Data processing apparatus and method for performing load-exclusive and store-exclusive operations
US-9223701-B2 · Dec 29, 2015 · US
Secure master and secure guest endpoint security firewall
US10037439B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10037439-B2 |
| Application number | US-201314062002-A |
| Country | US |
| Kind code | B2 |
| Filing date | Oct 24, 2013 |
| Priority date | Oct 24, 2012 |
| Publication date | Jul 31, 2018 |
| Grant date | Jul 31, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
This invention is a security firewall having a security hierarchy including: secure master (SM); secure guest (SG); and non-secure (NS). There is one secure master and n secure guests. The firewall includes one secure region for secure master and one secure region for secure guests. The SM region only allows access from the secure master and the SG region allows accesses from any secure transaction. Finally, the non-secure region can be implemented two ways. In a first option, non-secure regions may be accessed only upon non-secure transactions. In a second option, non-secure regions may be accessed any processing core. In this second option, the access is downgraded to a non-secure access if the security identity is secure master or secure guest. If the two security levels are not needed the secure master can unlock the SM region to allow any secure guest access to the SM region.
First claim
Opening claim text (preview).
What is claimed is: 1. In a data processing system including a plurality of processing cores, a memory protection firewall comprising: at least one secure master register defining a secure master region of memory; at least one secure guest register defining a secure guest region of memory; a comparator connected to said at least one secure master register and said at least one secure guest register, said comparator adapted to receive an memory access request from one of the plurality of processing cores including an address to be accessed and a security level including one of the stated of secure master, secure guest and non-secure, said comparator operable to compare the address to be accessed with said secure master region of memory and said secure guest region of memory, if the address to be accessed is within said secure master region of memory grant access only if the security level is secure master, and if the address to be accessed is within said secure guest region of memory grant access if the security level is secure master or if the security level is secure guest; said memory protection firewall has one of a locked state and an unlocked state; and said comparator is further operable when said memory protection firewall is in said locked state to if the address to be accessed is within said secure master region of memory grant access only if the security level is secure master, and if the address to be accessed is within said secure guest region of memory grant access if the security level is secure master or if the security level is secure guest; said comparator is further operable when said memory protection firewall is in said unlocked state to if the address to be accessed is within said secure master region of memory grant access if the security level is secure master or if the security level is secure guest, and if the address to be accessed is within said secure guest region of memory grant access if the security level is secure master or if the security level is secure guest; a secure master ID configuration register including a lock bit having a first state indicating a locked state of said memory protection firewall and a second state indicating an unlocked state of said memory protection firewall; and said lock bit of said secure master ID configuration register may be changed from said first state (locked) to said second state (unlocked) by a write from said secure master, and said lock bit of said secure master ID configuration register may be changed from said second state (unlocked) to said first state (locked) only upon reset of said memory protection firewall. 2. The memory protection firewall of claim 1 , wherein: said secure master ID configuration register further includes a secure bit having a first state indicating a non-secure state of said memory protection firewall and a second state indicating a secure state of said memory protection firewall; said comparator is further operable when said memory protection firewall is in said secure state to if the address to be accessed is within said secure master region of memory grant access only if the security level is secure master, and if the address to be accessed is within said secure guest region of memory grant access if the security level is secure master or if the security level is secure guest; and said comparator is further operable when said memory protection firewall is in said non-secure state to grant access to any request if the address to be accessed is within said secure master region of memory grant or if the address to be accessed is within said secure guest region of memory grant. 3. The memory protection firewall of claim 1 , wherein: said comparator is further operable to if the address to be accessed is not within said secure master region of memory and is not within said secure guest region of memory grant access only if the security level is non-secure. 4. The memory protection firewall of claim 1 , wherein: said comparator is further operable to if the address to be accessed is not within said secure master region of memory and is not within said secure guest region of memory grant access if the security level is secure master, if the security level is secure guest or if the security level is non-secure. 5. The memory protection firewall of claim 1 , wherein: said comparator is connected to a security tieoff having a selected one of a first state and a second state; said comparator is further operable to if the address to be accessed is not within said secure master region of memory and is not within said secure guest region of memory and said security tieoff is in said first state, grant access only if the security level is non-secure, and if the address to be accessed is not within said secure master region of memory and is not within said secure guest region of memory and said security tieoff is in said second state, grant access if the security level is secure master, if the security level is secure guest or if the security level is non-secure. 6. The memory protection firewall of claim 1 , wherein: said at least one secure master register includes at least one field defining a base address and at least one field defining a region size. 7. The memory protection firewall of claim 1 , wherein: said at least one secure quest register includes at least one field defining a base address and at least one field defining a region size. 8. The memory protection firewall of claim 1 , wherein: said secure master region of memory and said secure guest region of memory may overlap; and said comparator is further operable to if the address to be accessed is within said secure master region of memory and within said secure guest region of memory, grant access only if the security level is secure master. 9. The memory protection firewall of claim 1 , wherein: said memory protection firewall designates only one of said plurality of processing cores as a secure master.
Assignees
Inventors
Classifications
by checking the subject access rights · CPC title
Cross-Sectional Technologies · mapped topic
for main memory peripheral accesses (e.g. I/O or DMA) · CPC title
Details of cache specific to multiprocessor cache arrangements · CPC title
for multiprocessing or multitasking · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10037439B2 cover?
- This invention is a security firewall having a security hierarchy including: secure master (SM); secure guest (SG); and non-secure (NS). There is one secure master and n secure guests. The firewall includes one secure region for secure master and one secure region for secure guests. The SM region only allows access from the secure master and the SG region allows accesses from any secure transac…
- Who is the assignee on this patent?
- Texas Instruments Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F12/0831. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jul 31 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).