| CPC G06F 12/1441 (2013.01) [G06F 9/45558 (2013.01); G06F 12/1408 (2013.01); G06F 2009/45587 (2013.01)] | 20 Claims |
|
1. A processing system comprising:
a first communication system having a physical address range, wherein the processing system comprises a hardware address protection in order to limit access to addresses in the physical address range as a function of virtual machine identifications (VMIDs);
a plurality of processing cores, each processing core comprising:
a respective microprocessor configured to execute software instructions;
a respective first register configured to store a VMID; and
a respective master interface circuit configured to forward read or write requests from the respective microprocessor to the first communication system, the read or write requests comprising a physical address in the physical address range and the VMID stored in the respective first register;
a volatile memory connected to the first communication system;
a hardware secure module (HSM) configured to execute cryptographic service requests; and
a further communication system connecting the HSM to the first communication system, wherein the further communication system comprises:
a first communication channel comprising a slave interface circuit connected to the first communication system and configured to:
receive a write request from the first communication system;
determine whether the received write request comprises a command notification indicating a request to execute a cryptographic service request; and
in response to determining that the received write request comprises the command notification, transmit the VMID included in the received write request or a further VMID determined as a function of the VMID included in the received write request to the HSM; and
a second communication channel comprising a second register for storing a response notification;
wherein the HSM comprises a master interface circuit connected to the first communication system, and wherein the HSM is configured to, in response to receiving the transmitted VMID from the first communication channel:
access virtual machine configuration data in order to determine address data as a function of the received VMID, wherein the address data indicate a position of a first memory area in the volatile memory configured to store command data comprising the cryptographic service request and a second memory area in the volatile memory configured to store response data of the cryptographic service request;
process the command data stored in the first memory area, thereby generating the response data stored in the second memory area, wherein the processing the command data comprises:
sending, via the master interface circuit of the HSM, read requests to the first communication system in order to read the command data from the first memory area, wherein the read requests comprise the received VMID; and
sending, via the master interface circuit of the HSM, write requests to the first communication system in order to write the response data to the second memory area, wherein the write requests comprise the received VMID; and
after processing the command data, store the response notification to the second register of the second communication channel.
|