JP2006091967A - Information processor and debugging device - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an information processor for decoding and executing an encrypted program by storing cryptographic key information associated with a task to be executed by a microprocessor, and rewriting the cryptographic key information by a task switching program at the time of switching the task. <P>SOLUTION: This information processor is provided with a secret key holding part 5 for holding a secret key, an encrypted common key holding part 3 for holding a common key encrypted by a cryptographic key corresponding to the secret key corresponding to at least one task, a common key decoding part 4 for decoding the common key as an input by the secret key, an instruction decoding part 6 for decoding the program of the task by using the decoded common key when the common key corresponding to the task for performing instruction fetch 2 is held in the encrypted common holding part 3 and an instruction executing part 1 for fetching 2 and executing the program of the task from the instruction decoding part 6. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to an information processing apparatus and a debugging apparatus, and more particularly, to a microprocessor that executes an encrypted program while keeping it secret from other programs, and a debugging apparatus during program development of the microprocessor.

The conventional microprocessor associates the encryption key of the encrypted program with the address information of the encrypted program, holds the information related to the encryption key in the address translation device in association with the address, and the microprocessor stores the program. At the time of instruction fetch when executing the program, the encrypted program is decrypted using the encryption key associated with the address of the program (see, for example, Patent Document 1).
In addition, as a debugging device for a microprocessor that decrypts and executes an encrypted program, the debugging target device is encrypted for debugging in order to prevent the decrypted program from flowing on the debugging communication path. There is a method for decoding. (For example, refer to Patent Document 2).
JP 2001-230770 A JP 2003-140763 A

  However, in the configuration of the conventional information processing apparatus, since the encrypted program is decrypted and executed using the encryption key associated with the program address, the encryption key information is transmitted to the address conversion apparatus in addition to the address conversion information. Since it is necessary to decrypt the program by using the encryption key corresponding to the address of the instruction to be stored and fetched by the microprocessor, there is a problem that the address conversion means is required and the cost is increased.

  Further, even in the configuration of the above-described conventional debugging device, the program to be debugged is encrypted by using the encryption means for debugging for debugging, so that there is a problem that the cost similarly increases.

  The present invention has been made to solve the conventional problems as described above, and uses different encryption keys for each task without requiring address conversion means for decryption and encryption means for debugging. Another object of the present invention is to provide a low-cost information processing apparatus and debugging apparatus that can execute a plurality of encrypted programs.

  In order to solve the above problems, the present invention stores encryption key information associated with a task executed by a microprocessor, and is encrypted by rewriting the encryption key information by a task switching program at the time of task switching. The program is decrypted and executed.

Specifically, the information processing apparatus according to claim 1 of the present invention includes a secret key holding unit that holds a secret key and a common key encrypted with a public key corresponding to the secret key in at least one task. An encryption common key holding unit held corresponding to the encrypted common key, an encrypted common key held in the encryption common key holding unit, and a common key decryption unit for decrypting with the secret key; When the common key corresponding to the task to be performed is held in the encrypted common key holding unit, an instruction decryption unit that decrypts the program of the task using the decrypted common key, and the instruction decryption unit An instruction execution unit that fetches and executes the program of the task is provided.
This makes it possible to execute a program encrypted using a different encryption key for each task.

An information processing apparatus according to claim 2 of the present invention is the information processing apparatus according to claim 1, wherein at least the instruction execution unit has a supervisor state for executing a program for switching tasks, and the supervisor state In this case, the decoding unit does not decode the program.
As a result, in the supervisor mode for executing the program for performing normal task switching, the program can be executed without being encrypted.

The information processing device according to claim 3 of the present invention is the information processing device according to claim 1 or 2, wherein the plurality of encrypted common key holding units respectively holding the common keys of a plurality of tasks; A first task identification unit that holds a task number of a task to be executed, and the first task identification unit performs one encryption from the plurality of encrypted common key holding units based on the task number A common key holding unit is selected, and the common key decrypting unit receives the common key held in the selected encrypted common key holding unit and decrypts it with the secret key. .
As a result, since the common key held in the corresponding encrypted common key holding unit using the task number can be used, there is no need to reset the common key in the encrypted common key holding unit at the time of task switching.

The information processing apparatus according to claim 4 of the present invention is the information processing apparatus according to claim 3, wherein the plurality of contexts holding the processor state information of the plurality of tasks and the task number of the task being executed are A context switching unit that is set in a first task identification unit, wherein the plurality of encrypted common key holding units are contexts of the plurality of tasks, and the plurality of tasks switch the context to the context. It is characterized by being executed while being switched by a unit.
Accordingly, a plurality of encrypted programs can be decrypted and executed while switching without resetting the common key in the encrypted common key holding unit.

An information processing apparatus according to claim 5 of the present invention is the information processing apparatus according to claim 3, wherein a program storage unit that stores a program decoded by the instruction decoding unit, and a program stored in the program storage unit A program transfer unit for controlling transfer and a program transfer unit configured to transfer a program by the program transfer unit, and to select one common key from the plurality of encrypted common key storage units by holding a task number corresponding to the program The instruction execution unit fetches and executes a program from the program storage unit.
This makes it possible to decrypt and transfer an encrypted program of another task while executing one task.

An information processing apparatus according to a sixth aspect of the present invention is the information processing apparatus according to the third aspect, wherein a cache memory storing the program decoded by the instruction decoding unit and a transfer of the program to the cache memory are performed. An instruction cache including a cache controller to be controlled is provided, and the instruction execution unit fetches and executes a program from the instruction cache.
As a result, the instruction cache is used as the program storage unit, and the encrypted program can be decrypted when fetched into the instruction cache. Therefore, the encrypted program of the other task is executed while executing one task. Decryption transfer is possible.

The information processing apparatus according to claim 7 of the present invention is the information processing apparatus according to claim 5, wherein the common information input to the common key decryption unit when the program transfer unit transfers the program to the program storage unit. A separate encrypted common key storage unit for storing the key, wherein the program storage unit is arranged in an address space different from the address space of the encrypted program, and the program transfer unit is configured to execute a program transfer command It is characterized by being explicitly activated.
As a result, even in the case of program transfer from the external memory to the built-in memory having a different memory address, the encrypted program of the other task can be decrypted and transferred while executing one task.

A debugging device according to an eighth aspect of the present invention is a debugging device used in combination with the information processing device according to the first aspect, wherein the encrypted program storage address information corresponds to the above-mentioned information. Using the debug information holding unit for storing the common key, the storage address information of the encrypted program, and the corresponding decrypted common key, the encrypted program read from the information processing apparatus is decrypted. An instruction display unit for displaying an instruction is provided.
Thereby, debugging can be performed in the development of the encrypted program.

The debugging device according to claim 9 of the present invention is the debugging device according to claim 8, wherein the decrypted program is embedded with a breakpoint instruction, encrypted with the common key, and the encrypted program. The information processing apparatus includes an encryption unit that writes the program in a location where the program is stored.
As a result, the encrypted program can be debugged by simply setting or increasing breakpoints.

  According to the information processing apparatus of the first aspect of the present invention, the common key associated with the task to be executed is stored in the encryption common key holding unit, and the common key is rewritten when the task is switched. There is an effect that an encrypted program can be executed using each encryption key.

  According to the information processing apparatus according to claim 2 of the present invention, since the supervisor mode is set so that the decryption is not performed in the supervisor mode, the program for performing the task switching in the supervisor mode is not encrypted, and other than that By executing the encrypted program as the task, it is possible to easily set the encryption key for each task by the program operating in the supervisor mode.

  According to the information processing apparatus according to claim 3 of the present invention, the information processing apparatus includes a plurality of encryption common key holding units and a task identification unit that selects the encryption common key holding unit according to a task number to be executed. Since it is possible to switch without resetting encryption keys for a plurality of tasks, there is an effect that the time required for switching can be shortened.

  According to the information processing apparatus according to claim 4 of the present invention, even in an information processing apparatus that executes while switching the context of a plurality of tasks, it is possible to switch without resetting encryption keys for the plurality of tasks. The time required for switching can be shortened, and the encrypted program can be executed at a lower cost.

  According to the information processing apparatus according to claim 5 of the present invention, even in the information processing apparatus using the built-in memory, a different encryption key is used for each task by holding the decrypted program in the built-in program storage unit. In addition to being able to execute the encrypted program, the instruction execution time can be shortened.

  According to the information processing apparatus according to claim 6 of the present invention, even in the information processing apparatus using the instruction cache, the decrypted program is stored in the cache memory, thereby encrypting using a different encryption key for each task. In addition to executing the programmed program, there is an effect that the time for executing the instruction can be shortened.

  According to the information processing apparatus of the seventh aspect of the present invention, even in the case of program transfer from an external memory to a built-in memory having a different memory address, encryption is performed at a low cost while shortening the instruction execution time. There is an effect that the program can be executed.

  According to the debugging apparatus of the eighth aspect of the present invention, the debug information holding unit that stores the storage address information of the encrypted program and the corresponding common key, and the storage address information of the encrypted program And a command display unit that displays the command by decrypting the encrypted program read from the information processing apparatus using the corresponding decrypted common key, and therefore, a different encryption key for each task. When an encrypted program is executed, the program can be debugged at a low cost by displaying the instructions of the encrypted program.

  According to the debugging apparatus of the ninth aspect of the present invention, since the encryption unit for embedding the breakpoint instruction in the encrypted program is provided, the breakpoint instruction is inserted into the encrypted program, and the program By setting breakpoints in the program, it is possible to debug a program without requiring breakpoints to be set by expensive hardware.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

(Embodiment 1)
FIG. 1 is a block diagram showing a schematic configuration of the information processing apparatus according to Embodiment 1 of the present invention. As shown in the figure, the information processing apparatus according to the first embodiment holds an instruction execution unit 1 that executes an instruction, an instruction fetch unit 2 that reads an instruction and supplies the instruction to the instruction execution unit 1, and a common key. Encrypted common key holding unit 3, common key decrypting unit 4 for decrypting the common key held by the encrypted common key holding unit 3 using the secret key held in the secret key holding unit 5, and holding the secret key When the common key corresponding to the task that performs the instruction fetch and the secret key holding unit 5 that is to be fetched is held in the encrypted common key holding unit 3, the decrypted common key is used to decrypt the instruction and fetch the instruction The instruction decoding unit 6 for transferring to the unit 2 and a storage unit 7 for storing instructions and data.

  Here, the secret key holding unit 5 holds a predetermined secret key. In addition to holding the common key, the encrypted common key holding unit 3 sets information on whether or not the common key is held by instruction execution of the instruction execution unit 1. Further, the encrypted common key holding unit 3 is set to a state in which the common key is not held by reset. Further, when the common key is not set, the instruction decryption unit 6 transfers the instruction read from the storage unit 7 as it is to the instruction fetch unit 2 without performing the decryption process.

  The storage unit 7 stores a boot program and a program for each task. The program corresponding to each task is encrypted with each common key. The boot program holds a storage address of a program corresponding to a task, whether or not the program is encrypted, and a common key when the program is encrypted for each task. Here, the common key is encrypted using a public key corresponding to the secret key held in the secret key holding unit 5.

  Next, the operation of the information processing apparatus according to the first embodiment configured as described above will be described with reference to the flowchart of FIG.

In step S1, the instruction execution unit 1 executes the boot program after resetting.
In step S <b> 2, first, the boot program is read from the storage unit 7. At this time, after resetting, the encrypted common key holding unit 3 is initialized to a state in which the common key is not held, so that the boot program is executed as it is without being decrypted.
Specifically, the boot program executes a task in the procedure of steps S3 to S6.

In step S3, a task to be executed is determined from the contents held in the boot program based on the request from the instruction execution unit.
In step S4, it is checked whether or not the program of the task to be executed is encrypted. If it is encrypted, the process proceeds to step S5. If not, the process proceeds to step S6.

In step S5: the common key of the task to be executed held in the boot program is set in the encrypted common key holding unit 3, and the encrypted common key holding unit 3 is set in the state holding the common key. Then, the process proceeds to step S6.
In step S6, program control is transferred to the task start address.

  As described above, in the information processing apparatus according to the first embodiment, the secret key holding unit that holds the secret key, and the encryption that holds the common key encrypted by the public key corresponding to the secret key corresponding to the task. The common key holding unit, the common key decrypting unit that decrypts the encrypted common key held in the encrypted common key holding unit with the secret key, and the common key for the task performing the instruction fetch are in the encrypted common key holding unit And a command decryption unit that decrypts the program using the decrypted common key, and is encrypted using a different encryption key for each task by executing the program decrypted by the command decryption unit. Program can be executed.

(Embodiment 2)
The information processing apparatus according to the second embodiment of the present invention improves the problem that the information processing apparatus according to the first embodiment needs to start from a reset when performing different tasks. It explains using.

  FIG. 3 is a block diagram showing a schematic configuration of the information processing apparatus according to the second embodiment of the present invention. As shown in FIG. 3, the information processing apparatus according to the second embodiment is different from the first embodiment in that at least the execution state of the instruction execution unit 1 is a supervisor state for executing a program for switching tasks. The only difference is that a supervisor status display unit 101 is added. Other components are the same as those in the information processing apparatus (FIG. 1) of the first embodiment, and are denoted by the same reference numerals. Description is omitted.

  Here, the supervisor status display unit 101 inputs the status information to the encrypted common key holding unit 3, and the encrypted common key holding unit 3 receives the common key when the supervisor status display unit 101 indicates the supervisor status. It is configured to perform an operation equivalent to the state of not holding.

Next, the operation of the information processing apparatus according to the second embodiment configured as described above will be described with reference to the flowchart of FIG.
In step S1, the instruction execution unit 1 executes the boot program after resetting. At the same time, the execution state of the instruction execution unit 1 transitions to the supervisor state.

In step S <b> 2, first, the boot program is read from the storage unit 7. At this time, after resetting, the supervisor state display unit 101 indicates the supervisor state, and the encrypted common key holding unit 3 performs an operation equivalent to a state in which the common key is not held. The boot program is executed as it is without being decrypted.
Specifically, the boot program executes a task in the procedure of steps S3 to S6.

In step S3, a task to be executed is determined from the contents held in the boot program based on the request from the instruction execution unit.
In step S4, it is checked whether or not the program of the task to be executed is encrypted. If it is encrypted, the process proceeds to step S5. If not, the process proceeds to step S6.
In step S5: the common key of the task to be executed held in the boot program is set in the encrypted common key holding unit 3, and the encrypted common key holding unit 3 is set in the state holding the common key. Then, the process proceeds to step S6.

  In step S6, program control is transferred to the task start address. At the same time, the execution state of the instruction execution unit 1 transitions from the supervisor state to the non-supervisor state.

  If an interrupt is accepted while the program is being executed in the non-supervisor state, the state is changed to the supervisor state, and control is transferred to the interrupt vector in the boot program. When the control is transferred from the interrupt process to the interrupted task again, the control is transferred to the address interrupted by the interrupt and the control is shifted to the non-supervisor state. This is equivalent to a commonly performed interrupt process. However, when task switching is performed to return from interrupt processing, it is necessary to reset the task common key in the encrypted common key holding unit 3 by the above-described procedure for starting the task.

  Here, the task start address is the entry address of the task when the task is activated, but is the return address saved at the time of interruption when the task is returned.

  As described above, in the information processing apparatus according to the second embodiment, the supervisor state display unit 101 is added to the CPU 100 of the information processing apparatus according to the first embodiment. Therefore, the same effect as that of the first embodiment can be obtained. In addition, when the supervisor state display unit 101 indicates the supervisor state, the same operation as when the common key is not held in the encrypted common key holding unit 3 is performed, thereby setting the encryption key for each task. It can be easily executed as a program that operates in the supervisor mode, and an encrypted program using a common key that is different for each task can be executed without resetting.

(Embodiment 3)
The information processing apparatus according to the third embodiment of the present invention needs to update the contents of the encrypted common key holding unit at the time of task switching in the information processing apparatus according to the second embodiment. This is an improvement of the problem that it takes time for task switching when the amount of information in the holding unit is large, and will be described below with reference to the drawings.

  FIG. 5 is a block diagram showing a schematic configuration of the information processing apparatus according to Embodiment 3 of the present invention. In the figure, the same reference numerals as those in FIG. 3 denote the same or corresponding parts. As shown in FIG. 5, the information processing apparatus according to the third embodiment has a plurality of encrypted common key holding units 31, 32, and 33, and a first holding an identification number of a task being executed by the instruction execution unit 1. A common key is selected from the plurality of encrypted common key holding units 31, 32, and 33 according to the contents of the first task identification unit 102 and input to the common key decryption unit 4. It is configured. Other configurations are the same as those of the information processing apparatus (FIG. 3) according to the second embodiment described above, and the same or corresponding parts are denoted by the same reference numerals and description thereof is omitted.

Next, the operation of the information processing apparatus according to the third embodiment configured as described above will be described with reference to the flowchart of FIG.
In step S1, the instruction execution unit 1 executes the boot program after resetting. At the same time, the execution state of the instruction execution unit 1 transitions to the supervisor state.

In step S <b> 2, first, the boot program is read from the storage unit 7. At this time, after resetting, the supervisor state display unit 101 indicates the supervisor state, and the encrypted common key holding unit 3 performs an operation equivalent to a state in which the common key is not held. The boot program is executed as it is without being decrypted.
Specifically, the boot program executes a task in the procedure of steps S3 to S7.

  In step S3, a task number is determined for a plurality of tasks to be executed from the contents held in the boot program based on the request of the instruction execution unit, and for each task.

  In step S4, it is checked whether the programs of the plurality of tasks are encrypted. If it is encrypted, the common key of each task is set to the one corresponding to the task number determined in step S3 from among the encrypted common key holding units 31, 32, 33. Further, the corresponding encrypted common key part is set to a state where the common key is held.

In steps S5 and S6, a task to be executed is determined from a plurality of tasks, and the task number is set in the task identification unit 102.
In step S7, program control is transferred to the task start address. At the same time, the execution state of the instruction execution unit 1 transitions from the supervisor state to the non-supervisor state.

  However, at the time of task switching, if the task common key is set in the plurality of encrypted common key holding units 31, 32, 33, the task identification unit selects the task number for selecting the encrypted common key holding unit. The control is reset to 102 and control is transferred to the start address of the task.

  Thus, in the information processing apparatus according to the third embodiment, the configuration of the information processing apparatus according to the second embodiment is executed by the plurality of encrypted common key holding units 31, 32, and 33 and the instruction execution unit 1. Since the first task identification unit 102 that holds the identification number of the middle task is added, the same effect as that of the second embodiment can be obtained. When the common key information amount is large by selecting one common key from the plurality of encrypted common key holding units 31, 32 and 33 and inputting it to the common key decrypting unit 4, the common key holding unit shares By updating only the task number without updating the key, it is possible to execute an encrypted program using a common key that is different for each task when switching tasks, and the task switching time can be shortened. Can get That.

(Embodiment 4)
The information processing apparatus according to the fourth embodiment of the present invention has a problem that it takes time for task switching because it is necessary to save and restore context when switching tasks in the information processing apparatus according to the third embodiment. This will be described below with reference to the drawings.

  FIG. 7 is a block diagram showing a schematic configuration of the information processing apparatus according to Embodiment 4 of the present invention. In the figure, the same reference numerals as those in FIG. 5 denote the same or corresponding parts. As shown in FIG. 7, the information processing apparatus according to the fourth embodiment has the CPU 100 set a plurality of registers 11 corresponding to each of a plurality of tasks, that is, a plurality of contexts, and a task number of a task being executed as a first. A context switching unit 12 that is set in the task identification unit 102, and the context switching unit 12 is configured to execute a plurality of contexts while switching the plurality of contexts. Other configurations are the same as those of the information processing apparatus (FIG. 5) of the third embodiment described above, and the same or corresponding parts are denoted by the same reference numerals and description thereof is omitted.

Next, the operation of the information processing apparatus according to the fourth embodiment configured as described above will be described.
In the information processing apparatus according to the fourth embodiment, the processor state information used when returning the processor to a certain state is held in the register 11, and the task switching unit 12 performs the first task identification unit 102 at the time of task switching. By switching the task number held in step 1 to the task number being executed, the plurality of registers and the plurality of encrypted common key holding units that are also the contexts of the plurality of tasks are switched. As a result, a common key corresponding to the task being executed is selected from the plurality of encrypted common key holding units 31, 32, and 33, and decrypted by the common key decryption unit 4. The other operations of the information processing apparatus according to the fourth embodiment are the same as those of the information processing apparatus according to the third embodiment, and are omitted here.

  As described above, in the information processing apparatus according to the fourth embodiment, the configuration of the information processing apparatus according to the third embodiment is configured such that the plurality of registers 11 respectively corresponding to the plurality of tasks and the number of the task being executed are Since the context switching unit 12 to be set in one task identification unit 102 is added to the CPU 100 and the plurality of registers and the encrypted common key holding unit are switched by the context switching unit, a plurality of tasks are executed. As in the third embodiment, the program encrypted using the common key that is different for each task is executed at the time of task switching by updating only the task number without updating the common key of the encrypted common key holding unit. In addition, since it is not necessary to save and restore context when switching tasks, the time required for task switching can be further reduced. Kill.

(Embodiment 5)
In the information processing apparatus according to the fifth embodiment of the present invention, the instruction fetch is performed on the storage unit 7 in the information processing apparatus according to the third embodiment, and the decoding process by the instruction decoding unit 6 takes time. This problem is improved and will be described below with reference to the drawings.

  FIG. 8 is a block diagram showing a schematic configuration of the information processing apparatus according to Embodiment 5 of the present invention. In the figure, the same reference numerals as those in FIG. 5 denote the same or corresponding parts. As shown in FIG. 8, the information processing apparatus according to the fifth embodiment includes a program storage unit 8 for storing a program read from the storage unit 7 and decoded by the instruction decoding unit 6, and a program storage from the storage unit 7. A program transfer unit 9 that controls the transfer of the program to the unit 8 via the instruction decryption unit 6, and one common from the plurality of encrypted common key holding units 31, 32, 33 when the program transfer unit 9 transfers the program A second task identification unit 103 for selecting a key is newly provided. Other configurations are the same as those of the information processing apparatus (FIG. 5) of the third embodiment described above, and the same or corresponding parts are denoted by the same reference numerals and description thereof is omitted.

Next, the operation of the information processing apparatus according to the fifth embodiment configured as described above will be described. Here, the description will focus on parts that differ from the operation of the information processing apparatus according to the third embodiment.
In the fifth embodiment, when the instruction fetch unit 2 reads a program from the storage unit 7 without going through the program storage unit 8, the plurality of encrypted common key holding units 31, 32, and 33 The first task identification unit 102 is selected and operates as an input. That is, the same operation as the information processing apparatus of the third embodiment is performed.

  When the instruction fetch unit 2 reads a program from the program storage unit 8, the operation of the apparatus is performed in two stages. In the first stage, the program transfer unit 9 transfers the program from the storage unit 7 to the program storage unit 8 through the instruction decryption unit 6, and at this time, the plurality of encryption common units 31, 32, and 33 The task identification unit 103 is selected and operates as an input. In the second stage, the instruction fetch unit 2 reads the program from the program storage unit 8 and executes it. At this time, since the program has already been decoded by the instruction decoding unit 6, it is directly executed without decoding. Therefore, it is possible to transfer a program of a task different from the task being executed by the CPU 100.

  Whether the instruction fetch unit 2 reads an instruction from the storage unit 7 or reads an instruction from the program storage unit 8 can be distinguished by, for example, a program address.

  The setting of the second task identification unit 103 and the setting and activation of the program transfer unit 9 can be performed by executing a program of the CPU 100. However, the present invention is not limited to this, and an external host CPU These settings and activation may be performed.

  The program transfer unit 9 includes a separate encrypted common key storage unit that stores a common key when the program is transferred to the program storage unit 8. The program storage unit 8 has an address different from the address space of the storage unit 7. When it is arranged in a space and the program transfer unit 9 is configured to be explicitly activated by a program transfer instruction, the same effect can be obtained even when the program is transferred from an external memory to a built-in memory having a different memory address. Therefore, the encrypted program can be executed at a low cost.

  Further, as shown in FIG. 9, it is possible to adopt a configuration in which the instruction fetch unit 2 decodes the program read from the storage unit 7 by the instruction decoding unit 6 and stores the program in the cache memory of the instruction cache 400. .

  Furthermore, it is possible to adopt a configuration in which the configuration using the instruction cache 400 shown in FIG. 9 and the configuration using the program storage unit 8 shown in FIG. 8 are combined.

  Since the program storage unit 8 and the instruction cache 400 permit only reading from the instruction fetch unit 2, it is clear that the confidentiality of the encrypted program is robust.

  As described above, in the information processing apparatus according to the fifth embodiment, the program storage unit 8 that stores the decrypted program, the program transfer unit 9 that controls the transfer of the decrypted program, and a plurality of units when performing the transfer. And a second task identification unit 103 for selecting one common key from the encrypted common key holding unit, and when the command is encrypted, the command is decrypted and stored in the program storage unit 8 to Since the CPU 100 can read the decrypted program from the program storage unit 8 and execute it immediately, there is an effect that the execution of the program becomes faster.

  Further, even if the instruction cache 400 is provided and the decrypted program is held in the cache memory, similarly, if the instruction is encrypted, it is decrypted in advance and stored in the cache memory. When executing the instruction, the CPU 100 can read the decrypted program from the cache memory and execute it immediately, so that the execution of the program is accelerated.

(Embodiment 6)
FIG. 10 is a block diagram showing a schematic configuration of the debugging device according to the sixth embodiment.
In FIG. 10, the information processing apparatus 200 performs the operation described in the first embodiment. Further, 301 is a program address read from the information processing apparatus 200 and stopped for program debugging, 302 is read from a storage unit that holds an encrypted program in the information processing apparatus 200, and 303 is An instruction display unit 304 for displaying a program to be debugged is a debug information holding unit including storage address information of a program to be debugged and common key information of the program stored at the storage address of the program.

Next, the operation of the debugging device according to the sixth embodiment configured as described above will be described.
The instruction display unit 303 receives the stop address 301 of the program stopped for debugging, and determines whether the stop address 301 is within the range indicated by the storage address of the program stored in the debug information holding unit 304 To do.

  If there is no corresponding program storage address information within the above range, the instruction display unit 303 newly reads and holds the stop address 301 and the read 302 including the peripheral program from the information processing apparatus 200, and makes it necessary. In response, display such as disassembly is performed. If there is corresponding program storage address information, the stop address 301 from the information processing apparatus 200 and the read 302 including the peripheral program are extracted from the instruction display unit 303 and correspond to the corresponding storage address information. By using the common key information, the encrypted program around the stop address 301 is decrypted, and if necessary, processing such as disassembly is performed and displayed.

  As described above, in the debugging device according to the sixth embodiment, the instruction display unit 303 that displays the program to be debugged, the storage address information of the program to be debugged, and the common key information of the program stored at the storage address The debug information holding unit 304 that holds the encrypted program storage address and the corresponding common key information are set in advance in the debug information holding unit 304 of the debugging device. It is possible to decrypt the program, thereby displaying the program correctly and debugging the program.

(Embodiment 7)
The debugging device according to the seventh embodiment of the present invention is such that a breakpoint instruction can be embedded in an encrypted program with respect to the debugging device according to the sixth embodiment. I will explain.

FIG. 11 is a block diagram showing a schematic configuration of the debugging device according to the seventh embodiment.
As shown in FIG. 11, the debugging device according to the seventh embodiment is different from the sixth embodiment in that an encryption unit 305 that writes a program in a program storage unit in the information processing apparatus 200 is newly provided. The other components are the same as those of the debugging device (FIG. 10) according to the sixth embodiment, and are denoted by the same reference numerals, and the description thereof is omitted.

  Next, the operation of the debugging device according to the seventh embodiment configured as described above will be described. Here, the description will focus on parts that are different from the operation of the debugging device according to the sixth embodiment.

  It is determined whether the address at which the breakpoint instruction is embedded for debugging is within the range indicated by the storage address of the program stored in the debug information holding unit 304.

  If there is no corresponding program storage address information, the encryption unit 305 writes a breakpoint command at the address to the program storage unit in the information processing apparatus via the output line 306. If there is corresponding program storage address information, the breakpoint command is encrypted using the common key information corresponding to the corresponding storage address information, and written to the program storage unit via the output line 306 at that address. .

  As described above, in the debugging device according to the seventh embodiment, the encryption unit 305 that embeds the breakpoint instruction in the program storage unit in the information processing device is added to the configuration of the debugging device of the sixth embodiment. Therefore, if the storage address of the encrypted program and its common key information are set in the debug device, it is possible to write a breakpoint instruction correctly, and the program can be written without expensive hardware breakpoints. Debugging can be enabled.

  The information processing apparatus according to the present invention has a function of executing a plurality of encrypted programs using an encryption key for each task, and is useful as a digital information processing apparatus that requires copyright protection.

1 is a block diagram illustrating a schematic configuration of an information processing apparatus according to Embodiment 1. FIG. It is a flowchart explaining operation | movement of the information processing apparatus of the said Embodiment 1. FIG. 6 is a block diagram illustrating a schematic configuration of an information processing apparatus according to Embodiment 2. FIG. It is a flowchart explaining operation | movement of the information processing apparatus of the said Embodiment 2. FIG. FIG. 10 is a block diagram illustrating a schematic configuration of an information processing device according to a third embodiment. It is a flowchart explaining operation | movement of the information processing apparatus of the said Embodiment 3. FIG. FIG. 10 is a block diagram illustrating a schematic configuration of an information processing device according to a fourth embodiment. FIG. 10 is a block diagram illustrating a schematic configuration of an information processing device according to a fifth embodiment. FIG. 10 is a block diagram showing another schematic configuration of the information processing apparatus according to the fifth embodiment. It is a block diagram which shows schematic structure of the debugging apparatus by Embodiment 6. FIG. FIG. 20 is a block diagram illustrating a schematic configuration of a debugging device according to a seventh embodiment.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Instruction execution part 2 Instruction fetch part 3, 31, 32, 33, 300 Encryption common key holding part 4 Common key decryption part 5 Secret key holding part 6 Instruction decryption part 7 Storage part 8 Program storage part 11 Register 12 Context switching part 100 CPU
101 Supervisor State 102 First Task Identification Unit 103 Second Task Identification Unit 303 Instruction Display Unit 304 Debug Information Holding Unit 305 Encryption Unit 400 Instruction Cache

Claims (9)

A secret key holding unit for holding a secret key;
An encrypted common key holding unit that holds a common key encrypted with a public key corresponding to the secret key, corresponding to at least one task;
A common key decryption unit that receives an encrypted common key held in the encrypted common key holding unit as input and decrypts it with the secret key;
An instruction decryption unit that decrypts a program of the task using the decrypted common key when the common key corresponding to the task performing the instruction fetch is held in the encrypted common key holding unit;
An instruction execution unit that fetches and executes the program of the task from the instruction decoding unit,
An information processing apparatus characterized by that. The information processing apparatus according to claim 1,
At least the instruction execution unit has a supervisor state for executing a program for switching tasks,
When in the supervisor state, the decoding unit does not decode the program.
An information processing apparatus characterized by that. The information processing apparatus according to claim 1 or 2,
A plurality of the above-mentioned encrypted common key holding units each holding a common key of a plurality of tasks;
A first task identification unit that holds a task number of a task to be executed,
The first task identification unit selects one encrypted common key holding unit from the plurality of encrypted common key holding units based on the task number,
The common key decryption unit receives the common key held in the selected encrypted common key holding unit, and decrypts with the secret key.
An information processing apparatus characterized by that. The information processing apparatus according to claim 3.
A plurality of contexts holding processor state information of the plurality of tasks;
A context switching unit that sets the task number of the task being executed in the first task identification unit,
The plurality of encrypted common key holding units are contexts of the plurality of tasks,
The plurality of tasks are executed while the context is switched by the context switching unit.
An information processing apparatus characterized by that. The information processing apparatus according to claim 3.
A program storage unit for storing the program decoded by the instruction decoding unit;
A program transfer unit for controlling transfer of the program to the program storage unit;
A second task identification unit that holds a task number corresponding to the program and selects one common key from the plurality of encrypted common key holding units when transferring the program by the program transfer unit;
The instruction execution unit fetches and executes a program from the program storage unit.
An information processing apparatus characterized by that. The information processing apparatus according to claim 3.
An instruction cache comprising a cache memory for storing a program decoded by the instruction decoding unit, and a cache controller for controlling transfer of the program to the cache memory;
The instruction execution unit fetches and executes a program from the instruction cache;
An information processing apparatus characterized by that. The information processing apparatus according to claim 5,
A separate encrypted common key storage unit that stores a common key to be input to the common key decryption unit when the program transfer unit transfers the program to the program storage unit;
The program storage unit is arranged in an address space different from the address space of the encrypted program,
The program transfer unit is explicitly activated by a program transfer instruction.
An information processing apparatus characterized by that. A debugging device used in combination with the information processing device according to claim 1,
A debug information holding unit for storing the storage address information of the encrypted program and the corresponding common key;
A command display unit that decrypts the encrypted program read from the information processing device and displays a command using the storage address information of the encrypted program and the corresponding decrypted common key. ,
A debugging device characterized by that. The debugging device according to claim 8, wherein
An encryption unit that embeds a breakpoint instruction in the decrypted program, performs encryption with the common key, and writes the encrypted program to the location where the program of the information processing apparatus was stored;
A debugging device characterized by that.

Images