Abstract: Message passing circuitry comprises lookup circuitry responsive to a producer request indicating message data provided on a target message channel by a producer node of a system-on-chip, to obtain, from a channel consumer information structure, selected channel consumer information associated with a given consumer node subscribing to the target message channel. Control circuitry writes the message data to a location associated with an address in a consumer-defined region of address space determined based on the selected channel consumer information. When an event notification condition is satisfied for the target message channel and the given consumer node, and an event notification channel is to be used, event notification data is written to a location associated with an address in a consumer-defined region of address space determined based on event notification channel consumer information associated with the event notification channel.

Abstract: An apparatus comprises counter tree circuitry configured to store, in a first node of a counter tree, a representation of a parent counter value and in a second node of the counter tree, wherein the second node is a child node of the first node, an encrypted representation of two or more counter values. The encryption operation for forming the encrypted representation of the two or more counter values takes as an input the parent counter value. The apparatus also comprises integrity checking circuitry to check the integrity of an item of data retrieved from memory based on a comparison between a stored authentication code and a generated authentication code generated based on the item of data and a decrypted counter value determined from an encrypted representation of a counter value retrieved from the second node, decrypted using a parent counter value retrieved from the first node.

Abstract: An apparatus comprises counter integrity tree circuitry to maintain a counter integrity tree having a plurality of nodes. The counter integrity tree circuitry is configured to store, in a first node of the counter integrity tree, an encrypted representation of two or more non-repeating counters and in a second, parent, node, an indication of a function value equal to a non-repeating function of the two or more non-repeating counters of the first node. The apparatus comprises integrity checking circuitry configured to check the integrity of the first node using the function value retrieved from the second node.

Abstract: An apparatus and method are described for providing a trusted execution environment. The apparatus comprises processing circuitry to execute program code, and interrupt controller circuitry, responsive to receipt of one or more interrupt requests, to select a given interrupt request from amongst the one or more interrupt requests, and to issue an interrupt signal to the processing circuitry identifying a given interrupt service routine providing program code to be executed by the processing circuitry to service the given interrupt request. The interrupt controller circuitry is responsive to the given interrupt request being a trusted execution environment (TEE) interrupt request, to issue the interrupt signal to identify as the given interrupt service routine a TEE interrupt service routine, and to inhibit issuance of any further interrupt signal until the TEE interrupt service routine has been executed by the processing circuitry.

Abstract: Partial-address-translation-invalidation request to cause cache control circuitry to: identify whether a given cache entry of the address translation cache is a target cache entry to be invalidated, wherein the target cache entry comprises a cache entry for which the address translation data comprises partial address translation data indicative of an address of the next level page table specified by a table address of a target page table entry when used as the branch page table entry; and trigger an invalidation of the given cache entry when the given cache entry is identified to be the target cache entry. The given cache entry is permitted to be retained when the given cache entry provides full address translation data indicative of an address of a corresponding region of address space corresponding to an output address specified by the target page table entry when used as the leaf page table entry.

Abstract: Partial-address-translation-invalidation request to cause cache control circuitry to: identify whether a given cache entry of the address translation cache is a target cache entry to be invalidated, wherein the target cache entry comprises a cache entry for which the address translation data comprises partial address translation data indicative of an address of the next level page table specified by a table address of a target page table entry when used as the branch page table entry; and trigger an invalidation of the given cache entry when the given cache entry is identified to be the target cache entry. The given cache entry is permitted to be retained when the given cache entry provides full address translation data indicative of an address of a corresponding region of address space corresponding to an output address specified by the target page table entry when used as the leaf page table entry.

Abstract: Apparatuses and methods for branch prediction are provided. Branch prediction circuitry generates prediction with respect to branch instructions of whether those branches will be taken or not-taken. Hypervector generation circuitry assigns an arbitrary hypervector in deterministic dependence on an address of each branch instruction, wherein the hypervectors comprises at least 500 bits. Upon the resolution of a branch a corresponding hypervector is added to a stored taken hypervector or a stored not-taken hypervector in dependence on the resolution of the branch. The branch prediction circuitry generates a prediction for a branch instructions in dependence on a mathematical distance metric of a hypervector generated for that branch instruction from the stored taken hypervector or the not-taken hypervector.

Abstract: A data integrity tree for memory security comprises a plurality of nodes, wherein a linked series of nodes of the data integrity tree protects a data item stored in memory. A parent node in the linked series of nodes comprises a plurality of counters, each associated with a respective child node and providing an input to a protection function associated with the respective child node. A node authentication code protects the plurality of counters in each parent node and is dependent on a counter in a node above the parent node in the data integrity tree. A plurality of hash value child nodes each comprises a plurality of encrypted hash values generated as a function of a respective block of data stored in the memory and as a function of a counter comprised in a node above the hash value child node in the data integrity tree.

Abstract: Apparatus comprises two or more processing devices each having an associated translation lookaside buffer to store translation data defining address translations between virtual and physical memory addresses, each address translation being associated with a respective virtual address space; and control circuitry to control the transfer of at least a subset of the translation data from the translation lookaside buffer associated with a first processing device to the translation lookaside buffer associated with a second, different, processing device.

Abstract: Memory control circuitry controls access to data stored in memory, and memory security circuitry generates encrypted data to be stored in the memory. The encrypted data is based on target data and a first one-time-pad (OTP). In response to an OTP update event indicating that the first OTP is to be updated to a second OTP different from the first OTP, the memory security circuitry generates a re-encryption value based on the first OTP and the second OTP, and the memory security circuitry to issues a re-encryption request to cause updated encrypted data to be generated in a downstream component based on the encrypted data and the re-encryption value and to cause the encrypted data to be replaced in the memory by the updated encrypted data.

Abstract: An apparatus including memory access circuitry for controlling access to data stored in the non-trusted memory, and memory security circuitry to verify integrity of data stored in the non-trusted memory. The memory security circuitry has authentication code generation circuitry for generating authentication codes to be associated with the data stored in the non-trusted memory, for use when verifying the integrity of the data. The apparatus also has a trusted storage, and the authentication code generation circuitry is arranged to generate different authentication codes, dependent on whether the authentication code is to be stored in the non-trusted memory or the trusted storage.

Abstract: Message passing circuitry comprises lookup circuitry responsive to a producer request indicating message data provided on a target message channel by a producer node of a system-on-chip, to obtain, from a channel consumer information structure, selected channel consumer information associated with a given consumer node subscribing to the target message channel. Control circuitry writes the message data to a location associated with an address in a consumer-defined region of address space determined based on the selected channel consumer information. When an event notification condition is satisfied for the target message channel and the given consumer node, and an event notification channel is to be used, event notification data is written to a location associated with an address in a consumer-defined region of address space determined based on event notification channel consumer information associated with the event notification channel.

Abstract: A page table structure for address translation may include a relative type of page table entry, for which an address pointer to a next-level page table entry or a translated address may be specified using a relative offset value indicating an offset of the address pointer relative to a reference-point base address.

Abstract: An apparatus and method are provided for maintaining a counter value. The apparatus has first counter control circuitry for maintaining a first counter value representing a first portion of a hybrid counter value, and second counter control circuitry for maintaining a second counter value representing a second portion of the hybrid counter value, wherein the second portion is a higher order portion of the hybrid counter value than the first portion. The first counter control circuitry is arranged to maintain the first counter value as a binary value that indicates a magnitude of the first counter value, the first counter control circuitry comprising adder circuitry that is responsive to an adjustment value to update the first counter value by performing an addition operation to add the adjustment value to a current binary value of the first counter value, and to generate a carry out signal which is set when a carry out is generated by the addition operation.

Abstract: Coherency control circuitry (10) supports processing of a safe-speculative-read transaction received from a requesting master device (4). The safe-speculative-read transaction is of a type requesting that target data is returned to a requesting cache (11) of the requesting master device (4) while prohibiting any change in coherency state associated with the target data in other caches (12) in response to the safe-speculative-read transaction. In response, at least when the target data is cached in a second cache associated with a second master device, at least one of the coherency control circuitry (10) and the second cache (12) is configured to return a safe-speculative-read response while maintaining the target data in the same coherency state within the second cache. This helps to mitigate against speculative side-channel attacks.

Abstract: Apparatuses and method are disclosed for protecting the integrity of data stored in a protected area of memory. Data in the protected area of memory is retrieved in data blocks and an authentication code is associated with a memory granule contiguously comprising a first data block and a second data block. Calculation of the authentication code comprises a cryptographic calculation based on a first hash value determined from the first data block and a second hash value determined from the second data block. A hash value cache is provided to store hash values determined from data blocks retrieved from the protected area of the memory. When the first data block and its associated authentication code are retrieved from memory, a lookup for the second hash value in the hash value cache is performed, and a verification authentication code is calculated for the memory granule to which that data block belongs.

Abstract: An apparatus comprises memory storage circuitry comprising a plurality of memory storage locations to store data; an interface to receive an address from a requester; decryption circuitry to obtain a decrypted address by decrypting, based on a decryption key, an address received from the requester; and access control circuitry to select, based on the decrypted address obtained by the decryption circuitry, a memory storage location of the memory storage circuitry to be accessed.

Abstract: An apparatus comprises memory storage circuitry comprising a plurality of memory storage locations to store data; an interface to receive an address from a requester; decryption circuitry to obtain a decrypted address by decrypting, based on a decryption key, an address received from the requester; and access control circuitry to select, based on the decrypted address obtained by the decryption circuitry, a memory storage location of the memory storage circuitry to be accessed.

Abstract: An apparatus and method are provided for maintaining a counter value. The apparatus has first counter control circuitry for maintaining a first counter value representing a first portion of a hybrid counter value, and second counter control circuitry for maintaining a second counter value representing a second portion of the hybrid counter value, wherein the second portion is a higher order portion of the hybrid counter value than the first portion. The first counter control circuitry is arranged to maintain the first counter value as a binary value that indicates a magnitude of the first counter value, the first counter control circuitry comprising adder circuitry that is responsive to an adjustment value to update the first counter value by performing an addition operation to add the adjustment value to a current binary value of the first counter value, and to generate a carry out signal which is set when a carry out is generated by the addition operation.

Abstract: A system, apparatus and method for secure functions and manipulating cache line data. The method includes generating cache block addresses from a subset of bits, i.e. tag bits, of a cache address and hashing the cache block addresses with one or more secure functions that use keys to generate secure indexes.