CN115080473A - A multi-chip interconnection system and a secure boot method based thereon - Google Patents

A multi-chip interconnection system and a secure boot method based thereon Download PDF

Info

Publication number
CN115080473A
CN115080473A CN202210755860.0A CN202210755860A CN115080473A CN 115080473 A CN115080473 A CN 115080473A CN 202210755860 A CN202210755860 A CN 202210755860A CN 115080473 A CN115080473 A CN 115080473A
Authority
CN
China
Prior art keywords
chip
storage device
firmware
chips
speed storage
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210755860.0A
Other languages
Chinese (zh)
Other versions
CN115080473B (en
Inventor
杜潘洋
张攀勇
李功波
郭金鑫
申银
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hygon Information Technology Co Ltd
Original Assignee
Hygon Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hygon Information Technology Co Ltd filed Critical Hygon Information Technology Co Ltd
Priority to CN202210755860.0A priority Critical patent/CN115080473B/en
Publication of CN115080473A publication Critical patent/CN115080473A/en
Application granted granted Critical
Publication of CN115080473B publication Critical patent/CN115080473B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • G06F13/14Handling requests for interconnection or transfer
    • G06F13/20Handling requests for interconnection or transfer for access to input/output bus
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Stored Programmes (AREA)

Abstract

本发明提供了一种多芯片互连系统及基于其的安全启动方法,多芯片互连系统包括电路板,电路板上设置有固件存储装置和至少两个芯片。至少两个芯片通过芯片互连总线互连。主芯片与固件存储装置直接连接,每个从芯片均直接连接主芯片或通过其他的从芯片间接连接主芯片。还包括接入芯片互连总线的高速存储装置,所有芯片共享高速存储装置。固件存储装置中存储有所有芯片都使用的相同固件,主芯片将相同固件从固件存储装置加载到高速存储装置,以使主芯片和每个从芯片均从高速存储装置中获取相同固件的固件执行数据。在针对多个芯片使用相同固件的多芯片场景下,缩短合法性验证时间,提高合法性验证效率,能够有效缩短整个系统的安全启动时间。

Figure 202210755860

The invention provides a multi-chip interconnection system and a secure boot method based thereon. The multi-chip interconnection system includes a circuit board, and a firmware storage device and at least two chips are arranged on the circuit board. At least two chips are interconnected by a chip interconnect bus. The master chip is directly connected to the firmware storage device, and each slave chip is directly connected to the master chip or indirectly connected to the master chip through other slave chips. It also includes a high-speed storage device connected to the chip interconnect bus, and all chips share the high-speed storage device. The firmware storage device stores the same firmware used by all chips, the master chip loads the same firmware from the firmware storage device to the high-speed storage device, so that the master chip and each slave chip obtain the same firmware from the high-speed storage device. data. In a multi-chip scenario where the same firmware is used for multiple chips, the legality verification time is shortened, the legality verification efficiency is improved, and the secure boot time of the entire system can be effectively shortened.

Figure 202210755860

Description

一种多芯片互连系统及基于其的安全启动方法A multi-chip interconnection system and a secure boot method based thereon

技术领域technical field

本发明涉及芯片技术领域,尤其涉及一种多芯片互连系统及基于其的安全启动方法。The present invention relates to the field of chip technology, in particular to a multi-chip interconnection system and a secure boot method based thereon.

背景技术Background technique

多芯片是指多个芯片通过总线互连协同工作,对外表现为一个完整的系统。关于处理器领域的多芯片结构的互连方式,可以表现为多个单芯片封装(Single-Chip Module,简称SCM)互连,也可以表现为1个或多个同构的多芯片封装(Multi-Chip Module,简称MCM)互连,还可以表现为1个或多个异构的多芯片封装(System In Package,简称SIP)互连。多芯片互连类型可以采用线型、环型、星型等。安全启动是一种通过芯片内置的可信根依次验证片外的可信固件,以实现系统可信启动的流程。通过安全启动,能有效防止被篡改的固件在芯片上执行,从而保证整个系统的可信性和安全性。而对应的多芯片安全启动,则是在多芯片结构下实现安全启动流程。Multi-chip means that multiple chips work together through bus interconnection, and externally appear as a complete system. The interconnection method of the multi-chip structure in the processor field can be expressed as the interconnection of multiple single-chip modules (Single-Chip Module, SCM for short), or it can be expressed as one or more homogeneous multi-chip packages (Multi -Chip Module, MCM for short) interconnection, and can also be expressed as one or more heterogeneous multi-chip package (System In Package, SIP for short) interconnection. The type of multi-chip interconnection can be line, ring, star, and the like. Secure boot is a process of verifying the off-chip trusted firmware in turn through the built-in trusted root of the chip, so as to realize the trusted boot of the system. Through secure boot, the tampered firmware can be effectively prevented from being executed on the chip, thereby ensuring the reliability and security of the entire system. The corresponding multi-chip secure boot is to realize the secure boot process under the multi-chip structure.

在安全启动流程中,其中一步是加载基础固件的过程,该过程在多芯片安全启动过程中较为关键,对于芯片数目较多的场景,基础固件的加载方法直接影响系统的启动时间和安全性。即如何快速为多个芯片安全加载固件,是多芯片安全启动的关键问题。现有关于主板和多芯片结构的设计方式中,出于主板设计的成本和简单性的考虑,业界常识是在仅在主板上设计一个固件存储装置(通常是Flash,快闪存储器)。关于多芯片结构与固件存储装置的连接方式可以总结为两类。其中一类(简称方案a)为:只有一个芯片与Flash连接,该芯片作为主芯片,负责接收从芯片的读写请求,代理其固件存储装置的数据访问。另一类(简称方案b)为:各个芯片均与Flash连接,各个芯片可以依次独自访问固件存储装置获取数据。由于固件存储装置通常使用低速串行的SPI(Serial Peripheral Interface,串行外设接口)接口(速率在100Mbps量级),而芯片间Link(互连)通常使用的是高速接口(速率在10Gbps量级以上),因此方案a与方案b的固件加载效率相当,都约等于总共从固件存储装置中读取出所有固件数据的时间。对于多芯片结构中的多芯片使用不同固件的场景,受限于必须要从固件存储装置中读取出所有固件数据,上述方案a和方案b均是合理的。而对于多芯片结构中的多芯片使用相同固件的场景,方案a和方案b由于需要从固件存储装置中重复多次读取相同固件,当芯片数目较多时,会严重影响系统的启动时间。In the secure boot process, one of the steps is the process of loading the basic firmware. This process is critical in the multi-chip secure boot process. For scenarios with a large number of chips, the loading method of the basic firmware directly affects the boot time and security of the system. That is, how to quickly and securely load firmware for multiple chips is a key issue for multi-chip secure boot. In the existing design methods for motherboards and multi-chip structures, for consideration of cost and simplicity of motherboard design, the common sense in the industry is to design only one firmware storage device (usually Flash, flash memory) on the motherboard. The connection method of the multi-chip structure and the firmware storage device can be summarized into two categories. One type (referred to as scheme a) is: only one chip is connected to the Flash, and this chip acts as the master chip, responsible for receiving read and write requests from the slave chip, and acting as an agent for data access of its firmware storage device. The other type (referred to as scheme b) is: each chip is connected to the Flash, and each chip can individually access the firmware storage device in turn to obtain data. Since the firmware storage device usually uses a low-speed serial SPI (Serial Peripheral Interface, serial peripheral interface) interface (the rate is in the order of 100Mbps), and the inter-chip Link (interconnection) usually uses a high-speed interface (the rate is 10Gbps). level above), so the firmware loading efficiency of scheme a and scheme b are equivalent, and both are approximately equal to the total time to read all firmware data from the firmware storage device. For a scenario where multiple chips in a multi-chip structure use different firmware, limited by the fact that all firmware data must be read from the firmware storage device, the above solutions a and b are both reasonable. For the scenario where multiple chips in a multi-chip structure use the same firmware, solutions a and b need to repeatedly read the same firmware from the firmware storage device, which will seriously affect the system startup time when the number of chips is large.

发明内容SUMMARY OF THE INVENTION

本发明提供了一种多芯片互连系统及基于其的安全启动方法,在针对多个芯片使用相同固件的多芯片场景下,能够缩短相同固件的加载时间,缩短合法性验证时间,提高合法性验证效率,有效缩短整个系统的安全启动时间。The present invention provides a multi-chip interconnection system and a secure boot method based thereon, which can shorten the loading time of the same firmware, shorten the validity verification time, and improve the validity under the multi-chip scenario where the same firmware is used for multiple chips. Verify efficiency and effectively shorten the safe startup time of the entire system.

第一方面,本发明提供了一种多芯片互连系统,该多芯片互连系统包括一个电路板,在电路板上设置有固件存储装置和至少两个芯片。至少两个芯片通过芯片互连总线互连,且至少两个芯片包含一个主芯片和其他的从芯片。其中,主芯片与固件存储装置直接连接,每个从芯片均直接连接主芯片或通过其他的从芯片间接连接主芯片。该多芯片互连系统还包括接入芯片互连总线的高速存储装置,所有的芯片共享高速存储装置。在固件存储装置中存储有所有芯片都使用的相同固件,主芯片用于将相同固件从固件存储装置加载到高速存储装置,以使主芯片和每个从芯片均从高速存储装置中获取相同固件的固件执行数据。主芯片内还设置有合法性验证模块,合法性验证模块用于验证加载到高速存储装置中的相同固件的合法性。In a first aspect, the present invention provides a multi-chip interconnection system, the multi-chip interconnection system includes a circuit board on which a firmware storage device and at least two chips are arranged. At least two chips are interconnected through a chip interconnect bus, and the at least two chips include a master chip and other slave chips. The master chip is directly connected to the firmware storage device, and each slave chip is directly connected to the master chip or indirectly connected to the master chip through other slave chips. The multi-chip interconnection system further includes a high-speed storage device connected to the chip interconnection bus, and all chips share the high-speed storage device. The same firmware used by all chips is stored in the firmware storage device, the master chip is used to load the same firmware from the firmware storage device to the high-speed storage device, so that the master chip and each slave chip obtain the same firmware from the high-speed storage device firmware execution data. A legality verification module is also arranged in the main chip, and the legality verification module is used to verify the legality of the same firmware loaded into the high-speed storage device.

在上述的方案中,通过设置接入芯片互连总线的高速存储装置,在固件存储装置中存储有所有芯片都使用的相同固件的场景下,主芯片只需要访问低速的固件存储装置一次,将该相同固件从固件存储装置加载到高速存储装置,使该主芯片和其他的从芯片在对该相同固件的安全验证或执行的过程中,都使用芯片互连总线从高速存储装置中获取该相同固件的固件执行数据。且主芯片在将相同固件加载到高速存储装置之后,才对该相同固件进行合法性验证,从而使合法性验证的交互流程也运行在高速传输的芯片互连总线和高速存储装置之间,缩短合法性验证时间,提高合法性验证效率。相比现有技术中多个芯片都通过芯片互连总线从固件存储装置中多次重复读取该相同固件的固件执行数据相比,本申请的方案优化为使用芯片互连总线从高速存储装置中读取相同固件的固件执行数据,将从固件存储装置中读取数据的读取速率从100Mbps量级,提高到了10Gbps量级,利用芯片与共享的高速存储装置之间的传输速率是低速的固件存储装置访问速率的100倍以上优点,极大的缩短每个芯片读取固件执行数据的时间。即在针对多个芯片使用相同固件的多芯片场景下,本申请的方案能够有效缩短整个系统的安全启动时间。由于处理器领域中的多芯片结构无论是同构结构还是异构结构,整个系统都存在大量相同的芯片,相同的芯片由于初始化流程类似,通常使用相同固件。在将该方案应用到处理器领域的多芯片结构时,能够缩短相同固件的加载时间,缩短合法性验证时间,提高合法性验证效率,大幅缩短整个系统的安全启动时间。In the above solution, by setting a high-speed storage device connected to the chip interconnection bus, in the scenario where the same firmware used by all chips is stored in the firmware storage device, the main chip only needs to access the low-speed firmware storage device once. The same firmware is loaded from the firmware storage device to the high-speed storage device, so that the master chip and other slave chips use the chip interconnect bus to obtain the same firmware from the high-speed storage device during the process of security verification or execution of the same firmware. Firmware execution data for firmware. And the main chip will only verify the validity of the same firmware after loading the same firmware into the high-speed storage device, so that the interactive process of legality verification also runs between the high-speed transmission chip interconnection bus and the high-speed storage device, shortening the time. Legality verification time, improve legality verification efficiency. Compared with multiple chips in the prior art that repeatedly read the firmware execution data of the same firmware from the firmware storage device through the chip interconnect bus, the solution of the present application is optimized to use the chip interconnect bus from the high-speed storage device. The firmware execution data of the same firmware is read in the firmware, and the read rate of the data read from the firmware storage device is increased from the order of 100Mbps to the order of 10Gbps, and the transmission rate between the chip and the shared high-speed storage device is low. The advantage of more than 100 times the access rate of the firmware storage device greatly shortens the time for each chip to read the firmware execution data. That is, in a multi-chip scenario where the same firmware is used for multiple chips, the solution of the present application can effectively shorten the safe startup time of the entire system. Due to the multi-chip structure in the processor field, whether it is a homogeneous structure or a heterogeneous structure, there are a large number of identical chips in the entire system, and the same chips usually use the same firmware due to the similar initialization process. When the solution is applied to the multi-chip structure in the processor field, the loading time of the same firmware can be shortened, the validity verification time can be shortened, the validity verification efficiency can be improved, and the safe startup time of the entire system can be greatly shortened.

在一个具体的实施方式中,至少两个芯片中设置有用于同步使用的状态寄存器。在主芯片完成验证加载到高速存储装置中的相同固件的合法性之后,主芯片还将状态寄存器从第一状态改变为第二状态,以广播通知所有的从芯片。在主芯片完成合法性验证之后,及时将该信息广播给其他的所有从芯片,由于多芯片对相同固件的初始化流程类似,从而使其他的从芯片无需针对该相同固件进行重复的合法性验证,进一步缩短安全启动时间。In a specific embodiment, at least two chips are provided with status registers for synchronous use. After the master chip completes verifying the legitimacy of the same firmware loaded into the high-speed storage device, the master chip also changes the status register from the first state to the second state to broadcast notification to all slave chips. After the master chip completes the legality verification, it broadcasts the information to all other slave chips in time. Since the initialization process of the same firmware is similar for multiple chips, other slave chips do not need to repeat the legality verification for the same firmware. Further reduction of safe boot time.

在一个具体的实施方式中,状态寄存器为集成在主芯片内的一个寄存器,便于主芯片快速的改变状态寄存器的状态。In a specific implementation manner, the status register is a register integrated in the main chip, so that the main chip can quickly change the state of the status register.

在一个具体的实施方式中,高速存储装置支持至少两个芯片并发访问,使多个芯片能够并发的从高速存储装置中获取相同固件的固件代码,因此随着从芯片数目的增加,本技术方案的整体系统启动时间并不会跟着增加。In a specific embodiment, the high-speed storage device supports concurrent access of at least two chips, so that multiple chips can concurrently acquire the firmware code of the same firmware from the high-speed storage device. Therefore, as the number of slave chips increases, this technical solution The overall system startup time does not increase accordingly.

在一个具体的实施方式中,固件执行数据包括固件代码和针对每个芯片的独立变量数据。高速存储装置中划分有第一存储空间和至少两个第二存储空间。其中,第一存储空间用于存储固件代码;至少两个第二存储空间与至少两个芯片一一对应,每个第二存储空间用于存储对应芯片的独立变量数据。且各个芯片内部均将第一存储空间地址和该芯片对应的第二存储空间地址映射为相同的虚拟地址。便于同一份固件代码能够在多个芯片中并发的正常执行。In a specific embodiment, the firmware execution data includes firmware code and independent variable data for each chip. The high-speed storage device is divided into a first storage space and at least two second storage spaces. The first storage space is used to store firmware codes; at least two second storage spaces are in one-to-one correspondence with at least two chips, and each second storage space is used to store independent variable data of the corresponding chip. And each chip internally maps the first storage space address and the second storage space address corresponding to the chip to the same virtual address. It is convenient for the same firmware code to be executed concurrently in multiple chips.

在一个具体的实施方式中,每个芯片中均设置有密码模块,且至少两个芯片中的密码模块之间支持密钥协商。每个芯片通过其内的密码模块,将要写入高速存储装置中的明文加密为密文后写入高速存储装置;每个芯片还通过其内的密码模块,读取并解密高速存储装置中存储的密文。通过在每个芯片中增加密码模块,且多个芯片的密码模块之间支持密钥协商,从而将协商好的密钥对应配置到密码模块中,从而使高速存储装置中保存的都是密文。不仅使攻击者无法推测出密钥以做到解密高速存储装置中的密文,阻止攻击者篡改后再加密放回到高速存储装置。而且如果攻击者直接篡改密文,解密后的内容通常不是正确的指令,将直接导致系统死机,阻止攻击者的攻击。In a specific implementation manner, each chip is provided with a cryptographic module, and key agreement is supported between the cryptographic modules in at least two chips. Each chip encrypts the plaintext to be written in the high-speed storage device into ciphertext through its internal cryptographic module and writes it into the high-speed storage device; each chip also reads and decrypts the stored data in the high-speed storage device through its internal cryptographic module. ciphertext. By adding a cipher module in each chip, and the cipher modules of multiple chips support key negotiation, the negotiated key is correspondingly configured in the cipher module, so that all cipher texts are stored in the high-speed storage device. . It not only makes it impossible for attackers to deduce the key to decrypt the ciphertext in the high-speed storage device, but also prevents the attacker from tampering and then encrypting it and putting it back into the high-speed storage device. Moreover, if the attacker directly tampers with the ciphertext, the decrypted content is usually not the correct instruction, which will directly cause the system to crash and prevent the attacker from attacking.

在一个具体的实施方式中,至少两个芯片中的密码模块之间通过密钥协商产生共享密钥;共享密钥用于每个密码模块将明文加密为密文,或将密文解密为明文。In a specific embodiment, the cryptographic modules in at least two chips generate a shared key through key negotiation; the shared key is used for each cryptographic module to encrypt plaintext into ciphertext, or decrypt ciphertext into plaintext .

在一个具体的实施方式中,密码模块还对密文将要存储在高速存储装置中的地址信息加密为地址密文。使将要保存数据的地址也参与加密计算,因此攻击者无法通过重复放置固件密文数据进行攻击。In a specific embodiment, the cryptographic module further encrypts the address information to be stored in the high-speed storage device into the address ciphertext by encrypting the ciphertext. Make the address where the data will be saved also participate in the encryption calculation, so the attacker cannot attack by repeatedly placing the firmware ciphertext data.

在一个具体的实施方式中,高速存储装置设置在至少两个芯片的芯片外,使从芯片可以选择是否经过主芯片来访问高速存储装置,便于每个从芯片以最优的访问路径访问高速存储装置。或高速存储装置设置在主芯片内,便于主芯片将相同固件从固件存储装置中加载到高速存储装置中。In a specific embodiment, the high-speed storage device is arranged outside the chip of at least two chips, so that the slave chip can choose whether to access the high-speed storage device through the master chip, so that each slave chip can access the high-speed storage device with an optimal access path. device. Or the high-speed storage device is arranged in the main chip, so that the main chip can load the same firmware from the firmware storage device into the high-speed storage device.

第二方面,本发明还提供了一种基于上述任意的多芯片互连系统的安全启动方法,该安全启动方法包括:主芯片将存储在固件存储装置中的相同固件加载到高速存储装置;主芯片验证加载到高速存储装置中的相同固件的合法性;主芯片和每个从芯片均从高速存储装置中获取相同固件的固件执行数据。In a second aspect, the present invention also provides a secure boot method based on any of the above-mentioned multi-chip interconnection systems. The secure boot method includes: the main chip loads the same firmware stored in the firmware storage device into the high-speed storage device; The chip verifies the legitimacy of the same firmware loaded into the high-speed storage device; the master chip and each slave chip obtain the firmware execution data of the same firmware from the high-speed storage device.

在上述的方案中,通过设置接入芯片互连总线的高速存储装置,在固件存储装置中存储有所有芯片都使用的相同固件的场景下,主芯片只需要访问低速的固件存储装置一次,将该相同固件从固件存储装置加载到高速存储装置,使该主芯片和其他的从芯片在对该相同固件的安全验证或执行的过程中,都使用芯片互连总线从高速存储装置中获取该相同固件的固件执行数据。主芯片在将相同固件加载到高速存储装置之后,才对该相同固件进行合法性验证,从而使合法性验证的交互流程也运行在高速传输的芯片互连总线和高速存储装置之间,缩短合法性验证时间,提高合法性验证效率。相比现有技术中多个芯片都通过芯片互连总线从固件存储装置中多次重复读取该相同固件的固件执行数据相比,本申请的方案优化为使用芯片互连总线从高速存储装置中读取相同固件的固件执行数据,将从固件存储装置中读取数据的读取速率从100Mbps量级,提高到了10Gbps量级,利用芯片与共享的高速存储装置之间的传输速率是低速的固件存储装置访问速率的100倍以上优点,极大的缩短每个芯片读取固件执行数据的时间。即在针对多个芯片使用相同固件的多芯片场景下,本申请的方案能够有效缩短整个系统的安全启动时间。由于处理器领域中的多芯片结构无论是同构结构还是异构结构,整个系统都存在大量相同的芯片,相同的芯片由于初始化流程类似,通常使用相同固件。在将该方案应用到处理器领域的多芯片结构时,能够缩短相同固件的加载时间,缩短合法性验证时间,提高合法性验证效率,大幅缩短整个系统的安全启动时间。In the above solution, by setting a high-speed storage device connected to the chip interconnection bus, in the scenario where the same firmware used by all chips is stored in the firmware storage device, the main chip only needs to access the low-speed firmware storage device once. The same firmware is loaded from the firmware storage device to the high-speed storage device, so that the master chip and other slave chips use the chip interconnect bus to obtain the same firmware from the high-speed storage device during the process of security verification or execution of the same firmware. Firmware execution data for firmware. After the main chip loads the same firmware into the high-speed storage device, the legality verification of the same firmware is carried out, so that the interactive process of legality verification also runs between the high-speed transmission chip interconnection bus and the high-speed storage device, shortening the legal It reduces the time for legality verification and improves the efficiency of legality verification. Compared with multiple chips in the prior art that repeatedly read the firmware execution data of the same firmware from the firmware storage device through the chip interconnect bus, the solution of the present application is optimized to use the chip interconnect bus from the high-speed storage device. The firmware execution data of the same firmware is read in the firmware, and the read rate of the data read from the firmware storage device is increased from the order of 100Mbps to the order of 10Gbps, and the transmission rate between the chip and the shared high-speed storage device is low. The advantage of more than 100 times the access rate of the firmware storage device greatly shortens the time for each chip to read the firmware execution data. That is, in a multi-chip scenario where the same firmware is used for multiple chips, the solution of the present application can effectively shorten the safe startup time of the entire system. Due to the multi-chip structure in the processor field, whether it is a homogeneous structure or a heterogeneous structure, there are a large number of identical chips in the entire system, and the same chips usually use the same firmware due to the similar initialization process. When the solution is applied to the multi-chip structure in the processor field, the loading time of the same firmware can be shortened, the validity verification time can be shortened, the validity verification efficiency can be improved, and the safe startup time of the entire system can be greatly shortened.

在一个具体的实施方式中,至少两个芯片中设置有用于同步使用的状态寄存器。在主芯片完成验证加载到高速存储装置中的相同固件的合法性之后,安全启动方法还包括:主芯片将状态寄存器从第一状态改变为第二状态,以广播通知所有的从芯片。在主芯片完成合法性验证之后,及时将该信息广播给其他的所有从芯片,由于多芯片对相同固件的初始化流程类似,从而使其他的从芯片无需针对该相同固件进行重复的合法性验证,进一步缩短安全启动时间。In a specific embodiment, at least two chips are provided with status registers for synchronous use. After the master chip completes verifying the validity of the same firmware loaded into the high-speed storage device, the secure boot method further includes: the master chip changes the state register from the first state to the second state to broadcast notification to all slave chips. After the master chip completes the legality verification, it broadcasts the information to all other slave chips in time. Since the initialization process of the same firmware is similar for multiple chips, other slave chips do not need to repeat the legality verification for the same firmware. Further reduction of safe boot time.

在一个具体的实施方式中,主芯片和每个从芯片均从高速存储装置中获取相同固件的固件执行数据包括:主芯片和每个从芯片并发访问高速存储装置,以获取相同固件的固件执行数据,使多个芯片能够并发的从高速存储装置中获取相同固件的固件代码,因此随着从芯片数目的增加,本技术方案的整体系统启动时间并不会跟着增加。In a specific embodiment, the fact that the master chip and each slave chip obtain the firmware execution data of the same firmware from the high-speed storage device includes: the master chip and each slave chip concurrently access the high-speed storage device to obtain the firmware execution data of the same firmware data, so that multiple chips can concurrently acquire the firmware code of the same firmware from the high-speed storage device, so with the increase of the number of slave chips, the overall system startup time of the technical solution will not increase accordingly.

在一个具体的实施方式中,固件执行数据包括固件代码和针对每个芯片的独立变量数据。主芯片和每个从芯片并发访问高速存储装置包括:所有的芯片均在高速存储装置中划分出相同的第一存储空间,第一存储空间用于存储固件代码;每个芯片还在高速存储装置划分有与该芯片对应的第二存储空间,第二存储空间用于存储对应芯片的独立变量数据;各个芯片内部均将第一存储空间地址和该芯片对应的第二存储空间地址映射为相同的虚拟地址。便于同一份固件代码能够在多个芯片中并发的正常执行。In a specific embodiment, the firmware execution data includes firmware code and independent variable data for each chip. The concurrent access of the master chip and each slave chip to the high-speed storage device includes: all chips are divided into the same first storage space in the high-speed storage device, and the first storage space is used to store firmware codes; each chip is also in the high-speed storage device. There is a second storage space corresponding to the chip, and the second storage space is used to store the independent variable data of the corresponding chip; the first storage space address and the second storage space address corresponding to the chip are mapped to the same inside each chip. virtual address. It is convenient for the same firmware code to be executed concurrently in multiple chips.

在一个具体的实施方式中,每个芯片中均设置有密码模块,且至少两个芯片中的密码模块之间支持密钥协商。安全启动方法还包括:至少两个芯片中的密码模块之间进行密钥协商;每个芯片通过其内的密码模块,将要写入高速存储装置中的明文加密为密文后写入高速存储装置;每个芯片还通过其内的密码模块,读取并解密高速存储装置中存储的密文。通过在每个芯片中增加密码模块,且多个芯片的密码模块之间支持密钥协商,从而将协商好的密钥对应配置到密码模块中,从而使高速存储装置中保存的都是密文。不仅使攻击者无法推测出密钥以做到解密高速存储装置中的密文,阻止攻击者篡改后再加密放回到高速存储装置。而且如果攻击者直接篡改密文,解密后的内容通常不是正确的指令,将直接导致系统死机,阻止攻击者的攻击。In a specific implementation manner, each chip is provided with a cryptographic module, and key agreement is supported between the cryptographic modules in at least two chips. The secure boot method also includes: performing key negotiation between cryptographic modules in at least two chips; each chip encrypts the plaintext to be written in the high-speed storage device into ciphertext through the cryptographic module in the chip and writes it into the high-speed storage device ; Each chip also reads and decrypts the ciphertext stored in the high-speed storage device through its cryptographic module. By adding a cipher module in each chip, and the cipher modules of multiple chips support key negotiation, the negotiated key is correspondingly configured in the cipher module, so that all cipher texts are stored in the high-speed storage device. . It not only makes it impossible for attackers to deduce the key to decrypt the ciphertext in the high-speed storage device, but also prevents the attacker from tampering and then encrypting it and putting it back into the high-speed storage device. Moreover, if the attacker directly tampers with the ciphertext, the decrypted content is usually not the correct instruction, which will directly cause the system to crash and prevent the attacker from attacking.

在一个具体的实施方式中,至少两个芯片中的密码模块之间进行密钥协商包括:至少两个芯片中的密码模块之间进行密钥协商,产生共享密钥。将要写入高速存储装置中的明文加密为密文后写入高速存储装置包括:将要写入高速存储装置中的明文使用共享密钥加密为密文后写入高速存储装置。读取并解密高速存储装置中存储的密文包括:读取并使用共享密钥解密高速存储装置中存储的密文。In a specific embodiment, performing key negotiation between the cryptographic modules in the at least two chips includes: performing key negotiation between the cryptographic modules in the at least two chips to generate a shared key. Encrypting the plaintext to be written in the high-speed storage device into ciphertext and then writing to the high-speed storage device includes: encrypting the plaintext to be written in the high-speed storage device into ciphertext using a shared key and writing to the high-speed storage device. Reading and decrypting the ciphertext stored in the high-speed storage device includes: reading and decrypting the ciphertext stored in the high-speed storage device using the shared key.

在一个具体的实施方式中,将要写入高速存储装置中的明文加密为密文后写入高速存储装置还包括:还对密文将要存储在高速存储装置中的地址信息加密为地址密文。使将要保存数据的地址也参与加密计算,因此攻击者无法通过重复放置固件密文数据进行攻击。In a specific embodiment, encrypting the plaintext to be written in the high-speed storage device into ciphertext and then writing to the high-speed storage device further includes: further encrypting the address information to be stored in the high-speed storage device into the address ciphertext by encrypting the ciphertext. Make the address where the data will be saved also participate in the encryption calculation, so the attacker cannot attack by repeatedly placing the firmware ciphertext data.

附图说明Description of drawings

图1为本发明实施例提供的一种多芯片互连系统的示意框图;1 is a schematic block diagram of a multi-chip interconnection system provided by an embodiment of the present invention;

图2为本发明实施例提供的另一种多芯片互连系统的示意框图;2 is a schematic block diagram of another multi-chip interconnection system provided by an embodiment of the present invention;

图3为图2示出的多芯片互连系统工作流程的示意框图;3 is a schematic block diagram of the workflow of the multi-chip interconnection system shown in FIG. 2;

图4为图2示出的多芯片互连系统的工作流程图;Fig. 4 is the working flow chart of the multi-chip interconnection system shown in Fig. 2;

图5为本发明实施例提供的另一种多芯片互连系统的工作流程示意框图。FIG. 5 is a schematic block diagram of a workflow of another multi-chip interconnection system provided by an embodiment of the present invention.

附图标记:Reference number:

10-固件存储装置20-主芯片21-从芯片10-Firmware storage device 20-Master chip 21-Slave chip

201-密码模块202-控制模块30-高速存储装置201-Cryptographic Module 202-Control Module 30-High Speed Storage Device

具体实施方式Detailed ways

为使本发明实施例的目的、技术方案和优点更加清楚,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to make the purposes, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments It is only a part of the embodiments of the present invention, but not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

为了方便理解本发明实施例提供的多芯片互连系统,下面首先说明一下本发明实施例提供的多芯片互连系统的应用场景,该多芯片互连系统应用于由多个芯片互连组成的系统中。下面结合附图对该多芯片互连系统进行详细的叙述。In order to facilitate understanding of the multi-chip interconnection system provided by the embodiment of the present invention, the following first describes the application scenario of the multi-chip interconnection system provided by the embodiment of the present invention. The multi-chip interconnection system is applied to a multi-chip interconnection system composed of multiple chips. in the system. The multi-chip interconnection system will be described in detail below with reference to the accompanying drawings.

参考图1,本发明实施例提供的多芯片互连系统包括一个电路板(图中未示出),在电路板上设置有固件存储装置10和至少两个芯片。至少两个芯片通过芯片互连总线(如图1~图3及图5中的线宽较粗的表示芯片互连总线)互连,且至少两个芯片包含一个主芯片20和其他的从芯片21。其中,主芯片20与固件存储装置10直接连接,每个从芯片21均直接连接主芯片20或通过其他的从芯片21间接连接主芯片20。该多芯片互连系统还包括接入芯片互连总线的高速存储装置30,所有的芯片共享高速存储装置30。在固件存储装置10中存储有所有芯片都使用的相同固件,主芯片20用于将相同固件从固件存储装置10加载到高速存储装置30,以使主芯片20和每个从芯片21均从高速存储装置30中获取相同固件的固件执行数据。主芯片20内设置合法性验证模块,该合法性验证模块用于验证加载到高速存储装置30中的相同固件的合法性。Referring to FIG. 1 , a multi-chip interconnection system provided by an embodiment of the present invention includes a circuit board (not shown in the figure), and a firmware storage device 10 and at least two chips are arranged on the circuit board. At least two chips are interconnected through a chip interconnection bus (the thicker lines in FIG. 1 to FIG. 3 and FIG. 5 represent the chip interconnection bus), and the at least two chips include a master chip 20 and other slave chips twenty one. The master chip 20 is directly connected to the firmware storage device 10 , and each slave chip 21 is directly connected to the master chip 20 or indirectly connected to the master chip 20 through other slave chips 21 . The multi-chip interconnection system further includes a high-speed storage device 30 connected to the chip interconnection bus, and all chips share the high-speed storage device 30 . The same firmware used by all the chips is stored in the firmware storage device 10, and the master chip 20 is used to load the same firmware from the firmware storage device 10 to the high-speed storage device 30, so that the master chip 20 and each slave chip 21 are loaded from the high-speed storage device 30. The firmware execution data of the same firmware is acquired in the storage device 30 . A legality verification module is set in the main chip 20 , and the legality verification module is used to verify the legality of the same firmware loaded into the high-speed storage device 30 .

在上述的方案中,通过设置接入芯片互连总线的高速存储装置30,在固件存储装置10中存储有所有芯片都使用的相同固件的场景下,主芯片20只需要访问低速的固件存储装置10一次,将该相同固件从固件存储装置10加载到高速存储装置30,使该主芯片20和其他的从芯片21在对该相同固件的安全验证或执行的过程中,都使用芯片互连总线从高速存储装置30中获取该相同固件的固件执行数据。且主芯片20在将相同固件加载到高速存储装置30之后,才对该相同固件进行合法性验证,从而使合法性验证的交互流程也运行在高速传输的芯片互连总线和高速存储装置30之间,缩短合法性验证时间,提高合法性验证效率。相比现有技术中多个芯片都通过芯片互连总线从固件存储装置10中多次重复读取该相同固件的固件执行数据相比,本申请的方案优化为使用芯片互连总线从高速存储装置30中读取相同固件的固件执行数据,将从固件存储装置10中读取数据的读取速率从100Mbps量级,提高到了10Gbps量级,利用芯片与共享的高速存储装置30之间的传输速率是低速的固件存储装置10访问速率的100倍以上优点,极大的缩短每个芯片读取固件执行数据的时间。即在针对多个芯片使用相同固件的多芯片场景下,本申请的方案能够有效缩短整个系统的安全启动时间。由于处理器领域中的多芯片结构无论是同构结构还是异构结构,整个系统都存在大量相同的芯片,相同的芯片由于初始化流程类似,通常使用相同固件。在将该方案应用到处理器领域的多芯片结构时,能够缩短相同固件的加载时间,缩短合法性验证时间,提高合法性验证效率,大幅缩短整个系统的安全启动时间。下面结合附图对上述各个结构进行详细的介绍。In the above solution, by setting the high-speed storage device 30 connected to the chip interconnection bus, in the scenario where the firmware storage device 10 stores the same firmware used by all chips, the main chip 20 only needs to access the low-speed firmware storage device. 10 times, the same firmware is loaded from the firmware storage device 10 to the high-speed storage device 30, so that the master chip 20 and other slave chips 21 use the chip interconnection bus during the security verification or execution of the same firmware. The firmware execution data of the same firmware is acquired from the high-speed storage device 30 . And the main chip 20 only performs legality verification on the same firmware after loading the same firmware into the high-speed storage device 30, so that the interactive process of legality verification also runs between the high-speed transmission chip interconnect bus and the high-speed storage device 30. time, shorten the legality verification time and improve the legality verification efficiency. Compared with the prior art, multiple chips repeatedly read the firmware execution data of the same firmware from the firmware storage device 10 through the chip interconnect bus. The firmware execution data of the same firmware is read in the device 30, and the read rate of the data read from the firmware storage device 10 is increased from the order of 100 Mbps to the order of 10 Gbps, using the transmission between the chip and the shared high-speed storage device 30. The rate is more than 100 times the access rate of the low-speed firmware storage device 10, which greatly shortens the time for each chip to read the firmware execution data. That is, in a multi-chip scenario where the same firmware is used for multiple chips, the solution of the present application can effectively shorten the safe startup time of the entire system. Due to the multi-chip structure in the processor field, whether it is a homogeneous structure or a heterogeneous structure, there are a large number of identical chips in the entire system, and the same chips usually use the same firmware due to the similar initialization process. When the solution is applied to the multi-chip structure in the processor field, the loading time of the same firmware can be shortened, the validity verification time can be shortened, the validity verification efficiency can be improved, and the safe startup time of the entire system can be greatly shortened. The above structures will be described in detail below with reference to the accompanying drawings.

在设置电路板时,该电路板具体可以为服务器中的主板,也可以为应用在其他场景下由走线和过孔组成的电路板。该电路板为设置固件存储装置10和芯片的承载和互连结构,可以采用印刷电路板实现。When setting the circuit board, the circuit board may specifically be a mainboard in a server, or may be a circuit board composed of traces and vias in other scenarios. The circuit board is a carrying and interconnecting structure for setting the firmware storage device 10 and the chip, and can be realized by using a printed circuit board.

参考图1,在电路板上设置有固件存储装置10,该固件存储装置10作为存储介质,来存储各个芯片的片外固件,以在启动芯片时,使各个芯片从固件存储装置10中加载对应的固件,来实现相应的功能。具体设置时,该固件存储装置10可以采用诸如但不限于快速存储器(Flash)等的存储器。该固件存储装置10通常采用SPI接口,其传输速率在100Mbps量级。且在本申请中,固件存储装置10中存储有上述所有芯片都使用到的相同固件,即至少两个芯片中的每个芯片在启动过程中都需要加载该相同固件,来实现相应功能。Referring to FIG. 1 , a firmware storage device 10 is provided on the circuit board, and the firmware storage device 10 is used as a storage medium to store the off-chip firmware of each chip, so that when the chip is started, each chip is loaded from the firmware storage device 10 corresponding to firmware to implement the corresponding functions. In specific settings, the firmware storage device 10 may use a memory such as but not limited to a flash memory (Flash). The firmware storage device 10 usually adopts an SPI interface, and its transfer rate is on the order of 100 Mbps. In this application, the firmware storage device 10 stores the same firmware used by all the above chips, that is, each of the at least two chips needs to load the same firmware during the startup process to implement corresponding functions.

参考图1,在电路板上还设置有至少两个芯片,至少两个芯片之间通过芯片互连总线实现互连。其中,这里面的每个芯片可以为单芯片封装件(SCM),也可以为由同构的多芯片封装件(MCM),同样还可以为同构的多芯片封装件中的一个芯片。甚至,每个芯片可以为异构的多芯片封装件(SIP),也可以为异构的多芯片封装件中的一个芯片。即本申请中的每个芯片具体可以为由单个和多个同构或异构芯片封装形成的封装件,还可以为多个同构或异构芯片封装形成的封装件中的一个芯片。本申请并不限定芯片具体为封装件还是封装件内的裸片,而是限定多个芯片之间通过芯片互连总线连接的方式。该芯片互连总线具体可以为形成在封装件内来互连相同封装件内的不同裸片之间的芯片互连总线;还可以为形成在封装件外的封装基板或电路板上,来连接不同的封装件或不同封装件内芯片的芯片互连总线。该芯片互连总线的数据传输速率,要远大于芯片与该至少两个芯片系统之外的其他器件之间的数据传输速率。具体可以设置芯片互连总线的数据传输速率在10Gbps量级以上,即芯片间使用的芯片互连总线接口为高速接口。Referring to FIG. 1 , at least two chips are further arranged on the circuit board, and the at least two chips are interconnected through a chip interconnection bus. Wherein, each chip in this may be a single chip package (SCM), a homogeneous multi-chip package (MCM), or a chip in an homogeneous multi-chip package. Even, each chip can be a heterogeneous multi-chip package (SIP) or a chip in a heterogeneous multi-chip package. That is, each chip in the present application may specifically be a package formed by packaging a single or multiple homogeneous or heterogeneous chips, and may also be a chip in a package formed by packaging multiple homogeneous or heterogeneous chips. The present application does not limit whether the chip is a package or a bare chip in the package, but defines a manner in which a plurality of chips are connected through a chip interconnection bus. The chip interconnection bus may specifically be a chip interconnection bus formed in a package to interconnect different dies in the same package; it may also be a package substrate or a circuit board formed outside the package to connect A chip interconnect bus for different packages or chips within different packages. The data transmission rate of the chip interconnection bus is far greater than the data transmission rate between the chip and other devices other than the at least two chip systems. Specifically, the data transmission rate of the chip interconnection bus may be set to be above the order of 10 Gbps, that is, the chip interconnection bus interface used between chips is a high-speed interface.

继续参考图1,该至少两个芯片中包含有一个主芯片20,该主芯片20与固件存储装置10直接连接,具体可以为通过SPI总线与固件存储装置10直接连接。而该固件存储装置10与主芯片20之间直接连接的总线的数据传输速率要低于芯片互连总线的数据传输速率。如图1所示,该至少两个芯片中除了主芯片20之外的其他芯片均作为从芯片21,通过芯片互连总线与主芯片20直接连接,或通过芯片互连总线及其他的从芯片21与主芯片20间接连接。需要说明的是,即使从芯片21通过芯片互连总线及其他的从芯片21与主芯片20间接连接,但该从芯片21与主芯片20之间的数据传输速率也要远大于主芯片20与固件存储装置10之间的数据传输速率。具体实现从芯片21与主芯片20的互连时,可以采用诸如但不限于线型、环型、星型等的互连方式将至少两个芯片互连。如图1示出的至少两个芯片之间通过芯片互连总线线型互连,即至少两个芯片通过芯片互连总线连接成线型拓扑结构。应当注意的是,至少两个芯片互连的方式并不限于图1示出的线型互连的方式,除此之外,还可以采用其他的互连方式。Continuing to refer to FIG. 1 , the at least two chips include a main chip 20 , and the main chip 20 is directly connected to the firmware storage device 10 , specifically, directly connected to the firmware storage device 10 through an SPI bus. The data transmission rate of the bus directly connected between the firmware storage device 10 and the main chip 20 is lower than the data transmission rate of the chip interconnection bus. As shown in FIG. 1 , other chips except the master chip 20 in the at least two chips are used as slave chips 21 and are directly connected to the master chip 20 through a chip interconnection bus, or through the chip interconnection bus and other slave chips. 21 is indirectly connected to the main chip 20 . It should be noted that even if the slave chip 21 is indirectly connected to the master chip 20 through the chip interconnection bus and other slave chips 21, the data transmission rate between the slave chip 21 and the master chip 20 is much higher than that between the master chip 20 and the master chip 20. Data transfer rate between firmware storage devices 10 . When implementing the interconnection between the slave chip 21 and the master chip 20 , at least two chips may be interconnected in an interconnection manner such as, but not limited to, a line type, a ring type, a star type, and the like. As shown in FIG. 1 , at least two chips are interconnected by a chip interconnection bus line, that is, at least two chips are connected in a line topology structure through a chip interconnection bus. It should be noted that the manner of interconnecting the at least two chips is not limited to the linear interconnection manner shown in FIG. 1 , and other interconnection manners may also be used.

参考图1,该多芯片互连系统还包括一个高速存储装置30,该高速存储装置30接入芯片互连总线中,使该高速存储装置30拥有全局独立的地址。且至少两个芯片中的所有芯片共享该高速存储装置30,使每个芯片都能够访问该高速存储装置30。该高速存储装置30具备高速数据访问能力,从而在接入到芯片互连总线时,能够使每个芯片以较高的数据传输速率访问高速存储装置30。具体设置时,可以采用诸如但不限于高速缓冲存储器(Cache)等的随机存取存储器(Random Access Memory,RAM)作为高速存储装置30,使每个芯片能够通过芯片互连总线以高速数据传输速率访问高速存储装置30。Referring to FIG. 1 , the multi-chip interconnection system further includes a high-speed storage device 30 , which is connected to the chip interconnection bus, so that the high-speed storage device 30 has a globally independent address. And all chips in at least two chips share the high-speed storage device 30 , so that each chip can access the high-speed storage device 30 . The high-speed storage device 30 has high-speed data access capability, so that each chip can access the high-speed storage device 30 at a higher data transfer rate when connected to the chip interconnection bus. In the specific setting, a random access memory (Random Access Memory, RAM) such as but not limited to a cache memory (Cache) can be used as the high-speed storage device 30, so that each chip can transmit at a high-speed data rate through the chip interconnection bus. Access to high-speed storage device 30 .

参考图1,该高速存储装置30可以设置在至少两个芯片的芯片外,即不位于每个芯片的片内,使从芯片21可以选择是否经过主芯片20来访问高速存储装置30,便于每个从芯片21以最优的访问路径访问高速存储装置30。当然,参考图5,还可以将高速存储装置30设置在主芯片20内,便于主芯片20将相同固件从固件存储装置10中加载到高速存储装置30中。应当理解的是,本申请并不限制高速存储装置30的设置位置,而主要限制高速存储装置30接入芯片互连总线,使多个芯片能够共享该高速存储装置30,且能够以高速数量传输速率来访问该高速存储装置30。Referring to FIG. 1 , the high-speed storage device 30 can be arranged outside the chips of at least two chips, that is, not located in each chip, so that the slave chip 21 can choose whether to access the high-speed storage device 30 through the master chip 20, which is convenient for each chip. Each slave chip 21 accesses the high-speed storage device 30 with an optimal access path. Of course, referring to FIG. 5 , the high-speed storage device 30 can also be provided in the main chip 20 , so that the main chip 20 can load the same firmware from the firmware storage device 10 into the high-speed storage device 30 . It should be understood that this application does not limit the location of the high-speed storage device 30, but mainly restricts the high-speed storage device 30 to access the chip interconnection bus, so that multiple chips can share the high-speed storage device 30, and can transmit in high-speed quantities. speed to access the high-speed storage device 30.

在安全启动过程中,参考图1及图4,主芯片20能够将该相同固件从固件存储装置10加载到高速存储装置30,具体的,主芯片20加载固件存储装置10中所存储的该相同固件,并将该相同固件写入到高速存储装置30中,以使主芯片20和每个从芯片21均从高速存储装置30中获取相同固件的固件执行数据,来进行验证、加载等执行操作。通过设置接入芯片互连总线的高速存储装置30,在固件存储装置10中存储有所有芯片都使用的相同固件的场景下,主芯片20只需要访问低速的固件存储装置10一次,将该相同固件从固件存储装置10加载到高速存储装置30,使该主芯片20和其他的从芯片21在对该相同固件的安全验证或执行的过程中,都使用芯片互连总线从高速存储装置30中获取该相同固件的固件执行数据。相比现有技术中多个芯片都通过芯片互连总线从固件存储装置10中多次重复读取该相同固件的固件执行数据相比,本申请的方案优化为使用芯片互连总线从高速存储装置30中读取相同固件的固件执行数据,将从固件存储装置10中读取数据的读取速率从100Mbps量级,提高到了10Gbps量级,利用芯片与共享的高速存储装置30之间的传输速率是低速的固件存储装置10访问速率的100倍以上优点,极大的缩短每个芯片读取固件执行数据的时间。即在针对多个芯片使用相同固件的多芯片场景下,本申请的方案能够有效缩短整个系统的安全启动时间。由于处理器领域中的多芯片结构无论是同构结构还是异构结构,整个系统都存在大量相同的芯片,相同的芯片由于初始化流程类似,通常使用相同固件。在将该方案应用到处理器领域的多芯片结构时,能够大幅缩短整个系统的安全启动时间。During the secure boot process, referring to FIG. 1 and FIG. 4 , the main chip 20 can load the same firmware from the firmware storage device 10 to the high-speed storage device 30 . Specifically, the main chip 20 loads the same firmware stored in the firmware storage device 10 . firmware, and write the same firmware into the high-speed storage device 30, so that the master chip 20 and each slave chip 21 obtain the firmware execution data of the same firmware from the high-speed storage device 30 to perform verification, loading and other execution operations . By setting the high-speed storage device 30 connected to the chip interconnection bus, in the scenario where the firmware storage device 10 stores the same firmware used by all chips, the main chip 20 only needs to access the low-speed firmware storage device 10 once, and the same firmware is stored in the firmware storage device 10. The firmware is loaded from the firmware storage device 10 to the high-speed storage device 30, so that the master chip 20 and other slave chips 21 all use the chip interconnect bus from the high-speed storage device 30 in the process of security verification or execution of the same firmware. Get firmware execution data for that same firmware. Compared with the prior art, multiple chips repeatedly read the firmware execution data of the same firmware from the firmware storage device 10 through the chip interconnect bus. The firmware execution data of the same firmware is read in the device 30, and the read rate of the data read from the firmware storage device 10 is increased from the order of 100 Mbps to the order of 10 Gbps, using the transmission between the chip and the shared high-speed storage device 30. The rate is more than 100 times the access rate of the low-speed firmware storage device 10, which greatly shortens the time for each chip to read the firmware execution data. That is, in a multi-chip scenario where the same firmware is used for multiple chips, the solution of the present application can effectively shorten the safe startup time of the entire system. Due to the multi-chip structure in the processor field, whether it is a homogeneous structure or a heterogeneous structure, there are a large number of identical chips in the entire system, and the same chips usually use the same firmware due to the similar initialization process. When the solution is applied to the multi-chip structure in the processor field, the secure boot time of the entire system can be greatly shortened.

另外,主芯片20还可以在将相同固件从固件存储装置10加载到高速存储装置30中之后,通过与高速存储装置30中的相同固件进行交互,实现对该相同固件的合法性验证。具体的,可以在主芯片20内设置合法性验证模块,在将该相同固件加载到高速存储装置30中时,该合法性验证模块用于验证加载到高速存储装置30中的相同固件的合法性。主芯片20在将相同固件加载到高速存储装置30之后,才对该相同固件进行合法性验证,从而使合法性验证的交互流程也运行在高速传输的芯片互连总线和高速存储装置30之间,缩短合法性验证时间,提高合法性验证效率。应当理解的是,主芯片20并不限于通过与加载到高速存储装置30中的相同固件进行交互,来进行合法性验证的实现方式,除此之外,还可以采用其他的方式。例如,主芯片20可以先与固件存储装置10中的相同固件进行交互,来验证其合法性,即主芯片20在加载固件存储装置10中的相同固件之前,先验证该相同固件的合法性,只有在合法性验证通过之后,才将该相同固件加载到高速存储装置30中。In addition, after loading the same firmware from the firmware storage device 10 into the high-speed storage device 30, the main chip 20 can also interact with the same firmware in the high-speed storage device 30 to verify the validity of the same firmware. Specifically, a legality verification module may be set in the main chip 20, and when the same firmware is loaded into the high-speed storage device 30, the legality verification module is used to verify the legality of the same firmware loaded into the high-speed storage device 30 . Only after the main chip 20 loads the same firmware into the high-speed storage device 30, does the same firmware verify the legality, so that the interactive process of legality verification also runs between the high-speed transmission chip interconnect bus and the high-speed storage device 30. , shorten the legality verification time and improve the legality verification efficiency. It should be understood that the main chip 20 is not limited to an implementation manner of performing legality verification by interacting with the same firmware loaded into the high-speed storage device 30, and other manners may also be used. For example, the main chip 20 may first interact with the same firmware in the firmware storage device 10 to verify its legitimacy, that is, before loading the same firmware in the firmware storage device 10, the main chip 20 verifies the legitimacy of the same firmware, The same firmware is loaded into the high-speed storage device 30 only after the validity verification is passed.

进一步的,还可以在至少两个芯片中设置有用于同步使用的状态寄存器,通过状态寄存器的状态变化,来标识主芯片20是否对该相同固件完成合法性验证,从而通知其他的从芯片21根据其需求决定是否对该相同固件再次进行合法性验证。具体的,在主芯片20完成验证加载到高速存储装置30中的相同固件的合法性之后,主芯片20还需要将状态寄存器从第一状态改变为第二状态,其中的第一状态可以为二进制的“0”,其中的第二状态可以为二进制的“1”,当然也可以采用相反的定义方式,以广播通知所有的从芯片21,主芯片20完成了对该相同固件的合法性验证。在主芯片20完成合法性验证之后,及时将该信息广播给其他的所有从芯片21,由于多芯片对相同固件的初始化流程类似,从而使其他的从芯片21无需针对该相同固件进行重复的合法性验证,进一步缩短安全启动时间。具体选择该状态寄存器时,可以通过主芯片20与其他的每个从芯片21协商将主芯片20中的一个寄存器作为该状态寄存器,便于主芯片20快速的改变状态寄存器的状态。当然,该状态寄存器还可以位于任意的从芯片21的一个寄存器内。Further, a status register for synchronous use can also be set in at least two chips, and the status change of the status register is used to identify whether the master chip 20 completes the legality verification of the same firmware, so as to notify other slave chips 21 according to Its needs decide whether to verify the validity of the same firmware again. Specifically, after the main chip 20 completes the verification of the validity of the same firmware loaded into the high-speed storage device 30, the main chip 20 also needs to change the state register from the first state to the second state, where the first state may be binary The second state can be binary “1”. Of course, the opposite definition method can be adopted to notify all slave chips 21 by broadcast that the master chip 20 has completed the validity verification of the same firmware. After the master chip 20 completes the legality verification, it broadcasts the information to all other slave chips 21 in time. Since the initialization process of the same firmware by multiple chips is similar, other slave chips 21 do not need to repeat the legalization process for the same firmware. security verification, further shortening the secure boot time. When specifically selecting the status register, the master chip 20 can negotiate with each other slave chip 21 to use a register in the master chip 20 as the status register, so that the master chip 20 can quickly change the state of the status register. Of course, the status register may also be located in a register of any slave chip 21 .

在具体实现主芯片20及从芯片21共享访问该高速存储装置30时,可以通过调整软硬件,使高速存储装置30支持至少两个芯片并发访问,从而使多个芯片能够并发的从高速存储装置30中获取相同固件的固件代码,因此随着从芯片21数目的增加,本技术方案的整体系统启动时间并不会跟着增加。以图3及图4为例,对于主芯片20来说,该相同固件的整个固件加载过程的时间就是:主芯片20将该相同固件从固件存储装置10通过路径1→2→3加载到共享的高速存储装置30的时间。对于后续其他的主芯片20和每个从芯片21来说,后续主芯片20通过路径2→3,从芯片1(图3及图4中的从芯片1、2、3…、n中的从芯片1)通过路径4→5,从芯片2(图3及图4中的从芯片1、2、3…、n中的从芯片2)通过路径6→7,并发地从共享高速存储装置30,以获取相应的固件执行数据。在主芯片20及从芯片21访问高速存储装置30中该相同固件的固件执行数据时,该固件执行数据可以包括固件代码和针对每个芯片的独立变量数据。从而在实现并发访问时,需要支持多个芯片并发的访问该相同固件的同一份固件代码。具体实现主芯片20和从芯片21并发的共享访问高速存储装置30时,可以采用多种实现方式。如下示例性的示出一种实现方式。When the master chip 20 and the slave chip 21 share access to the high-speed storage device 30, the software and hardware can be adjusted so that the high-speed storage device 30 supports concurrent access by at least two chips, so that multiple chips can concurrently access the high-speed storage device. The firmware code of the same firmware is obtained in 30, so with the increase of the number of slave chips 21, the overall system startup time of the technical solution will not increase accordingly. Taking FIG. 3 and FIG. 4 as an example, for the main chip 20, the time of the entire firmware loading process of the same firmware is: the main chip 20 loads the same firmware from the firmware storage device 10 to the shared firmware through the path 1→2→3. time of the high-speed storage device 30 . For the subsequent other master chips 20 and each slave chip 21, the subsequent master chip 20 passes the path 2→3, the slave chip 1 (the slave chips 1, 2, 3..., n in FIG. 3 and FIG. 4) Chip 1) goes through path 4→5, slave chip 2 (slave chip 2 in slave chips 1, 2, 3..., n in FIG. 3 and FIG. 4) passes through path 6→7, concurrently from the shared high-speed storage device 30 , to obtain the corresponding firmware execution data. When the master chip 20 and the slave chip 21 access the firmware execution data of the same firmware in the high-speed storage device 30, the firmware execution data may include firmware codes and independent variable data for each chip. Therefore, when implementing concurrent access, it is necessary to support multiple chips to concurrently access the same firmware code of the same firmware. When implementing the concurrent shared access of the master chip 20 and the slave chip 21 to the high-speed storage device 30, various implementation manners may be adopted. An implementation is exemplarily shown as follows.

可以将高速存储装置30中划分有第一存储空间和至少两个第二存储空间。其中,第一存储空间用于存储一份该相同固件的固件代码。至少两个第二存储空间与至少两个芯片一一对应,每个第二存储空间用于存储对应芯片的独立变量数据。此时,需要调整包含主芯片20和从芯片21的各个芯片内部的软件,使各个芯片内部均将第一存储空间地址和该芯片对应的第二存储空间地址映射为相同的虚拟地址,便于同一份固件代码能够在多个芯片中并发的正常执行。应当理解的是,上述仅仅示出了一种支持多个芯片并发访问高速存储装置30的实现方式,除此之外,还可以采用其他的实现方式。The high-speed storage device 30 may be divided into a first storage space and at least two second storage spaces. Wherein, the first storage space is used to store a firmware code of the same firmware. The at least two second storage spaces are in one-to-one correspondence with the at least two chips, and each second storage space is used to store independent variable data of the corresponding chip. At this time, it is necessary to adjust the software inside each chip including the master chip 20 and the slave chip 21, so that the first storage space address and the second storage space address corresponding to the chip are mapped to the same virtual address inside each chip, which is convenient for the same A copy of the firmware code can be executed normally in multiple chips concurrently. It should be understood that the above only illustrates an implementation manner for supporting multiple chips to access the high-speed storage device 30 concurrently, and other implementation manners may also be adopted.

再者,还可以增加设置关于保障安全性的功能模块,固件执行数据在高速存储装置30和芯片之间进行传输时,通过这些功能模块保障传输的安全性。具体的,参考图2、图3及图5,可以在每个芯片中均设置有密码模块201,且至少两个芯片中的密码模块201之间支持密钥协商,以在所有的芯片之间能够共享对称密钥。之后,每个芯片通过其内的密码模块201,将要写入高速存储装置30中的明文加密为密文后写入高速存储装置30。每个芯片还通过其内的密码模块201,读取并解密高速存储装置30中存储的密文。即每个芯片在将诸如但不限于该相同固件写入到高速存储装置30中时,先需要将明文加密为密文,之后再写入到高速存储装置30后。具体的,参考图2、图3及图5,在每个芯片中还设置有控制模块202,与密码模块201连接,来控制相应的操作。如图2所示,主芯片20的控制模块202在将相同固件从固件存储装置10中加载出来之后,先交由主芯片20内的密码模块201进行加密为密文,之后再写入到高速存储装置30。主芯片20或每个从芯片21从高速存储装置30中加载诸如但不限于该相同固件的固件代码或针对每个芯片的独立变量数据之后,需要先由密码模块201进行解密,之后才交给每个芯片内的控制模块202进行相应操作。通过在每个芯片中增加密码模块201,且多个芯片的密码模块201之间支持密钥协商,从而将协商好的密钥对应配置到密码模块201中,从而使高速存储装置30中保存的都是密文。不仅使攻击者无法推测出密钥以做到解密高速存储装置30中的密文,阻止攻击者篡改后再加密放回到高速存储装置30。而且如果攻击者直接篡改密文,解密后的内容通常不是正确的指令,将直接导致系统死机,阻止攻击者的攻击。在更优的实施方式中,还可以使密码模块201对密文将要存储在高速存储装置30中的地址信息加密为地址密文,即将存储在高速存储装置30中的数据的地址信息也进行加密,使将要保存数据的地址也参与加密计算,因此攻击者无法通过重复放置固件密文数据进行攻击。Furthermore, functional modules for ensuring security can be added, and when the firmware execution data is transmitted between the high-speed storage device 30 and the chip, the security of transmission is guaranteed by these functional modules. Specifically, referring to FIG. 2 , FIG. 3 and FIG. 5 , a cryptographic module 201 may be provided in each chip, and the cryptographic modules 201 in at least two chips support key negotiation, so that all the chips can communicate with each other. Ability to share symmetric keys. Afterwards, each chip encrypts the plaintext to be written in the high-speed storage device 30 into ciphertext through the cryptographic module 201 in the chip, and writes it into the high-speed storage device 30 . Each chip also reads and decrypts the ciphertext stored in the high-speed storage device 30 through the cryptographic module 201 therein. That is, when each chip writes, but not limited to, the same firmware into the high-speed storage device 30 , it first needs to encrypt the plaintext into ciphertext, and then write it into the high-speed storage device 30 . Specifically, referring to FIG. 2 , FIG. 3 and FIG. 5 , each chip is further provided with a control module 202 , which is connected to the cryptographic module 201 to control corresponding operations. As shown in FIG. 2 , after the control module 202 of the main chip 20 loads the same firmware from the firmware storage device 10, it is first handed over to the cryptographic module 201 in the main chip 20 for encryption into ciphertext, and then written to the high-speed storage device 30 . After the master chip 20 or each slave chip 21 loads firmware codes such as but not limited to the same firmware or independent variable data for each chip from the high-speed storage device 30, it needs to be decrypted by the cryptographic module 201 first, and then handed over to the The control module 202 in each chip performs corresponding operations. By adding a cryptographic module 201 to each chip, and the cryptographic modules 201 of multiple chips support key negotiation, the negotiated key is correspondingly configured in the cryptographic module 201, so that the stored data in the high-speed storage device 30 is enabled. All are ciphertext. It not only prevents the attacker from inferring the key to decrypt the ciphertext in the high-speed storage device 30 , but also prevents the attacker from tampering with it and then encrypting it and putting it back into the high-speed storage device 30 . Moreover, if the attacker directly tampers with the ciphertext, the decrypted content is usually not the correct instruction, which will directly cause the system to crash and prevent the attacker from attacking. In a more preferred embodiment, the cryptographic module 201 can also make the ciphertext encrypt the address information to be stored in the high-speed storage device 30 into an address ciphertext, that is, the address information of the data to be stored in the high-speed storage device 30 is also encrypted. , so that the address that will save the data also participates in the encryption calculation, so the attacker cannot attack by repeatedly placing the firmware ciphertext data.

其中,上述至少两个芯片中的密码模块201在进行密钥协商时,至少两个芯片中的密码模块201之间可以通过密钥协商产生共享密钥,该共享密钥用于每个密码模块201将明文加密为密文,或将密文解密为明文。Wherein, when the cryptographic modules 201 in the above at least two chips perform key negotiation, the cryptographic modules 201 in the at least two chips can generate a shared key through key negotiation, and the shared key is used for each cryptographic module 201 Encrypt plaintext to ciphertext, or decrypt ciphertext to plaintext.

上述描述的方案,通过设置接入芯片互连总线的高速存储装置30,在固件存储装置10中存储有所有芯片都使用的相同固件的场景下,主芯片20只需要访问低速的固件存储装置10一次,将该相同固件从固件存储装置10加载到高速存储装置30,使该主芯片20和其他的从芯片21在对该相同固件的安全验证或执行的过程中,都使用芯片互连总线从高速存储装置30中获取该相同固件的固件执行数据。且主芯片20在将相同固件加载到高速存储装置30之后,才对该相同固件进行合法性验证,从而使合法性验证的交互流程也运行在高速传输的芯片互连总线和高速存储装置30之间,缩短合法性验证时间,提高合法性验证效率。相比现有技术中多个芯片都通过芯片互连总线从固件存储装置10中多次重复读取该相同固件的固件执行数据相比,本申请的方案优化为使用芯片互连总线从高速存储装置30中读取相同固件的固件执行数据,将从固件存储装置10中读取数据的读取速率从100Mbps量级,提高到了10Gbps量级,利用芯片与共享的高速存储装置30之间的传输速率是低速的固件存储装置10访问速率的100倍以上优点,极大的缩短每个芯片读取固件执行数据的时间。即在针对多个芯片使用相同固件的多芯片场景下,本申请的方案能够有效缩短整个系统的安全启动时间。由于处理器领域中的多芯片结构无论是同构结构还是异构结构,整个系统都存在大量相同的芯片,相同的芯片由于初始化流程类似,通常使用相同固件。在将该方案应用到处理器领域的多芯片结构时,能够缩短相同固件的加载时间,缩短合法性验证时间,提高合法性验证效率,大幅缩短整个系统的安全启动时间。In the solution described above, by setting the high-speed storage device 30 connected to the chip interconnection bus, in the scenario where the firmware storage device 10 stores the same firmware used by all chips, the main chip 20 only needs to access the low-speed firmware storage device 10. Once, the same firmware is loaded from the firmware storage device 10 to the high-speed storage device 30, so that the master chip 20 and other slave chips 21 all use the chip interconnect bus in the process of security verification or execution of the same firmware. The firmware execution data of the same firmware is acquired in the high-speed storage device 30 . And the main chip 20 only performs legality verification on the same firmware after loading the same firmware into the high-speed storage device 30, so that the interactive process of legality verification also runs between the high-speed transmission chip interconnect bus and the high-speed storage device 30. time, shorten the legality verification time and improve the legality verification efficiency. Compared with the prior art, multiple chips repeatedly read the firmware execution data of the same firmware from the firmware storage device 10 through the chip interconnect bus. The firmware execution data of the same firmware is read in the device 30, and the read rate of the data read from the firmware storage device 10 is increased from the order of 100 Mbps to the order of 10 Gbps, using the transmission between the chip and the shared high-speed storage device 30. The rate is more than 100 times the access rate of the low-speed firmware storage device 10, which greatly shortens the time for each chip to read the firmware execution data. That is, in a multi-chip scenario where the same firmware is used for multiple chips, the solution of the present application can effectively shorten the safe startup time of the entire system. Due to the multi-chip structure in the processor field, whether it is a homogeneous structure or a heterogeneous structure, there are a large number of identical chips in the entire system, and the same chips usually use the same firmware due to the similar initialization process. When the solution is applied to the multi-chip structure in the processor field, the loading time of the same firmware can be shortened, the validity verification time can be shortened, the validity verification efficiency can be improved, and the safe startup time of the entire system can be greatly shortened.

另外,本发明实施例还提供了一种基于上述任意的多芯片互连系统的安全启动方法,参考图1,该安全启动方法包括:主芯片20将存储在固件存储装置10中的相同固件加载到高速存储装置30;主芯片20验证加载到高速存储装置30中的相同固件的合法性;主芯片20和每个从芯片21均从高速存储装置30中获取相同固件的固件执行数据。In addition, an embodiment of the present invention also provides a secure boot method based on any of the above-mentioned multi-chip interconnection systems. Referring to FIG. 1 , the secure boot method includes: the main chip 20 loads the same firmware stored in the firmware storage device 10 to the high-speed storage device 30 ; the master chip 20 verifies the validity of the same firmware loaded into the high-speed storage device 30 ; the master chip 20 and each slave chip 21 obtain the firmware execution data of the same firmware from the high-speed storage device 30 .

在上述的方案中,通过设置接入芯片互连总线的高速存储装置30,在固件存储装置10中存储有所有芯片都使用的相同固件的场景下,主芯片20只需要访问低速的固件存储装置10一次,将该相同固件从固件存储装置10加载到高速存储装置30,使该主芯片20和其他的从芯片21在对该相同固件的安全验证或执行的过程中,都使用芯片互连总线从高速存储装置30中获取该相同固件的固件执行数据。且主芯片20在将相同固件加载到高速存储装置30之后,才对该相同固件进行合法性验证,从而使合法性验证的交互流程也运行在高速传输的芯片互连总线和高速存储装置30之间,缩短合法性验证时间,提高合法性验证效率。相比现有技术中多个芯片都通过芯片互连总线从固件存储装置10中多次重复读取该相同固件的固件执行数据相比,本申请的方案优化为使用芯片互连总线从高速存储装置30中读取相同固件的固件执行数据,将从固件存储装置10中读取数据的读取速率从100Mbps量级,提高到了10Gbps量级,利用芯片与共享的高速存储装置30之间的传输速率是低速的固件存储装置10访问速率的100倍以上优点,极大的缩短每个芯片读取固件执行数据的时间。即在针对多个芯片使用相同固件的多芯片场景下,本申请的方案能够有效缩短整个系统的安全启动时间。由于处理器领域中的多芯片结构无论是同构结构还是异构结构,整个系统都存在大量相同的芯片,相同的芯片由于初始化流程类似,通常使用相同固件。在将该方案应用到处理器领域的多芯片结构时,能够缩短相同固件的加载时间,缩短合法性验证时间,提高合法性验证效率,大幅缩短整个系统的安全启动时间。下面结合附图对上述各个步骤进行详细的介绍。In the above solution, by setting the high-speed storage device 30 connected to the chip interconnection bus, in the scenario where the firmware storage device 10 stores the same firmware used by all chips, the main chip 20 only needs to access the low-speed firmware storage device. 10 times, the same firmware is loaded from the firmware storage device 10 to the high-speed storage device 30, so that the master chip 20 and other slave chips 21 use the chip interconnection bus during the security verification or execution of the same firmware. The firmware execution data of the same firmware is acquired from the high-speed storage device 30 . And the main chip 20 only performs legality verification on the same firmware after loading the same firmware into the high-speed storage device 30, so that the interactive process of legality verification also runs between the high-speed transmission chip interconnect bus and the high-speed storage device 30. time, shorten the legality verification time and improve the legality verification efficiency. Compared with the prior art, multiple chips repeatedly read the firmware execution data of the same firmware from the firmware storage device 10 through the chip interconnect bus. The firmware execution data of the same firmware is read in the device 30, and the read rate of the data read from the firmware storage device 10 is increased from the order of 100 Mbps to the order of 10 Gbps, using the transmission between the chip and the shared high-speed storage device 30. The rate is more than 100 times the access rate of the low-speed firmware storage device 10, which greatly shortens the time for each chip to read the firmware execution data. That is, in a multi-chip scenario where the same firmware is used for multiple chips, the solution of the present application can effectively shorten the safe startup time of the entire system. Due to the multi-chip structure in the processor field, whether it is a homogeneous structure or a heterogeneous structure, there are a large number of identical chips in the entire system, and the same chips usually use the same firmware due to the similar initialization process. When the solution is applied to the multi-chip structure in the processor field, the loading time of the same firmware can be shortened, the validity verification time can be shortened, the validity verification efficiency can be improved, and the safe startup time of the entire system can be greatly shortened. The above steps are described in detail below with reference to the accompanying drawings.

首先,主芯片20将存储在固件存储装置10中的相同固件加载到高速存储装置30。具体的实现方式参考前述关于多芯片互连系统部分的描述,在此不再赘述。First, the main chip 20 loads the same firmware stored in the firmware storage device 10 into the high-speed storage device 30 . For a specific implementation manner, reference is made to the foregoing description of the multi-chip interconnection system, which will not be repeated here.

再者,参考图4,在主芯片20将存储在固件存储装置10中的相同固件加载到高速存储装置30之后,主芯片20验证加载到高速存储装置30中的相同固件的合法性。具体的实现方式参考前述关于多芯片互连系统部分的描述,在此不再赘述。Also, referring to FIG. 4 , after the host chip 20 loads the same firmware stored in the firmware storage device 10 into the high-speed storage device 30 , the host chip 20 verifies the validity of the same firmware loaded into the high-speed storage device 30 . For a specific implementation manner, reference is made to the foregoing description of the multi-chip interconnection system, which will not be repeated here.

如前述关于多芯片互连系统部分的描述,还可以在至少两个芯片中设置有用于同步使用的状态寄存器。具体使用该状态寄存器的方式可以为:在主芯片20完成验证加载到高速存储装置30中的相同固件的合法性之后,主芯片20还将状态寄存器从第一状态改变为第二状态,以广播通知所有的从芯片21。在主芯片20完成合法性验证之后,及时将该信息广播给其他的所有从芯片21,由于多芯片对相同固件的初始化流程类似,从而使其他的从芯片21无需针对该相同固件进行重复的合法性验证,进一步缩短安全启动时间。Status registers for synchronous use may also be provided in at least two chips, as described above in relation to the multi-chip interconnect system. The specific way of using the status register may be as follows: after the main chip 20 completes the verification of the validity of the same firmware loaded into the high-speed storage device 30, the main chip 20 also changes the status register from the first state to the second state to broadcast All slave chips 21 are notified. After the master chip 20 completes the legality verification, it broadcasts the information to all other slave chips 21 in time. Since the initialization process of the same firmware by multiple chips is similar, other slave chips 21 do not need to repeat the legalization process for the same firmware. security verification, further shortening the secure boot time.

接下来,参考图3及图4,主芯片20和每个从芯片21均从高速存储装置30中获取相同固件的固件执行数据。Next, referring to FIG. 3 and FIG. 4 , the master chip 20 and each slave chip 21 acquire firmware execution data of the same firmware from the high-speed storage device 30 .

如前述关于多芯片互连系统部分的描述,在主芯片20和每个从芯片21均从高速存储装置30中获取相同固件的固件执行数据时,可以使主芯片20和每个从芯片21并发访问高速存储装置30,以获取相同固件的固件执行数据,使多个芯片能够并发的从高速存储装置30中获取相同固件的固件代码,因此随着从芯片21数目的增加,本技术方案的整体系统启动时间并不会跟着增加。在主芯片20及从芯片21访问高速存储装置30中该相同固件的固件执行数据时,该固件执行数据可以包括固件代码和针对每个芯片的独立变量数据。从而在实现并发访问时,需要支持多个芯片并发的访问该相同固件的同一份固件代码。具体实现主芯片20和从芯片21并发的共享访问高速存储装置30时,可以采用多种实现方式。如下示例性的示出一种实现方式。As described above in relation to the multi-chip interconnection system, when the master chip 20 and each slave chip 21 acquire the firmware execution data of the same firmware from the high-speed storage device 30, the master chip 20 and each slave chip 21 can be made concurrently Access the high-speed storage device 30 to obtain the firmware execution data of the same firmware, so that multiple chips can concurrently obtain the firmware code of the same firmware from the high-speed storage device 30. Therefore, as the number of slave chips 21 increases, the overall The system startup time does not increase accordingly. When the master chip 20 and the slave chip 21 access the firmware execution data of the same firmware in the high-speed storage device 30, the firmware execution data may include firmware codes and independent variable data for each chip. Therefore, when implementing concurrent access, it is necessary to support multiple chips to concurrently access the same firmware code of the same firmware. When implementing the concurrent shared access of the master chip 20 and the slave chip 21 to the high-speed storage device 30, various implementation manners may be adopted. An implementation is exemplarily shown as follows.

在具体实现主芯片20和每个从芯片21并发访问高速存储装置30时,所有的芯片均在高速存储装置30中划分出相同的第一存储空间,第一存储空间用于存储固件代码;每个芯片还在高速存储装置30划分有与该芯片对应的第二存储空间,第二存储空间用于存储对应芯片的独立变量数据;各个芯片内部均将第一存储空间地址和该芯片对应的第二存储空间地址映射为相同的虚拟地址。便于同一份固件代码能够在多个芯片中并发的正常执行。具体的实现方式参考前述关于多芯片互连系统部分的描述,在此不再赘述。When the main chip 20 and each slave chip 21 concurrently access the high-speed storage device 30, all chips are divided into the same first storage space in the high-speed storage device 30, and the first storage space is used to store firmware codes; Each chip is further divided into a second storage space corresponding to the chip in the high-speed storage device 30, and the second storage space is used to store the independent variable data of the corresponding chip; the first storage space address and the first storage space address corresponding to the chip are stored inside each chip. Two memory space addresses are mapped to the same virtual address. It is convenient for the same firmware code to be executed concurrently in multiple chips. For a specific implementation manner, reference is made to the foregoing description of the multi-chip interconnection system, which will not be repeated here.

另外,参考图2、图3及图5,每个芯片中还可以均设置有密码模块201,且至少两个芯片中的密码模块201之间支持密钥协商。此时,安全启动方法还可以进一步包括:至少两个芯片中的密码模块201之间进行密钥协商;每个芯片通过其内的密码模块201,将要写入高速存储装置30中的明文加密为密文后写入高速存储装置30;每个芯片还通过其内的密码模块201,读取并解密高速存储装置30中存储的密文。通过在每个芯片中增加密码模块201,且多个芯片的密码模块201之间支持密钥协商,从而将协商好的密钥对应配置到密码模块201中,从而使高速存储装置30中保存的都是密文。不仅使攻击者无法推测出密钥以做到解密高速存储装置30中的密文,阻止攻击者篡改后再加密放回到高速存储装置30。而且如果攻击者直接篡改密文,解密后的内容通常不是正确的指令,将直接导致系统死机,阻止攻击者的攻击。具体的实现方式参考前述关于多芯片互连系统部分的描述,在此不再赘述。In addition, referring to FIG. 2 , FIG. 3 and FIG. 5 , each chip may also be provided with a cryptographic module 201 , and the cryptographic modules 201 in at least two chips support key negotiation. At this time, the secure boot method may further include: performing key negotiation between the cryptographic modules 201 in at least two chips; each chip encrypts the plaintext to be written into the high-speed storage device 30 through the cryptographic module 201 in the chip as The ciphertext is then written into the high-speed storage device 30 ; each chip also reads and decrypts the ciphertext stored in the high-speed storage device 30 through the cryptographic module 201 therein. By adding a cryptographic module 201 to each chip, and the cryptographic modules 201 of multiple chips support key negotiation, the negotiated key is correspondingly configured in the cryptographic module 201, so that the stored data in the high-speed storage device 30 is enabled. All are ciphertext. It not only prevents the attacker from inferring the key to decrypt the ciphertext in the high-speed storage device 30 , but also prevents the attacker from tampering with it and then encrypting it and putting it back into the high-speed storage device 30 . Moreover, if the attacker directly tampers with the ciphertext, the decrypted content is usually not the correct instruction, which will directly cause the system to crash and prevent the attacker from attacking. For a specific implementation manner, reference is made to the foregoing description of the multi-chip interconnection system, which will not be repeated here.

其中,在至少两个芯片中的密码模块201之间进行密钥协商时,至少两个芯片中的密码模块201之间可以进行密钥协商,产生共享密钥。此时,将要写入高速存储装置30中的明文加密为密文后写入高速存储装置30包括:将要写入高速存储装置30中的明文使用共享密钥加密为密文后写入高速存储装置30。此时,读取并解密高速存储装置30中存储的密文包括:读取并使用共享密钥解密高速存储装置30中存储的密文。Wherein, when key negotiation is performed between the cryptographic modules 201 in the at least two chips, the cryptographic modules 201 in the at least two chips may perform key negotiation to generate a shared key. At this time, encrypting the plaintext to be written in the high-speed storage device 30 into ciphertext and then writing to the high-speed storage device 30 includes: encrypting the plaintext to be written in the high-speed storage device 30 into ciphertext using a shared key and then writing it into the high-speed storage device 30. At this time, reading and decrypting the ciphertext stored in the high-speed storage device 30 includes: reading and decrypting the ciphertext stored in the high-speed storage device 30 using the shared key.

进一步的,在将要写入高速存储装置30中的明文加密为密文后写入高速存储装置30时,还可以对密文将要存储在高速存储装置30中的地址信息加密为地址密文,使将要保存数据的地址也参与加密计算,因此攻击者无法通过重复放置固件密文数据进行攻击。Further, when the plaintext to be written in the high-speed storage device 30 is encrypted into ciphertext and then written into the high-speed storage device 30, the address information to be stored in the high-speed storage device 30 can also be encrypted into the address ciphertext by the ciphertext, so that the ciphertext is encrypted. The address where the data will be saved is also involved in the encryption calculation, so an attacker cannot attack by repeatedly placing the firmware ciphertext data.

以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到的变化或替换,都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应该以权利要求的保护范围为准。The above are only specific embodiments of the present invention, but the protection scope of the present invention is not limited thereto. Any person skilled in the art who is familiar with the technical scope disclosed by the present invention can easily think of changes or substitutions. All should be included within the protection scope of the present invention. Therefore, the protection scope of the present invention should be subject to the protection scope of the claims.

Claims (16)

1. A multichip interconnect system, comprising:
a circuit board;
a firmware storage device disposed on the circuit board;
at least two chips arranged on the circuit board and interconnected through a chip interconnection bus, wherein the at least two chips comprise a master chip and other slave chips; the main chip is directly connected with the firmware storage device, and each slave chip is directly connected with the main chip or indirectly connected with the main chip through other slave chips;
a high speed storage device accessing the chip interconnect bus and shared by all of the chips;
the firmware storage device stores the same firmware used by all the chips;
the main chip is used for loading the same firmware from the firmware storage device to the high-speed storage device so that the main chip and each slave chip can acquire firmware execution data of the same firmware from the high-speed storage device;
and a validity verification module is also arranged in the main chip and used for verifying the validity of the same firmware loaded in the high-speed storage device.
2. The multichip interconnect system according to claim 1, wherein status registers for synchronous use are provided in said at least two chips;
after the master chip finishes verifying the validity of the same firmware loaded into the high-speed storage device, the master chip also changes the status register from the first state to the second state to broadcast a notification to all slave chips.
3. The multichip interconnect system of claim 2, wherein the status register is a register integrated within the master chip.
4. The multichip interconnect system of claim 1, wherein the high speed memory device supports concurrent access by the at least two chips.
5. The multichip interconnect system according to claim 4, wherein the firmware execution data includes firmware code and independent variable data for each chip;
the high-speed storage device is divided into a first storage space and at least two second storage spaces; wherein the first storage space is used for storing the firmware codes; the at least two second storage spaces correspond to the at least two chips one by one, and each second storage space is used for storing the independent variable data of the corresponding chip;
and mapping the first storage space address and a second storage space address corresponding to the chip into the same virtual address in each chip.
6. The multichip interconnect system according to claim 1, wherein a cryptographic module is disposed in each chip, and key agreement is supported between cryptographic modules in said at least two chips;
each chip encrypts a plaintext to be written into the high-speed storage device into a ciphertext through the cryptographic module in the chip and writes the ciphertext into the high-speed storage device; each chip also reads and decrypts the ciphertext stored in the high-speed storage device through the cryptographic module in the chip.
7. The multichip interconnect system according to claim 6, wherein a shared key is generated between the cryptographic modules in the at least two chips through key agreement;
the shared secret key is used for each cryptographic module to encrypt the plaintext into the ciphertext or decrypt the ciphertext into the plaintext.
8. The multichip interconnect system of claim 6, wherein the cryptographic module further encrypts the address information that the ciphertext is to be stored in the high-speed storage device as an address ciphertext.
9. The multichip interconnect system according to claim 1, wherein said high speed storage device is disposed off-chip of said at least two chips; or the like, or, alternatively,
the high-speed storage device is disposed within the main chip.
10. A secure boot method of the multichip interconnect system according to claim 1, comprising:
the main chip loads the same firmware stored in the firmware storage device to the high-speed storage device;
the main chip verifies the validity of the same firmware loaded into the high-speed storage device;
the master chip and each slave chip acquire firmware execution data of the same firmware from the high-speed storage device.
11. The secure boot method according to claim 10, wherein a status register for synchronous use is provided in the at least two chips;
after the master chip finishes verifying the validity of the same firmware loaded into the high-speed storage device, the secure boot method further comprises: the master chip changes the status register from a first state to a second state to broadcast a notification to all slave chips.
12. The secure boot method of claim 10, wherein the master chip and each slave chip obtaining firmware execution data of the same firmware from the high-speed storage device comprises:
the master chip and each slave chip concurrently access the high-speed storage device to obtain firmware execution data of the same firmware.
13. The secure boot method of claim 12, wherein the firmware execution data includes firmware code and independent variable data for each chip;
the master chip and each slave chip concurrently accessing the high-speed storage device includes:
all the chips divide the same first storage space in the high-speed storage device, wherein the first storage space is used for storing the firmware codes;
each chip is also divided into a second storage space corresponding to the chip in the high-speed storage device, and the second storage space is used for storing the independent variable data of the corresponding chip;
and mapping the first storage space address and a second storage space address corresponding to the chip into the same virtual address in each chip.
14. The secure boot method according to claim 10, wherein a cryptographic module is disposed in each chip, and key agreement is supported between the cryptographic modules in the at least two chips;
the secure boot method further comprises:
carrying out key agreement between the cryptographic modules in the at least two chips;
each chip encrypts a plaintext to be written into the high-speed storage device into a ciphertext through the cryptographic module in the chip and writes the ciphertext into the high-speed storage device;
each chip also reads and decrypts the ciphertext stored in the high-speed storage device through the cryptographic module in the chip.
15. The secure boot method of claim 14, wherein performing key agreement between the cryptographic modules in the at least two chips comprises: carrying out key agreement between the cryptographic modules in the at least two chips to generate a shared key;
the encrypting the plaintext to be written into the high-speed storage device into the ciphertext and then writing into the high-speed storage device comprises the following steps: encrypting the plaintext to be written into the high-speed storage device into ciphertext by using the shared secret key and writing the ciphertext into the high-speed storage device;
the reading and decrypting the ciphertext stored in the high-speed storage comprises: reading and decrypting the ciphertext stored in the high-speed storage using the shared key.
16. The secure boot method of claim 14, wherein said writing the plaintext to be written to the high-speed storage device after encrypting the plaintext to ciphertext further comprises:
the address information to be stored in the high-speed storage device is also encrypted as an address ciphertext.
CN202210755860.0A 2022-06-29 2022-06-29 Multi-chip interconnection system and safe starting method based on same Active CN115080473B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210755860.0A CN115080473B (en) 2022-06-29 2022-06-29 Multi-chip interconnection system and safe starting method based on same

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210755860.0A CN115080473B (en) 2022-06-29 2022-06-29 Multi-chip interconnection system and safe starting method based on same

Publications (2)

Publication Number Publication Date
CN115080473A true CN115080473A (en) 2022-09-20
CN115080473B CN115080473B (en) 2023-11-21

Family

ID=83256270

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210755860.0A Active CN115080473B (en) 2022-06-29 2022-06-29 Multi-chip interconnection system and safe starting method based on same

Country Status (1)

Country Link
CN (1) CN115080473B (en)

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5872967A (en) * 1989-12-29 1999-02-16 Packard Bell Nec Method for warm boot from reset
WO2004050369A1 (en) * 2002-12-02 2004-06-17 Silverbrook Research Pty Ltd Dead nozzle compensation
JP2005303370A (en) * 2004-04-06 2005-10-27 Sony Corp Semiconductor chip, start program, semiconductor chip program, storage medium, terminal, and information processing method
US20060130035A1 (en) * 2004-11-23 2006-06-15 Shih Chun-Hung Method and chip for upgrading flash rom of optical disk drive
CN201655114U (en) * 2010-04-26 2010-11-24 王宾 Hardware structure of DSP experimental platform
CN103383676A (en) * 2012-07-13 2013-11-06 威盛电子股份有限公司 Hub device and method for initializing hub device
CN109086228A (en) * 2018-06-26 2018-12-25 深圳市安信智控科技有限公司 High-speed memory chip with multiple independent access channels
CN110716756A (en) * 2019-10-15 2020-01-21 上海兆芯集成电路有限公司 Multi-grain multi-core computer platform and starting method thereof
CN112540785A (en) * 2020-11-17 2021-03-23 中山市江波龙电子有限公司 Firmware upgrading method of storage device, control equipment and storage device
CN113051111A (en) * 2021-03-05 2021-06-29 海光信息技术股份有限公司 Multi-chip module fault identification processing method and system
CN113485754A (en) * 2021-06-22 2021-10-08 新华三半导体技术有限公司 Chip starting method and device and electronic equipment

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5872967A (en) * 1989-12-29 1999-02-16 Packard Bell Nec Method for warm boot from reset
WO2004050369A1 (en) * 2002-12-02 2004-06-17 Silverbrook Research Pty Ltd Dead nozzle compensation
JP2005303370A (en) * 2004-04-06 2005-10-27 Sony Corp Semiconductor chip, start program, semiconductor chip program, storage medium, terminal, and information processing method
US20060130035A1 (en) * 2004-11-23 2006-06-15 Shih Chun-Hung Method and chip for upgrading flash rom of optical disk drive
CN201655114U (en) * 2010-04-26 2010-11-24 王宾 Hardware structure of DSP experimental platform
CN103383676A (en) * 2012-07-13 2013-11-06 威盛电子股份有限公司 Hub device and method for initializing hub device
CN109086228A (en) * 2018-06-26 2018-12-25 深圳市安信智控科技有限公司 High-speed memory chip with multiple independent access channels
CN110716756A (en) * 2019-10-15 2020-01-21 上海兆芯集成电路有限公司 Multi-grain multi-core computer platform and starting method thereof
CN112540785A (en) * 2020-11-17 2021-03-23 中山市江波龙电子有限公司 Firmware upgrading method of storage device, control equipment and storage device
CN113051111A (en) * 2021-03-05 2021-06-29 海光信息技术股份有限公司 Multi-chip module fault identification processing method and system
CN113485754A (en) * 2021-06-22 2021-10-08 新华三半导体技术有限公司 Chip starting method and device and electronic equipment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
陈云;: "嵌入式设备的邮递式升级方案", 计算机科学, no. 1 *

Also Published As

Publication number Publication date
CN115080473B (en) 2023-11-21

Similar Documents

Publication Publication Date Title
US20250117503A1 (en) System, method and apparatus for total storage encryption
US7613915B2 (en) Method for programming on-chip non-volatile memory in a secure processor, and a device so programmed
TWI493951B (en) Systems and methods for protecting symmetric encryption keys
KR102013841B1 (en) Method of managing key for secure storage of data, and and apparatus there-of
US9251380B1 (en) Method and storage device for isolating and preventing access to processor and memory used in decryption of text
CN101551784B (en) Method and device for encrypting data in ATA memory device with USB interface
US11070380B2 (en) Authentication apparatus based on public key cryptosystem, mobile device having the same and authentication method
CN111295645B (en) SoC chip and bus access control method
Shafiee et al. Secure DIMM: Moving ORAM primitives closer to memory
US20060230439A1 (en) Trusted platform module apparatus, systems, and methods
US20200204991A1 (en) Memory device and managed memory system with wireless debug communication port and methods for operating the same
US11698973B2 (en) Platform security mechanism
EP4109270A1 (en) Memory bus integrity and data encryption (ide)
CN112395651B (en) Memory device and method for operating a memory device
US11243881B2 (en) Practical ORAM delegation for untrusted memory on cloud servers
KR20210095038A (en) Address decryption for memory storage
US20230177176A1 (en) Multi-processor device with secure processor-controlled access to memory
CN115080473B (en) Multi-chip interconnection system and safe starting method based on same
US20230163964A1 (en) Secure key exchange in a multi-processor device
CN115550042B (en) Signature verification server for realizing national encryption algorithm based on security chip
WO2022036615A1 (en) Device channel protection mechanism
CN118468285A (en) A trusted execution environment boundary extension method for FPGA
CN115840950A (en) Post-quantum secure lightweight integrity and replay protection for multi-die connections
CN117675184A (en) Key management method, management controller and server

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant