1. Field of the Invention
The present invention generally relates to processors and systems using processors, and particularly relates to a processor with an information security function and a system using such a processor.
2. Description of the Related Art
Processor-based systems allow programs to be used to define their operations, so that these systems are more flexible than systems operating based on hardware alone, allowing a variety of functions to be implemented easily. Because of such advantages, processor-based systems are used in a variety of fields, and are even beginning to be used in the field such as electronic business transaction where a high degree of security is required. In order to provide high security, various measures such as user authentication need to be implemented at the system level. In recent years, however, security issues have been discussed not only at the system level but also at the software level and processor level.
For example, when data and/or executable instruction codes are to be stored in a main memory device or secondary memory device, security may be ensured by encrypting the data and/or executable instruction codes. At the time of execution of instructions, the encrypted data and/or executable instruction codes are decoded and stored in a cache memory inside the processor, followed by executing the process. With this configuration, if hardware for performing the encryption process is implemented on a chip separate from the processor chip, the processing speed and encryption performance may become a problem.
Technology described in Patent Document 1 is an example of conventional technologies relating to such software execution environment. Patent Document 1 discloses a code executing apparatus which checks the validity of an encrypted code by authenticating the encrypted execution code, and which has a secure processor that fetches an instruction corresponding to the encrypted code, followed by executing the instruction as a secured task.
Such code executing apparatus, however, requires a large-scale modification to software. Depending on usages, there may be a case in which it is necessary to encrypt and protect only a particular portion of the instructions and data. The configuration as described above that requires a large-scale software modification is not desirable in terms of cost-effectiveness.
In a typical processor, an execution unit for decoding and executing instructions fetches instructions via a memory management unit, a cache memory, and a bus interface, and stores execution results in memory. Such operations are repeated one after another. An attempt to implement a full security function for such a typical processor results in an encryption circuit being inserted into the data path, thereby performing encryption and decryption with respect all the information inclusive of the instructions and execution results. However, the security function to protect all the information may not be necessary, and the encryption and protection of only a portion of the information may suffice to achieve the objective, depending on the usage. In such a case, the full protection as described above simply means an excessively large scale and excessive costs.
[Patent Document 1] Japanese Patent Application Publication No. 2002-353960
[Patent Document 2] Japanese Patent Application Publication No. 2003-280989
[Patent Document 3] Japanese Patent Application Publication No. 2004-320533
Accordingly, there is a need for a processor and system having an efficient configuration suitable for the needs when it is sufficient to encrypt and protect only a portion of the information.