Abstract: A Remap Address Space Controller controls access to an address space by selectively remapping a physical address of a transaction received from a controller to form a remapped physical address according to a current execution context of the controller. The selective remapping is based on a determination of whether the current execution context of the controller allows the transaction to access the address space. Remap Address Space Controller selectively provides the transaction with the remapped physical address to a memory bus based on the determination of whether the current execution context of the controller allows the transaction to access the address space.

Abstract: A method and apparatus are disclosed for a multi-processor SoC which includes an execution domain processor for running an execution domain which hosts n partitions by accessing, for each partition, one or more SoC resources; a control point processor that generates control data with n JTAG debug enable signals corresponding to the n partitions for controlling access to the SoC resources by identifying at least a first SoC resource that each partition is allowed to access; and an access control circuit connected between the execution domain and the SoC resources and configured to provide, in response to the control data, a dynamic runtime isolation barrier which allows access by the JTAG debugging tool to only a specified partition running on the execution domain which has a JTAG debug enable signal set to a first active value and prevents access to the other n-1 partitions running on the execution domain, and for the partition under debug (debug signal set to a first active value), the dynamic runtime isolat

Abstract: A method and apparatus are disclosed for a multi-processor system on a chip which includes at least a first execution domain processor that is configured to run a first execution domain by accessing one or more system-on-chip resources; a first control point processor that is physically and programmatically independent from the first execution domain processor and that is configured to generate a first runtime isolation control data stream for controlling access to the one or more system-on-chip resources by the first execution domain; and an access control circuit connected between the first execution domain processor and the one or more system-on-chip resources and configured to provide a dynamic runtime isolation barrier in response to the first runtime isolation control data stream, thereby controlling access to the one or more system-on-chip resources by the first execution domain.

Abstract: A method and apparatus are disclosed for a multi-processor SoC which includes an execution domain processor for running an execution domain which hosts independent software partitions by accessing, for each software partition, one or more SoC resources; a control point processor that generates control data with pre-emption vectors for controlling access to the SoC resources by identifying at least a first SoC resource that each software partition is allowed to access; and an access control circuit connected between the execution domain and the SoC resources and configured to provide, in response to the control data, a dynamic runtime isolation barrier which enables the execution domain processor to switch between software partitions in response to a pre-emption interrupt trigger by fetching partition instructions from a corresponding pre-emption interrupt vector address in memory that is associated with the pre-emption interrupt trigger.

Abstract: A method and apparatus are disclosed for a multi-processor SoC which includes an execution domain processor for running an execution domain; a control point processor that is physically and programmatically independent from the execution domain processor and configured to generate control data for controlling access by the execution domain to one or more SoC resources by identifying at least a first SoC resource that the execution domain is allowed to access; and an access control circuit connected between the execution domain and the SoC resources and including a programmable front end which is connected to receive the control data from the control point processor, and a signals-based back end which is configured to provide a dynamic runtime isolation barrier in response to the control data, thereby controlling access to the one or more system-on-chip resources by the execution domain.

Abstract: A method and apparatus are disclosed for a multi-processor system on a chip which includes at least a first execution domain processor that is configured to run a first execution domain by accessing one or more system-on-chip (SoC) resources using virtual addresses; a control point processor that is physically and programmatically independent from the first execution domain processor and that is configured to generate a runtime virtualization isolation control data stream for controlling access to the SoC resources by identifying at least a first SoC resource that the first execution domain is allowed to access; and an access control circuit connected between the first execution domain and the SoC resources and configured to provide, in response to the runtime virtualization isolation control data stream, a dynamic runtime virtualization isolation barrier which maps a virtual address for the first SoC resource to a physical address for the first SoC resource.

Abstract: An enhanced security of multiple software processes executing on a computer system is provided by isolating those processes from each other and from access to system hardware resources. Embodiments provide such isolation by executing kernel software that manages hardware and controls physical address space on a separate hardware thread (e.g., in an isolation domain) from the process threads executing application programs (e.g., in execution domains). This renders the software executing in the isolation domain safe from privilege escalation attacks and permits implementation of enforceable isolation between execution systems. A multithreaded processor having switch-on-event multithreading is used to provide software isolation and hardware-controlled handling of a subset of system services by a different hardware thread than the one requesting the service.

Abstract: A Remap Address Space Controller controls access to an address space by selectively remapping a physical address of a transaction received from a controller to form a remapped physical address according to a current execution context of the controller. The selective remapping is based on a determination of whether the current execution context of the controller allows the transaction to access the address space. Remap Address Space Controller selectively provides the transaction with the remapped physical address to a memory bus based on the determination of whether the current execution context of the controller allows the transaction to access the address space.

Abstract: A Hardware Abstraction Layer (HAL) (66) of a Portable Microkernel Operating System (OS) is tested and verified by loading a HAL test program (96) into Kernel Space (60) as a device driver. This allows direct access to the HAL layer (66) and to the computer hardware accessed by the HAL layer (66). The HAL test program (96) makes HAL layer requests, then verifies HAL (66) operation by directly examining the hardware affected by the HAL request. The HAL test program (96) is controlled by either an external HAL test system (98), or by a HAL control program (99) executing in User space (62).