Information processing apparatus, information processing system, and computer program product

摘要

According to an embodiment, an information processing apparatus includes a main processor, a secure operating system (OS) module, a non-secure OS module, a secure monitor memory setting module, a timer, and an address space controller. When receiving a notification of an interrupt from the timer, a secure monitor instructs the secure OS module to execute certain processing. The secure OS module is configured to execute certain processing instructed by the secure monitor and store data of a result of the processing in a first memory area.

主权项

1. An information processing apparatus comprising:
a main memory; a main processor configured to selectively switch between a secure mode and a non-secure mode, and perform certain data processing in the selected mode; an address space controller configured to set access rights to the main memory independently for each mode of the main processor, the access rights including read permission and write permission; and the main memory stores instructions that, when executed by the main processor, cause the main processor to function as one or more modules comprising: a secure monitor module configured to set, to the address space controller, a first memory area from which data is readable in both modes and into which data is writable only in the secure mode, a second memory area from which data is readable and into which data is writable in both modes, and a third memory area from which data is readable and into which data is writable only in the secure mode; a non-secure operating system (OS) module configured to run in the non-secure mode, the non-secure OS module being allocated in the second memory area; a secure OS module configured to run in the secure mode, the secure OS module being allocated in the third memory area; and a timer configured to notify the secure monitor module of an interrupt, wherein the secure monitor module is configured to, when switching the mode of the main processor from the non-secure mode to the secure mode, and simultaneously switching from the non-secure OS module to the Secure OS module, instruct the secure OS module to execute the certain data processing when receiving a notification of the interrupt from the timer, the secure OS module is configured to perform the certain data processing instructed by the secure monitor module and store data of a result of the processing in the first memory area, and when switching from the non-secure OS module to the secure OS module, the secure monitor module is configured to store, in the third memory area, a context of the non-secure OS module before switching from the non-secure OS module to the secure OS module so that the context of the non-secure OS module is restored from the third memory area after switching from the secure OS module to the non-secure OS module.