Not applicable.
Portions of this patent application contain materials that are subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the patent document, or the patent disclosure, as it appears in the United States Patent and Trademark Office, but otherwise reserves all copyright rights whatsoever.
This invention is in the field of electronic computing hardware and software and communications, and is more specifically directed to improved processes, circuits, devices, and systems for information and communication processing purposes, and processes of making them. Without limitation, the background is further described in connection with communications processing.
Wireline and wireless communications, of many types, have gained increasing popularity in recent years. The personal computer with a wireline modem such as DSL (digital subscriber line) modem or cable modem communicates with other computers over networks. The mobile wireless (or “cellular”) telephone has become ubiquitous around the world. Mobile telephony has recently begun to communicate video and digital data, and voice over packet (VoP or VoIP), in addition to cellular voice. Wireless modems, for communicating computer data over a wide area network, using mobile wireless telephone channels and techniques are also available.
Wireless data communications in wireless local area networks (WLAN), such as that operating according to the well-known IEEE 802.11 standard, has become popular in a wide range of installations, ranging from home networks to commercial establishments. Short-range wireless data communication according to the “Bluetooth” technology permits computer peripherals to communicate with a personal computer or workstation within the same room. Numerous other wireless technologies exist and are emerging.
Security techniques are used to improve the security of retail and other business commercial transactions in electronic commerce and to improve the security of communications wherever personal and/or commercial privacy is desirable. Security is important in both wireline and wireless communications.
For security reasons, at least some processors provide two levels of operating privilege: a first level of privilege for user programs; and a higher level of privilege for use by the operating system. However, the higher level of privilege may or may not provide adequate security for m-commerce and e-commerce, given that this higher level relies on proper operation of operating systems. In order to address security concerns, some mobile equipment manufacturers implement yet another third level of privilege, or secure mode, that places less reliance on operating system programs, and more reliance on hardware-based monitoring and control of the secure mode.
As computer and communications applications with security become larger and more complex, a need has arisen for technology to inexpensively handle large amounts of software program code and the data for highly disparate applications and run them more or less concurrently in a secure manner.
Processors of various types, including DSP (digital signal processing) chips, RISC (reduced instruction set computing) and/or other integrated circuit devices are important to these systems and applications. Constraining or reducing the cost of manufacture and providing a variety of circuit and system products with performance features for different market segments are important goals in DSPs, integrated circuits generally and system-on-a-chip (SOC) design.
Further alternative and advantageous solutions would, accordingly, be desirable in the art.
Generally and in one form of the invention, an electronic device includes a processor including a pipeline operable to execute instructions in a real-time category or a non-real-time category, the processor operable in a secure or non-secure mode and in a monitor or a non-monitor mode and further operable to generate mode signals on a secure mode line and a monitor mode line; a bus coupled to the pipeline for accesses; and protective circuitry coupled to the processor, the protective circuitry having a register field operable to couple first and second qualifiers to the bus wherein the first qualifier is responsive to the secure mode line and the second qualifier represents whether the processor is in the real-time category or not for a given access, and the protective circuitry further responsive to the monitor mode line to permit alteration of the register field by the processor when the processor is in the monitor mode and to prevent alteration of at least part of the register field when the processor is in a non-monitor mode.
Generally and in another form of the invention, an integrated circuit includes a processor including a pipeline, a bus coupled to the pipeline, a storage coupled to the bus, the storage having a real time operating system, a non-real-time operating system, and a software monitor; and a security circuit coupled to the bus and operable to generate at least one security violation signal unless a transition between the real time operating system and the non-real-time operating system includes the software monitor.
Generally and in a further form of the invention, an electronic system includes a processor having a pipeline, a bus coupled to the pipeline, a storage coupled to the bus, the storage having a real time operating system and a real-time application, a non-real-time operating system, a secure environment kernel, and a software monitor; and protective circuitry coupled to the processor and operable to establish a first signal and a second signal each having states and together having combinations of the states representing a first category for the real-time operating system and the real-time application, a second category for the non-real-time operating system, and a third category for the secure environment kernel.
Generally, and in still another form of the invention, a security circuit is for use with a processor having modes and address signals. The security circuit includes a security violation handler, a first checker circuit having a first checker output coupled to the security violation handler and the first checker circuit having input lines for receiving mode signals indicative of at least some of the modes and the first checker circuit having logic circuitry coupled to the input lines to detect mode transitions between the modes and activate the first checker output upon detection of a mode transition contrary to a permitted transition policy for the logic circuitry; and a second checker circuit having a second checker output coupled to the security violation handler, the second checker circuit having second input lines for receiving mode signals indicative of at least some of the modes, the second checker circuit further having third input lines for receiving the address signals, and the second checker circuit having second logic circuitry responsive to the mode signals and to the address signals to identify attempted transactions of different modes and activate the second checker output upon detection of an attempted transaction including an address and a mode contrary to a permitted transaction policy for the second logic circuitry.
Other forms of the invention involving processes of manufacture, processes of operation, circuits, devices, telecommunications products, wireless handsets and systems are disclosed and claimed.
Corresponding numerals indicate corresponding parts throughout the Figures of drawing, except where the context indicates otherwise. If a signal name or register field designation is expressed in all caps, title case, or lower case in different places in the drawing and description, the same signal or register field is signified unless the context indicates otherwise.
In
In this way, advanced networking capability for services, software, and content, such as cellular telephony and data, audio, music, voice, video, e-mail, gaming, security, e-commerce, file transfer and other data services, internet, world wide web browsing, TCP/IP (transmission control protocol/Internet protocol), voice over packet and voice over Internet protocol (VoP/VoIP), and other services accommodates and provides security for secure utilization and entertainment appropriate to the just-listed and other particular applications.
The embodiments, applications and system blocks disclosed herein are suitably implemented in fixed, portable, mobile, automotive, seaborne, and airborne, communications, control, set top box 1090, television 1044 (receiver or two-way TV), and other apparatus. The personal computer (PC) 1070 is suitably implemented in any form factor such as desktop, laptop, palmtop, organizer, mobile phone handset, PDA personal digital assistant 1096, internet appliance, wearable computer, content player, personal area network, or other type.
For example, handset 1010 is improved for selectively determinable security and economy when manufactured. Handset 1010 remains interoperable and able to communicate with all other similarly improved and unimproved system blocks of communications system 1000. On a cell phone printed circuit board (PCB) 1020 in handset 1010, there is provided a higher-security processor integrated circuit 1022, an external flash memory 1025 and SDRAM 1024, and a serial interface 1026. Serial interface 1026 is suitably a wireline interface, such as a USB interface connected by a USB line to the personal computer 1070 and magnetic and/or optical media 1075 when the user desires and for reception of software intercommunication and updating of information between the personal computer 1070 (or other originating sources external to the handset 1010) and the handset 1010. Such intercommunication and updating also occur via a processor in the cell phone 1010 itself such as for cellular modem, WLAN, Bluetooth from a website 1055 or 1065, or other wireless or wireline modem processor and physical layer (PHY) circuitry 1028.
Processor integrated circuit 1022 includes at least one processor (or central processing unit CPU) block 1030 coupled to an internal (on-chip read-only memory) ROM 1032, an internal (on-chip random access memory) RAM 1034, and an internal (on-chip) flash memory 1036. A security logic circuit 1038 is coupled to secure-or-general-purpose-identification value (Security/GPI) bits 1037 of a non-volatile one-time alterable Production ID register or array of electronic fuses (E-Fuses). Depending on the Security/GPI bits, boot code residing in ROM 1032 responds differently to a Power-On Reset (POR) circuit 1042 and to a secure watchdog circuit 1044 coupled to processor 1030. A device-unique security key is suitably also provided in the E-fuses or downloaded to other non-volatile, difficult-to-alter parts of the cell phone unit 1010.
The words “internal” and “external” as applied to a circuit or chip respectively refer to being on-chip or off-chip of the applications processor chip 1022. All items are assumed to be internal to an apparatus (such as a handset, base station, access point, gateway, PC, or other apparatus) except where the words “external to” are used with the name of the apparatus, such as “external to the handset.”
ROM 1032 provides a boot storage having boot code that is executable in at least one type of boot sequence. One or more of RAM 1034, internal flash 1036, and external flash 1024 are also suitably used to supplement ROM 1032 for boot storage purposes.
Secure Demand Paging SDP circuitry 1040 effectively multiplies the memory space that secure applications can occupy. Processor 1030 is an example of circuitry coupled to the Secure Demand Paging block 1040 to execute a process defined by securely stored code and data from a Secure RAM 1034 as if the secure RAM were much larger by using SDRAM 1024. As described further herein SDP Circuitry 1040 includes circuitry for determining which secure RAM memory page to wipe, or make available for a new page of code and/or data for a secure application.
It is contemplated that the skilled worker uses each of the integrated circuits shown in
In
Digital circuitry 1150 on integrated circuit 1100 supports and provides wireless interfaces for any one or more of GSM, GPRS, EDGE, UMTS, and OFDMA/MIMO (Global System for Mobile communications, General Packet Radio Service, Enhanced Data Rates for Global Evolution, Universal Mobile Telecommunications System, Orthogonal Frequency Division Multiple Access and Multiple Input Multiple Output Antennas) wireless, with or without high speed digital data service, via an analog baseband chip 1200 and GSM/CDMA transmit/receive chip 1300. Digital circuitry 1150 includes a ciphering processor CRYPT for GSM ciphering and/or other encryption/decryption purposes. Blocks TPU (Time Processing Unit real-time sequencer), TSP (Time Serial Port), GEA (GPRS Encryption Algorithm block for ciphering at LLC logical link layer), RIF (Radio Interface), and SPI (Serial Port Interface) are included in digital circuitry 1150.
Digital circuitry 1160 provides codec for CDMA (Code Division Multiple Access), CDMA2000, and/or WCDMA (wideband CDMA or UMTS) wireless suitably with HSDPA/HSUPA (High Speed Downlink Packet Access, High Speed Uplink Packet Access) (or 1×EV-DV, 1×EV-DO or 3×EV-DV) data feature via the analog baseband chip 1200 and RF GSM/CDMA chip 1300. Digital circuitry 1160 includes blocks MRC (maximal ratio combiner for multipath symbol combining), ENC (encryption/decryption), RX (downlink receive channel decoding, de-interleaving, viterbi decoding and turbo decoding) and TX (uplink transmit convolutional encoding, turbo encoding, interleaving and channelizing.). Block ENC has blocks for uplink and downlink processes of WCDMA.
Audio/voice block 1170 supports audio and voice functions and interfacing. Speech/voice codec(s) are suitably provided in memory space in audio/voice block 1170 for processing by processor(s) 1110. An applications interface block 1180 couples the digital baseband chip 1100 to an applications processor 1400. Also, a serial interface in block 1180 interfaces from parallel digital busses on chip 1100 to USB (Universal Serial Bus) of PC (personal computer) 1070. The serial interface includes UARTs (universal asynchronous receiver/transmitter circuit) for performing the conversion of data between parallel and serial lines. Chip 1100 is coupled to location-determining circuitry 1190 for GPS (Global Positioning System). Chip 1100 is also coupled to a USIM (UMTS Subscriber Identity Module) 1195 or other SIM for user insertion of an identifying plastic card, or other storage element, or for sensing biometric information to identify the user and activate features.
In
An audio block 1220 has audio I/O (input/output) circuits to a speaker 1222, a microphone 1224, and headphones (not shown). Audio block 1220 has an analog-to-digital converter (ADC) coupled to the voice codec and a stereo DAC (digital to analog converter) for a signal path to the baseband block 1210 including audio/voice block 1170, and with suitable encryption/decryption activated.
A control interface 1230 has a primary host interface (I/F) and a secondary host interface to DBB-related integrated circuit 1100 of
A power conversion block 1240 includes buck voltage conversion circuitry for DC-to-DC conversion, and low-dropout (LDO) voltage regulators for power management/sleep mode of respective parts of the chip regulated by the LDOs. Power conversion block 1240 provides information to and is responsive to a power control state machine between the power conversion block 1240 and circuits 1250.
Circuits 1250 provide oscillator circuitry for clocking chip 1200. The oscillators have frequencies determined by one or more crystals. Circuits 1250 include a RTC real time clock (time/date functions), general purpose I/O, a vibrator drive (supplement to cell phone ringing features), and a USB On-The-Go (OTG) transceiver. A touch screen interface 1260 is coupled to a touch screen XY 1266 off-chip.
Batteries such as a lithium-ion battery 1280 and backup battery provide power to the system and battery data to circuit 1250 on suitably provided separate lines from the battery pack. When needed, the battery 1280 also receives charging current from a Charge Controller in analog circuit 1250 which includes MADC (Monitoring ADC and analog input multiplexer such as for on-chip charging voltage and current, and battery voltage lines, and off-chip battery voltage, current, temperature) under control of the power control state machine.
In
Further in
The RISC processor 1420 and the DSP 1424 in section 1420 have access via an on-chip extended memory interface (EMIF/CF) to off-chip memory resources 1435 including as appropriate, mobile DDR (double data rate) DRAM, and flash memory of any of NAND Flash, NOR Flash, and Compact Flash. On chip 1400, the shared memory controller 1426 in circuitry 1420 interfaces the RISC processor 1420 and the DSP 1424 via an on-chip bus to on-chip memory 1440 with RAM and ROM. A 2D graphic accelerator is coupled to frame buffer internal SRAM (static random access memory) in block 1440. A security block 1450 in security logic 1038 of
Security logic 1038 of
On-chip peripherals and additional interfaces 1410 include UART data interface and MCSI (Multi-Channel Serial Interface) voice wireless interface for an off-chip IEEE 802.15 (“Bluetooth” and low and high rate piconet and personal network communications) wireless circuit 1430. Debug messaging and serial interfacing are also available through the UART. A JTAG emulation interface couples to an off-chip emulator Debugger for test and debug. Further in peripherals 1410 are an 12C interface to analog baseband ABB chip 1200, and an interface to applications interface 1180 of integrated circuit chip 1100 having digital baseband DBB.
Interface 1410 includes a MCSI voice interface, a UART interface for controls, and a multi-channel buffered serial port (McBSP) for data. Timers, interrupt controller, and RTC (real time clock) circuitry are provided in chip 1400. Further in peripherals 1410 are a MicroWire (u-wire 4 channel serial port) and multi-channel buffered serial port (McBSP) to Audio codec, a touch-screen controller, and audio amplifier 1480 to stereo speakers. External audio content and touch screen (in/out) and LCD (liquid crystal display) and DLP™ (digital light processor) display are suitably provided. Additionally, an on-chip USB OTG interface couples to off-chip Host and Client devices. These USB communications are suitably directed outside handset 1010 such as to PC 1070 (personal computer) and/or from PC 1070 to update the handset 1010.
An on-chip UART/IrDA (infrared data) interface in interfaces 1410 couples to off-chip GPS (global positioning system block cooperating with or instead of GPS 1190) and Fast IrDA infrared wireless communications device. An interface provides EMT9 and Camera interfacing to one or more off-chip still cameras or video cameras 1490, and/or to a CMOS sensor of radiant energy. Such cameras and other apparatus all have additional processing performed with greater speed and efficiency in the cameras and apparatus and in mobile devices coupled to them with improvements as described herein. Further in
Further, on-chip interfaces 1410 are respectively provided for off-chip keypad and GPIO (general purpose input/output). On-chip LPG (LED Pulse Generator) and PWT (Pulse-Width Tone) interfaces are respectively provided for off-chip LED and buzzer peripherals. On-chip MMC/SD multimedia and flash interfaces are provided for off-chip MMC Flash card, SD flash card and SDIO peripherals.
In
Further described next are improved secure circuits, structures and processes and improved systems and devices for use in and with the systems of
In a type of embodiment, a hypervisor is established and copies virtually and non-virtually (normal) both the non-secure and secure worlds. The monitor mode is given hardware structural support called checker circuits or checkers to enable operation as a hypervisor. Security is protected from the public world side because the SSM (secure state machine) and the checkers are used together to establish one or more classifiers or classifier control signals. For example a classifier signal MreqSystem uniquely specifies virtual mode and non-virtual mode, and another classifier signal MreqSecure specifies secure mode and non-secure mode. Classifier signals are used collectively to specify combinations of virtual/non-virtual, secure/non-secure, and other modes. The hardware checker checks transactions and interrupts, and different access types. The Monitor mode operates as software on top of the checker hardware.
The hypervisor monitors which secure mode is being used and detects when a switch is happening from virtual mode to normal mode and insures the integrity of the architecture. Jumping between modes is mediated by the hypervisor instead of being permitted directly. Each time operations are to enter virtual mode or to leave virtual mode, the transition is arranged and structured to go through the Monitor mode as hypervisor under a specific process that is controlled by the SSM or is defined by SSM.
Added to that, the system has debug capability and trace controlled through SSM, so that blocks and functions that do not exist in the secure zone are put in the SSM outside the processor core. The SSM establishes the function of a secure zone to provide a minimum level of support for a variety of chips.
Some embodiments create virtual processors using an SSM-secured monitor mode acting as a hypervisor. Such architecture allows running in each of these virtual processors a complete operating system that is completely independent and isolated from any other operating system running in a different normal or virtual processor.
For example, in some embodiments a 3rd/4th generation (3G/4G) wireless modem Protocol Stack runs under a real time operating system (RTOS) and is desirably isolated from the application operating system. Application processor devices desirably execute on the same processor core (MPU) a real time 3G/4G Modem Protocol Stack (PS) and a Secure Kernel, as well as a High Level Operating System (HLOS) for handling applications. The HLOS need not be a real time operating system.
Establishing an RTOS and modem protocol stack (PS) under a hypervisor and independent of an application operating system like an HLOS, then enhances security and real time operational reliability and stability, and confers tamper-resistance against updating an IMEI number by some other application running under the HLOS.
Application operating systems are often not architected to be real time. Thus, a real-time modem protocol stack running independently of a non-real time operating system prevents and obviates latencies and possible crash scenarios. The modem protocol stack memories are given enhanced stability because the modem protocol stack is independent of the application operating system.
The modem protocol stack is made HLOS-agnostic thanks to the monitor mode hypervisor and improved secure state machine (SSM) and checkers while providing strong timing accuracy for a protocol stack interrupt model and providing a hardware-ensured high priority fast interrupt request FIQ. Protocol stack activity benefits from complete hardware isolation from HLOS, for improved security and stability of the protocol stack. The improved interrupt model is agnostic to HLOS behavior and is timing accurate and predictable. High portability with other HLOS means that the same hardware design can be used with different HLOS, thereby reducing costs of designing products.
An example of a hardware mechanism includes a physical to virtual memory space checker. Some background information is described in incorporated patent application TI-61407. The checker is added and used according to the teachings herein to detect when the processor core is developing and evolving the virtual cores memory space. The hardware mechanism checks different MPU core current status program register (CPSR) mode transitions to determine if the current processor state is allowed to be entered in order to detect any processor mode hijacking. Some background information is described in incorporated patent application TI-39616. In addition the proposed solution checks the current MMU configuration in order to detect any malformed or corrupted MMU configuration. Some background information is described in incorporated patent application TI-39613.
The improved secure state machine hardware issues bits or information signals to structure the environment for the software hypervisor and checkers. The hypervisor determines each particular type of processor core (normal or virtual; secure or public) it operates or determines shall operate.
When the processor MPU is detected to be evolving in a virtual core, a qualifier MreqSystem together with hardware security infrastructure differentiates processor core transactions belonging to the non-virtual processor or virtual processor through different hardware firewall stages. Some background information is described in incorporated patent application TI-38804.
Secure fast interrupts (Secure FIQ) pre-emptive masking technology is combined herein with the MreqSystem hardware security infrastructure and hypervisor to give real time properties to each virtual processor core, if needed. The Secure FIQ identifies the source of each interrupt by classifier states, e.g., normal or virtual processor core, and by other classifiers or qualifiers.
A DMA (direct memory access) component supports and is used by one or more of the operating systems. The MreqSystem classifier is added and provided as a qualifier for a DMA transaction issued when the MPU is evolving a virtual processor core in the secure mode. Some background is described in incorporated patent application TI-39615.
Some hardware-based embodiments offer simplicity, a high level of security, resistance to software attacks and real time properties through FIQ to the modem protocol stack. Processor core caches and MMU are used efficiently while promoting very fast processing on each virtual and normal processor core context switch. As many virtual processor cores as needed are implemented in various embodiments. Two or more operating systems suitably co-exist on a given platform.
The Monitor Mode operation is hardware-checked, and Monitor Mode integrity is structured and preserved by physical address checking and virtual address checking coupled with execution status integrity checking and one or more hardware firewalls. Resistance to and prevention of buffer overflow attacks is provided and enhanced. Integrity of the security zone run-time configuration including MMU mapping and exception base vectors is protected. A dynamic hardware firewall protects Secure Privilege modes against buffer overflow attacks. Secure Privilege mode and User mode can fetch in a protectively regulated and structured manner from Secure RAM, Secure ROM and Secure Stacked SDRAM. Various modes are protected against fetching instructions in disallowed memory. Secure RAM and Secure ROM are hardware-protected from disallowed accesses. Secure Stacked SDRAM programmably establishes secure regions for virtual processors.
Inconsistency in MMU configuration is detected by monitoring for an attempt to fetch non-secure code in spaces reserved for secure mode access. Secure Privilege Debug Mode is protected against the Secure User Debug Mode. Virtual Processor modes are created, resource-isolated and MMU mapped. Attempted access by one virtual processor into the stack of another virtual processor is monitored and restricted or prevented.
In
In
In the secure resources 2120 of
The resources 2130 of
The real-time resources 2130 has layers including ACI L1, PS L1/L2/L3, PS RTOS, PS BSP. PS hardware (HW) supports the layers of resources of resources 2130. Modem command interface ACI L1 is coupled via the Monitor Mode protective interface process 2150 to ACI L2. In the example of
By contrast with the real-time RTOS and modem, for instance, the non-real-time HLOS and its applications do not expect to be scheduled real-time-accurately, and can wait their turn to execute. The non-real-time HLOS and its applications are therefore expected to be negligibly affected or unaffected by introduction of the embodiments taught herein. On the other hand, in a modem if server sync is not done in time, then a server at a wireless base station or a wireline central site can issue a time-out signal and break the communications protocol activity (phone call for example). Then a restart of the communication becomes introduced. At least some of the embodiments herein confront or ameliorate or prevent scenarios wherein the phone user might experience a bad transmission followed by a call interruption or unexpected crash. These undesirable event scenarios might happen if HLOS over-schedules multiple applications (display+file system+MMU allocation) at the wrong moment with IRQ and FIQ unmasked and misses a modem L1 Protocol Stack interrupt IRQ. Another undesirable situation might involve some non-synchronized timers or non-synchronized peripherals firing concurrently and creating many pending interrupts, and in some interrupt mode of HLOS IRQ/FIQ, the modem interrupts might be masked so that a call interruption does not occur or is not taken in time.
In some embodiments, multiple virtual processors reside inside the same category or world. By context-switching fully the MMU and processor registers, such embodiment places or accommodates as many different HLOS as desired. The MreqSystem qualifier is generated when operating in a virtual category in order for system interconnect firewalls to protect memories from other categories. Consequently for a complete and robust security scheme, some embodiments generate qualifiers to identify as many virtual processors as needed (MreqSystem1, MreqSystem2 . . . ). Some other embodiments provide HLOSes in a given single world (i.e., Virtual Public) that have exactly the same level of security where one HLOS cannot impact or is prevented from having any impact security-wise on any other HLOS.
In some other embodiments, the Monitor software code that acts as an hypervisor can configure the interconnect hardware firewalls to deny all accesses to one HLOS physical space while providing full access to other HLOSes when running in the same virtual world (other contexts described previously). The Monitor software code also configures the SSM hardware that supports the Monitor code as hypervisor to define new boundaries in accordance with this real-time resources protection configuration as well as the full MMU setting.
Multiple non-virtual processors suitably are made to reside inside the same Non-virtual world, e.g. Non-virtual Secure. Corresponding strategy is suitably used for the Non-virtual case as for a virtual category described just above herein. The virtual mode is created with the MreqSystem qualifier to provide strong security isolation between HLOS, RTOS and secure mode at system level. The Secure Virtual category is created or established by symmetry or analogously. There is no limit on how many virtual categories that are implemented (1 MreqSystem=>4 worlds as in
Refer briefly to
The SSM 2460 provides bit fields VP1_NS and VP1_Active. The VP1_Active bit field defines whether operations are transitioning from Monitor mode to a Non-virtual or Virtual category (VP1_Active), and the VP1_NS bit field defines whether the transition is going to Secure or Public category. The SSM 2460 is provided with protective circuitry coupled to MPU 2610. The protective circuitry is operable to couple a first qualifier MreqSecure to a system bus via interface 2665. MreqSecure is responsive to a line from MPU 2610 signaling Secure mode. The field VP1_Active is an example of a register field in the protective circuitry that is coupled as a second qualifier MreqSystem to the bus. For instance, in the case of virtual processor VP1 in some embodiments represents whether the processor is in a particular category (e.g., Public Virtual assigned to a real-time virtual processor such as a modem) or not for a given access. The protective circuitry is responsive to a line from MPU 2610 indicating that Monitor Mode is active. The protective circuitry permits alteration of the SSM register field by MPU 2610 in the Monitor Mode or Secure Supervisor mode and prevents at least some such alteration when MPU 2610 is in some other mode. In some embodiments Monitor Mode or Secure Supervisor mode access is required for all such alteration and firewalls are programmed in Monitor Mode or Secure Supervisor mode as well therein.
A Virtual Core or Virtual Processor (VP1) here is compared with a Virtual Machine Context (VMC) in Secure Demand Paging SDP (see description elsewhere herein and background in incorporated application TI-38213). The virtual machine (VMC of SDP) virtualizes HLOS tasks such as applications in User mode, and this virtualization is applied, if desired, to some kernel services in Supervisor mode. But, in an example, the VMC of SDP in some embodiments virtualizes the SDP kernel itself, and in other embodiments does not virtualize SDP nor IRQ/FIQ/ABORT/UNDEF vector and code, nor the MMU mapping, nor the MPU 2610 complete core configuration (e.g., debug and all other properties). By contrast, some information about a virtualized core is or may be ported to establish a Virtual Processor (e.g., VP1 for modem) on MPU 2610.
In
Qualifiers MreqModem and MreqSystem mean the same thing at DMA level and interconnect level, but have somewhat distinctive meanings in some different embodiments. Let a first embodiment have a DSP (digital signal processor) separate from the MPU 2610 operating as a modem engine. The SSM hardware and interface 2665 then generate a signal MreqModem active to accompany attempted accesses by this modem engine DSP core. In a second embodiment, suppose the DSP core is absent and the modem engine is established as software on the MPU 2610 which in some embodiments is a RISC processor core and not a DSP core. For expressiveness of signal designations, the SSM hardware and interface 2665 then generate a signal designated MreqSystem active to accompany attempted accesses by this virtual modem engine running on the MPU 2610. The significance of MreqModem and MreqSystem are both the same farther out in the system in that a process (e.g., modem) is attempting an access.
A first embodiment has an application engine including a RISC core, system DMA, and dedicated peripherals. Coupled to the application engine is a Modem engine including a DSP plus modem DMA plus dedicated peripherals. Shared memory such as SDRAM and Flash memory and shared peripherals such as USB serial bus are coupled to both the application engine and the modem engine.
A second embodiment is similar to the first embodiment except that the modem engine is virtualized onto the RISC core and uses the same system DMA, but has modem-dedicated peripherals. The second embodiment has the modem engine run on the same core MPU 2610 with a modem RTOS using the same system DMA and co-existing with a Public HLOS. To deal with the constraints of the second embodiment, recreation of the two distinct engines (application and modem) is accomplished by effectively virtualizing the distinct engines onto the RISC core and system DMA. They are transformed into categories in
The signal MreqModem is generated and used in the first embodiment (RISC plus DSP) so that both the Application engine and Modem engine (subsystems in general) have access to a large number of DMA channels and as much DMA as is desirable for each engine (in effect a combination of the system DMA and modem DMA. Using the MreqSystem (or MreqModem) differentiates the application engine from the modem engine for accessing or preventing access to peripherals reserved for the application engine or reserved for the modem engine, for instance. In the first embodiment, the DSP is dedicated to modem engine and the DSP is operated or provided with circuitry to assert MreqModem active to differentiate each DMA channel programmed by the modem engine (DSP) from each DMA channel programmed by the application engine (MPU 2610 core). In the second embodiment MreqSystem is similarly used, from an interconnect/DMA point of view, and this provides economical design of different system products with complementing advantages using a very similar methodology or architectural scheme as described herein.
In the first embodiment, MreqModem (MreqSystem) goes active when the Modem DSP attempts access to a peripheral instead of MPU 2610 and inactive when MPU 2610 attempts access. In the second embodiment, the real-time process represented by the DSP code is suitably modified and ported to be compiled and run as a virtualized modem engine, for example, on MPU 2610 such as a RISC processor. MreqSystem goes active when the virtualized real-time process (e.g., modem) thus ported to MPU 2610 attempts access to a peripheral, and inactive when the application engine attempts access.
The field VP1_Active when active in SSM registers 2620 signifies that MPU 2610 is in a Virtual category indicative of the modem for instance, so that the circuitry knows that it is in a Virtual world. The SSM register bit field VP1_NS is set equal to the Non-Secure/Secure bit CP15_NS described hereinabove. Bit field VP1_NS services an intermediate configuration state while in Monitor mode. For example, suppose CP15_NS=1 (context switching Public MMU) but operations are to go to a Secure category. VP1_NS provides a flag for Monitor Mode software. The Monitor code software structure sets, triggers and resets the bits CP15_NS and VP1_NS at different stages and times. An example architecture uses a Virtual Public category and an empty Virtual Secure category and consequently suitably provides only one set of banked registers for Virtual mode. These triggers are used also to select in the SSM address boundary checker register bank.
Logic circuitry of SSM responds to the bit field VP1_Active to generate the qualifier MreqSystem. The qualifier MreqSystem is a signal that accompanies or is attached to each transaction the MPU 2610 creates in the second embodiment (without physical DSP), and is the signal that accompanies or is attached to each transaction the DSP creates in the first embodiment that has DSP. Interconnect firewalls respond to qualifier MreqSystem to protect memories from accesses that are inconsistent with a currently operative category of operation.
In one group of embodiments a DSP with RTOS and real-time application(s) is virtualized onto a RISC processor that also runs non-real-time HLOS and non-real-time applications. In another group of embodiments a RISC processor with real-time application(s) is virtualized onto a DSP that also runs non-real-time HLOS and non-real-time applications. In still another group of embodiments, a RISC processor with a non-real-time HLOS and non-real-time applications(s) is virtualized onto a DSP that runs an RTOS and real-time application(s). In yet another group of embodiments, a DSP with non-real-time HLOS and non-real-time applications is virtualized onto a RISC processor that runs an RTOS and real-time application(s). In still other groups of embodiments, a first processor runs both an RTOS and HLOS and their applications is virtualized as a distinct virtual processor for system purposes onto a physical core MPU that runs both an RTOS and HLOS and their applications as a second virtualized processor maintained distinct from the RTOS, HLOS and applications of the first virtualized processor. Further groups of embodiments have the processors be physical (non-virtual) but provide MreqSystem qualifier(s) to indicate and identify to the system and to protective SSM hardware which physical processor is making an attempted access. Yet other groups of embodiments virtualize multiple distinct processors, as respective clusters of contexts identified to a virtual core, onto a physical core. Still other groups of embodiments include clusters of physical processors as in
When one processor, e.g. real-time, is virtualized onto another processor (e.g., non-real-time, a single qualifier (e.g., MreqSystem) is suitably provided and has two states to respectively signify which of two virtualized processors are active. Thus, the inactive state of MreqSystem can indicate a virtualized processor distinct from the virtualized processor signified by the active state of MreqSystem. When more than one processor is virtualized onto another processor(s), then an MreqSystem qualifier is provided as a single field with more than two states to keep the virtual processors distinctly identified for hypervisor and system firewall purposes. Alternatively, multiple MreqSystem qualifiers are provided and represented by multiple fields or bits so that more than two states are analogously available to distinctly identify the virtual processors for hypervisor and system firewall purposes.
“GSP” herein is used as a software platform designator to refer collectively to a Modem, BSP with RTOS, ACI, Debug, Emulator, and Trace all together.
In
In
In
In
In
In Public Supervisor mode 2390 of
Examples of operation based on
In some embodiments, the Virtual Public category 2430 (e.g., modem) generates one or more Secure FIQ even though secure environment SE Kernel generate Secure FIQ as well (but at other times). The SE Kernel is arranged non-interferingly so that the SE Kernel and its FIQ routine disables the FIQ masking (e.g. F bit) very rarely for only few clock cycles. And each time operations are in Monitor Mode before entering the Virtual Public category 2430, the Monitor code gives category 2430 (modem) the capability to disable the FIQ masking. FIQ masking capability is withheld from the Public Non-virtual category 2420 (for Public HLOS) because of the configuration of the security zone register (e.g., CP15S) and hardware enforcement thereof in
In
In this embodiment, switches between the categories are prevented except through Monitor Mode. Notice that the hypervisor 2410 controls or is structured by certain register bits. A CP15_NS bit or SCR bit is active or not to indicate and distinguish the Non-secure (Public) condition from the Secure condition. The SSM 2460 has a VP1_NS bit or field in a SSM_Virtual_Processor register (see
Further in
In
Each category 2420, 2430, 2440, 2450 has drivers to interface the kernel that operates in or controls each application in that category with each application in that category. Each category has APIs to interface the kernel to the other categories. These APIs make transitions that are trapped and mediated by hypervisor 2410.
For example, in
In
Category 2440 is Virtual Secure and in this example has a Secure Virtual Kernel (SVK), and Secure Virtual kernel drivers and APIs. An example of an SVK is a secure OS for a content player, gaming box, and/or still imaging or camera system which is provided in category 2440. The SVK in category 2440 is used either by itself or in addition to a category 2430 wireline modem RTOS or wireless modem RTOS according to the type of system desired. In category 2440, HLOS API, GSP API, and SE API provide respective interfaces between the SVK kernel of category 2440 and the corresponding HLOS kernel of category 2420, RTOS kernel of category 2430, and the SE kernel of category 2450. Each of the HLOS API, GSP API, and SE API makes an inter-category transition relative to category 2440 that is trapped and mediated by hypervisor 2410.
Category 2450 is Non-virtual Secure and in this example has a Secure Kernel, and Secure Kernel drivers to interface the Secure Kernel with secure applications or protected applications in category 2450. In category 2450, an HLOS API, GSP API, and SVK API provide respective interfaces between Secure Kernel of category 2450 and the corresponding HLOS kernel of category 2420, RTOS kernel of category 2430, and SVK of category 2440. Each of the HLOS API, GSP API, and SVK API, makes an inter-category transition relative to category 2450 that is trapped and mediated by hypervisor 2410.
The arrangement is flexible so that one or more of the categories 2420, 2430, 2440, 2450 is or can be populated or empty. When a category is empty, the APIs in the other categories for interfacing to the empty category are suitably also omitted unless retained for upgrade purposes. Additional categories are suitably further established according to the teachings herein, and then additional APIs in the categories are added to interface to each additional category. SSM 2460 provides hardware monitoring and enforcement and issues classifier bits or fields MreqSystem, MreqPrivilege, MreqSecure, and other classifiers according to the teachings herein to regulate access to system peripherals of
An interconnect firewall 2530 is enabled to reserve or isolate or enforce memory space allocated to a particular virtual processor or non-virtual processor. Shared memory space is provided as between various combinations of the four categories of resources of
In
In
When the MPU is physically in Monitor Mode and the hardware monitoring mechanism is activated (Monitor_EN field active), the SSM hardware monitoring mechanism is configured to restrict the physical instruction fetch of the Monitor code to a ROM only location, for example. In that case, the Monitor mode RAM stacks are excluded. Execution in the monitor mode stacks is prevented because the stacks are not included in the ROM address range defined as permitted by the Start_Monitor_Code and End_Monitor_Code start address and end address registers. Moreover, the trace-related circuitry as described in
Also, in some embodiments, the hypervisor code in Monitor Mode, context switches the MMU completely each time a switch is made from a Non-virtual category to a Virtual category. This provides a large system address space (e.g., 4 Gb or other large space size) for each category or world, physically differentiated with the classifier MreqSystem. An embodiment that hypervises two HLOSes suitably puts one HLOS in a Non-virtual category and the other HLOS in a Virtual category. Along with the circuitry and processes of
In
In
An initiator firewall like Initiator Firewall 2638 is provided in each initiator in the system. An initiator is a circuit that initiates transfers of information. Each initiator firewall detects whether its associated initiator has been corrupted and can enforce specific security mechanisms, such as a buffer overflow checker or other checker. When an initiator is performing a transaction, in-transaction classifiers or qualifiers are generated. These in-transaction classifiers are, for example, any one or more of the following: MCMD for Read/Write qualification, and MreqInfo qualifiers such as MreqSystem, MreqSecure, MreqDebug, MreqType, MreqPrivilege and other suitable qualifiers. These qualifiers reflect the system state of the initiator at the time of the transaction, and the qualifiers are propagated to interconnect 2640. The interconnect 2640 generates a parameter designated ConnID to identify exactly which initiator made the transaction.
Each of several configurable Target Firewalls 2645 (e.g., each L4 interconnect firewall, system memory, and each L3 interconnect firewall) respectively dedicates a memory or a peripheral in the Targets 2650 to each initiator and isolates each such target among Targets 2650 from any other initiator so that corruption or attack from any other initiator is prevented. A firewall is configurable to share initiators, if desired. Either or both of an Initiator Firewall 2638 and a Target Firewall 2645 generate a Security Violation signal when an attempted bus-access by an initiator is inconsistent with permissions configured into a firewall.
A reset or power management transition may clear or erase a firewall configuration. The processor core 2610 boots in Secure Supervisor mode and reconfigures the firewalls 2645 to their default run-time configurations. Accordingly, upon reset, any memory or target 2650 that can be used for security is restricted to use by the processor core 2610 in Secure Privileged mode.
In
In
In
The SSM Physical Checker 2650 is also coupled to the Write Data bus. Note that Physical Checker 2650 does not need to check for violation on the Write Data base in a case wherein the Data Cache and Write Buffer might not have been drained before entering the monitor mode in path to enter the virtual container. In such case, a possible writeback could result during this Monitor code and cause an unnecessary violation signal when no meaningful security violation has actually occurred. The Monitor Mode software code ensures the system coherency by executing the appropriate memory barriers before activating the VPx_Active to ensure that no undesired write takes place after entering the virtual container.
When leaving a virtual container to switch to the Monitor Mode, the Monitor Mode 2310 of
In
In
Interrupt Handler 2720 is coupled to registers 2725 including an Interrupt Status Register ISR and Interrupt Register ITR, and is coupled to the peripheral port 2625 via the bus interface 2728. Interrupt Handler 2720 has FIQ/IRQ output coupled to the processor core 2610 via an interrupt bus 2735. The Secure FIQ preemptive masking handler 2715 delivers automatic public FIQ pre-emptive masking signals to Interrupt Handler 2720. In SSM Registers 2620, a Public_FIQ VP1 register and a Secure_FIQ_VP1 register configure the Secure FIQ preemptive masking handler 2715.
A Firewalls and Checkers block 2740 includes an instruction firewall, monitor code firewall, monitor code integrity checker, monitor stack firewall, monitor data integrity checker, secure privilege stack integrity checker, variable length codec iVLCD firewall 2742, and virtual processor firewalls. Compare the SSM Virtual Checker 2630 and SSM Physical Checker 2650 of
Further in
The Control Module 2765 supplies the Firewalls and Checkers block 2740 with information representing Start and End addresses of the monitor code and monitor stack, with the Start and End of the virtual processor resources, and with stacked memories protection and Secure privilege stack protection information. The Control Module 2765 supplies the CPSR/NS block 2755 with a CPSR Enforcement mode signal. Control Module 2765 supplies the Platform Events and Configuration Handler 2775 with signals along lines for a Device Type, for Platform Violations, and for Power Reset Events. Control Module 2765 supplies the Security Violation Handler 2760 with Platform Violations enables (compare with FIGS. 28A/28B) and supplies a debug section 2772 with information regarding Debug configuration (compare with
Control Module 2765 in
In
In
Security Violation Handler 2760 generates an interconnect attack neutralization signal. This Intercon_Attack_Neutralizer signal is generated active when the SSM 2460 detects an attack attempt such as a stack buffer overflow. The attack neutralization is provided without damaging or impairing the memory functionality and the processor 2610 functionality. This Intercon_Attack_Neutralizer signal is also suitably delivered as a security attack indicator output of SSM 2460.
The output Intercon_Attack_Neutralizer goes to interface MPU2BUS 2665 and causes interface 2665 to generate a Prefetch Abort when a Data Abort is received. This operation kills an erroneous software application that is currently generating the Data Abort. By doing so, the erroneous software is wiped out from the MPU 2610 pipeline. Intercon_Attack_Neutralizer acts as a virus killer. The Interconnect_Attack_Neutralizer function generates a Prefetch Abort (on a valid instruction) each time any of the Interconnect firewalls (e.g., 3522.i or 3532.i of
The Intercon_Attack_Neutralizer line and signal are fed to circuitry in interface 2665. Interface 2665, in turn, generates a Prefetch Abort to MPU 2610 when a system peripheral generates a Data Abort. Prefetch Abort is generated to trigger an Instruction memory barrier and thereby flush the MPU 2610 pipeline. The Prefetch Abort stops the prefetching of instructions of the currently-executing software. The reason for stopping the prefetching is because current software executing is quite probably responsible if a Data Abort has just happened. Since virus software may act in this faulty way, the Intercon_Attack_Neutralizer signal acts to stop virus software. Moreover, MPU instruction address register information is captured to enhance diagnostics and prevent a virus from concealing itself Undesirable propagation of either a Data Abort or Instruction Abort is also prevented. See further Neutralizer description in connection with
The output Next_Instruction_Abort also goes to interface MPU2BUS 2665 and causes interface 2665 to generate a Prefetch Abort when a Data Abort is received. Next_Instruction_Abort is useful when MPU 2610 processing time to respond to the error response ERR might be too long (several clock cycles) to resist a buffer overflow attack for instance. In other words, in such scenario, Next_Instruction_Abort can be more effective than generating the outputs IBUS_Abort, RDBUS_Abort, or WRBUS_Abort to generate the error response ERR.
By contrast with Interconnect_Attack_Neutralizer, the Next_Instruction_Abort is generated by the Security Violation Handler 2760 in SSM 2460 when attacks are detected, such as a buffer overflow attack or boundary access violation. The generation of Next_Instruction_Abort may, but does not necessarily, imply that a Data Abort is generated to the MPU 2610. This is useful to resist a buffer overflow scenario in case a Data Abort is not generated.
In
A security violation strategy is configurable in a Security Violation Configuration register Security_Violation_Conf in SSM Registers 2620. The Security_Violation_Conf register controls aborts depending on the configured abort type, and further determines whether or not a Warm CPU reset or a Cold Reset or no reset is generated for particular group of security violations. Configuring of this Security_Violation_Conf register by one or more write operations is suitably restricted and reserved to a predetermined mode such as Secure Privilege mode. Different security violations generated by the SSM 2460 are flagged in a Platform Status register in SSM Registers 2620. Security Violation flags are clearable by some restrictive mode of access such as Secure Privilege Mode access. A similar restrictive mode of access is suitably used for writing and reading the various SSM Registers 2620 and registers in Control Module 2765.
Among other things, SSM 2460 in
In FIGS. 9A/9B, Power Management circuitry is provided to establish and control different power domains in a single integrated circuit (IC) and/or in a multiple IC system. The power domains handle different levels of power hierarchy and facilitate proper switching from one power domain to another without losing already-configured parameters that are desired for use after the switching or upon return to operation of a given power domain. The power domains include an MPU Power Domain, a Wakeup Power Domain, a Core Power Domain, and a Peripheral Power Domain.
The MPU Power Domain includes the processor core 2610 and its ports and interfaces 2625, 2635, 2655, 2735, 2780, Functional Bus Interface 2665 and peripheral bus interface 2728, and SSM 2460 including blocks 2620, 2715, 2740, 2745, 2750, 2755, 2760, 2770, 2775, Interrupt Handler 2720 and its Interrupt Registers 2725, iVLCD 2744, 2742, and In-Circuit Emulation block 2785. SSM 2460 is suitably driven by a MPU core clock and a half-rate clock derived from the MPU core clock. The Wakeup Power Domain includes PRCM 2790. A Warm CPU reset and a Cold reset are provided. The Core Power Domain includes the Control Module 2765 and Memories. The Peripheral Power Domain includes various cryptographic accelerators and resources.
In
The CPSR Mode Checker and NS Bit Enforcement block 2755 contributes, specifies and structures the permitted transitions and non-permitted transitions so that the Monitor Mode operations can be and are effectively interposed in the architecture as shown in
If a security zone mechanism associated with MPU 2610 has capability to change the NS (non-Security) bit in some or all Privilege modes, CPSR Mode Checker and NS Bit Enforcement 2755, in TABLE 1 and
In CPSR Mode Checker and NS Bit Enforcement 2755, hardware and process blocks in
Three register bits or fields respectively designated FIQ_/IRQ_/EA_Trapped_in_Monitor are provided. When a respective FIQ/IRQ/EA_Trapped_in_Monitor bit is set, see step 2820 in
The variable CPSR_Old represents a next-previous value of the variable CPSR_Mode. CPSR_Old and CPSR_Mode are compared to determine whether the system is continuing in Monitor Mode, transitioning out of Monitor Mode, or transitioning into Monitor Mode, and to perform enforcements accordingly. The variable NSbit_Old represents a next-previous value of the MPU security signal CP15S_NS representing Non-secure or Secure.
In
A decision step 2810 determines whether the NS bit has been flipped (state-changed) outside of Monitor Mode. If Yes, a security violation Flag1 is set at a step 2812. A succeeding decision step 2815 is executed after either step 2812 or after No at step 2810. Decision step 2815 determines whether NS=0 (Secure) and a switch either from System mode to User mode or from User mode to System mode occurred. If Yes, another security violation Flag2 is set at a step 2818.
A following decision step 2820 is executed after either step 2818 or after No at step 2815. Decision step 2820 determines whether operations are entering Monitor Mode from an occurrence of Fast interrupt FIQ, regular interrupt IRQ, or External Abort EA. If Yes, then a Relax_Rule flag is set (e.g. to one) at a step 2822, and if No, then the Relax_Rule flag is cleared (e.g. zero) at a step 2826.
For illustrative purposes in
If step 2826 is reached and Relax_Rule=0 therein, operations proceed to decision step 2830 to determine whether NS=0 (Secure) and if Monitor Mode is being entered from User/Abort/Undef/System mode. If Yes, then operations branch to set security violation Flag3, Flag 4, Flag5, and/or Flag6 in a step 2832 depending from which mode the entrance to Monitor Mode is being attempted. If No in step 2830, then operations proceed to decision step 2840, to determine whether operations are conversely leaving Monitor Mode to any of User/Abort/Undef/System mode. If Yes in step 2840, then operations branch to set security violation Flag3, Flag 4, Flag5, and/or Flag6 in step 2832 depending on to which mode the transition from Monitor Mode is being attempted. In other embodiments, separate additional flags are provided.
After step 2832 or after No in step 2840, then operations proceed to decision step 2850, to determine whether NS=1 (Non-secure, Public) and if Monitor Mode is being entered from User/Abort/Undef/System mode. If Yes, then operations branch to set security violation Flag7, Flag 8, Flag9, and/or Flag10 in a step 2862 depending from which mode the entrance to Monitor Mode is being attempted. If No in step 2850, then operations proceed to decision step 2860, to determine whether operations are conversely leaving Monitor Mode to any of User/Abort/Undef/System mode. If Yes in step 2860, then operations branch to set security violation Flag7, Flag8, Flag9, and/or Flag10 in step 2862 depending on to which mode the transition from Monitor Mode is being attempted. In other embodiments, separate additional flags are provided.
In
Following any of steps 2860 (No), 2862, 2865 (No), or 2858, a step 2870 prepares for a subsequent cycle of transition monitoring. Step 2870 updates NSBIT_Old with the value of NS, and NS is updated on a subsequent cycle. Step 2870 also updates CPSR_Old with the value of CPSR_Mode, and CPSR_Mode is updated on a subsequent cycle. After step 2870, a composite security violation flag SECURITY_VIOLATION_CPSR is updated with a logic function such as an OR of all the diagnostic security violation flags Flag1, Flag2, . . . Flag10 described above in connection with steps 2812, 2818, 2832, 2862. The Security_Violation_CPSR flag is fed to Security Violation Handler 2760 of
To protect a security zone, the SSM CPSR Mode Checker and NS Bit Enforcement block 2755 ensures that no CPSR_Mode switch can occur from User mode directly to Monitor Mode while bypassing the Secure kernel or bypassing Supervisor mode contrary to the operation of
In
The flag Relax_Rule is set to ‘1’ when FIQ or IRQ are detected (fired to the MPU hardware inputs) and IRQ/FIQ_traps in Monitor Mode are configured to ‘1’. If there is a transition User mode to Monitor Mode and Relax_Rule=0, meaning that the more-permissive case of Relax_Rule=1 is absent, then the SSM hardware generates a Security Violation if Monitor_vs_User register field of TABLE 8 in the SSM_CPSR_Mode_Enforcement register in Control Module 2765 is set active. Otherwise if the Monitor_vs_User bit is inactive, no violation is taken. In this way, the hardware uses or takes the Monitor_vs_User register bit to make an implicit decoding of whether or not to generate a Security Violation.
If Relax_Rule=1, a flag is set or kept that represents that a jump back is expected and not a security violation. When the jump back occurs, no FIQ/IRQ is asserted to the MPU 2610. The condition of Relax_Rule=1 facilitates switching back and forth between modes starting from Public User mode, such as for example, Public User to Monitor Mode and back to Public User mode. Suppose an interrupt FIQ fires during a software application. The improved SSM 2460 traps FIQ/IRQ/EA into Monitor Mode, and the system hardware is established (static configuration, architecture defined, for instance) to create a CPSR_Mode switch from User mode to Monitor Mode. Respective signals designated {FIQ/IRQ/EA}_Trap_in_Monitor allows control over mode switches between User and Monitor Mode by detecting that these events have happened, and ensure that a switch that could be associated with a security attack is prevented. From a software viewpoint FIQ trapping directly into Monitor Mode further enables the hardware to structure and establish Monitor Mode code as a hypervisor.
A further embodiment of the hypervisor prevents and detects inter-virtual mode switches, such as from Non-virtual Public User mode to Virtual Public Monitor Mode. Another embodiment implements eight categories instead of the four shown in
The hardware design code of TABLE 1 has IF conditions involving each of the enforcement fields of TABLE 8 in the SSM_CPSR_Mode_Enforcement register and generally follows the flow of FIGS. 10A/10B. The various Flags 1-10 of FIGS. 10A/10B are given respective mnemonic names prefixed by CPSR_Switch_in TABLE 1. Some embodiments leave the enforcement fields out of the IF condition and instead load the respective Flag with the pertinent field in the THEN portion of the operations, which accomplishes a similar result. Note that more or fewer flags are suitably used in various embodiments depending on the amount of diagnostic detail desired in case a security violation occurs.
In
In the example of TABLE 2, hardware Firewalls FW permit Data accesses by Modem or by Secure mode, and this is called multi-share herein. For multi-sharing, CPSR_Mode information from the SECMON bus is used with a suitable Data Memory Barrier established in Monitor Mode. SSM Physical Checker 2650 generates the MreqSystem classifier. Physical Checker 2650 performs MreqType checking of Data versus Instruction and checks the MMU coherency, and issues the Security Violation signal if these checks detect a problem.
In
TABLE 2 is useful for describing concepts applicable to different embodiments with different bussing structures. For example, some embodiments have a single bus for instructions and data, and other embodiments have an instruction bus and a separate data bus for data. Yet other embodiments have the data bus separated into a data read bus and a data write bus. Still other embodiments have multiple width bus structures and other bus structures for increasing bandwidth and parallelism and for other purposes.
If the checking at step 2925 passes, then the MMU passes and operations go to a decision step 2930 to determine whether the Modem address to which access is attempted is a Shared address or a Reserved address. If Shared address, then operations go to a step 2935 to set the classifier MreqSystem to a predetermined inactive value (e.g., zero). If a Reserved address in step 2935, then operations go instead to a step 2940 to set the classifier MreqSystem to an active value (e.g., one). If the checking at step 2925 fails, then the MMU is incoherent and operations instead branch from step 2925 to a step 2945 to set a Security Violation SEC_VIOLATION flag active (e.g., one) for the applicable bus in
In
Eight sets of SSM Registers .0-.7 each include physical start address PHY_VP1_START0, physical end address PHY_VP1_END0. The addresses are suffixed with an index x (e.g., 0, 1, . . . , 7). Index x represents any one of a predetermined number of different contexts (e.g., eight) permitted in the example, and the registers establish that number of physical address ranges specified by physical Start/End address boundaries and that same number of virtual address ranges specified by virtual Start/End address boundaries.
In this example, the Virtual Public category 2430 of
In
When VP1_DEBUG_DIS is high, enable lines designated DBGEN and NIDEN are activated before entering the VP1 CPSR modes and are reset to previous value before exiting. When VP1_NS is low in
SSM_VIRTUAL_PROCESSORS holds the Secure Demand Paging (SDP) Page Usage Level which relates to the priority of the page for demand paging purposes, see incorporated patent application TI-39617.
In
In TABLE 3, the Physical Checker 2650 hardware checks both that the mode is not Monitor Mode and that the Virtual_processor mode is active. The hardware verifies that the Virtual processor VP1 is coherent, such as that CP15S_NS has the configured value for it.
The hardware 2650 also checks whether the current access at this clock cycle is occurring in one of the defined physical address ranges indexed x for an allowed context. If it is not in a permitted range, then the circuitry generates a security violation. When software is hijacked, it is like to be executing or attempting access outside the permitted physical address ranges. For example, the designated . . . PROT[2] line provides Data/Opcode type information for checking. If the checks pass, then the hardware generates the MreqSystem qualifiers. The MreqSystem qualifiers are propagated, along with the now-checked bus signals representing the access, to interconnect firewalls for system peripherals for further checking and isolation of any problems according to the firewall hardware scheme.
For write bus monitoring, notice that the hardware does not need to check whether the mode is not Monitor Mode. This latitude is mainly due to posted write that can occur anytime even in Monitor Mode. Some CPU cores can post Read and Write addresses before any accesses physically happen. Some embodiments of SSM herein respond to this posting capability, when present, to send back an External Prefetch/Data Abort (In_Band) signal SRESP response before any physical Data Read or Data Write takes place. The MPU2BUS interface 2665, either directly or via Monitor code, responds to that In-Band signal to neutralize an attack by intercepting the actual Read or Write transaction. A damage scenario is prevented because memory is not corrupted or one or more attacker instructions are not executed.
Consider a case wherein Secure FIQ happens, operations directly enter Monitor Mode, and posted writes are issued at that time. Security remains uncompromised nevertheless. The reason is that even if an attacker process running in Public mode attempts to exploit this case, the Public mode attacker process is unable to modify the VP1_Active bit. Physical Checker 2650 therefore does not tag the access with MreqSystem active, and the access is caught and prevented by the interconnect firewalls 3522 of
If the checks regarding non-Monitor, security NS, and VP1_Active pass and then any of the eight address range checks (contexts indexed x) activate the corresponding MreqSystem_x classifier, then an OR-ing process in the TABLE 3 hardware 2650 generates MreqSystem active for the access. More specifically, the Physical Checker 2650 tags the current transaction with MreqSystem active on the applicable bus IBUS (instruction), RDBUS (read data), or WRBUS (Write data). This MreqSystem active signal or tag is encapsulated in the current bus transaction by the MPU2BUS interface 2665.
If a security violation is detected, SSM hardware of TABLE 3 generates a security violation flag for status flag recordkeeping. The security violation flag is used to trigger a Warm CPU reset/interrupt or other suitable security response.
In
Violation_IBus_Neutralizer has a first mechanism that detects a violation on the IBUS instruction bus (non-allowed address, wrong MReqInfo values). The Physical Checker 2650 of
In
Generally, the particular software application generating the data abort should be terminated and is the particular one currently in the pipeline.
Some embodiments provide and take two successive exceptions. First a data abort is taken. Second, the data abort is followed by a prefetch abort. The prefetch abort is adapted to obliterate, erase or kill the program link (relative address) register in the MPU 2610 register file for the particular software application. Consequently, from a system point of view, the particular software application that caused the violation does not exist anymore because no branch back is possible. No branch back is possible because the relative address needed by a branch back process is absent. The Neutralizer mechanism(s) thus provides a useful virus killer.
If in step 3030, the mode is Monitor Mode or the access is from the Modem into its own space, or otherwise No in step 3030, then operations branch from step 3030 to step 3070 to set the bus-specific signals accordingly. After operations in step 3070, a RETURN 3080 is reached and the hardware goes back to BEGIN 3010 to evaluate the next access.
In
In
Further in
The hardware of TABLE 2 and TABLE 3 are helpfully compared with the system architecture of
Protocol stack PS is still in a Public Privilege mode, thus no software architecture changes are needed (direct porting on upgrade). Protocol stack PS is not in Secure mode and thus poses no threat to Secure mode under a security scenario of execution when protocol stack PS resides in Flash/SDRAM memory 1435 of
Monitor Mode dynamically creates a second FIQ mode designated Modem FIQ mode of
The interrupt model is also HLOS agnostic. Modem FIQ interrupts are physically secure FIQ interrupts with high speed processing, and they are made to be higher priority than HLOS operation. See
Hardware isolation architecture creates an MreqSystem qualifier and intelligently uses software and hardware security features. Using the MreqSystem qualifier, firewalls are improved to hardware-isolate any Modem resource dynamically. Monitor Mode is enforced, with acceptable impact on interconnect operation.
In regard to the pseudocode example of TABLE 2, the MMU mapping is enforced by the following measures. When in appropriate Privilege mode, the processor core 2610 evolves in a predefined Physical/Virtual memory space. Any change in the mapping is detected when in Privilege mode. The caches are physically indexed. The SSM 2460 architecture detects and responds to any non-permitted address overlap or MMU trashing. An example protocol stack PS is suitably executed in Virtual Public Privilege, and MMU is not be trashed in ordinary operation since MMU is setup by Monitor Mode and is not accessible by Public HLOS.
In order to preserve the integrity of the system operations, accesses to Modem reserved space 2545 of
All Modem related FIQ is defined in privilege mode as Secure FIQ, and provides high speed, non-maskable, and HLOS-agnostic properties. The Monitor Mode is updated to encompass a list of the possible Modem FIQ interrupt number(s) (Modem reserved resources) and creates an additional FIQ mode (2nd Public FIQ mode).
Another aspect creates in Interrupt Handler INTH 2720 of
In another aspect, the Monitor Mode creates a new Modem FIQ mode in the modem resource memory. That Modem FIQ is not correlated to other FIQ mode, and Modem FIQ physically evolves in Public FIQ mode. The secure interrupt is hardware controlled, and the CPSR F-bit public masking capability is re-allowed for this specific processing. Thus, the Modem software is fully isolated under Secure mode control. This method confers and ensures HLOS-agnostic properties when servicing Secure FIQ in Public mode.
In
In
Analogous to
The Virtual Checker 2630 maintains and detects violations of a definition of a Virtual Modem space range that includes on-chip RAM modem, Modem Peripherals and Emulation, WCDMA modem, Flash memory section, SDRAM Reserved section and SDRAM Shared section, MMU TTB Shared section, and related registers.
The SSM Virtual Checker 2630 is suitably established to accomplish its functions such as according to the hardware design pseudocode of TABLE 5 or hardware design code of TABLE 6 for two examples. NS_bit active means non-secure mode except Monitor Mode is secure.
All other switches to System mode are enforced (e.g., Public Supervisor to Public System mode is forbidden).
In
If Yes at step 3430, operations proceed to a checking step 3440 that operates if an instruction is involved and is executed out of the MPU 2610 pipeline. Checking step 3440 then checks various Trace bus (e.g., ETM bus) signals for any violations and sets corresponding flags as described in TABLE 6. These include MPU Instruction Not Valid, Branch Phantom Not Valid, and Data Instruction Not Valid in the example. Also, the Trace bus Instruction Address TraceIA is loop-checked for each of several Start/End virtual address ranges x allowed for contexts, and a respective Out of IContainer_x Flag x is set for any violation in a range x.
Further in
A succeeding checking step 3460 checks for a permitted Data read or write address. If the Data read or write pertains to the MPU 2610 pipeline, it is permitted. If not, the trace bus Trace Data Address Control bit is checked and if not an expected value, then a loop on ranges x checks the Trace Data Address to make sure it lies within one of the permitted virtual address ranges permitted to the Virtual Processor VP1 category 2430 of
Operations in
In step 3470, Instruction related flags are high-active ORed for example. The Out_of_IContainer flags are ANDed (low-active ORed) together so that if the access is directed to a virtual address outside all of the permitted ranges x then the composite of those flags goes active high as output for generating a security violation. Analogously, the Data-related flags are high-active ORed in the example, and the Out_of_DContainer_x flags are ANDed (low-active ORed) together and then ORed with Data_Slot_Abort. When Security Violations step 3470 is completed, the hardware operations reach RETURN 3490 and go back to BEGIN 3410 to evaluate the next access.
In
Data exchange between the peripheral subsystem and the memory subsystem and general system transactions from memory to memory are handled by the System SDMA. Data exchanges within a DSP subsystem 3520.8 are handled by the DSP DMA 3528.8 and/or by DSP DMA 3510.2. Data exchange to refresh a display is handled in display subsystem 3510.4 using a DISP DMA 3518.4 (numeral omitted). Data exchange to store camera capture is handled using a Camera DMA 3518.3 in camera subsystem 3510.3.
A hardware security architecture including SSM 2460 propagates qualifiers on the interconnect as shown in
Firewall protection by firewalls 3522.i is provided for various system blocks 3520.i, such as Flash memory, ROM, on-chip RAM, Video Codec, WCDMA/HSDPA, MAD2D and DSP. Various initiators in the system are given 4-bit identifying codes designated ConnID. Some Initiators and their buses in one example are Processor Core MPU 2610 [RD, WR, INSTR Buses], digital signal processor direct memory access DSP DMA 3510 [RD, WR], system direct memory access SDMA 3510.1 [RD, WR], Universal Serial Bus USB HS, virtual processor PROC_VIRTUAL [RD, WR, INSTR], virtual system direct memory access SDMA_VIRTUAL [RD, WR], display 3510.4 such as LCD, memory management for digital signal processor DSP MMU, camera CAMERA 3510.3 [CAMERA, MMU], and a secure debug access port DAP (
The DMA channels support interconnect qualifiers collectively designated MreqInfo, such as MreqSecure, MreqPrivilege, MreqSystem in order to regulate access to different protected memory spaces. The system of
The DMA channels 3515.1, .2, etc. are configurable through the L4 Interconnect 3534 by the MPU 2610. A circuitry example provides a Firewall configuration on a DMA L4 Interconnect interface that restricts different DMA channels according to the configuration previously written to configuration register fields. This Firewall configuration implements hardware security architecture rules in place to allow and restrict usage of the DMA channel qualifiers used in attempted accesses to various targets.
When an attempt to configure access for DMA channels in a disallowed way is detected, in-band errors are sent back to the initiator that made the accesses and out-band errors are generated to the Control Module 2765 and converted into an MPU Interrupt. Some background on security attack detection and neutralization is described in the incorporated TI-37338 patent.
In
A signal ConnID is issued onto the various buses by each initiator in the system 3500. The signal ConnID is coded with the 4-bit identifying code pertaining to the initiator originating that ConnID signal. System Memory Interface 3555 in some embodiments also has an adjustment made to ConnID initiator code so that if incoming ConnID=MPU AND MreqSystem=‘1’, then ConnID=MPU_Virtual. If incoming ConnID=SDMA AND MreqSystem=‘1’, then ConnID=SDMA_Virtual. In this way the special signal MreqSystem identifies a virtual world for these initiators to protect their real time operation.
The System Memory Interface 3555 in some embodiments provides a HOST 3560 qualifier to represent a Host access (or non-Host modem access) in the System Memory Interface firewall 3552.1 to SRAM 3550. A new ConnID is suitably generated each time the processor core MPU 2610 or system SDMA 3530.1, 3535.1 perform an access in the case when the MreqSystem qualifier is one (1).
In
Suppose an Interrupt request is sent by a target (e.g., 3510.i) to the Interrupt Handler 2720 of
Secure Configuration Register SCR1/2/3 registers of
IRQ Trapped In Monitor configures IRQ exception jump to Monitor Mode. When this IRQ trap bit is inactive and unless an IRQ is taken in Secure mode, all IRQ are treated as Public by default. Monitor Mode code performs an exit sequence. When this IRQ trap bit is set active, then each time an IRQ (Public or Secure) is taken, operations jump to Monitor Mode.
FIQ Trapped In Monitor configures FIQ exception jump to Monitor Mode. When this FIQ trap bit is inactive, FIQ are processed by MPU 2610 in FIQ mode. When this FIQ trap bit is set active, then each time an FIQ (Public or Secure) is taken, a jump to Monitor Mode occurs. Monitor Mode code performs an exit sequence.
MASK_Pub_Secure enables interrupt masking in the Public or Secure modes. When this masking configuration bit is inactive, masking of interrupts is made possible by the Public or Secure modes, i.e., that masking is permitted to be activated in either the Public or Secure modes. When this bit is set active, masking of interrupts is made possible only by the Secure modes.
In
In some embodiments SSM 2640 distinguishes PFIQ generated by the Public Virtual (modem) category 2430 from PFIQ generated by Public Non-virtual category 2420 (using active state of VP1_Active and/or MreqSystem). This is because Modem FIQ are served in the Virtual mode when Modem RTOS is in the Modem FIQ mode (Virtual Public FIQ mode). Otherwise, masking all Public FIQ would undesirably mask Public FIQ from the VP1 modem in some embodiments too. In
In some other embodiments, Modem FIQ are interrupt-mapped or tagged as Secure FIQ and not Public FIQ. In embodiments where in a given hardware architecture or policy makes Secure FIQ non-maskable by Public HLOS, then the second type of embodiments that interrupt-map or tag Modem FIQ as Secure FIQ have benefits of that policy.
In
Turning to Automatic/Manual control of Preemptive Masking Handler 2715, suppose Automatic_EN is high active, meaning Automatic method occurs when the signal is high. SSM_PMASK_FEEDBACK_Q is taken into account in Automatic mode.
When in Automatic method, Public Non-Virtual HLOS can mask only its own FIQ from the Public Non-Virtual category 2420, and HLOS is prevented from masking FIQs from the Secure Environment 2450. Also, Public HLOS is prevented from masking FIQs from the Public Virtual (e.g., modem) category 2430 nor Secure Virtual 2440. The Automatic method operates in a manner transparent to the system and thus no instruction cycles in MPU 2610 are occupied with the process.
By contrast, the Monitor Mode method does occupy some instruction cycles in the MPU 2610. Assume IRQ_Trapped_In_Monitor is active and also that the virtual processor Modem is running. When in Monitor Mode method (also here called Manual mode), then when a Public HLOS FIQ occurs, the Monitor Mode is entered. Monitor Mode code responds to signal SSMFIQ_Status via Interrupt Handler 2720 of
In Interrupt Handler 2720, an active high state of SSM_PMASK_FEEDBACK_Q represents a handshake or an acknowledgment to Preemptive Masking Handler 2715 that Public FIQ are indeed masked by Interrupt Handler 2720 in response to the earlier request SSMFIQ_Status. The signal SSM_PMASK_FEEDBACK_Q when inactive tells Preemptive Masking Handler 2715 information about the Interrupt Handler state too. A request to mask Public FIQ can go unfulfilled for a number of clock cycles (PublicInhibit active but SSM_PMASK_FEEDBACK_Q still inactive during sorting) when some interrupts are in the sorting machine of Interrupt Handler 2720.
If the CPSR_Mode is FIQ Mode, Public, then SSMFIQ_Status is set active by Preemptive Masking Handler 2715. In another case, if CPSR_Mode is Supervisor or System, and NS bit is Public and the IRQ mask I-bit CPSR_I is active, then SSMFIQ_Status is also set active as an enforcement mechanism to mask Public FIQ as well. If a security zone mechanism in MPU 2610 does not disable Public FIQ when in FIQ mode because the configuration of a security zone register (e.g., CP15S) is configured so that Public mode cannot mask FIQ, then Preemptive Masking Handler 2715 activates SSMFIQ_Status to enforce masking of the Public FIQ regardless. In yet another case, if MPU 2610 is in Monitor Mode or any Secure mode, and the SSMFIQ_Status_Global_REG is activated, then SSMFIQ_Status signal is activated or maintained activated if already activated. In this way, the Preemptive Masking Handler 2715 propagates a Public FIQ mask hardware state to Monitor Mode and Secure mode. Otherwise, Public FIQ might get unmasked upon an explicit Public HLOS request. Compare
In some typical HLOS, RTOS, and SE kernel software it appears that the IRQ mask and FIQ mask bits of MPU 2610 are toggled in the same way concurrently. A security attack might be underway if these mask bits were not toggled the same way concurrently. Accordingly, such concurrent toggling is enforced in some embodiments of the SSM herein. In other cases, HLOS may manipulate these bits without strategy in a system that might destabilize real-time processes (e.g., modem). SSM hardware linking the I-bit and F-bit hardware-supports the hypervisor by accommodating an RTOS (real-time operating system such as for Modem) and effectively have the MPU 2610 dedicated to RTOS with the assurance that all RTOS and modem interrupts will be real-time when RTOS is running. By hardware linking the I-bit and F-bit, then HLOS will not mask any FIQ, and hypervisor is protected and made safe from a scenario of interference by HLOS with a currently-running RTOS process that has been launched by hypervisor.
In
Boot software is coded to run in Secure Supervisor mode at Boot time to set an FIQ_Trap_In_Monitor bit or field of TABLE 8. SCR register circuitry of Interrupt Handler 2720 is also made so it is configurable to make any interrupt a Secure FIQ. A Secure FIQ means an interrupt that is handled only in a Secure mode. For the present example, one determines according to desired system architecture which interrupt(s) are to be Secure FIQ and boot-configures the SCR to make the thus-determined interrupts Secure FIQ.
The Interrupt Handler 2720 circuitry has interrupt masking circuitry as noted. Boot software is further coded in Secure Supervisor mode to clear MPU 2610 IRQ and FIQ masks to non-masked state for FIQ. Non-maskable Public FIQ means that a Public mode RTOS for a wireless or other modem, for instance, operates freely in real-time under the Monitor Mode hypervisor code. Some embodiments use MreqSystem to make Public FIQ non-maskable qualified by MreqSystem active. In this way, Public mode RTOS operates freely in real time in Public Virtual category 2430, and Public mode HLOS (Public Non-virtual 2420) can mask or unmask Public FIQs without interfering with interrupt operation of Public Virtual category 2430.
A Monitor Mode software handler is responsible to control the MPU 2610 IRQ mask (e.g. CP15S_I) and/or SICR PublicInhibit for masking and unmasking the Public FIQ when needed. The Monitor Mode software handler dispatches each pending FIQ to the Public world or Secure world according to the information provided by the Interrupt Handler 2720. The Monitor Mode software handler thus acts as an efficient intermediary for fast interrupts FIQ.
External Prefetch Abort and External Data Abort exceptions from interface 2665 to MPU 2610 are also trapped into Monitor Mode, such as by activating EA_Trapped_In_Monitor. Boot software operating in Secure Supervisor mode configures an External Abort trap active in MPU 2610 and this Abort trap is correspondingly configured in EA_Trapped_In_Monitor of TABLE 8. External Prefetch Abort and Data Abort are triggered for instructions and data respectively when a Security Violation signal SRESP is generated by an interconnect firewall 3522 (constructed analogous to firewall of
The Monitor Mode is configurable to be interruptible when not processing a trapped IRQ, FIQ or External Prefetch Abort/Data Abort. The Monitor Mode is coded to re-enable CPSR bits I, F, EA pertaining to mask/unmask IRQ, mask/unmask FIQ, and mask/unmask External Aborts upon a Software Monitor Interrupt SMI exception. Software code for the Monitor Mode is illustrated in
In
The Secure FIQ Pre-Emptive Masking Handler 2715 of
In order to speed the FIQ sorting between the different containers or categories of
MASK_Pub_Secure of TABLE 8 is set to allow the FIQ to be maskable only by operations in the Secure modes. When the FIQ are not maskable by the Public modes, due to active register bit or field MASK_Pub_Secure in the Core Power Domain, MPU 2610 is prevented from performing a write to its F bit (FIQ masking) while in Public mode. Even when CPSR Public FIQ mode is entered, the Preemptive Masking Handler 2715 stops the entry from proceeding. This avoids, inhibits or impedes creation of dead loops. The SICR in Interrupt Handler 2720 in the MPU Power Domain correspondingly has a configurable PublicInhibit field that masks the Public FIQ when a switch occurs to CPSR mode that would ordinarily unmask Public FIQ by inactivating the F bit (FIQ masking) of MPU 2610. PublicInhibit masks or disables Public FIQ when a Public FIQ exception mode is entered.
In
Suppose the field IRQ_Trapped_In_Monitor is configured or set active. When a Public FIQ fires and is consequently trapped in the Monitor Mode, the Monitor code may determine that the Public FIQ masking signal SSMFIQ_Status should be activated. Consequently, the Monitor Mode is coded to set the PublicInhibit bit in the Interrupt Handler 2720 before generating the NEWFIQAGR in order to enter the Public FIQ mode with Public FIQ masked. Concurrently and protectively, when the Public FIQ mode is entered, the Preemptive Masking Handler 2715 automatically activates the SSMFIQ_Status signal. As long as the SSMFIQ_Status is activated, the Public FIQ are masked. When the Preemptive Masking Handler 2715 detects that Public FIQ are to be unmasked (Case 1: CPSR I bit reset so IRQ unmasked, or Case 2: CPSR_Mode not in FIQ mode any more), the SSMFIQ_Status is cleared and SICR PublicInhibit bit is automatically inactivated for software reset and hardware reset. The Public FIQ are then automatically unmasked. See TABLE 29 and Monitor code transitions.
Preemptive Masking Handler 2715 itself further supports Public FIQ masking by circuitry that generates an interrupt SSMFIQ_GEN. This SSMFIQ_GEN interrupt is distinct from the masking flag SSMFIQ_STATUS. The circuitry of Handler 2715 provides two different operational options or processes—a fully automated process (SICR AutoInhibit active) and a Monitor Mode method (AutoInhibit inactive). The process to use is selectable by establishing and setting or clearing the AutoInhibit field or bit in the Interrupt Handler SICR register such as at Boot time. The embodiment of
In
A partially underlying process embodiment, designated the Monitor Mode method herein, is active in Preemptive Masking Handler 2715. Handler 2715 uses its IF-conditionals to detect when the Public FIQ should be masked and thereupon generates the SSMFIQ_Status signal. Then, if an FIQ occurs, the FIQ is trapped in the Monitor Mode. In the Monitor Mode method, the Monitor Mode code is also coded to read the Interrupt Handler SICR register SSMFIQ_Status field to determine that Public FIQ should be masked. If the SSMFIQ_Status is set, then the Monitor Mode is coded to respond to SSMFIQ_Status being active by disabling the Public FIQ by activating the SICR PublicInhibit and Monitor Mode also performing a NEWFIQAGR operation. This process automatically masks and clears all Public FIQ. The Monitor Mode switches or transitions back to the interrupted code if a PFIQ latency has occurred.
Suppose that the SSM detects that Public FIQ should be unmasked due to an inactivity of all the main IF-conditions in TABLE 9. Preemptive Masking Handler 2715 then clears or inactivates SSMFIQ_Status and generates its own Secure FIQ designated SSMFIQ_GEN at a predetermined Interrupt Handler 2720 input line or numbered input, to force entry to Monitor Mode. The Monitor Mode is coded to thereupon check that SSMFIQ_Status is cleared and thereupon inactivates or resets the Interrupt Handler SICR PublicInhibit to unmask all Public FIQ. The Monitor Mode then switches back to the code that was interrupted by SSMFIQ_GEN.
In
The racing loop scenario for Cold Reset and Warm Reset is that when Security Violation Handler 2760 generates a violation, all paths might be asynchronous. Then the MPU 2610 subsystem could receive a glitch instead of a well-formed Warm Reset pulse signal in a circuitry wherein and because the SSM 2460 itself was reset asynchronously relative to the MPU 2610. In such asynchronous architecture, Security Violation Handler 2760 is further improved to avoid a racing loop by providing register with D-flip-flop (DFF) on Cold Reset in the violation logic. In that way, a stable Warm Reset generation is protectively provided.
Secure FIQ Pre-emptive Masking Handler 2715 conditions some operations on active state of a flag SSM_FIQ_Status_Global_Reg. This internal flag indicates that a Public FIQ masking SSMFIQ_Status has been generated active and supplied to the Interrupt Handler 2720. SSM_FIQ_Status_Global_Reg provides an indication that previous operations of Secure FIQ Pre-emptive Masking Handler 2715 turned on or turned off the state of the masking signal SSMFIQ_Status. An internal line and signal SSMFIQ_Status_Global_VAR indicates combinatorial logic behavior (output value is supplied immediately). By contrast, the SSMFIQ_Status_Global_REG indicates flip-flop behavior that is updated on next clock cycle.
When its IF-conditions are active (true), Secure FIQ Pre-emptive Masking Handler 2715 generates the SSMFIQ_GEN signal, which is directly connected to Interrupt Handler 2720 as an interrupt. This interrupt is raised when AutoInhibit is not-active and the Handler 2715 circuitry is in Manual mode (Monitor Mode method). When this SSMFIQ_GEN interrupt is generated, the Monitor Mode software de-asserts it by acknowledging the interrupt by clearing SSMFIQ_ACK in the SSM_FIQ register in registers 2620 in
IF-conditioning the deeper-down operation of the Secure FIQ Pre-emptive Masking Handler 2715 Masking Handler on SSMFIQ_ACK, as shown in TABLE 9, releases the SSMFIQ_GEN interrupt so that it is not repeatedly and inadvertently trapped as an FIQ into Monitor Mode and thereby impede operation by frequently or continuously generating an interrupt exception.
In TABLE 9, the IF conditional involving SSM_PMASK_FEEDBACK_Q handles the situation that if SSMFIQ_Status transitions from one to zero and if masking of PFIQ was actually completed in Interrupt Handler 2720 ( . . . Feedback_Q=‘1’), then the circuit releases the interrupt or prevents generation of the interrupt SSMFIQ_GEN even without involvement of acknowledge SSMFIQ_ACK.
In
Hardware security rules are applied as follows. When a channel rights configuration for DMA channel 3515.i is successfully made according to the configuration hardware security rules implemented in the hardware (e.g., see TABLE 10), the MreqInfo TABLE 7 qualifiers of the accesses that made that configuration are recorded or entered and thereby establish the channel rights in the channel rights register for regular (non-configuration) run-time accesses to DMA subsystem 3510.i (source, destination). Then operation of the DMA subsystem 3510.i is started and uses these MreqInfo qualifiers configured into the channel rights register DMA_CHANNELi 3515.i for firewall evaluation of a regular transaction issued on the interconnect.
In
The Lock bit, if set, locks the DMA_CHANNELi register to which it pertains. The various Mreq-prefixed bits MreqSystem, MreqPrivilege, MreqSecure, and so forth, in the DMA_CHANNELi register are issued to the DMA Access Properties Firewall 3512.i on occurrence of an attempted regular (non-configuration) DMA transaction via the corresponding DMA channel from Interconnect 3534. The attempted DMA transaction is represented by signals on lines in
A security violation is recognized by the Firewall 3512.i upon an attempted configuration access wherein the MReqInfo supplied from Interconnect 3534 is non-compliant or inconsistent with the configuration hardware security rules hereinabove for a given attempted configuration access and implemented in the firewall 3512.i to which the attempted configuration access is made. Then the DMA Access Properties Firewall 3512.i issues an active signal on a line SECURITY_VIOLATION_DMA to a Violation Handler in
A security violation is recognized by the Firewall 3512.i upon an attempted regular access wherein the MReqInfo supplied from Interconnect 3534 is less than or is inconsistent with the channel rights configuration accorded by the hardware security rules to a given access, as reflected by MreqSystem, MreqPrivilege, MreqSecure and so forth stored in the DMA_CHANNELi register 3515.i for the DMA channel to which the attempted access is made. Then the DMA Access Properties Firewall 3512.i issues an active signal on a line SECURITY_VIOLATION_DMA to a Violation Handler in
Note also that the DMA registers are writeable provided that a respective channel rights signal complies with the hardware security rules for the access and thereupon an access permission signal is issued e.g., DMA_CHANNELn_ACCESS=MreqSystem&MreqPrivilege&MreqSecure.
The hardware of the DMA Access Properties Firewall 3512.i is suitably established to achieve firewall configuration structures and operations. See circuitry of the firewall configuration hardware design code example of TABLE 10. Channel 0 is used as a placeholder for any particular channel i to which the Firewall 3512.i is adapted. MDATA is a new configuration request and new configuration data for the DMA_CHANNELi register. MreqSecure, MreqSystem, and MreqPrivilege are examples of qualifiers on the MreqInfo lines in
TABLE 11 shows an example of permitted accesses to a DMA Firewall. The heading Current Mode refers to lowest level of permission established by configuration in the channel rights register DMA_CHANNELi of
In
The various categories running on MPU 2610 act as Initiators. Other system components can be Initiators. For instance, Display Subsystem 3510.4 of
The Display Subsystem registers 3515.4 are configured to be accessible only by Secure accesses using interconnect 3534 protection groups. The Display subsystem 3510.4 is used integrally inside the Secure mode for securing display events such as banking display when needed. When configured as Secure, the Display subsystem does not need the MPU 2610 to be in Secure mode to receive or transmit Secure transactions.
For Secure transaction configuration, the Display Subsystem DMA 3518.4 is configured to full Secure state by setting a DISP_Control Secure register bit field. This bit field is only accessible by the MPU 2610 in Secure mode of the MPU to access the DISP_Control register field to set/reset it. Once configured, all transactions issued by the Display subsystem 3510.4 are tagged as Secure (MreqSecure active). When the Secure bit has been set, the MPU 2610 software in Secure mode is responsible for checking the Display Subsystem configuration. The video layers are disabled by software operating on MPU 2610 in Secure mode of MPU 2610. A secure Camera DMA 3510.3 transaction is configured for Secure or Non-secure operation in a way analogous to that described for the Display subsystem 3510.4.
The system memory interface 3555 of
When an access is detected, the Target Firewall 3512.i has a comparator 3710 that first checks whether the address MADDR of the access on bus 3538 matches with a defined firewall permitted Start_Addr/End_Addr address range fields in channel rights register DMA_CHANNELi_ADDR. Also, multiple address ranges or regions with different qualifier permissions configured for them are suitably established at configuration time and used for the regular run-time process according to a permission register or permission table 3720 that comprises the channel rights registers DMA_CHANNELi.
Address inclusion into or exclusion from such a range is defined for a firewall FW by:
Addr=Function(MADDR, MAddrSpace), e.g., FW_Start_Addr≦MADDR≦FW_End_Addr. Address MADDR corresponds to the physical address of the access as it would be seen by the MPU 2610 with the MMU disabled. FW_Start_Addr=Base_Addr, FW_End_Addr=Base_Addr+Size. Base_Addr and Size are configured in an Addr_Match field of the register, or the End address field is configured directly with an end address value in
In
Read_Permission and Write_Permission register fields are provided in the DMA_CHANNELi registers. Each permission field has a subfield giving Read (rd) permission (or not) and a subfield giving Write (wr) permission (or not) on an initiator-by-initiator basis for every initiator in the system of
The associated decoder circuit is of such as type as would be used for address decoding but fed instead with the MreqInfo bits, MCMD, and ConnID bits. Each individual register bit from the Permission register is active/inactive to represent permission/no-permission for a particular combination of MreqInfo bits, MCMD read or write access, and particular Initiator represented by a particular combination of ConnID bits. When a particular combination of these bits is fed to the associated decoder circuit, the Permission register is muxed out and coupled to a Permission output line that delivers the appropriate particular permission bit in the Permission register representing whether the attempted access is permitted or not.
In
In
If Yes at step 3820, then operations proceed to a further decision step 3840 to determine by comparison with contents of a firewall register Req_Info_Permission 3842 (subfield attr, compare register DMA_CHANNELi of
If a write access is indicated by MCMD at decision step 3815, operations go from step 3815 (No) to a decision step 3860 to determine the Initiator ID 3864 (or 3824) of the initiator has permission from a register WR_Permission 3862 (subfield wr) for the region to indeed write to this region. If No at step 3860, then operations branch to step 3830 where Access is denied. If Yes at step 3860, then operations proceed to the further decision step 3840 to determine whether the request has the correct Mreq qualifiers, collectively called MreqInfo, to permit write access to the region. If No at step 3840, then operations branch to step 3830 where Access is denied. If Yes at step 3840, then operations proceed to step 3850 where Access is granted.
Various combinations of bits values in the Req_Info_Permission register of
TABLE 12 shows various registers for use in an alternative embodiment of a firewall 3512.i or 3522.i, etc. Address-subsystem/segment-specific Permission registers are provided and called Protection Group registers PROT_GROUP(0), (1), . . . (N) in TABLE 12.
In
Security Violation handling for In-band errors. When an in-band error is sent back into a system-side bus (e.g., an Open Core Protocol OCP side of interface 2665) in response to an attempted bus transaction, this error is converted by the MPU2BUS as a xRESPx=ERROR flag. HRESPx is an error response regarding Host (MPU). SRESPx is an error response regarding System (e.g., Modem, DSP, Camera, etc.). The SRESPx flag from Firewallx is seen by the MPU 2610 as an External Prefetch Abort or Data Abort depending on whether the transaction type is an opcode fetch or a data transfer.
As used herein, “in-band errors” refer to errors that are embedded in a response transaction to an initiator. Initiator refers to a circuit that is initiating an information transfer. For example, a response transaction may include status information such as an “OK” indicator or a “FAIL” indicator that is returned to the initiator. As used herein, “out-band errors” refer to errors that are out of the initiator execution flow. For example, the firewalls may generate error signals that are outside the initiator execution flow. The out-band errors are used to update status registers and/or to cause an MPU 2610 interrupt to notify a user of the system, to disable one or more functions of the system, or to perform some other action in response to a security violation. An in-band error SRESP is provided to processor core 2610.
In
When an External Prefetch Abort is seen by the MPU 2610 internal pipeline, the MPU flushes all its pipeline stages, flushes its prefetch unit and branches to the External Prefetch Abort exception vector whereupon Extend Prefetch Abort service software code linked to that exception vector is executed. When an External Data Abort occurs, the MPU stalls its pipeline and branches to the External Data Abort exception vector. External Data Abort software code linked to this exception vector is executed. The MPU responds to both types of in-band errors to kill the applicable process thread.
An in-band error due to a Security violation can come from any of the firewalls due to an MPU Read or Write transaction or an instruction transaction as applicable to the firewall. When a posted write fails, an Out-of-Band error is generated. Out-of-Band errors are suitably generated by various DMA firewalls and Interconnect firewalls and are flagged in the Control Module 2765 and reported in the Platform_Violation field of the SSM Platform_Status Register (PSR) in registers 2620 of
TABLE 13 describes various error-reporting registers.
In
In
In
Permission Decode logic 3940 generates an intermediate clearance or permission signal to a first input of an AND-gate 3938. Mux 3936 has its output coupled to a second input of the AND-gate 3938.
Permission Decode logic 3940 has a number m (five here) MreqInfo inputs 3944 from
AND-gate 3938 supplies an output active-high when both the intermediate MreqInfo permission signal is active from Permission Decode logic 3940 and the Read permission/Write permission output from Mux 3936 is active. The output from Mux 3936 to indicates that the initiator identified by ConnID is permitted to make the type (Read or Write) of access being attempted. The output of AND-gate 3938 is like the Pass/Fail output from
A logic circuit 3948 is fed with ConnID as a system input and with an MPU 2610 signal indicating an MPU access. Logic circuit 3948 in some embodiments acts as a mask filter or comparator to produce one or more MreqSystem signal(s) active when a particular ConnID indicative of a Modem DSP or System DMA, for instance, is making the access, and to produce the MreqSystem signal inactive when the MPU 2610 is making the access. SSM 2460 in another embodiment, as in
An AND-gate 3952 is fed at a first input with the permission output of the AND-gate 3938. AND-gate 3952 is fed at a second input with the output of an Overlap Logic circuit 3954 which represents whether undesirable overlapping of defined address segments is absent or not. Overlap Logic circuit 3954 has n-number of inputs coupled to the outputs of the NOR-gates 3916.i for the various address segments i. If two or more of the outputs of the NOR-gates 3916.i are active concurrently, then the output of the logic 3954 is made active. In this way, the hardware monitors the Start/End addresses of the segments so that the definitions of the separate address segments are non-overlapping and do not generate an ambiguous multiple hit in different segments i by a given attempted access.
If such overlapping is present, or if AND-gate 3938 has permission output inactive indicating that access permission is denied, then the AND-gate 3952 supplies an active security violation output to a 1:2 demux 3956. Classifier MreqDebug drives the selector control of demux 3956. Suppose the output of logic 3952 is active, indicating a security violation. If classifier MreqDebug is active for Debug access, then Demux 3956 supplies a debug-based Security Violation output signal Sec_Viol_Debug active. Otherwise, if classifier MreqDebug is inactive for Debug access, thus indicating Functional access, then Demux 3956 supplies another Security Violation output signal Sec_Viol_Func active instead.
Numerous circuitry embodiments can be prepared by reference to the examples and/or otherwise according to the teachings herein to accomplish the determination of permission Pass/Fail (Granted/Denied) for the attempted access. Among other things, some embodiments suitably use multi-bit permission fields, instead of a single bit permission field, and a particular multi-bit permission field is retrieved depending on a particular permutation or state of MreqInfo inputs. Degree of programmability of the firewall and amount of chip real estate are considered in preparing a particular embodiment.
In
In
Suppose a Stack of size 2ˆ (N+1)=L×256 bytes is to be protected. The letter “A” designates an Address_of_the_Incoming_Group_of_Access [MSB] and is a memory line address MSB selection out of L memory lines. The letter “B” designates the Word_Line_Used [LSB] and is the word selection LSB out of the W words inside a given memory line address. The DFW Matrix 4015 supports mixed-Endian, aligned and unaligned accesses for packed stacks, and bursts from store multiple instructions.
In one type of embodiment the DFW Matrix has a cell or bit corresponding to each coordinate pair (A,B). If DFW_Matrix (A, B)=0 a write access is allowed to word B of the memory line address A. When the write occurs, the corresponding cell is set, so DFW_Matrix (A, B)=1 (Set). When a read to the same word (A,B) occurs, that cell is cleared, so DFW_Matrix (A, B)=0 (cleared). If DFW_Matrix (A, B)=1 and a write access occurs consecutively to the “B” word of the memory line “A” without an intervening read, then a Security Violation is generated. The Security Violation is generated because an attempt to overwrite a word in the SPM Stack has occurred after an earlier write and before a pop or read has occurred.
If 4 Kbytes of stack are to be monitored by the dynamic firewall 4010, this means N=11. The memory reserved stack area is aligned on 2ˆ (N+1) address boundary for simplicity and to avoid matrix translations. If word width is 32 bits (4 bytes), and W is 8 words/line, then the number L of memory lines is 128 lines (=4K bytes/(4 bytes/word×8 words/line)).
In
For bus Reads, a MPU bus read access decoder 4018 is provided in the SPM Stack firewall 4010, and complements the MPU bus write access decoder 4016 just described. The MPU bus read access decoder 4018, shown by example in hardware design code of TABLE 16, decodes from the address sent and burst mode a particular word (B) on the eight-word memory line (designated Read_Matrix_Hit) in the DFW_Matrix 4015.
A Secure Privilege Mode Stack Integrity Checker SPMSIC firewall 4010 and example hardware design code for it are shown in
Further in
Monitor Stack Firewall 4030 protects the integrity of data in the Monitor Stack from write access) by any CPSR mode of MPU 2610 other than Monitor Mode. Enabling both firewalls 4010 and 4030 from Firewall_Controller register 4020 provides a dual enforcement configuration activated by register fields/bits SPMSIC_EN and MONITOR_STACK_EN. A Security Violation signal specific to occurrence of an attempted non-Monitor write access threatening the Monitor Stack is output by firewall 4030 to Security Violation Handler 2760. MMU page configurations for Monitor Stack and SPM Stack are set up as non-executable data page.
In
In
In
In
Instruction Bus Firewall 4110 generates a Security Violation for instruction bus IBUS if Monitor Mode code attempts to get an opcode from anywhere besides a Start/End_Monitor_Code reserved space, or if any Secure mode attempt to access an instruction opcode goes outside Start/End address spaces in Secure ROM, Secure RAM or Stacked RAM permitted for opcode retrieval. If any Secure mode opcode access is specifically directed to the SPM Stack, the occurrence is flagged and a corresponding Security Violation is generated. If the IBUS bus lines indicative of protection ARPROTI are inconsistent with the CPSR_Mode and NS security bits on the Security Monitor bus SECMON 2635 of MPU 2610, then a Security violation is issued by firewall 4110. Also, a Secure mode access for an instruction opcode in the SPM Stack is not permitted, since SPM Stack is for data and not opcodes, and firewall 4110 triggers a Security Violation upon such an occurrence.
A Monitor Mode Data Firewall 4150 is depicted in
In firewall 4150, a Security violation for Monitor Data is issued if an attempted Monitor data access would use an area prevented or forbidden to Monitor by firewall 4150. If Monitor Mode attempts write outside the Monitor Stack, then a Security Violation is issued. Furthermore, if the CPSR_Mode on SECMON bus indicates Monitor Mode, but the Data Read bus protection lines ARPROTW or Data Write bus protection lines AWPROTW indicate User or Public mode, then the inconsistency is detected by firewall 4150. Depending on the applicable bus, data read_DRBUS or data write_DWBUS, a respective Security_Violation_signal is issued from firewall 4150.
By way of operational comparison of firewalls 4030 and 4150, a Write is rejected by Monitor Stack Firewall 4030 of
In FIGS. 25A/25B, Monitor Mode Instruction Bus Firewall 4110 and Monitor Mode Data Firewall 4150 prevent Monitor Mode code itself from attempting access outside permitted spaces. In case Monitor Mode code were intruded upon by an attack, Monitor code is prevented from executing virus or other code involved in the attack. Monitor code can control a transition from Secure space into Public space because in Monitor Mode the Monitor code can context-switch MPU 2610 core parameters that do not need to enter the mode concerned. Also, the Monitor Mode has a dedicated memory stack called the Monitor Stack. Moreover, Monitor Mode can access both Secure and Public MMU and SSM 2460 of
Monitor Mode code is constrained by the circuitry of
In
In FIGS. 25A/25B, the Monitor Mode is itself regulated and protected by protective circuitry 4110, 4150 and prevented from accessing outside of predefined memory space and elsewhere in the rest of the platform. Having the Monitor Mode code running on MPU 2610 and accessing SSM Registers 2620 via Peripheral Port 2625 is safer and easier to control while ensuring a fast execution. In one circuit example, accessing the Peripheral Port 2625 of
In some embodiments, Monitor Mode Data Firewall 4150 includes a hardware section to initialize a SMI (Software Monitor Interrupt) flag SMI_Code if the mode is not Monitor Mode. If operations are in Monitor Mode and Monitor Mode is enabled, a permissible SMI service retrieve might occur but trigger a Security_Violation_DRBUS under the rules regulating Data Reads in firewall 4150. In that permitted case a Violation_DRBUS_Neutralizer output line is kept inactive, but otherwise an active state of Security_Violation_DRBUS as noted above also activates the Violation_DRBUS_Neutralizer output line from firewall 4150.
In some embodiments, a security zone mechanism in MPU 2610 can evict a data write cache line as dirty in Monitor Mode. In
External Aborts EA include an Abort generated by the interconnect 3521 and/or 3534 of
In
To provide some hardware-supported hypervisor embodiments herein with an MPU 2610 having a security zone architecture, the features of the security zone architecture are analyzed. The skilled worker identifies a suitable security zone configuration as desirable for use with the hardware-supported hypervisor. Then the identified configuration is established on boot. For example, in the case of TrustZone, the identified configuration is one that provides the maximum security that the security zone mechanism establishes. For other security zone architectures, some intermediate level, or even a low level of security, may be identified for use, and then the SSM 2460 is provided with appropriate security zone circuits in block 2740 and the firewalls are configured to establish the security features for supporting hypervisor operation, all according to the teachings herein.
If MPU 2610 has a security zone mechanism, the security zone mechanism is configured at boot in a highly security-robust way that prevents Current Program Status Register CPSR transitions between some less-sensitive modes and some more-sensitive modes. Certain mode transitions (e.g. in CPSR register) that are permitted between modes by the security zone mechanism are further hardware-controlled, regulated or restricted by hardware in SSM 2460 and firewalls as described herein. A design strategy herein considers the modes of the processor and picks one of the secure privileged modes (e.g., MPU Monitor Mode) to be the vessel for control code added herein. The hardware of SSM 2460 and the firewalls regulate and restrict the permitted operations of MPU 2610 and the system so that the control code operates as a hypervisor which in turn has the categories of
In a MPU core example in
In
The instructions to configure the SZ mechanism are executable by MPU 2610 when CP15Disable has a predetermined first state in secure (NS=0) Monitor or Privilege mode, but become Undefined in MPU 2610 when CP15SDisable is put in a second state that effectively prevents the SZ mechanism from being re-configured. If an Undefined error happens in Monitor Mode, a Security Violation is generated in this embodiment. One source of an Undefined error is from an attempted unauthorized re-configuration. The hardware also generates a Security Violation in response to an occurrence of External Prefetch Abort and Data Abort when both the MPU is in Monitor Mode and the translation table base TTB0 Control Register configuration is set to execute a page table walk and not set to generate a page fault.
The CP15Disable mechanism of MPU 2610 relates to configuring areas in MPU 2610 such as or related to: Secure Control Register CP15S, Secure Translation Table, Secure Domain Access Control, controls for Data or Instruction low-latency tightly-coupled memory (TCM) and various remap registers, vector base addresses (e.g., in
In Secure Boot, higher security HS and lower security GP integrated circuit devices boot from on-chip Secure ROM so that the boot image running on the platform is authenticated before it is executed. A valid boot image is checked for the proper size, format and signatures. For Test or Emulator device units used in development, an External Boot mode swaps or remaps addressing from the Secure ROM target to Flash memory target memory space. Firewalls of
A security zone locking SZ_Locking register in SSM Registers 2620 has a field CP15Disable_REG for configuring CP15Disable. This SZ_Locking register is coupled to Peripheral Port 2625 in order for CP15Disable hardware pin to be reset so that Boot or re-boot can configure the system as soon as the MPU 2610 and SSM 2460 CP15Disable_REG are reset.
Boot software running in Secure Supervisor mode sets a configuration for L1/L2 caches in Secure world, and to enable Secure MMU 2520 of
In
Among other features, the CP15S register SZ configuration for the Secure world suitably has selections such as from one, some or all the following: Setting of CPSR exception bit when exception occurs, Enable of vectored interrupt (VIC) interface, Enable extended page table configuration, Fast interrupt configuration, Enable Instruction/Data TCMs, Load instruction to program counter PC to activate an alternative MPU instruction-set, Enables for MMU protection, Enables for Instruction cache(s) and Data cache(s) and establish their replacement policies, Establish exception vectors and their locations, Branch prediction disable/enable, ROM protection, Enable/establish Mixed-Endian configuration, Enable Write Buffer, Enable unaligned access and/or strict alignment fault checking. Various embodiments of Security Zone Static Configuration Enforcement 4210 are prepared to appropriately act to protect the integrity of the SZ configuration.
In
In order to deliver product engineering coherency across different product platforms for ever more efficient business operations, the security zone core of MPU 2610 is desirably made compatible with lower security product units called General Purpose (GP) devices (see incorporated patent application TI-38206), and provided with a Strict Public Debug mode platform capability and also protected against unauthorized manipulations of a Test Mode and of External Boot from Flash memory. When one of these modes or lower-security levels is activated, the MPU 2610 is provided with appropriate controls.
In order to establish, configure or re-create these software-compatible functionalities across devices, consider an example wherein the security zone mechanism of MPU 2610 boots in Secure Supervisor mode, and wherein an SMI instruction cannot be disabled and thus Monitor Mode can always be called. A Boot routine is coded and executed in Secure Supervisor mode.
Monitor code of
Platform Events and Configuration Handler 2775 activates Monitor Mode code, and the Monitor code determines that one of these lower-security modes is entered. This suitably occurs by Boot code configuring internal fields and/or detecting e-fuses in MPU 2610 and correspondingly configuring Platform Status Register in SSM Registers 2620. Monitor code polls the internal fields and the Platform Security Register fields of
For the present purposes higher-security (HS) configured devices activate various bits in the SCR of Interrupt Handler 2720 of
In
Platform hardware firewalls in
Suppose in some embodiments that in-band errors are not generated in case of a Security Violation by particular component in
In
Another example of device-type handling with Security Zone core and SSM security rules enforcement is given next.
The SSM 2460 allows different debug and trace configurations depending on the device type set in an E-fuse farm CPU component. Compare
Test Modes handling with Security Zone core and security rules enforcement in
Platform Events and Configuration Handler 2775 in TABLE 23 monitors a Test_En signal which signifies status on the current mode of operation, and a Test_At_Speed_En signal which signifies status on at speed test status. This Test Mode restriction is relaxed for Test device (device with non-programmed or undebugged E-fuses) for comprehensive test in a secure factory environment. The Test device type facilitates comprehensive debugging of first prototypes on an emulator. The E-fuses are suitably programmed before leaving the factory.
External Boot handling with security zone mechanism in MPU 2610 and security rules enforcement is described next for Platform Events and Configuration Handler 2775 example in TABLE 23. In some embodiments, the External Boot mode is activated by a hardwire line Sys.Boot of the MPU 2610 and a signal CPU_Boot_Mode is coupled from MPU 2610 to Platform Events and Configuration Handler 2775. External Boot Mode allows swapping the on-chip ROM address space to off-chip Flash ROM memory space. This mode remaps a starting address for the ROM to the starting address of the external Flash memory, e.g., 1025 or 1435 in
In
Platform Events and Configuration Handler 2775 in SSM 2460 responds to these bits/fields to establish various configuration signals in the system at boot and during run-time. For example, the Platform Status Register PSR in SSM Registers 2620 has bits/fields for signifying Power_Reset_Events, Platform_Violations, and general purpose device GP_Device and Strict_Public_Debug.
On a SMI exception (software monitor interrupt), see
In
In
In
Some of the use cases that involve sophisticated use of the power mechanisms do not wake up the MPU 2610 when processing from retention to active states (e.g., MPU 2610 and Display subsystem 3510.4 for refresh). Depending on the chosen application scenarios, the values from the interconnect firewalls 3522.i registers are exported into the Control Module 2765 to allow a public path through a given interconnect firewall without need of MPU 2610 wake-up.
When the Core Power Domain logic itself, e.g., including Control Module 2765 and any memories in that domain, is powered on and off, the interconnect firewall configuration integrity may depend on the power state in the Core Power Domain. Interconnect firewall Permission register default configurations are properly chosen that at power-on or re-activation, the security of a given firewall is very high. On-chip Secure ROM code saves each firewall configuration in response to an imminent power domain power-down operation and restores each saved firewall configuration on a power-up operation.
In some embodiments, data retention modes are activated by the PRCM 2790 (power reset control manager) using either Secure or Public accesses or operations by MPU 2610 or by a data retention unit. Retention modes are part of a power saving strategy and are not necessarily a mechanism to do security. Accordingly, the hardware-supported Hypervisor running as Monitor code on MPU 2610 secures the usage and operations of the PRCM 2790. The Hypervisor software selectively activates the retention modes according to the processor load and status of the different HLOS and/or RTOS running on the virtual processors or categories or multiple CPU cores of alternative embodiments. The power architecture in various alternative system embodiments is arranged to identify and avoid or handle any feedback loops in operations and to build run-time analysis statistics.
In
Retention Flip-flops are introduced into the random number generator RNG in security block 1450 and/or 1140 of
Security-related peripheral(s) are suitably provided, such as hardware acceleration for encryption/decryption/hash in security blocks 1450 or 1140 of
In
In
In
The Platform Events and Configuration Handler 2775 delivers a security violation signal designated Security_Violation_GP_SPD if there is a NS bit violation or a Boot violation. NS_Bit_Violation signal is set active when an inconsistency arises between the MPU 2610 NS security bit signifying a secure state when a non-secure state is expected and indicated by an active NS_Lock signal in the hardware. NS_Lock is set active when the Platform Events and Configuration Handler 2775 circuit detects a GP device or a Strict Public debug (SPD_EN, non-secure debug) condition of signal GenDBGEnable. The corresponding GP_Device and/or Strict_Public_Debug bit/fields in the PSR register are also set. A second violation aspect of signal Security_Violation_GP_SPD is a Boot violation. If the MPU 2610 External Boot mode signal is active at run-time for either a GP or HS device, then a Boot violation is generated.
MPU2BUS interface 2665 has a circuit that responds to a signal Public_Stuck to force the qualifier MreqSecure to non-secure state and maintain that state regardless of any CPU 2610 core transaction. When Test modes others then Test_At_Speed are configured the Platform Events and Configuration Handler 2775 hardware supplies the Public_Stuck signal active to the MPU2BUS interface 2665.
TABLE 24 shows an example of hardware design code for a firewall 2742 for a variable length codec (VLCD) 2744, e.g., a Huffman codec for telecom. iVLCD Firewall 2742 restricts the access to the iVLCD 2744 depending on CPSR mode of operation {User; Privilege}, {Public; Secure}, system state of operation {Debug; Functional}, and MMU page-type {Data; Instruction}. The iVLCD Firewall 2742 of TABLE 24 can be compared with and supplemented by the firewall illustration and description of
When an attempted but unpermitted access is detected by iVLCD firewall 2742, an iVLCD Security Violation is generated. This violation is then handled by the Security Violation Handler 2760 of FIGS. 28A/28B depending on the current debug mode configured, if any, and the security violation strategy. The iVLCD firewall 2742 is embedded hardware and allows restricting the iVLCD 2744 for data Read/Write accesses and bus protection lines HPROT attribute combinations as follows. A set of bits {Privilege, Security, Debug, Type} form a four-bit combination that for particular bit values represents one of sixteen bit positions in a register HPROT_Perm. When access is allowed for a particular combination, a bit ReqBIT is set in the corresponding one of the sixteen bit positions, analogous to the attribute attr field of Permissions register in
The iVLCD firewall 2742 is configured through a SSM_IVLCD_Firewall register that includes HPROT_Perm. Other bits are VP1_Access where 0/1 means only Non-virtual or Virtual can access, WR_Perm 0/1 means Write not-allowed or allowed, and RD_Perm 0/1 means Write not-allowed or allowed, respectively. Register access rights are provided to the modes in Class 0: All; Class 1: Public Privilege; Secure User; Secure Privilege; Class 2: Secure User; Secure Privilege; Class 3: Secure Privilege.
The following Security Violation fields have designations prefixed with SECURITY_VIOLATION and are generated by the different components of the SSM: _IBUS, _DRBUS, _DWBUS, _ITRACEBUS, _DTRACEBUS, _MONITOR_STACK, _SPM_STACK, _CPSR, _GP_SPD, _SZ_CONF, _DEBUG, _iVLCD, _IBUS_PHY_VP1, _RDBUS_PHY_VP1, _IBUS_VIR_VP1, _DBUS_VIR_VP1.
The SSM 2460, by its construction and configuration, monitors the different buses and system components in a specific way. Depending on the configuration and security blocks provided for the SSM component as taught herein, the Security Violation signaling strategy varies depending on whether the attack that initiates the security violation response creates damage or not and whether any particular damage scenario is recoverable or not. Damage scenarios might include trashing of a particular memory section, leakage of secure assets, fetching of non-allowed instructions, processor state hijacking, and other potential security compromises.
Some CPU cores can post Read and Write addresses before any accesses physically happen. Some embodiments of SSM respond to this posting capability, when present, to send back an External Prefetch Abort and/or Data Abort (In_Band) signal before any physical Data Read or Data Write takes place. The MPU2BUS interface, either directly or via Monitor code, responds to that In-Band signal to neutralize an attack by intercepting the actual Read or Write transaction. A damage scenario is prevented because memory is not corrupted or one or more attacker instructions are not executed.
In the Posted Read or Posted Write architecture, a security violation signaling strategy example is given as follows. If a particular type of Security Violation upon hypothetical occurrence would not damage memory contents nor corrupt the MPU processor state, then External Data/Prefetch Abort generation is a sufficient response. If a particular type of Security Violation upon hypothetical occurrence would cause damage to memory contents or corrupt the MPU processor state, but they are recoverable by activating an appropriate exception handler, then External Data/Prefetch Abort generation is sufficient. If a particular type of Security Violation upon hypothetical occurrence would cause unrecoverable damage to memory contents or corrupt the MPU processor state, then the security response should reset the MPU 2610, or reset or re-initialize the virtual processor responsible for the category of
An External Data Abort (EA bit) is maskable in some MPU cores. If External Data Abort is maskable, then an External Prefetch Abort is used instead to respond to a Security Violation and generate a pipeline flush to destroy the context of the application responsible for the Security Violation. Thus, some flexibility is suitably established through the SSM registers to configure whether to generate an External Prefetch Abort on next instruction when a Read/Write Data Security Violation is detected currently, see Aborts of
Security Violation Handler 2760 responds to either
In a Group 2 of Data Read Channel Violations of TABLE 28, the response supplied by Security Violation Handler 2760 includes External Data Abort, External Prefetch Abort and Reset of the MPU 2610. Security Violation Handler 2760 responds to either
An External Prefetch Abort request is also sent back to the MPU 2610 in response to a Next_Instr_Abort signal to MPU2BUS interface 2665 in order to destroy the context of the application by pipeline flush on occurrence of a Group 2 Security Violation or a Group 3 Security Violation. External Prefetch Abort is coupled with exception handler circuitry to terminate the application process that caused the Security Violation.
In a Group 3 of Data Write Channel Violations, the response supplied by Security Violation Handler 2760 includes External Data Abort, External Prefetch Abort and Reset of the MPU 2610. Security Violation Handler 2760 responds to either
In a Group 4 of Data Write Channel Violations of TABLE 28, the response supplied by Security Violation Handler 2760 accords with the particular response code configured into DFW_Violation_Strategy of TABLE 26. For example, the response suitably includes External Data Abort, External Prefetch Abort and Reset of the MPU 2610. Security Violation Handler 2760 responds to
To perform such a recovery, Security Violation Handler 2760 generates a signal Next_Instr_Abort to MPU2BUS interface 2665 which in turn sends back an External Prefetch Abort signal to MPU 2610. MPU 2610 responds by vectoring to an appropriate exception handler that triggers a pipeline flush and thereby destroys the context of the offending application in response to the security violation. The exception handler further executes instructions to repair the damaged SPM Stack area using a precautionary saved-copy of the stack contents. Notice that Security Violation Handler in this example is structured to apply separate, different or independent security response strategies to Group 3 and Group 4 Security Violations.
Regarding a Group 5 of Security Violations in TABLE 28, the Group 5 Security Violations are believed not recoverable (or at least more difficult to recover) because they attempt to hijack the processor state and the secure mode architecture. The response SECURITY_VIOLATION in
The SSM Registers 2620 include a Configuration register and an Error Log register to facilitate flexible handling of the different Security Violations of Groups 1-5 and to respond efficiently when any of them happen. These registers are accessible for Read and Clear operations by Secure Privilege modes. In Control Module 2765, in its separate power domain, a register Control_SEC_Error_Status is provided to protectively store a copy of security violations on Platform Status Register from Security Violation Handler 2760. Stored firewall-violation information examples are tabulated in TABLE 12. The information accumulates errors or security violation statistics and diagnostics from the system. A register Control_Sec_EMU in Control Module 2765 configures security enables for debug, emulation, and trace of FIGS. 27, 28A/28B, 30, and 31 and TABLES 30-34. The register partitioning is established in a suitable manner into specifically named register(s) of different embodiments.
In a Group 6 of iVLCD firewall violations of TABLE 28, the response supplied by Security Violation Handler 2760 accords with TABLE 26 iVLCD_Violation_Strategy and includes External Data Abort, External Prefetch Abort and Reset of the MPU 2610. Security Violation Handler 2760 of
In response to the Group 6 Security Violation, the Security Violation Handler 2760 generates a signal Next_Instr_Abort to MPU2BUS interface 2665 which in turn sends back an External Prefetch Abort signal to MPU 2610. MPU 2610 responds by vectoring to the appropriate exception handler that triggers a pipeline flush and thereby destroys the context of the offending application that caused the Group 6 Security Violation.
In
The MPU2BUS interface 2665 in some embodiments is itself also provided with circuitry that detects a non-allowed Address transaction request on the MPU bus. The MPU2BUS interface 2665 is constructed to embed an additional External Prefetch Abort/Data Abort In-Band qualifier in a response channel representing occurrence of a non-allowed transaction. The circuitry concurrently sends back to the MPU 2610 an External Prefetch/Data Abort request signal. MPU2BUS interface 2665 also asserts the In-Band error qualifier (sets it active) in response to and in conjunction with all attempted Data transfers associated with the aborted address transaction if they propagate into the system of
In
In
The added Intercon_Attack_Neutralizer security field is configurable in the Security_Violation_CONF register which activates a security mechanism in MPU2BUS interface 2665. This Intercon_Attack_Neutralizer security mechanism creates an External Prefetch Abort each time an External Data Abort is seen on the Read or Write channel. The External Prefetch Abort is generated by the interface MPU2BUS 2665 in the next instruction transaction that occurs on the instruction bus IBUS. In different embodiments, the strategy fields of TABLE 26 are merged, subdivided, augmented, or removed as suitable to provide desired security responses. In debug modes, The security violation reporting is replaced by Debug_Request generation to the In-circuit Emulator depending on the Debug_Mode and Invasive Debug configuration.
The security violation reporting is described in TABLE 13. SSM 2460 and Debug Section 2770, 2772 of
In
The Platform Status Register PSR also provides fields for the circuitry of
Power_Reset_Events Power/reset state has changed.
Platform_Violations Security violation has occurred in the system
Strict_Public_Debug Device is in Strict Public Debug mode
GP_Device Device is a General Purpose device
Notice that the hardware of TABLE 28 for Security Violation Handler 2760 has a close relationship and includes
In the Public space 4440, Public HLOS of
In an MPU 2610 example in
Each of the modes has an associated vector address including a base address and an offset address. Vector base address registers are provided as in
In
In the Secure space 4450, Secure SWI (software interrupt) handler 4430 operates in Secure Privilege mode and has an associated entry SWI vector 4435 offset from a base address Secure_BA. Monitor code transitions to the Secure SWI handler 4430 by using the entry SWI vector 4435. Compare to protection wall 2150 of
In TABLE 29, fast context (CTX) switch is provided in the Monitor code of
Before exiting the Monitor Mode an IMB (Instruction memory barrier, flush prefetch buffer) is established by executing assembly code to enter and propagate the altered NS bit value in the pipeline of MPU 2610.
In-circuit Emulator 2785 is coupled to the TAP controller which in turn controls and selects serial scan chains that are built into MPU 2610 in predetermined core areas. These serial scan chains, and other emulation and testability features, obtain bits from MPU 2610 that represent a selected portion of the processor state (also called the image) of MPU 2610. Some background information on this type of technology is provided in U.S. Pat. No. 5,329,471, “Emulation Devices, Systems And Methods Utilizing State Machines,” which patent is hereby incorporated herein by reference. The processor state is selectively coupled to an emulation and testability host computer provided for the purpose, such as PC 1070 of
Emulation security and privilege modes are established by configurable entries in a register Control_SEC_EMU. These entries are tabulated in TABLE 30 and are identified by various suffixes to a prefix ForceDAP (Force Debug Access Port).
Different trace/debug modes are configurable by a combination of Control Module 2765 registers, SSM registers 2620 and MPU registers (e.g., CP15S_, DSCR) configuration fields or bits establishing the different debug modes. For example, an invasive debug mode is activated by setting DBGEN active. Invasive debug mode couples the SSM Debug Section 2770, 2772 with the in-circuit emulator 2785 and/or a Trace component 4820 of
In
In
Different debug mode properties of the MPU 2610 are suitably established by applicable bits of the DSCR coded for No Debug, Halt Debug and Real-time Debugging. When neither Halt mode or Real-time debugging mode are selected and enabled, all debug events are ignored, although a breakpoint instruction generates Prefetch Abort, which is equivalent to a security In-Band error.
In TABLE 32, various debug modes are provided and have names to correspond with various Boolean combinations of two or more of the MreqInfo qualifiers. Some of the Boolean combinations corresponding to debug modes involve the qualifier MreqSystem. The ForceDAP< > entries in register Control_SEC_EMU are used to establish and control the MreqInfo qualifiers for debug purposes.
Some of the debugging process and structure embodiments include lines for the following signals tabulated in TABLE 30, and the descriptions apply to the active state.
Signals designated SUIDEN and SUNIDEN signals are controlled by software (MPU secure debug enable register).
A Strict Public Debug Mode is enforced by software during the Monitor Mode execution by not allowing NS bit to be toggled to the Secure state and preventing Secure Privilege modes from being entered. The Monitor Mode is coded to configure the fields SSM_DBGEN_Disable and SSM_NIDEN_Disable when switching in or out of the Virtual Public Mode. MPU-Trace-related Monitor code is suitably coded to perform the following steps when disabling or enabling DBGEN and NIDEN:
To facilitate control by GenDbgEn[:] from DSCR over the states of DBGEN and NIDEN, a VP1_DEBUG_DIS status is included. This status indicates a Debug action to perform when switching to/from the Virtual Public Mode. When the VP1_DEBUG_DIS is active, then the Monitor code operates to activate SSM register 2620 fields SSM_DBGEN_Disable and SSM_NIDEN_Disable.
Halt mode debugging halts MPU 2610 to collect information and invasively allows changing processor and coprocessor state. Real-time debugging is established by suitable values in DSCR and is used to collect information in situations in which MPU 2610 is not halted. MPU 2610 is caused to take a Debug Exception instead of halting. A special piece of software, a monitor target, can then take control to examine or alter the processor state.
SSM Security Violation Handler 2760 suitably has hardware of TABLE 28 that is responsive to invasive debug modes that have been configured for higher security and/or higher privilege to disable debug access to MPU 2610. For example, In TABLE 28 among the higher-level debug modes, a Secure Privilege Debug mode activation operates the Emulator 2785 using a Debug Request signal (
The Security Violation Handler 2760 in TABLE 28 thus uses the signals GenDbgEnable and ICESecPrivDebugEn to establish the Security Violation reporting of TABLE 13 and strategy for issuing the SECURITY VIOLATION signal to PRCM 2790 from TABLE 28 and
In real-time debug mode, (non-invasive) debugging, emulation commands are transmitted to the MPU 2610 using either debug software in the Monitor Mode code or using commands issued from a JTAG TAP controller that couples the Emulator 2785 to the MPU 2610. External debug request EDBGRQ is ignored in real-time debug. Debug Acknowledge signal DBGACK is not activated and the MreqDebug qualifier is disabled on the interconnect of
In this way, SSM Debug Section 2770, 2772 of
TABLE 31 describes an embodiment of circuitry for the SSM Debug section 2770, 2772, which accompanies the circuitry 2772 of TABLE 28 of the Security Violation Handler 2760 of
Emulation components are grouped in an Emulation Power Domain in order to decrease the power consumption for production devices. A Debug Access Port DAP is provided as an initiator on the L3 Interconnect in some embodiments and has firewall-regulated access to various parts of the system of
In TABLE 32, a Debug Security block sets MreqDebug high and fills three MreqInfo bits Mreq[ ]—MreqSecure, MreqPrivilege, MreqSystem, for example. Concurrently loaded plural fields or bits in the design pseudocode are separated by commas. Various inputs are prefixed by ForceDAP and suffixed with Debug mode options. These inputs are responsive to states of Debug configuration fields or bits in a protected register such as Control_SEC_EMU. This Debug Security block facilitates emulation of the processor and improves system development, testing, and field service both locally and remotely to the system by authorized personnel.
In
In
A Trace data bus 4850 in
Virtual addresses output by a Trace instruction address bus in bus 4810 are checked by firewall 4830 of
Monitor Mode is differentiated in this example for purposes of L1/L2 caches and MMU from the User mode and from Privilege modes other than Monitor Mode. The virtual mapping of the Start/End addresses of Monitor Stack(s) and Monitor code ROM space are set in the MMU using a TTB0 register and the entries are locked down in MMU TLB (translation lookaside buffer) by setting a CP15Disable field or bit. This lock-down prevents any page table walk that might compromise system security.
Dedicated registers in the Control Module 2765 duplicate or mirror the TTB0/TLB programming in order to re-create the Monitor code virtual address range mapping when Monitor code is executed from the ROM location and L1/L2 Caches. Trace signals are output by the MPU 2610 when a signal Trace (ETM) power up PWRUP is active.
Trace Instruction Address bus addresses on bus 4810 are compared with stored Start and End addresses defining the ROM virtual address range occupied by the Monitor code. The Trace Instruction Address bus outputs the virtual addresses that have been executed or generated by MPU 2610 at writeback execute stage in the MPU pipeline. The Trace Instruction Address bus 4810 is qualified in FIGS. 31A/31B by Trace instruction address control IACTL information available on the SECMON Bus. The SECMON Bus also outputs the CPSR modes from the writeback execute stage in the pipeline. All the information is taken from the writeback execute stage itself, thereby checking and promoting the coherency of the information and the reliability of the information used for the checking. A set of lines in the Trace Instruction Address bus description are qualified by an instruction address-valid signal and deliver the address for the MPU-executed instruction for MMU Paging monitoring of each address region with appropriate granularity to make the comparison.
Also some Monitor code attacks could involve aborting or corrupting some instruction at different stages in the MPU 2610 pipeline. Certain Trace bus control signals for Trace instruction address control IACTL, Trace data address control TRACEDACTL and Trace data data control DDCTL are used to ascertain and control that the instruction execution and data transfer are valid. In this way, the instructions fetched from L1/L2 Caches and ROM locations are properly executed.
In
In
Further in
Data transfers occur only from predetermined areas in the system, e.g., on-chip ROM space, a Monitor Stack space reserved for Monitor code in on-chip Secure RAM (Read/Write), or via the
The virtual mapping of the Monitor Mode stacks and Monitor code ROM space are set in the MMU (memory management unit) using the TTB0 register and entries locked-down in TLB (translation lookaside buffer). Dedicated registers in the Control Module 2765 are used by the SSM 2460 in order to duplicate exactly the TTB0/TLB programming to 1) re-create the Monitor code virtual address mapping when the Monitor code is executed from the ROM location and L1/L2 caches, 2) re-create the Monitor Stack virtual address mapping when data transfer took place, and 3) re-create the Monitor code data accesses (R/W) to the Peripheral Port 2625 including SSM registers 2620 and Interrupt Handler registers 2725.
The Trace DA bus in bus 4850 outputs the virtual addresses of the Data that has been manipulated by the MPU 2610 at an Add execute pipeline stage and those virtual addresses are checked. The TRACEDA bus is qualified by two Trace DACTL lines available in
In
Note that in various embodiments, the skilled worker identifies any accesses or characteristics that are not associated with the Monitor code or hypervisor mode and then uses hardware monitoring for such accesses or characteristics to signal a Security Violation, e.g., Security_Violation_DETMBUS (data) and Security_Violation_IETMBUS (instruction). The particulars of some examples are described herein, and the various embodiments contemplate monitoring other particulars which may or may not include the ones mentioned.
Secure Demand Paging SDP 2745 of
In operation, the PA (Protected Application) and an MMU Mapping Table for Virtual mapping to Physical mapping are maintained secure on-chip. A Physical-Address-to-Virtual-Address table PA2VA provided for SDP 2745 with page table entries (PTE) pertaining specifically to pages stored in Secure RAM. One of the bits in a PTE is a Valid/Invalid bit, also called an Active bit ACT[N] for Page N herein. This page activity register ACT allows disabling of usage level monitoring for any page of the page pool.
An invalid state in ACT[N] or in the MMU Mapping Table for a given page causes an MMU page fault or interrupt when a virtual address in secure VAS (virtual address space), for a particular one of several contexts VMC of SDP within a category of
SDP hardware provides secure page swapping, and the virtual address mapping process is securely provided under Secure Mode. Secure RAM pages are positioned at the virtual address positions where they are needed, dynamically and transparently in the background to PAs.Code and Data for SDP Manager software are situated in Secure RAM in a fixed PPA (primary protected application) memory address space from which swapping is not performed.
SDP software coherency with the hardware is maintained by the MMU so that part of the software application is virtually mapped in a Secure OS (Operating System) virtual machine context VMC according to Virtual Mapping. If a context switch is performed, then the VMC entries in PA2VA are changed to a new VMC identification number.
When loading a new page into Page Slot N in Secure RAM, the previous Virtual to Physical mapping is no longer coherent. The new page corresponds to another part of the source application. The Virtual Mapping regarding the Swapped Out previous page N is obsolete regarding Page N. Entries in the MMU internal buffers representing the previous Virtual to Physical Mapping correspondence are now invalidated. An access to that Swapped Out page generates a Page Fault signal.
Also, entries in an instruction cache hierarchy at all levels (e.g. L1 and L2) and in a data cache hierarchy at all levels are invalidated to the extent they pertain to the previous Virtual to Physical Mapping correspondence. Accordingly, a Swapped Out code page is handled for coherency purposes by an instruction cache range invalidation relative to the address range of the Code page. A Data page is analogously handled by a data cache range invalidation operation relative to the address range of the Data page. Additionally, for loading Code pages, a BTAC (Branch Target Address Cache or Branch Target Buffer BTB) flush is executed at least in respect of the address tags in the page range of a wiped Code page, in order to avoid taking a predicted branch to an invalidated address.
When wiping out a page from Secure RAM, some embodiments have Code pages that are always read-only. Various of these embodiments distinguish between Data (Read/Write) pages and Code (Read Only) pages. If the page to wipe out is a Data page, then to maintain coherency, two precautions are executed. First, the Data cache range is made clean (dirty bit reset) in the range of addresses of the Data Page. Second, the Write Buffer is drained so that any data retained in the data caches (L1/L2) are written and posted writes are completed.
The SDP paging process desirably executes as fast as possible when wiping pages. Intelligent page choice mechanism built into the SDP 2745 hardware reduces or minimizes the frequency of unnecessary page wipes or Swaps since an intelligent page choice procedure as disclosed herein leaves pages in Secure RAM that are likely to be soon used again. Put another way, if a page were wiped from Secure RAM that software is soon going to use again, then SDP would consume valuable time and power to import the same page again, especially with cryptographic protection procedures.
An additional consideration in the SDP paging process is that the time consumption for wiping pages varies with Type of page as Code Page or Data Page. For example, suppose a Code Page is not required to be written back to the external memory because the Code Page is read-only and thus has not been modified. Also, a Data Page that has not been modified does not need to be written back to the external memory. By contrast, a Data Page that has been modified is encrypted and hashed and written back to the external memory 3550 of
In SDP 2745, statistics on frequency of use of each page N are kept as 2-bit values designated in a register STAT. Register STAT identifies which pages are used more frequently than others so that paging is less likely to wipe out a more frequently used page. SDP access counting operations help avoid prematurely swapping out a newly swapped-in page. Swap is executed when a page fault occurs, which means an attempted access is made to a missing page. SDP software uses Page Wiping Advisor in the SDP 2745 hardware, to identify a page slot for wiping and/or swap out and swap in when the space in Secure RAM for physical pages is full.
SDP has registers ACT for page active, TYPE for code or data page, WR for write page, STAT for statistics, and ADV for advice on which page to wipe. When any of these registers are reset, such as on power up, Warm CPU reset, or new Virtual Machine Context (VMC), all the bits in those five registers are suitably reset to zero. Those five registers are suitably provided as secure registers protected by SSM 2460. Software operating in a secure, privilege mode such as Secure Supervisor mode, is used to access and reset those registers ACT, TYPE, WR, STAT and ADV in Secure mode.
Next, various signal designators are used in connection with the coupling to busses. The signal designators are composites build up from abbreviations and interpreted according to the following Glossary TABLE 35.
TABLE 36 lists various further glossary items.
In
Multi-Processor Architecture with Hardware-Supported Hypervisor
The hypervisor code runs in Monitor Mode, and virtual worlds are switched from Monitor Mode. The hypervisor-mediated categories of
In some other embodiments, a pseudo-symmetric architecture has virtual processors wherein any of the virtual processors can do SMP (symmetric multi-processing) while using a control core plus a further number n−1 (one less than n) CPU cores, also called processor cores herein. In other words, if a complete cluster has four (4) cores or processors, then the pseudo-symmetric virtual core mechanism uses an SMP cluster of 3 CPUs as processor cores with some operations conducted by the additional control core CPU0.
The hardware hypervisor provides real time interrupt firing capability for virtual worlds to ensure RTOS capability. Any OS running in a virtual world is able to call Secure services even if the secure environment is on CPU0 and the virtual world is running on another CPU. Any security mechanism and any hypervisor mechanism are invisible to the SMP HLOS. A minor FIQ (Fast interrupt request) latency introduction has negligible effect on the SMP HLOS performance.
Each interrupt line from the 96 possible interrupt line is tagged to the Public Normal, Public Virtual, Secure Normal or Secure Virtual mode. The Security zone mechanism (SZ) traps any FIQ in Monitor Mode. The Monitor code is written to identify to which category (Public Non-virtual, Public Virtual, Secure Non-virtual or Secure Virtual) the FIQ belongs. To do this, the Monitor code reads the Interrupt Handler 2720 qualifier MreqSecure (Secure or Public FIQ) and then reads the SSM 2460 (5030) qualifier MreqSystem (Non-virtual or Virtual). Using the identified mode information, the Monitor code switches operations to a specific processor.
In some embodiments, the security zone mechanism is implemented on all CPUs of the cluster. The Secure Kernel and its secure services run specifically on CPU0, which operates as a master CPU. CPU0 is the first CPU core to boot and to setup or configure the hypervisor structure. CPU cores other than CPU0 have a small secure kernel that includes a Monitor Mode implementation to forward SMI/WFI (Software Monitor Interrupt SMI or Wait for Interrupt WFI). SMI/WFI are generated by a virtual OS kernel (WinCE, RTOS) as Secure fast interrupt SFIQ. SFIQ is coupled to the secure hypervisor in Monitor Mode operating on the master CPU0 core, which executes or drives hypervisor scheduling. The hypervisor scheduling on master CPU0 core is unnecessary on the other CPU cores, which simplifies this embodiment. The Security Monitor bus SECMON interface is accessible by the SSM 2460 (5030) for all the CPU cores. Wait for Interrupt WFI instruction is trapped into Monitor Mode as a SWI software interrupt exception, if and as-configured on a CPU-specific basis.
All WDtimers and Timers operate in a synchronous mode, and are either synchronous at the same clock rate or clock frequency or run at clock rates that are exact multiples of each other and have coinciding clock edges at the lower or lowest clock rate. All WDtimers and Timers are programmable by CPU0 to support the hypervisor scheduling. (WD is watchdog.)
In each world there is a small secure service routine for transmitting a secure service request to CPU0 wherein the Monitor Mode is located in the Secure environment of CPU0 and provides hypervisor operation.
Expanding on
In
The Interrupt architecture, for example, optionally has dedicated SFIQ input. IRQ are reserved for SMP HLOS in some embodiments. Public FIQ can be used with SMP HLOS of Public Non-virtual mode. Other modes (Public Virtual, Secure Non-virtual and Secure Virtual) use exclusively Secure FIQ to preempt the SMP HLOS.
In
Further in
In
Also in
In the embodiment of
Virtual Modes Creator 5075 protects and generates respective CPU-specific MreqSystemX qualifiers for each CPU indexed X. For example, if three (3) worlds are identified (HLOS, RTOS), then two (2) MreqSystemX qualifiers are provided to interface MPU2BUS 5065 on the same clock cycle in which the debug status arises. For virtual modes that have debug activated in registers 5035, the Virtual Modes Creator 5075 generates an MreqDebug qualifier and conveys it to interface MPU2BUS 5065 on the same clock cycle in which the debug status arises.
In
A Security Violation Handler 5090 (compare 2760 of
The SSM 5030 implements all the registers and logic for providing exclusive or cooperating debug between CPUs and virtual OS (WinCE, Nucleus). The SSM 5030 differentiates for each interrupt the mode or world (Public Non-virtual, Public Virtual, Secure Non-virtual or Secure Virtual) to which the interrupt belongs.
In the GIC (Generalized Interrupt Handler) 5020 of
In
The timers 5085.i output two interrupts per CPUi, a first interrupt for the SMP HLOS and a second interrupt for the virtual world running on the CPUi or secure mode. On a dual core or multi-core embodiment where multiple virtual worlds are evolving on a single CPUi, software is made to have only the Secure mode own the timers 5085.i (for virtual worlds). In this way, the secure hypervisor dispatches or allocates CPU bandwidth correctly between worlds.
The timers 5085.i are banked so that SMP HLOS programs its own setting. Then each virtual processor VPx or secure mode programs its respective setting into a timer bank register. The timer bank register is protected by a firewall.
In
In
In
In the banked-timers section, the Master Counter is the principal counter. The other counters service the CPUs respectively and are derived from the Master Counter. The multi-CPU system establishes the arrow percentages (SMP 50%, RTOS 50%, etc.) as follows. The Hypervisor code running in the Monitor Mode of the first core CPU0 accesses the timer of every core CPU0-CPUn and defines or establishes by configuration of the timer percentage values according to the different bandwidths required. Secure privilege access is suitably used to establish the timers configuration. This bandwidth requirement depends on power consumption estimation and power constraints and bandwidth (e.g., MIPS millions of instructions per second) required per software application.
The timer configuration of percentages is static or dynamic, or both static and dynamic. In some embodiments, a hardware feedback loop is provided to establish optimization and bandwidth allocation.
A default configuration suitably makes all SFIQ higher priority than PFIQ/IRQ as shown in the left two columns of
SFIQ priority is downgraded as shown in the right two columns of
In
In
Upon an SFIQ event from Flag block 5140, operations go a Monitor software Mask/Unmask block 5150. Otherwise, if no SFIQ event, operations go to an Entry Condition hardware block 5170. Blocks 5150 and 5160 are performed in the Monitor Mode software in this example. Mask/Unmask Process block 5150 operates as in TABLE 39 on FIQ trapped into Monitor Code:
In Flag/Mask block 5130 if there is an occurrence called a PFIQ event corner case introduced by GIC sorting time, then operations go to a Corner Process monitor software block 5160 and use NEWFIQAGR, otherwise to the Entry Condition hardware block 5170. In such corner case, the PFIQ in the GIC sorting process cannot be masked and consequently trapped. Corner Process block 5160 in the Monitor Mode software code operates as follows upon such occurrence of a PFIQ Corner case:
The SSM 5030 has hardware blocks for Entry Condition 5170, Manual/Automatic 5175, Mask Status/Unmask 5180, and Mask Status/Unmask 5190. Entry Condition block 5170 has a structure defined as follows:
Further, in addition to the SSM PFIQ pre-emptive masking above, GIC 5020 also supports SSM Public (NS=1) FIQ pre-emptive masking capability. An input hardware bit or field GIC_PFIQ_MASK is provided. When this bit or field is set active, GIC 5020 masks all Public FIQ that can occur on this specific CPU core (enforcement analogous to PFIQ CPSR F enable). GIC 5020 provides an OK_Feedback readable by Secure Privilege software, SFIQ are still active. When the GIC_PFIQ_MASK is inactive, GIC 5020 unmasks all public FIQ that can occur on this specific core (analogous to PFIQ CPSR F disable). GIC 5020 clears the OK_Feedback, which is readable by secure privilege SW, and both PFIQ and SFIQ are active. Signals CPUx_GIC_PFIQ_MASK for each CPUi in a multi-processing embodiment are established and are configured and reset by Secure Privilege software.
Implementing PFIQ and SFIQ input at each CPUi core boundary, for example, provides an uncomplicated architectural approach. This provides interrupt virtualization wherein CPSR F Disable/Enable applies only on PFIQ input when operations are in Public mode. The GIC 5020 routes all FIQ marked as Public to PFIQ and all FIQ marked as Secure to SFIQ.
CPU core for hypervisor worlds debug does run time activation of DBGEN and NIDEN in a less time-consuming way with automated coherency micro-code execution.
CPU core for SSM hardware-support for hypervisor implements hypervisor world security by adding CPSR F bit tentative masking that is then sent out on the SECMON bus. The Snoop Control Unit SCU 5010 distinguishes which CPUi has issued the current access. SCU 5010 propagates coherent shared data into the caches associated with the other CPUs. SCU 5010 ensures data coherency between all level-one caches L1$i of the cores CPUi as a cluster by moving/updating any updated instruction cache line and any updated data cache line from the cache area associated with any one CPUi to the caches of all the CPUs, i.e., all the cores in the cluster.
SCU 5010 is coupled to and cooperates with the multi-core hypervisor using an enable/disable circuit in SCU 5010 that operates as an asymmetric mode switch configurable by core CPU0 at run-time in an auxiliary control register. In that way, the core CPU0 that runs the hypervisor operates or disables the SCU 5010 so as to exclude accesses of the core CPU0 pertaining to the hypervisor process from being used to update cache lines for all the other CPUi. In other words, certain hypervisor-related accesses are selectively prevented from being taken into account by the SCU 5010 by turning off the snooping and cache line updating by SCU 5010 when hypervisor needs to disable those operations. This facilitates isolation of the hypervisor in CPU0 from the rest of the multi-core system. In this way SCU 5010 acts as an example of a cache control circuit for updating coherency between the caches. The protective circuitry of SSM 5030 is responsive to a line from CPU0 indicating that Monitor Mode is activated in CPU0 to temporarily disable the cache control circuit from updating coherency between the caches.
Enable and disable of the symmetric coherent or asymmetric not-coherent configuration per CPUi is established, for example, by configuring an auxiliary control register asymmetric field on each CPUi of the cluster. When the asymmetric field is configured active on each core CPUi, then each transaction issued by the MMU stage of the respective core CPUi to its L1$i cache and then to SCU 5010 is tagged with in-band qualifier MreqNCoherence that commands or controls the SCU 5010 to not maintain coherency on these accesses. In some embodiments, the SCU 5010 outputs information pertaining to each access that tells which CPU0-3 has generated the access. In response to the information identifying which CPUi generated the access, the SSM 5030 generates the corresponding MreqSystemX qualifiers and provides the address boundary checking and configuration checking that pertain to that CPUx category or world.
The SSM 5030 implements the following added registers to support the CPU0 SMP core hypervisor. A register for CPU0 inter-CPU SFIQ generation is configurable in Secure Privilege mode. This register enables each SFIQ to occur on a configuration-specified one or more CPUs. Each SFIQ is maskable individually by Secure Privilege software configuring a dedicated Mask register.
Per-CPU virtual worlds activation and debug control is provided. Per-CPU SMI call forward to CPU0 is provided. Per-CPU Wait for Interrupt WFI call forward to the same CPU is provided. CPUi can replace this by trapping WFI into Monitor Mode analogously to trapping SMI with a dedicated exception vector.
A Flag is provided for each interrupt line to identify which virtual world the interrupt line belongs to. A Secure/Public interrupt designation is made at GIC 5020 level. SSM 5030 adds 2 bits encoding to differentiate the virtual worlds:
Hypervisor control over different worlds is established using bits of TABLE 43.
Hypervisor control over the different categories and CPU cores is implemented, for example, as follows: When each particular low-active field is cleared (active), an interrupt is generated. When the interrupt is acknowledged, the particular field is automatically set inactive. Default value is inactive high. The _DEBUG_DIS fields are read-only, while the other TABLE 43 fields are Read or Write accessible. All the following are Read or Clear accessible: CPU<1/2/3>_inter-CPU_SFIQ, and CPU<1/2/3>_SMI_SFIQ.
In FIGS. 38A/38B, a multi-processor core virtualization architecture embodiment is shown. Switching from the different worlds or categories on CPU cores is done only through the Monitor Mode, which acts as a hardware-supported hypervisor.
In
Further in
For each respective CPUi other than CPU0, SSM 5030 performs CPUi SMI forward to CPU0 along a line for SMI CPU0 request to the interrupt handler via GIC 5020. For each respective CPUi other than CPU0, SSM 5030 performs CPUi WFI SFIQ generation along a line for WFI request via GIC 5020 to the interrupt handler for CPU0.
In
For core CPU0, the Monitor Mode code controls the CP15_NS_Bit (SCR bit/field [ ]) by setting it active or inactive for transitions from Secure to Public or Public to Secure worlds respectively. CPU0 Monitor Mode code inactivates another bit/field CPU0_VirtualWorld_Active to establish Non-virtual mode. CPU0 Monitor Mode code generates CPU1_SFIQ inter-CPU FIQ for extra scheduling to the other cores CPU1, CPU2, CPU3.
For cores CPUi other than CPU0, the Monitor Mode code i in the respective CPUi controls the CP15S_NS_Bit (SCR bit/field [ ]) in CPUi by setting it active or inactive to establish Public world or Secure world in that CPUi depending on the Public or Secure operations configured or commanded for that CPUi by CPU0 and the SSM 5030. In CPUi, another bit/field CPUi_VirtualWorld_Active is inactivated or activated to establish Non-virtual mode or Virtual mode depending on the Non-virtual or Virtual operations configured or commanded for that CPUi by CPU0 and the SSM 5030.
In FIGS. 38A/38B, SSM 5030 (and Control Module analogous to 2765 associated with SSM 5030) is bi-directionally coupled to each CPU0-CPU3 of
In FIGS. 38C/38D, the categories of operation of each CPUi in the multi-processing system are shown. In CPU0, the SMP HLOS Kernel and its Kernel Drivers and APIs operate in Public Supervisor mode. A SE API for interface to Secure Environment, and a real-time operating system RTOS API, and Public high-level operating system Public HLOS API are all provided for operation in the Public Supervisor mode of CPU0. In the Secure Supervisor mode of CPU0, a Secure Kernel operates and has associated Secure Drivers and interfaces to the SMP HLOS, the RTOS, and the Public HLOS through SMP API, RTOS API, and Public_HLOS_API respectively.
Further in
Further in
In the Public Supervisor mode of CPU3, but with CPU3_VP_Active activated for Virtual mode operation of CPU3, the Public HLOS Kernel operates and has associated Kernel Drivers and interfaces to the SMP HLOS, to the Secure Environment, and to the RTOS through SMP API, SE API, and RTOS API respectively. Secure Supervisor Non-virtual category in CPU3 is used for Hypervisor extensions in some further embodiments. Secure Supervisor Virtual category in CPU3 is used for a Secure Virtual Kernel SVK in some further embodiments.
In
Design, Verification and Fabrication
In
In a step 5615, the design of the hardware-supported hypervisor circuitry, for instance, is verified in simulation electronically on the RTL and netlist. In this way, the contents and timing of the registers, operation of the circuits in various configurations and using the registers, are verified and the firewalls and interrupt operation are verified. The operations are verified pertaining to real-time and non-real-time operations and interrupts, and transitions through handlers, Monitor Mode, Secure Privilege modes, User mode, Debug modes, power management, and various attack scenarios. Then a verification evaluation step 5620 determines whether the verification results are currently satisfactory. If not, operations loop back to step 5610.
If verification evaluation 5620 is satisfactory, the verified design is fabricated in a wafer fab and packaged to produce a resulting integrated circuit at step 5625 according to the verified design. Then a step 5630 verifies the operations directly on first-silicon and production samples by using scan chain methodology on the page processing circuit. An evaluation decision step 5635 determines whether the chips are satisfactory, and if not satisfactory, the operations loop back as early in the process such as step 5610 as needed to get satisfactory integrated circuits.
Given satisfactory integrated circuits in step 5635, a telecommunications unit based on teachings herein is manufactured. This part of the process first prepares in a step 5640 a particular design and printed wiring board (PWB) of the telecommunication unit having a telecommunications modem, a microprocessor coupled to the telecommunications modem, a secure hardware support for a hypervisor coupled to the microprocessor and peripherals and firewalls for the peripherals, and a user interface coupled to the microprocessor. Storage, such as SDRAM and Flash memory and on-chip secure memory, is coupled to the system and is provided with RTOS, Public HLOS, protected applications (PPAs and PAs), and Monitor Mode software.
The particular design of the hardware-supported hypervisor is tested in a step 5650 by electronic simulation and prototyped and tested in actual application. Operation of the circuits and using the registers in various configurations selectively activating fields of TABLE 19 in Firewall_Controller register, for instance, are verified and the firewalls and interrupt operation are verified to confirm operations of the integrated circuit(s) and system and to perform verification and test operations that go beyond those operations earlier in the process. The verification and test operations pertaining to real-time and non-real-time operations and interrupts, and transitions through handlers, Monitor Mode, Secure Privilege modes, User mode, Debug modes, power management, various real-time scenarios such as modem operational scenarios. Further testing evaluates and confirms system stability and satisfactory operation of display, phone, e-mails/data service, web browsing, voice over packet, content player, camera/imaging, video, microcontroller, and other such operation that is apparent to the human user and can be evaluated by system use. Also, various attack scenarios are applied in the test operations, such as by using real viruses, DoS attacks and other attacks.
Parameters of the circuitry, software and system are adjusted for in faster application execution, lower power dissipation, evaluation of system use, attack resistance, and other pertinent metrics. Examples of parameters include enable/disable fields in configuration registers of SSM Registers 2620 and Control Module 2765, interrupt priorities in
In manufacturing step 5670, the adjusted parameter(s) are loaded into the Flash memory or otherwise established in the integrated circuit(s) of the system. The components are assembled on a printed wiring board or otherwise as the form factor of the design is arranged to produce resulting telecommunications units according to the tested and adjusted design, whereupon operations are completed at END 5675.
Various embodiments are used with one or more microprocessors, each microprocessor having a pipeline is selected from the group consisting of 1) reduced instruction set computing (RISC), 2) digital signal processing (DSP), 3) complex instruction set computing (CISC), 4) superscalar, 5) skewed pipelines, 6) in-order, 7) out-of-order, 8) very long instruction word (VLIW), 9) single instruction multiple data (SIMD), 10) multiple instruction multiple data (MIMD), 11) multiple-core using any one or more of the foregoing, and 12) microcontroller pipelines, control peripherals, and other micro-control blocks using any one or more of the foregoing.
Various embodiments are implemented in any integrated circuit manufacturing process such as different types of CMOS (complementary metal oxide semiconductor), SOI (silicon on insulator), SiGe (silicon germanium), organic transistors, and with various types of transistors such as single-gate and multiple-gate (MUGFET) field effect transistors, and with single-electron transistors and other structures. Photonic integrated circuit blocks, components, and interconnects are also suitably applied in various embodiments.
Aspects (See Explanatory Notes at End of This Section)
1A. The electronic device claimed in claim 1 wherein first and second qualifiers have combinations of states that represent a non-virtual public category, a virtual public category, and a non-virtual secure category.
1B. The electronic device claimed in claim 1 wherein said processor is further operable to generate an attempted access on said bus and said device further comprising a firewall coupled to said bus to receive the attempted access and the first and second qualifiers.
1C. The electronic device claimed in claim 1B wherein said firewall is responsive to the attempted access and to the first and second qualifiers to permit an access by said processor pertaining to at least one of the categories and prevent an access pertaining to at least another one of the categories.
1D. The electronic device claimed in claim 1 wherein said processor is operable to transition between said categories and said protective circuitry is operable to generate at least one security violation signal unless said protective circuitry detects the monitor mode line active during the transition.
1E. The electronic device claimed in claim 1 wherein said real-time category includes a modem engine.
1F. The electronic device claimed in claim 1 wherein said processor has a public mode that is less secure and less privileged than the monitor mode of said processor.
1G. The electronic device claimed in claim 1 wherein said processor further includes a digital signal processor core coupled to said bus and operable to make an access, and said protective circuitry is also responsive to said processor to set the register field active when a given access pertains to said digital signal processor core.
2A. The integrated circuit claimed in claim 2 wherein said processor has a secure mode and said storage has a secure kernel, and said security circuit is further operable to generate the at least one security violation signal unless the transition includes a transition between the secure kernel and said software monitor.
2B. The integrated circuit claimed in claim 2 wherein said security circuit is operable to divide said processor into categories including a non-virtual public category, a virtual public category, and a non-virtual secure category.
2C. The integrated circuit claimed in claim 2B wherein said real time operating system is assigned to the virtual public category.
2D. The integrated circuit claimed in claim 2B wherein the categories further include a virtual secure category.
2E. The integrated circuit claimed in claim 2B said security circuit has a path for a plurality of signals collectively representing a current category of the processor.
2F. The integrated circuit claimed in claim 2E said security circuit has at least one firewall coupled to said bus to said path for the plurality of signals collectively representing a current category of the processor.
2G. The integrated circuit claimed in claim 2F wherein at least one said firewall is interposed between at least part of said storage and said bus.
2H. The integrated circuit claimed in claim 2F wherein at least one said firewall establishes predetermined address spaces for a category.
2J. The integrated circuit claimed in claim 2F wherein at least one said firewall establishes predetermined address spaces for the software monitor.
2K. The integrated circuit claimed in claim 2F further comprising a peripheral circuitry and wherein at least one said firewall is interposed between at least part of said peripheral circuitry and said bus.
3A. The electronic system claimed in claim 3 wherein the combinations of states represent a non-virtual public category, a virtual public category, and a non-virtual secure category.
3B. The electronic system claimed in claim 3 wherein the processor has first and second modes and said protective circuitry is further operable to permit alteration of a particular combination of the states by said processor when the processor is in said first mode and to prevent such alteration if said processor is in said second mode.
3C. The electronic system claimed in claim 3 wherein the first mode of said processor is a more secure and more privileged mode relative to said second mode.
3D. The electronic system claimed in claim 3 further comprising a first peripheral coupled by a first firewall to said processor and said first firewall is also coupled to said protective circuitry and responsive to the first and second signals to permit an access by said processor pertaining to at least one of the categories and prevent an access pertaining to at least another one of the categories.
3E. The electronic system claimed in claim 3 wherein said processor is operable to transition between said categories and said protective circuitry is operable to generate at least one security violation signal unless a transition between the categories includes the software monitor.
3F. The electronic system claimed in claim 3 wherein said real-time application includes a modem application.
4A. The security circuit claimed in claim 4 wherein said first checker circuit and said second checker circuit are jointly operable to structure a particular one of the modes to make that particular one a hypervisor mode.
4B. The security circuit claimed in claim 4 wherein said security violation handler has an output for a next-instruction abort signal.
4C. The security circuit claimed in claim 4 wherein said security violation handler has an output for an interconnect transaction neutralizer signal.
4D. The security circuit claimed in claim 4 wherein said security violation handler has an output for a reset signal.
4E. The security circuit claimed in claim 4 further comprising a bus interface circuit for establishing a path for a plurality of signals collectively representing a current category of operation of the processor based on the modes.
4F. The security circuit claimed in claim 4E further comprising a plurality of firewall circuits coupled to said bus interface circuit and to said path for a plurality of signals collectively representing a current category of operation of the processor.
4G. The security circuit claimed in claim 4F wherein said firewall circuits have respective logic circuitries independently responsive to the mode signals and to said address signals to identify attempted access transactions involving addresses in different modes and, upon detection of an attempted transaction contrary to a respective transaction policy for the respective firewall, to activate a transaction blocking signal for the respective firewall.
4H. The security circuit claimed in claim 4 wherein said second checker circuit have respective logic circuitries independently responsive to the mode signals and to said address signals to identify attempted access transactions representative of accesses of respective virtual processors and, upon detection of an attempted access transaction contrary to a respective transaction policy for the respective virtual processor, to activate an output to said security violation handler.
4J. The security circuit claimed in claim 4 further comprising a control module having a register circuit coupled to configure said first checker circuit and to configure said second checker circuit.
4K. The security circuit claimed in claim 4 for use with security configuration signals of the processor having a security policy, the first checker circuit including a logic circuit having input lines for the modes and security configuration signals, said logic circuit based on a second security policy followed by said logic circuit that is more restrictive than the security policy of said processor, said logic circuit operable to detect and generate a security violation upon an occurrence of a security configuration of the processor inconsistent with the second security policy followed by said logic circuit.
4L. The security circuit claimed in claim 4 for use with platform configuration signals of the processor having a platform policy, the first checker circuit including a logic circuit having input lines for the modes and platform configuration signals, said logic circuit based on a second platform policy followed by said logic circuit that is more restrictive than the platform policy of said processor, said logic circuit operable to detect and generate a platform violation upon an occurrence of a platform configuration of the processor inconsistent with the second platform policy followed by said logic circuit.
5A. The processor claimed in claim 5 wherein said processor has at least first and second other privilege modes besides said monitor mode, and said security circuit is further operable to generate a security flag if a transition is attempted from the first other privilege mode to said monitor mode and to not-generate a security flag upon a transition from the second other privilege mode to said monitor mode.
5B. The processor claimed in claim 5 wherein said processor has at least first and second other privilege modes besides said monitor mode, and said security circuit is further operable to generate a security flag if a transition is attempted from said monitor mode to the first other privilege mode and to not-generate a security flag upon a transition from said monitor mode to the second other privilege mode.
5C. The processor claimed in claim 5 wherein said processor is operable in said monitor mode and in said second privilege mode to change the state of said security storage and said security circuit is operable to generate said security flag if said second privilege mode is used to change the state of said security storage.
6A. The processor claimed in claim 6 wherein said security violation handler is operable, when said second storage is in the first state that does permit exception trap into monitor mode, to activate a non-violation security flag if a transition pertaining to monitor mode occurs in said first storage.
6B. The processor claimed in claim 6 wherein said processor has a third storage having a first state wherein said processor is enabled in a non-secure mode and a second state wherein said processor is enabled in a secure mode, and said monitor mode is a type of secure mode and said processor has another type of secure mode, and said security circuit is further operable to generate a security violation signal if an attempt occurs outside said monitor mode to change a state of said third storage.
6C. The processor claimed in claim 6 wherein said security circuit is further operable to generate a security flag if a transition is attempted from the first other privilege mode to said monitor mode and to not-generate a security flag upon a transition from the second other privilege mode to said monitor mode.
6D. The processor claimed in claim 6 wherein said security circuit is further operable to generate a security flag if a transition is attempted from said monitor mode to the first other privilege mode and to not-generate a security flag upon a transition from said monitor mode to the second other privilege mode.
6E. The processor claimed in claim 6 wherein said security circuit further includes a security storage with a plurality of security flags, including a first security flag indicative when activated of a relaxed-rule transition, and a second security flag indicative when activated of a security violation, and said security violation handler is operable when said second storage is in the second state that does not permit exception trap into monitor mode to activate the second security flag indicative of a security violation if a transition pertaining to monitor mode occurs in said first storage, and said security violation handler is operable when said second storage is in the first state that does permit exception trap into monitor mode to activate the first security flag indicative of a relaxed-rule transition if a transition pertaining to monitor mode occurs in said first storage.
7A. The integrated circuit claimed in claim 7 wherein said security circuit is operable to activate the qualifier signal indicative of modem operation provided the physical address lies within an address range reserved for modem operation and to inactivate the qualifier signal if the physical address lies within a shared address range for modem operation and for non-modem operation.
7B. The integrated circuit claimed in claim 7 wherein said processor is operable to assert an access type representing an instruction access together with the asserted physical address, and said security circuit is operable to determine whether the asserted access type is permitted to accompany the asserted physical address and, if not, to activate a security violation signal.
7C. The integrated circuit claimed in claim 7B wherein said security circuit includes a firewall circuit for holding a field to indicate whether or not an instruction access type is permitted in a predetermined address range.
7D. The integrated circuit claimed in claim 7 wherein said security circuit includes a firewall circuit for holding plural permissions concurrently, each of said plural permissions indicating whether permission to access said modem peripheral is granted or denied.
7E. The integrated circuit claimed in claim 7D wherein said security circuit includes a decoder circuit for selecting a particular selection from the permissions in response to inputs to said decoder circuit including at least one input responsive to the qualifier signal indicative of modem operation.
7F. The integrated circuit claimed in claim 7D wherein said security circuit includes a permissions register that has fields for read permissions, write permissions, and permissions corresponding to different permutations of states of plural qualifier signals as active and inactive and including states of the qualifier pertaining to modem operation.
8A. The electronic system claimed in claim 8 wherein said firewall circuit is operable for holding plural permissions concurrently, each of said plural permissions indicating whether permission to access said system peripheral is granted or denied.
8B. The electronic system claimed in claim 8A wherein said firewall circuit includes a selector circuit responsive to a current state of each of the qualifier signals to select a particular one of said plural permissions, whereby to determine that an access to the system peripheral is granted or denied.
8C. The electronic system claimed in claim 8 wherein said firewall circuit includes a permissions register that has fields for read permissions, write permissions, and permissions corresponding to different states of qualifier signals.
8D. The electronic system claimed in claim 8 wherein the qualifiers include an endian-related qualifier.
8E. The electronic system claimed in claim 8 wherein the qualifiers include an instruction access type qualifier.
8F. The electronic system claimed in claim 8 wherein the qualifiers include a privilege mode qualifier.
8G. The electronic system claimed in claim 8 wherein the qualifiers include a cacheability qualifier.
8H. The electronic system claimed in claim 8 wherein the qualifiers include a debug qualifier.
8J. The electronic system claimed in claim 8 wherein the qualifiers include an element-size qualifier.
8K. The electronic system claimed in claim 8 wherein the qualifiers include a security qualifier.
8L. The electronic system claimed in claim 8 wherein said firewall circuit has a first policy for the granting and denying access to said system peripheral in response to different states of the qualifier signals, and said firewall circuit has a firewall configuration register and has a second policy for granting and denying access to said firewall configuration register in response to different states of the qualifier signals.
9A. The processor claimed in claim 9 wherein said processor has a second storage having a first state wherein said processor is enabled in a privilege mode and a second state wherein said processor is enabled in a non-privilege mode, and said monitor mode is a type of privilege mode and said processor has another type of privilege mode, and said security circuit is further operable to generate a security violation signal upon an attempt to transition the second state of the second storage to the first state of the second storage element.
9B. The processor claimed in claim 9 wherein said processor has a second storage having a first state wherein said processor is enabled in a non-secure mode and a second state wherein said processor is enabled in a secure mode, and said monitor mode is a type of secure mode and said processor has another type of secure mode, and said security circuit is further operable to generate a security violation signal if an attempt occurs outside said monitor mode to change a state of said second storage element.
9C. The processor claimed in claim 9 wherein said processor has at least first and second other modes besides monitor, and said security circuit is further operable to generate a security violation signal if a transition is attempted from the first other mode to said monitor mode and to not-generate the security violation upon a transition from the second other mode to said monitor mode.
9D. The processor claimed in claim 9 wherein said processor has at least first and second other modes besides said monitor mode, and said security circuit is further operable to generate a security violation signal if a transition is attempted from said monitor mode to the first other mode and to not-generate the security violation upon a transition from said monitor mode to the second other mode.
9E. The processor claimed in claim 9 wherein said security circuit independently performs a detection of an attempt by the software monitor to access an instruction outside a first predetermined address space for instructions and a detection of an attempt by the software monitor in monitor mode to access data outside a second predetermined address space for data and generates the security violation signal in a manner depending on which independent detection occurs.
10A. The processor claimed in claim 10 wherein said security zone mechanism has a configuration and said security circuit is operable generate a security violation in response to a change in the configuration of said security zone mechanism.
10B. The processor claimed in claim 10 wherein the processor has different particular modes for processing software programs in privilege and non-privilege modes and for processing monitor software in a monitor mode, and said security zone mechanism is operable to permit either a privilege mode or the monitor mode to control a mode change, and said security circuit is operable to further restrict control of the mode change to monitor mode only.
10C. The processor claimed in claim 10 wherein the security zone mechanism has a security storage having a first state wherein said processor is in a non-secure mode and a second state wherein said processor is in a secure mode, and said monitor mode is a type of secure mode, and said security circuit is operable to generate a security violation signal if an attempt occurs in a privilege mode other than monitor mode to change a state of said security storage element.
10D. The processor claimed in claim 10 wherein the processor has control code and said security circuit is operable to govern said security zone mechanism and the processor so that the control code is established as a hypervisor.
10E. The processor claimed in claim 10 wherein the processor has boot code for configuring the security zone mechanism.
10F. The processor claimed in claim 10 wherein the processor has a memory management unit (MMU) and at least one cache memory, and said security zone mechanism has a configuration to enable or disable protection mechanisms for the MMU and the cache memory.
10G. The processor claimed in claim 10F wherein said security circuit is operable to lock the configuration of said security zone mechanism pertaining to the MMU and the cache memory.
10H. The processor claimed in claim 10 wherein said security circuit has a locking register and said processor has boot code to activate the locking register so that said security circuit protects the security zone mechanism from a change in the configuration of the security zone mechanism.
10J. The processor claimed in claim 10 wherein said processor has a secure mode and has a functional bus port coupled to said pipeline and said functional bus port also has a first path indicative of the secure mode, and said security zone mechanism has a security monitor port for a second path indicative of the secure mode, and said security circuit is coupled to said functional bus port and to said security monitor port to detect any inconsistency between the first path and the second path pertaining to secure mode status.
11A. The electronic circuit claimed in claim 11 wherein said processor has a secure mode and said security circuit enforces the processor so that the secure mode is entered only in functional processor operation and at least one non-invasive mode.
11B. The electronic circuit claimed in claim 11 wherein said processor has a secure mode and the processor is coupled by a bus to said peripherals and said bus has a path for a qualifier indicative of the secure mode active, and said security circuit is operable to force the qualifier to non-secure state as seen by the peripherals even when the processor is in the secure mode.
11C. The electronic circuit claimed in claim 11B wherein said processor also has test modes that are invasive or non-invasive, and said security circuit is responsive to at least one test mode that is invasive to force the qualifier to non-secure state as seen by the peripherals even when the processor is in the secure mode.
11D. The electronic circuit claimed in claim 11 wherein said electronic circuit further comprises a plurality of memories, and said security circuit has a register coupled to store respective power-event signals pertaining to at least two of said plurality of memories.
11E. The electronic circuit claimed in claim 11D wherein at least one of said memories has a mode of power-on and a retention mode.
11F. The electronic circuit claimed in claim 11 wherein the power domains include system blocks and said security circuit has a register coupled to store information pertaining to respective resets of at least two system blocks.
11G. The electronic circuit claimed in claim 11F wherein said processor is coupled to said security circuit so that if said register pertaining to resets shows activity, said processor is operable to protect the system.
11H. The electronic circuit claimed in claim 11 wherein said processor has a sleep state and at least one of said peripherals is operable to export information to said security circuit without need of processor wake-up.
11J. The electronic circuit claimed in claim 11 wherein at least one said peripheral has a firewall with a firewall configuration register, and said processor is operable in response to power events affecting said firewall to save and restore configuration for the firewall configuration register.
11K. The electronic circuit claimed in claim 11 wherein said security circuitry includes a random number generator and retention circuits coupled to said random number generator and operable in response to power events affecting said random number generator to save and restore information pertaining to the random number generator.
11L. The electronic circuit claimed in claim 11 wherein at least one of said peripherals includes a security peripheral, and said security circuitry is operable to prevent power state transitions in the middle of operation in said security peripheral.
11M. The electronic circuit claimed in claim 11 wherein at least one of said peripherals includes a resettable security peripheral, and said security circuitry is operable to lock out reset of said security peripheral.
11N. The electronic circuit claimed in claim 11 wherein said power management circuitry provides a cold reset and a warm processor reset, and said platform status register is coupled to said cold reset, and said processor is coupled to said warm processor reset, whereby security protection by said security circuit is enhanced.
12A. The processor claimed in claim 12 wherein said processor has a second storage having a first state wherein said processor is in a privilege mode and a second state wherein said processor is in a non-privilege mode, and said monitor mode is a type of privilege mode and said security circuit is configurable to specify a reserved address space for privilege mode, and said security circuit is further operable to generate another security violation signal in response to an attempted access on said bus by said pipeline inside the reserved address space for privilege mode when said storage has said first state.
12B. The processor claimed in claim 12 wherein said storage also has states for privilege mode and non-privilege mode and said security violation signal is further conditional on attempted access in non-privilege mode.
12C. The processor claimed in claim 12 wherein said storage also has states for instruction access or data access and said security violation signal is further conditional on attempted instruction access.
13A. The electronic circuit claimed in claim 13 further comprising a first peripheral pertaining to real-time and having an interrupt request line coupled to said interrupt handler circuit and a second peripheral pertaining to non-real-time and having another interrupt request line coupled to said interrupt handler circuit.
13B. The electronic circuit claimed in claim 13A wherein said interrupt handler is operable to establish interrupt priority higher for said interrupt request line from said first peripheral than for said another interrupt request line from said second peripheral.
13C. The electronic circuit claimed in claim 13A wherein said processor is differently responsive to secure interrupts than to public interrupts and said interrupt handler is operable to couple a secure interrupt to said processor for real-time thereby to establish an interrupt priority for real-time.
13D. The electronic circuit claimed in claim 13 further comprising a register for enabling or disabling said pre-emptive masking handler circuit.
13E. The electronic circuit claimed in claim 13 further comprising a register coupled to said preemptive masking handler to inhibit public interrupts or not.
13F. The electronic circuit claimed in claim 13 wherein first and second type of interrupt request includes slow (IRQ) and fast (FIQ) interrupt request respectively.
13G. The electronic circuit claimed in claim 13F wherein said processor register circuit also has a public FIQ mask disable to prevent masking of the FIQ, and said preemptive masking handler is operable to activate public FIQ masking regardless.
13H. The electronic circuit claimed in claim 13 wherein said preemptive masking handler is operable to mask at least one interrupt for non-real-time whereby to prevent interference of non-real-time with real-time.
13J. The electronic circuit claimed in claim 13 further comprising a qualifier circuit to generate a qualifier indicating that a virtual processor is active in said processor and said preemptive masking handler circuit is responsive to said qualifier circuit to make at least one interrupt non-maskable when said qualifier is active.
13K. The electronic circuit claimed in claim 13 further comprising a register coupled to said preemptive masking handler for automatically inhibiting at least one interrupt or not.
13L. The electronic circuit claimed in claim 13K wherein said pre-emptive masking handler circuit is responsive to said automatic inhibiting register to directly mask at least one interrupt from said interrupt handler transparent to the monitor mode.
13M. The electronic circuit claimed in claim 13 further comprising a register for enabling a public mask feedback from said interrupt handler to said pre-emptive masking handler circuit.
13N. The electronic circuit claimed in claim 13 wherein said pre-emptive masking handler circuit itself has an output line to supply an interrupt request to said interrupt handler circuit to interrupt said processor.
13P. The electronic circuit claimed in claim 13N further comprising an additional register circuit coupled to said interrupt request output line of said pre-emptive masking handler circuit, said additional register circuit operable to provide an acknowledge to said preemptive masking handler circuit.
13Q. The electronic circuit claimed in claim 13P wherein said pre-emptive masking handler circuit is responsive to the acknowledge to de-assert said interrupt request to said interrupt handler circuit for said processor.
13R. The electronic circuit claimed in claim 13Q further comprising a security violation handler circuit coupled to said additional register circuit to not reset said interrupt request output line of said pre-emptive masking handler circuit when a security violation occurs.
13S. The electronic circuit claimed in claim 13 wherein said processor register circuit also has a secure mode and said pre-emptive masking handler circuit has inputs coupled to said processor register circuit indicative of the monitor mode and secure mode.
13T. The electronic circuit claimed in claim 13 wherein said processor register circuit has an interrupt mask enable and said pre-emptive masking handler circuit has an input coupled to monitor the interrupt mask enable from said processor register circuit.
13U. The electronic circuit claimed in claim 13 further comprising a register coupled to said interrupt handler and operable to flag if an interrupt pertains to a virtual processor or not.
13V. The electronic circuit claimed in claim 13 wherein said processor is operable in categories depending on secure mode or not, and virtual processor or not, and said processor is operable in monitor mode as a hypervisor mode to switch between said categories and to service interrupts respective to each category.
13W. The electronic circuit claimed in claim 13 wherein said processor has respective first and second interrupt masking for said first and second type of interrupt request, and said processor has at least one privileged mode in a secure or public state, and when said processor is in the at least one privileged mode in the public state and the first interrupt masking is enabled, then said preemptive masking handler circuit is responsive so that said interrupt handler masks the second type of interrupt request as well.
13X. The electronic circuit claimed in claim 13 wherein said processor register circuit has a secure mode, and when said processor is in the monitor mode or secure mode, then said preemptive masking handler is maintained activated to prevent at least one non-real-time interrupt request of the second type from interfering with the monitor mode and secure mode.
13Y. The electronic circuit claimed in claim 13 wherein said processor register circuit has a secure mode and public mode and said electronic circuit further comprises a register with a trap field to activate a trap into monitor mode for the first type of interrupt request, and the processor monitor mode is coded to inactivate the trap field when the non-real-time operating system switches within public modes in response to the first type of interrupt request, and to activate the trap field when the processor register circuit is in the secure mode.
14A. The electronic system claimed in claim 14 further comprising caches corresponding to the processor cores and the system further comprising a cache control circuit for updating coherency between the caches, said protective circuitry responsive to the monitor mode line for temporarily disabling the cache control circuit from updating coherency between the caches.
14B. The electronic system claimed in claim 14 wherein said processor is further operable to generate an attempted access on said bus and said system further comprising a firewall coupled to said bus to receive the attempted access and the first and second qualifiers.
14C. The electronic system claimed in claim 14B wherein said firewall is responsive to the attempted access and to the first and second qualifiers to permit an access by at least one of said processor cores and prevent an access pertaining to at least another one of said processor cores.
14D. The electronic system claimed in claim 14 wherein said processor is operable to transition between cores active for access on said bus and said protective circuitry is operable to generate at least one security violation signal unless protective circuitry detects the monitor mode line active from said control core during the transition.
14E. The electronic system claimed in claim 14 further comprising an interrupt routing circuit for routing interrupts to the control core from the other processor cores.
14F. The electronic system claimed in claim 14 further comprising a clock circuit operable to couple clock signals to the processor cores.
14G. The electronic system claimed in claim 14F wherein said clock circuit is configurable by control core.
14H. The electronic system claimed in claim 14G wherein said protective circuitry is further operable to detect a security violation if said clock circuit is configured outside a predetermined mode of said control core.
15A. The process of manufacturing claimed in claim 15 wherein the testing of the processor includes testing of at least one operational transition selected from the group consisting of transition through real-time modem operation, interrupt handling, monitor software, debug, and power management.
15B. The process of manufacturing claimed in claim 15 further comprising providing and assembling a telecommunications unit printed wiring board having said integrated circuit and a user interface coupled to said integrated circuit.
15C. The process of manufacturing claimed in claim 15B wherein said printed wiring board further has a storage provided with a real-time operating system (RTOS), a high-level non-real time operating system (HLOS), and a security-protected application.
15D. The process of manufacturing claimed in claim 15 wherein the testing successively adjusts at least one parameter for a more favorable level of at least one metric, the at least one parameter selected from the group consisting of enable/disable fields in the configuration registers of the protective circuitry, interrupt priorities, and a firewall mode hierarchy.
15E. The process of manufacturing claimed in claim 15D wherein the metric is selected from at least one of the group consisting of faster application execution, lower power dissipation, communication quality of service, system stability, attack resistance, and evaluation of system user experience.
15F. The process of manufacturing claimed in claim 15D wherein the process further comprises loading at least the adjusted parameter into the telecommunications unit.
16A. The electronic device claimed in claim 16 wherein the second processor includes another application processor.
16B. The electronic device claimed in claim 16 wherein the second processor includes a graphics processor.
16C. The electronic device claimed in claim 16 wherein the second processor includes a modem processor.
17A. The telecommunications unit claimed in claim 17 wherein the modem circuit includes a wireless modem circuit and said user interface includes a voice interface for a wireless handset.
17B. The telecommunications unit claimed in claim 17 wherein the software monitor is operable as a hypervisor.
17C. The telecommunications unit claimed in claim 17 wherein said user interface includes a video display.
17D. The telecommunications unit claimed in claim 17 wherein said user interface is adapted for television signal coupling.
17E. The telecommunications unit claimed in claim 17 wherein said storage also includes a storage unit for media content.
17F. The telecommunications unit claimed in claim 17 wherein said processor is operable as a microcontroller and said user interface is adapted for microcontroller signal coupling.
17G. The telecommunications unit claimed in claim 17 wherein the modem circuit includes a wireline modem circuit.
18. An integrated circuit comprising
a processor including a pipeline;
a debug circuit coupled to said processor; and
a security circuit coupled to said processor and operable to generate a security violation signal upon occurrence of a security violation by said processor, said security circuit also operable to respond to the security violation to couple a debug request signal to said debug circuit, whereby the debug circuit is steered to the security violation.
19. An integrated circuit comprising
a processor including a pipeline;
a first bus coupled to said processor;
a first storage coupled to said bus;
a trace bus coupled to said pipeline separately from said first bus; and
a security circuit including a security storage coupled to said second bus, said security circuit operable to generate at least one security violation signal indicative of a non-permitted access by said processor to said security storage of the security circuit itself.
Notes: Aspects are paragraphs which might be offered as claims in patent prosecution. The above dependently-written Aspects have leading digits and internal dependency designations to indicate the claims or aspects to which they pertain. Aspects having no internal dependency designations have leading digits and alphanumerics to indicate the position in the ordering of claims at which they might be situated if offered as claims in prosecution.
References to “monitor mode” refer to a high-level control mode of a processor and should be understood in a broad and substantial sense whether or not a particular processor that substantially has a monitor mode lacks the explicit name monitor mode, for instance.
It is emphasized here that while some embodiments may have an entire feature totally absent or totally present, other embodiments, such as those performing the blocks and steps of the Figures of drawing, have more or less complex arrangements that execute some process portions, selectively bypass others, and have some operations running concurrently sequentially regardless. Accordingly, words such as “enable,” disable,” “operative,” “inoperative” are to be interpreted relative to the code and circuitry they describe. For instance, disabling (or making inoperative) a second function by bypassing a first function can establish the first function and modify the second function. Conversely, making a first function inoperative includes embodiments where a portion of the first function is bypassed or modified as well as embodiments where the second function is removed entirely. Bypassing or modifying code increases function in some embodiments and decreases function in other embodiments.
A few preferred embodiments have been described in detail hereinabove. It is to be understood that the scope of the invention comprehends embodiments different from those described yet within the inventive scope. Microprocessor and microcomputer are synonymous herein. Processing circuitry comprehends digital, analog and mixed signal (digital/analog) integrated circuits, ASIC circuits, PALs, PLAs, decoders, memories, non-software based processors, microcontrollers and other circuitry, and digital computers including microprocessors and microcomputers of any architecture, or combinations thereof. Internal and external couplings and connections can be ohmic, capacitive, inductive, photonic, and direct or indirect via intervening circuits or otherwise as desirable. Implementation is contemplated in discrete components or fully integrated circuits in any materials family and combinations thereof. Various embodiments of the invention employ hardware, software or firmware. Process diagrams herein are representative of flow diagrams for operations of any embodiments whether of hardware, software, or firmware, and processes of manufacture thereof.
While this invention has been described with reference to illustrative embodiments, this description is not to be construed in a limiting sense. Various modifications and combinations of the illustrative embodiments, as well as other embodiments of the invention may be made. The terms “including”, “includes”, “having”, “has”, “with”, or variants thereof are used in the detailed description and/or the claims to denote non-exhaustive inclusion in a manner similar to the term “comprising”. It is therefore contemplated that the appended claims and their equivalents cover any such embodiments, modifications, and embodiments as fall within the true scope of the invention.
This application is related to provisional U.S. Patent Application No. 60/771,737, (TI-61985PS) filed Feb. 9, 2006, titled “CPU Virtual Cores and Hardware Hypervisor Model,” and to provisional U.S. Patent Application No. 60/869,986, (TI-61985PS1) filed Dec. 14, 2006, titled “Multi-Processor Architecture with Hardware-Supported Hypervisor,” Priority under 35 U.S.C. 119(e)(1) is hereby claimed for both said provisional U.S. Patent Applications. U.S. non-provisional patent application TI-39616 “Method And System For Preventing Unauthorized Processor Mode Switches” U.S. Ser. No. 11/343,061 filed Jan. 30, 2006, for which priority under 35 U.S.C. 120 is hereby claimed to such extent as may be applicable and said patent application TI-39616 is also hereby incorporated herein by reference. U.S. non-provisional patent application TI-39615 “Methods And System To Restrict Usage Of a DMA Channel” U.S. Ser. No. 11/557,298 filed Nov. 7, 2006, for which priority under 35 U.S.C. 120 is hereby claimed to such extent as may be applicable and said patent application TI-39615 is also hereby incorporated herein by reference. U.S. non-provisional patent application TI-39613 “Method And System For Preventing Unsecure Memory Accesses” U.S. Ser. No. 11/343,072, filed Jan. 30, 2006, for which priority under 35 U.S.C. 120 is hereby claimed to such extent as may be applicable and said patent application TI-39613 is also hereby incorporated herein by reference. U.S. non-provisional patent application TI-38804 “Method And System For A Multi-Sharing Security Firewall” U.S. Ser. No. 11/272,532, filed Nov. 10, 2005, for which priority under 35 U.S.C. 120 is hereby claimed to such extent as may be applicable and said patent application TI-38804 is also hereby incorporated herein by reference. U.S. non-provisional patent application TI-38802 “Method And System For Detection And Neutralization Of Buffer Overflow Attacks” U.S. Ser. No. 11/199,427, filed Aug. 8, 2005, for which priority under 35 U.S.C. 120 is hereby claimed to such extent as may be applicable and said patent application TI-38802 is also hereby incorporated herein by reference. U.S. non-provisional patent application TI-38800 “System And Method For Checking The Integrity Of Computer Program Code” U.S. Ser. No. 11/463,426, filed Aug. 9, 2006, for which priority under 35 U.S.C. 120 is hereby claimed to such extent as may be applicable and said patent application TI-38800 is also hereby incorporated herein by reference. U.S. non-provisional patent application TI-38213 “Methods, Apparatus, and Systems for Secure Demand Paging and Other Paging Operations for Processor Devices” U.S. Ser. No. 11/426,597 filed Jun. 27, 2006, is hereby incorporated herein by reference. U.S. non-provisional patent application TI-39617 “Page Processing Circuits, Devices, Methods And Systems For Secure Demand Paging And Other Operations” U.S. Ser. No. 11/426,598 filed Jun. 27, 2006, is hereby incorporated herein by reference. U.S. non-provisional patent application TI-38206 “Less-Secure Processors, Integrated Circuits, Wireless Communications Apparatus, Methods And Processes Of Making” U.S. Ser. No. 10/915,830 filed Aug. 10, 2004, is hereby incorporated herein by reference. U.S. non-provisional patent application TI-37338 “System and Method of Identifying and Preventing Security Violations Within a Computing System” U.S. Ser. No. 10/961,344, filed Oct. 8, 2004, is hereby incorporated herein by reference. U.S. non-provisional patent application TI-61407 “Monitor Mode Integrity Verification” U.S. Ser. No. 11/617,411 filed Dec. 28, 2006, for which priority under 35 U.S.C. 120 is hereby claimed to such extent as may be applicable and said patent application TI-61407 is also hereby incorporated herein by reference.
Number | Date | Country | |
---|---|---|---|
60771737 | Feb 2006 | US | |
60869986 | Dec 2006 | US |