assignments
0 Petitions
Accused Products
Abstract
Various methods and apparatuses of protection mechanism are described. A target intellectual property block may field and service requests from an initiator intellectual property block in a system-on-chip network. The target intellectual property block has an associated protection mechanism with logic configured to restrict access for the requests to the target intellectual property block. The request'"'"'s access is restricted based on access permissions associated with a region within the target intellectual property block and attributes of the request trying to access that region.
69 Citations
20 Claims
-
1. An apparatus, comprising:
an interconnect coupled and shared amongst a plurality of target intellectual property blocks including a first target intellectual property block, and a plurality of initiator intellectual property blocks including a first initiator intellectual property block, where the first target intellectual property block is configured to service and respond to transactions from the first initiator intellectual property block over the interconnect, wherein the interconnect has an associated protection mechanism with protection logic configured to restrict access for the transactions to the first target intellectual property block based on criteria including access permissions associated with a protection region for the first target intellectual property block, where the access permissions associated with the protection region at least include who is the source requesting access to the first target intellectual property block and the type of access being requested, where the interconnect is configured to route the transactions between the first initiator intellectual property block and the first target intellectual property block, where the protection logic is configurable to set the access permissions for two or more protection regions in the integrated circuit, where each protection region is associated with address spacing in the integrated circuit, where the protection mechanism compares to determine when attributes of the transaction satisfy the access permissions of a given protection region, where the protection mechanism is a firewall that is programmable to prevent unauthorized access to or from the two or more protection regions, and where at least the protection mechanism, the interconnect, the first initiator intellectual property block and the first target intellectual property block are located on and part of a System on a Chip. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
13. A non-transitory computer readable storage media containing instructions, which when executed by a machine, the instructions are configured to cause the machine to generate a software representation of an apparatus, where the apparatus includes:
an interconnect coupled and shared amongst a plurality of target intellectual property blocks including a first target intellectual property block, and a plurality of initiator intellectual property blocks including a first initiator intellectual property block, where the first target intellectual property block is configured to service and respond to transactions from the first initiator intellectual property block over the interconnect, wherein the interconnect has an associated protection mechanism with protection logic configured to restrict access for the transactions to the first target intellectual property block based on criteria including access permissions associated with a protection region for the first target intellectual property block, where the access permissions associated with the protection region at least include who is the source requesting access to the first target intellectual property block and the type of access being requested, where the interconnect is configured to route the transactions between the first initiator intellectual property block and the first target intellectual property block, where the protection logic is configurable to set the access permissions for two or more protection regions in the integrated circuit, where each protection region is associated with address spacing in the integrated circuit, where the protection mechanism compares to determine when attributes of the transaction satisfy the access permissions of a given protection region, where the protection mechanism is programmable to prevent unauthorized access to or from the protection region, and where at least the protection mechanism, the interconnect, the first initiator intellectual property block and the first target intellectual property block are located on and are part of a System on a Chip. - View Dependent Claims (14, 15, 16, 17)
-
18. A method for a firewall protection mechanism for an interconnect located on a System on a Chip, comprising:
-
configuring the firewall protection mechanism having protection logic to restrict access for transactions intended for a first target intellectual property block on the System on a Chip based on criteria including access permissions associated with a protection region for the first target intellectual property block, where the interconnect is coupled between a first initiator intellectual property block and the first target intellectual property block, where the first target intellectual property block is configured to service and respond to transactions from the first initiator intellectual property block over the interconnect, wherein the firewall protection mechanism is associated with the interconnect and the protection logic is configurable to set the access permissions for two or more protection regions in the System on a Chip, where the access permissions associated with the protection region at least include which initiator is the source requesting access and the type of access being requested; and configuring the interconnect to route the transactions between a plurality of target intellectual property blocks including the first target intellectual property block, and a plurality of initiator intellectual property blocks including the first initiator intellectual property block, where each protection region is associated with address spacing in the System on a Chip. - View Dependent Claims (19, 20)
-
Specification