WO2021217589A1 - Security data processing method and apparatus - Google Patents
Security data processing method and apparatus Download PDFInfo
- Publication number
- WO2021217589A1 WO2021217589A1 PCT/CN2020/088317 CN2020088317W WO2021217589A1 WO 2021217589 A1 WO2021217589 A1 WO 2021217589A1 CN 2020088317 W CN2020088317 W CN 2020088317W WO 2021217589 A1 WO2021217589 A1 WO 2021217589A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- processing core
- thread
- processing
- secure data
- core
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/02—Addressing or allocation; Relocation
- G06F12/08—Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
- G06F12/0802—Addressing of a memory level in which the access to the desired data or data block requires associative addressing means, e.g. caches
- G06F12/0806—Multiuser, multiprocessor or multiprocessing cache systems
- G06F12/0811—Multiuser, multiprocessor or multiprocessing cache systems with multilevel cache hierarchies
Definitions
- This application relates to the technical field of secure data, and in particular to a secure data processing method and device.
- Simultaneous multithreading also known as synchronous multithreading
- CPU central processing unit
- CPU central processing unit
- Multiple threads are executed in parallel, and the multiple threads can share physical resources to improve system performance and reduce power consumption.
- time-sharing and multiplexing of shared resources among multiple processing cores will cause differences in the time for accessing shared resources, which will lead to vulnerability to attacks and disclosure of sensitive information.
- Another example is to eliminate code that may leak sensitive information, and change the process of processing sensitive information in the code to a "constant-time" code form.
- the solution will Missing or misreporting the code of sensitive information, and the code corresponding to the sensitive information is also huge, making this solution difficult to implement.
- dividing the physical resources of the CPU according to logical cores, assigning physical resources to each logical core separately, and prohibiting one logical core from accessing the physical resources of other logical cores to reduce the risk of attack similar to the above-mentioned solution of turning off the SMT function.
- This solution also fails to take advantage of SMT's technical advantages, resulting in a decrease in system performance.
- the embodiments of the present application provide a secure data processing method and device, which can improve system security and reduce the risk of attack on the basis of supporting the SMT function.
- this application adopts the following technical solutions.
- a secure data processing method includes: a first processing core executes a first thread in a normal mode, a second processing core executes a second thread in a normal mode, and the first processing core suspends execution of the first thread when it needs to switch to the safe mode, The first processing core instructs the second processing core to suspend the execution of the second thread, and then the second processing core suspends the execution of the second thread according to the instruction of the first processing core, and the first processing core switches from the normal mode to the safe mode to process the first information. It should be noted that this application does not limit the sequence in which the first processing core suspends the execution of the first thread and the first processing core instructs the second processing core to suspend the execution of the second thread.
- each processing core executes its corresponding thread in the normal mode, taking advantage of multi-threading and improving system performance.
- a processing core needs to switch to safe mode, instruct other processing cores to suspend execution of the corresponding thread.
- the first processing core needs to switch to safe mode, instruct the second processing core to suspend execution of the second thread, which can eliminate one processing core in safety
- this solution does not need to completely turn off the SMT function, which improves system performance.
- the above-mentioned first processing core instructs the second processing core to suspend the execution of the second thread, which may include: the first processing core sends first instruction information to the control circuit, and the control circuit sends first instruction information to the control circuit in response to the first instruction information.
- the second processing core sends second instruction information, where the second instruction information is used to instruct the second processing core to suspend execution of the second thread.
- the first processing core may send information that it needs to switch to the safe mode to the control circuit, so that the control circuit instructs the second processing core to suspend the execution of the second thread.
- control circuit may include: a safe mode synchronization module or an interrupt controller.
- the secure data processing method may further include: the second processing core switches to the safe mode, or in the normal mode. Enter the first low power consumption state in the mode to reduce power consumption.
- the safe data processing method may further include: the second processing core enters the second low power consumption state in the safe mode, or processes the second information in the safe mode . That is to say, after the second processing core is switched to the safe mode, it can enter the second low-power state to reduce system power consumption, and can also process the second information that needs to be processed by itself. At this time, the second information can be compared with the first The information is different. It can also be combined with the first processing core into a single core to process the second information. At this time, the second information can be the same as the first information, that is, the combined single core processes the first processing core that needs to be processed by the first processing core. information.
- the safe data processing method may further include: the first processing core exits the safe mode, and the first processing core exits the safe mode.
- the second processing core is triggered to resume execution of the second thread, the first processing core resumes execution of the first thread, and the second processing core resumes execution of the second thread according to the trigger of the first processing core.
- the first processing core finishes processing the first information in the safe mode, it can exit the safe mode, continue to execute the first thread in the normal mode, and trigger the second processing core to resume the execution of the second thread, and continue to play the multi-threaded system.
- this application does not limit the sequence in which the first processing core triggers the second processing core to resume execution of the second thread and the first processing core resumes execution of the first thread.
- the safe data processing method may further include: the first processing core clears traces of processing the first information in the safe mode, that is, the first processing core The use traces of the first information remaining in the shared hardware resources can be cleared in the safe mode, so as to further improve the security of the system.
- the second processing core processes the second information in the safe mode, before the second processing core exits the safe mode, the second processing core can clear the remaining usage traces of the second information processed in the safe mode in the shared hardware resources, To further improve system security.
- the first processing core and the second processing core may be physical cores or logical cores.
- a secure data processing device in the second aspect, includes a first processing core and a second processing core.
- the first processing core is used to execute the first thread in the normal mode, suspend the execution of the first thread when it needs to switch to the safe mode, instruct the second processing core to suspend the execution of the second thread, and switch from the normal mode to the safe mode To process the first information.
- the second processing core is configured to execute the second thread in the normal mode, and suspend the execution of the second thread according to the instruction of the first processing core.
- the secure data processing device may also include a control circuit.
- the first processing core is also used to send first indication information to the control circuit
- the control circuit is used to send second indication information to the second processing core in response to the first indication information
- the second indication information is used to indicate the second indication information.
- the processing core suspends execution of the second thread.
- control circuit includes: a safe mode synchronization module or an interrupt controller.
- the second processing core is further configured to switch to the safe mode or enter the first low power consumption state in the normal mode after suspending the execution of the second thread according to the instruction of the first processing core.
- the second processing core is also used to enter the second low power consumption state in the safe mode after the second processing core is switched to the safe mode, or to process the second information in the safe mode.
- the first processing core is also used to: after switching from the normal mode to the safe mode to process the first information, exit the safe mode, trigger the second processing core to resume execution of the second thread, and resume Execute the first thread.
- the second processing core is also used to resume execution of the second thread according to the trigger of the first processing core.
- the first processing core is also used to clear traces of processing the first information in the safe mode before exiting the safe mode.
- the first processing core and the second processing core may be physical cores or logical cores.
- the secure data processing device described in the second aspect may be a processor.
- the technical effect of the secure data processing device described in the second aspect may refer to the security described in any implementation manner of the first aspect. The technical effect of the data processing method will not be repeated here.
- a secure data processing device in the third aspect, includes a first processing module and a second processing module.
- the first processing module is used to implement the function of the first processing core involved in any possible implementation manner in the first aspect
- the second processing module is used to implement the function involved in any possible implementation manner in the first aspect.
- the second processing core function.
- the secure data processing device may further include a control module.
- the control module may be used to implement the function of the control circuit involved in any possible implementation manner in the first aspect.
- the secure data processing device described in the third aspect may further include a storage module, the storage module may be a memory, and the storage module is used to store any one of the possible implementation manners in the first aspect.
- the secure data processing device described in the third aspect can execute the secure data processing method described in the first aspect.
- the secure data processing device described in the third aspect may further include a transceiver module.
- the transceiver module may be a transceiver circuit or an input/output port, and the transceiver module may be used to implement the transceiver function involved in any one of the possible implementation manners in the first aspect.
- the transceiver module may include a receiving module and a sending module, and this application does not specifically limit the specific implementation of the transceiver module.
- the secure data processing device described in the third aspect may be a processor, and one or more of the above modules may be implemented by hardware, software, or hardware execution of corresponding software.
- the hardware or software includes one or more modules or units corresponding to the above-mentioned functions.
- the software exists in the form of computer program instructions and is stored in the memory.
- the technical effect of the secure data processing device described in the third aspect may refer to the technical effect of the secure data processing method described in any implementation manner in the first aspect, which will not be repeated here.
- a secure data processing system includes the secure data processing device described in the second or third aspect.
- a computer-readable storage medium includes a computer program or instruction.
- the computer program or instruction runs on a computer, the computer executes any one of the possible implementation methods in the first aspect.
- the computer includes a first processing core and a second processing core.
- a computer program product includes: a computer program or instruction, which when the computer program or instruction runs on a computer, causes the computer to execute the security described in any one of the possible implementation manners in the first aspect
- the computer includes a first processing core and a second processing core.
- FIG. 1 is a schematic diagram of the architecture of a secure data processing system provided by an embodiment of the application
- FIG. 2 is a first schematic flowchart of a secure data processing method provided by an embodiment of this application
- FIG. 3 is a first structural diagram of a secure data processing device provided by an embodiment of the application.
- FIG. 4 is a second schematic flowchart of a secure data processing method provided by an embodiment of this application.
- FIG. 5 is a third schematic flowchart of a secure data processing method provided by an embodiment of this application.
- FIG. 6 is a second structural diagram of a secure data processing device provided by an embodiment of this application.
- FIG. 7 is a third structural diagram of a secure data processing device provided by an embodiment of the application.
- At least one of a, b, or c can mean: a, b, c, a-b, a-c, b-c or a-b-c, where a, b, and c can be single or multiple.
- FIG. 1 is a schematic structural diagram of a secure data processing system to which the secure data processing method provided in an embodiment of the application is applicable.
- the secure data processing system can be an Intel architecture CPU using SMT technology, an ARM architecture CPU using SMT technology, or other CPUs using SMT technology.
- the solutions in the embodiments of the present application can also be applied to secure data processing systems of other architectures.
- a CPU is taken as an example for introduction, but this solution is not limited to this, but can be extended to other types of processors.
- the secure data processing system includes a hardware layer and a software layer.
- the hardware layer may include a first processing core and a second processing core. It can be understood that the solution of the present application may include more processing cores, and the subsequent embodiments only take two processing cores as an example for introduction.
- the hardware layer may also include a control circuit.
- the software layer may include an untrusted execution environment (REE, also known as a rich execution environment), a trusted execution environment (TEE), and a security processing core scheduling module.
- REE untrusted execution environment
- TEE trusted execution environment
- REE environment can be called normal mode or non-secure mode, including Android or Windows environment
- TEE environment can be called security mode
- the security processing core scheduling module can include: active processing core scheduling module, idle processing core scheduling module, and safe processing Nuclear synchronization control module.
- the first processing core executes the first thread
- the second processing core executes the second thread
- the secure data processing system may include more than two processing cores, and each of the two or more processing cores may execute respective corresponding threads in the REE environment, which is not limited in this application.
- the first processing core may include a first synchronization circuit
- the second processing core may include a second synchronization circuit.
- the control circuit can be used to realize the communication interaction between the processing cores, such as inter-process communication. Specifically, the control circuit receives the event sent by the processing core that the processing core needs to switch to the TEE environment, and triggers other processing cores to suspend or resume execution. The thread does not need to completely shut down the SMT mode, but allows other processing cores to suspend or resume work when SMT is enabled. Exemplarily, the control circuit may be used to realize that the first processing core instructs the second processing core to suspend or resume the execution of the second thread.
- the control circuit may include a safe mode synchronization module or an interrupt controller (not shown in FIG. 1), and the specific implementation of the safe mode synchronization module or interrupt controller can refer to the following S203, which will not be repeated here.
- the non-trusted execution environment can also be referred to as a rich execution environment
- the processing core can execute corresponding threads in the non-trusted execution environment.
- the first processing core executes the first thread in the untrusted execution environment
- the second processing core executes the second thread in the untrusted execution environment.
- the trusted execution environment is isolated from the untrusted execution environment and can be used to protect sensitive information.
- the processing core can execute secure business code in a trusted execution environment, for example, fingerprint verification, identity verification, etc. can be performed.
- the active processing core scheduling module can be used to schedule processing cores that actively request to switch from the REE environment to the TEE environment to enter the TEE environment. For example, when the first processing core needs to switch from the REE environment to the TEE environment, the code of the active processing core scheduling module is executed to switch to the TEE environment.
- the idle processing core scheduling module can be used to schedule processing cores other than the processing core that actively requests to switch to the TEE environment to switch to the TEE environment. For example, if the first processing core is a processing core that actively requests to switch to the TEE environment, the second processing core may execute the code of the idle processing core scheduling module to enter the TEE environment.
- the security processing core synchronization control module is the drive of the control circuit of the hardware layer and can trigger the control circuit to produce corresponding actions. For example, the trigger control circuit instructs the second processing core to suspend execution of the second thread. This solution does not need to completely close the SMT mode, but allows the second processing core to suspend work or resume afterwards when SMT is enabled.
- FIG. 1 is only a simplified schematic diagram of an example for ease of understanding, and the schematic structural diagram of the secure data processing system may also include other components/units, which are not shown in FIG. 1.
- the secure data processing method provided by the embodiment of the present application will be described in detail below in conjunction with Figures 2 to 5.
- FIG. 2 is a first schematic flowchart of a secure data processing method provided by an embodiment of this application.
- the secure data processing method can be applied to the communication between the various components of the hardware layer shown in FIG. 1.
- the secure data processing method includes the following steps: S201, the first processing core executes the first thread in the normal mode, and the second processing core executes the second thread in the normal mode.
- the normal mode may be the REE environment shown in FIG. 1, the normal mode may also be referred to as an unsafe mode, the REE environment is a general operating environment, and the processing core may execute the corresponding thread in the REE environment.
- the first processing core and the second processing core may be physical cores or logical cores.
- FIG. 3 is a structural schematic diagram 1 of the secure data processing device provided in an embodiment of the present application.
- the secure data processing device may include one or more physical cores, such as physical core 0 and physical core 1.
- Each physical core may include one or more logical cores, such as logical core 0 and logical core 1.
- each physical core may include physical resources, that is, a corresponding circuit hardware core.
- the physical resource may include at least one of the following: Level 1 instruction cache (L1 Instruction Cache), Level 1 data cache (L1 data cache), cache bank, translation lookaside buffer, TLB ), computing unit (vector unit), load/store buffer, port connection, etc.
- the logical cores included in the physical core can share the physical resource.
- the logical core 0 and the logical core 1 can share the physical resources of the physical core, which can improve system performance and reduce power consumption.
- FIG. 3 is only a simplified schematic diagram for ease of understanding.
- the schematic structural diagram of the secure data processing device may also include other components/units, which are not shown in FIG. 3.
- the specific definition of the logic core can be described with reference to the prior art.
- the first processing core suspends execution of the first thread when it needs to switch to the safe mode.
- the security mode may be the TEE environment shown in FIG. 1, and fingerprint verification, identity verification, etc. may be performed in the TEE environment.
- the first processing core invokes the secure monitor call (SMC) instruction through the first thread, thereby determining that the first processing core needs to switch to the safe mode and pause in the normal mode. The first thread of execution in the mode.
- SMC secure monitor call
- S203 The first processing core instructs the second processing core to suspend execution of the second thread. It should be noted that the second processing core may first suspend the execution of the first thread when it needs to switch to the safe mode, and then instruct the second processing core to suspend the execution of the second thread. Alternatively, the second processing core may first instruct the second processing core to suspend the execution of the second thread when it needs to switch to the safe mode, and then suspend the execution of the first thread by itself. That is to say, this application does not limit the sequence of the foregoing S202 and S203.
- the first processing core instructs the second processing core to suspend the execution of the second thread, which may include the following steps 1 to 2.
- Step 1 The first processing core sends first instruction information to the control circuit.
- the first indication information may be used to indicate that the first processing core needs to switch to the safe mode.
- the first indication information may be used to instruct the second processing core to suspend execution of the second thread.
- the first processing core may send its own actions to be performed to the control circuit for the control circuit to determine the following second instruction information.
- the first processing core may directly send the instruction information to the second processing core to the control circuit according to its own state, and the control circuit directly forwards the instruction information of the first processing check to the second processing core, that is, the following second instruction information is at this time and The first indication information is the same.
- Step 2 The control circuit sends second instruction information to the second processing core in response to the first instruction information.
- the second indication information may be used to instruct the second processing core to suspend execution of the second thread.
- the second indication information may include a synchronization signal, or a safety interrupt, or a non-safe interrupt.
- the synchronization signal can be used to instruct the second processing core to switch to the safe mode
- the safety interrupt can be used to instruct the second processing core to switch to the safe mode
- the non-safe interrupt can be used to instruct the second processing core to enter the first mode in the normal mode.
- Low power consumption state The power consumption of the second processing core in the first low power consumption state is lower than the power consumption of the second processing core in a normal working state.
- control circuit may include: a safe mode synchronization module or an interrupt controller.
- a safe mode synchronization module as an example, in a possible design solution, in the foregoing S203, the first processing core instructs the second processing core to suspend execution of the second thread, which may include the following steps three to four.
- Step 3 The first processing core sends first instruction information to the security mode synchronization module.
- the safe mode synchronization module can be used to trigger other processing cores to switch to the safe mode when one processing core needs or has switched to the safe mode. For example, if the first processing core needs or has been switched to the safe mode, the second processing core is triggered to switch to the safe mode.
- Step 4 The security mode synchronization module responds to the first instruction information and sends second instruction information to the second processing core.
- the second indication information may be a synchronization signal.
- the second indication information refer to the above step two, which will not be repeated here.
- the methods for switching the safety mode include synchronous switching and asynchronous switching.
- the processing core enters the safe mode through the SMC instruction, and exits the safe mode through the abnormal instruction is called synchronous switching.
- the way the processing core enters the safe mode through an external interrupt or exception is called asynchronous switching.
- TrustZone technology can support synchronous handover and asynchronous handover, while Intel SGX technology only supports synchronous handover.
- the first processing core switches to the secure mode solution, which has short delay, low performance overhead, and reduces the risk of attack.
- This solution is also suitable for the scenario of synchronously switching to the safe mode and the scenario of asynchronously switching to the safe mode, which can protect the TEE environment of TrustZone technology and Intel SGX technology and reduce the risk of attack.
- any of the aforementioned processing cores may also include a synchronization circuit.
- the first processing core may also include a first synchronization circuit
- the second processing core may also include a second synchronization circuit.
- the first synchronization circuit may be used to actively send the first indication information to the safe mode synchronization module when the first processing core needs to switch from the normal mode to the safe mode.
- the second synchronization circuit may be used to trigger the second processing core to suspend execution of the corresponding thread when the second instruction information is received.
- the safe data switching method shown in FIG. 2 is illustrated by taking the first processing core to actively switch to the safe mode as an example. It should be understood that if the second processing core actively switches to the safe mode, the second processing core can perform the functions of the first processing core in the safe data switching method shown in FIG. 2, and the first processing core can execute the safe data shown in FIG. The function of the second processing core in the switching method. Similarly, the second synchronization circuit may perform the function of the first synchronization circuit in the secure data switching method shown in FIG. 2, and the first synchronization circuit may perform the function of the second synchronization circuit in the secure data switching method shown in FIG. 2.
- the first processing core instructs the second processing core to suspend the execution of the second thread, which may include the following steps five to six.
- Step 5 The first synchronization circuit of the first processing core sends the first indication information to the safe mode synchronization module.
- the first indication information refer to the above step 1, which will not be repeated here.
- Step 6 The security mode synchronization module responds to the first instruction information and sends the second instruction information to the second synchronization circuit of the second processing core.
- the second indication information may be used to instruct the second processing core to suspend execution of the second thread.
- the second indication information may be a synchronization signal.
- the synchronization circuit can monitor the security mode switching event of the processing core corresponding to the synchronization circuit, and send the event to the security mode synchronization module, so that the security mode synchronization module instructs other processing cores to suspend execution threads, and also It can be used to receive the instruction information of suspending the execution thread sent by the safe mode synchronization module, and trigger the processing core to suspend the execution of the corresponding thread.
- the first processing core instructs the second processing core to suspend the execution of the second thread, which may include the following steps 7 to 8.
- Step 7 the first processing core sends the first indication information to the interrupt controller.
- the first indication information refer to the above step 1, which will not be repeated here.
- the interrupt controller can be used to generate inter-processor interrupt (IPI).
- IPI inter-processor interrupt
- One processing core can send interrupts to other processing cores through the interrupt controller.
- the interrupt controller can include data bus buffers and read/write. Circuits, registers and other components.
- Step 8 The interrupt controller sends second instruction information to the second processing core in response to the first instruction information.
- the second indication information may be a secure interrupt or a non-secure interrupt.
- the second indication information refer to the above step two, which will not be repeated here.
- the secure data processing method shown in Figure 2 is supported by the interrupt controller at the hardware layer and is suitable for asynchronous switching to the secure mode scenario, which can protect the TEE environment of the TrustZone technology and reduce the risk of attack.
- the second processing core suspends execution of the second thread according to the instruction of the first processing core.
- the secure data processing method shown in FIG. 2 may further include: the second processing core switches to the safe mode , Or the second processing core enters the first low power consumption state in the normal mode.
- the above-mentioned second processing core is switched to the safe mode, which may include the following steps nine to eleven.
- Step 9 The second processing core receives the second instruction information from the security mode synchronization module.
- the second indication information may be a synchronization signal, and the synchronization signal may be used to instruct the second processing core to switch to the safe mode.
- Step 10 The second processing core suspends the execution of the second thread. Step eleven, the second processing core switches to the safe mode.
- the above-mentioned second processing core is switched to the safe mode, which may include the following steps twelve to fourteen.
- Step 12 The second processing core receives the second instruction information from the interrupt controller.
- the second indication information may be a safe interrupt, and the safe interrupt may be used to instruct the second processing core to switch to the safe mode.
- step 13 the second processing core suspends the execution of the second thread.
- Step 14 the second processing core switches to the safe mode.
- both the safe mode synchronization module and the interrupt controller can instruct the second processing core to enter the safe mode.
- the attack risk caused by the second processing core when the first processing core processes the first information in the safe mode can be eliminated. Thereby improving system security.
- the above-mentioned second processing core enters the first low power consumption state in the normal mode, which may include the following steps 15 to 17.
- Step 15 The second processing core receives the second instruction information from the interrupt controller.
- the second indication information may be a non-secure interrupt, and the non-secure interrupt may be used to instruct the second processing core to enter the first low power consumption state in the normal mode.
- Step 16 the second processing core suspends the execution of the second thread.
- Step 17 the second processing core enters the first low power consumption state in the normal mode.
- the interrupt controller can instruct to enter the first low power consumption state in the normal mode.
- the attack risk caused by the second processing core when the first processing core processes the first information in the safe mode can be eliminated, thereby Improve system security.
- the first processing core switches from the normal mode to the safe mode to process the first information.
- the first information may include sensitive information such as a username, a key, user data, and key system data, which is not limited in this embodiment.
- the safe data processing method shown in FIG. 2 may further include: S206, the second processing core enters the second low power consumption in the safe mode Status, or the second processing core processes the second information in the safe mode.
- the second information may include sensitive information such as username, key, user data, key system data, etc.
- the power consumption of the second processing core is lower than that of the second processing core in the normal working state. Power consumption. It should be noted that the second information may be the same as or different from the first information.
- the second processing core can be merged with the first processing core into a single core to process the second information.
- This single core is compared with the first processing core.
- the processing core has higher performance, which can improve the efficiency of secure data processing, thereby improving system performance.
- the second information can be the same as the first information, that is, the combined single core is used to process the first information.
- the second processing core can process the second information that needs to be processed after switching to the safe mode. Second information.
- the safe data processing method shown in FIG. 2 may further include the following S207 to S210.
- S207 The first processing core exits the safe mode. That is to say, after the first processing core finishes processing the first information in the safe mode, it exits the safe mode and returns to the normal mode.
- the first processing core triggers the second processing core to resume execution of the second thread.
- the first processing core may trigger the second processing core to exit the safe mode or exit the first low power consumption state in the normal mode.
- the first processing core may exit the safe mode first, and then trigger the second processing core to exit the safe mode or exit the first low power consumption state in the normal mode.
- the first processing core may first trigger the second processing core to exit the safe mode or exit the first low power consumption state in the normal mode, and then exit the safe mode, which is not limited in this application.
- the first processing core resumes execution of the first thread. It should be noted that the first processing core may first trigger the second processing core to resume execution of the second thread, and then resume execution of the first thread. Alternatively, the first processing core may resume execution of the first thread first, and then trigger the second processing core to resume execution of the second thread. The present application does not limit the sequence in which the first processing core triggers the second processing core to resume execution of the second thread and resume execution of the first thread.
- the second processing core resumes executing the second thread according to the trigger of the first processing core. That is to say, after the first processing core finishes processing the first information in the safe mode, it can exit the safe mode, continue to execute the first thread in the normal mode, and trigger the second processing core to resume the execution of the second thread, and continue to play the multi-threaded system.
- the safe data processing method shown in FIG. 2 may further include: the first processing core clears the processing of the first information in the safe mode trace.
- the first processing core clears the processing of the first information in the safe mode trace.
- the traces can include the cache, page table cache, or transfer occupied by the processing information.
- Address bypassing cache, etc., clearing actions include random number overwriting, formatting and other operations, which can further improve system security.
- the safe data processing method shown in FIG. 2 may further include: the second processing core clears traces of processing the second information in the safe mode.
- the second processing core clears traces of processing the second information in the safe mode.
- the second processing core can clear the remaining usage traces of the second information processed in the safe mode in the shared hardware resources,
- the removal behavior includes operations such as random number overwriting, formatting, etc., to further improve system security.
- FIG. 2 takes the interaction between the various components of the hardware layer as an example to illustrate in detail the secure data processing method provided by the embodiment of the present application.
- the following takes the interaction between the hardware layer and the software layer as an example to describe in detail the secure data processing method provided in the embodiments of the present application.
- Fig. 4 is a second schematic flowchart of a secure data processing method provided by an embodiment of the application.
- the secure data processing method can be applied to the interaction between the hardware layer and the software layer as well as the modules in the software layer as shown in FIG. 1.
- the secure data processing method includes the following steps: S401, a first processing core executes a first thread, and a second processing core executes a second thread. That is, the first processing core executes the first thread in the normal mode, and the second processing core executes the second thread in the normal mode.
- the normal mode may be the REE environment shown in FIG. 1, the normal mode may also be referred to as an unsafe mode, the REE environment is a general operating environment, and the processing core may execute the corresponding thread in the REE environment.
- the first processing core and the second processing core may be physical cores or logical cores. For the specific implementation of the physical core and the logical core, refer to the above S201, which will not be repeated here.
- the first processing core executes the switching instruction to call the active processing core scheduling module.
- the switching instruction may be an SMC instruction. That is, the first processing core executes the SMC instruction to execute the code of the active processing core scheduling module, so that the active processing core scheduling module schedules the first processing core to switch to the safe mode to process the first information.
- the security mode may be the TEE environment shown in FIG. 1, and fingerprint verification, identity verification, etc. may be performed in the TEE environment.
- the first processing core executes the code of the active processing core scheduling module, and sends the first instruction information to call the security processing core synchronization control module.
- the control circuit may include: a safe mode synchronization module or an interrupt controller.
- the first instruction information, and the second instruction information refer to the foregoing S203, which will not be repeated here.
- the first processing core may include a first synchronization circuit
- the second processing core may include a second synchronization circuit.
- the first processing core executes the code of the active processing core scheduling module, and sends the first instruction information to call the security processing core synchronization control module, which may include the following steps 22 to 23.
- Step 22 The first processing core executes the code of the active processing core scheduling module, and triggers the first synchronization circuit to send the first indication information to call the security processing core synchronization control module.
- Step 23 The security processing core synchronization control module triggers the security mode synchronization module of the hardware layer to send second indication information to the second synchronization circuit of the second processing core.
- the second indication information may be a synchronization signal.
- the safe data processing method shown in Figure 4 is supported by the safe mode synchronization module at the hardware layer, and is suitable for both synchronously switching to safe mode scenarios and asynchronously switching to safe mode scenarios, thereby protecting TrustZone Technology, Intel SGX technology TEE environment, reduce the risk of attack.
- the first processing core executes the code of the active processing core scheduling module, and sends the first instruction information to call the security processing core synchronization control module, which may include the following steps 24 to 2 fifteen.
- Step 24 The first processing core executes the code of the active processing core scheduling module, and sends the first instruction information to call the security processing core synchronization control module.
- Step 25 The security processing core synchronization control module triggers the interrupt controller to send second indication information to the second processing core.
- the second indication information may be a safety interrupt.
- the secure data processing method shown in Figure 4 is suitable for asynchronous switching to the secure mode scenario, which can protect the TEE environment of the TrustZone technology and reduce the risk of attack.
- the control circuit sends second indication information to the second processing core.
- the second processing core may include a second synchronization circuit.
- the control circuit sends the second instruction information to the running second processing core, which may include: the security processing core synchronization control module triggers the hardware layer
- the safe mode synchronization module sends the second indication information to the second synchronization circuit of the second processing core.
- the second indication information may be a synchronization signal.
- the second processing core does not include the second synchronization circuit.
- the control circuit sends the second instruction information to the running second processing core, which may include: the security processing core synchronization control module triggers interrupt control
- the processor sends second indication information to the second processing core.
- the second indication information may be a safety interrupt.
- the second processing core suspends execution of the second thread, and executes the code of the idle processing core scheduling module.
- the second processing core includes a second synchronization circuit.
- the second processing core suspends execution of the second thread and executes the code of the idle processing core scheduling module, which may include: the second processing core according to The second instruction information received by the second synchronization circuit suspends the execution of the second thread, and executes the code of the idle processing core scheduling module to schedule the second processing core to switch to the safe mode.
- the second processing core does not include the second synchronization circuit.
- the second processing core suspends the execution of the second thread and executes the code of the idle processing core scheduling module, which may include: second processing The core suspends the execution of the second thread and executes the code of the idle processing core scheduling module to schedule the second processing core to switch to the safe mode.
- S406 The second processing core switches to the safe mode according to the scheduling of the idle processing core scheduling module.
- S407 The idle processing core scheduling module sends third indication information to invoke the security processing core synchronization control module.
- the third indication information may be used to indicate that the second processing core has switched to the safe mode. That is, the control circuit is notified that the second processing core has switched to the safe mode, and the control circuit is triggered to invoke the active processing core scheduling module to schedule the first processing core to switch to the safe mode.
- the control circuit In response to the third instruction information, the control circuit sends fourth instruction information to invoke the active processing core scheduling module.
- the fourth indication information may be used to indicate that the second processing core has switched to the safe mode, or used to instruct the active processing core scheduling module to schedule the first processing core to switch from the normal mode to the safe mode to process the first information.
- S409 The first processing core switches from the normal mode to the safe mode according to the scheduling of the active processing core scheduling module to process the first information.
- the scheduling of the active processing core scheduling module to process the first information.
- the second processing core enters the second low power consumption state in the safe mode according to the scheduling of the idle processing core scheduling module, or processes the second information in the safe mode.
- the second information for the specific implementation manner of the second information, refer to the foregoing S205, which will not be repeated here.
- the first processing core sends fifth instruction information to call the security processing core synchronization control module.
- the fifth indication information may be used to indicate that the first processing core has finished processing the first information. That is, the first processing core sends the fifth instruction information to call the security processing core synchronization control module, triggers the first processing core to call the active processing core scheduling module, and triggers the second processing core to call the idle processing core scheduling module.
- the first processing core may clear traces of processing the first information in the safe mode, thereby further improving data security.
- the control circuit In response to the fifth instruction information, the control circuit sends sixth instruction information to invoke the active processing core scheduling module, and sends seventh instruction information to invoke the idle processing core scheduling module.
- the sixth indication information may be used to indicate that the first processing core is triggered to resume execution of the first thread
- the seventh indication information may be used to indicate that the second processing core is triggered to resume execution of the second thread. In other words, instruct the first processing core and the second processing core to resume execution of their corresponding threads, and continue to take advantage of the system's multithreading.
- the first processing core exits the safe mode according to the scheduling of the active processing core scheduling module and resumes the execution of the first thread
- the second processing core exits the safe mode according to the scheduling of the idle processing core scheduling module and resumes the execution of the second thread.
- the second processing core exits the safe mode according to the scheduling of the idle processing core scheduling module, and before resuming the execution of the second thread, the second processing core can clear the traces of processing the second information in the safe mode to further improve Data security.
- FIG. 5 is a third flowchart of a secure data processing method provided by an embodiment of the application.
- the secure data processing method may be applicable to the interaction between the first processing core, the second processing core, the interrupt controller, and the software layer shown in FIG. 1, and the second indication information is a non-secure interrupt.
- the secure data processing method includes the following steps: S501, a first processing core executes a first thread, and a second processing core executes a second thread. That is, the first processing core executes the first thread in the normal mode, and the second processing core executes the second thread in the normal mode.
- the normal mode may be the REE environment shown in FIG.
- the normal mode may also be referred to as an unsafe mode
- the REE environment is a general operating environment
- the processing core may execute the corresponding thread in the REE environment.
- the first processing core and the second processing core may be physical cores or logical cores. For the specific implementation of the physical core and the logical core, refer to the above S201, which will not be repeated here.
- the first processing core executes the switching instruction to call the active processing core scheduling module.
- the switching instruction may be an SMC instruction. That is, the first processing core executes the SMC instruction to execute the code of the active processing core scheduling module, so that the active processing core scheduling module schedules the first processing core to switch to the safe mode to process the first information.
- the security mode may be the TEE environment shown in FIG. 1, and fingerprint verification, identity verification, etc. may be performed in the TEE environment.
- the first processing core executes the code of the active processing core scheduling module, and sends the first instruction information to call the security processing core synchronization control module.
- the first processing core executes the code of the active processing core scheduling module, and sends the first instruction information to call the security processing core synchronization control module, which may include the following steps 26 to 20 seven.
- Step 26 The first processing core executes the code of the active processing core scheduling module, and sends the first instruction information to call the security processing core synchronization control module.
- Step 27 The security processing core synchronization control module triggers the interrupt controller to send second indication information to the second processing core.
- the second indication information may be a non-secure interrupt.
- the non-secure interrupt may be used to instruct the second processing core to enter the first low power consumption state in the normal mode.
- the secure data processing method shown in Fig. 5 is suitable for the scenario of asynchronously switching to the secure mode, which can protect the TEE environment of the TrustZone technology and reduce the risk of attack.
- S504 The interrupt controller sends second indication information to the second processing core. It should be noted that, in S404, the control circuit sends the second instruction information to the second processing core. When the control circuit is an interrupt controller, the second instruction information is a safe interrupt. The difference is that the second instruction information in S504 It is a non-safe interrupt. Among them, the safety interrupt is not maskable in the normal mode, and the non-safe interrupt can be masked in the normal mode.
- the second processing core suspends the execution of the second thread, and enters the first low power consumption state in the normal mode. In this way, the second processing core suspends the execution of the second thread and enters the first low power consumption state in the normal mode, which can eliminate the attack risk caused by the second processing core when the first processing core processes the first information in the safe mode. Thereby improving system security.
- the interrupt controller sends the eighth instruction information to call the active processing core scheduling module.
- the eighth indication information may be used to indicate that the second processing core has entered the first low power consumption state in the normal mode. That is, the interrupt controller sends the eighth indication information to trigger the interrupt controller to call the active processing core scheduling module to schedule the first processing core to switch to the safe mode.
- the first processing core switches from the normal mode to the safe mode according to the scheduling of the active processing core scheduling module to process the first information.
- the scheduling of the active processing core scheduling module to process the first information.
- the specific implementation manner of the first information refer to the foregoing S205, which will not be repeated here.
- the first processing core sends ninth instruction information to invoke the synchronization control module of the security processing core.
- the ninth indication information may be used to indicate that the first processing core has processed the first information. That is, the first processing core may send the ninth instruction information to call the security processing core synchronization control module, and trigger the interrupt controller to call the active processing core scheduling module.
- the first processing core may clear traces of processing the first information in the safe mode, thereby further improving data security.
- the interrupt controller In response to the ninth instruction information, the interrupt controller sends the tenth instruction information to call the active processing core scheduling module.
- the tenth indication information may be used to indicate that the first processing core is triggered to resume execution of the first thread.
- the first processing core exits the safe mode according to the scheduling of the active processing core scheduling module and resumes the execution of the first thread.
- the second processing core exits the first low power consumption state according to the scheduling of the safety processing core synchronization control module and resumes the execution of the second thread. .
- the first processing core and the second processing core resume execution of their corresponding threads, and continue to take advantage of the system's multithreading.
- each processing core executes its corresponding thread in the normal mode, giving full play to multi-threading.
- the other processing cores are instructed to suspend the execution of the corresponding thread.
- the second processing core is instructed to suspend the execution of the second Threads can eliminate the risk that when one processing core processes the first information in a safe mode, other processing cores maliciously use shared resource competition conditions to carry out attacks, thereby improving system security.
- this solution does not need to completely turn off the SMT function, which improves system performance.
- the secure data processing method provided by the embodiments of the present application is described in detail above with reference to FIGS. 2 to 5.
- the secure data processing device provided by the embodiment of the present application will be described in detail below with reference to FIGS. 6-7.
- Fig. 6 is a second structural diagram of a secure data processing device provided by an embodiment of the present application.
- the secure data processing device can be applied to the secure data processing system shown in FIG. 1 to execute the secure data processing method shown in any one of FIG. 2 and FIG. 4 to FIG. 5.
- FIG. 6 only shows the main components of the secure data processing device.
- the secure data processing device 600 includes a first processing core 601 and a second processing core 602.
- the first processing core 601 is used to execute the first thread in the normal mode.
- the second processing core 602 is used to execute the second thread in the normal mode.
- the first processing core 601 is also used to suspend the execution of the first thread when it is necessary to switch to the safe mode.
- the first processing core 601 is also used to instruct the second processing core 602 to suspend the execution of the second thread.
- the second processing core 602 is further configured to suspend the execution of the second thread according to the instruction of the first processing core 601.
- the first processing core 601 is also used to switch from the normal mode to the safe mode to process the first information.
- the secure data processing device 600 may further include a control circuit 603.
- the first processing core 601 is also used to send first instruction information to the control circuit 603.
- the control circuit 603 is configured to send second instruction information to the second processing core 602 in response to the first instruction information, and the second instruction information is used to instruct the second processing core 602 to suspend execution of the second thread.
- the control circuit 603 includes: a safe mode synchronization module or an interrupt controller (not shown in FIG. 6).
- the second processing core 602 is also used to switch to the safe mode or enter the first low power consumption in the normal mode after suspending the execution of the second thread according to the instruction of the first processing core 601 state.
- the second processing core 602 is also used to enter the second low-power state in the safe mode after the second processing core 602 is switched to the safe mode, or to process the second processing core in the safe mode. information.
- the first processing core 601 is also used to exit the safe mode after switching from the normal mode to the safe mode to process the first information.
- the first processing core 601 is also used to trigger the second processing core 602 to resume execution of the second thread.
- the first processing core 601 is also used to resume execution of the first thread.
- the second processing core 602 is further configured to resume execution of the second thread according to the trigger of the first processing core 601.
- the first processing core 601 is also used to clear traces of processing the first information in the safe mode before exiting the safe mode.
- the second processing core 602 processes the second information in the safe mode
- the second processing core 602 is also used to clear the remaining use traces of the second information in the shared hardware resource in the safe mode before exiting the safe mode.
- the first processing core 601 and the second processing core 602 may be physical cores or logical cores.
- the secure data processing device 600 may be a processor.
- the technical effects of the secure data processing device 600 can refer to the technology of the secure data processing method described in any one of the implementation modes in FIGS. 2 and 4 to 5 The effect will not be repeated here.
- FIG. 7 is a third structural diagram of a secure data processing device provided by an embodiment of the present application.
- the secure data processing device can be applied to the secure data processing system shown in FIG. 1 to execute the secure data processing method shown in any one of FIG. 2 and FIG. 4 to FIG. 5.
- FIG. 7 only shows the main components of the secure data processing device.
- the secure data processing device 700 includes a first processing module 701 and a second processing module 702.
- the first processing module 701 is used to implement the function of the first processing core involved in the foregoing method embodiment
- the second processing module 702 is used to implement the function of the second processing core involved in the foregoing method embodiment.
- the secure data processing device 700 may further include a control module 703.
- the control module 703 may be used to implement the functions of the control circuit involved in the foregoing method embodiments.
- the secure data processing apparatus 700 may further include a storage module (not shown in FIG. 7), the storage module may be a memory, and the storage module may be used to store program instructions and data that implement the functions involved in the foregoing method embodiments.
- the secure data processing apparatus 700 can execute the secure data processing method shown in any one of FIGS. 2, 4 to 5 .
- the secure data processing device 700 may further include a transceiver module (not shown in FIG. 7).
- the transceiver module may be a transceiver circuit or an input/output port.
- the transceiver module may be used to implement the transceiver functions involved in the above method embodiments.
- the transceiver module may include a receiving module and a transmitting module. The specific implementation of the transceiver module in this application is not Make specific restrictions.
- the secure data processing device 700 may be a processor.
- One or more of the above modules can be realized by hardware, software, or by hardware executing corresponding software.
- the hardware or software includes one or more modules or units corresponding to the above-mentioned functions.
- the software exists in the form of computer program instructions and is stored in the memory.
- the technical effect of the secure data processing device 700 may refer to the technical effect of the secure data processing method described in any one of the implementation manners in FIG. 2 and FIG. 4 to FIG. 5, which will not be repeated here.
- the embodiment of the present application provides a secure data processing system, and the secure data processing system includes the previously described secure data processing device.
- the embodiment of the present application provides a computer-readable storage medium including a computer program or instruction; when the computer program or instruction runs on a computer, the computer is caused to execute the security data described in the foregoing method embodiment
- the computer includes a first processing core and a second processing core.
- the embodiment of the present application provides a computer program product, including a computer program or instruction.
- the computer program or instruction runs on a computer, the computer is caused to execute the secure data processing method described in the foregoing method embodiment, and the computer includes the first One processing core and second processing core.
- the processor designed in the embodiments of the present application may be the central processing unit (CPU) mentioned in the previous embodiments, or the processor may also be other general-purpose processors, digital signal processors (digital signal processors). signal processor, DSP), application specific integrated circuit (ASIC) processor, ready-made programmable gate array (field programmable gate array, FPGA) processor, the processor may further include other programmable logic devices, Discrete gates or transistor logic devices, discrete hardware components, etc.
- the general-purpose processor may be a microprocessor or the processor may also be any conventional processor or the like.
- the previous embodiment mainly uses the CPU as an example to introduce, but it is not used to limit the solution.
- the memory in the embodiments of the present application may be a volatile memory.
- the volatile memory may be random access memory (RAM), which is used as an external cache.
- RAM random access memory
- static random access memory static random access memory
- DRAM dynamic random access memory
- DRAM synchronous dynamic random access memory
- Access memory synchronous DRAM, SDRAM
- double data rate synchronous dynamic random access memory double data rate SDRAM, DDR SDRAM
- enhanced synchronous dynamic random access memory enhanced SDRAM, ESDRAM
- synchronous connection dynamic random access memory Take memory (synchlink DRAM, SLDRAM) and direct memory bus random access memory (direct rambus RAM, DR RAM).
- the foregoing embodiments may be implemented in whole or in part by software, hardware (such as circuits), firmware, or any other combination.
- the above-mentioned embodiments may be implemented in the form of a computer program product in whole or in part.
- the computer program product includes one or more computer instructions or computer programs.
- the processes or functions described in the embodiments of the present application are generated in whole or in part.
- the computer may be a general-purpose computer, a special-purpose computer, a computer network, or other programmable devices.
- the computer instructions may be stored in a computer-readable storage medium, or transmitted from one computer-readable storage medium to another computer-readable storage medium.
- the computer instructions may be transmitted from a website, computer, server, or data center. Transmission to another website, computer, server or data center via wired (such as infrared, wireless, microwave, etc.).
- the computer-readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server or a data center that includes one or more sets of available media.
- the usable medium may be a magnetic medium (for example, a floppy disk, a hard disk, a magnetic tape), an optical medium (for example, a DVD), or a semiconductor medium.
- the semiconductor medium may be a solid state drive.
- the size of the sequence number of the above-mentioned processes does not mean the order of execution, and the execution order of each process should be determined by its function and internal logic, and should not correspond to the embodiments of the present application.
- the implementation process constitutes any limitation.
- the disclosed system, device, and method can be implemented in other ways.
- the above-described device embodiments are only illustrative.
- the division of the above-mentioned units or modules is only a logical function division.
- there may be other division methods for example, multiple units or modules may be combined.
- the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units/modules, and may be in electrical, mechanical or other forms.
- the units/modules described as separate parts may or may not be physically separated, and the parts displayed as units/modules may or may not be physical units/modules, that is, they may be located in one place, or they may be distributed to Multiple network units/modules. Some or all of the units/modules can be selected according to actual needs to achieve the objectives of the solutions of the embodiments.
- each functional unit/module in each embodiment of the present application can be integrated into one processing unit/module, or each unit/module can exist alone physically, or two or more units/modules can be integrated into one. Unit/module.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Hardware Redundancy (AREA)
Abstract
Provided are a security data processing method and apparatus, which can improve system security and reduce the risk of attack on the basis of supporting an SMT function. The method comprises: a first processing core executing a first thread in a normal mode; a second processing core executing a second thread in the normal mode; the first processing core pausing the execution of the first thread when needing to switch to a safe mode; the first processing core instructing the second processing core to pause the execution of the second thread; then the second processing core pausing the execution of the second thread under the instruction of the first processing core; and the first processing core processing first information after switching from the normal mode to the safe mode.
Description
本申请涉及安全数据技术领域,尤其涉及一种安全数据处理方法及装置。This application relates to the technical field of secure data, and in particular to a secure data processing method and device.
同时多线程(simultaneous multithreading,SMT,又称为同步多线程)技术是指,架构的中央处理器(central processing unit,CPU)在中央处理器(central processing unit,CPU)的物理核或逻辑核上并行执行多个线程(thread),该多个线程可以共享物理资源,以提高系统性能并降低功耗。然而,多个处理核之间分时复用共享资源会造成访问共享资源的时间差异,进而导致易遭受攻击而泄露敏感信息。Simultaneous multithreading (SMT, also known as synchronous multithreading) technology means that the central processing unit (CPU) of the architecture is on the physical core or logical core of the central processing unit (CPU) Multiple threads are executed in parallel, and the multiple threads can share physical resources to improve system performance and reduce power consumption. However, time-sharing and multiplexing of shared resources among multiple processing cores will cause differences in the time for accessing shared resources, which will lead to vulnerability to attacks and disclosure of sensitive information.
目前,提出了几种降低SMT攻击风险的方法,但均存在各种缺陷。例如,关闭SMT功能以降低攻击风险,但无法利用SMT的技术优势,导致系统性能下降,重新开启SMT功能需要较大延迟,例如需要重启系统。又例如,由用户自行确定是否开启SMT,但该方案只适用于用户能修改软件配置的产品,如电脑,不适用于用户不能修改软件配置的产品,如手机,适用性差,且该方案要求用户具备相应的技术知识才能准确配置SMT,用户体验差。又例如,消除可能泄露敏感信息的代码,即将代码中处理敏感信息的过程改为“常量时间(constant-time)”的代码形式,然而当涉及敏感信息的数据流较长时,导致该方案会漏报或误报敏感信息的代码,且敏感信息对应的代码也是巨量的,导致该方案难以实现。又例如,将CPU的物理资源按照逻辑核进行划分,为每个逻辑核单独分配物理资源,并禁止一个逻辑核访问其他逻辑核的物理资源以降低攻击风险,与上述关闭SMT功能的方案类似,该方案同样无法利用SMT的技术优势,导致系统性能下降。At present, several methods to reduce the risk of SMT attacks have been proposed, but all have various shortcomings. For example, turning off the SMT function to reduce the risk of attack, but unable to take advantage of the technical advantages of SMT, resulting in a decline in system performance, re-enable the SMT function requires a large delay, such as the need to restart the system. For another example, it is up to the user to determine whether to enable SMT, but the solution is only applicable to products that the user can modify the software configuration, such as computers, and does not apply to products that the user cannot modify the software configuration, such as mobile phones, which have poor applicability, and the solution requires users The SMT can be configured accurately only with the corresponding technical knowledge, and the user experience is poor. Another example is to eliminate code that may leak sensitive information, and change the process of processing sensitive information in the code to a "constant-time" code form. However, when the data stream involving sensitive information is long, the solution will Missing or misreporting the code of sensitive information, and the code corresponding to the sensitive information is also huge, making this solution difficult to implement. For another example, dividing the physical resources of the CPU according to logical cores, assigning physical resources to each logical core separately, and prohibiting one logical core from accessing the physical resources of other logical cores to reduce the risk of attack, similar to the above-mentioned solution of turning off the SMT function. This solution also fails to take advantage of SMT's technical advantages, resulting in a decrease in system performance.
综上,上述方案均不能兼顾降低攻击风险和利用SMT的技术优势这两个方面的需求。In summary, none of the above-mentioned schemes can take into account the requirements of reducing the risk of attacks and using the technical advantages of SMT.
发明内容Summary of the invention
本申请实施例提供一种安全数据处理方法及装置,能够在支持SMT功能的基础上,提高系统安全性,降低攻击风险。为达到上述目的,本申请采用如下技术方案。The embodiments of the present application provide a secure data processing method and device, which can improve system security and reduce the risk of attack on the basis of supporting the SMT function. In order to achieve the above-mentioned purpose, this application adopts the following technical solutions.
第一方面,提供一种安全数据处理方法。该安全数据处理方法包括:第一处理核在普通模式下执行第一线程,第二处理核在普通模式下执行第二线程,第一处理核在需要切换至安全模式时暂停执行第一线程,第一处理核指示第二处理核暂停执行第二线程,然后第二处理核根据第一处理核的指示暂停执行第二线程,第一处理核从普通模式切换至安全模式以处理第一信息。需要说明的是,本申请不对第一处理核暂停执行第一线程和第一处理核指示第二处理核暂停执行第二线程的先后顺序进行限定。In the first aspect, a secure data processing method is provided. The safe data processing method includes: a first processing core executes a first thread in a normal mode, a second processing core executes a second thread in a normal mode, and the first processing core suspends execution of the first thread when it needs to switch to the safe mode, The first processing core instructs the second processing core to suspend the execution of the second thread, and then the second processing core suspends the execution of the second thread according to the instruction of the first processing core, and the first processing core switches from the normal mode to the safe mode to process the first information. It should be noted that this application does not limit the sequence in which the first processing core suspends the execution of the first thread and the first processing core instructs the second processing core to suspend the execution of the second thread.
基于第一方面所述的安全数据处理方法,当处理核不需要切换至安全模式处理信息时,各处理核均在普通模式下执行各自对应线程,发挥多线程的优势,提高系统性能,当其中一个处理核需要切换至安全模式时,则指示其它处理核暂停执行对应线程,如第一处理核需要切换至安全模式,则指示第二处理核暂停执行第二线程,可以消除 一个处理核在安全模式处理第一信息时,其它处理核恶意利用共享资源竞争条件实施攻击的风险,从而提高系统安全性。此外,本方案无需完全关闭SMT功能,提高了系统性能。Based on the secure data processing method described in the first aspect, when the processing core does not need to switch to the safe mode to process information, each processing core executes its corresponding thread in the normal mode, taking advantage of multi-threading and improving system performance. When a processing core needs to switch to safe mode, instruct other processing cores to suspend execution of the corresponding thread. If the first processing core needs to switch to safe mode, instruct the second processing core to suspend execution of the second thread, which can eliminate one processing core in safety When the mode processes the first information, other processing nuclei maliciously use the shared resource competition conditions to carry out attacks, thereby improving the security of the system. In addition, this solution does not need to completely turn off the SMT function, which improves system performance.
在一种可能的设计方案中,上述第一处理核指示第二处理核暂停执行第二线程,可以包括:第一处理核向控制电路发送第一指示信息,控制电路响应于第一指示信息向第二处理核发送第二指示信息,第二指示信息用于指示第二处理核暂停执行第二线程。也就是说,第一处理核可以向控制电路发送其需要切换至安全模式的信息,以使控制电路指示第二处理核暂停执行第二线程。In a possible design solution, the above-mentioned first processing core instructs the second processing core to suspend the execution of the second thread, which may include: the first processing core sends first instruction information to the control circuit, and the control circuit sends first instruction information to the control circuit in response to the first instruction information. The second processing core sends second instruction information, where the second instruction information is used to instruct the second processing core to suspend execution of the second thread. In other words, the first processing core may send information that it needs to switch to the safe mode to the control circuit, so that the control circuit instructs the second processing core to suspend the execution of the second thread.
可选地,控制电路可以包括:安全模式同步模块或中断控制器。Optionally, the control circuit may include: a safe mode synchronization module or an interrupt controller.
在一种可能的设计方案中,在第二处理核根据第一处理核的指示暂停执行第二线程后,所述安全数据处理方法还可以包括:第二处理核切换至安全模式,或在普通模式下进入第一低功耗状态以降低功耗。In a possible design solution, after the second processing core suspends the execution of the second thread according to the instruction of the first processing core, the secure data processing method may further include: the second processing core switches to the safe mode, or in the normal mode. Enter the first low power consumption state in the mode to reduce power consumption.
可选地,在第二处理核切换至安全模式后,所述安全数据处理方法还可以包括:第二处理核在安全模式下进入第二低功耗状态,或在安全模式下处理第二信息。也就是说,第二处理核切换至安全模式后,可以进入第二低功耗状态,减少系统功耗,也可以处理其自身需要处理的第二信息,此时的第二信息可以与第一信息不同,还可以与第一处理核合并为单核后,处理第二信息,此时的第二信息可以与第一信息相同,即合并后的单核处理第一处理核需要处理的第一信息。Optionally, after the second processing core switches to the safe mode, the safe data processing method may further include: the second processing core enters the second low power consumption state in the safe mode, or processes the second information in the safe mode . That is to say, after the second processing core is switched to the safe mode, it can enter the second low-power state to reduce system power consumption, and can also process the second information that needs to be processed by itself. At this time, the second information can be compared with the first The information is different. It can also be combined with the first processing core into a single core to process the second information. At this time, the second information can be the same as the first information, that is, the combined single core processes the first processing core that needs to be processed by the first processing core. information.
在一种可能的设计方案中,在第一处理核从普通模式切换至安全模式以处理第一信息后,所述安全数据处理方法还可以包括:第一处理核退出安全模式,第一处理核触发第二处理核恢复执行第二线程,第一处理核恢复执行第一线程,第二处理核根据第一处理核的触发恢复执行第二线程。In a possible design solution, after the first processing core switches from the normal mode to the safe mode to process the first information, the safe data processing method may further include: the first processing core exits the safe mode, and the first processing core exits the safe mode. The second processing core is triggered to resume execution of the second thread, the first processing core resumes execution of the first thread, and the second processing core resumes execution of the second thread according to the trigger of the first processing core.
也就是说,第一处理核在安全模式完成处理第一信息后,可以退出安全模式,继续在普通模式下执行第一线程,并触发第二处理核恢复执行第二线程,继续发挥系统多线程优势。需要说明的是,本申请不对第一处理核触发第二处理核恢复执行第二线程和第一处理核恢复执行第一线程的先后顺序进行限定。That is to say, after the first processing core finishes processing the first information in the safe mode, it can exit the safe mode, continue to execute the first thread in the normal mode, and trigger the second processing core to resume the execution of the second thread, and continue to play the multi-threaded system. Advantage. It should be noted that this application does not limit the sequence in which the first processing core triggers the second processing core to resume execution of the second thread and the first processing core resumes execution of the first thread.
在一种可能的设计方案中,在第一处理核退出安全模式前,所述安全数据处理方法还可以包括:第一处理核清除安全模式下的处理第一信息的痕迹,即第一处理核可以清除安全模式下处理第一信息残留在共享硬件资源中的使用痕迹,以进一步提高系统安全性。同样,若第二处理核在安全模式下处理第二信息,则在第二处理核退出安全模式之前,第二处理核可以清除安全模式下处理第二信息残留在共享硬件资源中的使用痕迹,以进一步提高系统安全性。In a possible design solution, before the first processing core exits the safe mode, the safe data processing method may further include: the first processing core clears traces of processing the first information in the safe mode, that is, the first processing core The use traces of the first information remaining in the shared hardware resources can be cleared in the safe mode, so as to further improve the security of the system. Similarly, if the second processing core processes the second information in the safe mode, before the second processing core exits the safe mode, the second processing core can clear the remaining usage traces of the second information processed in the safe mode in the shared hardware resources, To further improve system security.
可选地,第一处理核和第二处理核可以是物理核或逻辑核。Optionally, the first processing core and the second processing core may be physical cores or logical cores.
第二方面,提供一种安全数据处理装置。该安全数据处理装置包括第一处理核和第二处理核。其中,第一处理核,用于在普通模式下执行第一线程,在需要切换至安全模式时暂停执行第一线程,指示第二处理核暂停执行第二线程,以及从普通模式切换至安全模式以处理第一信息。第二处理核,用于在所述普通模式下执行第二线程,并根据第一处理核的指示暂停执行第二线程。In the second aspect, a secure data processing device is provided. The secure data processing device includes a first processing core and a second processing core. Among them, the first processing core is used to execute the first thread in the normal mode, suspend the execution of the first thread when it needs to switch to the safe mode, instruct the second processing core to suspend the execution of the second thread, and switch from the normal mode to the safe mode To process the first information. The second processing core is configured to execute the second thread in the normal mode, and suspend the execution of the second thread according to the instruction of the first processing core.
在一种可能的设计方案中,安全数据处理装置还可以包括控制电路。其中,第一 处理核,还用于向控制电路发送第一指示信息,控制电路,用于响应于第一指示信息向第二处理核发送第二指示信息,第二指示信息用于指示第二处理核暂停执行第二线程。In a possible design solution, the secure data processing device may also include a control circuit. Wherein, the first processing core is also used to send first indication information to the control circuit, and the control circuit is used to send second indication information to the second processing core in response to the first indication information, and the second indication information is used to indicate the second indication information. The processing core suspends execution of the second thread.
可选地,控制电路包括:安全模式同步模块或中断控制器。Optionally, the control circuit includes: a safe mode synchronization module or an interrupt controller.
在一种可能的设计方案中,第二处理核,还用于在根据第一处理核的指示暂停执行第二线程后,切换至安全模式,或在普通模式下进入第一低功耗状态。In a possible design solution, the second processing core is further configured to switch to the safe mode or enter the first low power consumption state in the normal mode after suspending the execution of the second thread according to the instruction of the first processing core.
在一种可能的设计方案中,第二处理核,还用于在第二处理核切换至安全模式后,在安全模式下进入第二低功耗状态,或在安全模式下处理第二信息。In a possible design solution, the second processing core is also used to enter the second low power consumption state in the safe mode after the second processing core is switched to the safe mode, or to process the second information in the safe mode.
在一种可能的设计方案中,第一处理核,还用于:在从普通模式切换至安全模式以处理第一信息后,退出安全模式,触发第二处理核恢复执行第二线程,以及恢复执行第一线程。第二处理核,还用于根据第一处理核的触发恢复执行第二线程。In a possible design solution, the first processing core is also used to: after switching from the normal mode to the safe mode to process the first information, exit the safe mode, trigger the second processing core to resume execution of the second thread, and resume Execute the first thread. The second processing core is also used to resume execution of the second thread according to the trigger of the first processing core.
在一种可能的设计方案中,第一处理核,还用于在退出安全模式之前,清除安全模式下的处理第一信息的痕迹。In a possible design solution, the first processing core is also used to clear traces of processing the first information in the safe mode before exiting the safe mode.
可选地,第一处理核和第二处理核可以是物理核或逻辑核。Optionally, the first processing core and the second processing core may be physical cores or logical cores.
需要说明的是,第二方面所述的安全数据处理装置可以是处理器,此外,第二方面所述的安全数据处理装置的技术效果可以参考第一方面的任意一种实现方式所述的安全数据处理方法的技术效果,此处不再赘述。It should be noted that the secure data processing device described in the second aspect may be a processor. In addition, the technical effect of the secure data processing device described in the second aspect may refer to the security described in any implementation manner of the first aspect. The technical effect of the data processing method will not be repeated here.
第三方面,提供一种安全数据处理装置。该安全数据处理装置包括第一处理模块和第二处理模块。其中,第一处理模块用于实现第一方面中任一种可能的实现方式所涉及的第一处理核的功能,第二处理模块用于实现第一方面中任一种可能的实现方式所涉及的第二处理核的功能。In the third aspect, a secure data processing device is provided. The secure data processing device includes a first processing module and a second processing module. Among them, the first processing module is used to implement the function of the first processing core involved in any possible implementation manner in the first aspect, and the second processing module is used to implement the function involved in any possible implementation manner in the first aspect. The second processing core function.
在一种可能的设计方案中,该安全数据处理装置还可以包括控制模块。其中,控制模块可以用于实现第一方面中任一种可能的实现方式所涉及的控制电路的功能。In a possible design solution, the secure data processing device may further include a control module. Wherein, the control module may be used to implement the function of the control circuit involved in any possible implementation manner in the first aspect.
在一种可能的设计方案中,第三方面所述的安全数据处理装置还可以包括存储模块,该存储模块可以为存储器,该存储模块用于存储实现第一方面中任一种可能的实现方式所涉及功能的程序指令和数据。当第一处理模块、第二处理模块、控制模块执行该程序或指令时,使得第三方面所述的安全数据处理装置可以执行第一方面所述的安全数据处理方法。In a possible design solution, the secure data processing device described in the third aspect may further include a storage module, the storage module may be a memory, and the storage module is used to store any one of the possible implementation manners in the first aspect. The program instructions and data of the functions involved. When the first processing module, the second processing module, and the control module execute the program or instruction, the secure data processing device described in the third aspect can execute the secure data processing method described in the first aspect.
可选地,第三方面所述的安全数据处理装置还可以包括收发模块。该收发模块可以为收发电路或输入/输出端口,该收发模块可用于实现第一方面中任一种可能的实现方式所涉及的收发功能。收发模块可以包括接收模块和发送模块,本申请对于收发模块的具体实现方式,不做具体限定。Optionally, the secure data processing device described in the third aspect may further include a transceiver module. The transceiver module may be a transceiver circuit or an input/output port, and the transceiver module may be used to implement the transceiver function involved in any one of the possible implementation manners in the first aspect. The transceiver module may include a receiving module and a sending module, and this application does not specifically limit the specific implementation of the transceiver module.
需要说明的是,第三方面所述的安全数据处理装置可以是处理器,以上模块的一个或多个可以通过硬件实现,软件实现,或者通过硬件执行相应的软件实现。该硬件或软件包括一个或多个与上述功能相对应的模块或单元。当以上任一模块以软件实现的时候,所述软件以计算机程序指令的方式存在,并被存储在存储器中。此外,第三方面所述的安全数据处理装置的技术效果可以参考第一方面中的任意一种实现方式所述的安全数据处理方法的技术效果,此处不再赘述。It should be noted that the secure data processing device described in the third aspect may be a processor, and one or more of the above modules may be implemented by hardware, software, or hardware execution of corresponding software. The hardware or software includes one or more modules or units corresponding to the above-mentioned functions. When any of the above modules is implemented in software, the software exists in the form of computer program instructions and is stored in the memory. In addition, the technical effect of the secure data processing device described in the third aspect may refer to the technical effect of the secure data processing method described in any implementation manner in the first aspect, which will not be repeated here.
第四方面,提供一种安全数据处理系统,该安全数据处理系统包括第二方面或第 三方面所述的安全数据处理装置。In a fourth aspect, a secure data processing system is provided. The secure data processing system includes the secure data processing device described in the second or third aspect.
第五方面,提供一种计算机可读存储介质,计算机可读存储介质包括计算机程序或指令,当计算机程序或指令在计算机上运行时,使得计算机执行第一方面中任意一种可能的实现方式所述的安全数据处理方法,所述计算机包括第一处理核和第二处理核。In a fifth aspect, a computer-readable storage medium is provided. The computer-readable storage medium includes a computer program or instruction. When the computer program or instruction runs on a computer, the computer executes any one of the possible implementation methods in the first aspect. In the secure data processing method described above, the computer includes a first processing core and a second processing core.
第六方面,提供一种计算机程序产品,计算机程序产品包括:计算机程序或指令,当计算机程序或指令在计算机上运行时,使得计算机执行第一方面中任意一种可能的实现方式所述的安全数据处理方法,所述计算机包括第一处理核和第二处理核。In a sixth aspect, a computer program product is provided. The computer program product includes: a computer program or instruction, which when the computer program or instruction runs on a computer, causes the computer to execute the security described in any one of the possible implementation manners in the first aspect In a data processing method, the computer includes a first processing core and a second processing core.
图1为本申请实施例提供的安全数据处理系统的架构示意图;FIG. 1 is a schematic diagram of the architecture of a secure data processing system provided by an embodiment of the application;
图2为本申请实施例提供的安全数据处理方法的流程示意图一;FIG. 2 is a first schematic flowchart of a secure data processing method provided by an embodiment of this application;
图3为本申请实施例提供的安全数据处理装置的结构示意图一;FIG. 3 is a first structural diagram of a secure data processing device provided by an embodiment of the application;
图4为本申请实施例提供的安全数据处理方法的流程示意图二;FIG. 4 is a second schematic flowchart of a secure data processing method provided by an embodiment of this application;
图5为本申请实施例提供的安全数据处理方法的流程示意图三;FIG. 5 is a third schematic flowchart of a secure data processing method provided by an embodiment of this application;
图6为本申请实施例提供的安全数据处理装置的结构示意图二;FIG. 6 is a second structural diagram of a secure data processing device provided by an embodiment of this application;
图7为本申请实施例提供的安全数据处理装置的结构示意图三。FIG. 7 is a third structural diagram of a secure data processing device provided by an embodiment of the application.
下面将结合附图,对本申请中的技术方案进行描述。在本申请中,“至少一个”是指一个或者多个,“多个”是指两个或两个以上。“和/或”,描述关联对象的关联关系,表示可以存在三种关系,例如,A和/或B,可以表示:单独存在A,同时存在A和B,单独存在B的情况,其中A,B可以是单数或者复数。字符“/”一般表示前后关联对象是一种“或”的关系。“以下至少一项(个)”或其类似表达,是指的这些项中的任意组合,包括单项(个)或复数项(个)的任意组合。例如,a,b或c中的至少一项(个),可以表示:a,b,c,a-b,a-c,b-c或a-b-c,其中a、b和c可以是单个,也可以是多个。The technical solution in this application will be described below in conjunction with the accompanying drawings. In this application, "at least one" refers to one or more, and "multiple" refers to two or more. "And/or" describes the association relationship of the associated objects, indicating that there can be three relationships, for example, A and/or B, which can mean: A alone exists, A and B exist at the same time, and B exists alone, where A, B can be singular or plural. The character "/" generally indicates that the associated objects before and after are in an "or" relationship. "The following at least one item (a)" or similar expressions refers to any combination of these items, including any combination of a single item (a) or a plurality of items (a). For example, at least one of a, b, or c can mean: a, b, c, a-b, a-c, b-c or a-b-c, where a, b, and c can be single or multiple.
本申请将围绕可包括多个设备、组件、模块等的系统来呈现各个方面、实施例或特征。应当理解和明白的是,各个系统可以包括另外的设备、组件、模块等,并且/或者可以并不包括结合附图讨论的所有设备、组件、模块等。此外,还可以使用这些方案的组合。This application will present various aspects, embodiments, or features around a system that may include multiple devices, components, modules, and the like. It should be understood and understood that each system may include additional devices, components, modules, etc., and/or may not include all the devices, components, modules, etc. discussed in conjunction with the accompanying drawings. In addition, a combination of these schemes can also be used.
另外,在本申请实施例中,“示例地”、“例如”等词用于表示作例子、例证或说明。本申请中被描述为“示例”的任何实施例或设计方案不应被解释为比其它实施例或设计方案更优选或更具优势。确切而言,使用示例的一词旨在以具体方式呈现概念。In addition, in the embodiments of the present application, words such as "exemplary" and "for example" are used to represent examples, illustrations, or illustrations. Any embodiment or design solution described as an "example" in this application should not be construed as being more preferable or advantageous than other embodiments or design solutions. Rather, the term example is used to present the concept in a concrete way.
图1为本申请实施例提供的安全数据处理方法所适用的安全数据处理系统的架构示意图。为便于理解本申请实施例,首先以图1中示出的安全数据处理系统的架构为例详细说明适用于本申请实施例的安全数据处理系统的架构。安全数据处理系统可以是采用SMT技术的Intel架构的CPU,也可以是采用SMT技术的ARM架构的CPU,还可以是其他采用SMT技术的CPU。应当指出的是,本申请实施例中的方案还可以应用于其他架构的安全数据处理系统中。当然,本实施例中以CPU为例做介绍,但本方案不限于此,而是可扩展至其他类型处理器。FIG. 1 is a schematic structural diagram of a secure data processing system to which the secure data processing method provided in an embodiment of the application is applicable. To facilitate the understanding of the embodiments of the present application, first, the architecture of the secure data processing system shown in FIG. 1 is taken as an example to describe in detail the architecture of the secure data processing system applicable to the embodiments of the present application. The secure data processing system can be an Intel architecture CPU using SMT technology, an ARM architecture CPU using SMT technology, or other CPUs using SMT technology. It should be noted that the solutions in the embodiments of the present application can also be applied to secure data processing systems of other architectures. Of course, in this embodiment, a CPU is taken as an example for introduction, but this solution is not limited to this, but can be extended to other types of processors.
如图1所示,该安全数据处理系统包括硬件层和软件层。其中,硬件层可以包括第一处理核、第二处理核。可以理解,本申请的方案可以包括更多的处理核,后续实施例仅以2个处理核为例作介绍。可选地,该硬件层还可以包括控制电路。软件层可以包括非可信执行环境(rich execution environment,REE,又称为富执行环境)、可信执行环境(trusted execution environment,TEE)、安全处理核调度模块。其中,REE环境可以称为普通模式或非安全模式,包括安卓或Windows环境,TEE环境可以称为安全模式,安全处理核调度模块可以包括:活动处理核调度模块、空闲处理核调度模块和安全处理核同步控制模块。As shown in Figure 1, the secure data processing system includes a hardware layer and a software layer. Among them, the hardware layer may include a first processing core and a second processing core. It can be understood that the solution of the present application may include more processing cores, and the subsequent embodiments only take two processing cores as an example for introduction. Optionally, the hardware layer may also include a control circuit. The software layer may include an untrusted execution environment (REE, also known as a rich execution environment), a trusted execution environment (TEE), and a security processing core scheduling module. Among them, REE environment can be called normal mode or non-secure mode, including Android or Windows environment, TEE environment can be called security mode, and the security processing core scheduling module can include: active processing core scheduling module, idle processing core scheduling module, and safe processing Nuclear synchronization control module.
下面对安全数据处理系统的硬件层的各部件分别进行具体介绍。其中,第一处理核执行第一线程,第二处理核执行第二线程。可选地,该安全数据处理系统可以包括两个以上处理核,该两个以上处理核均可以在REE环境中执行各自对应的线程,本申请不对此进行限定。可选地,第一处理核可以包括第一同步电路,第二处理核可以包括第二同步电路,第一同步电路和第二同步电路的具体实现方式可参照下述S203,此处不再赘述。The components of the hardware layer of the secure data processing system are specifically introduced below. Among them, the first processing core executes the first thread, and the second processing core executes the second thread. Optionally, the secure data processing system may include more than two processing cores, and each of the two or more processing cores may execute respective corresponding threads in the REE environment, which is not limited in this application. Optionally, the first processing core may include a first synchronization circuit, and the second processing core may include a second synchronization circuit. For the specific implementation of the first synchronization circuit and the second synchronization circuit, refer to the following S203, which will not be repeated here. .
控制电路可以用于实现各处理核间的通信交互,如实现进程间通信,具体地,控制电路接收处理核发送的该处理核需要切换至TEE环境的事件,触发其它处理核暂停或恢复执行对应的线程,而不需要彻底关闭SMT模式,而是允许其它处理核在SMT使能的情况下暂停工作或重新恢复。示例性地,控制电路可用于实现第一处理核指示第二处理核暂停或恢复执行第二线程。可选地,控制电路可以包括安全模式同步模块或中断控制器(图1中未示出),安全模式同步模块或中断控制器的具体实现方式可参照下述S203,此处不再赘述。The control circuit can be used to realize the communication interaction between the processing cores, such as inter-process communication. Specifically, the control circuit receives the event sent by the processing core that the processing core needs to switch to the TEE environment, and triggers other processing cores to suspend or resume execution. The thread does not need to completely shut down the SMT mode, but allows other processing cores to suspend or resume work when SMT is enabled. Exemplarily, the control circuit may be used to realize that the first processing core instructs the second processing core to suspend or resume the execution of the second thread. Optionally, the control circuit may include a safe mode synchronization module or an interrupt controller (not shown in FIG. 1), and the specific implementation of the safe mode synchronization module or interrupt controller can refer to the following S203, which will not be repeated here.
下面对安全数据处理系统的软件层包括的软件模块分别进行具体介绍。其中,非可信执行环境也可以称为富执行环境,处理核可以在非可信执行环境中执行对应的线程。例如,第一处理核在非可信执行环境中执行第一线程,第二处理核在非可信执行环境中执行第二线程。The software modules included in the software layer of the secure data processing system are specifically introduced below. Among them, the non-trusted execution environment can also be referred to as a rich execution environment, and the processing core can execute corresponding threads in the non-trusted execution environment. For example, the first processing core executes the first thread in the untrusted execution environment, and the second processing core executes the second thread in the untrusted execution environment.
可信执行环境隔离于非可信执行环境,可用于敏感信息的保护。处理核可以在可信执行环境中执行安全业务代码,例如可以进行指纹验证、身份验证等。The trusted execution environment is isolated from the untrusted execution environment and can be used to protect sensitive information. The processing core can execute secure business code in a trusted execution environment, for example, fingerprint verification, identity verification, etc. can be performed.
活动处理核调度模块,可以用于调度主动请求由REE环境切换至TEE环境的处理核进入TEE环境。例如,第一处理核需要由REE环境切换至TEE环境的时,执行活动处理核调度模块的代码,切换至TEE环境。The active processing core scheduling module can be used to schedule processing cores that actively request to switch from the REE environment to the TEE environment to enter the TEE environment. For example, when the first processing core needs to switch from the REE environment to the TEE environment, the code of the active processing core scheduling module is executed to switch to the TEE environment.
空闲处理核调度模块,可以用于调度主动请求切换至TEE环境的处理核以外的其它处理核切换至TEE环境。例如,若第一处理核为主动请求切换至TEE环境的处理核,则第二处理核可以执行空闲处理核调度模块的代码,进入TEE环境。The idle processing core scheduling module can be used to schedule processing cores other than the processing core that actively requests to switch to the TEE environment to switch to the TEE environment. For example, if the first processing core is a processing core that actively requests to switch to the TEE environment, the second processing core may execute the code of the idle processing core scheduling module to enter the TEE environment.
安全处理核同步控制模块,是硬件层的控制电路的驱动,可以触发控制电路产生相应动作。例如,触发控制电路指示第二处理核暂停执行第二线程。此方案不需要彻底关闭SMT模式,而是允许第二处理核在SMT使能的情况下暂停工作或在后续重新恢复。The security processing core synchronization control module is the drive of the control circuit of the hardware layer and can trigger the control circuit to produce corresponding actions. For example, the trigger control circuit instructs the second processing core to suspend execution of the second thread. This solution does not need to completely close the SMT mode, but allows the second processing core to suspend work or resume afterwards when SMT is enabled.
应理解,图1仅为便于理解而示例的简化示意图,该安全数据处理系统的架构示意图中还可以包括其他部件/单元,图1中未予以画出。下面将结合图2-图5对本申请 实施例提供的安全数据处理方法进行具体阐述。It should be understood that FIG. 1 is only a simplified schematic diagram of an example for ease of understanding, and the schematic structural diagram of the secure data processing system may also include other components/units, which are not shown in FIG. 1. The secure data processing method provided by the embodiment of the present application will be described in detail below in conjunction with Figures 2 to 5.
图2为本申请实施例提供的安全数据处理方法的流程示意图一。该安全数据处理方法可以适用于图1所示的硬件层的各部件之间的通信。如图2所示,该安全数据处理方法包括如下步骤:S201,第一处理核在普通模式下执行第一线程,第二处理核在普通模式下执行第二线程。可选地,普通模式可以是图1中示出的REE环境,普通模式还可以称为非安全模式,REE环境为通用的运行环境,处理核可以在REE环境中执行对应的线程。可选地,第一处理核和第二处理核可以是物理核或逻辑核。FIG. 2 is a first schematic flowchart of a secure data processing method provided by an embodiment of this application. The secure data processing method can be applied to the communication between the various components of the hardware layer shown in FIG. 1. As shown in FIG. 2, the secure data processing method includes the following steps: S201, the first processing core executes the first thread in the normal mode, and the second processing core executes the second thread in the normal mode. Optionally, the normal mode may be the REE environment shown in FIG. 1, the normal mode may also be referred to as an unsafe mode, the REE environment is a general operating environment, and the processing core may execute the corresponding thread in the REE environment. Optionally, the first processing core and the second processing core may be physical cores or logical cores.
下面结合图3对物理核和逻辑核进行介绍。本申请实施例提供的安全数据处理方法可以应用于安全数据处理装置,图3为本申请实施例提供的安全数据处理装置的结构示意图一。The physical core and logical core will be introduced below in conjunction with Figure 3. The secure data processing method provided by the embodiment of the present application can be applied to a secure data processing device. FIG. 3 is a structural schematic diagram 1 of the secure data processing device provided in an embodiment of the present application.
如图3所示,安全数据处理装置可以包括一个或多个物理核,如物理核0、物理核1。每个物理核可以包括一个或多个逻辑核,如逻辑核0、逻辑核1。其中,每个物理核均可以包括物理资源,即对应电路硬件核。具体地,该物理资源可以包括如下至少一个:一级指令缓存(L1 Instruction Cache),一级数据缓存(L1 data cache),缓存堆(cache bank)、转址旁路缓存(translation lookaside buffer,TLB),计算单元(vector unit),加载/存储缓存(load/store buffer),端口连接(port connection)等。物理核包括的逻辑核可以共享该物理资源,如,逻辑核0、逻辑核1可以共享物理核的物理资源,可以提高系统性能并降低功耗。应理解,图3仅为便于理解而示例的简化示意图,该安全数据处理装置的结构示意图中还可以包括其他部件/单元,图3中未予以画出。逻辑核的具体定义可以参照现有技术描述。As shown in FIG. 3, the secure data processing device may include one or more physical cores, such as physical core 0 and physical core 1. Each physical core may include one or more logical cores, such as logical core 0 and logical core 1. Among them, each physical core may include physical resources, that is, a corresponding circuit hardware core. Specifically, the physical resource may include at least one of the following: Level 1 instruction cache (L1 Instruction Cache), Level 1 data cache (L1 data cache), cache bank, translation lookaside buffer, TLB ), computing unit (vector unit), load/store buffer, port connection, etc. The logical cores included in the physical core can share the physical resource. For example, the logical core 0 and the logical core 1 can share the physical resources of the physical core, which can improve system performance and reduce power consumption. It should be understood that FIG. 3 is only a simplified schematic diagram for ease of understanding. The schematic structural diagram of the secure data processing device may also include other components/units, which are not shown in FIG. 3. The specific definition of the logic core can be described with reference to the prior art.
S202,第一处理核在需要切换至安全模式时暂停执行第一线程。可选地,安全模式可以是图1中示出的TEE环境,可以在TEE环境中进行指纹验证、身份验证等。也就是说,当第一线程需要使用TEE服务时,第一处理核通过第一线程调用安全监控调用(secure monitor call,SMC)指令,从而确定第一处理核需要切换至安全模式,暂停在普通模式下执行的第一线程。S202: The first processing core suspends execution of the first thread when it needs to switch to the safe mode. Optionally, the security mode may be the TEE environment shown in FIG. 1, and fingerprint verification, identity verification, etc. may be performed in the TEE environment. In other words, when the first thread needs to use the TEE service, the first processing core invokes the secure monitor call (SMC) instruction through the first thread, thereby determining that the first processing core needs to switch to the safe mode and pause in the normal mode. The first thread of execution in the mode.
S203,第一处理核指示第二处理核暂停执行第二线程。需要说明的是,第二处理核可以在需要切换至安全模式时,先暂停执行第一线程,然后再指示第二处理核暂停执行第二线程。或者,第二处理核可以在需要切换至安全模式时,先指示第二处理核暂停执行第二线程,再暂停自身执行的第一线程。也就是说,本申请不对上述S202和S203的先后顺序进行限定。S203: The first processing core instructs the second processing core to suspend execution of the second thread. It should be noted that the second processing core may first suspend the execution of the first thread when it needs to switch to the safe mode, and then instruct the second processing core to suspend the execution of the second thread. Alternatively, the second processing core may first instruct the second processing core to suspend the execution of the second thread when it needs to switch to the safe mode, and then suspend the execution of the first thread by itself. That is to say, this application does not limit the sequence of the foregoing S202 and S203.
在一种可能的设计方案中,上述S203,第一处理核指示第二处理核暂停执行第二线程,可以包括下述步骤一至步骤二。In a possible design solution, in the foregoing S203, the first processing core instructs the second processing core to suspend the execution of the second thread, which may include the following steps 1 to 2.
步骤一,第一处理核向控制电路发送第一指示信息。可选地,第一指示信息可以用于指示第一处理核需要切换至安全模式。或者,第一指示信息可以用于指示第二处理核暂停执行第二线程。Step 1: The first processing core sends first instruction information to the control circuit. Optionally, the first indication information may be used to indicate that the first processing core needs to switch to the safe mode. Alternatively, the first indication information may be used to instruct the second processing core to suspend execution of the second thread.
也就是说,第一处理核可以向控制电路发送其自身将要进行的动作,以供控制电路确定下述第二指示信息。或者,第一处理核可以直接根据自身的状态向控制电路发送对第二处理核的指示信息,控制电路直接转发第一处理核对第二处理核的指示信息,即此时下述第二指示信息与第一指示信息相同。In other words, the first processing core may send its own actions to be performed to the control circuit for the control circuit to determine the following second instruction information. Alternatively, the first processing core may directly send the instruction information to the second processing core to the control circuit according to its own state, and the control circuit directly forwards the instruction information of the first processing check to the second processing core, that is, the following second instruction information is at this time and The first indication information is the same.
步骤二,控制电路响应于第一指示信息向第二处理核发送第二指示信息。可选地,第二指示信息可以用于指示第二处理核暂停执行第二线程。可选地,第二指示信息可以包括同步信号,或安全中断,或非安全中断。其中,同步信号可以用于指示第二处理核切换至安全模式,安全中断可以用于指示第二处理核切换至安全模式,非安全中断可以用于指示第二处理核在普通模式下进入第一低功耗状态。在所述第一低功耗状态下第二处理核的功耗低于第二处理核正常工作状态的功耗。Step 2: The control circuit sends second instruction information to the second processing core in response to the first instruction information. Optionally, the second indication information may be used to instruct the second processing core to suspend execution of the second thread. Optionally, the second indication information may include a synchronization signal, or a safety interrupt, or a non-safe interrupt. Among them, the synchronization signal can be used to instruct the second processing core to switch to the safe mode, the safety interrupt can be used to instruct the second processing core to switch to the safe mode, and the non-safe interrupt can be used to instruct the second processing core to enter the first mode in the normal mode. Low power consumption state. The power consumption of the second processing core in the first low power consumption state is lower than the power consumption of the second processing core in a normal working state.
进一步地,控制电路可以包括:安全模式同步模块或中断控制器。以安全模式同步模块为例,在一种可能的设计方案中,上述S203,第一处理核指示第二处理核暂停执行第二线程,可以包括下述步骤三至步骤四。Further, the control circuit may include: a safe mode synchronization module or an interrupt controller. Taking the safe mode synchronization module as an example, in a possible design solution, in the foregoing S203, the first processing core instructs the second processing core to suspend execution of the second thread, which may include the following steps three to four.
步骤三,第一处理核向安全模式同步模块发送第一指示信息。可选地,关于第一指示信息的具体实现方式可参照上述步骤一,此处不再赘述。具体地,安全模式同步模块可以用于当一个处理核需要或已经切换至安全模式时,触发其它处理核切换至安全模式。例如,若第一处理核需要或已经切换至安全模式,则触发第二处理核切换至安全模式。Step 3: The first processing core sends first instruction information to the security mode synchronization module. Optionally, for the specific implementation of the first indication information, refer to the above step 1, which will not be repeated here. Specifically, the safe mode synchronization module can be used to trigger other processing cores to switch to the safe mode when one processing core needs or has switched to the safe mode. For example, if the first processing core needs or has been switched to the safe mode, the second processing core is triggered to switch to the safe mode.
步骤四,安全模式同步模块响应于第一指示信息,向第二处理核发送第二指示信息。可选地,第二指示信息可以为同步信号,关于第二指示信息的具体实现方式可参照上述步骤二,此处不再赘述。Step 4: The security mode synchronization module responds to the first instruction information and sends second instruction information to the second processing core. Optionally, the second indication information may be a synchronization signal. For the specific implementation of the second indication information, refer to the above step two, which will not be repeated here.
需要说明的是,切换安全模式的方式包括同步切换和异步切换。其中,处理核通过SMC指令进入安全模式,通过异常指令退出安全模式的方式被称为同步切换。处理核通过外部中断或异常进入安全模式的方式被称为异步切换。TrustZone技术可以支持同步切换和异步切换,Intel SGX技术仅支持同步切换。It should be noted that the methods for switching the safety mode include synchronous switching and asynchronous switching. Among them, the processing core enters the safe mode through the SMC instruction, and exits the safe mode through the abnormal instruction is called synchronous switching. The way the processing core enters the safe mode through an external interrupt or exception is called asynchronous switching. TrustZone technology can support synchronous handover and asynchronous handover, while Intel SGX technology only supports synchronous handover.
具体地,图2所示的安全数据处理方法,在硬件层的安全模式同步模块的支持下,第一处理核切换至安全模式的方案,延时短,性能开销小,且降低了攻击风险。该方案也适用于同步切换至安全模式的场景和异步切换至安全模式的场景,进而可以保护TrustZone技术、Intel SGX技术的TEE环境,降低攻击风险。Specifically, in the secure data processing method shown in FIG. 2, under the support of the secure mode synchronization module at the hardware layer, the first processing core switches to the secure mode solution, which has short delay, low performance overhead, and reduces the risk of attack. This solution is also suitable for the scenario of synchronously switching to the safe mode and the scenario of asynchronously switching to the safe mode, which can protect the TEE environment of TrustZone technology and Intel SGX technology and reduce the risk of attack.
进一步地,上述任一处理核还可以包括同步电路。例如,第一处理核还可以包括第一同步电路,第二处理核还可以包括第二同步电路。具体地,第一同步电路可以用于第一处理核需要由普通模式切换至安全模式时,主动向安全模式同步模块发送第一指示信息。第二同步电路可以用于接收到第二指示信息时,触发第二处理核暂停执行对应的线程。Further, any of the aforementioned processing cores may also include a synchronization circuit. For example, the first processing core may also include a first synchronization circuit, and the second processing core may also include a second synchronization circuit. Specifically, the first synchronization circuit may be used to actively send the first indication information to the safe mode synchronization module when the first processing core needs to switch from the normal mode to the safe mode. The second synchronization circuit may be used to trigger the second processing core to suspend execution of the corresponding thread when the second instruction information is received.
需要说明的是,图2所示的安全数据切换方法,是以第一处理核主动切换至安全模式为例说明的。应理解,若第二处理核主动切换至安全模式,第二处理核可以执行图2所示的安全数据切换方法中第一处理核的功能,第一处理核可以执行图2所示的安全数据切换方法中第二处理核的功能。同样,第二同步电路可以执行图2所示的安全数据切换方法中第一同步电路的功能,第一同步电路可以执行图2所示的安全数据切换方法中第二同步电路的功能。It should be noted that the safe data switching method shown in FIG. 2 is illustrated by taking the first processing core to actively switch to the safe mode as an example. It should be understood that if the second processing core actively switches to the safe mode, the second processing core can perform the functions of the first processing core in the safe data switching method shown in FIG. 2, and the first processing core can execute the safe data shown in FIG. The function of the second processing core in the switching method. Similarly, the second synchronization circuit may perform the function of the first synchronization circuit in the secure data switching method shown in FIG. 2, and the first synchronization circuit may perform the function of the second synchronization circuit in the secure data switching method shown in FIG. 2.
进一步地,在一种可能的设计方案中,上述S203,第一处理核指示第二处理核暂停执行第二线程,可以包括下述步骤五至步骤六。步骤五,第一处理核的第一同步电路向安全模式同步模块发送第一指示信息。关于第一指示信息的具体实现方式可参照 上述步骤一,此处不再赘述。Further, in a possible design solution, in the foregoing S203, the first processing core instructs the second processing core to suspend the execution of the second thread, which may include the following steps five to six. Step 5: The first synchronization circuit of the first processing core sends the first indication information to the safe mode synchronization module. For the specific implementation of the first indication information, refer to the above step 1, which will not be repeated here.
步骤六,安全模式同步模块响应于第一指示信息,向第二处理核的第二同步电路发送第二指示信息。可选地,第二指示信息可以用于指示第二处理核暂停执行第二线程。可选地,第二指示信息可以为同步信号,关于第二指示信息的具体实现方式可参照上述步骤二,此处不再赘述。Step 6. The security mode synchronization module responds to the first instruction information and sends the second instruction information to the second synchronization circuit of the second processing core. Optionally, the second indication information may be used to instruct the second processing core to suspend execution of the second thread. Optionally, the second indication information may be a synchronization signal. For the specific implementation of the second indication information, refer to the above step two, which will not be repeated here.
也就是说,同步电路,可以监控该同步电路对应的处理核的切换安全模式的事件,并将该事件发送给安全模式同步模块,以使安全模式同步模块指示其它处理核暂停执行线程,并且也可以用于接收安全模式同步模块发送的暂停执行线程的指示信息,触发处理核暂停执行对应的线程。In other words, the synchronization circuit can monitor the security mode switching event of the processing core corresponding to the synchronization circuit, and send the event to the security mode synchronization module, so that the security mode synchronization module instructs other processing cores to suspend execution threads, and also It can be used to receive the instruction information of suspending the execution thread sent by the safe mode synchronization module, and trigger the processing core to suspend the execution of the corresponding thread.
以中断控制器为例,在另一种可能的设计方案中,上述S203,第一处理核指示第二处理核暂停执行第二线程,可以包括下述步骤七至步骤八。步骤七,第一处理核向中断控制器发送第一指示信息。关于第一指示信息的具体实现方式可参照上述步骤一,此处不再赘述。Taking the interrupt controller as an example, in another possible design solution, in the foregoing S203, the first processing core instructs the second processing core to suspend the execution of the second thread, which may include the following steps 7 to 8. Step 7, the first processing core sends the first indication information to the interrupt controller. For the specific implementation of the first indication information, refer to the above step 1, which will not be repeated here.
具体地,中断控制器可以用于产生处理器间中断(inter processor interrupt,IPI),一个处理核可以通过中断控制器向其他处理核发送中断,中断控制器可以包括数据总线缓冲器、读/写电路、寄存器等部件。Specifically, the interrupt controller can be used to generate inter-processor interrupt (IPI). One processing core can send interrupts to other processing cores through the interrupt controller. The interrupt controller can include data bus buffers and read/write. Circuits, registers and other components.
步骤八,中断控制器响应于第一指示信息,向第二处理核发送第二指示信息。可选地,第二指示信息可以为安全中断或非安全中断,关于第二指示信息的具体实现方式可参照上述步骤二,此处不再赘述。Step 8. The interrupt controller sends second instruction information to the second processing core in response to the first instruction information. Optionally, the second indication information may be a secure interrupt or a non-secure interrupt. For the specific implementation of the second indication information, refer to the above step two, which will not be repeated here.
需要说明的是,图2所示的安全数据处理方法,在硬件层的中断控制器的支持下,适用于异步切换至安全模式的场景,可以保护TrustZone技术的TEE环境,降低攻击风险。It should be noted that the secure data processing method shown in Figure 2 is supported by the interrupt controller at the hardware layer and is suitable for asynchronous switching to the secure mode scenario, which can protect the TEE environment of the TrustZone technology and reduce the risk of attack.
S204,第二处理核根据第一处理核的指示暂停执行第二线程。在一种可能的设计方案中,在第二处理核根据第一处理核的指示暂停执行第二线程后,图2中所示的安全数据处理方法还可以包括:第二处理核切换至安全模式,或第二处理核在普通模式下进入第一低功耗状态。S204: The second processing core suspends execution of the second thread according to the instruction of the first processing core. In a possible design solution, after the second processing core suspends the execution of the second thread according to the instruction of the first processing core, the secure data processing method shown in FIG. 2 may further include: the second processing core switches to the safe mode , Or the second processing core enters the first low power consumption state in the normal mode.
进一步地,在一种可能的设计方案中,上述第二处理核切换至安全模式,可以包括如下步骤九至步骤十一。步骤九,第二处理核接收来自于安全模式同步模块的第二指示信息。可选地,第二指示信息可以为同步信号,同步信号可以用于指示第二处理核切换至安全模式。步骤十,第二处理核暂停执行第二线程。步骤十一,第二处理核切换至安全模式。Further, in a possible design solution, the above-mentioned second processing core is switched to the safe mode, which may include the following steps nine to eleven. Step 9: The second processing core receives the second instruction information from the security mode synchronization module. Optionally, the second indication information may be a synchronization signal, and the synchronization signal may be used to instruct the second processing core to switch to the safe mode. Step 10: The second processing core suspends the execution of the second thread. Step eleven, the second processing core switches to the safe mode.
在另一种可能的设计方案中,上述第二处理核切换至安全模式,可以包括如下步骤十二至步骤十四。步骤十二,第二处理核接收来自于中断控制器的第二指示信息。可选地,第二指示信息可以为安全中断,安全中断可以用于指示第二处理核切换至安全模式。步骤十三,第二处理核暂停执行第二线程。步骤十四,第二处理核切换至安全模式。In another possible design solution, the above-mentioned second processing core is switched to the safe mode, which may include the following steps twelve to fourteen. Step 12: The second processing core receives the second instruction information from the interrupt controller. Optionally, the second indication information may be a safe interrupt, and the safe interrupt may be used to instruct the second processing core to switch to the safe mode. In step 13, the second processing core suspends the execution of the second thread. Step 14, the second processing core switches to the safe mode.
也就是说,安全模式同步模块和中断控制器均可以指示第二处理核进入安全模式,如此,可以消除第一处理核在安全模式处理第一信息时,第二处理核带来的攻击风险,从而提高系统安全性。That is to say, both the safe mode synchronization module and the interrupt controller can instruct the second processing core to enter the safe mode. In this way, the attack risk caused by the second processing core when the first processing core processes the first information in the safe mode can be eliminated. Thereby improving system security.
在一种可能的设计方案中,上述第二处理核在普通模式下进入第一低功耗状态,可以包括如下步骤十五至步骤十七。步骤十五,第二处理核接收来自于中断控制器的第二指示信息。可选地,第二指示信息可以为非安全中断,非安全中断可以用于指示第二处理核在普通模式下进入第一低功耗状态。步骤十六,第二处理核暂停执行第二线程。步骤十七,第二处理核在普通模式下进入第一低功耗状态。In a possible design solution, the above-mentioned second processing core enters the first low power consumption state in the normal mode, which may include the following steps 15 to 17. Step 15: The second processing core receives the second instruction information from the interrupt controller. Optionally, the second indication information may be a non-secure interrupt, and the non-secure interrupt may be used to instruct the second processing core to enter the first low power consumption state in the normal mode. Step 16, the second processing core suspends the execution of the second thread. Step 17, the second processing core enters the first low power consumption state in the normal mode.
也就是说,中断控制器均可以指示在普通模式下进入第一低功耗状态,如此,可以消除第一处理核在安全模式处理第一信息时,第二处理核带来的攻击风险,从而提高系统安全性。That is to say, the interrupt controller can instruct to enter the first low power consumption state in the normal mode. In this way, the attack risk caused by the second processing core when the first processing core processes the first information in the safe mode can be eliminated, thereby Improve system security.
S205,第一处理核从普通模式切换至安全模式以处理第一信息。可选地,第一信息可以包括用户名、密钥、用户数据、系统关键数据等敏感信息,本实施例对此不限定。S205: The first processing core switches from the normal mode to the safe mode to process the first information. Optionally, the first information may include sensitive information such as a username, a key, user data, and key system data, which is not limited in this embodiment.
在一种可能的设计方案中,在第二处理核切换至安全模式后,图2中所示的安全数据处理方法还可以包括:S206,第二处理核在安全模式下进入第二低功耗状态,或第二处理核在安全模式下处理第二信息。其中,第二信息可以包括用户名、密钥、用户数据、系统关键数据等敏感信息,在所述第二低功耗状态下第二处理核的功耗低于第二处理核正常工作状态的功耗。需要说明的是,第二信息可以与第一信息相同,也可以与第一信息不相同。In a possible design solution, after the second processing core is switched to the safe mode, the safe data processing method shown in FIG. 2 may further include: S206, the second processing core enters the second low power consumption in the safe mode Status, or the second processing core processes the second information in the safe mode. Wherein, the second information may include sensitive information such as username, key, user data, key system data, etc. In the second low power consumption state, the power consumption of the second processing core is lower than that of the second processing core in the normal working state. Power consumption. It should be noted that the second information may be the same as or different from the first information.
以第二信息与第一信息相同为例,第二处理核切换至安全模式后,第二处理核可以与第一处理核合并成单核,处理第二信息,该单核相比于第一处理核具有更高的性能,可以提高安全数据处理效率,进而提高系统性能,在该方案下,第二信息可以与第一信息相同,即合并后的单核用于处理第一信息。Taking the same second information as the first information as an example, after the second processing core is switched to the safe mode, the second processing core can be merged with the first processing core into a single core to process the second information. This single core is compared with the first processing core. The processing core has higher performance, which can improve the efficiency of secure data processing, thereby improving system performance. Under this solution, the second information can be the same as the first information, that is, the combined single core is used to process the first information.
以第二信息与第一信息不相同为例,若第二处理核需要进入安全模式处理其自身需要处理的第二信息,则第二处理核切换至安全模式后,可以处理其自身需要处理的第二信息。Taking the second information and the first information as an example, if the second processing core needs to enter the safe mode to process the second information that needs to be processed, the second processing core can process the second information that needs to be processed after switching to the safe mode. Second information.
进一步地,在上述S205,第一处理核从普通模式切换至安全模式以处理第一信息后,图2中所示的安全数据处理方法还可以包括下述S207至S210。S207,第一处理核退出安全模式。也就是说,第一处理核在安全模式下完成处理第一信息后,退出安全模式,回到普通模式。Further, in the above S205, after the first processing core switches from the normal mode to the safe mode to process the first information, the safe data processing method shown in FIG. 2 may further include the following S207 to S210. S207: The first processing core exits the safe mode. That is to say, after the first processing core finishes processing the first information in the safe mode, it exits the safe mode and returns to the normal mode.
S208,第一处理核触发第二处理核恢复执行第二线程。可选地,在S208,第一处理核触发第二处理核恢复执行第二线程前,第一处理核可以触发第二处理核退出安全模式或退出普通模式下的第一低功耗状态。S208: The first processing core triggers the second processing core to resume execution of the second thread. Optionally, in S208, before the first processing core triggers the second processing core to resume execution of the second thread, the first processing core may trigger the second processing core to exit the safe mode or exit the first low power consumption state in the normal mode.
需要说明的是,第一处理核可以先退出安全模式,再触发第二处理核退出安全模式或退出普通模式下的第一低功耗状态。或者,第一处理核可以先触发第二处理核退出安全模式或退出普通模式下的第一低功耗状态,再退出安全模式,本申请对此不进行限定。It should be noted that the first processing core may exit the safe mode first, and then trigger the second processing core to exit the safe mode or exit the first low power consumption state in the normal mode. Alternatively, the first processing core may first trigger the second processing core to exit the safe mode or exit the first low power consumption state in the normal mode, and then exit the safe mode, which is not limited in this application.
S209,第一处理核恢复执行第一线程。需要说明的是,第一处理核可以先触发第二处理核恢复执行第二线程,再恢复执行第一线程。或者,第一处理核可以先恢复执行第一线程,再触发第二处理核恢复执行第二线程。本申请对第一处理核触发第二处理核恢复执行第二线程和恢复执行第一线程的先后顺序不进行限定。S209: The first processing core resumes execution of the first thread. It should be noted that the first processing core may first trigger the second processing core to resume execution of the second thread, and then resume execution of the first thread. Alternatively, the first processing core may resume execution of the first thread first, and then trigger the second processing core to resume execution of the second thread. The present application does not limit the sequence in which the first processing core triggers the second processing core to resume execution of the second thread and resume execution of the first thread.
S210,第二处理核根据第一处理核的触发恢复执行第二线程。也就是说,第一处理核在安全模式完成处理第一信息后,可以退出安全模式,继续在普通模式下执行第一线程,并触发第二处理核恢复执行第二线程,继续发挥系统多线程优势。S210: The second processing core resumes executing the second thread according to the trigger of the first processing core. That is to say, after the first processing core finishes processing the first information in the safe mode, it can exit the safe mode, continue to execute the first thread in the normal mode, and trigger the second processing core to resume the execution of the second thread, and continue to play the multi-threaded system. Advantage.
在一种可能的设计方案中,在上述S207,第一处理核退出安全模式之前,图2中所示的安全数据处理方法还可以包括:第一处理核清除安全模式下的处理第一信息的痕迹。如此,第一处理核完成处理第一信息后,可以清除安全模式下处理第一信息残留在共享硬件资源中的使用痕迹,如,痕迹可以包括处理信息占用的高速缓存、页表缓存、或转址旁路缓存等,清除行为包括进行随机数覆盖,格式化等操作,可以进一步提高系统安全性。In a possible design solution, before the first processing core exits the safe mode in S207, the safe data processing method shown in FIG. 2 may further include: the first processing core clears the processing of the first information in the safe mode trace. In this way, after the first processing core finishes processing the first information, it can clear the remaining usage traces of the first information in the shared hardware resource in the safe mode. For example, the traces can include the cache, page table cache, or transfer occupied by the processing information. Address bypassing cache, etc., clearing actions include random number overwriting, formatting and other operations, which can further improve system security.
在一种可能的设计方案中,在第二处理核退出安全模式之前,图2中所示的安全数据处理方法还可以包括:第二处理核清除安全模式下的处理第二信息的痕迹。也就是说,若第二处理核在安全模式下处理第二信息,第二处理核退出安全模式之前,第二处理核可以清除安全模式下处理第二信息残留在共享硬件资源中的使用痕迹,如,清除行为包括进行随机数覆盖,格式化等操作,进一步提高系统安全性。In a possible design solution, before the second processing core exits the safe mode, the safe data processing method shown in FIG. 2 may further include: the second processing core clears traces of processing the second information in the safe mode. In other words, if the second processing core processes the second information in the safe mode, before the second processing core exits the safe mode, the second processing core can clear the remaining usage traces of the second information processed in the safe mode in the shared hardware resources, For example, the removal behavior includes operations such as random number overwriting, formatting, etc., to further improve system security.
上述图2以硬件层的各部件之间的交互为例,详细说明了本申请实施例提供的安全数据处理方法。下面以硬件层与软件层之间的交互为例,详细说明本申请实施例提供的安全数据处理方法。The foregoing FIG. 2 takes the interaction between the various components of the hardware layer as an example to illustrate in detail the secure data processing method provided by the embodiment of the present application. The following takes the interaction between the hardware layer and the software layer as an example to describe in detail the secure data processing method provided in the embodiments of the present application.
图4为本申请实施例提供的安全数据处理方法的流程示意图二。该安全数据处理方法可以适用于图1所示的硬件层与软件层以及软件层内各模块之间的交互。如图4所示,该安全数据处理方法包括如下步骤:S401,第一处理核执行第一线程,第二处理核执行第二线程。也就是说,第一处理核在普通模式下执行第一线程,第二处理核在普通模式下执行第二线程。Fig. 4 is a second schematic flowchart of a secure data processing method provided by an embodiment of the application. The secure data processing method can be applied to the interaction between the hardware layer and the software layer as well as the modules in the software layer as shown in FIG. 1. As shown in FIG. 4, the secure data processing method includes the following steps: S401, a first processing core executes a first thread, and a second processing core executes a second thread. That is, the first processing core executes the first thread in the normal mode, and the second processing core executes the second thread in the normal mode.
可选地,普通模式可以是图1中示出的REE环境,普通模式还可以称为非安全模式,REE环境为通用的运行环境,处理核可以在REE环境中执行对应的线程。可选地,第一处理核和第二处理核可以是物理核或逻辑核。物理核和逻辑核的具体实现方式可参照上述S201,此处不再赘述。Optionally, the normal mode may be the REE environment shown in FIG. 1, the normal mode may also be referred to as an unsafe mode, the REE environment is a general operating environment, and the processing core may execute the corresponding thread in the REE environment. Optionally, the first processing core and the second processing core may be physical cores or logical cores. For the specific implementation of the physical core and the logical core, refer to the above S201, which will not be repeated here.
S402,第一处理核执行切换指令,以调用活动处理核调度模块。可选地,切换指令可以为SMC指令。也就是说,第一处理核执行SMC指令,以执行活动处理核调度模块的代码,以便活动处理核调度模块调度第一处理核切换至安全模式处理第一信息。可选地,安全模式可以是图1中示出的TEE环境,可以在TEE环境中进行指纹验证、身份验证等。S402: The first processing core executes the switching instruction to call the active processing core scheduling module. Optionally, the switching instruction may be an SMC instruction. That is, the first processing core executes the SMC instruction to execute the code of the active processing core scheduling module, so that the active processing core scheduling module schedules the first processing core to switch to the safe mode to process the first information. Optionally, the security mode may be the TEE environment shown in FIG. 1, and fingerprint verification, identity verification, etc. may be performed in the TEE environment.
S403,第一处理核执行活动处理核调度模块的代码,发送第一指示信息调用安全处理核同步控制模块。可选地,控制电路可以包括:安全模式同步模块或中断控制器。控制电路、第一指示信息、第二指示信息的具体实现方式可参照上述S203,此处不再赘述。在一种可能的设计方案中,第一处理核可以包括第一同步电路,第二处理核可以包括第二同步电路。S403: The first processing core executes the code of the active processing core scheduling module, and sends the first instruction information to call the security processing core synchronization control module. Optionally, the control circuit may include: a safe mode synchronization module or an interrupt controller. For the specific implementation of the control circuit, the first instruction information, and the second instruction information, refer to the foregoing S203, which will not be repeated here. In a possible design solution, the first processing core may include a first synchronization circuit, and the second processing core may include a second synchronization circuit.
上述S403,第一处理核执行活动处理核调度模块的代码,发送第一指示信息调用安全处理核同步控制模块,可以包括下述步骤二十二至步骤二十三。步骤二十二,第一处理核执行活动处理核调度模块的代码,触发第一同步电路发送第一指示信息调用 安全处理核同步控制模块。步骤二十三,安全处理核同步控制模块触发硬件层的安全模式同步模块,向第二处理核的第二同步电路发送第二指示信息。其中,第二指示信息可以为同步信号。In S403, the first processing core executes the code of the active processing core scheduling module, and sends the first instruction information to call the security processing core synchronization control module, which may include the following steps 22 to 23. Step 22: The first processing core executes the code of the active processing core scheduling module, and triggers the first synchronization circuit to send the first indication information to call the security processing core synchronization control module. Step 23: The security processing core synchronization control module triggers the security mode synchronization module of the hardware layer to send second indication information to the second synchronization circuit of the second processing core. Wherein, the second indication information may be a synchronization signal.
需要说明的是,图4所示的安全数据处理方法,在硬件层的安全模式同步模块的支持下,同时适用于同步切换至安全模式的场景和异步切换至安全模式的场景,进而可以保护TrustZone技术、Intel SGX技术的TEE环境,降低攻击风险。It should be noted that the safe data processing method shown in Figure 4 is supported by the safe mode synchronization module at the hardware layer, and is suitable for both synchronously switching to safe mode scenarios and asynchronously switching to safe mode scenarios, thereby protecting TrustZone Technology, Intel SGX technology TEE environment, reduce the risk of attack.
在另一种可能的设计方案中,上述S403,第一处理核执行活动处理核调度模块的代码,发送第一指示信息调用安全处理核同步控制模块,可以包括下述步骤二十四至步骤二十五。步骤二十四,第一处理核执行活动处理核调度模块的代码,发送第一指示信息调用安全处理核同步控制模块。步骤二十五,安全处理核同步控制模块触发中断控制器向第二处理核发送第二指示信息。其中,第二指示信息可以为安全中断。In another possible design solution, the above S403, the first processing core executes the code of the active processing core scheduling module, and sends the first instruction information to call the security processing core synchronization control module, which may include the following steps 24 to 2 fifteen. Step 24: The first processing core executes the code of the active processing core scheduling module, and sends the first instruction information to call the security processing core synchronization control module. Step 25: The security processing core synchronization control module triggers the interrupt controller to send second indication information to the second processing core. Wherein, the second indication information may be a safety interrupt.
需要说明的是,图4所示的安全数据处理方法,在硬件层的中断控制器的支持下,适用于异步切换至安全模式的场景,可以保护TrustZone技术的TEE环境,降低攻击风险。It should be noted that the secure data processing method shown in Figure 4, with the support of the interrupt controller at the hardware layer, is suitable for asynchronous switching to the secure mode scenario, which can protect the TEE environment of the TrustZone technology and reduce the risk of attack.
S404,控制电路向第二处理核发送第二指示信息。在一种可能的设计方案中,第二处理核可以包括第二同步电路,上述S404,控制电路向运行第二处理核发送第二指示信息,可以包括:安全处理核同步控制模块触发硬件层的安全模式同步模块向第二处理核的第二同步电路发送第二指示信息。其中,第二指示信息可以为同步信号。S404: The control circuit sends second indication information to the second processing core. In a possible design solution, the second processing core may include a second synchronization circuit. In the above S404, the control circuit sends the second instruction information to the running second processing core, which may include: the security processing core synchronization control module triggers the hardware layer The safe mode synchronization module sends the second indication information to the second synchronization circuit of the second processing core. Wherein, the second indication information may be a synchronization signal.
在另一种可能的设计方案中,第二处理核不包括第二同步电路,上述S404,控制电路向运行第二处理核发送第二指示信息,可以包括:安全处理核同步控制模块触发中断控制器向第二处理核发送第二指示信息。其中,第二指示信息可以为安全中断。In another possible design solution, the second processing core does not include the second synchronization circuit. In S404, the control circuit sends the second instruction information to the running second processing core, which may include: the security processing core synchronization control module triggers interrupt control The processor sends second indication information to the second processing core. Wherein, the second indication information may be a safety interrupt.
S405,第二处理核暂停执行第二线程,并执行空闲处理核调度模块的代码。在一种可能的设计方案中,第二处理核包括第二同步电路,上述S405,第二处理核暂停执行第二线程,并执行空闲处理核调度模块的代码,可以包括:第二处理核根据第二同步电路接收的第二指示信息,暂停执行第二线程,并执行空闲处理核调度模块的代码,以调度第二处理核切换至安全模式。S405: The second processing core suspends execution of the second thread, and executes the code of the idle processing core scheduling module. In a possible design solution, the second processing core includes a second synchronization circuit. In the above S405, the second processing core suspends execution of the second thread and executes the code of the idle processing core scheduling module, which may include: the second processing core according to The second instruction information received by the second synchronization circuit suspends the execution of the second thread, and executes the code of the idle processing core scheduling module to schedule the second processing core to switch to the safe mode.
在另一种可能的设计方案中,第二处理核不包括第二同步电路,上述S405,第二处理核暂停执行第二线程,并执行空闲处理核调度模块的代码,可以包括:第二处理核暂停执行第二线程,并执行空闲处理核调度模块的代码,以调度第二处理核切换至安全模式。In another possible design solution, the second processing core does not include the second synchronization circuit. In S405, the second processing core suspends the execution of the second thread and executes the code of the idle processing core scheduling module, which may include: second processing The core suspends the execution of the second thread and executes the code of the idle processing core scheduling module to schedule the second processing core to switch to the safe mode.
S406,第二处理核根据空闲处理核调度模块的调度切换至安全模式。S407,空闲处理核调度模块发送第三指示信息调用安全处理核同步控制模块。S406: The second processing core switches to the safe mode according to the scheduling of the idle processing core scheduling module. S407: The idle processing core scheduling module sends third indication information to invoke the security processing core synchronization control module.
可选地,第三指示信息可以用于指示第二处理核已切换至安全模式。也就是说,通知控制电路第二处理核已切换至安全模式,触发控制电路调用活动处理核调度模块,以调度第一处理核切换至安全模式。Optionally, the third indication information may be used to indicate that the second processing core has switched to the safe mode. That is, the control circuit is notified that the second processing core has switched to the safe mode, and the control circuit is triggered to invoke the active processing core scheduling module to schedule the first processing core to switch to the safe mode.
S408,控制电路响应于第三指示信息,发送第四指示信息调用活动处理核调度模块。可选地,第四指示信息可以用于指示第二处理核已切换至安全模式,或者用于指示活动处理核调度模块调度第一处理核从普通模式切换至安全模式以处理第一信息。S408: In response to the third instruction information, the control circuit sends fourth instruction information to invoke the active processing core scheduling module. Optionally, the fourth indication information may be used to indicate that the second processing core has switched to the safe mode, or used to instruct the active processing core scheduling module to schedule the first processing core to switch from the normal mode to the safe mode to process the first information.
S409,第一处理核根据活动处理核调度模块的调度,从普通模式切换至安全模式 以处理第一信息。可选地,关于第一信息的具体实现方式可参照上述S205,此处不再赘述。S409: The first processing core switches from the normal mode to the safe mode according to the scheduling of the active processing core scheduling module to process the first information. Optionally, for the specific implementation manner of the first information, refer to the foregoing S205, which will not be repeated here.
S410,第二处理核根据空闲处理核调度模块的调度在安全模式下进入第二低功耗状态,或在安全模式下处理第二信息。可选地,关于第二信息的具体实现方式可参照上述S205,此处不再赘述。S410: The second processing core enters the second low power consumption state in the safe mode according to the scheduling of the idle processing core scheduling module, or processes the second information in the safe mode. Optionally, for the specific implementation manner of the second information, refer to the foregoing S205, which will not be repeated here.
S411,第一处理核发送第五指示信息调用安全处理核同步控制模块。其中,第五指示信息可以用于指示第一处理核已完成处理第一信息。也就是说,第一处理核发送第五指示信息调用安全处理核同步控制模块,触发第一处理核调用活动处理核调度模块,并触发第二处理核调用空闲处理核调度模块。S411: The first processing core sends fifth instruction information to call the security processing core synchronization control module. The fifth indication information may be used to indicate that the first processing core has finished processing the first information. That is, the first processing core sends the fifth instruction information to call the security processing core synchronization control module, triggers the first processing core to call the active processing core scheduling module, and triggers the second processing core to call the idle processing core scheduling module.
可选的,在上述S411,第一处理核发送第五指示信息调用安全处理核同步控制模块前,第一处理核可以清除安全模式下的处理第一信息的痕迹,进一步提高数据的安全性。Optionally, in the foregoing S411, before the first processing core sends the fifth instruction information to invoke the security processing core synchronization control module, the first processing core may clear traces of processing the first information in the safe mode, thereby further improving data security.
S412,控制电路响应于第五指示信息,发送第六指示信息调用活动处理核调度模块,发送第七指示信息调用空闲处理核调度模块。可选地,第六指示信息可以用于指示触发第一处理核恢复执行第一线程,第七指示信息可以用于指示触发第二处理核恢复执行第二线程。也就是说,指示第一处理核、第二处理核恢复执行各自对应的线程,继续发挥系统多线程优势。S412: In response to the fifth instruction information, the control circuit sends sixth instruction information to invoke the active processing core scheduling module, and sends seventh instruction information to invoke the idle processing core scheduling module. Optionally, the sixth indication information may be used to indicate that the first processing core is triggered to resume execution of the first thread, and the seventh indication information may be used to indicate that the second processing core is triggered to resume execution of the second thread. In other words, instruct the first processing core and the second processing core to resume execution of their corresponding threads, and continue to take advantage of the system's multithreading.
S413,第一处理核根据活动处理核调度模块的调度退出安全模式,恢复执行第一线程,第二处理核根据空闲处理核调度模块的调度退出安全模式,恢复执行第二线程。可选的,在上述S413,第二处理核根据空闲处理核调度模块的调度退出安全模式,恢复执行第二线程前,第二处理核可以清除安全模式下的处理第二信息的痕迹,进一步提高数据的安全性。S413: The first processing core exits the safe mode according to the scheduling of the active processing core scheduling module and resumes the execution of the first thread, and the second processing core exits the safe mode according to the scheduling of the idle processing core scheduling module and resumes the execution of the second thread. Optionally, in the above S413, the second processing core exits the safe mode according to the scheduling of the idle processing core scheduling module, and before resuming the execution of the second thread, the second processing core can clear the traces of processing the second information in the safe mode to further improve Data security.
图5为本申请实施例提供的安全数据处理方法的流程示意图三。该安全数据处理方法可以适用于图1所示的第一处理核、第二处理核、中断控制器与软件层之间的交互,第二指示信息为非安全中断。如图5所示,该安全数据处理方法包括如下步骤:S501,第一处理核执行第一线程,第二处理核执行第二线程。也就是说,第一处理核在普通模式下执行第一线程,第二处理核在普通模式下执行第二线程。可选地,普通模式可以是图1中示出的REE环境,普通模式还可以称为非安全模式,REE环境为通用的运行环境,处理核可以在REE环境中执行对应的线程。可选地,第一处理核和第二处理核可以是物理核或逻辑核。物理核和逻辑核的具体实现方式可参照上述S201,此处不再赘述。FIG. 5 is a third flowchart of a secure data processing method provided by an embodiment of the application. The secure data processing method may be applicable to the interaction between the first processing core, the second processing core, the interrupt controller, and the software layer shown in FIG. 1, and the second indication information is a non-secure interrupt. As shown in FIG. 5, the secure data processing method includes the following steps: S501, a first processing core executes a first thread, and a second processing core executes a second thread. That is, the first processing core executes the first thread in the normal mode, and the second processing core executes the second thread in the normal mode. Optionally, the normal mode may be the REE environment shown in FIG. 1, the normal mode may also be referred to as an unsafe mode, the REE environment is a general operating environment, and the processing core may execute the corresponding thread in the REE environment. Optionally, the first processing core and the second processing core may be physical cores or logical cores. For the specific implementation of the physical core and the logical core, refer to the above S201, which will not be repeated here.
S502,第一处理核执行切换指令,以调用活动处理核调度模块。可选地,切换指令可以为SMC指令。也就是说,第一处理核执行SMC指令,以执行活动处理核调度模块的代码,以便活动处理核调度模块调度第一处理核切换至安全模式处理第一信息。可选地,安全模式可以是图1中示出的TEE环境,可以在TEE环境中进行指纹验证、身份验证等。S502: The first processing core executes the switching instruction to call the active processing core scheduling module. Optionally, the switching instruction may be an SMC instruction. That is, the first processing core executes the SMC instruction to execute the code of the active processing core scheduling module, so that the active processing core scheduling module schedules the first processing core to switch to the safe mode to process the first information. Optionally, the security mode may be the TEE environment shown in FIG. 1, and fingerprint verification, identity verification, etc. may be performed in the TEE environment.
S503,第一处理核执行活动处理核调度模块的代码,发送第一指示信息调用安全处理核同步控制模块。在一种可能的设计方案中,上述S503,第一处理核执行活动处理核调度模块的代码,发送第一指示信息调用安全处理核同步控制模块,可以包括下 述步骤二十六至步骤二十七。步骤二十六,第一处理核执行活动处理核调度模块的代码,发送第一指示信息调用安全处理核同步控制模块。步骤二十七,安全处理核同步控制模块触发中断控制器向第二处理核发送第二指示信息。其中,第二指示信息可以为非安全中断。可选地,非安全中断可以用于指示第二处理核在普通模式下进入第一低功耗状态。S503: The first processing core executes the code of the active processing core scheduling module, and sends the first instruction information to call the security processing core synchronization control module. In a possible design solution, the above S503, the first processing core executes the code of the active processing core scheduling module, and sends the first instruction information to call the security processing core synchronization control module, which may include the following steps 26 to 20 seven. Step 26: The first processing core executes the code of the active processing core scheduling module, and sends the first instruction information to call the security processing core synchronization control module. Step 27: The security processing core synchronization control module triggers the interrupt controller to send second indication information to the second processing core. Wherein, the second indication information may be a non-secure interrupt. Optionally, the non-secure interrupt may be used to instruct the second processing core to enter the first low power consumption state in the normal mode.
需要说明的是,图5所示的安全数据处理方法,在硬件层的中断控制器的支持下,适用于异步切换至安全模式的场景,可以保护TrustZone技术的TEE环境,降低攻击风险。It should be noted that the secure data processing method shown in Fig. 5, with the support of the interrupt controller at the hardware layer, is suitable for the scenario of asynchronously switching to the secure mode, which can protect the TEE environment of the TrustZone technology and reduce the risk of attack.
S504,中断控制器向第二处理核发送第二指示信息。需要说明的是,与上述S404,控制电路向第二处理核发送第二指示信息中,控制电路为中断控制器时,第二指示信息为安全中断,不同的是,在S504中第二指示信息为非安全中断。其中,安全中断在普通模式下不可屏蔽,非安全中断在普通模式下可屏蔽。S504: The interrupt controller sends second indication information to the second processing core. It should be noted that, in S404, the control circuit sends the second instruction information to the second processing core. When the control circuit is an interrupt controller, the second instruction information is a safe interrupt. The difference is that the second instruction information in S504 It is a non-safe interrupt. Among them, the safety interrupt is not maskable in the normal mode, and the non-safe interrupt can be masked in the normal mode.
S505,第二处理核暂停执行第二线程,并在普通模式下进入第一低功耗状态。如此,第二处理核暂停执行第二线程,并在普通模式下进入第一低功耗状态,可以消除第一处理核在安全模式处理第一信息时,第二处理核带来的攻击风险,从而提高系统安全性。S505: The second processing core suspends the execution of the second thread, and enters the first low power consumption state in the normal mode. In this way, the second processing core suspends the execution of the second thread and enters the first low power consumption state in the normal mode, which can eliminate the attack risk caused by the second processing core when the first processing core processes the first information in the safe mode. Thereby improving system security.
S506,中断控制器发送第八指示信息调用活动处理核调度模块。可选地,第八指示信息可以用于指示第二处理核已在普通模式下进入第一低功耗状态。也就是说,中断控制器发送第八指示信息,以触发中断控制器调用活动处理核调度模块,调度第一处理核切换至安全模式。S506: The interrupt controller sends the eighth instruction information to call the active processing core scheduling module. Optionally, the eighth indication information may be used to indicate that the second processing core has entered the first low power consumption state in the normal mode. That is, the interrupt controller sends the eighth indication information to trigger the interrupt controller to call the active processing core scheduling module to schedule the first processing core to switch to the safe mode.
S507,第一处理核根据活动处理核调度模块的调度,从普通模式切换至安全模式以处理第一信息。可选地,关于第一信息的具体实现方式可参照上述S205,此处不再赘述。S507: The first processing core switches from the normal mode to the safe mode according to the scheduling of the active processing core scheduling module to process the first information. Optionally, for the specific implementation manner of the first information, refer to the foregoing S205, which will not be repeated here.
S508,第一处理核发送第九指示信息调用安全处理核同步控制模块。其中,第九指示信息可以用于指示第一处理核已处理完第一信息。也就是说,第一处理核可以发送第九指示信息调用安全处理核同步控制模块,触发中断控制器调用活动处理核调度模块。S508: The first processing core sends ninth instruction information to invoke the synchronization control module of the security processing core. Wherein, the ninth indication information may be used to indicate that the first processing core has processed the first information. That is, the first processing core may send the ninth instruction information to call the security processing core synchronization control module, and trigger the interrupt controller to call the active processing core scheduling module.
可选的,在上述S508,第一处理核发送第九指示信息调用安全处理核同步控制模块前,第一处理核可以清除安全模式下的处理第一信息的痕迹,进一步提高数据的安全性。Optionally, in the foregoing S508, before the first processing core sends the ninth instruction information to invoke the secure processing core synchronization control module, the first processing core may clear traces of processing the first information in the safe mode, thereby further improving data security.
S509,中断控制器响应于第九指示信息,发送第十指示信息调用活动处理核调度模块。可选地,第十指示信息可以用于指示触发第一处理核恢复执行第一线程。S509: In response to the ninth instruction information, the interrupt controller sends the tenth instruction information to call the active processing core scheduling module. Optionally, the tenth indication information may be used to indicate that the first processing core is triggered to resume execution of the first thread.
S510,第一处理核根据活动处理核调度模块的调度退出安全模式,恢复执行第一线程,第二处理核根据安全处理核同步控制模块的调度退出第一低功耗状态,恢复执行第二线程。如此,第一处理核在安全模式下处理完第一信息后,第一处理核、第二处理核恢复执行各自对应的线程,继续发挥系统多线程优势。S510: The first processing core exits the safe mode according to the scheduling of the active processing core scheduling module and resumes the execution of the first thread. The second processing core exits the first low power consumption state according to the scheduling of the safety processing core synchronization control module and resumes the execution of the second thread. . In this way, after the first processing core has processed the first information in the safe mode, the first processing core and the second processing core resume execution of their corresponding threads, and continue to take advantage of the system's multithreading.
基于图2、图4、图5中任一项所述的安全数据处理方法,当处理核不需要切换至安全模式处理信息时,各处理核均在普通模式下执行各自对应线程,发挥多线程的优势,提高系统性能,当其中一个处理核需要切换至安全模式时,则指示其它处理核暂 停执行对应线程,如第一处理核需要切换至安全模式,则指示第二处理核暂停执行第二线程,可以消除一个处理核在安全模式处理第一信息时,其它处理核恶意利用共享资源竞争条件实施攻击的风险,从而提高系统安全性。此外,本方案无需完全关闭SMT功能,提高了系统性能。Based on the secure data processing method described in any one of Figure 2, Figure 4, and Figure 5, when the processing core does not need to switch to the safe mode to process information, each processing core executes its corresponding thread in the normal mode, giving full play to multi-threading. When one of the processing cores needs to switch to the safe mode, the other processing cores are instructed to suspend the execution of the corresponding thread. If the first processing core needs to switch to the safe mode, the second processing core is instructed to suspend the execution of the second Threads can eliminate the risk that when one processing core processes the first information in a safe mode, other processing cores maliciously use shared resource competition conditions to carry out attacks, thereby improving system security. In addition, this solution does not need to completely turn off the SMT function, which improves system performance.
以上结合图2-图5详细说明了本申请实施例提供的安全数据处理方法。以下结合图6-图7详细说明本申请实施例提供的安全数据处理装置。The secure data processing method provided by the embodiments of the present application is described in detail above with reference to FIGS. 2 to 5. The secure data processing device provided by the embodiment of the present application will be described in detail below with reference to FIGS. 6-7.
图6是本申请实施例提供的安全数据处理装置的结构示意图二。该安全数据处理装置可适用于图1所示出的安全数据处理系统中,执行图2、图4-图5中任一项所示的安全数据处理方法。为了便于说明,图6仅示出了该安全数据处理装置的主要部件。Fig. 6 is a second structural diagram of a secure data processing device provided by an embodiment of the present application. The secure data processing device can be applied to the secure data processing system shown in FIG. 1 to execute the secure data processing method shown in any one of FIG. 2 and FIG. 4 to FIG. 5. For ease of description, FIG. 6 only shows the main components of the secure data processing device.
如图6所示,该安全数据处理装置600包括第一处理核601和第二处理核602。其中,第一处理核601,用于在普通模式下执行第一线程。第二处理核602,用于在普通模式下执行第二线程。第一处理核601,还用于在需要切换至安全模式时暂停执行第一线程。第一处理核601,还用于指示第二处理核602暂停执行第二线程。第二处理核602,还用于根据第一处理核601的指示暂停执行第二线程。第一处理核601,还用于从普通模式切换至安全模式以处理第一信息。As shown in FIG. 6, the secure data processing device 600 includes a first processing core 601 and a second processing core 602. Among them, the first processing core 601 is used to execute the first thread in the normal mode. The second processing core 602 is used to execute the second thread in the normal mode. The first processing core 601 is also used to suspend the execution of the first thread when it is necessary to switch to the safe mode. The first processing core 601 is also used to instruct the second processing core 602 to suspend the execution of the second thread. The second processing core 602 is further configured to suspend the execution of the second thread according to the instruction of the first processing core 601. The first processing core 601 is also used to switch from the normal mode to the safe mode to process the first information.
在一种可能的设计方案中,安全数据处理装置600还可以包括控制电路603。其中,第一处理核601,还用于向控制电路603发送第一指示信息。控制电路603,用于响应于第一指示信息向第二处理核602发送第二指示信息,第二指示信息用于指示第二处理核602暂停执行第二线程。可选地,控制电路603包括:安全模式同步模块或中断控制器(图6中未示出)。In a possible design solution, the secure data processing device 600 may further include a control circuit 603. Wherein, the first processing core 601 is also used to send first instruction information to the control circuit 603. The control circuit 603 is configured to send second instruction information to the second processing core 602 in response to the first instruction information, and the second instruction information is used to instruct the second processing core 602 to suspend execution of the second thread. Optionally, the control circuit 603 includes: a safe mode synchronization module or an interrupt controller (not shown in FIG. 6).
在一种可能的设计方案中,第二处理核602,还用于在根据第一处理核601的指示暂停执行第二线程后,切换至安全模式,或在普通模式下进入第一低功耗状态。在一种可能的设计方案中,第二处理核602,还用于在第二处理核602切换至安全模式后,在安全模式下进入第二低功耗状态,或在安全模式下处理第二信息。In a possible design solution, the second processing core 602 is also used to switch to the safe mode or enter the first low power consumption in the normal mode after suspending the execution of the second thread according to the instruction of the first processing core 601 state. In a possible design solution, the second processing core 602 is also used to enter the second low-power state in the safe mode after the second processing core 602 is switched to the safe mode, or to process the second processing core in the safe mode. information.
在一种可能的设计方案中,第一处理核601,还用于在从普通模式切换至安全模式以处理第一信息后,退出安全模式。第一处理核601,还用于触发第二处理核602恢复执行第二线程。第一处理核601,还用于恢复执行第一线程。第二处理核602,还用于根据第一处理核601的触发恢复执行第二线程。In a possible design solution, the first processing core 601 is also used to exit the safe mode after switching from the normal mode to the safe mode to process the first information. The first processing core 601 is also used to trigger the second processing core 602 to resume execution of the second thread. The first processing core 601 is also used to resume execution of the first thread. The second processing core 602 is further configured to resume execution of the second thread according to the trigger of the first processing core 601.
在一种可能的设计方案中,第一处理核601,还用于在退出安全模式之前,清除安全模式下的处理第一信息的痕迹。同样,若第二处理核602在安全模式下处理第二信息,第二处理核602,还用于在退出安全模式之前,清除安全模式下处理第二信息残留在共享硬件资源中的使用痕迹,提高系统安全性。In a possible design solution, the first processing core 601 is also used to clear traces of processing the first information in the safe mode before exiting the safe mode. Similarly, if the second processing core 602 processes the second information in the safe mode, the second processing core 602 is also used to clear the remaining use traces of the second information in the shared hardware resource in the safe mode before exiting the safe mode. Improve system security.
可选地,第一处理核601和第二处理核602可以是物理核或逻辑核。需要说明的是,安全数据处理装置600可以是处理器,此外,安全数据处理装置600的技术效果可以参考图2、图4-图5中任意一种实现方式所述的安全数据处理方法的技术效果,此处不再赘述。Optionally, the first processing core 601 and the second processing core 602 may be physical cores or logical cores. It should be noted that the secure data processing device 600 may be a processor. In addition, the technical effects of the secure data processing device 600 can refer to the technology of the secure data processing method described in any one of the implementation modes in FIGS. 2 and 4 to 5 The effect will not be repeated here.
图7是本申请实施例提供的安全数据处理装置的结构示意图三。该安全数据处理装置可适用于图1所示出的安全数据处理系统中,执行图2、图4-图5中任一项所示的安全数据处理方法。为了便于说明,图7仅示出了该安全数据处理装置的主要部件。FIG. 7 is a third structural diagram of a secure data processing device provided by an embodiment of the present application. The secure data processing device can be applied to the secure data processing system shown in FIG. 1 to execute the secure data processing method shown in any one of FIG. 2 and FIG. 4 to FIG. 5. For ease of description, FIG. 7 only shows the main components of the secure data processing device.
如图7所示,该安全数据处理装置700包括第一处理模块701和第二处理模块702。其中,第一处理模块701用于实现上述方法实施例所涉及的第一处理核的功能,第二处理模块702用于实现上述方法实施例所涉及的第二处理核的功能。As shown in FIG. 7, the secure data processing device 700 includes a first processing module 701 and a second processing module 702. The first processing module 701 is used to implement the function of the first processing core involved in the foregoing method embodiment, and the second processing module 702 is used to implement the function of the second processing core involved in the foregoing method embodiment.
在一种可能的设计方案中,该安全数据处理装置700还可以包括控制模块703。其中,控制模块703可以用于实现上述方法实施例所涉及的控制电路的功能。In a possible design solution, the secure data processing device 700 may further include a control module 703. Wherein, the control module 703 may be used to implement the functions of the control circuit involved in the foregoing method embodiments.
可选地,安全数据处理装置700还可以包括存储模块(图7中未示出),该存储模块可以为存储器,该存储模块可用于存储实现上述方法实施例所涉及功能的程序指令和数据。当第一处理模块701、第二处理模块702、控制模块703执行该程序或指令时,使得安全数据处理装置700可以执行图2、图4-图5中任一项所示的安全数据处理方法。Optionally, the secure data processing apparatus 700 may further include a storage module (not shown in FIG. 7), the storage module may be a memory, and the storage module may be used to store program instructions and data that implement the functions involved in the foregoing method embodiments. When the first processing module 701, the second processing module 702, and the control module 703 execute the program or instruction, the secure data processing apparatus 700 can execute the secure data processing method shown in any one of FIGS. 2, 4 to 5 .
可选地,安全数据处理装置700还可以包括收发模块(图7中未示出)。该收发模块可以为收发电路或输入/输出端口,该收发模块可用于实现上述方法实施例所涉及的收发功能,收发模块可以包括接收模块和发送模块,本申请对于收发模块的具体实现方式,不做具体限定。Optionally, the secure data processing device 700 may further include a transceiver module (not shown in FIG. 7). The transceiver module may be a transceiver circuit or an input/output port. The transceiver module may be used to implement the transceiver functions involved in the above method embodiments. The transceiver module may include a receiving module and a transmitting module. The specific implementation of the transceiver module in this application is not Make specific restrictions.
需要说明的是,安全数据处理装置700可以是处理器。以上模块的一个或多个可以通过硬件实现,软件实现,或者通过硬件执行相应的软件实现。该硬件或软件包括一个或多个与上述功能相对应的模块或单元。当以上任一模块以软件实现的时候,所述软件以计算机程序指令的方式存在,并被存储在存储器中。此外,安全数据处理装置700的技术效果可以参考图2、图4-图5中任意一种实现方式所述的安全数据处理方法的技术效果,此处不再赘述。It should be noted that the secure data processing device 700 may be a processor. One or more of the above modules can be realized by hardware, software, or by hardware executing corresponding software. The hardware or software includes one or more modules or units corresponding to the above-mentioned functions. When any of the above modules is implemented in software, the software exists in the form of computer program instructions and is stored in the memory. In addition, the technical effect of the secure data processing device 700 may refer to the technical effect of the secure data processing method described in any one of the implementation manners in FIG. 2 and FIG. 4 to FIG. 5, which will not be repeated here.
本申请实施例提供一种安全数据处理系统,所述安全数据处理系统包括之前所述的安全数据处理装置。The embodiment of the present application provides a secure data processing system, and the secure data processing system includes the previously described secure data processing device.
本申请实施例提供一种计算机可读存储介质,该计算机可读存储介质包括计算机程序或指令;当该计算机程序或指令在计算机上运行时,使得该计算机执行上述方法实施例所述的安全数据处理方法,所述计算机包括第一处理核和第二处理核。The embodiment of the present application provides a computer-readable storage medium including a computer program or instruction; when the computer program or instruction runs on a computer, the computer is caused to execute the security data described in the foregoing method embodiment In the processing method, the computer includes a first processing core and a second processing core.
本申请实施例提供一种计算机程序产品,包括计算机程序或指令,当该计算机程序或指令在计算机上运行时,使得该计算机执行上述方法实施例所述的安全数据处理方法,所述计算机包括第一处理核和第二处理核。The embodiment of the present application provides a computer program product, including a computer program or instruction. When the computer program or instruction runs on a computer, the computer is caused to execute the secure data processing method described in the foregoing method embodiment, and the computer includes the first One processing core and second processing core.
应理解,在本申请实施例中设计的处理器可以是之前实施例提到的中央处理单元(central processing unit,CPU),或者该处理器还可以是其他通用处理器、数字信号处理器(digital signal processor,DSP)、专用集成电路(application specific integrated circuit,ASIC)中处理器、现成可编程门阵列(field programmable gate array,FPGA)中处理器,该处理器可进一步包括其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。之前实施例主要以CPU为例介绍,但不用于限定本方案。It should be understood that the processor designed in the embodiments of the present application may be the central processing unit (CPU) mentioned in the previous embodiments, or the processor may also be other general-purpose processors, digital signal processors (digital signal processors). signal processor, DSP), application specific integrated circuit (ASIC) processor, ready-made programmable gate array (field programmable gate array, FPGA) processor, the processor may further include other programmable logic devices, Discrete gates or transistor logic devices, discrete hardware components, etc. The general-purpose processor may be a microprocessor or the processor may also be any conventional processor or the like. The previous embodiment mainly uses the CPU as an example to introduce, but it is not used to limit the solution.
还应理解,本申请实施例中的存储器可以是易失性存储器。其中易失性存储器可以是随机存取存储器(random access memory,RAM),其用作外部高速缓存。通过示例性但不是限制性说明,许多形式的随机存取存储器(random access memory,RAM)可用,例如静态随机存取存储器(static RAM,SRAM)、动态随机存取存储器(DRAM)、 同步动态随机存取存储器(synchronous DRAM,SDRAM)、双倍数据速率同步动态随机存取存储器(double data rate SDRAM,DDR SDRAM)、增强型同步动态随机存取存储器(enhanced SDRAM,ESDRAM)、同步连接动态随机存取存储器(synchlink DRAM,SLDRAM)和直接内存总线随机存取存储器(direct rambus RAM,DR RAM)。It should also be understood that the memory in the embodiments of the present application may be a volatile memory. The volatile memory may be random access memory (RAM), which is used as an external cache. By way of exemplary but not restrictive description, many forms of random access memory (RAM) are available, such as static random access memory (static RAM, SRAM), dynamic random access memory (DRAM), and synchronous dynamic random access memory (DRAM). Access memory (synchronous DRAM, SDRAM), double data rate synchronous dynamic random access memory (double data rate SDRAM, DDR SDRAM), enhanced synchronous dynamic random access memory (enhanced SDRAM, ESDRAM), synchronous connection dynamic random access memory Take memory (synchlink DRAM, SLDRAM) and direct memory bus random access memory (direct rambus RAM, DR RAM).
上述实施例,可以全部或部分地通过软件、硬件(如电路)、固件或其他任意组合来实现。当使用软件实现时,上述实施例可以全部或部分地以计算机程序产品的形式实现。所述计算机程序产品包括一个或多个计算机指令或计算机程序。在计算机上加载或执行所述计算机指令或计算机程序时,全部或部分地产生按照本申请实施例所述的流程或功能。所述计算机可以为通用计算机、专用计算机、计算机网络、或者其他可编程装置。所述计算机指令可以存储在计算机可读存储介质中,或者从一个计算机可读存储介质向另一个计算机可读存储介质传输,例如,所述计算机指令可以从一个网站站点、计算机、服务器或数据中心通过有线(例如红外、无线、微波等)方式向另一个网站站点、计算机、服务器或数据中心进行传输。所述计算机可读存储介质可以是计算机能够存取的任何可用介质或者是包含一个或多个可用介质集合的服务器、数据中心等数据存储设备。所述可用介质可以是磁性介质(例如,软盘、硬盘、磁带)、光介质(例如,DVD)、或者半导体介质。半导体介质可以是固态硬盘。The foregoing embodiments may be implemented in whole or in part by software, hardware (such as circuits), firmware, or any other combination. When implemented using software, the above-mentioned embodiments may be implemented in the form of a computer program product in whole or in part. The computer program product includes one or more computer instructions or computer programs. When the computer instructions or computer programs are loaded or executed on a computer, the processes or functions described in the embodiments of the present application are generated in whole or in part. The computer may be a general-purpose computer, a special-purpose computer, a computer network, or other programmable devices. The computer instructions may be stored in a computer-readable storage medium, or transmitted from one computer-readable storage medium to another computer-readable storage medium. For example, the computer instructions may be transmitted from a website, computer, server, or data center. Transmission to another website, computer, server or data center via wired (such as infrared, wireless, microwave, etc.). The computer-readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server or a data center that includes one or more sets of available media. The usable medium may be a magnetic medium (for example, a floppy disk, a hard disk, a magnetic tape), an optical medium (for example, a DVD), or a semiconductor medium. The semiconductor medium may be a solid state drive.
应理解,本文中术语“和/或”,仅仅是一种描述关联对象的关联关系,表示可以存在三种关系,例如,A和/或B,可以表示:单独存在A,同时存在A和B,单独存在B这三种情况,其中A,B可以是单数或者复数。另外,本文中字符“/”,一般表示前后关联对象是一种“或”的关系,但也可能表示的是一种“和/或”的关系,具体可参考前后文进行理解。It should be understood that the term "and/or" in this text is only an association relationship describing the associated objects, indicating that there can be three types of relationships, for example, A and/or B, which can mean: A alone exists, and both A and B exist. , There are three cases of B alone, where A and B can be singular or plural. In addition, the character "/" in this text generally indicates that the associated objects before and after are in an "or" relationship, but it may also indicate an "and/or" relationship, which can be understood with reference to the context.
应理解,在本申请的各种实施例中,上述各过程的序号的大小并不意味着执行顺序的先后,各过程的执行顺序应以其功能和内在逻辑确定,而不应对本申请实施例的实施过程构成任何限定。It should be understood that in the various embodiments of the present application, the size of the sequence number of the above-mentioned processes does not mean the order of execution, and the execution order of each process should be determined by its function and internal logic, and should not correspond to the embodiments of the present application. The implementation process constitutes any limitation.
本领域普通技术人员可以意识到,结合本文中所公开的实施例描述的各示例的单元或模块及算法步骤,能够以电子硬件、或者计算机软件和电子硬件的结合来实现。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本申请的范围。A person of ordinary skill in the art may be aware that the units or modules and algorithm steps described in the examples in combination with the embodiments disclosed herein can be implemented by electronic hardware or a combination of computer software and electronic hardware. Whether these functions are executed by hardware or software depends on the specific application and design constraint conditions of the technical solution. Professionals and technicians can use different methods for each specific application to implement the described functions, but such implementation should not be considered beyond the scope of this application.
所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的系统、装置和单元或模块的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art can clearly understand that, for the convenience and conciseness of description, the specific working process of the system, device, unit or module described above can refer to the corresponding process in the foregoing method embodiment, which will not be repeated here.
在本申请所提供的几个实施例中,应该理解到,所揭露的系统、装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,上述单元或模块的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或模块可以结合或者可以集成到另一个系统,或一些单元或模块可以忽略,或其对应的功能不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元/模块的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided in this application, it should be understood that the disclosed system, device, and method can be implemented in other ways. For example, the above-described device embodiments are only illustrative. For example, the division of the above-mentioned units or modules is only a logical function division. In actual implementation, there may be other division methods, for example, multiple units or modules may be combined. Or it can be integrated into another system, or some units or modules can be ignored, or their corresponding functions are not executed. In addition, the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units/modules, and may be in electrical, mechanical or other forms.
所述作为分离部件说明的单元/模块可以是或者也可以不是物理上分开的,作为单元/模块显示的部件可以是或者也可以不是物理单元/模块,即可以位于一个地方,或者也可以分布到多个网络单元/模块上。可以根据实际的需要选择其中的部分或者全部单元/模块来实现本实施例方案的目的。The units/modules described as separate parts may or may not be physically separated, and the parts displayed as units/modules may or may not be physical units/modules, that is, they may be located in one place, or they may be distributed to Multiple network units/modules. Some or all of the units/modules can be selected according to actual needs to achieve the objectives of the solutions of the embodiments.
另外,在本申请各个实施例中的各功能单元/模块可以集成在一个处理单元/模块中,也可以是各个单元/模块单独物理存在,也可以两个或两个以上单元/模块集成在一个单元/模块中。In addition, each functional unit/module in each embodiment of the present application can be integrated into one processing unit/module, or each unit/module can exist alone physically, or two or more units/modules can be integrated into one. Unit/module.
以上所述,仅为本申请的具体实施方式,但本申请的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本申请揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本申请的保护范围之内。因此,本申请的保护范围应以所述权利要求的保护范围为准。The above are only specific implementations of this application, but the protection scope of this application is not limited to this. Any person skilled in the art can easily think of changes or substitutions within the technical scope disclosed in this application. Should be covered within the scope of protection of this application. Therefore, the protection scope of this application should be subject to the protection scope of the claims.
Claims (18)
- 一种安全数据处理方法,其特征在于,所述方法包括:A secure data processing method, characterized in that the method includes:第一处理核在普通模式下执行第一线程;The first processing core executes the first thread in the normal mode;第二处理核在所述普通模式下执行第二线程;The second processing core executes the second thread in the normal mode;所述第一处理核在需要切换至安全模式时暂停执行所述第一线程;The first processing core suspends execution of the first thread when it needs to switch to the safe mode;所述第一处理核指示所述第二处理核暂停执行所述第二线程;The first processing core instructs the second processing core to suspend execution of the second thread;所述第二处理核根据所述第一处理核的指示暂停执行所述第二线程;The second processing core suspends execution of the second thread according to an instruction of the first processing core;所述第一处理核从所述普通模式切换至所述安全模式以处理第一信息。The first processing core switches from the normal mode to the safe mode to process the first information.
- 根据权利要求1所述的安全数据处理方法,其特征在于,所述第一处理核指示所述第二处理核暂停执行所述第二线程,包括:The secure data processing method of claim 1, wherein the first processing core instructs the second processing core to suspend execution of the second thread, comprising:所述第一处理核向控制电路发送第一指示信息;The first processing core sends first indication information to the control circuit;所述控制电路响应于所述第一指示信息向所述第二处理核发送第二指示信息,所述第二指示信息用于指示所述第二处理核暂停执行所述第二线程。The control circuit sends second instruction information to the second processing core in response to the first instruction information, where the second instruction information is used to instruct the second processing core to suspend execution of the second thread.
- 根据权利要求2所述的安全数据处理方法,其特征在于,所述控制电路包括:安全模式同步模块或中断控制器。The secure data processing method according to claim 2, wherein the control circuit comprises: a secure mode synchronization module or an interrupt controller.
- 根据权利要求1-3中任一项所述的安全数据处理方法,其特征在于,在所述第二处理核根据所述第一处理核的指示暂停执行所述第二线程后,所述方法还包括:The secure data processing method according to any one of claims 1-3, wherein after the second processing core suspends the execution of the second thread according to the instruction of the first processing core, the method Also includes:所述第二处理核切换至所述安全模式,或在所述普通模式下进入第一低功耗状态。The second processing core switches to the safe mode or enters the first low power consumption state in the normal mode.
- 根据权利要求4所述的安全数据处理方法,其特征在于,在所述第二处理核切换至所述安全模式后,所述方法还包括:The secure data processing method according to claim 4, wherein after the second processing core is switched to the secure mode, the method further comprises:所述第二处理核在所述安全模式下进入第二低功耗状态,或在所述安全模式下处理第二信息。The second processing core enters a second low power consumption state in the safe mode, or processes second information in the safe mode.
- 根据权利要求1-5中任一项所述的安全数据处理方法,其特征在于,在所述第一处理核从所述普通模式切换至所述安全模式以处理第一信息后,所述方法还包括:The secure data processing method according to any one of claims 1-5, wherein after the first processing core is switched from the normal mode to the secure mode to process the first information, the method Also includes:所述第一处理核退出所述安全模式;The first processing core exits the safe mode;所述第一处理核触发所述第二处理核恢复执行所述第二线程;The first processing core triggers the second processing core to resume execution of the second thread;所述第一处理核恢复执行所述第一线程;The first processing core resumes execution of the first thread;所述第二处理核根据所述第一处理核的触发恢复执行所述第二线程。The second processing core resumes executing the second thread according to the trigger of the first processing core.
- 根据权利要求6所述的安全数据处理方法,其特征在于,在第一处理核退出所述安全模式前,所述方法还包括:The secure data processing method according to claim 6, wherein before the first processing core exits the secure mode, the method further comprises:所述第一处理核清除所述安全模式下的处理第一信息的痕迹。The first processing core clears traces of processing the first information in the safe mode.
- 根据权利要求1-7中任一项所述的安全数据处理方法,其特征在于,所述第一处理核和所述第二处理核是物理核或逻辑核。The secure data processing method according to any one of claims 1-7, wherein the first processing core and the second processing core are physical cores or logical cores.
- 一种安全数据处理装置,其特征在于,所述安全数据处理装置包括第一处理核和第二处理核,其中,A secure data processing device, characterized in that the secure data processing device includes a first processing core and a second processing core, wherein,第一处理核,用于在普通模式下执行第一线程,在需要切换至安全模式时暂停执行所述第一线程,指示所述第二处理核暂停执行第二线程,以及从所述普通模式切换至所述安全模式以处理第一信息;The first processing core is used to execute the first thread in the normal mode, suspend the execution of the first thread when it needs to switch to the safe mode, instruct the second processing core to suspend the execution of the second thread, and from the normal mode Switch to the safe mode to process the first information;第二处理核,用于在所述普通模式下执行所述第二线程,并根据所述第一处理核 的指示暂停执行所述第二线程。The second processing core is configured to execute the second thread in the normal mode, and suspend the execution of the second thread according to the instruction of the first processing core.
- 根据权利要求9所述的安全数据处理装置,其特征在于,所述安全数据处理装置还包括控制电路,其中,所述第一处理核,还用于向控制电路发送第一指示信息;The secure data processing device according to claim 9, wherein the secure data processing device further comprises a control circuit, wherein the first processing core is further configured to send first instruction information to the control circuit;所述控制电路,用于响应于所述第一指示信息向所述第二处理核发送第二指示信息,所述第二指示信息用于指示所述第二处理核暂停执行所述第二线程。The control circuit is configured to send second instruction information to the second processing core in response to the first instruction information, where the second instruction information is used to instruct the second processing core to suspend execution of the second thread .
- 根据权利要求10所述的安全数据处理装置,其特征在于,所述控制电路包括:安全模式同步模块或中断控制器。The secure data processing device according to claim 10, wherein the control circuit comprises: a secure mode synchronization module or an interrupt controller.
- 根据权利要求9-11中任一项所述的安全数据处理装置,其特征在于,The secure data processing device according to any one of claims 9-11, wherein:所述第二处理核,还用于在根据所述第一处理核的指示暂停执行所述第二线程后,切换至所述安全模式,或在所述普通模式下进入第一低功耗状态。The second processing core is further configured to switch to the safe mode or enter the first low power consumption state in the normal mode after suspending the execution of the second thread according to the instruction of the first processing core .
- 根据权利要求12所述的安全数据处理装置,其特征在于,The secure data processing device according to claim 12, wherein:所述第二处理核,还用于在所述第二处理核切换至所述安全模式后,在所述安全模式下进入第二低功耗状态,或在所述安全模式下处理第二信息。The second processing core is further configured to enter a second low power consumption state in the safe mode after the second processing core is switched to the safe mode, or process second information in the safe mode .
- 根据权利要求9-13中任一项所述的安全数据处理装置,其特征在于,The secure data processing device according to any one of claims 9-13, wherein:所述第一处理核,还用于:在从所述普通模式切换至所述安全模式以处理第一信息后,退出所述安全模式,触发所述第二处理核恢复执行所述第二线程,以及恢复执行所述第一线程;The first processing core is further configured to: after switching from the normal mode to the safe mode to process the first information, exit the safe mode, and trigger the second processing core to resume execution of the second thread , And resume execution of the first thread;所述第二处理核,还用于根据所述第一处理核的触发恢复执行所述第二线程。The second processing core is further configured to resume execution of the second thread according to the trigger of the first processing core.
- 根据权利要求14所述的安全数据处理装置,其特征在于,The secure data processing device according to claim 14, wherein:所述第一处理核,还用于在退出所述安全模式前,清除所述安全模式下的处理第一信息的痕迹。The first processing core is also used to clear traces of processing the first information in the safe mode before exiting the safe mode.
- 根据权利要求9-15中任一项所述的安全数据处理装置,其特征在于,所述第一处理核和所述第二处理核是物理核或逻辑核。The secure data processing device according to any one of claims 9-15, wherein the first processing core and the second processing core are physical cores or logical cores.
- 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质包括计算机程序或指令,当所述计算机程序或指令在计算机上运行时,使得所述计算机执行如权利要求1-8中任一项所述的安全数据处理方法,所述计算机包括所述第一处理核和所述第二处理核。A computer-readable storage medium, wherein the computer-readable storage medium includes a computer program or instruction, and when the computer program or instruction runs on a computer, the computer executes the According to any one of the secure data processing methods, the computer includes the first processing core and the second processing core.
- 一种计算机程序产品,其特征在于,所述计算机程序产品包括:计算机程序或指令,当所述计算机程序或指令在计算机上运行时,使得所述计算机执行如权利要求1-8中任一项所述的安全数据处理方法,所述计算机包括所述第一处理核和所述第二处理核。A computer program product, characterized in that, the computer program product comprises: a computer program or instruction, when the computer program or instruction runs on a computer, the computer executes any one of claims 1-8 In the secure data processing method, the computer includes the first processing core and the second processing core.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2020/088317 WO2021217589A1 (en) | 2020-04-30 | 2020-04-30 | Security data processing method and apparatus |
CN202080002516.3A CN116097221A (en) | 2020-04-30 | 2020-04-30 | Secure data processing method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2020/088317 WO2021217589A1 (en) | 2020-04-30 | 2020-04-30 | Security data processing method and apparatus |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2021217589A1 true WO2021217589A1 (en) | 2021-11-04 |
Family
ID=78373144
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2020/088317 WO2021217589A1 (en) | 2020-04-30 | 2020-04-30 | Security data processing method and apparatus |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN116097221A (en) |
WO (1) | WO2021217589A1 (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106547618A (en) * | 2016-10-19 | 2017-03-29 | 沈阳微可信科技有限公司 | Communication system and electronic equipment |
US20170228233A1 (en) * | 2016-02-09 | 2017-08-10 | Intel Corporation | Methods, apparatus, and instructions for user-level thread suspension |
CN109947666A (en) * | 2019-02-27 | 2019-06-28 | 余炀 | Credible performing environment caching partition method and device, electronic equipment and storage medium |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1273890C (en) * | 2004-04-30 | 2006-09-06 | 浙江大学 | Micro-kernel design method for ARM processor framework |
WO2013171362A1 (en) * | 2012-05-16 | 2013-11-21 | Nokia Corporation | Method in a processor, an apparatus and a computer program product |
US9665466B2 (en) * | 2014-09-02 | 2017-05-30 | Nxp Usa, Inc. | Debug architecture for multithreaded processors |
US10740496B2 (en) * | 2017-02-13 | 2020-08-11 | Samsung Electronics Co., Ltd. | Method and apparatus for operating multi-processor system in electronic device |
-
2020
- 2020-04-30 WO PCT/CN2020/088317 patent/WO2021217589A1/en active Application Filing
- 2020-04-30 CN CN202080002516.3A patent/CN116097221A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170228233A1 (en) * | 2016-02-09 | 2017-08-10 | Intel Corporation | Methods, apparatus, and instructions for user-level thread suspension |
CN106547618A (en) * | 2016-10-19 | 2017-03-29 | 沈阳微可信科技有限公司 | Communication system and electronic equipment |
CN109947666A (en) * | 2019-02-27 | 2019-06-28 | 余炀 | Credible performing environment caching partition method and device, electronic equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN116097221A (en) | 2023-05-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3376380B1 (en) | Architecture and method for managing interrupts in a virtualized environment | |
Kotaba et al. | Multicore in real-time systems–temporal isolation challenges due to shared resources | |
US9442865B2 (en) | Processor extensions for execution of secure embedded containers | |
US10754991B2 (en) | Method to isolate real-time or safety-critical software and operating system from non-critical software and operating system | |
US9697023B2 (en) | Method and arrangement for using a resource of a hardware platform with at least two virtual machines | |
US20140189194A1 (en) | Low overhead paged memory runtime protection | |
EP3598309A1 (en) | Multi-level, hardware-enforced domain separation using a separation kernel on a multicore processor with a shared cache | |
Klingensmith et al. | Hermes: A real time hypervisor for mobile and iot systems | |
US20220114009A1 (en) | Formally Verified Trusted Computing Base with Active Security and Policy Enforcement | |
US11237859B2 (en) | Securing virtual machines in computer systems | |
US10867030B2 (en) | Methods and devices for executing trusted applications on processor with support for protected execution environments | |
CN110276214A (en) | A kind of credible SOC framework of double-core and method based on slave access protection | |
WO2021217589A1 (en) | Security data processing method and apparatus | |
Porquet et al. | Multi-compartment: a new architecture for secure co-hosting on SoC | |
US10803007B1 (en) | Reconfigurable instruction | |
US10884831B2 (en) | Composable system | |
Norollah et al. | A security-aware hardware scheduler for modern multi-core systems with hard real-time constraints | |
US20190042797A1 (en) | Security Hardware Access Management | |
WO2023169204A1 (en) | Artificial intelligence (ai) control apparatus and acceleration method | |
US11392409B2 (en) | Asynchronous kernel | |
EP3255544A1 (en) | Interrupt controller | |
Wang et al. | Design of information flow in Collaborative-VMM | |
Zhang | IEEE Case 2007 Program Chair |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 20933637 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 20933637 Country of ref document: EP Kind code of ref document: A1 |