WO2020248088A1

WO2020248088A1 - Secure access method and electronic device

Info

Publication number: WO2020248088A1
Application number: PCT/CN2019/090478
Authority: WO
Inventors: 查克拉博蒂·齐元吉; 方中华
Original assignee: 华为技术有限公司
Priority date: 2019-06-10
Filing date: 2019-06-10
Publication date: 2020-12-17
Also published as: CN113906398A

Abstract

Disclosed are a secure access method and an electronic device. The secure access method comprises: determining a target hardware module and a target buffer block according to a detection request; determining whether the target hardware module and the target buffer block belong to the same media path; when the target hardware module and the target buffer block belong to the same media path, determining whether the target hardware module has access rights to the target buffer block; and when the target hardware module has the access rights to the target buffer block, invoking the target hardware module to access the target buffer block. It can be seen that, by using the technical solution of the present application, an electronic device performs dual detection on a hardware module and a buffer block before the hardware module accesses the buffer block, such that the buffer block can be accessed securely, thereby avoiding the leakage of a secure media stream from a secure buffer block, and improving the security of an SMP.

Description

Safe access method and electronic equipment

Technical field

This application relates to the field of multimedia technology, in particular to a secure access method and electronic equipment.

Background technique

The media path is the transmission path of the media stream. A media path is composed of at least one hardware module and at least one memory (buffer), and each hardware module in the at least one hardware module can access any memory in the at least one memory. A secure media path (SMP) is a transmission path for transmitting media streams with security requirements. In this application, media streams with security requirements are referred to as secure media streams. In order to ensure that the secure media stream meets the security requirements during the transmission process, applications in a non-secure environment generally do not have access rights to the memory in the SMP. This application refers to the memory in the SMP as a secure memory block.

However, in actual use, the secure media stream will still be leaked from the secure memory block. It can be seen that the existing SMP has poor security.

Summary of the invention

This application provides a secure access method and electronic equipment to solve the problem of poor security of existing SMPs.

In the first aspect, this application provides a secure access method, which includes: determining a target hardware module and a target memory block according to a detection request; determining whether the target hardware module and the target memory block belong to the same media path; When the hardware module and the target memory block belong to the same media path, determine whether the target hardware module has access rights to the target memory block; when the target hardware module has access rights to the target memory block, call the target hardware module to access The target memory block.

Among them, this application is executed on the TEE side. For example, before the hardware module accesses the memory block, the electronic device in this application first detects whether the hardware module and the memory block to be accessed by the hardware module belong to the same SMP, thereby preventing the hardware module of the first SMP from accessing the security of the second SMP RAM. When the hardware module and the corresponding memory block belong to the same SMP, the electronic device further detects whether the hardware module has access rights to the memory block. When the hardware module has access authority to the memory block, the hardware module accesses the memory block in accordance with the access authority, so as to prevent the hardware module without the access authority from accessing the data in the secure memory to cause the leakage of the secure media stream. It can be seen that with this implementation method, the electronic device first detects whether the hardware module and the memory block belong to the same media channel, and when they belong to the same media channel, it then detects whether the hardware module has access rights to the memory block. In this way, through double detection, the hardware Modules can only access memory blocks that belong to the same secure media channel and have access rights, to avoid the leakage of secure media streams from the secure memory blocks caused by cross access of different secure media channels or hardware modules accessing memory blocks without access rights , Improve the security of SMP access to memory.

In a possible implementation manner, determining whether the target hardware module and the target memory block belong to the same media path includes: obtaining the first path identifier of the target hardware module and the second path identifier of the target memory block, and the first A path identifier indicates the media path corresponding to the target hardware module, the second path identifier indicates the media path corresponding to the target memory block; detecting whether the first path identifier and the second path identifier are the same; in the first path identifier and When the second path identifiers are the same, it is determined that the target hardware module and the target memory block belong to the same media path. Among them, each SMP in this application is represented by a unique path identifier. Furthermore, the electronic device can accurately detect whether the target hardware module and the target memory block belong to the same SMP based on the path identifier.

In a possible implementation manner, determining whether the target hardware module and the target memory block belong to the same media path includes: obtaining the first path identifier of the target hardware module and the second path identifier of the target memory block, and the first A path identifier indicates the media path corresponding to the target hardware module, the second path identifier indicates the media path corresponding to the target memory block; it is detected whether the first path identifier and the second path identifier are the same as the target path identifier, the target path The identifier is used to indicate the target media path; when the first path identifier is the same as the target path identifier, determine that the target hardware module belongs to the target media path; and when the second path identifier is the same as the path identifier, determine the target The memory block belongs to the target media channel. With this implementation method, the electronic device can determine whether the target hardware module and the target memory block belong to the target media channel. When the target hardware module belongs to the target media channel, the target media channel can call the target hardware module. When the target media channel is used, the target memory block is a memory block that the target media channel can access, so as to prevent the target media channel from calling a hardware module that does not belong to the target media channel or accessing a memory block that does not belong to the target media channel. In this embodiment, the target media path can be any SMP among the created SMPs.

In a possible implementation, the acquiring the first path identifier of the target hardware module and the second path identifier of the target memory block specifically includes: acquiring the module identity identifier of the target hardware module, and in the first correspondence relationship Determine the first path identifier corresponding to the module identity; obtain the memory identity identifier of the target memory block, and determine the second path identifier corresponding to the memory identity in the first correspondence; wherein, the first A corresponding relationship includes the corresponding relationship between the path identifier and the module identifier and the memory identifier. A path identifier corresponds to the module identifier of at least one hardware module and the memory identifier of at least one memory block. At least one hardware module corresponds to the same path identifier. And at least one memory block belong to the media channel indicated by the same channel identifier. Wherein, the first corresponding relationship includes the corresponding relationship between the path identifier and the module identifier and the memory identifier. One path identifier corresponds to the module identifier of at least one hardware module and the memory identifier of at least one memory block. The same path identifier corresponds to at least One hardware module and at least one memory block belong to the media channel indicated by the channel identifier. This implementation method provides a data basis for the implementation of the detection process of this application.

In a possible implementation manner, the acquiring the first path identifier of the target hardware module and the second path identifier of the target memory block specifically includes: acquiring the module identity of the target hardware module, and in accordance with the module identity The first corresponding relationship determines the first path identifier corresponding to the module identity, and the first corresponding relationship includes the corresponding relationship between the path identifier and the module identity. One path identifier corresponds to the module identity of at least one hardware module. At least one hardware module corresponding to the path identifier belongs to the media path indicated by the same path identifier; acquires the target address to be accessed, where the target address indicates the target memory block, and determines the target memory block in the second correspondence relationship according to the target address Corresponding to the second channel identifier, the second correspondence relationship includes the correspondence relationship between the address of the memory block and the channel identifier of the media channel to which the memory block belongs. With this implementation, the first path identifier is obtained by querying the first correspondence between the hardware module and the media path identifier, and the second path identifier is obtained by querying the second correspondence table between the memory block and the media path, which provides a method for this application An exemplary method for obtaining the first path identifier and the second path identifier.

In a possible implementation manner, determining whether the target hardware module has access rights to the target memory block includes: obtaining the module identity of the target hardware module and the memory identity of the target memory block; detecting the third correspondence relationship Whether there is an access authority identifier corresponding to the module identity identifier and the memory identifier, the third correspondence relationship includes the corresponding relationship between the module identity identifier, the memory identity identifier, and the access authority identifier; in the third correspondence relationship is set with When the module identity identifier and the access authority identifier corresponding to the memory identity identifier, it is determined that the target hardware module has the access authority indicated by the access authority identifier for the target memory block. It can be seen that using this implementation method, before the target hardware module accesses the target memory block, the access permission of the target hardware module to the target memory block is detected, so as to avoid the hardware module that has no access permission to the media stream in the target memory block from accessing the target memory block In turn, the media stream can improve the security of SMP.

In a possible implementation manner, the target hardware module corresponds to the target input-output memory management unit IOMMU, the target IOMMU includes an identification register, and the identification register includes at least one memory identity identifier with access rights, and the target hardware module is determined Whether the target memory block has access authority includes: obtaining the memory identity of the target memory block; determining whether the at least one memory identity with access authority includes the memory identity; when the at least one memory identity with access authority When the memory identity is included in the identity, it is determined that the target hardware module has the access authority indicated by the access authority to the target memory block. It can be seen that by adopting this implementation method, by setting the identification register in the IOMMU module, the access authority of the hardware module to the memory block is identified, the operation is simple, easy to implement, and the authentication effect is better.

In a possible implementation manner, the access authority includes a read operation authority and a write operation authority, the identification register includes a read identification register and a write identification register, and the read identification register includes at least one memory identification identifier with read operation authority. The write identification register includes at least one memory identification with write operation authority. By adopting this implementation method, the read operation authority and the write operation authority of the hardware module to the memory block can be respectively set, thereby enabling accurate authentication.

In a possible implementation, determining whether the target hardware module has access rights to the target memory block includes: determining whether the at least one memory identity with read operation permission includes the memory identity; when the at least one has When the memory identity of the read operation permission includes the memory identity, it is determined that the target hardware module has read operation permission for the target memory block; or, it is determined whether the memory identity is included in the at least one memory identity with the write operation permission Identification; when the at least one memory identity with write operation authority includes the memory identity, it is determined that the target hardware module has write operation authority for the target memory block. By adopting this implementation method, the read operation authority and the write operation authority of the hardware module to the memory block can be detected respectively, thereby enabling accurate authentication.

In a possible implementation manner, before determining the target hardware module and the target memory block according to the detection request, the method further includes: obtaining a request to create a media path; generating a path identifier of the media path; configuring at least one hardware module and at least one memory block , Obtain the module identity of the at least one hardware module and the memory identity of the at least one memory block, the at least one hardware module and the at least one memory block form the media path; according to the path identifier, the module of the at least one hardware module The identity identifier and the memory identity identifier of the at least one memory block establish the first correspondence relationship. Using this implementation method, in the stage of creating SMP, the corresponding relationship between the path identifier of the SMP and the hardware module and secure memory block belonging to the SMP is established, and each hardware module in the SMP is bound to the secure memory related to the hardware module Piece. Thus, in the process of using SMP, it provides a data basis for detecting the relationship between the target hardware module and the target secure memory block, and whether the target hardware module has access rights to the target secure memory block.

In a possible implementation manner, after configuring at least one hardware module and at least one memory block, the method further includes: obtaining from the third correspondence relationship at least one memory identity that the target hardware module has access rights; At least one memory identity of the authority is set in the identity register of the target IOMMU. With this implementation method, by setting the identification register in the target IOMMU, the access authority of the target hardware module to the target memory block is set, so that the access authority of the target hardware module to the target memory block can be configured at the hardware level, and the security of the SMP is improved.

In a possible implementation manner, after configuring at least one hardware module and at least one memory block, it further includes: mapping the virtual address of each memory block in the at least one memory block, the memory identity identifier of the memory block, and the channel identifier Store to obtain the second correspondence. With this implementation method, in the SMP creation stage, the second correspondence between the path identifier of the SMP and the secure memory block belonging to the SMP is established. Therefore, in the process of using the SMP, the target memory block can be detected through the second correspondence. Whether it belongs to the target media channel.

In a second aspect, this application provides an electronic device that includes a processor, a target hardware module, and a target memory block, where the processor is configured to determine the target hardware module and the target memory block according to a detection request; The processor is also used to determine whether the target hardware module and the target memory block belong to the same media path; the processor is also used to determine whether the target hardware module and the target memory block belong to the same media path Whether the target hardware module has access authority to the target memory block; the target hardware module is used to access the target memory block when the target hardware module has access authority to the target memory block.

It should be understood that the electronic device may be a processor chip. In this case, the processor in the electronic device is a processor core or a central processing unit in the processor chip.

In a possible implementation manner, the processor is further configured to obtain the first path identifier of the target hardware module and the second path identifier of the target memory block, and the first path identifier indicates the media path corresponding to the target hardware module , The second path identifier indicates the media path corresponding to the target memory block; the processor is also used to detect whether the first path identifier and the second path identifier are the same; the processor is also used to When the identifier is the same as the second path identifier, it is determined that the target hardware module and the target memory block belong to the same media path.

In a possible implementation manner, the processor is further configured to obtain the first path identifier of the target hardware module and the second path identifier of the target memory block, and the first path identifier indicates the media path corresponding to the target hardware module , The second path identifier indicates the media path corresponding to the target memory block; the processor is also used to detect whether the first path identifier and the second path identifier are the same as the target path identifier, and the target path identifier is used to indicate the target Media path; the processor is also used for determining that the target hardware module belongs to the target media path when the first path identifier is the same as the target path identifier; the processor is also used for determining that the second path identifier is the same as the target path identifier When the path identifiers are the same, it is determined that the target memory block belongs to the target media path.

In a possible implementation manner, the processor is further configured to obtain the module identity of the target hardware module, and determine the first path identity corresponding to the module identity in the first correspondence; the processor, It is also used to obtain the memory identity identifier of the target memory block, and determine the second path identifier corresponding to the memory identifier in the first correspondence relationship; wherein, the first correspondence relationship includes the path identifier and the module identity identifier and Correspondence of the memory identity identifier, a path identifier corresponds to the module identifier of at least one hardware module and the memory identifier of at least one memory block, and at least one hardware module and at least one memory block corresponding to the same path identifier belong to the same path Identifies the indicated media path.

In a possible implementation manner, the processor is further configured to obtain the module identity of the target hardware module, and determine the first path identity corresponding to the module identity in the first correspondence according to the module identity The first correspondence relationship includes the correspondence relationship between the path identifier and the module identity identifier, one path identifier corresponds to the module identifier of at least one hardware module, and at least one hardware module corresponding to the same path identifier belongs to the media path indicated by the same path identifier The processor is also used to obtain the target address to be accessed, the target address indicates the target memory block, and the second path identifier corresponding to the target memory block is determined in the second correspondence according to the target address, and the second The correspondence relationship includes the correspondence relationship between the address of the memory block and the channel identifier of the media channel to which the memory block belongs.

In a possible implementation, the processor is also used to obtain the module identity of the target hardware module and the memory identity of the target memory block; the processor is also used to detect whether the third correspondence is set The access authority identifier corresponding to the module identity identifier and the memory identity identifier, and the third correspondence relationship includes the corresponding relationship between the module identity identifier, the memory identity identifier, and the access authority identifier; the processor is also used for setting the third correspondence relationship When the access authority identifier corresponding to the module identity identifier and the memory identifier is set in the module, it is determined that the target hardware module has the access authority indicated by the access authority identifier for the target memory block.

In a possible implementation manner, the electronic device further includes a target input-output memory management unit IOMMU, the target IOMMU corresponds to the target hardware module, the target IOMMU includes an identification register, and the identification register includes at least one access authority Memory identity, where the target IOMMU is used to obtain the memory identity of the target memory block, and to determine whether the at least one memory identity with access rights includes the memory identity; the target IOMMU is also used to When the at least one memory identity identifier with access authority includes the memory identity identifier, it is determined that the target hardware module has the access authority indicated by the access authority identifier for the target memory block.

In a possible implementation manner, the access authority includes a read operation authority and a write operation authority, the identification register includes a read identification register and a write identification register, and the read identification register includes at least one memory identification identifier with read operation authority. The write identification register includes at least one memory identification with write operation authority.

In a possible implementation manner, the target IOMMU is also used to determine whether the at least one memory identity with read operation permission includes the memory identity, and the at least one memory identity with read operation permission includes When the memory identity is identified, it is determined that the target hardware module has the read operation permission for the target memory block; the target IOMMU is also used to determine whether the memory identity is present in the at least one memory identity with write operation permission, and When the at least one memory identity with read operation permission includes the memory identity, it is determined that the target hardware module has write operation permission on the target memory block.

In a possible implementation, the processor is also used to obtain a request to create a media path; the processor is also used to generate a path identifier of the media path; the processor is also used to configure at least one hardware module and At least one memory block, the module identity of the at least one hardware module and the memory identity of the at least one memory block are obtained, the at least one hardware module and the at least one memory block form the media path; the processor is also used for The path identifier, the module identity identifier of the at least one hardware module, and the memory identity identifier of the at least one memory block establish the first correspondence relationship.

In a possible implementation manner, the processor is further configured to obtain at least one memory identity that the target hardware module has access permission from the third correspondence; the processor is further configured to At least one memory identity is configured in the identity register of the target IOMMU.

Among them, the technical effects produced by the second aspect and the implementation manners of the second aspect are the same as the technical effects produced by the implementation manners of the first aspect and the first aspect, and will not be repeated here.

In a third aspect, the present application also provides a device, the device includes: a determining module for determining a target hardware module and a target memory block according to a detection request; a determining module for determining whether the target hardware module and the target memory block are Belong to the same media path; the determining module is also used to determine whether the target hardware module has access rights to the target memory block when the target hardware module and the target memory block belong to the same media path; the calling module is used to When the target hardware module has access authority to the target memory block, the target hardware module is called to access the target memory block.

In a possible implementation manner, the device further includes an acquisition module and a detection module. The acquisition module is configured to acquire the first path identifier of the target hardware module and the second path identifier of the target memory block, and the first The path identifier indicates the media path corresponding to the target hardware module, and the second path identifier indicates the media path corresponding to the target memory block; the detection module is used to detect whether the first path identifier and the second path identifier are the same; the determination The module is also used to determine that the target hardware module and the target memory block belong to the same media path when the first path identifier and the second path identifier are the same.

In a possible implementation manner, the acquiring module is further configured to acquire the first path identifier of the target hardware module and the second path identifier of the target memory block, and the first path identifier indicates the media path corresponding to the target hardware module , The second path identifier indicates the media path corresponding to the target memory block; the detection module is also used to detect whether the first path identifier and the second path identifier are the same as the target path identifier, and the target path identifier is used to indicate the target Media path; the determining module is also used to determine that the target hardware module belongs to the target media path when the first path identifier is the same as the target path identifier; the determining module is also used to determine whether the second path identifier is the same as the target media path When the path identifiers are the same, it is determined that the target memory block belongs to the target media path.

In a possible implementation manner, the acquisition module is further configured to acquire the module identity of the target hardware module, and determine the first path identifier corresponding to the module identity in the first correspondence; the acquisition module, It is also used to obtain the memory identity of the target memory block, and determine the second path identity corresponding to the memory identity in the first corresponding relationship; wherein, the first corresponding relationship includes the path identity and the module identity and Correspondence of the memory identity identifier, a path identifier corresponds to the module identifier of at least one hardware module and the memory identifier of at least one memory block, and at least one hardware module and at least one memory block corresponding to the same path identifier belong to the same path Identifies the indicated media path.

In a possible implementation manner, the acquisition module is further configured to acquire the module identity of the target hardware module, and determine the first path identifier corresponding to the module identity in the first correspondence according to the module identity The first correspondence relationship includes the correspondence relationship between the path identifier and the module identity identifier, one path identifier corresponds to the module identifier of at least one hardware module, and at least one hardware module corresponding to the same path identifier belongs to the media path indicated by the same path identifier The acquisition module is also used to acquire the target address to be accessed, the target address indicates the target memory block, and the second path identifier corresponding to the target memory block is determined in the second correspondence according to the target address, and the second The correspondence relationship includes the correspondence relationship between the address of the memory block and the channel identifier of the media channel to which the memory block belongs.

In a possible implementation manner, the acquisition module is also used to acquire the module identity of the target hardware module and the memory identity of the target memory block; the detection module is also used to detect whether the third correspondence is set The access authority identifier corresponding to the module identity and the memory identity, the third correspondence includes the correspondence between the module identity, the memory identity, and the access authority identifier; the determining module is also used in the third correspondence When the access authority identifier corresponding to the module identity identifier and the memory identifier is set in the module, it is determined that the target hardware module has the access authority indicated by the access authority identifier for the target memory block.

In a possible implementation manner, the device further includes a generation module, a configuration module, and an establishment module, wherein the acquisition module is also used to acquire a request to create a media path; the generation module is also used to generate a path of the media path Identification; the configuration module is also used to configure at least one hardware module and at least one memory block to obtain the module identity of the at least one hardware module and the memory identity of the at least one memory block, the at least one hardware module and the at least one The memory block forms the media path; the establishing module is further configured to establish the first correspondence relationship according to the path identifier, the module identity identifier of the at least one hardware module, and the memory identity identifier of the at least one memory block.

In a possible implementation manner, the obtaining module is also used to obtain at least one memory identity that the target hardware module has access permission from the third correspondence; the configuration module is also used to obtain the access permission At least one memory identity is configured in the identity register of the target IOMMU, where the target IOMMU corresponds to the target hardware module.

Among them, the technical effects produced by the third aspect and the implementation manners of the third aspect are the same as those produced by the implementation manners of the first aspect and the first aspect, and will not be repeated here.

In a fourth aspect, this application provides a computer-readable storage medium with instructions stored in the computer-readable storage medium, which when run on a computer or processor, cause the computer or processor to execute the first aspect or the first aspect. In terms of any possible design method.

In the fifth aspect, this application provides a computer program product containing instructions that, when the instructions run on a computer or processor, cause the computer or processor to perform any possible design as in the first aspect or any possible design in the first aspect. Method in.

Using the technical solution of this application, before the hardware module accesses the memory block, the electronic device detects whether the hardware module and the corresponding secure memory block belong to the same SMP. If the hardware module and the corresponding secure memory block belong to the same SMP, the electronic device further detects the hardware Whether the module has the authority to access the secure memory block, if the hardware module has the authority to access the secure memory block, the hardware module can access the secure memory block; otherwise, the hardware module cannot access the secure memory block. In this way, the secure memory block can be safely accessed, thereby preventing the secure media stream from leaking from the secure memory block, and improving the security of the SMP.

Description of the drawings

In order to explain the technical solution of the present application more clearly, the following will briefly introduce the drawings needed in the embodiments. Obviously, for those of ordinary skill in the art, without paying creative labor, Other drawings can be obtained from these drawings.

FIG. 1A is a system architecture diagram of a typical electronic device provided by this application;

FIG. 1B is a schematic diagram of the first exemplary application scenario of SMP provided in this application;

FIG. 1C is a schematic diagram of a second exemplary application scenario of SMP provided in this application;

2 is a schematic diagram of the system architecture of an exemplary application environment of the electronic device 10 provided by the present application;

FIG. 3 is an exemplary method flowchart of the secure access method 100 provided by the present application;

Fig. 4 is an exemplary schematic diagram of a bitmap in the identification register provided by the present application;

FIG. 5 is a schematic diagram of an exemplary structure of an electronic device 20 provided in the present application;

FIG. 6A is an exemplary signaling interaction diagram of the SMP creation method 200 provided by this application;

FIG. 6B is an exemplary signaling interaction diagram of the secure media stream transmission method 300 provided by the present application;

FIG. 7A is a schematic diagram of an exemplary structure of an electronic device 70 provided in the present application;

FIG. 7B is a schematic diagram of an exemplary structure of an electronic device 71 provided by the present application;

FIG. 7C is a schematic diagram of an exemplary scenario for detecting access permissions provided in FIG. 7B based on the present application.

Detailed ways

The technical solutions in this application will be clearly described below in conjunction with the drawings in this application.

The terms used in the following embodiments of the application are only for the purpose of describing specific embodiments, and are not intended to limit the application. As used in the specification and appended claims of this application, the singular expressions "a", "an", "said", "above", "the" and "this" are intended to also Including plural expressions, unless the context clearly indicates to the contrary. It should also be understood that although the terms first, second, etc. may be used in the following embodiments to describe a certain type of object, the object should not be limited to these terms. These terms are only used to distinguish specific objects of this class of objects. For example, in the following embodiments, the terms first, second, etc. may be used to describe the path identification, but the path identification should not be limited to these terms. These terms are only used to distinguish the corresponding path identifiers of different objects. In the following embodiments, the terms first, second, etc. may be used to describe other types of objects in the same way, which will not be repeated here. In addition, in the description of the following embodiments, "plurality" means two or more.

The architecture and business scenarios described in this application are intended to more clearly illustrate the technical solutions of the embodiments of this application, and do not constitute a limitation on the technical solutions provided in this application. Those of ordinary skill in the art will know that as the architecture evolves and new With the emergence of business scenarios, the technical solutions provided in the embodiments of this application are equally applicable to similar technical problems.

The following describes the implementation scenarios of this application.

This application can be applied to electronic devices supporting audio and video input/output, such as smart phones, smart set-top boxes, smart TVs, surveillance, computers, tablet computers, etc.

Figure 1A shows the system architecture of a typical electronic device. The system architecture includes: application layer, driver layer, operating system layer, hardware module and storage module. The application layer is used to run application software, such as Tencent, Youku, etc. The driver layer includes a driver program written for each hardware module, and the driver program is used to drive the corresponding hardware module to access the memory block. The operating system layer is responsible for memory management, stack management, task scheduling management, etc. When the application software of the application layer is running, it can apply to the operating system layer to allocate a memory block and obtain the virtual address of the allocated memory block. The allocated memory block is used to store data during the running of the application software, such as the following various media stream data. The driver layer can drive the hardware module to access the corresponding memory block according to the virtual address of the memory block.

The media stream transmitted during the running of the application software may also be referred to as a media data stream, including different forms of media data streams such as transport stream (TS) and elementary stream (ES). Media streams include audio streams and/or video streams.

Before the application software transmits the media stream, it can create a media path according to the intention of the application software and the processing process of the media stream. The media path is the path through which the application software processes the media stream on the electronic device. The processing process includes but is not limited to Play, record, transcode, and forward, etc. Correspondingly, the media path may include, for example, a recording path, a playback path, and a transcoding path. The media path includes the resources used for audio and video processing, such as a series of hardware modules and memory.

With reference to FIG. 1A, by way of example, application software may apply to the operating system layer to occupy hardware module 1, hardware module 2 and hardware module 3, and apply to the operating system layer to allocate memory block 1 and memory block 2. Hardware module 1, hardware module 2, and hardware module 3, as well as memory block 1 and memory block 2, for example, can form a media channel, and the transmission process of the media stream on the media channel is, for example: hardware module 1 to memory block 1, memory block 1 to hardware module 2, hardware module 2 to memory block 2, and memory block 2 to hardware module 3. In actual operation, the driver layer receives instructions from the application software, and then drives the corresponding hardware modules in the media path to perform access operations on the corresponding memory blocks.

The electronic device shown in FIG. 1A may, for example, support a trusted execution environment (TEE) and a rich execution environment (REE). TEE corresponds to REE. TEE is used to provide a protected execution environment for protected application software, and REE is used to provide an execution environment for unprotected application software. The memory (buffer) between TEE and REE is isolated, that is, the application software in REE is not allowed to access the memory in TEE.

Correspondingly, the media paths involved in this application may include ordinary media paths, or may also be referred to as non-secure media paths and secure media paths (SMP). Ordinary media channels are media channels under REE, which are used to transmit unprotected media streams. SMP is a media channel under TEE, used to transmit media streams that have certain security requirements, for example, media streams that require watermarking, encryption, prohibition of transcoding, and mechanism recording. "Security requirements" can be defined as media content usage rules (content usage rules), for example. Correspondingly, the hardware modules and memory blocks in SMP should process and transmit related media streams in accordance with media content usage rules. Based on this, the driver layer in Figure 1A can include REE drivers and TEE drivers. TEE drivers are used to drive hardware modules in SMP to access memory blocks in SMP, and REE drivers are used to drive hardware modules in ordinary media channels to access ordinary media channels. The memory block in.

This application refers to the media stream transmitted by SMP as "secure media stream", and the memory block applied to SMP as "secure memory block". The following embodiments of this application will directly quote the term "secure media stream" and the term "secure memory block", and the meaning of the term "secure media stream" and the term "secure memory block" will not be repeated.

In actual use, each hardware module shown in FIG. 1A can provide multiple processing channels, where each processing channel can be used in one media channel and process the media stream data of the media channel. For example, a hardware module includes 32 processing channels, then the hardware module can be used in 32 media channels at the same time, and each of the processing channels processes media stream data in one of the 32 media channels. Among them, the 32 media channels can include ordinary media channels and SMP. That is, in some embodiments, the TEE and the REE can share the same hardware module. Furthermore, in this scenario, the same hardware module can perform operations in response to instructions from the TEE driver, or perform operations in response to instructions from the REE driver.

Based on this, as shown in Figure 1B, for example, two SMPs are running simultaneously under TEE, and media stream 1 transmitted by SMP1 has output protection requirements. For example, media stream 1 output by SMP1 needs to be watermarked, and media stream 2 transmitted by SMP2, for example Does not have output protection requirements. Both secure memory block 1 and hardware module 1 belong to SMP1, and secure memory block 2 belongs to SMP2. In the scenario shown in FIG. 1B, one processing channel of the hardware module 1 is used for SMP1, for example, and the other processing channel is used for common media channels, for example, then the hardware module 1 can receive the drive instructions of the TEE driver and the drive instructions of the REE drive. Based on this, if the REE drive controls the hardware module 1 to access the secure memory block 2, then the hardware module 1 will store the media stream 1 with output protection requirements in the secure memory block 2, causing the output protection of the media stream 1 to fail. In addition, the graphics processing unit (GPU) module can access the secure memory block and has a copy function, and the GPU module is driven by the REE driver. Therefore, as shown in Figure 1C, even if the GPU module is not used in any media path, the REE driver can control the GPU module to access the secure memory block in SMP3 and copy (copy) the media stream data in the secure memory block. Use the recording function of the personal video recorder (PVR) to set the copy channel from the TEE side to the REE side to copy the secure media stream transmitted by SMP3 to the REE side, resulting in the secure media stream transmitted by SMP3 from the secure memory block Was leaked.

Based on the above, this application provides a secure access method and electronic device. Before the hardware module is triggered to access the secure memory block, the electronic device detects whether the hardware module and the corresponding secure memory block belong to the same SMP. If the memory block belongs to the same SMP, the electronic device further detects whether the hardware module has the authority to access the secure memory block. If the hardware module has the authority to access the secure memory block, the hardware module can access the secure memory block. Otherwise, the The hardware module cannot access the secure memory block. In this way, the secure memory block can be safely accessed, thereby preventing the secure media stream from leaking from the secure memory block, and improving the security of the SMP.

The software and hardware structure of the electronic equipment involved in this application is introduced below.

FIG. 2 illustrates a schematic diagram of a system architecture of an exemplary application environment of the electronic device 10. The electronic device 10 supports TEE. The following describes the REE system architecture and TEE system architecture with reference to Figure 2.

The REE system architecture includes the REE software application layer, the REE software interface adaptation layer, the REE software driver layer, the REE software operating system layer, the REE hardware module, and the REE input and output memory management unit corresponding to the REE hardware module (input output memory management unit, IOMMU) module and REE storage module. The software application in the REE software application layer can control the REE hardware module through the REE software interface adaptation layer, the REE software driver layer and the REE software operating system layer, and access the memory blocks in the REE storage module. Among them, it should be understood that the REE software operating system layer, the REE software driver layer, the REE software interface adaptation layer, and the REE software application layer are implemented by software codes. Illustratively, these software codes can be stored in the memory and run. On the processor.

Among them, the REE software application layer is used to provide the operating environment of the REE software application, and is also used to apply to the REE software operating system layer to allocate the REE hardware module and REE memory block when the REE software application is running, and store the virtual address of the REE memory block.

The REE software interface adaptation layer is used to match the driver in the REE software driver layer according to the virtual address accessed by the REE software application layer.

The REE software driver layer includes a driver program written for each hardware module, and the driver program drives the corresponding hardware module to access the corresponding REE memory block according to the virtual address.

The REE software operating system layer is used to perform REE hardware module resource management, as well as stack management and task scheduling. The REE software operating system layer, for example, can configure the REE hardware module 12 to create a common media channel in response to instructions from the REE software application layer. In addition, the REE software operating system layer is also used to maintain one or more computer programs and data. When the one or more computer programs are running, they can implement the functions of each software layer on the REE side. The data is used to provide support for the operation of the one or more computer programs.

The REE IOMMU module corresponds to the REE hardware module one to one. The REE IOMMU module is used to convert the virtual address of the memory block into the physical address of the corresponding memory block, and further, perform unsafe access to the memory block indicated by the corresponding physical address.

Exemplarily, the REE storage module may include, but is not limited to, double data rate (DDR) memory, flash memory (Flash), static random access memory (SRAM), etc., which are not limited in this application. The REE storage module includes multiple memory blocks, and each memory block has a different physical address.

The TEE system architecture includes TEE software application layer, TEE software interface adaptation layer, TEE software driver layer, TEE software operating system layer, TEE hardware module, TEE IOMMU module corresponding to TEE hardware module, and TEE storage module. Among them, the TEE software operating system layer, the TEE software driver layer, the TEE software interface adaptation layer, and the TEE software application layer are implemented by software codes. Illustratively, these software codes can be stored in the memory and run on the processor. on.

Among them, the software application in the TEE software application layer can control the TEE hardware module through the TEE software interface adaptation layer, the TEE software driver layer, and the TEE software operating system layer, and access the memory block in the TEE storage module. It should be understood that the basic interaction process between the software layers is similar to the REE side, and will not be detailed here.

In addition, in this application, the TEE system architecture also includes a session management module, a memory management module, and a policy management module, where the session management module, the memory management module, and the policy management module are implemented by software code and run on the processor .

In some embodiments, the session management module, the memory management module, and the policy management module run on the TEE software driver layer, for example. In other embodiments, the session management module, the memory management module, and the policy management module run on the TEE software operating system layer, for example. In some other embodiments, some modules of the session management module, the memory management module, and the policy management module run on the TEE software driver layer, and other modules run on the TEE software operating system layer.

Among them, the strategy management module is used to maintain the strategy table referred to below in this manual, that is, the third corresponding relationship referred to below. In the process of creating the SMP by the TEE system architecture, the session management module is used to correspondingly store the channel identifier of the SMP and the TEE hardware module information and secure memory block information belonging to the SMP to obtain the first correspondence involved in the following. The memory management module is used to maintain the physical address and virtual address mapping table of each memory block in the TEE storage module, and then, in the process of configuring the secure memory block in the TEE system architecture, the memory management module is also used to configure the secure memory block Memory identification (tag), then, the memory identification of the secure memory block, the path identifier of the SMP to which the corresponding secure memory block belongs, and the corresponding relationship between the virtual address and physical address of the corresponding secure memory block form a mapping relationship to obtain the The mapping table corresponding to the secure memory block, that is, the second correspondence involved in the following.

Further, in the process of transmitting the secure media stream, the session management module may also be used to detect the hardware module and the secure memory block according to the above series of correspondences to determine whether the corresponding hardware module has access rights to the secure memory block. The corresponding embodiments are detailed in the following description of this specification, which will not be described in detail here.

In addition, the memory management module is also used to set the identification register in the IOMMU module according to the memory identity identification of the secure memory block to set the access authority of the hardware module to the secure memory block. Exemplarily, setting the identification registers summarized by the IOMMU module can be specifically completed by the memory management module. For the corresponding embodiments, please refer to the description below in this specification for details, and will not be detailed here.

The TEE IOMMU module corresponds to the TEE hardware module one to one. The TEE IOMMU module includes an identification register, and the identification in the identification register is used to authenticate the TEE hardware module's access authority to the memory block. For example, when the TEE IOMMU module contains the first memory identity, the TEE hardware module can access the memory block indicated by the first memory identity. Similarly, when the TEE IOMMU module does not contain the memory identity, the TEE hardware module cannot access the second The memory block indicated by the memory identifier. The specific implementation form of the identification register is described in the following embodiments.

The TEE storage module may include multiple secure memory blocks, and each secure memory block can be identified by a physical address. Exemplarily, after the secure memory block is configured as an SMP secure memory block, the TEE software driver layer may set the memory identity of the memory block according to the instruction of the software application in the TEE software application layer and the third correspondence.

It is understandable that, in some embodiments, the processor running each software layer of REE and the processor running each software layer of TEE may be physically the same processor. When the processor is running in REE mode, The processor implements the functions of each software layer of the REE. When the processor runs in the TEE mode, the processor implements the functions of each software layer of the TEE. The processor may be, for example, a system-level chip control logic unit, a microprocessor, a microcontroller (micro-controller unit, MCU), a central processing unit (CPU), a digital signal processing (digital signal processing, DSP) ), graphics processing unit (GPU), field programmable gate array (FPGA), application specific integrated circuit (ASIC), etc., which are not limited in this application.

The REE hardware module and the TEE hardware module shown in FIG. 2 may include, for example, a demux module (demux), a hardware decryption module, a hardware encryption module, a hardware decoding module (decoder), a video decoding module (VDEC), and hardware Communication module, hardware graphics processing module (video processor, VPSS), hardware display module (video display, VDP), analog to digital converter (analog to digital converter, ADC), digital to analog converter (digital to analog converter, DAC), The communication interface, radio frequency unit, microelectronic mechanical module, etc. are not limited in this application. Among them, both the hardware decryption module and the hardware encryption module include a cipher. In this embodiment, the REE hardware module and the TEE hardware module can be implemented by two processing channels in the same hardware module.

Both the REE storage module and the TEE storage module may include but are not limited to DDR memory, flash memory (Flash), SRAM, etc., which are not limited in this application. The REE memory module and the TEE memory module are isolated from each other, so that ordinary memory blocks and secure memory blocks are isolated from each other.

The physical address (physical address) described in the embodiment shown in FIG. 2 can be: storing information in a byte as a unit in the storage module. In order to correctly store or obtain information, each byte unit has a unique memory block address. The physical address can also be called the actual address or the absolute address. The physical address can be addressed in the storage module through the address bus, and is the address where the data is actually stored.

The virtual address described in the embodiment illustrated in FIG. 2 may be a logical address used by application software to access the memory block. Virtual addresses do not actually store data, but need to be mapped to actual physical addresses to obtain data. The mapping relationship between the virtual address and the physical address may be stored in a memory management unit (MMU), for example, and the MMU implements the translation of the virtual address into a physical address. Virtual addresses between different application software are mapped to different physical addresses to achieve memory isolation.

In addition, the "access" involved in this application includes read operation and write operation, and correspondingly, "access authority" includes read operation authority and write operation authority.

In some embodiments, the software and hardware of the REE system architecture and the software and hardware of the TEE system architecture illustrated in FIG. 2 may be located in the same system on chip (SOC). In other embodiments, the REE software application layer, the REE software interface adaptation layer, the REE software driver layer, the REE software operating system layer, the REE hardware module, the REE IOMMU module, and the TEE software application layer and TEE software interface shown in FIG. 2 The adaptation layer, TEE software driver layer, TEE software operating system layer, TEE hardware module, and TEE IOMMU module are located in the same SOC, and the REE storage module and TEE storage module can be independent of the SOC.

It can be understood that FIG. 2 is only a schematic description, and does not constitute a specific limitation on the electronic device 10. In other embodiments of the present application, the electronic device 10 may include more or fewer components than those shown in the figure, or combine certain components, or split certain components, or arrange different components. The illustrated components can be implemented in hardware, software, or a combination of software and hardware.

The following describes the secure access method of the present application in conjunction with the electronic device 10.

It is understandable that the secure access method described in this application is implemented in the TEE. Accordingly, the secure access method described in this application is executed by at least one of the software, hardware, and combination of software and hardware on the TEE side of the electronic device 10 .

Refer to Figure 3, which illustrates a secure access method 100 (hereinafter referred to as method 100). The method 100 includes the following steps:

Step S101: Determine the target hardware module and the target memory block according to the detection request.

The detection request is used to trigger the electronic device 10 to detect whether the target hardware module and the target memory block have the permission to be accessed, and whether the target hardware module has the access permission to the target memory block.

In some embodiments, the detection request is generated by the TEE software driver layer. Exemplarily, in this embodiment, the TEE software driver layer may receive an instruction from the TEE software application layer to call the target hardware module to access the target memory block. Then, the TEE software driver layer may generate the detection request and send the request to the session management module. Test request. In other embodiments, the detection request is generated by the target hardware module. Exemplarily, in this embodiment, the target hardware module may receive an instruction to access the target memory block from the REE driver module, and then the target hardware module generates the detection request, and sends the detection request to the session management module.

In an optional situation, the detection request may include the module identity of the target hardware module and the memory identity of the target memory block. In some embodiments, the module identification may include the module identification of the target hardware module. In other embodiments, the module identity identifier may further include the module identifier of the target hardware module and the processing channel identifier of the target hardware module, and the processing channel identifier indicates the channel occupied by the target hardware module. In some embodiments, the memory identity identifier may be set when the memory management module configures the target memory block.

Exemplarily, the implementation form of the module identity and the memory identity are, for example, handles. A handle can be described as an identifier that is used to identify an object or item. The object or item can be, for example, a module, task, instance, block of memory, control ( control) resources (resource), etc. Correspondingly, the detection request may include the handle of the target hardware module and the handle of the target memory block. Optionally, the handle of the target memory block may include the memory identity identifier of the target memory block and the address of the target memory block, and the address may be, for example, the virtual address of the target memory block.

Step S102: Determine whether the target hardware module and the target memory block belong to the same media path.

If the target hardware module and the target memory block do not belong to the same media path, it means that the current access request to access the target memory block through the target hardware module is illegal, and no operation is performed, or an alarm message is output. If the target hardware module and the target memory block belong to the same media path, step S103 is executed.

Wherein, the media path in this embodiment refers to SMP, and the SMP is created by application software. In this embodiment, the created SMP may include at least one SMP.

In this application, each SMP in the at least one SMP corresponds to a path identifier, each path identifier is unique, and each path identifier indicates a corresponding SMP. The path identifier can be described as SID (session identify), for example. For the setting process of the path identification and the establishment of the identification relationship between the path identification and the SMP, please refer to the description of the following embodiments of this specification for details, which will not be detailed here.

Further, the session management module can obtain the first path identifier of the target hardware module and the second path identifier of the target memory block, the first path identifier indicates the media path corresponding to the target hardware module, and the second path identifier indicates the media corresponding to the target memory block. path. Then, the session management module can determine whether the first path identifier and the second path identifier are the same. If the first path identifier and the second path identifier are the same, determine that the target hardware module and the target memory block belong to the same media path; if the first path identifier Different from the second path identifier, it is determined that the target hardware module and the target memory block do not belong to the same media path.

It is understandable that the foregoing is only an implementation example of step S102 in a conventional scenario. In other implementation scenarios, this application can implement step S102 in other ways.

For example, in an implementation scenario, the session management module can determine whether the target hardware module and the target memory block belong to the target media channel. In this embodiment, the target media path may be any SMP in the created SMP, and the path identifier of the target media path may be described as the target path identifier.

Specifically, the session management module may obtain the first path identifier of the target hardware module and the second path identifier of the target memory block. The first path identifier indicates the media path corresponding to the target hardware module, and the second path identifier indicates the media corresponding to the target memory block. path. Then, the session management module can detect whether the first path identifier and the second path identifier are the same as the target path identifier. If the first path identifier is the same as the target path identifier, and the second path identifier is the same as the target path identifier, determine the target hardware module and The target memory block belongs to the target media channel. If the first path identifier is not the same as the target path identifier, it is determined that the target hardware module does not belong to the target media path. Similarly, if the second path identifier is different from the target path identifier, it is determined that the target memory block does not belong to the target media path. When the target media path needs to access the data stream in the memory block by calling the hardware module to achieve the processing task, it is first necessary to determine whether the target hardware module and the target memory block belong to the target media path. If both the target hardware module and the target memory block belong The target media channel can further determine whether the target hardware module has access rights to the target memory block; otherwise, it means that the current access request is illegal. For example, the access request may be cross-media channel access, or the target media channel is not allowed The target hardware module is called, or the target memory block cannot be accessed.

Further, the electronic device 10 may, for example, adopt the following at least two optional implementation manners to execute "obtain the first path identifier of the target hardware module and the second path identifier of the target memory block".

Optional Embodiment 1: In combination with the description of step S101, the session management module may obtain the module identity of the target hardware module, and then determine the first path identity corresponding to the module identity in the first correspondence. In the same way, the session management module can obtain the memory identity of the target memory block, and determine the second path identity corresponding to the memory identity in the first correspondence. Optionally, in this embodiment, the module identity identifier includes, for example, the module identifier of the target hardware module and the processing channel identifier of the target hardware module.

Wherein, the first corresponding relationship includes the corresponding relationship between the path identifier and the module identifier and the memory identifier. One path identifier corresponds to the module identifier of at least one hardware module and the memory identifier of at least one memory block. The same path identifier corresponds to at least One hardware module and at least one memory block belong to the media channel indicated by the channel identifier. It can be understood that all the path identifiers in the first correspondence relationship indicate SMP. The first corresponding relationship may be established when the electronic device 10 creates the SMP. For the embodiments of creating the SMP, please refer to the following description of this specification.

Exemplarily, the first correspondence may be as shown in Table 1.

Table 1

Among them, the "passage 01" and "passage 02" in Table 1 are both the pass mark. "(Module A, processing channel 01)" is the module identity of hardware module 01, where "module A" is the module identifier of hardware module 01, and "processing channel 01" is the identifier of the processing channel occupied by hardware module 01. The meanings of other module identities in Table 1 are similar, and will not be repeated here. "(Virtual address 01, first identifier)" is the handle of memory block 01, where "virtual address 01" is the virtual address of memory block 01, and "first identifier" is the memory identity identifier of memory block 01. The meanings of other memory handles in Table 1 are similar, and will not be repeated here.

As shown in Table 1, the hardware module 01 indicated by "(module A, processing channel 01)", the hardware module 02 indicated by "(module B, processing channel 10)", and the hardware module indicated by "(module C, processing channel 32)" The hardware module 03, and the memory block 01 indicated by "(virtual address 01, first identifier)", and the memory block 02 indicated by "(virtual address 02, second identifier)" belong to the SMP indicated by the path identifier "path 01". Similarly, the hardware module 04 indicated by "(module A, processing channel 20)", the hardware module 05 indicated by "(module D, processing channel 15)", and the hardware module 06 indicated by "(module E, processing channel 30)" , And memory block 03 indicated by "(virtual address 03, first identification)", memory block 004 indicated by "(virtual address 04, third identification)", and memory indicated by "(virtual address 05, fourth identification)" Block 05 belongs to the SMP indicated by the path identifier "path 02".

With reference to the first correspondence shown in Table 1, in some embodiments, the handle of the target hardware module is, for example, (module A, processing channel 01), and the handle of the target memory block is, for example, (virtual address 02, second identification). 1 It can be seen that the target hardware module and the target memory block belong to the same media path, that is, the SMP indicated by "path 01". In other embodiments, the handle of the target hardware module is, for example, (module D, processing channel 15), and the handle of the target memory block is, for example, (virtual address 02, second identification). According to Table 1, the target hardware module belongs to the "path" The SMP indicated by "02", the target memory block belongs to the SMP indicated by "Path 01", it can be seen that the target hardware module and the target memory block do not belong to the same media path.

It can be understood that Table 1 is only a schematic example, and should not constitute a limitation to the first correspondence described in this application. In other implementation manners, the implementation form of the first correspondence relationship and the expression manner of various identities are not limited to those shown in Table 1. No more details here.

Optional implementation manner 2: The session management module may obtain the module identity of the target hardware module, and determine the first path identity corresponding to the module identity in the first correspondence. Furthermore, the session management module can obtain the target address to be accessed according to the memory identity of the target memory block, and then transmit the target address to the memory management module. The memory management module may determine the second path identifier corresponding to the target memory block in the second correspondence, and then the memory management module may transmit the second path identifier to the session management module. Optionally, the target address may be a virtual address of the target memory block, for example.

The second correspondence includes the correspondence between the address of the memory block and the channel identifier of the media channel to which the corresponding memory block belongs. In some embodiments, the information contained in the second correspondence is, for example, attribute information corresponding to a memory block, and the attribute information of the memory block may be implemented in the form of a mapping table. The attribute information of the memory block may also include the memory type of the memory block. Based on this, the second correspondence may include the address of the memory block, the type of the memory block, and the channel identifier of the media channel to which the corresponding memory block belongs.

Exemplarily, a mapping table of a memory block is shown in Table 2.

Table 2

Among them, Table 2 is the attribute information mapping table of memory block 01, virtual address 01 refers to the virtual address corresponding to memory block 01, physical address 01 refers to the physical address corresponding to memory block 01, and path 01 refers to the media path to which memory block 01 belongs The first identifier means that the memory identity identifier of the memory block 01 is set as the first identifier. The memory management module may set the identification register in the IOMMU according to the first identification to set the access authority of the hardware module corresponding to the IOMMU to the memory block 01.

It can be understood that Table 2 is only a schematic example, and should not constitute a limitation to the second correspondence described in this application. In other implementation manners, the implementation form of the second correspondence relationship may be different from Table 2. No more details here.

According to the description of this step, before the target hardware module accesses the target memory block, the session management module needs to detect whether the target hardware module and the target memory block belong to the same SMP, so as to avoid the hardware module of the first SMP under TEE from accessing the second SMP. The secure memory block can improve the security of SMP.

Step S103: When the target hardware module and the target memory block belong to the same media path, it is determined whether the target hardware module has access authority to the target memory block.

If the target hardware module has no access authority to the target memory block, no operation is performed or an alarm message is output. If the target hardware module has access authority to the target memory block, step S104 is executed.

Among them, the access authority of any hardware module to the memory block is set during the creation of the SMP, and will not be detailed here.

In some embodiments, the step of determining whether the target hardware module has access authority to the target memory block may be performed by the session management module. For example, the session management module can obtain the module identity of the target hardware module and the memory identity of the target memory block. Then, the session management module layer can read the third correspondence from the memory area corresponding to the policy management module, and then the session management The module detects whether there is an access authority identifier corresponding to the module identity identifier and the memory identity identifier in the third correspondence relationship, if the third correspondence relationship is set with the access authority identifier corresponding to the module identity identifier and the memory identity identifier , The target hardware module has the access authority indicated by the access authority identifier for the target memory block. Optionally, in this embodiment, the module identity is, for example, the module identity of the target hardware module.

According to the description of the embodiment corresponding to FIG. 2, the third correspondence relationship is preset and stored in the memory area corresponding to the policy management module, and includes the correspondence relationship between the module identity identifier, the memory identity identifier, and the access authority identifier. In some embodiments, the third correspondence relationship may include a correspondence relationship between a module identifier, a memory identifier, and an access authority identifier. Exemplarily, the third correspondence is shown in Table 3.

table 3

内存身份标识Memory identity	模块标识Module ID	访问权限标识Access authority identification
第一标识First logo	模块AModule A	读标识Read logo
第一标识First logo	模块BModule B	读标识和写标识Read mark and write mark
第二标识Second mark	模块AModule A	写标识Write logo
第三标识Third mark	模块CModule C	写标识Write logo
第三标识Third mark	模块DModule D	读标识Read logo
第四标识Fourth logo	模块BModule B	读标识和写标识Read mark and write mark

Among them, Table 3 shows four types of memory identification identifiers. "Read identifier" means that the hardware module indicated by the module identifier in Table 3 has read operation authority for the memory block of the type indicated in the column. "Write identifier" refers to the table If the hardware module indicated by the module identification in this column has the write operation authority to the memory block of the indicated type in the column, the same applies, "read identification and write identification" means that the hardware module indicated by the module identification in the column in Table 3 The memory blocks of the listed types have read operation permissions and write operation permissions. For example, the hardware module indicated by module A has read operation authority for the memory block indicated by the first identifier; the hardware module indicated by module B has read operation authority and write operation authority for the memory block indicated by the first identifier; the hardware module indicated by module A The memory block indicated by the second identifier has the write operation permission, which will not be listed here in this application.

It is understandable that Table 3 is only a schematic example, and should not constitute a limitation to the third correspondence described in this application. In other implementation manners, the third correspondence may also include more or fewer correspondences between memory identity identifiers, module identifiers, and access authority identifiers. No more details here.

According to the description of the hardware modules in Figure 2, each hardware module has a certain function, and different hardware modules can handle different types of media streams correspondingly. For example, the function of the demultiplexing module is to descramble the TS, and the function of the hardware display module is to display the video corresponding to the video data. Based on this, the relevant technical personnel can set the type of memory block corresponding to the type of the stored media stream, and then, according to the operation authority of each hardware module to the corresponding type of media stream, set the access authority of the corresponding hardware module to the corresponding type of memory block . For example, relevant technicians may determine the identity of the memory block storing the TS as the first identity to identify, and the identity of the memory block storing the video data as the second identity. Correspondingly, the multiplex distribution module has read operation authority and write operation authority for the first identifier, and the multiplex distribution module does not have any access authority for the second identifier. In the same way, the hardware display module has read operation authority for the second identifier, but does not have any access authority for the first identifier. Correspondingly, the relevant technicians correspondingly store the module identification, the first identification, and the read identification and the write identification of the multiplexed module in the third correspondence relationship, and correspond to the module identification, the second identification and the read identification of the hardware display module Stored in the third correspondence. Therefore, if the access authority identifier corresponding to the module identity identifier and the memory identity identifier is not set in the third correspondence, it means that the target hardware module does not have access authority to the target memory block.

In addition, according to the description of FIG. 2, it can be seen that the hardware module and the IOMMU module have a one-to-one correspondence. Based on this, the target hardware module corresponds to the target IOMMU module. Further, the target IOMMU module includes an identification register. Illustratively, the identification register includes at least one memory identity that the target hardware module has access rights to. Based on this, exemplary, the memory identity of the target memory block can be obtained, and then it is determined whether the at least one memory identity includes the memory identity, and when the at least one memory identity with access permission includes In the case of the memory identity identifier, the target hardware module has the access authority indicated by the access authority identifier for the target memory block.

Further, since the access authority includes a read operation authority and a write operation authority, the identification register includes a read identification register and a write identification register. Correspondingly, the read identification register includes at least one memory identification with read operation authority, and the write identification register includes at least one memory identification with write operation authority.

In addition, according to the description of the foregoing embodiment, the access authority includes read operation authority and write operation authority. Therefore, determining whether the target hardware module has access authority to the target memory block may include: determining the at least one memory identity with read operation authority Whether the identifier includes the memory identity identifier, and when the at least one memory identity identifier with read operation permission includes the memory identity identifier, the target hardware module has the read operation permission on the target memory block. Alternatively, it is determined whether the at least one memory identity with write operation permission includes the memory identity, and when the at least one memory identity with write operation permission includes the memory identity, the target hardware module pairs The target memory block has write permission.

It can be seen that by adopting this implementation method, by setting the identification register in the IOMMU module, the access authority of the hardware module to the memory block is identified, which is simple to operate, easy to implement, and has a good authentication effect.

Exemplarily, as shown in FIG. 4, the bitmap of the memory identity can be maintained in the identification register, for example, the bitmap of the memory identity can include 64 bits, and each of the 64 bits of the bitmap uniquely indicates one kind Memory type, for example, the 21st bit in the bitmap indicates memory type 21. The value of the field of each memory identification bit can indicate whether the hardware module has access rights to this type of memory. This application may describe the value of the field as indicating whether the identification register contains the corresponding memory identification. In some embodiments, for example, the field value "1" is an enable value, indicating that the hardware module has access rights to the type of memory indicated by the corresponding bit, that is, the identification register contains the corresponding memory identity; the field value "0" is forbidden The access value indicates that the hardware module has no access authority to the type of memory indicated by the corresponding bit, that is, the identification register does not contain the corresponding memory identification. In other embodiments, for example, the field value "0" is the enable value, indicating that the hardware module has access rights to the type of memory indicated by the corresponding bit, that is, the identification register contains the corresponding memory identity; the field value "1" is The access prohibited value indicates that the hardware module has no access authority to the type of memory indicated by the corresponding bit, that is, the identification register does not contain the corresponding memory identification.

Optionally, the initial values of the 64-bit fields shown in FIG. 4 may all be forbidden values. During the creation of the SMP, the TEE memory management module 2122 may modify the field values of some bits in the bitmap from the forbidden values as required. Is the enable value. No more details here.

Further, the identification register may include a read operation authority identification register and a write operation authority identification register, the bitmap in the read operation authority identification register and the bitmap in the write operation authority identification register are shown in Figure 4, respectively. The field value of the bit in the bitmap of the operation authority identification register indicates whether the hardware module has read authority for the type of memory block indicated by the corresponding bit. The bit field value in the bitmap of the write operation authority identification register indicates whether the hardware module has write authority for the type of memory block indicated by the corresponding bit. Exemplarily, the memory identity identifier of the target memory block is 21, and the 21st bit in the bitmap of the read operation authority identification register is, for example, the enable value "1", indicating that the target hardware module has read operation authority to the target memory block. The 21st bit in the bitmap of the write operation authority identification register is, for example, the access prohibited value "0", indicating that the target hardware module has no write operation authority to the target memory block.

It can be understood that FIG. 4 is only a schematic implementation manner, and does not limit the identification register described in the present application. In other implementation manners, the identification register may also be implemented in other implementation manners, which is not limited in this application.

According to the description of this step, before the target hardware module accesses the target memory block, the electronic device 10 detects the access authority of the target hardware module to the target memory block, thereby being able to avoid access to hardware modules that have no access authority to the media stream in the target memory block. The media stream in the target memory block can in turn improve the security of SMP.

Step S104: When the target hardware module has access authority to the target memory block, the target hardware module accesses the target memory block.

Wherein, in conjunction with the description of step S103, when the target hardware module has read operation authority to the target memory block, the target hardware module reads the media stream data in the target memory block. When the target hardware module has the write operation authority to the target memory block, the target hardware module writes media stream data into the target memory block.

It can be seen that, with the technical solution of the present application, before the hardware module accesses the secure memory block, the electronic device detects whether the hardware module and the corresponding secure memory block belong to the same SMP, thereby avoiding cross-SMP cross access of the hardware module. If the hardware module and the corresponding secure memory block belong to the same SMP, the electronic device further detects whether the hardware module has the authority to access the secure memory block. If the hardware module has the authority to access the secure memory block, the hardware module can access the secure memory block. The secure memory block, otherwise, the hardware module cannot access the secure memory block. In this way, the secure memory block can be safely accessed, thereby preventing the secure media stream from leaking from the secure memory block, and improving the security of the SMP.

The embodiment shown in FIG. 3 takes the use process of SMP as an example to introduce the secure access method of this application. According to the description of the foregoing embodiments, the settings of some correspondences and the like in the embodiment shown in FIG. 3 are completed in the stage of creating the SMP. The implementation process of creating SMP involved in this application is introduced below.

With reference to the electronic device 10 shown in FIG. 2, the application software running in the TEE software application layer can transmit a request to create a media path to the TEE software driver layer. Of course, the media path to be created in this embodiment is an SMP. Then, the TEE software driver layer driver can generate the path identifier of the SMP to be created, such as "path 01". Furthermore, the driver TEE software driver layer can configure at least one hardware module and at least one memory block to obtain the module identity of the at least one hardware module and the memory identity of the at least one memory block. Then, the TEE software driver layer correspondingly stores the path identifier, the module identifier of the at least one hardware module, and the memory identifier of the at least one memory block, and obtains that the first correspondence shown in Table 1 includes the path 01 Correspondence. Wherein, the at least one hardware module and the at least one memory block constitute the media path. Optionally, the at least one hardware module includes, for example, a target hardware module.

Exemplarily, configuring at least one memory block by the TEE software driver layer may include: the TEE software driver layer may allocate at least one secure memory block according to a request of the application software, and further, set each of the at least one secure memory block according to the third correspondence relationship. The memory identity of a secure memory block. Then, the TEE software driver layer may set the attribute information of each secure memory block in at least one secure memory block, so that the virtual address, memory identity identifier, and channel identifier 01 of each secure memory block correspond to obtain the second correspondence.

Further, the TEE software driver layer can also obtain at least one memory identity that each hardware module has access rights in the at least one hardware module from the third correspondence, and then assign at least one memory identity that the corresponding hardware module has access rights to , Set in the IOMMU identification register corresponding to the corresponding hardware module. For example, the TEE software driver layer may obtain at least one memory identity with access permission of the target hardware module from the third correspondence, and then set the at least one memory identity with access permission in the identity register of the target IOMMU.

Exemplarily, in conjunction with the embodiment illustrated in FIG. 4, the TEE software driver layer obtains from the third correspondence relationship at least one memory identity that the target hardware module has access rights to, and then corresponds to the memory identity in the corresponding register of the target IOMMU The field value is changed from the forbidden field value to the enabled value.

It can be seen that using this implementation method, the electronic device 10 is in the SMP creation stage, that is, the corresponding relationship between the path identifier of the SMP and the hardware module and secure memory block belonging to the SMP is established, and each hardware module in the SMP is bound to the hardware The safe memory block associated with the module. Thus, in the process of using SMP, it provides a data basis for detecting the relationship between the target hardware module and the target secure memory block, and whether the target hardware module has access rights to the target secure memory block. Furthermore, the safety of SMP is improved.

The technical solution of the present application will be described below in conjunction with examples.

FIG. 5 provides a structural diagram of an electronic device 20, and the electronic device 20 supports TEE. The TEE side of the electronic device 20 includes: a software part and a hardware part. The software part includes TEE application, session management module (session manager), memory management module (memory manager), policy management module (policy manager) and TEE driver module. It should be understood that the software part is a functional module implemented by software instructions or software codes, and these software instructions or software codes run on the processor to implement corresponding functions. The hardware part includes demux, hardware decoder, VPSS and VDP, and IOMMU corresponding to each hardware module. The hardware part also includes TEE storage module. Among them, the identification register corresponding to the read operation authority and the identification register corresponding to the write operation authority are set in each IOMMU.

In this embodiment, the TEE application runs on the TEE software application layer of the electronic device 10. In this embodiment, the session management module, the memory management module, the policy management module and the TEE driver module run on the TEE software driver layer of the electronic device 10. . Exemplarily, the strategy table (that is, the third correspondence) described in this embodiment may be as shown in Table 4.

Table 4

Among them, various types of information in the same column in Table 4 have corresponding relationships. The following uses any column of information as an example to introduce the meaning of the information in Table 4 and the corresponding relationships.

The first memory identity identifier in the first column and the second memory identity identifier in the second column indicate the same memory identity type. The first memory identity can be used as a software-level identity for this type of memory to facilitate the call and management of the session manager, and the second memory identity can be used as an identification register indicating that this type of memory block is in the IOMMU The corresponding bit in.

The third column is the module identifier. The hardware module indicated by the module identifier has access authority to the memory blocks of the type indicated in the first and second columns, and the corresponding access authority is marked by the access authority identifier in the fourth column. It should be pointed out that the audio digital signal processing (AudioDSP) shown in Table 4 is a kind of demux, and the stream cipher belongs to the hardware decryption module or the hardware encryption module. The hardware indicated by the other hardware module identifiers in Table 4 For the modules, reference may be made to the description of the hardware modules in the embodiment illustrated in FIG. 2, which is not repeated here.

The fifth column is the media channel intent identifier, which is used to indicate the intention of the media channel to which the hardware module and the memory block belong.

For example, taking the first column in Table 4 as an example, the first memory identification "video elementary stream data memory" is used for the session management module to manage and call this type of memory block, and the memory block indicated by "video elementary stream data memory" is IOMMU's identification register corresponds to the 21st bit in the bitmap. The hardware module indicated by demux has the read operation authority and the write operation authority for the memory block whose type is "video elementary stream data memory" or the tag is "21". The hardware module indicated by demux can be used in SMP intended to "watch".

It can be understood that FIG. 5 is only an exemplary description of the electronic device of this application, and does not constitute any limitation to the electronic device involved in this application. In some other embodiments, the electronic device involved in this application may include more or fewer hardware modules. Accordingly, the electronic device involved in this application may include hardware modules with other functions. In addition, the functional software of the electronic device can also adopt other forms of expression. No more details here.

FIG. 6A illustrates a signaling interaction diagram of a method 200 for creating SMP. The SMP creation method 200 (hereinafter referred to as the method 200) includes the following steps:

Step S201: The TEE application sends a request for creating a first SMP to the session management module.

Step S202, the session management module generates a path identifier "SID01".

Among them, SID01 is used to identify the first SMP to be created.

Step S203, the session management module occupies the demux module.

Among them, the session management module is called by the TEE application to occupy the demux module. The session management module can occupy the processing channel 20 of the demux module.

Then, the session management module can generate a handle of the demux module, and store the handle corresponding to the path identifier "SID01". The handle includes the module identification demux and the processing channel 20.

In the actual implementation process, the TEE application can also call the session management module to occupy other hardware modules that make up the first SMP, such as decoder, VPSS, and VDP, and store the handles of other hardware modules corresponding to "SID01". No more details here.

Step S204, the memory management module configures the first secure memory.

Among them, the TEE application calls the memory management module to configure the first secure memory. When the TEE application calls the memory management module, it can send "SID01" to the memory management module.

The memory management module can allocate any secure memory in the TEE storage module as the first secure memory. Then, the memory management module can allocate the first memory identity and the second memory identity to the first secure memory according to the intention of the first SMP and the policy table shown in Table 4. The first memory identity of the first secure memory is, for example, "video elementary stream data memory", and correspondingly, the second memory identity of the first secure memory is, for example, "21". Furthermore, the memory management module uses "21" and "SID01" as the attribute information of the first secure memory, and establishes a mapping table of "21", "SID01" and the virtual address of the first secure memory. The mapping table is shown in Table 2, which is not detailed here.

In addition, the memory management module may also generate a handle to the first secure memory, and the handle of the first secure memory includes, for example, the first memory identification "video elementary stream data memory" of the first secure memory and the virtual address of the first secure memory.

Step S205: The memory management module sends the handle of the first secure memory to the session management module.

Wherein, the session management module may store the handle of the first secure memory corresponding to "SID01".

Exemplarily, the TEE application can also call the memory management module to configure the second secure memory and the third secure memory, generate the handle of the second secure memory and the handle of the third secure memory, and then, similarly transfer the handle of the second secure memory and the third secure memory. 3. The handle of the safe memory is sent to the session management module. Furthermore, the session management module stores the handle of the second secure memory and the handle of the third secure memory corresponding to "SID01" to form a first corresponding relationship. No more details here.

Exemplarily, the second secure memory is, for example, "video frame data memory", and the corresponding tag is "24"; the third secure memory is, for example, "video display data memory", and the corresponding tag is "25".

Step S206, the memory management module sets the access authority of the demux module to the first memory block.

Among them, the memory management module sets the identification register in the IOMMU corresponding to the demux module to set the access authority of the demux module to the first secure memory. For example, in conjunction with Figure 4 and Table 4, the memory management module can modify the value of the 21st field of the read operation authority identification register in the IOMMU to "1", and change the value of the 21st field of the write operation authority identification register in the IOMMU Modify it to "1".

Correspondingly, the memory management module can also set the field values of the tag of the second secure memory and the tag of the third secure memory in the identification register of the IOMMU to set the access authority of the demux module to the second secure memory and the third secure memory. In addition, the memory management module can also set other hardware modules to access the first secure memory, the second secure memory, and the third secure memory, respectively. No more details here.

In this embodiment, the decoder module has read operation authority for the first secure memory, and has read operation authority and write operation authority for the second secure memory; for example, the VPSS module has read operation authority for the second secure memory and has read operation authority for the third secure memory. It has read operation authority and write operation authority; for example, the VDP module has read operation authority for the third secure memory.

It is understandable that the electronic device 20 may also create a second SMP, a third SMP, etc., and the creation process of the second SMP and the third SMP are similar to the method 200, and will not be described in detail here.

Transport secure media stream

FIG. 6B illustrates a signaling interaction diagram of a method 300 for transmitting a secure media stream. The method 300 for transmitting secure media streams (hereinafter referred to as the method 300) includes the following steps:

Step S301, the session management module receives the detection request.

Wherein, the detection request in this embodiment is sent by the demux module, for example. The detection request includes, for example, the demux module identifier and the handle of the third secure memory.

Step S302: The session management module determines that the demux module and the third secure memory belong to the same SMP according to the first correspondence.

Among them, the session management module can obtain the SID01 corresponding to the demux module from the first correspondence, and the session management module can obtain the SID01 corresponding to the third secure memory handle from the first correspondence. Based on this, the session management module determines the demux module and the third Secure memory is the first SMP.

Step S303: The session management module determines according to the policy table that the demux module has no access authority to the third secure memory.

Among them, the session management module can traverse Table 4, and furthermore, it can be determined that the corresponding relationship between the demux module and the "video display data memory" is not set in Table 4, thereby determining that the demux module has no access authority to the third secure memory. Furthermore, the session management module may not send any instructions to the TEE driver module, so that the TEE driver module does not trigger the demux module to access the third secure memory.

Of course, in this embodiment, step S303 is an optional step. Even if step S303 is not executed, after step S302, if the demux module accesses the third secure memory, the tag "25" field in the IOMMU identification register corresponding to the demux module The value is "0", so that the demux module still cannot access the third secure memory.

It can be understood that FIG. 6A and FIG. 6B are only schematic descriptions, and do not limit the technical solution of the present application. In some other embodiments, the SMP involved may be other SMPs, and the hardware modules and memory blocks to be detected may also be other blocks, which will not be described in detail here.

In addition, this specification does not show all implementation scenarios applicable to this application. In other implementation scenarios, other implementation methods based on the technical ideas of this application are also adopted, which also belong to the protection scope of this application.

In summary, in the secure access method provided by this application, before the hardware module is triggered to access the secure memory block, the electronic device detects whether the hardware module and the corresponding secure memory block belong to the same SMP, if the hardware module and the corresponding secure memory block belong to the same SMP , The electronic device further detects whether the hardware module has the authority to access the secure memory block. If the hardware module has the authority to access the secure memory block, the hardware module can access the secure memory block; otherwise, the hardware module cannot access the secure memory block. Secure memory block. In this way, the secure memory block can be safely accessed, thereby preventing the secure media stream from leaking from the secure memory block, and improving the security of the SMP.

In the foregoing embodiments, the solutions of the secure access method provided in this application are introduced from the perspective of the physical structure of the electronic device hardware, the software architecture, and the actions performed by each software and hardware. Those skilled in the art should easily realize that in combination with the establishment of the correspondence relationship described in the embodiments disclosed herein and the processing steps of performing detection according to the correspondence relationship, this application can not only be implemented in the form of hardware or a combination of hardware and computer software . Whether certain functions are executed by hardware or computer software-driven hardware depends on the specific application and design constraints of the technical solution. Professionals and technicians may use different methods to implement the described functions for each of the above specific applications, but such implementation should not be considered as going beyond the scope of the embodiments of the present application.

For example, the above-mentioned electronic device 10 and the electronic device 20 may implement the above-mentioned functions in the form of functional modules. As shown in FIG. 7A, the electronic device 70 may include a determination module 701, a judgment module 702, and a calling module 703. The electronic device 70 can be used to execute part of the non-IOMMU security access method in any of the embodiments illustrated in FIG. 3, FIG. 6A, and FIG. 6B.

For example: the determining module 701 is used to determine the target hardware module and the target memory block according to the detection request; the determining module 702 is used to determine whether the target hardware module and the target memory block belong to the same media path; the determining module 701 is also used to When the target hardware module and the target memory block belong to the same media path, determine whether the target hardware module has access rights to the target memory block; call the module 703 for access to the target memory block when the target hardware module When authorized, call the target hardware module to access the target memory block.

It can be seen that the electronic device 70 provided in the present application can provide the function of detecting whether the target hardware module and the target memory block belong to the same media channel, and whether the target hardware module has access rights to the target memory block, so that the target hardware module Before being triggered and the target memory block, double detection is performed, so that the target memory block can be safely accessed.

Optionally, the electronic device 70 may also include an acquisition module, a detection module, a generation module, a configuration module, and an establishment module. In different embodiments, the above modules are used to implement different functions.

For example, in some embodiments, the acquiring module is configured to acquire the first path identifier of the target hardware module and the second path identifier of the target memory block, and the first path identifier indicates the media path corresponding to the target hardware module. The second path identifier indicates the media path corresponding to the target memory block. In other embodiments, the obtaining module is used to obtain a request for creating a media path. In some embodiments, the detection module is used to detect whether the first path identifier and the second path identifier are the same. In other embodiments, the detection module is used to detect whether the third correspondence relationship is set with the module. The identity identifier and the access authority identifier corresponding to the memory identifier, and the third correspondence relationship includes the corresponding relationship between the module identifier, the memory identifier, and the access authority identifier.

In addition, the generating module is also used to generate the path identifier of the media path. The configuration module is also used to configure at least one hardware module and at least one memory block to obtain the module identity of the at least one hardware module and the memory identity of the at least one memory block, the at least one hardware module and the at least one memory block Compose the media channel. The establishing module is further configured to establish the first correspondence relationship according to the path identifier, the module identity of the at least one hardware module, and the memory identity of the at least one memory block.

For other functions of each module in the electronic device 70, reference may be made to the related descriptions in the embodiments corresponding to the method 100 to the method 300, which will not be repeated here.

It can be understood that the division of each of the above modules is only a division of logic functions, and in actual implementation, the functions of the above modules can be integrated into the processor for implementation. As shown in FIG. 7B, the electronic device 71 includes a processor 711, a target hardware module 712, a target IOMMU 713, and a target memory block 714. The target memory block 714 may be configured to store secure media streams. The target hardware module 712 may be configured to access a memory block to write media stream data to the accessed memory block or to read media stream data from the accessed memory block. The processor 711 can execute the configuration of the hardware module and the memory block in the method 100 to the method 300, and the detection of the permissions of the target hardware module 712 and the target memory block 714. The target IOMMU 713 can be coupled with an identification register 715. The identification register 715 contains the memory identification of the memory block that the target hardware module 712 can access. The target IOMMU 713 can determine whether the target hardware module 712 can access the target according to the configuration in the identification register 715. The memory block 714 performs authentication.

For example, the processor 711 may be configured to determine the target hardware module 712 and the target memory block 714 according to the detection request. The processor 711 may also be used to determine whether the target hardware module 712 and the target memory block 714 belong to the same media path, and when the target hardware module 712 and the target memory block 714 belong to the same media path, determine the target Whether the hardware module 712 has access authority to the target memory block 714. The target hardware module 712 is configured to access the target memory block 714 when the target hardware module 712 has access authority to the target memory block 714.

In addition, for example, referring to FIG. 7C, after the target hardware module 712 receives an instruction to access the target memory block 714, it can obtain the memory identity of the target memory block 714. Then, the target IOMMU 713 searches for the memory identity in the read operation authority identification register and the write operation authority identification register of the target IOMMU 713, and then determines whether the target IOMMU 713 has read operation authority and the target memory block 714 according to the search result. / Or write operation permission.

For specific content, reference may be made to related descriptions in the embodiments corresponding to method 100 to method 300, and details are not repeated here.

It is understandable that, in some embodiments, the processor 711 in FIG. 7B can implement the functions of each software layer of the TEE in FIG. 2, the target hardware module 712 can implement the functions of the TEE hardware module in FIG. 2, and the target IOMMU 713 can implement the diagram For the function of the TEE IOMMU module in 2, the target memory block 714 can be equivalent to any secure memory block in FIG. 2. In other embodiments, the processor 711 in FIG. 7B can implement the functions of the software part in FIG. 5, the target hardware module 712 may be equivalent to any hardware module shown in FIG. 5, and the target IOMMU 71 is determined according to the target hardware module 712, The target memory block 714 can be equivalent to any secure memory block in FIG. 5.

In specific implementation, the application also provides a computer storage medium corresponding to the electronic device. The computer storage medium provided in any device can store a program. When the program is executed, the security provided by the method 100 to the method 300 can be implemented. Access some or all of the steps in each embodiment of the processing method. The storage medium in any device can be a magnetic disk, an optical disc, a read-only memory (read-only memory, ROM), or a random access memory (random access memory, RAM), etc.

Anyone skilled in the art can also understand that the various illustrative logical blocks and steps listed in the embodiments of this application can be implemented by electronic hardware, computer software, or a combination of both. Whether such a function is realized by hardware or software depends on the specific application and the design requirements of the entire system. Those skilled in the art can use various methods to implement the function for each specific application, but such implementation should not be understood as going beyond the protection scope of the embodiments of the present application.

In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware or any combination thereof. When implemented by software, it can be implemented in the form of a computer program product in whole or in part. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on the computer, the process or function according to the application is generated in whole or in part. The computer may be a general-purpose computer, a dedicated computer, a computer network, or other programmable devices. The computer instruction can be stored in a computer-readable storage medium, or transmitted from one computer-readable storage medium to another computer-readable storage medium. For example, the computer instruction can be passed from a website, computer, server, or message center. Wired (such as coaxial cable, optical fiber, digital subscriber line (DSL)) or wireless (such as infrared, wireless, microwave, etc.) to another website site, computer, server or message center. The computer-readable storage medium may be any available medium that can be accessed by a computer or a message storage device such as a server or a message center integrated with one or more available media. The usable medium may be a magnetic medium (for example, a floppy disk, a hard disk, and a magnetic tape), an optical medium (for example, a DVD), or a semiconductor medium (for example, a solid state disk (SSD)).

It should be understood that in various embodiments of the present application, the size of the sequence number of each process does not mean the order of execution, and the execution order of each process should be determined by its function and internal logic, rather than the implementation process of the embodiment. Constitute any limitation.

Each part of this specification is described in a progressive manner, and the same or similar parts between the various embodiments can be referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, for the device and system embodiments, since they are basically similar to the method embodiments, the description is relatively simple, and the relevant parts can be referred to the description of the method embodiments.

Although the preferred embodiments of the present application have been described, those skilled in the art can make additional changes and modifications to these embodiments once they learn the basic creative concept. Therefore, the appended claims are intended to be interpreted as including the preferred embodiments and all changes and modifications falling within the scope of the present application.

Obviously, those skilled in the art can make various changes and modifications to the application without departing from the spirit and scope of the application. In this way, if these modifications and variations of this application fall within the scope of the claims of this application and their equivalent technologies, this application also intends to include these modifications and variations.

Claims

A secure access method, characterized in that the method includes:

Determine the target hardware module and target memory block according to the detection request;

Judging whether the target hardware module and the target memory block belong to the same media path;

When the target hardware module and the target memory block belong to the same media path, determining whether the target hardware module has access authority to the target memory block;

When the target hardware module has access authority to the target memory block, calling the target hardware module to access the target memory block.
8. The method of claim 1, wherein determining whether the target hardware module and the target memory block belong to the same media path comprises:

Acquire the first path identifier of the target hardware module and the second path identifier of the target memory block, the first path identifier indicates the media path corresponding to the target hardware module, and the second path identifier indicates the target The media channel corresponding to the memory block;

Detecting whether the first path identifier and the second path identifier are the same;

When the first path identifier and the second path identifier are the same, it is determined that the target hardware module and the target memory block belong to the same media path.
8. The method of claim 1, wherein determining whether the target hardware module and the target memory block belong to the same media path comprises:

Acquire the first path identifier of the target hardware module and the second path identifier of the target memory block, the first path identifier indicates the media path corresponding to the target hardware module, and the second path identifier indicates the target The media channel corresponding to the memory block;

Detecting whether the first path identifier and the second path identifier are the same as the target path identifier, and the target path identifier is used to indicate a target media path;

When the first path identifier is the same as the target path identifier, determining that the target hardware module belongs to the target media path; and

When the second path identifier is the same as the path identifier, it is determined that the target memory block belongs to the target media path.
The method according to claim 2 or 3, wherein said acquiring the first path identifier of the target hardware module and the second path identifier of the target memory block specifically comprises:

Acquiring the module identity of the target hardware module, and determining the first path identity corresponding to the module identity in the first correspondence;

Acquiring the memory identity identifier of the target memory block, and determining the second path identifier corresponding to the memory identity identifier in the first correspondence relationship;

Wherein, the first corresponding relationship includes the corresponding relationship between the path identifier, the module identifier and the memory identifier, one path identifier corresponds to the module identifier of at least one hardware module and the memory identifier of at least one memory block, and the same path identifier corresponds to At least one hardware module and at least one memory block of both belong to the media channel indicated by the same channel identifier.
The method according to claim 2 or 3, wherein said acquiring the first path identifier of the target hardware module and the second path identifier of the target memory block specifically comprises:

Obtain the module identity of the target hardware module, and determine the first path identifier corresponding to the module identity in a first corresponding relationship according to the module identity, and the first corresponding relationship includes the path identifier and Correspondence between the module IDs, one path ID corresponds to the module ID of at least one hardware module, and at least one hardware module corresponding to the same path ID belongs to the media path indicated by the same path ID;

Acquire a target address to be accessed, where the target address indicates the target memory block, and determine the second path identifier corresponding to the target memory block in a second correspondence relationship according to the target address, the second correspondence relationship The correspondence relationship between the address of the memory block and the channel identifier of the media channel to which the memory block belongs is included.
8. The method of claim 1, wherein determining whether the target hardware module has access authority to the target memory block comprises:

Acquiring the module identity of the target hardware module and the memory identity of the target memory block;

Detecting whether an access authority identifier corresponding to the module identity identifier and the memory identity identifier is set in the third correspondence relationship, and the third correspondence relationship includes the corresponding relationship between the module identifier, the memory identity identifier, and the access authority identifier;

When the access authority identifier corresponding to the module identity identifier and the memory identifier is set in the third correspondence relationship, it is determined that the target hardware module has access to the target memory block indicated by the access authority identifier Permissions.
The method according to claim 1 or 6, wherein the target hardware module corresponds to a target input and output memory management unit IOMMU, the target IOMMU includes an identification register, and the identification register includes at least one access authority The memory identity identifier, said determining whether the target hardware module has access authority to the target memory block, includes:

Acquiring the memory identity of the target memory block;

Determining whether the at least one memory identity with access permission includes the memory identity;

When the at least one memory identity identifier with access authority includes the memory identity identifier, it is determined that the target hardware module has the access authority indicated by the access authority identifier for the target memory block.
The method of claim 7, wherein:

The access authority includes a read operation authority and a write operation authority, the identification register includes a read identification register and a write identification register, the read identification register includes at least one memory identification identifier with read operation authority, and the write identification register Including at least one memory identifier with write operation permission.
The method according to claim 8, wherein determining whether the target hardware module has access authority to the target memory block comprises:

Determining whether the at least one memory identity with read operation permission includes the memory identity;

When the at least one memory identity with read operation permission includes the memory identity, it is determined that the target hardware module has read operation permission on the target memory block; or,

Determining whether the at least one memory identity with write operation permission has the memory identity;

When the at least one memory identity identifier with read operation authority includes the memory identity identifier, it is determined that the target hardware module has write operation authority to the target memory block.
The method according to any one of claims 1 to 9, wherein before determining the target hardware module and the target memory block according to the detection request, the method further comprises:

Obtain a request to create a media channel;

Generating a path identifier of the media path;

Configure at least one hardware module and at least one memory block to obtain the module identity of the at least one hardware module and the memory identity of the at least one memory block, and the at least one hardware module and the at least one memory block form the Media access

The first correspondence relationship is established according to the path identifier, the module identity identifier of the at least one hardware module, and the memory identity identifier of the at least one memory block.
The method of claim 10, wherein after configuring at least one hardware module and at least one memory block, the method further comprises:

Acquiring, from the third correspondence, at least one memory identity that the target hardware module has access rights;

The at least one memory identity identifier with access authority is configured in the identifier register of the target IOMMU.
An electronic device, characterized in that the electronic device includes a processor, a target hardware module and a target memory block, wherein:

The processor is configured to determine the target hardware module and the target memory block according to a detection request;

The processor is also used to determine whether the target hardware module and the target memory block belong to the same media path;

The processor is further configured to determine whether the target hardware module has access authority to the target memory block when the target hardware module and the target memory block belong to the same media path;

The target hardware module is configured to access the target memory block when the target hardware module has access authority to the target memory block.
The electronic device of claim 12, wherein:

The processor is further configured to obtain a first path identifier of the target hardware module and a second path identifier of the target memory block, where the first path identifier indicates a media path corresponding to the target hardware module, and The second path identifier indicates the media path corresponding to the target memory block;

The processor is further configured to detect whether the first path identifier and the second path identifier are the same;

The processor is further configured to determine that the target hardware module and the target memory block belong to the same media path when the first path identifier and the second path identifier are the same.
The electronic device of claim 12, wherein:

The processor is further configured to obtain a first path identifier of the target hardware module and a second path identifier of the target memory block, where the first path identifier indicates a media path corresponding to the target hardware module, and The second path identifier indicates the media path corresponding to the target memory block;

The processor is further configured to detect whether the first path identifier and the second path identifier are the same as the target path identifier, and the target path identifier is used to indicate a target media path;

The processor is further configured to determine that the target hardware module belongs to the target media path when the first path identifier is the same as the target path identifier;

The processor is further configured to determine that the target memory block belongs to the target media path when the second path identifier is the same as the path identifier.
The electronic device according to claim 13 or 14, wherein:

The processor is further configured to obtain the module identity of the target hardware module, and determine the first path identity corresponding to the module identity in a first correspondence;

The processor is further configured to obtain the memory identity identifier of the target memory block, and determine the second path identifier corresponding to the memory identity identifier in the first correspondence relationship;

Wherein, the first corresponding relationship includes the corresponding relationship between the path identifier, the module identifier and the memory identifier, one path identifier corresponds to the module identifier of at least one hardware module and the memory identifier of at least one memory block, and the same path identifier corresponds to At least one hardware module and at least one memory block of both belong to the media channel indicated by the same channel identifier.
The electronic device according to claim 13 or 14, wherein:

The processor is further configured to obtain the module identity of the target hardware module, and determine the first path identity corresponding to the module identity in a first correspondence according to the module identity, The first correspondence includes the correspondence between the path identifier and the module identity identifier, one path identifier corresponds to the module identifier of at least one hardware module, and at least one hardware module corresponding to the same path identifier belongs to the media path indicated by the same path identifier;

The processor is further configured to obtain a target address to be accessed, the target address indicating the target memory block, and determining the second path corresponding to the target memory block in a second correspondence relationship according to the target address The second correspondence relationship includes the correspondence relationship between the address of the memory block and the channel identifier of the media channel to which the memory block belongs.
The electronic device of claim 12, wherein:

The processor is further configured to obtain the module identity of the target hardware module and the memory identity of the target memory block;

The processor is further configured to detect whether an access authority identifier corresponding to the module identity identifier and the memory identity identifier is set in a third correspondence relationship, and the third correspondence relationship includes a module identity identifier, a memory identity identifier, and Correspondence of access authority identification;

The processor is further configured to determine that the target hardware module has access to the target memory block when the access authority identifier corresponding to the module identity identifier and the memory identity identifier is set in the third correspondence relationship. The access authority identifies the access authority indicated.
The electronic device according to claim 12 or 17, wherein the electronic device further comprises a target input output memory management unit IOMMU, the target IOMMU corresponds to the target hardware module, and the target IOMMU includes an identification register , The identification register includes at least one memory identification with access authority, where:

The target IOMMU is used to obtain the memory identity of the target memory block, and determine whether the memory identity is included in the at least one memory identity with access permission;

The target IOMMU is further configured to determine that the target hardware module has access to the target memory block indicated by the access authority identifier when the memory identifier is included in the at least one memory identifier with access authority Permissions.
The electronic device of claim 18, wherein:

The access authority includes a read operation authority and a write operation authority, the identification register includes a read identification register and a write identification register, the read identification register includes at least one memory identification identifier with read operation authority, and the write identification register Including at least one memory identifier with write operation permission.
The electronic device of claim 19, wherein:

The target IOMMU is also used to determine whether the at least one memory identity with read operation permission includes the memory identity, and the at least one memory identity with read operation permission includes the memory identity When identifying, it is determined that the target hardware module has the read operation authority to the target memory block;

The target IOMMU is also used to determine whether the memory identity is included in the at least one memory identity with write operation permission, and the memory identity is included in the at least one memory identity with read operation permission When identifying, it is determined that the target hardware module has the write operation authority to the target memory block.
The electronic device according to any one of claims 12 to 20, wherein:

The processor is also used to obtain a request to create a media path;

The processor is also used to generate a path identifier of the media path;

The processor is further configured to configure at least one hardware module and at least one memory block to obtain the module identity of the at least one hardware module and the memory identity of the at least one memory block, the at least one hardware module and the memory block The at least one memory block forms the media path;

The processor is further configured to establish the first correspondence relationship according to the path identifier, the module identity identifier of the at least one hardware module, and the memory identity identifier of the at least one memory block.
The electronic device according to claim 21, wherein:

The processor is further configured to obtain, from the third correspondence, at least one memory identity that the target hardware module has access rights;

The processor is further configured to configure the at least one memory identity identifier with access authority in the identifier register of the target IOMMU.
A device, characterized in that the device comprises:

The determining module is used to determine the target hardware module and the target memory block according to the detection request;

A judging module for judging whether the target hardware module and the target memory block belong to the same media path;

The determining module is further configured to determine whether the target hardware module has access authority to the target memory block when the target hardware module and the target memory block belong to the same media path;

The calling module is used for calling the target hardware module to access the target memory block when the target hardware module has access authority to the target memory block.
The device of claim 23, wherein the device further comprises an acquisition module and a detection module, wherein:

The acquiring module is configured to acquire the first path identifier of the target hardware module and the second path identifier of the target memory block, the first path identifier indicates the media path corresponding to the target hardware module, and the The second path identifier indicates the media path corresponding to the target memory block;

The detection module is configured to detect whether the first path identifier and the second path identifier are the same;

The determining module is further configured to determine that the target hardware module and the target memory block belong to the same media path when the first path identifier and the second path identifier are the same.
The device of claim 23, wherein:

The acquiring module is further configured to acquire the first path identifier of the target hardware module and the second path identifier of the target memory block, the first path identifier indicating the media path corresponding to the target hardware module, the The second path identifier indicates the media path corresponding to the target memory block;

The detection module is further configured to detect whether the first path identifier and the second path identifier are the same as the target path identifier, and the target path identifier is used to indicate a target media path;

The determining module is further configured to determine that the target hardware module belongs to the target media path when the first path identifier is the same as the target path identifier;

The determining module is further configured to determine that the target memory block belongs to the target media path when the second path identifier is the same as the path identifier.