Patents by Inventor Azzedine Touzni

Azzedine Touzni has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10628611
    Abstract: Exemplary features pertain to establishing an Exclusive Execution Environment domain that Trusted Execution Zone components are forbidden to access. In one example, a system-on-a-chip (SoC) is equipped with a Reduced Instruction Set Computing (RISC) processor along with an application DSP (ADSP) and/or Graphics Processing Unit (GPU), where the ADSP and/or GPU is configured to provide and enforce the Exclusive Execution Environment domain. By forbidding access to Trusted Execution Zone components, security can be enhanced, especially within minimally-equipped devices that do not have the resources to implement a full Trust Execution Environment, such as low-power devices associated with the Internet of Things (IoT). Among other features, the systems and methods described herein allow application clients to build exclusive execution environments and claim exclusive access to buffer objects and hardware resource groups. Method and apparatus examples are provided.
    Type: Grant
    Filed: November 4, 2016
    Date of Patent: April 21, 2020
    Assignee: Qualcomm Incorporated
    Inventors: Thomas Zeng, Azzedine Touzni, Brian Kelley
  • Patent number: 10599442
    Abstract: Various additional and alternative aspects are described herein. In some aspects, the present disclosure provides a method of operating a system-on-chip (SoC). The method includes selecting a CPU core of a plurality of CPU cores of the SoC to boot the SoC based on information indicative of the quality of the plurality of CPU cores stored on the SoC. The method includes running boot code on the selected CPU.
    Type: Grant
    Filed: March 2, 2017
    Date of Patent: March 24, 2020
    Assignee: QUALCOMM Incorporated
    Inventors: Dhamim Packer Ali, Yanru Li, Ashutosh Shrivastava, Azzedine Touzni, Mamta Desai
  • Patent number: 10591975
    Abstract: Systems and methods are disclosed for managing memory access for low-power use cases of a system on chip. One such method comprises booting a system on chip (SoC) comprising a plurality of SoC processing devices. A trusted channel is created to a secure non-volatile random access memory (NVRAM). The method determines a power-saving software program to be executed on the SoC by one of the plurality of SoC processing devices. A software image associated with the power-saving software program is loaded to the secure NVRAM. In response to loading the software image to the secure NVRAM, each of the plurality of SoC processing devices except the one executing the software image from the secure NVRAM are powered down.
    Type: Grant
    Filed: October 30, 2017
    Date of Patent: March 17, 2020
    Assignee: Qualcomm Incorporated
    Inventors: Yanru Li, Azzedine Touzni, Dexter Tamio Chun
  • Patent number: 10310882
    Abstract: In the various aspects, virtualization techniques may be used to improve performance and reduce the amount of power consumed by selectively enabling a hypervisor operating on a computing device during sandbox sessions. In the various aspects, a high-level operating system may allocate memory such that its intermediate physical addresses are equal to the physical addresses. When the hypervisor is disabled, the hypervisor may suspend second stage translations from intermediate physical addresses to physical addresses. During a sandbox session, the hypervisor may be enabled and resume performing second stage translations.
    Type: Grant
    Filed: June 3, 2016
    Date of Patent: June 4, 2019
    Assignee: QUALCOMM Incorporated
    Inventors: Thomas Zeng, Azzedine Touzni, Philip Mueller, Jr., Piyush Patel
  • Publication number: 20190129493
    Abstract: Systems and methods are disclosed for managing memory access for low-power use cases of a system on chip. One such method comprises booting a system on chip (SoC) comprising a plurality of SoC processing devices. A trusted channel is created to a secure non-volatile random access memory (NVRAM). The method determines a power-saving software program to be executed on the SoC by one of the plurality of SoC processing devices. A software image associated with the power-saving software program is loaded to the secure NVRAM. In response to loading the software image to the secure NVRAM, each of the plurality of SoC processing devices except the one executing the software image from the secure NVRAM are powered down.
    Type: Application
    Filed: October 30, 2017
    Publication date: May 2, 2019
    Inventors: YANRU LI, Azzedine Touzni, Dexter Tamio Chun
  • Publication number: 20190065752
    Abstract: System and methods for booting a system-on-chip (SOC) in an enhanced memory mode are described herein. In one aspect, an enhanced memory mode indicator may be read to create a trusted channel to a non-volatile random-access memory (NVRAM). The NVRAM may be logically connected to the SOC. In an aspect, the NVRAM may be secured prior to the creation of the trusted channel. Once the secure channel to NVRAM has been created, the SOC may operate in an enhanced memory mode. Prior to the SOC powering down, the system may store an indicator operable to enable a subsequent boot of the SOC in the power saving mode. The SOC may be operable to switch between the power saving mode and a normal mode depending on the operational requirements of the portable computing device in which the SOC is implemented.
    Type: Application
    Filed: August 21, 2018
    Publication date: February 28, 2019
    Inventors: Yanru Li, Azzedine Touzni, Dexter Chun
  • Patent number: 10180908
    Abstract: Aspects include computing devices, systems, and methods for implementing a cache maintenance or status operation for a component cache of a system cache. A computing device may generate a component cache configuration table, assign at least one component cache indicator of a component cache to a master of the component cache, and map at least one control register to the component cache indicator by a centralized control entity. The computing device may store the component cache indicator such that the component cache indicator is accessible by the master of the component cache for discovering a virtualized view of the system cache and issuing a cache maintenance or status command for the component cache bypassing the centralized control entity. The computing device may receive the cache maintenance or status command by a control register associated with a cache maintenance or status command and the component cache bypassing the centralized control entity.
    Type: Grant
    Filed: May 13, 2015
    Date of Patent: January 15, 2019
    Assignee: QUALCOMM Incorporated
    Inventors: Yanru Li, Subbarao Palacharla, Moinul Khan, Alain Artieri, Azzedine Touzni
  • Publication number: 20190012271
    Abstract: One feature pertains to an apparatus that includes a memory circuit, a system memory-management unit (SMMU), and a processing circuit. The memory circuit stores an executable program associated with a client. The SMMU enforces memory access control policies for the memory circuit, and includes a plurality of micro-translation lookaside buffers (micro-TLBs), macro-TLB, and a page walker circuit. The plurality of micro-TLBs include a first micro-TLB that enforces memory access control policies for the client. The processing circuit loads memory address translations associated with the executable program into the first micro-TLB, and initiates isolation mode for the first micro-TLB causing communications between the first micro-TLB and the macro-TLB and between the first micro-TLB and the page walker circuit to be severed. The first micro-TLB continues to enforce memory access control policies for the client while in isolation mode.
    Type: Application
    Filed: July 5, 2017
    Publication date: January 10, 2019
    Inventors: Christophe AVOINNE, Samar ASBE, Thomas ZENG, Jean-Louis TARDIEUX, Jeffrey SHABEL, Azzedine TOUZNI
  • Patent number: 10121001
    Abstract: Systems for a method for monolithic workload scheduling in a portable computing device (“PCD”) having a hypervisor are disclosed. An exemplary method comprises instantiating a primary virtual machine at a first exception level, wherein the primary virtual machine comprises a monolithic scheduler configured to allocate workloads within and between one or more guest virtual machines in response to one or more interrupts, instantiating a secure virtual machine at the first exception level and instantiating one or more guest virtual machines at the first exception level as well. When an interrupt is received at a hypervisor associated with a second exception level, the interrupt is forwarded to the monolithic scheduler along with hardware usage state data and guest virtual machine usage state data. The monolithic scheduler may, in turn, generate one or more context switches which may comprise at least one intra-VM context switch and at least one inter-VM context switch.
    Type: Grant
    Filed: June 21, 2017
    Date of Patent: November 6, 2018
    Assignee: QUALCOMM Incorporated
    Inventors: Thomas Zeng, Azzedine Touzni, Satyaki Mukherjee
  • Publication number: 20180253314
    Abstract: Various additional and alternative aspects are described herein. In some aspects, the present disclosure provides a method of operating a system-on-chip (SoC). The method includes selecting a CPU core of a plurality of CPU cores of the SoC to boot the SoC based on information indicative of the quality of the plurality of CPU cores stored on the SoC. The method includes running boot code on the selected CPU.
    Type: Application
    Filed: March 2, 2017
    Publication date: September 6, 2018
    Inventors: Dhamim PACKER ALI, Yanru LI, Ashutosh SHRIVASTAVA, Azzedine TOUZNI, Mamta DESAI
  • Publication number: 20180129828
    Abstract: Exemplary features pertain to establishing an Exclusive Execution Environment domain that Trusted Execution Zone components are forbidden to access. In one example, a system-on-a-chip (SoC) is equipped with a Reduced Instruction Set Computing (RISC) processor along with an application DSP (ADSP) and/or Graphics Processing Unit (GPU), where the ADSP and/or GPU is configured to provide and enforce the Exclusive Execution Environment domain. By forbidding access to Trusted Execution Zone components, security can be enhanced, especially within minimally-equipped devices that do not have the resources to implement a full Trust Execution Environment, such as low-power devices associated with the Internet of Things (IoT). Among other features, the systems and methods described herein allow application clients to build exclusive execution environments and claim exclusive access to buffer objects and hardware resource groups. Method and apparatus examples are provided.
    Type: Application
    Filed: November 4, 2016
    Publication date: May 10, 2018
    Inventors: Thomas Zeng, Azzedine Touzni, Brian Kelley
  • Publication number: 20180121125
    Abstract: In an aspect, an apparatus obtains, at one or more hardware configuration interfaces, a physical page number associated with a secure resource, a domain identifier, and at least one memory attribute. The one or more hardware configuration interfaces may be in communication with a resource protection unit that manages access to the secure resource. The apparatus configures, by the one or more hardware configuration interfaces, a page table entry in a page table maintained at the resource protection unit, where the page table entry is configured to include the physical page number associated with the secure resource, the domain identifier, and the at least one memory attribute. The resource protection unit processes a resource access transaction when an access permission for the resource access transaction is determined in the page table.
    Type: Application
    Filed: November 1, 2016
    Publication date: May 3, 2018
    Inventors: Thomas Zeng, Azzedine Touzni
  • Publication number: 20180024944
    Abstract: Disclosed are methods and apparatus for memory management in shared virtual memory (SVM) systems. The methods and apparatus provide SVM access control on a per master basis through the assignment of a first classification identifier (ID) upon reception of a memory access request from a memory master. The assigned first classification ID assigned to the memory request is compared with a second classification ID stored in at least one page table entry of a page table used to manage the SVM system. The page table entry (PTE) corresponds to one or more memory locations of the SVM being requested in the memory access request. SVM system access operations for the memory access request are then denied if the first classification ID does not match the second classification ID, thereby providing added per master access control for the SVM system.
    Type: Application
    Filed: July 22, 2016
    Publication date: January 25, 2018
    Inventors: Thomas Zeng, Azzedine Touzni, Mitchel Humpherys
  • Publication number: 20170083456
    Abstract: A security apparatus and method are provided for performing a security algorithm that prevents unauthorized access to contents of a physical address (PA) that have been loaded into a storage element of the computer system as a result of performing a prediction algorithm during a hardware table walk that uses a predictor to predict a PA based on a virtual address (VA). When the predictor is enabled, it might be possible for a person with knowledge of the system to configure the predictor to cause contents stored at a PA of a secure portion of the main memory to be loaded into a register in the TLB. In this way, a person who should not have access to contents stored in secure portions of the main memory could indirectly gain unauthorized access to those contents. The apparatus and method prevent such unauthorized access to the contents by masking the contents under certain conditions.
    Type: Application
    Filed: March 31, 2016
    Publication date: March 23, 2017
    Inventors: THOMAS ZENG, AZZEDINE TOUZNI, TZUNG REN TZENG, PHIL J. BOSTLEY
  • Publication number: 20170031838
    Abstract: Disclosed is a method for protecting virtual machine data at a peripheral subsystem connected to at least one processor configured to host a plurality of virtual machines. In the method, context information, including a virtual machine identifier (VMID), is received. The VMID is unique to one of the plurality of virtual machines. A storage bank of a plurality of storage banks is selected based on the VMID included in the received context information. Each storage bank of the plurality of storage banks uses a same bus address range. A data bus is connected to the selected storage bank.
    Type: Application
    Filed: July 28, 2015
    Publication date: February 2, 2017
    Inventors: Satyaki Mukherjee, Subodh Singh, Ajaykumar Shankargouda Patil, Thomas Zeng, Azzedine Touzni
  • Patent number: 9507961
    Abstract: Systems, methods, and computer programs are disclosed for providing secure access control to a graphics processing unit (GPU). One system includes a GPU, a plurality GPU programming interfaces, and a command processor. Each GPU programming interface is dynamically assigned to a different one of a plurality of security zones. Each GPU programming interface is configured to receive work orders issued by one or more applications associated with the corresponding security zone. The work orders comprise instructions to be executed by the GPU. The command processor is in communication with the plurality of GPU programming interfaces. The command processor is configured to control execution of the work orders received by the plurality of GPU programming interfaces using separate secure memory regions. Each secure memory region is allocated to one of the plurality of security zones.
    Type: Grant
    Filed: August 29, 2013
    Date of Patent: November 29, 2016
    Assignee: QUALCOMM INCORPORATED
    Inventors: Thomas Zeng, Azzedine Touzni, William Torzewski
  • Publication number: 20160335190
    Abstract: Aspects include computing devices, systems, and methods for implementing a cache maintenance or status operation for a component cache of a system cache. A computing device may generate a component cache configuration table, assign at least one component cache indicator of a component cache to a master of the component cache, and map at least one control register to the component cache indicator by a centralized control entity. The computing device may store the component cache indicator such that the component cache indicator is accessible by the master of the component cache for discovering a virtualized view of the system cache and issuing a cache maintenance or status command for the component cache bypassing the centralized control entity. The computing device may receive the cache maintenance or status command by a control register associated with a cache maintenance or status command and the component cache bypassing the centralized control entity.
    Type: Application
    Filed: May 13, 2015
    Publication date: November 17, 2016
    Inventors: Yanru Li, Subbarao Palacharla, Moinul Khan, Alain Artieri, Azzedine Touzni
  • Publication number: 20160283262
    Abstract: In the various aspects, virtualization techniques may be used to improve performance and reduce the amount of power consumed by selectively enabling a hypervisor operating on a computing device during sandbox sessions. In the various aspects, a high-level operating system may allocate memory such that its intermediate physical addresses are equal to the physical addresses. When the hypervisor is disabled, the hypervisor may suspend second stage translations from intermediate physical addresses to physical addresses. During a sandbox session, the hypervisor may be enabled and resume performing second stage translations.
    Type: Application
    Filed: June 3, 2016
    Publication date: September 29, 2016
    Inventors: Thomas Zeng, Azzedine Touzni, Philip Mueller, JR., Piyush Patel
  • Patent number: 9431077
    Abstract: Efficient techniques using a multi-port shared non-volatile memory are described that reduce latency in memory accesses from dedicated function specific processors, such as a modem control processor. The modem processor preempts a host processor that is accessing data from a multi-port shared non-volatile memory flash device allowing the modem processor to quickly access data in the flash device. The preemption process uses a doorbell interrupt initiated by a processor that seeks access and interrupts the processor being preempted. After preemption, the host processor may resume or restart the data access. Access control by the processors utilizes a hardware semaphore atomic control mechanism. Power control of the shared non-volatile memory modules includes at least one inactivity timer to indicate when a supply voltage to the shared non-volatile memory modules can be safely reduced or turned off. Power may be restarted by any of the processors sharing the memory, allowing fast access to the data.
    Type: Grant
    Filed: March 13, 2013
    Date of Patent: August 30, 2016
    Assignee: QUALCOMM Incorporated
    Inventors: Assaf Shacham, Amit Gil, Erez Tsidon, Yanru Li, Azzedine Touzni
  • Patent number: 9396011
    Abstract: In the various aspects, virtualization techniques may be used to improve performance and reduce the amount of power consumed by selectively enabling a hypervisor operating on a computing device during sandbox sessions. In the various aspects, a high-level operating system may allocate memory such that its intermediate physical addresses are equal to the physical addresses. When the hypervisor is disabled, the hypervisor may suspend second stage translations from intermediate physical addresses to physical addresses. During a sandbox session, the hypervisor may be enabled and resume performing second stage translations.
    Type: Grant
    Filed: March 12, 2013
    Date of Patent: July 19, 2016
    Assignee: QUALCOMM INCORPORATED
    Inventors: Thomas M. Zeng, Azzedine Touzni, Philip T. Mueller, Jr., Piyush Patel