| 摘要 |
According to an embodiment, an information processing apparatus includes a secure OS, a non-secure OS, and a monitor. The monitor is configured to switch between the OSs. The secure OS includes a memory protection setting controller, a processing determination controller, and a secure device access controller. The memory protection setting controller is configured to set a protection address in a memory for each certain processing. The processing determination controller is configured to receive an access type, a physical address of an access destination, and data to be written, acquire a list of processing, and determine a type of processing to be performed. The secure device access controller is configured to receive the access type, the physical address of an access destination, and data to be written, and access a peripheral identified by the physical address. |
| 主权项 |
1. An information processing apparatus comprising:
a processor configured to be selectively switched between a secure mode and in a non-secure mode, set independent access rights for the respective modes to a memory, and perform certain data processing in the selected mode; a secure operating system (OS) configured to run in the secure mode; a non-secure OS configured to run in the non-secure mode; and a monitor configured to switch between the secure OS and the non-secure OS, wherein the secure OS includes
a processing table management controller configured to store therein a physical address of data to be accessed in the memory and an access type in association with each other for each certain processing, the access type being read access or write access;a memory protection setting controller configured to refer to the processing table management controller, and set a protection address in the memory for each certain processing, at least one of the read access and the write access by the non-secure OS being prohibited;a processing determination controller configured to receive the access type and a physical address of an access destination, further receive data to be written when the access type is the write access, acquire a list of processing from the processing table management controller, and determine a type of processing to be performed;a processing executing controller configured to receive, from the processing determination controller, the type of processing, the access type, and the physical address of the access destination, further receive, from the processing determination controller, the data to be written when the access type is the write access, acquire data from a secure device access controller when the access type is the read access, and perform the processing on the data;the secure device access controller configured to receive the access type and the physical address of an access destination, further receive data to be written when the access type is the write access, and access a peripheral identified by the physical address; andan entry controller configured to receive, from an OS switcher of the monitor, the access type and a physical address of an access destination, further receive, from the OS switcher, data to be written when the access type is the write access, call the processing determination controller, acquire read data from the processing determination controller when the access type is the read access, and call the OS switcher, and the monitor includes
the OS switcher configured to control switching between the secure OS and the non-secure OS;an instruction analysis controller configured to acquire an instruction implementation of which is rejected, determine the access type, acquire a virtual address of a read destination when the access type is the read access, and acquire data to be written when the access type is the write access; andan address translation controller configured to translate the virtual address into the physical address by a page table of the non-secure OS. |
