阅读说明：本技术 核映射 (Core mapping ) 是由 G·T·莱蒂 D·L·斯泰尔斯 E·B·奈廷格尔 于 2018-04-27 设计创作，主要内容包括：所公开的技术总体上涉及外围设备访问。在本技术的一个示例中,所存储的配置信息被读取。所存储的配置信息与以下相关联：将多个独立执行环境映射到多个外围设备,使得多个外围设备中的外围设备具有多个独立执行环境中的对应独立执行环境。基于配置信息对可配置中断路由表进行编程。从外围设备接收中断。基于可配置中断路由表向对应独立执行环境路由中断。(The disclosed technology relates generally to peripheral access. In one example of the present technology, stored configuration information is read. The stored configuration information is associated with: the plurality of independent execution environments are mapped to the plurality of peripheral devices such that a peripheral device of the plurality of peripheral devices has a corresponding independent execution environment of the plurality of independent execution environments. The configurable interrupt routing table is programmed based on the configuration information. An interrupt is received from a peripheral device. Interrupts are routed to the corresponding independent execution environment based on a configurable interrupt routing table.)

1. An apparatus, comprising:

a device comprising at least one memory and at least one processor, the at least one memory adapted to store runtime data for the device, the at least one processor adapted to execute processor executable code that, in response to execution, enables the device to perform actions comprising:

reading the stored configuration information, the configuration information being associated with: mapping a plurality of independent execution environments to a plurality of peripheral devices such that the peripheral devices in the plurality of peripheral devices have corresponding independent execution environments in the plurality of independent execution environments;

programming a configurable interrupt routing table based on the configuration information;

receiving an interrupt from a peripheral device; and

routing the interrupt to the corresponding independent execution environment based on the configurable interrupt routing table.

2. The apparatus of claim 1, the acts further comprising:

setting a sticky lock bit associated with the configurable interrupt routing table after programming the configurable interrupt routing table; and

blocking write access to the configurable interrupt routing table while the sticky lock bit is set.

3. The apparatus of claim 1, wherein the configurable interrupt routing table comprises a plurality of configuration registers.

4. The apparatus of claim 1, the acts further comprising:

programming a configurable data management access table based on the configuration information.

5. A method, comprising:

reading the stored configuration information, the configuration information being associated with: mapping a plurality of independent execution environments to a plurality of peripheral devices such that the peripheral devices in the plurality of peripheral devices have corresponding independent execution environments in the plurality of independent execution environments;

programming a configurable route based on the configuration information;

receiving an interrupt from a peripheral device; and

routing the interrupt to the corresponding independent execution environment based on the configurable routing.

6. The method of claim 5, wherein the configurable routing comprises at least one of: a configurable interrupt routing table, a configurable data management access routing table, or a plurality of configuration registers.

7. The method of claim 5, further comprising:

setting a sticky lock bit associated with the configurable route after programming the configurable route; and

blocking write access to the configurable route while the sticky lock bit is set.

8. A processor-readable storage medium having stored thereon process executable code that, when executed by at least one processor, performs acts comprising:

reading the stored configuration information, the configuration information being associated with: mapping a plurality of cores in a multi-core integrated circuit to a plurality of peripheral devices such that the peripheral devices in the plurality of peripheral devices have corresponding cores in the plurality of cores;

configuring a configurable interrupt routing table based on the configuration information;

receiving an interrupt from a peripheral device; and

routing the interrupt to the corresponding independent execution environment based on the configurable interrupt routing table.

9. The processor-readable storage medium of claim 8, the acts further comprising:

setting a sticky lock bit associated with the configurable interrupt routing table after programming the configurable interrupt routing table; and

blocking write access to the configurable interrupt routing table while the sticky lock bit is set.

10. The processor-readable storage medium of claim 8, the acts further comprising:

programming a configurable data management access table based on the configuration information.

11. The processor-readable storage medium of claim 8, wherein the configurable interrupt routing table comprises a plurality of configuration registers.

12. The processor-readable storage medium of claim 10, the acts further comprising:

after programming the configurable data management access table, setting a sticky lock bit associated with the configurable data management access table; and

blocking write access to the configurable data management access table while the sticky lock bit is set.

13. The method of claim 5, wherein the configurable routing comprises a configurable interrupt routing table, and wherein the configurable interrupt routing table comprises a plurality of configuration registers.

14. The apparatus of claim 4, the acts further comprising:

after programming the configurable data management access table, setting a sticky lock bit associated with the configurable data management access table; and

blocking write access to the configurable data management access table while the sticky lock bit is set.

15. The apparatus of claim 1, wherein the plurality of independent execution environments comprise at least a first core and a second core, wherein the second core is not the first core.

Background

The internet of things ("IoT") generally refers to a system of devices that are capable of communicating over a network. These devices may include everyday items such as toasters, coffee makers, thermostat systems, washing machines, dryers, lights, automobiles, and the like. Network communication may be used for device automation, data capture, providing alerts, personalization of settings, and many other applications.

Disclosure of Invention

This summary is provided to introduce a selection of concepts in a simplified form that are further described below in the detailed description. This summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used to limit the scope of the claimed subject matter.

Briefly, the disclosed technology relates generally to configurable peripheral access in an integrated circuit. In one example of the present technology, the stored configuration information may be read. In some examples, the stored configuration information is associated with: the plurality of independent execution environments are mapped to the plurality of peripheral devices such that a peripheral device of the plurality of peripheral devices has a corresponding independent execution environment of the plurality of independent execution environments. Based on the configuration information, a configurable interrupt routing table may be programmed. An interrupt may be received from a peripheral device. Based on the configurable interrupt routing table, interrupts may be routed to the corresponding independent execution environment.

In some examples of the disclosure, in a multi-core environment, some cores are configured to "own" some peripheral devices, rather than giving all cores access rights to all peripheral devices. Rather than hardwiring which cores own which peripherals, the core to peripheral mapping may be dynamically pre-programmable until a sticky lock bit is set, at which point the core to peripheral mapping is fixed until the device is restarted.

The mapping of cores to peripherals may be separate for each device type, and configuration information for cores to peripherals may be stored, for example, on flash memory or in another suitable location. The security code running in the secure world may read the configuration information and set the configuration register based on the configuration information. The secure world may program the core mapping and interrupt routing tables based on the configuration information. After programming the core mapping and interrupt routing tables, a sticky lock bit may be set so that the core mapping and interrupt routing are fixed until the device is restarted.

During operation, in some examples, the core mapping and interrupt routing tables are used as configured. In some examples, interrupts received from a peripheral device enter an intermediate routing block that sends the interrupt to the core that "owns" the peripheral device using a configured interrupt table. In some examples, the configured core routing and configured interrupt routing tables make it appear as if the core is hardwired to its corresponding peripheral device, but not actually.

The core to peripheral mapping may include interrupts and other sideband communications, such as Direct Memory Access (DMA) routing. In some examples, all communications that are point-to-point, typically in either direction between the core and the peripheral device, are routed via the core map such that the communications appear to be point-to-point, while actually being routed via the intermediate routing block.

Other aspects and applications of the disclosed technology will be understood after a reading and understanding of the attached drawings and description.

Drawings

Non-limiting and non-exhaustive examples of the present disclosure are described with reference to the following drawings. In the drawings, like reference numerals refer to like parts throughout the various figures unless otherwise specified. The figures are not necessarily to scale.

For a better understanding of the present disclosure, reference will be made to the following detailed description which should be read in connection with the accompanying drawings, wherein:

FIG. 1 is a block diagram illustrating one example of a suitable environment in which aspects of the present technology may be employed;

FIG. 2 is a block diagram illustrating one example of a suitable computing device in accordance with aspects of the disclosed technology;

FIG. 3 is a block diagram illustrating an example of a system for peripheral access;

FIG. 4 is a block diagram illustrating an example of a device for peripheral access; and

fig. 5 is a diagram illustrating an example data flow of a process for configuring access to a peripheral device, according to aspects of the present disclosure.

Detailed Description

The following description provides specific details for a thorough understanding and enabling description of various examples of the present technology. It will be understood by those skilled in the art that the techniques may be practiced without many of these details. In some instances, well-known structures and functions have not been shown or described in detail to avoid unnecessarily obscuring the description of the examples of the present technology. The terminology used in the present disclosure is intended to be interpreted in its broadest reasonable manner, even though it is being used in conjunction with a detailed description of certain examples of the technology. Although certain terms may be emphasized below, any term intended to be interpreted in any constrained manner will be explicitly and specifically defined in the detailed description section. Throughout the specification and claims, the following terms take at least the meanings explicitly associated herein, unless the context indicates otherwise. The meanings identified below do not necessarily limit the terms, but merely provide illustrative examples of the terms. For example, each of the terms "based on" and "according to" is not exclusive and is equivalent to the term "based at least in part on" and includes options based on other factors, some of which may not be described herein. As another example, the term "via" is not exclusive and is equivalent to the term "at least partially via" and includes options via additional factors, some of which may not be described herein. The meaning of "in … …" includes "in … …" and "on … …". The phrases "in one embodiment" or "in an example" as used herein do not necessarily refer to the same embodiment or example, although they may. The use of a particular text numeric indicator does not indicate that there is a lower value numeric indicator. For example, the statement "a widget selected from a group including a third foo and a fourth bar" does not by itself indicate that there are at least three foos, nor at least four bar elements. The singular reference is only for the clarity of reading and includes the plural references unless explicitly excluded. The term "or" is an inclusive "or" operator, unless explicitly stated otherwise. For example, the phrase "a or B" means "A, B or a and B". As used herein, the terms "component" and "system" are intended to encompass hardware, software, or various combinations of hardware and software. Thus, for example, a system or component may be a process, a process executing on a computing device, or a portion thereof.

Briefly, the disclosed technology relates generally to configurable peripheral access in an integrated circuit. In one example of the present technology, the stored configuration information may be read. In some examples, the stored configuration information is associated with: the plurality of independent execution environments are mapped to the plurality of peripheral devices such that a peripheral device of the plurality of peripheral devices has a corresponding independent execution environment of the plurality of independent execution environments. Based on the configuration information, a configurable interrupt routing table may be programmed. An interrupt may be received from a peripheral device. Based on the configurable interrupt routing table, interrupts may be routed to the corresponding independent execution environment.

In some examples of the disclosure, in a multi-core environment, some cores are configured to "own" some peripheral devices, rather than giving all cores access rights to all peripheral devices. Rather than hardwiring which cores own which peripherals, the core to peripheral mapping may be dynamically pre-programmable until a sticky lock bit is set, at which point the core to peripheral mapping is fixed until the device is restarted.

The mapping of cores to peripherals may be separate for each device type, and configuration information for cores to peripherals may be stored, for example, on flash memory or in another suitable location. The security code running in the secure world may read the configuration information and set the configuration register based on the configuration information. The secure world may program the core mapping and interrupt routing tables based on the configuration information. After programming the core mapping and interrupt routing tables, a sticky lock bit may be set so that the core mapping and interrupt routing are fixed until the device is restarted.

During operation, in some examples, the core mapping and interrupt routing tables are used as configured. In some examples, interrupts received from a peripheral device enter an intermediate routing block that sends the interrupt to the core that "owns" the peripheral device using a configured interrupt table. In some examples, the configured core routing and configured interrupt routing tables make it appear as if the core is hardwired to its corresponding peripheral device, but not actually.

The mapping of cores to peripherals may include interrupts and other sideband communications, such as DMA. In some examples, all communications that are point-to-point, typically in either direction between the core and the peripheral device, are routed via the core map such that the communications appear to be point-to-point, while actually being routed via the intermediate routing block.

Illustrative device/operating Environment

FIG. 1 is a diagram of an environment 100 in which aspects of the present technology may be practiced. As shown, environment 100 includes a computing device 110 and a network node 120 connected via a network 130. Although specific components of environment 100 are shown in fig. 1, in other examples, environment 100 may also include additional and/or different components. For example, in some examples, environment 100 may also include a network storage device, a maintenance manager, and/or other suitable components (not shown). The computing device 110 shown in fig. 1 may be in various locations, including indoors, in the cloud, and so forth. For example, the computer device 110 may be on a client side, on a server side, or the like.

As shown in fig. 1, network 130 may include one or more network nodes 120, network nodes 120 interconnecting a plurality of computing devices 110 and connecting computing devices 110 to an external network 140, such as the internet or an intranet. For example, network node 120 may include a switch, router, hub, network controller, or other network element. In some examples, computing devices 110 may be organized into racks, action areas, groups, sets, or other suitable divisions. For example, in the illustrated example, computing devices 110 are grouped into three host sets, identified as a first host set, a second host set, and a third host set 112a-112c, respectively. In the illustrated example, each of the host sets 112a-112c is operatively coupled to a corresponding network node 120a-120c, respectively, which is commonly referred to as a "top-of-rack" or "TOR" network node. TOR network nodes 120a-120c may then be operatively coupled to additional network nodes 120 to form a computer network of a hierarchical, planar, mesh, or other suitable type of topology that allows communication between computing device 110 and external network 140. In other examples, multiple host sets 112a-112c may share a single network node 120. Computing device 110 may be virtually any type of general purpose or special purpose computing device. For example, these computing devices may be user devices such as desktop computers, laptop computers, tablet computers, display devices, cameras, printers, or smart phones. However, in a data center environment, these computing devices may be server devices, such as application server computers, virtual computing mainframe computers, or file server computers. Moreover, computing device 110 may be separately configured to provide computing, storage, and/or other suitable computing services.

In some examples, one or more of the computing devices 110 are IoT devices, devices that include some or all IoT hubs, devices that include some or all application back-ends, and the like, as discussed in more detail below.

Illustrative computing device

FIG. 2 is a diagram illustrating one example of a computing device 200 in which aspects of the present technology may be practiced. Computing device 200 may be virtually any type of general purpose or special purpose computing device. For example, the computing device 200 may be a user device, such as a desktop computer, a laptop computer, a tablet computer, a display device, a camera, a printer, or a smartphone. Likewise, computing device 200 may also be a server device, such as an application server computer, virtual computing host computer, or file server computer, for example, computing device 200 may be an example of computing device 110 or network node 120 of FIG. 1. The computing device 200 may also be an IoT device that connects to a network to receive IoT services. Likewise, computer device 200 may be an example of any of the devices shown or referenced in fig. 3-5, as discussed in more detail below. As shown in fig. 2, computing device 200 includes processing circuitry 210, operating memory 220, memory controller 230, data storage memory 250, input interface 260, output interface 270, and network adapter 280. Each of these previously listed components of computing device 200 includes at least one hardware element.

Computing device 200 includes at least one processing circuit 210, the at least one processing circuit 210 configured to execute instructions, such as instructions for implementing the workloads, processes, or techniques described herein. The processing circuit 210 may include a microprocessor, microcontroller, graphics processor, co-processor, field programmable gate array, programmable logic device, signal processor, or any other circuit suitable for processing data. Processing circuitry 210 is an example of a core. The above-described instructions, as well as other data (e.g., data sets, metadata, operating system instructions, etc.), can be stored in the operating memory 220 during runtime of the computing device 200. The operating memory 220 may also include any of a variety of data storage devices/components, such as volatile memory, semi-volatile memory, random access memory, static memory, cache, buffer, or other medium for storing runtime information. In one example, the operational memory 220 does not retain information when the computing device 200 is powered down. Rather, the computing device 200 may be configured to transfer instructions from a non-volatile data storage component (e.g., data storage component 250) to the operating memory 220 as part of a boot-up or other loading process. In some examples, other forms of execution may be employed, such as execution directly from data store 250, e.g., execution in place (XIP).

Operational memory 220 may include fourth generation double data rate (DDR4) memory, third generation double data rate (DDR3) memory, other Dynamic Random Access Memory (DRAM), High Bandwidth Memory (HBM), hybrid memory cube memory, 3D stacked memory, Static Random Access Memory (SRAM), Magnetoresistive Random Access Memory (MRAM), pseudo random access memory (PSRAM), or other memory, and such memory may include one or more memory circuits integrated onto a DIMM, a SIMM, a sodim, a Known Good Die (KGD), or other package. Such operational memory modules or devices may be organized according to channels, ranks (rank) and banks. For example, an operating memory device may be coupled to the processing circuitry 210 via the memory controller 230 in the channel. One example of computing device 200 may include one or two DIMMs per channel, with one or two ranks per channel. The operating memory within a rank may operate with a shared clock, a shared address and command bus. Furthermore, the operating memory device may be organized into banks, where a bank may be considered an array addressed by rows and columns. Based on the organization of such an operating memory, physical addresses within the operating memory may be referenced by tuples of channels, banks, rows, and columns.

Notwithstanding the above discussion, the operating memory 220 specifically does not include or encompass communication media, any communication media, or any signal per se.

Memory controller 230 is configured to interface processing circuitry 210 to operating memory 220. For example, memory controller 230 may be configured to interface commands, addresses, and data between operational memory 220 and processing circuitry 210. Memory controller 230 may also be configured to abstract or otherwise manage certain aspects of memory management from processing circuitry 210 or for processing circuitry 210. Although memory controller 230 is illustrated as a single memory controller separate from processing circuitry 210, in other examples multiple memory controllers may be employed, memory controller(s) may be integrated with operating memory 220, and so forth. Additionally, memory controller(s) may be integrated into the processing circuit 210. These and other variations are possible.

In computing device 200, data storage memory 250, input interface 260, output interface 270, and network adapter 280 are interfaced to processing circuit 210 through bus 240. Although fig. 2 illustrates bus 240 as a single passive bus, other configurations may also be suitable for interfacing data storage memory 250, input interface 260, output interface 270, or network adapter 280 to processing circuit 210, such as a set of buses, a set of point-to-point links, an input/output controller, a bridge, other interface circuitry, or any set thereof.

In computing device 200, data storage memory 250 is employed for long-term non-volatile data storage. Data storage memory 250 may include any of a variety of non-volatile data storage devices/components, such as non-volatile memory, magnetic disks, magnetic disk drives, hard disk drives, solid state drives, or any other medium that may be used for non-volatile storage of information. However, the data storage memory 250 specifically does not include or encompass communication media, any communication media, or any signal per se. In contrast to the operating memory 220, the data storage memory 250 is employed by the computing device 200 for non-volatile long-term data storage, rather than for runtime data storage.

Moreover, computing device 200 may include or be coupled to any type of processor-readable media, such as processor-readable storage media (e.g., operations memory 220 and data storage memory 250) and communication media (e.g., communication signals and radio waves). Although the term processor-readable storage medium includes the operations memory 220 and the data storage memory 250, throughout the description and claims the term "processor-readable storage medium," whether used in the singular or plural, is defined herein such that the term "processor-readable storage medium" specifically excludes and does not encompass communication media, any communication media, or any signal per se. However, the term "processor-readable storage medium" does encompass processor caches, Random Access Memory (RAM), register memory, and the like.

Computing device 200 also includes input interface 260, which may be configured to enable computing device 200 to receive input from a user or from other devices. Additionally, computing device 200 includes an output interface 270, which may be configured to provide output from computing device 200. In one example, output interface 270 includes a frame buffer, graphics processor, or accelerator, and is configured to render a display for presentation on a separate visual display device (such as a monitor, projector, virtual computing client computer, or the like). In another example, output interface 270 includes a visual display device and is configured to render and present a display for viewing. In yet another example, input interface 260 and/or output interface 270 may include a universal asynchronous receiver/transmitter ("UART"), a serial peripheral interface ("SPI"), an interactive integrated circuit ("I2C"), a general purpose input/output ("GPIO"), and/or the like. Moreover, input interface 260 and/or output interface 270 may include or interface with any number or type of peripheral devices.

In the illustrated example, computing device 200 is configured to communicate with other computing devices or entities via network adapter 280. Network adapter 280 may comprise a wired network adapter such as an ethernet adapter, a token ring adapter, or a Digital Subscriber Line (DSL) adapter. The network adapter 280 may also include a wireless network adapter, such as a Wi-Fi adapter, bluetooth adapter, ZigBee adapter, Long Term Evolution (LTE) adapter, SigFox, LoRa, power line, or 5G adapter.

Although computing device 200 is illustrated with certain components configured in a particular arrangement, these components and arrangements are merely one example of a computing device in which the present technology may be employed. In other examples, data storage memory 250, input interface 260, output interface 270, or network adapter 280 may be coupled to processing circuit 210 directly, or coupled to processing circuit 210 via an input/output controller, bridge, or other interface circuit arrangement. Other variations of the present technique are possible.

Some examples of computing device 200 include at least one memory (e.g., operating memory 220) adapted to store runtime data and at least one processor (e.g., processing unit 210) adapted to execute processor-executable code that, in response to execution, enables computing device 200 to perform actions.

Illustrative System

Fig. 3 is a block diagram illustrating an example of a system (300) with configurable peripheral mapping. System 300 may include network 330 as well as IoT support service 351, IoT devices 341 and 342, and application backend 313, all of which are connected to network 330.

The term "IoT device" refers to a device intended to utilize an IoT service. IoT devices may include virtually any device that connects to a network to use IoT services, including for telemetry collection or any other purpose. IoT devices include any device that can connect to a network to utilize IoT services. In various examples, the IoT device may communicate with the cloud, with a peer or local system, or with a combination of a peer and local system and the cloud, or in any other suitable manner. IoT devices may include everyday items such as toasters, coffee machines, thermostat systems, washing machines, dryers, lights, automobiles, and the like. IoT devices may also include, for example, various devices in a "smart" building, including lights, temperature sensors, humidity sensors, occupancy sensors, and the like. IoT services for IoT devices may be used for device automation, data capture, providing alerts, personalization of settings, and many other applications.

The term "IoT support service" refers to one device, a portion of at least one device, or a plurality of devices, such as a distributed system, in some examples, an IoT device connects to one device, a portion of at least one device, or a plurality of devices, such as a distributed system, over a network to obtain an IoT service. In some examples, the IoT support service is an IoT hub. In some examples, IoT hubs are excluded and IoT devices communicate with the application backend directly or through one or more intermediaries (intermediaries) without including IoT hubs, and software components in the application backend operate as IoT support services. The IoT device receives the IoT service via communication with the IoT support service. In some examples, the IOT support services may be embedded within the device, or embedded in the local infrastructure.

The application backend 313 refers to a device or devices, such as a distributed system, that performs actions to implement data collection, storage, and/or actions to be taken based on IoT data, including user access and control, data analysis, data display, control of data storage, automated actions to be taken based on IoT data, and the like. The application backend 313 may also be one or more virtual machines deployed in a public cloud or a private cloud. In some examples, at least some of the actions taken by the application backend 313 may be performed by an application running in the application backend.

Each of IoT devices 341 and 342, and/or the devices that include IoT support service 351 and/or application backend 313, may comprise an example of computing device 200 of fig. 2. The term "IoT support service" is not limited to one particular type of IoT service, but refers to a device with which an IoT device communicates after provisioning (provisioning) to obtain at least one IoT solution or IoT service. That is, the term "IoT support service" as used throughout the specification and claims is generic to any IoT solution. The term "IoT support service" refers only to a portion of the IoT solution/IoT service with which the provisioned IoT device communicates. In some examples, communication between the IoT device and the one or more application backend occurs with the IoT support service as an intermediary. Fig. 3 and the corresponding description of fig. 3 in the specification illustrate an example system, which is used for illustrative purposes and does not limit the scope of the present disclosure.

One or more of IoT devices 341 and 342 may include a device controller 345, which may operate to control the IoT devices. Each device controller 345 may include multiple execution environments. The device controller 345 may be a multi-core microcontroller. In some examples, the device controller 345 is an integrated circuit having multiple cores, such as at least one Central Processing Unit (CPU) and at least one Microcontroller (MCU).

Network 330 may include one or more computer networks, including wired and/or wireless networks, where each network may be, for example, a wireless network, a Local Area Network (LAN), a Wide Area Network (WAN), and/or a global network such as the internet. On an interconnected set of LANs, including LANs based on differing architectures and protocols, a router acts as a link between LANs, enabling messages to be sent from one to another. Moreover, the communication links within a LAN typically comprise twisted wire pairs or coaxial cable, while the communication links between networks may utilize analog telephone lines, full or partial dedicated digital lines (including T1, T2, T3, and T4), Integrated Services Digital Networks (ISDN), Digital Subscriber Lines (DSL), wireless links including satellite links, or other communication links known to those skilled in the art. In addition, remote computers and other related electronic devices can be remotely connected to either LANs or WANs via a modem and temporary telephone link. Network 330 may include various other networks such as one or more networks using local network protocols such as 6LoWPAN, ZigBee, and the like. Some IoT devices may connect to user devices via a network in network 330 that is different from other IoT devices. Essentially, network 330 includes any communication method by which information may travel between IoT support service 351, IoT device 341, and IoT device 342, and application backend 313. Although each device or service is shown connected to network 330, this does not mean that each device communicates with every other device shown. In some examples, some of the devices/services shown communicate with only some of the other devices/services shown via one or more intermediary devices. Also, although network 330 is illustrated as one network, in some examples, network 330 may instead include multiple networks that may or may not be connected to each other, with some devices shown communicating with each other over one of the multiple networks and other devices shown communicating with each other over a different one of the multiple networks.

As one example, IoT device 341 and IoT device 342 are devices intended to utilize IoT services provided by IoT support service 351.

The system 300 may include more or fewer devices than illustrated in fig. 3, which fig. 3 shows by way of example only.

Illustrative apparatus

Fig. 4 is a block diagram illustrating an example of the device controller 445. The device controller 445 may be employed as an example of the device controller 345 of FIG. 3. The device controller 445 may include a security complex 451, a CPU453, a Direct Memory Access (DMA) block 454, a Trusted Zone (TZ) DMA block 455, a flash memory 456, a radio block 457, a secure Static Random Access Memory (SRAM)458, a core mapping block 459, an interrupt/DMA handshake routing block 460, an MCU461, an MCU 462, a master advanced extensible interface (AXI) bus 463, an auxiliary AXI bus 464, bridges 465 and 466, an AXI-to-advanced peripheral device bus (APB) bridge 467 for each peripheral device, an interface 471, a GPIO 472, an analog-to-digital converter (ADC)473, a Real Time Clock (RTC)474, and a performance counter 475.

In some examples, device controller 445 enables a device, including device controller 445, to operate as an IoT device, such as IoT device 341 or 342 of fig. 3. In some examples, the device controller 445 is a multi-core microcontroller. In some examples, the device controller 445 runs a high-level operating system. In some examples, the device controller 445 may have at least 4MB of RAM and at least 4MB of flash memory and may be a single integrated circuit. In some examples, the device controller 445 not only provides network connectivity, but also provides various other functions including hardware and software security, monitored operating systems, cryptographic functions, peripheral control, telemetry, and the like. Additionally, the device controller 445 may include techniques for: allowing the device controller 445 to be launched in a secure manner, allowing the device controller 445 to be securely updated, ensuring that appropriate software is running on the device controller 445, allowing the device controller 445 to function properly as an IoT device, and so forth.

In some examples, the security complex 451 comprises a CSC (core security complex), which is the root of trust of hardware in the device controller 445. In some examples, the core security complex is directly connected to the secure MCU in the security complex 451. In some examples, the secure MCU in the security complex 451 has a very high degree of trust, but is not as trusted as the core security complex in the security complex 451. In some examples, the security complex 451 turns on the entire system at startup.

In some examples, the CPU453 runs a high level operating system. In some examples, the CPU453 has two independent execution environments: a secure world execution environment and a normal world execution environment. The term "secure world" is used broadly to refer to a trusted environment and is not limited to a particular security feature. In some examples, the secure world execution environment of CPU453 is also part of the trusted computing base (base) of the system. For example, in some examples, the secure world execution environment of CPU453 is accessible without restriction to reprogram hardware protection mechanisms, such as firewalls in some examples. However, in some examples, the secure world execution environment of the CPU453 has no access to the interior of the core security complex of the security complex 451, and relies on the secure MCU of the security complex 451 to perform certain security-sensitive operations.

The radio block 457 may provide Wi-Fi communication. The master AXI 463 and auxiliary AXI 464 may be buses connecting the illustrated components. In some examples, bridges 465, 466, and 467 bridge the illustrated components. The RTC block 474 may operate as a real time clock. In some examples, all components in the device controller 345 may read from the RTC block 474, but not all components have write access to the RTC block 474. The device controller 445 may include various forms of memory, including flash memory and SRAM, such as flash memory 456 and secure SRAM 458.

In some examples, IO subsystem 1461 and IO subsystem 2462 are I/O subsystems for general purpose I/O connectivity. In some examples, IO subsystem 1461 and IO subsystem 2462 each include an MCU.

The DMA block 454 may be used to manage data movement by the normal world execution environment of the CPU 453. Trusted Zone (TZ) DMA block 455 may be used to manage data movement of the secure world execution environment of CPU 453. In some examples, each IO subsystem also has its own DMA block. Each of the DMA blocks may be configured to support data movement between cores, peripherals, other components, and the like.

Each of the cores may have a bidirectional mailbox to support inter-processor communication. The performance counters 475 may be configured to count read requests, write requests, and data type requests for performance monitoring. In some examples, the performance counter 475 may also be configured to measure latency from the core to the target, such as latency from the MCU 462 to the SRAM 458.

In some examples, the interface at block 459 comprises two interactive integrated circuit sound (I2S) interfaces: one for audio input and one for audio output. In other examples, other interface configurations may be employed, and in various examples, block 459 may comprise any suitable interface.

In some examples, the device controller 445 includes a core mapping function in which at least some of the communications between the core and the peripherals in both directions are routed by the intermediary such that each peripheral appears to be "owned" by a particular core via a hardwired connection, while in fact the core mapping is configurable. In some examples, sideband communications between a core and a peripheral are routed in this manner, i.e., communications between the core and the peripheral that are typically point-to-point communications. In some examples, the sideband communication includes interrupts from the peripheral device, and also includes DMA communication between the core and the peripheral device. DMA communications between the core and the peripheral device may include hardware flow control signals. DMA communications may include hardware handshakes, including requests and acknowledgements for read and write data.

In some examples, when sideband communications are to travel from a core to a peripheral or from a peripheral to a core, the communications enter an intermediate block that routes the communications so that communications occur between the peripheral and the core to which the peripheral has been mapped according to a core mapping. In some examples, one or more intermediate routing tables, which have been configured with the core map, route communications.

In some examples, the kernel map is separate for each device type, but the same for each device of the same model. In some examples, the core map is stored in, for example, flash memory or other suitable location. For example, in some examples, the core map is stored in flash memory 456. In some examples, security code running in the secure world of CPU453 reads the stored configuration information. The security code may program the core mapping and interrupt routing tables based on the stored configuration information. In some examples, the core map and the mid-break routing table are stored in the interrupt/DMA handshake routing block 460. In some examples, the core mapping and interrupt routing tables are configuration registers, and writes to these registers are limited to secure code.

After programming the core mapping and interrupt routing tables in the interrupt/DMA handshake routing block 460, a sticky lock bit may be set so that the core mapping and interrupt routing are fixed until the device controller 445 is restarted. As used herein, a "sticky" bit means a bit that has two values and, once set, is prevented from being changed until device 445 reboots. One or more tables corresponding to the sticky lock bits may be configured such that when the sticky lock bits are set, the tables are prevented from being changed. That is, in some examples, once the sticky lock bit is set, further writes to the table corresponding to the sticky lock bit may be ignored or otherwise invalidated. During normal operation, after the table has been programmed and the sticky lock bit has been set, then the core map and interrupt routing tables may be used as configured.

In some examples, interrupt and DMA intermediate routes and any other associated intermediate routes are configured with the same core-to-peripheral mapping as each other. That is, in some examples, a peripheral is mapped to the same core regardless of which core the peripheral is mapped to, such that the core and peripheral appear to have a hardwired connection. That is, in these examples, the peripheral device maps to the same core across interrupt intermediate routes, DMA intermediate routes, and any other associated intermediate routes.

In some examples, some interrupts may be hardwired to a particular core, while other interrupts may be configurable in the manner discussed above. In some examples, the mailbox interrupt is hardwired. In some examples, when any of the I/O subsystems or mailboxes interrupts its associated core, the security complex 451 also receives any interrupts. Such interrupts may be used by the security complex 451 for the purpose of associated power management functionality.

In some examples, as explained in more detail below, the independent execution environment of the device controller 445, which may include, for example, each core in the device controller 445, may operate within a trusted hierarchy, and in some cases, multiple independent execution environments within one core (e.g., a secure world operating environment in the CPU453 and a normal world operating environment in the CPU 453) may operate within a trusted hierarchy. In some examples, a hierarchy of trust may play a role in assigning peripheral devices to particular cores. However, the disclosure is not so limited, and in other examples, there is no hierarchy of trust in the device controller 445, and the determination of which peripheral devices are assigned to a particular core is based on other factors.

In some examples, the MCU in the security complex 451 has a very high degree of trust, but is not as trusted as the core security complex in the security complex 451. In these examples, the MCU in the security complex 451 controls one or more functions associated with high confidence. In one example, the MCU in the security complex 451 controls the power of the device controller 445 and/or the IoT devices.

In some examples, the secure world execution environment of CPU453 is also part of the trusted computing base of the system. For example, in some examples, the secure world runtime (secure world RT) of CPU453 is accessible without restriction to reprogram hardware protection mechanisms, such as firewalls in some examples. However, in some examples, the secure world RT does not have access to the interior of the core security complex of the security complex 451 and relies on the MCU in the security complex 451 to perform certain security sensitive operations.

The normal world execution environment of the CPU453 can be configured to have limited access to on-chip resources such as memory. In some examples, various security and quality criteria (e.g., relatively high criteria) may be enforced for code running in the environment, but not as trusted as code running on an MCU in the security complex 451 or code running in the secure world of the CPU 453.

In some examples, MCUs 461 and 462 are less trusted than MCUs in security complex 451 and less trusted than CPU 453. In some examples, radio module 457 may include a core, which may be an MCU in some examples. The radio block 457 may provide Wi-Fi functionality and connectivity to the internet and cloud services such as IoT services. In some examples, radio block 457 may provide communication via bluetooth, Near Field Communication (NFC), ZigBee, Long Term Evolution (LTE), and/or other connectivity techniques. In some examples, the cores in radio block 457 cannot access unencrypted secrets and cannot compromise execution of CPU 453.

In some examples, each independent execution environment is managed by a single software component that executes in a separate execution environment referred to as the "parent" of the execution environment. In such an example, one exception may be that the hardware root of trust (the core security complex of security complex 451 in this example) has no parent. In one particular example, each parent executes in an environment that is at least as trusted as the environment it manages. In other examples, other suitable security means may be employed. The management operations may include launching and resuming the target environment, monitoring and handling resets in the target environment, and configuring access policies for the target environment. In some cases, certain management operations are performed by components other than the parent. For example, in some examples, the normal world of the CPU453 is the environment that manages the MCUs 461 and 462, but receives assistance from the secure world of the CPU453 to do so.

For example, in some examples, the MCU of the security complex 451 manages the secure world RT of the CPU453, a component in the secure world RT of the CPU453 manages the normal world OS of the CPU453, a component in the normal world OS of the CPU453 manages the normal world user mode of the CPU453, and the normal world user mode service of the CPU453 manages the MCUs 461 and 462 and the core in the radio block 457.

In some examples, the independent execution environments are not only managed by software components from more trusted execution environments, but different functions are assigned to different independent execution environments, with more sensitive functions assigned to more trusted independent execution environments. In one particular example, an independent execution environment that is less trusted than the independent execution environment to which the function is assigned is restricted from accessing the function. In this way, in some examples, the independent execution environment implements deep defenses based on trust hierarchies.

For example, in some examples, the core security complex of the security complex 451 is at the top of the hierarchy and assigned to secrets (e.g., encryption keys), the secure MCU in the core security complex 451 is next in the hierarchy and assigned to control power, the secure world RT of the CPU453 is next in the hierarchy and assigned to storage and write access to a Real Time Clock (RTC), the normal world OS of the CPU453 is next in the hierarchy and assigned to Wi-Fi, the normal world user mode application of the CPU453 is next in the hierarchy and assigned to applications, and the MCUs 461 and 462 are at the bottom of the hierarchy and assigned to peripherals. In other examples, the functionality is distributed differently to the separate execution environments.

In some examples, each level of the trust hierarchy has control over accepting or rejecting requests from a less trusted level, e.g., in terms of enabling support for the software they handle, except for the bottom level of the hierarchy (i.e., the least trusted), and the ability to level limit or audit requests from the less trusted level, as well as the ability to validate requests from a lower level, e.g., to ensure that the requests are correct and authentic. Also, as discussed previously, in some examples, each level of the hierarchy, except the top (i.e., most trusted) level, has a parent that is responsible for managing lower (i.e., less trusted) levels, including monitoring whether software on the lower level is functioning correctly.

In the example given above, MCUs 461 and 462 are assigned to managing peripheral devices. In some examples, they may be assigned to the peripheral devices in a configurable manner as discussed above. In some examples, some peripherals are more sensitive than others, and in some examples, particularly sensitive peripherals may be assigned to a more trusted core than MCUs 461 and 462. In some examples, the concept of "peripherals" may be used more broadly, such that, for example, WiFi functionality may be considered peripherals that are not hardwired to a particular core, and instead have a configurable mapping to a particular core in the manner of other peripherals.

In addition to simply mapping a particular peripheral to a particular core, a particular peripheral may also be mapped to a particular independent execution environment. For example, the peripheral device may be mapped to a particular independent execution environment. For example, the peripheral may be mapped to a particular core, such as the MCU461, the MCU 462, or a secure MCU of the security complex 451, or the peripheral may instead be mapped to the secure world of the CPU453 or the normal world of the CPU 453.

Illustrative Process

For clarity, the processes described herein are described in terms of operations performed by specific devices or components of a system in a specific order. Note, however, that other processes are not limited to the order, devices, or components set forth. For example, some acts may be performed in a different order, performed in parallel, omitted, or supplemented by additional acts or features, whether or not such order, parallelism, acts, or features are described herein. Likewise, any of the techniques described in this disclosure may be incorporated into the described processes or other processes, whether or not the techniques are specifically described in connection with the processes. The disclosed processes may also be performed on or by other devices, components, or systems, whether or not such devices, components, or systems are described herein. These processes may also be embodied in various ways. For example, they may be embodied on an article of manufacture, e.g., as processor readable instructions stored in a processor readable storage medium or executed as a computer implemented process. As an alternative example, the processes may be encoded as processor-executable instructions and transmitted over a communication medium.

Fig. 5 is a diagram illustrating an example data flow of a process (580) for configuring access to a peripheral.

In the illustrated example, step 581 occurs first. At step 581, in some examples, the stored configuration information is read. In some examples, the stored configuration information is associated with: the plurality of independent execution environments are mapped to the plurality of peripheral devices such that a peripheral device of the plurality of peripheral devices has a corresponding independent execution environment of the plurality of independent execution environments.

As shown, step 582 occurs next in some examples. At step 582, the configurable route is programmed based on the configuration information. For example, the configurable routing may include a configurable interrupt routing table, a configurable data management access routing table, a plurality of configuration registers, and the like. As shown, step 583 occurs next in some examples. At step 583, an interrupt from a peripheral device may be received. As shown, step 584 next occurs in some examples. At step 584, in some examples, the interrupt is routed to the corresponding independent execution environment based on configurable routing (e.g., a configurable interrupt routing table).

The process may then proceed to a return block where other processing may resume.

Conclusion

While the above detailed description describes certain examples of the technology, and describes the best mode contemplated, no matter how detailed the above appears in text, the technology can be practiced in many ways. In practice, the details may vary, but still be covered by the techniques described herein. As noted above, particular terminology used when describing certain features or aspects of the technology should not be taken to imply that the terminology is being redefined herein to be restricted to any specific characteristics, features, or aspects associated with the terminology. In general, the terms used in the following claims should not be construed to limit the technology to the specific examples disclosed herein, unless the detailed description explicitly defines such terms. Accordingly, the actual scope of the technology encompasses not only the disclosed examples, but also all equivalent ways of practicing or implementing the technology.