Data processing apparatus and method for performing load-exclusive and store-exclusive operations
US-9223701-B2 · Dec 29, 2015 · US
Secure master and secure guest endpoint security firewall
US2023048071A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2023048071-A1 |
| Application number | US-202217971691-A |
| Country | US |
| Kind code | A1 |
| Filing date | Oct 24, 2022 |
| Priority date | Oct 24, 2012 |
| Publication date | Feb 16, 2023 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Disclosed embodiments relate to a security firewall having a security hierarchy including: secure master (SM); secure guest (SG); and non-secure (NS). There is one secure master and n secure guests. The firewall includes one secure region for secure master and one secure region for secure guests. The SM region only allows access from the secure master and the SG region allows accesses from any secure transaction. Finally, the non-secure region can be implemented two ways. In a first option, non-secure regions may be accessed only upon non-secure transactions. In a second option, non-secure regions may be accessed any processing core. In this second option, the access is downgraded to a non-secure access if the security identity is secure master or secure guest. If the two security levels are not needed the secure master can unlock the SM region to allow any secure guest access to the SM region.
First claim
Opening claim text (preview).
1 . A system comprising: a memory configured with a first region associated with a first security level and a second region associated with a second security level; a secure master configuration register that includes a non-secure bit and a lock bit, wherein the secure master configuration register is configured to be updated by a secure master supervisor; and a memory controller coupled to the memory, wherein the memory controller is configured to: receive an access request to the memory, wherein the access request includes a requested memory address and a security indicator; determine an access permission for the access request to the memory based on the requested memory address, the security indicator, the non-secure bit, and the lock bit; and process the access request based on the access permission. 2 . The system of claim 1 , wherein: the memory controller includes: a first security register and a second security register configured to store secure master data for the first region; and a third security register and a fourth security register configured to store secure guest data for the second region. 3 . The system of claim 2 , wherein: the first security register includes: a first field specifying a low order of bits for an address of the first region; and a second field specifying a region size for the first region. 4 . The system of claim 3 , wherein: the second security register includes: a third field specifying a high order of bits for the address of the first region. 5 . The system of claim 2 , wherein: the third security register includes: a first field specifying a low order of bits for an address of the second region; and a second field specifying a region size for the second region. 6 . The system of claim 5 , wherein: the fourth security register includes: a third field specifying a high order of bits for the address of the second region. 7 . The system of claim 1 , wherein: the lock bit indicates an unlocked state. 8 . The system of claim 7 , wherein: in response to a reset, the lock bit is updated to indicate a locked state from the unlocked state. 9 . The system of claim 1 , wherein: the secure master configuration register includes a secure master supervisor identification field. 10 . The system of claim 9 , wherein: the secure master supervisor identification field is not updated by writing to the secure master configuration register. 11 . A method comprising: receiving, by a memory controller, an access request to a memory, wherein the access request includes a requested memory address and a security indicator, wherein the memory includes a first region associated with a first security level and a second region associated with a second security level; determining, by the memory controller, a non-secure bit and a lock bit from a secure master configuration register configured to be updated by a secure master supervisor; determining, by the memory controller, an access permission for the access request to the memory based on the requested memory address, the security indicator, the non-secure bit, and the lock bit; and processing, by the memory controller, the access request based on the access permission. 12 . The method of claim 11 , wherein: the memory controller includes: a first security register and a second security register configured to store secure master data for the first region; and a third security register and a fourth security register configured to store secure guest data for the second region. 13 . The method of claim 12 , wherein: the first security register includes: a first field specifying a low order of bits for an address of the first region; and a second field specifying a region size for the first region. 14 . The method of claim 13 , wherein: the second security register includes: a third field specifying a high order of bits for the address of the first region. 15 . The method of claim 12 , wherein: the third security register includes: a first field specifying a low order of bits for an address of the second region; and a second field specifying a region size for the second region. 16 . The method of claim 15 , wherein: the fourth security register includes: a third field specifying a high order of bits for the address of the second region. 17 . The method of claim 11 , wherein: the lock bit indicates an unlocked state. 18 . The method of claim 17 , wherein: in response to a reset, the lock bit is updated to indicate a locked state from the unlocked state. 19 . The method of claim 11 , wherein: the secure master configuration register includes a secure master supervisor identification field. 20 . The method of claim 19 , wherein: the secure master supervisor identification field is not updated by writing to the secure master configuration register.
Assignees
Inventors
Classifications
- G06F12/0831Primary
using a bus scheme, e.g. with bus monitoring or watching means · CPC title
using switching circuits, e.g. switching matrix, connection or expansion network (G06F13/4009 takes precedence) · CPC title
Reliability improvement, data loss prevention, degraded operation etc · CPC title
by reordering requests · CPC title
for multiprocessing or multitasking · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2023048071A1 cover?
- Disclosed embodiments relate to a security firewall having a security hierarchy including: secure master (SM); secure guest (SG); and non-secure (NS). There is one secure master and n secure guests. The firewall includes one secure region for secure master and one secure region for secure guests. The SM region only allows access from the secure master and the SG region allows accesses from any …
- Who is the assignee on this patent?
- Texas Instruments Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F12/0831. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Thu Feb 16 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).