Many consumer products, such as mobile phones, set top boxes, personal digital assistants (PDA), and other systems running an operating system, are implemented with one or more processor cores. To secure a piece of code on the system, the processes that can access the code must be controlled. One approach is to partition a core into a trusted zone and a non-trusted zone. Code in the trusted zone can access all of the system resources. Code in the non-trusted zone has limited access to the system resources, as managed by code in the trusted zone. Two separate pieces of code in the non-trusted zone have the same level of permissions for access to the resources. However, it may be desirable to prevent access between the codes in the non-trusted zone. For example, an electronic wallet application and a digital rights management application may both run in the non-trusted zone. To maintain the integrity of each piece of code, access by the other needs to be controlled or prevented. A common approach is to run each piece of code in different cores. This approach, however, requires extra hardware.
Further, system resource access permissions are typically defined based on the virtual address space for the resources. Once permission for a piece of code is verified, the virtual address is translated to the physical address via a look-up table (LUT). However, this security mechanism is software based and may be bypassed or corrupted by a variety of means, including the direct use of the physical address of a resource directly, hence bypassing the virtual address translation. Thus, it may be difficult to prove the level of security provided by software based mechanisms.
Accordingly, it would be desirable to provide a method and system for providing security for codes running in non-trusted domains in a processor core.