CN107103251B - Processor including a mapping access interface - Google Patents

Processor including a mapping access interface Download PDF

Info

Publication number
CN107103251B
CN107103251B CN201710282701.2A CN201710282701A CN107103251B CN 107103251 B CN107103251 B CN 107103251B CN 201710282701 A CN201710282701 A CN 201710282701A CN 107103251 B CN107103251 B CN 107103251B
Authority
CN
China
Prior art keywords
mode
resource
processor
storage unit
access interface
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710282701.2A
Other languages
Chinese (zh)
Other versions
CN107103251A (en
Inventor
李春强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou C Sky Microsystems Co Ltd
Original Assignee
Hangzhou C Sky Microsystems Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou C Sky Microsystems Co Ltd filed Critical Hangzhou C Sky Microsystems Co Ltd
Priority to CN201710282701.2A priority Critical patent/CN107103251B/en
Publication of CN107103251A publication Critical patent/CN107103251A/en
Application granted granted Critical
Publication of CN107103251B publication Critical patent/CN107103251B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Automation & Control Theory (AREA)
  • Databases & Information Systems (AREA)
  • Mathematical Physics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a processor including a mapping access interface. The processor includes: the system comprises an instruction execution unit, a first mode resource storage unit, a second mode resource storage unit and a mapping access interface, wherein the instruction execution unit is connected with the first mode resource storage unit, the second mode resource storage unit and the mapping access interface, and the first mode resource storage unit is used for storing resource information of a processor in a first mode; the second mode resource storage unit is used for storing the resource information of the processor in a second mode; and the mapping access interface is connected with the second mode resource storage unit. The invention can improve the working efficiency of the processor and reduce the power consumption of the processor.

Description

Processor including a mapping access interface
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a processor including a mapping access interface.
Background
With the continuous development of informatization, the reliability of a system becomes more and more important, the traditional software-level-based reliability protection has lower and lower security, and hackers can directly attack an operating system beyond software protection and then steal sensitive software and hardware resources; therefore, in order to make up for the shortfall of the trustworthiness protection at the software level, a trusted framework is proposed which aims to provide the system with an underlying hardware protection mechanism outside the software.
The specific idea of the trusted framework design is as follows: adding a credible mode in the running mode of the processor, abstracting a credible kernel in the system, and dividing the processor in the credible mode, the system IP with credible attribute and other sensitive and important software and hardware resources in the system into the credible kernel; furthermore, the hardware mechanism ensures that the resources in the trusted kernel can only be accessed by the trusted mode, thereby realizing the isolation of the trusted kernel and the untrusted kernel and ensuring the confidentiality and the integrity of the trusted resources.
Meanwhile, a mapping access interface is arranged in the processor, and the mapping access interface can enable the trusted kernel to safely access resources under the untrusted kernel, so that the safe interaction of kernel resources is realized; the processor comprising the mapping access interface virtualizes a trusted kernel and an untrusted kernel in a physical kernel, and separates a super user mode and a common user mode from the virtualized kernels respectively. In general, the resources in each mode cannot access the resources in the other modes, so that the security of the system is guaranteed on hardware. When the processor needs to access the resources in other modes from the high-credibility mode, the processor needs to access the resources in other modes after the processor is saved to the field switching mode in the current mode and is switched to the other modes.
In the process of implementing the invention, the inventor finds that at least the following technical problems exist in the prior art: the processor reads resources in other modes in a mode of continuously switching the modes, the working efficiency is low, and the power consumption of the processor is large.
Disclosure of Invention
The processor comprising the mapping access interface can improve the working efficiency of the processor and reduce the power consumption of the processor.
In a first aspect, the present invention provides a processor including a map access interface, comprising:
an instruction execution unit, a first mode resource storage unit, a second mode resource storage unit, and a mapping access interface, wherein,
the instruction execution unit is connected with the first mode resource storage unit, the second mode resource storage unit and the mapping access interface and is used for reading resource information of the mapping access interface or rewriting the resource information of the mapping access interface according to a received external instruction;
a first mode resource storage unit for storing resource information of the processor in a first mode, and the instruction execution unit has access to the resource of the first mode resource storage unit only when the processor is in the first mode;
a second mode resource storage unit for storing resource information of the processor in a second mode, and the instruction execution unit has access to the resource of the second mode resource storage unit only when the processor is in the second mode;
and the mapping access interface is connected with the second mode resource storage unit and used for reading the resource of the second mode resource storage unit in real time and storing the resource as the resource information of the mapping access interface, and when the processor is in the first mode, the mapping access interface returns the resource information according to the request of the instruction execution unit for reading the resource information, rewrites the resource information according to the request of the instruction execution unit for rewriting the resource information, and sends the rewritten resource information to a resource register in the second mode resource storage unit.
Optionally, the first mode resource storage unit is a trusted super user mode resource storage unit, and the second mode resource storage unit is a trusted normal user mode resource storage unit.
Optionally, the first mode resource storage unit is a trusted super user mode resource storage unit, and the second mode resource storage unit is an untrusted super user mode resource storage unit.
Optionally, the first mode resource storage unit is a trusted super user mode resource storage unit, and the second mode resource storage unit is an untrusted ordinary user mode resource storage unit.
Optionally, the first mode resource storage unit is an untrusted super user mode resource storage unit, and the second mode resource storage unit is an untrusted ordinary user mode resource storage unit.
Optionally, the resource register is an exception base register, an exception backup register, or a stack register.
Optionally, the mapping access interface is at least one control register or at least one memory address.
According to the processor comprising the mapping access interface provided by the embodiment of the invention, the instruction execution unit is in the user mode with high authority, and the resource in the user mode with low authority can be directly accessed through the mapping access interface without switching the mode of the processor, so that the working efficiency of the processor can be improved, and the power consumption of the processor can be reduced.
Drawings
FIG. 1 is a block diagram of a processor including a map access interface according to an embodiment of the present invention;
FIG. 2 is a diagram illustrating mode switching of a processor program status register according to an embodiment of the present invention;
FIG. 3 is a diagram of a processor including a map access interface according to an embodiment of the present invention;
FIG. 4 is a diagram illustrating an embodiment of the present invention in which a high level privilege mode accesses a low level privilege mode dedicated resource.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention provides a processor comprising a mapping access interface, as shown in fig. 1, the processor comprising:
an instruction execution unit 11, a first pattern resource storage unit 12, a second pattern resource storage unit 13, and a mapping access interface 14, wherein,
the instruction execution unit 11 is connected to the first mode resource storage unit 12, the second mode resource storage unit 13, and the mapping access interface 14, and configured to read resource information of the mapping access interface 14 or rewrite resource information of the mapping access interface 14 according to a received external instruction;
a first mode resource storage unit 12, configured to store resource information of the processor in a first mode, and the instruction execution unit 11 has access to the resource of the first mode resource storage unit 12 only when the processor is in the first mode;
a second mode resource storage unit 13, configured to store resource information of the processor in the second mode, and the instruction execution unit 11 has access to the resource of the second mode resource storage unit 13 only when the processor is in the second mode;
and the mapping access interface 14 is connected to the second mode resource storage unit 13, and is configured to read and store the resource of the second mode resource storage unit 13 in real time, and rewrite the resource of the resource register in the second mode resource storage unit 13 according to the rewrite information sent by the instruction execution unit 11 when the processor is in the first mode.
According to the processor comprising the mapping access interface provided by the embodiment of the invention, the instruction execution unit is in the user mode with high authority, and the resource in the user mode with low authority can be directly accessed through the mapping access interface without switching the mode of the processor, so that the working efficiency of the processor can be improved, and the power consumption of the processor can be reduced.
Optionally, as shown in fig. 2, a schematic diagram of mode switching of a processor program status register is shown; the processor is provided with a trusted kernel and an untrusted kernel which are logically independent, and the trusted kernel is divided into a trusted super user mode and a trusted common user mode according to two standards of a programming mode; and dividing the untrusted kernel into an untrusted super user mode and an untrusted ordinary user mode. When the SE bit of the program state register is 1, the processor is indicated to be currently under a trusted kernel, at the moment, the processor adopts a trusted program state register (SEPSR) as the program state register, when the S bit of the trusted program state register is 1, the processor is indicated to be currently under a trusted super user mode, and when the S bit of the trusted program state register is 0, the processor is indicated to be currently under a trusted common user mode; when the SE bit of the program status register is 0, it indicates that the processor is currently in the untrusted kernel, and at this time, the processor uses an untrusted program status register (NSPSR) as the program status register, and when the S bit of the untrusted program status register is 1, it indicates that the processor is currently in the untrusted supervisor mode, and when the S bit of the untrusted program status register is 0, it indicates that the processor is currently in the untrusted normal user mode.
Alternatively, as shown in FIG. 3, four modes of the processor: the trusted super user mode, the trusted common user mode, the untrusted super user mode and the untrusted common user mode have different authorities, wherein the trusted super user mode has the highest authority and can access resources in the trusted common user mode, the untrusted super user mode and the untrusted common user mode through the mapping access interface; the authority of the non-trusted super user mode is higher than that of the non-trusted common user mode, and resources in the non-trusted common user mode can be accessed through the mapping access interface; the trusted common user mode can only access the resources in the trusted common user mode, and does not have the authority to access the resources in other modes; the non-trusted common user mode can only access the resources in the non-trusted user mode, and does not have the authority to access the resources in other modes.
Optionally, when the processor operates in the trusted super-user mode and has a need to read the stack register of the trusted normal user mode, after the instruction execution unit of the processor acquires and identifies the instruction, the instruction execution unit of the processor directly acquires a mapping resource through the mapping access interface, where the mapping resource is a resource of the stack register of the trusted normal user mode, and the mapping access interface stores the resource of the stack register of the trusted normal user mode in its own control register in real time, so as to achieve the purpose of reading the stack register of the trusted normal user in the trusted super-user mode.
Optionally, when the processor operates in the trusted super-user mode and has a need to read the stack register of the untrusted normal user mode, after the instruction execution unit of the processor obtains and identifies the instruction, the instruction execution unit directly obtains a mapping resource through the mapping access interface, where the mapping resource is a resource of the stack register of the untrusted normal user mode, and the mapping access interface stores the resource of the stack register of the untrusted normal user mode in its own control register in real time, so as to achieve a purpose of reading the stack register of the untrusted normal user mode in the trusted super-user mode.
Optionally, when the processor operates in the trusted super-user mode and has a need to read the stack register of the untrusted super-user mode, after the instruction execution unit of the processor acquires and identifies the instruction, the instruction execution unit of the processor directly acquires a mapping resource through the mapping access interface, where the mapping resource is a resource of the stack register of the untrusted super-user mode, and the mapping access interface stores the resource of the stack register of the untrusted super-user mode in its own control register in real time, so as to achieve the purpose of reading the stack register of the untrusted super-user mode in the trusted super-user mode.
Optionally, when the processor runs in the untrusted super user mode in the untrusted kernel and has a need to read the stack register of the untrusted normal user mode in the untrusted kernel, the instruction execution unit of the processor obtains and identifies the instruction, and then directly obtains the mapping resource through the mapping access interface, where the mapping resource is a resource of the stack register of the untrusted normal user mode, and the mapping access interface stores the resource of the stack register of the untrusted normal user mode in its own control register in real time, so as to achieve the purpose of reading the stack register of the untrusted super user in the trusted super user mode.
Optionally, when the processor operates in the trusted super user mode or the untrusted super user mode and there is a need to rewrite the untrusted ordinary user stack register, the instruction execution unit sends the write address and the write data to the mapping access interface, and the mapping access interface rewrites the content in the control register and then sends the rewritten content to the untrusted ordinary user stack register. Thereby enabling the processor to achieve the goal of rewriting resources.
Optionally, when the processor operates in the trusted super user mode and there is a need to rewrite the untrusted super user stack register, the instruction execution unit sends a write address and write data to the mapping access interface, and the mapping access interface rewrites contents in the control register and then sends the rewritten contents to the untrusted super user stack register. Thereby enabling the processor to achieve the goal of rewriting resources.
Optionally, when the processor operates in the trusted supervisor mode and there is a need to rewrite the trusted normal user stack register, the instruction execution unit sends a write address and write data to the mapping access interface, and the mapping access interface rewrites contents in the control register and then sends the rewritten contents to the trusted normal user stack register. Thereby enabling the processor to achieve the goal of rewriting resources.
Optionally, the stack register may also be an exception base register, an exception backup register, or a stack register.
Optionally, the first mode resource storage unit is a trusted super user mode resource storage unit, and the second mode resource storage unit is a trusted normal user mode resource storage unit.
Optionally, the first mode resource storage unit is a trusted super user mode resource storage unit, and the second mode resource storage unit is an untrusted super user mode resource storage unit.
Optionally, the first mode resource storage unit is a trusted super user mode resource storage unit, and the second mode resource storage unit is an untrusted ordinary user mode resource storage unit.
Optionally, the first mode resource storage unit is an untrusted super user mode resource storage unit, and the second mode resource storage unit is an untrusted ordinary user mode resource storage unit.
Optionally, the resource register is an exception base register, an exception backup register, or a stack register, but is not limited thereto.
Specifically, the trusted kernel and the untrusted kernel have independent exception service mechanisms, the SEVBR is an exception base register special for the trusted kernel, and all entry addresses are stored in an exception vector table with the SEVBR as a base address; the NSVBR is an abnormal entry mechanism register special for the untrusted kernel, and all entry addresses are stored in an abnormal vector table with the NSVBR as a base address. When the processor runs in the trusted supervisor mode, the exception entry base register of the untrusted kernel can be accessed by accessing the mapping access interface in the trusted supervisor mode.
Specifically, the SEEPSR is an abnormal state reservation register dedicated to the trusted kernel, and is used for storing PSR information of the trusted kernel when the processor is in a safety interruption or safety abnormality, so as to facilitate the field recovery of the processor; NSEPSR is an abnormal state reserved register special for the non-trusted kernel, and when the processor is subjected to non-secure interruption or non-secure abnormality, PSR information of the operation of the non-trusted kernel is stored so as to facilitate the field recovery of the processor. When the processor runs in the trusted supervisor mode, the exception reservation state register of the non-trusted kernel can be accessed by accessing the mapping access interface in the trusted supervisor mode.
Specifically, the seppc is an exception retention program counter dedicated to the trusted kernel, and when the CPU is in an exception state or a security interrupt state in the trusted kernel, the CPU stores information in the trusted kernel into the seppc for field recovery of the CPU; the NSEPC is an abnormal reserved program counter special for the untrusted kernel, and when the CPU generates abnormality or safety interruption in the untrusted kernel, the CPU stores information under the untrusted kernel into the SEEPC for field recovery of the CPU; when the processor runs in the trusted supervisor mode, the exception-preserving program counter of the non-trusted kernel can be accessed by accessing the mapping access interface in the trusted supervisor mode.
Optionally, the mapping access interface is at least one control register or at least one memory address.
Alternatively, as shown in FIG. 4, a diagram of accessing low level privilege mode specific resources for a high level privilege mode;
when the processor is in the first user mode and needs to read the second user mode resource, the special resource is stored in the general register through the mapping access interface, and the special resource stored in the general register is processed by the instruction execution unit.
The above description is only for the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (7)

1. A processor including a map access interface, comprising: an instruction execution unit, a first mode resource storage unit, a second mode resource storage unit, and a mapping access interface, wherein,
the instruction execution unit is connected with the first mode resource storage unit, the second mode resource storage unit and the mapping access interface and is used for reading resource information of the mapping access interface or rewriting the resource information of the mapping access interface according to a received external instruction;
a first mode resource storage unit for storing resource information of the processor in a first mode, and the instruction execution unit has access to the resource of the first mode resource storage unit only when the processor is in the first mode;
a second mode resource storage unit for storing resource information of the processor in a second mode, and the instruction execution unit has access to the resource of the second mode resource storage unit only when the processor is in the second mode;
and the mapping access interface is connected with the second mode resource storage unit and used for reading the resource of the second mode resource storage unit in real time and storing the resource as the resource information of the mapping access interface, and when the processor is in the first mode, the mapping access interface returns the resource information according to the request of the instruction execution unit for reading the resource information, rewrites the resource information according to the request of the instruction execution unit for rewriting the resource information, and sends the rewritten resource information to a resource register in the second mode resource storage unit.
2. The processor of claim 1, wherein the first mode resource store is a trusted supervisor mode resource store, and wherein the second mode resource store is a trusted normal user mode resource store.
3. The processor of claim 1, wherein the first mode resource store is a trusted supervisor mode resource store, and wherein the second mode resource store is an untrusted supervisor mode resource store.
4. The processor of claim 1, wherein the first mode resource store is a trusted supervisor mode resource store, and wherein the second mode resource store is an untrusted normal user mode resource store.
5. The processor of claim 1, wherein the first mode resource store is an untrusted supervisor mode resource store, and wherein the second mode resource store is an untrusted normal user mode resource store.
6. The processor of claim 1, wherein the resource register is an exception base register, an exception backup register, or a stack register.
7. The processor of claim 1, wherein the map access interface comprises at least one control register or at least one memory address for storing the resource information.
CN201710282701.2A 2017-04-26 2017-04-26 Processor including a mapping access interface Active CN107103251B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710282701.2A CN107103251B (en) 2017-04-26 2017-04-26 Processor including a mapping access interface

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710282701.2A CN107103251B (en) 2017-04-26 2017-04-26 Processor including a mapping access interface

Publications (2)

Publication Number Publication Date
CN107103251A CN107103251A (en) 2017-08-29
CN107103251B true CN107103251B (en) 2020-04-21

Family

ID=59657017

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710282701.2A Active CN107103251B (en) 2017-04-26 2017-04-26 Processor including a mapping access interface

Country Status (1)

Country Link
CN (1) CN107103251B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111752604A (en) 2019-03-27 2020-10-09 阿里巴巴集团控股有限公司 Processor with multiple operation modes

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102859530A (en) * 2010-06-03 2013-01-02 株式会社东芝 Access control device and recording medium
CN105356998A (en) * 2015-09-28 2016-02-24 宇龙计算机通信科技(深圳)有限公司 TrustZone-based domain space switching system and method
CN106156044A (en) * 2015-03-26 2016-11-23 阿里巴巴集团控股有限公司 Data base's changing method and device
CN106156618A (en) * 2015-04-17 2016-11-23 国民技术股份有限公司 A kind of safety chip, mobile terminal and the method realizing mobile terminal system safety

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102859530A (en) * 2010-06-03 2013-01-02 株式会社东芝 Access control device and recording medium
CN106156044A (en) * 2015-03-26 2016-11-23 阿里巴巴集团控股有限公司 Data base's changing method and device
CN106156618A (en) * 2015-04-17 2016-11-23 国民技术股份有限公司 A kind of safety chip, mobile terminal and the method realizing mobile terminal system safety
CN105356998A (en) * 2015-09-28 2016-02-24 宇龙计算机通信科技(深圳)有限公司 TrustZone-based domain space switching system and method

Also Published As

Publication number Publication date
CN107103251A (en) 2017-08-29

Similar Documents

Publication Publication Date Title
Tiburski et al. Lightweight security architecture based on embedded virtualization and trust mechanisms for IoT edge devices
US10684865B2 (en) Access isolation for multi-operating system devices
TWI697805B (en) Loading and virtualizing cryptographic keys
JP4695082B2 (en) A computer system employing a highly reliable execution environment, including a memory controller configured to clear memory
US10445154B2 (en) Firmware-related event notification
BR112015022865B1 (en) Method and Apparatus for selectively enabling the operations of an on-demand virtual machine monitor
CN102147763B (en) Method, system and computer for recording weblog
US11379385B2 (en) Techniques for protecting memory pages of a virtual computing instance
US10644888B2 (en) Systems and methods for providing I/O state protections in a virtualized environment
US9952890B2 (en) Kernel state data collection in a protected kernel environment
EP3961446A1 (en) Method and apparatus for securely entering trusted execution environment in hyper-threading scenario
US20180060574A1 (en) Hybrid hypervisor-assisted security model
CN110532767A (en) Internal insulation method towards SGX security application
CN107103251B (en) Processor including a mapping access interface
US10430223B2 (en) Selective monitoring of writes to protected memory pages through page table switching
US10592267B2 (en) Tree structure for storing monitored memory page data
JP2006338426A (en) Calculator system
US20240160464A1 (en) Instruction sending method and apparatus
TW201433937A (en) Secure input method and system thereof
CN117688552B (en) Stack space protection method, electronic device, storage medium and computer program product
US9916262B2 (en) Least privileged operating system
US20230367913A1 (en) Terminal chip and measurement method thereof
Hu et al. Research on Hardware Built-in Computer Safety

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant