发明名称 |
Information processing apparatus, information processing system, and computer program product |
摘要 |
According to an embodiment, an information processing apparatus includes a main processor, a secure operating system (OS) module, a non-secure OS module, a secure monitor memory setting module, a timer, and an address space controller. When receiving a notification of an interrupt from the timer, a secure monitor instructs the secure OS module to execute certain processing. The secure OS module is configured to execute certain processing instructed by the secure monitor and store data of a result of the processing in a first memory area. |
申请公布号 |
US9536113(B2) |
申请公布日期 |
2017.01.03 |
申请号 |
US201414482036 |
申请日期 |
2014.09.10 |
申请人 |
Kabushiki Kaisha Toshiba |
发明人 |
Isozaki Hiroshi;Kanai Jun;Sano Shintarou;Sasaki Shunsuke;Kizu Toshiki |
分类号 |
H04L29/06;G06F21/74;H04L9/08;G06F21/57 |
主分类号 |
H04L29/06 |
代理机构 |
Oblon, McClelland, Maier & Neustadt, L.L.P. |
代理人 |
Oblon, McClelland, Maier & Neustadt, L.L.P. |
主权项 |
1. An information processing apparatus comprising:
a main memory; a main processor configured to selectively switch between a secure mode and a non-secure mode, and perform certain data processing in the selected mode; an address space controller configured to set access rights to the main memory independently for each mode of the main processor, the access rights including read permission and write permission; and the main memory stores instructions that, when executed by the main processor, cause the main processor to function as one or more modules comprising: a secure monitor module configured to set, to the address space controller, a first memory area from which data is readable in both modes and into which data is writable only in the secure mode, a second memory area from which data is readable and into which data is writable in both modes, and a third memory area from which data is readable and into which data is writable only in the secure mode; a non-secure operating system (OS) module configured to run in the non-secure mode, the non-secure OS module being allocated in the second memory area; a secure OS module configured to run in the secure mode, the secure OS module being allocated in the third memory area; and a timer configured to notify the secure monitor module of an interrupt, wherein the secure monitor module is configured to, when switching the mode of the main processor from the non-secure mode to the secure mode, and simultaneously switching from the non-secure OS module to the Secure OS module, instruct the secure OS module to execute the certain data processing when receiving a notification of the interrupt from the timer, the secure OS module is configured to perform the certain data processing instructed by the secure monitor module and store data of a result of the processing in the first memory area, and when switching from the non-secure OS module to the secure OS module, the secure monitor module is configured to store, in the third memory area, a context of the non-secure OS module before switching from the non-secure OS module to the secure OS module so that the context of the non-secure OS module is restored from the third memory area after switching from the secure OS module to the non-secure OS module. |
地址 |
Minato-ku JP |