JP4603753B2 - Method and circuit for securing cached information - Google Patents

Description

【０１５７】

【０１５８】

【０１５９】

【０１６０】

【０１６１】

【０１６２】

【０１６３】

【０１６４】

【０１６５】

【０１６６】

【０１６７】

【０１６８】

【０１６９】

【０１７０】

【０１７１】

【０１７２】

【０１７３】

【０１７４】

【０１７５】

【０１７６】

【０１７７】

【０１７８】

【０１７９】

【０１８０】

【０１８１】

【０１８２】

【０１８３】

【図面の簡単な説明】
【図１Ａ】 本発明の原理を実施する集積回路のハイ・レベル機能ブロック図である。
【図１Ｂ】 本発明の概念を実施する第２のシステムのハイ・レベル図である。
【図１Ｃ】 本発明の原理を有利な形で適用することのできる第３の例示的システムの図である。
【図１Ｄ】 さらに２つの形態を示す図である。
【図２】 最大の利用が可能な構成における集積回路１００の図である。
【図３】 図１Ｂのプロセッサのハイ・レベル機能ブロック図である。
【図４Ａ】 システムが「待機状態」に入りピンＣＬＫＥＮのクロック・イネーブル信号がアサートされたときにピンＥＸＰＣＬＫを駆動させる外部クロックを表す図である。
【図４Ｂ】 ピンＣＬＫＥＮのクロック・イネーブル信号がアサートされ、システムが「待機状態」を終了するときにピンＥＸＰＣＬＫを駆動させる外部クロックを表す図である。
【図５】 図１Ａの状態制御回路の動作を表す状態図である。
【図６】 図１Ａのシリアル・インタフェース・ブロックを含む３つのシリアル・インタフェースのブロック図である。
【図７Ａおよび７Ｂ】 選択された外部デバイスとの関連でＳＳＩ（ＡＤＣ）の動作を表すタイミング図である。
【図８】 図６のコーデック・インタフェースの動作を表すタイミング図である。
【図９】 図６のシリアル・インタフェース・ブロックのＩ²Ｓポート間のインタフェースを示す機能ブロック図である。
【図１０】 図９のＩ²Ｓのインタフェースの動作を表すタイミング図である。
【図１１】 マスタ／スレーブ構成における図６のＳＳＩ２ポートの使用を説明する機能ブロック図である。
【図１２】 パワーオン・リセット時のシステム初期化を説明するフロー・チャートである。
【図１３】 ＴＬＢ中のプライベート・データをロックする手順を説明するフロー・チャートである。
【図１４】 セキュアなコードをキャッシュ内にロックするキャッシュ・ロックダウン手順を説明する図である。
【図１５】 エミュレートされたキャッシュ・ミスの手順を示すフロー・チャートである。
【図１６Ａ】 合成された変換テーブルをセットアップする好ましい方法の図である。
【図１６Ｂ】 図１６Ａの合成テーブルを通じたテーブル・ウォークを説明するフロー・チャートである。
【図１７Ａ〜１７Ｅ】 エミュレートされたテーブル・ウォークを実行する好ましい手順を説明する図である。[0001]
(Field of Invention)
The present invention relates generally to electronic devices, and more particularly to circuits, systems, and methods for the privatization of information in personal electronic devices.
[0002]
(Description of related technology)
Handheld personal electronic devices are becoming more popular as new technologies enable the manufacture of affordable devices with advanced features. One such device is a portable digital audio player, which downloads digital audio data, stores the data in a readable / writable memory, and responds to user requests. Convert the data to audio. Digital data is downloaded from the network in any of several forms, including MPEG Layer 3, ACC, and MS audio protocols, or retrieved from fixed media such as compact discs. An audio decoder supported by the appropriate firmware retrieves the encoded data from the memory, applies the corresponding decoding algorithm, converts the encoded data to analog form, and converts the headset or other portable speaker system. To drive.
[0003]
In order to prevent unauthorized downloading of copyrighted material such as music, some means of controlling the operation of the personal device is desired. This can be implemented, for example, through the issuance of a password or software kernel that permits downloading of related information. Passwords and software must be protected to prevent copying, distribution, and tampering by end users. In addition, since the audio decoder can be operated from its own firmware, such firmware must also be protected from copying and tampering.
[0004]
In short, what is needed is a method, circuit, and system for protecting information in a personal digital device. For this purpose, the ability to protect such information should not depend on where the information is stored in the device, whether internal or external to the main processing chip. Furthermore, by implementing security, it is preferable that resources that can be used for processing operations more directly, such as available memory space, are not wasted. The security method and hardware are preferably applicable to a wide variety of system configurations.
[0005]
(Summary of Invention)
In accordance with the principles of the present invention, a system is disclosed that includes a central processing unit that operates in response to a set of instructions for processing information. An interface is included that provides access from external devices to selected circuits that form part of the system. A set of non-volatile programmable security elements provides a private environment for processing information by selectively enabling and disabling interface operation. The principles of the present invention provide, among other things, the ability to privateize information in personal digital devices. This principle can be implemented in a manner that does not waste processing resources that can be used more directly for processing operations, such as available memory space. Furthermore, this principle can be applied to a wide variety of system configurations, where private information is stored anywhere in the device, whether in the memory inside the main processing chip or in the external memory. It does not depend on what is done.
[0006]
For a more complete understanding of the present invention and its advantages, reference is now made to the following description taken in conjunction with the accompanying drawings, in which:
[0007]
(Description of Preferred Embodiment)
The principles of the invention and its advantages can best be understood by referring to the embodiments shown in FIGS. 1-17, where like numerals refer to like parts throughout the drawings.
[0008]
FIG. 1A is a high-level functional block diagram of an integrated circuit 100 that implements the principles of the present invention. The integrated circuit 100 is, for example, a Circus Logic EPxx integrated circuit. The integrated circuit 100 can be advantageously used in a plurality of consumer and industrial handheld information devices including portable information terminals, electronic notebooks, interactive pagers, among others. Specifically, the integrated circuit 100 can be configured to perform audio processing with a battery-powered Internet audio decoder.
[0009]
Two other exemplary systems in which the principles of the present invention can be advantageously applied are shown in FIGS. 1B and 1C and described further below.
[0010]
FIG. 2 shows an integrated circuit having a certain system configuration. This figure is referred to when describing input / output signals (ports) of various functional blocks of the integrated circuit 100.
[0011]
The integrated circuit 100 is built around an ARM720T processor 101 as described in the ARM720T data sheet available from ARM, Cambridge, UK. Generally, the processor 101 includes a central processing unit (CPU) core 102, an 8 kilobyte cache 103, a memory management unit (MMU) 104, and a write buffer 105, each of which will be described in more detail below. Note that in alternative embodiments, an ARM920 processor may be used.
[0012]
CPU 102 is a 32-bit microprocessor based on a reduced instruction set computer (RISC) architecture. The associated 8 kilobyte cache 103 is a mixed instruction / data cache (IDC), organized as a 4-way set associative cache consisting of 512 lines of 16 bytes (4 words).
[0013]
The MMU 104 includes a translation index buffer (TLB), access control logic, and translation table walking logic. The main functions of the MMU 104 are conversion of virtual addresses to physical addresses and control of memory access. The MMU 104 also supports a conventional two-level page table structure. In general, the TLB caches 64 translated entries and provides translation to the associated access control logic. If there is a hit in the translated entry in the TLB due to the virtual address, the access control logic determines whether to allow the access. If access is permitted, the MMU 104 outputs the corresponding physical address from the TLB cache. On the other hand, if the access is not permitted, the MMU 104 notifies the CPU 102 to execute the cancellation. When there is no hit (miss) in the TLB cache as a result of the virtual address, the translation table walking circuit extracts necessary translation information from the translation table in the physical memory. This conversion information is written to a replacement point or entry in the TLB cache. This allows the access control logic to determine whether or not to permit access.
[0014]
Write buffer 105 is used to buffer up to 8 words of data and 4 independent addresses. When this is enabled, the CPU 102 writes data or instructions to the write buffer 105 using an external clock and returns to instruction execution. In parallel with this, the write buffer 105 can write data to the internal data bus 106 and write an address to the internal address bus 107.
[0015]
An on-chip phase-locked loop (PLL) 108 driven by a 3.6864 MHz crystal 109 is used in certain modes to provide a clock to the processor 101. In embodiments using ARM720T, the main (CPU) clock can be programmed to either 18.432 MHz, 36.864 MHz, 49.152 MHz, or 73.728 MHz. (PLL 108 preferably operates at twice the highest possible CPU clock frequency, ie 147.456 MHz.) When the CPU clock frequency is selected to be 36.864 MHZ, internal data bus 106 and internal address bus. 107 also operates with a clock of approximately 36 MHz. For CPU clock frequencies above 36 MHz, only processor 101 operates at a clock speed above that frequency, and internal data bus 106 and internal address bus 107 are clocked at a speed of 36 MHz. The CPU clock frequency is selected by programming a 2-bit register field in the system control register SYSCON3. (A list of internal registers of integrated circuit 100 is provided as Table 1. A complete description of these registers is obtained from “Cirrus Logic EP7211 Preliminary Data Sheet.” Which is incorporated herein by reference.
[0016]
Note that integrated circuit 100 also includes an external clock input, which allows a 13 MHz external clock to be input to drive substantially all on-chip circuits in the second clock mode. As shown in FIGS. 4A and 4B, when the clock enable signal is asserted at pin CLKEN, the external clock drives pin EXPCLK. FIG. 4A shows a case where the integrated circuit 100 enters the standby state, and FIG. 4B shows a case where the standby state ends. (The standby state will be further described below.)
[0017]
The oscillator 110 is used to generate a 1 Hertz clock that is used to drive a 32-bit real-time clock generator (RTC) 112. The RTC 112 is written to, read from, and can include a 32-bit output match register. The output match register allows an interrupt to be issued when the RTC time matches a predetermined time. The RTC 112 is also used to drive a programmable LED flasher (not shown).
[0018]
The integrated circuit 100 further includes a pair of on-chip timer counters 113. Each timer counter is independent and includes a 16-bit read / write data register. A given counter is loaded to a desired value and decremented in response to a preselected clock. When the timer counter overflows (ie, reaches zero), an appropriate interrupt is generated. The timer counter register can be read at any time. The clock frequency of these timers can be selected by writing to the corresponding bit in the system control register SYSCON. For example, if the PLL 108 is sourced from an internal clock, the timer counter 113 can use speeds of 512 kHz and 2 kHz. When using a 13 MHz clock from an external source, 541 kHz and 2.115 kHz clocks can be used. It is also possible to generate a 500 kHz clock from a 13 MHz source by using a circuit that divides by 26, which is made possible by setting a bit in the system control register SYSCON2.
[0019]
Each timer counter 113 can operate in a free running mode or a prescale mode by setting or clearing a bit in the system control register SYSCON1. In free running mode, if a given counter overflows (ie, reaches zero), it wraps to 0xFFFF and continues to count down. In prescale mode, the value written to a given timer counter is automatically reloaded when the counter overflows the lower digits. The prescale mode can be used to create a programmable frequency, drive a buzzer, or generate a periodic interrupt.
[0020]
The state control circuit 114 allows the integrated circuit 100 to be set to an active state, an idle state, or a standby state. A state diagram representing the operation of the state control circuit 114 is shown in FIG. The operating state is a normal program execution state where all clocks and peripheral logic are available. The idle state is similar to the active state, except that the CPU clock is stopped during an interrupt or wakeup to return the circuit to the active state. In the standby state, the PLL 108 is shut down, but the crystal 111, the oscillator 110, and the RTC circuit 112 are kept in operation. During the standby state, the external address bus and data bus also degrade operation to prevent the powered down peripherals from consuming current. Note that the integrated circuit 100 is forced into a standby state when it is first turned on or during a cold reset, and this state can only be terminated by an external wake-up instruction.
[0021]
The power management is performed through the power management control block 115 in addition to the state control circuit 114. Table 12 shows states of various functional blocks of the integrated circuit 100 in each state. When the power management circuit 115 receives the active-low power abnormality signal PWRFL from the external power supply unit 201, the power management circuit 115 places the integrated circuit 100 in the standby mode. When the integrated circuit 100 is driven by the external DC power supply 202, the external power supply sensing input signal EXTPWR is set to active low. When using battery 203, the BATOK pin is active high to indicate that the main battery is normal. The falling edge of this signal generates a FIQ (Fast Interrupt Request). When the signal on this pin goes low in the standby state, system startup is prohibited. A new battery sensing signal BATCHG indicates that a new battery is required. This input is active low when the battery voltage falls below the “no battery” threshold. The battery that provides power to the integrated circuit 100 may be, for example, one or more standard AA batteries that are widely distributed to retail consumers.
[0022]
An exception is typically generated when an unexpected event occurs during program execution (ie, an interrupt or memory failure). When multiple exceptions occur, the interrupt controller 116 acting on the fixed priority system determines the order in which the exceptions are serviced.
[0023]
Integrated circuit 100 supports two interrupt types: interrupt request (IRQ) and fast interrupt request (FIQ). FIQ has a higher priority than IRQ. When two or more interrupts of the same type occur simultaneously, the conflict is resolved in software. Tables 2A-2C show preferred interrupt assignments. INTMR1 and INTSR1 in the table are the high-speed interrupt mask register and high-speed interrupt status register, INTMR2 and INTSR2 are the second interrupt mask register and second interrupt status register, respectively, INTMR3 and INTSR3 are the third interrupt mask register A register and a third interrupt status register. Note that if two interrupts are received from the same group (IRQ or FIQ), the order in which they are serviced is preferably resolved in software.
[0024]
In general, the interrupt controller 116 operates as follows. An external or internal interrupting device asserts the appropriate interrupt. FIQ or IRQ is asserted by interrupt controller 116 when the appropriate bit is set in the corresponding interrupt mask register. If the interrupt is permitted, the processor 101 jumps to the corresponding address. The interrupt dispatch software then reads the corresponding interrupt status register to determine the interrupt cause, calls the appropriate interrupt service routine software, and the software routine performs an interrupt cause by some action specific to the interrupting device. To clear. The interrupt service routine can then re-enable the interrupt and service any other pending interrupts as well. All other external interrupt sources remain active until the corresponding service routine begins execution.
[0025]
Table 3 shows the waiting time for external interrupts. In the active state, the processor 101 checks whether its FIQ and IRQ inputs are low after executing each instruction. Thus, there will be an interrupt latency that is directly related to the amount of time it takes to detect the interrupt condition first and complete the current instruction. In the wait state, the wait time depends on whether the system clock is shut down and whether the control bit FASTWAKE in the system control register is set. As pointed out above, the PLL 108 is always shut down in the standby state. When the FASTWAKE bit is cleared, the waiting time is between 0.125 seconds and 0.25 seconds. However, when this bit is set, the waiting time is between 250 microseconds and 500 microseconds. Even when an external clock is used and disabled during standby, the waiting time is between 0.125 seconds and 0.25 seconds, thereby stabilizing the oscillator. If the external clock is not disabled, the waiting time can be reduced to a few microseconds. It is also possible for the integrated circuit 100 to exit the idle state by an interrupt. In this case, the CPU clock must be restarted, and further, the service for the interrupt can be delayed for instruction execution as described above.
[0026]
In the illustrated embodiment, an on-chip boot ROM 117 that holds an instruction set for initializing the integrated circuit 100 is provided. The on-chip boot ROM also sets UART1 described further below in the received 2048-byte serial data downloaded to the on-chip SRAM 118. Once the data has been downloaded to the SRAM 118, the processor can continue executing instructions by jumping to the start of the SRAM. Conveniently, this configuration allows code to be downloaded and system flash memory programmed during the manufacture of devices using integrated circuit 100. Note that the user can choose to boot from on-chip ROM 117 or from external memory connected to port CS [0]. Specifically, when the signal at pin MEDCHG is low, booting is performed from on-chip ROM 117, and when a high signal is applied to this pin, it is necessary to boot from external memory. Note that the effect of booting from the on-chip boot ROM is the reverse of internally decoding all chip select signals. This function is shown in Table 5A, and normal non-inverted chip select decoding is shown in Table 5B. In addition, booting can be done from external memory using a boot device width whose width can be selected according to Table 4.
[0027]
The ARM720T processor has a 4 gigabyte address space. In the illustrated embodiment, the integrated circuit 100 uses the lower 2 gigabytes of this address space for ROM / RAM / Flash and expansion space. Furthermore, 0.5 gigabytes is used for DRAM, and the remaining 1.5 gigabytes and less than 8K of internal registers are unused.
[0028]
The memory and I / O expansion interface supports six separate linear memories or expansion segments for external expansion memory 204. The other two segments are dedicated to on-chip SRAM and ROM. The size of each segment is 256 megabytes. Any of the six segments can be used to support a conventional SRAM interface. In addition, each segment can be individually programmed to be 8 bits, 16 bits, or 32 bits wide, thereby supporting page mode access and executing from 1 to 8 wait states for non-contiguous addresses However, in the case of burst mode access, it can be executed from a waiting state of 0 to 3. The sequential function of waiting for zero allows the integrated circuit 100 to interface with a burst mode ROM. While the on-chip ROM space is fully decoded, the full SRAM address space is fully decoded because the maximum size of the video frame buffer used to drive the external LCD (maximum Note that it is up to 128 kilobytes).
[0029]
Two of the extension segments can be reserved to establish an interface with the two PC Card cards 205 using the chip select signals NCS4 and NCS5. The interface with an external PC card is preferably performed through a Circus Logic CL-PS6700 PC card slot driver 206. Segmenting memory allows different types of access (ie attributes, input / output, and common memory space).
[0030]
The EXPCLK port to extended control block 119 outputs an extended clock equal to the CPU clock in 13 MHz mode and 18 MHz mode, which is 36.864 MHz if integrated circuit 100 is operating in 36 MHz, 49 MHz, or 70 MHz mode. Have a speed of (The EXPCLK port is used as the clock input in the 13 MHz mode above.) The EXPRDY pin (Expansion Port Ready) is placed low by an external expansion device to extend the bus cycle and insert a wait state. . The chip select signal CS [0: 3] is used for SRAM expansion, while the chip select signal CS [4: 5] can be used for both memory expansion or PC card selection. The write strobe WRITE goes low while reading from the expansion device and goes high while writing to the expansion device. The word / halfword bit (2) indicates to the external device whether the access size is word, halfword, or byte while writing from the integrated circuit 100. The DRAM controller 120 provides a programmable 16-bit or 32-bit wide interface to up to two banks 207 of DRAM, each bank having a storage capacity of up to 256 megabytes. The DRAM bank may be any of a plurality of types of DRAM distributed in the market, including conventional DRAM, synchronous DRAM (SDRAM), EDODRAM (Extended Data Out DRAM), first page mode DRAM, and DDRDRAM (Double). Data Rate DRAM). Further, these DRAMs may be of a self-refresh type that is placed in a low power state when the integrated circuit 100 enters the standby state described above. To support two banks, two row address strobes RAS [0: 1] can be generated along with four column address strobes CAS [0: 3]. The output enable signal MOE is used to enable DRAM, ROM / SRAM / flash, or extended output. The write enable signal NWE is used for the same external device set. The DRAM controller also includes a programmable refresh counter whose refresh cycle is controlled using a refresh cycle register (DRFPR).
[0031]
Table 6 shows the preferred physical DRAM addressing. Tables 7 and 8 represent DRAM address mapping for 32-bit and 16-bit DRAM memory systems. Assume that this 32 bits is based on two x16 devices connected to each RAS line, selecting the operation of a 32-bit DRAM. This mapping is repeated for every 256 megabytes in each bank. The placeholder “n” in these tables is equal to 0xC + bank number. The 16/32 bit DRAM selection is programmed by setting the bit in the system control register SYSCON2.
[0032]
The flash interface 121 enables the integrated circuit 100 to interface with the flash memory using the chip select signal CS [0: 1].
[0033]
The LCD controller 122 provides all the control signals needed to allow the integrated circuit 100 to interface directly with the single panel multiple LCD module 209. The total frame buffer size can be programmed up to 128 kilobytes using both on-chip and off-chip memory. As described above, by using the on-chip SRAM 118 as an LCD video frame buffer, a system can be constructed without using an external DRAM. The screen is preferably mapped to a video frame buffer.
[0034]
An LCD direct memory access (DMA) engine 123 is provided to fetch display data for the LCD controller 122 from the frame buffer memory. The pixel bit rate, and hence the LCD refresh rate, can be programmed from 18.432 MHz to 576 kHz when operating in 18.432-73.728 MHz mode, and from 13 MHz to 203 kHz when operating with a 13 MHz clock. can do.
[0035]
Integrated circuit 100 includes a pair of universal asynchronous transmit / receive (UART) interfaces 124 and 125. These asynchronous ports can be used for communication with a pair of RS-232 transceivers 210, for example. Each UART 124/125 can support a data rate of up to 115.2 kilobits per second when the integrated circuit 100 operates with a clock generated by the PLL 108. If the integrated circuit 100 is driven by a 13 MHz external clock source, the UART bit rates that can be generated include 9.6 Kbps, 19.2 Kbps, 38 Kbps, 58 Kbps, and 115.2 Kbps.
[0036]
Both UARTs 124/125 include a 16-byte transmit FIFO that drives the corresponding transmit (TX) pin and a 16-byte receive FIFO for receiving data from a dedicated receive (RX) pin. An RX interrupt is asserted when a given RX FIFO is half full or when it does not receive any more characters and is non-empty for longer than 3 character long times. The TX interrupt is asserted whenever a given TX FIFO buffer reaches a half-empty state.
[0037]
UART 124 (UART1) can also receive three modem control signals CTS, DSR, and DCD in addition to the RX and TX ports. Other modem control RI input and output modem control signals RTS and DTR can be implemented using the GPIO port 129, described further below. A modem status interrupt for UART1 is generated when any of these modem control bits change.
[0038]
The UART operation and line speed can be programmed through the UART bit rate and line control registers (UBLC1 and UBLC2). The four FIFOs can also be programmed to be 1 byte deep. The framing error bit and parity error bit detected when receiving each byte can also be read from the 11-bit wide register.
[0039]
The integrated circuit 100 also includes a post-processing stage 126 according to the IrDA (Infrared Data Association) SIR protocol at the output of the UART 124. Integrated circuit 100 includes pins that drive the input of connections to infrared light emitting diodes (LEDs) and photodiodes (collectively shown as block 211 in FIG. 2). The SRI encoder 126 is switched into the TX port and RX port of the UART 1 and the above signals can directly drive the infrared interface.
[0040]
The integrated circuit 100 further includes an SPI / Microwire master mode 128 Kbps ADC interface 127 and a serial interface 128, the latter being shown in more detail in FIG. A preferred serial pin assignment for the digital audio port is shown in Table 10. The SPI interface 1 (ADC interface) can be used for communication with an external analog / digital converter 212 and a digitizer 213. The serial interface block 128 includes a master / slave mode SBI / Microwire (SSI2) interface 603, a digital audio interface (DAI) 601, and a codec interface 604, all of which are set by a multiplexer 602. Multiplexed on external interface pins. The selected interface drives the corresponding circuit in block 214 of FIG. Multiplexing is controlled by programming the corresponding field in the system control register. A list of available serial interface options is provided in Table 11.
[0041]
The ADC interface 127 is compatible with SSI or Microwire compatible devices such as MAXIM, MAX148 / 9 peripherals in the default mode. The ADC interface 127 can interface with devices such as the analog device AD7188 / 12 chip using NADCCS as a common RFS / TFS line. Exemplary timing diagrams when integrated circuit 100 drives MAX 148/9 and AD 7811/2 are provided as FIGS. 7A and 7B, respectively. Exemplary I ² The S interface is shown in FIG.
[0042]
The clock output frequency of the ADC interface 127 can also be set using the system control register. For the 18.432-73.728 MHz operating mode, the ADC clock (ADCCLK) can be set to 4 MHz, 16 MHz, 64 MHz, or 128 MHz. When the integrated circuit 100 operates in response to an externally generated 13.0 MHz clock, the ADC clock can be set to 4.2 kHz, 16.9 kHz, 67.7 kHz, or 135.4 kHz. The sample clock SMPCLK always operates at a speed twice the shift clock (ADCCLK) frequency. Available ADC frequency options are shown in Table 12.
[0043]
The ADC serial output ADCOUT is provided by an 8-bit or 16-bit shift register, depending on the bit set in the SYNCIO register. The ADC serial input channel ADCIN is captured in a 16-bit shift register. The ACD clock sync pulse is activated by writing to the output shift register. During transfer, the SSIBUSY (Synchronous Serial Interface) busy bit in the system status flag register is set. When the transfer is complete and valid data is in the 16-bit read shift register, the SSEOTI interrupt is asserted and the SSIBUSY bit is cleared. The sample clock SMPCLK is enabled alone.
[0044]
The digital audio interface 501 provides an interface to a CD quality A / D and D / A converter as shown in FIG. (DAI is I ² A subset of S. ) 16-bit stereo digital audio 128-bit frame, audio sampling frequency, with separate transmit and receive lines. Note that each frame contains only 16 bits of the right channel and 16 bits of left channel audio data. The remaining bits are set to zero.
[0045]
FIG. 10 is an exemplary timing diagram illustrating the operation of DAI 601. The left and right clock (LRCK) provides a frame synchronization signal. The serial clock (SCLK) is a bit transfer clock and preferably has a speed fixed at 128 times the audio sample frequency. SDOUT (SDATAO) and SDIN (SDATAI) are used to transmit reproduction data to an external D / A converter and receive recording data from the external A / D converter, respectively. The timing between the integrated circuit 100, the external D / A converter and / or the external A / D converter is based on the oversampled clock MCLK. MCLK preferably has a speed fixed at 256 times the sampling frequency.
[0046]
Asynchronous serial interface 2 (SSI2) 503 is an SPI / Microwire interface that can operate in full master / slave mode. FIG. 10 represents a pair of integrated circuit 100 devices configured to operate in a master / slave manner. The preferred maintenance data transfer rate is 85.3 Kbps, which ensures that the period between interrupts is long enough. An interrupt is generated when the receive FIFO is half full and the transmit FIFO is half empty. In the slave mode, the serial clock (SSICLK) and the serial reception port (SSIRXDA), the received synchronization control pin (SSIRXFR) and the transmission synchronization pin (SSITXFR) are input, and the transmission pin SSITXDA is an output. In master mode, pins SSICLK, SSITXDA, SSITXFR, and SSIRXFR are outputs and pin SSIRXDA is an input. Mode selection is performed by programming bits in the system control register.
[0047]
Both asymmetric (unbalanced) traffic and continuous traffic are supported using separate transmission control lines and frame synchronization control lines SSTXFR and SSIRXFR. In this configuration, the receiving node receives 1 byte of data in 8 clocks after asserting the received frame synchronization control signal, and the transmitting node receives 1 byte in 8 clocks after asserting an independent transmission frame synchronization control pulse. Send data. Exemplary timing diagrams representing the operation of these two interfaces are provided in FIGS. 7A and 7B for reference.
[0048]
The codec interface 604 supports a direct connection to the telephony codec. In conjunction with clock and clock signal generation, the codec interface 604 also performs parallel-to-serial and serial-to-parallel conversions. This interface is full duplex and uses a corresponding transmit and receive FIFO operating at 64 Kbps. If allowed, a codec interrupt CSINT is generated every 8 bytes transferred (ie when the FIFO is half full / empty), in other words, every 1 millisecond with a 1 millisecond latency. . This timing is shown in FIG. 8, where CDENRX and CDENTX are a reception control bit and a transmission control bit in the system control register SYSCON1, respectively.
[0049]
The DAI 601 is an interface such as the interface 900 shown in FIG. ² Supports S interface. In this case, both the external ADC 901 and the external DAC 902. Clock source 903 provides a time reference. An exemplary timing diagram is provided in FIG. In FIGS. 9 and 10, MCLK is an oversampled clock, which is typically fixed at 256 times the audio sampling frequency. SCLK is a bit clock, which is typically fixed at 128 times the audio sampling frequency. LCLK is a frame synchronization signal and is usually fixed to the audio sampling frequency. SDOUT is an audio data output for transmitting playback digital audio to the DAC 902. SDIN receives recording data from the ADC 901.
[0050]
The SSI1 interface 603 supports a master / slave operation as shown in FIG. This interface provides a means to perform full-duplex serial transfer between two nodes. Data is transferred in bytes in response to clock and frame synchronization signals.
[0051]
Integrated circuit 100 is also provided with a set of general purpose input / output (GPIO) ports 129. In the illustrated embodiment, there are three 8-bit ports and one 3-bit port. The GPIO port can be used for purposes such as establishing an interface with the keyboard driver 215.
[0052]
A PWM (Pulsed with Modulator) circuit 130 includes two outputs for driving a DC / DC 216 converter operating in cooperation with an external power supply unit (PSU) subsystem 201. Typically, external input pins connected to the output from the comparator that monitors the external DC / DC converter output are used to enable these clocks. When the integrated circuit 100 is operated by the internal PLL 108, the PWM clock has a frequency of 96 kHz. The duty cycle ratio of these signals can be programmed from 1:16 to 15:16. Detection of the active cycle of the PWM drive signal can be set high or low by latching the state of the drive signal during power-on reset (i.e. pulling up the drive signal causes the output of the drive to become active Go low and vice versa). As a result, a positive voltage or a negative voltage can be generated by an external DC / DC converter. These outputs can also be disabled by clearing the bits in the control register.
[0053]
Communication between the blocks of the integrated circuit 100 is established through the advanced peripheral bus 132 and the advanced peripheral bus bridge 131. Internal data bus 106 is 32 bits wide and can be connected to external devices through multiplexing circuit 132. The internal address bus 107 is 28 bits wide and can communicate with external devices through the multiplexing circuit 133. An IEEE 1149.1 compliant ICE-JTAG circuit 134 is included for boundary scanning during the testing and development phase. Embedded ICE also supports ARM processor core debugging.
[0054]
In the preferred embodiment, the internal registers of integrated circuit 100 are of little endian configuration. However, the integrated circuit 100 is advantageous in that it can interface with a big endian external memory system. Specifically, the big end bit and the CPU 101 register set determine whether words in the external memory are stored in big endian format or little endian format. Specifically, the memory is considered a linear set of bytes numbered from zero to top. Bytes 0-3 hold the first storage word, bytes 4-7 hold the second storage word, and so on. In the little endian scheme, the lowest numbered byte in a word is considered the least significant byte of the word, and the highest numbered byte is the most significant word. Thus, byte zero in the little endian system is connected to data lines 7-0. In big endian mode, the most significant byte of a word is stored in the lowest numbered byte and the least significant byte is stored in the highest numbered byte. Thus, byte zero in a big endian system is connected to data lines 31-24. In the illustrated embodiment, only the load and store instructions are performed in an endian manner. Tables 13 and 14 represent the operation of the integrated circuit 100 for both reading (Table 13) and writing (Table 14). Note that column address strobe lines NCAS [3: 0] to the DRAM bank are always connected to the same byte lane regardless of endianness. For example, column address strobe line NCAS [0] is associated with data lines D [7: 0] and NCAS [3] is associated with data lines D [31:24]. As a result, in little endian systems, line NCAS [0] is asserted for read / write with byte 0 of the DRAM, and in big endian systems, line NCAS [3] is at byte 0 of the DRAM. Asserted for access.
[0055]
Integrated circuit 100 includes a set of programmable fuses that allow each chip to be assigned one or more unique ID numbers and passwords. Programmable fuses and associated registers are located in the security registers and in the hardware block 133 (FIG. 1) that operates from the APB 132. Limiting to the embodiment of FIG. 1D, the boot ROM itself is on the ARM local bus 107 and access checking is split to have logic both on the ARM local bus and in the ARM local / global AHB wrapper. become.
[0056]
In the preferred embodiment, this is 256 programmable fuses, including a set of public and private fuses. Private fuse addresses and values are hidden, and only private firmware corresponding to those fuses is allowed access. In a non-private environment, these addresses and values all return to zero. Public fuses are shown in Table 15 and private fuses are shown in Table 16.
[0057]
Integrated circuit 100 also includes embedded hardware in block 133 for matching the fused Hamming code with the Hamming code that matches the selected ID. When the validity check address is read, the ID value is checked against the Hamming value. The resulting 5-bit code provides debug information if the Hamming code does not match (if all fuses are blown or all fuses are not blown). Table 17 shows the decoding of the validity check read bits. This advantageously detects an error that occurs when the fuse is blown, and at the same time maintains a state in which access to the fuse value and address is not possible.
[0058]
Table 18 provides addresses that return validation codes for public ID-CHK pairs.
[0059]
Table 19 provides addresses that return the validation code for the private ID-CHK pair. These addresses can be accessed only from the firmware when the integrated circuit 100 is operating in the private mode, and 0 is read otherwise.
[0060]
There are two test registers that can be selected and validated as ID-CHK pairs so that the Hamming code generator can be fully tested. Table 20 provides the definition and location of these registers.
[0061]
FIG. 1B is a high level functional block diagram of a second system in a chip 140 suitable for implementing the principles of the present invention. This embodiment uses an ARM920T processor 141 that has both an instruction cache and a data cache in addition to the MMU. Unlike the integrated circuit 100, the system 141 does not include a general-purpose SRAM.
[0062]
FIG. 13 is a more detailed functional block diagram of the processor 141, particularly in an embodiment based on the ARM920T core. In this embodiment, the available cache includes both an instruction cache 1301 and a data cache 1302. Similarly, a separate instruction MMU 1303 and data MMU 1304 are used. The instruction modification virtual address (IMVA) bus, the instruction physical address (IPA) bus, and the instruction data (ID) bus are each 32 bits wide. Similarly, the data modification virtual address (DVMA) bus, the data physical address (DPA) bus, and the data data (DD) bus are also 32 bits wide. Physical addresses and data are exchanged with the AHB bus 142 through the AMBA bus interface 1305. Write buffer 1306 allows data to be exchanged in parallel through interface 1305 during operation of the processor core. Data in the cache 1302 can be output through a write back physical address (PTAG) RAM 1307.
[0063]
Essential to the processor core is the coprocessor, which translates the virtual address issued by the CPU into a modified instruction and data virtual address (MVA) transmitted in IMVA and DMVA as shown in FIG. 1B. Includes registers. Specifically, in the case of an address in a memory area of 0 to 32 megabytes, the virtual address VA is modified by a 7-bit process identifier to become VMA = VA + (ProcID × 32 megabytes), and this process identifier ProcID is the read or write process It is an identifier.
[0064]
The system 141 is based on an internal AHB (Advanced Microcontroller Bus Architecture High Speed Bus) 142 and an internal APB (Advanced Peripheral Bus) 143. The AHB / APB bridge 144 interfaces with the AHB 142 and the APB 143. The second bridge 145 serves as an interface between the processor 141 and the AHB 142.
[0065]
Devices that operate from the AHB 142 include a graphics engine 146 and a raster engine 147. In general, the graphics engine offloads functions such as block transfer and line drawing from the processor 141 in order to improve the graphics performance of the system. Graphics engine 146 preferably uses a standard device-independent bitmap (DIP) format to support Windows® CE. A raster engine 147 is provided for rasterizing data from an external display buffer through a synchronous DRAM interface 148 to drive an external LCD display, CRT display, or TV display.
[0066]
Other on-chip interfaces leading to the internal AHB include interface 149 that couples system 141 to an external system bus, PCMIA for interfacing with external PC cards, and on-chip such as DMA controllers and raster systems A test interface controller (TIC) interface 151 for testing circuit blocks is included. The memory interface 152 makes it possible to exchange control signals and data with an external SRAM, flash, or ROM in a manner similar to that described above. Then, the booting of the system described further below is performed at least partially using the boot ROM 53. In this example, boot ROM 153 operates from AHB 142, but in alternative embodiments, it can operate from any of a plurality of global and local buses.
[0067]
The system 140 includes an 8-channel DMA engine 154 that prioritizes and services requests for access to external memory by on-chip resources such as UART. Joint Test Action Group (JTAG) port 155 supports debugging of circuitry associated with on-chip processors. The universal serial bus (USB) controller 156 and the Ethernet (registered trademark) port 157 operate directly from the AHB.
[0068]
Multiple peripheral devices are provided on-chip and operate from the APB 143. System 140 includes UARTs 158, 159, and 160, among others. The illustrated embodiment also includes a pair of SP1 interfaces 161 and 162 and an AC97 interface 163. A real time clock (RTC) 165, a general timer set 166, and a watchdog timer 167 are also provided in this embodiment. An additional memory interface, EEPROM interface 168, is also coupled to the APB.
[0069]
Manual entry of data can be through an external key matrix coupled to the key matrix interface 169 or through a touch screen that interfaces with the touch screen ADC 171 and touch screen interface 170. An LED output 172 is also included in the user interface of the system 140.
[0070]
Similar to integrated circuit 100, system 140 includes a set of general purpose input / output (GPIO) ports 173, an interrupt controller 174, and an on-chip PLL 175 that drives system control circuit 176. The control circuit includes a memory remapping and system suspension control circuit 177. The flash VPP control block 178 generates a voltage necessary for writing and erasing the external flash.
[0071]
FIG. 1C is a high-level functional block diagram of another exemplary system-on-chip 180 that can suitably apply the principles of the present invention. In this example, a CPU core 181 such as an ARM7TDMI controller does not use an MMU or an on-chip cache. The CPU 181 operates in cooperation with the AHB bus 142 via the local AHB bus and the local / main AHB interface 182. CPU 181 is supported by memory 183, security gate 184, and security / reset circuit 185. Security is described in more detail below.
[0072]
In this embodiment, system 180 further includes a digital signal processor (DSP) 186 supported by global memory 189, data memory 190, and program memory 191. Interprocessor communication register 192 and I ² An S audio input / output port 193, a PWM circuit 194 capable of driving an external speaker at a CD quality level without using an analog DAC support circuit, and a DSP timer / STC 195 are connected to a DSP 186 via a DSP peripheral bus 196. Communicate with. These devices also operate from the APB. Peripheral devices operating from APB include USB slave port 197, SPI 198 for serial media input, and I ² S host port 199 is included.
[0073]
The Motion Picture Expert Group (MPEG) audio compression standard defines a stream syntax along with a process for decoding an encoded stream of digitized audio data. In the audio arena, three layers, namely layers I to III, are respectively defined. For purposes of this discussion, consider Layer III, which provides the highest quality audio playback.
[0074]
The encoding process begins by sampling one or more audio channels at a given sampling rate, such as 32 kHz, 44.1 kHz, or 46 kHz. The resulting digitized stream is passed through a polyphase filter bank, which divides the received time domain stream into 32 frequency subbands. Typically, the filter bank operates on 64 input samples at a time with 50% overlap, producing 32 frequency domain samples for 32 input time domain samples.
[0075]
The psychoacoustic model is used to remove portions of the audio signal that are inaudible to the human ear for auditory masking. Auditory masking is a feature of the human auditory system, where a strong audio signal makes it impossible to perceive weak audio signals that are close in time or space. Furthermore, the ability of the human ear to distinguish sounds is frequency dependent. In certain critical bands, the human ear does not precisely separate various incoming audio components. A processing subband that approximates such a critical auditory band is quantized according to the audibility of quantization noise in the subband.
[0076]
An engine based on a psychoacoustic model operates in parallel with a polyphase filter to determine the available noise masking for a given frequency component and a given volume. Based on this information, the data stream output from the polyphase filter is quantized and encoded. In Layer III, each of the 32 subband outputs from the polyphase filter is passed through a window, which allows the stream to be streamed with 50% overlap so that the window length is 36 and 12 samples wide, respectively. Parse into a long block of 18 samples or a short block of 6 samples. Long blocks are used to achieve better frequency resolution for relatively constant audio signal components, and short blocks are used to improve the resolution of transients. Next, each subband block is processed by a modified discrete cosine transform (MDCT). By further dividing the subband frequency, the spectral resolution is improved so that part of the aliasing caused by the polyphase filter can be canceled.
[0077]
MPEGx layer III makes the signal to noise ratio more uniform over the range of quantization values by making the quantization non-uniform. Layer III uses a scale factor band that approximates the width of a critical band and covers several MDCT coefficients. The scale factor is used when assigning noise, changes the masking threshold depending on the frequency, and basically sets the gain of each subband. Further, Huffman coding is performed on the quantized MDCT coefficients to enhance data compression. Finally, a bit reservoir is used, but when the number of bits required to encode a frame is less than average, it can be provided with bits and encoded You can borrow a bit from here when the required number of bits is greater than the average.
[0078]
Frames are formed from headers, CRC values, side information, and main data, but the relative positions of these components of the frame are not always in the same order and are not necessarily adjacent in the stream. The header contains a set of frame sync bits, MPEG version and layer identifier, CRC protection bits, a bit rate index indicating the bit rate at which the frame was created, and the frequency at which the audio data was sampled And a sampling rate frequency index indicating, and other information about the data to be transferred.
[0079]
The MPEG1 layer III bit stream can then generally be decoded as follows. Data is input to the decoder at a predetermined number of frames per second. A frame synchronization bit in the header part of each frame is detected. The scale factor is then extracted and decoded. Following this, Huffman encoded main data representing frequency energy is decoded. Apply a scale factor and requantize the data. At this time, when stereo data is processed, the stereo channel is restored to reduce aliasing. An inverse MDCT operation is performed, followed by an overlapped inverse discrete cosine transform (DCT) to return the data to the time domain. A low pass filter is applied to recover the PCM samples, but each sample is essentially a weighted average of 512 time domain samples adjacent to each other.
[0080]
When the integrated circuit 100 is configured as a MPEGx layer III decoder, a stereo DAC, such as a Circus Logic CS43Lxx Stereo Audio DAC, is coupled to the digital audio port 128 for driving a headphone set. An analog / digital converter, such as a Cirrus Logic CS53L32 audio A / D converter, can also be coupled to this port for inputting data from the microphone. This embodiment of FIG. 1D includes an on-chip PWM circuit that can drive headphones at a CD quality level without using an external stereo audio DAC.
[0081]
Often, it is necessary to prevent tampering, duplication, or logic analyzer investigation of software or firmware bundled with an electronic product. As a result, a certain level of security must be provided. This can be done, for example, using encrypted passwords, so that end users who are authorized by the manufacturer have access to assets in system memory for software, firmware download, debugging, and upgrade purposes. Is allowed, but denies the same level of access to unauthorized end users. In the context of a digital audio player, an online music distributor has paid a fee and received the password needed to download a song, based on the perception that this will prevent unauthorized downloads at least to some extent Confidence to allow end users.
[0082]
In general, there are several criteria that a security scheme must meet. First, the system must not allow unauthorized access as a result of a power-on reset. Second, secure information such as encrypted passwords, security codes, and information about the location in memory where the security information resides should not be easily accessible from outside the system. However, this secure information must be verified at the manufacturing test stage to ensure that the quality of the end user system is acceptable for normal manufacturing defects. Finally, if security measures are not provided or activated, the normal operation of the system must proceed in the expected manner.
[0083]
The principles of the present invention advantageously provide security techniques that allow the integrated circuit 100 to meet each of the above criteria. One technique uses the processor 101's ability to reverse the decoding of the chip select signal in response to specific default conditions or dynamic assertion of specific instructions. By reversing the decoding of the chip select at power-on reset, the security code can be executed from a memory space that is normally inaccessible. Furthermore, this functionality of processor 101 can only be activated at specific times when processor 101 does not execute instructions, thereby making any security breach attempt difficult.
[0084]
FIG. 12 is a flow chart illustrating a preferred procedure 1200 for booting integrated circuit 100 in accordance with the concepts of the present invention. Assume that processor 101 is an ARM720T processor or an ARM920T processor, and the signal names are based on signals and / or their instructions. This procedure begins with a power-on reset of the integrated circuit 100 by asserting a power-on reset (NPOR) signal at step 1201. The circuitry in the system immediately disables all hardware and debug functions and hides all security elements (eg firmware, registers, passwords) from external investigation (step 1202). This step ensures that the system is secure until at least step 1203 determines whether the security firmware routine is in place and available. In the preferred embodiment, this is done by reading a programmable fuse register.
[0085]
For purposes of explanation, the case where security is not provided or disabled is first described. In step 1204, it is determined whether to continue booting from the internal ROM or to use external memory. For the ARM processor embodiment, the NMEDCHG bit is used to select between the internal and external boot memory options. In step 1204, if the signal at pin NMEDCHG is clear (ie, active low), the integrated circuit 100 is booted from the internal ROM. In this case, in step 1205, the address mapping to the internal boot ROM is reversed by default. If the address mapping is reversed, execution will start from the current boot ROM location 0 (step 1207). In this embodiment of the figure, the power reset signal NPOR must be asserted to return the address mapping to the normal state.
[0086]
Alternatively, if the NMEDCHG bit is set (ie, in an active high state), booting is done from external memory (ROM / EPROM / flash). In this case, the chip select mapping is set as shown in Table 5A, and the external chip select 0 is selected as the boot memory.
[0087]
Now consider the case where a programmable fuse register read indicates that the security routine is in place and available. The boot branches at step 1208 and proceeds to the execution of the security procedure.
[0088]
The integrated circuit 100 can be configured to accommodate different sets of boot and / or security codes. This allows the integrated circuit 100 to operate using boot / security firmware from multiple vendors, even if each vendor's secure information can only be accessed by the vendor's own boot / security procedure. Therefore, it is convenient. First, the boot memory is programmed with multiple sets of boot code or options. This can be done using an internal boot ROM or one or more external memory chips (ROM / RAM / flash). Multiple boot options allow end users to choose from security firmware available from various vendors.
[0089]
As a result, the first option of the boot options in the boot memory is identified at step 1209 and aliased to the reset vector at step 1210, which is typically position 0x00 for the first option. All necessary security elements (registers, firmware, I / O devices) required for a given implementation are enabled by the current boot option, while all other security options (implementation) are hidden. The state is kept (step 1211). Step 1212 then executes the selected boot code on the processor to attempt to initialize the selected security firmware / software.
[0090]
If the corresponding security firmware / software called by the boot code in step 1213 is in memory, the integrated circuit 100 completes booting and is selected in step 1214 under supervisory control of the security firmware / software. Operates in a secure environment. On the other hand, if the required security firmware / software is not found, another boot option must be tried.
[0091]
If the last security option has not been reached in step 1215, the next security option in the boot code is selected (step 1216). An instruction is issued that dynamically forces a new reset vector to the processor. In this example, the reset vector jumps to point to the second security option in the boot code. At step 1218, processing returns to step 1211 and tries the boot process again. Note that in the illustrated embodiment, the instruction pipeline is three stages. As a result, an instruction for resetting the program counter to 0 is already loaded from the internal boot ROM before the execution of the instruction for changing the chip select. The MOVpc, # 0 instruction causes the processor pipeline to be flushed, thereby allowing several cycles to occur before performing a chip select. During this process, no other access is permitted to memory resources whose chip select signal changes during execution of the remap command.
[0092]
This process repeats until a security option is found that causes the integrated circuit 100 to enter secure operation at step 1214 or until the last security option is reached at step 1215. In the illustrated embodiment, the last or default option returns the boot procedure to a normal (insecure) boot at step 1219. Here, all debugging functions are enabled and the security functions are hidden in step 1220. In step 1221, a default boot ROM is selected, and in step 1222, the processor is dynamically forced with a reset vector. Nevertheless, in alternative embodiments, a default security code can be provided so that the integrated circuit 100 can still operate in a secure environment even if all major options are unavailable.
[0093]
In an embodiment with an integrated circuit 100 based on ARM920T, instructions and data can be locked into the corresponding instruction cache and data cache, which are not selected as replacement sacrifices by the replacement algorithm in the event of a cache miss. Locking data / instructions guarantees cache hits where the corresponding information is fetched directly from the cache, and good cache access latency. Further, information in the locked cache cannot be accessed from outside the integrated circuit 100 except through a JTAG port or other test debug mode that allows visibility into the cache or TLB memory. The JTAG port, which is primarily used during product development and testing, can be disabled when the integrated circuit 100 leaves the manufacturing location.
[0094]
Before locking a cache entry, the corresponding descriptor (physical address and grant) must be locked in the associated translation index buffer (TLB) to obtain predictable performance results. Many devices, such as the ARM920T used in this example, include both a data and instruction translation index buffer (TLB) in addition to the cache. For a given instruction or data field, the CPU generates a virtual address. The modified virtual address is then presented to the corresponding TLB, and the field of the modified virtual address is compared with the comparison (tag) register in the TLB. If there is a match and access can be granted (which is determined by the grant field in the TLB entry), the physical address returned from the corresponding TLB entry along with the modified virtual address index bits Bits are used to generate physical addresses and access caches or external memory as needed. If there is no match, the following process is started to convert the virtual address into a physical address in hardware.
[0095]
When a cache line is locked, the corresponding entries in the data TLB and instruction TLB are also locked and excluded from replacement during TLB update. For the ARM920T processor, the TLB entry locks by writing the identifier for the particular entry in the TLB of the data and instruction to be locked to the TLB lock down field of the system control processor register C15.
[0096]
The TLB lockdown procedure 1300 in FIG. 13 is one technique for locking an instruction TLB entry or a data TLB entry. Step 1301 sets up a page table containing physical address bits and permissions corresponding to the data or instruction to be protected. Then, at least some entries in the target TLB are flushed or cleaned to ensure that the code to be locked is not already in the TLB register (step 1302).
[0097]
In an embodiment using an ARM920T processor, both the data TLB and the instruction TLB are organized into a single segment of 64 lines. The replacement (sacrifice) counter points to the entry to be replaced. Therefore, in step 1303, the replacement counter is updated to point to the next entry to write the locked information. In the preferred embodiment, the process starts at entry 0.
[0098]
A prefetch instruction is used for the instruction TLB to generate a corrected virtual address and forcibly cause a TLB miss (step 1304). In the case of a data TLB, a load instruction can be used to cause a mistake. After a miss has occurred, a page table walk must be performed to generate descriptors (eg, physical addresses and permissions) and loaded into the TLB (step 1305). In step 1306, using the physical address bits of the accessed page table entry and the index bits from the modified virtual address, the descriptor generated by the page table walk is given a given TLB. Load the entry pointed to by the contents of the current replacement counter.
[0099]
In the ARMT 920 embodiment, the loaded TLB entry is locked in step 1307 by setting the corresponding TLB lockdown register bit. If the last entry is reached in step 1308, the procedure ends, otherwise the procedure loops back to step 1303 in step 1309, and the replacement counter is updated in preparation for loading the next entry.
[0100]
Locking a TLB entry can lock the corresponding data or code in the cache. For illustration purposes, consider the case of locking an instruction in the ARM920T instruction cache. The same applies to the data cache. It should also be noted that the inventive concept is not limited to systems using ARM processors, but can be applied to any system or device that includes lockable instruction and / or data caches.
[0101]
FIG. 14 shows a cache lockdown procedure 1400 for locking secure code into the cache. As described further below, in the illustrated embodiment, a cache miss must be forced to perform a lock operation. A preferred method for forcing a cache miss is described below in connection with FIG.
[0102]
In step 1401, an actual page table or an emulated page table is set up with the physical address of the memory location where the data or instruction to be locked is in the cache. An emulated and synthesized page table using the concepts of the present invention is further described below. This table is preferably used to update the corresponding TLB using procedure 1300.
[0103]
In step 1402, at least some cache lines of a given cache are flushed or cleaned to ensure that the code to lock is not already in the cache. Step 1403 forces the replacement (sacrifice) counter associated with the cache to point to the first cache line (cache line 0). In the preferred embodiment, the data cache and instruction cache are each partitioned into eight 64-line segments, and each segment is indexed by an index field in the modified virtual address. Step 1400 fills the cache lines sequentially. For example, all segment cache lines 0 are filled sequentially first, followed by all cache lines 1 sequentially, and so on.
[0104]
Step 1404 generates data or instructions to be cached, which may require a decryption process (decryption). Then, the data or instruction is stored in a corresponding position in the alternative memory such as internal SRAM or external SRAM / DRAM / flash. Step 1305 then performs a prefetch cache line operation to cache the instruction, invoking a lookup on the pointed cache entry. (The LOAD instruction can be used for the data cache.) This causes a cache miss and requires the processor to access an alternate memory containing the necessary data or instructions. If the TLB is up-to-date and accurate, the processor can make this access by referring to the TLB for the required bits in the physical address or directly walk the page table set up in step 1401. This can be done through. The physical address itself is generated from the base address bits of the accessed entry in the TLB and the index bits of the virtual address.
[0105]
In step 1405, the generated code or data is placed where cache misses are to be handled, and in step 1406, a line fill is performed on the current replacement pointer entry of the cache line. Again, the cache segment is indexed with the cache segment index bit of the virtual address to cause a cache miss.
[0106]
If the last segment of a given cache has not been reached in step 1407 and further cache operations are required, the processor increments the cache segment index bit in step 1408 to increment the next cache with the current replacement counter value. • Force the next cache access to the segment. The procedure returns to step 1040 and continues from there.
[0107]
However, if the operation just finished is for the last cache segment and further cache operations continue (ie, the last cache line to be satisfied in step 1409 has not been reached), in step 1410, the procedure Jumps back to step 1403, updates the value of the replacement counter, and the procedure continues from that point.
[0108]
When all the code to be locked has been loaded, the base of the replacement counter is set to a value one greater than the value of the base of the locked cache line (step 1411). This ensures that private data (which has been decrypted at this point) is not overwritten upon a cache miss or cannot be accessed by unauthorized persons. Then, in step 1412, the code can be executed from the cache.
[0109]
One means of creating locked and cached data without using memory locations for the entire area to lock is to emulate that area using the length of the cache line of the register. Cache miss emulation can also be used to improve hardware limitations on the granularity of cache lock processing. For example, in an embodiment according to ARM920T, the cache can be locked in units of 64 word blocks (256 bytes). However, each cache line is only 8 words (32 bytes) long and can therefore be mapped to different locations within a 64 word block depending on the address bits.
[0110]
In accordance with the concepts of the present invention, for each lockable location, eight programmable 32-bit emulated cache line (ECLINE) registers are set up as eight consecutive 32-bit locations at alternate locations in memory. Is done. In addition, a compare (offset) register (ECOFFSET) is set up, which is programmed with a physical address that identifies where in the cache memory space the contents of the ECLINE register are present after the emulated cache miss. Is done. As a result, a position that is one cache line in size can be used to represent the entire 64 word lockable position.
[0111]
The emulated cache miss procedure 1500 is shown in the flow chart of FIG. In step 1501, the contents to be cached (in the instruction cache or data cache) are written to the ECLINE register. Next, an offset to the lockable cache space into which data is written is programmed into the ECOFFSET compare register (step 1502).
[0112]
In step 1503, an operation for causing a cache miss is performed. In the case of an instruction cache, this can be done through a prefetch instruction to the instruction cache, and in the case of a data cache, it can be done through a load instruction. A virtual address generated for this location causes a miss in a given cache and then uses the index bit of the virtual address and the base bit taken from the appropriate TLB, or a page table walk Go to generate the corresponding physical address. Step 1505 retrieves the information in the corresponding ECLINE register, and step 1506 loads it into the addressed entry in the cache. This entry is provided for the lock using procedure 1400. This procedure advantageously allows the locked portion of the cache to be loaded without resorting to internal SRAM or external SRAM.
[0113]
As already pointed out, a page table walk is required during cache and TLB lock operations to generate the physical memory addresses from which data or instructions are fetched. The concept of the present invention enables the creation of a streamlined page table that saves the amount of memory that must be reserved for page table support. Further, even taking into account TLB misses, the concept of the present invention is based on data and electronic analysis through tampering, copying, or secure operation of the MMU 104 during section / page table walk address translation. Protect instruction codes. For purposes of discussion, the ARM920T processor core is considered again, but the principles of the present invention can be applied to other processor and memory management unit memory management schemes.
[0114]
For this embodiment, a conventional page table walk generally proceeds as follows. During a level 1 fetch, the section descriptor (level 1), course page table base address, or fine page table base address is retrieved from the 4096 entry translation base table (TBT). The TBT is accessed using the TBT base address in the translation base register and the table index field of the modified virtual address.
[0115]
If the output from the TBT is a section descriptor, the descriptor includes a section base address and access permissions. The section base address bits from the level 1 descriptor and the modified virtual address section index bits are then used to generate the physical address of the 1 megabyte section of memory. (Assuming that the permissions contained in the level 1 section descriptor are desirable.)
[0116]
The course page table base address retrieved from the TBT, together with the modified virtual address level 2 table index, accesses one of the 256 entries in the course page table, thereby allowing 1 megabyte of Divide the block into 4 kilobyte blocks. The course page table returns a large base address or a small base address along with access permissions. Depending on the permission status, the large page or small page base address bits are combined with the modified virtual address page index bits to create a 64 kilobyte large page or 4 kilobyte small page of memory. Generate the physical address of the page.
[0117]
The fine page base address retrieved from the TBT points to the 1024 entry fine page table, along with the level 2 table index bits from the modified virtual memory address. The output from this table is a level 2 descriptor, which contains a large, small, or tiny base address along with access permissions. A large page is 64 kilobytes, a small page is 4 kilobytes, and a tiny page is 1 kilobyte. If permission indicates access permission, the page base address is concatenated with the page index bit of the modified virtual address to make a large or small page in memory already mentioned, or one in memory. Generate the physical address of a kilobyte tiny page.
[0118]
Memory accessed as a result of the page table walk is either cache, internal memory, or external memory. Update TLB using physical address and permissions. If there is secure information, it is locked in the TLB as described above.
[0119]
The disadvantage of this two-level table walk procedure is that a considerable amount of on-chip memory is required for each table. As mentioned earlier, secure information must be in a memory area inside the system that is not accessible by unauthorized users. Therefore, some measures must be taken to efficiently store information requiring attention in handling such as a physical address conversion method in an available internal memory.
[0120]
The preferred embodiment of the integrated circuit 100 can greatly simplify the table walk process and significantly reduce the amount of memory required for the translation table. This is not only important from the standpoint of improving operating efficiency, but it also ensures that an insecure external memory is not used.
[0121]
Here, the memory space is divided into 256 megabyte regions, and each region is associated with a set of common access characteristics (eg, access permissions, cache possibilities, buffering possibilities). A second level page table is required for only one megabyte of this area. Therefore, since many memory areas have common access characteristics, a much smaller conversion table can be created in the available SRAM space.
[0122]
The access permission indicates whether the given information can be accessed from the corresponding memory block. The cacheability and bufferability attribute bits are used to determine whether the accessed information can be stored in a cache or transferred through a write buffer. For example, the contents of real hardware registers that control UARTs and other peripheral devices and I / O devices cannot generally be cached or buffered by the CPU subsystem. This can lead to inaccurate operation of these peripheral devices due to the actual timing of access.
[0123]
In addition, secure systems keep page / section table information within private area boundaries and move that information from memory to device pins that can be examined by a logic analyzer. It must be impossible.
[0124]
In the illustrated embodiment of partitioning the memory into 16 256 megabyte blocks, a 32-bit register is created to store level 1 AP bits, with each 2-bit pair corresponding to a 256 megabyte memory region. . For example, bits [1: 0] correspond to region 1, bits [3: 2] correspond to region 2, and so on. Set up a 16-bit register to hold a bit set that indicates the cacheability of each level 1 region. Set up another 16-bit register to hold either of the bit sets that indicate the cacheability of each region. These registers are pointed to by the contents of the translation base register in the MMU.
[0125]
FIG. 16A illustrates a procedure 1600 for updating these registers while simultaneously dealing with memory areas having unique characteristics and constants.
[0126]
For a given 256 megabyte region, step 1601 determines whether it has a common set of access characteristics. If the result of the determination is affirmative, step 1602 loads the AP bit corresponding to the corresponding entry in the global level 1 AP register. At steps 1602 and 1603, the corresponding entries in the registers indicating global level 1 bufferability and cacheability are updated as well.
[0127]
In step 1605, the procedure returns to update the register entry of the next memory area (block) that needs to be updated. It is preferable to initialize / update the global access control register in a loop. In general, the value does not change, but can be updated during system processing if necessary. The full register value of the entry that is not synthesized is updated as appropriate during system operation. An update is necessary, for example, when a memory page is replaced with another page when it is “swapped” out to disk or similar mass storage device.
[0128]
For a memory block or register having a unique set of access characteristics including access permissions, bufferability and cacheability bits, and physical address bits at step 1601, a full 32-bit Load a complete level 1 descriptor into a register. The procedure loops back to step 1608 again. This descriptor may contain the address of a course or fine page (level 2) table.
[0129]
Otherwise, at step 1608, a constant is pointed at the hardwired gate. The stored constant may be a fixed value or a base address of the level 2 table. If step 1609 does not require a walk to level 2, the procedure loops back to step 1610. If not, step 1611 sets up the corresponding register in the level 2 synthesized table.
[0130]
A similar process is used for level 2 synthesis. Specifically, for each level 2 page, for a page and sub-block that have common characteristics, a register pointed to by a level 2 base address bit in the level 1 register and a global level 2 AP register Are set up as described above with level 2 bufferability and cacheability registers.
[0131]
At step 1612, for a given page or set of pages, it is determined whether it has a common set of access characteristics. If the determination is positive, step 1613 loads the appropriate AP bit into the corresponding entry in the global level 2 AP register. At steps 1614 and 1615, the corresponding entries in the register indicating global level 2 bufferability and cacheability are updated as well.
[0132]
In step 1616, the procedure returns to step 1601 to update the register entry of the next memory area (block) that needs to be updated.
[0133]
For those level 2 pages, pages, blocks having a unique set of level 2 access characteristics including access permissions, bufferability and cacheability bits, and physical address bits in step 1612; Or for a set of registers, step 1618 loads a full level 2 descriptor into a full 32-bit register. If not, step 1618 points to a constant in the hardwired gate. The stored constant may be a fixed value, a base address, or the like. The procedure loops back to step 1601 at step 1619 again.
[0134]
An exemplary synthesized page table walk is shown in FIG. 12B. In step 1620, a table walk is requested. This request may be in response to a TLB and / or cache miss. In this example, consider the first case where step 1621 does not require the second level of the table walk. At step 1622, the level 1 register is pointed to by the translation base register in the MMU. The level 1 register entry is indexed using the table index bits of the virtual address (step 1623).
[0135]
Steps 1624 and 1625 determine whether the return from the indexed entry of the level 1 register is a complete descriptor or a constant. Consider first if the return is not a constant or a complete descriptor.
[0136]
At step 1626, access control bits (ie, AP, cacheability, and bufferability bits) in the first level global access register are retrieved. Step 1627 then converts the table index of the virtual address to a physical address by moving the bit position relative to the virtual address.
[0137]
In the preferred embodiment, the translated virtual address of a section entry is a table index bit (lookup word index bits 13: 2 into the level 1 page table of 4096 entries is the entry ( Result bit (31:20) for 1 megabyte memory area). The area of the section is defined by the memory location bits (13:10). In embodiments using an ARM920 or ARM720 MMU, several bits in the page table entry will always be a constant 0 or 1.
[0138]
At step 1628, the translated address bits and the retrieved access control bits are combined to form a level 1 descriptor. In step 1629, the composite descriptor for TLB and / or cache update is returned.
[0139]
Returning to steps 1624 and 1625, the level 1 entry is also a complete descriptor (step 1630) or a constant (step 1631). At step 1632 the descriptor or constant can be used immediately.
[0140]
Next, assume that a level 2 table reference is requested in step 1621.
[0141]
The level 2 conversion is similar to the conversion performed when only level 1 reference is required. At step 1633, the level 2 register set up as described above is pointed to by the base address in the MMU. At step 1634, the specific index or entry is indexed using the table index bits of the virtual address. Steps 1635 and 1636 determine whether the indexed register (entry) contains a complete descriptor or constant. If a descriptor is found, the descriptor is taken out at step 1637, and if a constant is found, the constant is taken out at step 1638. This descriptor or constant can be used immediately in step 1639.
[0142]
If neither constants nor descriptors are found in steps 1635 and 1636, the second level access control register is accessed in step 1640 and the corresponding access using the page index bits of the virtual address in step 1641. Retrieve control bits. In step 1642, the page index bits of the virtual address are converted to physical addresses by shifting the bit positions. In step 1643, the physical address bits are combined with the retrieved access control bits to form a composite descriptor. At step 1644, this composite descriptor is returned for TLB update, memory execution on cache miss, or similar operation.
[0143]
Note that for the sake of brevity, the synthesized table walk has been described only with respect to level 1 and level 2 descriptor generation. However, it should be noted that iteratively applying the principles of the present invention can implement other levels of walk-through below the second level.
[0144]
In summary, according to the inventive concept, only a 32-bit AP register and a pair of 16-bit registers for bufferability and cacheability are required for the first level table. All that is required for each second level page that must be addressed is a second level table consisting of a small page AP register and a 1-bit cacheability and bufferability register. is there.
[0145]
The concept of the present invention also advantageously allows for address translation and TLB updates in the event of a cache miss, with memory register emulation similar to cache miss emulation. The cache and / or TLB entries can then be locked for security as described above. The preferred emulation process uses an alternative emulated memory so that the internal memory of the integrated circuit 100 can be allocated for other tasks. The memory address of the page table is preferably mapped inside the integrated circuit. A preferred procedure using such a concept is the emulated table walk / TLB update procedure 1700 shown in FIG.
[0146]
First, an emulated level 1 translation register (table) (EL1TR) containing either a level 1 descriptor or a level 2 base address is created (step 1701). In addition, an emulated level 1 index register (EL1IR) that holds an index to the entry in EL1TR is set up in an alternative memory space (step 1702). The translation base table (TTB) in the MMU is programmed to point to the emulated level 1 table. A request for this area receives the contents of EL1TR including an index to table match EL1IR. If the indexes do not match, the returned value is the entry that raises the exception.
[0147]
For address translation that continues past the second level, an emulated level 2 translation register (EL2TR) containing a level 2 descriptor is created in the alternate memory (step 1704) and the emulated level 2 index is created. The register holds the corresponding index (step 1705).
[0148]
In step 1706, the CPU 101 is instructed or a virtual address is generated using an external address generator. If the cache and TLB are flushed or cleaned, a cache / TLB miss occurs, so in step 1707 the table walk procedure is invoked using the emulated level 1 table pointed to by the MMU. The level 1 table index bits in the virtual address are compared with the table index bits in EL1IR and the corresponding level 1 information returned from EL1TR (step 1708).
[0149]
If the information is a descriptor in step 1708 (ie, level 2 conversion is not required), level 1 access is performed (step 1709), where permission in the descriptor is examined (step 1710). If permission is not granted, operation stops at step 1711. Otherwise, in step 1712, a physical address is generated from the section address bits in the level 1 descriptor and the section index in the virtual address. Step 1713 loads this physical address into the TLB and waits for the lock operation and the corresponding data or instruction to be loaded into the appropriate cache. If step 1714 determines that the current entry in the TLB is not the last entry to load, at step 1715, the procedure loops back to step 1706 to begin the next table walk. Otherwise, in step 1716, the TLB lock procedure is executed.
[0150]
If it is determined in step 1708 that the EL1TR information is the base address to level 2, a level 2 page walk is activated in step 1717. The EL2TR register is accessed using the base address of EL1TR (step 1718). The particular register is indexed using the contents of the corresponding EL2IR register by comparing against the index bits of the virtual address (step 1719). In step 1720, the permissions in the returned level 2 descriptor are examined. If access is not permitted, access is stopped in step 1721. Otherwise, in step 1723, a physical address bit in the level 2 descriptor and a virtual address index bit are used to generate a physical address. . In step 1723, the physical address is loaded into the TLB and a lock operation is awaited.
[0151]
If the current TLB entry is the last entry to load at step 1724, the TLB lock procedure can be invoked at step 1725; otherwise, at step 1726, the procedure jumps back to step 1706 and the next Start a table walk of TLB entries for
[0152]
In some embodiments of integrated circuit 100, it is possible to use a memory management unit (MMU) or a bare CPU that does not include a hardware cache. For example, the CPU core 101 can be based only on the ARM7tdmi processor 102 without using the cache 103 or the MMU 104. If this option is selected, all software must be stored in a flat memory space in memory. However, this may require the use of an external memory (eg, NOR flash, SRAM, DRAM). As noted above, the data in external memory has the major disadvantage that it can be accessed or analyzed by unauthorized end users.
[0153]
In an embodiment of the integrated circuit 100 that does not use a hardware cache or MMU, the security code is executed in supervisor mode. In supervisor mode, access to specific areas of memory and specific registers is checked against the supervisor's privileges. The security firmware is preferably executed from an internal memory such as SRAM. In supervised mode, all other software / firmware is interpreted as running in user mode and is therefore checked by supervisory privileges with secure software.
[0154]
Although the invention has been described with reference to particular embodiments, these descriptions are not to be construed in a limiting sense. Various modifications of the disclosed embodiments, as well as alternative embodiments of the invention, will become apparent to those skilled in the art upon reference to the description of the invention. Those skilled in the art will appreciate that the disclosed concepts and specific embodiments can be readily utilized as a basis for other structural modifications or designs to perform the same purposes of the present invention. Those skilled in the art will also recognize that such equivalent constructions do not depart from the spirit and scope of the invention as set forth in the appended claims.
[0155]
Accordingly, the claims are intended to cover variations or embodiments that fall within the true scope of the present invention.
[0156]

[0157]

[0158]

[0159]

[0160]

[0161]

[0162]

[0163]

[0164]

[0165]

[0166]

[0167]

[0168]

[0169]

[0170]

[0171]

[0172]

[0173]

[0174]

[0175]

[0176]

[0177]

[0178]

[0179]

[0180]

[0181]

[0182]

[0183]

[Brief description of the drawings]
FIG. 1A is a high level functional block diagram of an integrated circuit implementing the principles of the present invention.
FIG. 1B is a high level diagram of a second system implementing the concepts of the present invention.
FIG. 1C is a diagram of a third exemplary system in which the principles of the present invention can be applied in an advantageous manner.
FIG. 1D is a diagram showing two further forms.
FIG. 2 is a diagram of an integrated circuit 100 in a configuration that allows maximum utilization.
FIG. 3 is a high level functional block diagram of the processor of FIG. 1B.
FIG. 4A depicts an external clock that drives pin EXPCLK when the system enters a “waiting state” and the clock enable signal on pin CLKEN is asserted.
FIG. 4B is a diagram representing an external clock that drives pin EXPCLK when the clock enable signal on pin CLKEN is asserted and the system exits the “waiting state”.
FIG. 5 is a state diagram illustrating an operation of the state control circuit of FIG. 1A.
FIG. 6 is a block diagram of three serial interfaces including the serial interface block of FIG. 1A.
FIGS. 7A and 7B are timing diagrams representing SSI (ADC) operation in the context of a selected external device.
FIG. 8 is a timing diagram illustrating the operation of the codec interface of FIG.
9 is a block diagram of the serial interface block I in FIG. ² It is a functional block diagram which shows the interface between S ports.
FIG. 10I of FIG. ² It is a timing diagram showing operation of the interface of S.
FIG. 11 is a functional block diagram illustrating use of the SSI2 port of FIG. 6 in a master / slave configuration.
FIG. 12 is a flowchart illustrating system initialization at power-on reset.
FIG. 13 is a flowchart illustrating a procedure for locking private data in a TLB.
FIG. 14 illustrates a cache lockdown procedure for locking secure code in a cache.
FIG. 15 is a flow chart showing the procedure for an emulated cache miss.
FIG. 16A is a diagram of a preferred method for setting up a synthesized translation table.
16B is a flowchart illustrating a table walk through the composite table of FIG. 16A.
Figures 17A-17E illustrate a preferred procedure for performing an emulated table walk.

Claims (13)

A method for preventing access and observation of cached information in a system including a memory, a cache, a translation index buffer, and a control circuit comprising :
Generating private information to be cached by the control circuit ;
And storing the private information in the memory by the control circuit,
And updating the translation lookaside buffer with the descriptor for location in said memory containing private information by the control circuit,
A step of causing forced cache misses at a selected location in the cache to be loaded a selected portion of the private information by the control circuit,
Using the corresponding descriptor translation lookaside buffer by the control circuit, retrieving the selected portion of the private information from said memory,
Loading the portion of the private information retrieved by the control circuit into a selected location in the cache;
Locking a selected portion of private information at a selected location in the cache by the control circuit ;
Locking a descriptor corresponding to a selected portion of private information in the translation index buffer;
With a method. Selected location in the cache is associated with replacement counter counted from substituted counter based value, the step of performing the lock, a substituted counter based value associated with the selected location in the cache replacement The method of claim 1 including the substep of resetting to a value higher than the counter base value . Updating the translation index buffer comprises:
A substep of setting up a conversion table containing an entry for generating a descriptor for the memory location that stores private information,
Updating the pointer stored in the replacement counter to point to the current translation index buffer entry to be filled;
Forcing a mistake in the current translation index buffer entry;
The substeps of running table walk of the conversion table by the control circuit to generate a descriptor associated with the private information in the memory,
A substep of loading the descriptor obtained from the table walk into the current translation index buffer entry;
The method of claim 1 comprising:   The method of claim 1, wherein loading the selected portion of the decoded information into a cache comprises loading into a cache line of an instruction cache.   The method of claim 1, wherein loading a selected portion of the private information into a cache includes loading into a cache line of a data cache.   The method of claim 1, wherein setting up the translation table includes setting up an emulated translation table. Memory to store private information that should be safe,
A cache memory having a target location for caching the private information;
A translation index buffer having a location for storing a descriptor for accessing the private information from the memory;
Having a control circuit,
The control circuit
Force a miss on the target location in the cache,
Retrieves private information from the memory using the descriptor in the translation index buffer;
Load the retrieved private information into the target location in the cache,
Lock the retrieved private information in the target location in the cache ;
Ri operatively der to <br/> so to lock the descriptors of the translation lookaside buffer,
The locking of the private information in the target location in the cache and the locking of the descriptor in the translation index buffer hides the private information from observation . The control circuit includes a counter that points to a target location and is operable to lock the private information in the target location in the cache by resetting a base value loaded into the counter. The processing system according to claim 7 . 8. The processing system of claim 7 , wherein the control circuit and the conversion index buffer include part of a microprocessor. The processing system of claim 9 , wherein the cache includes a portion of a microprocessor. The processing system of claim 10 , wherein the microprocessor includes a portion of a system on chip. The processing system of claim 7 , wherein the cache includes an instruction cache. The processing system of claim 7 , wherein the cache comprises a data cache.

Images