Data processing apparatus and method for protecting secure data and program code from non-secure access when switching between secure and less secure domains

摘要

A data processing apparatus includes processing circuitry and a data store including a plurality of regions including a secure region and a less secure region. The secure region is configured to store sensitive data accessible by the circuitry when operating in a secure domain and not accessible by the circuitry when operating in a less secure domain. The data store includes a plurality of stacks with a secure stack in the secure region. Stack access circuitry is configured to store predetermined processing state to the secure stack. The processing circuitry further comprises fault checking circuitry configured to identify a first fault condition if the data stored in the predetermined relative location is the first value. This provides protection against attacks from the less secure domain, for example performing a function call return from an exception, or an exception return from a function call.

主权项

1. A data processing apparatus, said data processing apparatus comprising:
processing circuitry configured to perform data processing operations in response to program code; a data store configured to store data, said data store comprising a plurality of regions including a secure region and a less secure region, the secure region configured to store sensitive data accessible by said processing circuitry when operating in a secure domain and not accessible by said processing circuitry when operating in a less secure domain; said data store comprising a plurality of stacks, including a secure stack in said secure region; the processing circuitry including stack access circuitry configured in response to an event requiring a transition from the secure domain to the less secure domain, to store predetermined processing state to the secure stack; if said event is a first event type, the predetermined processing state stored by the stack access circuitry comprising at least a return address which is stored at a predetermined relative location on the secure stack; if the event is a second event type, the predetermined processing state stored by the stack access circuitry comprising at least a first value which is stored at said predetermined relative location, where said first value is not a valid address for program code; and the processing circuitry further comprising fault checking circuitry configured on receipt of a first event type return from the less secure domain to the secure domain to identify a first fault condition if the data stored in said predetermined relative location is said first value, wherein said first event type is a function call and said second event type is an exception or said first event type is an exception and said second event type is a function call.