The present disclosure relates generally to memory, and more particularly to a memory configuration and a method of accessing the memory.
With the proliferation of electronic devices and associated capabilities, many every day appliances now include computing devices that have a central processing unit, memory, and communication circuitry that supports a particular operation. Moreover, today's electronics are often paired to one or more networks that, probably, is connected to the World Wide Web or Internet (and its multiple versions). For example, auto electronics, household appliances, stereo and music equipment, home computers, cell phones, disk drives for storing data, media access players, watches, remote controls, digital video recorders, televisions, media players, etc., all include computing processors, memory, and communication circuitry configured to support at least one desired function. Moreover, most of these types of circuitry or applications are further configured to pair with Bluetooth™ and Wi-Fi Access Points. The Access Points, in turn, are connected to the Internet via a modem that communicates with an Internet Service Provider gateway device.
While networking is highly desirable, there are risks and costs. Hacking and malicious programs invade computing devices to steal data, reprogram or control the equipment, or even merely to destroy data in an act of vandalism. Recent news reports are replete with stories of unauthorized access to computing devices and their data. Some recent stories have focused, for example, on the ability of hackers to “hack into” car electronics and control the operation of the car.
The structural configuration of a device may have a limited effect in terms of safety. Even for integrated circuit devices including microprocessors security of the data and programs is an important consideration because of the network characteristics of today's devices and systems. For any such systems, it is important that the processor does not run unauthorized code as this weakens device security. For these reasons, data and computing device security are important issues. Hardware and software designs that inhibit unauthorized access to computing device hardware and data is, therefore, highly desirable.
The present disclosure may be better understood, and its numerous features and advantages made apparent to those skilled in the art by referencing the accompanying drawings, in which:
The use of the same reference symbols in different drawings indicates similar or identical items. Unless otherwise noted, the word “coupled” and its associated verb forms include both direct connection and indirect electrical connection by means known in the art, and unless otherwise noted any description of direct connection implies alternate embodiments using suitable forms of indirect electrical connection as well.
Thus, to the maximum extent allowed by law, the scope of the present invention is to be determined by the broadest permissible interpretation of the following claims and their equivalents, and shall not be restricted or limited by the foregoing detailed description.
Continuing to examine
In one form, a computing system as described for an embodiment herein includes a CPU, a communication bus, at least one memory, and a memory protection unit (MPU). The memory generally includes at least three areas of memory. A first area is only to be accessed for read and write operation by a block or source having a secure identifier. A second area may be accessed for read and write operations by any block or source without regard to a security identifier meaning blocks and sources with secure and non-secure identifiers may have access for read and write operations. A third area is an asymmetric area in which only blocks or sources having a secure identifier may write, but all blocks and sources including those with non-secure identifiers may have access to read. One aspect of the embodiment is that a secure process may write data to the third and asymmetric area to allow a non-secure block or process to access and read the data but not write (or change) the data. For example, a need exists to run programs from unsecure sources in a manner that will not interfere, tamper, adjust, or maliciously or accidently alter any existing secure processes. In some cases, unsecure processes must interact with secure processes without compromising security. The memory structures of the present embodiments support such access because such a program from an unsecure source could, for example, access a memory location to retrieve data or instructions without being able to change the data or instructions from that or other locations for which only secure processes and sources are allowed access.
Thus, as may be seen from
In operation, when a device, block or process generates a memory access request either directly or via CPU 22, MPU 28 receives the access request. Controller 30 of MPU 28 produces an ID or identifier of the device, block or process that generated the memory access request to determine, from lookup table 32 (or from communicating with an algorithm) the security access designation for the device, block or process. Accordingly, access will be granted or denied based on at least at least one of the following factors:
If the area of memory to be accessed is the first area that allows a secure and un-secure device, block or process to read or write, access is granted without requiring evaluation of b) and c). If the area of memory to be accessed is the second area that only allows a secure device, block or process to read or write, access is granted only if the source has a secure access designation. Accordingly, for this case, both a) and b) must be evaluated. If the area of memory to be accessed is the third area that allow devices, blocks and processes only with a secure security access designation or identifier access to read and write while devices, blocks and processes with an un-secure security access designation or identifier are only allowed to read, then a), b) and c) must be evaluated prior to determining whether the access requested may be granted.
In one form, a computing system as described for an embodiment herein includes a CPU, a communication bus, at least one memory, and a memory protection unit (MPU). The memory here generally includes at least two distinct memories having differing access rights. In the described embodiment, a first memory 40 is only to be accessed for read and write operations by a block or source having a secure identifier. A second memory 42 may be accessed for read and write operations by any block or source without regard to a security identifier. Stated differently, devices, blocks and sources with secure and non-secure identifiers may have access for read and write operations. A third memory 44 is an asymmetric memory in which only devices, blocks or sources having a secure identifier may write, but all blocks and sources including those with non-secure identifiers may have access to read. One aspect of the embodiment is that a secure process may write data to the third and asymmetric memory 44 to allow a non-secure block or process to access and read the data but not write (or change) the data.
In operation, when a device, block or process generates a memory access request either directly or via CPU 22, MPU 28 receives the access request. Controller 30 of MPU 28 produces an ID or identifier of the device, block or process that generated the memory access request to determine, from lookup table 32 the security access designation for the requesting device, block or process. Accordingly, access will be granted or denied based on at least at least one of the following factors:
If the memory to be accessed is the first memory that allows a secure and un-secure device, block or process to read or write, access is granted without requiring evaluation of b) and c). If the memory to be accessed is the second memory that only allows a secure device, block or process to read or write, access is granted only if the source has a secure access designation. Accordingly, for this case, both a) and b) must be evaluated. If the memory to be accessed is the third memory that allow devices, blocks and processes only with a secure security access designation or identifier access to read and write while devices, blocks and processes with an un-secure security access designation or identifier are only allowed the read, then a), b) and c) must be evaluated prior to determining whether the access requested may be granted.
Thus, it may be seen that memory is more highly partitioned to better control what devices, blocks or processes may access a given area of memory for either read or write operations. It should be understood that a plurality of IDs or a group of IDs may be represented by a designation such as, for example, “secure 2”. For example, devices, blocks and processes with a secure 1 designation may be allowed to access operational software instructions (e.g., kernel type instructions) while secure 2-4 designation may be allowed for application programs being hosted and stored in memory. One aspect of the embodiment of
As described before, a memory structure includes an asymmetric arrangement with respect to read and write operations for the memory. A first area is one in which read and write operations are allowed for any device, block or process regardless of whether the device, block or process has a secure or un-secure security designation.
The method also includes allowing read and write access to a third address range only for all sources having a security identifier of secure and allowing read only access to the third address range for all sources having a security identifier of un-secure (140). Here, a device, block or process having an un-secure security designation may read but may not write to the memory cells or registers having this third range of addresses.
A memory access system for a computing system has been described that operates using a memory controller for controlling access to memory. The above-disclosed subject matter is to be considered illustrative, and not restrictive, and the appended claims are intended to cover all such modifications, enhancements, and other embodiments that fall within the true scope of the claims. For example, an MPU can be built according to the principles of described above for an arbitrary number N different security regions and M secure sources. Sources themselves may have multiple levels of security prioritization allowing access to various number of pre-configured security regions. Moreover, an MPU can provide tiers of security regions and sources to match based on level prioritize. For example, a secure source designated with security level 3 can have read/write access to any region with security level designation greater than 3, can read from any region with security level equal to 3 but cannot write to any region with security level equal to 3, and cannot access any region with security level less than 3. Any algorithm, method, or calculation can be employed to determine access to various asymmetrical and symmetrical regions. Additional modifications may include dynamic re-allocation of memory regions by processes with secure access to any region that it can have full access.