Abstract: An apparatus including memory access circuitry for controlling access to data stored in the non-trusted memory, and memory security circuitry to verify integrity of data stored in the non-trusted memory. The memory security circuitry has authentication code generation circuitry for generating authentication codes to be associated with the data stored in the non-trusted memory, for use when verifying the integrity of the data. The apparatus also has a trusted storage, and the authentication code generation circuitry is arranged to generate different authentication codes, dependent on whether the authentication code is to be stored in the non-trusted memory or the trusted storage.

Abstract: There is provided address translation circuitry and a method for performing address translation. The address translation circuitry is responsive to receipt of a first address to perform an address translation between the first address and a second address by performing a predetermined maximum number of sequential lookups. The address translation circuitry is configured to support regular page tables comprising 2N entries and large page tables comprising 2N*M entries.

Abstract: Apparatuses and methods for memory protection are disclosed. A memory protection apparatus is interposed between a system cache and a memory system. The apparatus comprises encryption circuitry, which encrypts data item in dependence on encryption metadata and decrypts encrypted data items in dependence on the encryption metadata. In response to a change in a metadata item of the encryption metadata, when no cached copy of an affected data item is currently in the system cache, the affected data item is retrieved from the memory system, re-encrypted using the updated metadata item and returned to the memory system. When there is a cached copy, in dependence on update control data, the copy is retrieved from the system cache, encrypted using the updated metadata item and written out to the memory system.

Abstract: An apparatus and method are described for providing a trusted execution environment. The apparatus comprises processing circuitry to execute program code, and interrupt controller circuitry, responsive to receipt of one or more interrupt requests, to select a given interrupt request from amongst the one or more interrupt requests, and to issue an interrupt signal to the processing circuitry identifying a given interrupt service routine providing program code to be executed by the processing circuitry to service the given interrupt request. The interrupt controller circuitry is responsive to the given interrupt request being a trusted execution environment (TEE) interrupt request, to issue the interrupt signal to identify as the given interrupt service routine a TEE interrupt service routine, and to inhibit issuance of any further interrupt signal until the TEE interrupt service routine has been executed by the processing circuitry.

Abstract: Address translation circuitry is provided to perform address translation on receipt of a first address to generate a second address. The address translation circuitry comprises a page walk controller configured to perform sequential page table lookups in a plurality of page table levels of a page table hierarchy. Portions of the first address are used to index into sequential page table levels. Cache storage is provided to cache entries comprising translation information retrieved by the sequential page table lookups. An entry in the cache storage further comprises in association with the translation information a re-use indicator indicative of a re-use expectation for subsequent information which is subordinate to the translation information of the entry in the page table hierarchy. The address translation circuitry is configured to modify cache usage for the subsequent information in dependence on the re-use indicator.

Abstract: There is provided a memory protection unit configured to maintain region metadata associated with storage regions of off-chip storage and protection metadata associated with each of the storage regions. The protection metadata is stored in the off-chip storage, and the region metadata encodes whether each of the storage regions belongs to a set of protected storage regions or to a set of unprotected storage regions and encodes information indicating corresponding protection metadata associated with each storage region. The memory protection unit is configured to update the region metadata in response to a region update request identifying a given storage region for which the region metadata is to be modified and to dynamically adjust an amount of memory required to store protection metadata associated with the set of protected storage regions in response to the update to the region metadata.

Abstract: A computer implemented method is provided. The computer implemented method includes receiving an intermediate representation of a source code, intentionally injecting a weak code path at a point within the intermediate representation to create a modified intermediate representation, performing a path profiling on the modified intermediate representation to generate a particular path identifier for each path within the modified intermediate representation, and identifying the particular path identifier of the weak code path for use by a monitoring system. A monitoring system is also provided. The monitoring system monitors an executable code during runtime for execution of a path having a particular path identifier corresponding to the injected intentionally weak code path.

Abstract: A 1-hot path signature accelerator includes a register, first and second accumulator, and an outer product circuit. The register stores an input frame, where the input frame has, at most, one bit of each element set. The first accumulator calculates a present summation by adding the input frame to a previous sum of previous input frames inputted to the 1-hot path signature accelerator within a timeframe. The outer product circuit receives each element of the present summation from the first accumulator and each element of the input frame stored in the register to output a present outer product. Since the input frame has at most one bit of each element set, the outer product circuit is reduced to a logical operation. The second accumulator outputs a present second-layer summation by adding the present outer product to a previous second-layer sum of outputs from the outer product circuit within the timeframe.

Abstract: A page table structure for address translation may include a relative type of page table entry, for which an address pointer to a next-level page table entry or a translated address may be specified using a relative offset value indicating an offset of the address pointer relative to a reference-point base address.

Abstract: An apparatus and method are described for generating debug information. The apparatus has processing circuitry for executing a sequence of instructions that includes a plurality of debug information triggering instructions, and debug information generating circuitry for coupling to a debug port. On executing a given debug information triggering instruction, the processing circuitry is arranged to trigger the debug information generating circuitry to generate a debug information signal whose form is dependent on a control parameter specified by the given debug information triggering instruction. The generated debug information signal is output from the debug port for reference by a debugger. The control parameter is such that the form of the debug information signal enables the debugger to determine a state of the processing circuitry when the given debug information triggering instruction was executed.

Abstract: To protect the integrity of data stored in a protected area of memory, data in the protected area of memory is retrieved in data blocks and an authentication code is associated with a memory granule contiguously comprising a first data block and a second data block. Calculation of the authentication code comprises a cryptographic calculation based on a first hash value determined from the first data block and a second hash value determined from the second data block. A hash value cache is provided to store hash values determined from data blocks retrieved from the protected area of the memory. When the first data block and its associated authentication code are retrieved from memory, a lookup for the second hash value in the hash value cache is performed, and a verification authentication code is calculated for the memory granule to which that data block belongs. The integrity of the first data block is contingent on the verification authentication code matching the retrieved authentication code.

Abstract: Message passing circuitry comprises lookup circuitry responsive to a producer request indicating message data provided on a target message channel by a producer node of a system-on-chip, to obtain, from a channel consumer information structure, selected channel consumer information associated with a given consumer node subscribing to the target message channel. Control circuitry writes the message data to a location associated with an address in a consumer-defined region of address space determined based on the selected channel consumer information. When an event notification condition is satisfied for the target message channel and the given consumer node, and an event notification channel is to be used, event notification data is written to a location associated with an address in a consumer-defined region of address space determined based on event notification channel consumer information associated with the event notification channel.

Abstract: An apparatus and method are described for providing a trusted execution environment. The apparatus comprises processing circuitry to execute program code, and interrupt controller circuitry, responsive to receipt of one or more interrupt requests, to select a given interrupt request from amongst the one or more interrupt requests, and to issue an interrupt signal to the processing circuitry identifying a given interrupt service routine providing program code to be executed by the processing circuitry to service the given interrupt request. The interrupt controller circuitry is responsive to the given interrupt request being a trusted execution environment (TEE) interrupt request, to issue the interrupt signal to identify as the given interrupt service routine a TEE interrupt service routine, and to inhibit issuance of any further interrupt signal until the TEE interrupt service routine has been executed by the processing circuitry.

Abstract: An apparatus comprises counter integrity tree circuitry to maintain a counter integrity tree having a plurality of nodes. The counter integrity tree circuitry is configured to store, in a first node of the counter integrity tree, an encrypted representation of two or more non-repeating counters and in a second, parent, node, an indication of a function value equal to a non-repeating function of the two or more non-repeating counters of the first node. The apparatus comprises integrity checking circuitry configured to check the integrity of the first node using the function value retrieved from the second node.

Abstract: An apparatus comprises counter tree circuitry configured to store, in a first node of a counter tree, a representation of a parent counter value and in a second node of the counter tree, wherein the second node is a child node of the first node, an encrypted representation of two or more counter values. The encryption operation for forming the encrypted representation of the two or more counter values takes as an input the parent counter value. The apparatus also comprises integrity checking circuitry to check the integrity of an item of data retrieved from memory based on a comparison between a stored authentication code and a generated authentication code generated based on the item of data and a decrypted counter value determined from an encrypted representation of a counter value retrieved from the second node, decrypted using a parent counter value retrieved from the first node.

Abstract: Partial-address-translation-invalidation request to cause cache control circuitry to: identify whether a given cache entry of the address translation cache is a target cache entry to be invalidated, wherein the target cache entry comprises a cache entry for which the address translation data comprises partial address translation data indicative of an address of the next level page table specified by a table address of a target page table entry when used as the branch page table entry; and trigger an invalidation of the given cache entry when the given cache entry is identified to be the target cache entry. The given cache entry is permitted to be retained when the given cache entry provides full address translation data indicative of an address of a corresponding region of address space corresponding to an output address specified by the target page table entry when used as the leaf page table entry.

Abstract: Partial-address-translation-invalidation request to cause cache control circuitry to: identify whether a given cache entry of the address translation cache is a target cache entry to be invalidated, wherein the target cache entry comprises a cache entry for which the address translation data comprises partial address translation data indicative of an address of the next level page table specified by a table address of a target page table entry when used as the branch page table entry; and trigger an invalidation of the given cache entry when the given cache entry is identified to be the target cache entry. The given cache entry is permitted to be retained when the given cache entry provides full address translation data indicative of an address of a corresponding region of address space corresponding to an output address specified by the target page table entry when used as the leaf page table entry.

Abstract: Apparatuses and methods for branch prediction are provided. Branch prediction circuitry generates prediction with respect to branch instructions of whether those branches will be taken or not-taken. Hypervector generation circuitry assigns an arbitrary hypervector in deterministic dependence on an address of each branch instruction, wherein the hypervectors comprises at least 500 bits. Upon the resolution of a branch a corresponding hypervector is added to a stored taken hypervector or a stored not-taken hypervector in dependence on the resolution of the branch. The branch prediction circuitry generates a prediction for a branch instructions in dependence on a mathematical distance metric of a hypervector generated for that branch instruction from the stored taken hypervector or the not-taken hypervector.

Abstract: A data integrity tree for memory security comprises a plurality of nodes, wherein a linked series of nodes of the data integrity tree protects a data item stored in memory. A parent node in the linked series of nodes comprises a plurality of counters, each associated with a respective child node and providing an input to a protection function associated with the respective child node. A node authentication code protects the plurality of counters in each parent node and is dependent on a counter in a node above the parent node in the data integrity tree. A plurality of hash value child nodes each comprises a plurality of encrypted hash values generated as a function of a respective block of data stored in the memory and as a function of a counter comprised in a node above the hash value child node in the data integrity tree.

Abstract: Apparatus comprises two or more processing devices each having an associated translation lookaside buffer to store translation data defining address translations between virtual and physical memory addresses, each address translation being associated with a respective virtual address space; and control circuitry to control the transfer of at least a subset of the translation data from the translation lookaside buffer associated with a first processing device to the translation lookaside buffer associated with a second, different, processing device.