CN111459673A - Secure memory expansion and release method and device and electronic equipment - Google Patents

Secure memory expansion and release method and device and electronic equipment Download PDF

Info

Publication number
CN111459673A
CN111459673A CN202010244195.XA CN202010244195A CN111459673A CN 111459673 A CN111459673 A CN 111459673A CN 202010244195 A CN202010244195 A CN 202010244195A CN 111459673 A CN111459673 A CN 111459673A
Authority
CN
China
Prior art keywords
memory
management driver
execution environment
secure
trusted execution
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010244195.XA
Other languages
Chinese (zh)
Inventor
朱丙营
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alipay Hangzhou Information Technology Co Ltd
Original Assignee
Alipay Hangzhou Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alipay Hangzhou Information Technology Co Ltd filed Critical Alipay Hangzhou Information Technology Co Ltd
Priority to CN202010244195.XA priority Critical patent/CN111459673A/en
Publication of CN111459673A publication Critical patent/CN111459673A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5011Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resources being hardware resources other than CPUs, Servers and Terminals
    • G06F9/5016Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resources being hardware resources other than CPUs, Servers and Terminals the resource being the memory
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/0223User address space allocation, e.g. contiguous or non contiguous base addressing
    • G06F12/023Free address space management
    • G06F12/0253Garbage collection, i.e. reclamation of unreferenced memory
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5011Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resources being hardware resources other than CPUs, Servers and Terminals
    • G06F9/5022Mechanisms to release resources

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Storage Device Security (AREA)
  • Stored Programmes (AREA)

Abstract

A secure memory expansion method. The method comprises the following steps: responding to a secure memory expansion request triggered by a secure application program running in a trusted execution environment, calling a first memory management driver in the trusted execution environment to send the required memory size in the request to a second memory management driver in a user operating system; responding to the required memory size sent by the first memory management driver, calling a second memory management driver, and applying for a free physical memory address meeting the required memory size in a user operating system; sending the applied physical memory address to a first memory management driver; responding to the physical memory address sent by the second memory management driver, calling the first memory management driver, and writing the physical memory address into an extended memory list of a secure memory space; the security application program uses the physical memory space corresponding to the physical memory address in the extended memory list, thereby protecting the user data.

Description

Secure memory expansion and release method and device and electronic equipment
Technical Field
The embodiment of the specification relates to the technical field of internet, in particular to a secure memory expansion and release method and device and an electronic device.
Background
In some scenarios, the terminal device may need to participate in some security processing procedures with high security requirements (e.g., mobile payment, identity authentication, and other scenarios involving funds and privacy); an operating system carried by the terminal equipment is usually a relatively open environment; this may cause some illegal means to collect or tamper with the data in the security process, thereby posing a threat to the security of the data.
For this purpose, the terminal device may divide the operating system into two parts, one is the user operating system for running the application with low security requirement and executing the processing procedure with low security requirement. The other part is that the trusted execution environment is used for running the application with higher security requirement and executing the security processing procedure with higher security requirement. With the complexity of security processing scenarios becoming higher and higher, the memory required for security processing becoming larger and larger, the secure memory space in the trusted execution environment often faces the problem of insufficient memory.
Disclosure of Invention
The embodiment of the specification provides a method and a device for expanding and releasing a secure memory, and an electronic device.
According to a first aspect of an embodiment of the present specification, a secure memory extension method is provided, which is applied to a terminal device; the terminal equipment runs a user operating system and a trusted execution environment; the security application program and the first memory management driver run in the trusted execution environment, and the second memory management driver run in the user operating system; the trusted execution environment includes a secure memory space for use by the trusted application; the method comprises the following steps:
responding to a secure memory expansion request triggered by a secure application program running in the trusted execution environment, calling a first memory management driver in the trusted execution environment to send the required memory size in the secure memory expansion request to a second memory management driver in the user operating system;
responding to the required memory size sent by the first memory management driver, calling a second memory management driver in the user operating system, and applying for a free physical memory address meeting the required memory size in the user operating system; sending the applied physical memory address to a first memory management driver in the trusted execution environment;
responding to a physical memory address sent by the second memory management driver, calling the first memory management driver in the trusted execution environment, and writing the physical memory address into an extended memory list of the secure memory space; and the security application program uses the physical memory space corresponding to the physical memory address in the extended memory list.
According to a second aspect of the embodiments of the present specification, a secure memory release method is provided, which is applied to a terminal device; the terminal equipment runs a user operating system and a trusted execution environment; the security application program and the first memory management driver run in the trusted execution environment, and the second memory management driver run in the user operating system; the trusted execution environment includes a secure memory space for use by the trusted application; the method comprises the following steps:
responding to a secure memory release request triggered by a secure application program running in the trusted execution environment, calling a first memory management driver in the trusted execution environment to delete a physical memory address in an extended memory list of the secure memory space based on a to-be-released physical memory address in the secure memory release request, and sending the deleted to-be-released physical memory address to a second memory management driver in the user operating system;
and responding to the physical memory address to be released sent by the first memory management driver, calling a second memory management driver in the user operating system, and requesting to release a physical memory space corresponding to the physical memory address to be released in the user operating system.
According to a third aspect of the embodiments of the present specification, there is provided a secure memory extension apparatus, which is applied to a terminal device; the terminal equipment runs a user operating system and a trusted execution environment; the security application program and the first memory management driver run in the trusted execution environment, and the second memory management driver run in the user operating system; the trusted execution environment includes a secure memory space for use by the trusted application; the device comprises:
the request unit is used for responding to a secure memory expansion request triggered by a secure application program running in the trusted execution environment, calling a first memory management driver in the trusted execution environment and sending the required memory size in the secure memory expansion request to a second memory management driver in the user operating system;
the application unit is used for responding to the required memory size sent by the first memory management driver, calling a second memory management driver in the user operating system and applying for a free physical memory address which meets the required memory size in the user operating system; sending the applied physical memory address to a first memory management driver in the trusted execution environment;
the extension unit is used for responding to the physical memory address sent by the second memory management driver, calling the first memory management driver in the trusted execution environment and writing the physical memory address into an extended memory list of the secure memory space; and the security application program uses the physical memory space corresponding to the physical memory address in the extended memory list.
According to a fourth aspect of the embodiments of the present specification, there is provided a secure memory releasing apparatus, which is applied to a terminal device; the terminal equipment runs a user operating system and a trusted execution environment; the security application program and the first memory management driver run in the trusted execution environment, and the second memory management driver run in the user operating system; the trusted execution environment includes a secure memory space for use by the trusted application; the device comprises:
the request unit is used for responding to a secure memory release request triggered by a secure application program running in the trusted execution environment, calling a first memory management driver in the trusted execution environment, deleting a physical memory address in an extended memory list of the secure memory space based on a to-be-released physical memory address in the secure memory release request, and sending the deleted to-be-released physical memory address to a second memory management driver in the user operating system;
and the release unit is used for responding to the physical memory address to be released sent by the first memory management driver, calling a second memory management driver in the user operating system, and requesting to release the physical memory space corresponding to the physical memory address to be released in the user operating system.
According to a fifth aspect of embodiments herein, there is provided an electronic apparatus including:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to implement any one of the above secure memory expansion or release methods.
Through the technical scheme, on one hand, when the safe memory space in the trusted execution environment is insufficient, the safe application program can actively apply for expanding the safe memory, and the physical memory in the user operating system is converted into the safe memory for the safe application program to use. Thereby realizing the expansion of the secure memory space in the trusted execution environment.
On the other hand, the secure memory extended from the physical memory in the user operating system may be temporary; after the use of the secure memory space in the trusted execution environment is finished, the temporary secure memory can be released; i.e. returning the temporary secure memory address to the physical memory space in the user operating system. Thereby reducing the performance impact on the user operating system.
By implementing the secure memory extension scheme and the secure memory release scheme in a matching manner, the size of the secure memory space in the trusted execution environment can be flexibly and dynamically adjusted to meet the secure memory required by the secure application program.
Drawings
Fig. 1 is a system architecture diagram of a terminal device provided in an embodiment of the present specification;
fig. 2 is a flowchart of a secure memory expansion method according to an embodiment of the present disclosure;
fig. 3 is a system architecture diagram of a terminal device provided in an embodiment of the present specification;
fig. 4 is a flowchart of a secure memory release method according to an embodiment of the present disclosure;
fig. 5 is a hardware structure diagram of a secure memory expansion apparatus according to an embodiment of the present disclosure;
fig. 6 is a block diagram of a secure memory expansion apparatus according to an embodiment of the present disclosure;
fig. 7 is a hardware structure diagram of a secure memory release apparatus according to an embodiment of the present disclosure;
fig. 8 is a block diagram of a secure memory release apparatus according to an embodiment of the present disclosure.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The manner in which the following exemplary embodiments are described does not represent all manner consistent with this specification. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the specification, as detailed in the appended claims.
The terminology used in the description herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the description. As used in this specification and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items. Plural in this context may refer to two or more.
It should be understood that although the terms first, second, third, etc. may be used herein to describe various information, these information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, the first information may also be referred to as second information, and similarly, the second information may also be referred to as first information, without departing from the scope of the present specification. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
Referring to fig. 1, fig. 1 is a system architecture diagram of a terminal device provided in the present specification.
As shown in fig. 1, a user operating system and a Trusted Execution Environment (TEE) run in the terminal device.
A safe operating system which keeps isolation from a user operating system can be set up in the trusted execution environment, and a safe application program, a first memory management driver and a safe memory space controller run in the safe operating system. And independently opening up a memory space in the TEE as a safe memory space for the trusted application program to use. The secure memory space also corresponds to an extended memory list, and the extended memory list is used for managing extended secure memory addresses.
A second memory management driver is run in the user operating system. The user operating system also manages the physical memory space of the terminal device.
In the following, with reference to fig. 2, an embodiment of a secure memory extension method provided in this specification is applicable to a terminal device, where a user operating system and a trusted execution environment run in the terminal device shown in fig. 1; the security application program and the first memory management driver run in the trusted execution environment, and the second memory management driver run in the user operating system; the trusted execution environment includes a secure memory space for use by the trusted application; the method comprises the following steps:
step 202: responding to a secure memory expansion request triggered by a secure application program running in the trusted execution environment, calling a first memory management driver in the trusted execution environment to send the required memory size in the secure memory expansion request to a second memory management driver in the user operating system;
step 204: responding to the required memory size sent by the first memory management driver, calling a second memory management driver in the user operating system, and applying for a free physical memory address meeting the required memory size in the user operating system; sending the applied physical memory address to a first memory management driver in the trusted execution environment;
step 206: responding to a physical memory address sent by the second memory management driver, calling the first memory management driver in the trusted execution environment, and writing the physical memory address into an extended memory list of the secure memory space; and the security application program uses the physical memory space corresponding to the physical memory address in the extended memory list.
The Trusted Execution Environment (Trusted Execution Environment) is an independent secure Execution Environment that runs in parallel with a general operating system (i.e., a user operating system) loaded on the terminal device and is isolated from the general operating system, and the secure Execution Environment is used for providing secure services for the general Execution Environment loaded on the terminal device.
The technical solution adopted for mounting the TEE on the terminal device is not particularly limited in this specification, and those skilled in the art can flexibly select the TEE based on actual needs.
For example, in implementation, a TrustZone architecture of ARM corporation may be adopted, and a TEE environment may be installed on a terminal device. The TrustZone architecture is a hardware level security operation solution proposed by ARM corporation. The TrustZone architecture divides the system into two areas, namely TEE and REE (untrusted Execution Environment), and a general operating system (such as an Android system) loaded by the terminal equipment runs in the REE. The TEE has independent computation and storage resources and is completely isolated from the REE. All operations that require security (e.g., fingerprinting, cryptographic processing, data encryption/decryption, security authentication, etc.) are performed in the TEE, and the remaining operations that do not require security are performed in the REE.
On one hand, a secure operating system (secure OS) which is isolated from the user operating system may be further built in the TEE; such as Tee OS in the Android system.
When the method is realized, a small safe operating system which runs independently can be constructed in the safe environment of the TEE in a mode of loading the operating system kernel of the microkernel in the TEE.
Note that, the specific type of the operating system kernel installed in the TEE is not particularly limited in this specification; for example, it may be a Zircon-based operating system kernel.
On the other hand, a secure memory space may also be opened up in the TEE as a memory space used by trusted applications that need to run in a trusted execution environment.
In practical applications, because the size of the secure memory space is limited, when the memory required to be used by the secure application exceeds the current idle secure memory, the secure application may actively initiate a secure memory expansion request to the first memory management driver as shown in fig. 1. The secure memory expansion request carries the required memory size; the required memory size may refer to a memory size required by a service that the security application needs to process; or the memory size obtained by subtracting the currently idle secure memory from the memory size required by the service that needs to be processed by the secure application.
And the terminal equipment responds to a secure memory expansion request triggered by a secure application program running in the trusted execution environment, and calls a first memory management driver in the trusted execution environment to send the required memory size in the secure memory expansion request to a second memory management driver in the user operating system.
The first memory management driver and the second memory management driver are both a driver program used for transmitting information between the trusted execution environment and the user operating system.
In addition, secure communication needs to be achieved between the first memory management driver of the trusted execution environment and the second memory management driver of the user operating system through a secure communication protocol interface.
Because the trusted execution environment and the user operating system are isolated from each other; and data of the user operating system is not allowed to be freely transferred to the trusted execution environment for security of the trusted execution environment.
When implemented, the secure communication protocol interface may employ a Trusty API. The Trust API describes the Trust inter-process communication (IPC) system, including communication with the user's operating system. Applications running on the user's operating system may also use the Trust API to connect to secure applications in the trusted execution environment to exchange data therewith. The data format and semantics are determined by the application level protocol between the application programs. The reliability of the transmission is guaranteed by the underlying Trusty infrastructure and the communication can be done completely asynchronously. Simply, through the Trust API, data transmission between the first memory management driver in the trusted execution environment and the second memory management driver in the user operating system can be realized, and the safety and reliability of data transmission are ensured.
As shown in fig. 1, after receiving the required memory size sent by the first memory management driver, the second memory management driver in the user operating system is called, and the second memory management driver applies for a free physical memory address that matches (is greater than or equal to) the required memory size through a physical memory application interface of the user operating system. And the applied idle physical memory address is sent to the first memory management driver through the Trust API interface.
In implementations, the physical memory addresses may be contiguous physical memory addresses. This facilitates memory addressing, thereby improving processing efficiency.
As shown in fig. 1, after receiving a physical memory address sent by a second memory management driver, calling the first memory management driver in the trusted execution environment, and writing the physical memory address into an extended memory list of the secure memory space; and the security application program uses the physical memory space corresponding to the physical memory address in the extended memory list.
In implementation, the writing of the physical Memory address may be accomplished through an MMU (Memory Management Unit). The MMU is a control line in a Central Processing Unit (CPU) for managing a virtual memory and a physical memory, and is mainly responsible for mapping a virtual memory address to a physical memory address. In a trusted execution environment, a secure memory space is usually managed in a list form, a mapping relationship between a virtual memory address and a physical memory address is recorded in the list, and a secure application program usually accesses a memory of a terminal device using the virtual memory address. The safety memory expanded in the specification is temporary and needs to be released after use; for this purpose, a list for recording extended memory addresses, i.e. an extended memory list in this specification, may be provided.
As shown in fig. 1, in the system architecture diagram of the terminal device, a secure memory space controller is further included in the trusted execution environment. Accordingly, in step 206, before the first memory management driver in the trusted execution environment writes the physical memory address into the extended memory list of the secure memory space, the method further includes:
and calling a secure memory space controller running in the trusted execution environment, and configuring the physical memory address into a security attribute.
The expanded safe memory is a physical memory in a user operating system and is not special for a trusted execution environment; therefore, between the second memory management driver application is successful and the security application program starts to be used, the possibility that the application program in the user operating system is used first exists. Therefore, the memory space corresponding to the applied physical memory address is designated as the security attribute by configuring the secure memory space controller; the memory space with the set security attribute cannot be accessed and read by a user operating system. When implemented, the secure memory space controller may include a TZC500 module of an ARM.
By the technical scheme, when the safe memory space in the trusted execution environment is insufficient, the safe application program can actively apply for expanding the safe memory, and the physical memory in the user operating system is converted into the safe memory for the safe application program to use. Thereby realizing the expansion of the secure memory space in the trusted execution environment. Moreover, after the secure memory space is expanded, the secure application program can use the physical memory space corresponding to the physical memory address in the expanded memory list to process the user privacy-related service so as to protect the user data; the user data may be privacy data of the user (such as a password, a face image, an identification number, a mobile phone number, and the like), or personal data of the user (such as hobbies, family addresses, work addresses, and the like).
Referring to fig. 3, fig. 3 is a system architecture diagram of a terminal device provided in the present specification.
The terminal device shown in fig. 3, which is the same as fig. 1, runs therein a user operating system and a trusted execution environment.
A safe operating system which keeps isolation from a user operating system can be set up in the trusted execution environment, and a safe application program, a first memory management driver and a safe memory space controller run in the safe operating system. And independently opening up a memory space in the TEE as a safe memory space for the trusted application program to use. The secure memory space also corresponds to an extended memory list, and the extended memory list is used for managing extended secure memory addresses.
A second memory management driver is run in the user operating system. The user operating system also manages the physical memory space of the terminal device.
Corresponding to the secure memory extension embodiment shown in fig. 2, the present specification further provides an embodiment of a secure memory release method shown in fig. 4, where the method is applied to a terminal device, and a user operating system and a trusted execution environment run in the terminal device shown in fig. 3; the security application program and the first memory management driver run in the trusted execution environment, and the second memory management driver run in the user operating system; the trusted execution environment includes a secure memory space for use by the trusted application; the method comprises the following steps:
step 302: responding to a secure memory release request triggered by a secure application program running in the trusted execution environment, calling a first memory management driver in the trusted execution environment to delete a physical memory address in an extended memory list of the secure memory space based on a to-be-released physical memory address in the secure memory release request, and sending the deleted to-be-released physical memory address to a second memory management driver in the user operating system;
step 304: and responding to the physical memory address to be released sent by the first memory management driver, calling a second memory management driver in the user operating system, and requesting to release a physical memory space corresponding to the physical memory address to be released in the user operating system.
The trusted execution environment is the same as the trusted execution environment in the embodiment shown in fig. 2, and is not described here again.
After the secure memory is applied to the physical memory through the secure memory extension embodiment, the secure application program in the trusted execution environment has enough secure memory space to use. After the security application program completes the security processing, the security memory is not needed to be used any more, and at this time, if the security memory occupied by the security application program contains all or part of the extended security memory, the extended security memory can be released, that is, the extended security memory is returned to the physical memory space of the user operating system. As shown in fig. 3, the secure application may actively initiate a secure memory release request to the first memory management driver. Wherein, the secure memory expansion request carries a memory address to be released; the memory address to be released may refer to a physical memory address located in the extended memory list. When the physical memory addresses that are applied for are continuous physical memory addresses, the physical memory addresses to be released here are also continuous physical memory addresses.
And the terminal equipment responds to a secure memory release request triggered by a secure application program running in the trusted execution environment, calls a first memory management driver in the trusted execution environment to delete a physical memory address to be released in an extended memory list of a secure memory space, and sends the deleted physical memory address to be released to a second memory management driver in the user operating system.
In implementation, the deletion of the physical memory address to be released may be accomplished through the MMU. The extended memory list shown in fig. 2 is a list for recording extended memory addresses, and specifically records physical memory addresses of the second memory management driver application. The pending memory addresses are typically removed from the extended memory list to ensure that these physical memory addresses are not reused by the security application in the executable environment.
The first memory management driver and the second memory management driver are both a driver program used for transmitting information between the trusted execution environment and the user operating system. And the first memory management driver of the trusted execution environment and the second memory management driver of the user operating system need to realize safe communication through a safe communication protocol interface. Because the trusted execution environment and the user operating system are isolated from each other; and data of the user operating system is not allowed to be freely transferred to the trusted execution environment for security of the trusted execution environment. When implemented, the secure communication protocol interface may employ a Trusty API. The Trust API is the same as that in the embodiment of FIG. 2, and is not described herein again.
As shown in fig. 3, in the system architecture diagram of the terminal device, a secure memory space controller is further included in the trusted execution environment. Correspondingly, in step 302, before the sending, by the first memory management driver in the trusted execution environment, the deleted physical memory address to be released to the second memory management driver in the user operating system, the method further includes:
and if the physical memory address to be released is configured with the security attribute, calling a secure memory space controller running in the trusted execution environment, and deleting the security attribute configured by the physical memory address to be released.
The physical memory address to be released is configured with security attributes, and cannot be accessed and read by a user operating system; therefore, the configured security attribute needs to be deleted to ensure that the part of the physical memory can be used by the user operating system after being released. When implemented, the secure memory space controller may include a TZC500 module of an ARM.
As shown in fig. 3, after receiving a physical memory address to be released sent by a first memory management driver, a second memory management driver in the user operating system is called, and a physical memory space corresponding to the physical memory address to be released is requested to be released in the user operating system. And when the successful releasing message is received, releasing the physical memory temporarily occupied by the trusted execution environment, wherein the released physical memory cannot be used by the application program in the trusted execution environment and only can be used by the user operating system.
As shown in fig. 3, after successfully releasing the physical memory space corresponding to the physical memory address to be released in the user operating system, the method further includes:
calling a second memory management driver in the user operating system, and sending a notification that the release of the physical memory address to be released is successful to a first memory management driver in the trusted execution environment;
further, in response to the notification sent by the second memory management driver, the first memory management driver in the trusted execution environment is called to send a notification that the release of the physical memory address to be released is successful to the security application program.
And through a secure communication protocol interface, successfully releasing the address of the memory to be released is notified and fed back to the first memory management driver, and then the first memory management driver is notified to a secure application program, so that a message feedback mechanism is realized.
By the technical scheme, the safety memory expanded from the physical memory in the user operating system can be temporary; after the use of the secure memory space in the trusted execution environment is finished, the temporary secure memory can be released; i.e. returning the temporary secure memory address to the physical memory space in the user operating system. Thereby reducing the performance impact on the user operating system.
By implementing the secure memory extension scheme and the secure memory release scheme in a matching manner, the size of the secure memory space in the trusted execution environment can be flexibly and dynamically adjusted to meet the secure memory required by the secure application program.
Corresponding to the foregoing embodiments of the secure memory expansion method, this specification further provides embodiments of a secure memory expansion apparatus. The device embodiments may be implemented by software, or by hardware, or by a combination of hardware and software. The software implementation is taken as an example, and as a logical device, the device is formed by reading corresponding computer business program instructions in the nonvolatile memory into the memory for operation through the processor of the device in which the device is located. From a hardware aspect, as shown in fig. 5, the hardware structure diagram of the device in which the secure memory extension apparatus is located in this specification is shown, except for the processor, the network interface, the memory, and the nonvolatile memory shown in fig. 5, the device in which the apparatus is located in the embodiment generally extends an actual function according to the secure memory, and may further include other hardware, which is not described again.
Referring to fig. 6, a block diagram of a secure memory expansion apparatus according to an embodiment of the present disclosure is shown, where the apparatus corresponds to the embodiment shown in fig. 2 and is applied to a terminal device; the terminal equipment runs a user operating system and a trusted execution environment; the security application program and the first memory management driver run in the trusted execution environment, and the second memory management driver run in the user operating system; the trusted execution environment includes a secure memory space for use by the trusted application; the device comprises:
a requesting unit 402, configured to, in response to a secure memory expansion request triggered by a secure application running in the trusted execution environment, invoke a first memory management driver in the trusted execution environment to send a required memory size in the secure memory expansion request to a second memory management driver in the user operating system;
an applying unit 404, configured to invoke a second memory management driver in the user operating system in response to the size of the required memory sent by the first memory management driver, and apply for a free physical memory address that meets the size of the required memory in the user operating system; sending the applied physical memory address to a first memory management driver in the trusted execution environment;
the extension unit 406, in response to the physical memory address sent by the second memory management driver, invokes the first memory management driver in the trusted execution environment, and writes the physical memory address into an extended memory list of the secure memory space; and the security application program uses the physical memory space corresponding to the physical memory address in the extended memory list.
Optionally, the apparatus further comprises:
the second request unit is used for responding to a secure memory release request triggered by a secure application program running in the trusted execution environment, calling a first memory management driver in the trusted execution environment to delete a physical memory address in an extended memory list of the secure memory space based on a to-be-released physical memory address in the secure memory release request, and sending the deleted to-be-released physical memory address to a second memory management driver in the user operating system;
and the release unit is used for responding to the physical memory address to be released sent by the first memory management driver, calling a second memory management driver in the user operating system, and requesting to release the physical memory space corresponding to the physical memory address to be released in the user operating system.
Optionally, the first memory management driver of the trusted execution environment and the second memory management driver of the user operating system implement secure communication through a secure communication protocol interface.
Optionally, the secure communication protocol interface includes a Trusty API.
Optionally, the extension unit 406 is further configured to, before the first memory management driver in the trusted execution environment writes the physical memory address into the extended memory list of the secure memory space, invoke a secure memory space controller running in the trusted execution environment, and configure the physical memory address as a security attribute.
Optionally, the second request unit is further configured to, before the first memory management driver in the trusted execution environment sends the deleted to-be-released physical memory address to the second memory management driver in the user operating system, if the to-be-released physical memory address is configured with a security attribute, invoke a secure memory space controller running in the trusted execution environment, and delete the security attribute configured with the to-be-released physical memory address.
Optionally, the secure memory space controller includes a TZC500 module of an ARM.
Optionally, the apparatus further comprises:
the first notification unit is used for calling a second memory management driver in the user operating system after the release unit successfully releases the physical memory space corresponding to the physical memory address to be released, and sending a notification that the physical memory address to be released is successfully released to a first memory management driver in the trusted execution environment;
and the second notification unit is used for responding to the notification sent by the second memory management driver, calling the first memory management driver in the trusted execution environment and sending the notification that the release of the physical memory address to be released is successful to the security application program.
Optionally, the physical memory address is a continuous physical memory address.
Corresponding to the foregoing embodiments of the method for releasing secure memory, the present specification further provides embodiments of a secure memory releasing apparatus. The device embodiments may be implemented by software, or by hardware, or by a combination of hardware and software. The software implementation is taken as an example, and as a logical device, the device is formed by reading corresponding computer business program instructions in the nonvolatile memory into the memory for operation through the processor of the device in which the device is located. From a hardware aspect, as shown in fig. 7, the hardware structure diagram of the device where the secure memory releasing apparatus is located in this specification is shown, except for the processor, the network interface, the memory, and the nonvolatile memory shown in fig. 7, the device where the apparatus is located in the embodiment usually releases an actual function according to the secure memory, and may further include other hardware, which is not described again.
Please refer to fig. 8, which is a block diagram of a secure memory releasing apparatus according to an embodiment of the present disclosure, where the apparatus corresponds to the embodiment shown in fig. 4 and is applied to a terminal device; the terminal equipment runs a user operating system and a trusted execution environment; the security application program and the first memory management driver run in the trusted execution environment, and the second memory management driver run in the user operating system; the trusted execution environment includes a secure memory space for use by the trusted application; the device comprises:
a request unit 502, configured to, in response to a secure memory release request triggered by a secure application running in the trusted execution environment, invoke a first memory management driver in the trusted execution environment to delete a physical memory address in an extended memory list of the secure memory space based on a to-be-released physical memory address in the secure memory release request, and send the deleted to-be-released physical memory address to a second memory management driver in the user operating system;
a releasing unit 504, configured to invoke a second memory management driver in the user operating system in response to the physical memory address to be released sent by the first memory management driver, and request, in the user operating system, to release the physical memory space corresponding to the physical memory address to be released.
Optionally, the apparatus further comprises:
a first notification unit, configured to, after the release unit 504 successfully releases the physical memory space corresponding to the physical memory address to be released, invoke a second memory management driver in the user operating system, and send a notification that the physical memory address to be released is successfully released to a first memory management driver in the trusted execution environment;
and the second notification unit is used for responding to the notification sent by the second memory management driver, calling the first memory management driver in the trusted execution environment and sending the notification that the release of the physical memory address to be released is successful to the security application program.
Optionally, the first memory management driver of the trusted execution environment and the second memory management driver of the user operating system implement secure communication through a secure communication protocol interface.
Optionally, the secure communication protocol interface includes a Trusty API.
Optionally, the requesting unit 502 is further configured to, before the first memory management driver in the trusted execution environment sends the deleted to-be-released physical memory address to the second memory management driver in the user operating system, if the to-be-released physical memory address is configured with a security attribute, invoke a secure memory space controller running in the trusted execution environment, and delete the security attribute configured with the to-be-released physical memory address.
Optionally, the secure memory space controller includes a TZC500 module of an ARM.
Optionally, the physical memory addresses to be released are continuous physical memory addresses.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. A typical implementation device is a computer, which may take the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email messaging device, game console, tablet computer, wearable device, or a combination of any of these devices.
The implementation process of the functions and actions of each unit in the above device is specifically described in the implementation process of the corresponding step in the above method, and is not described herein again.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules can be selected according to actual needs to achieve the purpose of the solution in the specification. One of ordinary skill in the art can understand and implement it without inventive effort.
Fig. 6 above describes the internal functional modules and the structural schematic of the secure memory expansion apparatus, and the substantial execution subject may be an electronic device, including:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured as any one of the aforementioned methods for secure memory expansion.
Fig. 8 above describes the internal functional modules and the structural schematic of the secure memory releasing apparatus, and the substantial execution subject may be an electronic device, including:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to perform any one of the above-described methods for secure memory release.
In the above embodiments of the electronic device, it should be understood that the Processor may be a Central Processing Unit (CPU), other general-purpose processors, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), etc. The general-purpose processor may be a microprocessor, or the processor may be any conventional processor, and the aforementioned memory may be a read-only memory (ROM), a Random Access Memory (RAM), a flash memory, a hard disk, or a solid state disk. The steps of a method disclosed in connection with the embodiments of the present specification may be embodied directly in a hardware processor, or in a combination of the hardware and software modules of the processor.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the embodiment of the electronic device, since it is substantially similar to the embodiment of the method, the description is simple, and for the relevant points, reference may be made to part of the description of the embodiment of the method.
Other embodiments of the present disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the embodiments disclosed herein. This specification is intended to cover any variations, uses, or adaptations of the specification following, in general, the principles of the specification and including such departures from the present disclosure as come within known or customary practice within the art to which the specification pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the specification being indicated by the following claims.
It will be understood that the present description is not limited to the precise arrangements described above and shown in the drawings, and that various modifications and changes may be made without departing from the scope thereof. The scope of the present description is limited only by the appended claims.

Claims (19)

1. A secure memory expansion method is applied to terminal equipment; the terminal equipment runs a user operating system and a trusted execution environment; the security application program and the first memory management driver run in the trusted execution environment, and the second memory management driver run in the user operating system; the trusted execution environment includes a secure memory space for use by the trusted application; the method comprises the following steps:
responding to a secure memory expansion request triggered by a secure application program running in the trusted execution environment, calling a first memory management driver in the trusted execution environment to send the required memory size in the secure memory expansion request to a second memory management driver in the user operating system;
responding to the required memory size sent by the first memory management driver, calling a second memory management driver in the user operating system, and applying for a free physical memory address meeting the required memory size in the user operating system; sending the applied physical memory address to a first memory management driver in the trusted execution environment;
responding to a physical memory address sent by the second memory management driver, calling the first memory management driver in the trusted execution environment, and writing the physical memory address into an extended memory list of the secure memory space; and the security application program uses the physical memory space corresponding to the physical memory address in the extended memory list.
2. The method of claim 1, further comprising:
responding to a secure memory release request triggered by a secure application program running in the trusted execution environment, calling a first memory management driver in the trusted execution environment to delete a physical memory address in an extended memory list of the secure memory space based on a to-be-released physical memory address in the secure memory release request, and sending the deleted to-be-released physical memory address to a second memory management driver in the user operating system;
and responding to the physical memory address to be released sent by the first memory management driver, calling a second memory management driver in the user operating system, and requesting to release a physical memory space corresponding to the physical memory address to be released in the user operating system.
3. The method of claim 1 or 2, wherein the first memory management driver of the trusted execution environment and the second memory management driver of the user operating system implement secure communication through a secure communication protocol interface.
4. The method of claim 3, the secure communication protocol interface comprising a Trust API.
5. The method of claim 1, prior to the first memory management driver in the trusted execution environment writing the physical memory address to the extended memory list of the secure memory space, further comprising:
and calling a secure memory space controller running in the trusted execution environment, and configuring the physical memory address into a security attribute.
6. The method of claim 2, before the first memory management driver in the trusted execution environment sends the deleted to-be-released physical memory address to the second memory management driver in the user operating system, further comprising:
and if the physical memory address to be released is configured with the security attribute, calling a secure memory space controller running in the trusted execution environment, and deleting the security attribute configured by the physical memory address to be released.
7. The method of claim 5 or 6, the secure memory space controller comprising a TZC500 module of ARM.
8. The method according to claim 2, further comprising, after successfully releasing the physical memory space corresponding to the physical memory address to be released in the user operating system:
calling a second memory management driver in the user operating system, and sending a notification that the release of the physical memory address to be released is successful to a first memory management driver in the trusted execution environment;
and responding to the notification sent by the second memory management driver, and calling the first memory management driver in the trusted execution environment to send the notification that the release of the physical memory address to be released is successful to the security application program.
9. The method of claim 1, the physical memory addresses being contiguous physical memory addresses.
10. A secure memory release method is applied to terminal equipment; the terminal equipment runs a user operating system and a trusted execution environment; the security application program and the first memory management driver run in the trusted execution environment, and the second memory management driver run in the user operating system; the trusted execution environment includes a secure memory space for use by the trusted application; the method comprises the following steps:
responding to a secure memory release request triggered by a secure application program running in the trusted execution environment, calling a first memory management driver in the trusted execution environment to delete a physical memory address in an extended memory list of the secure memory space based on a to-be-released physical memory address in the secure memory release request, and sending the deleted to-be-released physical memory address to a second memory management driver in the user operating system;
and responding to the physical memory address to be released sent by the first memory management driver, calling a second memory management driver in the user operating system, and requesting to release a physical memory space corresponding to the physical memory address to be released in the user operating system.
11. The method as claimed in claim 10, further comprising, after successfully releasing the physical memory space corresponding to the physical memory address to be released in the user operating system:
calling a second memory management driver in the user operating system, and sending a notification that the release of the physical memory address to be released is successful to a first memory management driver in the trusted execution environment;
and responding to the notification sent by the second memory management driver, and calling the first memory management driver in the trusted execution environment to send the notification that the release of the physical memory address to be released is successful to the security application program.
12. The method of claim 10, wherein the first memory management driver of the trusted execution environment and the second memory management driver of the user operating system are configured to communicate securely via a secure communication protocol interface.
13. The method of claim 12, the secure communication protocol interface comprising a Trusty API.
14. The method of claim 10, before the first memory management driver in the trusted execution environment sends the deleted to-be-released physical memory address to the second memory management driver in the user operating system, further comprising:
and if the physical memory address to be released is configured with the security attribute, calling a secure memory space controller running in the trusted execution environment, and deleting the security attribute configured by the physical memory address to be released.
15. The method of claim 14, the secure memory space controller comprising a TZC500 module of ARM.
16. The method of claim 10, the physical memory addresses to be released being contiguous physical memory addresses.
17. A safe memory expansion device is applied to terminal equipment; the terminal equipment runs a user operating system and a trusted execution environment; the security application program and the first memory management driver run in the trusted execution environment, and the second memory management driver run in the user operating system; the trusted execution environment includes a secure memory space for use by the trusted application; the device comprises:
the request unit is used for responding to a secure memory expansion request triggered by a secure application program running in the trusted execution environment, calling a first memory management driver in the trusted execution environment and sending the required memory size in the secure memory expansion request to a second memory management driver in the user operating system;
the application unit is used for responding to the required memory size sent by the first memory management driver, calling a second memory management driver in the user operating system and applying for a free physical memory address which meets the required memory size in the user operating system; sending the applied physical memory address to a first memory management driver in the trusted execution environment;
the extension unit is used for responding to the physical memory address sent by the second memory management driver, calling the first memory management driver in the trusted execution environment and writing the physical memory address into an extended memory list of the secure memory space; and the security application program uses the physical memory space corresponding to the physical memory address in the extended memory list.
18. A safe memory release device is applied to terminal equipment; the terminal equipment runs a user operating system and a trusted execution environment; the security application program and the first memory management driver run in the trusted execution environment, and the second memory management driver run in the user operating system; the trusted execution environment includes a secure memory space for use by the trusted application; the device comprises:
the request unit is used for responding to a secure memory release request triggered by a secure application program running in the trusted execution environment, calling a first memory management driver in the trusted execution environment, deleting a physical memory address in an extended memory list of the secure memory space based on a to-be-released physical memory address in the secure memory release request, and sending the deleted to-be-released physical memory address to a second memory management driver in the user operating system;
and the release unit is used for responding to the physical memory address to be released sent by the first memory management driver, calling a second memory management driver in the user operating system, and requesting to release the physical memory space corresponding to the physical memory address to be released in the user operating system.
19. An electronic device, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured as the method of any of the preceding claims 1-16.
CN202010244195.XA 2020-03-31 2020-03-31 Secure memory expansion and release method and device and electronic equipment Pending CN111459673A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010244195.XA CN111459673A (en) 2020-03-31 2020-03-31 Secure memory expansion and release method and device and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010244195.XA CN111459673A (en) 2020-03-31 2020-03-31 Secure memory expansion and release method and device and electronic equipment

Publications (1)

Publication Number Publication Date
CN111459673A true CN111459673A (en) 2020-07-28

Family

ID=71685140

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010244195.XA Pending CN111459673A (en) 2020-03-31 2020-03-31 Secure memory expansion and release method and device and electronic equipment

Country Status (1)

Country Link
CN (1) CN111459673A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112291086A (en) * 2020-10-16 2021-01-29 苏州浪潮智能科技有限公司 Memory capacity expansion method, system and device of switch
CN113608775A (en) * 2021-06-18 2021-11-05 天津津航计算技术研究所 Flow configuration method based on direct memory read-write
WO2024060853A1 (en) * 2022-09-23 2024-03-28 支付宝(杭州)信息技术有限公司 Method, device and apparatus for dynamically configuring secure memory, and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105094997A (en) * 2015-09-10 2015-11-25 重庆邮电大学 Method and system for sharing physical memory among cloud computing host nodes
CN108762919A (en) * 2018-05-17 2018-11-06 桂林长海发展有限责任公司 A kind of program internal memory processing system and method
CN109426742A (en) * 2017-08-23 2019-03-05 深圳市中兴微电子技术有限公司 A kind of secure memory dynamic management system and method based on credible performing environment

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105094997A (en) * 2015-09-10 2015-11-25 重庆邮电大学 Method and system for sharing physical memory among cloud computing host nodes
CN109426742A (en) * 2017-08-23 2019-03-05 深圳市中兴微电子技术有限公司 A kind of secure memory dynamic management system and method based on credible performing environment
CN108762919A (en) * 2018-05-17 2018-11-06 桂林长海发展有限责任公司 A kind of program internal memory processing system and method

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112291086A (en) * 2020-10-16 2021-01-29 苏州浪潮智能科技有限公司 Memory capacity expansion method, system and device of switch
CN113608775A (en) * 2021-06-18 2021-11-05 天津津航计算技术研究所 Flow configuration method based on direct memory read-write
CN113608775B (en) * 2021-06-18 2023-10-13 天津津航计算技术研究所 Flow configuration method based on memory direct reading and writing
WO2024060853A1 (en) * 2022-09-23 2024-03-28 支付宝(杭州)信息技术有限公司 Method, device and apparatus for dynamically configuring secure memory, and storage medium

Similar Documents

Publication Publication Date Title
US11093558B2 (en) Providing accountability of blockchain queries
US8631482B2 (en) Method for managing computer resources accessed by a program operating in a restricted environment
KR101483839B1 (en) Protecting video content using virtualization
WO2021036706A1 (en) Trusted application operation method and information processing and memory allocation method and apparatus
US11847225B2 (en) Blocking access to firmware by units of system on chip
CN111459673A (en) Secure memory expansion and release method and device and electronic equipment
US10068068B2 (en) Trusted timer service
US10877903B2 (en) Protected memory area
US10528749B2 (en) Methods and apparatus for containerized secure computing resources
KR101837678B1 (en) Computing apparatus based on trusted execution environment
CN115378735B (en) Data processing method and device, storage medium and electronic equipment
CN112231124B (en) Inter-application communication method and device based on privacy protection
CN104937904A (en) Copy offload for disparate offload providers
CN113302613B (en) Bypass protection
CN110807191B (en) Safe operation method and device of application program
EP3586234B1 (en) Methods and apparatus for controlling access to secure computing resources
CN115706981A (en) Key negotiation method and electronic equipment
WO2023103697A1 (en) Communication method in computer system, and related product
CN111666579B (en) Computer device, access control method thereof and computer readable medium
WO2020187008A1 (en) Service invocation control method, service invocation method, device, and terminal
CN114356870A (en) Cross-device data sharing method and related devices
CN116226870B (en) Security enhancement system and method
CN110765426A (en) Equipment permission setting method, device, equipment and computer storage medium
WO2019127468A1 (en) Grouped application using same key for sharing data
WO2022100247A1 (en) Method for switching execution environment and related device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 40034049

Country of ref document: HK