Samsung S5PC100 User Manual page 1758

S5PC100 USER'S MANUAL (REV1.0) SECURE DOMAIN MANAGER
11.2
SECURE DOMAIN MANAGER
1 INTRODUCTION
1.1 DOMAIN ISOLATION CONCEPT
One key concept of the Security Module is that the services hosted in it are separated as much as possible from
non-secure software. To achieve this goal, domain isolation should be implemented by hardware and software.
Figure 11.2-1 shows the concept of domain isolation scheme in S5PC100. In previous CPU design, there are two
level of protection mode such as privileged mode and user mode. For security protection, the concept of normal
domain and the secure domain is also introduced as shown in Figure 11.2-1. Generally, all applications are
running as user mode in normal domain. If one of the applications needs security function, it calls secure function
in previliged mode. If that function is successfully authenticated, working domain is changed to secure domain and
the secure function is progressed in secure domain. After secure function is complete, it is returned to user mode
via previliged mode.
OS CALL RETURN
Privilege Secure Service Request Privilege State
State Save & Verification Restore
Branch to Domain Mode
Secure Code Exit
Conversion Setup
Execution Sequence
Sequence Sequence
Figure 11.2-1 Concept Diagram of Domain Isolation
11.2-1