It is known to provide a data processing apparatus having a primary processor in overall control of the data processing apparatus and a secondary processor configured to perform data processing operations delegated to it by the primary processor. For example, in a data processing apparatus which is required to perform video decoding operations, a primary processor (e.g. a general purpose CPU) may delegate much of the video decoding operations to a dedicated video processing unit (i.e. the secondary processor).
Data security is further known to be an important consideration when configuring a contemporary data processing apparatus. For example, it is known to categorise some data as secure and other data as non-secure, whereby the secure data is only allowed to be accessed by components of the data processing apparatus which are trusted (i.e. secure). Accordingly, a general purpose processor (such as the above mentioned CPU) may be configured to have a secure domain and a non-secure domain, wherein only components which reside in the secure domain of the processor are allowed to access secure data in memory. For example, the TrustZone® technology developed by ARM Limited of Cambridge, UK provides mechanisms for enforcing such security boundaries in a data processing apparatus (as described for example in U.S. Pat. No. 7,849,310, the entire contents of which are incorporated herein by reference).
However, in the context of a data processing apparatus comprising a primary processor and a secondary processor, whilst the primary processor may be configured in this way (i.e. sub-divided into a secure domain and a non-secure domain), it may not be appropriate or even possible to simply extend these secure and non-secure domains to include the secondary processor. In general, the secure domain of a processor represents a relatively smaller portion of a processor than its non-secure counterpart, due to the need for all elements of the secure domain to be strictly checked and verified as trusted in order to enforce the reliability of the secure domain. Extending the secure domain to encompass elements of the secondary processor represents a potential vulnerability to the reliability of this security setup. Furthermore, extending this trusted division into secure and non-secure to the secondary processor would require an appropriate operating system to be run on the secondary processor to support it which may not be feasible when the secondary processor is a dedicated device such as a VPU.
Accordingly, it would be desirable to provide a technique which enabled the secondary processor reliably to perform both secure and non-secure data processing operations on behalf of the primary processor without jeopardising the security of the data processing apparatus.