Abstract: A system comprising control logic adapted to activate multiple security levels for the system. The system further comprises a storage coupled to the control logic and comprising a stack, the stack associated with one, but not all, of the multiple security levels. The system also comprises security logic coupled to the control logic and adapted to restrict usage of the system if the control logic attempts to fetch an instruction op-code from the stack.

Abstract: A processor system with an application and a maintenance function that would interfere with the application if concurrently executed. The processor system comprises a set of processor cores operable in different security and context-related modes, said processors having at least one interrupt input and at least one wait for interrupt output. The processor system also comprises a wait for interrupt expansion circuit responsive to the at least one wait for interrupt output to provide an interrupt signal, at least one of said processor cores operable in response to the interrupt signal to schedule a maintenance function separated in time from execution of the application.

Abstract: A secure demand paging system (1020) includes a processor (1030) operable for executing instructions, an internal memory (1034) for a first page in a first virtual machine context, an external memory (1024) for a second page in a second virtual machine context, and a security circuit (1038) coupled to the processor (1030) and to the internal memory (1034) for maintaining the first page secure in the internal memory (1034).

Abstract: A processing system operable in various execution environments. The system comprises plural processor cores having respective interrupt inputs, respective wait for interrupt outputs, and respective security outputs. The system also comprises a register coupled to at least one of the processor cores for identifying active execution environments. The system also comprises a global interrupt handler operable to selectively route interrupts to one or more of the interrupt inputs of said plural processor cores. The system also comprises a conversion circuit having plural interrupt-related output lines, and said conversion circuit fed with at least some of said respective wait for interrupt outputs and respective security outputs and fed by said register.

Abstract: An electronic power management system comprising plural processors operable in different security and context-related modes and having respective supply voltage inputs and clock inputs, said processors having at least one interrupt input and at least one wait for interrupt output. The system further comprises a power control circuit operable to configurably adjust supply voltages and clock rates for said supply voltage inputs and clock inputs. The system further comprises a wait for interrupt expansion circuit responsive to the at least one wait for interrupt output to provide an interrupt signal, at least one of said processors operable to configure said power control circuit in response to the interrupt signal.

Abstract: A system comprising a first logic adapted to use qualifiers received from a component to determine which of a plurality of storages matches the qualifiers, the first logic generates a first signal indicative of a storage matching the qualifiers. The system also comprises a second logic coupled to the first logic and adapted to use a target address received from the component to determine which of the plurality of storages matches the target address, the second logic generates a second signal indicative of a storage matching the target address. Another logic is adapted to determine whether the storage associated with the first signal matches the storage associated with the second signal. The qualifiers indicate security mode attributes associated with the component.

Abstract: Systems and methods for a multi-sharing security firewall are provided. Embodiments of a memory security firewall apparatus are provided that include region configuration logic, region selection logic, and access validation logic. The region configuration logic is operable to define memory protection regions of a target memory, each memory protection region having two initiator groups and two sets of access attribute combinations, one for each initiator group. The region selection logic is operable to select a memory protection region that includes the address of a target memory access request from a system initiator. The access validation logic is operable to allow the requested memory access if the system initiator is in one of the initiator groups of the memory protection region selected by the region selection logic, and the combination of access attributes is in a set of access attribute combinations of the memory protection region.

Abstract: A system comprising processing logic adapted to determine a type of boot performed by the system and a storage coupled to the processing logic. The processing logic is configured to erase or invalidate a predetermined portion of the storage, and to activate or deactivate an interface by which the system is accessed, if the type of boot comprises a functional boot.

Abstract: A method for detecting a stack buffer overflow attack is provided that includes receiving a memory access request from a processor core of a system, and determining that the memory access request indicates a stack buffer overflow attack. The method may further include preventing completion of the memory access request and/or executing a security violation response. A system is also provided that includes a processor core coupled to a plurality of busses and an execution stack in a random access memory coupled to the plurality of busses. The system further includes a buffer overflow protection (BOP) logic coupled to the plurality of busses to receive memory access requests from the plurality of busses. The BOP logic is operable to detect a buffer overflow attack comprising a memory access request addressing the execution stack initiated by a program executing on the processor core.

Abstract: The present disclosure describes systems and methods for preemptive masking and unmasking of non-secure processor interrupts. At least some embodiments provide a system that includes a processor capable of operating in a non-secure mode, and preemption logic coupled to the processor (the preemption logic capable of asserting an interrupt signal to the processor). If the processor is operating in the non-secure mode, the preemption logic preemptively inhibits a non-secure assertion of the interrupt signal in response to a mask event. If the processor is operating in the non-secure mode, the preemption logic preemptively enables the non-secure assertion of the interrupt signal in response to an unmask event.

Abstract: A system comprising a first component and a second component coupled to the first component and having a firewall. The second component comprises a storage partitioned into a plurality of portions.

Abstract: A system comprising control logic adapted to activate multiple security levels for the system. The system further comprises a storage coupled to the control logic and comprising a stack, the stack associated with one, but not all, of the multiple security levels. The system also comprises security logic coupled to the control logic and adapted to restrict usage of the system if the control logic attempts to fetch an instruction op-code from the stack.

Abstract: A system comprising a first logic adapted to use qualifiers received from a component to determine which of a plurality of storages matches the qualifiers, the first logic generates a first signal indicative of a storage matching the qualifiers. The system also comprises a second logic coupled to the first logic and adapted to use a target address received from the component to determine which of the plurality of storages matches the target address, the second logic generates a second signal indicative of a storage matching the target address. Another logic is adapted to determine whether the storage associated with the first signal matches the storage associated with the second signal. The qualifiers indicate security mode attributes associated with the component.

Abstract: A system, method, and logic are disclosed for automatic hardware bus encryption/decryption. The logic receives a memory access request comprising a physical address of a memory location from a processor. The logic translates the physical address, and uses the translated physical address and a seed value in a pseudo random number generator to produce an output value. The logic then uses the output value to non-deterministically select an encryption key from a plurality of encryption keys. If the memory access request is a read operation, the logic uses the selected key to decrypt the contents of the memory location; and provides the decrypted contents to the processor. If the memory access request is a write operation, the logic uses the selected key to encrypt a value comprised in the memory access request; and writes the encrypted value in the memory location.

Abstract: A system comprising processing logic adapted to determine a type of boot performed by the system and a storage coupled to the processing logic. The processing logic is configured to erase or invalidate a predetermined portion of the storage, and to activate or deactivate an interface by which the system is accessed, if the type of boot comprises a functional boot.

Abstract: A system comprising a processing logic adapted to activate multiple security levels for the system and a storage coupled to the processing logic via a bus, the bus adapted to transfer information between the storage and the processing logic. The system also comprises a monitoring logic coupled to the processing logic and comprising a range of addresses associated with a predetermined security level of the system. The monitoring logic obtains an address associated with the information. If a current security level matches the predetermined security level and if the address does not correspond to the range of addresses, the monitoring logic restricts usage of the system.

Abstract: A system includes a processor having a trace port, a memory coupled to the processor, and a software integrity checking (“SIC”) logic coupled to the memory and the trace port. The trace port provides data regarding an execution state of a most recently executed instruction. The SIC logic is operable to check integrity of addresses of instructions in a code sequence stored in the memory and executable on the processor, and to check integrity of execution states of the executed instructions.

Abstract: A secure demand paging system (1020) includes a processor (1030) operable for executing instructions, an internal memory (1034) for a first page in a first virtual machine context, an external memory (1024) for a second page in a second virtual machine context, and a security circuit (1038) coupled to the processor (1030) and to the internal memory (1034) for maintaining the first page secure in the internal memory (1034).

Abstract: A page processing circuit (1040) includes a memory (1034) for pages, a processor (1030) coupled to the memory, and a page wiping advisor circuit (1040) coupled to the processor and operable to prioritize pages based both on page type (TYPE in 2740) and usage statistics (STAT in 2740). Processes of manufacture, processes of operation, circuits, devices, telecommunications products, wireless handsets and systems are also disclosed.