US20160299720A1 - Memory protection - Google Patents
Memory protection Download PDFInfo
- Publication number
- US20160299720A1 US20160299720A1 US15/184,777 US201615184777A US2016299720A1 US 20160299720 A1 US20160299720 A1 US 20160299720A1 US 201615184777 A US201615184777 A US 201615184777A US 2016299720 A1 US2016299720 A1 US 2016299720A1
- Authority
- US
- United States
- Prior art keywords
- memory
- region
- protection
- volatile memory
- read
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0602—Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
- G06F3/062—Securing storage systems
- G06F3/0622—Securing storage systems in relation to access
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1416—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
- G06F12/1425—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block
- G06F12/1441—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block for a range
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/02—Addressing or allocation; Relocation
- G06F12/0223—User address space allocation, e.g. contiguous or non contiguous base addressing
- G06F12/023—Free address space management
- G06F12/0238—Memory management in non-volatile memory, e.g. resistive RAM or ferroelectric memory
- G06F12/0246—Memory management in non-volatile memory, e.g. resistive RAM or ferroelectric memory in block erasable memory, e.g. flash memory
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1416—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
- G06F12/1425—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block
- G06F12/1433—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block for a module or a part of a module
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/77—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/79—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0638—Organizing or formatting or addressing of data
- G06F3/064—Management of blocks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0655—Vertical data movement, i.e. input-output transfer; data movement between one or more hosts and one or more storage devices
- G06F3/0659—Command handling arrangements, e.g. command buffers, queues, command scheduling
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0668—Interfaces specially adapted for storage systems adopting a particular infrastructure
- G06F3/0671—In-line storage system
- G06F3/0673—Single storage device
- G06F3/0679—Non-volatile semiconductor memory device, e.g. flash memory, one time programmable memory [OTP]
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11C—STATIC STORES
- G11C16/00—Erasable programmable read-only memories
- G11C16/02—Erasable programmable read-only memories electrically programmable
- G11C16/06—Auxiliary circuits, e.g. for writing into memory
- G11C16/22—Safety or protection circuits preventing unauthorised or accidental access to memory cells
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1458—Protection against unauthorised use of memory or access to memory by checking the subject access rights
- G06F12/1483—Protection against unauthorised use of memory or access to memory by checking the subject access rights using an access-table, e.g. matrix or list
Definitions
- This invention relates to memory protection in an integrated-circuit device.
- a microcontroller or system-on-chip device typically stores executable code in memory. It might have stored in its memory certain code (e.g. an operating system or firmware module) which is written by the chip manufacturer and other code (e.g.
- EEPROM electrically erasable programmable read-only memory
- U.S. Pat. No. 8,051,263 describes a memory protection unit that selectively grants or denies requests for memory access according to a set of configurable memory protection attributes for a particular region of memory. Access to the region may depend on whether an execution unit is operating in a privileged or non-privileged mode of operation.
- Such a mechanism could be used to protect a region of memory containing sensitive code from being read by user code, if the user code were executed in a non-privileged mode.
- processors support privileged and non-privileged modes of execution.
- the present invention therefore takes a different approach.
- the invention provides an integrated-circuit device comprising a processor, memory for storing executable code, and memory protection logic, wherein the memory protection logic is configured to:
- the invention provides a method of controlling memory access on an integrated-circuit device comprising a processor and memory for storing executable code, the method comprising:
- the invention provides a method of controlling memory access on an integrated-circuit device comprising a processor and memory for storing executable code, the method comprising: determining that a read protection flag for a protected region of the memory is set;
- the location of code being executed by the processor when it requests read access to a protected region of memory is used to determine whether to allow the request. Requests originating from code stored outside the protected region can be denied (if the read protection flag is appropriately set), while requests from code stored within the protected region itself are allowed.
- RTM processor architectures, such as those from ARM (RTM), it is important that code is able to issue data read requests to a region in which the code itself is stored, so that the processor can access constants embedded in the code.
- the protection is enforced by the memory protection logic, which is preferably arranged to function independently of the processor.
- the memory protection logic preferably comprises hardware logic that is separate from the processor. It can thus be less susceptible to circumvention by malicious software code than protection which relies on privilege modes within the processor.
- the chip manufacturer can conveniently store its code within the protected region and set the read protection flag in order to prevent a customer's code from reading the chip manufacturer's code, while preserving unrestricted memory access for its own code.
- Other sensitive information such as configuration data, may also be stored in the protected region.
- the memory protection logic is preferably configured to allow read requests for addresses in the protected region if the read protection flag for the protected region is not set. This may be useful during initial development stages of the device and its software. Similarly, the memory protection logic is preferably configured to allow write requests for addresses in the protected region if a write protection flag is not set.
- the memory protection logic is preferably configured to deny read requests for addresses in the protected region if the read protection flag for the protected region is set, unless the processor issued the read requests while executing code stored in the protected region (in which case, they are allowed).
- Such preferred embodiments have only one aforesaid access condition.
- other embodiments may nevertheless provide for multiple access conditions, any of which can effectively override the read protection flag; for example, a device might conceivably allow reading of the protected region if the processor issued the read request while executing a manufacturer's boot-loader program stored in ROM.
- the memory protection logic can further be configured similarly to determine the state of a write protection flag for the protected region and to deny write requests for addresses in the protected region if the write protection flag for the protected region is set, unless the processor issued the write requests while executing code stored in the protected region.
- the read protection flag may act as the write protection flag also, or these may be two separate flags.
- this memory is non-volatile memory, such as flash.
- the processor may fetch code directly from the non-volatile memory for execution, or, in some embodiments, at least some of the code may be cached (e.g. in volatile memory). If the device comprises such a cache, it will be appreciated that references herein to executing code stored in the protected region encompass executing a cached copy of such code.
- the memory may be volatile memory, such as a portion of RAM reserved for executable code, and the protected region is a region of volatile memory.
- Executable code may be copied to such memory when the device powers on (e.g. from ROM or flash).
- sections of code or individual instructions may be copied to a protected region of volatile memory as needed, when the device is in use.
- the processor and memory may be connected by one or more buses.
- the memory protection logic may also be connected to at least one of these buses.
- the memory protection logic is preferably configured to monitor all accesses to the memory (e.g. all read, write and instruction-fetch operations).
- the memory protection logic may determine whether the processor issued the read request while executing code stored in the protected region of memory by determining whether the address of an instruction-fetch operation immediately preceding the memory access request was within the protected region.
- the memory protection logic may be configured to set a register on every instruction-fetch operation in accordance with whether the address of the fetched instruction is in the protected region or not.
- the register may comprise a binary flag which is set in accordance with whether the address of the instruction fetch is in the protected region or not.
- the memory protection logic may be configured to use transaction-type information on a memory bus to identify an instruction-fetch operation (e.g. to distinguish it from a read request). Alternatively, it may be configured to identify an instruction-fetch operation by determining the state of a processor pin, or by determining the identity of bus conveying the fetch instruction (e.g. in devices having separate data-fetch and instruction-fetch buses).
- the memory protection logic can use the HPROT[0] (Data/Opcode) signal from the Cortex-MO to distinguish between an opcode fetch and data access.
- the protected region may comprise a plurality of discrete areas or address ranges. However, it is preferably defined by a single, continuous address range, which can simplify the implementation logic.
- the protected region is variable and is defined by one or more addresses stored on the device, e.g. stored as configuration data in non-volatile memory.
- the protected region may extend between a predetermined constant address and a variable point within the memory address range.
- the constant address may conveniently be a base or end address for the memory, or even for the whole memory address space for the device; e.g. zero (0x0000 0000).
- the region can be specified compactly by a single value stored on the device, being the address defining the variable end of the protected region within the memory.
- the memory protection unit can then be configured to determine whether the read request is for an address in the protected region of the memory by determining whether or not the address is between the predetermined constant address and the variable memory address. This operation can be implemented using relatively few logic gates.
- the device may also comprise volatile memory, such as RAM.
- the memory protection logic may additionally be configured to deny read requests for addresses in a protected region of the volatile memory if a read protection flag for the protected region of the volatile memory is set, unless the processor issued the read requests while executing code stored in the protected region of the non-volatile memory.
- a region of protected RAM may be used by code stored in the protected region of the non-volatile memory (e.g. for heap storage) while being protected from read access by code stored outside the protected region. This can protect sensitive information that code written by the chip manufacturer may store in RAM.
- the memory protection logic may be configured to deny write requests for addresses in a protected region of the volatile memory if a write protection flag for the protected region of the volatile memory is set, unless the processor issued the write requests while executing code stored in the protected region of the nonvolatile memory. In this way, customer code stored in non-volatile memory outside the protected region can be prevented from inadvertently or maliciously changing or overwriting volatile data belonging to code in the protected region of the non-volatile memory.
- the non-volatile memory protection flags may act as the volatile memory protection flags also, or the volatile memory flags may comprise one or more separate flags.
- the device may comprise an interface (e.g. one or more pins) for allowing memory access by an external debugger or software loader.
- the memory protection logic is arranged to deny read requests received via such an interface for addresses in some or all protected regions of volatile or non-volatile memory if a debugging protection flag for the region is set. Protection may similarly be provided for write access to a protected region of volatile or non-volatile memory and/or for instruction fetches from a protected region.
- the memory protection logic may be configured to identify memory access requests as originating from a debugging interface by determining when a debugger is acting as a bus master for a memory bus in the device. When the processor is a Cortex-MO from ARM®, the processor may use the HMASTER signal from the Cortex-MO to distinguish between processor core and debugger transactions.
- the memory protection logic may further be configured to determine the state of a read protection flag for a user region of memory for executable code. This user region may comprise part or all of the memory adjacent to, but excluding, the protected code region in the address space.
- the memory protection logic may by configured to deny read and/or write requests for addresses in the user region received from a debugging interface if the read protection flag for the user region is set. In this way, a customer or other user can protect his user application code from unauthorised access by a third-party; e.g. for reasons of confidentiality.
- the device comprises integrated radio communication logic, such as a radio transmitter and/or receiver (i.e. a radio-on-a-chip).
- a firmware module comprising code implementing a radio protocol stack may be stored in the protected region of code memory.
- a software application which interfaces with the firmware module may be stored outside the protected region.
- Embodiments of the invention may be particularly suited to devices that do not have a traditional operating system, but which allow a user to develop native code for direct execution on the processor. This is because such devices cannot rely on an operating system to control memory access and to protect any confidential software libraries or modules which the device manufacturer may have installed in the device.
- the read and/or write protection flags are preferably stored in non-volatile memory.
- the flags may of course be cached in a register or in RAM.
- a protection flag may just be one element in a larger set of configuration settings. It may be encoded in any suitable manner. In some embodiments each such protection flag is stored as a binary flag or bit field.
- One or more of the protection flags may be stored in a protection-configuration region of non-volatile memory.
- the device comprises non-volatile memory control logic arranged to prevent writing to any portion of the protection-configuration region unless that portion is in an erased state.
- the non-volatile memory control logic is further arranged to allow the protection-configuration region to be erased only if a protected region of the non-volatile memory is in an erased state.
- the protection flags cannot be rewritten without first erasing any data stored in the protected region of the non-volatile memory. Sensitive executable code stored in the protected region thus cannot be read simply by resetting the read protection flag for the non-volatile memory.
- the invention provides an integrated-circuit device comprising a processor, non-volatile memory, non-volatile memory control logic, and memory protection logic, wherein:
- the invention provides a method of controlling memory access on an integrated-circuit device comprising a processor and non-volatile memory, the method comprising:
- the protectable region may be a protected region of non-volatile memory as previously described, and the protection configuration data may comprise one or more protection flags as previously described.
- the non-volatile memory control logic operates independently of the processor. It preferably comprises distinct logic gates, separate from the processor. In this way, a malicious or careless programmer cannot execute code on the processor that bypasses the non-volatile memory control logic.
- the memory protection logic is similarly independent of the processor in preferred embodiments.
- U.S. Pat. No. 6,952,778 describes a microcontroller that provides read and/or write protection for memory blocks in an embedded memory according to a set of rules. These rules assign respective security levels to the memory blocks and are stored in a supervisory non-volatile memory. Once it has initially been programmed in accordance with an end users requirements, the security level for a block can only be increased unless the supervisor non-volatile memory is erased and the microcontroller re-initialized. This results in the user-defined default security levels being restored.
- Preferred embodiments of the present invention use dedicated non-volatile memory control logic and memory protection logic to ensure that the protection configuration data can only be reset if any sensitive information has first been erased from the device.
- the non-volatile memory control logic may be configured so that the only mechanism provided by the non-volatile memory control logic for erasing the protection-configuration region is an instruction that erases both the protectable region and the protection-configuration region. This may be an instruction to erase all the non-volatile memory in the device.
- the non-volatile memory control logic is preferably configured to erase all pages or blocks forming the protectable region before erasing any page or block forming part of the protection-configuration region. In this way, if the erase operation is interrupted before completing, the protection configuration data will still be present if the protectable region has not yet been fully erased, thereby continuing to provide protection.
- the memory protection logic may be configured such that, when the protection-configuration region is in an erased state, access to the protectable region is in the highest of an ordered set of restriction levels. This can provide additional security by restricting access to the protectable region by default, e.g. in case a user omits to set new configuration data after an erase.
- the protection configuration information can be set during manufacturing or commissioning, and during any subsequent reprogramming of the device.
- the non-volatile memory control logic is preferably arranged to receive an instruction to write to a portion of the protection-configuration region and, in response, to check that the portion is in an erased state before allowing the write. It may do this by reading the portion and determining that it is in a natural erased state for the type of non-volatile memory. For example, flash memory contains a binary “1” in every bit after a page has been erased. The memory control logic may therefore check that every bit of the portion is a “1” before allowing the write operation. Other memory types may of course read “0” or have some other natural erased state.
- regions of the non-volatile memory may contain erased state flags that are reset when the region is erased but are set by the non-volatile memory control logic when a first write operation is performed into that region.
- the non-volatile memory control logic may check one or more erased state flags before allowing a write operation to a portion of the protection-configuration region.
- the memory-protection configuration region may store one or more values that define the protectable region of non-volatile memory and/or that define a protected region of volatile memory as previously described. In this way, an attacker cannot change the definition of the protected region(s) without first destroying its contents.
- FIG. 1 is a schematic drawing of a microcontroller embodying the invention
- FIG. 2 is a schematic drawing showing major software components within the microcontroller architecture
- FIG. 3 is a schematic memory map for the microcontroller.
- FIG. 4 is a table showing decisions that the microcontroller may implement for protecting flash memory from unauthorized access.
- FIG. 1 shows an integrated-circuit microcontroller 1 or radio-on-a-chip which comprises clock logic 3 , which may include a resistor-capacitor oscillator and/or may receive an input from an off-chip crystal oscillator (not shown), power management circuitry 5 , a processor 7 (e.g. an ARM® Cortex-MO), a memory protection unit 9 , RAM 11 , a flash memory controller 20 , flash memory 13 , radio communication logic 17 , one or more peripherals 15 , and input/output circuitry 19 .
- clock logic 3 which may include a resistor-capacitor oscillator and/or may receive an input from an off-chip crystal oscillator (not shown), power management circuitry 5 , a processor 7 (e.g. an ARM® Cortex-MO), a memory protection unit 9 , RAM 11 , a flash memory controller 20 , flash memory 13 , radio communication logic 17 , one or more peripherals 15 , and input/output circuitry 19 .
- the microcontroller 1 may use a Harvard architecture or a von Neumann architecture.
- the memory protection unit 9 is arranged to intercept all memory access instructions from the processor 7 to the RAM 11 and to the flash memory controller 20 .
- the microcontroller 1 also has a debugging interface 18 which may be used for loading data into the flash memory 13 and for debugging the processor 7 . It does not have direct access to the RAM 11 and flash 13 , but instead has to access these memories via the memory protection unit 9 and flash memory controller 20 .
- the microcontroller 1 can be connected to a number of external components such as a power supply, radio antenna, crystal oscillator, sensors, output devices, etc.
- FIG. 2 shows software components that may be installed on the microcontroller 1 .
- Interfacing with the microcontroller 1 hardware is an optional hardware abstraction layer 21 , such as the ARM® Cortex Microcontroller Software Interface Standard. Above this sits a firmware module 23 and a separate software application 27 .
- the firmware module 23 is a binary application comprising a number of embedded software blocks.
- a radio protocol block 31 implements one or more wireless protocol stacks.
- a radio event manager 33 provides access scheduling for the radio communication logic 17 and event multiplexing.
- a library 35 provides shared hardware resource management and functions such as random number generation, configuring interrupts and priority, power management (e.g. for enabling and disabling peripherals), encryption functions, etc.
- a firmware manager 37 supports enabling and disabling the firmware module, and enabling and disabling the wireless protocol stack.
- the firmware module 23 need not be a full operating system, in that it need not necessarily provide support for multi-threading, memory allocation, etc.
- An application interface (API) 29 for the firmware module 23 allows the software application 27 to invoke functions in the firmware module 23 . It may be implemented entirely using system calls.
- API application interface
- RTM ARM
- SVC supervisor call
- the firmware module 23 can communicate events to the software application 27 as software interrupts, the content of which is buffered until read (polled) by the software application 27 .
- the reading is done through an API call (e.g. event get( ).
- FIG. 3 shows how the RAM 11 and flash 13 are shared between the firmware module 23 and the software application 27 .
- the flash 13 is assigned addresses from zero (0x0000 0000) to SizeOfProgMem for storing executable program code.
- Another area of flash 13 which may be on its own flash page, extends from MemConfigStart to MemConfigEnd and is used for storing configuration data for use by the memory protection unit 9 .
- this page extends from Ox1000 0000 to Ox1000 07ff, but, as with all the address values mentioned herein, these values may depend on the particular processor architecture being used in any given embodiment.
- the RAM 11 is assigned addresses from 0x2000 0000 upwards to 0x2000 0000+SizeOfRAM.
- the program area of the flash 13 comprises two distinct regions either side of address CLENRO (code length region 0 ).
- Region 0 between zero and CLENRO, is where the firmware module 23 is loaded.
- a firmware interrupt vector table is stored at address zero.
- Region 1 extending upwards from CLENRO to SizeOfProgMem, is where the software application 27 is loaded. It too can have an interrupt vector table, at address CLENRO.
- the RAM 11 similarly has a Region 0 , from the base address 0x2000 000 to RLENRO, and a Region 1 , extended upwards from RLENRO.
- RAM Region 0 provides heap storage for the firmware module 23 while RAM Region 1 provides heap storage for the software application 27 .
- a call stack is shared between the firmware module 23 and the software application 27 and grows downwards from (0x2000 0000+SizeOfRAM). The memory allocated to the call stack must be big enough for the needs of both the software application 27 and the firmware module 23 .
- CLENRO and RLENRO are stored in the memory-protection configuration area of the flash memory 13 .
- the memory protection logic 9 is arranged to intercept all memory access requests (e.g. data fetch or instruction fetch operations) from the processor 7 to the flash memory 13 and the RAM 11 . It can identify an instruction-fetch operation from a “transaction type” on the memory bus. For every instruction fetch that the processor 7 makes from the flash memory 13 , the memory protection logic 9 updates a single-bit flag in a “firmware region” register with a “1” if the address of the fetched instruction is less than CLENRO and with a “0” if the address is greater than or equal to CLENRO.
- all memory access requests e.g. data fetch or instruction fetch operations
- the memory protection logic 9 updates a single-bit flag in a “firmware region” register with a “1” if the address of the fetched instruction is less than CLENRO and with a “0” if the address is greater than or equal to CLENRO.
- the memory protection logic 9 determines whether the source of the access request was from the firmware module 23 or elsewhere by checking the value of the “firmware region” register. It can be configured to detect if the source of the request is the debugger interface 18 , or a direct-memory access (DMA) unit, by determining the identity of the active memory bus master. It also accesses the memory protection configuration registers to determine whether to allow or deny the access request based on the state of the “firmware region” register and the identity of the bus master.
- DMA direct-memory access
- the software application 27 is denied read and write access to flash Region 0 and to RAM Region 0 . This protects confidentiality for the firmware module 23 and can prevent inadvertent or malicious writing by the software application 27 to memory locations allocated to the firmware module 23 , thereby increasing robustness and security.
- the software application flash Region 1 may also be protected from read access, e.g. to protect against read back via the external debugging interface 18 .
- FIG. 4 shows a decision table that the microcontroller 1 might implement for protecting the flash memory 13 from unauthorised access.
- Alternative implementations are, of course, possible.
- Two binary flags are stored in the memory-protection configuration region of the flash memory 13 (and are copied to registers on boot up). The first, when set, prevents data read and write access to all of the program flash via the debugging interface 18 . The second, when set, prevents data read and write access to the Region 0 flash memory by anything other than code executing from Region 0 itself. Execution access (i.e. instruction fetches) by the processor 7 is still allowed, even when data read access is denied.
- the flash memory controller 20 prevents writing to the memory-protection configuration area unless it is in an erased state. Furthermore, the flash memory controller 20 prevents erasing of the memory-protection configuration area unless Regions 0 & 1 of the flash memory 13 have been erased first. It uses digital logic implementing a finite state machine to enforce these conditions.
- the flash memory controller 20 If the flash memory controller 20 receives an instruction to write a word to an address in the memory-protection configuration area, it will first read the existing contents at that address and will only allow the write if the existing contents are all binary “1”s, indicating that this address has not been written to since an erase of the memory-protection configuration area flash memory. If the check fails, it will deny the write and may raise an exception with the processor 7 .
- the flash memory controller 20 If the flash memory controller 20 receives an instruction to erase the entire flash memory 13 , it will respond by erasing the contents of flash Regions 0 and 1 first, before erasing the memory-protection configuration area. For this reasons, the memory-protection configuration area is preferably stored in its own erasable flash page, separate from any program areas of the flash memory 13 .
- the flash memory controller 20 will deny any instruction to erase just the memory-protection configuration area.
- microcontroller 1 may also be configured to prevent code executing other than in Region 0 of the flash memory 13 from accessing important features, such as registers related to low-level functions of the radio communication logic 17 , the power control logic 5 , a direct-memory access (DMA) controller, or interrupt registers.
- DMA direct-memory access
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Human Computer Interaction (AREA)
- Mathematical Physics (AREA)
- Storage Device Security (AREA)
Abstract
An integrated-circuit device (1) comprises a processor (7), memory (13) for storing executable code, and memory protection logic (9). The memory protection logic (9) is configured to: determine the state of a read protection flag for a protected region of the memory (13); detect a memory read request by the processor (7); determine whether the read request is for an address in the protected region of the memory (13); determine whether the processor (7) issued the read request while executing code stored in the protected region of the memory (13); and deny read requests for addresses in the protected region if the read protection flag for the protected region is set, unless at least one of one or more access conditions is met, wherein one of the access conditions is that the processor (7) issued the read requests while executing code stored in the protected region.
Description
- This application is a continuation application from, and claims the benefit of, U.S. patent application Ser. No. 13/924,249 to Berntsen et al., filed on Jun. 21, 2013 and also entitled “Memory Protection,” claiming priority to GB1211422.9, filed on Jun. 27, 2012, which is incorporated in its entirety herein by reference.
- This invention relates to memory protection in an integrated-circuit device.
- A microcontroller or system-on-chip device typically stores executable code in memory. It might have stored in its memory certain code (e.g. an operating system or firmware module) which is written by the chip manufacturer and other code (e.g.
- a software application) which is written by a customer or user. These will often be stored in non-volatile memory, such as EEPROM or flash.
- It can be desirable to prevent the user code or an external debugging interface from being able to read or overwrite the code written by the chip manufacturer, while not restricting memory access for the chip manufacturers code. This may be because the chip manufacturers code contains trade secrets which it does not want any other party to be able to access. It may also help prevent the inadvertent corruption of the chip manufacturer's code by bugs in the user's code.
- U.S. Pat. No. 8,051,263 describes a memory protection unit that selectively grants or denies requests for memory access according to a set of configurable memory protection attributes for a particular region of memory. Access to the region may depend on whether an execution unit is operating in a privileged or non-privileged mode of operation.
- Such a mechanism could be used to protect a region of memory containing sensitive code from being read by user code, if the user code were executed in a non-privileged mode.
- However, it may be possible for a malicious attacker to cause the processor to read the sensitive code from memory while in a privileged mode of operation, and then to output the contents to the attacker. Moreover, not all processors support privileged and non-privileged modes of execution.
- The present invention therefore takes a different approach.
- From a first aspect, the invention provides an integrated-circuit device comprising a processor, memory for storing executable code, and memory protection logic, wherein the memory protection logic is configured to:
-
- determine the state of a read protection flag for a protected region of the memory;
- detect a memory read request by the processor;
- determine whether the read request is for an address in the protected region of the memory;
- determine whether the processor issued the read request while executing code stored in the protected region of the memory; and
- deny read requests for addresses in the protected region if the read protection flag for the protected region is set, unless at least one of one or more access conditions is met, wherein one of said access conditions is that the processor issued the read requests while executing code stored in the protected region.
- From a second aspect, the invention provides a method of controlling memory access on an integrated-circuit device comprising a processor and memory for storing executable code, the method comprising:
-
- determining the state of a read protection flag for a protected region of the memory;
- detecting a memory read request by the processor;
- determining whether the read request is for an address in the protected region of the memory;
- determining whether the processor issued the read request while executing code stored in the protected region of the memory; and
- denying read requests for addresses in the protected region if the read protection flag for the protected region is set, unless at least one of one or more access conditions is met, wherein one of said access conditions is that the processor issued the read requests while executing code stored in the protected region.
- From a still further aspect, the invention provides a method of controlling memory access on an integrated-circuit device comprising a processor and memory for storing executable code, the method comprising: determining that a read protection flag for a protected region of the memory is set;
-
- detecting a memory read request by the processor;
- determining that the read request is for an address in the protected region of the memory;
- determining that the processor issued the read request while executing code stored in the protected region of the memory; and
- allowing the read request.
- Thus it will be seen by those skilled in the art that, in accordance with the invention, the location of code being executed by the processor when it requests read access to a protected region of memory is used to determine whether to allow the request. Requests originating from code stored outside the protected region can be denied (if the read protection flag is appropriately set), while requests from code stored within the protected region itself are allowed. For many processor architectures, such as those from ARM (RTM), it is important that code is able to issue data read requests to a region in which the code itself is stored, so that the processor can access constants embedded in the code.
- The protection is enforced by the memory protection logic, which is preferably arranged to function independently of the processor. The memory protection logic preferably comprises hardware logic that is separate from the processor. It can thus be less susceptible to circumvention by malicious software code than protection which relies on privilege modes within the processor.
- The chip manufacturer can conveniently store its code within the protected region and set the read protection flag in order to prevent a customer's code from reading the chip manufacturer's code, while preserving unrestricted memory access for its own code. Other sensitive information, such as configuration data, may also be stored in the protected region.
- The memory protection logic is preferably configured to allow read requests for addresses in the protected region if the read protection flag for the protected region is not set. This may be useful during initial development stages of the device and its software. Similarly, the memory protection logic is preferably configured to allow write requests for addresses in the protected region if a write protection flag is not set.
- The memory protection logic is preferably configured to deny read requests for addresses in the protected region if the read protection flag for the protected region is set, unless the processor issued the read requests while executing code stored in the protected region (in which case, they are allowed). Such preferred embodiments have only one aforesaid access condition. However, other embodiments may nevertheless provide for multiple access conditions, any of which can effectively override the read protection flag; for example, a device might conceivably allow reading of the protected region if the processor issued the read request while executing a manufacturer's boot-loader program stored in ROM.
- The memory protection logic can further be configured similarly to determine the state of a write protection flag for the protected region and to deny write requests for addresses in the protected region if the write protection flag for the protected region is set, unless the processor issued the write requests while executing code stored in the protected region. The read protection flag may act as the write protection flag also, or these may be two separate flags.
- In one set of preferred embodiments, this memory is non-volatile memory, such as flash. The processor may fetch code directly from the non-volatile memory for execution, or, in some embodiments, at least some of the code may be cached (e.g. in volatile memory). If the device comprises such a cache, it will be appreciated that references herein to executing code stored in the protected region encompass executing a cached copy of such code.
- In other embodiments, the memory may be volatile memory, such as a portion of RAM reserved for executable code, and the protected region is a region of volatile memory. Executable code may be copied to such memory when the device powers on (e.g. from ROM or flash). Alternatively, sections of code or individual instructions may be copied to a protected region of volatile memory as needed, when the device is in use.
- The processor and memory may be connected by one or more buses. The memory protection logic may also be connected to at least one of these buses. The memory protection logic is preferably configured to monitor all accesses to the memory (e.g. all read, write and instruction-fetch operations).
- The memory protection logic may determine whether the processor issued the read request while executing code stored in the protected region of memory by determining whether the address of an instruction-fetch operation immediately preceding the memory access request was within the protected region. The memory protection logic may be configured to set a register on every instruction-fetch operation in accordance with whether the address of the fetched instruction is in the protected region or not. The register may comprise a binary flag which is set in accordance with whether the address of the instruction fetch is in the protected region or not.
- The memory protection logic may be configured to use transaction-type information on a memory bus to identify an instruction-fetch operation (e.g. to distinguish it from a read request). Alternatively, it may be configured to identify an instruction-fetch operation by determining the state of a processor pin, or by determining the identity of bus conveying the fetch instruction (e.g. in devices having separate data-fetch and instruction-fetch buses). When using a Cortex-MO processor from ARM®, the memory protection logic can use the HPROT[0] (Data/Opcode) signal from the Cortex-MO to distinguish between an opcode fetch and data access.
- The protected region may comprise a plurality of discrete areas or address ranges. However, it is preferably defined by a single, continuous address range, which can simplify the implementation logic. In some preferred embodiments, the protected region is variable and is defined by one or more addresses stored on the device, e.g. stored as configuration data in non-volatile memory.
- The protected region may extend between a predetermined constant address and a variable point within the memory address range. The constant address may conveniently be a base or end address for the memory, or even for the whole memory address space for the device; e.g. zero (0x0000 0000). Thus the region can be specified compactly by a single value stored on the device, being the address defining the variable end of the protected region within the memory.
- The memory protection unit can then be configured to determine whether the read request is for an address in the protected region of the memory by determining whether or not the address is between the predetermined constant address and the variable memory address. This operation can be implemented using relatively few logic gates.
- In embodiments in which the aforementioned protected memory region is in non-volatile memory, the device may also comprise volatile memory, such as RAM. The memory protection logic may additionally be configured to deny read requests for addresses in a protected region of the volatile memory if a read protection flag for the protected region of the volatile memory is set, unless the processor issued the read requests while executing code stored in the protected region of the non-volatile memory. In this way, a region of protected RAM may be used by code stored in the protected region of the non-volatile memory (e.g. for heap storage) while being protected from read access by code stored outside the protected region. This can protect sensitive information that code written by the chip manufacturer may store in RAM.
- Similarly, the memory protection logic may be configured to deny write requests for addresses in a protected region of the volatile memory if a write protection flag for the protected region of the volatile memory is set, unless the processor issued the write requests while executing code stored in the protected region of the nonvolatile memory. In this way, customer code stored in non-volatile memory outside the protected region can be prevented from inadvertently or maliciously changing or overwriting volatile data belonging to code in the protected region of the non-volatile memory.
- The non-volatile memory protection flags may act as the volatile memory protection flags also, or the volatile memory flags may comprise one or more separate flags.
- In any of the foregoing embodiments, the device may comprise an interface (e.g. one or more pins) for allowing memory access by an external debugger or software loader. In preferred embodiments of the present invention, the memory protection logic is arranged to deny read requests received via such an interface for addresses in some or all protected regions of volatile or non-volatile memory if a debugging protection flag for the region is set. Protection may similarly be provided for write access to a protected region of volatile or non-volatile memory and/or for instruction fetches from a protected region.. The memory protection logic may be configured to identify memory access requests as originating from a debugging interface by determining when a debugger is acting as a bus master for a memory bus in the device. When the processor is a Cortex-MO from ARM®, the processor may use the HMASTER signal from the Cortex-MO to distinguish between processor core and debugger transactions.
- The memory protection logic may further be configured to determine the state of a read protection flag for a user region of memory for executable code. This user region may comprise part or all of the memory adjacent to, but excluding, the protected code region in the address space. The memory protection logic may by configured to deny read and/or write requests for addresses in the user region received from a debugging interface if the read protection flag for the user region is set. In this way, a customer or other user can protect his user application code from unauthorised access by a third-party; e.g. for reasons of confidentiality.
- In some embodiments, the device comprises integrated radio communication logic, such as a radio transmitter and/or receiver (i.e. a radio-on-a-chip). A firmware module comprising code implementing a radio protocol stack may be stored in the protected region of code memory. A software application which interfaces with the firmware module may be stored outside the protected region.
- Embodiments of the invention may be particularly suited to devices that do not have a traditional operating system, but which allow a user to develop native code for direct execution on the processor. This is because such devices cannot rely on an operating system to control memory access and to protect any confidential software libraries or modules which the device manufacturer may have installed in the device.
- In any embodiments of the invention, the read and/or write protection flags are preferably stored in non-volatile memory. In use, the flags may of course be cached in a register or in RAM. A protection flag may just be one element in a larger set of configuration settings. It may be encoded in any suitable manner. In some embodiments each such protection flag is stored as a binary flag or bit field.
- One or more of the protection flags may be stored in a protection-configuration region of non-volatile memory. Preferably the device comprises non-volatile memory control logic arranged to prevent writing to any portion of the protection-configuration region unless that portion is in an erased state. Preferably the non-volatile memory control logic is further arranged to allow the protection-configuration region to be erased only if a protected region of the non-volatile memory is in an erased state.
- In this way, the protection flags cannot be rewritten without first erasing any data stored in the protected region of the non-volatile memory. Sensitive executable code stored in the protected region thus cannot be read simply by resetting the read protection flag for the non-volatile memory.
- This idea is novel and inventive in its own right. Thus, from a further aspect, the invention provides an integrated-circuit device comprising a processor, non-volatile memory, non-volatile memory control logic, and memory protection logic, wherein:
-
- the memory protection logic is arranged to control access to a protectable region of the non-volatile memory in dependence on protection configuration data stored in a protection-configuration region of the non-volatile memory;
- the non-volatile memory control logic is arranged to prevent writing to any portion of the protection-configuration region unless that portion is in an erased state; and
- the non-volatile memory control logic is arranged to allow the protection-configuration region to be erased only if the protectable region is in an erased state.
- From another aspect, the invention provides a method of controlling memory access on an integrated-circuit device comprising a processor and non-volatile memory, the method comprising:
-
- controlling access to a protectable region of the non-volatile memory in dependence on protection configuration data stored in a protection-configuration region of the non-volatile memory;
- preventing writing to any portion of the protection-configuration region unless that portion is in an erased state;
- allowing the protection-configuration region to be erased only when the protectable region is in an erased state.
- Features of the earlier aspects and their embodiments may be optional features of embodiments of these aspects also, wherever appropriate. In particular, the protectable region may be a protected region of non-volatile memory as previously described, and the protection configuration data may comprise one or more protection flags as previously described.
- Preferably the non-volatile memory control logic operates independently of the processor. It preferably comprises distinct logic gates, separate from the processor. In this way, a malicious or careless programmer cannot execute code on the processor that bypasses the non-volatile memory control logic. The memory protection logic is similarly independent of the processor in preferred embodiments.
- U.S. Pat. No. 6,952,778 describes a microcontroller that provides read and/or write protection for memory blocks in an embedded memory according to a set of rules. These rules assign respective security levels to the memory blocks and are stored in a supervisory non-volatile memory. Once it has initially been programmed in accordance with an end users requirements, the security level for a block can only be increased unless the supervisor non-volatile memory is erased and the microcontroller re-initialized. This results in the user-defined default security levels being restored.
- However such an approach relies on the successful restoration of the default security levels in order for the memory blocks to be adequately protected. If an attacker were able to interfere with the process of re-initializing the microcontroller, the contents of the memory might be left unprotected and readable by the attacker.
- Preferred embodiments of the present invention, by contrast, use dedicated non-volatile memory control logic and memory protection logic to ensure that the protection configuration data can only be reset if any sensitive information has first been erased from the device.
- The non-volatile memory control logic may be configured so that the only mechanism provided by the non-volatile memory control logic for erasing the protection-configuration region is an instruction that erases both the protectable region and the protection-configuration region. This may be an instruction to erase all the non-volatile memory in the device.
- If the protection-configuration region and the protectable region comprise different pages or erasable blocks of memory, the non-volatile memory control logic is preferably configured to erase all pages or blocks forming the protectable region before erasing any page or block forming part of the protection-configuration region. In this way, if the erase operation is interrupted before completing, the protection configuration data will still be present if the protectable region has not yet been fully erased, thereby continuing to provide protection.
- The memory protection logic may be configured such that, when the protection-configuration region is in an erased state, access to the protectable region is in the highest of an ordered set of restriction levels. This can provide additional security by restricting access to the protectable region by default, e.g. in case a user omits to set new configuration data after an erase.
- By allowing writing to the protection-configuration region when it is in an erased state, the protection configuration information can be set during manufacturing or commissioning, and during any subsequent reprogramming of the device.
- The non-volatile memory control logic is preferably arranged to receive an instruction to write to a portion of the protection-configuration region and, in response, to check that the portion is in an erased state before allowing the write. It may do this by reading the portion and determining that it is in a natural erased state for the type of non-volatile memory. For example, flash memory contains a binary “1” in every bit after a page has been erased. The memory control logic may therefore check that every bit of the portion is a “1” before allowing the write operation. Other memory types may of course read “0” or have some other natural erased state.
- Alternatively, regions of the non-volatile memory may contain erased state flags that are reset when the region is erased but are set by the non-volatile memory control logic when a first write operation is performed into that region. In this case, the non-volatile memory control logic may check one or more erased state flags before allowing a write operation to a portion of the protection-configuration region.
- The memory-protection configuration region may store one or more values that define the protectable region of non-volatile memory and/or that define a protected region of volatile memory as previously described. In this way, an attacker cannot change the definition of the protected region(s) without first destroying its contents.
- Optional or preferred features of one aspect or embodiment described herein may, wherever appropriate, be applied to any other aspect or embodiment.
- Certain preferred embodiments of the invention will now be described, by way of example only, with reference to the accompanying drawings, in which:
-
FIG. 1 is a schematic drawing of a microcontroller embodying the invention; -
FIG. 2 is a schematic drawing showing major software components within the microcontroller architecture; -
FIG. 3 is a schematic memory map for the microcontroller; and -
FIG. 4 is a table showing decisions that the microcontroller may implement for protecting flash memory from unauthorized access. -
FIG. 1 shows an integrated-circuit microcontroller 1 or radio-on-a-chip which comprisesclock logic 3, which may include a resistor-capacitor oscillator and/or may receive an input from an off-chip crystal oscillator (not shown),power management circuitry 5, a processor 7 (e.g. an ARM® Cortex-MO), a memory protection unit 9,RAM 11, aflash memory controller 20,flash memory 13,radio communication logic 17, one ormore peripherals 15, and input/output circuitry 19. - These components are interconnected using suitable lines and/or buses (not shown). The
microcontroller 1 may use a Harvard architecture or a von Neumann architecture. The memory protection unit 9 is arranged to intercept all memory access instructions from theprocessor 7 to theRAM 11 and to theflash memory controller 20. - The
microcontroller 1 also has adebugging interface 18 which may be used for loading data into theflash memory 13 and for debugging theprocessor 7. It does not have direct access to theRAM 11 andflash 13, but instead has to access these memories via the memory protection unit 9 andflash memory controller 20. - In use, the
microcontroller 1 can be connected to a number of external components such as a power supply, radio antenna, crystal oscillator, sensors, output devices, etc. -
FIG. 2 shows software components that may be installed on themicrocontroller 1. Interfacing with themicrocontroller 1 hardware is an optionalhardware abstraction layer 21, such as the ARM® Cortex Microcontroller Software Interface Standard. Above this sits afirmware module 23 and a separate software application 27. - The
firmware module 23 is a binary application comprising a number of embedded software blocks. Aradio protocol block 31 implements one or more wireless protocol stacks. Aradio event manager 33 provides access scheduling for theradio communication logic 17 and event multiplexing. Alibrary 35 provides shared hardware resource management and functions such as random number generation, configuring interrupts and priority, power management (e.g. for enabling and disabling peripherals), encryption functions, etc. Afirmware manager 37 supports enabling and disabling the firmware module, and enabling and disabling the wireless protocol stack. - The
firmware module 23 need not be a full operating system, in that it need not necessarily provide support for multi-threading, memory allocation, etc. - An application interface (API) 29 for the
firmware module 23 allows the software application 27 to invoke functions in thefirmware module 23. It may be implemented entirely using system calls. When using an ARM (RTM) processor, each API function prototype is mapped to a firmware function via an associated supervisor call (SVC) number at compile time. This mapping can be provided to the developer of the software application 27 to allow the functions to be called correctly. - The
firmware module 23 can communicate events to the software application 27 as software interrupts, the content of which is buffered until read (polled) by the software application 27. The reading is done through an API call (e.g. event get( ). -
FIG. 3 shows how theRAM 11 andflash 13 are shared between thefirmware module 23 and the software application 27. Theflash 13 is assigned addresses from zero (0x0000 0000) to SizeOfProgMem for storing executable program code. - Another area of
flash 13, which may be on its own flash page, extends from MemConfigStart to MemConfigEnd and is used for storing configuration data for use by the memory protection unit 9. In one set of embodiments, this page extends fromOx1000 0000 to Ox1000 07ff, but, as with all the address values mentioned herein, these values may depend on the particular processor architecture being used in any given embodiment. - The
RAM 11 is assigned addresses from0x2000 0000 upwards to0x2000 0000+SizeOfRAM. - The program area of the
flash 13 comprises two distinct regions either side of address CLENRO (code length region 0).Region 0, between zero and CLENRO, is where thefirmware module 23 is loaded. A firmware interrupt vector table is stored at address zero.Region 1, extending upwards from CLENRO to SizeOfProgMem, is where the software application 27 is loaded. It too can have an interrupt vector table, at address CLENRO. - The
RAM 11 similarly has aRegion 0, from thebase address 0x2000 000 to RLENRO, and aRegion 1, extended upwards from RLENRO.RAM Region 0 provides heap storage for thefirmware module 23 whileRAM Region 1 provides heap storage for the software application 27. A call stack is shared between thefirmware module 23 and the software application 27 and grows downwards from (0x2000 0000+SizeOfRAM). The memory allocated to the call stack must be big enough for the needs of both the software application 27 and thefirmware module 23. - The values of CLENRO and RLENRO are stored in the memory-protection configuration area of the
flash memory 13. - On power up, relevant data stored in the memory protection configuration area of
flash 13 is copied to memory protection configuration registers accessible to the memory protection logic 9. These registers are writeable only from a hardware state machine that executes only during power on of themicrocontroller 1, such that the only way of changing the contents of these registers is to change the data in the memory protection configuration area of theflash 13. - The memory protection logic 9 is arranged to intercept all memory access requests (e.g. data fetch or instruction fetch operations) from the
processor 7 to theflash memory 13 and theRAM 11. It can identify an instruction-fetch operation from a “transaction type” on the memory bus. For every instruction fetch that theprocessor 7 makes from theflash memory 13, the memory protection logic 9 updates a single-bit flag in a “firmware region” register with a “1” if the address of the fetched instruction is less than CLENRO and with a “0” if the address is greater than or equal to CLENRO. - For every data access request, the memory protection logic 9 determines whether the source of the access request was from the
firmware module 23 or elsewhere by checking the value of the “firmware region” register. It can be configured to detect if the source of the request is thedebugger interface 18, or a direct-memory access (DMA) unit, by determining the identity of the active memory bus master. It also accesses the memory protection configuration registers to determine whether to allow or deny the access request based on the state of the “firmware region” register and the identity of the bus master. - In some preferred embodiments, the software application 27 is denied read and write access to
flash Region 0 and to RAMRegion 0. This protects confidentiality for thefirmware module 23 and can prevent inadvertent or malicious writing by the software application 27 to memory locations allocated to thefirmware module 23, thereby increasing robustness and security. The softwareapplication flash Region 1 may also be protected from read access, e.g. to protect against read back via theexternal debugging interface 18. -
FIG. 4 shows a decision table that themicrocontroller 1 might implement for protecting theflash memory 13 from unauthorised access. Alternative implementations are, of course, possible. - Two binary flags are stored in the memory-protection configuration region of the flash memory 13 (and are copied to registers on boot up). The first, when set, prevents data read and write access to all of the program flash via the
debugging interface 18. The second, when set, prevents data read and write access to theRegion 0 flash memory by anything other than code executing fromRegion 0 itself. Execution access (i.e. instruction fetches) by theprocessor 7 is still allowed, even when data read access is denied. - If an attacker were able to change the data stored in the memory-protection configuration area of the
flash memory 13, the protection mechanisms could be bypassed. However, theflash memory controller 20 prevents writing to the memory-protection configuration area unless it is in an erased state. Furthermore, theflash memory controller 20 prevents erasing of the memory-protection configuration area unlessRegions 0 & 1 of theflash memory 13 have been erased first. It uses digital logic implementing a finite state machine to enforce these conditions. - If the
flash memory controller 20 receives an instruction to write a word to an address in the memory-protection configuration area, it will first read the existing contents at that address and will only allow the write if the existing contents are all binary “1”s, indicating that this address has not been written to since an erase of the memory-protection configuration area flash memory. If the check fails, it will deny the write and may raise an exception with theprocessor 7. - If the
flash memory controller 20 receives an instruction to erase theentire flash memory 13, it will respond by erasing the contents offlash Regions flash memory 13. - The
flash memory controller 20 will deny any instruction to erase just the memory-protection configuration area. - The skilled person will appreciate
microcontroller 1 may also be configured to prevent code executing other than inRegion 0 of theflash memory 13 from accessing important features, such as registers related to low-level functions of theradio communication logic 17, thepower control logic 5, a direct-memory access (DMA) controller, or interrupt registers.
Claims (24)
1. An integrated-circuit device comprising a processor, memory for storing executable code, and memory protection logic, wherein the memory protection logic is configured to:
determine the state of a read protection flag for a protected region of the memory;
detect a memory read request by the processor;
determine whether the read request is for an address in the protected region of the memory by determining whether the address of an instruction-fetch operation immediately preceding the memory access request was within the protected region;
determine whether the processor issued the read request while executing code stored in the protected region of the memory; and
deny read requests for addresses in the protected region if the read protection flag for the protected region is set, unless at least one of one or more access conditions is met, wherein one of said access conditions is that the processor issued the read requests while executing code stored in the protected region.
2. The integrated-circuit device of claim 1 , wherein the memory protection logic comprises hardware logic that is separate from the processor.
3. The integrated-circuit device of claim 1 , wherein the memory protection logic is configured to allow read requests for addresses in the protected region if the read protection flag for the protected region is not set.
4. The integrated-circuit device of claim 1 , wherein the memory protection logic is configured to deny read requests for addresses in the protected region if the read protection flag for the protected region is set, unless the processor issued the read requests while executing code stored in the protected region.
5. The integrated-circuit device of claim 1 , wherein the memory protection logic is further configured to determine the state of a write protection flag for the protected region and to deny write requests for addresses in the protected region if the write protection flag for the protected region is set, unless the processor issued the write requests while executing code stored in the protected region.
6. The integrated-circuit device of claim 1 , wherein the memory is non-volatile memory.
7. The integrated-circuit device of claim 1 , wherein the memory protection logic is configured to monitor all accesses to the memory.
8. The integrated-circuit device of claim 1 , wherein the memory protection logic is configured to set a register on every instruction-fetch operation in accordance with whether the address of the fetched instruction is in the protected region or not.
9. The integrated-circuit device of claim 1 , wherein the protected region is variable and is defined by one or more addresses stored on the device.
10. The integrated-circuit device of claim 1 , wherein the protected region of the memory extends between a predetermined constant address and a variable point within the memory address range, and the memory protection unit is configured to determine whether the read request is for an address in the protected region by determining whether the address is between the predetermined constant address and the variable memory address.
11. The integrated-circuit device of claim 1 , wherein the memory for storing executable code is non-volatile memory, and the device further comprises volatile memory, and wherein the memory protection logic is further configured to deny read requests for addresses in a protected region of the volatile memory if a read protection flag for the protected region of the volatile memory is set, unless the processor issued the read requests while executing code stored in the protected region of the non-volatile memory.
12. The integrated-circuit device of claim 1 , comprising an interface for allowing memory access by an external debugger or software loader, wherein the memory protection logic is arranged to deny read requests received via said interface for addresses in one or more protected regions of volatile or non-volatile memory if a debugging protection flag for the region is set.
13. The integrated-circuit device of claim 1 , comprising integrated radio communication logic, wherein a firmware module comprising code implementing a radio protocol stack is stored in the protected region of code memory and wherein optionally a software application which interfaces with the firmware module is stored in the memory outside the protected region.
14. The integrated-circuit device of claim 1 , comprising non-volatile memory and arranged to store said protection flag or flags in a protection-configuration region of the non-volatile memory, wherein the device further comprises non-volatile memory control logic arranged to prevent writing to any portion of the protection-configuration region unless that portion is in an erased state.
15. The integrated-circuit device of claim 14 , wherein the non-volatile memory control logic is further arranged to allow the protection-configuration region to be erased only if a protected region of the non-volatile memory is in an erased state.
16. A method of controlling memory access on an integrated-circuit device comprising a processor and memory for storing executable code, the method comprising:
determining the state of a read protection flag for a protected region of the memory;
detecting a memory read request by the processor;
determining whether the read request is for an address in the protected region of the memory by determining whether the address of an instruction-fetch operation immediately preceding the memory access request was within the protected region;
determining whether the processor issued the read request while executing code stored in the protected region of the memory; and
denying read requests for addresses in the protected region if the read protection flag for the protected region is set, unless at least one of one or more access conditions is met, wherein one of said access conditions is that the processor issued the read requests while executing code stored in the protected region.
17. An integrated-circuit device comprising a processor, non-volatile memory having a natural erased state, non-volatile memory control logic, and memory protection logic, wherein:
the memory protection logic is arranged to control access to a protectable region of the non-volatile memory in dependence on protection configuration data stored in a protection-configuration region of the non-volatile memory;
the non-volatile memory control logic is arranged to prevent writing to any portion of the protection-configuration region, unless that portion is in an erased state, by being arranged to receive an instruction to write to a portion of the protection-configuration region and to respond by reading said portion to check that said portion is in the natural erased state before allowing the write; and
the non-volatile memory control logic is arranged to allow the protection-configuration region to be erased only if the protectable region is in an erased state.
18. The integrated-circuit device of claim 17 , wherein the non-volatile memory control logic and/or memory protection logic comprise logic gates separate from the processor.
19. The integrated-circuit device of claim 17 , wherein the non-volatile memory control logic is configured so that the only mechanism provided by the non-volatile memory control logic for erasing the protection-configuration region is an instruction that erases both the protectable region and the protection-configuration region.
20. The integrated-circuit device of claim 17 , wherein the protection-configuration region and the protectable region comprise different pages or erasable blocks of memory, and the non-volatile memory control logic is configured to erase all pages or blocks forming the protectable region before erasing any page or block forming part of the protection-configuration region.
21. The integrated-circuit device of claim 17 , wherein the memory protection logic is configured such that, when the protection-configuration region is in an erased state, access to the protectable region is in the highest of an ordered set of restriction levels.
22. The integrated-circuit device of claim 17 , arranged to store, in the memory-protection configuration region, one or more values that define the protectable region of non-volatile memory and/or that define a protected region of volatile memory.
23. The integrated-circuit device of claim 17 , wherein the protection configuration data comprises a read protection flag for the protectable region of the non-volatile memory, and wherein the memory protection logic is configured to:
determine the state of the read protection flag;
detect a memory read request by the processor;
determine whether the read request is for an address in the protectable region;
determine whether the processor issued the read request while executing code stored in the protectable region; and
deny read requests for addresses in the protectable region if the read protection flag for the protectable region is set, unless at least one of one or more access conditions is met, wherein one of said access conditions is that the processor issued the read requests while executing code stored in the protectable region.
24. A method of controlling memory access on an integrated-circuit device comprising a processor and non-volatile memory, the non-volatile memory being of a type that has a natural erased state, the method comprising:
controlling access to a protectable region of the non-volatile memory in dependence on protection configuration data stored in a protection-configuration region of the non-volatile memory;
preventing writing to any portion of the protection-configuration region unless that portion is in an erased state by responding to an instruction to write to a portion of the protection-configuration region by reading said portion and checking that said portion is in the natural erased state before allowing the write; and
allowing the protection-configuration region to be erased only when the protectable region is in an erased state.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US15/184,777 US20160299720A1 (en) | 2012-06-27 | 2016-06-16 | Memory protection |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB1211422.9 | 2012-06-27 | ||
GB1211422.9A GB2503470B (en) | 2012-06-27 | 2012-06-27 | Memory protection |
US13/924,249 US9430409B2 (en) | 2012-06-27 | 2013-06-21 | Memory protection |
US15/184,777 US20160299720A1 (en) | 2012-06-27 | 2016-06-16 | Memory protection |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/924,249 Continuation US9430409B2 (en) | 2012-06-27 | 2013-06-21 | Memory protection |
Publications (1)
Publication Number | Publication Date |
---|---|
US20160299720A1 true US20160299720A1 (en) | 2016-10-13 |
Family
ID=46704312
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/924,249 Active 2034-06-06 US9430409B2 (en) | 2012-06-27 | 2013-06-21 | Memory protection |
US15/184,777 Abandoned US20160299720A1 (en) | 2012-06-27 | 2016-06-16 | Memory protection |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/924,249 Active 2034-06-06 US9430409B2 (en) | 2012-06-27 | 2013-06-21 | Memory protection |
Country Status (8)
Country | Link |
---|---|
US (2) | US9430409B2 (en) |
EP (2) | EP3702923B1 (en) |
JP (1) | JP6306578B2 (en) |
KR (1) | KR102095614B1 (en) |
CN (1) | CN104412242B (en) |
GB (3) | GB2503583B (en) |
TW (1) | TWI581099B (en) |
WO (1) | WO2014001803A2 (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2018217400A1 (en) * | 2017-05-26 | 2018-11-29 | Microsoft Technology Licensing, Llc | Subsystem firewalls |
RU2677366C1 (en) * | 2017-10-27 | 2019-01-16 | Юрий Алексеевич Шашлюк | Data storage device and method of operation thereof |
US10346345B2 (en) | 2017-05-26 | 2019-07-09 | Microsoft Technology Licensing, Llc | Core mapping |
US10353815B2 (en) | 2017-05-26 | 2019-07-16 | Microsoft Technology Licensing, Llc | Data security for multiple banks of memory |
US10409981B2 (en) | 2017-04-21 | 2019-09-10 | International Business Machines Corporation | In-process stack memory protection |
WO2019199586A1 (en) * | 2018-04-14 | 2019-10-17 | Microsoft Technology Licensing, Llc | Nop sled defense |
FR3087020A1 (en) * | 2018-10-09 | 2020-04-10 | Stmicroelectronics (Grenoble 2) Sas | METHOD FOR ACCESSING A MEMORY |
WO2020091905A1 (en) * | 2018-10-30 | 2020-05-07 | Cypress Semiconductor Corporation | Securing data logs in memory devices |
CN112567349A (en) * | 2018-06-27 | 2021-03-26 | 北欧半导体公司 | Hardware protection of files in integrated circuit devices |
Families Citing this family (30)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140316873A1 (en) * | 2013-04-22 | 2014-10-23 | Codecard, Inc. | Apparatus, system and methods to issue a prize to a user of a credit account based on user purchase activities |
EP2808818B1 (en) * | 2013-05-29 | 2016-07-13 | Nxp B.V. | Processing system |
GB2521607B (en) * | 2013-12-23 | 2016-03-23 | Nordic Semiconductor Asa | Integrated-Circuit Radio |
US20150351999A1 (en) * | 2014-01-15 | 2015-12-10 | Getting in the Mood, LLC | Heating and vibrating personal massager with accompanying cover |
US20160180092A1 (en) * | 2014-12-23 | 2016-06-23 | Mcafee, Inc. | Portable secure storage |
CN104598402B (en) * | 2014-12-30 | 2017-11-10 | 北京兆易创新科技股份有限公司 | A kind of control method of flash controller and flash controller |
CN104573421B (en) | 2014-12-30 | 2017-12-22 | 北京兆易创新科技股份有限公司 | A kind of MCU chip information protecting method and device based on some subregions |
US10540524B2 (en) * | 2014-12-31 | 2020-01-21 | Mcafee, Llc | Memory access protection using processor transactional memory support |
US10157008B2 (en) * | 2015-04-29 | 2018-12-18 | Qualcomm Incorporated | Systems and methods for optimizing memory power consumption in a heterogeneous system memory |
CN107548492B (en) * | 2015-04-30 | 2021-10-01 | 密克罗奇普技术公司 | Central processing unit with enhanced instruction set |
GB2539455A (en) | 2015-06-16 | 2016-12-21 | Nordic Semiconductor Asa | Memory watch unit |
WO2017061153A1 (en) * | 2015-10-09 | 2017-04-13 | ソニー株式会社 | Memory, memory controller, storage device, information processing system and memory control method |
US20170139844A1 (en) * | 2015-11-17 | 2017-05-18 | Silicon Laboratories Inc. | Asymmetric memory |
JP6742831B2 (en) * | 2016-06-14 | 2020-08-19 | ルネサスエレクトロニクス株式会社 | Information processing device, read control method, and program |
US11416421B2 (en) | 2016-07-19 | 2022-08-16 | Cypress Semiconductor Corporation | Context-based protection system |
GB2557305A (en) * | 2016-12-05 | 2018-06-20 | Nordic Semiconductor Asa | Memory protection logic |
US10691803B2 (en) * | 2016-12-13 | 2020-06-23 | Amazon Technologies, Inc. | Secure execution environment on a server |
US10534553B2 (en) | 2017-08-30 | 2020-01-14 | Micron Technology, Inc. | Memory array accessibility |
US10318438B1 (en) * | 2017-12-07 | 2019-06-11 | Nuvoton Technology Corporation | Secure memory access using memory read restriction |
US11132134B2 (en) * | 2017-12-21 | 2021-09-28 | Apple Inc. | Flexible over-provisioning of storage space within solid-state storage devices (SSDs) |
TWI650648B (en) * | 2018-02-09 | 2019-02-11 | 慧榮科技股份有限公司 | System wafer and method for accessing memory in system wafer |
GB201807257D0 (en) | 2018-05-02 | 2018-06-13 | Nordic Semiconductor Asa | Cryptographic key distribution |
US11422949B2 (en) | 2018-11-08 | 2022-08-23 | Sony Group Corporation | Communication device |
US11036887B2 (en) * | 2018-12-11 | 2021-06-15 | Micron Technology, Inc. | Memory data security |
TWI682400B (en) * | 2019-03-04 | 2020-01-11 | 新唐科技股份有限公司 | Semiconductor device and data protection method |
JP2021111112A (en) * | 2020-01-09 | 2021-08-02 | キヤノン株式会社 | Image forming apparatus and control method thereof |
CN111625784B (en) * | 2020-05-29 | 2023-09-12 | 重庆小雨点小额贷款有限公司 | Anti-debugging method of application, related device and storage medium |
FR3118219B1 (en) * | 2020-12-17 | 2024-03-15 | Stmicroelectronics Grand Ouest Sas | Method for protecting a system, for example a microcontroller, and corresponding system |
JP7408593B2 (en) * | 2021-03-23 | 2024-01-05 | 株式会社東芝 | Control devices, information processing devices, and information processing systems |
CN113961246A (en) * | 2021-10-28 | 2022-01-21 | 深圳市航顺芯片技术研发有限公司 | Permission configuration method and device on micro control chip and storage medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20010004753A1 (en) * | 1998-04-28 | 2001-06-21 | International Business Machines Corporation | Address re-mapping for memory module using presence detect data |
US20030101324A1 (en) * | 2001-11-27 | 2003-05-29 | Herr Brian D. | Dynamic self-tuning memory management method and system |
US20050216686A1 (en) * | 2004-03-25 | 2005-09-29 | Nec Electronics Corporation | Memory protection apparatus |
US20080141279A1 (en) * | 2006-10-06 | 2008-06-12 | Peter Mattson | Software development for parallel processing systems |
Family Cites Families (32)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4698750A (en) * | 1984-12-27 | 1987-10-06 | Motorola, Inc. | Security for integrated circuit microcomputer with EEPROM |
JPS6382534A (en) | 1986-09-26 | 1988-04-13 | Matsushita Electric Ind Co Ltd | Memory protection device |
US5001670A (en) | 1987-02-06 | 1991-03-19 | Tektronix, Inc. | Nonvolatile memory protection |
US5469557A (en) * | 1993-03-05 | 1995-11-21 | Microchip Technology Incorporated | Code protection in microcontroller with EEPROM fuses |
US5564030A (en) * | 1994-02-08 | 1996-10-08 | Meridian Semiconductor, Inc. | Circuit and method for detecting segment limit errors for code fetches |
US5737760A (en) * | 1995-10-06 | 1998-04-07 | Motorola Inc. | Microcontroller with security logic circuit which prevents reading of internal memory by external program |
JP3489708B2 (en) * | 1996-10-23 | 2004-01-26 | シャープ株式会社 | Nonvolatile semiconductor memory device |
JPH10228421A (en) * | 1997-02-14 | 1998-08-25 | Nec Ic Microcomput Syst Ltd | Memory access control circuit |
JP4000654B2 (en) * | 1997-02-27 | 2007-10-31 | セイコーエプソン株式会社 | Semiconductor device and electronic equipment |
JP2001051904A (en) * | 1999-08-11 | 2001-02-23 | Hitachi Ltd | External storage device using non-volatile semiconductor memory |
US6895508B1 (en) | 2000-09-07 | 2005-05-17 | International Business Machines Corporation | Stack memory protection |
US6952778B1 (en) | 2000-10-26 | 2005-10-04 | Cypress Semiconductor Corporation | Protecting access to microcontroller memory blocks |
US6615329B2 (en) * | 2001-07-11 | 2003-09-02 | Intel Corporation | Memory access control system, apparatus, and method |
US6883075B2 (en) | 2002-01-17 | 2005-04-19 | Silicon Storage Technology, Inc. | Microcontroller having embedded non-volatile memory with read protection |
JP4347582B2 (en) * | 2003-02-04 | 2009-10-21 | パナソニック株式会社 | Information processing device |
US7739516B2 (en) * | 2004-03-05 | 2010-06-15 | Microsoft Corporation | Import address table verification |
US7210014B2 (en) | 2004-05-27 | 2007-04-24 | Microsoft Corporation | Alternative methods in memory protection |
US7343496B1 (en) | 2004-08-13 | 2008-03-11 | Zilog, Inc. | Secure transaction microcontroller with secure boot loader |
US20070133280A1 (en) * | 2004-10-08 | 2007-06-14 | Renesas Technology Corp. | Semiconductor integrated circuit apparatus and electronic system |
US7516902B2 (en) | 2004-11-19 | 2009-04-14 | Proton World International N.V. | Protection of a microcontroller |
US7673345B2 (en) | 2005-03-31 | 2010-03-02 | Intel Corporation | Providing extended memory protection |
JP4584044B2 (en) * | 2005-06-20 | 2010-11-17 | ルネサスエレクトロニクス株式会社 | Semiconductor device |
JP4818793B2 (en) | 2006-04-20 | 2011-11-16 | ルネサスエレクトロニクス株式会社 | Microcomputer and memory access control method |
DE602007012519D1 (en) * | 2007-04-05 | 2011-03-31 | St Microelectronics Res & Dev | Integrated circuit with limited data access |
US8051263B2 (en) | 2007-05-04 | 2011-11-01 | Atmel Corporation | Configurable memory protection |
US7917716B2 (en) | 2007-08-31 | 2011-03-29 | Standard Microsystems Corporation | Memory protection for embedded controllers |
US7836226B2 (en) * | 2007-12-06 | 2010-11-16 | Fusion-Io, Inc. | Apparatus, system, and method for coordinating storage requests in a multi-processor/multi-thread environment |
US7895404B2 (en) * | 2008-02-14 | 2011-02-22 | Atmel Rousset S.A.S. | Access rights on a memory map |
US8001357B2 (en) * | 2008-04-30 | 2011-08-16 | Microsoft Corporation | Providing a single drive letter user experience and regional based access control with respect to a storage device |
US20100106926A1 (en) * | 2008-10-25 | 2010-04-29 | International Business Machines Corporation | Second failure data capture problem determination using user selective memory protection to trace application failures |
WO2011074168A1 (en) * | 2009-12-14 | 2011-06-23 | パナソニック株式会社 | Information processing apparatus |
JP5793712B2 (en) * | 2010-03-01 | 2015-10-14 | パナソニックIpマネジメント株式会社 | Nonvolatile storage device, access device, and nonvolatile storage system |
-
2012
- 2012-06-27 GB GB1312526.5A patent/GB2503583B/en active Active
- 2012-06-27 GB GB1211422.9A patent/GB2503470B/en active Active
- 2012-06-27 GB GB1405811.9A patent/GB2513727B/en active Active
-
2013
- 2013-06-21 US US13/924,249 patent/US9430409B2/en active Active
- 2013-06-24 TW TW102122332A patent/TWI581099B/en active
- 2013-06-26 KR KR1020157002157A patent/KR102095614B1/en active IP Right Grant
- 2013-06-26 CN CN201380033753.6A patent/CN104412242B/en active Active
- 2013-06-26 JP JP2015519342A patent/JP6306578B2/en active Active
- 2013-06-26 EP EP20163176.9A patent/EP3702923B1/en active Active
- 2013-06-26 WO PCT/GB2013/051694 patent/WO2014001803A2/en active Application Filing
- 2013-06-26 EP EP13733436.3A patent/EP2867776B1/en active Active
-
2016
- 2016-06-16 US US15/184,777 patent/US20160299720A1/en not_active Abandoned
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20010004753A1 (en) * | 1998-04-28 | 2001-06-21 | International Business Machines Corporation | Address re-mapping for memory module using presence detect data |
US20030101324A1 (en) * | 2001-11-27 | 2003-05-29 | Herr Brian D. | Dynamic self-tuning memory management method and system |
US20050216686A1 (en) * | 2004-03-25 | 2005-09-29 | Nec Electronics Corporation | Memory protection apparatus |
US20080141279A1 (en) * | 2006-10-06 | 2008-06-12 | Peter Mattson | Software development for parallel processing systems |
Cited By (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10817600B2 (en) | 2017-04-21 | 2020-10-27 | International Business Machines Corporation | Protecting stack memory in computer systems |
US10409981B2 (en) | 2017-04-21 | 2019-09-10 | International Business Machines Corporation | In-process stack memory protection |
US20180343234A1 (en) * | 2017-05-26 | 2018-11-29 | Microsoft Technology Licensing, Llc | Subsystem firewalls |
US10346345B2 (en) | 2017-05-26 | 2019-07-09 | Microsoft Technology Licensing, Llc | Core mapping |
US10353815B2 (en) | 2017-05-26 | 2019-07-16 | Microsoft Technology Licensing, Llc | Data security for multiple banks of memory |
US10587575B2 (en) * | 2017-05-26 | 2020-03-10 | Microsoft Technology Licensing, Llc | Subsystem firewalls |
US11444918B2 (en) * | 2017-05-26 | 2022-09-13 | Microsoft Technology Licensing, Llc | Subsystem firewalls |
WO2018217400A1 (en) * | 2017-05-26 | 2018-11-29 | Microsoft Technology Licensing, Llc | Subsystem firewalls |
RU2677366C1 (en) * | 2017-10-27 | 2019-01-16 | Юрий Алексеевич Шашлюк | Data storage device and method of operation thereof |
WO2019199586A1 (en) * | 2018-04-14 | 2019-10-17 | Microsoft Technology Licensing, Llc | Nop sled defense |
US11036654B2 (en) | 2018-04-14 | 2021-06-15 | Microsoft Technology Licensing, Llc | NOP sled defense |
CN112567349A (en) * | 2018-06-27 | 2021-03-26 | 北欧半导体公司 | Hardware protection of files in integrated circuit devices |
EP3814910B1 (en) * | 2018-06-27 | 2023-12-27 | Nordic Semiconductor ASA | Hardware protection of files in an integrated-circuit device |
US11960617B2 (en) | 2018-06-27 | 2024-04-16 | Nordic Semiconductor Asa | Hardware protection of files in an integrated-circuit device |
EP3637266A1 (en) * | 2018-10-09 | 2020-04-15 | STMicroelectronics (Grenoble 2) SAS | Method for accessing a memory |
US11055237B2 (en) | 2018-10-09 | 2021-07-06 | Stmicroelectronics (Rousset) Sas | Method of access to a memory |
FR3087020A1 (en) * | 2018-10-09 | 2020-04-10 | Stmicroelectronics (Grenoble 2) Sas | METHOD FOR ACCESSING A MEMORY |
WO2020091905A1 (en) * | 2018-10-30 | 2020-05-07 | Cypress Semiconductor Corporation | Securing data logs in memory devices |
US11210238B2 (en) * | 2018-10-30 | 2021-12-28 | Cypress Semiconductor Corporation | Securing data logs in memory devices |
Also Published As
Publication number | Publication date |
---|---|
GB201211422D0 (en) | 2012-08-08 |
GB201405811D0 (en) | 2014-05-14 |
GB2513727B (en) | 2015-06-24 |
KR20150033695A (en) | 2015-04-01 |
CN104412242B (en) | 2018-01-19 |
US20140006692A1 (en) | 2014-01-02 |
WO2014001803A3 (en) | 2014-03-20 |
TWI581099B (en) | 2017-05-01 |
EP3702923B1 (en) | 2023-06-21 |
WO2014001803A2 (en) | 2014-01-03 |
CN104412242A (en) | 2015-03-11 |
EP2867776A2 (en) | 2015-05-06 |
GB2503470A (en) | 2014-01-01 |
GB2503583A (en) | 2014-01-01 |
JP6306578B2 (en) | 2018-04-04 |
GB2503470A9 (en) | 2014-01-15 |
EP2867776B1 (en) | 2020-04-29 |
US9430409B2 (en) | 2016-08-30 |
GB2503583B (en) | 2015-06-17 |
EP3702923A1 (en) | 2020-09-02 |
JP2015525916A (en) | 2015-09-07 |
GB2513727A (en) | 2014-11-05 |
KR102095614B1 (en) | 2020-04-01 |
GB2503470B (en) | 2014-08-13 |
GB201312526D0 (en) | 2013-08-28 |
TW201409236A (en) | 2014-03-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9430409B2 (en) | Memory protection | |
US9389793B2 (en) | Trusted execution and access protection for embedded memory | |
US7444668B2 (en) | Method and apparatus for determining access permission | |
JP4818793B2 (en) | Microcomputer and memory access control method | |
JP4785808B2 (en) | Data processing apparatus and system control register protection method | |
US9753863B2 (en) | Memory protection with non-readable pages | |
US20070266214A1 (en) | Computer system having memory protection function | |
JP4939387B2 (en) | Data processing apparatus and address space protection method | |
US20070016832A1 (en) | System, device and method of verifying that a code is executed by a processor | |
WO2018104711A1 (en) | Memory protection logic | |
JP2001256460A (en) | One-chip microcomputer and ic card using the same | |
US9891908B2 (en) | Updatable integrated-circuit radio | |
US20040243783A1 (en) | Method and apparatus for multi-mode operation in a semiconductor circuit | |
WO2019237866A1 (en) | Method for controlling access at runtime and computing device | |
US20190370439A1 (en) | Secure system on chip for protecting software program from tampering, rehosting and piracy and method for operating the same | |
US20230161486A1 (en) | Method for managing a memory in a system-on-a-chip | |
EP4073635B1 (en) | Intermodal calling branch instruction | |
US11150887B2 (en) | Secure code patching | |
CN116635855A (en) | Apparatus and method for managing access of executable code to data memory based on execution context | |
CN110569205A (en) | Security system single chip and method of operation thereof | |
Rivera | Hardware-Based Data Protection/Isolation at Runtime in Ada Code for Microcontrollers | |
KR20220127325A (en) | Apparatus and method for controlling access to a set of memory mapped control registers |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: NORDIC SEMICONDUCTOR ASA, NORWAY Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:BERNTSEN, FRANK;MARVIK, OLA;OLSEN, LASSE;AND OTHERS;REEL/FRAME:038936/0659 Effective date: 20130805 |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: FINAL REJECTION MAILED |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |