1. Field of the Invention
This application claims priority to GB Application No. 1017785.5 filed 21 Oct. 2010, the entire contents of which are incorporated herein by reference.
This invention relates to the field of data processing systems. More particularly, this invention relates to securing display of a subject image within a data processing system supporting both a secure domain and a non-secure domain.
2. Description of the Prior Art
It is known to provide data processing systems, such as the processors including TrustZone technology designed by ARM Limited of Cambridge, England, which provide both a secure domain and a non-secure domain. When a processor is operating in the secure domain it can access data stored within both secure regions of memory and non-secure regions of memory whereas when the processor is operating in the non-secure domain it can access data stored within the non-secure regions but is not able to access data stored within the secure regions. It is known within such systems to display images to prompt a user to provide user input. As an example, a system may display a subject image prompting a user to enter a person identification number (PIN) or a password in order to authenticate a transaction the details of which are represented in the subject image, e.g. the secure image may represent the cost of a transaction and recipient of the funds relating to a transaction, with the user being prompted to enter their PIN in order to authenticate the transaction and authorise the funds transfer.
Within such systems a potential security vulnerability is that the display of the subject image may be compromised such that a user is presented with an image specifying different details, e.g. amount of transaction, recipient details, and be prompted to enter their PIN to authorise a transaction which then takes place with other parameters, such as a higher amount or a different recipient. A problem in addressing this security vulnerability is that although special purpose hardware for secure display is known from U.S. Pat. No. 7,509,502 (Secure LCD Controller and Frame Store), many widely available data processing systems do not have mechanisms to restrict access to the one or more frame buffers for driving the display to software executing in the secure domain or in another trusted manner. The lack of mechanisms for providing a secure frame buffer or secure frame buffers opens the possibility of a user being shown a manipulated image representing transaction details different to those which will be authorised by their user input.