Abstract: An embodiment system for protecting a memory comprises security software configured to determine, from an exception generated during an unauthorized action attempt in the memory, whether the security software can perform the action.

Abstract: System, method, and circuitry for generating content for a programmable computing device based on user-selected memory regions. Contiguous regions that share memory access attributes are merged, interleaved contiguous regions that share at least one nested attribute are defined into combined regions, and remaining regions are defined as separate independent regions. A memory protection unit (MPU) region size closest to a size of each defined region is identified. If the start address of each region aligns with the address structure of the MPU region size, then those regions are assigned to MPU regions having the MPU region size; otherwise, another MPU size that aligns with the size of the regions is selected and those regions are assigned to MPU regions having that size. Content is generated to configure settings of MPU regions of the programmable computing device for the merged contiguous regions, the combined region, and the independent regions.

Abstract: In embodiments, a system includes a first and a second processing unit, a memory, and a firewall device. The first processing unit operates in a secure mode and generates memory access requests having a secure level. The second processing unit operates in a non-secure mode and generates memory access requests having a non-secure level. The memory includes a first memory area that can be shared between the first and second processing units. The firewall device includes a first firewall circuit with a first configuration authorizing access to the first memory area in the presence of a secure or non-secure level access request. The firewall circuit includes a second configuration prohibiting access to the first memory area in the presence of a secure level access request and authorizing access to the first memory area only in the presence of a non-secure level access request.

Abstract: System, method, and circuitry for generating content for a programmable computing device based on user-selected memory regions. Contiguous regions that share memory access attributes are merged, interleaved contiguous regions that share at least one nested attribute are defined into combined regions, and remaining regions are defined as separate independent regions. A memory protection unit (MPU) region size closest to a size of each defined region is identified. If the start address of each region aligns with the address structure of the MPU region size, then those regions are assigned to MPU regions having the MPU region size; otherwise, another MPU size that aligns with the size of the regions is selected and those regions are assigned to MPU regions having that size. Content is generated to configure settings of MPU regions of the programmable computing device for the merged contiguous regions, the combined region, and the independent regions.

Abstract: An electronic device receives data including an application update module for an application program, the application update including a first part, the first part including first update information and an indication value. A processor of the electronic device then compares the first update information with reference information associated with the indication value and stored in a memory of the electronic device. The processor then installs a second part of the application update module when the first update information corresponds to the reference information, thereby producing an updated application program.

Abstract: A computing device includes at least one memory device configured to store a software application, a processing device coupled to the at least one memory device via a bus and configured to execute the software application, and one or more resources capable of being called by the execution of a code in the software application. The at least one memory device, or a further memory device of the computing device, is configured to store a redirection table indicating, based on either or both of a caller address and a called address of a call to one of the resources, a substitute address to which the call is to be forwarded. The computing device further includes a software or hardware for intercepting a call from the software application and selectively redirecting the call based on the redirection table.

Abstract: In embodiments, a system includes a first and a second processing unit, a memory, and a firewall device. The first processing unit operates in a secure mode and generates memory access requests having a secure level. The second processing unit operates in a non-secure mode and generates memory access requests having a non-secure level. The memory includes a first memory area that can be shared between the first and second processing units. The firewall device includes a first firewall circuit with a first configuration authorizing access to the first memory area in the presence of a secure or non-secure level access request. The firewall circuit includes a second configuration prohibiting access to the first memory area in the presence of a secure level access request and authorizing access to the first memory area only in the presence of a non-secure level access request.

Abstract: A system includes at least one first application and a shared software platform. The shared software platform identifies each first application a first random number. The first random number is stored in encrypted fashion in an executable code of the first application. The first application is further identified by a second number which is representative of the first random number. The second number is stored in a first portion of a memory only accessible to the shared software platform.

Abstract: A method can be used for verifying an execution of a compiled software program stored in a program memory of a processor and executed by the processor. A write operation includes assigning a destination address in a register of the processor and writing a datum at a location pointed to by the destination address contained in the register. A verification operation includes reassigning the same destination address in the same register, reading the datum contained at the location pointed to by the destination address contained in the register after the reassignment, and comparing the read datum and the written datum.

Abstract: An electronic device is configured to support at least two configurations, one of the configurations being installed. The device includes a memory. In a limited-access region of the memory, a binary word is stored. That binary word has: a first value representative of the version of the installed configuration; and at least one second value indicating which configurations can be installed. A method of configuration of the electronic device includes determining, according to the second value, whether the configuration which attempts to be installed is permitted.

Abstract: System, method, and circuitry for generating content for a programmable computing device based on user-selected memory regions. Contiguous regions that share memory access attributes are merged, interleaved contiguous regions that share at least one nested attribute are defined into combined regions, and remaining regions are defined as separate independent regions. A memory protection unit (MPU) region size closest to a size of each defined region is identified. If the start address of each region aligns with the address structure of the MPU region size, then those regions are assigned to MPU regions having the MPU region size; otherwise, another MPU size that aligns with the size of the regions is selected and those regions are assigned to MPU regions having that size. Content is generated to configure settings of MPU regions of the programmable computing device for the merged contiguous regions, the combined region, and the independent regions.

Abstract: System, method, and circuitry for generating content for a programmable computing device based on user-selected memory regions. Contiguous regions that share memory access attributes are merged, interleaved contiguous regions that share at least one nested attribute are defined into combined regions, and remaining regions are defined as separate independent regions. A memory protection unit (MPU) region size closest to a size of each defined region is identified. If the start address of each region aligns with the address structure of the MPU region size, then those regions are assigned to MPU regions having the MPU region size; otherwise, another MPU size that aligns with the size of the regions is selected and those regions are assigned to MPU regions having that size. Content is generated to configure settings of MPU regions of the programmable computing device for the merged contiguous regions, the combined region, and the independent regions.

Abstract: According to one aspect, a method for compiling by a compilation tool a source code into a computer-executable code comprises receiving the source code as input of the compilation tool, translating the source code into an object code comprising machine instructions executable by a processor, then introducing, between machine instructions of the object code, additional instructions selected from illegal instructions and no-operation instructions so as to obtain the executable code, then delivering the executable code as output of the compilation tool.

Abstract: System, method, and circuitry for generating content for a programmable computing device based on user-selected memory regions. Contiguous regions that share memory access attributes are merged, interleaved contiguous regions that share at least one nested attribute are defined into combined regions, and remaining regions are defined as separate independent regions. A memory protection unit (MPU) region size closest to a size of each defined region is identified. If the start address of each region aligns with the address structure of the MPU region size, then those regions are assigned to MPU regions having the MPU region size; otherwise, another MPU size that aligns with the size of the regions is selected and those regions are assigned to MPU regions having that size. Content is generated to configure settings of MPU regions of the programmable computing device for the merged contiguous regions, the combined region, and the independent regions.

Abstract: A method is provided for monitoring an execution of a selected program code portion stored in a memory address range between a start address and an end address. The method includes starting a timing when a program counter points to the start address of the selected program code portion. Current values of the program counter are compared with a set of target addresses specific to the selected program code portion including the end address of the selected program code portion. The timing is stopped when the program counter points to the end address of the selected program code portion. An error signal is generated in response to the timing duration being outside a nominal duration range specific to the selected program code portion.

Abstract: In accordance with an embodiment, a method for transaction between an application executed by a processor and a peripheral via a hardware abstraction layer includes: configuring the peripheral comprising writing a transaction configuration emitted by the application into configuration registers of the peripheral via the hardware abstraction layer; verifying compliance of the transaction configuration written in the configuration registers; and executing the transaction only when the transaction configuration written in the configuration registers is compliant based on the verifying.

Abstract: A method can be used for verifying an execution of a compiled software program stored in a program memory of a processor and executed by the processor. A write operation includes assigning a destination address in a register of the processor and writing a datum at a location pointed to by the destination address contained in the register. A verification operation includes reassigning the same destination address in the same register, reading the datum contained at the location pointed to by the destination address contained in the register after the reassignment, and comparing the read datum and the written datum.

Abstract: In an embodiment a method for managing access rights of software tasks executed by a processing unit (CPU) using a cache memory containing execution data of the tasks in memory locations, each execution data having an attribute representative of a level of access right of the respective task, includes changing the attributes of the locations of the cache memory when the access rights of at least one task changes and retaining the execution data contained in the locations of the cache memory.

Abstract: According to one aspect, a method for compiling by a compilation tool a source code into a computer-executable code comprises receiving the source code as input of the compilation tool, translating the source code into an object code comprising machine instructions executable by a processor, then introducing, between machine instructions of the object code, additional instructions selected from illegal instructions and no-operation instructions so as to obtain the executable code, then delivering the executable code as output of the compilation tool.

Abstract: An embodiment system for protecting a memory comprises security software configured to determine, from an exception generated during an unauthorized action attempt in the memory, whether the security software can perform the action.