CN116700786B - Microcontroller and method for preventing Flash of microcontroller from being erased by mistake - Google Patents
Microcontroller and method for preventing Flash of microcontroller from being erased by mistake Download PDFInfo
- Publication number
- CN116700786B CN116700786B CN202310966243.XA CN202310966243A CN116700786B CN 116700786 B CN116700786 B CN 116700786B CN 202310966243 A CN202310966243 A CN 202310966243A CN 116700786 B CN116700786 B CN 116700786B
- Authority
- CN
- China
- Prior art keywords
- flash
- microcontroller
- function
- functions
- operation function
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 37
- 230000006870 function Effects 0.000 claims abstract description 187
- 230000015654 memory Effects 0.000 claims abstract description 38
- 238000012545 processing Methods 0.000 claims description 15
- 230000002159 abnormal effect Effects 0.000 claims description 6
- 238000010586 diagram Methods 0.000 description 19
- 238000005070 sampling Methods 0.000 description 15
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000005856 abnormality Effects 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 125000004122 cyclic group Chemical group 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000009191 jumping Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Abstract
The application relates to a microcontroller and a method for preventing Flash from being erased by mistake, belonging to the field of microcontrollers and solving the problem of Flash erasure caused by interference or attack in the prior art. The microcontroller of the application is internally provided with a Flash memory or externally provided with a Flash memory, and is configured as follows: the built-in Flash memory or the external Flash memory is erased and written through a Flash erasing and writing flow; the Flash erasing flow is split into a plurality of operation functions and stored in different storage positions respectively. The microcontroller and the method can avoid the erroneous erasing and writing of the Flash memory which is arranged inside or outside the microcontroller and is caused by interference or attack.
Description
Technical Field
The application relates to the field of microcontrollers, in particular to a microcontroller and a method for preventing Flash of the microcontroller from being erased by mistake.
Background
The mainstream MCU (micro controller) generally supports embedded Flash (built-in) or plug-in Flash memory. The content stored in the Flash memory is not lost after power failure, and the Flash memory supports multiple times of erasing and writing and is generally used for storing information such as user programs and data. The operations of reading, erasing, writing and the like of the Flash memory can be realized according to a specific access time sequence.
Users can conveniently erase and write Flash of the MCU through techniques such as system programming (ISP) and application programming (IAP) supported by the MCU. These techniques typically require the implementation of a Flash erase and write function that invokes the underlying layer through software.
The technology greatly facilitates the erasure and writing of Flash programs and data of the microcontroller in the product by a user, but brings potential safety hazards at the same time. For example, in some circumstances, misoperations, interference, or some malicious attacks may cause undesirable erasure of Flash critical information.
In the prior art, flash erasing and writing can be performed only if specific configuration, authorization, protocol or operation flow is met by adding an erasing and writing protection configuration and corresponding hardware circuits of Flash in the MCU. When the MCU is under normal working conditions, the prior art can well prevent key information in Flash from being wrongly erased or maliciously tampered. However, when the MCU is interfered or hacked, the Program Counter (PC) of the MCU may not jump according to the predetermined procedure, which may affect the execution sequence of the program, for example, may cause a wrong jump to the Flash erasing function when the program is executed, resulting in a wrong erasing of the key program and data or malicious tampering.
In addition, external interference or hacking may also affect the correctness of the process and result of the data operation processing by the internal hardware of the MCU, which may cause erroneous data to be written into Flash, causing critical programs and data to be written into error values or to be tampered with maliciously.
The above problems are to be solved.
Disclosure of Invention
The application aims to overcome the defects of the prior art, and provides a microcontroller and a method for preventing Flash of the microcontroller from being wrongly erased, so as to solve the problem of wrongly erasing a Flash memory which is internally or externally arranged in the microcontroller in the prior art.
The first aspect of the application provides a microcontroller, wherein the microcontroller is internally provided with a Flash memory or externally provided with a Flash memory; the built-in Flash memory or the external Flash memory is erased by a Flash erasing flow; the key steps of the Flash erasing flow are split into a plurality of operation functions and are stored in different storage positions respectively.
Optionally, the plurality of operating functions are stored in non-contiguous storage locations.
Optionally, the plurality of operation functions include Flash sector erase and Flash write operations; or the plurality of operation functions comprise Flash configuration register unlocking, flash sector erasing and Flash writing operation.
Optionally, the system comprises a timing module for checking the execution time of the operation function, and if the execution time of the operation function is out of a preset range, entering an exception handling program.
Optionally, the microcontroller is configured to:
after the previous operation function is judged to be executed, the next operation function is executed.
Optionally, counting is performed when executing the previous operation function, and whether the count value is equal to the expected count value is judged before executing the next operation function, if not, the exception handling flow is entered.
Optionally, the microcontroller is further configured to:
adding a redundancy step between part or all adjacent operation functions of the Flash erasing flow; and when the data operation result of the redundancy step is detected to be incorrect, entering an exception processing flow.
Optionally, the redundancy step performs a preset operation on the preset data, or the redundancy step performs a preset operation on the calculation result of the previous redundancy step.
The second aspect of the present application provides a method for preventing Flash of a microcontroller from being erased by mistake, comprising:
splitting key steps of a Flash erasing flow into a plurality of operation functions;
sequentially executing the plurality of operation functions;
wherein the plurality of operating functions are stored in different storage locations, respectively.
Optionally, the plurality of operating functions are stored in non-contiguous storage locations.
Optionally, the plurality of operation functions include a Flash sector erase operation function and a Flash write operation function; or the plurality of operation functions comprise a Flash configuration register unlocking operation function, a Flash sector erasing operation function and a Flash writing operation function.
Optionally, when executing one or more operation functions of the plurality of operation functions, performing execution time timing on the one or more operation functions, and if the timing time is out of a preset range, entering an exception handler.
Optionally, a redundancy step and a redundancy step result judging step are added between part or all of the adjacent operation functions;
the redundancy step is used for carrying out preset operation on preset data or carrying out preset operation on the calculation result of the previous redundancy step;
and the redundant step result judging step is used for judging whether the data operation result of the redundant step is correct or not, and if the result is incorrect, entering an abnormal processing flow.
Optionally, counting is performed when executing the previous operation function, and whether the count value is equal to the expected count value is judged before executing the next operation function, if not, the exception handling flow is entered.
The beneficial effects of the application are as follows:
compared with the prior art, the application provides a microcontroller and a method for preventing Flash from being wrongly erased by the microcontroller, and the method can solve the problem of Flash wrongly erased by the MCU by splitting a plurality of key steps of a Flash erasing flow and placing the key steps in different operation functions and storing the different operation functions (a plurality of operation functions) in different positions; through Flash operation execution sequence checking, flash operation execution time detection and the like, the problems that when the MCU is interfered by some interference or hacked, a Program Counter (PC) of the MCU does not jump according to a set flow, and then key programs and data are wrongly erased or maliciously tampered can be solved; the redundancy step is inserted in the Flash erasing flow, so that the problems that the process and the result of data operation processing by MCU internal hardware are wrong due to external interference or hacking, and error data possibly caused are written into Flash, so that key programs and data are written into error values or are maliciously tampered are solved.
Drawings
FIG. 1 is a schematic diagram of a register-to-register sampling circuit;
FIG. 2 is a schematic diagram of the sampling circuit of FIG. 1 being subject to sampling errors caused by interference or hacking;
FIG. 3 is a schematic diagram of a Program Counter (PC) circuit structure of the MCU;
FIG. 4 is a schematic diagram illustrating an operation function storage of an MCU according to an embodiment of the present application;
FIG. 5 is a first split schematic diagram of a Flash operation flow of an MCU according to an embodiment of the present application;
FIG. 6 is a second split schematic diagram of a Flash operation flow of the MCU according to an embodiment of the present application;
FIG. 7 is a schematic diagram of an operation function time checking flow of an MCU according to an embodiment of the present application;
FIG. 8 is a schematic diagram showing an operation function execution sequence check of an MCU according to an embodiment of the present application;
FIG. 9 is a schematic diagram showing an operation function execution sequence check of an MCU according to an embodiment of the present application;
FIG. 10 is a schematic diagram of redundant steps of an MCU according to an embodiment of the present application;
FIG. 11 is a schematic diagram of a hardware circuit of an MCU according to an embodiment of the present application;
fig. 12 is a flowchart for preventing erroneous erasure of Flash of a microcontroller according to an embodiment of the present application.
Detailed Description
The technical scheme of the present application is described in further detail below with reference to specific embodiments, but the scope of the present application is not limited to the following description.
When the MCU is disturbed or hacked, sampling errors may occur in the digital circuits inside the MCU.
Fig. 1 shows a schematic diagram of a register-to-register sampling circuit configuration. The data output Q of the register FF1 is electrically connected to the data input D of the register FF 2.
Fig. 2 shows a schematic diagram of the sampling circuit of fig. 1 that is subject to sampling errors caused by interference or hacking. A in fig. 2 shows a timing diagram of the correct sampling of the registers during normal operation; b in fig. 2 shows a timing diagram of an external disturbance or attack resulting in a partial pulse loss of the working clock and thus in a register data sampling error; c in fig. 2 shows a timing diagram of an external disturbance or attack causing glitches (glove) in the working clock, which in turn causes a sampling error in the register data; d in fig. 2 shows a timing diagram where external disturbances or attacks cause data jitter, which in turn causes register data sampling errors.
Fig. 3 shows a schematic diagram of the MCU Program Counter (PC) circuit structure, with the addition of combinational logic between the upper and lower registers, as compared to the simple register sampling circuit of fig. 1. Thus, the various data sampling errors due to interference and attacks described above may also occur on the program register (PC). When a Program Counter (PC) generates data sampling errors, the program counter can jump out of a set flow, which affects the execution sequence of the program, and can possibly lead to the error jump to a Flash erasing function when the program is executed, so that the key program and the data are wrongly erased or maliciously tampered.
When the above-mentioned data sampling error of the register caused by interference or attack occurs in the logic circuit related to the data operation process or address generation in the MCU, the error data may be written into Flash, resulting in that the key program and the data are written into the error value or maliciously tampered.
In view of the above problems, the present application provides a Microcontroller (MCU) having a Flash memory built in or a Flash memory built out;
the built-in Flash memory or the external Flash memory is erased and written through a Flash erasing and writing flow;
the key steps of the Flash erasing flow are split into a plurality of operation functions and stored in different storage positions respectively.
The microcontroller of the application can integrate a Flash memory (internal) and also can be configured with an external Flash memory. The microcontroller erases the Flash memory according to the Flash erasing flow, and a Flash controller is required to be configured in the microcontroller. The Flash controller controls the Flash memory to erase according to the Flash erasing flow.
In this embodiment, as shown in fig. 4, the key operation steps in the Flash erasing procedure are split and put into several operation functions. The storage locations of the several operating functions are different.
For example, the key operation of the Flash erasing flow is split into three steps 1, 2 and 3 and is respectively put into operation functions 1, 2 and 3 with different storage positions. It should be noted that, instead of splitting a certain key operation into three steps, a plurality of key operations belonging to the Flash erasing flow are split to form a plurality of operation functions. I.e. critical operation 1 corresponds to operation function 1, critical operation 2 corresponds to operation function 2, and so on.
By splitting and storing in this way, even if the Program Counter (PC) of the MCU accidentally jumps to the Flash erasing process related function without jumping according to the established process due to interference or attack, it is impossible to execute the complete Flash erasing process. Because the Flash erase flow critical operations are split into different functions and stored in different locations, an unexpected jump of the program counter can only be performed to one of the functions (e.g., operation function 2 in fig. 4) and not to the other functions (e.g., operation function 1 and operation function 3). The operation function 2 is directly executed without the necessary steps in the operation function 1, and the result is invalid, namely, the complete Flash erasing flow cannot be executed, so that the Flash cannot be erased by mistake in the situation.
It should be noted that the different operation functions of the present application may be stored in the Flash memory, or may exist in other memories on the MCU (for example, static random access memory SRAM, etc.).
In some embodiments, the aforementioned plurality of operating functions are stored in non-contiguous storage locations. As shown in fig. 4, the storage space of the operation function 1 is not adjacent to the storage space of the operation function 2, and the storage space of the operation function 2 is not adjacent to the storage space of the operation function 3. That is, the end address of the operation function 1 is not adjacent to the start address of the operation function 2, and the end address of the operation function 2 is not adjacent to the start address of the operation function 3.
The storage positions of the operation functions 1, 2 and 3 in the storage unit (program memory and Flash memory) are not adjacent, and different operation functions are stored in a scattered manner, so that the unexpected jump of the program counter can be further ensured to be only executed to one operation function, but not to other subsequent operation functions.
In some embodiments, the plurality of operation functions includes a Flash sector erase function, a Flash write (program) operation function; or, the plurality of operation functions comprise Flash configuration register unlocking, flash sector erasing and Flash writing (programming) operation.
As shown in fig. 5, the Flash erasing process includes two key steps of Flash sector erasing and Flash writing operation. At this time, the two key steps are respectively split into two operation functions, namely a Flash sector erase function and a Flash write (programming) operation function.
In some embodiments, as shown in fig. 6, the Flash erasing procedure includes three key steps of Flash configuration register unlocking, flash sector erasing, and Flash writing operation. At this time, the three key steps are split to form three operation functions (the function of each operation function, which will be described in detail later) of a separate Flash configuration register unlocking function, a Flash sector erasing function and a Flash writing operation function.
When the MCU is subjected to some interference or hacking, the Program Counter (PC) of the MCU may not jump according to the predetermined procedure, and execution of some program segments in the critical steps may be skipped, resulting in different execution time of the critical steps from that of the normal case, and in particular, reduced execution time. It is also possible to jump to other program segments with longer execution times, which in turn leads to an extended execution time.
In some embodiments, the microcontroller includes a timing module (either a hardware timer or a software timer) for performing a time check on the operating function. And performing time checking, namely performing time counting on a certain operation function, and judging whether the counted time meets a certain requirement. If yes, the program is normally operated, and the next step is continued, otherwise, the condition that interference or attack is possible is indicated, and the exception handling program is executed at the moment. In the present application, the time check may be performed on one of the plurality of operation functions, may be performed on some of the plurality of operation functions, or may be performed on all of the operation functions. That is, timing and judging the execution time of the operation functions are not necessary, and not every operation function is required to perform the flow.
In some embodiments, determining whether the timing time meets a certain requirement refers to determining whether the execution time of a certain operation function is out of a preset range, if so, entering an exception handling procedure, otherwise, the erasing procedure operates normally.
As shown in fig. 7, the present application checks whether the execution time of a certain operation function (operation function i) is within a reasonable time range by configuring a timing module to time the execution time. That is, for a certain operation function, an execution time range, for example, [ t1, t2], is set for it. If the actual execution time is not in the range, the program execution of the key step (operation function) is considered to possibly encounter external interference or attack, enter an exception handling program and not continue the subsequent Flash erasing flow; if the critical step program execution time is within the preset range, the step program execution is considered to be normal and the subsequent steps are continued.
In this way, it is possible to solve the problem that the foregoing execution of some program segments may skip critical steps, resulting in a reduced execution time, or skip to some other program segments with longer execution time for execution, resulting in an extended execution time.
In some embodiments, determining whether the counted time meets a certain requirement refers to determining whether the execution time of a certain operation function is overtime. If yes, entering an exception handling program, otherwise, enabling the erasing program to normally operate. This approach solves the problem of the jump resulting in a longer execution time.
In some embodiments, as in fig. 8, the microcontroller is configured to: after the previous operation function is judged to be executed, the next operation function is executed. If the previous operation function is found not to be executed before the next operation function is executed, exception handling is performed.
When the MCU is interfered or hacked, the Program Counter (PC) of the MCU may jump out of the predetermined procedure, and the program may not be executed in the predetermined order, which may cause the program to jump to the erasing function of Flash during execution, resulting in erroneous erasing of the key program and data or malicious tampering.
When a plurality of key steps of the Flash erasing flow are split into a plurality of operation functions, the operation functions are normally executed according to a preset sequence, so that a Flash erasing task can be completed, for example, a Flash configuration register is unlocked first, then a Flash sector is erased, and then Flash writing operation is performed after the Flash configuration register is erased. Before executing the next operation function, it is necessary to ensure that the previous operation function is executed to execute the next operation function, that is, to check the execution order of the operation functions. By adopting the method, the problem of erasing by mistake caused by program error jump can be avoided.
In some embodiments, as shown in fig. 9, counting is performed when executing the previous operation function (operation function i), and before executing the next operation function (operation function i+1), it is determined whether the count value is equal to the expected count value (m, different operation functions correspond to different expected count values), if yes, the next operation function may be executed, otherwise, the exception handling flow is entered.
The counting function can be implemented by a hardware counter or a software counter. In this embodiment, when executing a certain operation function (i.e., after starting to execute the operation function i, or after completing the execution), the Counter counts according to a preset rule (e.g., original counter=0, executing the add 1 operation, counter=1), before executing the next operation function (operation function i+1), it is necessary to determine whether the Counter is equal to the preset Counter value (e.g., 1), if so, it is indicated that the previous operation function (operation function i) has been executed (the execution order is normal), and at this time, the execution of the next operation function (operation function i+1) can be smoothly performed. At this time, the Counter is added with 1, counter=2, before executing the operation function i+2, it needs to be determined whether the Counter is equal to the preset 2, if so, it indicates that the operation function i+2 has been executed, and the operation function i+3 may be executed continuously. If the Counter is not equal to the preset count value in a certain judgment, the condition that a certain operation function is not executed possibly appears, and the abnormal processing flow is needed to be entered.
It should be noted that the counter may not perform the counting operation when the last operation function is executed. As no further operational functions subsequently need to be performed.
In some implementations, the microcontroller is further configured to:
and adding a redundancy step between part or all of adjacent operation functions of the Flash erasing flow, and entering an exception processing flow when the data operation result of the redundancy step is detected to be incorrect.
As shown in fig. 10, in the present embodiment, the redundancy step refers to operations inserted between operation functions, and the operations generate operation results to determine according to the results. The result of the operation may be stored in a designated memory location. When judging, if the result accords with the expected value, continuing to execute the subsequent steps; if the result does not accord with the expected value, the MCU is considered to be interfered or attacked to cause hardware abnormality, and the subsequent steps are not continued and an abnormality processing program is entered.
In some embodiments, the redundancy step performs a preset operation on the preset data, or the redundancy step performs a preset operation on the calculation result of the previous redundancy step.
The redundancy step performs a preset operation on the preset data, which may include performing a CRC operation on the preset value (Cyclic Redundancy Check ). Of course, the data operation in the redundancy step is not limited to CRC, and may be any add/subtract/multiply/divide or logical operation.
And performing a preset operation on the calculation result of the previous redundancy step, for example, after the operation function 1 is executed, executing the redundancy step 1 between the operation function 1 and the operation function 2, storing the result 1, and judging whether the result 1 is equal to the expected value. If the data is equal to the data, executing the operation function 2, and executing a redundancy step 2 between the operation function 2 and the operation function 3 after the operation function 2 is executed, wherein the data processed by the redundancy step 2 is the result 1 of the redundancy step 1.
When the MCU is subjected to external interference or hacking, the accuracy of the process and result of the data operation processing by the internal hardware of the MCU may be affected, and erroneous data may be written into Flash, resulting in that critical programs and data are written into error values or are tampered with maliciously. The Flash erasing flow inserts the data operation process in the redundancy step, and the operation result is also wrong because of interference or attack. And checking the operation result of the data in the redundant step, and finding and stopping the subsequent Flash erasing and writing process in time, thereby preventing the key program and the data in the Flash from being written with error values or being tampered with maliciously.
The second aspect of the present application provides a method for preventing Flash of a microcontroller from being erased by mistake, comprising:
splitting key steps of a Flash erasing flow into a plurality of operation functions; sequentially executing the plurality of operation functions; wherein the plurality of operating functions are stored in different storage locations, respectively.
In some embodiments, the plurality of operating functions are stored in non-contiguous storage locations.
In some embodiments, the plurality of operation functions includes a Flash sector erase operation function, a Flash write operation function; or the plurality of operation functions comprise a Flash configuration register unlocking operation function, a Flash sector erasing operation function and a Flash writing operation function.
In some embodiments, when one or more operation functions of the plurality of operation functions are executed, the execution time of the one or more operation functions is counted, and if the counted time is out of a preset range, an exception handler is entered.
In some embodiments, a redundancy step and a redundancy step result judging step are included between some or all adjacent operation functions; the redundancy step is used for carrying out preset operation on preset data or carrying out specific operation on the calculation result of the previous redundancy step; and the redundancy step result judging step is used for judging whether the data operation result of the redundancy step is correct or not. If the result is incorrect, the exception processing flow is entered.
In some embodiments, counting is performed when executing the previous operation function, and before executing the next operation function, it is determined whether the count value is equal to the expected count value, if so, the next step is executed (normal execution of the program), otherwise, the exception handling flow is entered.
The method of the second aspect corresponds to the microcontroller part of the first aspect, and is not described here again.
The following describes the micro controller and the method for preventing the Flash from being erased by mistake in the micro controller according to the present application with reference to fig. 11 to 12.
Fig. 11 is a schematic diagram of a hardware circuit of an MCU according to some embodiments of the present application. The MCU includes: a processor (CPU), a Flash controller; the processor (CPU) and the Flash controller communicate through a bus. The Flash controller and the Flash memory (external or internal) communicate through a Flash read-write interface. The Flash controller comprises a configuration register lock, a control register, an address register, a data register and Flash interface logic. Fig. 12 shows a flowchart for preventing Flash from being erased by a microcontroller according to an embodiment of the present application.
The general Flash write operation (programming) firstly requires a CPU to write a specific value into a Flash configuration register lock in FIG. 11 to unlock, obtain write permission to a control register, an address register and a data register, then requires the configuration of the Flash control register and the address register to erase a sector where a storage unit needing to be written is located, finally respectively writes data to be written and addresses to be written into the Flash data register and the address register, and configures the Flash control register to start the write operation of the Flash storage unit.
In this embodiment, key steps of three Flash erasing flows including Flash configuration register unlocking, flash sector erasing and Flash writing (programming) are respectively placed in three different functions, and the three functions have three storage spaces with non-adjacent positions in a storage unit (Flash memory or other memories such as SRAM) of the MCU, as shown in fig. 6.
At the beginning of the Flash erase and write flow shown in fig. 12, an execution sequence counter is created and initialized to 0 (note that the counter here is a software counter, but in the present application, the counter may actually be a hardware counter). When the Flash control register unlocking function is executed, the execution sequence counter is increased by 1, whether the counter value is equal to a preset 1 is judged before the Flash sector erasing step is executed (if a redundancy step exists, the counter value can be judged before the redundancy step or after the redundancy step is judged), if so, the step of unlocking the Flash control register is executed, the execution sequence is not problematic, and at the moment, the following steps can be continued. Otherwise, the exception handling is entered. Similarly, at the step 3, it is checked whether the value of the execution step counter is 2, if so, the following steps are continued, otherwise, the exception processing is entered.
Upon entering the Flash sector erase step, the hardware timer shown in fig. 11 is started (in the present application, the timer may also be a software timer) until the timer is cleared 0 after the sector erase step is completed. In the process, if the execution time obtained by the timer is not in the set range, the sector erasing operation is considered to be abnormal and immediately enters the abnormal processing without continuing the subsequent Flash erasing operation.
In this embodiment, the redundancy step 1 and the redundancy step 2 are inserted in the middle of the main Flash erasing operation. In the redundancy step 1, the CPU performs CRC operation on the data pre-stored in the appointed storage area A of the system memory and stores the data in the appointed storage area B of the system memory. The result of the existence of the storage area B and the expected result of the existence of the storage area E are compared at the step of judgment 2 shown in fig. 12, if they are equal, the subsequent step is continued, otherwise, the exception handling is entered. And in the redundancy step 2, the CPU performs CRC operation on the data pre-stored in the appointed storage region C of the system memory and stores the data in the appointed storage region D of the system memory. The result of the presence of the storage area D and the expected result of the presence of the storage area F are compared at the step of judgment 4 shown in fig. 12, if they are equal, the subsequent step is continued, otherwise, the exception handling is entered.
It should be noted that, in the present application, whether the execution time of a certain operation function is not within a preset range may be determined only for a certain or any several operation functions, or may be all operation functions. The present application may insert redundancy steps between all the adjacent operation functions (the redundancy steps are not necessarily identical or different in practice), or may insert redundancy steps between one or some of the adjacent operation functions. In the present application, the determination of the count value of the sequence counter may be performed before the redundancy step, after the redundancy step result determination, or between the redundancy step and the redundancy step result determination between the previous operation function and the next operation function.
In summary, the microcontroller and the method for preventing the Flash from being wrongly erased and written by the microcontroller provided by the application can solve the problem that when the MCU is interfered or hacked by some types, the Program Counter (PC) is not jumped according to the established flow and then the key program and the data are wrongly erased or maliciously tampered, and can solve the problem that the internal hardware of the MCU is wrongly processed in the data operation and the result is wrong due to the external interference or hacking, and then the possibly-caused error data are written into the Flash, so that the key program and the data are written into the error value or maliciously tampered by inserting redundancy steps into the Flash erasing flow.
In other words, the application can greatly reduce the occurrence probability of Flash key information being wrongly erased or maliciously tampered caused by the fact that a program pointer possibly does not jump according to a set program or the operation processing error of hardware data in the MCU when the MCU encounters interference or hacking in the prior art.
The foregoing is merely a preferred embodiment of the application, and it is to be understood that the application is not limited to the form disclosed herein but is not to be construed as excluding other embodiments, but is capable of numerous other combinations, modifications and environments and is capable of modifications within the scope of the inventive concept, either as taught or as a matter of routine skill or knowledge in the relevant art. And that modifications and variations which do not depart from the spirit and scope of the application are intended to be within the scope of the appended claims.
Claims (7)
1. A microcontroller is characterized in that,
the microcontroller is internally provided with a Flash memory or externally provided with a Flash memory;
the built-in Flash memory or the external Flash memory is erased by a Flash erasing flow;
the key steps of the Flash erasing flow are split into a plurality of operation functions and are respectively stored in non-adjacent storage positions;
the microcontroller is further configured to:
adding a redundancy step between part or all adjacent operation functions of the Flash erasing flow; when the data operation result of the redundancy step is detected to be incorrect, entering an abnormal processing flow;
the redundancy step performs a preset operation on the preset data, or performs a preset operation on the calculation result of the previous redundancy step.
2. A microcontroller as defined in claim 1, wherein,
the plurality of operation functions comprise a Flash sector erase function and a Flash write operation function;
or alternatively, the first and second heat exchangers may be,
the plurality of operation functions comprise a Flash configuration register unlocking function, a Flash sector erasing function and a Flash writing operation function.
3. A microcontroller according to claim 1, further comprising:
and the timing module is used for checking the execution time of the operation function, and entering an exception handling program if the execution time of the operation function is out of a preset range.
4. A microcontroller according to any one of claims 1-3, wherein the microcontroller is configured to:
after the previous operation function is judged to be executed, the next operation function is executed.
5. A microcontroller according to claim 4, wherein,
counting is performed when the previous operation function is executed, whether the count value is equal to the expected count value is judged before the next operation function is executed, and if the count value is not equal to the expected count value, an exception processing flow is entered.
6. A method for preventing erroneous erasure of a microcontroller Flash, comprising:
splitting key steps of a Flash erasing flow into a plurality of operation functions;
sequentially executing the plurality of operation functions; wherein the plurality of operating functions are stored in non-adjacent storage locations, respectively;
the method for preventing the Flash of the microcontroller from being erased and written by mistake further comprises the following steps:
adding a redundancy step and a redundancy step result judging step between part or all of the adjacent operation functions;
the redundancy step is used for carrying out preset operation on preset data or carrying out preset operation on the calculation result of the previous redundancy step;
and the redundant step result judging step is used for judging whether the data operation result of the redundant step is correct or not, and if the result is incorrect, entering an abnormal processing flow.
7. The method for preventing Flash from being erased by a microcontroller according to claim 6, further comprising:
when one or more operation functions in the plurality of operation functions are executed, the execution time of the one or more operation functions is counted, and if the counted time is out of a preset range, an exception handling program is entered;
and/or the number of the groups of groups,
counting is performed when the previous operation function is executed, whether the count value is equal to the expected count value is judged before the next operation function is executed, and if the count value is not equal to the expected count value, an exception processing flow is entered.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310966243.XA CN116700786B (en) | 2023-08-02 | 2023-08-02 | Microcontroller and method for preventing Flash of microcontroller from being erased by mistake |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310966243.XA CN116700786B (en) | 2023-08-02 | 2023-08-02 | Microcontroller and method for preventing Flash of microcontroller from being erased by mistake |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116700786A CN116700786A (en) | 2023-09-05 |
| CN116700786B true CN116700786B (en) | 2023-11-10 |
Family
ID=87829624
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310966243.XA Active CN116700786B (en) | 2023-08-02 | 2023-08-02 | Microcontroller and method for preventing Flash of microcontroller from being erased by mistake |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116700786B (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1595368A (en) * | 2003-09-13 | 2005-03-16 | 华为技术有限公司 | Abnormal monitoring equipment and method for multi-task system |
| US6904400B1 (en) * | 1998-09-30 | 2005-06-07 | Stmicroelectronics S.R.L. | Flash EEPROM memory emulator of non-flash EEPROM device and corresponding method |
| CN101409106A (en) * | 2008-10-29 | 2009-04-15 | 苏州大学 | Control method for Flash memory on-line programming |
| CN103383863A (en) * | 2012-05-04 | 2013-11-06 | 北京兆易创新科技股份有限公司 | Method for improving erasure performance of flash memory |
| US9214045B1 (en) * | 2014-08-29 | 2015-12-15 | Freescale Semiconductor, Inc. | Flash memory express erase and program |
| CN109840410A (en) * | 2017-12-28 | 2019-06-04 | 中国科学院计算技术研究所 | The method and system of data isolation and protection in a kind of process |
| CN112732422A (en) * | 2020-12-29 | 2021-04-30 | 北京浪潮数据技术有限公司 | Norflash asynchronous erasing method, device, equipment and medium |
| CN114968640A (en) * | 2022-05-25 | 2022-08-30 | 北京金堤科技有限公司 | Exception fault tolerance processing method and device, storage medium and electronic equipment |
| CN114996717A (en) * | 2022-06-20 | 2022-09-02 | 东风汽车集团股份有限公司 | Upgrade program design method for preventing error erasure |
| CN115934114A (en) * | 2022-11-16 | 2023-04-07 | 亿航智能设备(广州)有限公司 | Software firmware online programming method and device and computer readable storage medium |
-
2023
- 2023-08-02 CN CN202310966243.XA patent/CN116700786B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6904400B1 (en) * | 1998-09-30 | 2005-06-07 | Stmicroelectronics S.R.L. | Flash EEPROM memory emulator of non-flash EEPROM device and corresponding method |
| CN1595368A (en) * | 2003-09-13 | 2005-03-16 | 华为技术有限公司 | Abnormal monitoring equipment and method for multi-task system |
| CN101409106A (en) * | 2008-10-29 | 2009-04-15 | 苏州大学 | Control method for Flash memory on-line programming |
| CN103383863A (en) * | 2012-05-04 | 2013-11-06 | 北京兆易创新科技股份有限公司 | Method for improving erasure performance of flash memory |
| US9214045B1 (en) * | 2014-08-29 | 2015-12-15 | Freescale Semiconductor, Inc. | Flash memory express erase and program |
| CN109840410A (en) * | 2017-12-28 | 2019-06-04 | 中国科学院计算技术研究所 | The method and system of data isolation and protection in a kind of process |
| CN112732422A (en) * | 2020-12-29 | 2021-04-30 | 北京浪潮数据技术有限公司 | Norflash asynchronous erasing method, device, equipment and medium |
| CN114968640A (en) * | 2022-05-25 | 2022-08-30 | 北京金堤科技有限公司 | Exception fault tolerance processing method and device, storage medium and electronic equipment |
| CN114996717A (en) * | 2022-06-20 | 2022-09-02 | 东风汽车集团股份有限公司 | Upgrade program design method for preventing error erasure |
| CN115934114A (en) * | 2022-11-16 | 2023-04-07 | 亿航智能设备(广州)有限公司 | Software firmware online programming method and device and computer readable storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 赵鹏 ; 白石 ; .基于随机游走的大容量固态硬盘磨损均衡算法.计算机学报.2012,77-80. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116700786A (en) | 2023-09-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7506217B2 (en) | Apparatus and method for software-based control flow checking for soft error detection to improve microprocessor reliability | |
| JP5535547B2 (en) | Secure memory interface | |
| EP3163554B1 (en) | Integrated circuit lifecycle security with redundant and overlapping crosschecks | |
| JP2008009721A (en) | Evaluation system and evaluation method thereof | |
| US20130091394A1 (en) | Data processing apparatus and validity verification method | |
| JP6290934B2 (en) | Programmable device, error holding system, and electronic system apparatus | |
| JP6984710B2 (en) | Computer equipment and memory management method | |
| US20070174622A1 (en) | Protection of data of a memory associated with a microprocessor | |
| US9753870B2 (en) | Hardware monitor with context switching and selection based on a data memory access and for raising an interrupt when a memory access address is outside of an address range of the selected context | |
| US10915402B2 (en) | Software fault monitoring | |
| JP6518798B2 (en) | Device and method for managing secure integrated circuit conditions | |
| US10372545B2 (en) | Safe reset techniques for microcontroller systems in safety related applications | |
| CN109472172B (en) | Method for preventing unauthorized data access from memory | |
| CN116700786B (en) | Microcontroller and method for preventing Flash of microcontroller from being erased by mistake | |
| US9563500B2 (en) | Storage integrity validator | |
| US20030005241A1 (en) | Write protect method | |
| CN106935266B (en) | Control method, device and system for reading configuration information from memory | |
| EP2864886B1 (en) | Control of microprocessors | |
| EP3336626B1 (en) | Memory analysis for industrial controllers | |
| US20010049794A1 (en) | Write protection software for programmable chip | |
| CN112468296B (en) | Key programming method, system, electronic equipment and storage medium | |
| US7096394B2 (en) | Method for protecting software programs from inadvertent execution | |
| US20230359523A1 (en) | Memory integrity check | |
| CN117312137A (en) | Interrupt driver-oriented atomic violation defect detection method and device | |
| CN113536297A (en) | Buffer overflow attack defense method and device based on RISC-V and Canary mechanism |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |