CN116340243A - Dual-core trusted execution security chip architecture - Google Patents
Dual-core trusted execution security chip architecture Download PDFInfo
- Publication number
- CN116340243A CN116340243A CN202310321125.3A CN202310321125A CN116340243A CN 116340243 A CN116340243 A CN 116340243A CN 202310321125 A CN202310321125 A CN 202310321125A CN 116340243 A CN116340243 A CN 116340243A
- Authority
- CN
- China
- Prior art keywords
- core
- secure
- processor core
- ree
- tee
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004891 communication Methods 0.000 claims abstract description 41
- 230000002093 peripheral effect Effects 0.000 claims abstract description 29
- 230000007246 mechanism Effects 0.000 claims abstract description 17
- 238000000034 method Methods 0.000 claims description 12
- 230000008569 process Effects 0.000 claims description 12
- 230000009977 dual effect Effects 0.000 claims description 9
- 238000002955 isolation Methods 0.000 claims description 6
- 238000012545 processing Methods 0.000 claims description 4
- 101100217298 Mus musculus Aspm gene Proteins 0.000 claims description 3
- 238000013461 design Methods 0.000 abstract description 3
- 238000004364 calculation method Methods 0.000 description 6
- 230000004044 response Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 101100435070 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) APN2 gene Proteins 0.000 description 1
- 101100268779 Solanum lycopersicum ACO1 gene Proteins 0.000 description 1
- 230000002159 abnormal effect Effects 0.000 description 1
- 239000004204 candelilla wax Substances 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000001105 regulatory effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F15/00—Digital computers in general; Data processing equipment in general
- G06F15/16—Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
- G06F15/163—Interprocessor communication
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a dual-core trusted execution security chip architecture, which adopts a layered bus design, wherein a first layer of AHB bus is in a completely isolated security world, the TEE processor core world and the REE processor core world are completely isolated, the security of TEE security core data is ensured, all slave devices of a second layer of AHB bus can be accessed by the TEE processor core, the REE processor core can limit the access authority to the slave devices of the second layer of AHB bus through an IOPMP, a third layer of AHB bus is connected with peripheral IP through a secure APB bus and a non-secure APB bus, and meanwhile, the TEE processor core and the REE processor core carry out inter-core communication through a second layer of AHB bus based on a Mailbox communication mechanism, so that the technical problems that the existing TEE hardware SoC architecture is difficult to ensure the data security of the TEE security core and the efficient operation of the REE computing core are solved.
Description
Technical Field
The invention relates to the technical field of chips, in particular to a dual-core trusted execution security chip architecture.
Background
The TEE (Trusted Execution Environment, terminal security area) system as a whole contains two parts, re (Rich Execution Environment, rich execution environment, also called general execution environment) and TEE (Trusted execution environment ). At the SoC level, since one TEE System has two different execution environments, it is very suitable to use two CPUs to run the two environments, and at the same time, the parallelism of dual cores also improves the performance of the SoC (System on Chip).
The existing TEE hardware SoC architecture uses a 32-bit MCU to execute sensitive data and programs, and the other is a RISC-V processor capable of running 64-bit programs, in the SoC, the MCU adopts an insulated Bus to realize strong isolation of the sensitive data and REE, so that the data safety is improved. However, the 32bit MCU of the whole SoC system in complete safety isolation is only used in the sBL (start bootloader) and ZSBL (Zeroth Stage Boot Loader) stages of Boot, and the RISCV processor starts the TEE program execution after FSBL (First Stage Boot Loader), and two communication channels of heterogeneous processing are not built. Therefore, it is difficult to ensure data security of the TEE security core and efficient operation of the REE computing core.
Disclosure of Invention
The embodiment of the invention provides a dual-core trusted execution security chip architecture, which is used for solving the technical problems that the existing TEE hardware SoC architecture is difficult to ensure the data security of a TEE security core and the efficient operation of a REE computing core.
In view of this, a first aspect of the present invention provides a dual-core trusted execution security chip architecture, including a TEE processor core and a REE processor core;
the TEE processor core is in an internal isolation environment and is used for executing the secure start work of the SoC and processing communication transactions with the REE processor core;
the REE processor core is in an open environment, and the access authority is restrained by adopting the IOPMP;
the TEE processor core is connected with a starting memory block, a zeroth-stage starting loading block and a REE processor core starting unit through a first-layer AHB bus, wherein the starting memory block is used for storing the most original bootstrap program, and the zeroth-stage starting loading block is used for storing the zeroth-stage starting program;
the REE processor core and the TEE processor core are connected with the second-layer AHB bus;
the second-layer AHB bus is connected with the encryption core hardware unit, and the encryption core hardware unit restricts the access authority of the REE processor core through the IOPMP;
the second-layer AHB bus is connected with the processor running main memory, and the processor running main memory is used for storing program codes running in the TEE and REE environments;
the TEE processor core and the REE processor core perform inter-core communication through a second layer AHB bus based on a Mailbox communication mechanism;
the second layer AHB bus is connected with the third layer AHB bus, and the third layer AHB bus is connected with the peripheral IP through the secure APB bus and the non-secure APB bus.
Optionally, the peripheral device includes a secure peripheral device and an unsafe peripheral device, the secure peripheral device includes a secure serial port and a secure timer, the unsafe peripheral device includes an unsafe serial port and an unsafe timer, the secure peripheral device is connected with the third layer AHB bus through a secure APB bus, and the unsafe peripheral device is connected with the third layer AHB bus through an unsafe APB bus.
Optionally, the IOPMP includes four memory domains, eight entries under each memory domain, each entry having a CFG register and an ADDR register.
Optionally, the number of IOPMP is plural, and the plural IOPMP are cascaded.
Optionally, the Mailbox communication mechanism adopts a multi-level access control mechanism, in which, for a service request initiated by a REE processor core process, a TEE processor core configures a multi-level access control policy, where the multi-level access control policy includes a low security direct access policy, a medium security integrity authentication policy, and a high security encryption authentication policy.
Optionally, the encryption core hardware unit employs RSA hardware encryption.
Alternatively, the RSA hardware encryption algorithm of the encryption core hardware unit is implemented by using a Montgomery algorithm, and a pseudo-random calculation is added in the modular exponentiation calculation.
Optionally, the encryption core hardware unit employs AES hardware encryption or SHA1 hardware encryption.
From the above technical solution, the dual-core trusted execution security chip architecture provided by the present invention has the following advantages:
the dual-core trusted execution security chip architecture provided by the invention adopts a layered bus design, a 3-layer bus is designed in total, the first-layer AHB bus is in a completely isolated security world, the TEE processor core is used as a main device to access all devices under the first-layer AHB bus, the first-layer AHB bus does not provide device access rights except the TEE processor core, the world of the TEE processor core and the world of the REE processor core are completely isolated, the security of TEE security core data is ensured, all slave devices of the second-layer AHB bus can be accessed by the TEE processor core, the REE processor core can limit the access rights to slave devices of the second-layer AHB bus through the IOPMP, the third-layer AHB bus is connected with peripheral IP through the secure APB bus and the non-secure APB bus, and meanwhile, the TEE processor core and the REE processor core are in inter-core communication through the second-layer AHB bus based on a Mailbox communication mechanism, and the technical problem that the existing TEE SoC architecture is difficult to ensure the security of the TEE security core data and the efficient operation of REE hardware is solved.
Meanwhile, the dual-core trusted execution security chip architecture provided by the invention restricts the access authority of the REE processor core through the IOPMP, and further improves the operation efficiency of the REE computing core.
Further, the dual-core trusted execution security chip architecture provided by the invention distributes different security levels for access aiming at the security of data communication by designing the Mailbox communication mechanism of multi-level access control, optimizes the security communication between dual cores, and ensures that the security chip architecture has better security assurance and calculation performance.
Drawings
For a clearer description of embodiments of the invention or of solutions according to the prior art, the figures which are used in the description of the embodiments or of the prior art will be briefly described, it being obvious that the figures in the description below are only some embodiments of the invention, from which, without the aid of inventive efforts, other relevant figures can be obtained for a person skilled in the art.
FIG. 1 is a block diagram of a dual-core trusted execution security chip architecture provided by the present invention;
fig. 2 is a schematic diagram of an IOPMP internal list distribution provided in the present invention.
Detailed Description
In order to make the present invention better understood by those skilled in the art, the following description will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings, and it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
For ease of understanding, referring to FIG. 1, an embodiment of a dual core trusted execution secure chip architecture is provided in the present invention, including a TEE processor core (i.e., a TEE CPU) and a REE processor core (i.e., a REE CPU). The TEE processor core is a TEE security core, and the REE processor core is a REE computing core. The TEE processor core and the REE processor core employ E902 RISC-V processor cores.
The TEE processor core is in an internally Isolated environment (Isolated System) for performing SoC secure boot operations and processing communication transactions with the REE processor core, such as acquiring IDs and encryption and decryption transactions.
The REE processor core is in an open environment, and the access rights are constrained by using IOPMP (i.e. an input-output device physical memory protection mechanism).
The TEE processor core is connected with a boot memory block (BootRom) used for storing the most original boot program, a zeroth-stage boot loading block (ZSBL RAM) used for storing the zeroth-stage boot program, and a REE processor core boot unit (bootre) through a first-layer AHB BUS (denoted as FL-AHB BUS). A starting memory block (BootRom), a zero-order starting loading block (ZSBL RAM) and a REE processor core starting unit (BootREE) are connected under a first layer AHB bus to form a completely Isolated SRAM, namely an Isolated System of a safety isolation System, so that the safety isolation storage of data is realized. The first layer AHB bus is a bus under an Isolated System, and in the secure world, the TEE processor core may be used as a master device to access all devices under the first layer AHB bus, such as a boot memory block (BootRom). However, the first layer AHB bus does not provide access rights except for the main device (i.e., the TEE processor core), so that the Isolated System is a security Isolated environment, internal data cannot be directly accessed, and data security of the TEE security core is ensured. Meanwhile, a REE processor core starting unit (BootREE) can be controlled by the TEE processor core to complete the starting of the REE processor core.
The REE processor core and the TEE processor core are both connected to a second layer AHB BUS (referred to as SL-AHB BUS).
The second layer AHB bus is connected with an encryption core hardware unit (encryption core), and the encryption core hardware unit (encryption core) restricts the access rights of the REE processor core through the IOPMP. All the slaves of the second tier AHB bus (e.g., the processor running Main Memory, the non-secure portal ETH0, and the secure portal ETH1 in fig. 1) are accessible to the TEE processor core. Meanwhile, the REE processor core limits the REE processor to check the access authority of the slave device of the second-layer AHB bus through the IOPMP.
The encryption core hardware unit (Crypto core) can adopt RSA hardware encryption, adopts Montgomery algorithm to realize RSA hardware encryption, and adds pseudo-random calculation in modular exponentiation calculation, thereby effectively improving the security. The encryption core hardware unit (Crypto core) may also employ AES hardware encryption or SHA1 hardware encryption.
The second layer AHB bus is connected to a processor run Main Memory (Main Memory) for storing program code running in the TEE and REE environments.
The TEE processor core and the REE processor core perform inter-core communication through a second layer AHB bus based on a Mailbox communication mechanism. T2R Mailbox (i.e., secure CPU to non-secure CPU communication Mailbox) is used when the TEE processor core transfers data to the REE processor core, and R2T Mailbox (i.e., non-secure CPU to secure CPU communication Mailbox) is used when the REE processor core transfers data to the TEE processor core.
The second layer AHB bus is connected with the third layer AHB bus, and the third layer AHB bus is connected with the peripheral IP through the secure APB bus and the non-secure APB bus. The secure APB bus and the non-secure APB bus are constrained by the peripheral IDs of the access master (TEE processor core and REE processor core), and if the peripheral ID of the access master is a secure peripheral, the access master is connected to the third layer AHB bus through the secure APB bus, and if the peripheral ID of the access master is a non-secure peripheral, the access master is connected to the third layer AHB bus through the non-secure APB bus. As shown in fig. 1, the secure peripheral includes a secure serial port (S-USI 1), a secure timer (S-TIM 0), the non-secure peripheral includes a non-secure serial port (N-USI 0) and a non-secure timer (NS-TIM 1), the secure peripheral (S-USI 1 and S-TIM 0) is connected to the third layer AHB bus through a secure APB bus (TL-AHB 2APB 0), and the non-secure peripheral (N-USI 0 and NS-TIM 1) is connected to the third layer AHB bus through a non-secure APB bus (TL-AHB 2APB 1).
In one embodiment, as shown in FIG. 2, the IOPMP includes four Memory Domains (MD), each with eight entries under each Domain, each having a CFG register and an ADDR register. The implementation mode of the IOPMP is as follows:
firstly, in the process of SoC secure boot, configuration of entries under each storage domain of the IOPMP is completed, as shown in fig. 2, where the IOPMP has 4 MDs in total, that is, MD0, MD1, MD2 and MD3. Each MD has 8 entries, entry0, entry1. Each entry has a CFG register and an ADDR register, respectively implementing address range constraints.
The master device input to the IOPMP has a SourceID (SID for short), and the IOPMP completes the reading of the MD right according to the SID. To reduce the resource occupation and bus latency of the IOPMP, the IOPMP can complete indexing of up to 4 SIDs, while having a total of 4 different memory domains.
After the MD authority of the corresponding SID is read, the IOPMP processes the table entry under the corresponding MD in parallel, judges whether the request address hits or not, if yes, the request address is effective, and completes signal output according to the bus protocol of the second AHB bus, and if not, an abnormal interrupt signal is generated to represent illegal access.
Since the IOPMP has a feature that security access control of finer granularity can be cascade-connected, when a single IOPMP is insufficient to restrict a security range, expansion can be performed by cascading a plurality of IOPMPs.
In a dual-core system-on-chip architecture, inter-processor communication is critical to achieving efficient performance of the SoC for data communication, event control, and resource sharing. When the cores share resources, in order to avoid the conflict of the shared resources, the resources need to be synchronized, so in order to fully utilize the advantages of the dual-core architecture, effective coordination between the cores is indispensable. The conventional Mailbox communication mechanism mainly completes data exchange among devices, and for the safety devices of the Internet of things, the safety requirement of data communication among dual cores is considered. For this reason, in the present invention, for the security of data communication, the Mailbox communication mechanism adopts a multi-level access control mechanism, in which, for a service request initiated by a process of the REE processor core, the TEE processor core configures a multi-level access control policy, where the multi-level access control policy includes a low-security direct access policy, a medium-security integrity authentication policy, and a high-security encryption authentication policy. For the direct access strategy, the REE computing core process access does not need to take any access control, the TEE security core directly provides service for the REE computing core, only the process meets the protocol of dual-core communication, for the integrity authentication strategy, the REE computing core process access needs to authenticate the identity authentication and the integrity of the REE computing core process when accessing the security area resource, the code or the data of the process is ensured not to be maliciously tampered, for the encryption authentication strategy, the REE computing core process access needs to carry out the integrity authentication and the encryption of communication data, such as the access of a secret key, the extraction or the modification of a fingerprint, the update of the security area data and the like. The encryption of the communication data is accomplished by an encryption core hardware unit (Crypto core).
The communication mode of the dual-core architecture adopts a shared memory communication mode, and the dual-core process can perform read-write communication through data in the shared memory according to an interaction protocol well regulated by each other. The communication mode based on shared storage has the characteristics of high transmission efficiency and large data volume. The shared memory adopts a read-write mode of the FIFO, so as to solve the read-write consistency problem of the shared memory, protect the data security of the TEE security core in the shared area, and divide a block of shared memory for the REE computing core and the TEE security core respectively.
Not only does the shared memory be the transmission medium between the dual cores, but a fast interrupt notification mechanism is also required. The dual cores are mutually notified through IPC interrupt, interrupt signals of the two interrupt signals in the respective domains have highest priority, and the two interrupt signals are respectively connected to the fast interrupt interfaces of the cores, so that the high efficiency and the real-time performance of dual-core communication are ensured. When the REE computing core needs to send an interrupt notice, an interrupt is generated to the TEE safety core through the interrupt setting register, and after the TEE safety core receives the interrupt, the interrupt clearing register clears the interrupt signal and returns an interrupt response signal to the REE computing core.
The dual-core communication protocol adopts an interactive mode of request and response, and the shared memory is used as a data exchange area of both parties. Typically the REE computing core acts as a requestor of the protocol and the TEE security core acts as a responder of the protocol. When the REE computing core needs to initiate a security service request to the TEE security core, firstly initializing an array pointer of a shared memory, distributing a block of idle area, preparing a command field and a data segment for initiating service, writing data into the idle memory area, writing a command field and a data writing address and a data length into the shared memory, then sending IPC interrupt, and waiting for a return interrupt response result of the TEE security core.
The dual-core trusted execution security chip architecture provided by the invention adopts a layered bus design, a 3-layer bus is designed in total, the first-layer AHB bus is in a completely isolated security world, the TEE processor core is used as a main device to access all devices under the first-layer AHB bus, the first-layer AHB bus does not provide device access rights except the TEE processor core, the world of the TEE processor core and the world of the REE processor core are completely isolated, the security of TEE security core data is ensured, all slave devices of the second-layer AHB bus can be accessed by the TEE processor core, the REE processor core can limit the access rights to slave devices of the second-layer AHB bus through the IOPMP, the third-layer AHB bus is connected with peripheral IP through the secure APB bus and the non-secure APB bus, and meanwhile, the TEE processor core and the REE processor core are in inter-core communication through the second-layer AHB bus based on a Mailbox communication mechanism, and the technical problem that the existing TEE SoC architecture is difficult to ensure the security of the TEE security core data and the efficient operation of REE hardware is solved.
Meanwhile, the dual-core trusted execution security chip architecture provided by the invention restricts the access authority of the REE processor core through the IOPMP, and further improves the operation efficiency of the REE computing core.
Further, the dual-core trusted execution security chip architecture provided by the invention distributes different security levels for access aiming at the security of data communication by designing the Mailbox communication mechanism of multi-level access control, optimizes the security communication between dual cores, and ensures that the security chip architecture has better security assurance and calculation performance.
The above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims (8)
1. A dual-core trusted execution secure chip architecture comprising a TEE processor core and a REE processor core;
the TEE processor core is in an internal isolation environment and is used for executing the secure start work of the SoC and processing communication transactions with the REE processor core;
the REE processor core is in an open environment, and the access authority is restrained by adopting the IOPMP;
the TEE processor core is connected with a starting memory block, a zeroth-stage starting loading block and a REE processor core starting unit through a first-layer AHB bus, wherein the starting memory block is used for storing the most original bootstrap program, and the zeroth-stage starting loading block is used for storing the zeroth-stage starting program;
the REE processor core and the TEE processor core are connected with the second-layer AHB bus;
the second-layer AHB bus is connected with the encryption core hardware unit, and the encryption core hardware unit restricts the access authority of the REE processor core through the IOPMP;
the second-layer AHB bus is connected with the processor running main memory, and the processor running main memory is used for storing program codes running in the TEE and REE environments;
the TEE processor core and the REE processor core perform inter-core communication through a second layer AHB bus based on a Mailbox communication mechanism;
the second layer AHB bus is connected with the third layer AHB bus, and the third layer AHB bus is connected with the peripheral IP through the secure APB bus and the non-secure APB bus.
2. The dual-core trusted execution security chip architecture of claim 1, wherein the peripherals include a secure peripheral and a non-secure peripheral, the secure peripheral includes a secure serial port, a secure timer, the non-secure peripheral includes a non-secure serial port and a non-secure timer, the secure peripheral is connected to the third tier AHB bus via a secure APB bus, and the non-secure peripheral is connected to the third tier AHB bus via a non-secure APB bus.
3. The dual core trusted execution security chip architecture of claim 1, wherein the IOPMP comprises four memory domains, eight entries under each memory domain, each entry having a CFG register and an ADDR register.
4. The dual core trusted execution security chip architecture of claim 3, wherein the number of iopms is a plurality, the plurality of iopms being cascaded.
5. The dual-core trusted execution security chip architecture of claim 1, wherein the Mailbox communication mechanism employs a multi-level access control mechanism in which a TEE processor core configures multi-level access control policies for service requests initiated by the REE processor core processes, wherein the multi-level access control policies include a low security direct access policy, a medium security integrity authentication policy, and a high security encryption authentication policy.
6. The dual-core trusted execution security chip architecture of claim 5, wherein the encryption core hardware unit employs RSA hardware encryption.
7. The dual-core trusted execution security chip architecture of claim 6, wherein the RSA hardware encryption algorithm that encrypts the core hardware unit is implemented using a montgomery algorithm and incorporates a pseudo-random computation in the modular exponentiation computation.
8. The dual-core trusted execution security chip architecture of claim 5, wherein the encryption core hardware unit employs AES hardware encryption or SHA1 hardware encryption.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310321125.3A CN116340243A (en) | 2023-03-29 | 2023-03-29 | Dual-core trusted execution security chip architecture |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310321125.3A CN116340243A (en) | 2023-03-29 | 2023-03-29 | Dual-core trusted execution security chip architecture |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116340243A true CN116340243A (en) | 2023-06-27 |
Family
ID=86894582
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310321125.3A Pending CN116340243A (en) | 2023-03-29 | 2023-03-29 | Dual-core trusted execution security chip architecture |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116340243A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117610025A (en) * | 2024-01-19 | 2024-02-27 | 国网信息通信产业集团有限公司 | Embedded operating system safety guiding method based on electric power intelligent terminal |
-
2023
- 2023-03-29 CN CN202310321125.3A patent/CN116340243A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117610025A (en) * | 2024-01-19 | 2024-02-27 | 国网信息通信产业集团有限公司 | Embedded operating system safety guiding method based on electric power intelligent terminal |
| CN117610025B (en) * | 2024-01-19 | 2024-04-05 | 国网信息通信产业集团有限公司 | Embedded operating system safety guiding method based on electric power intelligent terminal |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10831934B2 (en) | Management of authenticated variables | |
| US10726120B2 (en) | System, apparatus and method for providing locality assertion between a security processor and an enclave | |
| Porquet et al. | NoC-MPU: A secure architecture for flexible co-hosting on shared memory MPSoCs | |
| US8806110B2 (en) | Flexible memory protection and translation unit | |
| US8683115B2 (en) | Programmable mapping of external requestors to privilege classes for access protection | |
| EP2062145B1 (en) | Memory access security management | |
| US20070226795A1 (en) | Virtual cores and hardware-supported hypervisor integrated circuits, systems, methods and processes of manufacture | |
| US9805221B2 (en) | Incorporating access control functionality into a system on a chip (SoC) | |
| US7277972B2 (en) | Data processing system with peripheral access protection and method therefor | |
| US8799673B2 (en) | Seamlessly encrypting memory regions to protect against hardware-based attacks | |
| TW200834420A (en) | Data processor | |
| US8316414B2 (en) | Reconfiguring a secure system | |
| JP3982687B2 (en) | Controlling access to multiple isolated memories in an isolated execution environment | |
| WO2022116801A1 (en) | Peripheral component interconnect express protection controller | |
| TWI608378B (en) | An interface between a device and a secure processing environment | |
| JP4945053B2 (en) | Semiconductor device, bus interface device, and computer system | |
| US11366940B2 (en) | Secure-aware bus system | |
| US20110161644A1 (en) | Information processor | |
| US20050165783A1 (en) | Secure direct memory access through system controllers and similar hardware devices | |
| CN112835846A (en) | System on chip | |
| Zhang et al. | SoftME: A Software‐Based Memory Protection Approach for TEE System to Resist Physical Attacks | |
| CN116340243A (en) | Dual-core trusted execution security chip architecture | |
| JP2009296195A (en) | Encryption device using fpga with multiple cpu cores | |
| CN110851885A (en) | Embedded system safety protection architecture system | |
| JP2007109053A (en) | Bus access controller |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |