Memory protection
Abstract
An integrated-circuit device ( 1 ) comprises a processor ( 7 ), memory ( 13 ) for storing executable code, and memory protection logic ( 9 ). The memory protection logic ( 9 ) is configured to: determine the state of a read protection flag for a protected region of the memory ( 13 ); detect a memory read request by the processor ( 7 ); determine whether the read request is for an address in the protected region of the memory ( 13 ); determine whether the processor ( 7 ) issued the read request while executing code stored in the protected region of the memory ( 13 ); and deny read requests for addresses in the protected region if the read protection flag for the protected region is set, unless at least one of one or more access conditions is met, wherein one of the access conditions is that the processor ( 7 ) issued the read requests while executing code stored in the protected region.
Claims
exact text as granted — not AI-modified1 . An integrated-circuit device comprising a processor, memory for storing executable code, and memory protection logic, wherein the memory protection logic is configured to:
determine the state of a read protection flag for a protected region of the memory; detect a memory read request by the processor; determine whether the read request is for an address in the protected region of the memory by determining whether the address of an instruction-fetch operation immediately preceding the memory access request was within the protected region; determine whether the processor issued the read request while executing code stored in the protected region of the memory; and deny read requests for addresses in the protected region if the read protection flag for the protected region is set, unless at least one of one or more access conditions is met, wherein one of said access conditions is that the processor issued the read requests while executing code stored in the protected region.
2 . The integrated-circuit device of claim 1 , wherein the memory protection logic comprises hardware logic that is separate from the processor.
3 . The integrated-circuit device of claim 1 , wherein the memory protection logic is configured to allow read requests for addresses in the protected region if the read protection flag for the protected region is not set.
4 . The integrated-circuit device of claim 1 , wherein the memory protection logic is configured to deny read requests for addresses in the protected region if the read protection flag for the protected region is set, unless the processor issued the read requests while executing code stored in the protected region.
5 . The integrated-circuit device of claim 1 , wherein the memory protection logic is further configured to determine the state of a write protection flag for the protected region and to deny write requests for addresses in the protected region if the write protection flag for the protected region is set, unless the processor issued the write requests while executing code stored in the protected region.
6 . The integrated-circuit device of claim 1 , wherein the memory is non-volatile memory.
7 . The integrated-circuit device of claim 1 , wherein the memory protection logic is configured to monitor all accesses to the memory.
8 . The integrated-circuit device of claim 1 , wherein the memory protection logic is configured to set a register on every instruction-fetch operation in accordance with whether the address of the fetched instruction is in the protected region or not.
9 . The integrated-circuit device of claim 1 , wherein the protected region is variable and is defined by one or more addresses stored on the device.
10 . The integrated-circuit device of claim 1 , wherein the protected region of the memory extends between a predetermined constant address and a variable point within the memory address range, and the memory protection unit is configured to determine whether the read request is for an address in the protected region by determining whether the address is between the predetermined constant address and the variable memory address.
11 . The integrated-circuit device of claim 1 , wherein the memory for storing executable code is non-volatile memory, and the device further comprises volatile memory, and wherein the memory protection logic is further configured to deny read requests for addresses in a protected region of the volatile memory if a read protection flag for the protected region of the volatile memory is set, unless the processor issued the read requests while executing code stored in the protected region of the non-volatile memory.
12 . The integrated-circuit device of claim 1 , comprising an interface for allowing memory access by an external debugger or software loader, wherein the memory protection logic is arranged to deny read requests received via said interface for addresses in one or more protected regions of volatile or non-volatile memory if a debugging protection flag for the region is set.
13 . The integrated-circuit device of claim 1 , comprising integrated radio communication logic, wherein a firmware module comprising code implementing a radio protocol stack is stored in the protected region of code memory and wherein optionally a software application which interfaces with the firmware module is stored in the memory outside the protected region.
14 . The integrated-circuit device of claim 1 , comprising non-volatile memory and arranged to store said protection flag or flags in a protection-configuration region of the non-volatile memory, wherein the device further comprises non-volatile memory control logic arranged to prevent writing to any portion of the protection-configuration region unless that portion is in an erased state.
15 . The integrated-circuit device of claim 14 , wherein the non-volatile memory control logic is further arranged to allow the protection-configuration region to be erased only if a protected region of the non-volatile memory is in an erased state.
16 . A method of controlling memory access on an integrated-circuit device comprising a processor and memory for storing executable code, the method comprising:
determining the state of a read protection flag for a protected region of the memory; detecting a memory read request by the processor; determining whether the read request is for an address in the protected region of the memory by determining whether the address of an instruction-fetch operation immediately preceding the memory access request was within the protected region; determining whether the processor issued the read request while executing code stored in the protected region of the memory; and denying read requests for addresses in the protected region if the read protection flag for the protected region is set, unless at least one of one or more access conditions is met, wherein one of said access conditions is that the processor issued the read requests while executing code stored in the protected region.
17 . An integrated-circuit device comprising a processor, non-volatile memory having a natural erased state, non-volatile memory control logic, and memory protection logic, wherein:
the memory protection logic is arranged to control access to a protectable region of the non-volatile memory in dependence on protection configuration data stored in a protection-configuration region of the non-volatile memory; the non-volatile memory control logic is arranged to prevent writing to any portion of the protection-configuration region, unless that portion is in an erased state, by being arranged to receive an instruction to write to a portion of the protection-configuration region and to respond by reading said portion to check that said portion is in the natural erased state before allowing the write; and the non-volatile memory control logic is arranged to allow the protection-configuration region to be erased only if the protectable region is in an erased state.
18 . The integrated-circuit device of claim 17 , wherein the non-volatile memory control logic and/or memory protection logic comprise logic gates separate from the processor.
19 . The integrated-circuit device of claim 17 , wherein the non-volatile memory control logic is configured so that the only mechanism provided by the non-volatile memory control logic for erasing the protection-configuration region is an instruction that erases both the protectable region and the protection-configuration region.
20 . The integrated-circuit device of claim 17 , wherein the protection-configuration region and the protectable region comprise different pages or erasable blocks of memory, and the non-volatile memory control logic is configured to erase all pages or blocks forming the protectable region before erasing any page or block forming part of the protection-configuration region.
21 . The integrated-circuit device of claim 17 , wherein the memory protection logic is configured such that, when the protection-configuration region is in an erased state, access to the protectable region is in the highest of an ordered set of restriction levels.
22 . The integrated-circuit device of claim 17 , arranged to store, in the memory-protection configuration region, one or more values that define the protectable region of non-volatile memory and/or that define a protected region of volatile memory.
23 . The integrated-circuit device of claim 17 , wherein the protection configuration data comprises a read protection flag for the protectable region of the non-volatile memory, and wherein the memory protection logic is configured to:
determine the state of the read protection flag; detect a memory read request by the processor; determine whether the read request is for an address in the protectable region; determine whether the processor issued the read request while executing code stored in the protectable region; and deny read requests for addresses in the protectable region if the read protection flag for the protectable region is set, unless at least one of one or more access conditions is met, wherein one of said access conditions is that the processor issued the read requests while executing code stored in the protectable region.
24 . A method of controlling memory access on an integrated-circuit device comprising a processor and non-volatile memory, the non-volatile memory being of a type that has a natural erased state, the method comprising:
controlling access to a protectable region of the non-volatile memory in dependence on protection configuration data stored in a protection-configuration region of the non-volatile memory; preventing writing to any portion of the protection-configuration region unless that portion is in an erased state by responding to an instruction to write to a portion of the protection-configuration region by reading said portion and checking that said portion is in the natural erased state before allowing the write; and allowing the protection-configuration region to be erased only when the protectable region is in an erased state.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.