The technology described herein relates to data processing systems and in particular to a method of and apparatus for the protected processing of protected content by an accelerator, such as a graphics processing unit (GPU) or a video decoder, under the control of a non-trusted (non-secure) operating system (OS).
Many electronic devices, such as mobile phones or tablets, for example, will include both a host processor (CPU) that executes an operating system, such as Android, and one or more accelerators, such as a GPU, that provide hardware support for specific functions. In the case of a mobile phone or tablet, for example, the GPU may be used to generate the user interface that is displayed under the control of the operating system, and to compose the frame that is displayed on the display to the user.
It is becoming increasingly common for content providers to wish to provide (e.g. stream) protected content, such as videos, to electronic devices (and in particular to mobile devices). In order to support this, it is necessary for the electronic devices to be able to ensure the security of the protected content when it is, e.g., being played back to a user via the device.
One way to do this would be to provide a system (e.g. an ARM TrustZone, as described in US-A-2015/0052325) in which an accelerator, such as a graphics processing unit, can operate in both a protected and normal mode. The protected mode can then be used, for example, when processing protected content. Such a system can provide particular memory access restrictions, e.g. to prevent the accelerator from writing data into a memory area accessible by the operating system in a non-secure fashion when the accelerator is operating in its protected mode. This can then help to ensure that the accelerator operation will not cause a risk of leakage of protected data to the operating system.
However, even when memory protection for protected content is provided, the function being executed by the accelerator on behalf of the operating system, e.g. a graphics shader program submitted by a host processor to run on a GPU, may be non-trusted and the parameters being provided to and from the accelerator may be non-trusted.
The Applicants believe therefore that there remains scope for improved mechanisms for the provision of protected content processing on electronic devices.