CN116361868A - Processing circuit, control system and control method - Google Patents
Processing circuit, control system and control method Download PDFInfo
- Publication number
- CN116361868A CN116361868A CN202211608149.9A CN202211608149A CN116361868A CN 116361868 A CN116361868 A CN 116361868A CN 202211608149 A CN202211608149 A CN 202211608149A CN 116361868 A CN116361868 A CN 116361868A
- Authority
- CN
- China
- Prior art keywords
- input
- circuit
- output port
- output
- setting
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 13
- 230000002093 peripheral effect Effects 0.000 claims abstract description 167
- 230000005540 biological transmission Effects 0.000 claims description 6
- 238000010586 diagram Methods 0.000 description 8
- 238000012905 input function Methods 0.000 description 7
- 102100029768 Histone-lysine N-methyltransferase SETD1A Human genes 0.000 description 4
- 101000865038 Homo sapiens Histone-lysine N-methyltransferase SETD1A Proteins 0.000 description 4
- 101100002926 Arabidopsis thaliana ASHR3 gene Proteins 0.000 description 2
- 101100218322 Arabidopsis thaliana ATXR3 gene Proteins 0.000 description 2
- 102100032742 Histone-lysine N-methyltransferase SETD2 Human genes 0.000 description 2
- 101100149326 Homo sapiens SETD2 gene Proteins 0.000 description 2
- LZHSWRWIMQRTOP-UHFFFAOYSA-N N-(furan-2-ylmethyl)-3-[4-[methyl(propyl)amino]-6-(trifluoromethyl)pyrimidin-2-yl]sulfanylpropanamide Chemical compound CCCN(C)C1=NC(=NC(=C1)C(F)(F)F)SCCC(=O)NCC2=CC=CO2 LZHSWRWIMQRTOP-UHFFFAOYSA-N 0.000 description 2
- 101100533304 Plasmodium falciparum (isolate 3D7) SETVS gene Proteins 0.000 description 2
- 101100042374 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) SET4 gene Proteins 0.000 description 2
- 101150117538 Set2 gene Proteins 0.000 description 2
- 101100043929 Arabidopsis thaliana SUVH2 gene Proteins 0.000 description 1
- 101100043931 Chlamydomonas reinhardtii SUVH3 gene Proteins 0.000 description 1
- 101150057295 SET3 gene Proteins 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 238000009429 electrical wiring Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/76—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Mathematical Physics (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Information Transfer Systems (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a processing circuit, a control system and a control method; the processing circuit comprises an attribute setting circuit, a control circuit and a combination circuit. The attribute setting circuit sets the security level of the first peripheral circuit according to a first peripheral setting, sets the security level of the second peripheral circuit according to a second peripheral setting, and generates a third access attribute. The control circuit determines the security level of the input/output port according to an output. When the operation mode of the input/output port is the general input/output mode, the combination circuit generates an output according to the third access attribute. When the operation mode of the input-output port is not the general input-output mode, the combination circuit generates an output according to the first access attribute or the second access attribute. The invention can improve the safety of the peripheral circuit.
Description
Technical Field
The present invention relates to a processing circuit, and more particularly, to a processing circuit for setting a security level of an input/output port.
Background
In modern computer systems or control systems, in order to improve the security of data, the security level of peripheral circuits inside the system is generally set. When a peripheral circuit has a high security level, only legal devices can communicate with the peripheral circuit of the high security level. The peripheral circuit may communicate with the external circuit using at least one input/output port. When the security level of the input/output port is different from that of the peripheral circuit, the peripheral circuit may not normally communicate with the external circuit.
Disclosure of Invention
An embodiment of the invention provides a processing circuit coupled between a first peripheral circuit, a second peripheral circuit and an input/output port, and comprising an attribute setting circuit, a control circuit and a combining circuit. The attribute setting circuit provides a first access attribute to the first peripheral circuit according to a first peripheral setting, and is used for setting the security level of the first peripheral circuit, and provides a second access attribute to the second peripheral circuit according to a second peripheral setting, and is used for setting the security level of the second peripheral circuit. The attribute setting circuit generates a third access attribute according to an input/output setting. The control circuit generates a control command according to a control setting and determines the security level of the input/output port according to an output. The combination circuit decodes the control command to determine whether the operation mode of the input/output port is a general input/output mode. When the operation mode of the input/output port is the general input/output mode, the combination circuit generates output according to the third access attribute. When the operation mode of the input-output port is not the general input-output mode, the combination circuit generates an output according to the first access attribute or the second access attribute.
The invention further provides a control system, which comprises a first peripheral circuit, a second peripheral circuit, a first input/output port and a processing circuit. The first peripheral circuit receives a first access attribute. The second peripheral circuit receives a second access attribute. The processing circuit is used for determining a security level of the first input/output port. When the processing circuit sets the operation mode of the first input/output port to be a general input/output mode according to a first control setting, the processing circuit determines the security level of the first input/output port according to a third access attribute. When the processing circuit sets the operation mode of the first input/output port not to be the general input/output mode according to the first control setting, the processing circuit determines the security level of the first input/output port according to the first access attribute or the second access attribute.
The present invention further provides a control method for controlling a security level of an input/output port, the control method comprising: setting a security level of a first peripheral circuit according to a first access attribute; setting a security level of a second peripheral circuit according to a second access attribute; according to a control setting, the operation mode of the input/output port is determined. When the operation mode of the input/output port is set to a general input/output mode, the security level of the input/output port is set according to a preset access attribute. When the operation mode of the input/output port is not set to the general input/output mode, the security level of the input/output port is set according to the first access attribute or the second access attribute.
The control method of the present invention may be implemented by the processing circuit or the control system of the present invention, which is hardware or firmware capable of executing specific functions, or may be embodied by program code means embodied in a recording medium and implemented in combination with specific hardware. When the program code is loaded into and executed by an electronic device, processor, computer, or machine, the electronic device, processor, computer, or machine becomes a processing circuit or control system for practicing the present invention.
In this embodiment, when the input/output port is operated in the multi-function mode, the security level of the input/output port is consistent with that of the peripheral circuit, so that the security of the peripheral circuit can be improved.
Drawings
FIG. 1 is a schematic diagram of a control system of the present invention.
Fig. 2 is a schematic diagram of a processing circuit according to one embodiment of the present invention.
FIG. 3 is another schematic diagram of the processing circuit of the present invention.
Fig. 4 is a schematic diagram of a decoding circuit according to the present invention.
Fig. 5 is a flow chart of the control method of the present invention.
Reference numerals
100: control system
102. 104: peripheral circuit
106. 200, 300: processing circuit
108 to 111: input/output port
Peri1_SA-PeriM_SA, IOG1_SA-IOGX_SA: access attributes io1_sa to ion_sa: output of
BS1 to BS6, 116, 118, 120: bus line
S1-SM: perimeter setting
IOG 1-IOGX: input/output settings
112: system bus
114: active device
IO1 to ION: control setting
122. 124, 126: external circuit
IOM 1-IOMN: control commands
IO [1 … N ] GPIO: IO mode set point
IO [1 … N ] MFP [1 … K ], IO [1 … N ] Peri [1 … K ]: MFP setting value
SET 1-SETN: control signal
210. 310: attribute setting circuit
220. 320: combined circuit
321: decoding circuit
230. 322, 340: control circuit
231-23N: register group
400: decoding circuit
DU1 to DUN: decoding unit
411. 412: multiplexer
S511 to S515: step (a)
Detailed Description
The present invention will be described in more detail with reference to the drawings, wherein the invention is not limited to the embodiments. The present description provides various examples to illustrate the features of various embodiments of the present invention. The arrangement of the elements in the embodiments is for illustration, and is not intended to limit the invention. In addition, the repetition of the reference numerals in the embodiments is for the purpose of simplicity and clarity and does not in itself dictate a relationship between the various embodiments.
FIG. 1 is a schematic diagram of a control system of the present invention. As shown, the control system 100 includes at least a peripheral circuit 102, a peripheral circuit 104, a processing circuit 106, and an input/output port 108. For convenience of description, fig. 1 shows only two peripheral circuits, but is not intended to limit the present invention. In other embodiments, the control system 100 may have more or less peripheral circuitry. In one possible embodiment, the control system 100 is a microcontroller system.
The peripheral circuit 102 is coupled to the processing circuit 106 and receives an access attribute (Peri1_SA). In the present embodiment, the access attribute peri1_sa is used to set the security level of the peripheral circuit 102. In one possible embodiment, the peripheral circuit 102 enters a secure mode when the access attribute Peri1_SA is a specific potential. In the secure mode, the peripheral circuit 102 has a high security level. At this time, only active devices (or legal devices) that also have a high security level can access the peripheral circuit 102. When the access attribute Peri1_SA is not at a specific potential, the peripheral circuit 102 operates in a non-secure mode. In the non-secure mode, the peripheral circuit 102 does not have a high security level, so any active device can access the peripheral circuit 102.
The present invention is not limited to how the peripheral circuit 102 with a high security level determines the security level of the active device. For example, when an active device 114 issues an access command to the peripheral circuit 102 via a system bus 112 and a bus 116, the peripheral circuit 102 determines whether a specific pin of the bus 116 is at a specific level (e.g., high level). If a particular pin of bus 116 is at a particular level, it indicates that active device 114 has a high security level. Thus, the peripheral circuit 102 executes the access command issued by the active device 114. However, if a particular pin of the bus 116 is not at a particular level (e.g., the particular pin is at a low level), it is indicated that the active device 114 does not have a high security level. Thus, the peripheral circuit 102 does not execute the access command issued by the active device 114.
The peripheral circuit 104 is coupled to the processing circuit 106 and receives an access attribute Peri2_SA. The access attribute peri2_sa is used to set the security level of the peripheral circuit 104. Since the characteristics of the peripheral circuit 104 are the same as those of the peripheral circuit 102, the description thereof will not be repeated. The types of the peripheral circuits 102 and 104 are not limited in the present invention. In one possible embodiment, at least one of peripheral circuit 102 and peripheral circuit 104 is a serial peripheral interface (serial peripheral interface; SPI) circuit or a pulse width modulation (pulse width modulatION; PWM) circuit.
The processing circuit 106 is coupled to the peripheral circuit 102, the peripheral circuit 104, and the input/output port 108. In the present embodiment, the processing circuit 106 accesses the peripheral circuit 102, the peripheral circuit 104, and the input/output port 108 through the buses BS1 to BS 3. For example, the processing circuit 106 may receive data and/or signals from the peripheral circuit 102 or may provide data and/or signals to the peripheral circuit 102 via the bus BS1 as the example. In other embodiments, the processing circuit 106 may receive data and/or signals from the input/output port 108 via the bus BS3 and provide the data and/or signals from the input/output port 108 to the peripheral circuit 102 via the bus BS 1. In one embodiment, the processing circuit 106 may provide data and/or signals from the peripheral circuit 102 to the input-output port 108 via the bus BS 3.
In the present embodiment, the processing circuit 106 generates and provides access attributes Peri1_SA and Peri2_SA to the peripheral circuits 102 and 104 for setting security levels of the peripheral circuits 102 and 104. The present invention is not limited to how the processing circuit 106 provides the access attributes peri1_sa and peri2_sa to the peripheral circuit 102 and the peripheral circuit 104. In one possible embodiment, the processing circuit 106 transmits the access attributes Peri1_SA and Peri2_SA to the peripheral circuits 102 and 104 using two transmission lines (not shown) other than the buses BS1 and BS 2.
The present invention does not limit how the processing circuit 106 generates the access attribute peri1_sa and peri2_sa. In one possible embodiment, the active device 114 writes a first peripheral setting (afirst peripheral set) and a second peripheral setting (a second peripheral set) in the processing circuit 106 via the system bus 112 and the bus 120. In this example, the processing circuit 106 generates the access attribute peri1_sa according to the first peripheral setting and generates the access attribute peri2_sa according to the second peripheral setting. The invention is not limited to the type of active device 114. In one possible embodiment, active device 114 is a Central Processing Unit (CPU).
In other embodiments, the active device 114 writes a first control setting to the processing circuit 106 via the system bus 112 and the bus 120. The processing circuit 106 sets the operation mode of the input-output port 108 according to the first control setting. In this example, the processing circuit 106 decodes the first control setting to generate a control signal SET1. The input/output port 108 operates in a general-purpose input/output (GPIO) mode or a multi-function pin (MFP) mode according to the control signal SET1.
In GPIO mode, the input output port 108 may be operated directly by the active device 114. The active device 114 directly controls the relevant functions of the input-output port 108 through the processing circuitry 106. For example, the active device 114 may output a high level or a low level through the input/output port 108 in an output mode (output mode), or may read the level of the input/output port 108 in an input mode (input mode).
When the i/o port 108 is set to the GPIO mode, the processing circuit 106 may determine the security level of the i/o port 108 according to an i/o setting provided by the active device 114. When the processing circuit 106 knows that the input/output port 108 has a high security level according to the input/output setting, the processing circuit 106 recognizes whether the access from the system bus 112 is a legal access. At this point, only legitimate devices (with high security levels) can access the input output port 108. When the input output port 108 does not have a high security level, any active device may access the input output port 108.
When the i/o port 108 is operating in the MFP mode, the processing circuit 106 may determine the security attribute of the i/o port 108 according to the access attribute peri1_sa or peri2_sa. For example, when the processing circuit 106 knows that the active device 114 allocates the input/output port 108 to the peripheral circuit 102, the processing circuit 106 determines the security level of the input/output port 108 according to the access attribute peri1_sa. At this time, the security level of the input/output port 108 is the same as that of the peripheral circuit 102. When the active device 114 allocates the input/output port 108 to the peripheral circuit 104, the processing circuit 106 determines the security level of the input/output port 108 according to the access attribute peri2_sa. In this example, the security level of the input/output ports 108 is the same as the security level of the peripheral circuitry 104.
The input/output port 108 interfaces the active device 114 with an external circuit (e.g., 122). In this embodiment, the processing circuit 106 communicates with the input/output port 108 via the bus BS 3. In this example, the processing circuit 106 may provide signals from the peripheral circuit 102, the peripheral circuit 104, or the active device 114 to the input/output port 108, or transmit signals from the input/output port 108 to the peripheral circuit 102, the peripheral circuit 104, or the active device 114. The present invention is not limited to the circuit architecture of the input/output port 108. In one possible embodiment, the input/output port 108 includes a number of circuits, such as a pull-up circuit (pull-high circuit) and/or a pull-down circuit (pull-low circuit). In some embodiments, the I/O port 108 has a pin for coupling to an external circuit (e.g., 122).
The present invention does not limit the number of input/output ports of the control system 100. In the present embodiment, the control system 100 further includes input/output ports 109 to 111. The input/output ports 109 to 111 are coupled to the processing circuit 106. The processing circuit 106 generates the control signals SET 2-SET 4 according to a second control setting, a third control setting, and a fourth control setting provided by the active device 114. The input/output ports 109 to 111 operate in the GPIO mode or the MFP mode according to the control signals SET2 to SET4. Since the characteristics of the input/output ports 109 to 111 are the same as those of the input/output port 108, the description thereof will not be repeated. In some embodiments, processing circuit 106 communicates with input and output ports 109-111 via buses BS 4-BS 6. In other embodiments, active device 114 communicates with external circuitry (e.g., 124 and 126) through input and output ports 109-111.
In other embodiments, the input/output ports 108-111 may be divided into the same or different groups. For example, assume that the input/output ports 108-111 are divided into the same group. In this example, the processing circuit 106 determines the security level of the input/output ports 108 to 111 based on the same input/output settings. In another embodiment, if the I/O ports 108-111 belong to four groups, the processing circuit 106 determines the security level of the I/O ports 108-111 according to different I/O settings. The present invention is not limited to the number of input/output ports per group. In one possible embodiment, each group has sixteen sets of input-output ports.
In other embodiments, when an I/O port is operating in the MFP mode, the processing circuit 106 obtains the function of the I/O port according to a multi-function setting notified by the active device 114. The invention does not limit the number of functions of the input/output ports. For convenience of description, it is assumed that each input/output port may provide an input function, an output function, a pull-up function, and a pull-down function. Taking the input/output port 108 as an example, the input/output port 108 may provide at least one of an input function, an output function, a pull-up function, and a pull-down function. When the active device 114 commands the input-output port 108 to provide an input function, the input-output port 108 receives signals and/or data from the external circuit 122. When the active device 114 commands the input/output port 108 to provide an output function, the input/output port 108 outputs signals and/or data to the external circuit 122. When the active device 114 commands the input/output port 108 to provide a pull-up function, a pull-up circuit (not shown) within the input/output port 108 is enabled to output a high level. When the active device 114 commands the input/output port 108 to provide a pull-down function, a pull-down circuit (not shown) within the input/output port 108 is enabled to output a low level.
Fig. 2 is a schematic diagram of a processing circuit according to one embodiment of the present invention. In the present embodiment, the processing circuit 200 includes an attribute setting circuit 210, a combining circuit 220, and a control circuit 230. The attribute setting circuit 210 receives and stores the peripheral settings S1 to SM. The peripheral settings S1-SM may be provided by an active device (e.g., 114). The attribute setting circuit 210 generates access attributes Peri1_SA to PeriM_SA according to the peripheral settings S1 to SM, wherein M is a positive integer, for setting security levels of M peripheral circuits. In one possible embodiment, the attribute setting circuit 210 outputs the access attributes peri1_sa to perim_sa to the combining circuit 220 in a parallel manner. The present invention is not limited to the architecture of the attribute setting circuit 210. In one possible embodiment, the attribute setup circuit 210 is a security attribute unit (security attribute unit; SAU).
In the present embodiment, the attribute setting circuit 210 further receives and stores the input/output settings IOG1 to IOGX. The input/output settings IOG 1-IOGX may be provided by an active device (e.g., 114). The attribute setting circuit 210 generates access attributes iog1_sa to iogx_sa according to the input/output settings IOG1 to IOGX, where X is a positive integer, for setting security levels of the input/output ports of the X groups.
Taking fig. 1 as an example, when the input/output ports 108 to 111 are set to the GPIO mode, and the input/output ports 108 to 111 are divided into the same group. In this example, the attribute setting circuit 210 may generate the access attribute iog1_sa according to the input/output setting IOG 1. In this example, the input/output ports 108-111 have the same security level. In other embodiments, it is assumed that the input output ports 108 to 111 are set to GPIO mode, and that the input output ports 108 to 111 respectively belong to four groups. In this example, the attribute setting circuit 210 may generate access attributes iog1_sa to iog4_sa according to the input/output settings IOG1 to IOG 4.
The control circuit 230 has register groups 231 to 23N. In the present embodiment, the register groups 231-23N correspond to N input/output ports, where N is a positive integer. The register groups 231 to 23N store control settings IO1 to ION, respectively. In one possible embodiment, the control settings IO 1-ION are provided by an active device (e.g., 114).
In addition, the control circuit 230 generates control commands SET1 to SETN according to control settings IO1 to ION for setting the operation modes of the N input/output ports and the functions of the input/output ports. The input/output port enters the GPIO mode or the MFP mode according to the corresponding control command. In the MFP mode, the input/output port provides corresponding functions, such as at least one of a pull-up function, a pull-down function, an input function, and an output function, according to corresponding control commands.
In some embodiments, the control circuit 230 generates a control command IOM 1-IOMN according to the control settings IO 1-ION. In this example, the control commands IOM1 to IOMN include MFP setting value IO [1 … N ] MFP [1 … K ] and IO mode setting value IO [1 … N ] GPIO. The MFP set value IO [1 … N ] MFP [1 … K ] is used to represent the correspondence between the input/output ports and the peripheral circuit and the functions of the input/output ports. The IO mode setting IO [1 … N ] GPIO is used to indicate the operation mode of the input/output port, the GPIO mode or the MFP mode.
The combining circuit 220 generates outputs IO1_SA to ION_SA based on the MFP setting IO [1 … N ] MFP [1 … K ] and the IO mode setting IO [1 … N ] GPIO. The control circuit 230 knows the security levels of the N input/output ports according to the outputs io1_sa to ion_sa. For example, when the combining circuit 220 knows that an input/output port (e.g., the input/output port 108 of fig. 1) is set to the MFP mode according to the IO mode setting value IO [1 … N ] GPIO, and that the input/output port is allocated to a peripheral circuit (e.g., the peripheral circuit 102 of fig. 1) for use, the combining circuit 220 may set the output io1_sa according to the access attribute of the peripheral circuit (e.g., the peri1_sa of fig. 1). When an input/output port (e.g., input/output port 108 of fig. 1) is set to GPIO mode, combining circuit 220 generates output io1_sa according to one of input/output settings IOG 1-IOGX.
The control circuit 230 defines security levels of the N input/output ports according to the outputs io1_sa to ion_sa. In some embodiments, the control circuit 230 has N pins to receive the outputs IO1_SA-ION_SA, respectively. In this example, the control circuit 230 determines the voltage levels of the N pins and determines the security level of the input/output ports 108 to 111. For example, when the output io1_sa is equal to a certain level, the control circuit 230 defines an input/output port to have a high security level. When the output io1_sa is not equal to a certain level, the control circuit 230 defines that the input/output port does not have a high security level.
In other embodiments, the combining circuit 220 is further responsible for data transmission between each peripheral circuit and the corresponding input/output port. Taking fig. 1 as an example, the combining circuit 220 may serve as a bridge between the peripheral circuit 102 and the input/output port 108.
FIG. 3 is another schematic diagram of the processing circuit of the present invention. As shown, the processing circuit 300 includes an attribute setting circuit 310, a combining circuit 320, and a control circuit 330. In the present embodiment, the attribute setting circuit 310 stores the peripheral settings S1 to SM and the input/output settings IOG1 to IOGX. Since the characteristics of the attribute setting circuit 310 are similar to those of the attribute setting circuit 210 of fig. 2, the description thereof will not be repeated.
The control circuit 330 decodes the control settings IO 1-ION to generate control commands SET 1-SETN, IO mode setting IO [1 … N ] GPIO, and MFP setting IO [1 … N ] MFP [1 … K ] to the combining circuit 320. Since the characteristics of the control circuit 330 are similar to those of the control circuit 230 of fig. 2, the description thereof will not be repeated.
The combining circuit 320 includes a decoding circuit 321 and a control circuit 322. The control circuit 322 obtains the function of each input/output port operating in the MFP mode based on the MFP set value IO [1 … N ] MFP [1 … K ]. In some embodiments, the control circuit 322 decodes the MFP set point IO [1 … N ] MFP [1 … K ], producing another set point IO [1 … N ] _Peri [1 … K ] to the decode circuit 321. The control circuit 322 may serve as a bridge between the peripheral circuit and the input/output port.
The decoding circuit 321 obtains the corresponding relationship between the input/output port and the peripheral circuit according to the set value IO [1 … N ] _Peri [1 … K ], and generates output IOA_SA to ION_SA to the control circuit 330, so that the security level of the input/output port is identical to the security level of the corresponding peripheral circuit. In the present embodiment, the decoding circuit 321 is an input/output attribute decoder (input output security attribute decoder). The input/output attribute decoder receives and decodes the access attributes iog1_sa to iogx_sa, the access attributes peri1_sa to perim_sa, the setting value IO [1 … N ] _peri [1 … K ], and the IO mode setting value IO [1 … N ] GPIO to generate output io1_sa to ion_sa.
In some embodiments, the decoding rule of the input/output attribute decoder is that when an input/output port is set to GPIO mode, the access attribute of the input/output port is identical to the access attribute of the group to which the input/output port belongs (i.e., one of access attributes iog1_sa to iogx_sa). When an input/output port is set to the MFP mode, the access attribute of the input/output port is identical to that of a corresponding peripheral circuit.
In fig. 1, for example, assume that the control system 100 has two peripheral circuits 102 and 104 (i.e., m=2), four input/output ports 108 to 111 (i.e., n=4), each of which can provide four different MFP functions (i.e., k=4). In this example, the attribute setting circuit 321 generates access attributes peri1_sa and peri2_sa according to the peripheral setting S1 and the peripheral setting S2. The attribute setting circuit 321 generates access attributes peri1_sa and peri2_sa according to the peripheral setting S1 and the peripheral setting S2. The attribute setting circuit 321 also generates an access attribute iog1_sa based on the input/output setting IOG 1.
The control circuit 330 generates MFP setting IO1 … MFP 1 … K and IO mode setting IO1 … GPIO based on the control settings IO1 to IO 4. Assume that the control circuit 330 sets the input/output ports 108 to 110 to the MFP mode and sets the input/output port 111 to the GPIO mode according to control settings IO1 to IO 4. In this example, the control circuit 330 knows that the input/output port 108 is allocated to the peripheral circuit 102 for use and that the input/output port 109 and the input/output port 110 are allocated to the peripheral circuit 102 for use according to the control settings IO 1-IO 3, wherein the input/output port 108 is required to provide a pull-up function, the input/output port 109 is required to provide an input function, and the input/output port 110 is required to provide an output function.
Accordingly, the control circuit 330 SETs the input-output port 108 to enter the MFP mode and provides a pull-up function by controlling the command SET1. In this example, the control circuit 330 SETs the input-output port 109 to enter the MFP mode by the control command SET2, and provides an input function. The control circuit 330 SETs the input/output port 110 to enter the MFP mode by the control command SET3, and provides an output function. In addition, the control circuit 330 further SETs the input/output port 111 to enter the GPIO mode by the control command SET4. In other embodiments, at least one of the input/output ports 108-110 is required to provide multiple functions, such as a pull-up function and an input function.
In some embodiments, since the input/output port 108 is allocated to the peripheral circuit 102 for use, the decoding circuit 321 generates the output io1_sa according to the access attribute peri1_sa of the peripheral circuit 102. The control circuit 330 defines the security level of the input-output port 108 according to the output io1_sa. Thus, the security level of the input/output ports 108 is the same as the security level of the peripheral circuit 102. In addition, since the input/output port 109 and the input/output port 110 are allocated to the peripheral circuit 104 for use, the decoding circuit 321 generates the outputs io2_sa and io3_sa according to the access attribute peri2_sa of the peripheral circuit 104. The control circuit 330 defines the security levels of the input/ output ports 109 and 110 according to the outputs io2_sa and io3_sa. Thus, the security levels of the input- output ports 109 and 110 are the same as the security level of the peripheral circuit 104. In addition, since the input/output port 111 enters the GPIO mode, the decoding circuit 321 generates the output io4_sa according to the access attribute iog1_sa. The control circuit 330 defines the security level of the input/output port 111 according to the output io4_sa.
Fig. 4 is a schematic diagram of a decoding circuit according to the present invention. In the present embodiment, the decoding circuit 400 includes decoding units DU1 to DUN. Each of the decoding units DU1 to DUN is configured to set an access attribute of an input/output port. Taking fig. 1 as an example, the decoding unit DU1 is used for setting the access attribute of the input/output port 108, and the decoding unit DU2 is used for setting the access attribute of the input/output port 109. The present invention does not limit the number of decoding units. In a possible embodiment, the number of decoding units is the same as the number of input/output ports. Since the decoding units DU1 to DUN have the same characteristics, only the characteristics of the decoding unit DU1 will be described below.
The decoding unit DU1 includes a multiplexer 411 and a multiplexer 412. The multiplexer 411 selects one of the access attributes peri1_sa, peri3_sa, peri5_sa, and peri7_sa as the output OUT according to the MFP setting value MFP [ K ]. In the present embodiment, the MFP setting value MFP [ K ] is used to represent the number of functions of the input-output port 108. For example, when k=4, it means that the input/output port 108 provides four functions.
In some embodiments, the multiplexer 411 receives access attributes of the first peripheral circuit, the third peripheral circuit, the fifth peripheral circuit, and the seventh peripheral circuit, such as peri1_sa, peri3_sa, peri5_sa, and peri7_sa, because the input/output ports 108 may be allocated to the peripheral circuits, such as the first peripheral circuit, the third peripheral circuit, the fifth peripheral circuit, and the seventh peripheral circuit. In this example, when k=1, the multiplexer takes the access attribute peri1_sa as the output OUT. When k=2, the multiplexer takes the access attribute peri3_sa as output OUT. When k=3, the multiplexer takes the access attribute peri5_sa as output OUT. When k=4, the multiplexer takes the access attribute peri7_sa as output OUT.
Fig. 5 is a flow chart of the control method of the present invention. The control method of the present invention is applied in a control system having a plurality of peripheral circuits and at least one input/output port. First, security levels of all peripheral circuits are set (step S511). In one possible embodiment, a central processing unit determines the security level of each peripheral circuit according to a security attribute program code. When the peripheral circuit receives a specific level, the peripheral circuit enters a secure mode. In the secure mode, only the legal external circuit can access the peripheral device. When the peripheral circuit does not receive a specific level, the peripheral circuit does not enter a safe mode. At this time, any external circuit can access the peripheral device.
According to a control setting, an operation mode of an input/output port is set (step S512). In one possible embodiment, the control settings are provided by a central processing unit. The CPU determines the operation mode of the input/output port, such as a GPIO mode or an MFP mode.
It is determined whether the operation mode of the input/output port is set to a GPIO mode (step S513). When the operation mode of the input/output port is set to a GPIO mode, the security level of the input/output port is determined according to a predetermined access attribute (step S514). In one possible embodiment, step S514 sets security levels of different input/output ports in the same group according to the same preset access attribute. In another possible embodiment, step S514 determines the security levels of the input/output ports in different groups according to different preset access attributes.
However, when the operation mode of the input/output port is not set to the GPIO mode, the security level of the input/output port is set according to the access attribute of the corresponding peripheral circuit (step S515). In one possible embodiment, step 515 determines whether the input/output port corresponds to the first peripheral circuit or the second peripheral circuit. When the input/output port corresponds to the first peripheral circuit, step S515 determines the security level of the input/output port according to the access attribute of the first peripheral circuit. At this time, the security level of the input/output port is the same as that of the first peripheral circuit. When the input/output port corresponds to the second peripheral circuit, step S515 determines the security level of the input/output port according to the access attribute of the second peripheral circuit. At this time, the security level of the input/output port is the same as that of the second peripheral circuit. In the present embodiment, when the input/output port is operated in the MFP mode, the input/output port coincides with the security level of the peripheral circuit, so that the security of the peripheral circuit can be improved.
The control method of the present invention, or a specific form or a part thereof, may exist in the form of program code. The program code may be stored on a tangible medium, such as a floppy diskettes, CD-ROMs, hard drives, or any other machine-readable (e.g., computer-readable) storage medium, or may be a computer program product in an external form, wherein, when the program code is loaded into and executed by a machine, such as a computer, the machine becomes an apparatus for practicing the invention. The program code may also be transmitted over some transmission medium, such as electrical wiring or cabling, through fiber optics, or via any other form of transmission, wherein, when the program code is received and loaded into and executed by a machine, such as a computer, the machine becomes an integral part of the control system or processing circuitry of the present invention. When implemented in a general-purpose processing unit, the program code combines with the processing unit to provide a unique apparatus that operates analogously to specific logic circuits.
Unless otherwise defined, all terms (including technical and scientific terms) herein have the same meaning as commonly understood by one of ordinary skill in the art. Furthermore, unless explicitly indicated otherwise, the definition of a word in a general dictionary should be construed as meaning in its articles of related art and should not be interpreted as an ideal state or an excessively formal state. Although the terms first, second, etc. may be used to describe various elements, these elements should not be limited by these terms. These terms are only used to distinguish one element from another element.
Although the invention has been described with reference to preferred embodiments, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention. For example, the system, apparatus or method according to the embodiments of the present invention may be implemented in hardware, software or a combination of hardware and software. The scope of the invention should therefore be determined with reference to the appended claims.
Claims (10)
1. The processing circuit is coupled between a first peripheral circuit, a second peripheral circuit and a first input/output port, and comprises:
the attribute setting circuit is used for providing a first access attribute to the first peripheral circuit according to a first peripheral setting, setting the security level of the first peripheral circuit, providing a second access attribute to the second peripheral circuit according to a second peripheral setting, setting the security level of the second peripheral circuit and generating a third access attribute according to a first input/output setting;
the first control circuit generates a first control command according to a control setting and determines the security level of the first input/output port according to a first output; and
a combining circuit for decoding the first control command to determine whether the operation mode of the first input/output port is a general input/output mode;
wherein:
when the operation mode of the first input/output port is the general input/output mode, the combination circuit generates the first output according to the third access attribute;
when the operation mode of the first input/output port is not the general input/output mode, the combination circuit generates the first output according to the first access attribute or the second access attribute.
2. The processing circuit of claim 1, wherein when the operation mode of the first input output port is the general input output mode, the combining circuit sets a level of a pin according to the third access attribute, and the first control circuit sets the level of the pin according to the level of the pin; a security level of the first input output port is determined.
3. The processing circuit of claim 1, wherein,
when the operation mode of the first input/output port is not the general input/output mode, the combination circuit decodes the first control command to know whether the first input/output port corresponds to the first peripheral circuit or the second peripheral circuit;
when the first input/output port corresponds to the first peripheral circuit, the combination circuit takes the first access attribute as the first output; and
when the first input/output port corresponds to the second peripheral circuit, the combination circuit takes the second access attribute as the first output.
4. The processing circuit of claim 3, wherein,
when the first input/output port corresponds to the first peripheral circuit, the security level of the first input/output port is the same as that of the first peripheral circuit;
when the first input/output port corresponds to the second peripheral circuit, the security level of the first input/output port is the same as the security level of the second peripheral circuit.
5. The processing circuit of claim 1, wherein the combining circuit comprises:
a second control circuit for decoding the first control command to generate a set value; and
a decoding circuit for receiving the set value;
the second control circuit is used as a bridge between the first peripheral circuit and the first input/output port, and the first control circuit is used as a bridge between the first input/output port and an active device.
6. The processing circuit of claim 5 wherein the decoding circuit decodes the first control command to learn whether the mode of operation of the first input output port is the general purpose input output mode.
7. A control system, comprising:
a first peripheral circuit for receiving a first access attribute;
a second peripheral circuit for receiving a second access attribute;
a first input/output port; and
a processing circuit for determining a security level of the first input/output port;
wherein:
when the processing circuit sets the operation mode of the first input/output port to be a general input/output mode according to a first control setting, the processing circuit determines the security level of the first input/output port according to a third access attribute;
when the processing circuit sets the operation mode of the first input/output port not to be the general input/output mode according to the first control setting, the processing circuit determines the security level of the first input/output port according to the first access attribute or the second access attribute.
8. The control system of claim 7, wherein the processing circuit comprises:
an attribute setting circuit for providing the first access attribute to the first peripheral circuit according to a first peripheral setting, for setting a security level of the first peripheral circuit, providing the second access attribute to the second peripheral circuit according to a second peripheral setting, for setting a security level of the second peripheral circuit, and for generating the third access attribute according to an input/output setting;
the first control circuit generates a control signal according to a control setting and is used for setting the operation mode of the input/output port; and
a combination circuit decodes a control command to determine whether the operation mode of the input/output port is the general input/output mode.
9. The control system of claim 8, wherein the combining circuit comprises:
and the second control circuit is used for decoding the control command to obtain a set value, and establishing a transmission path between the first peripheral circuit and the first input/output port or establishing the transmission path between the second peripheral circuit and the first input/output port according to the set value.
10. A control method for controlling a security level of an input/output port, the control method comprising:
setting a security level of a first peripheral circuit according to a first access attribute;
setting a security level of a second peripheral circuit according to a second access attribute;
determining an operation mode of the input/output port according to a control setting;
when the operation mode of the input/output port is set to be a general input/output mode, setting the security level of the input/output port according to a preset access attribute; and
when the operation mode of the input-output port is not set to the general input-output mode; and setting the security level of the input/output port according to the first access attribute or the second access attribute.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW110149378A TWI829060B (en) | 2021-12-29 | 2021-12-29 | Processing circuit, control system and control method |
| TW110149378 | 2021-12-29 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116361868A true CN116361868A (en) | 2023-06-30 |
Family
ID=86940467
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211608149.9A Pending CN116361868A (en) | 2021-12-29 | 2022-12-14 | Processing circuit, control system and control method |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN116361868A (en) |
| TW (1) | TWI829060B (en) |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103544922B (en) * | 2012-07-09 | 2015-11-18 | 凌通科技股份有限公司 | Liquid crystal display and keyboard scan compatible circuit and use its electronic product |
| TWM529205U (en) * | 2016-06-16 | 2016-09-21 | Asustek Comp Inc | Mobile device expansion back cover |
| CN109684253A (en) * | 2017-10-19 | 2019-04-26 | 佛山市顺德区顺达电脑厂有限公司 | Data transmission control circuit |
-
2021
- 2021-12-29 TW TW110149378A patent/TWI829060B/en active
-
2022
- 2022-12-14 CN CN202211608149.9A patent/CN116361868A/en active Pending
Also Published As
| Publication number | Publication date |
|---|---|
| TWI829060B (en) | 2024-01-11 |
| TW202326493A (en) | 2023-07-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP4550439B2 (en) | ECC controller | |
| US10802754B2 (en) | Hardware-based power management integrated circuit register file write protection | |
| US10078568B1 (en) | Debugging a computing device | |
| US20160268007A1 (en) | Mbist device for use with ecc-protected memories | |
| US20090106609A1 (en) | Semiconductor integrated circuit and debug mode determination method | |
| US20140149617A1 (en) | I2c bus structure and device availability query method | |
| EP3736704B1 (en) | Devices, systems, and methods of reducing chip select | |
| US11631454B2 (en) | Methods and apparatus for reduced area control register circuit | |
| US11698880B2 (en) | System on chip and device layer | |
| CN102867158A (en) | Memory switching method, memory switching device and terminal with dual systems | |
| US7818516B2 (en) | Memory controller, semiconductor memory, and memory system | |
| EP3489830A1 (en) | Semiconductor device and semiconductor system equipped with the same | |
| CN116361868A (en) | Processing circuit, control system and control method | |
| US8291270B2 (en) | Request processing device, request processing system, and access testing method | |
| CN113468028B (en) | Device management method for computing device, apparatus and medium | |
| US20090119420A1 (en) | Apparatus and method for scaleable expanders in systems management | |
| US10572403B1 (en) | Complex programmable logic device with capability of performing multi-address response and operation method thereof | |
| KR102379558B1 (en) | Driver system of vehicle with feedback logic and operation method thereof | |
| US20200333984A1 (en) | Apparatus and method for controlling access to memory module | |
| JP2004185619A (en) | System and method for switching clock source | |
| US20050120155A1 (en) | Multi-bus I2C system | |
| US20120260000A1 (en) | Protocol resolution device and method employing the same | |
| US10895599B2 (en) | Semiconductor apparatus | |
| US8120418B2 (en) | Large-scale integrated circuit | |
| CN117459268B (en) | Computing system, method and bus equipment based on hardware access right management |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |