Access and protection of I2C interfaces

摘要

A method, computer program product, and system to implement access control from a master device to a slave device over an inter-integrated circuit (I2C) interface are described. The method includes generating, using a processor, a control block defining the access control to the slave device over the I2C interface. The generating the control block is performed by the trusted code layer and the generating the control block is prohibited by the user-modifiable code layer. The method also includes controlling a command over the I2C interface to the slave device based on a generated command from the trusted code layer and the user-modifiable code layer in accordance with the control block.

主权项

1. A method of implementing access control to a slave device over an inter-integrated circuit (I2C) interface from a master device including a trusted code layer and a user-modifiable code layer, the method comprising:
generating, using a processor, a control block defining the access control to the slave device over the I2C interface, the generating the control block being performed by the trusted code layer, the generating the control block being prohibited by the user-modifiable code layer, and the generating the control block including defining a plurality of data structures; and controlling a command over the I2C interface to the slave device based on a generated command from the trusted code layer and the user-modifiable code layer in accordance with the control block, wherein the defining the plurality of data structures includes defining a device protection data structure that defines a read permission and a write permission associated with the slave device for each of the trusted code layer and the user-modifiable code layer, and the defining the plurality of data structures includes defining two or more advanced address protection data structures, each of the two or more advanced address protection data structures is specific to the trusted code layer or the user-modifiable code layer and to a read operation or a write operation and defines a window of address values, corresponding to addresses in an internal memory map of the slave device, within which the read operation or the write operation is permitted, and the defining the plurality of data structures includes combining the two or more advanced address protection data structures using a logical OR.