| 摘要 |
A data processing system operates in a plurality of modes including a first privilege mode and a second privilege mode, with the first giving rights of access that are not available in the second. Application code 4, 6 executes in the second privilege mode and generates function calls to hypervisor code 2 which executes in the first privilege mode. These function calls are to perform a secure function requiring the rights of access which are only available in the first privilege mode: hypervisor code controls execution of the secure function. Scheduling code 8, executing in the second privilege mode, i.e. unprivileged mode, controls scheduling of both the application code 4, 6 and the hypervisor code 2. Memory protection circuitry (18 in Figure 2) operating with physical addresses may serve to control access permissions required to access different regions within the memory address space using configuration data (32 in Figure 2) which is written by the hypervisor code 2. The hypervisor code 2 may temporarily grant access to different regions within the physical memory address space to the system in the second privilege mode as needed (Figure 4) to support the execution of code scheduled by the scheduling code 8. |
