CN110765477A - Target program data anti-theft method used in ARM + FPGA architecture - Google Patents

Abstract

The invention discloses a method for preventing target program data from being stolen in an ARM + FPGA architecture, which effectively protects target data of a general non-encrypted chip FPGA1 by means of encrypting and storing a target program of a non-encrypted chip FPGA1 through an encrypted chip FPGA 2. The ARM chip and the FPGA2 encryption chip are both stored after being encrypted, and meanwhile, target program read-back is not supported. During software operation, the ARM processor and the FPGA1 need mutual authorization verification to work normally, otherwise, the ARM processor and the FPGA1 enter a reset state respectively. From the aspect of integral anti-imitation difficulty, the possibility that the product module is imitated in reverse engineering can be effectively reduced, and the protection capability of own product intellectual property is improved.

Description

Target program data anti-theft method used in ARM + FPGA architecture

Technical Field

The invention belongs to the field of data transmission, and particularly relates to a target program data anti-theft method for an ARM + FPGA architecture.

Background

In commercial and military environments where competition is becoming increasingly intense, design safety is a crucial consideration for digital designers. With the development of integrated circuit technology, the processing architecture of MCU + FPGA has become the mainstream design architecture of hardware, and FPGA plays an increasingly important role in larger and more critical system components, and the design and configuration data used by FPGA represents an important part of intellectual property in the whole system. How to effectively protect intellectual property rights from illegal copying, reverse engineering and tampering is also increasingly important.

The security of the FPGA includes two types of design security and data security. Design security refers to the confidentiality of design intent, design files and related bitstream files, preventing the design from being cloned, tampered, pirated, forged, etc., i.e., intellectual property protection. Data security refers to the security of data managed by a device, i.e., the security of information stored, processed, and transmitted by the FPGA in a terminal application. Therefore, the security of the design itself should be guaranteed, otherwise the security of the data managed by the device is not mentioned.

Today, FPGAs provide various advanced security functions, and device manufacturers have security feature design chips. Taking Altera as an example, the FPGA supports 40-nm and 28-nm technologies, and the design security features thereof can ensure protection of the design from illegal copying, reverse engineering, and tampering of configuration files. Volatile and non-volatile key storage characteristics are supported for the encryption type FPGA. Volatile keys require a battery to store and update the keys, while non-volatile key storage only supports programming one key, without requiring a battery. When using the design security features, the keys are stored in the FPGA. According to different security modes, the FPGA can be configured through the configuration file encrypted by using the same secret key. For an encryption type FPGA, a 256-bit secret key and an Advanced Encryption Standard (AES) algorithm (an industry standard encryption algorithm) are used for configuring a bit stream, and a special decryption module is embedded in the FPGA, so that the safety design guarantee is achieved.

In the MCU + FPGA architecture, if a non-encryption type FPGA device based on an SRAM is selected, the configuration data in the SRAM is lost after power failure, and the internal logic relation of the FPGA disappears, so that an external configuration device is needed, the configuration data is read into the on-chip SRAM when the SRAM is powered on, under the condition of no bit stream encryption, the bit stream of the configuration data is exposed outside in the power-on configuration stage, the IP contained in the configuration data is not protected completely, pirates can intercept and acquire new code streams, and the code streams are fragile in terms of safety and more likely to cause serious consequences in the national and military safety fields.

In recent military market, a new data anti-theft method is needed to solve the problems that products are illegally copied by users and chip target programs in core modules are stolen.

Disclosure of Invention

The invention aims to overcome the defects of the prior art and provides a target program data anti-theft method for an ARM + FPGA architecture, which improves the data storage safety and the confidentiality of a key circuit on the whole, and particularly focuses on protecting target data of a non-encrypted FPGA chip.

The purpose of the invention is realized by the following technical scheme:

a target program data anti-theft method used in an ARM + FPGA architecture, wherein the ARM + FPGA architecture at least comprises 1 encrypted ARM processor, 1 general purpose unencrypted FPGA1 chip and 1 encrypted FPGA2 chip, and the target program data anti-theft method at least comprises the following steps:

s1: the ARM processor is used for controlling to obtain the KEY KEY data and storing the KEY KEY data in an external Flash memory, and then the ARM processor is used for reading the KEY KEY data from the Flash and transmitting the KEY KEY data to the FPGA2 chip;

s2: the FPGA1 target program acquires a V000.rbf bit stream file of the original target program of the FPGA1, and transmits the V000.rbf bit stream file of the original target program of the FPGA1 to the FPGA2 through an RS232 circuit;

s3: the FPGA2 encrypts V000.rbf bit stream data by using KEY data and a block encryption algorithm, and an encrypted FPGA1 target program is the V001.rbf bit stream data and is stored in a configuration chip of the FPGA 1;

s4: the FPGA2 chip applies the V001.rbf bit stream data, decrypts and calculates V000.rbf based on the KEY data and a corresponding decryption algorithm, and configures an FPGA1 chip on line;

s5: after the FPGA1 chip is normally started, a communication mechanism is arranged between the ARM chip and the FPGA1 chip for authentication and authorization, and the ARM chip and the FPGA1 chip respectively enter a working state after the authorization passes; when authorization is not passed, ARM, FPGA1 each enter a reset state.

According to a preferred embodiment, the step S1 specifically includes:

s11: the ARM processor receives and verifies the load of external KEY data according to a KEY load communication protocol, and writes the KEY data into an external memory Flash;

s12: after each time of power-on or KEY loading and updating, the ARM processor actively reads the latest KEY data from the external memory Flash and sends the latest KEY data to the FPGA2, and erases the old KEY data.

According to a preferred embodiment, the step S2 specifically includes:

s21: generating a bit stream original target data file V000.rbf of the FPGA1 by FPGA development software, and acquiring the bit stream file V000.rbf by an FPGA1 target program;

s22: the original object program V000.rbf bit stream file of the FPGA1 is transmitted to the FPGA2 by the FPGA1 object program through an RS232 circuit.

According to a preferred embodiment, the step S3 specifically includes:

s31: the encryption chip FPGA2 uses KEY data and a symmetric grouping encryption algorithm to encrypt bit stream data of V000.rbf bits, and generates V001.rbf after encryption;

s32: the FPGA2 stores the encrypted bit stream v001.rbf data in the configuration chip of the FPGA 1.

According to a preferred embodiment, the step S4 specifically includes:

s41: when the power is on every time, the FPGA2 actively reads a target data storage chip of the FPGA1 and reads a stored target data file V001.rbf encrypted by the FPGA 1;

s42: the FPGA2 calculates V000.rbf based on KEY data and a corresponding decryption algorithm, and configures an FPGA1 chip on line.

According to a preferred embodiment, the step S5 specifically includes:

s51: after the FPGA1 chip is normally started, the ARM processor sends three groups of random data frames to the FPGA1, the data in each group of data frames conform to a communication protocol of a preset rule, and the FPGA1 respectively sends confirmation signals to the ARM processor after successfully receiving and resolving the third group of data packets;

s52: when the FPGA1 confirms that the received three groups of data packets are correct, the normal working state is entered, otherwise, the reset state is entered; and when the ARM successfully analyzes the confirmation frame, the ARM enters a normal working state, otherwise, the ARM enters a reset state.

The main scheme and the further selection schemes can be freely combined to form a plurality of schemes which are all adopted and claimed by the invention; in the invention, the selection (each non-conflict selection) and other selections can be freely combined. The skilled person in the art can understand that there are many combinations, which are all the technical solutions to be protected by the present invention, according to the prior art and the common general knowledge after understanding the scheme of the present invention, and the technical solutions are not exhaustive herein.

The invention has the beneficial effects that: according to the method, the target program of the non-encryption chip FPGA1 is encrypted by the encryption chip FPGA2 and then stored, so that the target data of the general non-encryption chip FPGA1 are effectively protected. The ARM chip and the FPGA2 encryption chip are both stored after being encrypted, and meanwhile, target program read-back is not supported. During software operation, the ARM processor and the FPGA1 need mutual authorization verification to work normally, otherwise, the ARM processor and the FPGA1 enter a reset state respectively. From the aspect of integral anti-imitation difficulty, the possibility that the product module is imitated in reverse engineering can be effectively reduced, and the protection capability of own product intellectual property is improved. In practical engineering application, the measures of stealing, cloning and the like in reverse engineering can be effectively resisted, the risk of stealing target data is greatly reduced, and the protection capability of own intellectual property rights is improved.

Drawings

FIG. 1 is a schematic diagram illustrating the processing flow of KEY data by ARM in step S1 of the method of the present invention;

FIG. 2 is a schematic diagram of the processing flow of the ARM processor and the non-encrypted FPGA1 chip performing authentication and authorization in step S1 of the method of the present invention;

fig. 3 is a schematic diagram of the process flow of the authentication authorization between the unencrypted FPGA1 chip and the ARM processor in step S5.

Detailed Description

The embodiments of the present invention are described below with reference to specific embodiments, and other advantages and effects of the present invention will be easily understood by those skilled in the art from the disclosure of the present specification. The invention is capable of other and different embodiments and of being practiced or of being carried out in various ways, and its several details are capable of modification in various respects, all without departing from the spirit and scope of the present invention. It is to be noted that the features in the following embodiments and examples may be combined with each other without conflict.

It should be noted that, in order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some embodiments of the present invention, but not all embodiments. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.

Thus, the following detailed description of the embodiments of the present invention, presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.

In the description of the present invention, it should be noted that the terms "center", "upper", "lower", "left", "right", "vertical", "horizontal", "inner", "outer", etc. indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings or the orientations or positional relationships that the products of the present invention are conventionally placed in use, and are only used for convenience in describing the present invention and simplifying the description, but do not indicate or imply that the devices or elements referred to must have a specific orientation, be constructed and operated in a specific orientation, and thus, should not be construed as limiting the present invention. Furthermore, the terms "first," "second," "third," and the like are used solely to distinguish one from another and are not to be construed as indicating or implying relative importance.

Furthermore, the terms "horizontal", "vertical", "overhang" and the like do not imply that the components are required to be absolutely horizontal or overhang, but may be slightly inclined. For example, "horizontal" merely means that the direction is more horizontal than "vertical" and does not mean that the structure must be perfectly horizontal, but may be slightly inclined.

In the description of the present invention, it should also be noted that, unless otherwise explicitly specified or limited, the terms "disposed," "mounted," "connected," and "connected" are to be construed broadly and may, for example, be fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.

In addition, it should be noted that, in the present invention, if the specific structures, connection relationships, position relationships, power source relationships, and the like are not written in particular, the structures, connection relationships, position relationships, power source relationships, and the like related to the present invention can be known by those skilled in the art without creative work on the basis of the prior art.

Example 1:

the invention discloses a target program data anti-theft method used in an ARM + FPGA architecture, wherein the ARM + FPGA architecture at least comprises 1 encrypted ARM processor, 1 general unencrypted FPGA1 chip and 1 encrypted FPGA2 chip, and the target program data anti-theft method at least comprises the following steps.

Step S1: the ARM processor is used for controlling to obtain the KEY KEY data and storing the KEY KEY data in an external Flash memory, and then the ARM processor is used for reading the KEY KEY data from the Flash and transmitting the KEY KEY data to the FPGA2 chip.

Wherein, the three functions related to encryption of the ARM processor comprise: firstly, loading an object program of the ARM through a JTAG mode, and encrypting the object program of the ARM by using a 'Secure Chip' function of development software J _ Flash ARM. Secondly, the ARM receives and analyzes the data which completes the external KEY (256 bits) and stores the data in the external Flash, and sends the KEY data to the encryption chip FPGA2 through the SPI bus. And finally, mutual authorization verification of the non-encrypted chip FPGA2 is completed in the software running stage.

Preferably, the step S1 specifically includes:

step S11: and the ARM processor receives and verifies the loading of external KEY data according to the KEY loading communication protocol, and writes the KEY data into an external memory Flash.

Step S12: after each time of power-on or KEY loading and updating, the ARM processor actively reads the latest KEY data from the external memory Flash and sends the latest KEY data to the FPGA2, and erases the old KEY data.

Further, in step S1, the processing flow of KEY (256 bits) data by ARM, as shown in fig. 1, specifically includes:

step 1: after the power is on, the ARM processor is in a KEY data receiving waiting state firstly, and data judgment is carried out on the received data packet under the conditions of 'header', 'length' and 'CRC' according to a communication protocol of KEY data transmission. And if the judgment is passed, entering the next state. Otherwise, discard data and continue waiting.

Step 2: and judging whether the Flash has an old key, and if so, erasing the data of the old key. Otherwise, the received KEY data is directly written into an external memory Flash.

And step 3: and reading KEY data in the Flash and sending the KEY data to the FPGA2 through the SPI bus.

And 4, step 4: the confirmation data packet returned by the encryption chip FPGA2 is received through the SPI bus, and the mode that the number of times of sending is accumulated by less than or equal to 3 times by the counter sendCount is adopted, so that the phenomenon that the transmission endless loop is entered is prevented.

As shown in fig. 2, in the step S1, the process flow of performing authentication and authorization on the ARM processor and the non-encrypted FPGA1 chip includes the following specific steps:

step a: after the power is on, the ARM processor correctly generates three groups of authorization verification data packets according to a communication protocol of the non-encryption FPGA1 chip and an internal data operation rule, wherein each group of data comprises a header, data, CRC and the like; to prevent the number of times of generation controlled by the counter count0 for dead cycles, the check reception flag is set to 0x 0.

Step b: and sending a first group of authorization data packets through a serial port, detecting the level state of a discrete signal line of Flag1 in real time after the sending is finished, and if Flag1 is high level, indicating that the FPGA1 successfully receives and solves, setting a check receiving Flag to be 0x 01. If Flag1 is low, indicating that FPGA1 failed to receive the solution, the check receiving Flag is set to 0x00, and the first group of authorization packets is retransmitted. To prevent the dead loop counter count1 from counting control for up to 3 transmissions, the first set of authorization packets is regenerated if none of the 3 transmissions is successful.

Step c: and sending a second group of authorization data packets through the serial port, detecting the level state of the discrete signal line of Flag2 in real time after the sending is finished, and if Flag2 is high level, indicating that the FPGA1 successfully receives and solves, setting the check receiving Flag to be 0x 03. If Flag2 is low, indicating that FPGA1 failed to receive the solution, the check receiving Flag is set to 0x01, and the second group of authorization packets is retransmitted. To prevent the dead loop counter count2 from counting control for up to 3 transmissions, if none of the 3 transmissions is successful, the second set of authorization packets is regenerated.

Step d: sending a third group of authorization data packets through a serial port, detecting the level state of a discrete signal line of Flag2 in real time after the sending is finished, and if Flag3 is high level and indicates that FPGA1 successfully receives and solves, setting a check receiving Flag to be 0x 07; if Flag3 is low, indicating that FPGA1 failed to receive the solution, the check receiving Flag is set to 0x03, and the third set of authorization packets is retransmitted. To prevent the dead loop counter 3 from counting control for up to 3 transmissions, if none of the 3 transmissions is successful, the third set of authorization packets is regenerated.

Step e: according to whether the value of check is 0x07, if the value of check is equal to 0x07, the authentication authorization is ended to enter the working mode, otherwise, the self-reset mode is entered.

Step S2: the target program of the FPGA1 acquires a bit stream file of V000.rbf of the original target program of the FPGA1, and transmits the bit stream file of V000.rbf of the original target program of the FPGA1 to the FPGA2 through an RS232 circuit.

Preferably, the step S2 specifically includes:

step S21: the bit stream original target data file V000.rbf of the FPGA1 is generated by FPGA development software, and the V000.rbf bit stream file is acquired by an FPGA1 target program.

Further, the target data file of the non-encrypted chip FPGA1 can be generated as a binary bitstream v000.rbf file using quarttus 10.1 software. And a V000.rb F file is loaded by using special loading software RemoteProgramm and is transmitted to an RS232 circuit.

Step S22: the original object program V000.rbf bit stream file of the FPGA1 is transmitted to the FPGA2 by the FPGA1 object program through an RS232 circuit.

Further, the RS232 signal transmission circuit realizes the mutual conversion of the TTL signal and the RS232 signal. When the program is loaded, the encrypted chip FPGA2 completes the reception of the unencrypted chip FPGA1 target data file v000. rbf.

Step S3: the FPGA2 encrypts V000.rbf bit stream data by using KEY data and a packet encryption algorithm, and a target program of the FPGA1 is the V001.rbf bit stream data and is stored in a configuration chip of the FPGA1 after encryption.

Preferably, the step S3 specifically includes:

step S31: the encryption chip FPGA2 encrypts the bit stream data of v000.rbf bits using KEY data and a symmetric block encryption algorithm, and generates v001.rbf after encryption.

Step S32: the FPGA2 stores the encrypted bit stream v001.rbf data in the configuration chip of the FPGA 1.

Step S4: the FPGA2 chip applies the V001.rbf bit stream data, decrypts and calculates V000.rbf based on the KEY data and a corresponding decryption algorithm, and configures the FPGA1 chip on line.

Preferably, the step S4 specifically includes:

step S41: when the power is on every time, the FPGA2 actively reads the target data storage chip of the FPGA1 and reads the stored target data file V001.rbf encrypted by the FPGA 1.

Step S42: the FPGA2 calculates V000.rbf based on KEY data and a corresponding decryption algorithm, and configures an FPGA1 chip on line.

Step S5: after the FPGA1 chip is normally started, a communication mechanism is arranged between the ARM chip and the FPGA1 chip for authentication and authorization, and the ARM chip and the FPGA1 chip respectively enter a working state after the authorization passes; when authorization is not passed, ARM, FPGA1 each enter a reset state.

Preferably, the step S5 specifically includes:

step S51: after the FPGA1 chip is normally started, the ARM processor sends three groups of random data frames to the FPGA1, data in each group of data frames conform to a communication protocol of a preset rule, and the FPGA1 sends confirmation signals to the ARM processor after completing receiving and resolving success of the third group of data packets.

Step S52: when the FPGA1 confirms that the received three groups of data packets are correct, the normal working state is entered, otherwise, the reset state is entered; and when the ARM successfully analyzes the confirmation frame, the ARM enters a normal working state, otherwise, the ARM enters a reset state.

Further, as shown in fig. 3, a processing flow of performing authentication and authorization between the unencrypted FPGA1 chip and the ARM processor in step S5 is shown, and the specific steps include the following:

step 1: after the power is on, the non-encryption FPGA1 chip initializes register type variables Flag1, Flag2, Flag3, Rec _ cnt and Judge _ reg, wherein the Flag1 indicates that the 1 st group of authorization verification data packets sent by the ARM processor are received to be correct and is set as ' 1 ' b1 ', and otherwise, the 1 ' b0 ' is set. Flag2 indicates that the group 2 authorization verification packet sent by the receiving ARM processor is correct and is set to "1 'b 1", otherwise, is set to "1' b 0". Flag3 indicates that the group 3 authorization verification packet sent by the receiving ARM processor is correct and is set to "1 'b 1", otherwise, is set to "1' b 0". Rec _ cnt indicates that 1 is accumulated if the reception and solution is successful, otherwise it remains unchanged. Judge _ reg is a successful receiving and resolving flag, if the 1 st group of authorization verification data packets is correct, the flag is assigned as ' 3 ' b001 ', if the 1 st group of authorization verification data packets is correct, the flag is assigned as ' 3 ' b011 ', and if the 1 st group of authorization verification data packets is correct, the flag is assigned as ' 3 ' b111 '.

Step 2: after initialization, entering a serial port to receive a first group of authorization verification data packet waiting state, if the receiving calculation is correct, entering a second group of authorization verification data packet receiving state, setting Flag1 to be 1 ' b1 ', accumulating Rec _ cnt to be 1, and assigning Judge _ reg to be 3 ' b 001. If the receive resolution is incorrect, Flag1 is set to "1 'b 0", Rec _ cnt is assigned to 0, Judge _ reg is assigned to "3' b 000", and the receive wait state for the first set of authorization verification packets is entered again.

And step 3: if the second group authorizes and verifies that the data packet is received correctly, the serial port of the third group enters a serial port receiving waiting state, meanwhile, Flag2 is set to be 1 ' b1 ', Rec _ cnt is accumulated to be 1, and Judge _ reg is assigned to be 3 ' b 011. And if the receiving calculation is incorrect, the Flag1 state is kept, the Flag2 is assigned to be 0, the Rec _ cnt is assigned to be 0, the Judge _ reg state is kept, and the receiving waiting state of the second group of authorization verification data packets is entered again.

And 4, step 4: if the third group authorizes and verifies that the data packet is received correctly, the comprehensive judgment state is entered, meanwhile, Flag3 is set to be 1 'b 1', Rec _ cnt is accumulated to be 1, and Judge _ reg is assigned to be 3 'b 111'. And if the receiving calculation is incorrect, keeping a Flag1 state, keeping a Flag2 state, assigning a Flag to be 0, assigning a Rec _ cnt to be state keeping, keeping a Judge _ reg state, and entering a receiving waiting state of the third group of authorization verification data packets again.

And 5: entering a comprehensive judgment state, judging whether the Judge _ reg value is '3' b111 ', if the Judge _ reg is' 3 'b 111', the authorization verification is passed and the Reset signal Reset is assigned to be 0 (high level Reset); otherwise, the authorization verification fails, and the Reset signal Reset is assigned to 1 (high level Reset); and ends the whole authentication and authorization flow.

The target program data anti-theft method also comprises the steps of a hardware encryption protection method, and specifically comprises the following steps:

step S01: the method comprehensively considers the application occasions, the functional requirements, the data security factors and the design requirements of products, determines the strategy of integrally preventing and stealing target data of each chip by combining hardware and software modes, and determines the models of a core chip ARM processor, an FPGA1 model and an FPGA2 model in an ARM + FPGA architecture and a corresponding target data storage chip.

Step S01 a: aiming at reducing the risk of stealing target data of each chip by an illegal user and protecting intellectual property of the own party, the design principle of low cost and low power consumption and the safety of target data storage of each chip are comprehensively considered, and a protection strategy for realizing the target data of each chip by a hardware mode and a software mode is formulated.

Step S01 b: according to design low cost, low power consumption and processing strategy, the model of a core chip in an ARM + FPGA framework is determined, the model of an ARM processor is an STM32F103 series chip, the model of an Altera Cyclone III series chip and a storage chip are selected for the FPGA1, and the model of an Altera Cyclone V encryption series chip is selected for the FPGA 2.

Step S02: and determining a strategy for preventing data from being stolen by hardware. In order to prevent the illegal user from increasing difficulty by using a hardware method when the illegal user carries out reverse engineering on 'cloning', 'tampering' or 'illegally stealing' data, the intellectual property data of the illegal user is protected.

Step S02 a: when the PCB is laid out and wired, circuit signal lines are configured for the FPGA2, the FPGA1 and the FPGA1, and an ARM processor and signal lines of external Flash for storing KEY data are wired to be an intermediate layer. By the method, an illegal user cannot directly measure and analyze the waveform data of the key signals, so that the difficulty of reverse engineering is improved;

step S02 b: and removing the type printing on the surface of each chip. By means of a polishing process, model marks on the surfaces of the chips are removed, and the difficulty of reverse engineering is further increased;

step S02 c: the PCB is designed independently for the key chips FPGA2, FPGA1 and the storage circuit, the PCB is plastically packaged, only communication signals with other chips are reserved, the PCB is connected with a motherboard in a connector assembly mode, and the difficulty of reverse engineering is improved.

Aiming at an ARM + FPGA hardware architecture platform, the method of the invention considers a mode of combining software and hardware phases in a dense phase mode from a design stage, improves the difficulty of stealing target data files of each chip on the whole, and particularly improves the protection capability of a target program of a non-encrypted FPGA2 chip by utilizing a mode of encrypting and storing a target program file of a non-encrypted FPGA1 chip by utilizing an encrypted FPGA 2.

In the software running stage, through mutual authorization verification of the ARM processor and the non-encrypted FPGA2 chip, the mechanism has the advantages that part of target data of the chip is stolen and the normal running cannot be performed. It should be noted that the ARM processor performs encryption of a target program (Secure Chip) and encryption of target data of the encryption type Chip FPGA2, and related websites and Chip data manuals are introduced, which do not belong to the key point of the patent and are not described herein again.

According to the method, the target program of the non-encryption chip FPGA1 is encrypted by the encryption chip FPGA2 and then stored, so that the target data of the general non-encryption chip FPGA1 are effectively protected. The ARM chip and the FPGA2 encryption chip are both stored after being encrypted, and meanwhile, target program read-back is not supported. During software operation, the ARM processor and the FPGA1 need mutual authorization verification to work normally, otherwise, the ARM processor and the FPGA1 enter a reset state respectively. From the aspect of integral anti-imitation difficulty, the possibility that the product module is imitated in reverse engineering can be effectively reduced, and the protection capability of own intellectual property rights is improved.

The foregoing basic embodiments of the invention and their various further alternatives can be freely combined to form multiple embodiments, all of which are contemplated and claimed herein. In the scheme of the invention, each selection example can be combined with any other basic example and selection example at will. Numerous combinations will be known to those skilled in the art.

The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.

Claims (6)

1. A method for preventing target program data from being stolen in an ARM + FPGA architecture, wherein the ARM + FPGA architecture at least comprises 1 encrypted ARM processor, 1 general purpose unencrypted FPGA1 chip and 1 encrypted FPGA2 chip, and the method for preventing target program data from being stolen at least comprises the following steps:

s1: the ARM processor is used for controlling to obtain the KEY KEY data and storing the KEY KEY data in an external Flash memory, and then the ARM processor is used for reading the KEY KEY data from the Flash and transmitting the KEY KEY data to the FPGA2 chip;

s2: the FPGA1 target program acquires a V000.rbf bit stream file of the original target program of the FPGA1, and transmits the V000.rbf bit stream file of the original target program of the FPGA1 to the FPGA2 through an RS232 circuit;

s3: the FPGA2 encrypts V000.rbf bit stream data by using KEY data and a block encryption algorithm, and an encrypted FPGA1 target program is the V001.rbf bit stream data and is stored in a configuration chip of the FPGA 1;

s4: the FPGA2 chip applies the V001.rbf bit stream data, decrypts and calculates V000.rbf based on the KEY data and a corresponding decryption algorithm, and configures an FPGA1 chip on line;

s5: after the FPGA1 chip is normally started, a communication mechanism is arranged between the ARM chip and the FPGA1 chip for authentication and authorization, and the ARM chip and the FPGA1 chip respectively enter a working state after the authorization passes; when authorization is not passed, ARM, FPGA1 each enter a reset state.

2. The method as claimed in claim 1, wherein the step S1 specifically includes:

s11: the ARM processor receives and verifies the load of external KEY data according to a KEY load communication protocol, and writes the KEY data into an external memory Flash;

s12: after each time of power-on or KEY loading and updating, the ARM processor actively reads the latest KEY data from the external memory Flash and sends the latest KEY data to the FPGA2, and erases the old KEY data.

3. The method as claimed in claim 1, wherein the step S2 specifically includes:

s21: generating a bit stream original target data file V000.rbf of the FPGA1 by FPGA development software, and acquiring the bit stream file V000.rbf by an FPGA1 target program;

s22: the original object program V000.rbf bit stream file of the FPGA1 is transmitted to the FPGA2 by the FPGA1 object program through an RS232 circuit.

4. The method as claimed in claim 1, wherein the step S3 specifically includes:

s31: the encryption chip FPGA2 uses KEY data and a symmetric grouping encryption algorithm to encrypt bit stream data of V000.rbf bits, and generates V001.rbf after encryption;

s32: the FPGA2 stores the encrypted bit stream v001.rbf data in the configuration chip of the FPGA 1.

5. The method as claimed in claim 1, wherein the step S4 specifically includes:

s41: when the power is on every time, the FPGA2 actively reads a target data storage chip of the FPGA1 and reads a stored target data file V001.rbf encrypted by the FPGA 1;

s42: the FPGA2 calculates V000.rbf based on KEY data and a corresponding decryption algorithm, and configures an FPGA1 chip on line.

6. The method as claimed in claim 1, wherein the step S5 specifically includes:

s51: after the FPGA1 chip is normally started, the ARM processor sends three groups of random data frames to the FPGA1, the data in each group of data frames conform to a communication protocol of a preset rule, and the FPGA1 respectively sends confirmation signals to the ARM processor after successfully receiving and resolving the third group of data packets;

s52: when the FPGA1 confirms that the received three groups of data packets are correct, the normal working state is entered, otherwise, the reset state is entered; and when the ARM successfully analyzes the confirmation frame, the ARM enters a normal working state, otherwise, the ARM enters a reset state.

Images