WO2007132741A1 - Dma control device - Google Patents

Dma control device Download PDF

Info

Publication number
WO2007132741A1
WO2007132741A1 PCT/JP2007/059691 JP2007059691W WO2007132741A1 WO 2007132741 A1 WO2007132741 A1 WO 2007132741A1 JP 2007059691 W JP2007059691 W JP 2007059691W WO 2007132741 A1 WO2007132741 A1 WO 2007132741A1
Authority
WO
WIPO (PCT)
Prior art keywords
dma
control
processor
access
channel
Prior art date
Application number
PCT/JP2007/059691
Other languages
French (fr)
Japanese (ja)
Inventor
Masaaki Harada
Original Assignee
Panasonic Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Panasonic Corporation filed Critical Panasonic Corporation
Publication of WO2007132741A1 publication Critical patent/WO2007132741A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • G06F13/14Handling requests for interconnection or transfer
    • G06F13/20Handling requests for interconnection or transfer for access to input/output bus
    • G06F13/28Handling requests for interconnection or transfer for access to input/output bus using burst mode transfer, e.g. direct memory access DMA, cycle steal

Definitions

  • the present invention relates to a DMA control device, and more particularly to the realization of a secure mechanism in a system LSI for digital AV equipment.
  • DMA direct memory access
  • Patent Document 1 by limiting the accessible processors to a plurality of control registers mapped to different addresses, if a DMA activation register is provided for each channel, activation is performed for each channel.
  • a mechanism is disclosed that allows the possible masters to be restricted. In other words, by restricting the masters that can be accessed for each address, it is possible to limit access to DMA controller resources.
  • FIG. 12 shows a DMA control device described in Patent Document 1.
  • the DMA control device 805 controls data transfer between the peripheral circuit 123 and the memory 122 and data transfer between the cryptographic engine 121 and the memory 122 according to an instruction from the CPU 302.
  • the CPU 302 sets DMA control parameters such as a transfer source, a transfer destination, and a transfer size in each channel (ch) control register 812b in the control register 812, and then instructs the start register 812a to start DMA, that is, transfer start To do.
  • the DMA controller 805 selects which channel to perform transfer from among the activated multiple channels by the arbitration unit 113, and the execution unit 107 selects the channel based on the DMA control parameter of the selected channel. Perform data transfer.
  • the CPU 302 when performing highly confidential processing such as content copyright protection processing, the CPU 302 performs processing by transitioning to the secure mode. Programs executed in the secure mode are protected from being tampered with or seen by malicious persons. When the CPU 302 operates in the secure mode, unauthorized processing is prevented. Access to the registers of the DMA controller 805 When this is done, the processor operating mode 322 is output to notify that the register access is in the secure mode.
  • channel 16 (chl6) is a dedicated DMA channel for secure use, and transfer between the cryptographic engine 121 and the memory 122 is possible. It is assumed that data transfer cannot be performed.
  • the activation registers 812a of each channel are mapped to different addresses, and the access enable / disable information holding unit 810 holds the processor operation mode as master attribute information accessible to each of the activation registers.
  • the access determination unit 811 determines whether or not the CPU 302 can access the activation register of the access request destination.
  • Channel activation register 812a is accessed only when the determination result indicates that access is permitted.
  • the CPU 302 can only access 0x00 (chO start register) to 0x3c (chl5 start register) in normal mode and cannot access 0x40 (chl6 start register).
  • the CPU 302 can access all 0x00 to 0x40 in the secure mode! Therefore, the CPU 302 cannot start data transfer with the cryptographic engine 121 in the normal mode, but can start only in the secure mode.
  • FIG. 13 is a flowchart showing an example of the process of Patent Document 1.
  • Step S901 The CPU 302 transfers the transfer source address and transfer destination to the channel control register 812b. Set various DMA control parameters such as address and transfer size.
  • Step S902 For a channel for which a DMA control parameter has been set, a start request is set to instruct the start register 812a to start transfer. If there are multiple channels to be activated here, multiple activation registers will be set.
  • Step S903 The access permission determination unit 811 holds the access permission information holding unit 810 and requests access based on the master attribute information accessible to each address! It is determined whether or not access to the activation register 812a is permitted.
  • Step S904 When there are a plurality of activated channels with access permission, the arbitration unit 1
  • Step S905 Based on the DMA control parameter of the channel that has acquired the right by arbitration, the execution unit 107 controls data transfer to the transfer source and transfer destination.
  • Step S906 It is determined whether there is still data to be transferred! /, And if it is not completed, it becomes the object of arbitration again and S904 and subsequent steps are repeated. If completed, perform a specified completion process such as asserting a transfer completion interrupt request.
  • Patent Document 1 when it is determined in S903 in the DMA control device 805 that the permission is not permitted, the above description is omitted.
  • the channel in the DMA controller refers to the hardware resources necessary to hold the DMA parameter. If there are multiple channels, multiple DMA parameters can be set and started. As a software, it is possible to execute multiple types of transfers simultaneously.
  • a DMA control device includes a plurality of channels, and software activates a plurality of DMA transfers according to the execution status of an application, and hardware performs data transfer control in time division or in parallel. Do.
  • Patent Document 1 Pamphlet of International Publication No. 05/121979
  • Patent Document 1 If it is necessary to increase the number of secure DMA channels during system expansion, the mechanism of Patent Document 1 requires that all secure DMA channels be mapped to secure IO space addresses. It is necessary to expand the secure IO space, which may cause incompatibility with the conventional system.
  • the present invention has been made in view of the above-described conventional circumstances, and provides a DMA control device that can reduce software processing steps, suppress an increase in circuit scale, and maintain security. For the purpose of doing.
  • a DMA control device is a DMA (Direct Memory Access) control device that controls data transfer between a peripheral circuit and a memory in accordance with an instruction of processor power, and is a single mapped to one address.
  • a channel control register that controls multiple DMA channels using the start control register, and an access that stores the channel ID of the start DMA channel and controllable processor information that indicates whether the processor can start the DMA channel in association with each other.
  • the processor operation mode notified to the processor power and the setting value in the activation control register, and the channel ID and controllable processor information held in the access control management table. Then, the determination of whether to prohibit the force to permit access to the start control register is performed V, And a control register management unit that notifies a control request to the activation control register when to allow access.
  • the DMA control device has a plurality of the channel control register powers.
  • the access control management table 1S holds the channel ID of the DMA channel included in the group for each group ID that identifies the group, and the control register management unit Based on the group ID to which the DMA channel belongs and the controllable processor information for each of the loop IDs held in the access control management table, access to the activation control register is permitted. Whether to do or not.
  • FIG. 1 is a configuration diagram of a DMA control circuit according to a first embodiment of the present invention.
  • FIG. 2 is a flowchart showing a processing example of the DMA control circuit according to the first embodiment of the present invention.
  • FIG. 3 is a diagram showing an example of an access control management table according to the first embodiment of the present invention (1)
  • FIG. 4 is a configuration diagram of a DMA control circuit according to a second embodiment of the present invention.
  • FIG. 5 is a configuration diagram of a DMA control circuit according to a third embodiment of the present invention.
  • FIG. 6 is a diagram showing an example of an access control management table according to the third embodiment of the present invention.
  • FIG. 7 is a diagram showing an example of an access control management table in the third embodiment of the present invention (3)
  • FIG. 8 is a diagram showing an example of a start control register according to the third embodiment of the present invention.
  • FIG. 9 is a configuration diagram of a DMA control circuit according to a fourth embodiment of the present invention.
  • FIG. 10 is a configuration diagram of a DMA control circuit according to a fifth embodiment of the present invention.
  • FIG. 11 is a flowchart showing a processing example of the DMA control circuit according to the fourth and fifth embodiments of the present invention.
  • FIG. 13 is a flowchart showing a processing example of a conventional DMA control circuit.
  • the DMA control apparatus 105 includes one activation control register 112a as the channel control register 112, and is mapped to one address. Also, multiple DMA channels are controlled by classifying them into multiple groups.
  • the DMA channels (chO to chl5) classified into group 0 and group 1 can be activated in the normal mode by the CPU 102, and the DMA channels belonging to group 1 (chl6, chl7) can be started only when CPU102 is in secure mode.
  • the CPU 102 has a secure mode for performing confidential processing.
  • the CPU 102 sets the group ID 119 and the activated channel information as the control setting value 118,
  • the CPU 102 outputs the processor operating mode 22 indicating whether the CPU 102 is in the secure mode or the normal mode.
  • the host IF 108 receives the register access 32 and the processor operation mode 22 from the CPU 102, and notifies the control register management unit 111 of the operation mode as the processor identification information 115.
  • the access control management table 110 holds processor information accessible to the activation control register 112a for each group ID, and the control register management unit 111 uses the group HD information 119 of the access request destination channel from the CPU 102, Access to the start control register 112a is based on the processor identification information 115 from the host IF 108 and the control information that can be controlled (startable) for each group ID held in the access control management table 110. Judgment of whether to prohibit the force.
  • the DMA transfer of channels 0 to 15 can be started only when the group ID 119 is 0 and the processor identification information 115 is only allowed in the normal mode, and the channel 16 17 means that access is permitted only when the group ID 119 is 1 and the processor identification information 115 is in the secure mode.
  • the control request management unit 111 notifies the control request 116 to the channel control register 112 only when access is permitted.
  • FIG. 2 is a flowchart showing an example. The difference from Figure 9 is S Only 202 and S203.
  • Step S202 For the channel for which the DMA control parameter is set, a start request is set to instruct the start control register 112a to start transfer. Even when there are multiple channels to be activated here, only one activation control register is set, and the group ID 119 and the activated channel information are set as the control setting value 118.
  • Step S203 The control register management unit 111 holds the request in the access control management table 110 based on the processor information that can be activated for each group ID! It is determined whether or not access to the start control register 112a is permitted.
  • control register 112a has been described as the activation control register 112a.
  • other channel control registers such as a register for requesting interruption or restart may be used.
  • various settings such as a transfer source address, a transfer destination address, and a transfer size for the channel control register 112b are not necessarily required and may be fixed in hardware.
  • Fig. 1 shows an example in which channels belonging to group 0 and group 1 have consecutive channel numbers from chO to chl5, chl6, and chl 7, respectively.
  • Chl 7 may be non-contiguous channel numbers.
  • FIG. 3 shows table information of the access control management table 110 when access is restricted for each group.
  • a DMA channel whose group ID belongs to 0 can be activated in CPU normal mode
  • a DMA channel whose group ID belongs to 1 can only be activated in CPU secure mode. It means that it is possible.
  • the channel for secure data transfer is arranged at the end (16, 17) of the serial number of the channel ID (0, 1, 2,... • 16, 17).
  • Fig. 3 (c) shows a case where channels for secure data transfer are selected by non-consecutive numbers (0, 17) and the channels are grouped into a secure gnole (gnole ID 1).
  • the DMA control device 105 transfers data between the cryptographic engine 121 and the peripheral circuit 123 and the memory 122 in accordance with an instruction from the processor 102.
  • the DMA controller 105 that controls the channel control register 1 12 that controls a plurality of DMA channels by one start control register 112a mapped to one address, and the channel ID of the DMA channel to be started and the processor 102
  • Access control management table 110 that stores the controllable processor information that indicates whether the DMA channel can be activated or not, and the setting value in the processor operation mode 22 and the activation control register 112a notified from the processor 102 And whether access to the boot control register 112a is permitted or prohibited based on the comparison between the channel ID and the controllable processor information held in the access control management table 110, Control register management unit 11 1 for notifying control request 116 to start control register 112a when Therefore, access restriction can be realized by one activation control register 112a, and security can be maintained while reducing software processing steps at the time of DMA activ
  • the channel control register 112 controls a plurality of DMA channels by classifying them into a plurality of groups
  • the access control management table 110 includes a group ID for identifying the group.
  • Each channel holds the channel ID of the DMA channel included in the group
  • the control register management unit 111 holds the group ID to which the DMA channel belongs and the access control management table 110 to control each group ID.
  • the activation of channels belonging to a specific group can be limited to only those processor powers that satisfy the conditions.
  • the DMA control device 105 of the present embodiment accepts the register access 32 and the processor operation mode 22 notified from the processor 102, and performs control setting including the group ID 119 to which the DMA channel to be activated belongs, and the channel information to be activated. Since it has the host IF108 that notifies the control register management unit 111 of the value 118, it is possible to manage the channel information to be activated in groups, and to maintain security while reducing the software processing steps when DMA activation is requested. it can.
  • the numbers of the DMA channels belonging to the group include a continuous number and a non-consecutive number. It can be managed by number, and the burden of software processing can be reduced.
  • the CPU 302 notifies the processor operation mode including the security level corresponding to the processing content in the secure mode, in addition to notifying whether the mode is the secure mode or the normal mode. For example, it may be considered that the encryption processing of billing information for paid services is positioned at a higher security level than the decryption processing of the program processed by the processor.
  • the host IF 308 notifies the control register management unit 311 of the processor operation mode 322 notified from the CPU 302 as the processor identification information 315.
  • Group 0 (chO to chl 5) is used for normal use
  • Group 1 (chl6) is used for security level 1
  • Group 2 (chl7) is used for security level 1 is more confidential than security level 0.
  • chl7 belonging to group 2 can be considered.
  • the access control management table 310 stores, as processor information that can be activated for each group ID, whether the mode is the normal mode or the secure mode (security level 0) and the secure mode (security level 1).
  • the gnole IDO DMA channel can be activated in normal mode, and the gnole 1 DMA channel can only be activated in secure mode (security level 0). It is assumed that the loop 2 DMA channel can only be activated in secure mode (security level 1).
  • the control register management unit 311 includes group I and f blueprint 119 of the access request destination channel from the CPU 302, processor identification information 315 indicating the operation mode (including the security level) of the processor from the host IF 308, access control management Based on the information of the bootable processor information for each group ID held in the table 310, it is determined whether or not to allow access to the boot control register 112a.
  • the DMA transfer with the cryptographic engine 121 that handles the billing information can be activated only when the CPU 302 is performing security level 1 processing in the secure mode.
  • the processor 302 notifies the host IF 308 of the security level corresponding to the processing content in the secure mode, and the access control management table 310 Since the security level is stored for each group ID, DMA transfer with the cryptographic engine 121 that handles accounting information can be activated only when the processor 302 is processing security level 1 in secure mode. The security level can be improved.
  • DMA controller 405 in the present embodiment is controlled by a plurality of processors.
  • this embodiment differs from the first and second embodiments in that access is restricted for each channel rather than for each group.
  • the host IF 408 identifies whether the access is from CPUO 102 or CPU1 403 (whether it is the register access 32a from CPUO 102 or the register access 32b from CPU1 403), and the identification result is sent to the processor. Control register management as identification information 415 Notification to Part 411.
  • the access control management table 410 stores whether the processor that can be activated for each channel is only the CP UO, the power of only the CPU 1, or both of the CPU O and 1.
  • chO and 17 can be started only by CPUO, and the other channels can be started by both CPU0 and 1.
  • the control register management unit 411 includes the group ID information 119 of the access request destination channel from the CPU 102 or the CPU 403, the processor identification information 415 indicating which processor the host IF 408 is accessing from, and the host IF 408 Based on the information of the control setting 118 and the startable processor information for each channel held in the access control management table 410, it is determined whether or not to permit access to the start control register 112a. As described above, DMA transfer with the cryptographic engine 121 can be activated only by the CPUO.
  • FIG. 6 shows an access control management table 11 when access is restricted for each channel.
  • FIG. 7 shows table information in the case of managing access permitting activation according to the secure level of the CPU secure mode.
  • the concept of secure level is introduced based on Fig. 6.
  • the DMA control device specifies a field for specifying a loop ID as the specification of the start control register and which channel to start from among the channels belonging to the specified group. Have a field to do.
  • a field to do For example, as shown in Figure 8, there may be a form in which the upper 4 bits of the 32-bit start control register are used as a group ID designation field and the lower 16 bits are used as a channel designation field.
  • CPU0 and CPU1 have a secure mode as in the first embodiment, and the access control management table 410 has the operation mode of CPU0 and CPU1 as controllable processor information. There may be a form of managing the mode.
  • the host IF 408 identifies from which of the plurality of CPUs 102 and 403 the access is made, and the identification result is used as the processor identification information 415.
  • the control register management unit 411 holds controllable processor information for each channel ID, and the control register management unit 411 holds for each channel ID held in the access control management table 410. Based on the controllable processor information, it is determined whether access to the activation control register 112a is permitted or prohibited. For example, only the CPU 102 can activate DMA transfer with the cryptographic engine 121. it can.
  • the DMA controller 505 in the present embodiment notifies the determination result 524 to the transfer completion notification means 523, and the chl6 control register 512b notifies the transfer completion notification means 523 of the transfer size 526 set by the CPU 102.
  • the transfer completion notification means 523 waits for the time required for actual data transfer based on the size indicated by the transfer size 526, and then transfers the transfer completion interrupt 525 to the CPU 102. Notify
  • a method of determining the waiting time a method may be considered in which the waiting time per unit size is determined in advance and the waiting time corresponding to the size indicated by the transfer size 526 is calculated based on the waiting time. .
  • FIG. 11 is a flowchart showing an example thereof. The only difference from Figure 2 is S707.
  • Step S707 If it is determined that access is not permitted based on the determination in step S203, the CPU 102 is notified that the transfer has been completed. As a result, malicious DM It becomes possible for the person who started A to realize that he / she was unable to transfer.
  • the DMA control device 505 of the present embodiment when the determination result 524 in the control register management unit 111 indicates that access to the channel control register 112 is prohibited, the transfer set by the processor 102 is performed. Based on the size 526, it has a transfer completion notification means 523 that notifies the processor 102 of a transfer completion interrupt 525 after waiting for an amount of time required for actual data transfer. It is possible to realize that the person who has been able to transfer can realize it.
  • the DMA control device 605 in the present embodiment receives the determination result 624 in the abnormality processing unit 623 and sends it to the CPU 102. In response, an error interrupt 625 is generated to notify that an illegal DMA activation has occurred. As described above, it is possible to detect that a malicious program is mixed and attempts to start an illegal DMA.
  • the determination result 624 in the control register management unit 111 indicates that access to the channel control register 112 is prohibited
  • the determination result 624 is received. Since it has an error processing unit 623 that generates an error interrupt 625 that notifies the processor 102 that an illegal DMA activation has occurred, it means that a malicious program was mixed in and attempted to activate the illegal DMA. It can be detected.
  • the example of the activation control register described with reference to FIG. 8 is the same as the example of the activation control register shown in FIG. , 4, 5, 6).
  • the DMA control device Upon receiving a bus access from the processor, the DMA control device according to the present invention identifies processor information, outputs the identification result as processor identification information, Processor power Host IF that outputs DMA channel activation request, transfer source, transfer destination, transfer size, and other control settings corresponding to the activation request, and channel control that retains and updates the control settings as necessary
  • a DMA (Direct Memory Access) control device that has a register and sequentially selects and executes one of the requested DMA channels as required. The DMA control device is controlled by control settings.
  • An access control management table that stores control setting values and processor information that can be controlled using the setting values, and the control setting values and controllable processor information in the access control management table.
  • the processor requesting control of the DMA channel requested to be controlled can be controlled. It has a control register management unit that determines whether it is capable or not, and transmits an access request to the channel control register only when it is determined that control is possible.
  • the DMA control device is the DMA control device described above, wherein the host IF receives access requests from a plurality of processors and indicates which processor the access request is from.
  • the ID is output as the processor identification information
  • the access control management table manages the DMA activation request setting value of the processor power as the control setting value, and the DMA activation request setting as the controllable processor information
  • the processor that allows DMA activation by setting a value is managed as a bootable processor ID
  • the control register management unit receives the processor ID and the control setting from the host IF, and the control setting contents Is a DMA channel activation request, based on the activation request setting value in the access control management table and the processor ID that can be activated. Determining access permission.
  • the DMA control device is the DMA control device described above, wherein the host IF accepts an access request from a processor having a plurality of operation modes, and the access request in any operation mode.
  • a processor operation mode indicating whether or not there is output as the processor identification information
  • the access control management table manages the DMA activation request setting value of the processor power as the control setting value, and as the controllable processor information
  • the control register management unit In response to the processor operation mode and the control setting from the list IF, and the control setting content ⁇ Channel activation request, based on the activation request setting value in the access control management table and the processor operation mode that can be activated Determine whether access is possible.
  • the DMA control device is the above-described DMA control device, which controls a plurality of DMA channels classified into a plurality of groups, and the processor requests DMA activation by an access request.
  • a control target channel is specified by a group ID that specifies the group and an intra-group channel ID that specifies a DMA channel in the group, and the access control management table uses the group as the DMA activation request setting value. Manage IDs.
  • the DMA control device is the above-described DMA control device, wherein the access control management table manages the group ID and the intra-group channel ID as the DMA activation request setting value. .
  • the DMA control device is the above-described DMA control device, and when the processor requests DMA activation by an access request, which of the plurality of channels is activated.
  • the channel to be controlled is specified by the channel ID that identifies the channel ID, and the access control management table manages the channel ID as the DMA activation request setting value.
  • the DMA control device is the above-described DMA control device, comprising transfer completion notification means for notifying the processor that the transfer has been completed when all the designated transfers have been completed. If the determination result of the control register management unit is uncontrollable, the transfer completion is notified to the processor without performing the data transfer.
  • the DMA control device is the DMA control device described above, and when the determination result of the control register management unit is uncontrollable, the data transfer is not performed and the transfer described above is performed.
  • the completion notification means controls the timing for notifying the completion of transfer according to the set transfer size.
  • the DMA control device is the above-described DMA control device, and when the determination result of the control register management unit is uncontrollable, notifies the processor of an error interrupt at that time. An abnormality processing unit.
  • the DMA controller By using the DMA controller according to the present invention, it is possible to reliably prevent illegal DMA transfer at startup without depending on the implementation of the startup register of the DMA controller. Therefore, it can be used to improve the security of all digital devices that perform confidential processing, and to reduce software processing steps by integrating start-up registers.

Abstract

It is possible to solve the problem that when start registers are integrated into one register in order to reduce the number of software processing steps, it is impossible to limit a start of each master by an address. Provided is a DMA control device in which when controlling start of DMA having a plurality of channels by one start control register, the channels are divided into some groups and upon a start request, a group ID for identifying a group and a channel ID in the group are specified. An access control management table (310) contains a processor operation mode whose start can be controlled for each of groups. A control register management unit (311) performs control to permit or inhibit access to the start control register from a CPU (302) according to a group ID (119) specified upon access to a register from the CPU (302), a processor operation mode (322), a value of control setting (118), and information in an access control management table (310).

Description

明 細 書  Specification
DMA制御装置  DMA controller
技術分野  Technical field
[0001] 本発明は、 DMA制御装置に関し、特に、デジタル AV機器向けシステム LSIにおけ るセキュア機構実現に関するものである。  [0001] The present invention relates to a DMA control device, and more particularly to the realization of a secure mechanism in a system LSI for digital AV equipment.
背景技術  Background art
[0002] 現在、 LSI (Large Scale Integrated circuit)の高機能化、高集積化が進む中、複数 のプロセッサから構成されるマルチプロセッサシステムが一般化している。また、デジ タル AV家電分野などでは、多種多様なアプリケーションの実行を行い、その中で、コ ンテンッの著作権保護や個人情報の保護のため、秘匿データの暗号化、復号化処 理をセキュアに実行することが必要不可欠である。  [0002] Currently, as LSI (Large Scale Integrated circuit) is becoming more advanced and highly integrated, multiprocessor systems composed of multiple processors are becoming common. In the field of digital AV home appliances, etc., various applications are executed, and in order to protect the copyright of content and personal information, encryption and decryption processing of confidential data is secured. It is essential to do it.
[0003] そのため、 CPU負荷を軽減するため、秘匿なデータを暗号化、復号化するために D MA(Direct Memory Access)制御装置を用いてデータ転送を行うケースが一般的で ある。その場合、秘匿データを扱う転送を不正に実行されることがないようにする必要 がある。  [0003] Therefore, in order to reduce the CPU load, data transfer is generally performed using a direct memory access (DMA) control device in order to encrypt and decrypt secret data. In that case, it is necessary to prevent unauthorized transfer of confidential data.
[0004] 特許文献 1には、異なるアドレスにマッピングされた複数の制御レジスタに対し、ァ クセス可能なプロセッサを限定することで、 DMA起動レジスタがチャネル別に設けら れている場合、チャネルごとに起動可能なマスタを制限することを可能にするための 仕組みが開示されている。つまり、アドレスごとにアクセス可能なマスタをあら力じめ決 めておくことで、 DMA制御装置内資源へのアクセス制限を実現する。  [0004] In Patent Document 1, by limiting the accessible processors to a plurality of control registers mapped to different addresses, if a DMA activation register is provided for each channel, activation is performed for each channel. A mechanism is disclosed that allows the possible masters to be restricted. In other words, by restricting the masters that can be accessed for each address, it is possible to limit access to DMA controller resources.
[0005] 図 12に特許文献 1記載の DMA制御装置を示す。まずは DMA制御装置 805の一 般的な動作を説明する。 DMA制御装置 805は、 CPU302からの指示により周辺回 路 123とメモリ 122間のデータ転送や、暗号エンジン 121とメモリ 122間のデータ転 送を制御する。  FIG. 12 shows a DMA control device described in Patent Document 1. First, the general operation of the DMA controller 805 will be described. The DMA control device 805 controls data transfer between the peripheral circuit 123 and the memory 122 and data transfer between the cryptographic engine 121 and the memory 122 according to an instruction from the CPU 302.
[0006] CPU302は制御レジスタ 812内の各チャネル(ch)制御レジスタ 812bに転送元、 転送先や転送サイズなどの DMA制御パラメータを設定した上で、起動レジスタ 812 aに DMA起動つまり転送開始を指示する。 [0007] DMA制御装置 805は起動された複数のチャネルの中でどのチャネルの転送を実 行するかを調停部 113で選択し、選択されたチャネルの DMA制御パラメータに基づ いて実行部 107がデータ転送を行う。 [0006] The CPU 302 sets DMA control parameters such as a transfer source, a transfer destination, and a transfer size in each channel (ch) control register 812b in the control register 812, and then instructs the start register 812a to start DMA, that is, transfer start To do. [0007] The DMA controller 805 selects which channel to perform transfer from among the activated multiple channels by the arbitration unit 113, and the execution unit 107 selects the channel based on the DMA control parameter of the selected channel. Perform data transfer.
[0008] また、 CPU302はコンテンツの著作権保護処理など秘匿性の高い処理を行う場合 、セキュアモードに遷移して処理を行う。セキュアモードで実行するプログラムは悪意 のある者による改ざんや盗み見ができないように保護されており、 CPU302がセキュ アモードで動作する場合、不正な処理が行われることはなぐ DMA制御装置 805の レジスタにアクセスする時には、セキュアモードにおけるレジスタアクセスであることを 通知するために、プロセッサ動作モード 322を出力する。  [0008] Further, when performing highly confidential processing such as content copyright protection processing, the CPU 302 performs processing by transitioning to the secure mode. Programs executed in the secure mode are protected from being tampered with or seen by malicious persons. When the CPU 302 operates in the secure mode, unauthorized processing is prevented. Access to the registers of the DMA controller 805 When this is done, the processor operating mode 322 is output to notify that the register access is in the secure mode.
[0009] 次に、特許文献 1の DMA制御装置 805における特徴を説明する。ここではチヤネ ル 0から 16まである DMAチャネルの内、チャネル 16 (chl6)がセキュア用途専用の DMAチャネルであり、暗号エンジン 121とメモリ 122間の転送が可能であり、 chO〜 15では暗号エンジン 121とのデータ転送はできないものとする。  Next, features of the DMA control device 805 of Patent Document 1 will be described. Here, of the DMA channels from channels 0 to 16, channel 16 (chl6) is a dedicated DMA channel for secure use, and transfer between the cryptographic engine 121 and the memory 122 is possible. It is assumed that data transfer cannot be performed.
[0010] 各チャネルの起動レジスタ 812aは別々のアドレスにマッピングされており、アクセス 可否情報保持部 810は、各起動レジスタに対してアクセス可能なマスタの属性情報と してプロセッサ動作モードを保持しており、 CPU302が発行する起動レジスタ 812a へのアクセス要求およびそのときのプロセッサ動作モード 322により、アクセス可否判 定部 811において CPU302がアクセス要求先の起動レジスタにアクセス可能か否か を判定する。  [0010] The activation registers 812a of each channel are mapped to different addresses, and the access enable / disable information holding unit 810 holds the processor operation mode as master attribute information accessible to each of the activation registers. Based on the access request to the activation register 812a issued by the CPU 302 and the processor operation mode 322 at that time, the access determination unit 811 determines whether or not the CPU 302 can access the activation register of the access request destination.
[0011] チャネル起動レジスタ 812aへは、その判定結果がアクセス許可を示しているときの みアクセスする。図 12の例では、 CPU302は通常モードでは 0x00 (chO起動レジス タ)〜0x3c(chl5起動レジスタ)にのみアクセス可能となり、 0x40(chl6起動レジスタ) へはアクセスできなくなる。  [0011] Channel activation register 812a is accessed only when the determination result indicates that access is permitted. In the example shown in Fig. 12, the CPU 302 can only access 0x00 (chO start register) to 0x3c (chl5 start register) in normal mode and cannot access 0x40 (chl6 start register).
[0012] 一方 CPU302はセキュアモードにお!ヽては 0x00〜0x40全てにアクセス可能となる 。従って、 CPU302は通常モードでは暗号エンジン 121とのデータ転送を起動する ことができず、セキュアモードでのみ起動可能になる。  On the other hand, the CPU 302 can access all 0x00 to 0x40 in the secure mode! Therefore, the CPU 302 cannot start data transfer with the cryptographic engine 121 in the normal mode, but can start only in the secure mode.
[0013] 図 13に特許文献 1の処理の一例を示すフローチャートを示す。  FIG. 13 is a flowchart showing an example of the process of Patent Document 1.
ステップ S901 : CPU302がチャネル制御レジスタ 812bに転送元アドレス、転送先 アドレス、転送サイズなど各種 DMA制御パラメータを設定する。 Step S901: The CPU 302 transfers the transfer source address and transfer destination to the channel control register 812b. Set various DMA control parameters such as address and transfer size.
[0014] ステップ S902 : DMA制御パラメータを設定したチャネルに対し、起動レジスタ 812 aに対し転送開始を指示するために起動要求設定を行う。ここで起動するチャネルが 複数ある場合は、複数の起動レジスタをそれぞれ設定することになる。 Step S902: For a channel for which a DMA control parameter has been set, a start request is set to instruct the start register 812a to start transfer. If there are multiple channels to be activated here, multiple activation registers will be set.
[0015] ステップ S903 :アクセス可否判定部 811にて、アクセス可否情報保持部 810に保 持されて!、る各アドレスに対してアクセス可能なマスタ属性情報に基づ 、て、アクセス 要求されて!、る起動レジスタ 812aへのアクセスを許可するか否か判定する。 [0015] Step S903: The access permission determination unit 811 holds the access permission information holding unit 810 and requests access based on the master attribute information accessible to each address! It is determined whether or not access to the activation register 812a is permitted.
[0016] ステップ S904:アクセス許可されて起動されたチャネルが複数ある場合、調停部 1[0016] Step S904: When there are a plurality of activated channels with access permission, the arbitration unit 1
13にお!/、て、その内どのチャネルの転送を行うかを決定する。 13! Decide which of the channels you want to transfer.
[0017] ステップ S905:調停により権利を獲得したチャネルの DMA制御パラメータに基づ き、実行部 107が転送元力 転送先へのデータ転送を制御する。 Step S905: Based on the DMA control parameter of the channel that has acquired the right by arbitration, the execution unit 107 controls data transfer to the transfer source and transfer destination.
[0018] ステップ S906:まだ転送すべきデータが残って!/、るのかを判定し、未完了であれば 再度調停対象となり S904以降を繰り返す。完了であれば、転送完了割り込み要求を アサートするなどの所定の完了処理を行う。 [0018] Step S906: It is determined whether there is still data to be transferred! /, And if it is not completed, it becomes the object of arbitration again and S904 and subsequent steps are repeated. If completed, perform a specified completion process such as asserting a transfer completion interrupt request.
[0019] 特許文献 1においては、 DMA制御装置 805における S903において不許可と判定 された場合にっ 、ての記載はな 、。 [0019] In Patent Document 1, when it is determined in S903 in the DMA control device 805 that the permission is not permitted, the above description is omitted.
[0020] ここで、 DMA制御装置におけるチャネルとは、 DMAパラメータを保持するために 必要なハードウェア資源のことを指し、チャネルが複数存在すると複数の DMAパラメ ータを設定、起動することが可能であり、ソフトウェア的には同時に複数種類の転送 を実行することが可能となる。 [0020] Here, the channel in the DMA controller refers to the hardware resources necessary to hold the DMA parameter. If there are multiple channels, multiple DMA parameters can be set and started. As a software, it is possible to execute multiple types of transfers simultaneously.
[0021] 一般的に DMA制御装置は複数のチャネルを備えており、アプリケーションの実行 状況に応じて、ソフトウェアが複数の DMA転送を起動し、ハードウェアが時分割もし くは並行にデータ転送制御を行う。 [0021] In general, a DMA control device includes a plurality of channels, and software activates a plurality of DMA transfers according to the execution status of an application, and hardware performs data transfer control in time division or in parallel. Do.
[0022] 特許文献 1:国際公開第 05/121979号パンフレット [0022] Patent Document 1: Pamphlet of International Publication No. 05/121979
発明の開示  Disclosure of the invention
発明が解決しょうとする課題  Problems to be solved by the invention
[0023] しかし、特許文献 1の仕組みでは必要なチャネル数が多 、場合、起動要求時にチ ャネルごとの起動レジスタをそれぞれ設定して!/、かねばならず、ソフト処理ステップが 増加する要因となる。また起動レジスタの本数もチャネル数増加に比例して増えるた め、回路規模増加の要因となる。 [0023] However, in the mechanism of Patent Document 1, if a large number of channels are required, the activation register for each channel must be set individually at the time of activation request! /, And the software processing step is required. It becomes an increase factor. In addition, the number of activation registers increases in proportion to the increase in the number of channels, which increases the circuit scale.
[0024] そこで、ソフト処理ステップ削減、回路規模増加の抑制のため、起動レジスタを一本 のレジスタに統合しょうとすると、アドレスによるマスタごとのアクセス制限ができなくな る。  [0024] Therefore, if the start register is integrated into a single register in order to reduce software processing steps and suppress an increase in circuit scale, it becomes impossible to restrict access for each master by address.
[0025] また、システム拡張時にセキュアな DMAチャネルを増やす必要が生じた場合、特許 文献 1の仕組みではセキュアな DMAチャネルは全てセキュアな IO空間のアドレスに マッピングする必要があるため、チャネル数によってはセキュア IO空間の拡張が必要 となり、従来との互換性がなくなる可能性がある。  [0025] If it is necessary to increase the number of secure DMA channels during system expansion, the mechanism of Patent Document 1 requires that all secure DMA channels be mapped to secure IO space addresses. It is necessary to expand the secure IO space, which may cause incompatibility with the conventional system.
[0026] 本発明は、上記従来の事情に鑑みてなされたものであって、ソフト処理ステップを 削減するとともに、回路規模の増加を抑制し、セキュリティを維持することができる D MA制御装置を提供することを目的として 、る。  [0026] The present invention has been made in view of the above-described conventional circumstances, and provides a DMA control device that can reduce software processing steps, suppress an increase in circuit scale, and maintain security. For the purpose of doing.
課題を解決するための手段  Means for solving the problem
[0027] 本発明に係る DMA制御装置は、プロセッサ力 の指示により周辺回路とメモリ間の データ転送を制御する DMA(Direct Memory Access)制御装置であって、一つのアド レスにマッピングされる一つの起動制御レジスタにより複数の DMAチャネルを制御 するチャネル制御レジスタと、起動する DMAチャネルのチャネル IDと前記プロセッ サが前記 DMAチャネルを起動可能力どうかをしめす制御可能プロセッサ情報を対 応させて記憶するアクセス制御管理テーブルと、前記プロセッサ力 通知されるプロ セッサ動作モードおよび前記起動制御レジスタへの設定値と、前記アクセス制御管 理テーブルに保持されているチャネル IDおよび制御可能プロセッサ情報との対比に 基づ 、て、前記起動制御レジスタへのアクセスを許可する力禁止するかの判定を行 V、、アクセスを許可する場合に前記起動制御レジスタへ制御要求を通知する制御レ ジスタ管理部と、を有する。  [0027] A DMA control device according to the present invention is a DMA (Direct Memory Access) control device that controls data transfer between a peripheral circuit and a memory in accordance with an instruction of processor power, and is a single mapped to one address. A channel control register that controls multiple DMA channels using the start control register, and an access that stores the channel ID of the start DMA channel and controllable processor information that indicates whether the processor can start the DMA channel in association with each other. Based on a comparison between the control management table, the processor operation mode notified to the processor power and the setting value in the activation control register, and the channel ID and controllable processor information held in the access control management table. Then, the determination of whether to prohibit the force to permit access to the start control register is performed V, And a control register management unit that notifies a control request to the activation control register when to allow access.
[0028] 上記構成によれば、一つの起動制御レジスタでアクセス制御が可能となるため、ソ フト処理ステップを削減するとともに、回路規模の増加を抑制し、セキュリティを維持 することができる。  [0028] According to the above configuration, access control is possible with one activation control register, so that it is possible to reduce software processing steps, suppress an increase in circuit scale, and maintain security.
[0029] また、本発明に係る DMA制御装置は、前記チャネル制御レジスタ力 複数ある D MAチャネルを複数のグループに分類して制御し、前記アクセス制御管理テーブル 1S 前記グループを識別するグループ IDごとに、前記グループに含まれる DMAチヤ ネルのチャネル IDを保持し、前記制御レジスタ管理部が、前記 DMAチャネルが属 するグループ ID、および前記アクセス制御管理テーブルに保持されて ヽる前記ダル ープ IDごとの制御可能プロセッサ情報に基づ 、て、前記起動制御レジスタへのァク セスを許可するか禁止するかを判定するものである。 [0029] Further, the DMA control device according to the present invention has a plurality of the channel control register powers. The access control management table 1S holds the channel ID of the DMA channel included in the group for each group ID that identifies the group, and the control register management unit Based on the group ID to which the DMA channel belongs and the controllable processor information for each of the loop IDs held in the access control management table, access to the activation control register is permitted. Whether to do or not.
[0030] 上記構成によれば、複数のチャネルをグループに分類しグループ毎にアクセス制 限できるため、起動制御レジスタのビット数を増加させることなぐチャネル数の増加 に対応できる。 [0030] According to the above configuration, since a plurality of channels can be classified into groups and access can be restricted for each group, it is possible to cope with an increase in the number of channels without increasing the number of bits of the activation control register.
発明の効果  The invention's effect
[0031] 本発明の DMA制御装置によると、少ないレジスタ数でアクセス制限を実現できるた め、 DMA起動要求時のソフト処理ステップを削減した上で、セキュリティを維持させ ることがでさる。  [0031] According to the DMA control device of the present invention, since access restriction can be realized with a small number of registers, it is possible to maintain security while reducing software processing steps at the time of DMA activation request.
図面の簡単な説明  Brief Description of Drawings
[0032] [図 1]本発明の第 1の実施の形態における DMA制御回路の構成図 FIG. 1 is a configuration diagram of a DMA control circuit according to a first embodiment of the present invention.
[図 2]本発明の第 1の実施の形態における DMA制御回路の処理例を示すフローチ ヤートの図  FIG. 2 is a flowchart showing a processing example of the DMA control circuit according to the first embodiment of the present invention.
[図 3]本発明の第 1の実施の形態におけるアクセス制御管理テーブルの例を示す図( 1)  FIG. 3 is a diagram showing an example of an access control management table according to the first embodiment of the present invention (1)
[図 4]本発明の第 2の実施の形態における DMA制御回路の構成図  FIG. 4 is a configuration diagram of a DMA control circuit according to a second embodiment of the present invention.
[図 5]本発明の第 3の実施の形態における DMA制御回路の構成図  FIG. 5 is a configuration diagram of a DMA control circuit according to a third embodiment of the present invention.
[図 6]本発明の第 3の実施の形態におけるアクセス制御管理テーブルの例を示す図( FIG. 6 is a diagram showing an example of an access control management table according to the third embodiment of the present invention (
2) 2)
[図 7]本発明の第 3の実施の形態におけるアクセス制御管理テーブルの例を示す図( 3)  FIG. 7 is a diagram showing an example of an access control management table in the third embodiment of the present invention (3)
[図 8]本発明の第 3の実施の形態における起動制御レジスタの例を示す図  FIG. 8 is a diagram showing an example of a start control register according to the third embodiment of the present invention.
[図 9]本発明の第 4の実施の形態における DMA制御回路の構成図  FIG. 9 is a configuration diagram of a DMA control circuit according to a fourth embodiment of the present invention.
[図 10]本発明の第 5の実施の形態における DMA制御回路の構成図 [図 11]本発明の第 4、 5の実施の形態における DMA制御回路の処理例を示すフロ 一チャートの図 FIG. 10 is a configuration diagram of a DMA control circuit according to a fifth embodiment of the present invention. FIG. 11 is a flowchart showing a processing example of the DMA control circuit according to the fourth and fifth embodiments of the present invention.
[図 12]従来の DMA制御回路の構成図  [Figure 12] Configuration of conventional DMA control circuit
[図 13]従来の DMA制御回路の処理例を示すフローチャートの図  FIG. 13 is a flowchart showing a processing example of a conventional DMA control circuit.
符号の説明 Explanation of symbols
22 プロセッサ動作モード  22 Processor operating modes
32, 32a, 32b レジスタアクセス  32, 32a, 32b Register access
102 CPU 102 CPU
105 DMA制御装置 105 DMA controller
106 チャネル制御部 106 Channel controller
107 実行部 107 execution unit
108 ホスト IF 108 Host IF
110 アクセス制御管理テーブル  110 Access control management table
111 制御レジスタ管理 111 Control register management
112 チャネル制御レジスタ 112 Channel control register
112a 起動制御レジスタ 112a Startup control register
112b チャネル制御レジスタ 112b Channel control register
113 調停部  113 Mediation Department
115 プロセッサ識別情報  115 Processor identification information
116 制御要求  116 Control request
118 制御設定値  118 Control setpoint
119 グループ ID  119 Group ID
121 喑号エンジン  121 Engine # 12
122 メモリ  122 memory
123 周辺回路  123 Peripheral circuit
302 CPU  302 CPU
305 DMA制御装置  305 DMA controller
306 チャネル制御部 310 アクセス制御管理テーブル 306 Channel controller 310 Access control management table
315 プロセッサ識別情報  315 Processor identification information
322 プロセッサ動作モード  322 Processor operating mode
403 CPU1  403 CPU1
405 DMA制御装置  405 DMA controller
406 チャネル制御部  406 Channel controller
410 アクセス制御管理テーブル  410 Access control management table
415 プロセッサ識別情報  415 Processor identification information
505 DMA制御装置  505 DMA controller
506 チャネル制御部  506 channel controller
512b chl6制御レジスタ  512b chl6 control register
523 転送完了通知手段  523 Transfer completion notification means
524 判定結果  524 judgment result
525 転送完了割り込み  525 Transfer completion interrupt
526 chl6の転送サイズ  526 chl6 transfer size
605 DMA制御装置  605 DMA controller
606 チャネル制御部  606 channel controller
624 判定結果  624 judgment result
625 エラー割り込み  625 error interrupt
805 DMA制御装置  805 DMA controller
806 チャネル制御部  806 Channel controller
810 アクセス制御管理テーブル  810 Access control management table
812 チャネル制御レジスタ  812 Channel control register
発明を実施するための最良の形態  BEST MODE FOR CARRYING OUT THE INVENTION
[0034] 以下に各請求項に係る発明の実施例について図面を参照して説明する。  [0034] Hereinafter, embodiments of the invention according to each claim will be described with reference to the drawings.
[0035] (実施の形態 1) [Embodiment 1]
本発明の第 1の実施の形態である DMA制御装置の動作を、図 1、 2、 3を用いて特 許文献 1との差分を中心に説明する。 [0036] 第 1の実施の形態である DMA制御装置 105においては、チャネル制御レジスタ 11 2として、一つの起動制御レジスタ 112aを備えており、一つのアドレスにマッピングさ れて ヽる。また複数ある DMAチャネルを複数のグループに分類して制御する。 The operation of the DMA control apparatus according to the first embodiment of the present invention will be described with reference to FIGS. [0036] The DMA control apparatus 105 according to the first embodiment includes one activation control register 112a as the channel control register 112, and is mapped to one address. Also, multiple DMA channels are controlled by classifying them into multiple groups.
[0037] 図 1の例では、グループ 0とグループ 1に分類し、グループ 0に属する DMAチヤネ ル(chOから chl5)は CPU102が通常モードで起動可能であり、グループ 1に属する DMAチャネル(chl6、 chl7)は CPU102がセキュアモードのときのみ起動可能と する。  [0037] In the example of FIG. 1, the DMA channels (chO to chl5) classified into group 0 and group 1 can be activated in the normal mode by the CPU 102, and the DMA channels belonging to group 1 (chl6, chl7) can be started only when CPU102 is in secure mode.
[0038] CPU102は秘匿な処理を行うためのセキュアモードを有しており、起動制御レジス タ 112aにアクセスする際、グループ ID119と起動するチャネル情報を制御設定値 1 18として設定するのと同時に、 CPU102がセキュアモードであるの力、通常モードで あるのかを示すプロセッサ動作モード 22を出力する。  [0038] The CPU 102 has a secure mode for performing confidential processing. When accessing the activation control register 112a, the CPU 102 sets the group ID 119 and the activated channel information as the control setting value 118, The CPU 102 outputs the processor operating mode 22 indicating whether the CPU 102 is in the secure mode or the normal mode.
[0039] ホスト IF108は CPU102からのレジスタアクセス 32とプロセッサ動作モード 22を受 け付け、動作モードをプロセッサ識別情報 115として制御レジスタ管理部 111に通知 する。  [0039] The host IF 108 receives the register access 32 and the processor operation mode 22 from the CPU 102, and notifies the control register management unit 111 of the operation mode as the processor identification information 115.
[0040] アクセス制御管理テーブル 110は、グループ IDごとに起動制御レジスタ 112aにァ クセス可能なプロセッサ情報を保持し、制御レジスタ管理部 111にて、 CPU102から のアクセス要求先チャネルのグループ HD情報 119、ホスト IF108からのプロセッサ識 別情報 115、アクセス制御管理テーブル 110に保持されて 、るグループ IDごとの制 御可能 (起動可能)プロセッサ情報、の情報を基に、起動制御レジスタ 112aへのァク セスを許可する力 禁止するかの判定を行う。  [0040] The access control management table 110 holds processor information accessible to the activation control register 112a for each group ID, and the control register management unit 111 uses the group HD information 119 of the access request destination channel from the CPU 102, Access to the start control register 112a is based on the processor identification information 115 from the host IF 108 and the control information that can be controlled (startable) for each group ID held in the access control management table 110. Judgment of whether to prohibit the force.
[0041] 図 1のアクセス制御管理テーブル 110では、チャネル 0から 15の DMA転送を起動 できるのは、グループ ID119が 0で、プロセッサ識別情報 115が通常モードでのァク セスのみ許可し、チャネル 16、 17についてはグループ ID119が 1でプロセッサ識別 情報 115がセキュアモードの場合にのみアクセスを許可することを意味する。判定し た結果、アクセスを許可する場合にのみ、制御レジスタ管理部 111からチャネル制御 レジスタ 112へ制御要求 116を通知する。  [0041] In the access control management table 110 of FIG. 1, the DMA transfer of channels 0 to 15 can be started only when the group ID 119 is 0 and the processor identification information 115 is only allowed in the normal mode, and the channel 16 17 means that access is permitted only when the group ID 119 is 1 and the processor identification information 115 is in the secure mode. As a result of the determination, the control request management unit 111 notifies the control request 116 to the channel control register 112 only when access is permitted.
[0042] 次に、本実施の形態における DMA制御装置 105内のレジスタアクセス制限処理 について説明する。図 2は、その一例を示すフローチャートである。図 9との差分は S 202, S203のみである。 Next, register access restriction processing in the DMA control apparatus 105 in the present embodiment will be described. FIG. 2 is a flowchart showing an example. The difference from Figure 9 is S Only 202 and S203.
[0043] ステップ S202 : DMA制御パラメータを設定したチャネルに対し、起動制御レジスタ 112aに対し転送開始を指示するために起動要求設定を行う。ここで起動するチヤネ ルが複数ある場合も設定する起動制御レジスタは一つであり、グループ ID119と起 動するチャネル情報を制御設定値 118として設定する。  Step S202: For the channel for which the DMA control parameter is set, a start request is set to instruct the start control register 112a to start transfer. Even when there are multiple channels to be activated here, only one activation control register is set, and the group ID 119 and the activated channel information are set as the control setting value 118.
[0044] ステップ S203:制御レジスタ管理部 111にて、アクセス制御管理テーブル 110に保 持されて!、る各グループ IDに対して起動可能なプロセッサ情報に基づ 、て、ァクセ ス要求されている起動制御レジスタ 112aへのアクセスを許可するか否か判定する。  [0044] Step S203: The control register management unit 111 holds the request in the access control management table 110 based on the processor information that can be activated for each group ID! It is determined whether or not access to the start control register 112a is permitted.
[0045] 以上により、複数チャネルの内、特定グループに属するチャネルの起動を、条件を 満たすプロセッサからのみに限定することが可能となる。  [0045] As described above, it is possible to limit the activation of channels belonging to a specific group among a plurality of channels only from processors that satisfy the conditions.
[0046] なお、ここではアクセスを制限する制御レジスタを起動制御レジスタ 112aとして説 明したが、その他のチャネル制御レジスタ、例えば中断、再開を要求するレジスタ等 であっても良い。また、チャネル制御レジスタ 112bに対する転送元アドレス、転送先 アドレス、転送サイズなどの各種設定は必ずしも必要ではなぐハード的に固定され ていても良い。  Here, the control register for restricting access has been described as the activation control register 112a. However, other channel control registers such as a register for requesting interruption or restart may be used. Further, various settings such as a transfer source address, a transfer destination address, and a transfer size for the channel control register 112b are not necessarily required and may be fixed in hardware.
[0047] また、図 1ではグループ 0、グループ 1に属するチャネルがそれぞれ chOから chl5、 chl6、 chl 7のように連続するチャネル番号となる例を記載した力 グループ 1に風 するチャネル力 SchO、 ch6、 chl 7のように非連続なチャネル番号であっても良い。  [0047] In addition, Fig. 1 shows an example in which channels belonging to group 0 and group 1 have consecutive channel numbers from chO to chl5, chl6, and chl 7, respectively. , Chl 7 may be non-contiguous channel numbers.
[0048] 図 3は、グループ毎にアクセス制限する場合におけるアクセス制御管理テーブル 11 0のテーブル情報を示す。図 3 (a)の例では、グループ IDが 0に属する DMAチャネル については、 CPU通常モードで起動可能であり、グループ IDが 1に属する DMAチヤ ネルにっ 、ては、 CPUセキュアモードでのみ起動可能であることを意味する。  FIG. 3 shows table information of the access control management table 110 when access is restricted for each group. In the example of Fig. 3 (a), a DMA channel whose group ID belongs to 0 can be activated in CPU normal mode, and a DMA channel whose group ID belongs to 1 can only be activated in CPU secure mode. It means that it is possible.
[0049] また、図 3 (b)は、セキュアなデータ転送を行うチャネルを、チャネル ID (0, 1, 2, · · •16, 17)の連続番号の最後(16, 17)に配置するケースであり、図 3 (c)は、セキュ ァなデータ転送を行うチャネルを非連続な番号 (0, 17)で選択し、そのチャネルをセ キュアなグノレープ(グノレープ ID1)にまとめるケースを示す。  In FIG. 3 (b), the channel for secure data transfer is arranged at the end (16, 17) of the serial number of the channel ID (0, 1, 2,... • 16, 17). Fig. 3 (c) shows a case where channels for secure data transfer are selected by non-consecutive numbers (0, 17) and the channels are grouped into a secure gnole (gnole ID 1).
[0050] このように、本発明の実施形態に力かる DMA制御装置 105は、プロセッサ 102か らの指示により暗号エンジン 121および周辺回路 123とメモリ 122間のデータ転送を 制御する DMA制御装置 105であって、一つのアドレスにマッピングされる一つの起 動制御レジスタ 112aにより複数の DMAチャネルを制御するチャネル制御レジスタ 1 12と、起動する DMAチャネルのチャネル IDとプロセッサ 102が DMAチャネルを起 動可能かどうかをしめす制御可能プロセッサ情報とを対応させて記憶するアクセス制 御管理テーブル 110と、プロセッサ 102から通知されるプロセッサ動作モード 22およ び起動制御レジスタ 112aへの設定値と、アクセス制御管理テーブル 110に保持され て 、るチャネル IDおよび制御可能プロセッサ情報との対比に基づ 、て、起動制御レ ジスタ 112aへのアクセスを許可するか禁止するかの判定を行い、アクセスを許可す る場合に起動制御レジスタ 112aへ制御要求 116を通知する制御レジスタ管理部 11 1とを有するので、一つの起動制御レジスタ 112aでアクセス制限を実現でき、 DMA 起動要求時のソフト処理ステップを削減した上で、セキュリティを維持することができ る。 As described above, the DMA control device 105 according to the embodiment of the present invention transfers data between the cryptographic engine 121 and the peripheral circuit 123 and the memory 122 in accordance with an instruction from the processor 102. The DMA controller 105 that controls the channel control register 1 12 that controls a plurality of DMA channels by one start control register 112a mapped to one address, and the channel ID of the DMA channel to be started and the processor 102 Access control management table 110 that stores the controllable processor information that indicates whether the DMA channel can be activated or not, and the setting value in the processor operation mode 22 and the activation control register 112a notified from the processor 102 And whether access to the boot control register 112a is permitted or prohibited based on the comparison between the channel ID and the controllable processor information held in the access control management table 110, Control register management unit 11 1 for notifying control request 116 to start control register 112a when Therefore, access restriction can be realized by one activation control register 112a, and security can be maintained while reducing software processing steps at the time of DMA activation request.
[0051] また、本実施形態の DMA制御装置 105において、チャネル制御レジスタ 112は、 複数ある DMAチャネルを複数のグループに分類して制御し、アクセス制御管理テー ブル 110は、グループを識別するグループ IDごとに、グループに含まれる DMAチヤ ネルのチャネル IDを保持し、制御レジスタ管理部 111は、 DMAチャネルが属するグ ループ ID、およびアクセス制御管理テーブル 110に保持されて!、るグループ IDごと の制御可能プロセッサ情報に基づ 、て、起動制御レジスタ 112aへのアクセスを許可 するか禁止するかを判定するので、複数ある DMAチャネルを複数のグループに分 類して制御することができ、複数チャネルの内、特定グループに属するチャネルの起 動を、条件を満たすプロセッサ力ものみに限定することが可能となる。  [0051] In the DMA control device 105 of the present embodiment, the channel control register 112 controls a plurality of DMA channels by classifying them into a plurality of groups, and the access control management table 110 includes a group ID for identifying the group. Each channel holds the channel ID of the DMA channel included in the group, and the control register management unit 111 holds the group ID to which the DMA channel belongs and the access control management table 110 to control each group ID. Based on the available processor information, it is determined whether access to the start control register 112a is permitted or prohibited. Therefore, a plurality of DMA channels can be classified into a plurality of groups and controlled. Among them, the activation of channels belonging to a specific group can be limited to only those processor powers that satisfy the conditions.
[0052] また、本実施形態の DMA制御装置 105は、プロセッサ 102から通知されるレジスタ アクセス 32およびプロセッサ動作モード 22を受け付け、起動する DMAチャネルが 属するグループ ID119、および起動するチャネル情報を含む制御設定値 118を、制 御レジスタ管理部 111に通知するホスト IF108を有するので、起動するチャネル情報 をグループで管理でき、 DMA起動要求時のソフト処理ステップを削減した上で、セ キユリティを維持することができる。  In addition, the DMA control device 105 of the present embodiment accepts the register access 32 and the processor operation mode 22 notified from the processor 102, and performs control setting including the group ID 119 to which the DMA channel to be activated belongs, and the channel information to be activated. Since it has the host IF108 that notifies the control register management unit 111 of the value 118, it is possible to manage the channel information to be activated in groups, and to maintain security while reducing the software processing steps when DMA activation is requested. it can.
[0053] また、本実施形態の DMA制御装置 105にお!/、て、複数のグループは、プロセッサ 102が通常モードで起動可能な第 1のグループと、プロセッサ 102が秘匿な処理を 行うためのセキュアモードで起動可能な第 2のグループとを含むので、通常モードと セキュアモードをグループで管理することができ、 DMA起動要求時のソフト処理ステ ップを削減した上で、セキュリティを維持することができる。 [0053] Also, in the DMA control device 105 of the present embodiment,! / Since 102 includes the first group that can be activated in the normal mode and the second group that can be activated in the secure mode for the processor 102 to perform confidential processing, the normal mode and the secure mode must be managed as a group. Security can be maintained while reducing software processing steps when DMA activation is requested.
[0054] さらに、本実施形態の DMA制御装置 105において、グループに属する DMAチヤ ネルの番号は、連続番号および非連続番号を含むので、セキュアモードで起動可能 な DMAチャネルを、連続番号および非連続番号で管理することができ、ソフト処理 の負担を軽減することができる。  [0054] Further, in the DMA control device 105 of the present embodiment, the numbers of the DMA channels belonging to the group include a continuous number and a non-consecutive number. It can be managed by number, and the burden of software processing can be reduced.
[0055] (実施の形態 2)  [Embodiment 2]
本発明の第 2の実施の形態である DMA制御装置の動作を、図 4を用いて説明する 。ここでは、第 1の実施の形態である DMA制御装置の動作と異なる点を中心に説明 する。  The operation of the DMA control apparatus according to the second embodiment of the present invention will be described with reference to FIG. Here, the description will focus on differences from the operation of the DMA control apparatus according to the first embodiment.
[0056] 本実施の形態における CPU302はプロセッサ動作モードとして、セキュアモードと 通常モードどちらのモードであるのかを通知するのに加え、セキュアモードにおける 処理内容に応じたセキュリティレベルを含めて通知する。例えばプロセッサが処理す るプログラムの復号処理よりも、有料サービスの課金情報の暗号処理などをセキユリ ティレベルの高 、処理と位置づける、などが考えられる。  [0056] In this embodiment, the CPU 302 notifies the processor operation mode including the security level corresponding to the processing content in the secure mode, in addition to notifying whether the mode is the secure mode or the normal mode. For example, it may be considered that the encryption processing of billing information for paid services is positioned at a higher security level than the decryption processing of the program processed by the processor.
[0057] ホスト IF308は CPU302から通知されるプロセッサ動作モード 322をプロセッサ識 別情報 315として制御レジスタ管理部 311へ通知する。またグループ 0 (chOから chl 5)は通常用途、グループ 1 (chl6)はセキュリティレベル 0用途、グループ 2 (chl7) はセキュリティレベル 1用途とし、セキュリティレベル 1はセキュリティレベル 0よりも秘匿 性が高いとする。例えば、グループ 2に属する chl7でのみ課金情報のデータ転送を 可能とする、ようなケースが考えられる。  The host IF 308 notifies the control register management unit 311 of the processor operation mode 322 notified from the CPU 302 as the processor identification information 315. Group 0 (chO to chl 5) is used for normal use, Group 1 (chl6) is used for security level 0, Group 2 (chl7) is used for security level 1, and security level 1 is more confidential than security level 0. To do. For example, a case where accounting information data transfer is possible only in chl7 belonging to group 2 can be considered.
[0058] アクセス制御管理テーブル 310では、グループ IDごとに起動可能なプロセッサ情 報として、通常モードなのか、セキュアモード(セキュリティレベル 0)なの力 セキュア モード (セキュリティレベル 1)なのかを記憶する。  [0058] The access control management table 310 stores, as processor information that can be activated for each group ID, whether the mode is the normal mode or the secure mode (security level 0) and the secure mode (security level 1).
[0059] ここではグノレープ IDOの DMAチヤネノレは通常モードで起動可能であり、グノレープ 1 の DMAチャネルはセキュアモード(セキュリティレベル 0)でのみ起動可能であり、グ ループ 2の DMAチャネルはセキュアモード(セキュリティレベル 1)でのみ起動可能で あるとする。 [0059] Here, the gnole IDO DMA channel can be activated in normal mode, and the gnole 1 DMA channel can only be activated in secure mode (security level 0). It is assumed that the loop 2 DMA channel can only be activated in secure mode (security level 1).
[0060] 制御レジスタ管理部 311は、 CPU302からのアクセス要求先チャネルのグループ I ひ f青報 119、ホスト IF308からのプロセッサの動作モード(セキュリティレベルを含む) を示すプロセッサ識別情報 315、アクセス制御管理テーブル 310に保持されて 、る グループ IDごとの起動可能プロセッサ情報、の情報を基に起動制御レジスタ 112a へのアクセスを許可する力、禁止するかの判定を行う。  [0060] The control register management unit 311 includes group I and f blueprint 119 of the access request destination channel from the CPU 302, processor identification information 315 indicating the operation mode (including the security level) of the processor from the host IF 308, access control management Based on the information of the bootable processor information for each group ID held in the table 310, it is determined whether or not to allow access to the boot control register 112a.
[0061] 以上により、 CPU302がセキュアモードでセキュリティレベル 1の処理をしているとき にのみ課金情報を取り扱う暗号エンジン 121との DMA転送を起動可能にすることが できる。  As described above, the DMA transfer with the cryptographic engine 121 that handles the billing information can be activated only when the CPU 302 is performing security level 1 processing in the secure mode.
[0062] このように本実施形態の DMA制御装置 305によれば、プロセッサ 302は、ホスト IF 308に、セキュアモードにおける処理内容に応じたセキュリティレベルを通知し、ァク セス制御管理テーブル 310は、グループ IDごとにセキュリティレベルを記憶するので 、プレセッサ 302がセキュアモードでセキュリティレベル 1の処理をしているときにのみ 、課金情報を取り扱う暗号エンジン 121との DMA転送を起動可能にすることができ、 セキュリティレベルを向上することができる。  As described above, according to the DMA control device 305 of the present embodiment, the processor 302 notifies the host IF 308 of the security level corresponding to the processing content in the secure mode, and the access control management table 310 Since the security level is stored for each group ID, DMA transfer with the cryptographic engine 121 that handles accounting information can be activated only when the processor 302 is processing security level 1 in secure mode. The security level can be improved.
[0063] (実施の形態 3)  [0063] (Embodiment 3)
本発明の第 3の実施の形態である DMA制御装置の動作を、図 5を用いて説明する 。ここでは、第 1、第 2の実施の形態である DMA制御装置の動作と異なる点を中心に 説明する。  The operation of the DMA control apparatus according to the third embodiment of the present invention will be described with reference to FIG. Here, the description will focus on differences from the operation of the DMA control device according to the first and second embodiments.
[0064] 本実施の形態における DMA制御装置 405は複数のプロセッサにより制御される。  [0064] DMA controller 405 in the present embodiment is controlled by a plurality of processors.
ここでは CPUO 102と CPU1 403により制御されるものとし、 CPUOでのみ暗号ェン ジン 121とのデータ転送が可能であるとする。また本実施の形態ではグループ毎の アクセス制限ではなぐチャネル毎にアクセス制限する点が第 1、第 2の実施の形態と は異なる。  Here, it is assumed that control is performed by CPUO 102 and CPU1 403, and data transfer with cryptographic engine 121 is possible only by CPUO. Also, this embodiment differs from the first and second embodiments in that access is restricted for each channel rather than for each group.
[0065] ホスト IF408は CPUO 102、 CPU1 403のどちらからのアクセスであるか(CPUO 102からのレジスタアクセス 32aである力 CPU1 403からのレジスタアクセス 32bで あるか)を識別し、その識別結果をプロセッサ識別情報 415として制御レジスタ管理 部 411へ通知する。 [0065] The host IF 408 identifies whether the access is from CPUO 102 or CPU1 403 (whether it is the register access 32a from CPUO 102 or the register access 32b from CPU1 403), and the identification result is sent to the processor. Control register management as identification information 415 Notification to Part 411.
[0066] アクセス制御管理テーブル 410では、チャネルごとに起動可能なプロセッサが CP UOのみであるのか、 CPU1のみであるの力、 CPUO, 1両方であるのかを記憶する。 ここでは chO, 17は CPUOのみ起動可能で、他のチャネルは CPU0、 1両方で起動可 能であるとする。  [0066] The access control management table 410 stores whether the processor that can be activated for each channel is only the CP UO, the power of only the CPU 1, or both of the CPU O and 1. Here, chO and 17 can be started only by CPUO, and the other channels can be started by both CPU0 and 1.
[0067] 制御レジスタ管理部 411は、 CPU102もしくは CPU403からのアクセス要求先チヤ ネルのグループ ID情報 119、ホスト IF408からのどのプロセッサからのアクセスであ るのかを示すプロセッサ識別情報 415、ホスト IF408からの制御設定 118、アクセス 制御管理テーブル 410に保持されているチャネルごとの起動可能プロセッサ情報、 の情報を基に起動制御レジスタ 112aへのアクセスを許可する力、禁止するかの判定 を行う。以上により、 CPUOでのみ暗号エンジン 121との DMA転送を起動可能にす ることがでさる。  [0067] The control register management unit 411 includes the group ID information 119 of the access request destination channel from the CPU 102 or the CPU 403, the processor identification information 415 indicating which processor the host IF 408 is accessing from, and the host IF 408 Based on the information of the control setting 118 and the startable processor information for each channel held in the access control management table 410, it is determined whether or not to permit access to the start control register 112a. As described above, DMA transfer with the cryptographic engine 121 can be activated only by the CPUO.
[0068] 図 6は、チャネル毎にアクセス制限する場合におけるアクセス制御管理テーブル 11 FIG. 6 shows an access control management table 11 when access is restricted for each channel.
0のテーブル情報を示す。同図の例では、チャネル ID0,チャネル ID 17が CPUセキ ユアモードでのみ起動可能であることを意味する。 Indicates 0 table information. In the example in the figure, it means that channel ID 0 and channel ID 17 can be activated only in CPU secure mode.
[0069] 図 7は、起動を許可するアクセスを、 CPUセキュアモードのセキュアレベルに応じて 管理する場合のテーブル情報を示す。同図の例では、図 6をベースにセキュアレべ ルの概念を導入している。セキュリティレベルを [0069] FIG. 7 shows table information in the case of managing access permitting activation according to the secure level of the CPU secure mode. In the example in the figure, the concept of secure level is introduced based on Fig. 6. Security level
セキュア(レベル 1) >セキュア(レベル 0) >通常  Secure (Level 1)> Secure (Level 0)> Normal
とすると、チャネル ID17でのみ、より秘匿性の高いデータ転送を行うことが出来るよう になる。  Then, it becomes possible to transfer data with higher secrecy only with channel ID17.
[0070] また、本実施の形態である DMA制御装置は、起動制御レジスタの仕様としてダル ープ IDを指定するフィールドと、指定したグループに属するチャネルの内、どのチヤ ネルを起動するかを指定するフィールドを持つ。例えば図 8のように 32ビットの起動 制御レジスタの上位 4ビットをグループ ID指定のフィールドとし、下位 16ビットをチヤ ネルを指定するフィールドとするような形態がありうる。  [0070] In addition, the DMA control device according to the present embodiment specifies a field for specifying a loop ID as the specification of the start control register and which channel to start from among the channels belonging to the specified group. Have a field to do. For example, as shown in Figure 8, there may be a form in which the upper 4 bits of the 32-bit start control register are used as a group ID designation field and the lower 16 bits are used as a channel designation field.
[0071] なお、 CPU0、 CPU1は実施の形態 1と同様にセキュアモードを有しており、ァクセ ス制御管理テーブル 410は制御可能プロセッサ情報として CPU0、 CPU1の動作モ ードを管理する形態もありうる。 Note that CPU0 and CPU1 have a secure mode as in the first embodiment, and the access control management table 410 has the operation mode of CPU0 and CPU1 as controllable processor information. There may be a form of managing the mode.
[0072] このように本実施形態の DMA制御装置 405によれば、ホスト IF408は、複数の CP U102, 403のいずれ力からのアクセスであるかを識別し、その識別結果をプロセッ サ識別情報 415として制御レジスタ管理部 411に通知し、アクセス制御管理テープ ル 410は、チャネル IDごとに制御可能プロセッサ情報を保持し、制御レジスタ管理部 411は、アクセス制御管理テーブル 410に保持されているチャネル IDごとの制御可 能プロセッサ情報に基づいて、起動制御レジスタ 112aへのアクセスを許可するか禁 止するかを判定するので、たとえば、 CPU102でのみ暗号エンジン 121との DMA転 送を起動可能にすることができる。  As described above, according to the DMA control device 405 of the present embodiment, the host IF 408 identifies from which of the plurality of CPUs 102 and 403 the access is made, and the identification result is used as the processor identification information 415. The control register management unit 411 holds controllable processor information for each channel ID, and the control register management unit 411 holds for each channel ID held in the access control management table 410. Based on the controllable processor information, it is determined whether access to the activation control register 112a is permitted or prohibited. For example, only the CPU 102 can activate DMA transfer with the cryptographic engine 121. it can.
[0073] (実施の形態 4)  [0073] (Embodiment 4)
本発明の第 4の実施の形態である DMA制御装置の動作を、図 9と図 11を用いて 説明する。ここでは、第 1〜3の実施の形態である DMA制御装置の動作と異なる点 を中心に説明する。  The operation of the DMA control apparatus according to the fourth embodiment of the present invention will be described with reference to FIGS. Here, the description will focus on the differences from the operation of the DMA controller according to the first to third embodiments.
[0074] 本実施の形態における DMA制御装置 505は、制御レジスタ管理部 111における 判定結果がチャネル制御レジスタ 112へアクセス禁止であった場合、例えば、通常モ ードでグループ 1に属するチャネル 16 (chl6)を起動しょうとした場合、制御レジスタ 管理部 111は判定結果 524を転送完了通知手段 523へ通知し、さらに chl6制御レ ジスタ 512bは CPU102が設定した転送サイズ 526を転送完了通知手段 523へ通知 し、転送完了通知手段 523は判定結果 524がアクセス禁止を示している場合、転送 サイズ 526が示すサイズを基に、実際にデータ転送するのに要する時間相当分待つ た後に、転送完了割り込み 525を CPU102に通知する。  [0074] If the determination result in the control register management unit 111 is that the access to the channel control register 112 is prohibited, the DMA controller 505 in the present embodiment, for example, the channel 16 (chl6) belonging to the group 1 in the normal mode. ), The control register management unit 111 notifies the determination result 524 to the transfer completion notification means 523, and the chl6 control register 512b notifies the transfer completion notification means 523 of the transfer size 526 set by the CPU 102. When the determination result 524 indicates that access is prohibited, the transfer completion notification means 523 waits for the time required for actual data transfer based on the size indicated by the transfer size 526, and then transfers the transfer completion interrupt 525 to the CPU 102. Notify
[0075] 待つ時間の決定方法としては、単位サイズあたりの待ち時間をあら力じめ決めてお き、それを基に転送サイズ 526が示すサイズ分の待ち時間を算出する方法などが考 えられる。  [0075] As a method of determining the waiting time, a method may be considered in which the waiting time per unit size is determined in advance and the waiting time corresponding to the size indicated by the transfer size 526 is calculated based on the waiting time. .
[0076] 図 11は、その一例を示すフローチャートである。図 2と異なるのは、 S707だけであ る。  FIG. 11 is a flowchart showing an example thereof. The only difference from Figure 2 is S707.
[0077] ステップ S707 : S203〖こおける判定〖こより、アクセス不許可と判定された場合、転送 が完了したことを CPU102に対して通知する。以上により、悪意を持って不正な DM Aを起動した人が、転送できな力つたことに気付きに《することが可能となる。 [0077] Step S707: If it is determined that access is not permitted based on the determination in step S203, the CPU 102 is notified that the transfer has been completed. As a result, malicious DM It becomes possible for the person who started A to realize that he / she was unable to transfer.
[0078] このように本実施形態の DMA制御装置 505によれば、制御レジスタ管理部 111に おける判定結果 524がチャネル制御レジスタ 112へのアクセス禁止を示している場 合、プロセッサ 102が設定した転送サイズ 526を基に、実際にデータ転送するのに要 する時間相当分待った後に、転送完了割り込み 525をプロセッサ 102に通知する転 送完了通知手段 523を有するので、悪意を持って不正な DMAを起動した人が、転 送できな力つたことに気付きに《することが可能となる。 As described above, according to the DMA control device 505 of the present embodiment, when the determination result 524 in the control register management unit 111 indicates that access to the channel control register 112 is prohibited, the transfer set by the processor 102 is performed. Based on the size 526, it has a transfer completion notification means 523 that notifies the processor 102 of a transfer completion interrupt 525 after waiting for an amount of time required for actual data transfer. It is possible to realize that the person who has been able to transfer can realize it.
[0079] (実施の形態 5) [0079] (Embodiment 5)
本発明の第 5の実施の形態である DMA制御装置の動作を、図 10を用いて説明す る。ここでは、第 1〜4の実施の形態である DMA制御装置の動作と異なる点を中心に 説明する。  The operation of the DMA control apparatus according to the fifth embodiment of the present invention will be described with reference to FIG. Here, the description will focus on differences from the operation of the DMA control apparatus according to the first to fourth embodiments.
[0080] 本実施の形態における DMA制御装置 605は、制御レジスタ管理部 111における 判定結果がレジスタへのアクセスを不許可とする場合、異常処理部 623にて判定結 果 624を受けて、 CPU102に対して不正な DMA起動が発生したことを通知するエラ 一割り込み 625を発生させる。以上により、悪意のあるプログラムが混入し、不正な D MAを起動しょうとしたことを検出することが可能となる。  If the determination result in the control register management unit 111 does not permit access to the register, the DMA control device 605 in the present embodiment receives the determination result 624 in the abnormality processing unit 623 and sends it to the CPU 102. In response, an error interrupt 625 is generated to notify that an illegal DMA activation has occurred. As described above, it is possible to detect that a malicious program is mixed and attempts to start an illegal DMA.
[0081] このように本実施形態の DMA制御装置 605によれば、制御レジスタ管理部 111に おける判定結果 624がチャネル制御レジスタ 112へのアクセス禁止を示している場 合、判定結果 624を受けて、プロセッサ 102に対して不正な DMA起動が発生したこ とを通知するエラー割り込み 625を発生させる異常処理部 623を有するので、悪意 のあるプログラムが混入し、不正な DMAを起動しょうとしたことを検出することが可能 となる。  As described above, according to the DMA control device 605 of the present embodiment, when the determination result 624 in the control register management unit 111 indicates that access to the channel control register 112 is prohibited, the determination result 624 is received. Since it has an error processing unit 623 that generates an error interrupt 625 that notifies the processor 102 that an illegal DMA activation has occurred, it means that a malicious program was mixed in and attempted to activate the illegal DMA. It can be detected.
[0082] なお、実施の形態 3において、図 8を参照して起動制御レジスタの例を説明した力 同図に示した起動制御レジスタの例は、他の実施の形態 (実施の形態 1、 2、 4、 5、 6) にも適用可能である。  In the third embodiment, the example of the activation control register described with reference to FIG. 8 is the same as the example of the activation control register shown in FIG. , 4, 5, 6).
[0083] 上記各実施の形態で説明したのは、以下の技術思想に含まれる事項である。  [0083] What has been described in the above embodiments is the matter included in the following technical idea.
[0084] 本発明に係る DMA制御装置は、プロセッサからのバスアクセスを受けると、プロセ ッサ情報を識別し、その識別結果をプロセッサ識別情報として出力するとともに、前 記プロセッサ力 DMAチャネルの起動要求や、前記起動要求に対応する転送元、 転送先、転送サイズなどの制御設定を出力するホスト IFと、前記制御設定を保持お よび必要に応じて更新するチャネル制御レジスタを有し、起動要求された DMAチヤ ネルの内、必要に応じてどれかを逐次選択して実行する DMA(Direct Memory Acce ss)制御装置であって、前記 DMA制御装置は制御設定により制御される DMAチヤ ネルに対し、制御設定値と、その設定値を用いて制御可能なプロセッサ情報を記憶 するアクセス制御管理テーブルと、前記アクセス制御管理テーブルの前記制御設定 値、前記制御可能プロセッサ情報と、前記ホスト IFからの前記プロセッサ識別情報と 前記制御設定内容により、制御要求されている DMAチャネルを制御要求しているプ 口セッサが制御可能力否かを判定し、制御可能であると判定した場合にのみ前記チ ャネル制御レジスタに対しアクセス要求を伝える制御レジスタ管理部を有する。 [0084] Upon receiving a bus access from the processor, the DMA control device according to the present invention identifies processor information, outputs the identification result as processor identification information, Processor power Host IF that outputs DMA channel activation request, transfer source, transfer destination, transfer size, and other control settings corresponding to the activation request, and channel control that retains and updates the control settings as necessary A DMA (Direct Memory Access) control device that has a register and sequentially selects and executes one of the requested DMA channels as required. The DMA control device is controlled by control settings. An access control management table that stores control setting values and processor information that can be controlled using the setting values, and the control setting values and controllable processor information in the access control management table. Based on the processor identification information from the host IF and the control settings, the processor requesting control of the DMA channel requested to be controlled can be controlled. It has a control register management unit that determines whether it is capable or not, and transmits an access request to the channel control register only when it is determined that control is possible.
[0085] また、本発明に係る DMA制御装置は、上記の DMA制御装置であって、前記ホス ト IFは複数のプロセッサからのアクセス要求を受付け、どのプロセッサからのアクセス 要求であるかを示すプロセッサ IDを前記プロセッサ識別情報として出力し、前記ァク セス制御管理テーブルは、前記制御設定値として前記プロセッサ力 の DMA起動 要求設定値を管理し、前記制御可能なプロセッサ情報として、前記 DMA起動要求 設定値を設定することで DMA起動を許可するプロセッサを起動可能プロセッサ IDと して管理し、前記制御レジスタ管理部は、前記ホスト IFからの前記プロセッサ IDと前 記制御設定を受け、前記制御設定内容が DMAチャネルの起動要求であった場合、 前記アクセス制御管理テーブルの起動要求設定値と起動可能なプロセッサ IDを基 に、アクセス可否を判定する。  [0085] Further, the DMA control device according to the present invention is the DMA control device described above, wherein the host IF receives access requests from a plurality of processors and indicates which processor the access request is from. The ID is output as the processor identification information, and the access control management table manages the DMA activation request setting value of the processor power as the control setting value, and the DMA activation request setting as the controllable processor information The processor that allows DMA activation by setting a value is managed as a bootable processor ID, and the control register management unit receives the processor ID and the control setting from the host IF, and the control setting contents Is a DMA channel activation request, based on the activation request setting value in the access control management table and the processor ID that can be activated. Determining access permission.
[0086] また、本発明に係る DMA制御装置は、上記の DMA制御装置であって、前記ホス ト IFは複数の動作モードを有するプロセッサからのアクセス要求を受付け、どの動作 モードでのアクセス要求であるかを示すプロセッサ動作モードを前記プロセッサ識別 情報として出力し、前記アクセス制御管理テーブルは、前記制御設定値として前記 プロセッサ力 の DMA起動要求設定値を管理し、前記制御可能なプロセッサ情報と して、前記 DMA起動要求設定値を設定することで DMA起動を許可するプロセッサ を起動可能プロセッサ動作モードとして管理し、前記制御レジスタ管理部は、前記ホ スト IFからの前記プロセッサ動作モードと前記制御設定を受け、前記制御設定内容 力 ΜΑチャネルの起動要求であった場合、前記アクセス制御管理テーブルの起動 要求設定値と起動可能なプロセッサ動作モードを基に、アクセス可否を判定する。 [0086] Further, the DMA control device according to the present invention is the DMA control device described above, wherein the host IF accepts an access request from a processor having a plurality of operation modes, and the access request in any operation mode. A processor operation mode indicating whether or not there is output as the processor identification information, and the access control management table manages the DMA activation request setting value of the processor power as the control setting value, and as the controllable processor information By setting the DMA activation request setting value, a processor that allows DMA activation is managed as an activatable processor operation mode, and the control register management unit In response to the processor operation mode and the control setting from the list IF, and the control setting content ΜΑ Channel activation request, based on the activation request setting value in the access control management table and the processor operation mode that can be activated Determine whether access is possible.
[0087] また、本発明に係る DMA制御装置は、上記の DMA制御装置であって、複数の D MAチャネルを複数のグループに分類して制御し、前記プロセッサがアクセス要求に より DMA起動を要求する場合、前記グループを特定するグループ IDと、グループ内 の DMAチャネルを特定するグループ内チャネル IDとにより制御対象チャネルを指 定され、さらに前記アクセス制御管理テーブルは前記 DMA起動要求設定値として 前記グループ IDを管理する。  [0087] Also, the DMA control device according to the present invention is the above-described DMA control device, which controls a plurality of DMA channels classified into a plurality of groups, and the processor requests DMA activation by an access request. In this case, a control target channel is specified by a group ID that specifies the group and an intra-group channel ID that specifies a DMA channel in the group, and the access control management table uses the group as the DMA activation request setting value. Manage IDs.
[0088] また、本発明に係る DMA制御装置は、上記の DMA制御装置であって、前記ァク セス制御管理テーブルは前記 DMA起動要求設定値として前記グループ IDと前記 グループ内チャネル IDを管理する。  [0088] Further, the DMA control device according to the present invention is the above-described DMA control device, wherein the access control management table manages the group ID and the intra-group channel ID as the DMA activation request setting value. .
[0089] また、本発明に係る DMA制御装置は、上記の DMA制御装置であって、前記プロ セッサがアクセス要求により DMA起動を要求する場合、複数あるチャネルの内、ど のチャネルを起動するのかを特定するチャネル IDにより制御対象チャネルを指定さ れ、さらに前記アクセス制御管理テーブルは前記 DMA起動要求設定値として前記 チャネル IDを管理する。  [0089] Also, the DMA control device according to the present invention is the above-described DMA control device, and when the processor requests DMA activation by an access request, which of the plurality of channels is activated. The channel to be controlled is specified by the channel ID that identifies the channel ID, and the access control management table manages the channel ID as the DMA activation request setting value.
[0090] また、本発明に係る DMA制御装置は、上記の DMA制御装置であって、指定され た転送を全て完了した時点でプロセッサへ転送完了したことを通知する転送完了通 知手段を有し、前記制御レジスタ管理部の判定結果が制御不可能であった場合、デ ータ転送は行わずに転送完了をプロセッサに通知する。  Further, the DMA control device according to the present invention is the above-described DMA control device, comprising transfer completion notification means for notifying the processor that the transfer has been completed when all the designated transfers have been completed. If the determination result of the control register management unit is uncontrollable, the transfer completion is notified to the processor without performing the data transfer.
[0091] また、本発明に係る DMA制御装置は、上記の DMA制御装置であって、前記制御 レジスタ管理部の判定結果が制御不可能であった場合、データ転送は行わずに、前 記転送完了通知手段にて、設定された転送サイズに応じて転送完了を通知するタイ ミングを制御する。  [0091] Also, the DMA control device according to the present invention is the DMA control device described above, and when the determination result of the control register management unit is uncontrollable, the data transfer is not performed and the transfer described above is performed. The completion notification means controls the timing for notifying the completion of transfer according to the set transfer size.
[0092] また、本発明に係る DMA制御装置は、上記の DMA制御装置であって、前記制御 レジスタ管理部の判定結果が制御不可能であった場合、その時点でエラー割り込み をプロセッサに通知するための異常処理部を有する。 [0093] 本発明を詳細にまた特定の実施態様を参照して説明したが、本発明の精神と範囲 を逸脱することなく様々な変更や修正を加えることができることは当業者にとって明ら かである。 Further, the DMA control device according to the present invention is the above-described DMA control device, and when the determination result of the control register management unit is uncontrollable, notifies the processor of an error interrupt at that time. An abnormality processing unit. [0093] Although the invention has been described in detail and with reference to specific embodiments, it will be apparent to those skilled in the art that various changes and modifications can be made without departing from the spirit and scope of the invention. is there.
本出願は、 2006年 5月 11日出願の日本特許出願 (特願 2006— 132162)に基づくも のであり、その内容はここに参照として取り込まれる。  This application is based on a Japanese patent application filed on May 11, 2006 (Japanese Patent Application No. 2006-132162), the contents of which are incorporated herein by reference.
産業上の利用可能性  Industrial applicability
[0094] 本発明に力かる DMA制御装置を用いれば、 DMA制御装置の起動レジスタの実 装に依存せず、不正な DMA転送を起動時に確実に防ぐことができる。そのため、秘 匿処理を行うデジタル機器全般のセキュリティ向上ならびに起動レジスタの統合によ るソフト処理ステップの削減に利用することができる。 By using the DMA controller according to the present invention, it is possible to reliably prevent illegal DMA transfer at startup without depending on the implementation of the startup register of the DMA controller. Therefore, it can be used to improve the security of all digital devices that perform confidential processing, and to reduce software processing steps by integrating start-up registers.

Claims

請求の範囲 The scope of the claims
[1] プロセッサからの指示により周辺回路とメモリ間のデータ転送を制御する DMA(Dir ect Memory Access)制御装置であって、  [1] A DMA (Direct Memory Access) control device that controls data transfer between a peripheral circuit and a memory according to instructions from a processor,
一つのアドレスにマッピングされる一つの起動制御レジスタにより複数の DMAチヤ ネルを制御するチャネル制御レジスタと、  A channel control register for controlling a plurality of DMA channels by one start control register mapped to one address;
起動する DMAチャネルのチャネル IDと前記プロセッサが前記 DMAチャネルを起 動可能かどうかをしめす制御可能プロセッサ情報を対応させて記憶するアクセス制 御管理テーブルと、  An access control management table for storing a channel ID of a DMA channel to be activated and controllable processor information indicating whether the processor can activate the DMA channel;
前記プロセッサ力 通知されるプロセッサ動作モードおよび前記起動制御レジスタ への設定値と、前記アクセス制御管理テーブルに保持されて ヽるチャネル IDおよび 制御可能プロセッサ情報との対比に基づ 、て、前記起動制御レジスタへのアクセス を許可するカゝ禁止するかの判定を行 ヽ、アクセスを許可する場合に前記起動制御レ ジスタへ制御要求を通知する制御レジスタ管理部と、を有する DMA制御装置。  The processor control is based on the processor operation mode notified and the setting value in the activation control register, and the channel ID and controllable processor information held in the access control management table. And a control register management unit that determines whether or not to prohibit access to the register and notifies the start control register of a control request when access is permitted.
[2] 請求項 1記載の DMA制御装置であって、 [2] The DMA control device according to claim 1,
前記チャネル制御レジスタは、複数ある DMAチャネルを複数のグループに分類し て制御し、  The channel control register classifies and controls a plurality of DMA channels into a plurality of groups,
前記アクセス制御管理テーブルは、前記グループを識別するグループ IDごとに、 前記グループに含まれる DMAチャネルのチャネル IDを保持し、  The access control management table holds a channel ID of a DMA channel included in the group for each group ID for identifying the group,
前記制御レジスタ管理部は、前記 DMAチャネルが属するグループ ID、および前 記アクセス制御管理テーブルに保持されている前記グループ IDごとの制御可能プロ セッサ情報に基づ 、て、前記起動制御レジスタへのアクセスを許可する力禁止する かを判定する DMA制御装置。  The control register management unit accesses the activation control register based on the group ID to which the DMA channel belongs and the controllable processor information for each group ID held in the access control management table. DMA controller that determines whether or not the force to allow is prohibited.
[3] 請求項 2記載の DMA制御装置であって、 [3] The DMA control device according to claim 2,
前記プロセッサから通知されるレジスタアクセスおよびプロセッサ動作モードを受け 付け、前記 DMAチャネルが属するグループ ID、および起動するチャネル情報を含 む制御設定値を、前記制御レジスタ管理部に通知するホスト IFを有する DMA制御 装置。  A DMA having a host IF that accepts a register access and a processor operation mode notified from the processor and notifies a control setting value including a group ID to which the DMA channel belongs and channel information to be activated to the control register management unit Control device.
[4] 請求項 2記載の DMA制御装置であって、 前記複数のグループは、前記プロセッサが通常モードで起動可能な第 1のグルー プと、 [4] The DMA control device according to claim 2, The plurality of groups includes a first group in which the processor can be started in a normal mode;
前記プロセッサが秘匿な処理を行うためのセキュアモードで起動可能な第 2のダル ープと、を含む DMA制御装置。  And a second loop that can be activated in a secure mode for performing confidential processing by the processor.
[5] 請求項 2記載の DMA制御装置であって、 [5] The DMA control device according to claim 2,
前記グループに属する DMAチャネルの番号は、連続番号および非連続番号を含 む DMA制御装置。  The number of DMA channels belonging to the group includes a continuous number and a non-consecutive number.
[6] 請求項 4記載の DMA制御装置であって、 [6] The DMA control device according to claim 4,
前記プロセッサは、前記制御レジスタ管理部に、前記セキュアモードにおける処理 内容に応じたセキュリティレベルを通知し、  The processor notifies the control register management unit of a security level corresponding to the processing content in the secure mode,
前記アクセス制御管理テーブルは、前記グループ IDごとに前記セキュリティレベル を記憶する DMA制御装置。  The access control management table is a DMA control device that stores the security level for each group ID.
[7] 請求項 2記載の DMA制御装置であって、 [7] The DMA control device according to claim 2,
複数のプロセッサの 、ずれかからのアクセスであるかを識別し、その識別結果をプ 口セッサ識別情報として、前記制御レジスタ管理部に通知するホスト IFを有し、 前記制御レジスタ管理部は、前記アクセス制御管理テーブルに保持されて 、る前 記グループ IDごとの制御可能プロセッサ情報に基づ 、て、前記起動制御レジスタへ のアクセスを許可するカゝ禁止するかを判定する DMA制御装置。  A host IF is provided for identifying whether the access is from one of a plurality of processors and notifying the identification result as processor identification information to the control register management unit, and the control register management unit A DMA control device for determining whether to prohibit access permission to the start control register based on controllable processor information for each group ID held in the access control management table.
[8] 請求項 1記載の DMA制御装置であって、 [8] The DMA control device according to claim 1,
前記制御レジスタ管理部は、前記アクセス制御管理テーブルに保持されて 、る前 記チャネル ID毎の制御可能プロセッサ情報に基づ 、て、前記起動制御レジスタへの アクセスを許可する力禁止するかを判定する DMA制御装置。  The control register management unit determines whether to prohibit the force to permit access to the activation control register based on the controllable processor information for each channel ID held in the access control management table. DMA controller.
[9] 請求項 8記載の DMA制御装置であって、 [9] The DMA control device according to claim 8,
前記プロセッサから通知されるレジスタアクセスおよびプロセッサ動作モードを受け 付け、起動するチャネル情報を含む制御設定値を、前記制御レジスタ管理部に通知 するホスト IFを有する DMA制御装置。  A DMA control device having a host IF that accepts register access and processor operation mode notified from the processor and notifies the control register management unit of control setting values including channel information to be activated.
[10] 請求項 8記載の DMA制御装置であって、 [10] The DMA control device according to claim 8,
前記複数のチャネルは、前記プロセッサが通常モードで起動可能なチャネルと、 前記プロセッサが秘匿な処理を行うためのセキュアモードで起動可能なチャネルと 、を含む DMA制御装置。 The plurality of channels are channels that the processor can start up in a normal mode; And a channel that can be activated in a secure mode for performing confidential processing by the processor.
[11] 請求項 10記載の DMA制御装置であって、 [11] The DMA control device according to claim 10,
前記プロセッサは、前記制御レジスタ管理部に、前記セキュアモードにおける処理 内容に応じたセキュリティレベルを通知し、  The processor notifies the control register management unit of a security level corresponding to the processing content in the secure mode,
前記アクセス制御管理テーブルは、前記チャネル IDごとに前記セキュリティレベル を記憶する DMA制御装置。  The DMA control apparatus, wherein the access control management table stores the security level for each channel ID.
[12] 請求項 8記載の DMA制御装置であって、 [12] The DMA control device according to claim 8,
複数のプロセッサの 、ずれかからのアクセスであるかを識別し、その識別結果をプ 口セッサ識別情報として、前記制御レジスタ管理部に通知するホスト IFを有し、 前記アクセス制御管理テーブルは、前記チャネル IDごとに制御可能プロセッサ情 報を保持し、  The access control management table includes a host IF that identifies whether the access is from any of a plurality of processors, and notifies the control register management unit of the identification result as processor identification information. Holds controllable processor information for each channel ID,
前記制御レジスタ管理部は、前記アクセス制御管理テーブルに保持されて 、る前 記チャネル IDごとの制御可能プロセッサ情報に基づ 、て、前記起動制御レジスタへ のアクセスを許可するカゝ禁止するかを判定する DMA制御装置。  The control register management unit determines whether to prohibit access permission to the start control register based on the controllable processor information for each channel ID held in the access control management table. DMA controller to judge.
[13] 請求項 1記載の DMA制御装置であって、 [13] The DMA control device according to claim 1,
前記制御レジスタ管理部における判定結果が前記チャネル制御レジスタへのァク セス禁止を示している場合、前記プロセッサが設定した転送サイズを基に、実際にデ ータ転送するのに要する時間相当分待った後に、転送完了割り込みを前記プロセッ サに通知する転送完了通知手段を有する DMA制御装置。  When the determination result in the control register management unit indicates that access to the channel control register is prohibited, the processor waits for the time required for actual data transfer based on the transfer size set by the processor. A DMA control device having transfer completion notification means for notifying the processor of a transfer completion interrupt later.
[14] 請求項 1記載の DMA制御装置であって、 [14] The DMA control device according to claim 1,
前記制御レジスタ管理部における判定結果が前記チャネル制御レジスタへのァク セス禁止を示している場合、前記判定結果を受けて、前記プロセッサに対して不正な DMA起動が発生したことを通知するエラー割り込みを発生させる異常処理部を有す る DMA制御装置。  If the determination result in the control register management unit indicates that access to the channel control register is prohibited, an error interrupt that notifies the processor that an illegal DMA activation has occurred in response to the determination result A DMA control device having an abnormality processing unit that generates a fault.
PCT/JP2007/059691 2006-05-11 2007-05-10 Dma control device WO2007132741A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2006-132162 2006-05-11
JP2006132162A JP2009175774A (en) 2006-05-11 2006-05-11 Dma control device

Publications (1)

Publication Number Publication Date
WO2007132741A1 true WO2007132741A1 (en) 2007-11-22

Family

ID=38693835

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2007/059691 WO2007132741A1 (en) 2006-05-11 2007-05-10 Dma control device

Country Status (2)

Country Link
JP (1) JP2009175774A (en)
WO (1) WO2007132741A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH03156554A (en) * 1989-11-14 1991-07-04 Hitachi Ltd Data transfer control system
WO2005121979A1 (en) * 2004-06-14 2005-12-22 Matsushita Electric Industrial Co., Ltd. Access control device and access control method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH03156554A (en) * 1989-11-14 1991-07-04 Hitachi Ltd Data transfer control system
WO2005121979A1 (en) * 2004-06-14 2005-12-22 Matsushita Electric Industrial Co., Ltd. Access control device and access control method

Also Published As

Publication number Publication date
JP2009175774A (en) 2009-08-06

Similar Documents

Publication Publication Date Title
US20230128711A1 (en) Technologies for trusted i/o with a channel identifier filter and processor-based cryptographic engine
EP3326104B1 (en) Technologies for secure trusted i/o access control
JP6484255B2 (en) Host attestation, including trusted execution environment
US9268594B2 (en) Processor extensions for execution of secure embedded containers
TWI570589B (en) Apparatus for providing trusted computing
JP5981845B2 (en) Virtual computer system, virtual computer control method, virtual computer control program, and semiconductor integrated circuit
JP4940460B2 (en) Processing system, method and device
US10726165B2 (en) Technologies for secure enumeration of USB devices
US20180082057A1 (en) Access control
JP2005018770A (en) Security architecture for system-on-chip
US20150381658A1 (en) Premises-aware security and policy orchestration
JP2008052704A (en) Computer and shared password management method
EP3317999A2 (en) Loading and virtualizing cryptographic keys
JP2006221633A (en) Method and device for secure processor collaboration in multi-processor system
JP2022553722A (en) COMPUTING DEVICE OPERATING METHOD AND OPERATING APPARATUS
WO2014143029A1 (en) Generic privilege escalation prevention
WO2016109558A1 (en) System and method for secure code entry point control
JP2007109053A (en) Bus access controller
US10339082B2 (en) Technologies for stable secure channel identifier mapping for static and dynamic devices
WO2019224374A1 (en) Multi-master security circuit
JP4972692B2 (en) DMA controller and data transfer method
WO2007132741A1 (en) Dma control device
US20190042473A1 (en) Technologies for enabling slow speed controllers to use hw crypto engine for i/o protection
US10331564B2 (en) Technologies for secure I/O with MIPI camera device
CN117194286B (en) Micro control unit, processor, access method and access system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07743126

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

NENP Non-entry into the national phase

Ref country code: JP

122 Ep: pct application non-entry in european phase

Ref document number: 07743126

Country of ref document: EP

Kind code of ref document: A1