RU2005115082A

RU2005115082A - TYPES OF EXCLUSIVE SITUATIONS IN A PROTECTED PROCESSING SYSTEM

Info

Publication number: RU2005115082A
Application number: RU2005115082/09A
Authority: RU
Inventors: Саймон Чарльз УОТТ (GB); Саймон Чарльз УОТТ; Кристофер Бентли ДОРНАН (GB); Кристофер Бентли ДОРНАН; Люк ОРИОН (FR); Люк ОРИОН; Никол ШОССАД (FR); Николя ШОССАД; Лионель БЕЛЬНЕ (FR); Лионель БЕЛЬНЕ; Стефан Эрик Себасть н БРОШЬЕ (FR); Стефан Эрик Себастьян БРОШЬЕ
Original assignee: Арм Лимитед (Gb); Арм Лимитед
Priority date: 2002-11-18
Filing date: 2003-10-27
Publication date: 2006-01-20
Also published as: TW200422849A; TWI292099B; IL167188A; MY134724A

Claims

1. A data processing device comprising a processor (10) configured to operate in a set of modes (1, 2, 3, 4; A, B, C) and a set of domains (S, NS), while the set of domains contains a protected domain or an unprotected domain, the set of modes includes at least one protected mode (A, B, C), which is a mode in the protected domain (S); and at least one insecure mode (1, 2, 3, 4), which is a mode in an insecure domain (NS); moreover, in the case when the processor (10) executes the program (82, 84) in a protected mode, the program has access to protected data that is not available in the case when the processor operates in an insecure mode; the processor responds to one or more exception conditions (RESET, UNDEF, ...) to start processing the exception using the exception handler, and the processor is configured to select the exception handler from the set of possible exception handlers (VSO-7, VNSO-7), depending on whether the processor operates in a secure domain or in an insecure domain.

2. The device according to claim 1, in which at least one of the mentioned exceptional situations is a selectable exception processed by a selectable exception handler from either an unprotected exception handler operating in unprotected mode or a protected exception handler operating in protected mode; and at least one of the exceptions mentioned is a dedicated protected exception that is handled by a protected exception handler operating in protected mode.

3. The device according to claim 1, in which the aforementioned one or more conditions of an exception can be software configured to run either an unprotected exception handler operating in unprotected mode or a protected exception handler operating in protected mode with any change domain, which also starts if required.

4. The device according to any one of the preceding paragraphs, in which a protected exception is triggered by one of the signals on the input signal of the selected protected exceptional situation and the input signal unprotected exception.

5. The device according to any one of claims 1 to 3, which has an exception signal input shared by protected and unprotected exceptions, and an additional input signal that interacts with the exception signal input to control whether the protected exception processor is running or an insecure exception handler.

6. The device according to claim 1, in which the aforementioned protected exception handler is part of a protected operating system configured to operate in a protected mode.

7. The device according to claim 1, wherein said unprotected exception handler is part of an unprotected operating system configured to operate in unprotected mode.

8. The device according to claim 1, in which the processor is also configured to operate in monitor mode, and any switching between the protected mode and the unprotected mode required to handle the exception occurs through the monitor mode, while the processor is configured to operate at least at least partially in monitor mode, in order to execute a monitor program to control the switch between protected mode and non-protected mode.

9. The device of claim 8, in which the monitor program is configured to save and restore context data specifying the state of the processor when switching between the protected mode and the unprotected mode to handle an exception.

10. The device of claim 8, in which the processor includes a register bank, and the monitor program is configured to clear at least a portion of the register bank shared by the protected mode and the non-protected mode when switching from the protected mode to the non-protected mode, so that no protected data stored in the register bank can be transferred from protected mode to unprotected mode other than allowed in accordance with the monitor program.

11. The device according to claim 1, in which the conditions of an exception include one or more of: an exception when a secure interrupt signal; mode interrupt signal; dumping exception; an exception with an interrupt signal; software interrupt signal; an exceptional situation with an uncertain team; an abnormal termination exception with a prefetch error; abnormal termination exception during data error; and an exception with a fast interrupt signal.

12. The device according to claim 1, in which the processor responds to an exception condition to select an exception handler depending on the value of the exception vector associated with the exception condition and stored in the active table of exception vectors for the exception condition mentioned; and the active table of exception vectors is one of a set of tables of exception vectors.

13. The device according to item 12, in which the said set of tables of vectors of exceptional situations includes a protected table of vectors of exceptional situations, selected in protected mode, and an unprotected table of vectors of exceptional situations, selected in unprotected mode.

14. The device according to any one of paragraphs.12 and 13, in which the processor is also configured to operate in monitor mode, and any switching between the protected mode and the unprotected mode for said set of exception vectors is performed through the monitor mode.

15. The device according to 14, in which said set of tables of vectors of exceptional situations includes a table of vectors of exceptional situations of the monitor mode.

16. The device according to clause 15, in which the processor responds to one or more parameters that specify which of the mentioned exceptional situations should be processed in accordance with the table of the monitor mode exception vectors.

17. The device according to item 13, in which the processor responds to one or more parameters that specify which of the mentioned exceptional situations should be processed in accordance with the table of emergency vectors of the monitor mode, and the protected vector table is an active vector table in protected mode, and an unprotected vector table is an active vector table in unprotected mode if the one or more parameters mentioned do not specify that the monitor mode vector table is an active table in lecturers for the mentioned exception condition.

18. The device according to clause 16, in which at least one of the mentioned parameters is stored in the mask for interception of exceptional situations.

19. The device of claim 18, wherein the exception control register is writable when the processor is in monitor mode and the exception interception mask register is not writable when the processor is not in an insecure domain.

20. The device according to item 13, in which the protected table of exception vectors is writable when the processor is in protected mode, and the protected table of exception vectors is not recorded when the processor is in unprotected mode.

21. The device according to item 13, in which a protected exception handler, which is part of a protected operating system, is used in protected mode.

22. The device according to item 13, in which an unprotected exception handler, which is part of an unprotected operating system, is used in unprotected mode.

23. The device according to item 12, which contains a set of registers of pointers of the base addresses of the tables of vectors, while each register stores the corresponding value of the base address for the corresponding table from the said set of tables of vectors of exceptional situations.

24. A data processing method comprising the steps of executing a program using a processor configured to operate in a set of modes and a set of domains, wherein the set of domains contains a secure domain or an unprotected domain, the set of modes includes at least one protected mode, being a mode in a secure domain; and at least one insecure mode being a mode in an insecure domain; in this case, if the processor executes the program in protected mode, the program has access to protected data that is not accessible if the processor operates in unprotected mode; and in response to one or more conditions of the exception, start processing the exception using the exception handler; wherein the processor is configured to select said exception handler from a set of possible exception handlers, depending on whether the processor operates in a secure domain or in an insecure domain.

25. The method according to paragraph 24, in which at least one of the exceptions mentioned is a selectable exception handled by a selectable exception handler from either an unprotected exception handler operating in unprotected mode or a protected exception handler operating in protected mode; and at least one of said exceptions is a dedicated protected exception that is handled by a protected exception handler operating in protected mode.

26. The method according to paragraph 24, in which the aforementioned one or more exceptional conditions can be configured to run either an insecure exception handler operating in unprotected mode or a protected exception handler operating in protected mode, at which or a domain change, which is also triggered if required.

27. The method according to any one of paragraphs.24-26, which comprises inputting a protected exception signal and inputting an unprotected exception signal.

28. The method according to any one of paragraphs.24-26, which comprises inputting an exception signal shared by protected and unprotected exceptions, and an additional input signal interacting with inputting an exception signal to control whether the protected exception handler is running or unprotected exception handler.

29. The method according to paragraph 24, in which the protected exception handler is part of a secure operating system configured to operate in a secure mode.

30. The method according to paragraph 24, in which the unprotected exception handler is part of an unprotected operating system configured to operate in unprotected mode.

31. The method according to paragraph 24, in which the processor is also configured to operate in monitor mode, and any switching between the protected mode and the unprotected mode required to handle the exception occurs through the monitor mode, while the processor is configured to operate at least at least partially in monitor mode, in order to execute a monitor program to control the switch between protected mode and non-protected mode.

32. The method according to p, in which the monitor program is configured to save and restore context data that sets the state of the processor, when switching between protected mode and unprotected mode to handle an exception.

33. The method according to p, in which the processor includes a register bank, and the monitor program is configured to clear at least part of the register bank shared by the protected mode and the unprotected mode when switching from the protected mode to the unprotected mode, so that no protected data stored in the register bank can be transferred from protected mode to unprotected mode other than in accordance with the resolution of the monitor program.

34. The method according to paragraph 24, in which said at least one condition for an exception includes one or more of: an exception with a protected interrupt signal; mode interrupt signal; dumping exception; an exception with an interrupt signal; software interrupt signal; an exceptional situation with an uncertain team; an abnormal termination exception with a prefetch error; abnormal termination exception during data error; and an exception with a fast interrupt signal.

35. The method according to paragraph 24, in which the processor responds to an exception condition to select an exception handler depending on the value of the exception vector associated with the exception condition and stored in the active table of exception vectors for the exception condition ; and the active table of exception vectors is one of a set of tables of exception vectors.

36. The method according to clause 35, in which the said set of tables of vectors of exceptional situations includes a protected table of vectors of exceptional situations, selected in protected mode, and an unprotected table of vectors of exceptional situations, selected in unprotected mode.

37. The method according to any one of claims 35 and 36, wherein the processor is also operable in monitor mode, and any switching between the protected mode and the unprotected mode for said set of exception vectors is performed through the monitor mode.

38. The method according to clause 37, in which said set of tables of vectors of exceptional situations includes a table of vectors of exceptional situations of the monitor mode.

39. The method according to clause 37, in which the processor responds to one or more parameters that specify which of the mentioned exceptional situations should be processed in accordance with the table of exception vectors of exceptional situations of the monitor mode.

40. The method according to clause 36, in which the processor responds to one or more parameters that specify which of the mentioned exceptional situations should be processed in accordance with the table of exceptions vectors of the monitor mode, and the protected table of vectors is an active table of vectors in protected mode, and an unprotected vector table is an active vector table in unprotected mode, if one or more of the parameters mentioned does not specify that the vector table of the monitor mode is an active vector table a ditch for the exception condition mentioned.

41. The method according to § 39, in which at least one of the parameters is stored in the register mask interception of exceptional situations.

42. The method according to paragraph 41, wherein the exception control register is writable if the processor is in monitor mode and the exception interception mask register is not writable if the processor is not in monitor mode.

43. The method according to clause 36, in which the protected table of exception vectors is writable if the processor is in protected mode, and the protected table of exception vectors is not writable if the processor is in unprotected mode.

44. The method according to clause 36, in which a protected exception handler, which is part of a protected operating system, is used in protected mode.

45. The method according to clause 36, in which an unprotected exception handler, which is part of an unprotected operating system, is used in unprotected mode.

46. The method according to clause 35, containing the stage at which the values of the corresponding base addresses for the corresponding tables from the said set of tables of emergency vector tables are stored in the set of registers of the base addresses of the vector tables.

47. A computer program product containing a computer program configured to control a data processing device in accordance with the method according to any one of paragraphs.24-46.