JP2017156789A - Information processing device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an information processing device with which it is possible to perform more elaborate access limitation.SOLUTION: The information processing device comprises a nonvolatile memory that is a main storage, a plurality of bus masters accessing the main storage, and access limitation means for limiting access to the nonvolatile memory for each of the plurality of bus masters independently. The access limitation means comprises access limit information holding means for holding information on access limitation, access limitation setting means for referring to the access limit information holding means and outputting access limit information, and access determination means for determining to enable or disable access to the nonvolatile memory in accordance with the access limit information outputted from the access limit setting means and the command and address signals outputted by the bus masters, and outputting the result of determination.SELECTED DRAWING: Figure 1

Description

  The present invention relates to an information processing apparatus.

  If the program stored in the memory is destroyed due to external access, an inappropriate program, runaway of the program itself, etc., there is a risk of malfunction.

  In order to solve this problem, Patent Document 1 has a configuration in which a CPU, a main memory, and a plurality of peripheral devices are connected to each other via a bus, and has means for designating a memory area that can be transferred by DMA transfer. A method of restricting access to prevent data corruption is disclosed.

JP 2000-148658 A

  However, in Patent Document 1, it is impossible to determine whether a CPU or a peripheral device accesses a main memory. For this reason, it is not possible to set fine access restrictions according to the connection destination.

  As another viewpoint, the flash ROM is divided into a program area and the DRAM is divided into a work area and a separate device. However, when a non-volatile memory such as an MRAM is used, the program area and the work area are configured in one device. It becomes possible to do.

  If the program area and work area are separate devices as in the past, and if a prescribed procedure is required when writing, such as a flash ROM, the program area will be destroyed due to an inappropriate program or program runaway. Unlikely.

  However, when the program area and the work area are configured in one device, there is a high possibility that the program area is destroyed due to an inappropriate program or a program runaway. In the program area, when updating firmware or adding application programs, write authority is required for specific bus masters (CPU and DMA), but write authority is not required for other bus masters. is there. In addition, a write authority is not required from a specific CPU or DMA except when updating firmware or adding an application program.

  However, in the current system, since there is no mechanism for finely restricting access and protecting the program area, the possibility that the program area is destroyed increases.

  SUMMARY OF THE INVENTION An object of the present invention is to provide an information processing apparatus that enables finer access restriction.

In order to achieve the above object, an information processing apparatus according to the present invention provides:
A nonvolatile memory that is a main memory; a plurality of bus masters that access the main memory; and an access restriction unit that restricts access to the nonvolatile memory independently for each of the plurality of bus masters, The access restriction means outputs access restriction information holding means for holding access restriction information, access restriction setting means for referring to the access restriction information holding means and outputting access restriction information, and the access restriction setting means. Access determining means for determining permission or prohibition of access to the nonvolatile memory in accordance with access restriction information and a command / address signal output by the bus master, and outputting a determination result. .

  According to the information processing apparatus according to the present invention, it is possible to finely restrict access according to the operation mode of the device and the bus master to be connected. As a result, unnecessary access to the nonvolatile memory can be prevented, and an information processing apparatus with improved program protection and security can be provided.

It is a block diagram of a 1st Example. It is an access control setting part of a 1st Example. It is an access control part of a 1st Example. It is a flowchart of a 1st Example. It is a block diagram of the 2nd Example. It is a flowchart of a 2nd Example. It is an access control part of a 2nd Example. It is an access control setting part of a 1st Example. It is an access control setting part of a 1st Example. It is an access protocol of the first embodiment. It is an access protocol of the first embodiment. It is an access protocol of the first embodiment. It is an access protocol of the first embodiment. It is an access control setting part of a 2nd Example. It is an access control setting part of a 2nd Example. It is an access protocol of the second embodiment. It is an access protocol of the second embodiment. It is an access protocol of the second embodiment. It is an access protocol of the second embodiment. It is an access control setting part of a 2nd Example.

  Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings.

[Example 1]
FIG. 1 is a block diagram showing a configuration of a digital camera which is an example of an information processing apparatus according to an embodiment of the present invention. In the first embodiment, a case where a digital camera is adopted as an example of the information processing apparatus will be described. However, the information processing apparatus according to the first embodiment is a digital video camera, a device with a digital camera (a mobile phone with a digital camera). (Including telephones) can be similarly configured.

  In FIG. 1, reference numeral 106 denotes a Magnetic Random Access Memory (hereinafter abbreviated as MRAM), ReRAM (Resistance Random Access Memory (hereinafter abbreviated as ReRAM), and an acronym of Phase change Random Access Memory (hereinafter referred to as PRAM). A non-volatile memory having an access speed, which serves as both a program storage area and a work area for storing intermediate results of each process, and 100 is a first bus master, which in this embodiment is a block for each block. A CPU that performs control.

  Reference numeral 101 denotes a second bus master. In this embodiment, a position information acquisition unit having a function of acquiring the current position and recording the acquired position information in the nonvolatile memory 106, such as a GPS (Global Positioning System) receiver. It is. Reference numeral 102 denotes a third bus master, which in this embodiment is a portable recording medium control unit that controls reading from and writing to the portable recording medium 141 and reading and writing to the nonvolatile memory 106.

  Reference numeral 120 denotes a first bus master access control unit that performs access control between the CPU 100 and the nonvolatile memory 106 in accordance with the operation mode of the device and the command address output by the CPU 100. Details of the operation of the first bus master access control unit 120 will be described later.

  Reference numeral 121 denotes a second bus master access control unit that performs access control between the position information acquisition unit 101 and the nonvolatile memory 106 in accordance with the operation mode of the device and the command / address output by the position information acquisition unit 101. Reference numeral 122 denotes a third bus master access control that performs access control between the portable recording medium control unit 102 and the nonvolatile memory 106 in accordance with the operation mode of the device and the command / address output by the portable recording medium control unit 102. Part.

  An arbitration unit 104 arbitrates access from the plurality of bus masters to the nonvolatile memory 106. Reference numeral 105 denotes a memory controller. Each bus master accesses the nonvolatile memory 106 via an access control unit, an arbitration unit 104, and a memory controller 105 corresponding to each bus master. A mode holding unit 103 holds the operation mode of the device.

  Examples of the operation mode of the device include a normal mode that is a normal operation, a secure mode that handles confidential information, and a firmware update mode that adds firmware updates and application programs. An operation unit 142 includes a lever switch and the like. In this embodiment, whether or not to acquire position information is shown. Next, details of the access control unit of each bus master will be described using the first bus master access control unit 120 as an example. The interface and the inside of the first bus master access control unit 120 will be described with reference to FIG. 3 which is a block diagram.

  First, the interface of the first bus master access control unit 120 will be described. The interface between the first bus master access control unit 120 and the CPU 100 is as follows. Reference numeral 352 denotes a command signal indicating reading or writing and a first command / address signal A indicating an address of the nonvolatile memory 106 when the CPU 100 accesses the nonvolatile memory 106. In this embodiment, it is assumed that High indicates permission and Low indicates prohibition.

  Reference numeral 353 denotes a first permission / inhibition signal A indicating whether the access from the CPU 100 is determined by the first bus master access control unit 120 based on the operation mode and address of the device and whether or not access is possible. Reference numeral 354 denotes first transmission data A transmitted by the CPU 100. Reference numeral 355 denotes first received data A received by the CPU 100.

  The interface between the first bus master access control unit 120 and the arbitration unit 104 is as follows. Reference numeral 360 denotes a first command address B transmitted to the arbitration unit 104 when the first bus master access control unit 120 permits it. Reference numeral 361 denotes first transmission data B transmitted to the arbitration unit 104 when the first bus master access control unit 120 permits it. Reference numeral 362 denotes first reception data B transmitted from the arbitration unit 104 to the first bus master access control unit 120.

  Next, the inside of the first bus master access control unit 120 will be described. In FIG. 3, reference numeral 300 denotes a first access restriction setting unit that outputs access restriction information corresponding to a mode. Reference numeral 301 denotes a first access restriction information holding unit that holds access restriction information corresponding to a mode in a table form.

  The first access restriction setting unit 300 acquires the current mode information from the mode holding unit 103, and in the corresponding mode held in the first access restriction setting holding unit 301 inside the first access restriction setting unit 300. Outputs access restriction information for each segment.

  Here, FIG. 2 is an example of the first access restriction information holding unit 301. The first access restriction information holding unit 301 will be described with reference to FIG. In FIG. 2, Seg1, Seg2,..., Seg8 on the vertical axis indicate the area of the nonvolatile memory 106, and the horizontal axis indicates the operation mode of the device.

  Seg1, Seg2, Seg3, and Seg4 are work areas for temporarily storing information being processed. Seg5 is a secure area for storing confidential information such as position information and personal information. Seg6 is an application area used when a user adds an application program by an action such as downloading. Seg 7 and 8 are firmware areas for storing firmware for operating the device. For each of these segments, access restrictions in an operation mode of a certain device are held in a table form.

  In FIG. 2, which is an example of the first access restriction information holding unit 301, the access authority information of the CPU 100 in the normal mode is read permission, write permission for Seg 1 to 4 as a work area, read prohibition for Seg 5 as a secure area, Write prohibition, application area Seg6 indicates read permission and write prohibition, and firm area Seg7-8 indicates read permission and write prohibition.

  Similarly, the access authority information of the CPU 100 in the secure mode includes read permission and write permission for the work areas Seg1 to Seg5, read prohibition and write prohibition for the Seg5 secure area, and read permission and write prohibition for the Seg6 application area. Seg 7 to 8 which are firm areas indicate that reading is permitted and writing is prohibited.

  Reference numeral 310 denotes an access determination unit. The access determination unit 310 receives the access restriction information of each segment and the first command address A that are instructed from the first access restriction setting unit 300. Based on the access control information of the input segment of the command address A, it is determined whether the access is permitted or prohibited, and a determination signal is output.

  In the normal mode, when the command is written and the address is Seg4, the determination result is permitted as shown in FIG. As a result of the determination, permission is output as a determination signal. On the other hand, in the normal mode, when the command is written and the address is Seg5, the determination result is prohibited as shown in FIG. As a result of the determination, prohibition is output as a determination signal.

  A command / address transmission unit 340 transmits a command / address to the nonvolatile memory 106 via the memory controller 105. Based on the determination signal from the access determination unit 310, the transmission of the command / address to the arbitration unit 104 is performed.

  Reference numeral 320 denotes a data transmission unit that transmits data to the nonvolatile memory 106 via the memory controller 105. Based on a determination signal from the access determination unit 310, data transmission to the arbitration unit 104 is gated.

  A data receiving unit 330 receives data from the nonvolatile memory 106 via the memory controller 105.

  The above is the description of the configuration of the first bus master access control unit 120.

  The configurations of the second bus master access control unit and the third bus master access control unit are substantially the same, but only the first access restriction information holding unit is different. FIG. 8 shows a second bus master access control information holding unit inside the second bus master access control unit 121, and FIG. 9 shows a third bus master use inside the third bus master access control unit 122. An access control information holding unit.

  In FIG. 8, which is an example of the second access restriction information holding unit, the access authority information of the position information acquisition unit 101 in the normal mode is that the work areas Seg1 to 4 are read permission, write permission, and the secure area Seg5 is Seg6 that is read prohibition, write prohibition, and application area indicates read permission and write prohibition, and Seg7 to 8 that is a firmware area indicate read permission and write prohibition.

  Similarly, the access authority information of the position information acquisition unit 101 in the secure mode is read permission and write permission for Seg1 to 4 that are work areas, read permission and write permission for Seg5 that is a secure area, and Seg6 that is an application area is read. Seg 7 to 8 that are permission, write prohibition, and firmware area indicate read permission and write prohibition. In the secure mode, both reading and writing of Seg5 which is a secure area are permitted.

  In FIG. 9, which is an example of the third access restriction information holding unit, the access authority information of the portable recording medium control unit 102 in the normal mode is that the work areas Seg1 to Seg4 are read permission, write permission, and secure area. Seg5 indicates read prohibition, write prohibition, application area Seg6 indicates read permission, write prohibition, and firm area Seg7-8 indicates read permission, write prohibition.

  Similarly, the access authority information of the portable recording medium control unit 102 in the secure mode is as follows: Seg1 to 4 which are work areas, read permission and write permission, Seg5 which is a secure area is read permission, write prohibition, and Seg6 which is an application area. Indicates that read permission, write prohibition, and Seg7 to 8 which are firmware areas are read permission and write prohibition. Read of Seg5 which is a secure area is permitted in the secure mode.

  Next, an access protocol of the access control unit will be described.

  As an access pattern, a write operation is performed in an area where writing is permitted, a write operation is performed in an area where writing is prohibited, a read operation is performed in an area where reading is permitted, and a read operation is performed in an area where reading is prohibited. There are four ways.

  Hereinafter, handshaking of the CPU 100, the first bus master access control unit, and the arbitration unit 104 will be described with reference to a timing chart.

  FIG. 10 is a timing chart when a write operation is performed in an area where writing is permitted.

  In T1020, the CPU 100 transmits a write signal as a command and SEG1 as a memory address to the first bus master access control unit 120.

  In T1030, the first bus master access control unit 120 that has received the command and address determines whether or not access is possible according to the operation mode and address of the device in the internal access determination unit 310.

  In T1040, after a predetermined period from T1020, the CPU 100 transmits a data signal to the first bus master access control unit 120.

  At T1050, the determination result of the access determination unit 310 is determined to be write permission, and the first bus master access control unit 120 notifies the CPU 100 that the first permission / prohibition signal A is “permitted”.

  At T1060, the first bus master access control unit 120 transmits a command and an address to the arbitration unit 104.

  In T1070, the first bus master access control unit 120 that has received the data signal transmits the data signal to the arbitration unit 104. FIG. 11 is a timing chart when a write operation is performed in an area where writing is prohibited.

  In T1120, the CPU 100 transmits a write signal and a memory address as a command to the first bus master access control unit 120.

  In T1130, the first bus master access control unit 120 that has received the command and address uses the access determination unit 310 to make a determination according to the operation mode and address of the device.

  In T1140, after a predetermined period from T1120, the CPU 100 transmits a data signal to the first bus master access control unit 120.

  In T1150, when the determination result of the access determination unit 310 is determined to be write prohibition, the first bus master access control unit 120 negates the first permission / inhibition signal A for one pulse to “prohibit”. Indicates that In addition, by simultaneously transmitting to the command / address transmission unit 340 and the data transmission unit 320, the command / address and data are not transmitted when prohibited.

  FIG. 12 is a timing chart when a read operation is performed in an area where reading is permitted.

  In T1220, the CPU 100 transmits a read signal and a memory address as a command to the first bus master access control unit 120.

  In T1230, the first bus master access control unit 120 that has received the command and the address uses the access determination unit 310 to make a determination according to the operation mode and address of the device.

  In T1240, when it is determined that the determination result of the access determination unit 310 is readable, the first bus master access control unit 120 notifies the CPU 100 that the first permission / prohibition signal A is “permitted”. To do.

  In T1250, the first bus master access control unit 120 determined to be permitted in T1240 transmits a command and an address to the arbitration unit 104.

  In T1270, the procurement unit 104 transmits the data received from the nonvolatile memory 106 to the first bus master access control unit 120.

  At T1280, the first bus master access control unit 120 transmits data to the CPU 100.

  FIG. 13 is a timing chart when a read operation is performed in an area where reading is prohibited.

  In T1320, the CPU 100 transmits a read signal and a memory address as a command to the first bus master access control unit 120.

  In T1330, the first bus master access control unit 120 that has received the command and the address uses the access determination unit 310 to make a determination according to the operation mode and address of the device.

  In T1340, when the determination result of the access determination unit 310 is determined to be read prohibition, the first bus master access control unit 120 negates the first permission / prohibition signal A for one pulse to the CPU 100 to “prohibit”. ". Also, by transmitting to the command / address transmission unit 340 at the same time, the command / address is not transmitted when prohibited.

  The above is the details of the access control unit of each bus master, taking the first bus master access control unit 120 as an example. By using such a configuration and access protocol, necessary access can be made and unnecessary access can be prevented.

  From here, as a specific example using the configuration and access protocol described so far, a process of acquiring position information, temporarily storing it in Seg5 of the nonvolatile memory 106, and then writing to the portable recording medium 141 is performed. This will be described using the flowchart of FIG.

  At this time, the contents of the second access restriction setting unit in the second bus master access restriction unit 121 are the same as those in FIG. 8, the third access restriction setting in the third bus master access restriction unit 122. The contents of the part are shown in FIG.

  As a start state, it is assumed that the mode holding unit 103 holds the normal mode.

  In S410, the CPU 100 acquires the state of the operation unit 142 and determines whether or not to record the position information. If it is determined that recording is to be performed, the process proceeds to S415, and if it is determined that recording is not to be performed, the process ends.

  In S415, the CPU 100 switches the mode holding unit 103 to the secure mode.

  In S420, the CPU 100 instructs the position information acquisition unit 101 to acquire position information. Upon receiving the instruction, the position information acquisition unit 101 acquires the position information and writes it into the SEG 5 of the nonvolatile memory 106.

  In step S425, the writing of the position information to the SEG5 in the nonvolatile memory 106 is waited for. When the writing is completed, a completion notification is transmitted from the position information acquisition unit 101 to the CPU 100, and the process proceeds to S430.

  In S430, the CPU 100 instructs the portable recording medium control unit 102 to write the position information to the portable recording medium 141. In S435, the writing of the position information to the portable recording medium is waited for. When the writing is completed, a completion notification is transmitted from the portable recording medium control unit 102 to the CPU 100, and the process proceeds to S440.

  In S440, the CPU 100 switches the mode holding unit 103 to the normal mode.

  As described above, by setting the access authority in detail according to the connection destination and the operation mode of the device using the configuration of this embodiment, it is unnecessary for the area where secure information such as location information is stored. Access can be prevented. As a result, security can be improved.

[Example 2]
The second embodiment of the present invention will be described below. In the first embodiment, the controller identifies the bus master and restricts access. On the other hand, in the present embodiment, a configuration in which the bus master is identified and the access is restricted on the nonvolatile memory side will be described.

  FIG. 5 is a configuration diagram of the information processing apparatus of this embodiment.

  In FIG. 5, reference numeral 506 denotes a non-volatile memory having an access speed comparable to that of a conventional DRAM such as MRAM, ReRAM, and PRAM. Both a program storage area and a work area for storing intermediate results of each process are provided. I also serve.

  An access control unit 510 is provided in the nonvolatile memory 506 and performs access control according to the bus master ID, command address, and device operation mode. Details of the access control unit 510 will be described later.

  Reference numeral 530 denotes a memory array in the nonvolatile memory 506 that holds values to be stored.

  Reference numeral 501 denotes a second bus master, which is a portable recording medium for reading from the portable recording medium 541 in this embodiment.

  Reference numeral 502 denotes a third bus master, which in this embodiment is a firmware update control unit that controls firmware update processing.

  Reference numeral 504 denotes an arbitration unit that arbitrates access from a plurality of bus masters to the nonvolatile memory 106.

  Reference numeral 540 denotes a mode transmission unit that is inside the arbitration unit 504 and transmits the content held in the mode holding unit 103 to the nonvolatile memory via the memory controller.

  A bus 550 is located inside the arbitration unit 504 and performs arbitration to connect to the nonvolatile memory 506 when a plurality of bus masters are connected, and transmits the arbitrated bus master ID to the nonvolatile memory 506. A master ID transmission unit.

  Reference numeral 505 denotes a memory controller. Each bus master accesses the nonvolatile memory 106 via an access control unit, an arbitration unit 104, and a memory controller 105 corresponding to each bus master.

  Reference numeral 542 denotes an operation unit including a lever switch or the like. In this embodiment, whether or not firmware update is performed is shown.

  Next, FIG. 7 is a block diagram showing the connection and the inside of the access control unit 510. The access control unit 510 will be described with reference to FIG.

  Reference numeral 740 denotes an input signal of the access control unit 510, which is a mode signal C indicating a device mode.

  Reference numeral 741 denotes an input signal of the access control unit 510, which is a bus master ID signal C indicating a bus master accessing the nonvolatile memory 506.

  Reference numeral 742 denotes an input signal of the access control unit 510, which is a command address signal C indicating a command address. Reference numeral 743 denotes an input / output signal of the access control unit 510, which is a data signal C indicating data.

  Reference numeral 760 denotes an output signal of the access control unit 510, which is a command address signal D indicating a command address.

  Reference numeral 761 denotes an input / output signal of the access control unit 510, which is a data signal D indicating data.

  Reference numeral 700 denotes an access restriction setting unit 700 that receives a mode signal C740 and a bus master ID signal 741 and outputs an access restriction information C signal 750. The access restriction setting unit 700 includes an access restriction information holding unit 2001 for the first bus master, an access restriction information holding unit 1401 for the second bus master, and an access restriction information holding unit for the third bus master. There is 1501.

  An example of the first access restriction information holding unit 2001 is shown in FIG. 20, an example of the second access restriction information holding unit 1401 is shown in FIG. 14, and an example of the third access restriction information holding unit 1501 is shown in FIG.

  Reference numeral 710 denotes an access determination unit. The access determination unit 710 receives the access restriction information C signal 750 and the command / address signal C742 of each segment specified by the access restriction setting unit 700 as inputs. Based on the access control information of the input segment of the command address C, it is determined whether the access is permitted or prohibited, and a permission / prohibition signal 751 as a determination signal is output.

  720 receives a command / address signal C742 and a permission / inhibition signal 751, and when the permission / inhibition signal 751 is permitted, the access is permitted and a command / address signal D760 is output. On the other hand, if it is prohibited, the command / address signal D760 is not output.

  730 receives a command / address signal C743 and a permission / inhibition signal 751 and outputs a command / address signal D760 when the permission / inhibition signal 751 is permitted. On the other hand, if it is prohibited, the command / address signal D760 is not output.

  Next, an access protocol of the access control unit will be described.

  As an access pattern, a write operation is performed in an area where writing is permitted, a write operation is performed in an area where writing is prohibited, a read operation is performed in an area where reading is permitted, and a read operation is performed in an area where reading is prohibited. There are four ways.

  Hereinafter, handshaking of the memory controller 505, the access control unit 510, and the memory array 530 will be described using a timing chart.

  FIG. 16 is a timing chart when a write operation is performed in an area where writing is permitted.

  In T1600, the memory controller 505 transmits the bus master ID signal C to the access control unit 1510.

  In T1610, with the change of the bus master ID signal C as a trigger, the mode signal C740 and the bus master ID signal C741 are input, and the access restriction information C signal 750 is changed.

  In T1630, after a predetermined time has elapsed from T1600, the memory controller 505 transmits a command / address signal C742 to the access control unit 510.

  At T1650, the command / address signal C742 and the access restriction information C signal 750 are input, and the access determination unit 710 performs determination. The permission is transmitted to the command / address transmission unit 720 and the data transmission / reception unit 730.

  In T1670, the memory controller 505 transmits the data C743 to the access control unit 510 after a lapse of a certain time from T1630.

  At T1675, the access control unit 510 transmits the command / address signal D760 to the memory array 630.

  At T1680, the access control unit 510 transmits the data signal D761 to the memory array 630.

  FIG. 17 is a timing chart when a write operation is performed in an area where writing is prohibited.

  In T1700, the memory controller 505 transmits the bus master ID signal C to the access control unit 510.

  At T1710, with the change of the bus master ID signal C as a trigger, the mode restriction C740 and the bus master ID signal C741 are input, and the access restriction information C signal 750 is changed.

  In T1730, after a lapse of a certain time from T1700, the memory controller 505 transmits a command / address signal C742 to the access control unit 510.

  At T1750, the command / address signal C742 and the access restriction information C signal 750 are input, and the access determination unit 710 performs determination. The prohibition is transmitted to the command / address transmission unit 720 and the data transmission / reception unit 730.

  In T1760, after a predetermined time has elapsed from T1730, the memory controller 505 transmits data C743 to the access control unit 510.

  FIG. 18 is a timing chart when a read operation is performed in an area where reading is permitted.

  In T1800, the memory controller 505 transmits the bus master ID signal C to the access control unit 510.

  In T1810, with the change of the bus master ID signal C as a trigger, the mode restriction C740 and the bus master ID signal C741 are input, and the access restriction information C signal 750 is changed.

  In T1830, after a predetermined time has elapsed from T1800, the memory controller 505 transmits a command / address signal C742 to the access control unit 510.

  At T1840, the command / address signal C742 and the access restriction information C signal 750 are input, and the access determination unit 710 performs determination. The permission is transmitted to the command / address transmission unit 720 and the data transmission / reception unit 730.

  At T1850, the access control unit 510 transmits the command / address signal D760 to the memory array 630.

  In T1860, after a certain time has elapsed from T1850, the access control unit 510 receives the data signal D761 from the memory array 630.

  In T1870, after a lapse of a certain time from T1850, the memory controller 505 receives the data signal C743 from the access control unit 510.

  FIG. 19 is a timing chart when a read operation is performed in a region where reading is prohibited.

  In T1900, the memory controller 505 transmits the bus master ID signal C to the access control unit 510.

  In T1910, with the change of the bus master ID signal C as a trigger, the mode restriction C740 and the bus master ID signal C741 are input, and the access restriction information C signal 750 is changed.

  In T1930, after a lapse of a certain time from T1900, the memory controller 505 transmits a command / address signal C742 to the access control unit 510.

  At T1950, the command / address signal C742 and the access restriction information C signal 750 are input, and the access determination unit 710 performs determination. The prohibition is transmitted to the command / address transmission unit 720 and the data transmission / reception unit 730.

  Hereafter, a specific example using the configuration and access protocol described so far will be described.

  Firmware for updating is stored in a portable recording medium, temporarily stored in Seg1 of the nonvolatile memory 106, and then the firmware up control unit writes in SEG7, and the firmware update processing is described using the flowchart of FIG. .

  As a start state, it is assumed that the mode holding unit 103 holds the normal mode. In addition, it is assumed that update firmware is stored in the variable recording medium 541.

  In step S <b> 605, the CPU 100 acquires the state of the operation unit 542 and determines whether to update firmware or not. If it is determined that the firmware is to be updated, the process proceeds to S610. If it is determined that the firmware is not to be updated, S605 is repeated.

  In S610, the CPU 100 switches the mode holding unit 103 to the firmware up mode.

  In step S <b> 615, the CPU 100 instructs the variable recording medium control unit 501 to acquire update firmware stored in the variable recording medium 541. Upon receiving the instruction, the variable recording medium control unit 501 acquires the update firmware, and writes it into SEG1, which is the work area of the nonvolatile memory 106.

  In step S620, the process waits for completion of writing to SEG1, which is the work area of the nonvolatile memory 106 of the update firmware. When the writing is completed, the variable recording medium control unit 501 transmits a completion notification to the CPU 100, and the process proceeds to S625.

  In step S625, the CPU 100 instructs the firmware update control unit 502 to write the update firmware temporarily stored in the SEG1 that is the work area of the nonvolatile memory 506 to the SEG7 that is the firmware area of the nonvolatile memory 506. .

  In step S630, the process waits for completion of writing to SEG7, which is the firmware area of the nonvolatile memory 106 of the update firmware. When the writing is completed, the firmware update control unit 502 transmits a completion notification to the CPU 100, and the process proceeds to S635.

  In S635, the CPU 100 switches the mode holding unit 103 to the normal mode.

  As described above, by setting the access authority in detail according to the connection destination and the operation mode of the device, it is possible to prevent unnecessary access to the area where the program that operates the device such as firmware is stored. It becomes. This makes it possible to protect programs and improve security.

  As described above, according to the first and second embodiments, unnecessary access to the nonvolatile memory is prevented by finely restricting access according to the operation mode of the device and the bus master to be connected. It becomes possible. This makes it possible to protect programs and improve security.

  In the first and second embodiments, it has been described that the access restriction is switched according to the normal mode, the secure mode, and the firmware up mode. However, the mode is used in the debug mode used during development and the product form sold. A product mode may be provided to switch access restrictions.

  Specifically, in the debug mode, the access restriction from the CPU 100 that is the bus master is read from and written to the Seg1 to 4 that are work areas of the nonvolatile memory 506, and Seg5 that is a secure area. Are permitted to read and write, and Seg6 that is the application area that is the program area and Seg7 and 8 that are the firmware areas are permitted to be read and writing is prohibited.

  In the product mode, the access restriction from the CPU 100 that is the bus master is read from the Seg1 to Seg4 that is the work area of the nonvolatile memory 506, both are allowed to write, and the Seg5 that is the secure area is read. Both writing is prohibited, and reading is permitted and writing is prohibited for Seg6 that is an application area that is a program area and Seg7 and 8 that are firm areas. In this way, the access restriction information for each mode such as the debug mode and the product mode is held, and the debug mode is used at the time of development, and the product mode is used at the product form. In addition, since access from the CPU 100 is prohibited in the product form, inappropriate analysis can be made difficult.

100 first bus master, 101 second bus master,
102 third bus master, 106 non-volatile memory,
120 first bus master access control unit,
121 a second bus master access control unit;
122 3rd bus master access control part, 141 portable recording medium

Claims (8)

Non-volatile memory as main memory;
A plurality of bus masters accessing the main memory;
An access restriction means for restricting access to the nonvolatile memory independently for each of the plurality of bus masters;
The access restriction means has access restriction information holding means for holding access restriction information;
Access restriction setting means for referring to the access restriction information holding means and outputting access restriction information;
Access determination means for determining permission / prohibition of access to the nonvolatile memory in accordance with access restriction information output from the access restriction setting means and a command / address signal output by the bus master, and outputting a determination result When,
An information processing apparatus comprising:   A mode holding unit for holding an operation mode of the apparatus, wherein the access restriction information holding unit has access restriction information for each mode, and the access restriction setting unit has access restriction information corresponding to the mode output by the mode holding unit; The information processing apparatus according to claim 1, wherein: Non-volatile memory as main memory;
A plurality of bus masters accessing the main memory;
Arbitration means for arbitrating access from the plurality of bus masters;
A memory controller that controls transmission and reception between the arbitration means and the main memory;
A bus master ID transmission means for transmitting the ID of the bus master determined to access the memory by the arbitration means to the main memory;
Access restriction means for restricting access to the nonvolatile memory in the main memory,
The access restriction means is
Access restriction information holding means for holding access restriction information;
The access restriction information holding means has access restriction information for each bus master,
Access restriction setting means for referring to the access restriction information holding means and outputting access restriction information corresponding to the bus master ID transmitted by the bus master ID transmitting means;
Access determination means for determining permission / prohibition of access to the nonvolatile memory in accordance with access restriction information output from the access restriction setting means and a command / address signal output by the bus master, and outputting a determination result When,
An information processing apparatus comprising: A mode holding unit that holds an operation mode of the apparatus, and a mode transmission unit that transmits the content held by the mode holding unit to the main memory to the memory controller,
The access restriction information holding means has access restriction information for each bus master and mode,
4. The information processing apparatus according to claim 3, wherein the access restriction setting unit outputs access restriction information corresponding to a mode output from the mode transmission unit and a command / address signal output from the bus master. . The nonvolatile memory is divided into a plurality of areas for each address,
The plurality of areas are a work area for storing temporarily stored data, a secure area for storing confidential information, and a firmware area for storing firmware,
The mode is a normal mode for normal operation, a secure mode for handling confidential information, a firmware update mode for updating firmware, a debug mode for use during development, and a product mode for use during product configuration. The information processing apparatus according to claim 4.   The information processing apparatus according to claim 5, wherein the access restriction to the secure area from a specific bus master is switched by switching the mode from the normal mode to the secure mode.   6. The information processing apparatus according to claim 5, wherein an access restriction to the firmware area from a specific bus master is switched by switching the mode from a normal mode to a firmware update mode.   When the mode is the debug mode, reading and writing to the secure area of the non-volatile memory from a specific bus master is permitted, and when the mode is switched to the product mode, the specific bus master from the specific bus master 6. The information processing apparatus according to claim 5, wherein reading and writing to the secure area are prohibited.