CN116776397A - Method for verifying data in a computing unit - Google Patents

Method for verifying data in a computing unit Download PDF

Info

Publication number
CN116776397A
CN116776397A CN202310272982.9A CN202310272982A CN116776397A CN 116776397 A CN116776397 A CN 116776397A CN 202310272982 A CN202310272982 A CN 202310272982A CN 116776397 A CN116776397 A CN 116776397A
Authority
CN
China
Prior art keywords
protection
memory
security module
host
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310272982.9A
Other languages
Chinese (zh)
Inventor
J·施米林
A·V·克里施南
D·霍特吉斯
F·施通普夫
H·阿克塔斯
M·阿塞尔
P·珀因斯汀格
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Robert Bosch GmbH
Original Assignee
Robert Bosch GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Robert Bosch GmbH filed Critical Robert Bosch GmbH
Publication of CN116776397A publication Critical patent/CN116776397A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1416Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
    • G06F12/1425Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block
    • G06F12/1441Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block for a range
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/10Providing a specific technical effect
    • G06F2212/1052Security improvement

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The application relates to a method for verifying data in a computing unit having: a host with a host processor; at least one memory; a security module; and a memory protection unit configurable by the security module, which is set up to: according to a corresponding configuration, one or more of write protection, read protection and execution protection for host access is selectively implemented for at least one configurable area of at least one memory, the method comprising: transmitting a request from the host to the security module, the request indicating a storage area of the at least one memory storing data and a verification operation to be performed; configuring, by the security module, the memory protection unit to activate one or more protection functions for the memory area, selected from write protection and/or read protection and/or execution protection in accordance with a verification operation to be performed; and performing a verification operation with respect to the storage area by the security module to determine a verification result.

Description

Method for verifying data in a computing unit
Technical Field
The application relates to a method for verifying data in a computing unit and to a computing unit for carrying out the method.
Background
The control device of a motor vehicle or other machine may be equipped with a security module, such as a so-called Hardware Security Module (HSM), which provides functionality for cryptographically protecting the functionality of the control device, in particular the execution of an application program or a computer program or the communication with other devices. For example, the authenticity and/or integrity of the applications may be checked before executing the applications, or the HSM may perform encryption and/or decryption of data, such as data sent from the control device to or received by another computing unit. Typically, the HSM is integrated in a microchip together with a main processor of the control device in order to ensure a high processing speed.
Disclosure of Invention
According to the application, a method for verifying data in a computing unit and a computing unit for carrying out the method are proposed, which have the features of the independent patent claims. Advantageous embodiments are the subject matter of the dependent claims and the following description.
The application uses the following measures: configuring, by the security module, a memory protection unit in response to a request transmitted from the host to the security module and indicating a storage area of at least one memory storing data to be authenticated and an authentication operation to be performed; activating one or more protection functions for the storage area, said protection functions being selected from write protection and/or read protection and/or execution protection in accordance with a verification operation to be performed; and then performing the authentication operation for the storage area by the security module to determine an authentication result.
By activating the protection function during this verification operation, vulnerabilities to attacks that result from points in time when the data is used are closed or at least reduced from points in time when the data is verified. In particular, data is prevented from being manipulated by an attacker before the host uses the data, but during or immediately after the authentication operation, such as when the attacker has successfully commingled with a malicious computer program.
The computing unit includes a host, at least one memory, a security module, and a memory protection unit. The host has a host processor. The memory protection unit is configurable by the security module and is set up to: one or more of write protection, read protection, and execution protection of host access are selectively implemented in respective configurations for at least one configurable area of the at least one memory. Since the memory protection unit is configurable by the security module, it is possible that: memory protection is dynamically activated for the different memory areas in which the data to be verified is located at the respective points in time. Preferably, the memory protection unit cannot be configured by the host. This is advantageous because: this prevents a manipulated computer program that has already been executed from bypassing the protection function, for example in order to execute another manipulated computer program.
"read protection" means: the data stored in the storage area cannot be read by the host. "write protect" means: the host cannot write new data to the storage area, and in particular, the data in the storage area cannot be changed. "execution protection" means: when the data in the storage area is a computer program, the host cannot execute the computer program. In the present application, performing protection is typically combined with read protection.
The security module is in particular a Hardware Security Module (HSM), i.e. is essentially implemented by hardware elements (i.e. not as software modules executing in the host). The security module provides cryptographic functions which can be used by the host in order to protect security-critical functions, such as the communication of a plurality of control devices with each other or to check whether program code has been manipulated. For this purpose, the security module manages, in particular, secret passwords (ciphertext) and/or cryptographic keys, and preferably implements the cryptographic method in hardware. These keys are stored by the security module in the area of the host memory provided for this purpose and/or in the security module memory, i.e. in the security module's own memory. The security module includes a processor (which is different from the host processor) and may be implemented separately from the host or integrated with the host or host processor and memory in a chip (the security module and host then may be said to be formed or mapped by different processor cores on the chip to some extent). The security module is set up to perform a verification operation.
The "data" itself may be any data, such as a computer program, program variables/parameters, text data, computer files of any format, strings/bit sequences encoding information, etc. The operation is understood to be a "validation operation" which involves applying a function or mapping to the memory area or data stored therein in order to determine a result, i.e. a "validation result". For this application other elements, such as cryptographic keys or in general cryptographic data, may be added, for example in such a way that these elements are used as parameters of the applied function/map or as comparison elements. Such elements may be stored in the secure module memory.
An example of a verification operation is the application of a verification value function (e.g., a cryptographic hash function) to the storage area or data stored therein in order to determine a verification value. The verification value itself may represent the verification result, or the verification operation may additionally comprise a comparison with a reference verification value, wherein then the comparison result represents the verification result.
Another example of a verification operation is parsing a character string stored in a storage area. Then, for example, it may be determined whether the character string satisfies a specific characteristic as a verification result. The character string is in particular a character string of a format language having a specific syntax. This may be, for example: markup languages, such as XML (extensible markup language (Extensible Markup Language)); file formats such as JSON (JavaScript object notation (JavaScript Object Notation)); or a description language for defining a data structure, such as asn.1 (abstract syntax notation one (Abstract Syntax Notation One)). ASN.1 is a universal Standard for ITU-T (International telecommunication Union (International Telecommunication Union) -telecommunication standardization sector (Telecommunication Standardization Sector)) and ISO (International standardization organization), and is used for certificates or certificate chains, for example, in accordance with ITU-T-Standard X.509. In this example, the verification result is a conclusion about the validity of the certificate. Another example is a configuration file expressed in a markup language, wherein it is determined in a verification operation whether a technically permissible configuration is described therein, in particular a configuration which does not lead to damage to the motor vehicle or machine controlled using the computing unit.
Preferably, the verification operation comprises an integrity check, wherein the verification result indicates whether the data has not changed relative to the reference state. Thus, it can be identified whether the data has been manipulated.
As already mentioned, at the time of the integrity check, a function, i.e. a check value function or a cryptographic hash function, is applied to the data in the memory area, for example, and the obtained (current) check value is compared with a reference check value. If the two are identical, the data is considered unchanged (in terms of integrity check or hash function), i.e. the integrity is confirmed. If the two are different, then consider: the data has changed or has been manipulated, i.e. the integrity has not been confirmed. The reference check value may be managed or stored by the security module. Suitable hash functions are, for example, hash functions according to SHA-1 or SHA-2, namely SHA-224, SHA-256, SHA-384, SHA-512/224 and SHA-512/256, which are known, for example, from the literature FIPS PUB 180-4 (http:// dx.doi.org/10.6028/NIST.FIPS.180-4) of NIST (national institute of standards and technology (National Institute of Standards and Technology)) or also from RFC 6234. The hash value is 160 bits in length for SHA-1 and 224, 256, 384 or 512 bits in length for SHA-2 series of hash functions. Likewise, MD5 (Message Digest Algorithm 5), RFC1321, 128 bits in length, or SHA-3 (FIPS PUB 202, http:// dx.doi.org/10.6028/NIST.FIPS.202) can also be used, 224, 256, 384, 512 bits or any, depending on the version.
Integrity checking may also be performed using a message authentication code (MAC: message Authentication Code). Such as HMAC (hash-based message authentication code; hash-based message authentication code) according to RFC2104 or FIPS PUB 198 (http:// csrc. Nist. Gov/publications/FIPS/FIPS198-1/FIPS-198-1final. Pdf). HMAC involves applying a hash function, in particular one of the cryptographic hash functions described above, a plurality of times. More generally, another Message Authentication Code (MAC) may also be used, in the mapping of which a key (stored by the security module, for example) and a message (data in the storage area) are added. Correspondingly, the HMAC mapping or MAC mapping of keys and messages to authentication codes (check values) represents a check value function. Other examples of message authentication codes other than HMAC are CMAC (Cipher-based message authentication code (Cipher-Based Message Authentication Code)), GMAC (galois information authentication code (Galois Message Authentication Code)) or SipHash.
Further preferably, the at least one memory comprises a non-volatile memory, wherein the memory area is located within the non-volatile memory, and wherein the application is stored in the memory area, wherein the one or more activated protection functions comprise write protection and execution protection, wherein if the verification result indicates that the data has not changed relative to the reference state, the method comprises: configuring the memory protection unit by the security module to disable the execution protection and, if necessary, the read protection; and the application is executed by the host. In the case that the verification result indicates a change in the data relative to the reference state, i.e. is manipulated in terms of an integrity check, the execution protection and, if necessary, the read protection is preferably kept active. I.e. can only be performed if the integrity is confirmed.
Preferably, the data is a string, wherein the verification operation comprises parsing of the string, wherein the one or more activated protection functions comprise write protection, and wherein the verification result indicates whether the string meets a specific characteristic, and wherein further preferably the string is a cryptographic certificate chain, and the verification result indicates whether the certificate is valid. By way of this, as already mentioned, it is possible to check, for example, the validity of a certificate or, more generally, the characteristics of a character string.
Further preferably, the method comprises: the character string is written to the memory area by the host before the request is transferred from the host to the security module, wherein it is still further preferred that the at least one memory comprises a volatile memory and that the memory area is located within the volatile memory. In this way, various character strings received from, for example, a host can be verified.
Preferably, the method comprises: after performing the authentication operation, the memory protection unit is configured by the security module to deactivate at least one of the one or more activated protection functions for the memory area. In particular, the memory protection unit may be configured by the security module to deactivate all of the one or more activated protection functions for the memory area. Thereby, the host can use the data in the storage area. The protection function to be deactivated may be selected according to the type of data. In the case of a computer program, for example, read protection and execution protection may be deactivated, while write protection remains activated.
It is further preferred that at least one protection function to be deactivated is determined based on the verification result. In this way, the protection function to be deactivated can be selected in a targeted manner depending on the verification result. If the verification operation is an integrity check to identify whether the computer program stored in the storage area has been manipulated, read protection and execution protection may be disabled when integrity is confirmed, and write protection may be disabled when integrity is not confirmed, to enable reprogramming, wherein read protection and execution protection remain activated.
Preferably, the method comprises: determining, by the security module, a set of protection functions to be disabled based on the verification result, wherein the set does not include at least one of protection functions or one or more activated protection functions for the storage area based on the verification result; and the memory protection unit is configured by the security module to deactivate the protection function for the memory area to be deactivated included in the set. Here, for example, when the integrity of the data is not confirmed, all the activated protection functions can be maintained, in particular, according to the verification result.
It is further preferred (in connection with all designs for disabling protection functions) that at least one protection function to be disabled or a set of protection functions to be disabled comprises read protection and/or execution protection. This is especially useful when the data relates to an executable computer program. It is also further preferred that at least one protection function to be deactivated or a set of protection functions to be deactivated is selected from the activated protection functions.
Preferably, the one or more activated protection functions include at least write protection and execution protection. Thereby, manipulation of data during a verification operation and execution of the computer program during the verification operation may be prevented. Further preferably, the one or more activated protection functions include read protection. Thus, all accesses by the host to the memory area are blocked.
Preferably, the method comprises: and transmitting a verification result of the verification operation to the host. This is particularly useful when the host uses or does not use such data depending on the authentication result or when an external computing unit attempting to communicate with the computing unit in the case of a certificate chain is considered trusted or untrusted.
Preferably, the method comprises: writing the verification result into a result storage portion of the at least one memory by the security module; and reads the authentication result from the result storage section by the host as necessary to transfer the authentication result. The transfer of the authentication result from the security module to the host can thereby be effected on the one hand, and on the other hand, if the result storage part is in a non-volatile memory, the authentication result can be permanently stored, for example for later error analysis.
The control device of a computing unit, such as a motor vehicle or other machine, according to the application has: a host with a host processor; at least one memory; a security module; and a memory protection unit configurable by the security module, the memory protection unit being set up to: according to a corresponding configuration, write protection, read protection and/or execution protection is selectively implemented for at least one configurable area of the at least one memory, wherein the computing unit is set up to execute all method steps of the method according to the application.
Other advantages and embodiments of the application will be apparent from the description and drawings.
The application is schematically illustrated in the drawings and is described below with reference to the drawings according to embodiments.
Drawings
Fig. 1 illustrates a computing unit in which a method for verifying data may be implemented.
Fig. 2 illustrates a flow of a method for verifying data in accordance with a preferred embodiment.
Detailed Description
Fig. 1 shows an exemplary computing unit 2 in which a method for verifying data can be implemented. The control device of the computing unit 2, for example a motor vehicle or other machine, comprises: a host 4 with a host processor 12; a security module 6; a memory protection unit 8; and at least one memory 10, 11.
The host 4 includes: a host processor 12 having one or more processor cores; and optionally volatile working memory 14 (RAM: random access memory (Random Access Memory)). In addition to the elements shown, the host computer may of course also comprise other elements, in particular interfaces for data communication with other elements of the computing unit and/or with elements external to the computing unit, such as sensors or controlled components of a motor vehicle controlled by the computing unit or of a machine controlled by the computing unit. The host computer implements the actual functions of the computing unit 2, such as control functions in the case of a control device, by executing corresponding computer programs (application programs).
The at least one memory illustratively includes a non-volatile memory 10 (e.g., flash memory) in which a computer program to be executed and data required for the execution may be stored. The at least one memory may also include volatile memory 11 (e.g., RAM memory). As indicated by the lines, the host 4 or host processor 12 is connected to the at least one memory 10, 11 for data communication. The at least one memory may be regarded as a host memory comprising non-volatile memory 10 and/or volatile memory 11, and which may be accessed by the host in accordance with a protection function (see below) implemented by the memory protection unit 8. The connections for data communication and also for the security module are not explicitly shown in detail here, but are represented only generally by lines. These connections may be realized, for example, by means of buses and/or as point-to-point connections.
The security module 6, in particular a Hardware Security Module (HSM), serves as a trust anchor for the computing unit 2. The security module 6 illustratively includes one or more processor cores 22, volatile security module memory 22 (e.g., RAM memory), and non-volatile security module memory 24. In the non-volatile security module memory 24, cryptographic data, such as cryptographic keys or ciphertext, may be stored. There may also be stored a computer program implementing the functions of the security module. Instead of or in addition to the non-volatile security module memory 24, a protected memory area (i.e. a memory area inaccessible to the host) may be provided in the non-volatile memory 10, in which the cryptographic data of the security module or the computer program may be stored. In principle, it is also possible to: the one or more processor cores 22 implement the secure module functionality without executing a computer program (software), e.g., as a state machine. The security module 6 may also comprise further hardware elements 26 (only one shown by way of example) implementing specific security-related functions or cryptographic functions, such as an error correction method (ECC: error correction code (Error Correcting Code)), a random number generator (RNG: random Number Generator), a hash method, an asymmetric cryptographic method (such as RSA: rivest-Shamir-Adleman) or a symmetric cryptographic method (such as AES: advanced encryption standard (Advanced Encryption Standard)). An interface (not shown in detail) is also provided for data communication with the host 4 or host processor 12, the at least one memory 10, 11 and the memory protection unit 8.
The memory protection unit 8 is configurable, for example by means of a configuration register 28. That is, the memory protection function implemented by the memory protection unit 8 is not static, but dynamic. The computing unit 2 is set up such that the configuration of the memory protection unit 8 can only be performed by the security module 6, for example by writing the configuration into the configuration register 28. The host 4 or host processor 12 cannot configure the memory protection unit 8 or, more generally, cannot access the functionality of the memory protection unit 8.
Memory protection may be provided for a specified (configurable) memory area, for example a memory area extending from a start address until an end address. Possible protection functions are: read protection (r), write protection (w), and execution protection (x). The corresponding entry in the configuration register 28 may be, for example, as follows: (start address, end address, r, w, x), where the start address and end address indicate memory areas and r, w, x are bits indicating whether corresponding accesses are allowed. If the host 4 or host processor 12 tries to access the at least one memory 10, 11, the memory protection unit 8 checks whether the corresponding access is allowed (e.g. by means of the configuration register 28). If access is not allowed, the access is blocked, in particular by the memory protection unit 8. Errors (Exception errors) may also be displayed and corresponding error handling routines called, such as in the security module.
The security module 6 can access the at least one memory 10, 11 independently of the memory protection. That is, the memory protection only involves the access of the at least one memory 10, 11 by the host, i.e. the read protection and/or the write protection and/or the execution protection is implemented for the host.
Fig. 2 illustrates a flow of a method for verifying data in accordance with a preferred embodiment. The method steps are shown here in connection with the hardware elements of the computing unit according to fig. 1, namely the host 4, the security module 6, the memory protection unit 8, the at least one memory 10, 11 (host memory) and the non-volatile security module memory 24.
In step 110, the data to be verified, i.e. the data to which the verification operation is applied, is determined and/or provided, preferably by a security application program, i.e. a computer program or computer program module implementing security-related functions, executing in the host. Here, the memory area 50 in which the data to be verified is stored is determined. For example, the secure application may be a boot of the computing unit and the data may be an application that is allowed to be started only when the integrity of the application has been verified, i.e. when it has been verified that the application has not changed from an error-free state. In this case, the memory area 50 may be located within the nonvolatile memory 10. In this case, the verification operation is an integrity check.
Another example is an application (which includes the security application) that wants to check the validity of a certificate in terms of a chain of certificates, such as to check the authenticity and/or integrity of another computing unit or a data set received from the other computing unit when communicating with the other computing unit. In this case, the memory area 50 may be located within the nonvolatile memory 10, wherein the certificate chain is stored in the memory area 50. In this case, the verification operation is a validity check of the certificate to confirm whether the certificate is valid.
In step 110, a request is transmitted from the host to the security module, the request indicating the storage area and the authentication operation to be performed. This may be considered as triggering or causing the execution of the authentication operation by the security module. The request may be sent from the host to the security module via a suitable data line. It can also be provided that: in the at least one memory, in particular the volatile memory, a request storage section 52 is provided, to which the host or the security application writes the request, wherein the host additionally sends or triggers a message or interrupt to the security module in order to cause the host to read the request storage section and to perform the following steps in the security module. In step 120 (which may be considered as part of the transfer of the request from the host to the security module), the security module receives the request or the security module reads the request from the request storage portion.
In step 130, the security module configures the memory protection unit such that one or more protection functions are activated. The protection function is selected based on the authentication operation to be performed. With reference to the above example, at least execution protection and read protection may be activated at the time of the integrity check to prevent the application from being started during the integrity check, and additionally, write protection may be activated to prevent the application from changing after the integrity check but before the start. At least write protection should be activated at the time of validity check in order to prevent manipulation during the check. The term "activated protection function" refers to the protection function activated in this step (corresponding configuration of the memory protection unit by the security module).
In a next step 140, a verification operation is performed by the security module in order to determine a verification result. To this end, the security module may use cryptographic keys and other cryptographic data that are stored in the key storage portion 58 of the non-volatile security module memory. In principle, the validation operation may be considered as a function or mapping applied to the memory area 50. At the time of the integrity check, a check value may be calculated for the memory area 50, for example by means of a cryptographic hash function, in order to determine a current check value, which is compared with a reference check value stored in the key storage part 58. Thus, the verification result shows that: the current check value is the same as the reference check value (no manipulation) or the current check value is different from the reference check value (potential manipulation). At the time of validity check, the certificate chain is parsed to determine whether the certificate to be confirmed is valid as a verification result.
In a next preferred step 150, the security module configures the memory protection unit such that at least one of the protection functions activated in step 120 is deactivated. In particular, all activated protection functions can be deactivated. It may be further provided that: the protection function to be deactivated is selected according to the verification result and the memory protection unit is configured accordingly. In the example of an integrity check of an application, for example, it may be provided that: when there is a potential manipulation (in terms of integrity check), no protection function is deactivated or at least protection is performed and read protection is not deactivated, and when there is no manipulation, all previously activated protection functions are deactivated.
In a preferred step 160, the authentication result may be transferred or sent by the security module to the host via a suitable data line or, as shown, written to the result storage portion 54 of the at least one memory, in particular the volatile memory 11. In a preferred step 170, the verification result is received by the host or read from the result storage section 54.
Next, in a preferred step 180, the host computer may perform an action based on the verification result. In the above example, the application may be launched when it has been confirmed in the integrity check that the application or the storage area storing the application has not been manipulated or changed. Otherwise, the start-up may be prevented. In another example, when the validity of the certificate has been confirmed, it may be communicated with the other computing unit or use data received from the other computing unit. Otherwise, the communication or use of the received data may be stopped.

Claims (14)

1. A method for verifying data in a computing unit (2), the computing unit having: a host (4) with a host processor (12); at least one memory (10, 11); a security module (6); and a memory protection unit (8) configurable by the security module, the memory protection unit being set up to: according to a corresponding configuration, one or more of write protection, read protection and execution protection for host access is selectively implemented for at least one configurable area of the at least one memory, the method comprising:
-transmitting (110, 120) a request from the host (4) to the security module (6), the request indicating a storage area (50) of the at least one memory storing the data and a verification operation to be performed;
-configuring (130) the memory protection unit (8) by the security module (6) to activate one or more protection functions for the memory area (50), the protection functions being selected from the write protection and/or the read protection and/or the execution protection in accordance with a verification operation to be performed;
-performing (140) the authentication operation with respect to the storage area by the security module in order to determine an authentication result.
2. The method of claim 1, the method further comprising: -after performing (140) the authentication operation, configuring (150) the memory protection unit (8) by the security module (6) to deactivate one or at least one of a plurality of activated protection functions for the memory area (50).
3. The method of claim 2, wherein at least one protection function to be disabled is determined based on the validation result.
4. A method according to claim 3, the method further comprising:
determining, by the security module, a set of protection functions to be deactivated based on the verification result, wherein the set does not include a protection function or includes one or at least one of a plurality of activated protection functions for the storage area according to the verification result;
-configuring (150) the memory protection unit (8) by means of a security module (6) to deactivate a protection function for the memory area (50) to be deactivated included in the set.
5. The method according to any of claims 2 to 4, wherein at least one protection function to be deactivated or a set of protection functions to be deactivated comprises the read protection and/or the execution protection.
6. A method according to any of the preceding claims, wherein one or more activated protection functions comprise the write protection and the execution protection and preferably the read protection.
7. The method of any of the preceding claims, the method further comprising: -transmitting (160) a verification result of said verification operation to said host.
8. The method of any of the preceding claims, the method further comprising:
-writing the verification result to a result storage portion (54) of the at least one memory by the security module (6); and also
To the extent dependent on claim 7, the verification result is read (170) from the result storage portion by the host (4) for transfer of the verification result.
9. The method according to any of the preceding claims, wherein the memory protection unit (8) cannot be configured by the host (4).
10. A method according to any one of the preceding claims, wherein the data is a string of characters;
wherein the verification operation includes parsing the string, wherein one or more activated protection functions include the write protection, and wherein the verification result indicates whether the string meets a particular characteristic;
wherein preferably the string is a cryptographic certificate chain and the verification result indicates whether the certificate is valid.
11. The method of claim 10, the method further comprising:
-writing the string into the storage area (50) by the host (4) before transferring the request from the host to the security module;
wherein preferably said at least one memory comprises a volatile memory (11) and said storage area is located within said volatile memory.
12. A method according to any preceding claim, wherein the verification operation comprises an integrity check, and wherein the verification result indicates whether the data has not changed relative to a reference state.
13. The method of claim 12, wherein the at least one memory comprises a non-volatile memory (10), wherein the memory area (50) is located within the non-volatile memory, and wherein an application is stored in the memory area,
wherein the one or more activated protection functions include the write protection and the execution protection,
the method comprises the following steps: if the verification result indicates that the data is unchanged from the reference state, then:
-configuring (150) the memory protection unit (8) by the security module (6) to deactivate the execution protection and, if necessary, the read protection; and also
-executing (180) the application by the host (4).
14. A computing unit (2), the computing unit having: a host (4) with a host processor (12); at least one memory (10, 11); a security module (6); and a memory protection unit (8) configurable by the security module, the memory protection unit being set up to: according to a corresponding configuration, one or more of write protection, read protection and execution protection of host access is selectively implemented for at least one configurable area of the at least one memory, wherein the computing unit is set up to perform all method steps of the method according to any of the preceding claims.
CN202310272982.9A 2022-03-18 2023-03-17 Method for verifying data in a computing unit Pending CN116776397A (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102022202688.8A DE102022202688A1 (en) 2022-03-18 2022-03-18 Method for validating data in a computing unit
DE102022202688.8 2022-03-18

Publications (1)

Publication Number Publication Date
CN116776397A true CN116776397A (en) 2023-09-19

Family

ID=87849581

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310272982.9A Pending CN116776397A (en) 2022-03-18 2023-03-17 Method for verifying data in a computing unit

Country Status (2)

Country Link
CN (1) CN116776397A (en)
DE (1) DE102022202688A1 (en)

Also Published As

Publication number Publication date
DE102022202688A1 (en) 2023-09-21

Similar Documents

Publication Publication Date Title
US10719606B2 (en) Security processor for an embedded system
US7500098B2 (en) Secure mode controlled memory
JP4796340B2 (en) System and method for protected operating system boot using state verification
KR101795457B1 (en) Method of initializing device and method of updating firmware of device having enhanced security function
TWI391864B (en) Critical security parameter generation and exchange system and method for smart-card memory modules
JP4912879B2 (en) Security protection method for access to protected resources of processor
US8024579B2 (en) Authenticating suspect data using key tables
US9703945B2 (en) Secured computing system with asynchronous authentication
US20100241841A1 (en) System and Method for Securing Executable Code
JP4791250B2 (en) Microcomputer and its software falsification prevention method
EP2484564A1 (en) Method and apparatus for vehicle security
JP6387908B2 (en) Authentication system
US20170060775A1 (en) Methods and architecture for encrypting and decrypting data
KR101954439B1 (en) Soc having double security features, and double security method for soc
US11861182B2 (en) Integrated circuit device with an authentication module
CN112417422A (en) Security chip upgrading method and computer readable storage medium
KR101656092B1 (en) Secured computing system with asynchronous authentication
CN110610079A (en) Safe starting method, device and system
Jacob et al. faultpm: Exposing amd ftpms’ deepest secrets
CN116776397A (en) Method for verifying data in a computing unit
CN114024702A (en) Information security protection method and computing device
CN116776333A (en) Method for executing a secure boot sequence of a computing unit
CN116467755A (en) Method for securely providing a computer program to be protected in a computing unit
CA3172266A1 (en) Method for securely processing digital information in a secure element
JP5126530B2 (en) External storage device with function to measure computer environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication