| 摘要 |
Data processing apparatus having a plurality of domains of operation with different secure levels, and a data store for storing data and instructions; the data store comprising a plurality of regions each corresponding to one of the domains of operation, and comprising at least one secure region for storing sensitive data. When the processor fetches an instruction for execution from another domain (eg. that might be a more secure domain than the current domain of operation), a check is made to verify that the instruction is a special type of instruction called a guard instruction. If it is, then the domain of operation is switched to the new domain. If it is not, a security violation indication is generated. Various measures are also proposed to protect against inadvertent or malicious entry to another domain by mimicking a guard instruction eg. not allowing data values to be stored as literals in some regions of the data store and/or ensuring that the length of the guard instruction is equal to the longest in the instruction set, to cope with varying address alignment points. |
