JP2008217579A - Microcontroller - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a microcontroller capable of sufficiently securing secrecy of an encrypted program. <P>SOLUTION: The microcontroller is provided with a memory 12 for storing an encrypted program and a CPU 11 for executing the program read from the memory through a first route. It is provided with a decoding block 13 having a register for reading decoding information to be used to decode the encrypted program through a second route different from the first signal route and holding it so that it cannot be read physically from the CPU 11. The decoding block 13 uses the decoding information held in the register to decode the encrypted program read from the memory through the first route. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a microcontroller in which at least a part of a program is encrypted and stored in a memory so that the contents of the program are not known to a third party.

  As a microcontroller that executes a given program, at least a part of the program is encrypted, and decryption information such as a key and other numerical information (including encryption start address, end address, etc.) necessary for decrypting the encrypted program In addition, a configuration for storing the entire program in a memory has been proposed. In this case, when the encryption program area is accessed, decryption is performed using the decryption information stored in the same memory, and decryption program data is output to the CPU (see, for example, Patent Document 1). Thus, in the conventional concealment mechanism, the decryption information is recorded in advance in a memory on the same chip as the CPU and used.

In addition, the secret key is stored in the key management unit in the processor chip, and first, the distribution key obtained by encrypting the instruction key necessary for decrypting the program with the public key is received from the external memory via the external bus interface. A configuration has been proposed in which an instruction key obtained by decrypting the distribution key with the secret key is held in a key table of a key management unit. In this case, after notifying the completion of key registration to the processor core, the program is received via the external bus interface and decrypted using the instruction key (see, for example, Patent Document 2).
JP 2004-023351 A JP 2002-232417 A

  However, in the former, since the decoding information is recorded in the memory in advance, if the memory chip (or the chip in the case where the CPU and the memory are made into one chip) is obtained, the decoding information can be decoded. Information confidentiality is easily lost. Once confidentiality is lost, the contents of the encryption program can be easily known to a third party. In particular, when the memory is a device that can observe “0” and “1” by using a microscope, such as a mask ROM, the decoding is easy. Therefore, in a microcomputer system in which important information such as personal information such as an IC card is accumulated, there is a possibility that it may lead to an illegal act such as data modification. Therefore, when important information is leaked, it is necessary to replace the chip itself with a new one, and the loss of time and cost is significant.

  Even in the latter, the encryption program and the distribution key obtained by encrypting the instruction key necessary for the decryption with the public key are on the same memory, so the processor chip and the memory chip (both are made into one chip). If the chip is obtained, the distribution key on the memory chip can be decrypted using the secret key decrypted from the processor chip, and the encrypted program can be decrypted with the obtained instruction key. .

  An object of the present invention is to provide a format for fetching decryption information necessary for decrypting an encryption program from the outside, and making the decryption information fetched unreadable by the CPU, so that the encryption program is confidential. It is an object of the present invention to provide a microcontroller that can sufficiently ensure the above.

In order to achieve the above object, a microcontroller according to a first aspect of the present invention executes a memory in which at least a part of a program is stored as an encrypted program and the program read from the memory through a first path. In a microcontroller including a CPU, decryption information used for decrypting the encryption program is read through a second path different from the first signal path and cannot be physically read from the CPU. A decryption block having storage means for holding, the decryption block decrypting the encryption program read from the memory through the first path using the decryption information held in the storage means, It supplies to CPU.
According to a second aspect of the present invention, in the microcontroller according to the first aspect, when the storage of the decoding information in the storage means is completed, a notification circuit that generates a decoding preparation completion signal readable from the CPU Is further provided.
According to a third aspect of the invention, in the microcontroller according to the first or second aspect, the host connected through the second path is requested to transmit the decoding information, and the decoding information is sent from the host to the host. Is received and sent to the decoding block, and the decoding information in the interface circuit is physically unreadable from the CPU.
According to a fourth aspect of the present invention, in the microcontroller according to any one of the first to third aspects, the encryption program is divided and stored in each of a plurality of areas of the memory, and the decryption information is stored in the microcontroller. , Area decryption information used for decrypting the encrypted program stored in each of the plurality of areas of the memory, and area identification information for identifying each area, the storage means, An area decoding information storage unit that holds the area decoding information for each of a plurality of areas, and an area identification information storage unit that holds the area identification information for designating each of the plurality of areas.
According to a fifth aspect of the present invention, in the microcontroller according to any one of the first to fourth aspects, the memory is provided in the same semiconductor integrated circuit as the CPU, and the second path is It is a path through an external terminal for receiving a signal from outside the semiconductor integrated circuit.

  According to the present invention, the second signal path different from the first signal path between the CPU and the memory storing the program is sent from the outside of the microcontroller to the decryption information necessary for decrypting the encrypted program. Since the encrypted program is decrypted, the confidentiality of the encrypted program is ensured.

  FIG. 1 is a block diagram showing the configuration of a microcontroller according to one embodiment of the present invention. The microcontroller 10 includes a CPU 11 that executes a program, a memory 12 that stores a partially encrypted program, a decryption block 13 that decrypts an encrypted program in the program in the memory 12, and an external terminal through an external terminal. An interface circuit 14 that communicates with the host 20 and a decoding preparation completion flag circuit 15 that sets a flag when the decoding preparation in the decoding block 13 is completed are provided. The host 20 is composed of an externally connected personal computer or the like that supplies decoded data to the microcontroller 10. The memory 12 also stores a “decryption preparation procedure” program.

  The signal path between the CPU 11 and the memory 12 corresponds to the “first signal path” in the claims, and the signal path between the interface circuit 14 and the host circuit 20 is the “second signal path” in the claims. The decoding preparation completion flag circuit 15 corresponds to “notification circuit” in the claims.

  The CPU 11 transmits a read signal RD, a write signal WR, a data signal DATAO, an address signal ADR, and the like to the memory 12, and decodes the decoding preparation completion flag from the decoding preparation completion flag circuit 15 and the decoding block 13. Data is captured, but data communication with the interface circuit 14 is impossible.

  The memory 12 includes an area for a desired program to be executed. This area is divided into an unencrypted program area and an encrypted program area, and the encrypted program area is divided into m areas.

  As shown in FIG. 2, the decoding block 13 includes a region selection circuit 131 and a decoding circuit 132, and operates when the select signal CS1 input from the interface circuit 14 is enabled. As shown in FIG. 3, the area selection circuit 131 includes m “decoding data registers 1” to “decoding data” for storing decryption data for decrypting the data of the encryption program in the memory 12. A data register group 1311 composed of the register m ”, a multiplexer 1312 for selecting one decryption data from the data“ 0 ”of the data register group 1311 and the encryption of the memory 12 Area identification address register group 1313 composed of m “area identification address register 1” to “area identification address register m” indicating the address range of m areas in which the data of the program is stored, and the CPU 11 to the memory 12 The current address ADR to be input is any “region identification address register” in the region identification address register group 1313. By either included in the address "and a determining area determination circuit 1314 the area of the current address ADR.

  Then, the multiplexer 1312 selects one data in the decoding data register 1311 as the decoding data SEL_CODE in accordance with the area identified by the area determination circuit 1314. On the other hand, if the area is not determined by the area determination circuit 1314, the data “0” is selected as the decryption data SEL_CODE, assuming that the current address ADR is the address of the data area of the non-encrypted program.

  As shown in FIG. 4, the decoding circuit 132 of the decoding block 13 includes the number of XOR circuits 1321 corresponding to the number of bits of the data of the desired program, and the XOR circuits 1321 for each bit are read from the memory 12. Each bit value of the program data DATAI (encrypted data and non-encrypted data) and each bit value of the decryption data SEL_CODE (including data “0”) output from the area selection circuit 131 are input. Thus, decrypted data CPU_DATAI to be transmitted to the CPU 11 is generated.

  The interface circuit 14 includes a UART represented by RS232C, and requests / acquires information on an area of the memory 12 in which the encrypted program data is stored, and decrypts the encrypted program data. Requesting / acquiring data for decryption. That is, the host 20 requests / acquires decryption information.

  As shown in FIG. 5, the decoding preparation completion flag circuit 15 includes a multiplexer 151 and a flip-flop 152. When the hardware reset signal HW_RESETN is “1” and the reset is released, the flip-flop 152 has the write signal WR and the select signal CS2 transmitted from the interface circuit 14 become “1”, that is, is enabled. As a result, “1” is set, the flag “1” is set, and the CPU 11 is notified of the completion of decoding preparation.

  Next, the pre-preparation procedure operation for program execution of the microcontroller 10 of this embodiment will be described according to the flowchart of “decoding preparation procedure” of FIG. In this embodiment, the IF circuit 14 executes a “decoding preparation procedure” independently of the CPU 11.

  When the hardware reset is released, the interface circuit 14 makes a “region information request” to the connected host 20 (step S1). However, at this time, the CPU 11 is configured to keep resetting or to always poll for the “decoding preparation completion flag” being set.

  In response to the “area information request” from the interface circuit 14, the host 20 transmits the number m of areas indicating how many areas in the memory 12 are to be used (step S2). The interface circuit 14 receives this, sets the area number m in the “area number register” (not shown) in the area selection circuit 131, and shifts to “area identification address setting procedure”. During the “area identification address setting procedure” and the “decoding data setting procedure” described later, the write signal WR and the select signal CS1 are enabled, that is, “1”.

  The interface circuit 14 sets the area identification address to i = 0 (step S3), and then makes a request for “area identification address 1” to the host 20 (step S4). Here, for example, a range of areas is designated by designating the upper few bits of the address. The host 20 transmits “region identification address 1” (step S5). When the interface circuit 14 receives this, the host circuit 14 receives the address value of the upper several bits as “region identification address” of the region identification address register group 1313 in the region selection circuit 131. Set to register 1 ". Thereafter, the procedure for setting the address value in the area identification address register group 1313 is repeated for the number m of areas received in advance (steps S6 and S7). For example, if the number of areas m is 2, the setting procedure of the area identification address register group 1313 is performed twice and is finished.

  Thereafter, the interface circuit 14 proceeds to “decoding data setting procedure”. The interface circuit 14 sets the decryption data to i = 0 (step S8), and then requests the decryption data from the host 20 (step S9). In response to this request, the host 20 transmits the decryption data 1 (step S10). The interface circuit 20 receives the request and sets the value in the “decryption data register 1” in the decryption data register 1311. To do. This procedure is repeated for the number of “areas m” set in advance (steps S11 and S12). When this “decoded data setting procedure” is completed, the select signal CS2 is set to “1”, and a decoding preparation completion flag is set. The flag of the circuit 15 is set to “1” (step S13).

  The contents of the registers in the decoding data register group 1311 of the decoding block 13 and the contents of the registers in the area identification address register group 1313 set by the above procedure cannot be read from the CPU 11. The flag of the decryption preparation completion flag circuit 15 can be read from the CPU 11.

  When the CPU 11 confirms that the flag “1” is set in the decryption preparation completion flag circuit 15, the unencrypted program in the memory 12 passes through the decryption block 13 as it is, and the encrypted program is decrypted by the decryption block 13. Each is loaded into the CPU 11 and the program is executed.

  In other words, when the program is executed, according to the designation of the address ADR of the memory 12, the confirmation of the coincidence between the upper address and the value of the address of the area identification address register group 1313 set in advance is performed. The area determination circuit 1314 in FIG. When the upper address matches the address value of “area identification address register 1”, the area determination circuit 1314 causes the multiplexer 1314 to select “decoding data register 1” in the decoding data register group 1311. The decoding data stored there is output to the decoding circuit 132. Similarly, when the upper address matches the address value of “region identification address register 2”, “decoding data register 2” is selected and the decoding data stored therein is output to decoding circuit 132. To do. If the upper address does not match any of the address values of “area identification address register 1” to “area identification address register m” in area identification address register group 1313, data “0” is selected and decoded. Output to the circuit 132. As described above, the program data read from the memory 12 is stored in the CPU 11 by being decrypted and fetched by the decryption circuit 132, and unencrypted by the programmer 11 as it is. It is possible to perform the operation that has been performed.

  From the above, according to the microcontroller of this embodiment, the decoding block 13 holds the decoding information (decoding data and area identification address) so that it cannot be physically read from the CPU 11. That is, there is no physical path through which the CPU 11 can read the decryption information held in the decryption block 13. Specifically, although there is a path for the CPU 11 to fetch the program data decoded by the decoding circuit 132 between the CPU 11 and the decoding block 13, the decoding information held in the decoding block 13 can be read out. There is no possible route. Similarly, the decryption information temporarily existing in the interface circuit 14 cannot be physically read by the CPU 11. For this reason, even if the software debugging device is connected to the microcontroller 10, the decoding data and the area identification address existing in the interface circuit 14 and the decoding block 13, that is, the decoding information cannot be read out to the outside. The confidentiality of the decryption information is increased.

  In the above embodiment, as decryption information received from the external host 20, key data is received instead of decryption data, and the decryption block 13 uses this to separately perform processing by a decryption algorithm, and finally Alternatively, data corresponding to the decoding data may be generated and used for decoding.

  Each register in the area selection circuit 131 can be replaced by other storage means such as a nonvolatile memory. When using a non-volatile memory, it is beneficial that the “decryption preparation procedure” need not be executed every time the power is turned on.

  Further, the area identification address register group 1313 can divide the area more finely by designating each area by designating the start address and the end address instead of designating the upper address, and the confidentiality of the decryption information is improved. Become more advanced. Further, the CPU 11 may be interposed in the execution of the “decoding preparation procedure”. However, the CPU 11 is configured so that the decoding information cannot be physically read from the IF circuit 14.

It is a block diagram which shows the structure of the microcontroller of the Example of this invention. It is a block diagram which shows the structure of the decoding block in the microcontroller of FIG. FIG. 3 is a block diagram showing a configuration of a region selection circuit in the decoding block of FIG. 2. FIG. 3 is a block diagram showing a configuration of a decoding circuit in the decoding block of FIG. 2. FIG. 2 is a block diagram showing a configuration of a decoding preparation completion flag circuit in the microcontroller of FIG. 1. It is a flowchart of a process of a decoding preparation procedure.

Explanation of symbols

10: Microcontroller 11: CPU
12: Memory 13: Decoding block 131: Region selection circuit 132: Decoding circuit 14: Interface circuit 15: Decoding preparation completion flag circuit 20: Host

Claims (5)

In a microcontroller comprising a memory in which at least a part of the program is stored as an encrypted program, and a CPU that executes the program read from the memory through a first path,
A decryption block having storage means for reading decryption information used for decrypting the encryption program through a second path different from the first signal path and physically retaining the decryption information from the CPU. The decryption block decrypts the encrypted program read from the memory through the first path using the decryption information held in the storage means, and supplies the decrypted program to the CPU. A microcontroller to do.   2. The microcontroller according to claim 1, further comprising a notification circuit that generates a decoding preparation completion signal readable from the CPU when the storage of the decoding information in the storage unit is completed.   An interface circuit that requests the host connected through the second path to transmit the decoding information, receives the decoding information from the host, and sends the decoding information to the decoding block; 3. The microcontroller according to claim 1, wherein the decryption information is not physically readable from the CPU. The encryption program is divided and stored in each of the plurality of areas of the memory,
The decryption information includes region decryption information used for decrypting the encryption program stored in each of the plurality of regions of the memory, and region identification information for identifying the respective regions;
The storage means includes area decoding information storage means for holding the area decoding information for each of the plurality of areas, and area identification information storage means for holding the area identification information for designating each of the plurality of areas. The microcontroller according to any one of claims 1 to 3.   The memory is provided in the same semiconductor integrated circuit as the CPU, and the second path is a path through an external terminal for receiving a signal from outside the semiconductor integrated circuit. The microcontroller according to any one of 1 to 4.

Images