In the field of microprocessor architectures, architecture elements known as bus masters are used to initiate bus data transfers across a communication bus. Such architecture elements may comprise a main processing core, a direct memory access (DMA), a co-processor, etc. The microprocessor architectures are often designed with protection mechanisms to protect against unallowed access to slave memory elements from master devices, as illustrated with respect to FIG. 1.
One example of a typical microprocessor architecture 100 of FIG. 1 comprises a main core, operably coupled to a memory management unit (MMU) 115 and a memory cache 120. The main CPU core 105 is operably coupled to a variety of devices and functions within the microprocessor architecture 100 via a bus or a crossbar switch 135. The CPU core 105 operates primarily as a bus master.
The crossbar switch 135 is also coupled to an external master interface 105 and a DMA element 140. The crossbar switch is also operably coupled to a series of interface elements 145. These elements are known as ‘slaves’, and may comprise as peripherals, a Flash memory, Static Random Access Memory (SRAM) and/or Read Only Memory (ROM). These slave elements are accessed via the bus masters. Some peripherals are also operably coupled to the CPU core 105 via an interrupt controller 125.
In the context of the present invention, a master device may be defined as a device that has the capability of initiating a bus data transfer and the capability to request bus arbitration. In a system with multiple potential bus master devices, the individual master devices need to agree on a mechanism, based, say, on a set of predefined rules, as to which master obtains ownership of the desired resource. In contrast, a slave device may be defined as a device that does not have the capability to initiate a bus request and cannot initiate a bus data transfer. In effect, a slave device containing data is accessed by a master device requiring the data.
Notably, the typical microprocessor architecture 100 provides protection to memory devices and peripherals using memory protection units (MPUs) (not shown) or memory management units (MMUs) 115, located in the processor main core.
MMUs used on current architectures only protect accesses from one master device to multiple slave devices. Additionally, MMUs are typically “page based”. This means, that the granularity of those pages is very course. Granularity here means the size of an individual entry. This is insufficient for many application requirements in the ‘embedded’ world. The mechanism of the MMU, in most cases, can only be used in CPU cores.
MPUs used in current systems do protect all or multiple destinations. However, MPUs only protect transactions initiated by a single master device.
It is known that some master devices (such as DMA, external bus interface (EBI), etc.) offer protection for out-bound data flow. It is also known that some slave devices have protection for in-bound data flow. Thus, varying levels of protection of the memory devices, for data-flow in/out of the device, leads to inconsistent protection schemes across the architecture. The known solutions fail to protect the entire memory map, as conflicting settings may occur due to the distributed nature of the settings.
Additional master devices or bus master devices in the microprocessor architecture are either not restricted in their memory map access, or they provide insufficient protection of the slave devices. Thus, the current approaches allow only de-centralised and incoherent settings for memory mapped accesses. The de-centralized memory protection is currently available using the MMU or MPU, as described above, which restricts the accesses by the CPU core 105, or provides limited settings for use via other master devices, such as a Direct Memory Access (DMA) Controller or External Bus Interface (EBI). The protection settings are only available by each master device independently. This can lead to incoherent setting configurations, when the number of settings is insufficient or invalid settings are used.
Some microprocessor architectures offer in-bound protection for certain modules. Other microprocessor architectures provide out-bound protection for individual master devices (e.g. In-bound: MPC5554 slave bus bridges, out-bound: ATMU in PowerQuiccIII). An in-bound data transfer is a data flow into the integrated circuit that is initiated through one of the externally connected peripherals, such as an External Bus Interface (EBI). An out-bound transfer is a data flow that passes through the Address Translation and Mapping Unit (ATMU) peripheral. Such a transfer is initiated by the CPU core 105 and the data transfer is sent to the integrated circuit boundaries. Unfortunately, it is known that MMUs only protect against unallowed accesses of the main core.
Thus, today's microprocessor architectures often provide only a MPU/MMU for protecting memory and peripherals from erroneous accesses by the main CPU core. This is particularly the case for on a system-on-chip (SoC) device, as defined at:                http://en.wikipedia.org/wiki/System-on-a-chip.        
However, in the field of the present invention, there exists a need for fully controlled and protected memory access for system-on-chip (SoC) devices, to encompass all potential master devices and all memory destinations. It is envisaged that future SoCs need a higher level of memory map protection and controlled memory map access, especially for safety and security applications.
Thus, a need exists for an improved protection system, for example, for slave elements such as memory elements within a microprocessor architecture, and method of operation therefor.