1. Field of the Invention
This invention relates to the field of data processing systems. More particularly, this invention relates to the selective disabling of diagnostic functions within data processing systems.
2. Description of the Prior Art
It is known to provide data processing systems with diagnostic mechanisms, such as instruction breakpoint mechanisms, data watchpoint mechanisms, tracing mechanisms, code profiling mechanisms and the like, in order to assist in the understanding of the operation of data processing systems, particularly during hardware and software development and debug. Such mechanisms allow the data processing instructions being executed, and the data values being manipulated, to be identified at different execution points in order to gain an understanding of the behaviour of the system. This can be vital in the ability to debug systems and to tune their performance.
A separate trend within data processing systems is the use of such systems in processing secure data. As an example, digital rights management systems are frequently required to control the access to copyrighted material. Such systems may employ cryptographic keys, which are highly sensitive pieces of data. Such keys need to be carefully protected. Whilst the systems employing such sensitive information may be designed to be secure in normal use, a problem arises concerning the diagnostic mechanisms built into such systems. Diagnostic mechanisms so as to be sufficiently versatile and powerful normally have the ability to examine data values and other state information throughout the system with little restriction. However, this could represent a significant security threat if a person was, for example, to use diagnostic mechanisms to read a secure cryptographic key from a system in an unauthorised way.
It is known from U.S. Pat. No. 5,621,886 to provide for the separate enablement of debug events during execution of operating system routines and non-operating system routines. Thus, the system can be provided with a first mode and a second mode and while operating in first mode the processor allows access to additional resources which are not available in the second mode.
It is known from US-A-2004/0260910 to provide a method of controlling a monitoring function of a processor operable in at least two domains, each domain comprising at least one mode. Control values may be set to allow initiation of monitoring functions in the first domain, if its related control value indicates that the monitoring function is allowable in that domain. The first domain may be a secure domain and the monitoring function can be a debug or a trace function. The domains of this system are operational states and not regions of memory address space.
A problem with the above approaches is a lack of flexibility in the way diagnostic operations can be enabled or disabled. This is related to the dichotomy of wishing to provide flexible diagnostic access to the entire system to make debug and analysis easy contrasted with a desire to protect sensitive information (such as cryptographic keys and the nature of program code).