Abstract: It is suggested to process an interrupt event as follows: (i) receiving an interrupt event at a service request node; (ii) providing, by the service request node, an interrupt service request based on the interrupt event, and a security information; and (iii) forwarding the interrupt service request to an interrupt service provider.

Abstract: Systems, methods, and circuitries are provided for controlling access the secondary modules in a controller based on a two part identifier. In one example, a controller includes one or more primary modules, one or more secondary modules, and an interconnect. Each primary module is configured to generate access requests with respect to the one or more secondary modules. The interconnect couples the one or more primary modules to the one or more secondary modules. The interconnect is configured to assign a transaction identifier to each access request. The transaction identifier is mapped to a type of read and/or write access in one or more secondary modules and includes a main component mapped to an application in execution by the primary module that generated the access request, and a sub component mapped to a sub-task of the application in execution by the primary module that generated the access request.

Abstract: A method and apparatus for distributing interconnect bandwidth among master agents. The method includes allocating to each of the master agents a respective portion of the interconnect bandwidth within a time interval; monitoring the master agents to determine if any of the master agents has consumed its allocated portion of interconnect bandwidth within a current time interval; and if a master agent has consumed its allocated portion of interconnect bandwidth within the current time interval, delaying any new access requests from this master agent for a predetermined request delay time within the current time interval.

Abstract: Systems, methods, and circuitries are provided for controlling access the secondary modules in a controller based on a two part identifier. In one example, a controller includes one or more primary modules, one or more secondary modules, and an interconnect. Each primary module is configured to generate access requests with respect to the one or more secondary modules. The interconnect couples the one or more primary modules to the one or more secondary modules. The interconnect is configured to assign a transaction identifier to each access request. The transaction identifier is mapped to a type of read and/or write access in one or more secondary modules and includes a main component mapped to an application in execution by the primary module that generated the access request, and a sub component mapped to a sub-task of the application in execution by the primary module that generated the access request.

Abstract: Systems, methods, and circuitries are provided for detecting lost interrupt events in a reduced instruction set computer-V (RISC-V) architecture. An example architecture includes an advanced platform level interrupt controller (APLIC) and an incoming message signaled interrupt (MSI) controller (IMSIC) coupled to the APLIC. The APLIC includes a plurality of respective vectors connected to respective external interrupt inputs, wherein each vector is mapped to an interrupt priority and each vector comprises a vector interrupt lost (IL) bit. The IMSIC is configured to receive MSI from the APLIC and to maintain an interrupt file that includes a set of a set of interrupt lost (IL) bits indexed by interrupt priority.

Abstract: A semiconductor chip includes an electronic hardware circuitry device that includes a plurality of partitionable hardware resources that each includes a corresponding resource allocation state. The electronic hardware circuitry includes a logic control circuit to control access to the plurality of hardware resources based on the respective resource allocation states of the hardware resources and based on input from one or more authorized agents. The semiconductor chip further includes a processor core to implement a plurality of software applications belonging to a first group or to a second group, each of the plurality of applications configured to access and interact with at least one corresponding hardware resource assigned to the respective application, implement assigning software agents each authorized and configured to cause the electronic hardware circuitry device to assign one or more unassigned hardware resources only to one or more of the software applications belonging to certain groups.

Abstract: A security hardware device is configured to secure a control apparatus. The security hardware device includes a data security domain; a functional safety domain; a data security processor provided in the data security domain and is configured to secure data from unauthorized access or manipulation; a functional safety processor provided in the functional safety domain and is configured to detect functional errors and generate respective safety alerts in response to detecting the functional errors; and a monitoring processor configured to analyze the respective safety alerts provided by the functional safety processor for at least one pattern of safety alerts indicative of a security attack and generate a response signal in response to the respective safety alerts having at least one of the at least one pattern of safety alerts.

Abstract: An interconnect including an input couplable to a source, and an encoder coupled to the input. The encoder is configured to: group information that is received from the source via a same channel; size the grouped information to a common width; and apply protection to the sized grouped information.

Abstract: A direct memory access (DMA) circuit is provided. The DMA circuit may include a plurality of groups of direct memory access channels, wherein each of the groups includes at least one DMA channel and a resource usage counter configured to count an execution time in which one of the DMA channels of the group is executed, and an arbiter configured to evaluate a value of the resource usage counter of a group upon a request for execution time by one of the DMA channels of the group, and, taking into account a result of the evaluation, to assign, delay assignment, or deny execution time for using the direct memory access to one of the groups.

Abstract: Some examples relate to a method. In the method, a write transaction is routed from a master device to a slave device through a communication path. The communication path includes a first bridge and a second bridge downstream of the first bridge. The first bridge and the second bridge are coupled to one another via an interface structure. The first bridge sets a write busy signal on the communication path when the write transaction is processed by the first bridge; and in response to the first bridge setting the write busy signal, the second bridge holds the write busy signal until the write transaction has been received by the slave device. Upon the slave device receiving the write transaction, the second bridge resets the write busy signal to propagate the reset write busy signal back to the master device through the first bridge.

Abstract: A master is provided which is connected to at least one slave via an interface, wherein the at least one master is designed, in a transmission mode to transfer a valid combination of output data and associated error detection data via the interface, and wherein the at least one master is furthermore designed, in a non-transmission mode, to output an invalid combination of output data and associated error detection data in case of an erroneous output request.

Abstract: It is suggested to process an interrupt event as follows: (i) receiving an interrupt event at a service request node; (ii) providing, by the service request node, an interrupt service request based on the interrupt event, and a security information; and (iii) forwarding the interrupt service request to an interrupt service provider.

Abstract: A direct memory access (DMA) circuit is provided. The DMA circuit may include a plurality of groups of direct memory access channels, wherein each of the groups includes at least one DMA channel and a resource usage counter configured to count an execution time in which one of the DMA channels of the group is executed, and an arbiter configured to evaluate a value of the resource usage counter of a group upon a request for execution time by one of the DMA channels of the group, and, taking into account a result of the evaluation, to assign, delay assignment, or deny execution time for using the direct memory access to one of the groups. Relevant FIG.

Abstract: Some examples relate to a method. In the method, a write transaction is routed from a master device to a slave device through a communication path. The communication path includes a first bridge and a second bridge downstream of the first bridge. The first bridge and the second bridge are coupled to one another via an interface structure. The first bridge sets a write busy signal on the communication path when the write transaction is processed by the first bridge; and in response to the first bridge setting the write busy signal, the second bridge holds the write busy signal until the write transaction has been received by the slave device. Upon the slave device receiving the write transaction, the second bridge resets the write busy signal to propagate the reset write busy signal back to the master device through the first bridge.

Abstract: A data processing device is described including one or more processors implementing a plurality of data processing entities, one or more software interrupt nodes and an access register for each software interrupt node. The access register specifies which one or more data processing entities of the plurality of data processing entities is/are each allowed to, as interrupt source data processing entity, trigger an interrupt service request on the software interrupt node for another one of the plurality of data processing entities as an interrupt target processing entity. Each software interrupt node is configured to forward an interrupt service request triggered by an interrupt source data processing entity which is allowed to trigger an interrupt service request on the software interrupt node to an interrupt target processing entity.

Abstract: An interconnect including an input couplable to a source, and an encoder coupled to the input. The encoder is configured to: group information that is received from the source via a same channel; size the grouped information to a common width; and apply protection to the sized grouped information.

Abstract: A master is provided which is connected to at least one slave via an interface, wherein the at least one master is designed, in a transmission mode to transfer a valid combination of output data and associated error detection data via the interface, and wherein the at least one master is furthermore designed, in a non-transmission mode, to output an invalid combination of output data and associated error detection data in case of an erroneous output request.

Abstract: A System on Chip (SoC), including a plurality of processor cores including a secure master, which is configured to run security software, and a non-secure master, which is configured to run non-security software; a resource configured to be shared by the secure master and the non-secure master; and a state machine configured to protect the resource by allowing only the secure master to transition the resource to a particular state of the state machine, and allowing only the non-secure master to transition the resource to another particular state of the state machine.

Abstract: The present disclosure relates to a security device, a system, and a method for securing a control apparatus. The security device includes a data security unit which is configured to secure data, data communication and information, and includes a first security component inside the data security unit to operate in a first operating mode, and at least one first monitoring unit to operate in a high-availability mode which, said first monitoring unit being configured to detect a fault present in the first security component. The high-availability mode is different from the first operating mode. The security device further includes a second security component which is configured to operate in the high-availability mode and to output a first response signal if a fault is detected by the first monitoring, where the high-availability mode is available independently from the first operating mode.

Abstract: A security hardware device is configured to secure a control apparatus. The security hardware device includes a data security domain; a functional safety domain; a data security processor provided in the data security domain and is configured to secure data from unauthorized access or manipulation; a functional safety processor provided in the functional safety domain and is configured to detect functional errors and generate respective safety alerts in response to detecting the functional errors; and a monitoring processor configured to analyze the respective safety alerts provided by the functional safety processor for at least one pattern of safety alerts indicative of a security attack and generate a response signal in response to the respective safety alerts having at least one of the at least one pattern of safety alerts.