Data processor with a privileged state firewall and method therefore

摘要

A data processor (20) includes a firewall circuit (50) that monitors privilege level changes or transitions between privilege modes, such as from user mode and user space into supervisory or privileged mode and operating system space. The firewall circuit starts a timer (54) whenever a central processing unit (22) enters supervisor mode. If the timer (54) determines the passage of a predetermined time while the central processing unit remains continuously in supervisory mode without re-entering user mode, a predefined security policy is invoked. For example, the security policy may require at this point that the data processor (20) is to be reset. Different timer (54) time-out values and different security policies can be set for different types of privilege level changes. In one embodiment, a default time-out value provides protection for multiple types of privilege level changes.