CN116756730A - Reliable starting method for multistage flow control of SoC chip and hardware reliable root - Google Patents
Reliable starting method for multistage flow control of SoC chip and hardware reliable root Download PDFInfo
- Publication number
- CN116756730A CN116756730A CN202310666161.3A CN202310666161A CN116756730A CN 116756730 A CN116756730 A CN 116756730A CN 202310666161 A CN202310666161 A CN 202310666161A CN 116756730 A CN116756730 A CN 116756730A
- Authority
- CN
- China
- Prior art keywords
- chip
- main program
- module
- efuse
- sequence
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 57
- 230000002159 abnormal effect Effects 0.000 claims abstract description 20
- 238000012795 verification Methods 0.000 claims description 29
- 238000004891 communication Methods 0.000 claims description 23
- 230000009191 jumping Effects 0.000 claims description 18
- 230000006870 function Effects 0.000 claims description 12
- 238000004590 computer program Methods 0.000 claims description 8
- 238000012545 processing Methods 0.000 claims description 8
- 238000004364 calculation method Methods 0.000 claims description 5
- 230000008569 process Effects 0.000 claims description 5
- 238000012790 confirmation Methods 0.000 claims description 4
- 238000011217 control strategy Methods 0.000 claims description 3
- 239000002245 particle Substances 0.000 claims description 2
- 230000005856 abnormality Effects 0.000 claims 2
- 238000010586 diagram Methods 0.000 description 9
- 238000013461 design Methods 0.000 description 7
- 230000009471 action Effects 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000004886 process control Methods 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 238000013496 data integrity verification Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 231100000279 safety data Toxicity 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
A reliable starting method of SoC chip multistage flow control and hardware reliable root, said method regards RomCode, eFuse, hash algorithm module, symmetric cipher algorithm and integrality check module, special pin of exception handling and special access connection line of end-to-end between eFuse and safe special module as the root of trust of hardware, through utilizing the reliable root of hardware and multi-stage flow control tactics solidified in RomCode comprehensively, realize the reliable chain of the chip, guarantee the safe and reliable under abnormal starting scenes such as normal start and abnormal restarting, debugging of the chip.
Description
Technical Field
The application relates to the field of integrated circuit design, in particular to a hardware trusted root design, and based on the hardware trusted root, a chip trusted chain starting strategy of multistage flow control is used.
Background
In the field of integrated circuits, a system-on-chip SoC is a system-on-chip formed by combining a series of integrated circuits having specific functions on a chip, and a hardware part thereof includes a microprocessor/microcontroller, control logic, a memory-on-chip, a specific functional unit, an external communication interface, and the like, and a software part thereof includes an embedded system and application software.
Generally, in the power-on and starting process of the SoC chip, the on-chip ROM reads the Boot Loader from the nonvolatile memory, and the Boot Loader completes the initialization configuration operation on the processor, the peripheral device and each special function unit. After initialization is completed, the Boot Loader loads an operating system and an application program to the RAM memory in the SOC chip for operation. Therefore, if a certain security risk exists in the starting process of the chip, any part of the boot loader, the application program and the like is tampered and replaced maliciously, and the security of the chip cannot be ensured. Therefore, the SoC chip is required to be subjected to omnibearing security trust protection, so that the chip has a complete trusted chain, and the chip program is effectively prevented from being tampered maliciously in the starting and running processes. To prevent the chip program from being tampered with and replaced and to steal important algorithms and data from it, a corresponding boot key is typically set to verify that the software image is running after the verification is successful.
For systems requiring high-level security functions, it is necessary to ensure that all code and corresponding operations are trusted from the first instruction run at chip start-up to the full flow of loaded application software. If the trusted root of the chip is tampered or bypassed, the system cannot be found, so that the chip is required to be provided with the tamper-proof hardware starting trusted root, and a series of omnibearing safe starting strategies are adopted to ensure the trusted safety of the chip.
It should be noted that the information disclosed in the above background section is only for understanding the background of the application and thus may include information that does not form the prior art that is already known to those of ordinary skill in the art.
Disclosure of Invention
The application mainly aims to overcome the defects of the background technology and provide a reliable starting method for multistage flow control of an SoC chip and a reliable root of hardware of the SoC chip.
In order to achieve the above purpose, the present application adopts the following technical scheme:
a reliable starting method of SoC chip multistage flow control uses RomCode, eFuse, hash algorithm module, symmetric cipher algorithm and integrity check module, special end-to-end access connection line between special eFuse and special safety module as hardware trust root, and realizes reliable chain of chip by comprehensively utilizing hardware trust root and multistage flow control strategy solidified in RomCode to ensure safe and reliable of chip under abnormal starting scene of normal starting, abnormal restarting, debugging, etc.
Further:
the multi-stage flow control comprises the following steps:
1) Powering up the chip;
2) Checking whether the PLL is locked;
3) Initializing UART, SPI, CRC, eFuse, a symmetric cryptographic algorithm, an integrity verification module and a hash algorithm module;
4) Reading the level of the forced upgrade pin, judging whether to execute the forced upgrade mode, and executing the step 5) if the forced upgrade pin is not in the forced upgrade mode; otherwise, jumping to the 13) step;
5) Reading and judging whether normal program data exist in the nonvolatile memory, if so, executing the step 6), otherwise, jumping to the step 13);
6) Closing JTAG channel;
7) Enabling eFuses, and reading information such as a chip version number, a key index number and the like;
8) Enabling a symmetric cryptographic algorithm and an integrity verification module;
9) Executing decryption operation on the main program data, judging whether the decrypted data sequence is matched with a correct sequence preset before encryption according to the decrypted result, if so, executing the step 10), and if not, jumping to the step 13);
10 Enabling a hash algorithm module;
11 Performing hash calculation on the main program data to obtain abstract information, further obtaining a message verification code, comparing the abstract with a preset correct sequence, judging whether the abstract and the message verification code are matched, if so, performing step 12), and if not, jumping to step 13);
12 Copying the main program mirror image into the RAM, and jumping the instruction to the RAM to execute the main program;
13 Waiting for UART or SPI to input instructions, if no instruction is input, resetting the software, jumping to the step 1), and if the instruction is input, executing the step 14);
14 Enabling and calling a symmetric cryptographic algorithm and an integrity verification module, decrypting and integrity verifying an input instruction sequence, judging whether the instruction is legal and effective, executing the step 15) if the instruction is correct, and jumping to the step 13) if the instruction is incorrect;
15 Performing programming of relevant fields in eFuses and programming of the main program to a designated address space in FLASH.
In the embodiments of the present application, first, a hardware trusted root design is provided by comprehensively utilizing RomCode, eFuse, a hash algorithm module, a symmetric cryptographic algorithm and integrity verification module, special pins for exception handling and special end-to-end access wires between eFuses and special modules, so that the security and the reliability of a boot loader in the chip power-on stage can be ensured; secondly, utilizing an end-to-end direct access connection line of the secure key storage medium controller and the encryption and decryption algorithm special module, blocking access of the CPU and the bus to the secure key from hardware and snooping secure data on the CPU core and the bus through an external communication interface in a chip power-on normal starting stage; thirdly, the hardware credible root and the multi-stage flow control are comprehensively utilized, the credible chain of the chip is realized, and the safety and credibility of the chip under abnormal starting scenes such as normal starting, abnormal restarting, debugging and the like are ensured.
In some embodiments, the hardware root of trust is composed of several hardware functional units and special connection relationships, in particular, including: romCode, eFuse, hash algorithm module, symmetric cryptographic algorithm and integrity verification module, exception handling dedicated pins, and end-to-end dedicated access wiring between eFuses and dedicated modules. The eFuse storage area is set as a write-only unreadable area, a readable and writable area and a read-write state indication area, wherein security data such as a decryption key, summary information, encryption communication enabling state indication and the like of a main program are stored in the write-only unreadable area, when the security data are needed to be used by the hash algorithm module, the symmetric cipher algorithm module and the integrity check special module, the eFuse controller automatically transmits the data to corresponding inlets of the special modules through special access connection lines, and the CPU and the bus cannot access the security data in the whole course. The chip ID, the version number counter, the JTAG locking state indication, the external communication interface enabling indication and other state information are stored in the readable and writable area; the read-write status indication area is used to indicate read-write attributes of different data segments of the eFuse.
In some embodiments, the romacode primary functions include: and (3) finishing the power-on initialization of the chip, and determining the next working flow according to the configuration state information of the eFuse readable and writable area and whether a main program exists in the chip. Particularly, if the main program exists in the chip, the main program is guided to start according to the configuration state of the hardware credible root; if the main program does not exist in the chip, the communication interface is started JTAG, SWD, UART, SPI through confirmation of an encrypted communication handshake signal, a debugging mode is entered, and the main program is programmed; if the abnormal condition caused by the extreme conditions such as uncontrollable electromagnetic interference such as manual misoperation or single-particle inversion occurs, the special pin for abnormal processing is used for entering a forced reset state, entering a debugging mode again, and programming the main program.
In some embodiments, after the romade program completes the chip initialization, the JTAG communication interface is turned off and a series of trusted chain verifications are performed on the main program in the non-volatile memory. The method specifically comprises the following steps: CPU obtains the version number of the main program stored in eFuse and reads the main program stored in the corresponding address in the nonvolatile memory; enabling a symmetric cryptographic algorithm and an integrity verification module, wherein the symmetric cryptographic algorithm module directly accesses a secret key stored in eFuses to finish decryption of the main program mirror image and finish main body integrity verification of the main program mirror image at the same time; the hash algorithm module is enabled, and the hash algorithm module directly accesses the signature key stored in the eFuse and verifies the signature key with the digest information extracted after decryption from the main program image.
If the main program does not exist in the chip, the program programming flow can be entered after the identity authentication is verified, and the identity authentication is confirmed through the encryption communication sequence. The user inputs the encrypted communication sequence through the UART and the SPI, the symmetric cipher algorithm module decrypts the encrypted sequence, the hash algorithm module calculates the digest value of the decrypted sequence and confirms, the decrypted sequence is compared with the sequence stored in the eFuse after confirmation, the legal identity of the user is confirmed after complete coincidence, then the user can implement operations of writing the eFuse, writing the main program into the nonvolatile memory and the like, and the chip automatically enters a reset state after the writing is completed.
If abnormal conditions caused by extreme factors such as uncontrollable electromagnetic interference are met, and normal starting is impossible, the special pins for abnormal processing can be used for entering a forced reset state, after identity authentication is completed through an encryption communication sequence, a debugging mode is entered, whether eFuse programming information is correct or not is checked, and the correct version of the main program is re-programmed.
And the SoC chip hardware trusted root implements the trusted starting method.
A computer readable storage medium storing a computer program which, when executed by a processor, implements the trusted boot method.
The application provides a trusted starting method of hardware trusted chain design and multistage flow control of SoC chip, which comprehensively utilizes RomCode, eFuse, hash algorithm module, symmetric cryptographic algorithm and integrity check module, special pins for exception handling and special access connection between eFuses and special modules end to end, provides a trusted root design of hardware, and can ensure the security and credibility of each functional module of a boot loader in physical and logical aspects in the chip power-on stage; on the basis, the reliable safe starting of the chip is realized by comprehensively utilizing each functional module in the hardware reliable root and the multistage flow control in the RomCode, and the safe and reliable of the chip under abnormal starting scenes such as normal starting, abnormal restarting, debugging and the like is ensured.
The eFuse has the capability of storing multiple groups of information such as the security keys, has the version number rollback prevention function, ensures that the chip has the key updating function, and can prevent attack by using the expiration keys. In addition, the eFuses store the internal data integrity verification sequence and hash value after the encryption of the main program under the corresponding version key, thereby ensuring the security and matching performance of the corresponding verification information after the key update.
Drawings
FIG. 1 is a diagram of the overall architecture of a hardware root of trust in an embodiment of the application.
Fig. 2 is a schematic diagram of a chip trusted chain start-up procedure of multi-level flow control according to an embodiment of the present application.
Detailed Description
The following describes embodiments of the present application in detail. It should be emphasized that the following description is merely exemplary in nature and is in no way intended to limit the scope of the application or its applications.
It will be understood that when an element is referred to as being "mounted" or "disposed" on another element, it can be directly on the other element or be indirectly on the other element. When an element is referred to as being "connected to" another element, it can be directly connected to the other element or be indirectly connected to the other element. In addition, the connection may be for both a fixing action and a coupling or communication action.
It is to be understood that the terms "length," "width," "upper," "lower," "front," "rear," "left," "right," "vertical," "horizontal," "top," "bottom," "inner," "outer," and the like are merely for convenience in describing embodiments of the application and to simplify the description by referring to the figures, rather than to indicate or imply that the devices or elements referred to must have a particular orientation, be constructed and operated in a particular orientation, and thus are not to be construed as limiting the application.
Furthermore, the terms "first," "second," and the like, are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include one or more such feature. In the description of the embodiments of the present application, the meaning of "plurality" is two or more, unless explicitly defined otherwise.
The embodiment of the application provides a chip trusted chain starting method for multistage process control, which takes RomCode, eFuse, a hash algorithm module, a symmetric cryptographic algorithm and integrity checking module, special pins for exception handling and special access connection lines between eFuses and a security special module as hardware trust roots, and realizes the chip trusted chain by comprehensively utilizing the hardware trust roots and a multistage process control strategy solidified in RomCode, thereby ensuring the security and reliability of the chip under abnormal starting scenes such as normal starting, abnormal restarting, debugging and the like.
Fig. 1 is a block diagram showing the general organization of the SoC chip security design method according to the present application, where the design includes the following components:
RomCode: the Boot program mainly comprises the operations of completing chip initialization, closing a JTAG communication interface, controlling the mode selection, flow control, exception handling, input and output and the like of the power-on starting of the chip in the Boot stage, and completing the serial trusted chain verification work of the main program in the nonvolatile memory.
eFuses: the eFuse reading and programming tasks are controlled by the eFuse controller, and data such as high-level security keys are transmitted to the entrance of a special security algorithm special module for receiving the security data end to end through a special reading connection line instead of a bus under the direct control of the eFuse controller. The eFuse storage area is set as a write-only unreadable area, a readable and writable area and a read-write state indication area, wherein the security data such as a decryption key, abstract information, encryption communication enabling state indication and the like of the main program are stored in the write-only unreadable area. Particularly, when the hash algorithm module, the symmetric cipher algorithm module and the integrity verification special module need to use the safety data, the CPU sends an index sequence number of the key, the eFuse controller reads the key data on the corresponding address according to the index sequence number and automatically transmits the key data to the corresponding inlet of each special module controller through the special access connection line, and the CPU and the bus cannot access the key data in the whole course.
A hash algorithm module: the digest consistency verification instruction sent by the CPU is received by the hash algorithm module controller, key data transmitted by the eFuse controller is received by utilizing an end-to-end special access connection with the eFuse, and digest calculation of main program data is realized.
Symmetric cryptographic algorithm and integrity verification module: the symmetric encryption and decryption instruction sent by the CPU is received by the symmetric cipher algorithm module controller, a plurality of key data transmitted by the eFuse controller is received by utilizing an end-to-end special access connection line with the eFuse, the symmetric decryption calculation function of the main program data is realized, and the internal integrity verification of the main program data is finished while the decryption is finished.
Special-purpose pin for exception handling: the pin is mainly set up for the fact that the chip cannot be started normally under the abnormal condition, when the bootstrap program in the RomCode detects that the special pin is pulled up, the chip is judged to be in an abnormal state and has artificial operation, at the moment, after identity authentication is allowed to be completed through an encryption communication sequence, the chip enters a debugging mode, whether eFuse programming information is correct or not is checked, data in the eFuse is allowed to be programmed again, and a main program is re-programmed.
end-to-end dedicated access link between eFuses and dedicated modules: and the eFuse and the hash algorithm module and the symmetric cipher algorithm and integrity checking module are connected in an end-to-end special mode, and a conduction enabling signal of the connection is controlled by the eFuse controller.
Fig. 2 shows a multi-stage flow control strategy according to the present application, and the main control flow is as follows:
1) Powering up the chip;
2) Checking whether the PLL is locked;
3) Initializing UART, SPI, CRC, eFuse, a symmetric cryptographic algorithm, an integrity verification module and a hash algorithm module;
4) Reading the level of the forced upgrade pin, judging whether to execute the forced upgrade mode, and executing the step 5) if the forced upgrade pin is not in the forced upgrade mode; otherwise, jumping to the 13) step;
5) Reading and judging whether normal program data exist in the nonvolatile memory, if so, executing the step 6), otherwise, jumping to the step 13);
6) Closing JTAG channel;
7) Enabling eFuses, and reading information such as a chip version number, a key index number and the like;
8) Enabling a symmetric cryptographic algorithm and an integrity verification module;
9) Executing decryption operation on the main program data, judging whether the decrypted data sequence is matched with a correct sequence preset before encryption according to the decrypted result, if so, executing the step 10), and if not, jumping to the step 13);
10 Enabling a hash algorithm module;
11 Performing hash calculation on the main program data to obtain abstract information, further obtaining a message verification code, comparing the abstract with a preset correct sequence, judging whether the abstract and the message verification code are matched, if so, performing step 12), and if not, jumping to step 13);
12 Copying the main program mirror image into the RAM, and jumping the instruction to the RAM to execute the main program;
13 Waiting for UART or SPI to input instructions, if no instruction is input, resetting the software, jumping to the step 1), and if the instruction is input, executing the step 14);
14 Enabling and calling a symmetric cryptographic algorithm and an integrity verification module, decrypting and integrity verifying an input instruction sequence, judging whether the instruction is legal and effective, executing the step 15) if the instruction is correct, and jumping to the step 13) if the instruction is incorrect;
15 Performing programming of relevant fields in eFuses and programming of the main program to a designated address space in FLASH.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment or an embodiment combining software and hardware aspects.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The background section of the present application may contain background information about the problems or environments of the present application and is not necessarily descriptive of the prior art. Accordingly, inclusion in the background section is not an admission of prior art by the applicant.
The foregoing is a further detailed description of the application in connection with specific/preferred embodiments, and it is not intended that the application be limited to such description. It will be apparent to those skilled in the art that several alternatives or modifications can be made to the described embodiments without departing from the spirit of the application, and these alternatives or modifications should be considered to be within the scope of the application. In the description of the present specification, reference to the terms "one embodiment," "some embodiments," "preferred embodiments," "examples," "specific examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the application. In this specification, schematic representations of the above terms are not necessarily directed to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Those skilled in the art may combine and combine the features of the different embodiments or examples described in this specification and of the different embodiments or examples without contradiction. Although embodiments of the present application and their advantages have been described in detail, it should be understood that various changes, substitutions and alterations can be made herein without departing from the scope of the application as defined by the appended claims.
Claims (10)
1. The reliable starting method for the multistage flow control of the SoC chip is characterized in that RomCode, eFuse, a hash algorithm module, a symmetric cryptographic algorithm and integrity checking module, special pins for exception handling and special end-to-end access connection lines between eFuses and a special safety module are used as hardware trust roots, a reliable chain of the chip is realized by comprehensively utilizing the hardware trust roots and a multistage flow control strategy solidified in a RomCode, and the safe and reliable of the chip under abnormal starting scenes such as normal starting, abnormal restarting and debugging are ensured.
2. The trusted boot method of claim 1, wherein said multi-level flow control comprises the steps of:
1) Powering up the chip;
2) Checking whether the PLL is locked;
3) Initializing UART, SPI, CRC, eFuse, a symmetric cryptographic algorithm, an integrity verification module and a hash algorithm module;
4) Reading the level of the forced upgrade pin, judging whether to execute the forced upgrade mode, and executing the step 5) if the forced upgrade pin is not in the forced upgrade mode; otherwise, jumping to the 13) step;
5) Reading and judging whether normal program data exist in the nonvolatile memory, if so, executing the step 6), otherwise, jumping to the step 13);
6) Closing JTAG channel;
7) Enabling eFuses, and reading information such as a chip version number, a key index number and the like;
8) Enabling a symmetric cryptographic algorithm and an integrity verification module;
9) The decryption operation of the main program data is executed, and according to the result after decryption, whether the decrypted data sequence matches with the correct sequence preset before encryption or not is judged, if so,
step 10) is performed, if not, jump to step 13);
10 Enabling a hash algorithm module;
11 Performing hash calculation on the main program data to obtain abstract information, further obtaining a message verification code, comparing the abstract with a preset correct sequence, judging whether the abstract and the message verification code are matched, if so, performing step 12), and if not, jumping to step 13);
12 Copying the main program mirror image into the RAM, and jumping the instruction to the RAM to execute the main program;
13 Waiting for UART or SPI to input instructions, if no instruction is entered, the software resets,
and jump to step 1), if there is instruction input, jump to step 14);
14 Enabling and calling a symmetric cryptographic algorithm and an integrity check module, decrypting and integrity checking an input instruction sequence, judging whether the instruction is legal and effective, if the instruction is correct,
step 15) is performed and if the instruction is incorrect, jump to step 13);
15 Performing programming of relevant fields in eFuses and programming of the main program to a designated address space in FLASH.
3. The method of claim 1 or 2, wherein the access of the CPU and bus to the secure key and the snooping of the secure data on the CPU core and bus via the external communication interface are blocked from hardware during the normal start-up phase of the chip power-up by using the end-to-end direct access connection between the secure key storage medium controller and the encryption/decryption algorithm specific module.
4. The trusted boot method of claim 1 or 2, wherein the eFuse storage area is set as a write-only unreadable area, a readable and writable area, and a read-write status indication area, wherein secure data such as a decryption key, digest information, encryption communication enable status indication, etc. of the main program are stored in the write-only unreadable area, and when the hash algorithm module, the symmetric cipher algorithm module, and the integrity check dedicated module need to use the secure data, the eFuse controller automatically transmits the data to corresponding entries of each dedicated module through a dedicated access connection, and the secure data cannot be accessed by the CPU and the bus in the whole course; the chip ID, the version number counter, the JTAG locking state indication, the external communication interface enabling indication and other state information are stored in the readable and writable area; the read-write status indication area is used to indicate read-write attributes of different data segments of the eFuse.
5. The trusted boot method of claim 1 or 2, wherein the romade primary function comprises: finishing chip power-on initialization, and determining the next working flow according to the configuration state information of the eFuse readable and writable area and whether a main program exists in the chip; particularly, if the main program exists in the chip, the main program is guided to start according to the configuration state of the hardware credible root; if the main program does not exist in the chip, the communication interface is started JTAG, SWD, UART, SPI through confirmation of an encrypted communication handshake signal, a debugging mode is entered, and the main program is programmed; if the abnormal condition caused by the extreme conditions such as uncontrollable electromagnetic interference such as manual misoperation or single-particle inversion occurs, the special pin for abnormal processing is used for entering a forced reset state, entering a debugging mode again, and programming the main program.
6. The method for trusted boot-up as claimed in claim 1 or 2, wherein after the romade program completes the chip initialization, the JTAG communication interface is turned off, and a series of trusted chain verifications are performed on the main program in the nonvolatile memory, specifically comprising: CPU obtains the version number of the main program stored in eFuse and reads the main program stored in the corresponding address in the nonvolatile memory; enabling a symmetric cryptographic algorithm and an integrity verification module, wherein the symmetric cryptographic algorithm module directly accesses a secret key stored in eFuses to finish decryption of the main program mirror image and finish main body integrity verification of the main program mirror image at the same time; the hash algorithm module is enabled, and the hash algorithm module directly accesses the signature key stored in the eFuse and verifies the signature key with the digest information extracted after decryption from the main program image.
7. The method for trusted starting as claimed in claim 1 or 2, wherein if the main program is not already present in the chip, the program programming process is entered after the identity authentication is performed, and the identity authentication is confirmed by the encrypted communication sequence; the user inputs the encrypted communication sequence through the UART and the SPI, the symmetric cipher algorithm module decrypts the encrypted sequence, the hash algorithm module calculates the digest value of the decrypted sequence and confirms, the decrypted sequence is compared with the sequence stored in the eFuse after confirmation, the legal identity of the user is confirmed after complete coincidence, then the user can implement operations of writing the eFuse, writing the main program into the nonvolatile memory and the like, and the chip automatically enters a reset state after the writing is completed.
8. The method of claim 1 or 2, wherein if an abnormality caused by an extreme factor such as uncontrollable electromagnetic interference is encountered, a forced reset state can be entered by using an abnormality processing dedicated pin, and after identity authentication is completed through an encrypted communication sequence, a debug mode is entered to check whether eFuse writing information is correct, and correct versions of the main program are rewritten.
9. A SoC chip hardware root of trust implementing the trusted boot method of any one of claims 1 to 8.
10. A computer readable storage medium storing a computer program, which when executed by a processor implements the trusted boot method according to any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310666161.3A CN116756730A (en) | 2023-06-07 | 2023-06-07 | Reliable starting method for multistage flow control of SoC chip and hardware reliable root |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310666161.3A CN116756730A (en) | 2023-06-07 | 2023-06-07 | Reliable starting method for multistage flow control of SoC chip and hardware reliable root |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116756730A true CN116756730A (en) | 2023-09-15 |
Family
ID=87952565
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310666161.3A Pending CN116756730A (en) | 2023-06-07 | 2023-06-07 | Reliable starting method for multistage flow control of SoC chip and hardware reliable root |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116756730A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117113362A (en) * | 2023-10-19 | 2023-11-24 | 中电科申泰信息科技有限公司 | Safe starting maintenance method for multi-core processor |
-
2023
- 2023-06-07 CN CN202310666161.3A patent/CN116756730A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117113362A (en) * | 2023-10-19 | 2023-11-24 | 中电科申泰信息科技有限公司 | Safe starting maintenance method for multi-core processor |
| CN117113362B (en) * | 2023-10-19 | 2024-01-19 | 中电科申泰信息科技有限公司 | Safe starting maintenance method for multi-core processor |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8880898B2 (en) | Anti-roll-back mechanism for counter | |
| US8006095B2 (en) | Configurable signature for authenticating data or program code | |
| US7461268B2 (en) | E-fuses for storing security version data | |
| US10509568B2 (en) | Efficient secure boot carried out in information processing apparatus | |
| US20150058979A1 (en) | Processing system | |
| US8028165B2 (en) | Trusted platform field upgrade system and method | |
| US20090193211A1 (en) | Software authentication for computer systems | |
| US20030028766A1 (en) | Firmware security key upgrade algorithm | |
| US20210149681A1 (en) | Secure Firmware Management with Hierarchical Boot Sequence using Last Known Good Firmware | |
| US8683212B2 (en) | Method and system for securely loading code in a security processor | |
| US11270003B2 (en) | Semiconductor device including secure patchable ROM and patch method thereof | |
| JP7113115B2 (en) | Security system and method for preventing rollback attacks on silicon device firmware | |
| CN116756730A (en) | Reliable starting method for multistage flow control of SoC chip and hardware reliable root | |
| CN113486360B (en) | RISC-V based safe starting method and system | |
| CN106164853A (en) | The system and method that the instruction using the chip residing on external memory devices to limit is revised for initiating sequence | |
| CN115828252A (en) | Mobile terminal safe starting method capable of updating trust root | |
| CN112861137A (en) | Secure firmware | |
| CN116049824A (en) | Firmware image checking system, firmware image checking method and computer system | |
| CN111695164B (en) | Electronic apparatus and control method thereof | |
| US20220317184A1 (en) | Secured debug | |
| US20230129942A1 (en) | Method for locking a rewritable non-volatile memory and electronic device implementing said method | |
| EP3923168B1 (en) | Secure boot at shutdown | |
| CN112015582B (en) | Self-correcting memory system and method for providing error correction to memory content | |
| WO2017182088A1 (en) | System and method for establishing a securely updatable core root of trust for measurement | |
| CN117708897A (en) | Method for protecting firmware data of embedded device and embedded device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |