CN113496036A - Security component and preloading method - Google Patents

Security component and preloading method Download PDF

Info

Publication number
CN113496036A
CN113496036A CN202010263485.9A CN202010263485A CN113496036A CN 113496036 A CN113496036 A CN 113496036A CN 202010263485 A CN202010263485 A CN 202010263485A CN 113496036 A CN113496036 A CN 113496036A
Authority
CN
China
Prior art keywords
items
preload
security component
security
memory
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010263485.9A
Other languages
Chinese (zh)
Inventor
许树娜
孙波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alibaba Group Holding Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to CN202010263485.9A priority Critical patent/CN113496036A/en
Publication of CN113496036A publication Critical patent/CN113496036A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44521Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading

Abstract

The present disclosure provides a security assembly and a pre-loading method. The security component comprises a memory, a plurality of registers and a preloading management device, wherein the memory stores a plurality of items to be configured, and the preloading management device is started after the security component is powered on, and comprises: the random number generator is used for generating a random code, and the random code is used for indicating a corresponding configuration item of the plurality of items to be configured; the pre-loading controller is used for reading the corresponding configuration items according to the random codes and loading the corresponding configuration items into corresponding registers of the plurality of registers. The security component provided by the embodiment of the disclosure randomly loads the corresponding items to be configured into the corresponding registers through the random code, so that the loading time of all the items to be loaded is unpredictable, the step is implemented immediately after the security component is powered on, and the other components are started after the step, thereby improving the security of the security component.

Description

Security component and preloading method
Technical Field
The present disclosure relates to the field of trusted computing, and in particular, to a security component and a preloading method.
Background
A security chip refers to an integrated circuit chip that implements one or more cryptographic algorithms, directly or indirectly using cryptographic techniques to protect root keys and sensitive information. The security chip typically has a separate microprocessor and memory location where the root key and sensitive information is stored. At present, security chips are increasingly applied to intelligent terminals to provide reliable guarantee for financial payment and online identity authentication.
The general starting process of the secure chip is shown in fig. 1, and includes power-on reset release S110, preloading S120, root key decryption S130, key derivation S140, release bus reset S150, and release processor reset S160. The power-on reset release S110 resets each component to an initial state, the preloading S120 loads the root key and the security configuration information stored in the secure chip into the storage unit, the root key decryption S130 parses the root key from the secure chip, the key derivation S140 derives application keys to be subsequently used in other links, and the release bus reset S150 and the release processor reset S160 reset the bus and the processor to the initial state. The preloading S120 is an important process for starting the secure chip, and the operation of other components of the chip must be performed after the preloading process is completed, so as to ensure that the operating environment of the entire chip is controlled by the secure configuration of the secure chip. On this basis, it needs to be ensured that the whole preloading process is safe and controllable, and the root key and the security configuration information stored in the security chip cannot be obtained or tampered by physical attack aiming at the security chip.
However, the prior art does not provide special protection for preloading, so that if a physical attack is made on the secure chip during the preloading process, the preloading process becomes untrusted, so that the subsequent operating environment of the whole chip becomes untrusted, for example, some security configuration steps are not executed through electromagnetic radiation, or the root key is tampered.
Disclosure of Invention
Based on this, it is an object of the present disclosure to provide a security component for providing special safeguards to the preloading procedure of the system to increase the trustworthiness of the preloading results.
In a first aspect, an embodiment of the present disclosure provides a security component, including a memory, a plurality of registers, and a pre-loading management device, where the memory stores a plurality of items to be configured, and the pre-loading management device is started after the security component is powered on, and includes:
the random number generator is used for generating a random code, and the random code is used for indicating a corresponding configuration item of the plurality of items to be configured;
the pre-loading controller is used for reading the corresponding configuration items according to the random codes and loading the corresponding configuration items into corresponding registers of the plurality of registers.
Optionally, the preload management apparatus includes a preload counter that counts loading of the preload controller, the preload controller further maintains a preload status table, the preload status table includes a plurality of data items, each data item is used for characterizing whether the corresponding item to be configured has been loaded into the corresponding register, the preload controller determines whether all the items to be configured have been loaded according to the preload status table and a count value of the preload counter, and accordingly determines whether a preload process is complete, and controls the security component to restart if the preload process is incomplete.
Optionally, the memory further stores a plurality of check words, and the pre-load controller is further configured to read the plurality of check words for checking, and determine whether to control the embedded system to power on and start again according to a check result.
Optionally, the random code is further configured to indicate a corresponding check word of the check words, and the pre-loading controller reads the corresponding check code according to the random code to perform checking.
Optionally, the random code further includes an identifier for characterizing verification or loading, and the pre-loading controller randomly performs the verification or loading operation according to the judgment on the random code.
Optionally, the check words correspond to the items to be configured one to one, and the pre-load controller checks whether the items to be configured are correct according to the check words.
Optionally, the check words and the items to be configured are stored in a distributed manner on the memory.
Optionally, the memory is a read-only memory.
Optionally, the read-only memory is a one-time programmable memory.
Optionally, the system further includes a processing unit, where the plurality of registers are located inside the processing unit, and the processing unit completes system startup by using the plurality of items to be configured.
Optionally, the random number generator and the pre-load controller are integrated in the processing unit.
Optionally, the multiple items to be configured include a root password and security configuration information, the pre-loading controller loads the root password to a password register, and loads the security configuration information to a control register, and the processing unit executes program instructions for performing cryptographic algorithm processing and security configuration in a starting process.
Optionally, the security component is integrated as a system on a chip.
Optionally, the security component may be applied in the following products: the system comprises a vehicle-mounted terminal, an intelligent home, a consumer electronics product, a robot controller, a programmable controller, a financial service terminal and a video conference terminal.
In a second aspect, an embodiment of the present disclosure provides an embedded system including any one of the security components described above.
In a third aspect, embodiments of the present disclosure provide a computer system including any of the security components described above.
In a fourth aspect, an embodiment of the present disclosure provides a system on a chip including the security component of any one of the above.
In a fifth aspect, an embodiment of the present disclosure provides a preloading method, where a preloading procedure is performed after a system is powered on, where the preloading procedure includes the following steps that are repeatedly performed for the plurality of items to be configured:
acquiring a random code, wherein the random code is used for indicating a corresponding configuration item of a plurality of items to be configured;
and reading the corresponding configuration item according to the random code, and loading the corresponding configuration item into a corresponding register of a plurality of registers.
Optionally, the preloading method further comprises
Counting the loading operation;
maintaining a preload status table, said preload status table comprising a plurality of data items, each data item being for characterising whether said respective item to be configured has been loaded into a respective register;
and determining whether the plurality of items to be configured are loaded completely according to the preloading state table and the loading count value, and judging whether the preloading process is complete according to the determination result.
Optionally, the preloading method further comprises: and reading a plurality of pre-stored check words for checking to judge whether the preloading process is normal.
Optionally, the random code is further used for indicating a corresponding check word of the plurality of check words, and the preloading method further includes: and reading the corresponding check code according to the random code for checking.
Optionally, the random code further includes an identifier for characterizing verification or loading, and the preloading method further includes: and judging the random code, and randomly executing verification or loading operation.
Optionally, the check words correspond to the items to be configured one to one, and the preloading method further includes: and checking whether the plurality of items to be configured are correct or not according to the plurality of check words.
Optionally, the plurality of items to be configured are stored in a read-only memory.
Optionally, the preloading method is performed after power-on of the embedded system or the computer system.
The security component provided by the embodiment of the disclosure randomly loads the corresponding items to be configured into the corresponding registers by using a random code, so that the loading time of all the items to be loaded is unpredictable, the implementation of the step is performed immediately after the security component is powered on, and the components of other components are all behind the step, thereby improving the security of the security component. Further, the security component may be integrated in an embedded system, a computer system, or a system on a chip.
Drawings
The foregoing and other objects, features, and advantages of the disclosure will be apparent from the following description of embodiments of the disclosure, which refers to the accompanying drawings in which:
FIG. 1 illustrates a typical boot flow for a security chip;
FIG. 2 shows a schematic diagram of an exemplary network architecture;
FIG. 3 illustrates a schematic diagram of a computer system including a security component of an embodiment of the present disclosure;
FIG. 4 illustrates a schematic diagram of an embedded system including a security component of an embodiment of the present disclosure;
FIGS. 5a and 5b show schematic diagrams of two ways of integration of a system-on-chip and a security chip of an embodiment of the disclosure;
FIG. 6a is an exemplary block diagram of a security component provided by an embodiment of the present disclosure;
FIG. 6b is another exemplary block diagram of a security component provided by an embodiment of the present disclosure;
FIG. 7 is a schematic diagram of the structure of one embodiment of the preload management apparatus shown in FIG. 6 a;
FIG. 8 is a schematic diagram of another embodiment of the preload management apparatus shown in FIG. 6 a;
FIG. 9 is a data structure diagram of an exemplary random code;
fig. 10a and 10b are flowcharts of a preloading method provided by an embodiment of the present disclosure.
Detailed Description
The present disclosure is described below based on examples, but the present disclosure is not limited to only these examples. In the following detailed description of the present disclosure, some specific details are set forth in detail. It will be apparent to those skilled in the art that the present disclosure may be practiced without these specific details. Well-known methods, procedures, and procedures have not been described in detail so as not to obscure the present disclosure. The figures are not necessarily drawn to scale.
Fig. 2 shows a schematic diagram of a network structure. As shown in fig. 2, various terminals 201 establish communication with a data center 203 through a network 203. The terminal 201 is various electronic devices employing a computer system, such as a personal computer, a cellular phone, a notebook, a mobile terminal, and the like. Network 203 may be based on a combination of one or more of a variety of communication technologies implemented by exchanging signals, including but not limited to wired technologies employing electrically and/or optically conductive cables, and wireless technologies employing infrared, radio frequency, and/or other forms. In different application scenarios, the network 203 may be the internet, a wide area network, or a local area network, such as a private network of a company. The network 203 may also be a wired network or a wireless network.
The data center 203 has a large number of servers 140 for actual processing. Server 140 is a hardware entity that provides computing and storage capabilities to users or various application systems. The hardware and software resources of each server 140 may be integrated into a resource pool by using a virtualization technology, and computing power, storage power, or virtual machine service is provided to a user or various application systems as needed based on the resource pool, and at this time, the server 140 is referred to as a cloud server.
The access switch 130 is a switch used to access the server 140 to the data center. One access switch 130 accesses multiple servers 140. The access switches 130 are typically located on Top of the Rack, so they are also called set-Top (Top of Rack) switches, which physically connect the servers.
Each aggregation switch 120 connects multiple access switches 130 while providing other services such as firewalls, intrusion detection, network analysis, and the like.
Core switches 110 provide high-speed forwarding of packets to and from the data center and connectivity for aggregation switches 120. The entire data center network is divided into an L3 layer routing network and an L2 layer routing network, and the core switch 110 provides a flexible L3 layer routing network for the entire data center network.
Typically, the aggregation switch 120 is the demarcation point between L2 and L3 layer routing networks, with L2 below and L3 above the aggregation switch 120. Each group Of aggregation switches manages a Point Of Delivery (POD), within each Of which is a separate VLAN network. Server migration within a POD does not have to modify the IP address and default gateway because one POD corresponds to one L2 broadcast domain.
A Spanning Tree Protocol (STP) is typically used between aggregation switch 120 and access switch 130. STP makes only one aggregation layer switch 120 available for a VLAN network and the other aggregation switches 120 are used in the event of a failure (dashed lines in the upper figure). That is, at the level of aggregation switches 120, no horizontal scaling is done, since only one is working even if multiple aggregation switches 120 are added.
The terminal 201 and the server 140 have a general computer architecture, although the functions, appearance interfaces, operating systems, and the like of the specific terminal device and the server are different or even different. Fig. 3 illustrates such a general computer architecture. As shown in FIG. 3, computer system 10 may include one or more processors 12, and memory 14.
Memory 14 in computer system 10 may be main memory (referred to simply as main memory or memory). For storing instruction information and/or data information represented by data signals, such as data provided by the processor 12 (e.g., operation results), and for implementing data exchange between the processor 12 and an external storage device 16 (or referred to as an auxiliary memory or an external memory).
In some cases, processor 12 may need to access memory 14 to retrieve data in memory 14 or to make modifications to data in memory 14. To alleviate the speed gap between processor 12 and memory 14 due to the slow access speed of memory 14, computer system 10 further includes a cache memory 18 coupled to bus 11, cache memory 18 being used to cache some data in memory 14, such as program data or message data, that may be repeatedly called. The cache Memory 18 is implemented by a storage device such as a Static Random Access Memory (SRAM). The Cache memory 18 may have a multi-level structure, such as a three-level Cache structure having a first-level Cache (L1 Cache), a second-level Cache (L2Cache), and a third-level Cache (L3 Cache), or may have a Cache structure with more than three levels or other types of Cache structures. In some embodiments, a portion of the cache memory 18 (e.g., a level one cache, or a level one cache and a level two cache) may be integrated within the processor 12 or in the same system on a chip as the processor 12.
In this regard, the processor 12 may include an instruction execution unit 121, a memory management unit 122, and so on. The instruction execution unit 121 initiates a write access request when executing some instructions that need to modify the memory, where the write access request specifies write data and a corresponding physical address that need to be written into the memory; the memory management unit 122 is configured to translate the virtual addresses specified by the instructions into the physical addresses mapped by the virtual addresses, and the physical addresses specified by the write access request may be consistent with the physical addresses specified by the corresponding instructions.
The information exchange between the memory 14 and the cache 18 is typically organized in blocks. In some embodiments, the cache 18 and the memory 14 may be divided into data blocks by the same spatial size, and a data block may be the smallest unit of data exchange (including one or more data of a preset length) between the cache 18 and the memory 14. For the sake of brevity and clarity, each data block in the cache memory 18 will be referred to below simply as a cache block (which may be referred to as a cacheline or cache line), and different cache blocks have different cache block addresses; each data block in the memory 14 is referred to as a memory block, and different memory blocks have different memory block addresses. The cache block address comprises, for example, a physical address tag for locating the data block.
Due to space and resource constraints, the cache memory 18 cannot cache the entire contents of the memory 14, i.e., the storage capacity of the cache memory 18 is generally smaller than that of the memory 14, and the cache block addresses provided by the cache memory 18 cannot correspond to the entire memory block addresses provided by the memory 14. When the processor 12 needs to access the memory, firstly, the cache memory 18 is accessed through the bus 11 to judge whether the content to be accessed is stored in the cache memory 18, if so, the cache memory 18 hits, and at the moment, the processor 12 directly calls the content to be accessed from the cache memory 18; if the content that the processor 12 needs to access is not in the cache memory 18, the processor 12 needs to access the memory 14 via the bus 11 to look up the corresponding information in the memory 14. Because the access rate of the cache memory 18 is very fast, the efficiency of the processor 12 can be significantly improved when the cache memory 18 hits, thereby also improving the performance and efficiency of the overall computer system 10.
In addition, computer system 10 may also include input/output devices such as storage device 16, display device 13, audio device 14, mouse/keyboard 15, and the like. The storage device 16 is a device for information access such as a hard disk, an optical disk, and a flash memory coupled to the bus 11 via corresponding interfaces. The display device 13 is coupled to the bus 11, for example via a corresponding graphics card, for displaying in accordance with display signals provided by the bus 11.
The computer system 10 also typically includes a communication device 17 and thus may communicate with a network or other devices in a variety of ways. The communication device 17 may comprise, for example, one or more communication modules, by way of example, the communication device 17 may comprise a wireless communication module adapted for a particular wireless communication protocol. For example, the communication device 17 may include a WLAN module for implementing Wi-FiTM communication in compliance with the 802.11 standard established by the Institute of Electrical and Electronics Engineers (IEEE); the communication device 17 may also include a WWAN module for implementing wireless wide area communication conforming to a cellular or other wireless wide area protocol; the communication device 17 may also include a communication module using other protocols, such as a bluetooth module, or other custom type communication modules; the communication device 17 may also be a port for serial transmission of data.
Of course, the structure of different computer systems may vary depending on the motherboard, operating system, and instruction set architecture. For example, many computer systems today have an input/output control hub coupled between the bus 11 and various input/output devices, and the input/output control hub may be integrated within the processor 12 or separate from the processor 12.
Also shown is a security component 19 for implementing embodiments of the present disclosure. As shown, the security component 19 is integrated within the computer system 10 and communicates with other components via the bus 11, for example, the security component 19 may be coupled to the computer system 10 via a printed circuit board or various boards. The security component 19 can be a trusted platform module, and some important information and some operations with higher security requirements are placed on the security component 19. For example, the cryptographic generation operation is performed in the security component 19, such as generating a public key and a private key in one computer system 10 using a root key stored in the security component 19, then encrypting important data using the private key and issuing the public key, then transmitting the encrypted important data to another computer system 10, and obtaining a corresponding public key in another computer system 10 and decrypting the same with the public key to obtain the important data, so that all cryptographic processes are performed in the security component 19, thereby improving security. For another example, the root password and the security configuration information may be placed in the security component 19, such as storing the configuration information of the BIOS, reading the configuration information after the security chip is started, and checking the configuration information of the BIOS during actual operation with the configuration information to determine whether the BIOS is correctly started. The specific structure and function of the safety assembly 19 provided by the embodiments of the present disclosure will be described in detail later.
The security component 19 provided by the embodiment of the present disclosure may also be applied to electronic devices of embedded systems, such as various consumer electronics products, IoT devices, mobile terminals, smart homes, robot controllers, vehicle-mounted terminals, industrial control devices, and so on. Fig. 4 shows a system architecture diagram of an embedded system 400.
Although the embedded system has a high similarity to a computer system in terms of hardware structure, the application characteristics of the embedded system cause the embedded system to be greatly different from a general computer system in terms of the composition and implementation form of hardware.
First, in order to meet the requirements of the embedded system 400 on speed, size and power consumption, data that needs to be stored for a long time, such as an operating system, application software, and special data, is usually not used in a storage medium with a large capacity and a low speed, such as a magnetic disk, but a random access Memory 402 or a Flash Memory (Flash Memory)403 is mostly used, as shown in fig. 1.
In addition, in the embedded system 400, an a/D (analog/digital conversion) interface 405 and a serial interface 406 are required for the need of measurement and control, which is rarely used in general-purpose computers. The a/D interface 405 mainly performs conversion of an analog signal to a digital signal and conversion of a digital signal to an analog signal required in the test. Testing is often required when embedded system 400 is used in industrial production. Because the single chip generates digital signals, which need to be converted into analog signals for testing, unlike general purpose computers, an a/D (analog/digital conversion) interface 405 is required to complete the related conversion. In addition, the industry often requires multiple embedded systems to be connected in series to perform the related functions, and therefore a serial interface 406 for connecting multiple embedded systems in series is required, which is not required in general purpose computers.
In addition, the embedded system 400 is a basic processing unit, and it is often necessary to connect a plurality of embedded systems 400 into a network in industrial design, so that a network interface 407 for connecting the embedded system 400 into the network is required. This is also mostly not required in general purpose computers. In addition, some embedded systems 400 employ an external bus 404 depending on the application and size. With the rapid expansion of the application field of the embedded system 400, the embedded system 400 tends to be personalized more and more, and the types of buses adopted according to the characteristics of the embedded system 400 are more and more. In addition, in order to test the internal circuits of the embedded processor 401, the boundary scan test technology is commonly used in the processor chip. To accommodate this testing, a debug interface 408 is employed.
As shown, the security component 19 communicates with other components via the bus 11, for example, the security component 19 is fixed in the embedded system 400 by a welding process. The security component 19, as a trusted platform module, can provide a higher level of security protection than other components of the embedded system, thus placing some important information in the embedded system and some solidified important operations in the security chip. In addition to placing the root password and security configuration information in the security component 19 and placing the password generation operations in the security component 19 as described above, for example, payment verification and the like operations may also be placed in the security component 19.
With the rapid development of Very Large Scale integrated circuits (Very Large Scale Integration) and semiconductor processes, part or all of the embedded system can be implemented on a silicon chip, i.e., an embedded system on a chip (SoC).
Fig. 5a is a schematic diagram of an exemplary embedded system on a chip (SoC). As described above, the system-on-chip 500 includes an Arithmetic Logic Unit (ALU)501, a register 502, and a control unit 503. The arithmetic logic unit 501 completes the actual arithmetic processing. The register 502 is used to store instructions during arithmetic processing, intermediate results during arithmetic processing, and the like. The control unit 503 controls access to the external RAM 511 and the flash memory 512.
When executing an instruction to be executed, the ALU 501 transfers the instruction to be executed from the RAM 511 or the flash memory 512 to the register 502, and receives a next fetch address or calculates the next fetch address according to a fetch algorithm, which includes: the address is incremented or decremented according to the instruction length.
After the instruction is fetched, the ALU 501 enters an instruction decode stage that decodes the fetched instruction according to a predetermined instruction format to obtain operand fetch information needed by the fetched instruction in preparation for execution of the instruction. The operand fetch information points to, for example, an address in the RAM 511 or the flash memory 512. After decoding, the ALU acquires operands stored in the RAM 511 or the flash memory 512 according to the operand acquisition information to execute processing.
The ALU 501, when executing certain types of instructions (e.g., memory access instructions), needs to access the RAM 511 or the flash memory 512 to obtain information stored therein or to provide data that needs to be written into the RAM 511 or the flash memory 512.
After the access instruction is fetched by the ALU 501, the ALU 501 may decode the access instruction so that a source operand of the access instruction may be fetched. The ALU 501 may perform a corresponding operation on a source operand of the access instruction (e.g., an arithmetic logic unit performs an operation on the source operand stored in a register) to obtain address information corresponding to the access instruction, and initiate a corresponding request, such as an address translation request, a write access request, etc., according to the address information.
The source operands of the access instruction typically include address operands. The ALU 501 operates on the address operand to obtain the virtual address corresponding to the access instruction. The ALU 501 initiates an address translation request to the control unit 503 based on the virtual address, the address translation request including a virtual address corresponding to an address operand of the access instruction. The control unit 503 responds to the address translation request, and converts the virtual address in the address translation request into a physical address according to an entry matching the virtual address, so that the ALU 501 can access the RAM 511 or the flash memory 512 according to the translated physical address.
Depending on the function, the memory access instructions may include load instructions and store instructions. The execution of the load instruction typically does not require modification of information in the RAM 511 or flash memory 512, and the ALU 501 need only read data stored in the RAM 511 or flash memory 512 or an external storage device according to the address operand of the load instruction.
Unlike a load instruction, the source operands of a store instruction include not only address operands, but also data information, and the execution of the store instruction typically requires modification to either RAM 511 or flash memory 512. The data information of the store instruction may point to write data, and the source of the write data may be the execution result of an instruction such as an operation instruction, a load instruction, etc., or may be the data in the register 502, or may be an immediate.
As shown, the security component 19 is external to the system-on-chip 500 and is communicatively coupled to the registers 502 and the control unit 503. The security component 19 may be used to improve the security of the system-on-chip. For example, may be used to control the boot process of the system-on-chip 500, and specifically, when the system-on-chip 500 is powered on, the control unit 503 delivers the flow control right to the security component 19, the security component 19 executes a curing program through an internal processor to load the security configuration information into the respective registers, and then the control unit 503 receives the flow control right to boot the system-on-chip under the security configuration information.
Fig. 5b is a schematic diagram of an exemplary embedded system on a chip (SoC). As shown, the system on chip 510 has the same Arithmetic Logic Unit (ALU)501, registers 502 and control unit 503 as in FIG. 5 a. The difference between the two is that in this example the security component 19 is integrated inside the system-on-chip 510.
In addition, the safety component can be used as an independent component and can be connected with the system through an external interface such as a USB (universal serial bus) to realize safety protection. Such security components or systems including such security components may be used in application scenarios where requirements on system security and preloading speed are high, such as financial payments, online identity authentication, copyright protection, consumable usage tracking, device authentication, industrial control, video conferencing, medical services, gaming authentication, and so forth.
Fig. 6a is an exemplary block diagram of a security component provided by an embodiment of the present disclosure. As shown, the security component 60 includes a processing unit 601, a read only memory 602, a random access memory 603, a flash memory 604, an I/O interface 605, a clock circuit 621, a reset circuit 622, and a preload management device 611. The clock circuit 621 and the reset circuit 622 are generally configured and functional, and will not be described in detail here. The rom 602 typically stores fixed program codes such as an Operating System (OS), a kernel, and a device driver, the ram 603 stores running program codes and data required for use, and the flash 604 typically stores application programs and data. The I/O interface 605 provides an input/output interface for communicating with external devices.
The cryptographic algorithm module 612 is a program instruction for implementing cryptographic generation, encryption, decryption, and the like, which are related to cryptographic technology. The processing unit 601 may be a microprocessor, a microcontroller, a processor, an image processor, an acceleration unit, etc. after the preload management apparatus 611 completes its operation, the processing unit 601 may read and execute the program instructions.
The preload management apparatus 611 is a hardware module for implementing the preload scheme of the embodiment of the present disclosure, and is configured to load the items to be configured into a register (not shown in the figure), for example, a register in the processing unit 601 or a register in a processing unit other than the security component. The preload management device 611 is activated after the security component 60 is powered on, and other components such as the processing unit 601, the rom 602, the ram 603, the flash memory 604, the I/O interface 605, the clock circuit 621, the reset circuit 622, etc. must be activated after the operation of the preload management device 611 is completed, so as to ensure that the operation environment of the entire system is controlled by the security configuration of the preload management device 611.
The read only memory 602 can be further divided into the following types: programmable read-only memory (PROM), erasable programmable read-only memory (EPROM), and electrically erasable programmable read-only memory (eepromepromp). The Programmable read-only Memory is a One-Time Programmable Memory (One Time Programmable Memory), which can be written once and cannot be modified. The erasable programmable read-only memory can be repeatedly erased and written, so that the defect that PROM can only be written once is overcome, but an EPROM eraser is used for erasing operation. An eeprom can be erased and reprogrammed (rewritten) by the action of a higher than normal voltage.
Sensitive information and root keys as described in the background may be stored in read only memory 602 and loaded into registers (not shown) upon startup of the security component. To avoid tampering with sensitive information and root keys, the read-only memory 602 may also be a programmable read-only memory (PROM).
It should be noted that the structure diagram of the security component shown in fig. 6a is only used as an exemplary description and is not used to limit the actual structure of the security component. In the field of product design and manufacturing, designers may purposefully adapt the hardware and software architecture based on a number of factors that affect the purpose, manufacturing process, and economic benefits, for example, the random access memory 603 and the flash memory 604 may be adapted as other memories for power consumption and price reasons, or the cryptographic algorithm block 612 may be eliminated without the need for cryptographic processing functionality.
Fig. 6b is another exemplary block diagram of a security component provided by an embodiment of the present disclosure. The difference with fig. 6a is that the preload management means 611 is integrated inside the processing unit 601. After the security component 60 is powered on, the preload management apparatus 611, such as other components in the processing unit 601, the rom 602, the ram 603, the flash memory 604, the I/O interface 605, the clock circuit 621, the reset circuit 622, and the like, must be started after the operation of the preload management apparatus 611 is completed, so as to ensure that the operating environment of the entire system is controlled by the security configuration of the preload management apparatus 611.
In addition, the security component described above may be implemented as an embedded system or a system on chip, and when implemented as a system on chip, the security component may be further implemented as a security chip as described in the background.
In addition, when the security component is integrated in an embedded system or a computer system, the security component may be configured to be activated after the system is powered on, and may serve as a starting point for system activation.
Fig. 7 is a schematic structural diagram of an embodiment of the preload management apparatus shown in fig. 6 a. As shown, the ROM 616 stores a plurality of items 1-n to be loaded. The read only memory 616 herein and the read only memory 602 of FIG. 6a may be the same or different read only memories. The preload management means 611 is used to read a plurality of items 1-n to be loaded and store them in a plurality of registers, respectively. According to different meanings of the items to be loaded, different registers in the security component 60 are used for storing the corresponding items to be loaded, for example, if the items to be loaded are root keys, a key register is used, if the items to be loaded are multiple pieces of security configuration information, the multiple pieces of security configuration information are stored in corresponding control registers of the multiple control registers, and the processing unit 601 may perform cryptographic algorithm processing according to program instructions stored in a memory and perform security configuration by using the security configuration information when the system is started.
As shown in the figure, the preload management means 611 includes a random number generator 612 and a preload controller 614. The random number generator 612 is used to generate random codes. The pre-load controller 614 determines the loading order of the plurality of items 1-n to be loaded based on the random code. More specifically, the random number generator 612 can generate random codes with the same number as the number of items to be loaded, the pre-load controller 614 maintains a rule of correspondence between the random codes and the items to be loaded, and when the random codes are received, the corresponding items to be loaded are determined according to the rule of correspondence and stored in the corresponding registers.
The timing of the operation of the random number generator 612 and the pre-load controller 614 is described in more detail below. Firstly, the random number generator 612 is started to generate a first random code, the pre-loading controller 614 finds an item to be loaded corresponding to the first random code from the corresponding rule of the random code and the item to be loaded according to the first random code and loads the item, the random number generator 612 continues to work to generate a second random code, and the pre-loading controller 614 finds an item to be loaded corresponding to the second random code from the corresponding rule of the random code and the item to be loaded according to the second random code and loads the item, and so on.
Based on the above, since the operation of the random number generator is not controllable, the loading time of all the items to be loaded is unpredictable, thereby improving the security of the loading process.
As an alternative embodiment, as shown in the figure, the preload management means 611 further comprises a preload counter 613. The preload counter 613 is used to count the loads of the preload controller 614, and the preload counter 613 increments the number of loads by 1 every time the preload controller 614 loads an item to be loaded into the register. The pre-load controller 614 determines in real time whether the number of times of loading of the pre-load counter 613 is equal to the number of items to be loaded, if the number of times of loading of the pre-load counter 613 is equal to the number of items to be loaded, then passes control to the next processing module, and if the number of times of loading of the pre-load counter 613 is not equal to the number of items to be loaded, then gives an alarm message, and sets the security component to return to the initial state to repeat the power-on starting process, or only directly prompt the system to be abnormal.
As an alternative embodiment, the preload controller 614 also maintains a preload status table, as shown. The preload state table includes a plurality of data items C0-Cn which are the same in number as the plurality of items to be loaded and which correspond to each other. Each data item stores the current state of the corresponding item to be loaded, for example, 0 is used to indicate that the corresponding item to be loaded is not loaded, and 1 is used to indicate that the corresponding item to be loaded is loaded, and the preload management apparatus 611 modifies the value of the corresponding data item in the preload state table every time one item to be loaded is loaded. The pre-load controller 614 looks at the values of the individual data items of the pre-load status table in real time to determine whether the pre-load process is complete, i.e. whether all the items to be loaded have been loaded. When the pre-loading controller 614 determines that the pre-loading process is complete, the control right is handed to the next processing module, if the pre-loading process is determined to be incomplete, alarm information is given, the security chip is set to return to the initial state, the power-on starting process is repeated, or only the system is directly prompted to be abnormal.
As an alternative embodiment, the preload management means 611 may utilize the use of the preload status table together with the preload counter 613 to determine whether the preload process is complete. Specifically, the preload controller 614 determines in real time whether the number of times of loading of the preload counter 613 is equal to the number of items to be loaded, if the number of times of loading of the preload counter 613 is equal to the number of items to be loaded, then continuously checks the values of the respective data items of the preload state table to determine whether the corresponding items to be loaded have all been loaded, if the number of times of loading is equal to the number of items to be loaded and it is determined through the preload state table that a plurality of items to be loaded have all been loaded, then passes control to the next processing module, if at least one of the items is not satisfied, then gives an alarm message, and sets the security component back to the initial state to repeat the power-on starting process, or only directly prompts a system exception.
As an alternative embodiment, the number of random codes generated by the random number generator 612 may be greater than the number of items to be loaded, and since the pre-loading controller 614 maintains the corresponding rule of the random codes and the items to be loaded, when the random codes received by the pre-loading controller 614 cannot find the corresponding items to be loaded in the corresponding rule, the pre-loading controller 614 is in a sleep state to wait for the next random code.
Based on the above, the preload state table and the preload counter are used to jointly determine and determine the integrity of the preload process, so that the security component can be prevented from being physically attacked to skip the preload process.
Fig. 8 is a schematic structural diagram of another embodiment of the preload management apparatus shown in fig. 6 a. The preload management device 711 is configured to read a plurality of items 1-n to be loaded and store the items in a plurality of registers, respectively. According to different meanings of the items to be loaded, different registers are adopted to store corresponding items to be loaded, for example, if the items to be loaded are root keys, a key register is used, and if the items to be loaded are a plurality of pieces of security configuration information, the plurality of pieces of security configuration information are stored into corresponding control registers of the plurality of control registers.
As shown in the figure, the preload management device 711 includes all the modules in fig. 7, and these modules have the same function, and in addition, the preload management device 711 further includes a check unit 615, and the check unit 615 performs check by using a check word. The check here has the following two meanings.
First, check whether the item to be loaded is damaged or tampered with using the check word.
As shown in the figure, the rom 616 prestores a plurality of check words 1-n, the check unit 615 reads one of the plurality of check words 1-n at a time and determines whether the check word matches with the corresponding item to be loaded, if so, the subsequent operation is continued, and if not, the security component is set to return to the initial state to repeat the starting process, or only directly determine that the system is abnormal.
Due to the effect of the random code, the pre-loading controller 614 loads the items to be loaded 1-n at random, and at a certain moment, when the pre-loading controller 614 loads the specific item to be loaded K, the check unit 615 reads the check word K corresponding to the item to be loaded K, calculates the theoretical check word according to the item to be loaded K, and then compares the theoretical check word with the check word K to determine whether the items are matched.
In this case, the check words 1-n and the items to be loaded 1-n can be stored in a distributed manner, so that when the contents of the items to be loaded are damaged or tampered, the check words can be judged according to the unmodified or damaged check words. For example. If someone knows the approximate storage location of the root key on the secure element and attacks that location by means of electromagnetic radiation or the like, the root key can be verified against the check words because the root key and its associated check words are stored discretely, and when the root key is destroyed, its corresponding check word is still correct.
Second, check whether the system is normal using the check word. The check unit 615 randomly reads the check word and determines whether the check word meets a specific rule, and if not, the security component is set to return to the initial state, and is powered on again or only gives alarm information.
Fig. 9 shows a data structure diagram of an exemplary random code. As described above, the random code 90 is three items of 8bits data. Flag occupies 1 bit, and when the value is 0, it indicates to read check word, and when the value is 1, it indicates to read the item to be loaded. Check Word Index indicates the Check Word sequence number to be read. The Content Index indicates the number of items to be loaded to be read.
Fig. 10a and 10b are flowcharts of a preloading method provided by an embodiment of the present disclosure. Wherein S110 is the same as S110 in fig. 1, and is not described herein again. In addition, the random code of the present embodiment adopts the data structure shown in fig. 9. In fig. 10a, the following steps are included.
Step S121 acquires a random code.
Step S122 determines whether the most significant bit of the random code is 1. If 1, step S124 is executed, otherwise step S123 is executed. The highest bit of the random code is 1 to indicate that an item to be loaded is read, and the highest bit of the random code is 0 to indicate that a check word is read.
Step S123 obtains the Check Word from the position indicated by Check Word Index.
Step S124 acquires the item to be loaded from the position indicated by the Content Index.
Step S125 stores the item to be loaded to the corresponding control register or key register.
Step S126 updates the preload status table and the preload counter. Namely, the corresponding data item of the currently read item to be loaded in the preloading state table is updated.
Wherein steps S121 to S126 are repeatedly executed, and generally, the number of times of repetition is greater than or equal to the number n of the plurality of items to be loaded.
Step S127 determines that the check word is correct, if so, step S121 continues to be executed, otherwise, the preloading is indicated to be abnormal, the process is ended abnormally, and the system can be controlled to restart.
In fig. 10b, the following steps are included.
Step S130 determines whether the preload status table matches the number of times the preload counter is loaded. If yes, step S131 is executed, otherwise, the preloading is instructed to be abnormal, the process is ended abnormally, and the system can be controlled to restart.
Step S131 represents that the preloading status table and the number of times of loading of the preloading counter are both finished. If yes, continuing the subsequent steps of system startup, otherwise indicating the preloading exception, ending the flow exception and controlling the system restart.
Of course, the preloading method provided by the embodiment of the present disclosure is not limited to the data structure described in fig. 9. When the random code adopts other data structures, the flow of the preloading method can be changed. For example, if the random code contains only two terms: the first item indicates the respective item to be loaded, i.e. the position of an item to be loaded, and the second item indicates the respective check word, i.e. the position of a check word. When the preloading process starts, a random code is obtained, then the position of a corresponding item to be loaded is obtained from a first item of the random code, the corresponding item to be loaded is obtained according to the position and stored in a register, the preloading counter is updated, the position of a corresponding check word is obtained from a second item of the random code, then a corresponding check word is obtained from the position of the corresponding check word for checking, and when the checking is failed, the process is ended abnormally. The steps are executed for multiple times (the execution times can be equal to the number of the items to be loaded or the check words), and then the preloading state table and the preloading counter are judged so as to determine whether the security chip is normal or not.
It should be understood that the above-described preloading method is generally implemented by hardware, but could in theory be implemented by software, and if implemented by software, the preloading method could be integrated into the boot firmware that is enabled prior to the operating system to improve system security.
Commercial value of the disclosed embodiments
Currently, various smart devices face severe security challenges. The safety component provided by the embodiment of the disclosure can be used as an independent component to provide safety protection for the intelligent device, and meanwhile, the safety component can be integrated in the intelligent device to provide safety protection for the intelligent device. The security component provided by the formula embodiment has universality and can be implemented in various systems including computer systems and embedded systems. Meanwhile, the security component of the embodiment of the present disclosure may be used in various electronic products, for example, may be applied to a vehicle-mounted terminal, a smart home, a consumer electronic product, a Programmable Logic Controller (Programmable Logic Controller), a robot Controller, a game terminal, a financial service terminal, a video conference terminal, a medical service terminal, and the like. The safety component can significantly improve the safety performance of various electronic products, and the cost of the components required by the safety component is relatively limited, especially, the possibility of reusing some components already equipped in the existing system exists, so that the cost required to be increased by the electronic products is relatively limited overall.
As will be appreciated by one skilled in the art, the present disclosure may be embodied as systems, methods and computer program products. Accordingly, the present disclosure may be embodied in the form of entirely hardware, entirely software (including firmware, resident software, micro-code), or in the form of a combination of software and hardware. Furthermore, in some embodiments, the present disclosure may also be embodied in the form of a computer program product in one or more computer-readable media having computer-readable program code embodied therein.
Any combination of one or more computer-readable media may be employed. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium is, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer-readable storage medium include: an electrical connection for the particular wire or wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical memory, a magnetic memory, or any suitable combination of the foregoing. In this context, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with a processing unit, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a chopper. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any other suitable combination. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., and any suitable combination of the foregoing.
Computer program code for carrying out embodiments of the present disclosure may be written in one or more programming languages or combinations. The programming language includes an object-oriented programming language such as JAVA, C + +, and may also include a conventional procedural programming language such as C. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The above description is only a preferred embodiment of the present disclosure and is not intended to limit the present disclosure, and various modifications and changes may be made to the present disclosure by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present disclosure should be included in the protection scope of the present disclosure.

Claims (24)

1. A security component comprising a memory, a plurality of registers, and a preload management device, the memory storing a plurality of items to be configured, the preload management device being activated upon power-up of the security component, comprising:
the random number generator is used for generating a random code, and the random code is used for indicating a corresponding configuration item of the plurality of items to be configured;
the pre-loading controller is used for reading the corresponding configuration items according to the random codes and loading the corresponding configuration items into corresponding registers of the plurality of registers.
2. The security component of claim 1, wherein the preload management apparatus comprises a preload counter that counts loading by the preload controller, wherein the preload controller further maintains a preload status table comprising a plurality of data entries, each data entry being indicative of whether the corresponding item to be configured has been loaded into the corresponding register, wherein the preload controller determines whether all of the plurality of items to be configured have been loaded based on the preload status table and a count value of the preload counter, and determines whether a preload procedure is complete based thereon, and controls the security component to restart if the preload procedure is incomplete.
3. The security component of claim 1, the memory further storing a plurality of check words, the pre-load controller further configured to read the plurality of check words for verification and determine whether to control the security component to reboot based on a result of the verification.
4. The security component of claim 3, the random code further configured to indicate a respective check word of the plurality of check words, the pre-load controller to verify based on the random code reading the respective check code.
5. The security component of claim 4, the random code further comprising an identifier characterizing verification or loading, the pre-load controller randomly performing operations of verification or loading based on the determination of the random code.
6. The security component according to claim 3, wherein the check words correspond to the items to be configured in a one-to-one manner, and the pre-loading controller checks whether the items to be configured are correct according to the check words.
7. The security component of claim 3, the plurality of check words stored with the plurality of items to be configured scattered on the memory.
8. The security component of claim 1, the memory being a read-only memory.
9. The security component of claim 8, the read-only memory being a one-time programmable memory.
10. The security assembly of claim 1, further comprising a processing unit, the plurality of registers being internal to the processing unit, the processing unit completing system boot-up using the plurality of items to be configured.
11. The security assembly according to any one of claims 1 to 10, wherein the preload management device is integrated in the processing unit.
12. The security component of claim 10, the plurality of items to be configured comprising a root password and security configuration information, the pre-load controller loading the root password into a password register and the security configuration information into a control register, the processing unit executing program instructions for cryptographic processing and security configuration during boot up.
13. The security component of claim 1, the security component being a system-on-a-chip.
14. The security assembly according to any one of claims 1 to 13, being applicable to the following products: the system comprises a vehicle-mounted terminal, an intelligent home, a consumer electronics product, a robot controller, a programmable controller, a financial service terminal and a video conference terminal.
15. An embedded system comprising the security component of any of claims 1 to 13.
16. A computer system comprising the security component of any of claims 1 to 13.
17. A system on a chip comprising the security assembly of any of claims 1 to 13.
18. A method of preloading, after a system has been powered up, to perform a preloading procedure comprising the following steps performed repeatedly for a plurality of items to be configured:
acquiring a random code, wherein the random code is used for indicating a corresponding configuration item of the plurality of items to be configured;
and reading the corresponding configuration item according to the random code, and loading the corresponding configuration item into a corresponding register of a plurality of registers.
19. The preloading method as recited in claim 18, further comprising
Counting the loading operation;
maintaining a preload status table, said preload status table comprising a plurality of data items, each data item being for characterising whether said respective item to be configured has been loaded into a respective register;
and determining whether the plurality of items to be configured are loaded completely according to the preloading state table and the loading count value, and judging whether the preloading process is complete according to the plurality of items to be configured.
20. The preloading method as recited in claim 18, further comprising: and reading a plurality of pre-stored check words for checking to judge whether the preloading process is normal.
21. The preload method as claimed in claim 20, wherein said random code is further indicative of a respective check word of said plurality of check words, the preload method further comprising: and reading the corresponding check code according to the random code for checking.
22. The preloading method as recited in claim 21, the random code further comprising an identifier for characterizing verification or loading, the preloading method further comprising: and judging the random code, and randomly executing verification or loading operation.
23. The preloading method as claimed in claim 22, wherein the check words correspond to the items to be configured one-to-one, and further comprising: and checking whether the plurality of items to be configured are correct or not according to the plurality of check words.
24. The preloading method as recited in claim 18, wherein the plurality of items to be configured are stored in a read-only memory.
CN202010263485.9A 2020-04-07 2020-04-07 Security component and preloading method Pending CN113496036A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010263485.9A CN113496036A (en) 2020-04-07 2020-04-07 Security component and preloading method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010263485.9A CN113496036A (en) 2020-04-07 2020-04-07 Security component and preloading method

Publications (1)

Publication Number Publication Date
CN113496036A true CN113496036A (en) 2021-10-12

Family

ID=77995153

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010263485.9A Pending CN113496036A (en) 2020-04-07 2020-04-07 Security component and preloading method

Country Status (1)

Country Link
CN (1) CN113496036A (en)

Similar Documents

Publication Publication Date Title
US9542114B2 (en) Methods and apparatus to protect memory regions during low-power states
US10089470B2 (en) Event-based apparatus and method for securing BIOS in a trusted computing system during execution
US9183394B2 (en) Secure BIOS tamper protection mechanism
US9129113B2 (en) Partition-based apparatus and method for securing bios in a trusted computing system during execution
CN105718806A (en) Method for achieving trusted active measurement based on domestic BMC and TPM2.0
US9367689B2 (en) Apparatus and method for securing BIOS in a trusted computing system
EP2874092A1 (en) Recurrent BIOS verification with embedded encrypted hash
US10019577B2 (en) Hardware hardened advanced threat protection
US11347858B2 (en) System and method to inhibit firmware downgrade
US10049217B2 (en) Event-based apparatus and method for securing bios in a trusted computing system during execution
US9779242B2 (en) Programmable secure bios mechanism in a trusted computing system
US9798880B2 (en) Fuse-enabled secure bios mechanism with override feature
US9779243B2 (en) Fuse-enabled secure BIOS mechanism in a trusted computing system
US10055588B2 (en) Event-based apparatus and method for securing BIOS in a trusted computing system during execution
KR20050123152A (en) Physical presence determination in a trusted platform
CN113496036A (en) Security component and preloading method
US11734457B2 (en) Technology for controlling access to processor debug features
US9767288B2 (en) JTAG-based secure BIOS mechanism in a trusted computing system
JP2018117383A (en) Apparatus, method, integrated circuit, program, and tangible computer-readable medium
WO2023230834A1 (en) Confidential compute architecture for silicon initialization for ip protection and assurance
US10095868B2 (en) Event-based apparatus and method for securing bios in a trusted computing system during execution
JP6316370B2 (en) Apparatus, method, integrated circuit, program, and tangible computer-readable storage medium
WO2021037344A1 (en) Trusted device and computing system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination