Methods of on-chip memory partitioning and secure access violation checking in a system-on-chip
First Claim
Patent Images
1. A device having on-chip secure access violation checking, comprising:
- a plurality of slave components;
a plurality of master components, wherein each master component is configured to send an access request to a slave component in the plurality of slave components;
a decoder coupled to a first set of slave components, configured to;
determine whether a request from a master component in the plurality of master components for a slave component in the first set of slave components is a valid request, andcommunicate a response based on the determination; and
a plurality of secure trap modules, each of the secure trap modules coupled to a different master component in the plurality of master components, each secure trap module configured to;
log a request from an associated master component for a slave component,monitor for a response from the slave component to the request, andgenerate an interrupt when the response indicates a security violation.
7 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for partitioning memory into multiple secure and open regions are provided. The systems enable the security level of a given region to be determined without an increase in the time needed to determine the security level. Also, systems and methods for identifying secure access violations are disclosed. A secure trap module is provided for master devices in a system-on-chip. The secure trap module generates an interrupt when an access request for a transaction generates a security error.
9 Citations
20 Claims
-
1. A device having on-chip secure access violation checking, comprising:
-
a plurality of slave components; a plurality of master components, wherein each master component is configured to send an access request to a slave component in the plurality of slave components; a decoder coupled to a first set of slave components, configured to; determine whether a request from a master component in the plurality of master components for a slave component in the first set of slave components is a valid request, and communicate a response based on the determination; and a plurality of secure trap modules, each of the secure trap modules coupled to a different master component in the plurality of master components, each secure trap module configured to; log a request from an associated master component for a slave component, monitor for a response from the slave component to the request, and generate an interrupt when the response indicates a security violation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for performing secure access checking in a system on chip, comprising:
-
transmitting, from a master component, an access request for a slave component; logging, at a secure trap module coupled to the master component, the access request; receiving at the secure trap module a response to the request, wherein the response identifies whether the access request for the slave component is valid; and generating, by the secure trap module, a secure interrupt when the security response identifies that the access request represents a violation. - View Dependent Claims (11)
-
-
12. A system for determining, for a transaction, the validity of an access request for a memory address, comprising:
-
a memory partitioned into a plurality of regions, wherein each region is associated with a security level; a memory partitioning circuit coupled to the memory, including; a multiplexer, wherein the multiplexer is configured to receive the security level for each region as inputs and a portion of a memory address as control bits and output a security value for a region containing the memory address; and a verification circuit coupled to the memory partitioning circuit, the verification circuit configured to; receive the output of the multiplexer, receive a transaction security value for the access request for the memory address, and determine whether the access request for the memory address is valid, based on the security value for the region and the transaction security value for the access request for the memory address. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
Specification