CN113268447A - Computer architecture and access control, data interaction and safe starting method in computer architecture - Google Patents

Computer architecture and access control, data interaction and safe starting method in computer architecture Download PDF

Info

Publication number
CN113268447A
CN113268447A CN202110648808.0A CN202110648808A CN113268447A CN 113268447 A CN113268447 A CN 113268447A CN 202110648808 A CN202110648808 A CN 202110648808A CN 113268447 A CN113268447 A CN 113268447A
Authority
CN
China
Prior art keywords
access
access address
secure
processor core
address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110648808.0A
Other languages
Chinese (zh)
Inventor
姜新
应志伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Haiguang Information Technology Co Ltd
Original Assignee
Haiguang Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Haiguang Information Technology Co Ltd filed Critical Haiguang Information Technology Co Ltd
Priority to CN202110648808.0A priority Critical patent/CN113268447A/en
Publication of CN113268447A publication Critical patent/CN113268447A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • G06F13/38Information transfer, e.g. on bus
    • G06F13/40Bus structure
    • G06F13/4004Coupling between buses
    • G06F13/4027Coupling between buses using bus bridges
    • G06F13/404Coupling between buses using bus bridges with address mapping
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/06Addressing a physical block of locations, e.g. base addressing, module addressing, memory dedication
    • G06F12/0646Configuration or reconfiguration
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1408Protection against unauthorised use of memory or access to memory by using cryptography
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1416Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • G06F13/14Handling requests for interconnection or transfer
    • G06F13/16Handling requests for interconnection or transfer for access to memory bus
    • G06F13/1668Details of memory controller
    • G06F13/1673Details of memory controller using buffers

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention provides a computer framework and an access control, data interaction and safe starting method in the computer framework, wherein the computer framework comprises the following steps: the system comprises a plurality of processor cores, a bus connected with the processor cores, a main bridge connected with the bus, and a memory connected with the main bridge; at least one processor core in the plurality of processor cores is a safe processor core, and an access address generated by the safe processor core is a safe access address; at least one processor core in the plurality of processor cores is a common processor core, an access address generated by the common processor core is a common access address, and the safety access address is different from the common access address; the secure processor core and the common processor core perform data interaction with the host bridge through the bus; the host bridge executes data access to the memory based on the safe access address and the common access address transmitted by the bus, and the computer architecture improves the performance of the system.

Description

Computer architecture and access control, data interaction and safe starting method in computer architecture
Technical Field
The embodiment of the invention relates to the technical field of software security, in particular to a computer architecture and an access control, data interaction and secure starting method in the computer architecture.
Background
With the development of information technology, especially the development and popularization of cloud computing technology, more and more customers deploy business systems in the cloud, so that the importance of businesses related to cloud information security, such as electronic signatures, electronic contracts, online payments, digital authentication and the like, is increasingly prominent. How to construct a credible digital security platform becomes a technical focus of people's attention.
As a computer technology applied to a cloud, a virtualization technology can virtualize a plurality of Virtual Machines (VMs) through a host to realize efficient utilization of hardware resources of the host; meanwhile, a special security Processor (PSP) may be disposed in the host to provide trusted security services such as firmware signature verification, key generation, data encryption and decryption, and the like for the system, so as to improve the security of the Platform.
However, system performance of computer architectures configured with secure processors is at a premium.
Disclosure of Invention
In view of this, embodiments of the present invention provide a computer architecture and an access control, data interaction and secure booting method therein, which can improve system performance.
In order to achieve the above purpose, the embodiments of the present invention provide the following technical solutions:
in one embodiment of the invention, there is provided a computer architecture comprising:
the system comprises a plurality of processor cores, a bus connected with the processor cores, a main bridge connected with the bus, and a memory connected with the main bridge;
at least one processor core in the plurality of processor cores is a safe processor core, and an access address generated by the safe processor core is a safe access address; at least one processor core in the plurality of processor cores is a common processor core, an access address generated by the common processor core is a common access address, and the safety access address is different from the common access address;
the secure processor core and the common processor core perform data interaction with the host bridge through the bus;
and the host bridge executes data access to the memory based on the safe access address and the common access address transmitted by the bus.
Optionally, the plurality of processor cores are of an isomorphic structure.
Optionally, the access address includes a security flag bit, the security flag bit of the secure access address is a first value, and the security flag bit of the normal access address is a second value.
Optionally, the system further includes a shared cache, where the shared cache includes a secure cache and a normal cache that are isolated from each other, the secure cache only performs data access based on the secure access address, and the normal cache only performs data access based on the normal access address.
Optionally, the shared cache includes a cache controller, and the access control logic of the cache controller includes: and judging whether a safety mark bit in the access address is a first value, if so, executing the access corresponding to the access address by the safety cache, and if not, executing the access corresponding to the access address by the common cache.
Optionally, the memory includes a secure private memory and a normal memory, and the secure private memory is only allowed to be accessed by the secure processor core.
Optionally, the host bridge includes a memory controller, where the memory controller includes a dedicated register set, and an address range of the secure dedicated memory is configured in the dedicated register set;
the control logic of the memory controller comprises: all memory addresses allow data access based on the secure access address, and memory addresses configured in the private register set prohibit data access based on the normal access address.
Optionally, all the memory addresses allow data access based on the secure access address, and the memory addresses configured in the dedicated register set prohibit data access based on the common access address, specifically:
determining the access authority corresponding to the access address according to the security mark bit of the access address; when the safety mark bit of the access address is a first value, determining that the access address is a safety access address, and allowing to execute access to the access address; and when the security tag bit of the access address is a second value, determining that the access address is a common access address, judging whether the access address is a memory address configured in a special register set, and if so, forbidding to execute access to the access address.
Optionally, the system further comprises a security module, wherein the security module comprises a security control unit, a key storage unit and a security start control unit;
wherein the security control unit is configured to control the security module to allow only access based on a secure access address; the key storage unit is used for storing a firmware key; the secure boot control unit is configured to execute a secure boot initialization procedure.
Optionally, the security control unit is configured to control the security module to only allow an access based on a security access address, and specifically includes:
judging the access authority corresponding to the access address according to the safety mark bit of the access address; when the security mark bit of the access address is a first value, determining that the access address is a security access address, and allowing to execute access to the security module; and when the safety mark bit is a second value, determining that the access address is a common access address, and forbidding to execute the access to the safety module.
Optionally, the secure processor core includes an advanced editable interrupt register for performing interaction with the normal processor core; wherein the secure processor core masks initialization interrupt messages and startup interrupt messages of the advanced editable interrupt register.
Optionally, the memory further includes a secure interaction memory, and the secure interaction memory is used for writing in interaction data of the secure processor core and the normal processor core; the secure processor core further comprises a data exchange register configured with an address range of the secure interaction memory.
In an embodiment of the present invention, there is also provided an access control method for a cache, where the cache includes a normal cache and a secure cache, and the method includes:
acquiring an access request transmitted by a bus, wherein the access request is sent by one of a plurality of processor cores and comprises an access address; at least one processor core in the plurality of processor cores is a safe processor core, and an access address in an access request sent by the safe processor core is a safe access address; at least one processor core in the plurality of processor cores is a common processor core, an access address of an access request sent by the common processor core is a common access address, and the secure access address is different from the common access address;
determining whether an access address in the access request is a secure access address;
if so, executing access to the secure cache;
and if not, executing the access to the common cache.
Optionally, the determining whether the access address in the access request is a secure access address includes:
judging whether a security mark bit in an access address is a first value or not, determining that the access address is a security access address when the security mark bit in the access address is the first value, and determining that the access address is a non-security access address when the security mark bit in the access address is a second value.
In an embodiment of the present invention, there is further provided a method for controlling access to a memory, where the memory includes a secure private memory and a normal memory, the method including:
acquiring an access request transmitted by a bus, wherein the access request is sent by one of a plurality of processor cores and comprises an access address; at least one processor core in the plurality of processor cores is a safe processor core, and an access address in an access request sent by the safe processor core is a safe access address; at least one processor core in the plurality of processor cores is a common processor core, an access address of an access request sent by the common processor core is a common access address, and the secure access address is different from the common access address;
determining whether an access address in the access request is a secure access address;
if yes, executing data access to the access address;
if not, judging whether the access address in the access request is the memory address of the secure private memory, if not, allowing the access to the access address, and if so, forbidding the access to the access address.
Optionally, the determining whether the access address in the access request is a memory address of a secure private memory specifically includes:
and judging whether the access address in the access request is a memory address configured in a special register set.
Optionally, the determining whether the access address in the access request is a secure access address specifically includes:
and judging whether the security mark bit of the access address in the access request is a first value, determining that the access address is a secure access address when the security mark bit in the access address is the first value, and determining that the access address is a non-secure access address when the security mark bit in the access address is a second value.
In an embodiment of the present invention, there is also provided a security module access control method, including:
acquiring an access request transmitted by a bus, wherein the access request is sent by one of a plurality of processor cores and comprises an access address; at least one processor core in the plurality of processor cores is a safe processor core, and an access address in an access request sent by the safe processor core is a safe access address; at least one processor core in the plurality of processor cores is a common processor core, an access address of an access request sent by the common processor core is a common access address, and the secure access address is different from the common access address;
determining whether an access address in the access request is a secure access address;
if so, executing access to the security module;
and if not, forbidding to execute the access to the security module.
Optionally, the determining whether the access address in the access request is a secure access address specifically includes:
and judging whether the security mark bit of the access address in the access request is a first value, determining that the access address is a secure access address when the security mark bit in the access address is the first value, and determining that the access address is a non-secure access address when the security mark bit in the access address is a second value.
In an embodiment of the present invention, there is further provided a data interaction method applied to the computer architecture described in the above embodiment, where the method includes:
the common processor core obtains the memory address of the secure interaction memory of the secure processor core and writes the data to be interacted into the secure interaction memory;
the secure processor core generates response data according to the data to be interacted in the secure interaction memory and writes the response data into the secure interaction memory;
and the ordinary processor core acquires the response data.
Optionally, the step of generating response data by the secure processor core according to the data to be interacted in the secure interaction memory includes:
the safety processor core reads data to be interacted in the safety interaction memory based on the interrupt message transmitted by the bus; and the secure processor core shields the initialization interrupt message and the start interrupt message transmitted by the bus.
In an embodiment of the present invention, there is further provided a secure boot method applied to the computer architecture in the foregoing embodiment, where the method includes:
performing key verification based on the key information in the security module;
configuring a secure private memory and a secure interactive memory, checking and loading a basic input and output system;
releasing and starting the normal processor core.
The computer architecture provided by the embodiment of the invention comprises: the system comprises a plurality of processor cores, a bus connected with the processor cores, a main bridge connected with the bus, and a memory connected with the main bridge; at least one processor core in the plurality of processor cores is a safe processor core, and an access address generated by the safe processor core is a safe access address; at least one processor core in the plurality of processor cores is a common processor core, an access address generated by the common processor core is a common access address, and the safety access address is different from the common access address; the secure processor core and the common processor core perform data interaction with the host bridge through the bus; and the host bridge executes data access to the memory based on the safe access address and the common access address transmitted by the bus.
The bus-based data interaction between the safety processor and the common processor core is performed based on the bus, wherein the access address generated by the safety processor core is a safety access address different from the common access address, so that the address can be distinguished in the system based on different types of access addresses, the safety processor core can realize data interaction based on the bus, and meanwhile, a data isolation basis is provided for the data interaction of the safety processor core, and the information safety of the safety processor is ensured. That is to say, in the embodiments of the present invention, on the premise of ensuring the security of the security processor, the bus in the system is used to perform information transmission, thereby improving the efficiency of data transmission and further improving the performance of the system.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is an alternative architecture diagram of a cloud service based on virtualization technology;
FIG. 2 is a system architecture diagram of a cloud host;
FIG. 3 is an alternative diagram of a computer architecture according to an embodiment of the present invention;
FIG. 4 is an exemplary diagram of address bits of an access address according to an embodiment of the present invention;
fig. 5 is a schematic diagram of a shared cache structure according to an embodiment of the present invention;
FIG. 6 is a diagram illustrating a structure of a dedicated register set according to an embodiment of the present invention;
fig. 7A is a schematic diagram illustrating a data access flow of a processor core according to an embodiment of the present invention;
FIG. 7B is a diagram illustrating an alternative example of a data access flow of a processor core according to an embodiment of the present invention;
FIG. 8 is a diagram of another computer architecture provided by an embodiment of the present invention;
fig. 9 is a schematic structural diagram of a security module according to an embodiment of the present invention;
FIG. 10 is a diagram illustrating an exemplary architecture of an advanced programmable interrupt register according to an embodiment of the present invention;
FIG. 11 is a schematic diagram of a data interaction flow provided by an embodiment of the present invention;
FIG. 12 is a diagram illustrating an example of interaction between a secure processor core and a normal processor core according to an embodiment of the present invention;
fig. 13 is a schematic diagram illustrating a secure boot process of a secure processor core according to an embodiment of the present invention;
fig. 14 is a schematic flowchart of step S30 according to the present invention;
fig. 15 is a flowchart illustrating step S31 according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The virtualization technology can be applied to various scenes, and particularly, along with the development of cloud services, the virtualization technology is more and more widely applied to the scene of the cloud services; for the convenience of understanding the virtualization technology, the virtualization technology will be described below by taking a cloud service based on the virtualization technology as an example.
Referring to an alternative architecture of a cloud service based on virtualization technology shown in fig. 1, the architecture of the cloud service may include: a cloud host 100, a network 20, users 31 to 3 n;
the cloud host 100 is a host device (which may be in the form of a server) that is deployed on a network side for a cloud service provider (such as a cloud service vendor) to provide a cloud service; based on the requirements of different users, the cloud host can create one or more virtual machines for different users through a virtualization technology, for example, a user can request the cloud host to create a plurality of virtual machines which adapt to the service requirements of the user according to the service requirements, so that the user can respectively run applications on the plurality of virtual machines belonging to the user, and the application run by the plurality of virtual machines is used for cooperatively completing a user-specific service;
the network 20 may be considered as an internet or other form of network having a communication function, and the communication and data transmission between the cloud host and the user are realized through the network, and the specific network form of the network 20 is not limited in the embodiment of the present invention;
the users 31 to 3n are registered users using cloud services, the number of the registered users may be multiple, and the embodiment of the present invention does not limit the specific value of n; in a cloud service scenario, each user may own one or more virtual machines belonging to the user in the cloud host, so as to complete a user-specific service by using the virtual machines belonging to the user.
To further clarify the virtualization technology of the cloud service scenario, referring to the system architecture diagram of the cloud host shown in fig. 2, as shown in fig. 2, the cloud host includes: a Processor core (CPU core)1, a host bridge (host bridge)2, a memory (DRAM)3, and a Secure Processor (PSP) 4; alternatively, the processor core 1, the host bridge 2, and the secure processor 4 may be integrated in an SOC (system on chip).
The processor core 1 is an operation and control core of a physical host, and is used for interpreting computer instructions and processing data in computer software. The processor core 1 may virtualize a plurality of virtual machines and implement operation and management of the virtual machines through virtualization technology, and the processor core 1 may be an x86 processor, for example.
The host bridge 2 is hardware that controls the memory 3 and enables the memory 3 to exchange data with other components (e.g., the processor core 1); during operation of the processor, the processor core 1 may interact with the host bridge 2 via a bus.
The safety processor 4 is a processor which is specially set by the safety virtualization technology and is responsible for data safety of the virtual machine. The secure processor 4 may include a secure processor core 41, a security module 42, and a cryptographic engine 43.
The secure processor core 41 is configured to implement operations and control in the trusted management process, provide encryption and decryption for secure data in the virtual machine, and implement secure boot (secure boot) for the processor core 1. The secure processor core 41 is typically a processor heterogeneous to the processor core 1, for example, the secure processor core may be an ARM processor with smaller power consumption.
The security module 42 stores firmware signatures and code for initializing secure boot security mechanisms and provides storage space for the initialization (bootrom) phase of secure boot.
In this System architecture, the secure processor 4 can only bridge to the host bridge 2 through a special System Hub (System Hub)5 to achieve access to the memory 3 and data interaction with hardware other than the secure processor 4, and ensure that the hardware other than the secure processor 4 cannot directly access secure resources in the secure processor 4, thereby ensuring System security in the hardware architecture.
However, in this data interaction method, the data transmission efficiency is low, so that the system performance needs to be improved.
Based on this, the embodiment of the present invention provides a computer architecture, where a secure processor and a normal processor core both perform data interaction based on a bus, where an access address generated by the secure processor core is a secure access address different from the normal access address, so that address differentiation can be implemented in a system based on different types of access addresses, and when the secure processor core implements data interaction based on the bus, a data isolation basis is provided for the data interaction of the secure processor core, thereby ensuring information security of the secure processor. That is to say, in the embodiments of the present invention, on the premise of ensuring the security of the security processor, the bus in the system is used to perform information transmission, thereby improving the efficiency of data transmission and further improving the performance of the system.
In an alternative example, referring to an alternative schematic diagram of the computer architecture shown in fig. 3, as shown in fig. 3, the computer architecture includes: a plurality of processor cores 10, a bus 11, a host bridge 12 and a memory 13;
among the plurality of processor cores 10, at least one processor core may be defined as a secure processor core (the processor core shaded in the figure is the secure processor core), and the secure processor core is used as a processor core of the secure processor to implement operation and control in the trusted management process. Meanwhile, at least one processor core is defined as a common processor core (the processor core which is not shaded in the figure is the common processor core), and the common processor core is used as the processor core of the virtual machine, so that the running and the management of the virtual machine are realized. Optionally, after the secure processor cores are defined, it may be defined that all of the remaining processor cores of the plurality of processor cores are normal processor cores.
It is understood that in a system on chip with a multi-core architecture, the processor cores may be isomorphic, which means having the same architecture or structure. One processor core is defined as a safe processor core in a plurality of isomorphic processor cores, so that the expandability of the system is improved. Meanwhile, the security processor which is isomorphic with the common processor is more beneficial to adopting the same data interaction mechanism, thereby improving the efficiency of data interaction and the performance of the system.
Optionally, the bus 11 may include an address bus 11a, a data bus 11b, and a control bus 11c, and when data access is performed, an access address to be accessed may be determined based on an address in the address bus 11a, where the access address may be a memory access address, or an access address in another storage unit, for example, an access address of a storage space in the security module.
In the embodiment of the invention, the access address can be divided into a safe access address and a common access address, wherein the access address generated by the safe processor core is the safe access address, the access address generated by the common processor core is the common access address, and the safe access address is different from the common access address. Optionally, the secure access address and the normal access address may determine whether the access address is the secure access address or the normal access address by defining a security flag bit in the access address and distinguishing based on different values of the security flag bit.
The address bus on the SOC chip is typically multi-bit (bit), for example, the on-chip address bus for a 64-bit processor is 48 bits, so that up to 256TB of memory can be supported. However, the memory in a system is typically much smaller than 256TB, and thus the high order bits of the address bus can be defined as the security tag bits. Referring to fig. 4, an example address bit diagram of an access address is shown, where, in 48 bits of the access address, 0 to 45 bits may be defined as an actual address bit (add-bit), 46 bits are defined as a security flag bit (SP-bit) to mark that the access address is a secure access address/a normal access address, and 47 bits are defined as an encryption bit (c-bit) to mark that a storage space (e.g., a memory) pointed by the access address is in an encrypted/unencrypted state.
In an alternative example, the security flag bit of the secure access address may be defined to be a first value, for example, 1, and the security flag bit of the normal access address may be defined to be a second value, for example, 0. As a specific example, an SP-bit is defined as 1, which indicates that the current access address is a secure access address generated by the secure processor core; the SP-bit is defined to be 0 indicating that the current access address is a normal access address generated by the normal processor core.
It is understood that the security flag bit may be adaptively set according to different requirements, for example, the security flag bit is set at the highest bit, the middle bit, etc. of the access address, and the invention is not particularly limited herein. After the specific security marker bit is determined, the security marker bit can be set through hardware, the security marker bit is always set to be a first value in the access address sent by the security processor core, and the security marker bit is set to be a second value in the access address sent by other common processor cores.
It can be understood that, referring to the computer architecture diagram shown in fig. 3, in a processor core, an independent cache L1 cache (not shown) and an L2 cache are generally included, where the L1 cache is further divided into an instruction cache Icache and a data cache Dcache (as shown in fig. 3), so that, in a secure processor core, corresponding data interaction may be performed only based on the independent cache L1 cache and the independent cache L2 cache inside the secure processor core, or may be performed based on a shared cache (e.g., L3 cache).
In the embodiment of the present invention, referring to the schematic diagram of the computer architecture shown in fig. 3, the computer architecture further includes a shared cache 14, and in the example of fig. 3, the shared cache is L3 cache for example. In conjunction with the schematic diagram of the shared cache structure shown in fig. 5, the shared cache may include a secure cache 14a and a normal cache 14b that are isolated from each other. The secure cache 14a may be configured to perform only secure access address based data accesses and the normal cache 14b may be configured to perform only normal access address based data accesses. The secure cache 14a and the normal cache 14b are isolated from each other to achieve isolation of cache data. It is understood that the cache space of the normal cache 14b may be set larger than that of the secure cache 14a based on the data access amount of the normal processor core being much larger than that of the secure processor core.
With reference to fig. 3, when the shared cache 14 performs data interaction with the processor core 10, corresponding address data is obtained based on the bus 11, specifically, address data is obtained based on the address bus 11a in the bus 11, where the address data may be a secure access address or a general access address.
The shared cache 14 may be configured with a logic for performing access control based on an access address, specifically, the shared cache determines whether the access address is a secure access address, if so, the secure cache performs access corresponding to the access address, and if not, the general cache performs access corresponding to the access address.
Specifically, a security flag bit (bus SP-bit) processing mechanism is added in the cache controller of the shared cache 14, so that a logic for judging whether an access address is a security access address can be implemented based on the security flag bit, and the security cache is controlled to execute data access only based on the security access address, and the normal cache executes data access only based on the normal access address. Specifically, the access control logic of the cache controller may be: and judging whether a safety mark bit in the access address is a first value, if so, executing the access corresponding to the access address by the safety cache, and if not, executing the access corresponding to the access address by the common cache. For example, when SP-bit is 1, only the secure cache in L3 cache is read and written (shaded in fig. 3); when SP-bit is 0, only the normal cache in L3 cache (unshaded part in fig. 3) is read and written.
Further, referring to fig. 3, in the embodiment of the present invention, the memory 13 is configured with an independent secure private memory (SP _ DRAM) only for the secure processor core to access, so as to store the data of the secure processor core and the data of the normal processor core separately, thereby ensuring the data security of the secure processor.
Specifically, the secure private memory can be accessed only by the secure processor core by correspondingly configuring the access control logic of the memory. As will be appreciated, host bridge 12 is used to implement memory access control. Specifically, the host bridge 12 includes a memory controller 12a (umc), and the host bridge 12 implements access control to a memory through the memory controller 12 a.
In an alternative example, the memory controller 12a includes a dedicated register set SP _ DRAM _ REG corresponding to the secure private memory, and the address range of the secure private memory SP _ DRAM is configured in the dedicated register set SP _ DRAM _ REG, so that the memory configured in the address range of the dedicated register set SP _ DRAM _ REG is only accessible by the secure processor core and is prohibited from being accessed by the normal processor core.
Specifically, referring to the example of the private register set structure shown in fig. 6, the private register set may include a START register SP _ DRAM _ START for identifying a START address, an initial value of which may be 0, and an END register SP _ DRAM _ END for identifying an END address, an initial value of which may be 0 xffffffffffffff.
It should be noted that, in the memory controller, the dedicated register set may be one set or multiple sets, and when there are multiple sets of dedicated registers, multiple different address ranges may be defined as the secure dedicated memory. The special register only allows the secure processor core to configure, and the ordinary processor core cannot configure the special register.
It should be noted that, in the system startup phase, all the memories are considered to be the secure exclusive memories of the secure processor, only the secure processor core can access the memories, and other processor cores cannot access the memories.
In the control logic of the memory controller, all memory addresses allow data access based on the safe access address, and the memory addresses configured in the special register set prohibit the data access based on the common access address, so that the common processor core is prevented from accessing the safe special memory.
With continued reference to FIG. 3, during a particular memory access, host bridge 12 obtains corresponding address data based on bus 11. Specifically, the host bridge 12 acquires corresponding address data based on the address bus 11a in the bus 11. It is understood that the address data obtained by the host bridge 12 may be a secure access address or a general access address. After the corresponding address data is acquired, the memory controller 12a performs corresponding memory access control.
Alternatively, the memory controller 12a may determine the access address according to the address data acquired from the address bus, and further determine the access right corresponding to the access address based on the security identification bit of the access address. When the safety mark bit of the access address is a first value, determining that the access address is a safety access address, and allowing the access of the access address to be executed; and when the safety mark bit of the access address is a second value, determining that the access address is a common access address, judging whether the access address is a memory address in a special register set, and if so, forbidding to execute the access of the access address.
With reference to the foregoing example, when an access address in an access request includes SP-bit equal to 1, the access request corresponding to the access address may access all memories, that is, the secure processor core has a right to access all memories; when the access address in the access request contains SP-bit equal to 0, the access request corresponding to the access address can only access the normal memory outside the memory address range configured by the SP _ DRAM _ REG register set, that is, the normal processor core does not have the right to access the secure private memory.
Based on the above computer architecture, an embodiment of the present invention further provides a data access flow of a processor core, and with reference to the data access flow diagram of the processor core shown in fig. 7A, the data access flow includes:
step S10: a processor core sends out an access request, wherein the access request comprises an access address;
the access request is sent by one of the processor cores, and the processor core sending the access request can be a safe processor core or a common processor core; the access request can be a memory access request, and the access address is an access address capable of being stored, wherein in the access request sent by the secure processor core, the access address is a secure access address, and in the access request sent by the normal processor core, the access address is a normal access address. The secure access address is different from the normal access address, and in an alternative example, the secure access address and the normal access address differ in a value of a security flag bit.
Wherein the processor core issues the access request over a bus. Specifically, an address bus among the buses transmits an access address of the access request.
Step S11: the shared cache executes access corresponding to the access address based on the access request;
after the processor core sends out the access request through the bus, the shared cache can obtain the access request transmitted by the bus.
When the data of the access address is stored in the shared cache, the shared cache hits the access request and executes the access corresponding to the access address; when the data of the access address is not stored in the shared cache, the shared cache misses the access request, and step S12 is executed;
in the embodiment of the present invention, the shared cache is further divided into a secure cache and a normal cache, and accordingly, when the access address in the access request is a secure access address, the secure cache is accessed, and when the access address in the access request is a normal access address, the normal cache is accessed.
Specifically, referring to an alternative example diagram of the data access flow of the processor core shown in fig. 7B, step S11 may include:
step S110: determining whether an access address in the access request is a secure access address;
when the access address in the access request is a secure access address, executing step S111; when the access address in the access request is a normal access address, step S112 is executed.
Specifically, whether the security flag bit in the access address is a first value is judged, when the security flag bit in the access address is the first value, for example, 1, the access address is determined to be a secure access address, and when the security flag bit in the access address is a second value, for example, 0, the access address is determined to be a non-secure access address, that is, a normal access address.
Step S111: performing an access to a secure cache;
during the access process to the secure cache, it is determined whether the access is hit, and if the access is hit, step S113 is executed, and if the access is not hit, the access request is returned, and the access request is transmitted to the memory controller via the bus, and step S12 is executed.
Step S112: an access to the normal cache is performed.
In the process of accessing the general cache, it is determined whether the access is hit, step S113 is executed if the access is hit, the access request is returned if the access is not hit, the access request is transmitted to the memory controller via the bus, and step S12 is executed.
Step S113: and returning the data accessed by the access request to the bus.
On an access hit, the shared cache may transmit the data accessed by the access request to the bus.
With continued reference to fig. 7A, step S12 is performed: the memory controller executes data access corresponding to the access address based on the access request;
the access request is based on bus transmission, and correspondingly, the memory controller in the host bridge can execute corresponding data access after acquiring the access request transmitted by the bus.
According to the embodiment of the invention, the memory is divided into the secure exclusive memory and the common memory, wherein the secure exclusive memory only allows access based on the secure access address, and the common memory simultaneously allows access based on the secure access address and access based on the common access address. Accordingly, the memory controller needs to determine the access right based on the access address in the access request.
The memory controller may determine an access right of the access request based on an access address in the access request, and further execute the access request based on the access right. When the access address of the access request is a safe access address, the access request has access authority to all memories, so that the access to the access address is allowed to be executed; when the access address of the access request is a common access address, the access request only has access authority to a common memory, and therefore, whether the access address is a memory address of a secure private memory or not needs to be judged, and the address range based on the secure private memory is configured in a private register group, so that corresponding judgment can be performed based on address data in the private register group. Specifically, whether an access address in the access request is a memory address configured in a special register set is judged, if not, the access to the access address is allowed to be executed, and if so, the access to the access address is prohibited to be executed.
Specifically, referring to an alternative example diagram of the data access flow of the processor core shown in fig. 7B, step S12 may include:
step S120: determining whether an access address in the access request is a secure access address.
When the access address in the access request is a common access address, executing step S121; when the access address in the access request is a secure access address, step S122 is executed.
Specifically, whether the access address is a secure access address may be determined based on a security flag bit in the access address, specifically, whether the security flag bit of the access address in the access request is a first value is determined, when the security flag bit of the access address is the first value, for example, 1, the access address is determined to be the secure access address, and when the security flag bit of the access address is a second value, for example, 0, the access address is determined to be the normal access address.
Step S121: and judging whether the access address in the access request is the memory address of the secure private memory.
When the access address of the access request is a common access address, it needs to further determine whether the access address in the access request is a memory address of a secure private memory. Specifically, it may be determined whether an access address in the access request is a memory address configured in a dedicated register set, if not, the access to the access address is allowed to be executed, and step S122 is executed, if yes, the access is considered to be abnormal, the access to the access address is prohibited to be executed, a result of the access abnormality is fed back to the bus, and the bus transmits the access result to a corresponding processor core.
It should be noted that whether or not the access address is a memory address arranged in the exclusive register group may be determined based on the actual address bits of the access address, for example, in the address data in fig. 4, values at 0 to 45 bits are address data, and thus, the determination may be performed based on the address data at the position.
Step S122: and executing data access corresponding to the access address.
When the access address of the access request is a safe access address, the access request has access authority to all memories, so that data access corresponding to the access address can be directly executed.
Step S123: and returning the data accessed by the access request to the bus.
When accessing the data corresponding to the access address, the memory controller may transmit the data accessed by the access request to the bus, transmit the corresponding data to the shared cache by the bus, and further transmit the corresponding data to the corresponding processor core by the shared cache.
It can be understood that, in the embodiment of the present invention, the secure processor core may access all the memories, and meanwhile, based on the isomorphic structure of the secure processor core and the normal processor core, the secure software on the secure processor core may directly call the service program of the normal processor core on the premise of service security, so that the efficiency of the secure processor may be effectively improved. And through corresponding permission setting, the common processor core cannot access the special safety resource of the safety processor, and the safety of the safety processor core is ensured.
In another embodiment of the present invention, another computer architecture is provided, referring to another computer architecture diagram shown in fig. 8, the computer architecture further includes a security module 15, referring to a structure diagram of the security module shown in fig. 9, the security module includes: a secure control unit (secure controller)15a, a key storage unit 15b, and a secure boot control unit 15 c; the security module 15 obtains corresponding address data based on the bus, and the address data may be a secure access address or a general access address.
Wherein the security control unit 15a is configured to control the security module to allow only access based on a security access address; optionally, the security control unit may determine whether the access address is a secure access address according to a security flag bit of the access address, and further determine an access right corresponding to the access address. Specifically, it may be determined whether a security flag bit of an access address in the access request is a first value. When the security flag bit of the access address is a first value, for example, SP-bit equals 1, the access address is determined to be a secure access address, and then access to the secure module is allowed to be performed. When the security flag bit of the access address is a second value, for example, SP-bit is 0, the access address is determined to be a normal access address, and then the access to the security module is prohibited.
The key storage unit 15b is used to store a firmware key. Optionally, the key storage unit may be an eFUSE (one-time programmable storage module) for an OEM (Original Equipment Manufacturer) Manufacturer to use, and the OEM Manufacturer may write a Manufacturer key and the like in the eFuses, so as to implement, through the Manufacturer key, verification and authentication of a BIOS (Basic Input Output System ), and the like.
The secure boot control unit 15c is configured to execute a secure boot initialization procedure. Optionally, the secure boot control unit 15c may be a bootrom, a section of read-only code built in the SOC, and have the highest execution authority, so as to execute a secure boot initialization process, implement functions such as loading a key, and verifying a firmware.
In an optional example, the security module may further include a secure boot storage unit 15d, configured to provide a storage space for the secure boot initialization process inside the security module, so as to prevent the secure boot initialization process from using a storage device outside the security module, and ensure security of the secure boot control unit when executing the corresponding process.
With continued reference to fig. 8, in an embodiment of the present invention, the secure processor core and the normal processor core each include an Advanced Programmable Interrupt Controller (APIC) 16, so that the secure processor core performs interaction with the normal processor core based on the same interrupt hierarchy as the normal processor core.
It is understood that the processor core 10 may cause the processor core receiving the interrupt message to perform a corresponding operation based on the interrupt message by sending an interrupt (IPI) message to an advanced programmable interrupt register of another processor core 10. Meanwhile, the processor core can also realize data interaction with the host bridge based on an advanced programmable interrupt register interface (IO-APIC).
In particular, referring to the exemplary structure diagram of the advanced programmable interrupt register (hereinafter referred to as APIC) shown in fig. 10, it can be seen that the APIC may have 64 bits, where the MT field is used to indicate the message type of the interrupt message and the VEC field is used to indicate the vector value, and in the embodiment of the present invention, based on different message types of the interrupt message, masking of the corresponding interrupt message may be performed to ensure the security of the secure processor core.
The interrupt message mainly includes the following types:
1) fixed, fixing the interrupt message, and determining the interrupt number according to the vector (value of VEC field);
2) lowest priority, Lowest priority request interrupt;
3) SMI (System Management interrupt), system Management interrupt;
4) remote read, reading APIC data of the Remote processor core;
5) NMI, non-maskable interrupt;
6) INIT, initializing interrupt, for restoring processor core to initial state;
7) a STARTUP, start interrupt, to specify a start path for the local processor core;
8) external interrupt for handling peripheral interaction;
in order to ensure the safety of the safety processor, the safety processor core can be configured to shield a start inter-processor interrupt (SIPI) message of the common processor core, so as to prevent the safety processor core from being implanted into an illegal execution path caused by responding to the message. Optionally, the secure processor core shields an initialization interrupt (INIT) message and a start interrupt (start) message, and shields the two types of interrupt messages, thereby preventing the normal processor core from tampering with the secure processor core state.
In the embodiment of the present invention, the advanced programmable interrupt register is further extended, so as to further set a data exchange register (SCDXR) (not shown in the figure), and a memory address range of a secure interaction memory for implementing data interaction between the secure processor core and the normal processor core can be configured in the data exchange register, so that data to be interacted can be written into the secure interaction memory, and data interaction between the secure processor core and the normal processor core can be implemented.
Based on the above computer architecture, an embodiment of the present invention further provides a data interaction method, which is applied to interaction between a secure processor core and a normal processor core, and with reference to a data interaction flow diagram shown in fig. 11, the data interaction flow includes:
step S20: the common processor core obtains the memory address of the secure interaction memory of the secure processor core and writes the data to be interacted into the secure interaction memory;
specifically, the normal processor core may initiate a remote read type interrupt message to the secure processor core through a bus (e.g., a control bus), so as to read the SCDXR register and obtain an address and a size of the secure interaction memory. The secure interactive memory may be referred to as REQ/RSP buffer, among others.
Specifically, the data to be interacted may be written into the REQ/RSP buffer, and then the secure processor core is notified to execute corresponding processing by using a custom interrupt message, for example, an interrupt message IPI TEE request based on a TEE (Trusted Execution Environment). The REQ/RSP buffers may be organized in various forms, such as circular queues, first-in-first-out queues, etc., in relation to the TEE software implementation details, which are no longer within the design considerations.
Step S21: the safety processor core generates response data according to the data to be interacted in the safety interaction memory and writes the response data into the safety interaction memory;
the secure processor core may read data to be interacted in the secure interaction memory based on an interrupt message transmitted by the bus, so as to obtain the data to be interacted, and further generate corresponding response data according to the data to be interacted.
It should be noted that, in order to secure the secure processor core, the secure processor core does not respond to all types of interrupt messages. Specifically, the secure processor core shields the bus-transmitted initialization interrupt message and the startup interrupt message.
After generating the corresponding response data, the secure processor core further writes the response data into the secure interactive memory REQ/RSP buffer, and sends an interrupt message to notify the normal processor core. For example, based on an interrupt message IPI TEE response of TEE (Trusted Execution Environment), the normal processor core is notified to execute corresponding processing.
Step S22: the ordinary processor core obtains the response data;
the normal processor core can read the response data in the secure interactive memory based on the interrupt message.
In an alternative example, referring to fig. 12, an interaction example diagram of a secure processor core and a normal processor core is shown, where an operating system of the normal processor core may interact with the secure processor core based on a REQ/RSP buffer when executing services such as payment, an electronic contract, or a block chain, and the secure processor core feeds back corresponding interaction data based on services such as a Trusted Platform Module (TPM) in a TEE operating system, a trusted execution environment, or Key management (Key management), so as to implement trusted management of the services.
Based on the above computer architecture, an embodiment of the present invention further provides a secure boot process of a processor core, referring to a secure boot process schematic diagram of a secure processor core shown in fig. 13, where the secure boot process includes:
step S30: performing key verification based on the key information in the security module;
specifically, in the secure boot phase, an initialization (bootrom) process of the secure boot is executed first, and key verification of key information in the secure module is executed.
It should be noted that, when the system is powered on and started, an Instruction Pointer (IP) register of the secure processor core may be set to point to a secure start control unit (bootrom) of the secure module, so that the system starts to execute a code of the bootrom first and locks other normal processor cores.
Specifically, referring to the flowchart of step S30 shown in fig. 14, step S30 may include:
step S301: acquiring a BOOTROM code in the security module, and establishing a memory stack required by code operation in a security boot storage unit (such as SRAM) of the security module;
step S302: reading firmware key information in a key storage unit (e.g., EFUSE) of the security module;
step S303: reading a boot loader code in a Service Provider Interface storage unit (SPI-ROM, wherein the SPI is an abbreviation of a Service Provider Interface, and the ROM is an abbreviation of a Read-Only Memory), and executing signature verification of a boot loader process;
wherein the boot loader code may be read by the host bridge. Specifically, a corresponding access request is transmitted to the host bridge based on the bus, so that boot loader (bootloader) code is read by the host bridge.
Further, based on the boot load code, signature verification of the boot load process may be performed. Wherein, when the check fails, executing an exception exit; when the verification is successful, step S31 is executed.
It can be understood that, in the data interaction process between the secure processor core and the secure module, corresponding data transmission is performed based on the bus, and meanwhile, the secure module determines that the access address is the secure access address based on the access request sent by the secure processor core, so as to allow the secure processor core to acquire or read the code or information therein, thereby ensuring the data interaction security between the secure processor core and the secure module.
Step S31: configuring a secure private memory and a secure interactive memory of the secure processor core, verifying and loading a basic input and output system;
specifically, after executing the initialization process of the secure boot phase, an off chip bootloader (off chip bootloader) process is executed.
Specifically, referring to the flowchart of step S31 shown in fig. 15, step S31 may include:
step S311: executing boot loader (bootloader) code;
and executing the boot loading process based on the read boot loading code.
Step S312: configuring a special register of the host bridge and appointing a memory range of a safe special memory;
the manufacturer can set according to the memory requirement of the trusted security service actually operated by the secure processor core.
Specifically, the secure processor core may transmit a corresponding instruction to the host bridge based on the bus, thereby configuring a dedicated register of the host bridge and specifying a memory range of the secure dedicated memory.
Step S313: applying for a secure interactive memory from a memory controller, and writing a memory address range of the applied secure interactive memory into a data exchange register (SCDXR);
the secure interaction memory is used for realizing interaction between the secure processor core and the common processor core. When the common processor core needs to interact with the safe processor core, the common processor core reads the address of the safe interaction memory in the data interaction register, and executes a corresponding interaction process based on the address of the safe interaction memory.
Step S314: reading a Basic Input Output System (BIOS) code in a service provider interface storage unit (SPI-ROM), checking the BIOS if a secure boot process (secure boot) is enabled, and exiting abnormally if the secure boot process fails.
Wherein the BIOS code may be read by the host bridge. Specifically, a corresponding access request is transmitted to the host bridge over the bus, thereby reading the BIOS code by the host bridge.
Further, based on the BIOS code, a verification of the BIOS may be performed. Wherein, when the check fails, executing an exception exit; when the verification is successful, step S315 is performed.
Step S315: loading the BIOS to the specified address of the memory;
the specified address of the memory is usually the address pointed by the initial IP pointer of the first loaded ordinary processor core, so that the ordinary processor core can be subsequently started.
Step S32: releasing and starting the normal processor core.
And based on the fact that the common processor core is in a locked state when the system is powered on, the common processor core is released to execute the loading process of the common processor core.
It should be noted that, in the loading process of the normal processor core, the first loaded normal processor (may be referred to as BSP) needs to be released and started first, and after the BSP is started, the loading start of other normal processors can be executed.
It is understood that after the above secure boot method is executed, an initialization process of the normal processor core may be entered, and in the embodiment of the present invention, a secure boot process of the normal processor core is further provided, where the process includes a BSP initialization process and a remaining normal processor (AP) initialization process.
Specifically, the BSP initialization process includes:
step S40: BSP executes system loading program and initializes hardware resource;
the system loader may be a BIOS program or a UEFI program. Among them, the UEFI (Unified Extensible Firmware Interface) program is a program for automatically loading an operating system from a pre-boot operating environment to an operating system.
Step S41: executing an operating system starting loader (QS bootloader), and selecting an operating system to be started;
step S42: the operating system initializes and sends a startup interrupt message to the AP processor core.
Wherein, the AP processor core executes the initialization process by sending a start interrupt message (SIPI) to the AP processor core.
Specifically, the AP initialization process includes:
step S50: after responding to the received SIPI, executing initialization work;
in the computer architecture provided by the embodiment of the invention, the secure processor and the common processor core perform data interaction based on the bus, wherein the access address generated by the secure processor core is a secure access address different from the common access address, so that address differentiation can be realized in the system based on different types of access addresses, the secure processor core realizes data interaction based on the bus, and meanwhile, a data isolation basis is provided for the data interaction of the secure processor core, and the information security of the secure processor is ensured. That is to say, in the embodiments of the present invention, on the premise of ensuring the security of the security processor, the bus in the system is used to perform information transmission, thereby improving the efficiency of data transmission and further improving the performance of the system.
Although the embodiments of the present invention have been disclosed, the present invention is not limited thereto. Various changes and modifications may be effected therein by one skilled in the art without departing from the spirit and scope of the invention as defined in the appended claims.

Claims (19)

1. A computer architecture, comprising:
the system comprises a plurality of processor cores, a bus connected with the processor cores, a main bridge connected with the bus, and a memory connected with the main bridge;
at least one processor core in the plurality of processor cores is a safe processor core, and an access address generated by the safe processor core is a safe access address; at least one processor core in the plurality of processor cores is a common processor core, an access address generated by the common processor core is a common access address, and the safety access address is different from the common access address;
the secure processor core and the common processor core perform data interaction with the host bridge through the bus;
and the host bridge executes data access to the memory based on the safe access address and the common access address transmitted by the bus.
2. The computer architecture of claim 1, wherein the plurality of processor cores are homogeneous structures.
3. The computer architecture of claim 1, wherein the access address includes a security marker bit, wherein the security marker bit of the secure access address is a first value, and wherein the security marker bit of the normal access address is a second value.
4. The computer architecture of claim 3, further comprising a shared cache, wherein the shared cache comprises a secure cache and a normal cache that are isolated from each other, wherein the secure cache performs only data accesses based on the secure access address, and wherein the normal cache performs only data accesses based on the normal access address.
5. The computer architecture of claim 4, wherein the shared cache includes a cache controller, the access control logic of the cache controller comprising: and judging whether a security mark bit in an access address is a first value, if so, executing the access corresponding to the access address by the security cache, and if not, executing the access corresponding to the access address by the common cache.
6. The computer architecture of claim 3, wherein the memory comprises a secure private memory and a normal memory, the secure private memory being accessible only to the secure processor core.
7. The computer architecture of claim 6, wherein the host bridge comprises a memory controller comprising a private register bank having an address range of the secure private memory configured therein;
the control logic of the memory controller comprises: all memory addresses allow data access based on the secure access address, and memory addresses configured in the private register set prohibit data access based on the normal access address.
8. The computer architecture as claimed in claim 7, wherein all memory addresses allow data access based on the security access address, and the memory addresses configured in the private register set prohibit data access based on the normal access address, specifically:
determining the access authority corresponding to the access address according to the security mark bit of the access address; when the safety mark bit of the access address is a first value, determining that the access address is a safety access address, and allowing to execute access to the access address; and when the security tag bit of the access address is a second value, determining that the access address is a common access address, judging whether the access address is a memory address configured in a special register set, and if so, forbidding to execute access to the access address.
9. The computer architecture of claim 3, further comprising a security module comprising a security control unit, a key storage unit, and a secure boot control unit;
wherein the security control unit is configured to control the security module to allow only access based on a secure access address; the key storage unit is used for storing a firmware key; the secure boot control unit is configured to execute a secure boot initialization procedure.
10. The computer architecture according to claim 9, wherein said security control unit is configured to control said security module to only allow access based on a security access address, in particular:
judging the access authority corresponding to the access address according to the safety mark bit of the access address; when the security mark bit of the access address is a first value, determining that the access address is a security access address, and allowing to execute access to the security module; and when the safety mark bit is a second value, determining that the access address is a common access address, and forbidding to execute the access to the safety module.
11. The computer architecture of claim 1, wherein the secure processor core comprises an advanced editable interrupt register to perform interactions with a normal processor core; wherein the secure processor core masks initialization interrupt messages and startup interrupt messages of the advanced editable interrupt register.
12. The computer architecture of claim 1, wherein the memory further comprises a secure interaction memory, the secure interaction memory configured to write interaction data of the secure processor core and the normal processor core; the secure processor core further comprises a data exchange register configured with an address range of the secure interaction memory.
13. An access control method for a cache, wherein the cache includes a normal cache and a secure cache, the method comprising:
acquiring an access request transmitted by a bus, wherein the access request is sent by one of a plurality of processor cores and comprises an access address; at least one processor core in the plurality of processor cores is a safe processor core, and an access address in an access request sent by the safe processor core is a safe access address; at least one processor core in the plurality of processor cores is a common processor core, an access address of an access request sent by the common processor core is a common access address, and the secure access address is different from the common access address;
determining whether an access address in the access request is a secure access address;
if so, executing access to the secure cache;
and if not, executing the access to the common cache.
14. A method for controlling access to a memory, the memory comprising a secure private memory and a normal memory, the method comprising:
acquiring an access request transmitted by a bus, wherein the access request is sent by one of a plurality of processor cores and comprises an access address; at least one processor core in the plurality of processor cores is a safe processor core, and an access address in an access request sent by the safe processor core is a safe access address; at least one processor core in the plurality of processor cores is a common processor core, an access address of an access request sent by the common processor core is a common access address, and the secure access address is different from the common access address;
determining whether an access address in the access request is a secure access address;
if yes, executing data access to the access address;
if not, judging whether the access address in the access request is the memory address of the secure private memory, if not, allowing the access to the access address, and if so, forbidding the access to the access address.
15. The method according to claim 14, wherein the determining whether the access address in the access request is a memory address of a secure private memory specifically comprises:
and judging whether the access address in the access request is a memory address configured in a special register set.
16. A method for controlling access to a security module, the method comprising:
acquiring an access request transmitted by a bus, wherein the access request is sent by one of a plurality of processor cores and comprises an access address; at least one processor core in the plurality of processor cores is a safe processor core, and an access address in an access request sent by the safe processor core is a safe access address; at least one processor core in the plurality of processor cores is a common processor core, an access address of an access request sent by the common processor core is a common access address, and the secure access address is different from the common access address;
determining whether an access address in the access request is a secure access address;
if so, executing access to the security module;
and if not, forbidding to execute the access to the security module.
17. A data interaction method applied to the computer architecture of claims 1-12, the method comprising:
the common processor core obtains the memory address of the secure interaction memory of the secure processor core and writes the data to be interacted into the secure interaction memory;
the secure processor core generates response data according to the data to be interacted in the secure interaction memory and writes the response data into the secure interaction memory;
and the ordinary processor core acquires the response data.
18. The data interaction method according to claim 17, wherein the step of generating response data by the secure processor core according to the data to be interacted in the secure interaction memory includes:
the safety processor core reads data to be interacted in the safety interaction memory based on the interrupt message transmitted by the bus; and the secure processor core shields the initialization interrupt message and the start interrupt message transmitted by the bus.
19. A secure boot method applied to a secure processor core in the computer architecture of claims 1-12, the method comprising:
performing key verification based on the key information in the security module;
configuring a secure private memory and a secure interactive memory of the secure processor core, verifying and loading a basic input and output system;
releasing and starting the normal processor core.
CN202110648808.0A 2021-06-10 2021-06-10 Computer architecture and access control, data interaction and safe starting method in computer architecture Pending CN113268447A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110648808.0A CN113268447A (en) 2021-06-10 2021-06-10 Computer architecture and access control, data interaction and safe starting method in computer architecture

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110648808.0A CN113268447A (en) 2021-06-10 2021-06-10 Computer architecture and access control, data interaction and safe starting method in computer architecture

Publications (1)

Publication Number Publication Date
CN113268447A true CN113268447A (en) 2021-08-17

Family

ID=77234833

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110648808.0A Pending CN113268447A (en) 2021-06-10 2021-06-10 Computer architecture and access control, data interaction and safe starting method in computer architecture

Country Status (1)

Country Link
CN (1) CN113268447A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114491565A (en) * 2022-03-31 2022-05-13 飞腾信息技术有限公司 Firmware secure boot method and device, computing equipment and readable storage medium
CN114564241A (en) * 2022-02-25 2022-05-31 苏州浪潮智能科技有限公司 Hardware device access method and device, computer device and storage medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1723448A (en) * 2002-11-18 2006-01-18 Arm有限公司 Secure memory for protecting against malicious programs
US20090177826A1 (en) * 2008-01-09 2009-07-09 Texas Instruments Incorporated System and method for preemptive masking and unmasking of non-secure processor interrupts
CN103092788A (en) * 2012-12-24 2013-05-08 华为技术有限公司 Multi-core processor and data access method
CN107194284A (en) * 2017-06-22 2017-09-22 济南浪潮高新科技投资发展有限公司 A kind of method and system based on the user-isolated data of TrustZone
CN110210214A (en) * 2019-06-03 2019-09-06 成都海光集成电路设计有限公司 Processor core partition method and device
CN110276214A (en) * 2019-06-12 2019-09-24 浙江大学 A kind of credible SOC framework of double-core and method based on slave access protection
CN110347635A (en) * 2019-06-28 2019-10-18 西安理工大学 A kind of heterogeneous polynuclear microprocessor based on multilayer bus

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1723448A (en) * 2002-11-18 2006-01-18 Arm有限公司 Secure memory for protecting against malicious programs
US20090177826A1 (en) * 2008-01-09 2009-07-09 Texas Instruments Incorporated System and method for preemptive masking and unmasking of non-secure processor interrupts
CN103092788A (en) * 2012-12-24 2013-05-08 华为技术有限公司 Multi-core processor and data access method
CN107194284A (en) * 2017-06-22 2017-09-22 济南浪潮高新科技投资发展有限公司 A kind of method and system based on the user-isolated data of TrustZone
CN110210214A (en) * 2019-06-03 2019-09-06 成都海光集成电路设计有限公司 Processor core partition method and device
CN110276214A (en) * 2019-06-12 2019-09-24 浙江大学 A kind of credible SOC framework of double-core and method based on slave access protection
CN110347635A (en) * 2019-06-28 2019-10-18 西安理工大学 A kind of heterogeneous polynuclear microprocessor based on multilayer bus

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114564241A (en) * 2022-02-25 2022-05-31 苏州浪潮智能科技有限公司 Hardware device access method and device, computer device and storage medium
CN114564241B (en) * 2022-02-25 2023-07-25 苏州浪潮智能科技有限公司 Method and device for accessing hardware device, computer device and storage medium
CN114491565A (en) * 2022-03-31 2022-05-13 飞腾信息技术有限公司 Firmware secure boot method and device, computing equipment and readable storage medium
CN114491565B (en) * 2022-03-31 2022-07-05 飞腾信息技术有限公司 Firmware secure boot method, device, computing equipment and readable storage medium

Similar Documents

Publication Publication Date Title
US10949247B2 (en) Systems and methods for auditing a virtual machine
CN109918919B (en) Management of authentication variables
US10031993B1 (en) Application store model for dynamic reconfiguration of a field-programmable gate array (FPGA)
US8776245B2 (en) Executing trusted applications with reduced trusted computing base
KR100855803B1 (en) Cooperative embedded agents
JP5705983B2 (en) Providing high-speed nonvolatile storage in a secure environment
US8327415B2 (en) Enabling byte-code based image isolation
US8909940B2 (en) Extensible pre-boot authentication
US9319380B2 (en) Below-OS security solution for distributed network endpoints
EP2831792B1 (en) Providing an immutable antivirus payload for internet ready compute nodes
EP4020168A1 (en) Apparatus and method for secure instruction set execution, emulation, monitoring, and prevention
JP2013537335A (en) Demand-based USB proxy for data store in service processor complex
JP2011118873A (en) Automated modular and secure boot firmware update
CN107567629B (en) Dynamic firmware module loader in trusted execution environment container
US8205197B2 (en) Apparatus, system, and method for granting hypervisor privileges
US8473945B2 (en) Enabling system management mode in a secure system
CN113268447A (en) Computer architecture and access control, data interaction and safe starting method in computer architecture
US11960737B2 (en) Self-deploying encrypted hard disk, deployment method thereof, self-deploying encrypted hard disk system and boot method thereof
CN113449283A (en) non-ROM based IP firmware verification downloaded by host software
CN114430834A (en) Secure buffer for boot loader
US20220019426A1 (en) Method device and system for upgradable microcode (ucode) loading and activation in runtime for bare metal deployment
WO2024208268A1 (en) Method for accessing tpm in computing device, and computing device
US20240160431A1 (en) Technologies to update firmware and microcode
WO2024040508A1 (en) Memory preserved warm reset mechanism
CN112181860A (en) Controller with flash memory simulation function and control method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination