Data processing apparatus and method for protecting secure data and program code from insecure access when switching between secure and less secure domains

摘要

A data processing apparatus and method are provided for processing data. The data processing apparatus includes a processing circuit for executing a data processing operation in response to a program code, and a data store for storing data. The data store includes a safe area and a more secure data store. A plurality of regions including a low region. The secure area is configured to store sensitive data that is accessible by the processing circuit when operating in the secure domain and not accessible by the processing circuit when operating in the less secure domain. The data store also comprises a plurality of stacks including a secure stack in a secure area. The processing circuit includes a stack access circuit configured to store a predetermined processing state in the secure stack in response to an event that requires a transition from a secure domain to a less secure domain. Specifically, if the event is a first type event, the predetermined processing state stored by the stack access circuit is at least one return address stored at a predetermined relative location in the secure stack. Prepare. Conversely, if the event is a second event type, the predetermined processing state stored by the stack access circuit includes at least one first value stored at a predetermined relative position, The value of is not a valid address for program code. When the processing circuit receives a return of the first event type from the less secure domain to the secure domain, the processing circuit receives a first fault if the data stored at the predetermined relative position is the first value. It further comprises a fault check circuit configured to identify the condition. Such an approach provides protection against attacks from less secure domains that attempt to use a false return method, for example, performing a function call return from an exception, or an exception return from a function call.