A microprocessor controls the memory with a memory management system that is commonly implemented in a hardware and software form. The hardware part of the system forms a memory management unit (MMU) that can be included in the microprocessor or be in the form of a separate component, either integrated on the same chip as the microprocessor, or forming a distinct integrated circuit connected to the microprocessor and the memory.
The memory management unit (MMU) performs memory transactions including functions for translating virtual addresses into physical addresses, functions for protecting the memory and controlling cache memories.
The presently used microprocessors mostly support the notion of virtual memory. In a virtual memory system, program instructions executed by the microprocessor refer to data using virtual addresses in a virtual memory space of the microprocessor. This space can be much larger than the physical memory space available in the system.
The virtual addresses of the microprocessor are translated by a memory management unit (MMU) into physical addresses used for the access to the system memory or to other storage devices. The virtual memory uses a pagination mechanism to translate or match the virtual addresses with physical addresses. The physical memory space is divided into physical pages having a fixed size, for example 4 kilobytes. The virtual addresses comprise one part of page address and one part of page shift or page offset. The virtual page address is translated by the pagination mechanism into physical page address. The page offset specifies a physical shift in the physical page, i.e. a shift from the address of the physical page.
The pagination of the memory allows the execution of the program with a virtual memory space larger than the existing physical memory space. Moreover, the pagination facilitates the program moving in different locations of physical memory during multiple or different executions of the program. The pagination also allows the simultaneous execution of multiple processes by the microprocessor, each process being able to access its own allocated physical memory pages without being collected from the hard disk for example and without needing to assign all the physical memory to only one process. Memory protection of other processes can also be facilitated on the basis of pagination.
The translation of the virtual page address into the physical page address is performed by sequentially reading a page table called page table walking operation or page table walk. The operating software of the microprocessor maintains and stores in the system memory, page tables containing information for translating a virtual page address into a physical page address. Therefore it is relatively onerous to carry out a page table walk when multiple memory accesses must be carried out for the translation. The page table walk is performed by the hardware, the software or a combination of both.
In order to improve the performances of the system by reducing the number of page table walks, many microprocessors benefit from a mechanism of storing page table information into a cache memory. This information comprises physical page addresses translated from virtual pages addresses recently used. This cache memory of page information is commonly known as a “page addresses translation buffer memory” or “Translation Lookaside Buffer or “TLB cache”. The virtual page address is provided to the TLB cache that searches for this address. When this address is found, the TLB cache directly provides the address of the corresponding physical page without performing the page table walk for the translation. In this way, the system performances as well as the executing speed of the processes are enhanced thanks to this direct addresses converting.
When a partial or complete update of a stored piece of software must be performed in a discontinuous way in several memory types such as ROM (Read Only Memory), NVM (Non-Volatile Memory), RAM (Random Access Memory), etc., the memory management unit and the pagination mechanism largely facilitate the operations.
The update of a system can be carried out according to a first solution consisting of storing the new software in a free non-volatile physical memory and modifying the page table. Thus the processor will use the virtual addresses pointing towards the physical addresses of the memory where the new software is stored. When the update installation application has not to be updated itself, a fixed specific application performs the update of the related software according to a relatively simple mechanism. The system will work with the old software as far as the update is not finished and switches to the new software only when the latter is completely installed and checked by a control sequence such as a checksum or a hash.
When a single application also including the update installation application must be renewed in a system, the application passes through an unstable state during the modification process. The security of such application under modification depends on the reliability of the instructions or commands used for the update. This situation of vulnerability of the application cannot be acceptable in the field chip cards or security modules requiring a high security level. Moreover, if the update operation fails or is unexpectedly interrupted, a quite complex mechanism to restore the system towards the preceding state is required. This restoration further involves a passage of the system through an unstable state compromising the security.
The document US2006/129794A1 describes a method for updating a program in a flash memory without proceeding with the complete restart of the processor after update installation. A processor is associated with a memory management unit, a random access memory and a flash memory. The flash memory content is dynamically renewed by an update of a page table in which a pointer designates a new program stored in the flash memory. The obsolete program is either deleted, or maintained in the flash memory after the update of the page table.