A system-on-chip (SOC) may include a processor, e.g., a microcontroller (MCU), having data and instruction caches and virtual addressing capabilities. In some applications, the system-on-chip may require operation in a secure mode. In the case where the processor is an industry standard design, secure operation should be achieved with little change to the processor itself, thereby avoiding change to the programmer's model and ensuring binary compatibility.
Securing the processor under these conditions involves control of transitions between the user and secure modes. In the user mode, various secure resources and memory areas are not accessible. In the secure mode, the secure resources and memory areas can be accessed. Securing the processor under these conditions implies that protection states provided by the processor are deemed insufficient for the security requirement of the system.
Since the processor is considered to include instruction and data caches as well as a memory management unit to provide address translation, controlling the state transition also requires measures against misusing the address translation logic. The memory management unit, as well as the translation table entries in which virtual to physical mappings are configured, are considered as a non-secured resource.
Accordingly, there is a need for methods and apparatus to control context switching between user and secure modes in a processing system including a processor and a memory management unit.