[go: up one dir, main page]

CN115221086A - Bus control system, method and electronic device - Google Patents

Bus control system, method and electronic device Download PDF

Info

Publication number
CN115221086A
CN115221086A CN202210810208.4A CN202210810208A CN115221086A CN 115221086 A CN115221086 A CN 115221086A CN 202210810208 A CN202210810208 A CN 202210810208A CN 115221086 A CN115221086 A CN 115221086A
Authority
CN
China
Prior art keywords
access
master device
bus
access request
master
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210810208.4A
Other languages
Chinese (zh)
Inventor
周欣
马致远
贾民虎
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Oppo Mobile Telecommunications Corp Ltd
Original Assignee
Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Oppo Mobile Telecommunications Corp Ltd filed Critical Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority to CN202210810208.4A priority Critical patent/CN115221086A/en
Publication of CN115221086A publication Critical patent/CN115221086A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • G06F13/14Handling requests for interconnection or transfer
    • G06F13/36Handling requests for interconnection or transfer for access to common bus or bus system

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

A bus control system, method and electronic device are provided. The bus control system includes: the first master device is connected with the second master device through a system bus; and the first access controller is arranged between the first master device and the system bus and is used for performing access control on an access request which is sent by the second master device and aims at the first master device. According to the embodiment of the application, the access controller is arranged between the main device and the system bus to carry out access control on the access request, so that access permission control between the main devices is realized, the access risk is reduced, and the safety and the stability of the system are improved.

Description

总线控制系统、方法以及电子设备Bus control system, method and electronic device

技术领域technical field

本申请实施例涉及总线控制技术领域,并且更为具体地,涉及一种总线控制系统、方法以及电子设备。The embodiments of the present application relate to the technical field of bus control, and more particularly, to a bus control system, method, and electronic device.

背景技术Background technique

总线是一组能为多个设备/部件分时共享的公共信息传送线路。总线上可以挂接多个设备,可在总线上发起信息传输的设备叫做主设备,不能在总线上主动发起通信、只能对总线信息进行接收查询的设备称为从设备。目前片上系统(system on chip,SoC)的访问控制设计中,一般在系统总线下游通过从设备侧访问过滤器(slave side access filter,SlvAF)对从设备的访问请求进行访问权限判断,来仲裁该笔请求是否有效。A bus is a set of common information transmission lines that can be shared by multiple devices/components in time. Multiple devices can be attached to the bus. The device that can initiate information transmission on the bus is called the master device, and the device that cannot actively initiate communication on the bus and can only receive and query the bus information is called the slave device. At present, in the access control design of the system on chip (SoC), the access request of the slave device is generally judged by the slave side access filter (SlvAF) downstream of the system bus to arbitrate the access request. Whether the pen request is valid.

系统总线上游的主设备之间也有资源访问的场景,在基于总线下游从设备的访问控制系统中,一旦总线上游的主设备被攻击或者主设备本身有安全漏洞,会造成其它主设备内的资源被非法入侵或泄露,引发数据侵犯和系统异常。There are also resource access scenarios between master devices upstream of the system bus. In an access control system based on slave devices downstream of the bus, once the master device upstream of the bus is attacked or the master device itself has a security vulnerability, resources in other master devices will be created. It is illegally invaded or leaked, causing data violation and system abnormality.

发明内容SUMMARY OF THE INVENTION

本申请实施例提供了一种总线控制系统、方法以及电子设备,下面对本申请实施例的各个方面进行介绍。Embodiments of the present application provide a bus control system, method, and electronic device, and various aspects of the embodiments of the present application are introduced below.

第一方面,提供一种总线控制系统,包括:第一主设备和第二主设备,所述第一主设备和所述第二主设备通过系统总线相连;第一访问控制器,设置在所述第一主设备和所述系统总线之间,用于对所述第二主设备发送的针对所述第一主设备的访问请求进行访问控制。In a first aspect, a bus control system is provided, comprising: a first master device and a second master device, the first master device and the second master device are connected through a system bus; a first access controller, arranged in a between the first master device and the system bus, for performing access control on the access request sent by the second master device to the first master device.

第二方面,提供一种总线控制的方法,应用于总线控制系统,所述总线控制系统包括:第一主设备和第二主设备,所述第一主设备和所述第二主设备通过系统总线相连;第一访问控制器,设置在所述第一主设备和所述系统总线之间,用于对所述第二主设备发送的针对所述第一主设备的访问请求进行访问控制;所述方法包括:通过所述系统总线传输所述第二主设备针对所述第一主设备发送的访问请求;利用所述第一访问控制器对所述访问请求进行访问控制。In a second aspect, a method for bus control is provided, which is applied to a bus control system, where the bus control system includes: a first master device and a second master device, the first master device and the second master device pass through the system The buses are connected to each other; the first access controller is arranged between the first master device and the system bus, and is used to perform access control on the access request sent by the second master device for the first master device; The method includes: transmitting, through the system bus, an access request sent by the second master device to the first master device; and using the first access controller to perform access control on the access request.

第三方面,提供一种电子设备,包括如第一方面所述的总线控制系统。In a third aspect, an electronic device is provided, including the bus control system according to the first aspect.

本申请实施例在主设备和系统总线之间设置了访问控制器对来访请求进行访问控制,实现了主设备之间访问的权限控制,有助于规避主设备因为漏洞或者攻击而引起的非法访问,减小了访问风险,提高系统的安全性和稳定性。In the embodiment of the present application, an access controller is set between the master device and the system bus to control the access request, which realizes the access control between the master devices and helps to avoid illegal access of the master device due to loopholes or attacks. , reducing the access risk and improving the security and stability of the system.

附图说明Description of drawings

图1是基于总线下游从设备的访问控制系统的示意图。FIG. 1 is a schematic diagram of an access control system based on a downstream slave device of a bus.

图2是本申请实施例提供的总线控制系统的示意图。FIG. 2 is a schematic diagram of a bus control system provided by an embodiment of the present application.

图3是图2系统的一种可能的实现方式的示意图。FIG. 3 is a schematic diagram of one possible implementation of the system of FIG. 2 .

图4是本申请实施例提供的总线控制的方法的流程示意图。FIG. 4 is a schematic flowchart of a method for bus control provided by an embodiment of the present application.

图5是本申请实施例提供的电子设备的结构示意图。FIG. 5 is a schematic structural diagram of an electronic device provided by an embodiment of the present application.

具体实施方式Detailed ways

下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅是本申请的一部分实施例,而不是全部的实施例。The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application. Obviously, the described embodiments are only a part of the embodiments of the present application, but not all of the embodiments.

总线是一组能为多个设备或部件分时共享的公共信息传送线路。总线可在芯片内、芯片间、板卡间或计算机系统间连接。总线上可以挂接多个设备,可在总线上发起信息传输的设备叫做主设备,不能在总线上主动发起通信、只能对总线信息进行接收查询的设备称为从设备。A bus is a set of common information transmission lines that can be shared by multiple devices or components in time-sharing. A bus can connect within a chip, between chips, between boards, or between computer systems. Multiple devices can be attached to the bus. The device that can initiate information transmission on the bus is called the master device, and the device that cannot actively initiate communication on the bus and can only receive and query the bus information is called the slave device.

随着集成电路的不断发展,系统级芯片在手机、电子产品等智能终端上的应用越来越广泛。系统级芯片,也称为片上系统,是一个微小型系统,将微处理器、模拟IP核、数字IP核和存储器(或片外存储控制接口)集成在单一芯片上。With the continuous development of integrated circuits, the application of SoCs in smart terminals such as mobile phones and electronic products has become more and more extensive. A system-on-chip, also known as a system-on-chip, is a tiny system that integrates a microprocessor, analog IP core, digital IP core, and memory (or off-chip memory control interface) on a single chip.

目前SoC的访问控制设计中,一般在系统总线下游通过从设备侧访问过滤器(slave side access filter,SlvAF)对从设备进行基于发起方标识、物理地址信息、安全属性、读/写请求的访问权限判断,来仲裁该笔请求是否有效。SlvAF属于一类硬件知识产权(Intellectual Property,IP),用于实现访问控制的功能。In the current SoC access control design, the slave device is generally accessed based on the initiator identification, physical address information, security attributes, and read/write requests through the slave side access filter (SlvAF) downstream of the system bus. Judgment of authority to arbitrate whether the request is valid. SlvAF belongs to a class of hardware intellectual property (Intellectual Property, IP), and is used to implement the function of access control.

图1是SoC中基于总线下游从设备的访问控制系统的示意图。如图1所示,该总线访问控制系统包括:第一主设备110、第二主设备120、系统总线130、第一从设备140和第一从访问过滤器等。FIG. 1 is a schematic diagram of an access control system based on a downstream slave device in a SoC. As shown in FIG. 1 , the bus access control system includes: a first master device 110 , a second master device 120 , a system bus 130 , a first slave device 140 , a first slave access filter, and the like.

第一主设备110与系统总线130相连,可以发起访问信息。第一主设备110例如可以为处理器、无线接收装置。第二主设备120与系统总线130相连,可以发起访问信息。第二主设备120例如可以为信号音频处理装置、无线接收装置。The first master device 110 is connected to the system bus 130 and can initiate access to information. The first master device 110 may be, for example, a processor or a wireless receiving apparatus. The second master device 120 is connected to the system bus 130 and can initiate access to information. The second master device 120 may be, for example, a signal audio processing apparatus or a wireless receiving apparatus.

系统总线130用于传输控制信息,可以包括控制信号和时序信号。系统总线130通常是CPU与内存和输入/输出设备等接口之间进行通讯的通路。The system bus 130 is used to transmit control information, which may include control signals and timing signals. The system bus 130 is generally the communication path between the CPU and interfaces such as memory and input/output devices.

第一从设备140与系统总线130相连,用于对总线信息进行接收查询。第一从设备140例如可以为打印装置、音频播放装置。The first slave device 140 is connected to the system bus 130 for receiving and querying bus information. The first slave device 140 may be, for example, a printing device or an audio playing device.

第一从访问过滤器150的一端与系统总线130上的端口相连,另一端与第一从设备140相连,可以对第一从设备140的来访指令进行访问控制或检查。One end of the first slave access filter 150 is connected to the port on the system bus 130 , and the other end is connected to the first slave device 140 , and can perform access control or inspection on the visiting instruction of the first slave device 140 .

基于总线下游从设备的访问控制系统的基本思路是,对每笔访问请求检查主设备安全标识(secure master identification,SecMID)、要访问的物理地址信息、读/写请求、安全属性这四个要素进行权限检查。主设备安全标识也称为主设备安全硬件标识,一般是在SoC集成阶段对于每个主设备分配的固定标识,芯片流片后不可改变。要访问的物理地址信息一般是指该笔请求要访问的物理起始地址和物理结束地址。读/写请求一般是用来表明当前这笔请求是读数据或者是写数据。安全属性一般是安全(secure,S)或者非安全(non-secure,NS)的请求属性。The basic idea of the access control system based on the downstream slave device of the bus is to check the four elements of the master device's secure master identification (SecMID), the physical address information to be accessed, the read/write request, and the security attribute for each access request. Do a permission check. The master device security identifier is also called the master device security hardware identifier, which is generally a fixed identifier assigned to each master device during the SoC integration stage, and cannot be changed after the chip is taped out. The physical address information to be accessed generally refers to the physical start address and physical end address to be accessed by the request. The read/write request is generally used to indicate whether the current request is to read data or write data. The security attributes are generally secure (secure, S) or non-secure (non-secure, NS) request attributes.

基于上述四个要素,每笔访问请求可以建立一个访问权限表,如图1下方的表格所示。该访问权限表用于限制指定的物理地址区间,只能被特定的SecMID携带特定的安全属性进行指定的读或者写访问。这样在总线下游对具体从设备进行访问的时候,只有通过SlvAF中访问权限表的检查之后,才能到达目标从设备进行数据访问。如果SlvAF中访问权限表检查被拒绝,则用虚拟从设备中预置值进行数据返回,不会造成总线请求的反压,也不会让该笔请求到达目标从设备。在一些处理方式中,该笔访问请求也可以到达目标从设备,但是数据返回经过SlvAF的时候,数据将被替换成预置值。Based on the above four elements, an access permission table can be established for each access request, as shown in the table below Figure 1. The access permission table is used to limit the specified physical address range, which can only be accessed by a specific SecMID carrying a specific security attribute for a specified read or write access. In this way, when accessing a specific slave device downstream of the bus, the target slave device can be accessed for data access only after checking the access permission table in the SlvAF. If the access permission table check in SlvAF is rejected, data is returned with the preset value in the virtual slave device, which will not cause back pressure on the bus request, nor will the request reach the target slave device. In some processing methods, the access request can also reach the target slave device, but when the data is returned through SlvAF, the data will be replaced with the preset value.

例如,第一主设备110通过系统总线130对第一从设备140进行访问的时候,只有通过第一从访问过滤器150对访问权限表的检查之后,才能到达第一从设备140进行数据访问。如果第一从访问过滤器150的访问权限检查没有通过,被拒绝了,则用虚拟从设备中预置值进行数据返回,不会造成系统总线130请求的反压,也不会让该笔访问请求到达第一从设备140。在一些处理方式中,该笔访问请求也可以到达第一从设备140,但是数据返回经过第一从访问过滤器150的时候,数据将被替换成预置值。For example, when the first master device 110 accesses the first slave device 140 through the system bus 130, the first slave device 140 can be accessed for data access only after the first slave access filter 150 checks the access permission table. If the access authority check of the first slave access filter 150 fails and is rejected, the data is returned with the preset value in the virtual slave device, which will not cause the back pressure requested by the system bus 130 and will not allow the access The request arrives at the first slave device 140 . In some processing manners, the access request can also reach the first slave device 140, but when the data is returned through the first slave access filter 150, the data will be replaced with a preset value.

基于总线下游从设备的访问控制系统一般不会对总线上游的主设备进行权限管控,无法对总线上游主设备之间访问进行管控,不能形成完善的访问控制体系。但系统总线上游的主设备之间也有资源访问的场景,例如第一主设备110访问第二主设备120。一旦其中有主设备被攻破或者执行异常,会导致主设备的资源被非法入侵和信息泄露。而且,此时主设备发出的请求是不可信的,会造成对其它主设备内的资源进行有意或无意的读写,导致数据泄露或者数据被恶意改写,进而引发数据侵犯和系统异常。The access control system based on the slave device downstream of the bus generally does not control the authority of the master device upstream of the bus, cannot manage and control the access between the master devices upstream of the bus, and cannot form a complete access control system. However, there are also resource access scenarios between master devices upstream of the system bus, for example, the first master device 110 accesses the second master device 120 . Once the master device is breached or executed abnormally, the resources of the master device will be illegally invaded and information will be leaked. Moreover, at this time, the request sent by the master device is untrustworthy, which will cause intentional or unintentional reading and writing of resources in other master devices, resulting in data leakage or malicious rewriting of data, resulting in data violation and system abnormality.

需要说明的是,上文提及的SOC总线上主设备之间访问存在数据泄露及数据侵犯的问题仅是一个示例,本申请实施例可应用于系统总线上主设备之间访问存在风险的任意类型的场景。It should be noted that the problem of data leakage and data violation in the access between master devices on the SOC bus mentioned above is only an example, and the embodiments of the present application can be applied to any risk of access between master devices on the system bus. type of scene.

因此,如何开发一种系统总线上主设备之间访问风险小的方案是需要解决的问题。Therefore, how to develop a solution with low access risk between master devices on the system bus is a problem that needs to be solved.

基于此,本申请实施例提出一种总线控制系统,下面对本申请实施例进行详细描述。Based on this, an embodiment of the present application proposes a bus control system, and the embodiment of the present application is described in detail below.

图2是本申请实施例提供的一种总线控制系统的示意图。该总线控制系统200可以包括第一主设备210、第二主设备220、系统总线230和第一访问过滤器240。FIG. 2 is a schematic diagram of a bus control system provided by an embodiment of the present application. The bus control system 200 may include a first master device 210 , a second master device 220 , a system bus 230 and a first access filter 240 .

第一主设备210与系统总线230相连,可以通过系统总线230发起访问请求信息,也可以通过系统总线230接收来访的请求信息。第一主设备210可以是指与系统总线230连接的多个主设备中的任意一个主设备,例如可以为处理器、存储器、无线接收装置。The first master device 210 is connected to the system bus 230 , and can initiate access request information through the system bus 230 , and can also receive access request information through the system bus 230 . The first master device 210 may refer to any one master device among multiple master devices connected to the system bus 230 , and may be, for example, a processor, a memory, or a wireless receiving apparatus.

第二主设备220与系统总线230相连,可以通过系统总线230发起访问请求信息,也可以通过系统总线230接收来访的请求信息。第二主设备220可以是指与系统总线230连接的多个主设备中任意一个不同于第一主设备210的主设备,例如可以为存储器、音频信号处理装置、无线接收装置。The second master device 220 is connected to the system bus 230 , and can initiate access request information through the system bus 230 , and can also receive access request information through the system bus 230 . The second master device 220 may refer to any one of the multiple master devices connected to the system bus 230 that is different from the first master device 210, and may be, for example, a memory, an audio signal processing device, or a wireless receiving device.

系统总线230用于传输访问请求等控制信息,控制信息可以包括控制信号和时序信号。系统总线230通常是CPU与内存和输入/输出设备等接口之间进行通讯的通路。The system bus 230 is used to transmit control information such as access requests, and the control information may include control signals and timing signals. The system bus 230 is generally the communication path between the CPU and interfaces such as memory and input/output devices.

第一访问控制器240设置在第一主设备210和系统总线230之间,用于对第一主设备210的访问请求进行检查或访问控制,例如可以对第二主设备220针对第一主设备210发送的访问请求进行访问控制。第一访问控制器240也可以称为访问过滤器(access filter,AF)。The first access controller 240 is disposed between the first master device 210 and the system bus 230, and is used to check or access the access request of the first master device 210. For example, the second master device 220 can control the access request of the first master device The access request sent by 210 performs access control. The first access controller 240 may also be referred to as an access filter (AF).

访问请求通常包括一个权限访问表。如表1所示,权限访问表可以包括主设备安全标识、要访问的物理地址信息、读/写请求、安全属性等要素。第一访问控制器240可以对发向第一主设备210的访问请求,基于物理地址信息、发起方标识、安全属性、读/写请求等访问权限进行判断,来仲裁该笔访问请求是否安全。An access request usually includes a permission access table. As shown in Table 1, the permission access table may include such elements as master device security identification, physical address information to be accessed, read/write requests, security attributes, and the like. The first access controller 240 may judge whether the access request sent to the first master device 210 is safe based on the physical address information, initiator identification, security attributes, read/write request and other access rights.

表1Table 1

地址信息Address information 主设备安全标识Main Equipment Safety Identification 读/写read/write 安全/不安全safe/unsafe 0x0000_0000-0x0000_0FFF0x0000_0000-0x0000_0FFF 0x10x1 只读read only SS 0x0000_1000-0x0000_1FFF0x0000_1000-0x0000_1FFF 0x20x2 只写just write NSNS 0x0000_2000-0x0000_2FFF0x0000_2000-0x0000_2FFF 0x30x3 读、写read, write SS 0x0000_3000-0x0000_3FFF0x0000_3000-0x0000_3FFF 0x40x4 读、写read, write NSNS

如图2中的虚线所示,第二主设备220针对第一主设备210发送的访问请求的流程可以分为以下几个步骤:As shown by the dotted line in FIG. 2 , the flow of the access request sent by the second master device 220 to the first master device 210 can be divided into the following steps:

步骤一,第二主设备220通过系统总线230发出针对第一主设备210的访问请求,此访问请求可以包括一个权限访问表,权限访问表可以包括主设备安全标识、要访问的物理地址信息等权限要素。Step 1, the second master device 220 issues an access request for the first master device 210 through the system bus 230, this access request may include a permission access table, and the permission access table may include the master device security identification, the physical address information to be accessed, etc. Permission element.

步骤二,系统总线230将此访问请求传输至第一访问控制器240。In step 2, the system bus 230 transmits the access request to the first access controller 240 .

步骤三,第一访问控制器240对此访问请求进行访问权限检查。如果该笔访问请求通过了访问权限检查,第二主设备220的该笔访问请求可以访问到第一主设备210内部的资源。如果该笔访问请求没有通过访问权限检查,则会遭到第一访问控制器240的拒绝,触发第一访问控制器240发出异常上报,可以返回预设值,如采用虚拟主设备中的预设值进行数据返回。在一些实施例中,该笔访问请求也可以到达第一主设备210,但是数据返回经过第一访问控制器240的时候,数据将被替换成预置值。当第二主设备220因为漏洞或者攻击而引起对第一主设备210的非法访问时,第一访问控制器240可以滤除不符合访问权限的非法访问请求,从而实现主设备之间访问的权限控制,减小访问风险。Step 3, the first access controller 240 checks the access authority for the access request. If the access request passes the access permission check, the access request of the second master device 220 can access resources inside the first master device 210 . If the access request does not pass the access authority check, it will be rejected by the first access controller 240, which will trigger the first access controller 240 to issue an exception report, which can return to a preset value, such as the preset value in the virtual master device. value for data return. In some embodiments, the access request can also reach the first host device 210, but when the data is returned through the first access controller 240, the data will be replaced with a preset value. When the second master device 220 illegally accesses the first master device 210 due to a loophole or an attack, the first access controller 240 can filter out illegal access requests that do not meet the access rights, so as to achieve access rights between master devices Control and reduce access risk.

在一些实现方式中,也会有第一主设备210访问第二主设备220的场景,可以在第二主设备220与系统总线230之间设置访问控制器,该访问控制器也可以配置成第一访问控制器240,用于对第一主设备210针对第二主设备220发出的访问请求进行访问控制。从而实现主设备之间访问的权限控制,减小访问风险。In some implementations, there may also be a scenario in which the first master device 210 accesses the second master device 220. An access controller may be set between the second master device 220 and the system bus 230, and the access controller may also be configured as the first master device 220. An access controller 240 configured to perform access control on the access request sent by the first master device 210 to the second master device 220 . Thereby, the access authority control between the master devices is realized, and the access risk is reduced.

在一些实现方式中,总线控制系统200还可以包括与系统总线230相连的多个从设备。从设备只能通过系统总线230接收查询信息,例如可以为存储器、音频播放装置。第一从设备为多个从设备中的任意一个从设备。在从设备和系统总线230之间可以设置从设备侧的访问控制器,用于对发送至从设备的访问请求进行访问控制。第二访问控制器可以为多个从设备侧访问控制器中的任意一个。如第二访问控制器位于第一从设备和系统总线230之间,用于对发送至第一从设备的访问请求进行访问控制。In some implementations, the bus control system 200 may also include multiple slave devices connected to the system bus 230 . The slave device can only receive the query information through the system bus 230, which can be, for example, a memory or an audio playback device. The first slave device is any one of the multiple slave devices. An access controller on the slave device side may be set between the slave device and the system bus 230 to perform access control on the access request sent to the slave device. The second access controller may be any one of multiple slave device side access controllers. For example, the second access controller is located between the first slave device and the system bus 230, and is used to perform access control on the access request sent to the first slave device.

第一访问控制器240不仅可以对第一主设备210的来访请求进行访问控制,也可以接收第一主设备210发出的访问请求,对第一主设备210发出的访问请求进行访问权限配置。第一主设备210发送的访问请求也称为第一访问请求。在一些实施例中,第一主设备210发出的第一访问请求可以是针对第一从设备的。在一些实施例中,第一主设备210发出的第一访问请求可以是针对第二主设备的。本申请实施例基于总线上游主设备侧的访问控制设计,弥补了仅靠总线下游的SlvAF在功能性和完备性上的不足,形成全面的总线访问控制,较大程度减小了系统访问风险。The first access controller 240 can not only perform access control on the access request from the first master device 210 , but also receive the access request sent by the first master device 210 and configure the access rights for the access request sent by the first master device 210 . The access request sent by the first master device 210 is also referred to as a first access request. In some embodiments, the first access request sent by the first master device 210 may be directed to the first slave device. In some embodiments, the first access request sent by the first master device 210 may be directed to the second master device. Based on the access control design on the bus upstream master side, the embodiments of the present application make up for the insufficiency of the SlvAF downstream of the bus in functionality and completeness, form comprehensive bus access control, and greatly reduce system access risks.

第一访问控制器240通常根据访问权限的配置信息进行访问控制。第一主设备210发出的第一访问请求经过第一访问控制器240之后,应当具有从设备侧的第二访问控制器需要检查的访问权限项,例如SecMID信息、目的物理地址信息、读/写信息、安全属性信息四个要素。The first access controller 240 generally performs access control according to the configuration information of the access authority. After the first access request sent by the first master device 210 passes through the first access controller 240, it should have access rights items that need to be checked by the second access controller on the slave side, such as SecMID information, destination physical address information, read/write There are four elements of information and security attribute information.

布置在第一从设备前的第二访问控制器对第一访问请求进行访问权限检查,只有检查通过的第一访问请求才能实际访问到第一从设备的资源。否则,会触发第二访问控制器的拒绝,第二访问控制器进行异常上报,也可以返回预设值。The second access controller arranged in front of the first slave device performs an access authority check on the first access request, and only the first access request that passes the check can actually access the resources of the first slave device. Otherwise, the rejection of the second access controller will be triggered, and the second access controller will report the abnormality, and may also return to the default value.

在一些实现方式中,复杂的SoC设计会集成不同供应商的主设备IP,而供应商私有的架构设计没有统一的标准,所以有些主设备IP发出的总线传输中不支持安全属性。对于不支持安全属性的主设备,需要额外的机制来进行安全属性的添加,否则无法满足下游的权限检查机制,不能满足总线下游的访问控制的仲裁条件。进而将导致芯片系统的整体访问控制体系难以满足完备性和灵活性,对用户的个人隐私信息和数据安全造成威胁,最终影响用户的安全体验和产品信任感。第一访问控制器240可以在第一访问请求中添加安全属性,帮助不支持安全属性的主设备发出期望的安全信号,满足下游从设备侧访问控制器的权限检查要求。第一访问控制器240可以灵活集成不同IP供应商的安全方案,构建SoC系统主设备侧和从设备侧完善的访问控制体系,有助于进一步增加安全性、减少攻击面。In some implementations, complex SoC designs integrate master device IPs from different vendors, and there is no unified standard for vendor-private architecture designs, so some master device IPs do not support security attributes in bus transmissions. For a master device that does not support security attributes, additional mechanisms are required to add security attributes, otherwise, the downstream permission checking mechanism cannot be satisfied, and the arbitration conditions of the access control downstream of the bus cannot be satisfied. In turn, the overall access control system of the chip system will be difficult to meet the completeness and flexibility, posing a threat to the user's personal privacy information and data security, and ultimately affecting the user's security experience and product trust. The first access controller 240 can add a security attribute to the first access request, so as to help the master device that does not support the security attribute to send out the desired security signal, and satisfy the permission checking requirements of the downstream slave device side access controller. The first access controller 240 can flexibly integrate the security solutions of different IP providers, and build a complete access control system on the master side and the slave side of the SoC system, which helps to further increase security and reduce the attack surface.

第一访问控制器240的配置通常要在对应主设备初始化之前完成,从设备侧访问控制器也有类似的流程约束。The configuration of the first access controller 240 is usually completed before the initialization of the corresponding master device, and the slave device side access controller also has similar process constraints.

通常在可信执行环境(trusted execution environment,TEE)中配置第一访问控制器240中的权限访问表和安全属性信息。TEE例如可以是SoC上电启动阶段的TEE环境,也可以是运行时的TEE环境。一般情况下,第一访问控制器240的配置应当限定在TEE环境才能配置,且支持锁定配置的功能。The permission access table and security attribute information in the first access controller 240 are usually configured in a trusted execution environment (TEE). For example, the TEE may be the TEE environment in the power-on and start-up phase of the SoC, or may be the TEE environment at runtime. Generally, the configuration of the first access controller 240 should be limited to the TEE environment, and supports the function of locking the configuration.

在一些实现方式中,第一访问控制器240可以对访问请求的权限配置表内的每个地址区域支持锁定功能,如表2所示。权限配置锁定以后只有全系统复位之后才能再次编辑权限配置表。可选地,第一访问控制器240可以根据物理地址变化的诉求,锁定某个地址区域的配置,全系统复位之前不可更改。可选地,第一访问控制器240也可以不锁定某个地址区域的配置,用于运行时动态改变。In some implementations, the first access controller 240 may support a locking function for each address region in the permission configuration table of the access request, as shown in Table 2. After the permission configuration is locked, the permission configuration table can be edited again only after the whole system is reset. Optionally, the first access controller 240 may lock the configuration of a certain address area according to the request of physical address change, which cannot be changed until the whole system is reset. Optionally, the first access controller 240 may also not lock the configuration of a certain address area for dynamic change at runtime.

表2Table 2

地址信息Address information 主设备安全标识Main Equipment Safety Identification 读/写read/write 安全/不安全safe/unsafe 锁定locking 0x0000_0000-0x0000_0FFF0x0000_0000-0x0000_0FFF 0x10x1 只读read only SS Yes 0x0000_1000-0x0000_1FFF0x0000_1000-0x0000_1FFF 0x20x2 只写just write NSNS no 0x0000_2000-0x0000_2FFF0x0000_2000-0x0000_2FFF 0x30x3 读、写read, write SS Yes 0x0000_3000-0x0000_3FFF0x0000_3000-0x0000_3FFF 0x40x4 读、写read, write NSNS no

在一些实现方式中,第一访问控制器240对第一访问请求可以指定具体地址区域,对应发出指定S或者NS的安全属性。即第一访问控制器240可以根据物理地址来切换安全属性。可选地,第一访问控制器240也可以透传主设备原始请求中的安全属性。透传即透明传输(pass-through),指的是在通讯中不管传输的业务内容如何,只负责将传输的内容由源地址传输到目的地址,而不对业务数据内容做任何改变。In some implementation manners, the first access controller 240 may specify a specific address area for the first access request, corresponding to sending out a security attribute specifying S or NS. That is, the first access controller 240 can switch the security attribute according to the physical address. Optionally, the first access controller 240 may also transparently transmit the security attribute in the original request of the master device. Transparent transmission means pass-through, which means that in communication, regardless of the content of the transmitted service, it is only responsible for transmitting the content of transmission from the source address to the destination address, without making any changes to the content of the service data.

在一些实现方式中,第一访问控制器240可以设定被访问主设备中哪些地址区域可以被外部特定的主设备访问。如对第一主设备210发出的第一访问请求,第一访问控制器240可以设定第一主设备210中某些地址区域可以被外部特定的主设备访问。可选地,第一访问控制器240也可以对第一主设备210中的某些地址区域不设定外部特定的主设备访问对象。In some implementations, the first access controller 240 can set which address regions in the accessed master device can be accessed by an external specific master device. As a first access request sent to the first host device 210, the first access controller 240 may set certain address areas in the first host device 210 to be accessible by a specific external host device. Optionally, the first access controller 240 may also not set an external specific host device access object for some address areas in the first host device 210 .

在一些实现方式中,SoC集成阶段没有给所有的主设备分配主设备安全硬件标识,在可信执行环境下,第一访问控制器240可以修改第一访问请求中的主设备安全硬件标识。可选地,第一访问控制器240可以添加第一访问请求中的主设备安全硬件标识。以便使没有分配主设备安全硬件标识的主设备发出的访问请求,可以满足下游从设备访问控制器的访问检查要求。In some implementations, the master device security hardware identifier is not allocated to all master devices in the SoC integration stage, and in a trusted execution environment, the first access controller 240 may modify the master device security hardware identifier in the first access request. Optionally, the first access controller 240 may add the master device security hardware identifier in the first access request. In order to make the access request issued by the master device without the master device security hardware identification assigned, the access check requirements of the access controller of the downstream slave device can be satisfied.

可选地,系统总线挂接的主设备对功能的要求不同,第一访问控制器240可以在IP例化时支持对功能的参数化配置,第一访问控制器240也可以在IP调用子模块时支持对功能的参数化配置。这有助于进一步减少物理面积,从而降低功耗。Optionally, the master devices attached to the system bus have different requirements for functions, the first access controller 240 may support parameterized configuration of functions during IP instantiation, and the first access controller 240 may also call sub-modules in the IP. Parameterized configuration of functions is supported. This helps to further reduce the physical area, thereby reducing power consumption.

可选地,第一访问控制器240可以扩展支持多种系统总线协议,包含但不限于高级微处理器总线架构(advanced microcontroller bus architecture,AMBA)、高级可扩展接口协议(advanced extension interface,AXI)协议等。Optionally, the first access controller 240 can be extended to support multiple system bus protocols, including but not limited to advanced microcontroller bus architecture (AMBA), advanced extension interface (AXI) agreement, etc.

本申请实施例在主设备和系统总线之间设置了访问控制器对来访请求进行访问控制,实现了主设备之间访问的权限控制。本申请实施例基于总线上游主设备侧的访问控制设计,与常规的从设备的访问控制形成互补,形成总线上下游的组合控制系统,规避了主设备因为漏洞或者攻击而引起的非法访问,有助于减小了访问风险,提高系统安全性和稳定性,提升用户体验和信任感。In the embodiment of the present application, an access controller is set between the master device and the system bus to control the access request, so as to realize the access authority control between the master devices. The embodiment of the present application is based on the access control design on the upstream master side of the bus, which complements the access control of the conventional slave device, forms a combined control system on the upstream and downstream of the bus, and avoids the illegal access of the master device due to loopholes or attacks. Helps reduce access risks, improve system security and stability, and enhance user experience and trust.

图3是图2总线控制系统的一种可能的实现方式的示意图。如图3所示,该总线控制系统可以包括第一主设备310、第二主设备320、系统总线330、第一访问过滤器340、第三访问过滤器350、第二访问过滤器360和第一从设备370。FIG. 3 is a schematic diagram of a possible implementation of the bus control system of FIG. 2 . As shown in FIG. 3, the bus control system may include a first master device 310, a second master device 320, a system bus 330, a first access filter 340, a third access filter 350, a second access filter 360, and a first access filter 340. A slave device 370.

第一主设备310与系统总线330相连,可以通过系统总线330发起访问请求信息,也可以通过系统总线330接收来访的请求信息。The first master device 310 is connected to the system bus 330 , and can initiate access request information through the system bus 330 , and can also receive access request information through the system bus 330 .

第二主设备320与系统总线330相连,可以通过系统总线330发起访问请求信息,也可以通过系统总线330接收来访的请求信息。The second master device 320 is connected to the system bus 330 , and can initiate access request information through the system bus 330 , and can also receive access request information through the system bus 330 .

系统总线330用于传输访问请求等控制信息,控制信息可以包括控制信号和时序信号。The system bus 330 is used to transmit control information such as access requests, and the control information may include control signals and timing signals.

第一访问控制器340设置在第一主设备310和系统总线330之间,用于对发向第一主设备310的访问请求进行访问控制或检查,例如可以对第二主设备320针对第一主设备310发送的访问请求进行访问控制。第一访问控制器340也可以称为访问过滤器(accessfilter,AF)。第一访问控制器340也可以接收第一主设备310发出的访问请求,对第一主设备310发出的第一访问请求进行权限配置。The first access controller 340 is disposed between the first master device 310 and the system bus 330, and is used to perform access control or inspection on the access request sent to the first master device 310. The access request sent by the master device 310 performs access control. The first access controller 340 may also be referred to as an access filter (AF). The first access controller 340 may also receive the access request sent by the first master device 310 , and configure permissions for the first access request sent by the first master device 310 .

第三访问控制器350设置在第二主设备320和系统总线330之间,用于对发向第二主设备320的访问请求进行访问控制,例如可以对第一主设备310针对第二主设备320发送的访问请求进行访问控制。第三访问控制器350也可以接收第二主设备350发出的访问请求,对第二主设备350发出的访问请求进行访问权限配置。The third access controller 350 is disposed between the second master device 320 and the system bus 330, and is used to perform access control on the access request sent to the second master device 320. For example, the first master device 310 can control the access to the second master device The access request sent by 320 performs access control. The third access controller 350 may also receive the access request sent by the second master device 350 , and configure the access rights for the access request sent by the second master device 350 .

第二访问控制器360设置在第一主设备370和系统总线330之间,可以对发向第一从设备370的来访指令进行访问检查。The second access controller 360 is disposed between the first master device 370 and the system bus 330 , and can perform access check on the access command sent to the first slave device 370 .

第一从设备370与系统总线130相连,用于对总线信息进行接收查询。第一从设备370例如可以为音频播放装置。The first slave device 370 is connected to the system bus 130 for receiving and querying bus information. The first slave device 370 may be, for example, an audio playback device.

下面对主设备之间的访问及主从设备之间的访问流程进行详细的介绍。The following describes the access between the master devices and the access process between the master and slave devices in detail.

实施例一,第二主设备320向第一主设备310发送的访问请求。如图3中的虚线所示,该访问请求的流程可以分为以下步骤:Embodiment 1: an access request sent by the second master device 320 to the first master device 310 . As shown by the dotted line in Figure 3, the flow of the access request can be divided into the following steps:

步骤一,第三访问控制器350接收第二主设备350发出的访问请求,对第二主设备350发出的访问请求进行访问权限配置。配置的访问权限可以包括主设备安全标识、要访问的物理地址信息、读/写请求、安全属性等要素。Step 1, the third access controller 350 receives the access request sent by the second master device 350, and configures the access rights for the access request sent by the second master device 350. The configured access authority may include the main device security identification, physical address information to be accessed, read/write requests, security attributes, and other elements.

步骤二,第三访问控制器350通过系统总线330发出针对第一主设备310的访问请求。此访问请求可以包括一个权限访问表,权限访问表包括配置的访问权限。Step 2, the third access controller 350 sends an access request to the first master device 310 through the system bus 330 . This access request can include a permission access table that includes the configured access rights.

步骤三,系统总线330将此访问请求传输至第一访问控制器340。Step 3, the system bus 330 transmits the access request to the first access controller 340 .

步骤四,第一访问控制器340对此访问请求进行访问权限检查。可以包括主设备安全标识、要访问的物理地址信息、读/写请求、安全属性等访问权限检查。如果该笔访问请求通过了访问权限检查,第二主设备320的该笔访问请求可以访问到第一主设备310内部的资源。如果该笔访问请求没有通过访问权限检查,则会触发第一访问控制器340的拒绝,第一访问控制器340发出异常上报,可以返回预设值,如采用虚拟主设备中的预设值进行数据返回。Step 4: The first access controller 340 checks the access authority for the access request. It can include access permission checks such as master device security identification, physical address information to be accessed, read/write requests, and security attributes. If the access request passes the access permission check, the access request of the second host device 320 can access resources inside the first host device 310 . If the access request does not pass the access permission check, the first access controller 340 will be rejected, and the first access controller 340 will issue an exception report, which can return the default value, such as using the default value in the virtual master device. data is returned.

可选地,第三访问控制器240可以对访问请求的权限配置表内的每个地址区域支持锁定功能。权限配置锁定以后只有SoC的全系统复位之后才能再次编辑权限配置表。可选地,第一访问控制器240可以根据物理地址变化的诉求,锁定某个地址区域的配置,SoC全系统复位之前不可更改。可选地,第一访问控制器240也可以不锁定某个地址区域的配置,用于运行时动态改变。如图3右上位置的访问权限表所示,增加了权限配置锁定功能。如图3右下位置的访问权限表所示,没有增加权限配置锁定功能。Optionally, the third access controller 240 may support a locking function for each address area in the permission configuration table of the access request. After the privilege configuration is locked, the privilege configuration table can be edited again only after a system-wide reset of the SoC. Optionally, the first access controller 240 may lock the configuration of a certain address area according to the request of physical address change, which cannot be changed until the SoC is reset. Optionally, the first access controller 240 may also not lock the configuration of a certain address area for dynamic change at runtime. As shown in the access permission table at the upper right of Figure 3, the permission configuration locking function is added. As shown in the access permission table in the lower right position of Figure 3, there is no permission configuration lock function added.

实施例二,第一主设备310向第二主设备320发送的访问请求。如图3所示,该访问请求的流程可以分为以下步骤:The second embodiment is an access request sent by the first master device 310 to the second master device 320 . As shown in Figure 3, the flow of the access request can be divided into the following steps:

步骤一,第一访问控制器340接收第一主设备310发出的访问请求,对第一主设备310发出的访问请求进行访问权限配置。配置的访问权限可以包括主设备安全标识、要访问的物理地址信息、读/写请求、安全属性等要素。Step 1, the first access controller 340 receives the access request sent by the first master device 310, and configures the access rights for the access request sent by the first master device 310. The configured access authority may include the main device security identification, physical address information to be accessed, read/write requests, security attributes, and other elements.

可选地,如果第一主设备310发出的总线传输中不支持安全属性。第一访问控制器340可以在第一访问请求中添加安全属性,帮助不支持安全属性的第一主设备310发出期望的安全信号,满足目的主设备侧第三访问控制器350的权限检查要求。Optionally, if the security attribute is not supported in the bus transmission sent by the first master device 310 . The first access controller 340 can add a security attribute to the first access request to help the first master device 310 that does not support the security attribute send a desired security signal and satisfy the permission check requirement of the third access controller 350 on the destination master device side.

步骤二,第一访问控制器340通过系统总线330发出针对第二主设备320的访问请求。此访问请求可以包括一个权限访问表,权限访问表包括配置的访问权限。Step 2, the first access controller 340 sends an access request to the second master device 320 through the system bus 330 . This access request can include a permission access table that includes the configured access rights.

步骤三,系统总线330将此访问请求传输至第三访问控制器350。Step 3, the system bus 330 transmits the access request to the third access controller 350 .

步骤四,第三访问控制器350对此访问请求进行访问权限检查。可以包括主设备安全标识、要访问的物理地址信息、读/写请求、安全属性等访问权限检查。如果该笔访问请求通过了访问权限检查,第一主设备310的该笔访问请求可以访问到第二主设备320内部的资源。如果该笔访问请求没有通过访问权限检查,则会触发第三访问控制器350的拒绝,第三访问控制器350发出异常上报,可以返回预设值,如采用虚拟主设备中的预设值进行数据返回。Step 4, the third access controller 350 checks the access authority for the access request. It can include access permission checks such as master device security identification, physical address information to be accessed, read/write requests, and security attributes. If the access request passes the access permission check, the access request of the first host device 310 can access resources inside the second host device 320 . If the access request does not pass the access authority check, the third access controller 350 will be rejected, and the third access controller 350 will send an exception report, which can return the default value, such as using the default value in the virtual master device. data is returned.

实施例三,第一主设备310向第一从设备370发送的第一访问请求。如图3所示,该访问请求的流程可以分为以下步骤:Embodiment 3: The first access request sent by the first master device 310 to the first slave device 370 . As shown in Figure 3, the flow of the access request can be divided into the following steps:

步骤一,第一访问控制器340接收第一主设备310发出的第一访问请求,对第一访问请求进行访问权限配置。配置的访问权限可以包括主设备安全标识、要访问的物理地址信息、读/写请求、安全属性等要素。Step 1, the first access controller 340 receives the first access request sent by the first master device 310, and configures the access rights for the first access request. The configured access authority may include the main device security identification, physical address information to be accessed, read/write requests, security attributes, and other elements.

可选地,如果第一主设备310在总线传输中不支持安全属性。第一访问控制器340可以在第一访问请求中添加安全属性,帮助不支持安全属性的第一主设备310发出期望的安全信号,满足目的从设备侧第二访问控制器360的权限检查要求。Optionally, if the first master device 310 does not support security attributes in the bus transmission. The first access controller 340 can add a security attribute to the first access request to help the first master device 310 that does not support the security attribute to send a desired security signal and satisfy the permission check requirement of the second access controller 360 on the destination slave device side.

步骤二,第一访问控制器340通过系统总线330发出针对第一从设备370的第一访问请求。第一访问请求可以包括一个权限访问表,权限访问表包括配置的访问权限。Step 2, the first access controller 340 sends a first access request to the first slave device 370 through the system bus 330 . The first access request may include a permission access table, where the permission access table includes configured access permissions.

步骤三,系统总线330将第一访问请求传输至第二访问控制器360。Step 3, the system bus 330 transmits the first access request to the second access controller 360 .

步骤四,第二访问控制器360对第一访问请求进行访问权限检查。可以包括主设备安全标识、要访问的物理地址信息、读/写请求、安全属性等访问权限检查。如果第一访问请求通过了访问权限检查,第一主设备310的该笔访问请求可以访问到第一从设备360内部的资源。如果第一访问请求没有通过访问权限检查,则会触发第二访问控制器360的拒绝,第二访问控制器360发出异常上报,可以返回预设值,如采用虚拟从设备中的预设值进行数据返回。Step 4, the second access controller 360 checks the access authority of the first access request. It can include access permission checks such as master device security identification, physical address information to be accessed, read/write requests, and security attributes. If the first access request passes the access permission check, the access request of the first master device 310 can access resources inside the first slave device 360 . If the first access request fails the access permission check, the second access controller 360 will be rejected, and the second access controller 360 will issue an exception report, which can return the default value, such as using the default value in the virtual slave device. data is returned.

本申请实施例基于总线上游主设备侧的访问控制设计,实现了主设备之间访问的权限控制,与常规的从设备的访问控制形成互补,形成总线上下游的组合控制系统,规避了主设备因为漏洞或者攻击而引起的非法访问,减小了访问风险。本申请实施例还解决了主设备不支持安全属性的问题,可以灵活集成不同IP供应商的安全方案,构建SoC系统主设备侧和从设备侧完善的访问控制体系,有助于进一步增加安全性、减少攻击面。Based on the access control design on the upstream master side of the bus, the embodiment of the present application realizes access control between master devices, complements the access control of conventional slave devices, forms a combined control system on the upstream and downstream of the bus, and avoids the need for master devices. Illegal access caused by loopholes or attacks reduces access risks. The embodiment of the present application also solves the problem that the master device does not support security attributes, can flexibly integrate the security solutions of different IP providers, and build a complete access control system on the master device side and the slave device side of the SoC system, which helps to further increase security , reduce the attack surface.

上文结合图1-图3,详细描述了本申请的系统实施例,下面结合图4,详细描述本申请的方法实施例。应理解,方法实施例的描述与系统实施例的描述相互对应,因此,未详细描述的部分可以参见前面系统实施例。The system embodiments of the present application are described in detail above with reference to FIG. 1 to FIG. 3 , and the method embodiments of the present application are described in detail below with reference to FIG. 4 . It should be understood that the descriptions of the method embodiments correspond to the descriptions of the system embodiments, and therefore, for the parts not described in detail, reference may be made to the foregoing system embodiments.

图4是本申请实施例提供的总线控制的方法的流程示意图。图4的方法可应用于前文任一实施例描述的总线控制系统。总线控制系统可以包括第一主设备和第二主设备,第一主设备和第二主设备通过系统总线相连;第一访问控制器,设置在第一主设备和系统总线之间,用于对第二主设备发送的针对第一主设备的访问请求进行访问控制。图4的方法包括步骤S410至步骤S420,下面对这些步骤进行详细描述。FIG. 4 is a schematic flowchart of a method for bus control provided by an embodiment of the present application. The method of FIG. 4 can be applied to the bus control system described in any of the foregoing embodiments. The bus control system may include a first master device and a second master device, and the first master device and the second master device are connected through a system bus; the first access controller is arranged between the first master device and the system bus, and is used for connecting the first master device and the system bus. The access request sent by the second master device to the first master device performs access control. The method of FIG. 4 includes steps S410 to S420, which will be described in detail below.

在步骤S410中,通过总线传输第二主设备对第一主设备的访问指令。In step S410, the access instruction of the second master device to the first master device is transmitted through the bus.

在步骤S420中,利用第一访问过滤器对发向第一主设备的访问指令进行访问控制。In step S420, use the first access filter to perform access control on the access instruction sent to the first master device.

如果该笔访问指令通过了访问权限检查,第二主设备可以访问到第一主设备内部的资源。如果该笔访问指令没有通过访问权限检查,则会触发第一访问控制器的拒绝,第一访问控制器发出异常上报,也可以返回预设值。If the access instruction passes the access permission check, the second master device can access the resources inside the first master device. If the access command fails the access authority check, the first access controller will be rejected, and the first access controller will issue an exception report, and may also return to a preset value.

可选地,总线控制系统还可以包括第一从设备和第二访问控制器。第一从设备与系统总线相连,第二访问控制器设置在第一从设备和系统总线之间,用于对发送至第一从设备的访问请求进行访问控制。在一些实施例中,第一主设备发出针对第一从设备的第一访问请求,利用第二访问控制器对发送至第一从设备的第一访问请求进行访问控制。Optionally, the bus control system may further include a first slave device and a second access controller. The first slave device is connected to the system bus, and the second access controller is arranged between the first slave device and the system bus, and is used for performing access control on the access request sent to the first slave device. In some embodiments, the first master device sends a first access request to the first slave device, and the second access controller is used to perform access control on the first access request sent to the first slave device.

可选地,接收第一主设备发送的第一访问请求,第一访问请求用于访问第一从设备。如果第一主设备310不支持安全属性,可以在第一访问请求中添加安全属性。Optionally, receive a first access request sent by the first master device, where the first access request is used to access the first slave device. If the first host device 310 does not support the security attribute, the security attribute may be added in the first access request.

可选地,可以锁定第一访问请求的权限配置,以使得权限配置在可信执行环境下进行。Optionally, the permission configuration of the first access request may be locked, so that the permission configuration is performed in a trusted execution environment.

可选地,在可信执行环境下,第一访问控制器可以修改第一访问请求中的主设备安全硬件标识,和/或,添加所述主设备安全硬件标识。Optionally, in a trusted execution environment, the first access controller may modify the master device security hardware identifier in the first access request, and/or add the master device security hardware identifier.

可选地,第一访问控制器可以在IP例化时支持对功能的参数化配置。Optionally, the first access controller may support parameterized configuration of functions at IP instantiation.

可选地,第一访问控制器可以扩展支持多种系统总线协议。Optionally, the first access controller can be extended to support multiple system bus protocols.

本申请实施例提出的访问控制器是通过芯片内部的硬件IP实现,物理外观上很难体现,可以通过代码、流程和调试的手段,推断出系统总线的访问控制逻辑,从而区别与基于从设备的总线控制方法。The access controller proposed in the embodiment of the present application is implemented by the hardware IP inside the chip, which is difficult to reflect in physical appearance. The access control logic of the system bus can be inferred by means of code, process and debugging, so as to distinguish it from the slave device based access control logic. the bus control method.

图5是本申请实施例提供的电子设备的结构示意图。如图5所示,该电子设备可以包括如前文任一描述的总线控制系统510。FIG. 5 is a schematic structural diagram of an electronic device provided by an embodiment of the present application. As shown in FIG. 5, the electronic device may include a bus control system 510 as described in any of the foregoing.

需要说明的是,本申请实施例提及的电子设备是由微电子器件组成的电器设备,指可以由集成电路、晶体管、电子管等电子元器件组成,应用电子技术(包括软件)发挥作用的设备。电子设备可以是随机设备,并且电子设备可以被称为终端、便携式终端、移动终端、通信终端、便携式通信终端、便携式移动终端、触摸屏等。例如,电子设备可以是智能电话、便携式电话、游戏机、电视、显示单元、用于车辆的抬头显示单元、笔记本计算机、膝上型计算机、个人计算机(personal computer,PC)、个人媒体播放器(personal media player,PMP)、个人数字助理(personal digital assistant,PDA)、由电子计算机控制的机器人、数控或程控系统等。电子设备也可以为具有无线通信功能和口袋大小的便携式通信终端。此外,电子设备可以是柔性设备或柔性显示设备。It should be noted that the electronic equipment mentioned in the embodiments of the present application is an electrical equipment composed of microelectronic devices, which refers to a device that can be composed of electronic components such as integrated circuits, transistors, and electronic tubes, and that uses electronic technology (including software) to play a role. . The electronic device may be a random device, and the electronic device may be referred to as a terminal, a portable terminal, a mobile terminal, a communication terminal, a portable communication terminal, a portable mobile terminal, a touch screen, or the like. For example, the electronic device may be a smart phone, a portable phone, a game console, a television, a display unit, a head-up display unit for a vehicle, a notebook computer, a laptop computer, a personal computer (PC), a personal media player ( personal media player, PMP), personal digital assistant (personal digital assistant, PDA), robot controlled by electronic computer, numerical control or program control system, etc. The electronic device may also be a portable communication terminal having a wireless communication function and a pocket size. Also, the electronic device may be a flexible device or a flexible display device.

应理解,在本申请的各种实施例中,“第一”、“第二”等是用于区别不同的对象,而不是用于描述特定顺序,上述各过程的序号的大小并不意味着执行顺序的先后,各过程的执行顺序应以其功能和内在逻辑确定,而不应对本申请实施例的实施过程构成任何限定。It should be understood that, in various embodiments of the present application, "first", "second", etc. are used to distinguish different objects, rather than to describe a specific order, and the size of the sequence numbers of the above processes does not mean that The sequence of execution, the execution sequence of each process should be determined by its function and internal logic, and should not constitute any limitation on the implementation process of the embodiments of the present application.

在本申请所提供的几个实施例中,应该理解到,所揭露的系统、装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided in this application, it should be understood that the disclosed system, apparatus and method may be implemented in other manners. For example, the apparatus embodiments described above are only illustrative. For example, the division of the units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored, or not implemented. On the other hand, the shown or discussed mutual coupling or direct coupling or communication connection may be through some interfaces, indirect coupling or communication connection of devices or units, and may be in electrical, mechanical or other forms.

在本申请所提供的几个实施例中,应该理解到,当称某一部分与另一部分“连接”或“相连”时,其意味着该部分不仅可以“直接连接”,而且也可以“电连接”,同时另一个元件介入其中。另外,术语“连接”也意指该部分“物理地连接”以及“无线地连接”。另外,当称某一部分“包含”某一元件时,除非另行加以陈述,否则,其意味着该某一部分可以包括另一元件,而不是排除所述另一个元件。In the several embodiments provided in this application, it should be understood that when a part is said to be "connected" or "connected" with another part, it means that the part can not only be "directly connected", but also "electrically connected" ”, while another element intervenes. In addition, the term "connected" also means that the part is "physically connected" as well as "wirelessly connected". Additionally, when a section is referred to as "comprising" an element, unless stated otherwise, it means that the section can include the other element, rather than excluding the other element.

所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution in this embodiment.

另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。In addition, each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically alone, or two or more units may be integrated into one unit.

以上所述,仅为本申请的具体实施方式,但本申请的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本申请揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本申请的保护范围之内。因此,本申请的保护范围应以所述权利要求的保护范围为准。The above are only specific embodiments of the present application, but the protection scope of the present application is not limited to this. should be covered within the scope of protection of this application. Therefore, the protection scope of the present application should be subject to the protection scope of the claims.

Claims (11)

1.一种总线控制系统,其特征在于,包括:1. a bus control system, is characterized in that, comprises: 第一主设备和第二主设备,所述第一主设备和所述第二主设备通过系统总线相连;a first master device and a second master device, the first master device and the second master device are connected through a system bus; 第一访问控制器,设置在所述第一主设备和所述系统总线之间,用于对所述第二主设备发送的针对所述第一主设备的访问请求进行访问控制。A first access controller, disposed between the first master device and the system bus, is configured to perform access control on an access request sent by the second master device to the first master device. 2.根据权利要求1所述的总线控制系统,其特征在于,还包括:2. bus control system according to claim 1, is characterized in that, also comprises: 第一从设备,与所述系统总线相连;a first slave device, connected to the system bus; 第二访问控制器,设置在所述第一从设备和所述系统总线之间,用于对发送至所述第一从设备的访问请求进行访问控制。A second access controller is disposed between the first slave device and the system bus, and is used for performing access control on an access request sent to the first slave device. 3.根据权利要求2所述的总线控制系统,其特征在于,所述第一访问控制器还用于执行以下操作:3. The bus control system according to claim 2, wherein the first access controller is further configured to perform the following operations: 接收所述第一主设备发送的第一访问请求,所述第一访问请求用于访问所述第一从设备;receiving a first access request sent by the first master device, where the first access request is used to access the first slave device; 在所述第一访问请求中添加安全属性。A security attribute is added to the first access request. 4.根据权利要求2所述的总线控制系统,其特征在于,所述第一访问控制器还用于执行以下操作:4. The bus control system according to claim 2, wherein the first access controller is further configured to perform the following operations: 锁定所述第一访问请求的权限配置,以使得所述权限配置在可信执行环境下进行。Locking the permission configuration of the first access request, so that the permission configuration is performed in a trusted execution environment. 5.根据权利要求2所述的总线控制系统,其特征在于,所述第一访问控制器还用于执行以下操作:5. The bus control system according to claim 2, wherein the first access controller is further configured to perform the following operations: 在可信执行环境下,修改所述第一访问请求中的主设备安全硬件标识,和/或,In the trusted execution environment, modify the master device security hardware identifier in the first access request, and/or, 添加所述主设备安全硬件标识。Add the master device security hardware identification. 6.一种总线控制的方法,其特征在于,应用于总线控制系统,所述总线控制系统包括:6. A method for bus control, characterized in that it is applied to a bus control system, the bus control system comprising: 第一主设备和第二主设备,所述第一主设备和所述第二主设备通过系统总线相连;a first master device and a second master device, the first master device and the second master device are connected through a system bus; 第一访问控制器,设置在所述第一主设备和所述系统总线之间,用于对所述第二主设备发送的针对所述第一主设备的访问请求进行访问控制;a first access controller, arranged between the first master device and the system bus, and configured to perform access control on an access request sent by the second master device for the first master device; 所述方法包括:The method includes: 通过所述系统总线传输所述第二主设备针对所述第一主设备发送的访问请求;transmit the access request sent by the second master device to the first master device through the system bus; 利用所述第一访问控制器对所述访问请求进行访问控制。Use the first access controller to perform access control on the access request. 7.根据权利要求6所述的方法,其特征在于,所述总线控制系统还包括:7. The method according to claim 6, wherein the bus control system further comprises: 第一从设备,与所述系统总线相连;a first slave device, connected to the system bus; 第二访问控制器,设置在所述第一从设备和所述系统总线之间;a second access controller, arranged between the first slave device and the system bus; 所述方法还包括:The method also includes: 利用所述第二访问控制器对发送至所述第一从设备的访问请求进行访问控制。The access request sent to the first slave device is accessed by the second access controller. 8.根据权利要求7所述的方法,其特征在于,所述方法还包括:8. The method according to claim 7, wherein the method further comprises: 接收所述第一主设备发送的第一访问请求,所述第一访问请求用于访问所述第一从设备;receiving a first access request sent by the first master device, where the first access request is used to access the first slave device; 在所述第一访问请求中添加安全属性。A security attribute is added to the first access request. 9.根据权利要求7所述的方法,其特征在于,所述方法还包括:9. The method according to claim 7, wherein the method further comprises: 锁定所述第一访问请求的权限配置,以使得所述权限配置在可信执行环境下进行。Locking the permission configuration of the first access request, so that the permission configuration is performed in a trusted execution environment. 10.根据权利要求7所述的方法,其特征在于,所述方法还包括:10. The method according to claim 7, wherein the method further comprises: 在可信执行环境下,修改所述第一访问请求中的主设备安全硬件标识,和/或,In the trusted execution environment, modify the master device security hardware identifier in the first access request, and/or, 添加所述主设备安全硬件标识。Add the master device security hardware identification. 11.一种电子设备,其特征在于,包括如权利要求1-5任一所述的总线控制系统。11. An electronic device, characterized in that it comprises the bus control system according to any one of claims 1-5.
CN202210810208.4A 2022-07-11 2022-07-11 Bus control system, method and electronic device Pending CN115221086A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210810208.4A CN115221086A (en) 2022-07-11 2022-07-11 Bus control system, method and electronic device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210810208.4A CN115221086A (en) 2022-07-11 2022-07-11 Bus control system, method and electronic device

Publications (1)

Publication Number Publication Date
CN115221086A true CN115221086A (en) 2022-10-21

Family

ID=83609663

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210810208.4A Pending CN115221086A (en) 2022-07-11 2022-07-11 Bus control system, method and electronic device

Country Status (1)

Country Link
CN (1) CN115221086A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115659379A (en) * 2022-12-15 2023-01-31 芯动微电子科技(珠海)有限公司 Bus access authority control method and device
CN117459268A (en) * 2023-10-25 2024-01-26 合芯科技(苏州)有限公司 Computing system, method and bus device based on hardware-based access rights management
CN119179661A (en) * 2024-11-22 2024-12-24 青岛本原微电子有限公司 Bus access control system and method based on bypass configuration

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040003277A1 (en) * 2002-06-27 2004-01-01 Thorwald Rabeler Security processor with bus configuration
CN101006433A (en) * 2004-08-25 2007-07-25 日本电气株式会社 Information communication device, and program execution environment control method
US20070271360A1 (en) * 2006-05-16 2007-11-22 Ravi Sahita Network vulnerability assessment of a host platform from an isolated partition in the host platform
CN109669884A (en) * 2017-10-16 2019-04-23 华为技术有限公司 A kind of processor system and terminal chip
CN111666579A (en) * 2020-06-18 2020-09-15 安谋科技(中国)有限公司 Computer device, access control method thereof, and computer-readable medium
CN114357465A (en) * 2021-12-31 2022-04-15 湖南国科微电子股份有限公司 Safety control method and device for multi-core CPU

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040003277A1 (en) * 2002-06-27 2004-01-01 Thorwald Rabeler Security processor with bus configuration
CN101006433A (en) * 2004-08-25 2007-07-25 日本电气株式会社 Information communication device, and program execution environment control method
US20070271360A1 (en) * 2006-05-16 2007-11-22 Ravi Sahita Network vulnerability assessment of a host platform from an isolated partition in the host platform
CN109669884A (en) * 2017-10-16 2019-04-23 华为技术有限公司 A kind of processor system and terminal chip
CN111666579A (en) * 2020-06-18 2020-09-15 安谋科技(中国)有限公司 Computer device, access control method thereof, and computer-readable medium
CN114357465A (en) * 2021-12-31 2022-04-15 湖南国科微电子股份有限公司 Safety control method and device for multi-core CPU

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115659379A (en) * 2022-12-15 2023-01-31 芯动微电子科技(珠海)有限公司 Bus access authority control method and device
CN117459268A (en) * 2023-10-25 2024-01-26 合芯科技(苏州)有限公司 Computing system, method and bus device based on hardware-based access rights management
CN117459268B (en) * 2023-10-25 2024-08-23 合芯科技(苏州)有限公司 Computing system, method and bus device based on hardware access permission management
CN119179661A (en) * 2024-11-22 2024-12-24 青岛本原微电子有限公司 Bus access control system and method based on bypass configuration

Similar Documents

Publication Publication Date Title
CN115221086A (en) Bus control system, method and electronic device
JP3790713B2 (en) Selective transaction destination for devices on shared bus
CN112639788B (en) Peripheral access on a secure aware bus system
US9805221B2 (en) Incorporating access control functionality into a system on a chip (SoC)
JP4602403B2 (en) Endianness control method and apparatus in data processing system
US12292849B2 (en) PCIe device
CN112602086B (en) Secure peripheral interconnect
TW200417869A (en) Data processing system with peripheral access protection and method therefor
US20220092223A1 (en) Technologies for filtering memory access transactions received from one or more i/o devices
JP2016516228A (en) Access method and circuit device under control of slave unit in system on chip
CN116762076A (en) Peripheral device access control for secondary communication channels in power management integrated circuits
US9104472B2 (en) Write transaction interpretation for interrupt assertion
WO2025002060A1 (en) Method and apparatus for pcie device to pass through to virtual machine, and related device
US12292967B2 (en) Method and system for freedom from interference (FFI)
JP2023554378A (en) Hardware-based security certification
US20190228159A1 (en) Technologies for filtering memory access transactions received from one or more accelerators via coherent accelerator link
CN111241029A (en) Access Restriction Management within SoC
EP4325790B1 (en) Data transmission method and apparatus
CN110276214A (en) A dual-core trusted SOC architecture and method based on slave access protection
US20240143851A1 (en) Computing system and trusted computing method
CN115374041A (en) Bus decoder
WO2024087710A1 (en) Secure boot method and apparatus, and device
CN115640246A (en) Control system and method for accessing data and electronic equipment
CN115640247A (en) Control system and method for accessing data, electronic device
CN118627086A (en) Operation command processing method, system, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination