CN116881985A - Access method based on chip PID or register and corresponding electronic equipment - Google Patents
Access method based on chip PID or register and corresponding electronic equipment Download PDFInfo
- Publication number
- CN116881985A CN116881985A CN202310730451.XA CN202310730451A CN116881985A CN 116881985 A CN116881985 A CN 116881985A CN 202310730451 A CN202310730451 A CN 202310730451A CN 116881985 A CN116881985 A CN 116881985A
- Authority
- CN
- China
- Prior art keywords
- soc chip
- key
- pid
- mode
- chip
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 62
- 238000012795 verification Methods 0.000 claims description 9
- 238000004891 communication Methods 0.000 claims description 3
- 239000004973 liquid crystal related substance Substances 0.000 claims 2
- 238000012423 maintenance Methods 0.000 abstract description 5
- 238000012986 modification Methods 0.000 abstract description 5
- 230000004048 modification Effects 0.000 abstract description 5
- 238000007689 inspection Methods 0.000 abstract description 4
- 230000006870 function Effects 0.000 description 5
- 238000012545 processing Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 238000004519 manufacturing process Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/74—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
Abstract
The embodiment of the application discloses an access method based on a chip PID or a register and corresponding electronic equipment. The access method based on the chip PID comprises the following steps: when the SOC chip receives any character, judging whether the SOC chip is in a secure mode or an unsecure mode; if the SOC chip is in the unsecure mode, enabling the SOC chip to enter the secure mode according to a PID key generated by a PID of the SOC chip and outputting a first result; if the SOC chip is in the secure mode, the SOC chip is put into the unsecure mode according to the access key generated by the PID and outputs a second result, or outputs a third result according to the access key. Through the mode, the password generated by the PID corresponding to the SOC chip is burnt to the SOC chip, so that the SOC chip enters a secure mode, and illegal access to the internal memory of the chip through the I2C debugging interface and other debugging interfaces is prevented; under the condition of passing the inspection, the chip can enter an unsecure mode to realize the reading or modification of the internal memory and the register of the chip, and the chip is provided with the modifiable memory, thereby reducing the risk and the maintenance cost.
Description
Technical Field
The embodiment of the application relates to the field of data reading, in particular to an access method based on a chip PID or a register and corresponding electronic equipment.
Background
From the aspect of the encryption protection function of the chip, the chip can work in two modes, namely a secure mode and an unsecure mode. The two modes differ in whether access to memory (e.g., FLASH) inside the chip is allowed through an external debug interface (e.g., I2C, UART).
The existing chip encryption design scheme has the following defects: if the efuse has no backdoor scheme, once the production line is burnt, the production line cannot be changed, and under the condition that the production line cannot be modified, if the software version is wrong or the problem that the chip is burnt bin file is abnormal due to some reasons, such as partial data is lost, the chip is regarded as a scrapped product, the product carrying the chip is regarded as an unqualified product, the chip can be normally used only by replacing the chip, and the scrapping of the chip and the replacement of the chip are obviously improved. The proposal of the chip encryption capable of being changed requires a third party server to generate an asymmetric key pair, a bin file signing tool capable of signing a flash is required after the key pair is received, the signature digest generated by the key pair is encrypted again, the related algorithm is complex, a special decryption and signature verification program is required to be designed, and a key management mechanism is also required, so that development and maintenance costs are greatly increased.
Disclosure of Invention
The technical problem mainly solved by the embodiment of the application is to provide an access method based on a chip PID or a register and corresponding electronic equipment, wherein a password generated by the PID corresponding to the SOC chip is burnt into the SOC chip to enable the SOC chip to enter a secure mode so as to prevent illegal access to an internal memory of the chip through a I2C (inter-integrated circuit) and other debug interfaces and avoid misuse of the encrypted program codes; under the condition of passing the inspection, the chip can also enter an unsecure mode so as to realize the reading or modification of the internal memory and the register of the chip, and the chip is provided with the modifiable, thereby reducing the risk and the maintenance cost.
In order to solve the technical problems, one technical scheme adopted by the embodiment of the application is as follows: provided is an access method based on a chip PID, comprising: when the SOC chip receives any character, judging that the SOC chip is in a secure mode or an unsecure mode; if the SOC chip is in the unsecure mode, enabling the SOC chip to enter the secure mode according to a PID key generated by PID of the SOC chip and outputting a first result; if the SOC chip is in the secure mode, the SOC chip enters the unsecure mode according to the access key generated by the PID and outputs a second result, or outputs a third result according to the access key.
In some embodiments, before determining that the SOC chip is in secure mode or unsecure mode, the method further comprises: verifying whether the second secret key and the PID of the SOC chip accord with a preset encryption algorithm or not when the SOC chip is in a secure mode; if not, terminating executing the access method.
In some embodiments, the putting the SOC chip into secure mode according to a PID key generated by a PID of the SOC chip includes: sending the PID to a computer; receiving a first key and a second key generated by the computer according to the PID respectively; burning the first key to a Flash configuration domain of the SOC chip; and burning the second key to a reserved area of Flash of the SOC chip.
In some embodiments, the causing the SOC chip to enter the unsecure mode and output a second result according to an access key generated by the PID, or outputting a third result according to the access key, includes: sending the PID to a computer; receiving an access key generated by the computer according to the PID; executing a password verification command on the access key, and verifying whether the access key is consistent with a preset key; if yes, enabling the SOC chip to enter an unsecure mode and outputting the second result; if not, outputting the third result; the preset key comprises a first key and a second key.
In some embodiments, the first key, the second key, and the access key are obtained by the computer encrypting the PID via ECB mode or CBC mode of AES.
6. The method of any of claims 1-5, wherein the first result is that the SOC chip has entered secure mode, the second result is that the SOC chip has entered unsecure mode, waiting for re-burning of the first key and the second key, and the third result is that the access key error is inconsistent with a preset key, and the SOC chip waits for reset.
In order to solve the technical problems, another technical scheme adopted by the embodiment of the application is as follows: provided is a register-based access method, including: burning the locking program to an SOC chip, so that the SOC chip enters a secure mode; and respectively writing preset access permission data into corresponding mode setting registers of the SOC chip to enable the SOC chip to enter an unsecure mode.
In some embodiments, after the SOC chip enters the unsecure mode, the method of re-entering the secure mode to the SOC chip includes: the mode setting register comprises a mode exit register, and the SOC chip is caused to exit the unsecure mode by writing data which is different from corresponding access permission data into the mode exit register; or, after the SOC chip is powered off, the power is turned on again.
In order to solve the technical problems, another technical scheme adopted by the embodiment of the application is as follows: there is provided an electronic device including: at least one processor; at least one network interface communicatively coupled to the respective processor; and a memory communicatively coupled to the at least one processor; the network interface is used for establishing communication connection between the processor and other external devices; the memory stores instructions executable by the at least one processor to enable the at least one processor to perform a chip PID based access method as described above or a register based access method as described above.
In order to solve the technical problems, another technical scheme adopted by the embodiment of the application is as follows: there is provided a non-volatile computer storage medium storing computer executable instructions that are executable by one or more processors to cause the one or more processors to perform a chip PID based access method as described above or a register based access method as described above.
The beneficial effects of the embodiment of the application are as follows: compared with the prior art, the embodiment of the application burns the password generated by the PID corresponding to the SOC chip to enable the password to enter a secure mode so as to prevent illegal access to the internal memory of the chip through the I2C and other debug interfaces and avoid misuse of the encrypted program code; under the condition of passing the inspection, the chip can also enter an unsecure mode so as to realize the reading or modification of the internal memory and the register of the chip, and the chip is provided with the modifiable, thereby reducing the risk and the maintenance cost.
Drawings
FIG. 1 is a schematic flow chart of an access method based on a chip PID according to an embodiment of the application;
FIG. 2 is a flow chart of another method for accessing based on a chip PID according to an embodiment of the application;
fig. 3 is a schematic flow chart of step S300 according to an embodiment of the present application;
fig. 4 is a schematic flow chart of step S400 according to an embodiment of the present application;
FIG. 5 is a flow chart of a register-based access method according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
In order that the application may be readily understood, a more particular description thereof will be rendered by reference to specific embodiments that are illustrated in the appended drawings. It will be understood that when an element is referred to as being "fixed" to another element, it can be directly on the other element or one or more intervening elements may be present therebetween. When an element is referred to as being "connected" to another element, it can be directly connected to the other element or one or more intervening elements may be present therebetween. The terms "upper," "lower," "inner," "outer," "bottom," and the like as used in this specification are used in an orientation or positional relationship based on that shown in the drawings, merely to facilitate the description of the application and to simplify the description, and do not indicate or imply that the devices or elements referred to must have a particular orientation, be constructed and operated in a particular orientation, and thus should not be construed as limiting the application. Furthermore, the terms "first," "second," "third," and the like are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used in the description of the application herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. The term "and/or" as used in this specification includes any and all combinations of one or more of the associated listed items.
In addition, the technical features mentioned in the different embodiments of the application described below can be combined with one another as long as they do not conflict with one another.
From the aspect of the encryption protection function of the chip, the chip can work in two modes, namely a Secure mode and an unsecure mode. The difference between the two modes is whether the memory (such as flash memory, flash memory for short) inside the chip is allowed to be accessed through an external debug interface (such as I2C, UART), which is called flash for short in the present application. In order to protect the IP rights of the developer, a corresponding encryption bit in a flash configuration area (flash configuration field) is set in the program, and after the program is downloaded and reset, the chip can enter a secure mode. In the secure mode, an instruction for reading or writing a flash cannot be executed through an external debug interface. In contrast, in the unsecure mode, all flash operation instructions including erase, read, write, etc. may be executed through the external debug interface. Therefore, the application designs another protection mechanism for the flash to protect programs and data in the flash from accidental erasure or writing, thereby effectively preventing misoperation of the CPU on the flash.
Referring to fig. 1, fig. 1 is a schematic diagram of an access method based on a chip PID according to an embodiment of the present application, where the method specifically includes the following steps:
step S200: when the SOC chip receives any character, the SOC chip is judged to be in a secure mode or an unsecure mode.
When the internal memory or the register of the SOC chip is to be operated, the SOC chip receives any character, and judges whether the SOC chip is in a secure mode or an unsecure mode at the moment, if the SOC chip is in the secure mode, the step S300 is executed; if the SOC chip is in unsecure mode, step S400 is performed.
Step S300: and enabling the SOC chip to enter a secure mode according to the PID key generated by the PID of the SOC chip and outputting a first result.
The SOC chip at this time is known to be in unsecure mode based on the determination, so the internal memory and corresponding registers of the SOC chip can be read and modified.
In some embodiments of the present application, the step S300 specifically includes the following steps, and the flow chart is shown in fig. 3:
step S310: and sending the PID to the computer.
The SOC chip has a unique product ID number, called PID, stored in a flash configuration memory. Specifically, the SOC chip transmits the PID stored in the configuration memory to the computer.
Step S320: the first key and the second key generated by the computer according to the PID are received respectively.
Specifically, after receiving the PID, the computer performs encryption processing on the PID through a corresponding encryption mode of AES, thereby generating a first key and a second key, which may be referred to as a back door access key (Backdoor Access Key).
AES has five encryption modes, specifically:
1. codebook patterns (Electronic Codebook Book, ECB); 2. cipher block chaining mode (Cipher Block Chaining, CBC); 3. calculator mode (CTR); 4. cipher FeedBack mode (CFB); 5. and an Output FeedBack mode (OFB).
In this embodiment, it is preferable that the ECB mode or CBC mode encrypt the PID.
Step S330: and burning the first key into a Flash configuration domain of the SOC chip.
The computer sends the first secret key to the SOC chip, then the first secret key is burnt into a Flash configuration domain of the SOC chip as a first check reference, and the first secret key can be repeatedly burnt into the Flash configuration domain of the SOC chip.
Step S340: and burning the second key into a reserved area of Flash of the SOC chip.
The computer sends the second secret key to the SOC chip, then the second secret key is burnt into a reserved area of Flash of the SOC chip as a second check reference, and the second secret key can be repeatedly burnt into the reserved area of Flash of the SOC chip.
After the steps are executed, a first result is output, wherein the first result is that the SOC chip enters a secure mode.
Step S400: the SOC chip is put into unsecure mode and outputs a second result according to the access key generated by the PID, or outputs a third result according to the access key.
In some embodiments of the present application, the step S400 specifically includes the following steps, and the flow chart is shown in fig. 4:
step S410: and sending the PID to the computer.
Step S420: the receiving computer generates an access key based on the PID.
Specifically, after receiving the PID, the computer performs encryption processing on the PID through a corresponding encryption mode of AES, thereby generating an access key. In this embodiment, it is preferable that the ECB mode or CBC mode encrypt the PID.
Step S430: and executing a password verification command on the access key, and verifying whether the access key is consistent with the preset key.
And the computer sends the generated access key to the SOC chip, and the SOC chip executes a password verification command on the access key to verify whether the access key is consistent with a preset key. The preset key comprises a first key in the Flash configuration area and a second key in the reserved area of the Flash.
By way of example and not limitation, it may be checked by Verify Backdoor Command whether the access key is consistent with the first key in the Flash configuration domain or the second key in the reserved area of Flash. If yes, go to step S440; if not, step S450 is performed.
Step S440: and enabling the SOC chip to enter an unsecure mode and outputting a second result.
And after verification, the access key is consistent with the preset key, namely the access key passes through, the SOC enters an unsecure mode, the internal memory and the corresponding register of the SOC are allowed to be accessed, and a second result is output, wherein the second result is that the SOC enters the unsecure mode. The SOC chip waits for re-encryption, and if the internal memory and the corresponding registers are accessed, the above-mentioned step S300 may be performed to re-encrypt the SOC chip.
Step S450: and outputting a third result.
And checking to ensure that the access key is inconsistent with the preset key, namely that the access key does not pass, and the access to the internal memory and the corresponding register of the SOC chip is not allowed. And outputting a third result, wherein the third result is that the access key error is inconsistent with the preset key, and the SOC chip waits for reset.
The embodiment of the application burns the password generated by the PID corresponding to the SOC chip to enable the password to enter a secure mode so as to prevent illegal access to the internal memory of the chip through I2C and other debug interfaces and avoid abuse of the encrypted program code; under the condition of passing the inspection, the chip can also enter an unsecure mode so as to realize the reading or modification of the internal memory and the register of the chip, and the chip is provided with the modifiable, thereby reducing the risk and the maintenance cost.
Before executing the above access method based on the chip PID, a section of verification program may be run in advance, for verifying whether the second key in the reserved area of the Flash and the PID of the SOC chip conform to a predetermined encryption algorithm, where the flowchart is shown in fig. 2, and the method specifically includes the following steps:
step S100: and in the secure mode of the SOC chip, verifying whether the second key and the PID of the SOC chip accord with a preset encryption algorithm.
The verification program is operated based on that the SOC is in the secure mode, whether the second secret key and the PID of the SOC chip accord with a preset encryption algorithm or not is verified, and if not, the step S500 is executed; if yes, go to step S200.
Step S500: terminating execution of the access method.
Through verification, the second secret key and the PID of the SOC chip are not in accordance with a preset encryption algorithm, so that all subsequent steps are not applicable to the SOC chip, the second secret key is hooked with the PID of the SOC chip, the PID has uniqueness, and if the second secret key is not in accordance with the PID, the second secret key is applied to other SOC chips. Therefore, after the second key and the PID of the SOC chip are verified to be not in accordance with the preset encryption algorithm, the access method, particularly all the subsequent steps, are terminated.
Step S200: when the SOC chip receives any character, the SOC chip is judged to be in a secure mode or an unsecure mode.
When the internal memory or the register of the SOC chip is to be operated, the SOC chip receives any character, and judges whether the SOC chip is in a secure mode or an unsecure mode at the moment, if the SOC chip is in the secure mode, the step S300 is executed; if the SOC chip is in unsecure mode, step S400 is performed.
Step S300: and enabling the SOC chip to enter a secure mode according to the PID key generated by the PID of the SOC chip and outputting a first result.
The SOC chip at this time is known to be in unsecure mode based on the determination, so the internal memory and corresponding registers of the SOC chip can be read and modified.
In some embodiments of the present application, the step S300 specifically includes the following steps, and the flow chart is shown in fig. 3:
step S310: and sending the PID to the computer.
The SOC chip has a unique product ID number, called PID, stored in a flash configuration memory. Specifically, the SOC chip transmits the PID stored in the configuration memory to the computer.
Step S320: the first key and the second key generated by the computer according to the PID are received respectively.
Specifically, after receiving the PID, the computer performs encryption processing on the PID through a corresponding encryption mode of AES, thereby generating a first key and a second key, which may be referred to as a back door access key (Backdoor Access Key).
In this embodiment, it is preferable that the ECB mode or CBC mode encrypt the PID.
Step S330: and burning the first key into a Flash configuration domain of the SOC chip.
The computer sends the first secret key to the SOC chip, then the first secret key is burnt into a Flash configuration domain of the SOC chip as a first check reference, and the first secret key can be repeatedly burnt into the Flash configuration domain of the SOC chip.
Step S340: and burning the second key into a reserved area of Flash of the SOC chip.
The computer sends the second secret key to the SOC chip, then the second secret key is burnt into a reserved area of Flash of the SOC chip as a second check reference, and the second secret key can be repeatedly burnt into the reserved area of Flash of the SOC chip.
After the steps are executed, a first result is output, wherein the first result is that the SOC chip enters a secure mode.
Step S400: the SOC chip is put into unsecure mode and outputs a second result according to the access key generated by the PID, or outputs a third result according to the access key.
In some embodiments of the present application, the step S400 specifically includes the following steps, and the flow chart is shown in fig. 4:
step S410: and sending the PID to the computer.
Step S420: the receiving computer generates an access key based on the PID.
Specifically, after receiving the PID, the computer performs encryption processing on the PID through a corresponding encryption mode of AES, thereby generating an access key. In this embodiment, it is preferable that the ECB mode or CBC mode encrypt the PID.
Step S430: and executing a password verification command on the access key, and verifying whether the access key is consistent with the preset key.
And the computer sends the generated access key to the SOC chip, and the SOC chip executes a password verification command on the access key to verify whether the access key is consistent with a preset key. The preset key comprises a first key in the Flash configuration area and a second key in the reserved area of the Flash.
By way of example and not limitation, it may be checked by Verify Backdoor Command whether the access key is consistent with the first key in the Flash configuration domain or the second key in the reserved area of Flash. If yes, go to step S440; if not, step S450 is performed.
Step S440: and enabling the SOC chip to enter an unsecure mode and outputting a second result.
And after verification, the access key is consistent with the preset key, namely the access key passes through, the SOC enters an unsecure mode, the internal memory and the corresponding register of the SOC are allowed to be accessed, and a second result is output, wherein the second result is that the SOC enters the unsecure mode. The SOC chip waits for re-encryption, and if the internal memory and the corresponding registers are accessed, the above-mentioned step S300 may be performed to re-encrypt the SOC chip.
Step S450: and outputting a third result.
And checking to ensure that the access key is inconsistent with the preset key, namely that the access key does not pass, and the access to the internal memory and the corresponding register of the SOC chip is not allowed. And outputting a third result, wherein the third result is that the access key error is inconsistent with the preset key, and the SOC chip waits for reset.
The embodiment of the application also provides a register-based access method, the flow diagram of which is shown in fig. 5, and the method specifically comprises the following steps:
step S600: and burning the locking program to the SOC chip to enable the SOC chip to enter a secure mode.
Specifically, a locking program for controlling that an internal memory of the SOC chip cannot be burned and a corresponding register cannot be modified is burned into the SOC chip, so that the SOC chip enters a secure mode.
Taking an effuse as an example, the efuse_mem_lock=reg_47 [7], the efuse_reg_lock=reg_47 [6], and setting that when the efuse_mem_lock=1, the programming function cannot be performed on the Efuse memory; when efsu_reg_lock=1, the Efuse corresponding registers (reg_40 to reg_4f) cannot be modified.
Step S700: and respectively writing the preset access permission data into corresponding mode setting registers of the SOC chip to enable the SOC chip to enter an unsecure mode.
Similarly, using the Efuse as an example, the unsecure mode can be entered by writing the following registers successively and corresponding access permission data in the following order.
Reg_28=0x99;
Reg_29=0x33;
Reg_2A=0x8C;
Wherein reg_28, reg_29, and reg_2a are mode setting registers, and 0x99, 0x33, and 0x8C are preset access permission data.
In unsecure mode, the lockout function of the Efuse will be overridden and the Efuse corresponding register and Efuse memory may be modified or read.
In addition, after the internal memory and the corresponding registers are read and modified, the SOC chip needs to be put into the secure mode again to ensure the data security.
In this embodiment, the method for making the SOC chip enter the secure mode again includes:
the mode setting register includes a mode exit register for causing the SOC chip to exit the unsecure mode by writing data different from the corresponding access permission data to the mode exit register; or, after the SOC chip is powered off, the power is turned on again.
The mode setting registers include reg_28, reg_29 and reg_2a, where reg_28 is a mode exit register, and if any data different from 0x99 is only written to reg_28, then the Efuse can be caused to exit the unsecure mode.
The embodiment of the present application further provides an electronic device based on the above-mentioned access method based on the chip PID or the access method based on the register, and a schematic structural diagram of the electronic device is shown in fig. 6, where the electronic device 100 includes:
one or more processors 101, a network interface 102, and a memory 103, one processor 101, one network interface 102, and one memory 103 being illustrated in fig. 6.
The network interface 102 is communicatively coupled to a corresponding processor 101, and the processor 101 and memory 102 may be coupled via a bus or otherwise, as exemplified in fig. 6 by a bus connection.
The network interface 102 is used to establish a communication connection between the processor 101 and other external devices, including the following types: RJ-45 interface, SC fiber interface, AUI interface, FDDI interface, console interface, etc.
The memory 103 is used as a nonvolatile computer-readable storage medium for storing nonvolatile software programs, nonvolatile computer-executable programs, and modules. The processor 101 executes various functional applications of the electronic device and data processing, i.e., implements the chip PID-based access method or the register-based access method of the above-described method embodiments, by running nonvolatile software programs, instructions, and units stored in the memory 103.
The memory 103 may include a storage program area that may store an operating system, at least one application program required for functions, and a storage data area; the storage data area may store data created from electronic device usage, and the like. In addition, memory 103 may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash device, or other non-volatile solid state storage device. In some embodiments, memory 103 optionally includes memory remotely located with respect to processor 101, which may be connected to the electronic device via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The one or more units are stored in the memory 103 and when executed by the one or more processors 101 perform the chip PID based access method or the register based access method in any of the method embodiments described above, e.g. perform the method steps S200 to S400 in fig. 1 described above or the method steps S100 to S500 in fig. 2 described above or the method steps S600 to S700 in fig. 5 described above.
The electronic equipment can execute the access method based on the chip PID or the access method based on the register, which are provided by the embodiment of the application, and has the corresponding program modules and beneficial effects of the execution method. Technical details which are not described in detail in the electronic device embodiments may be referred to the chip PID-based access method or the register-based access method provided in the embodiments of the present application.
Embodiments of the present application also provide a nonvolatile computer-readable storage medium that may be contained in the apparatus described in the above embodiments; or may be present alone without being fitted into the device. The above-described nonvolatile computer-readable storage medium carries one or more programs that, when executed, implement the chip PID-based access method or the register-based access method of the embodiments of the present disclosure.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present application, and are not limiting; the technical features of the above embodiments or in the different embodiments may also be combined within the idea of the application, the steps may be implemented in any order, and there are many other variations of the different aspects of the application as above, which are not provided in details for the sake of brevity; although the application has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the application.
Claims (10)
1. An access method based on a chip PID, which is characterized by comprising the following steps:
when the SOC chip receives any character, judging that the SOC chip is in a secure mode or an unsecure mode;
if the SOC chip is in the unsecure mode, enabling the SOC chip to enter the secure mode according to a PID key generated by PID of the SOC chip and outputting a first result;
if the SOC chip is in the secure mode, the SOC chip enters the unsecure mode according to the access key generated by the PID and outputs a second result, or outputs a third result according to the access key.
2. The method of claim 1, wherein prior to determining that the SOC chip is in secure mode or unsecure mode, the method further comprises:
verifying whether the second secret key and the PID of the SOC chip accord with a preset encryption algorithm or not when the SOC chip is in a secure mode;
if not, terminating executing the access method.
3. The method of claim 1, wherein the putting the SOC chip into secure mode based on a PID key generated by a PID of the SOC chip comprises:
sending the PID to a computer;
receiving a first key and a second key generated by the computer according to the PID respectively;
burning the first key to a Flash configuration domain of the SOC chip;
and burning the second key to a reserved area of Flash of the SOC chip.
4. A method according to claim 3, wherein said causing the SOC chip to enter the unsecure mode and output a second result based on an access key generated by the PID or outputting a third result based on the access key comprises:
sending the PID to a computer;
receiving an access key generated by the computer according to the PID;
executing a password verification command on the access key, and verifying whether the access key is consistent with a preset key;
if yes, enabling the SOC chip to enter an unsecure mode and outputting the second result;
if not, outputting the third result;
the preset key comprises a first key and a second key.
5. The method of claim 4, wherein the first key, the second key, and the access key are obtained by encrypting the PID by the computer via an ECB mode or a CBC mode of AES.
6. The method of any of claims 1-5, wherein the first result is that the SOC chip has entered secure mode, the second result is that the SOC chip has entered unsecure mode, waiting to re-burn the first key and the second key, and the third result is that the access key is inconsistent with a preset key, and the SOC chip waits for reset.
7. A register-based access method, comprising:
burning the locking program to an SOC chip, so that the SOC chip enters a secure mode;
and respectively writing preset access permission data into corresponding mode setting registers of the SOC chip to enable the SOC chip to enter an unsecure mode.
8. The method of claim 7, wherein after the SOC chip enters the unsecure mode, the method of re-entering the SOC chip into the secure mode comprises:
the mode setting register comprises a mode exit register, and the SOC chip is caused to exit the unsecure mode by writing data which is different from corresponding access permission data into the mode exit register;
or, after the SOC chip is powered off, the power is turned on again.
9. An electronic device, comprising:
at least one processor;
at least one network interface communicatively coupled to the respective processor; the method comprises the steps of,
a memory communicatively coupled to the at least one processor; wherein, the liquid crystal display device comprises a liquid crystal display device,
the network interface is used for establishing communication connection between the processor and other external devices;
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform a chip PID based access method as claimed in any one of claims 1-6 or a register based access method as claimed in claim 7 or 8.
10. A non-transitory computer storage medium storing computer executable instructions which are executable by one or more processors to cause the one or more processors to perform a chip PID based access method as claimed in any one of claims 1-6 or a register based access method as claimed in claim 7 or 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310730451.XA CN116881985A (en) | 2023-06-19 | 2023-06-19 | Access method based on chip PID or register and corresponding electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310730451.XA CN116881985A (en) | 2023-06-19 | 2023-06-19 | Access method based on chip PID or register and corresponding electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116881985A true CN116881985A (en) | 2023-10-13 |
Family
ID=88268906
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310730451.XA Pending CN116881985A (en) | 2023-06-19 | 2023-06-19 | Access method based on chip PID or register and corresponding electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116881985A (en) |
-
2023
- 2023-06-19 CN CN202310730451.XA patent/CN116881985A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2248063B1 (en) | Method and apparatus for controlling system access during protected modes of operation | |
| CN101533440B (en) | Device for providing secure execution environment and method for executing secure code thereof | |
| CN100578473C (en) | Embedded system and method for increasing embedded system security | |
| US11132468B2 (en) | Security processing unit of PLC and bus arbitration method thereof | |
| US9129536B2 (en) | Circuit for secure provisioning in an untrusted environment | |
| US20070162964A1 (en) | Embedded system insuring security and integrity, and method of increasing security thereof | |
| KR20100016657A (en) | Method and apparatus for protecting simlock information in an electronic device | |
| WO2007125911A1 (en) | Data processing device, method, program, integrated circuit, and program generating device | |
| CN102456111B (en) | Method and system for license control of Linux operating system | |
| JP4791250B2 (en) | Microcomputer and its software falsification prevention method | |
| US20080276087A1 (en) | Peripheral Device for Programmable Logic Controller | |
| JP2018508063A (en) | Secure element | |
| WO2010041259A2 (en) | Device and method for disjointed computing | |
| CN116881985A (en) | Access method based on chip PID or register and corresponding electronic equipment | |
| JP2010160765A (en) | System lsi and debugging method thereof | |
| TWI818221B (en) | Chip and method capable of authenticating off-chip debug firmware program and debug user | |
| KR20240006658A (en) | How to secure your use of the software | |
| CN114117527A (en) | Information authentication method, system, device and readable storage medium | |
| CN117708897A (en) | Method for protecting firmware data of embedded device and embedded device | |
| CN117708896A (en) | Method for protecting firmware data of embedded device and embedded device | |
| JP5126530B2 (en) | External storage device with function to measure computer environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |