CN118051919A - Data processing method, chip, electronic device and storage medium - Google Patents

Data processing method, chip, electronic device and storage medium Download PDF

Info

Publication number
CN118051919A
CN118051919A CN202410453827.1A CN202410453827A CN118051919A CN 118051919 A CN118051919 A CN 118051919A CN 202410453827 A CN202410453827 A CN 202410453827A CN 118051919 A CN118051919 A CN 118051919A
Authority
CN
China
Prior art keywords
data
target memory
check value
security subsystem
main system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202410453827.1A
Other languages
Chinese (zh)
Inventor
程雯
张恩勤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hefei Smart Chip Semiconductor Co ltd
Shanghai Sasha Mai Semiconductor Co ltd
Tianjin Smart Core Semiconductor Technology Co ltd
Suzhou Sasama Semiconductor Co ltd
Original Assignee
Hefei Smart Chip Semiconductor Co ltd
Shanghai Sasha Mai Semiconductor Co ltd
Tianjin Smart Core Semiconductor Technology Co ltd
Suzhou Sasama Semiconductor Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hefei Smart Chip Semiconductor Co ltd, Shanghai Sasha Mai Semiconductor Co ltd, Tianjin Smart Core Semiconductor Technology Co ltd, Suzhou Sasama Semiconductor Co ltd filed Critical Hefei Smart Chip Semiconductor Co ltd
Priority to CN202410453827.1A priority Critical patent/CN118051919A/en
Publication of CN118051919A publication Critical patent/CN118051919A/en
Pending legal-status Critical Current

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention provides a data processing method, a chip, electronic equipment and a storage medium, wherein the method comprises the following steps: the security subsystem receives a data update request sent by the main system, and verifies whether the main system is trusted or not according to the data update request; the security subsystem responds to the trust of the main system, receives the data to be processed and the first check value sent by the main system, and writes the data to be processed and the first check value into the target memory; the security subsystem checks the data to be processed according to a pre-stored data check key, generates a second check value and determines whether the first check value is matched with the second check value; the security subsystem responds to the matching of the first check value and the second check value and sends a data updating instruction to the main system; wherein the data update instruction is used to characterize that the data in the target memory has completed updating.

Description

Data processing method, chip, electronic device and storage medium
Technical Field
The present invention relates to the field of data processing technologies, and in particular, to a data processing method, a chip, an electronic device, and a storage medium.
Background
With the development of information security technology, security protection for embedded systems has become a necessary measure. In the security protection of an embedded system, it is necessary to ensure that the executed code is not tampered with, and that the executed code is trusted.
In the prior art, a general system can verify the integrity and correctness of a code in a mode of MAC or signature and the like at the starting time, but the verification process has some limitations, firstly, the code verification needs to be carried out at each starting time, and the starting time of the system can be increased. This effect is particularly pronounced for systems with large amounts of code, which may lead to slow start-up procedures, affecting the user experience. Second, if the system needs to update the code frequently, then re-verification is required after each update, which also increases maintenance costs and time overhead for the system. Furthermore, if an attacker can find out that the method bypasses the authentication mechanism or interferes during authentication, the security of the system is compromised.
Disclosure of Invention
The present invention aims to solve at least one of the technical problems in the related art to some extent. Therefore, a first object of the present invention is to propose a data processing method, which verifies a data update request of a host system through a security subsystem to ensure that the host system is trusted, enhance security of the system, prevent malicious or unauthorized update, and further, write and verify data to be processed by the security subsystem having a trusted key, ensure that the data is not tampered during writing, and ensure integrity of the data, so that each update is reliable and accurate. Through the cooperative work of the security subsystem and the main system, the whole data updating flow is ensured to be more orderly and reliable, the main core does not need to check the data when starting each time, the data updating time is saved, the system faults caused by inconsistent data or error updating are reduced, and the stability and the reliability of the system are enhanced.
A second object of the invention is to propose a chip.
A third object of the present invention is to propose an electronic device.
A fourth object of the present invention is to propose a computer readable storage medium.
In order to achieve the above objective, an embodiment of a first aspect of the present invention provides a data processing method, which is applied to a chip, where the chip includes a security subsystem, a main system and a target memory, the security subsystem performs read-write access with the target memory, and the main system performs read-write access with the target memory; the method comprises the following steps: the security subsystem receives a data update request sent by the main system, and verifies whether the main system is trusted or not according to the data update request; the security subsystem responds to the trust of the main system, receives data to be processed and a first check value sent by the main system, and writes the data to be processed and the first check value into the target memory; the security subsystem checks the data to be processed according to a pre-stored data check key, generates a second check value and determines whether the first check value is matched with the second check value; the security subsystem responds to the first check value and the second check value to be matched, and sends a data updating instruction to the main system; wherein the data update instruction is used for indicating that the data in the target memory has completed updating.
In addition, the data processing method according to the above embodiment of the present invention may further have the following additional technical features:
According to some embodiments of the invention, the security subsystem is further configured to, after the security subsystem is trusted in response to the host system,:
and the security subsystem sends a trusted authentication result to the main system so that the main system obtains the data to be processed and the first check value according to the trusted authentication result.
According to some embodiments of the invention, the method further comprises:
And the security subsystem responds to the fact that the main system is not trusted, and terminates the process of writing the data to be processed and the first check value into a target memory.
According to some embodiments of the invention, before the secure subsystem writes the data to be processed and the first check value to a target memory, the method further comprises:
the security subsystem marks the data state of the data in the target memory as an invalid state; wherein the invalid state is used for representing that the data in the target memory is forbidden to be executed or that part of functions are limited when being executed.
According to some embodiments of the invention, after the security subsystem responds to the first check value matching the second check value, the method further comprises:
The security subsystem marks the data state of the data in the target memory as a valid state; wherein the valid state is used to characterize that data in the target memory is allowed to be executed.
According to some embodiments of the invention, the method further comprises:
The security subsystem maintains the data state of the data in the target memory as an invalid state in response to the first check value not matching the second check value; wherein the invalid state is used for representing that the data in the target memory is forbidden to be executed or that part of functions are limited when being executed.
According to some embodiments of the invention, the method further comprises:
The main system responds to the determination of the starting information of the chip, and reads the data state of the data in the target memory;
the host system reads and executes data in the target memory in response to the data state in the target memory being a valid state.
According to some embodiments of the invention, the method further comprises:
the host system prohibits execution of the data in the target memory or executes a portion of the data in the target memory in response to the data state in the target memory being an invalid state.
According to the data processing method provided by the embodiment of the invention, the security subsystem is responsible for updating and checking the data, and timely updates the mark of whether the code is effective or not when updating, and the chip only needs to read the mark when starting, and does not need to check the whole code. The starting time is greatly reduced, the instantaneity of the system is improved, and the optimization effect is more obvious especially on a system with large code quantity. If the data is detected to be tampered or the verification fails, the security subsystem can immediately take corresponding measures, such as prohibiting the main system from starting or limiting the functions of the main system, so that illegal operation is prevented in time. This real-time protection mechanism improves the security of the system and enables a quick response when a security problem occurs.
In order to achieve the above object, an embodiment of a second aspect of the present invention provides a chip, where the chip includes a security subsystem, a host system, and a target memory, where the security subsystem performs read-write access with respect to the target memory, and the host system performs read-write access with respect to the target memory.
The security subsystem is configured to:
receiving a data updating request sent by the main system, and verifying whether the main system is trusted or not according to the data updating request;
Receiving data to be processed and a first check value sent by the main system in response to the trust of the main system, and writing the data to be processed and the first check value into the target memory;
Checking the data to be processed according to a pre-stored data checking key, generating a second checking value, and determining whether the first checking value is matched with the second checking value;
responsive to the first check value matching the second check value, sending a data update instruction to the host system; wherein the data update instruction is used for indicating that the data in the target memory has completed updating.
According to the chip provided by the embodiment of the invention, the security subsystem is used for receiving a data update request sent by a main system, verifying whether the main system is trusted according to the data update request, responding to the trust of the main system, receiving data to be processed and a first check value sent by the main system, writing the data to be processed and the first check value into a target memory, checking the data to be processed according to a pre-stored data check key, generating a second check value, determining whether the first check value is matched with the second check value, and responding to the first check value matched with the second check value by a response module, and sending a data update instruction to the main system; wherein the data update instruction is used for indicating that the data in the target memory has completed updating. Therefore, the chip is responsible for updating and checking data through the security subsystem, and timely updates the mark of whether the code is valid or not when updating, and the chip only needs to read the mark when starting, and does not need to check the whole code. The starting time is greatly reduced, the instantaneity of the system is improved, and the optimization effect is more obvious especially on a system with large code quantity. If the data is detected to be tampered or the verification fails, the security subsystem can immediately take corresponding measures, such as prohibiting the main system from starting or limiting the functions of the main system, so that illegal operation is prevented in time. This real-time protection mechanism improves the security of the chip and enables a quick response when a security problem occurs.
To achieve the above object, an embodiment of the present invention provides an electronic device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor implements the data processing method as described above when executing the program.
To achieve the above object, an embodiment of the fourth aspect of the present invention provides a computer-readable storage medium storing computer instructions for causing the computer to execute the above-mentioned data processing method.
Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
In order to more clearly illustrate the invention or the technical solutions of the prior art, the drawings which are used in the description of the embodiments or the prior art will be briefly described, it being obvious that the drawings in the description below are only of the invention and that other drawings can be obtained from them without inventive effort for a person skilled in the art.
Fig. 1 is a schematic diagram of a chip structure in the prior art.
Fig. 2 is a schematic diagram of a chip code update flow in the prior art.
Fig. 3 is a schematic diagram of a chip security start-up procedure in the prior art.
Fig. 4 is a schematic diagram of a chip structure according to an embodiment of the present invention.
Fig. 5 is a schematic diagram of a nonvolatile memory according to an embodiment of the invention.
Fig. 6 is a schematic flow chart of a data processing method applied to a security subsystem of a chip according to an embodiment of the present invention.
Fig. 7 is a schematic flow chart of a data processing method applied to a main system of a chip according to an embodiment of the present invention.
Fig. 8 is a schematic diagram of an interaction flow of a data processing method applied to a security subsystem and a main system according to an embodiment of the present invention.
Fig. 9 is a schematic diagram of a chip code update process according to an embodiment of the present invention.
Fig. 10 is a schematic diagram of a chip according to an embodiment of the present invention.
Fig. 11 is a schematic diagram of a hardware structure of an electronic device according to an embodiment of the present invention.
Reference numerals: chip architecture 100, host core 101, security subsystem 102, nonvolatile memory 103, mailbox module 104, chip architecture 400 provided by embodiments of the invention, security subsystem 401, host system 402, target memory 403, communication module 404, target memory controller 4031, target memory host array 4032, bus master permission controller 4033, security subsystem 1001, host system 1002, target memory 1003, processor 1110, memory 1120, input/output interface 1130, communication interface 1140, bus 1150.
Detailed Description
The present invention will be further described in detail below with reference to specific embodiments and with reference to the accompanying drawings, in order to make the objects, technical solutions and advantages of the present invention more apparent.
It is to be noted that unless otherwise defined, technical or scientific terms used herein should be taken in a general sense as understood by one of ordinary skill in the art to which the present invention belongs. The terms "first," "second," and the like, as used herein, do not denote any order, quantity, or importance, but rather are used to distinguish one element from another. The word "comprising" or "comprises", and the like, means that elements or items preceding the word are included in the element or item listed after the word and equivalents thereof, but does not exclude other elements or items. The terms "connected" or "connected," and the like, are not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. "upper", "lower", "left", "right", etc. are used merely to indicate relative positional relationships, which may also be changed when the absolute position of the object to be described is changed.
As described in the background section, with the wide application of the embedded system, the security problem is increasingly highlighted, and especially in the scene with higher requirement on real-time, how to ensure the integrity and correctness of the system execution code, and reduce the starting time becomes a technical problem to be solved urgently.
The applicant finds that in the process of implementing the present invention, when a conventional embedded system is powered on, the integrity and correctness of the code are usually verified by means of MAC or signature. However, such a verification process increases the start-up time of the system, especially for systems that execute larger firmware. For real-time systems that require fast response, too long a start-up time obviously cannot meet their performance requirements. Furthermore, the prior art has limitations for protection against code tampering. Once the code is tampered with during running, the prior art cannot always find out in time, and can only detect the code when the code is started next time, which definitely increases the security risk faced by the system. If the system performs an illegal operation during this period, serious consequences may result. Therefore, how to reduce the starting time and improve the real-time protection capability for code tampering while ensuring the code security of the embedded system becomes a technical problem to be solved in the current embedded system security field.
The technical scheme of the invention is further described in detail through specific examples.
Referring to fig. 1, a schematic diagram of a chip structure in the prior art is shown.
Fig. 1 shows a prior art chip structure 100, comprising: a main core 101, a security subsystem 102, a non-volatile memory 103, and a mailbox module 104.
The nonvolatile memory 103 (abbreviated as NVM) is a memory in which stored data does not disappear when the current is turned off. Mailbox module 104, i.e. a module for receiving and sending messages based on a mailbox mechanism, designates a receiver for the message content to be transferred, and can transfer the data to be processed to a designated system end for assisting in establishing communication between main core 101 and security subsystem 102.
The main core 101 is in communication connection with the security subsystem 102 through the mailbox module 104, and read-write access can be performed between the main core 101 and the mailbox module 104, and also between the security subsystem 102 and the mailbox module 104. The main core 101 is communicatively connected to the nonvolatile memory 103, and the main core 101 can perform read-write access to the nonvolatile memory 103, while the security subsystem 102 can perform only read access to the nonvolatile memory 103.
It should be noted that the security subsystem is a trusted root of the entire chip, and important security data such as a key is stored in the security subsystem. The outside cannot access information inside the security subsystem and cannot tamper with the content stored inside, so the security subsystem is considered to be secure. The security level of the main core is lower than that of the security subsystem, and the content stored in the nonvolatile memory of the main core can be modified at will by the main core.
Referring to fig. 2, a flow chart of updating a chip code in the prior art is shown.
In the prior art, a main core starts an updating process and writes to-be-processed data and a trusted check value of a code into a nonvolatile memory, wherein the to-be-processed data can be understood as the code to be updated, the trusted check value is an initial check value which is obtained by the main core from a trusted terminal in advance, and the trusted terminal is a terminal authenticated as trusted by a security subsystem. Further, the main core informs the security subsystem of checking the written codes, after the security subsystem receives the notification, the security subsystem reads the data to be processed, checks the data to be processed according to a pre-stored secret key, generates a new check value, matches the newly generated check value with the trusted check value, and informs the security subsystem of the check result, if so, the security subsystem indicates that the check result for the data to be processed is correct, the main check code is successfully updated, and the updating is finished; if the data is not matched, the verification result aiming at the data to be processed is wrong, the updating of the main verification code fails, and the updating is finished.
Referring to fig. 3, a schematic diagram of a chip security start-up procedure in the prior art is shown.
In order to prevent the code executed by the main core from being tampered, the code to be executed by the main system is checked through the security subsystem when the code is safely started, and the code of the main core is executed after the code is checked; if the verification fails, the master is prohibited from starting, or part of the functions and rights of the master are limited.
Referring to fig. 4, a schematic diagram of a chip structure according to an embodiment of the present invention is provided.
Fig. 4 is a chip structure 400 according to an embodiment of the present invention, including: a security subsystem 401, a main system 402, a target memory 403, and a communication module 404.
The target memory 403 may be a nonvolatile memory and the communication module 404 may be a mailbox module.
In the invention, the security subsystem 401 is in communication connection with the main system 402 through the communication module 404, the security subsystem 401 is in communication connection with the target memory 403, the main system 402 is in communication connection with the target memory 403, the security subsystem 401 and the communication module 404 can perform read-write access, the main system 402 and the communication module 404 can also perform read-write access, the security subsystem 401 and the target memory 403 can perform read-write access, and the main system 402 and the target memory 403 can only perform read-write access.
Referring to fig. 5, a schematic diagram of a nonvolatile memory according to an embodiment of the present invention is provided.
In order to realize the data processing mode of some embodiments of the present invention, the read-write mode of the internal structure of the chip is adjusted.
The security subsystem 401 and the main system 402 have different read-write rights to the target memory 403, the security subsystem 401 can perform read-write operation to the target memory 403, and the main system 402 can only perform read-write operation to the target memory 403, so that the contents in the target memory 403 cannot be erased. Since the security subsystem 401 is a trusted root of the entire chip, the erase and write operation of the security subsystem 401 to the target memory 403 is trusted. Since the host system is not a trusted root, the data in the target memory 403 cannot be erased and written, so that the data in the target memory 403 is effectively prevented from being disturbed or tampered maliciously.
To implement the above-described change of the read-write authority, the internal structure of the target memory 403 is optimized.
The target memory 403 includes a target memory controller 4031 and a target memory main array 4032. The invention adds a bus master authority controller 4033 in the target memory controller 4031, and can realize the control of access authorities of different system ends through a bus. The bus master permission controller 4033 only authorizes the security subsystem 401 to erase and write to the target memory 403, prohibits the master system 402 or other devices on the bus from erasing and writing to the target memory 403, and the master system 403 can only read to the target memory 403.
Referring to fig. 6, a flow chart of a data processing method of a security subsystem applied to a chip according to an embodiment of the present invention is shown.
In step S601, the security subsystem receives a data update request sent by the host system, and verifies whether the host system is trusted according to the data update request.
In a specific implementation, the update flow is initiated by the host system (i.e., the host core), the security subsystem first needs to verify the trustworthiness of the initiator, and only performs the trusted agent initiated update request. The update request is typically transmitted over a network communication or a specific interface. The security subsystem needs to parse the request to obtain the necessary information, such as the type of request, the data involved, a detailed description of the update operation, etc. The security authentication between the security subsystem and the host system may be implemented using common symmetric or asymmetric encryption algorithms.
Taking the banking system as an example, the main core is responsible for handling daily transactions, while the security subsystem is responsible for storing sensitive data (such as customer identity information and transaction records). When the master core needs to update some of the client data, it sends a data update request to the security subsystem. After receiving the request, the security subsystem verifies the credibility of the main core according to the steps, and only after the verification is passed, the update operation is executed.
In step S602, the security subsystem receives the data to be processed and the first check value sent by the host system in response to the host system being trusted, and writes the data to be processed and the first check value into the target memory.
In a specific implementation, after the security subsystem verifies that the main system is trusted, the security subsystem receives the data to be processed and the corresponding first check value sent by the security subsystem, and writes the data into the target memory. The data to be processed is the code which needs to be updated or stored, and the main system can acquire the data to be written into the target memory from the outside through the communication interface and send the data to the security subsystem through the mailbox module. The first check value is the initial trusted check value and is used for verifying the integrity and accuracy of the data. The first check value is typically calculated by a hash function or other algorithm, which represents some digital digest or fingerprint of the data.
It should be noted that, in the data transmission and writing process, encryption and secure communication protocols may be adopted to prevent data from being leaked or illegally intercepted. If any error occurs during the writing process, such as a memory failure or a data transfer error, a corresponding error handling mechanism, such as a retry, logging, or alarm, may be employed.
As an alternative embodiment, after the security subsystem authenticates that the host system is trusted, the security subsystem needs to send a trusted authentication result to the host system, so that the host system obtains the data to be processed and the first check value according to the trusted authentication result.
Specifically, once the security subsystem verifies that the host system is trusted, the security subsystem generates a trusted authentication result and sends the trusted authentication result to the host system through the secure channel. The authentication result may be a simple confirmation message or may contain more detailed information such as a time stamp, validity period or specific authority identification of the authentication. After confirming its identity and rights, the host system will obtain the data to be processed and the first check value associated with it from the corresponding data source. The data may be stored locally on the host system or may be obtained from other trusted systems or external data sources.
As an alternative embodiment, if the security subsystem verifies that the host system is not trusted, the process of writing the data to be processed and the first check value to the target memory is terminated.
Specifically, if the identity, rights or behavior of the host system is found to be unexpected during the verification process, or any anomaly or security risk exists, the security subsystem will determine that the host system is not trusted. Upon determining that the host system is not trusted, the secure subsystem immediately terminates the process of writing the pending data and the first check value to the target memory. This means that the data is not transferred to the target memory nor is any subsequent write operation performed. By terminating the write flow, the untrusted host system may be prevented from acquiring or tampering with the sensitive data, thereby protecting the confidentiality and integrity of the data. And the un-trusted system end can be identified and refused in time, so that potential system risks and security vulnerabilities can be reduced.
As an alternative embodiment, before the security subsystem writes the data to be processed and the first check value into the target memory, the data state of the data in the target memory needs to be marked as an invalid state; wherein the invalid state is used to characterize that data in the target memory is prohibited from being executed or that some functions are limited when executed.
Specifically, when the system decides to start updating the code, a flag of whether the code is valid is set to invalid first. This is done to ensure that incomplete code is not attempted to be executed during the update even if the system is accidentally restarted or other disruption occurs. Prior to the update, the old code in the nonvolatile memory may be selected for backup. This may provide a recovery point in case of problems in the update process. New code fragments are written stepwise to the non-volatile memory. If the system attempts to execute incomplete code in non-volatile memory before the code update is complete, unpredictable behavior, system crashes, and even data corruption may result. Thus, setting a flag of whether the code is valid is an important security measure. Some of the functions that are limited in execution are understood to be limited in the operations that some system components or processes can perform even if they attempt to access or execute such data.
In step S603, the security subsystem checks the data to be processed according to a pre-stored data check key, generates a second check value, and determines whether the first check value is matched with the second check value.
In the flow of data processing and storage, it is critical to verify the integrity and accuracy of the data.
As an alternative embodiment, after receiving the data to be processed and the first check value sent by the host system, the security subsystem uses a pre-stored data check key to check the data to generate a new data check value (i.e., a second check value). The data verification key is key information stored in a safe and reliable place in advance and is used for verifying and verifying data. Before verification can be performed, the system needs to securely acquire this key, ensuring confidentiality and integrity of the key. And using the acquired data verification key to perform verification calculation on the data to be processed. The verification computation typically involves one or more encryption algorithms or hash functions that are capable of converting the data into a unique verification value (i.e., a second verification value). The second check value may be understood as a digital fingerprint of the data to be processed in the current state, representing the integrity and content of the data. Further, the system matches the first check value with the second check value to determine the accuracy and integrity of the data to be processed during transmission.
As an alternative embodiment, after the security subsystem determines that the host system is trusted, the host system may initiate an update notification to the security subsystem to notify the security subsystem to write the data to be processed and the first check value to the target memory.
Step S604, the security subsystem responds to the matching of the first check value and the second check value and sends a data updating instruction to the main system; wherein the data update instruction is used for indicating that the data in the target memory has completed updating.
As an alternative embodiment, if the two check values match perfectly, the data to be processed may be considered to be intact and accurate without being tampered with during transmission.
Specifically, by the matching confirmation of the check values, the reliability and the safety of data transmission can be greatly improved. The calculation of the check value is usually based on a complex encryption algorithm or hash function, so that the uniqueness and the difficulty in counterfeiting of the check value are ensured.
As an alternative embodiment, if the two check values match perfectly, the data state of the data in the target memory may be marked as a valid state; wherein the valid state is used to characterize that data in the target memory is allowed to be executed.
Specifically, after confirming the integrity of the data to be processed, in order to further ensure the security of the system and the availability of the data, the data state in the target memory may be marked as a valid state. This valid state indicates that the data in the target memory is complete, accurate, and allowed to be executed.
As an alternative embodiment, if the first check value does not match the second check value, maintaining the data state of the data in the target memory as an invalid state; wherein the invalid state is used to characterize that data in the target memory is prohibited from being executed or that some functions are limited when executed.
If there is no match, it indicates that the data may be tampered with or corrupted during transmission, requiring further processing or rejection. When the first check value does not match the second check value, the data state of the data in the target memory should be maintained as an invalid state. The invalid state explicitly indicates that the data should not be executed, thereby preventing potential security risks and data corruption. By maintaining an invalid state, the system can prevent execution of data that may have been damaged or tampered with, thereby avoiding potential security risks and data errors, ensuring that only verified and validated data is executed, and improving the security of the system and the reliability of the data.
As an alternative embodiment, when the check values are found to be mismatched, the system should record a corresponding error log, including information of the mismatched check values, data receiving time, source, etc., for subsequent audit and troubleshooting. An alarm may also be triggered or an administrator notified to take further action depending on the security policy of the system.
As an alternative embodiment, the data update instruction may include, but is not limited to, information including an identifier, timestamp, or version number of the data update, enabling the host system to explicitly know that the data in the target memory has completed the update. The data update instructions may also contain detailed descriptions about the updated data, such as the size, type, or purpose of the data, for subsequent processing by the host system as needed. The security subsystem can ensure that the main system knows the update state of the data in time after the data integrity is verified by sending the data update instruction.
As an alternative embodiment, the security subsystem reads the data state of the data in the target memory in response to determining the start-up information of the target chip, and if it is determined that the data state in the target memory is a valid state, controls the main system to start up, and controls the main system to execute the data in the target memory.
As an alternative embodiment, the security subsystem may disable the host system from executing the data in the target memory or may control the host system to execute a portion of the data in the target memory in response to the data state in the target memory being an invalid state.
Specifically, the system checks the read data state. If the data state is a valid state, indicating that the data is complete and not tampered with, allowing it to be executed; if the data state is an invalid state, the data should not be executed. By reading and verifying the data state in the target memory, the system is able to ensure that operations are performed only if the data is complete and has not been tampered with, thereby improving the security of the system and the reliability of the data. The invention ensures that the main body of the erasing operation on the target memory is credible from the chip hardware, and the erasing operation on the nonvolatile memory is completely controlled by the security subsystem when the erasing operation is performed, so that the security subsystem only needs to check the code or the data when the code or the data is updated, and the code or the data does not need to be checked when the code or the data is started each time, thereby saving the time of security starting.
Referring to fig. 7, a flow chart of a data processing method applied to a host system of a chip according to an embodiment of the present invention is shown.
In step S701, the host system sends a data update request to the security subsystem.
In step S702, the host system receives the trusted authentication result sent by the security subsystem, and obtains the data to be processed and the first check value according to the trusted authentication result.
In step S703, the host system receives the data update instruction.
In step S701 to step S702, the host system needs to acquire the latest data to perform the relevant task or operation, and thus sends a data update request to the security subsystem. The request may contain information such as the identifier of the host system, the type or range of data required, etc. in order for the security subsystem to respond correctly. After receiving the data updating request, the security subsystem verifies whether the main system is trusted according to the data updating request, and if so, the security subsystem sends a trusted authentication result to the main system. The main system starts to acquire the data to be processed and the first check value, and sends the data to be processed and the first check value to the security subsystem. After the security subsystem successfully verifies the data written into the target memory, a data update instruction is sent to the main system, the data update instruction indicates that the data in the target memory is updated, and the main system is allowed to execute the data. After receiving the data update instructions, the host system may begin loading and executing the data to complete its intended tasks or operations.
Referring to fig. 8, an interactive flow diagram of a data processing method applied to a security subsystem and a main system according to an embodiment of the present invention is shown.
As an alternative embodiment, the update procedure is initiated by the host system, and the security subsystem first needs to verify the trustworthiness of the initiator. If the authentication fails, the updating process is directly exited, and the non-trusted body is prevented from tampering with the content of the non-volatile memory. If the authentication is successful, the code update will begin to be performed. Since only incomplete code is stored in the target memory before the code update is fully completed, it is considered invalid code. Therefore, before updating the code, a flag of whether the code is valid is set to invalid. In the process of updating codes, the main system can acquire data to be written into the nonvolatile memory from the outside through a communication interface and send the data to the security subsystem through the mailbox module. After receiving the information, the security subsystem reads the data to be written and writes the data into the nonvolatile memory. This step may be repeated multiple times until all data updates are completed. Further, the security subsystem writes the check value of the data into the nonvolatile memory, reads the key and performs the check. If the verification is passed, the code valid flag is set to be valid, and the main core result is notified to complete updating. If the verification is not passed, the update is unsuccessful and the code valid flag remains invalid.
Since the time of the modification of the content of the non-volatile memory and the checking of the validity of the content are both done by a trusted security subsystem, the modification of the content is secure and controllable and not tampered with by an untrusted entity. Therefore, when the chip is started, the code security check is not needed, and only the mark whether the code is valid or not is needed to be read.
Referring to fig. 9, a schematic diagram of a chip code update process according to an embodiment of the present invention is provided.
After the system is started, firstly checking a code valid mark, and if the code is valid, starting a main system and executing the code; if the code is invalid, the main system is forbidden to start, or part of functions and rights of the main system are limited. Because the step of carrying out safety verification on the code is omitted during safety starting, only the code effective mark is required to be read, the starting time can be greatly reduced while the credibility and the correctness of the code are ensured, and the starting speed is improved.
From the above, it can be seen that the data processing method applied to the chip provided by the invention verifies the data update request of the main system through the security subsystem, so as to ensure that the main system is trusted, enhance the security of the system, prevent malicious or unauthorized update, further, write and verify the data to be processed by the security subsystem with the trusted key, ensure that the data is not tampered in the writing process, and ensure the integrity of the data, so that each update is reliable and accurate. Through the cooperative work of the security subsystem and the main system, the whole data updating flow is ensured to be more orderly and reliable, the main core does not need to check the data when starting each time, the data updating time is saved, the system faults caused by inconsistent data or error updating are reduced, and the stability and the reliability of the system are enhanced.
It should be noted that, the method of the embodiment of the present invention may be performed by a single device, for example, a computer or a server. The method of the embodiment can also be applied to a distributed scene, and is completed by mutually matching a plurality of devices. In the case of such a distributed scenario, one of the devices may perform only one or more steps of the method of an embodiment of the present invention, the devices interacting with each other to accomplish the method.
It should be noted that the foregoing describes some embodiments of the present invention. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments described above and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
Based on the same inventive concept, the invention also provides a chip corresponding to the method provided by any embodiment.
Referring to fig. 10, a schematic diagram of a chip according to an embodiment of the present invention is provided.
The device comprises: the chip comprises a security subsystem 1001, a main system 1002 and a target memory 1003, wherein the security subsystem 1001 performs read-write access with the target memory 1003, and the main system 1002 performs read access with the target memory 1003;
The security subsystem 1001 is configured to:
receiving a data updating request sent by the main system, and verifying whether the main system is trusted or not according to the data updating request;
Receiving data to be processed and a first check value sent by the main system in response to the trust of the main system, and writing the data to be processed and the first check value into the target memory;
Checking the data to be processed according to a pre-stored data checking key, generating a second checking value, and determining whether the first checking value is matched with the second checking value;
responsive to the first check value matching the second check value, sending a data update instruction to the host system; wherein the data update instruction is used for indicating that the data in the target memory has completed updating.
Optionally, the security subsystem 1001 is further configured to:
and sending a trusted authentication result to the main system so that the main system obtains the data to be processed and the first check value according to the trusted authentication result.
Optionally, the security subsystem 1001 is further configured to:
And responding to the fact that the main system is not trusted, terminating the process of writing the data to be processed and the first check value into a target memory.
Optionally, the security subsystem 1001 is further configured to:
Marking the data state of the data in the target memory as an invalid state; wherein the invalid state is used for representing that the data in the target memory is forbidden to be executed or that part of functions are limited when being executed.
Optionally, the security subsystem 1001 is further configured to:
Marking the data state of the data in the target memory as a valid state; wherein the valid state is used to characterize that data in the target memory is allowed to be executed.
Optionally, the security subsystem 1001 is further configured to:
In response to the first check value not matching the second check value, maintaining a data state of data in the target memory as an invalid state; wherein the invalid state is used for representing that the data in the target memory is forbidden to be executed or that part of functions are limited when being executed.
Optionally, the host system 1002 is further configured to:
reading the data state of the data in the target memory in response to determining the start-up information of the chip;
And reading and executing the data in the target memory in response to the data state in the target memory being a valid state.
Optionally, the host system 1002 is further configured to:
And in response to the data state in the target memory being an invalid state, prohibiting execution of the data in the target memory or executing a portion of the data in the target memory.
According to the chip provided by the embodiment of the invention, the security subsystem is used for receiving a data update request sent by a main system, verifying whether the main system is trusted according to the data update request, responding to the trust of the main system, receiving data to be processed and a first check value sent by the main system, writing the data to be processed and the first check value into a target memory, checking the data to be processed according to a pre-stored data check key, generating a second check value, determining whether the first check value is matched with the second check value, and responding to the first check value matched with the second check value by a response module, and sending a data update instruction to the main system; wherein the data update instruction is used for indicating that the data in the target memory has completed updating. Therefore, the chip is responsible for updating and checking data through the security subsystem, and timely updates the mark of whether the code is valid or not when updating, and the chip only needs to read the mark when starting, and does not need to check the whole code. The starting time is greatly reduced, the instantaneity of the system is improved, and the optimization effect is more obvious especially on a system with large code quantity. If the data is detected to be tampered or the verification fails, the security subsystem can immediately take corresponding measures, such as prohibiting the main system from starting or limiting the functions of the main system, so that illegal operation is prevented in time. This real-time protection mechanism improves the security of the chip and enables a quick response when a security problem occurs.
For convenience of description, the above system is described as being functionally divided into various modules, respectively. Of course, the functions of each module may be implemented in the same piece or pieces of software and/or hardware when implementing the present invention.
The system of the foregoing embodiment is configured to implement the corresponding data processing method in any of the foregoing embodiments, and has the beneficial effects of the corresponding method embodiment, which is not described herein.
Based on the same inventive concept, the invention also provides an electronic device, corresponding to the data processing method according to any of the above embodiments, including a memory, a processor, and a computer program stored on the memory and capable of running on the processor, where the processor implements the data processing method according to any of the above embodiments when executing the program.
Fig. 11 is a schematic diagram showing a hardware structure of a more specific electronic device according to the present embodiment, where the device may include: a processor 1110, a memory 1120, an input/output interface 1130, a communication interface 1140, and a bus 1150. Wherein processor 1110, memory 1120, input/output interface 1130, and communication interface 1140 implement communication connections among each other within the device via bus 1150.
The processor 1110 may be implemented by a general-purpose CPU (Central Processing Unit ), a microprocessor, an Application SPECIFIC INTEGRATED Circuit (ASIC), or one or more integrated circuits, etc. for executing related programs to implement the technical solutions provided in the embodiments of the present disclosure.
The Memory 1120 may be implemented in the form of ROM (Read Only Memory), RAM (Random Access Memory ), static storage, dynamic storage, etc. Memory 1120 may store an operating system and other application programs, and when the embodiments of the present specification are implemented in software or firmware, the associated program code is stored in memory 1120 and executed by processor 1110.
The input/output interface 1130 is used to connect with an input/output module to achieve information input and output. The input/output module may be configured as a component in a device (not shown in the figure) or may be external to the device to provide corresponding functionality. Wherein the input devices may include a keyboard, mouse, touch screen, microphone, various types of sensors, etc., and the output devices may include a display, speaker, vibrator, indicator lights, etc.
The communication interface 1140 is used to connect a communication module (not shown) to enable communication interaction between the present device and other devices. The communication module may implement communication through a wired manner (such as USB, network cable, etc.), or may implement communication through a wireless manner (such as mobile network, WIFI, bluetooth, etc.).
Bus 1150 includes a path to transfer information between components of the device (e.g., processor 1110, memory 1120, input/output interface 1130, and communication interface 1140).
It should be noted that although the above-described device only shows the processor 1110, the memory 1120, the input/output interface 1130, the communication interface 1140, and the bus 1150, the device may include other components necessary to achieve normal operation in the implementation. Furthermore, it will be understood by those skilled in the art that the above-described apparatus may include only the components necessary to implement the embodiments of the present description, and not all the components shown in the drawings.
The electronic device of the foregoing embodiment is configured to implement the corresponding data processing method in any of the foregoing embodiments, and has the beneficial effects of the corresponding data processing method embodiment, which is not described herein again.
Based on the same inventive concept, the present invention also provides a non-transitory computer readable storage medium storing computer instructions for causing the computer to perform the data processing method according to any of the above embodiments, corresponding to the data processing method according to any of the above embodiments.
The non-transitory computer readable storage media described above can be any available media or data storage device that can be accessed by a computer, including, but not limited to, magnetic storage (e.g., floppy disks, hard disks, magnetic tapes, magneto-optical disks (MOs), etc.), optical storage (e.g., CD, DVD, BD, HVD, etc.), and semiconductor storage (e.g., ROM, EPROM, EEPROM, nonvolatile storage (NAND FLASH), solid State Disk (SSD)), etc.
The storage medium of the above embodiments stores computer instructions for causing the computer to perform the data processing method according to any one of the above exemplary method portions, and has the advantages of the corresponding method embodiments, which are not described herein.
Furthermore, although the operations of the methods of the present invention are depicted in the drawings in a particular order, this is not required or suggested that these operations must be performed in this particular order or that all of the illustrated operations must be performed in order to achieve desirable results. Rather, the steps depicted in the flowcharts may change the order of execution. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step to perform, and/or one step decomposed into multiple steps to perform.
It is to be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above-described embodiments, the various steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, may be implemented using any one or combination of the following techniques, as is well known in the art: discrete logic circuits having logic gates for implementing logic functions on data signals, application specific integrated circuits having suitable combinational logic gates, programmable Gate Arrays (PGAs), field Programmable Gate Arrays (FPGAs), and the like.
It should be noted that unless otherwise defined, technical or scientific terms used in the embodiments of the present invention should be given the ordinary meaning as understood by one of ordinary skill in the art to which the present invention belongs. The terms "first," "second," and the like, as used in embodiments of the present invention, do not denote any order, quantity, or importance, but rather are used to distinguish one element from another. The word "comprising" or "comprises", and the like, means that elements or items preceding the word are included in the element or item listed after the word and equivalents thereof, but does not exclude other elements or items. The terms "connected" or "connected," and the like, are not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. "upper", "lower", "left", "right", etc. are used merely to indicate relative positional relationships, which may also be changed when the absolute position of the object to be described is changed.
While the spirit and principles of the present invention have been described with reference to several particular embodiments, it is to be understood that the invention is not limited to the disclosed embodiments nor does it imply that features of the various aspects are not useful in combination, nor are they useful in any combination, such as for convenience of description. The invention is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims. The scope of the following claims is to be accorded the broadest interpretation so as to encompass all such modifications and equivalent structures and functions.

Claims (11)

1. The data processing method is characterized by being applied to a chip, wherein the chip comprises a security subsystem, a main system and a target memory, the security subsystem and the target memory are subjected to read-write access, and the main system and the target memory are subjected to read-write access;
The method comprises the following steps:
the security subsystem receives a data update request sent by the main system, and verifies whether the main system is trusted or not according to the data update request;
the security subsystem responds to the trust of the main system, receives data to be processed and a first check value sent by the main system, and writes the data to be processed and the first check value into the target memory;
The security subsystem checks the data to be processed according to a pre-stored data check key, generates a second check value and determines whether the first check value is matched with the second check value;
The security subsystem responds to the first check value and the second check value to be matched, and sends a data updating instruction to the main system; wherein the data update instruction is used for indicating that the data in the target memory has completed updating.
2. The data processing method of claim 1, wherein the security subsystem, after responding to the host system being trusted, further comprises:
and the security subsystem sends a trusted authentication result to the main system so that the main system obtains the data to be processed and the first check value according to the trusted authentication result.
3. The data processing method of claim 1, wherein the method further comprises:
And the security subsystem responds to the fact that the main system is not trusted, and terminates the process of writing the data to be processed and the first check value into a target memory.
4. The data processing method of claim 1, wherein before the security subsystem writes the data to be processed and the first check value to the target memory, the method further comprises:
the security subsystem marks the data state of the data in the target memory as an invalid state; wherein the invalid state is used for representing that the data in the target memory is forbidden to be executed or that part of functions are limited when being executed.
5. The data processing method of claim 1, wherein the security subsystem, in response to the first check value matching the second check value, further comprises:
The security subsystem marks the data state of the data in the target memory as a valid state; wherein the valid state is used to characterize that data in the target memory is allowed to be executed.
6. The data processing method of claim 1, wherein the method further comprises:
The security subsystem maintains the data state of the data in the target memory as an invalid state in response to the first check value not matching the second check value; wherein the invalid state is used for representing that the data in the target memory is forbidden to be executed or that part of functions are limited when being executed.
7. The data processing method of claim 1, wherein the method further comprises:
The main system responds to the determination of the starting information of the chip, and reads the data state of the data in the target memory;
the host system reads and executes data in the target memory in response to the data state in the target memory being a valid state.
8. The data processing method of claim 7, wherein the method further comprises:
the host system prohibits execution of the data in the target memory or executes a portion of the data in the target memory in response to the data state in the target memory being an invalid state.
9. The chip is characterized by comprising a security subsystem, a main system and a target memory, wherein the security subsystem performs read-write access with the target memory, and the main system performs read access with the target memory;
the security subsystem is configured to:
receiving a data updating request sent by the main system, and verifying whether the main system is trusted or not according to the data updating request;
Receiving data to be processed and a first check value sent by the main system in response to the trust of the main system, and writing the data to be processed and the first check value into the target memory;
Checking the data to be processed according to a pre-stored data checking key, generating a second checking value, and determining whether the first checking value is matched with the second checking value;
responsive to the first check value matching the second check value, sending a data update instruction to the host system; wherein the data update instruction is used for indicating that the data in the target memory has completed updating.
10. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of any one of claims 1 to 8 when the program is executed by the processor.
11. A computer readable storage medium storing computer instructions for causing the computer to perform the method of any one of claims 1 to 8.
CN202410453827.1A 2024-04-16 2024-04-16 Data processing method, chip, electronic device and storage medium Pending CN118051919A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410453827.1A CN118051919A (en) 2024-04-16 2024-04-16 Data processing method, chip, electronic device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410453827.1A CN118051919A (en) 2024-04-16 2024-04-16 Data processing method, chip, electronic device and storage medium

Publications (1)

Publication Number Publication Date
CN118051919A true CN118051919A (en) 2024-05-17

Family

ID=91046875

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410453827.1A Pending CN118051919A (en) 2024-04-16 2024-04-16 Data processing method, chip, electronic device and storage medium

Country Status (1)

Country Link
CN (1) CN118051919A (en)

Similar Documents

Publication Publication Date Title
US10915633B2 (en) Method and apparatus for device security verification utilizing a virtual trusted computing base
US9965268B2 (en) Method and apparatus for preventing software version rollback
US8533492B2 (en) Electronic device, key generation program, recording medium, and key generation method
US11455397B2 (en) Secure boot assist for devices, and related systems, methods and devices
JP4769608B2 (en) Information processing apparatus having start verification function
US20190253417A1 (en) Hardware device and authenticating method thereof
CN110990084B (en) Chip secure starting method and device, storage medium and terminal
EP2727040B1 (en) A secure hosted execution architecture
US20090193211A1 (en) Software authentication for computer systems
US11803366B2 (en) Firmware updating system and method
US9262631B2 (en) Embedded device and control method thereof
US11816202B2 (en) Run-time code execution validation
KR102324328B1 (en) security element
CN113626791A (en) Memory module authentication extensions
CN108363912B (en) Program code secret protection method and device
CN108345804B (en) Storage method and device in trusted computing environment
CN113226858A (en) Information processing apparatus
CN113162936B (en) Method and system for preventing abnormal dynamic analysis
CN118051919A (en) Data processing method, chip, electronic device and storage medium
CN113111336A (en) Authentication method based on security computer
US10691586B2 (en) Apparatus and method for software self-test
CN112118109A (en) Method and device for authenticating port of removable disk and removable disk
CN117610025B (en) Embedded operating system safety guiding method based on electric power intelligent terminal
WO2024078159A1 (en) Integrity measurement method and apparatus
CN117494232B (en) Method, device, system, storage medium and electronic equipment for executing firmware

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination