DE112023000522T5 - PERIPHERAL ACCESS CONTROL USING BITMASKS SPECIFYING ACCESS SETTINGS FOR PERIPHERALS - Google Patents

Abstract

An electronic device includes a transaction host, first and second peripherals, a memory, an access control register, and first and second access controllers. The memory stores instructions for managing access control identifiers, a first task related to the first peripheral, and a first bit mask specifying corresponding access settings for the first and second peripherals to perform the first task. The access control register includes a first access control identifier for the first peripheral and a second access control identifier for the second peripheral. The transaction host executes the access control identifier management instructions to program the first and second access control identifiers based on the first bit mask and then executes the first task. The first and second access control identifiers control access to the first and second peripherals, respectively, based on the first and second access control identifiers programmed based on the first bit mask.

Description

RELATED PATENT APPLICATION

This application claims priority to IN patent application No. 202211000733 , filed on January 6, 2022, the entire contents of which are hereby incorporated by reference for all purposes.

TECHNICAL FIELD

The present disclosure relates to electronic devices including peripherals, and more particularly to controlling access to peripherals using bit masks that specify access settings for peripherals.

BACKGROUND

A system on a chip, also known as a system-on-chip or SoC, is an integrated circuit (IC) that integrates an electronic system or computer system on a single chip. A SoC typically includes at least one processor, e.g. a central processing unit (CPU), a microcontroller or a microprocessor (MPU), and various devices for peripherals, e.g. input/output ports, internal memory, and analog input and output blocks, e.g. radio modems, a graphics processing unit (GPU) and/or one or more coprocessors, all housed on a single substrate or microchip. A SoC can be designed for various functions, for example signal processing, wireless communication or artificial intelligence.

In some SoCs, the firmware running on the processor has full access to all peripherals on the SoC, regardless of the current operating mode of the processor, for example, privileged mode or user mode. This can lead to errors or other undesirable consequences. For example, a faulty or malicious firmware device driver corresponding to one peripheral can erroneously (or maliciously) access and damage another peripheral, e.g., by modifying the registers provided in the other peripheral.

There is a need for improved, cost-effective access control for peripherals provided in a SoC or other electronic device to protect the peripherals, for example, from faulty or malicious firmware.

SUMMARY

Systems and methods are provided for controlling access to peripherals in an electronic device (e.g., a SoC or other electronic device), for example to protect peripherals from erroneous or malicious access. Some examples provide programmable (e.g., updatable) access control identifiers corresponding to corresponding peripherals and corresponding access controllers to control access to corresponding peripherals based at least on the access control identifiers.

An access control identifier may include one or more bits, referred to herein as access control bits. The access control identifiers may be used to protect peripherals during execution of user-space tasks, e.g., device driver operations associated with a selected peripheral. For example, to execute a corresponding task (e.g., a device driver operation) associated with a selected peripheral, a transaction host (e.g., a processor) may execute supervisor firmware or other supervisor code to program (e.g., set or update) corresponding access control identifiers in an access control register to (a) allow the corresponding task to access the selected peripheral and (b) prevent the corresponding task from accessing other peripherals, e.g., to prevent the corresponding task from erroneously or maliciously accessing registers in any of the other peripherals. In some examples, the access control identifier may enable the transaction host (e.g., the processor) to program, e.g., set or update, the respective access control identifiers to enable supervisor code access to all peripherals during a privileged mode operation, e.g., execution of the corresponding supervisor firmware.

In some examples, corresponding bit masks are stored for corresponding tasks (e.g., device driver operations), where the bit mask for a corresponding task specifies corresponding access settings for corresponding peripherals to perform the corresponding task. Before executing a particular task, the transaction host may access the bit mask associated with the respective task and program (e.g., set or update) the respective access control identifiers in the access control register. The programmed access control identifiers may be accessed by the access control identifiers associated with the respective peripherals to control access to the respective peripherals during execution of the respective task.

In some applications, access control identifiers and access control can eliminate the need for complex software, enabling smaller or less expensive processors, e.g. in a SoC.

One aspect features an electronic device including a transaction host, a first peripheral, a second peripheral, a first access control identifier coupled to the first peripheral, a second access control identifier coupled to the second peripheral, and an access control register storing a first access control identifier for the first peripheral and a second access control identifier for the second peripheral. The first access controller receives a request for access to the first peripheral by the transaction host, makes an access determination for the first peripheral based at least on the first access control identifier for the first peripheral, and allows or prevents the transaction host from accessing the first peripheral based on the access determination.

In some examples, the transaction host includes a processor or a direct memory access (DMA) engine.

In some examples, the transaction host includes a bridge to receive requests from an external host separate from the electronic device to access the first peripheral.

In some examples, the first access control identifier comprises one or more first access control bits and the second access control identifier comprises one or more second access control bits.

In some examples, the electronic device includes firmware executable by the transaction host to program at least one of the first access control identifier and the second access control identifier based on an operating mode of the transaction host.

In some examples, the electronic device includes firmware executable by the transaction host to dynamically program at least one of the first access control identifier for the first peripheral and the second access control identifier for the second peripheral between (a) a setting that allows access to the respective peripheral by the transaction host and (b) a setting that prevents access to the respective peripheral by the transaction host.

In some examples, the electronic device includes firmware executeable by the transaction host to program the first and second access control identifiers, including (a) for a privileged mode of the transaction host, to program both the first and second access control identifiers to an allowed setting to allow access to the first peripheral and the second peripheral by the transaction host; (b) for a first user mode operation of the transaction host to perform operations related to the first peripheral, to program the first access control identifier to the access-enabled setting to allow access to the first peripheral and to program the second access control identifier to an access-prevented setting to prevent access to the second peripheral; and (c) for a second user mode operation of the transaction host to perform operations related to the second peripheral, programming the first access control identifier to an “access prevented” setting to prevent access to the first peripheral and programming the second access control identifier to an “access allowed” setting to allow access to the second peripheral.

In some examples, the access control identifier makes an access determination for the first peripheral based on at least (a) the peripheral-specific access control identifier for the first peripheral and (b) an operating mode signal indicating either a privileged mode of the transaction host or a user mode of the transaction host.

In some examples, the first access control identifier for the first peripheral and the second access control identifier for the second peripheral each indicate either (a) a restricted access setting to allow access to the respective peripheral only in the privileged mode of the transaction host, or (b) an open access setting to allow access to the respective peripheral in both the privileged mode of the transaction host and the user mode of the transaction host.

In some examples, the electronic device includes firmware executable by the transaction host to program at least one of the first and second access control identifiers between the restricted access setting and the open access setting.

In some examples, the access control identifier may (a) determine that access to the first peripheral is permitted when the first access control identifier for the first peripheral indicates the open access setting and an operating mode signal indicates the privileged mode of the transaction host; (b) determine that access to the first peripheral is permitted when the first access control identifier for the first peripheral indicates the open access setting and the operating mode signal indicates the user mode of the transaction host; (c) determine that access to the first peripheral is permitted when the first access control identifier for the first peripheral indicates the restricted access setting and the operating mode signal indicates the privileged mode of the transaction host; and (d) determine that access to the first peripheral is to be prevented if the first access control identifier for the first peripheral indicates the restricted access setting and the operation mode signal indicates the user mode of the transaction host.

In some examples, the transaction host is selectively operable in a privileged mode and a user mode, and at least one of the first and second access control identifiers is programmable only in the privileged mode of the transaction host.

In some examples, the electronic device comprises firmware running on the transaction host, wherein allowing or preventing access to the first peripheral comprises allowing or preventing access to the first peripheral by the firmware running on the transaction host.

In some examples, the access control register is provided in a dedicated peripheral of the plurality of peripherals.

In some examples, the electronic device includes an additional transaction host, the first access control identifier and the second access control identifier associated with the transaction host, the access control register storing a third access control identifier for the first peripheral associated with the additional transaction host and a fourth access control identifier for the second peripheral associated with the additional transaction host. The access controller is configured to receive an additional access request for access to the first peripheral by the additional transaction host; make an additional access determination for the first peripheral based on (a) an access request identifier identifying the additional transaction host and (b) the third access control identifier; and allow or prevent access to the first peripheral by the additional transaction host based on the additional access determination.

In some examples, the electronic device is a system on a chip (SoC).

Another aspect features a method including, in an electronic device including a transaction host, a first peripheral, a second peripheral, and an access control register, storing (a) a first access control identifier for the first peripheral and (b) a second access control identifier for the second peripheral in the access control register. A first access controller associated with the first peripheral receives a request to access the first peripheral by the transaction host. The first access controller makes an access determination to allow or prevent access to the first peripheral based at least on the first access control identifiers for the first peripheral, and allows or prevents access to the first peripheral based on the access determination.

In some examples, the method includes executing firmware, by the transaction host, to program at least one of the first and second access control identifiers based on an operating mode of the transaction host.

In some examples, the method includes executing firmware, by the transaction host, to dynamically program at least one of the first access control identifier for the first peripheral and the second access control identifier for the second peripheral between (a) a setting that allows access to the respective peripheral by the transaction host and (b) a setting that prevents access to the respective peripheral by the transaction host.

In some examples, the method includes executing firmware, by the transaction host, to program the first and second access control identifiers, including (a) for a privileged mode of the transaction host, setting both the first and second access control identifiers to an "access allowed" setting that allows access to both the first peripheral and the second peripheral by the transaction host; (b) for a first user mode operation of the transaction host to perform operations related to the first peripheral, setting the first access control identifier to the "access allowed" setting and setting the second access control identifier to an "access prevented" setting that prevents access to the second peripheral; and (c) for a second user mode operation of the transaction host to perform operations related to the second peripheral, setting the first access control identifier to an access prevented setting and setting the second access control identifier to an access allowed setting.

In some examples, the method includes making the access determination by the first access control identifier to allow or prevent access to the first peripheral based at least on (a) the first access control identifier for the first peripheral and (b) an operating mode signal indicating either a privileged mode of the transaction host or a user mode of the transaction host.

In some examples, the first access control identifier for the first peripheral and the second access control identifier for the second peripheral indicate either (a) a restricted access setting that prevents access to the respective peripheral in user mode of the transaction host, or (b) an open access setting that allows access to the respective peripheral in both privileged mode of the transaction host and user mode of the transaction host.

In some examples, the method includes executing firmware, by the transaction host, to dynamically program at least one of the first and second access control identifiers between the restricted access setting and the open access setting.

In some examples, making the access determination to allow or prevent access to the first peripheral comprises: (a) allowing access to the first peripheral if the peripheral-specific access control identifier for the first peripheral indicates the open access setting and the operating mode signal indicates the privileged mode of the transaction host; (b) allowing access to the first peripheral if the first access control identifier for the first peripheral indicates the open access setting and the operating mode signal indicates the user mode of the transaction host; (c) allowing access to the first peripheral if the first access control identifier for the first peripheral indicates the restricted access setting and the operating mode signal indicates the privileged mode of the transaction host; and (d) preventing access to the first peripheral if the first access control identifier for the first peripheral indicates the restricted access setting and the operating mode signal indicates the user mode of the transaction host.

In some examples, the method includes allowing programming of the first access control identifier in a privileged mode of the transaction host and preventing programming of the first access control identifier in a user mode of the transaction host.

Another aspect features a method including, in an electronic device including a transaction host, a first peripheral, a second peripheral, and an access control register, storing a first access control identifier for the first peripheral and a second access control identifier for the second peripheral in the access control register. The transaction host sets the first access control identifier and the second access control identifier to enable access to the first peripheral and the second peripheral, respectively, and the transaction host performs a privileged mode operation at a first time. The transaction host then sets (a) the first access control identifier to allow access to the first peripheral by the transaction host and (b) the second access control identifier to prevent access to the second peripheral by the transaction host, and performs a user mode operation with respect to the first peripheral at a second time.

In some examples, the transaction host sets (a) the first access control identifier to prevent access to the first peripheral by the transaction host and (b) the second access control identifier to allow access to the second peripheral by the transaction host, and performs a user mode operation with respect to the second peripheral at a third time.

Another aspect features an electronic device including a first peripheral, a second peripheral, a non-transitory memory, an access control register, a transaction host, a first access controller, and a second access controller. The non-transitory memory stores: (a) supervisor firmware including instructions for managing access control identifiers, (b) computer readable code including a first task related to the first peripheral, and (c) a first bit mask corresponding to the first task, the first bit mask indicating respective access settings for the first peripheral and the second peripheral for performing the first task. The access control register includes a first access control identifier for the first peripheral and a second access control identifier for the second peripheral. The transaction host is configured to execute the instructions for managing the access control identifiers in the supervisor firmware, to program the first and second access control identifiers in the access control register based on the first bit mask corresponding to the first task, and to execute the first task with respect to the first peripheral after programming the first and second access control identifiers in the access control register based on the first bit mask. The first access control identifier is configured to control access to the first peripheral at least based on the first access control identifier in the access control register programmed based on the first bit mask, and the second access control identifier is configured to control access to the second peripheral at least based on the second access control identifier in the access control register programmed based on the first bit mask.

In some examples, the electronic device is a system on a chip (SoC).

In some examples, the transaction host includes a processor or a direct memory access (DMA) engine.

In some examples, the first bit mask and the second bit mask are stored in a bit mask data structure in the non-transitory memory.

In some examples, the first bit mask includes one or more first bit mask bits indicating an access setting for the first peripheral to perform the first task and one or more second bit mask bits indicating an access setting for the second peripheral to perform the first task, and the first access control identifier includes one or more first access control bits and the second access control identifier includes one or more second first access control bits.

In some examples, the computer readable code includes a second task related to the second peripheral; the non-transitory memory stores a second bit mask corresponding to the second task, the second bit mask indicating the respective access settings for the first peripheral and the second peripheral to perform the second task; and the transaction host is configured to (a) execute the access control identifier management instructions in the supervisor firmware to maintain the first and second access control identifiers in the access control register based on the second bit mask associated with the second task, and (b) after programming the first and second access control identifiers in the access control register, execute the second task related to the second peripheral based on the second bit mask.

In some examples, the non-transitory memory includes a non-privileged portion storing the computer readable code including the first task and the second task, and a privileged portion storing the supervisor firmware including instructions for managing the access control identifiers and the first bit mask corresponding to the first task.

In some examples, the access controller receives an access request from the transaction host to access the first peripheral to perform the first task; makes an access determination for the first peripheral based at least on the first access control identifier programmed based on the first bit mask associated with the first task; and allows or prevents the transaction host from accessing the first peripheral based on the access determination.

In some examples, the first access control identifier makes the access determination for the first peripheral based at least on (a) the first access control identifier programmed by the transaction host based on the first bit mask corresponding to the first task and (b) an operating mode signal indicating either a privileged mode of the transaction host or a user mode of the transaction host.

In some examples, the first bit mask associated with the first task indicates that (a) the first task is associated with a peripheral access permission for the first peripheral and (b) the first task is not associated with a peripheral access permission for the second peripheral.

In some examples, the first bit mask corresponding to the first task indicates that (a) the first task is associated with a peripheral access permission to the first peripheral and (b) the first task is not associated with a peripheral access permission to the second peripheral. The access control identifier management instructions to program the first and second access control identifiers in the access control register based on the first bit mask prior to execution of the first task include (a) programming the first access control identifier to a value that allows access to the first peripheral during execution of the first task and (b) programming the second access control identifier to a value that prevents access to the second peripheral during execution of the first task. The first access control identifier is configured to allow access to the first peripheral during execution of the first task based on the access permission value of the first access control identifier, and the second access control identifier is configured to prevent access to the second peripheral during execution of the first task based on the access prevention value of the second access control identifier.

In some examples, the transaction host selectively operates in a privileged mode and a user mode; and the first bit mask corresponding to the first task indicates that (a) the first task is associated with a peripheral access permission to the first peripheral and (b) the first task is not associated with a peripheral access permission to the second peripheral. The access control identifier management instructions for programming the first and second access control identifiers in the access control register based on the first bit mask prior to execution of the first task include (a) programming the first access control identifier to an open access setting for the first peripheral that enables access to the first peripheral in both the privileged mode and the user mode of the transaction host; and (b) programming the second access control identifier to a restricted access value for the second peripheral that enables access to the second peripheral in privileged mode but not in user mode of the transaction host.

In some examples, the access control register is provided in a third peripheral.

Another aspect provides a method. The method includes in an electronic device having a transaction host, a first peripheral, a second peripheral, and an access control register that stores a first access control identifier for the first peripheral and a second access control identifier for the second peripheral, storing (a) computer readable code including a first task related to the first peripheral, and (b) a first bit mask corresponding to the first task, the first bit mask specifying respective access settings for the first peripheral and the second peripheral for performing the first task. The transaction host executes access control identifier management instructions prior to executing the first task to program the first and second access control identifiers in the access control register based on the first bit mask associated with the first task. After programming the first and second access control identifiers in the access control register based on the first bit mask, the transaction host executes the first task related to the first peripheral. During execution of the first task: a first access control identifier associated with the first peripheral device that controls access to the first peripheral device based at least on the first access control identifier in the access control register programmed based on the first bit mask, and a second access control identifier associated with the second peripheral device that controls access to the second peripheral device based at least on the second access control identifier in the access control register programmed based on the first bit mask.

In some examples, the method includes storing computer readable code including a second task related to the second peripheral and storing a second bit mask corresponding to the second task, the second bit mask indicating respective access settings for the first peripheral and the second peripheral to perform the second task. The transaction host, prior to executing the second task, executes the access control identifier management instructions to program the first and second access control identifiers in the access control register based on the second bit mask associated with the second task. After programming the first and second access control identifiers in the access control register based on the second bit mask, the transaction host executes the second task related to the second peripheral. During execution of the second task: the first access control identifier associated with the first peripheral controls access to the first peripheral based at least on the first access control identifier in the access control register programmed based on the second bit mask, and the second access control identifier associated with the second peripheral controls access to the second peripheral based at least on the second access control identifier in the access control register programmed based on the second bit mask.

In some examples, the first access controller controlling access to the first peripheral based at least on the first access control identifier programmed based on the first bit mask comprises: receiving an access request from the transaction host to access the first peripheral to perform the first task, making an access determination for the first peripheral based at least on the first access control identifier programmed based on the first bit mask, and allowing or preventing the transaction host from accessing the first peripheral based on the access determination.

In some examples, the method includes the first access control identifier making the access determination for the first peripheral based at least on (a) the first access control identifier programmed based on the first bit mask and (b) an operating mode signal indicating either a privileged mode of the transaction host or a user mode of the transaction host.

In some examples, the first bit mask corresponding to the first task indicates that (a) the first task is associated with a peripheral access permission for the first peripheral and (b) the first task is not associated with a peripheral access permission for the second peripheral. Executing the access control identifier management instructions to program the first and second access control identifiers in the access control register based on the first bit mask associated with the first task includes (a) programming the first access control identifier to a value that allows access to the first peripheral during execution of the first task and (b) programming the second access control identifier to a value that prevents access to the second peripheral during execution of the first task. During execution of the first task: the first access control identifier associated with the first peripheral allows access to the first peripheral based on the access permission value of the first access control identifier, and the second access control identifier associated with the second peripheral peripheral prevents access to the second peripheral based on the access prevention value of the second access control identifier.

In some examples, the transaction host selectively operates in a privileged mode and a user mode, and the first bit mask corresponding to the first task indicates that (a) the first task is associated with a peripheral access permission to the first peripheral and (b) the first task is not associated with a peripheral access permission to the second peripheral. Executing the access control identifier management instructions to program the first and second access control identifiers in the access control register based on the first bit mask associated with the first task comprises: (a) programming the first access control identifier to an open access value for the first peripheral that allows access to the first peripheral in both privileged mode and user mode of the transaction host, and (b) programming the second access control identifier to a restricted access value for the second peripheral that allows access to the second peripheral in privileged mode but not in user mode of the transaction host. During execution of the first task: the first access control identifier associated with the first peripheral allows access to the first peripheral in both the privileged mode and the user mode of the transaction host based on the access control identifier, and the second access control identifier associated with the second peripheral prevents access to the second peripheral in the privileged mode of the transaction host but not in the user mode of the transaction host based on the restricted access value of the second access control identifier.

SHORT DESCRIPTION OF THE DRAWINGS

• 1 eine beispielhafte elektronische Vorrichtung (z.B. einen SoC) gemäß einem Beispiel veranschaulicht, die Zugriffssteuerungsidentifikatoren verwendet, um den Zugriff auf Peripherien zu steuern;
• 2 zusätzliche Aspekte der beispielhaften elektronischen Vorrichtung aus 1 gemäß einem Beispiel veranschaulicht;
• 3 gemäß einem Beispiel eine andere elektronische Vorrichtung veranschaulicht, die Zugriffssteuerungsidentifikatoren verwendet, um den Zugriff auf Peripherien zu steuern;
• Die 4A-4D Schaltpläne von beispielhaften logischen Schaltungen zeigen, die gemäß einigen Beispielen in den jeweiligen Zugriffssteuerungen bereitgestellt werden;
• 5 ein Flussdiagramm eines Beispielverfahrens zur Steuerung des Zugriffs auf Peripherien in einer elektronischen Vorrichtung unter Verwendung von Zugriffssteuerungsidentifikatoren ist, die in einem Zugriffssteuerungsregister gespeichert sind;
• 6 ein Flussdiagramm eines Beispielverfahrens zur Steuerung des Zugriffs auf Peripherien in einer elektronischen Vorrichtung unter Verwendung eines ersten Beispielschemas für Zugriffssteuerungsidentifikatoren ist;
• 7 ein Flussdiagramm eines Beispiels für ein Verfahren zur Steuerung des Zugriffs auf Peripherien in einer elektronischen Vorrichtung unter Verwendung eines zweiten Beispiels für ein Zugriffssteuerungsidentifikator-Schema ist; und
• 8 ein Flussdiagramm eines Beispiels für ein Verfahren zur Steuerung des Zugriffs auf Peripherien in einer elektronischen Vorrichtung sowohl für Operationen im Privilegierungsmodus als auch für Operationen im Benutzermodus gemäß einem Beispiel ist;
• 9 ein Flussdiagramm eines beispielhaften Verfahrens zur Steuerung des Zugriffs auf Peripherien unter Verwendung einer aufgabenbezogenen Bitmaske ist.

Example aspects of the present disclosure are described below in connection with the figures, in which:

• 1 illustrates an example electronic device (e.g., a SoC) using access control identifiers to control access to peripherals, according to an example;
• 2 additional aspects of the exemplary electronic device of 1 illustrated by an example;
• 3 illustrates another electronic device that uses access control identifiers to control access to peripherals, according to an example;
• The 4A-4D show circuit diagrams of example logic circuits provided in the respective access controllers according to some examples;
• 5 is a flowchart of an example method for controlling access to peripherals in an electronic device using access control identifiers stored in an access control register;
• 6 is a flowchart of an example method for controlling access to peripherals in an electronic device using a first example access control identifier scheme;
• 7 is a flowchart of an example method for controlling access to peripherals in an electronic device using a second example access control identifier scheme; and
• 8 is a flowchart of an example method for controlling access to peripherals in an electronic device for both privilege mode operations and user mode operations, according to an example;
• 9 is a flowchart of an exemplary method for controlling access to peripherals using a task-related bit mask.

It is to be understood that the reference numerals for any illustrated element appearing in several different figures have the same meaning in all figures, and that mention or discussion of an illustrated element in the context of a particular figure also applies to any other figure in which the same illustrated element is shown.

DETAILED DESCRIPTION

1 illustrates, according to one example, an example electronic device 100 that uses access control identifiers to control access to peripherals, where the access control identifiers may be programmable, e.g., the respective access control identifiers may be set and/or updated over time. The electronic device 100 includes a transaction host 102, peripherals 104, access controllers 106, and an access control register 110 that stores access control identifiers 112. The components of the electronic device 100 may be interconnected via one or more types of communication connections 114, e.g., via buses, wires, or other types of connections. In some examples, the access controllers 106 may be coupled between a bus and the respective peripherals 104. Alternatively, they may be indirectly connected to the bus and operable to make access determinations for selected communications with the peripherals 104a-104n connected to the bus.

In some examples, the electronic device 100 is a system on a chip (SoC). In other examples, the electronic device 100 may be a multi-chip system that includes a transaction host 102 on one chip and peripherals 104 on one or more separate chips. The transaction host 102 may include any device capable of initiating the execution of tasks associated with the respective peripherals 104, e.g., accessing registers in the respective peripherals 104. The transaction host 102 may, for example, include a processor, e.g., a microprocessor, a microcontroller, a central processing unit (CPU), one or more processor cores, a direct memory access (DMA) engine, or another type of computer processor. As another example, the transaction host 102 may include a bridge connected to an external host 116 (e.g., a processor separate from the electronic device 100) to enable the external host 116 to access at least one peripheral 104.

Peripherals 104 (e.g., including input/output devices and/or other peripherals) may include any devices that provide input, output, or data storage functions for the electronic device 100, e.g., one or more PCI Express interfaces, Ethernet interfaces, USB interfaces, I2C (Inter-Integrated Circuit) interfaces, DMA (Direct Memory Access) controllers, interrupt controllers, analog-to-digital converters (ADCs), WI-FI interfaces, Bluetooth interfaces, Global System for Mobile Communications (GSM) interface, General Packet Radio Service (GPRS) interface, Global Positioning System (GPS) interface, 3G interface, 4G interface, 5G interface, Universal Asynchronous Receiver-Transmitter (UART), Controller Area Network Flexible Data-Rate (CAN-FD) interface, General-Purpose Input/Output (GPIO) interface, display device interface, modems, graphics processing unit (GPU) or coprocessor.

The electronic device 100 may include any number of peripherals 104. The 1 The exemplary electronic device 100 shown includes peripherals 104a-104n, but it is understood that the electronic device 100 may include any number of one or more peripherals.

The respective access controllers 106 may be connected to the respective peripherals 104 to control (eg, enable or prevent) access to the respective peripherals 104, eg, by the device drivers (firmware) executed by the transaction host 102. As described below with reference to 2 For example, as discussed above, the transaction host 102 may execute firmware to perform various tasks associated with the peripherals 104. For example, the transaction host 102 may execute device drivers corresponding to the respective peripherals 104a-104n to perform tasks (e.g., device driver tasks) associated with the respective peripherals 104a-104n. Access controls 106 may control (e.g., allow or prevent) access to the respective peripherals 104 for the tasks performed by the transaction host 102.

As shown, the electronic device 100 may include a respective access controller 106a-106n corresponding to a respective peripheral 104a-104n. For example, the first access controller 106a may be connected between the transaction host 102 and the first peripheral 104a to control access to the first peripheral 104a by the transaction host 102, the second access controller 106b may be connected between the transaction host 102 and the second peripheral 104b to control access to the second peripheral 104b by the transaction host 102, and so on. For example, the first access controller 106a may be assigned to a first task (e.g. associated with a first device driver associated with the first peripheral 104a) from accessing the first peripheral 104a and preventing a second task (e.g., associated with a second device driver associated with the second peripheral 104b) from accessing the first peripheral 104a. Similarly, the second access control 106b may allow the second task (associated with the second device driver associated with the second peripheral 104b) from accessing the second peripheral 104b and preventing the first task (associated with the first device driver associated with the first peripheral 104a) from accessing the second peripheral 104b.

The respective access controls 106a-106n may include electronic circuitry to control (e.g., allow or prevent) access to the respective peripherals 104a-104n by the transaction host 102 based on a respective access control identifier 112 stored in the access control register 110 and, in some alternative examples, additional access control input data. As discussed below, additional access control identifiers may include, for example, (a) an operating mode signal (OMS) 120 indicating an operating mode of the transaction host 102 and/or (b) an access control identifier (hereinafter referred to with reference to 3 discussed for an example with multiple transaction hosts 102) that identifies the respective transaction host 102 requesting access to a corresponding peripheral 104.

In some examples, the access control identifiers 112 (also referred to herein as "AC identifiers") stored in the access control register 110 include respective access control identifiers 112a-112n corresponding to the respective peripherals 104a-104n, including a first access control identifier 112a corresponding to the first peripheral 104a, a second access control identifier 112b corresponding to the second peripheral 104b, and so on. The respective access control identifiers 112a-112n for the respective peripherals 104a-104n may include one bit, multiple bits, or other data indicating an access setting for the respective peripherals 104a-104n. For example, the first access control identifier 112a may include one or more bits indicating an access setting for the first peripheral 104a, and the second access control identifier 112a may include one or more bits indicating an access setting for the second peripheral 104b. The access control register 110 may include a single register or multiple registers of any size, e.g., one or more 8-bit registers, 32-bit registers, or 64-bit registers.

As explained below with reference to 2 As explained, the transaction host 102 may program (e.g., set or update) the values of the respective access control identifiers 112a-112n before executing the respective tasks (e.g., firmware tasks) based on the peripheral access permissions assigned to the respective tasks. As explained further below, the electronic device 100 may store respective bit masks for the respective tasks that indicate the peripheral access permissions for the respective tasks, where a respective bit mask for a respective task indicates whether a respective task is assigned (or not assigned) a peripheral access permission for the respective peripherals 104a-104n. For example, the electronic device 100 may store a first bitmask for a first task indicating that the first task is assigned a peripheral access permission for the first peripheral 104a but is not assigned a peripheral access permission for the second peripheral 104b, and a second bitmask for a second task indicating that the second task is assigned a peripheral access permission for the second peripheral 104b but is not assigned a peripheral access permission for the first peripheral 104a. In some examples, peripheral access permissions may be assigned to a respective task (using a respective bitmask for the respective task) by a code developer (e.g., firmware developer), e.g., based on selected peripheral(s) that may be required or used by the respective task. In some examples, an access controller 106a-106n associated with the respective peripheral device 104a-104n makes access determinations for access to the respective peripheral device 104a-104n based on the access control identifiers 112a-112n associated with the respective peripheral device 104a-104n. In other examples, an access controller 106a-106n associated with a respective peripheral device 104a-104n makes access determinations for access to the respective peripheral device 104a-104n based on (a) the access controller identifier 112a-112n associated with the respective peripheral device 104a-104n and (b) an operating mode signal 120 indicating a current operating mode (e.g., privileged mode or user mode) of the transaction host 102.

In other examples, multiple transaction hosts 102 are provided, and a respective access controller 106a-106n associated with a respective peripheral device 104a-104n makes access determinations for access to the respective peripheral device 104a-104n by a requesting transaction host 102 (or the multiple transaction hosts 102) based on (b) a transaction host identifier identifying the requesting transaction host 102, and (b) a respective access control identifier 112a-112n associated with the peripheral device 104a-104n and the respective requesting transaction host 102 (e.g., wherein the access control register 110 for the respective transaction hosts 102 stores a respective set of access control identifiers 112a-112n for the peripherals 104a-104n). In other examples, multiple transaction hosts 102 are provided, and a respective access controller 106a-106n associated with a respective peripheral device 104a-104n makes access determinations for access to the respective peripheral device 104a-104n by a requesting transaction host 102 (or the multiple transaction hosts 102) based on (b) a transaction host identifier identifying the requesting transaction host 102 and (b) a respective access control identifier 112a-112n associated with the respective peripheral device 104a-104n and the requesting transaction host 102 (e.g., wherein the access control register 110 for the respective transaction hosts 102 includes a respective set of access control identifiers 112a-112n for the peripherals 104a-104n), and (c) an operating mode signal 120 indicating a current operating mode (e.g., a privileged mode or a user mode) of the requesting transaction host 102.

When the transaction host 102 attempts to access a particular peripheral 104, for example, the first peripheral 104a, the first access controller 106a may (a) receive an access request from the transaction host 102 for access to the first peripheral 104a; (b) access an access control identifier 112 for the first peripheral 104a from the access control register 110; (c) make an access determination based on the first access control identifier 112a (and, in some examples, additional access control input data); and (d) allow or prevent access to the first peripheral 104a by the transaction host 102 in response to the access determination.

1. (a) eine Einstellung (z.B. AC_ID-Wert=[0]), die den Zugriff auf die jeweilige Peripherie 104a-104n durch den Transaktions-Host 102 ermöglicht (z.B. Ausführen eines Gerätetreibers oder einer anderen Firmware) und
2. (b) eine Einstellung (z.B. AC_ID-Wert=[1]), die den Zugriff auf die jeweilige Peripherie 104a-104n durch den Transaktions-Host 102 verhindert (z.B. Ausführen eines Gerätetreibers oder einer anderen Firmware).

Tabelle 1. Schema der Zugriffssteuerungsidentifikatoren für das erste Beispiel. AC_ID-Wert Zugriff auf Peripherie zulassen? 0 (Zugriff ermöglicht) Ja 1 (Zugriff verhindert) Nein In a first example, as shown in Table 1 below, the respective access control identifiers 112a-112n are programmable between the following access control identifiers (AC_ID):

1. (a) a setting (eg AC_ID value=[0]) that enables access to the respective peripheral 104a-104n by the transaction host 102 (eg executing a device driver or other firmware) and
2. (b) a setting (eg AC_ID value=[1]) that prevents access to the respective peripheral 104a-104n by the transaction host 102 (eg executing a device driver or other firmware).

Table 1. Scheme of access control identifiers for the first example. AC_ID value Allow access to peripherals? 0 (access allowed) Yes 1 (access denied) No

In some examples, the respective access controller 106a-106n may store or have access to a lookup table (LUT) that includes the data of Table 1 that the respective access controller 106a-106n may access to make access determinations. In some examples, the respective access controller 106a-106n may store a corresponding LUT in memory 107, e.g., in a ROM device (where a corresponding instance of memory 107 may be provided in the respective access controllers 106a-106n or where the memory 107 may otherwise be accessible to the respective access controllers 106a-106n). In other examples, the respective access controller 106a-106n may implement the decisions set forth in Table 1 using appropriate instances of logic circuitry 108. As described below with reference to 4A For example, as discussed above, the respective access controller 106a-106n may include a logic circuit 108 having a NOT gate (or inverter) for processing an access control identifier input to the respective access controller 106a-106n. (In another example, the meaning of the AC_ID values may be reversed, e.g., AC_ID=0 indicates a setting where access is prevented and AC_ID=1 indicates a setting where access is allowed, and the NOT gate may be omitted.)

1. (a) vor der Einleitung von Aufgaben im privilegierten Modus, die sich auf ein beliebiges Peripheriegerät 104a-104n beziehen, kann der Transaktions-Host 102 die AC-Identifikatoren 112a-112n auf 0 programmieren (was dem Transaktions-Host 102 den Zugriff auf die Peripheriegeräte 104a-104n ermöglicht);
2. (b) vor der Einleitung von Aufgaben im Benutzermodus, die sich auf die erste Peripherie 104a beziehen, kann der Transaktions-Host 102 die AC-Identifikatoren 112a auf 0 und die AC-Identifikatoren 112b...112n auf 1 programmieren (was dem Transaktions-Host 102 den Zugriff auf die erste Peripherie 104a ermöglicht und den Zugriff auf die Peripheriegeräte 104b... 104n verhindert); und
3. (c) vor der Einleitung von Aufgaben im Benutzermodus in Bezug auf die zweite Peripherie 104b kann der Transaktions-Host 102 den AC-Identifikator 112b auf 0 und die AC-Identifikatoren 112a, 112c... 112n auf 1 programmieren (was dem Transaktions-Host 102 den Zugriff auf die zweite Peripherie 104b ermöglicht und den Zugriff auf die Peripherien 104a, 104c... 104n verhindert).

In the first example (ie, when implementing the scheme shown in Table 1), the transaction host 102 may execute appropriate firmware (eg, instructions 214 for managing access control identifiers provided in computer-readable supervisor code 206, eg, in the form of firmware ware, as in 2 described below) to dynamically program the access control identifiers 112a-112n according to the scheme described above, e.g., in real time, based on the current operating mode of the transaction host (e.g., a privileged mode or a user mode) and/or prior to initiating tasks related to a particular peripheral 104a-104n (e.g., using a device driver corresponding to a particular peripheral 104a-104n). For example:

1. (a) prior to initiating privileged mode tasks related to any peripheral device 104a-104n, the transaction host 102 may program the AC identifiers 112a-112n to 0 (which allows the transaction host 102 to access the peripheral devices 104a-104n);
2. (b) prior to initiating user mode tasks related to the first peripheral 104a, the transaction host 102 may program the AC identifiers 112a to 0 and the AC identifiers 112b...112n to 1 (which allows the transaction host 102 to access the first peripheral 104a and prevents access to the peripherals 104b...104n); and
3. (c) prior to initiating user mode tasks with respect to the second peripheral 104b, the transaction host 102 may program the AC identifier 112b to 0 and the AC identifiers 112a, 112c...112n to 1 (which allows the transaction host 102 to access the second peripheral 104b and prevents access to the peripherals 104a, 104c...104n).

In the first example, a respective access controller 106a-106n associated with a particular peripheral 104a-104n makes access determinations for accessing the particular peripheral 104a-104n based on the current value of the respective access control identifiers 112a-112n associated with the particular peripheral 104a-104n, e.g., without additionally requiring an operating mode signal indicating the current operating mode of the transaction host 102. For example, when the first access controller 106a associated with the first peripheral 104a receives an access request from the transaction host 102 to access the first peripheral 104a, the first access controller 106a accesses the respective AC identifier 112a associated with the first peripheral 104a and allows the transaction host 102 to access the first peripheral 104a based on the AC identifier 112a if the AC_ID value=0 and prevents the transaction host 102 from accessing the first peripheral 104a if the AC_ID value=1.

According to the scheme of the first example described above, in an example case, the transaction host 102 may perform a first task in user space related to the first peripheral 104a using a first peripheral device driver associated with the first peripheral 104a and may therefore program the access control identifier identifiers 112a to 0 (e.g., using access control identifier management commands 214 as in 2 shown) before executing the first task. When the first access controller 106a receives a request from the first peripheral device driver to access the first peripheral 104a, the first access controller 106a may access the AC identifier 112a and, in response to the value of the AC identifier 112a = 0, enable access to the first peripheral 104a. In another example, the transaction host 102 may perform a second task in user space related to the second peripheral 104b using a second peripheral driver associated with the second peripheral 104b, and therefore may program the AC identifier 112b to 0 to allow access to the second peripheral 104b and program the AC identifier 112a to 1 to prevent access to the first peripheral 104a. When the first access controller 106a receives a request from the second peripheral device driver to access the first peripheral 104a (e.g., an erroneous or malicious request from the second peripheral device driver), the first access controller 106a may access the AC identifiers 112a and, in response to the value of the AC identifiers 112a = 1, prevent access to the first peripheral 104a. In another example, the transaction host 102 may perform privileged tasks related to the first peripheral 104a or the second peripheral 104b (e.g., included in the supervisor firmware) and therefore program the AC identifier 112a to 0 or the AC identifier 112b to 0, respectively, before performing such privileged tasks, so as to enable access to the first peripheral 104a by the first peripheral device driver associated with the first peripheral 104a or the second peripheral device driver associated with the second peripheral 104b.

1. (a) eine offene Zugriffseinstellung (z.B. AC_ID-Wert=[0]), die den Zugriff auf die jeweilige Peripherie 104a-104n durch den Transaktions-Host 102 (z.B. Ausführen eines Gerätetreibers oder anderer Firmware) unabhängig vom aktuellen Betriebsmodus (z.B., privilegierter Modus oder Benutzermodus) des Transaktions-Hosts 102 ermöglicht, und
2. (b) eine eingeschränkte Zugriffseinstellung (z.B. AC_ID-Wert=[1]), die den Zugriff auf die jeweilige Peripherie 104a-104n durch den Transaktions-Host 102 (z.B. Ausführen eines Gerätetreibers oder einer anderen Firmware) nur im privilegierten Modus des Transaktions-Hosts 102 ermöglicht.

Tabelle 2. Schema der Zugriffssteuerungsidentifikatoren für das zweite Beispiel. AC_ID-Wert Transaktions-Host Betriebsmodus Zugriff auf Peripherie ermöglichen? 0 (offener Zugriff) 0 (Benutzermodus) Ja 0 (offener Zugriff) 1 (privilegierter Modus) Ja 1 (eingeschränkter Zugriff) 0 (Benutzermodus) Nein 1 (eingeschränkter Zugriff) 1 (privilegierter Modus) Ja In a second example, as shown in Table 2 below, each access control identifier 112a-112n is programmable between the following access control identifier (AC_ID) values:

1. (a) an open access setting (e.g., AC_ID value=[0]) that allows access to the respective peripheral 104a-104n by the transaction host 102 (e.g., executing a device driver or other firmware) regardless of the current operating mode (e.g., privileged mode or user mode) of the transaction host 102, and
2. (b) a restricted access setting (eg, AC_ID value=[1]) that allows access to the respective peripheral 104a-104n by the transaction host 102 (eg, executing a device driver or other firmware) only in the privileged mode of the transaction host 102.

Table 2. Scheme of access control identifiers for the second example. AC_ID value transaction host operating mode Enable access to peripherals? 0 (open access) 0 (user mode) Yes 0 (open access) 1 (privileged mode) Yes 1 (limited access) 0 (user mode) No 1 (limited access) 1 (privileged mode) Yes

In some examples, the respective access controller 106a-106n may store or have access to a LUT that includes the data of Table 2 that the respective access controller 106a-106n may access to make access determinations. In some examples, the respective access controller 106a-106n may store a respective LUT in a respective device of the memory 107, e.g., a read-only memory (ROM) (where a device of the memory 107 may be provided in the respective access controllers 106a-106n or the memory 107 may otherwise be accessible to the respective access controllers 106a-106n). In other examples, the respective access controller 106a-106n may implement the decisions set forth in Table 2 using an appropriate logic circuit 108. As described below with reference to 4B For example, as explained, the respective access controller 106a-106n may include a logic circuit 108 having a NOT gate and an OR gate for processing an access control identifier input to the respective access controller 106a-106n.

1. (a) um Aufgaben in Bezug auf die erste Peripherie 104a zu initiieren (unabhängig vom Betriebsmodus des Transaktions-Hosts 102), kann der Transaktions-Host 102 die AC-Identifikatoren 112a auf 0 und die AC-Identifikatoren 112b, 112c... 112n auf 1 programmieren (was dem Transaktions-Host 102 den Zugriff auf die erste Peripherie 104a sowohl im privilegierten Modus als auch im Benutzermodus des Transaktions-Hosts 102 ermöglicht, wie unten beschrieben, während dem Transaktions-Host 102 den Zugriff auf die Peripherie 104b, 104c... 104n im Benutzermodus des Transaktions-Hosts 102 verhindert wird); und
2. (b) um Aufgaben im Zusammenhang mit der zweiten Peripherie 104b zu initiieren (unabhängig vom Betriebsmodus des Transaktions-Hosts 102), kann der Transaktions-Host 102 die AC-Identifikatoren 112b auf 0 und die AC-Identifikatoren 112a, 112c... 112n auf 1 programmieren (was dem Transaktions-Host 102 den Zugriff auf die zweite Peripherie 104b sowohl im privilegierten Modus als auch im Benutzermodus des Transaktions-Hosts 102 ermöglicht, wie unten beschrieben, während der Transaktions-Host 102 den Zugriff auf die Peripherie 104a, 104c... 104n im Benutzermodus des Transaktions-Hosts 102 verhindert).

In the second example (ie, implementing the scheme shown in Table 2), the transaction host 102 may execute appropriate firmware (eg, the firmware described in 2 shown commands for managing the access control identifiers 214) to dynamically program the access control identifiers 112a-112n according to the scheme described above, e.g. in real time, based on the current operating mode of the transaction host (e.g., a privileged mode or a user mode) and/or to initiate tasks related to a particular peripheral 104a-104n (e.g., using a device driver associated with a particular peripheral 104a-104n). For example:

1. (a) to initiate tasks related to the first peripheral 104a (regardless of the operating mode of the transaction host 102), the transaction host 102 may program the AC identifiers 112a to 0 and the AC identifiers 112b, 112c... 112n to 1 (which allows the transaction host 102 to access the first peripheral 104a in both the privileged mode and the user mode of the transaction host 102, as described below, while preventing the transaction host 102 from accessing the peripherals 104b, 104c... 104n in the user mode of the transaction host 102); and
2. (b) to initiate tasks related to the second peripheral 104b (regardless of the operating mode of the transaction host 102), the transaction host 102 may program the AC identifiers 112b to 0 and the AC identifiers 112a, 112c...112n to 1 (which allows the transaction host 102 to access the second peripheral 104b in both the privileged mode and the user mode of the transaction host 102, as described below, while the transaction host 102 prevents access to the peripherals 104a, 104c...104n in the user mode of the transaction host 102).

In the second example, a respective access controller 106a-106n associated with a particular peripheral 104a-104n makes access determinations for access to the particular peripheral 104a-104n based on (a) the current value of the respective access control identifier 112a-112n associated with the particular peripheral 104a-104n and (b) an operating mode signal 120 indicating an operating mode (privileged mode or user mode) of the transaction host 102. For example, if the first access controller 106a associated with the first peripheral 104a makes a Request from transaction host 102 to access first peripheral 104a, first access controller 106a accesses (a) identifier 112a associated with first peripheral 104a and (b) operation mode signal 120 and determines whether to allow transaction host 102 to access first peripheral 104a based on the schema defined in Table 2. Specifically, first access controller 106a determines to allow transaction host 102 to access first peripheral 104a only if both (a) AC_ID value = 1 (restricted access setting) and (b) operation mode signal value = 0 (user mode).

According to the scheme of the second example described above, in an example case, the transaction host 102 may initiate user mode tasks with respect to the first peripheral 104a and therefore program the AC identifier 112a to 0 to initiate such tasks. When the first access controller 106a receives a request from the driver of the first device for the peripheral to access the first peripheral 104a, the first access controller 106a may (a) access the AC identifier 112a; (b) access the operating mode signal 120; (c) make an access determination to allow the first peripheral device driver to access the first peripheral 104a if the operation mode signal 120 indicates either the user mode (operation mode signal value=0) or the privileged mode (operation mode signal value=1), and otherwise prevent the first peripheral device driver from accessing the first peripheral 104a; and (d) allow or prevent the first peripheral device driver from accessing the first peripheral 104a based on the access determination.

In another example, the transaction host 102 may initiate user mode tasks with respect to the second peripheral 104b using a second peripheral device driver associated with the second peripheral device 104b, thereby programming the AC identifier 112b to 0 (i.e., open access to the second peripheral device 104b) and programming the AC identifier 112a to 1 (i.e., restricted access to the first peripheral device 104a). When the first access controller 106a receives a request from the driver of the second peripheral device to access the first peripheral device 104a, the first access controller 106a may (a) access the AC identifier 112a; (b) access the operating mode signal 120; and (c) make an access determination to allow or prevent access to the first peripheral 104a by the second peripheral driver, in particular, determining that access is allowed when the operating mode signal 120 indicates the privileged mode (operating mode signal value=1) and determining that access is prevented when the operating mode signal 120 indicates the user mode (operating mode signal value=0); and (d) allowing or preventing access to the first peripheral 104a by the second peripheral driver based on the access determination.

As in 1 As shown, the respective access controller 106a-106n may receive as inputs (a) an access request (ACR) for a respective peripheral 104a-104n, (b) a respective AC identifier 112a-112n, and (optionally) (c) an operating mode signal 120, and process the received inputs to make an access determination for the respective peripheral 104a-104n. For simplicity, the access request (ACR in the 1-2 and TH_id in 3 ) and the optional operating mode signal (120 in the 1-2 and 120a-120n in 3 ) in the 1-3 illustrated as being transmitted only to access controller 106a; it is understood that access requests and optional operating mode signals may be similarly transmitted to access controllers 106b-106n for operations related to the respective access controllers 106b-106n.

As described above, in some examples, the respective access controllers 106a-106n of the electronic device 100 may include (or access) a corresponding lookup table (LUT) stored in the memory 107 (e.g., ROM) that defines a corresponding access determination for each AC_ID value (e.g., according to the scheme defined in Table 1 above) or defines a corresponding access determination for each combination of AC_ID value and operating mode signal value (e.g., according to the scheme defined in Table 2 above). In other examples, e.g., as explained below, 4A and 4B As shown, the respective access controller 106a-106n may comprise a logic circuit 108 including one or more logic gates, e.g., a NOT gate (e.g., for implementing the scheme defined in Table 1 above) or a NOT gate and an OR gate (e.g., for implementing the scheme defined in Table 2 above).

In some examples, the electronic device 100 may include AC identifier programming firmware that may be executed by the transaction host 102 to dynamically program one, some, or all of the AC identifiers 112a-112n, e.g., based on an operating mode of the transaction host and/or based on a respective peripheral 104a-104n selected for access (referred to herein as access-requested peripheral 104a-104n), e.g., to perform tasks with respect to the respective peripheral 104a-104n. In addition, in some examples, as described below with reference to 2 discussed, the access control register 110 is provided in a dedicated peripheral that (like the peripherals 104a-104n) can also be access controlled by a corresponding access controller, e.g., the access control identifier programming firmware can only access the access control register 110 in a privileged mode of the transaction host 102 (e.g., for programming the access control identifiers 112a-112n) and not in a user mode of the transaction host 102.

2 illustrates additional features and aspects of the electronic device (eg, a SoC) 100 of 1 according to one example. As described above, the electronic device 100 includes the transaction host 102, the peripherals 104a-104n, the access controllers 106a-106n, and the access control register 110 that stores the access control identifiers 112a-112n. The components of the electronic device 100 may be interconnected via one or more types of communication connections 114, such as buses, wires, or other types of connections. As described above, the respective access controller 106a-106n uses the respective access control identifiers 112a-112n (and optionally additional input data) to control access to the respective peripherals 104a-104n, e.g., based on an operating mode (e.g., privileged mode or user mode) of the transaction host 102 and/or based on the peripheral 104a-104n to be accessed (i.e., the peripheral 104a-104n for which access is requested). The access controller 106a-106n may implement any of the various example schemes described above, e.g., using the access control identifier scheme described in Table 1 or Table 2.

As in 2 As shown, the access control register 110 including the access control identifiers 112a-112n may be provided in a dedicated peripheral 104ac, and the corresponding access controller 106ac may be provided to control access to the peripheral 104ac, e.g., similar to the access controller 106a-106n controlling access to the peripherals 104a-102n. For example, the access controller 106ac may control access to the peripheral 104ac based on an operating mode signal 120 from the transaction host 102 and (optionally) a corresponding AC identifier 112ac. In some examples, the access controller 106ac may control access to the peripheral 104ac based on the operating mode signal 120 of the transaction host 102. In other examples, access controller 106ac may operate similarly to access controller 106a-106n, e.g., based on a corresponding AC identifier 112ac and/or an operating mode signal 120 and using an access control identifier scheme as described in Table 1 or Table 2 above.

As in 2 As shown, the electronic device 100 may also include a non-transitory memory 202 in which various firmware and other data are stored. The non-transitory memory 202 (also referred to as memory 202) may include one or more read-only memories (ROM), such as flash ROM, erasable programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), flash memory, or any other suitable type and number of storage device(s).

As shown, the memory 202 may include a privileged area 202a and a non-privileged area (or user area) 202b. The non-privileged area 202b may store computer-readable user space code 208, e.g., in the form of firmware, e.g., device drivers associated with the respective peripherals 104a-104n and/or other user space firmware. The user space code (e.g., the user space firmware) 208 may include functions that need or can access only selected resources (e.g., selected peripherals 104a-104n). For example, the user space code 208 may include device drivers or other firmware that include corresponding tasks 220a-220n that require or may utilize access to selected peripherals 104a-104n, e.g., to access data stored in corresponding registers 214a-214n provided in the corresponding peripherals 104a-104n. For example, device drivers that typically operate as supervisor firmware may operate as user space firmware that only has access to selected resources (e.g., selected peripherals 104a-104n) to provide enhanced security, as described herein.

The privileged area 202a may store the supervisor code (eg, the supervisor firmware) 206 and a bit mask data structure 230. The bit mask data structure 230 may include bit masks 232a-232n corresponding to the tasks 230a-230n, respectively, wherein a respective bit mask 232n for a respective task 230n contains the respective access settings for the respective peripherals 104a-104n. , e.g. whether the respective task 230n is assigned a peripheral access authorization for the respective peripherals 104a-104n. In 2 For example, the bit mask 232a of task 1 associated with "Task 1" 220a may indicate that "Task 1" 220a is associated with a peripheral access permission for the first peripheral 104a but not for the second peripheral 104b; and the bit mask 232b of task 2 associated with "Task 2" 220b may indicate that "Task 2" 220b is associated with a peripheral access permission for the second peripheral 104b but not for the first peripheral 104a.

In some examples, a corresponding bit mask 232a-232n for a corresponding task 220a-220n may include one or more bits (also referred to herein as "bit mask bits") or other data indicating whether the corresponding task 220a-220n is associated with a peripheral access permission for the corresponding peripherals 104a-104n. For example, the bit mask 232a of task 1 associated with "task 1" 220a may include one or more first bit mask bits or other data indicating that the "task 1" 220a is assigned to the first peripheral 104a and one or more second bit mask bits or other data indicating that the "task 1" 220a is not assigned to the second peripheral 104b.

The supervisor code (e.g., supervisor firmware) 206 may include a scheduler 212 and instructions for managing the access control identifiers 214. The scheduler 212 is executed by the transaction host 102 to manage the execution of user space code (e.g., user space firmware) 208, including, for example, tasks 220a-220n. The access control identifier management instructions 214 may be executed by the transaction host 102 to (a) access the bit masks 232a-232n and (b) program the values of the access control identifiers 112a-112n in the access control register 110 based on the respective bit masks 232a-232n corresponding to the respective tasks 220a-220n to be performed. In some examples, e.g., certain implementations of the first example of access control identifiers described above (see Table 1), the transaction host 102 may use the bit masks 232a-232n for user mode operations (e.g., for performing the respective tasks 220a-220n in a user mode), but not for privileged mode operations (e.g., for performing the respective tasks 220a-220n in a privileged mode). (In other implementations of the first example of access control identifiers (see Table 1), the transaction host 102 may use the bit masks 232a-232n for both user mode and privileged mode operations.)

For example, prior to executing "Task 1" 220a, transaction host 102 may execute access control identifier management instructions 214 to program the values of access control identifiers 112a-112n in access control register 110 based on task 1 bit mask 232a and/or based on the mode of operation (e.g., privileged mode or user mode) of transaction host 102. An example implementation is provided in accordance with both the first example of access control identifiers described above (see Table 1) and the second example of access control identifiers described above (see Table 2).

Example 1: First Example of Access Control Identifier Scheme (Table 1). According to the first example of the access control identifier scheme described above (see Table 1), the transaction host 102 may use the bit mask 232a for executing "Task 1" 220a in a user mode, but not for executing "Task 1" 220a in a privileged mode. For example, prior to executing "Task 1" 220a in a user mode, the transaction host 102 may execute access control identifier management commands 214 to (a) identify that "Task 1" 220a is to be executed in the user mode of the transaction host 102, (b) access the first bit mask 232a indicating that "Task 1" 220a is assigned a peripheral access permission for the first peripheral 104a but not for the second peripheral 104b, and (c) based on the first bit mask 232a and the current operating mode (user mode), program the first access control identifier 112a to an enabled access value (AC_ID value=0) that allows access to the first peripheral 104a during execution of "Task 1." 220a in user mode, and (b) program the second access control identifier 112b to a prevented access value (AC_ID value=0) that prevents access to the second peripheral 104b during execution of “Task 1” 220a in user mode. In contrast, prior to executing "Task 1" 220a, in a privileged mode (under the first example of the access control identifier scheme shown in Table 1 above), the transaction host 102 may execute access control identifier management instructions 214 to program both the first access control identifier 112a and the second access control identifier 112b to the enabled access value (AC_ID value=0) that allows access to both the first peripheral 104a and the second peripheral 104b during the execution. execution of "Task 1" 220a in privileged mode. In this situation, the transaction host 102 may ignore the bit mask 232a for Task 1 since all peripherals 104a-104n should be accessible for privileged mode operations.

As previously mentioned, in other examples using the first example of an access control identifier (see Table 1), the transaction host 102 may use the bit masks 232a-232n for both user mode and privileged mode operations.

Example 2: second example of an access control identifier (Table 2). In the second example of access control identifiers described above (see Table 2), prior to executing “Task 1” 220a (either in user mode or privileged mode), transaction host 102 may execute control bit management instructions 214 to (a) program first access control identifier 112a for first peripheral 104a to an open access setting (AC_ID value=0) that allows access to first peripheral 104a in both a privileged mode and a user mode of transaction host 102, and (b) program second access control identifier 112b to a restricted access setting (AC_ID value=1) for second peripheral 104b that allows access to second peripheral 104b in a privileged mode but not in a user mode of the transaction host 102.

3 illustrates another example of an electronic device 300 that uses programmable access control identifiers to control access to peripherals, according to one example. The electronic device 300 is generally similar to the electronic device 100 described above, but includes, in addition to the peripherals 104a-104n and 104ac, a plurality of transaction hosts 102a-102n, access controllers 106a-106n and 106ac, and an access control register 110 within the peripheral 104ac in which access control identifiers 112 are stored. The components of the electronic device 100 may be interconnected via one or more types of communication connections 114, e.g., via buses, wires, or other types of connections.

The respective access controllers 106a-106n and 106ac may use the respective access control identifiers 112 (and optionally additional input data) to control access to the respective peripherals 104a-104n and 104ac, e.g., based on (a) the peripheral 104a-104n making the access operable, (b) the respective transaction host 102a-102n requesting access to the peripheral 104a-104n making the access operable (referred to herein as an access-requesting transaction host 102a-102n), and (b) an operating mode signal 120a 120n (e.g., privileged mode or user mode) of the access-requesting transaction host 102a-102n.

The access control register 110 may store an access control identifier array 113 including a respective set of access control identifiers 112 for the respective transaction hosts 102a-102n, wherein the set of access control identifiers 112 for the respective transaction host 102a-102n includes a respective access control identifier 112 for the respective peripherals 104a-104n and (optionally) for peripheral 104ac. The following Table 3 shows an example of an AC identifier array 113 for multiple transaction hosts 102a-102n and multiple peripherals 104a-104n and 104ac.

Table 3. Example of an AC identifier array 113 for an electronic device 300 having multiple transaction hosts 102a-102n and multiple peripherals 104a-104n and 104ac. periphery transaction host 104a 104b 104c ... 104n 104ac 102a 1 1 1 ... 1 1 102b 1 0 1 ... 1 1 ... ... ... ... ... ... ... 102n 1 1 1 1 1

The values of the AC identifiers 112 in the AC identifier array 113 may be used by the respective access controllers 106a-106n and 106ac to determine access to the respective peripherals 104a-104n and 104ac by the respective transaction hosts 102a-102n.

In one example, the values of the AC identifiers 112 in the AC identifiers array 113 may indicate a status that allows (AC_ID value=0) or prevents (AC_ID value=1) access, e.g. as described above in Table 1. In such an example, when an access requesting transaction host 102a-102n attempts to access an access requesting peripheral 104a-104n or 104ac, the access controller 106a-106n or 106ac associated with the access requesting peripheral 104a-104n or 104ac may (a) receive an access request from the access requesting transaction host 102a-102n that includes an identifier of the transaction host 10 (TH_id), (b) identify from the AC identifier array 113 stored in the access control register 110 the value of the AC identifier 112 associated with the access requesting transaction host 102a-102n (based on the received TH_id) and the access requesting peripheral 104a-104n or 104ac, and (c) make an access determination to allow or prevent access to the access-requesting peripheral 104a-104n or 104ac by the access-requesting transaction host 102a-102n based on the identified AC identifier 112 (ie, allowing access if the AC_ID value=0 and preventing access if the AC_ID value=1), and (d) allowing or preventing access to the peripheral 104a-104n or 104ac that requested access based on the access determination.

In another example, the values of the AC identifiers 112 in the AC identifiers array 113 may indicate an open access status (AC_ID value=0) or a restricted access status (AC_ID value=1), e.g., as described above in Table 2. In such an example, when a transaction host 102a-102n attempts to access a peripheral 104a-104n or 104ac, the access controller 106a-106n or 106ac associated with the peripheral 104a-104n or 104ac may (a) receive an access request including a TH_id from the transaction host 102a-102n requesting access; (b) receive a corresponding operating mode signal 120a-120n from the access requesting transaction host 102a-102n indicating the operating mode (privileged mode or user mode) of the access requesting transaction host 102a-102n; (c) identify the value of the access control identifier 112 associated with the access requesting transaction host 102a-102n (based on the received TH_id) and the access requesting peripheral 104a-104n or 104ac from the AC identifier array 113 stored in the access control register 110; (d) make an access determination to allow or prevent access to the access-requesting peripheral 104a-104n or 104ac by the access-requesting transaction host 102a-102n based on the value of the identified AC identifier 112 and the operating mode of the access-requesting transaction host 102a-102n, e.g., according to the scheme discussed above with respect to Table 2; and (e) allow or prevent access to the requested peripheral 104a-104n or 104ac based on the access determination.

As discussed above, in some examples, the respective access controllers 106a-106n of the electronic device 100 may include a corresponding instance of the memory 107 in which a look-up table (LUT) is stored, or may alternatively include a corresponding instance of the logic circuit 108 to implement the access determination scheme defined in Table 1 or Table 2.

Regarding the latter, the 4A-4D Circuit diagrams of examples of logic circuits 108 provided in the respective access controllers 106a-106n (and optionally the access controller 106ac) according to some examples.

First, the 4A and 4B exemplary logic circuits 108 for an exemplary electronic device having a transaction host 102, e.g., those shown in the 1 and 2 exemplary electronic device 100 shown.

4A shows an exemplary logic circuit 108a according to the first example described above, ie, the implementation of the access control identifier shown in Table 1. The logic circuit 108a comprises a NOT gate (or inverter) 402 that inverts the value of the respective access control identifier 112 and outputs a value defining an access determination.

4B shows an exemplary logic circuit 108b according to the second example described above, ie the implementation of the scheme shown in Table 2 above for the access control identifiers. The logic circuit 108b comprises a NOT gate (or inverter) 402 which inverts the value of the respective access control identifier 112 and an OR gate 404 which processes the value output by the NOT gate 402 together with the operating mode signal 120 and outputs a value defining an access determination.

Next, the 4C and 4D an exemplary logic circuit 108 for an electronic device having multiple transaction hosts 102, e.g., the one in 3 shown electronic device 300.

4C shows an exemplary logic circuit 108c according to the first example described above, i.e., implementing the access control identifier scheme shown in Table 1, with multiple transaction hosts 102. The logic circuit 108c includes a multiplexer (MUX) 406 that receives (a) values of AC identifiers 112 for the respective transaction hosts 102 and (b) an access request identifier (TH_id) identifying a respective transaction host 102 requesting access to a respective peripheral 104, and selects the value of the AC identifiers 112 associated with the respective transaction host 102 in response to the access request identifier (TH_id), the selected AC_ID value being passed to a NOT gate (or inverter) 402 that inverts the AC_ID value and outputs a value that an access provision is defined.

In other examples, the meaning of the example AC_ID values listed in Table 1, Table 2, and/or Table 3 may be reversed, with AC_ID=0 indicating a setting where access is prevented or restricted and AC_ID=1 indicating a setting where access is allowed or open. In such examples, NOT gate (inverter) 402 may be configured in the manner shown in the 4A-4D illustrated logic circuit 108a-108d can be omitted.

4D shows an exemplary logic circuit 108d according to the second example described above, i.e., the implementation of the access control identifier as shown in Table 2. The logic circuit 108d includes a multiplexer (MUX) 406 that receives (a) values of AC identifiers 112 for the respective transaction hosts 102 and (b) an access request identifier (TH_id) identifying a respective transaction host 102 requesting access to a respective peripheral 104, and selects the value of the respective AC identifier 112 associated with the respective transaction host 102 in response to the access request identifier (TH_id), with the selected AC_ID value being passed to a NOT gate 402 which inverts the AC_ID value. The logic circuit 108d further includes an OR gate 404 that processes the value output by the NOT gate 402 together with the operating mode signal 120 of the respective transaction host 102 and outputs a value that defines an access determination.

5 is a flowchart of an example method 500 for controlling access to peripherals in an electronic device that includes a transaction host, a first peripheral, a second peripheral, and an access control register. In some examples, the electronic device may be the electronic device 100 described above or the electronic device 300. At 502, a first access control identifier for the first peripheral and a second access control identifier for the second peripheral are stored in the access control register. The first access control identifier and the second access control identifier may, for example, be programmed by the transaction host prior to execution of a corresponding task (e.g., a device driver task), e.g., based on an operating mode of the transaction host and/or based on a corresponding peripheral (e.g., the first peripheral, the second peripheral, or another peripheral) to be accessed to execute the corresponding task.

At 504, during execution of the respective task, the first access controller associated with the first peripheral receives a request from the transaction host for access to the first peripheral. For example, the transaction host may execute a device driver task corresponding to the first peripheral. In some examples, the transaction host request optionally includes an operating mode signal indicating a privileged mode or a user mode of the transaction host.

At 506, the first access control identifier accesses the first access control identifier for the first peripheral from the access control register. At 508, the first access controller performs an access determination to alternately enable or prevent access to the first peripheral by the transaction host based at least on the accessed first access control identifiers for the first peripheral, e.g. using a corresponding LUT stored in memory or using a corresponding logic circuit, e.g. as in one of the 4A-4D For example, the first access control identifier may perform an access determination according to the access control identifier scheme described above in Table 1. In some examples, the first access control may also optionally receive the operating mode signal (see above at 504) as further input for the access determination. For example, the first access control identifier may make an access determination according to the access control identifier scheme described above in Table 2 based on the first access control identifier and the operating mode indicated by the optional operating mode signal.

At 510, the first access controller allows or prevents access to the first peripheral based on the access determination. For example, to prevent access to the first peripheral, the first access controller may force a "chip select" signal (also referred to as a "peripheral select" signal) associated with the requested transaction from value=1 (indicating that the first peripheral is targeted/selected) to value=0 (indicating that the first peripheral is not targeted/selected) such that the first peripheral ignores the transaction. Alternatively, to allow access to the first peripheral, the first access controller may leave the value of the chip select signal unchanged (value=1) such that the first peripheral processes the transaction, or force the chip select signal associated with the requested transaction from value=0 to value=1. (In alternative examples, other chip select signal values may be defined to indicate whether a respective peripheral is targeted/selected. For example, a system may define that the value of the chip select signal value=0 indicates that a peripheral is targeted/selected, while the value of the chip select signal value=1 indicates that the peripheral is not targeted/selected.)

6 is a flowchart of an example method 600 for controlling access to peripherals in an electronic device that includes a transaction host, a plurality of peripherals, and access control identifiers (AC identifiers) for the plurality of peripherals. In some examples, the electronic device may be electronic device 100 or electronic device 300 described above, and method 600 may correspond to the access control identifier scheme described above in Table 1.

At 602, the transaction host programs the AC identifiers for the various peripherals, e.g., based on a scheduled operation of the transaction host. In this example, for privileged mode operations, the transaction host sets the AC identifiers for the respective peripherals to an access-controlled setting (AC_ID value=0) that allows the transaction host to access the respective peripherals. In some examples, the transaction host may execute access control identifier management commands provided in the supervisor firmware to access and program the AC identifiers. In some examples, the transaction host may disregard the bit masks when setting the AC identifiers for privileged mode operations because all peripherals are intended to be accessible during privileged mode operations.

At 604, the transaction host operates in privileged mode, e.g., by executing the corresponding supervisor code, e.g., the supervisor firmware. At 606, while the transaction host operates in privileged mode, the respective access controls corresponding to the respective peripherals of the multiple peripherals enable access to the respective peripherals based on the access-enabled setting (AC_ID value=0) of the respective AC identifiers for the respective peripherals, e.g., using a respective LUT stored in memory or using a respective logic circuit, e.g., as in 4A (scenario with a transaction host) or 4C (multiple transaction host scenario) is shown.

At 608, while the transaction host is operating in privileged mode (with AC identifiers programmed to 0), supervisor firmware executing the transaction host identifies a corresponding task related to a selected peripheral ("Peripheral N") to be executed in a user mode. At 610, prior to executing the respective task related to Peripheral N, the transaction host accesses a bit mask associated with the respective task that has access settings for multiple peripherals (including Peripheral N) to perform the respective task, and programs the AC identifiers for the multiple peripherals based on the respective bit mask. In this example, the transaction host (a) programs the AC identifier for peripheral N to an access-enabled setting (AC_ID value=0), which allows access to peripheral N during execution of its respective user-mode task, and (b) programs the AC identifiers for the other peripherals of the multiple peripherals to an access-denied setting (AC_ID value=1), which prevents access to each respective peripheral during execution of its respective user-mode task.

At 612, the transaction host transitions from privileged mode to a user mode and executes the respective task with respect to peripheral N. To execute the respective task with respect to peripheral N, the access control corresponding to peripheral N at 614 enables access to peripheral N (e.g., access to registers in peripheral N) based on the access enabled setting (AC_ID value=0) of the AC identifier for peripheral N (as programmed based on the respective bit mask associated with the respective task), e.g., using a corresponding LUT stored in memory or using a corresponding logic circuit, e.g., as in 4A (scenario with a transaction host) or 4C (multiple transaction host scenario). When the transaction host attempts to access one of the other peripherals, the access control corresponding to the respective other peripheral prevents access to the other peripheral based on the access prevention setting (AC_ID value=1) of the respective AC identifier for the other peripheral, e.g. using the respective LUT or logic circuit as shown in 4A or 4C shown.

At 616, the transaction host completes the respective task related to peripheral N. At 618, the transaction host may identify a next transaction host activity to perform in user mode. For example, as indicated at 620, if the supervisor firmware executed by the transaction host identifies a next peripheral-related task (related to the same peripheral or a different peripheral) to perform in user mode, the method may return to 610, where the transaction host programs the AC identifiers accordingly for execution of the next task (e.g., based on a bit mask associated with the next task). As another example, if the supervisor firmware executing the transaction host indicates that supervisor or privileged operations are to be performed, the method may return to 602, where the transaction host may (optionally) program the AC identifiers for the plurality of peripherals to the "access enabled" setting (AC_ID value=0) (e.g., without regard to the respective bit masks) to enable access to the respective peripherals by the transaction host during supervisor or privileged operations, as described above. In some examples or situations, it may be unnecessary to program the AC identifiers for supervisor or privileged operations (since the transaction host executing the supervisor code may have access to all registers), and thus programming the AC identifiers at 602 may be omitted or optional.

7 is a flowchart of an example method 700 for controlling access to peripherals in an electronic device that includes a transaction host, a plurality of peripherals, and an access control identifier (AC identifier) for the plurality of peripherals. In some examples, the electronic device may be electronic device 100 or electronic device 300 described above, and method 700 may correspond to the access control identifier scheme described above in Table 2.

At 702, the transaction host programs the AC identifiers for the various peripherals, e.g., based on a scheduled operation of the transaction host. In this example, the transaction host sets the AC identifiers for the respective peripherals to a restricted access setting (AC_ID value=1). In some examples, the transaction host may execute access control identifier management commands provided in the supervisor firmware to access and program the AC identifiers.

At 704, the transaction host operates in privileged mode, e.g., by executing the appropriate supervisor firmware. At 706, while the transaction host operates in privileged mode (with AC identifiers programmed to 1), the respective access control identifier corresponding to the respective peripherals of the multiple peripherals enables access to the respective peripherals, e.g., using a respective LUT stored in memory or using a respective logic circuit, e.g., as in 4B (scenario with a transaction host) or 4D (multiple transaction host scenario). Each request by the transaction host to access a respective peripheral may include an operating mode signal indicating the privileged mode of the transaction host (e.g., operating mode signal value=1, according to the control bit scheme shown in Table 2). For each request by the transaction host to access a respective peripheral, the respective access controller corresponding to the respective peripheral may determine whether to allow or prevent access to the respective peripheral based on (a) the respective AC identifier for the respective peripheral and (optionally in a multiple transaction host scenario) the respective transaction host and (b) the operating mode signal indicating the privileged mode (e.g., operating mode signal value=1), according to the control bit scheme shown above in Table 2. In particular, the respective access control enables access to the respective peripheral based on the privileged mode of the respective transaction host (e.g. operating mode signal value = 1).

At 708, while the transaction host is operating in privileged mode, supervisor firmware executing the transaction host identifies a respective task to be performed in association with a selected peripheral ("Peripheral N") of the plurality of peripherals in a user mode. At 710, prior to executing the respective task with respect to Peripheral N in user mode, the transaction host accesses a bit mask associated with the respective task that includes access settings for multiple peripherals (including Peripheral N) to perform the respective task, and programs the AC identifiers for the plurality of peripherals associated with the transaction host based on the respective bit mask. In this example, the transaction host (a) programs the AC identifiers for peripheral N to an open-enabled setting (AC_ID value=0) and (b) programs the AC identifiers for the other peripherals of the multiple peripherals associated with the transaction host to a restricted access setting (AC_ID value=1), according to the control bit scheme shown above in Table 2.

At 712, the transaction host transitions from privileged mode to a user mode and executes the respective task with respect to peripheral N. To execute the respective task with respect to peripheral N, the access control corresponding to peripheral N enables access to peripheral N (e.g., access to registers in peripheral N) based on (a) the open access setting (AC_ID value=0), e.g., using a corresponding LUT stored in memory or using a corresponding logic circuit, e.g., as in 4B (scenario with a transaction host) or 4D (multiple transaction host scenario). When the transaction host attempts to access one of the other peripherals, the respective access control corresponding to the other peripheral prevents access to the other peripheral based on (a) the restricted access setting (AC_ID value=1) and (b) the user mode of the transaction host (operation mode signal value=0), according to Table 2, e.g. using a respective LUT or logic circuit as in 4B or 4D shown.

At 716, the transaction host completes the respective task related to peripheral N in user mode. At 718, the transaction host may identify a next transaction host activity to be performed. For example, as indicated at 720, if the supervisor firmware executed by the transaction host identifies a next peripheral-related task (related to the same peripheral or a different peripheral) to be performed in user mode, the method may return to 710, where the transaction host programs the AC identifiers accordingly for execution of the next task (e.g., based on a bit mask associated with the next task). As another example, if the supervisor firmware executed by the transaction host identifies supervisor or privileged operations to be performed in privileged mode, the method returns to 702 where the transaction host programs the AC identifiers for the multiple peripherals to the restricted access setting (AC_ID value=1) as described above.

8 is a flowchart of an example method 800 for controlling access to peripherals in an electronic device that includes a transaction host, a first peripheral, a second peripheral, and an access control register storing corresponding access control (AC) identifiers. In some examples, the electronic device may be electronic device 100 or electronic device 300 described above, and method 800 may correspond to the access control identifier scheme described above with respect to any of Tables 1, 2, or 3 described above.

At 802, a first access control identifier for the first peripheral and a second access control identifier for the second peripheral are stored in the access control register. The transaction host may dynamically program the first access control identifier and the second access control identifier over time to perform various types of operations, e.g., privileged mode operations and user mode operations, including operations with respect to the first and second peripherals. In some examples, the transaction host may execute access control identifier management instructions provided in the monitoring firmware to dynamically program the first and second access control identifiers before executing the respective tasks (e.g., device driver tasks).

For example, at 804, for privileged mode operations, the transaction host sets the first access control identifier and the second access control identifier to enable access to the first peripheral and the second peripheral, respectively. In some examples or situations, it may be unnecessary to program the AC identifiers for privileged mode operations (since the transaction host running the supervisor code may have access to all registers), and thus programming the AC identifiers at 804 may be omitted or optional. In some examples, the transaction host sets the first and second access control identifiers according to an access bit scheme as described above with respect to any of Tables 1, 2, or 3 described above. At 806, the transaction host performs privileged mode operations at a first time, such that at 806, the operating mode signal indicates privileged mode.

At 808, for a user mode operation (user mode task) related to the first peripheral, the transaction host accesses a bit mask associated with the user mode task that indicates the access settings for at least the first and second peripherals, and programs the AC identifiers for at least the first and second peripherals based on the respective bit mask. In this example, the transaction host (a) sets the first access control identifier to allow user mode access to the first peripheral by the transaction host, and (b) sets the second access control identifier to prevent user mode access to the second peripheral by the transaction host. In some examples, the transaction host sets the first and second access control identifiers according to an access bit scheme as described above with respect to any of Tables 1, 2, or 3 described above. At 810, the transaction host executes the user mode task with respect to the first peripheral at a second time such that at 810 the operating mode signal indicates the user mode.

The transaction host can dynamically program the first and second access control identifiers over time in this manner to perform different types of operations, such as privileged mode operations and user mode operations, including operations with respect to the first and second peripherals.

9 is a flowchart of an example method 900 for controlling access to peripherals using a task-related bit mask in an electronic device including a transaction host, a first peripheral, a second peripheral, and an access control register having a first access control identifier for the first peripheral and a second access control identifier for the second peripheral. At 902, computer readable code including a first task related to the first peripheral and a first bit mask corresponding to the first task are stored, the first bit mask indicating respective access settings for the first peripheral and the second peripheral for performing the first task. At 904, prior to executing the first task, the transaction host executes access control identifier management instructions to program the first and second access control identifiers in the access control register based on (a) the first bit mask associated with the first task and, in some implementations, (b) the mode of operation of the transaction host. At 906, after updating the first and second access control identifiers in the access control register, the transaction host executes the first task with respect to the first peripheral. At 908, during execution of the first task, a first access control identifier associated with the first peripheral controls access to the first peripheral based at least on the first access control identifier in the access control register that was programmed based on the first bit mask. At 910, also during execution of the first task, a second access control identifier associated with the second peripheral controls access to the second peripheral based at least on the second access control identifier in the access control register programmed based on the first bit mask.

QUOTES INCLUDED IN THE DESCRIPTION

This list of documents listed by the applicant was generated automatically and is included solely for the better information of the reader. The list is not part of the German patent or utility model application. The DPMA accepts no liability for any errors or omissions.

Cited patent literature

• 202211000733 [0001]

Claims (19)

Electronic device comprising: a first peripheral; a second peripheral; a non-transitory memory for storing: supervisor firmware comprising access control identifier management instructions; computer readable code including a first task related to the first peripheral; a first bit mask corresponding to the first task, the first bit mask indicating respective access settings for the first peripheral and the second peripheral for performing the first task; an access control register including a first access control identifier for the first peripheral and a second access control identifier for the second peripheral, a transaction host to: execute the access control identifier management instructions in the supervisor firmware to program the first and second access control identifiers in the access control register based on the first bit mask corresponding to the first task; and after updating the first and second access control identifiers in the access control register based on the first bit mask, execute the first task related to the first peripheral; a first access control identifier to control access to the first peripheral based at least on the first access control identifier in the access control register programmed based on the first bit mask; and a second access control identifier for controlling access to the second peripheral based at least on the second access control identifier in the access control register programmed based on the first bit mask. Electronic device according to claim 1 , wherein the electronic device is a system-on-chip (SoC) device. Electronic device according to one of the Claims 1 until 3 , where the transaction host comprises a processor or a direct memory access (DMA) engine. Electronic device according to one of the Claims 1 until 3 , wherein the first bit mask and the second bit mask are stored in a bit mask data structure in the non-transitory memory. Electronic device according to one of the Claims 1 until 4 , wherein: the first bit mask comprises one or more first bit mask bits indicating an access setting for the first peripheral to perform the first task, and one or more second bit mask bits indicating an access setting for the second peripheral to perform the first task; and the first access control identifier comprises one or more first access control bits and the second access control identifier comprises one or more second first access control bits. Electronic device according to one of the Claims 1 until 5 wherein: the computer readable code comprises a second task related to the second peripheral; the non-transitory memory stores a second bit mask corresponding to the second task, the second bit mask indicating the respective access settings for the first peripheral and the second peripheral to perform the second task; and the transaction host: executes the access control identifier management instructions in the supervisor firmware to program the first and second access control identifiers in the access control register based on the second bit mask associated with the second task; and after updating the first and second access control identifiers in the access control register based on the second bit mask, executes the second task with respect to the second peripheral. Electronic device according to one of the Claims 1 until 6 , where the non-transitory memory includes: a non-privileged portion containing the computer-readable code including the first task and the second task; and a privileged portion that stores the supervisor firmware including the commands for managing the access control identifiers and the first bit mask associated with the first task. Electronic device according to one of the Claims 1 until 7 wherein the first access controller: receives a request from the transaction host for access to the first peripheral to perform the first task; makes an access determination for the first peripheral based at least on the first access control identifier programmed based on the first bit mask associated with the first task; and allows or prevents the transaction host from accessing the first peripheral based on the access determination. Electronic device according to claim 8 wherein the first access control identifier is to make the access determination for the first peripheral based at least on (a) the first access control identifier programmed by the transaction host based on the first bit mask associated with the first task and (b) an operating mode signal indicating either a privileged mode of the transaction host or a user mode of the transaction host. Electronic device according to one of the Claims 1 until 9 , where the first bit mask associated with the first task indicates that (a) the first task is associated with a peripheral access permission for the first peripheral and (b) the first task is not associated with a peripheral access permission for the second peripheral. Electronic device according to claim 10 , wherein: the first bit mask corresponding to the first task indicates that (a) the first task is associated with a peripheral access permission to the first peripheral and (b) the first task is not associated with a peripheral access permission to the second peripheral; the access control identifier management instructions are to program the first and second access control identifiers in the access control register based on the first bit mask prior to execution of the first task, including (a) updating the first access control identifier to an access-enabled value that allows access to the first peripheral during execution of the first task and (b) updating the second access control identifier to an access-denied value that prevents access to the second peripheral during execution of the first task; the first access control identifier is to allow access to the first peripheral during execution of the first task based on the access permission value of the first access control identifier; and the second access control identifier is to prevent access to the second peripheral during execution of the first task based on the access prevention value of the second access control identifier. Electronic device according to one of the Claims 1 until 11 , wherein: the transaction host is to selectively operate in a privileged mode and a user mode; the first bit mask corresponding to the first task indicates that (a) the first task is associated with a peripheral access authorization for the first peripheral and (b) the first task is not associated with a peripheral access authorization for the second peripheral; and the access control identifier management instructions are to program the first and second access control identifiers in the access control register based on the first bit mask prior to execution of the first task, including (a) updating the first access control identifier to an open access setting for the first peripheral that enables access to the first peripheral in both the privileged mode and the user mode of the transaction host; and (b) updating the second access control identifier to a restricted access value for the second peripheral that enables access to the second peripheral in the privileged mode but not in the user mode of the transaction host. Electronic device according to one of the Claims 1 until 12 , wherein the access control register is provided in a third peripheral. A method comprising: in an electronic device including a transaction host, a first peripheral, a second peripheral, and an access control register having a first access control identifier for the first peripheral and a second access control identifier for the second peripheral, storing (a) computer readable code including a first task related to the first peripheral and (b) a first bit mask corresponding to the first task, the first bit mask indicating respective access settings for the first peripheral and the second peripheral for performing the first task; wherein the transaction host, prior to executing the first task, executes access control identifier management instructions to program the first and second access control identifiers in the access control register based on the first bit mask associated with the first task; after updating the first and second access control identifiers in the access control register based on the first bit mask, the transaction host executes the first task related to the first peripheral; during execution of the first task: a first access control identifier associated with the first peripheral controls access to the first peripheral based at least on the first access control identifier in the access control register programmed based on the first bit mask; and a second access control identifier associated with the second peripheral controls access to the second peripheral based at least on the second access control identifier in the access control register programmed based on the first bit mask. procedure according to claim 14 comprising: storing computer readable code including a second task related to the second peripheral; storing a second bit mask corresponding to the second task, the second bit mask specifying respective access settings for the first peripheral and the second peripheral for performing the second task; wherein, prior to performing the second task, the transaction host executes the access control identifier management instructions to program the first and second access control identifiers in the access control register based on the second bit mask associated with the second task; after updating the first and second access control identifiers in the access control register based on the second bit mask, the transaction host executes the second task related to the second peripheral; during execution of the second task: the first access control identifier associated with the first peripheral controls access to the first peripheral based at least on the first access control identifier in the access control register programmed based on the second bit mask; and the second access control identifier associated with the second peripheral controls access to the second peripheral based at least on the second access control identifier in the access control register programmed based on the second bit mask. Method according to one of the Claims 14 until 15 , wherein the first access control identifier that controls access to the first peripheral based at least on the first access control identifiers programmed based on the first bit mask comprises: the first access controller receiving an access request from the transaction host for access to the first peripheral to perform the first task; the first access controller making an access determination for the first peripheral based at least on the first access control identifier programmed based on the first bit mask; and the first access controller allowing or preventing transaction host access to the first peripheral based on the access determination. procedure according to claim 16 , comprising the first access controller making the access determination for the first peripheral based at least on (a) the first access control identifier programmed based on the first bit mask and (b) an operating mode signal indicating either a privileged mode of the transaction host or a user mode of the transaction host. Method according to one of the Claims 14 until 17 , wherein: the first bit mask corresponding to the first task indicates that (a) the first task is associated with a peripheral access permission for the first peripheral and (b) the first task is not associated with a peripheral access permission for the second peripheral; executing the access control identifier management instructions to program the first and second access control identifiers in the access control register based on the first bit mask associated with the first task, comprising (a) updating the first access control identifier to an allow access value that allows access to the first peripheral during execution of the first task, and (b) updating the second access control identifier to a prevent access value that prevents access to the second peripheral during execution of the first task; and during execution of the first task: the first access control identifier associated with the first peripheral allows access to the first peripheral based on the access permission value of the first access control identifier; and the second access control identifier associated with the second peripheral prevents access to the second peripheral based on the access prevention value of the second access control identifier. Method according to one of the Claims 14 until 18 , wherein: the transaction host selectively operates in a privileged mode and a user mode; the first bit mask corresponding to the first task indicates that (a) the first task is associated with a peripheral access permission for the first peripheral and (b) the first task is not associated with a peripheral access permission for the second peripheral; Executing the access control identifier management instructions to program the first and second access control identifiers in the access control register based on the first bit mask associated with the first task, comprising (a) updating the first access control identifier to an open access value for the first peripheral that allows access to the first peripheral in both the privileged mode and the user mode of the transaction host, and (b) updating the second access control identifier to an access restricted value for the second peripheral that allows access to the second peripheral in the privileged mode but not in the user mode of the transaction host; and during execution of the first task: the first access control identifier associated with the first peripheral allows access to the first peripheral in both the privileged mode and the user mode of the transaction host based on the open access value of the first access control identifier, and the second access control identifier associated with the second peripheral prevents access to the second peripheral in the privileged mode of the transaction host but not in the user mode of the transaction host based on the restricted access value of the second access control identifier.

Images