CN220509432U - Secure processor architecture and computer device - Google Patents

Secure processor architecture and computer device Download PDF

Info

Publication number
CN220509432U
CN220509432U CN202223407344.3U CN202223407344U CN220509432U CN 220509432 U CN220509432 U CN 220509432U CN 202223407344 U CN202223407344 U CN 202223407344U CN 220509432 U CN220509432 U CN 220509432U
Authority
CN
China
Prior art keywords
module
tpm
tcm
trusted
security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202223407344.3U
Other languages
Chinese (zh)
Inventor
黎媛
张明
张亚光
谭琳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Phytium Technology Co Ltd
Original Assignee
Phytium Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Phytium Technology Co Ltd filed Critical Phytium Technology Co Ltd
Priority to CN202223407344.3U priority Critical patent/CN220509432U/en
Application granted granted Critical
Publication of CN220509432U publication Critical patent/CN220509432U/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The application proposes a secure processor architecture and a computer device, the secure processor architecture comprising: and the central processing unit hardware layer comprises at least one processor core and a safety/trusted service platform, wherein the safety/trusted service platform comprises a trusted cryptography module TCM, a trusted platform module TPM and a trusted platform control module TPCM. The secure processor architecture can provide TCM security measurement service, and/or TPM security measurement service, and/or TPCM security measurement service, so that the secure processor architecture can timely determine the security of an operation object in the processor architecture based on the security measurement service, thereby identifying a dangerous operation object, and thus being beneficial to guaranteeing the security of the whole processor architecture.

Description

Secure processor architecture and computer device
Technical Field
The present utility model relates to the field of processor technologies, and in particular, to a secure processor architecture and a computer device.
Background
As user requirements for security of devices continue to increase, more and more security technologies are applied to computer devices. With the increasing abundance of device software functions and the increasing amount of device data, more and more diversified data and programs run in the device processor architecture, so that ensuring the system security of the processor architecture becomes an important means for ensuring the security of computer devices. Therefore, it is necessary to research a technical solution capable of guaranteeing the security of the processor architecture system to improve the security of the device.
Disclosure of Invention
In order to solve the technical problems, the utility model provides a secure processor architecture and computer equipment, which can improve the security of a processor, thereby improving the security of user equipment.
In order to achieve the above purpose, the present utility model specifically proposes the following scheme:
in a first aspect, the present utility model proposes a secure processor architecture comprising: and the central processing unit hardware layer comprises at least one processor core and a safety/trusted service platform, wherein the safety/trusted service platform comprises a trusted cryptography module TCM, a trusted platform module TPM and a trusted platform control module TPCM. Based on the setting, the safety processor architecture provided by the utility model can provide TCM safety measurement service, and/or TPM safety measurement service, and/or TPCM safety measurement service, and based on the safety measurement service, the safety processor architecture can timely determine the safety of the operation object in the processor architecture, thereby identifying dangerous operation objects, and being beneficial to guaranteeing the safety of the whole processor architecture. Furthermore, the security processor architecture provided by the utility model integrates the TCM, the TPM and the TPCM, so that various security measurement services can be provided, the security measurement requirements of different applications or different users can be met, the security of the processor architecture is ensured, and the universality of the processor architecture can be improved.
In addition, it should be noted that, in the related art, the implementation manner of the external TPM, TCM, and TPCM may additionally increase the consumption of hardware resources in the computer device. The secure processor architecture provided by the utility model can directly upgrade the settings related to the processor in the traditional technology under the scene of not involving trusted computing; in scenarios involving trusted computing, settings in the processor regarding trusted technology may be updated directly. Here, implementations on trusted technology may include: one or more of external TPM, TCM and TPCM; alternatively, the processor integrates a TPM inside; alternatively, the processor integrates a TCM inside; alternatively, the processor integrates a TPM and a TCM inside, etc.
In one implementation, the above secure processor architecture further includes a central processor software layer, where the central processor software layer includes a normal execution environment subsystem REE, a trusted execution environment subsystem TEE, and a secure element subsystem SE, where the trusted execution environment subsystem TEE and the secure element subsystem SE form a software layer corresponding to the secure/trusted service platform. Based on the above arrangement, the software layer of the security/trusted service platform in the security processor architecture provided by the utility model only comprises the trusted execution environment subsystem TEE and the secure element subsystem SE, so that the software programs of the security/trusted service platform are all operated in the TEE or SE, the security of the software programs of the security/trusted service platform can be ensured based on the isolation mechanism of the TEE and SE and the re, and the attack of common application in the re is avoided, and thus the arrangement can ensure the security of the security/trusted service platform, namely the security and the reliability of the trusted measurement service, so that the security of the whole processor architecture is ensured.
In one implementation, the TCM, the TPM, and the TPCM are commonly built in the same subsystem in the software layer corresponding to the secure/trusted service platform, or the TCM, the TPM, and the TPCM are separately built in different subsystems in the software layer corresponding to the secure/trusted service platform. Based on the implementation, the TCM, the TPM and the TPCM can be flexibly arranged in the same subsystem and different subsystems, so that the flexibility of system architecture design is enhanced.
In one implementation, the TEE and the SE operate in a first processor core that is one of the at least one processor core or that is a processor core that is independent of the at least one processor core. Based on this implementation, processor resources may be saved; in addition, the device is arranged in an isomorphic mode, so that the design complexity can be reduced.
In one implementation, the TEE runs in the first processor core and the SE runs in a second processor core; the first processor core is one of the at least one processor core or the first processor core is a processor core that is independent from the at least one processor core; the second processor core is one of the at least one processor core or the second processor core is a processor core that is independent from the at least one processor core. The implementation mode ensures that the SE has the capability of independently processing tasks and responding to requests, ensures that the task execution of the SE is completely independent and is not influenced by the execution environments of other subsystems, is beneficial to improving the safety of a safety architecture system, and is beneficial to improving the task execution efficiency of the SE. Further, in this implementation manner, the hardware resource consumption of the processor can be reduced, and the processing performance of the processor can be improved.
In one implementation, the TCM includes a TCM service module and a TCM cryptographic module, and the TPM includes a TPM service module and a TPM cryptographic module; the TCM cipher module is used for providing trusted computing resources for TCM trusted computing services, and the TCM service module is used for providing TCM trusted computing services by calling the computing resources of the TCM cipher module; the TPM cryptographic module is used for providing trusted computing resources for the TPM trusted computing service, and the TPM service module is used for providing the TPM trusted computing service by calling the computing resources of the TPM cryptographic module. The TCM and the TPM are divided into the service module and the cryptographic module, so that the security of computing resources of the cryptographic module is guaranteed, the multiplexing of the computing resources is realized, and more flexible and various trusted computing services can be realized.
In one implementation, in a case where the TCM, the TPM, and the TPCM are separately built in different subsystems in a software layer corresponding to the secure/trusted service platform, the TCM service module, the TCM cryptographic module, the TPM service module, and the TPM cryptographic module are commonly built in the same subsystem in the software layer corresponding to the secure/trusted service platform, or are separately built in different subsystems in the software layer corresponding to the secure/trusted service platform. Based on the implementation mode, the service module and the password module can be arranged in a centralized manner or in a decentralized manner, so that the diversity and the design flexibility of the system structure are improved, and the more diverse actual scene demands can be met.
In one implementation, in a case where the TCM service module, the TCM cryptographic module, the TPM service module, and the TPM cryptographic module are separately built in different subsystems in a software layer corresponding to the secure/trusted service platform, the TCM cryptographic module and the TCM service module are built in different subsystems in a software layer corresponding to the secure/trusted service platform, and/or the TPM cryptographic module and the TPM service module are built in different subsystems in a software layer corresponding to the secure/trusted service platform. In the implementation mode, the TCM service module and the TCM cryptographic module are arranged separately, or the TPM service module and the TPM cryptographic module are arranged separately, so that the TCM cryptographic module or the TPM cryptographic module is separated from the service module and is in an independent subsystem environment, and the security of the cryptographic module can be ensured.
In one implementation, the TCM cryptographic module and the TCM service module are built in different subsystems in a software layer corresponding to the secure/trusted service platform, and/or the TPM cryptographic module and the TPM service module are built in different subsystems in a software layer corresponding to the secure/trusted service platform, including: the TPM cryptographic module and the TCM cryptographic module are built in the same subsystem in a software layer corresponding to the security/trusted service platform, and the TPM service module and the TCM service module are not built in the same subsystem with the TPM cryptographic module and the TCM cryptographic module at the same time. In the implementation mode, the TPM cryptographic module and the TCM cryptographic module are arranged in the same subsystem, so that multiplexing of trusted computing hardware resources is facilitated, and the TPM cryptographic module and the TCM cryptographic module are arranged in the same subsystem, so that the safety of the TPM cryptographic module and the TCM cryptographic module can be comprehensively guaranteed by guaranteeing the safety of the subsystem.
In one implementation, the TPM cryptographic module and the TCM cryptographic module are built in the same subsystem in a software layer corresponding to the security/trusted service platform, and the TPM service module and the TCM service module are not built in the same subsystem simultaneously with the TPM cryptographic module and the TCM cryptographic module, including: the TPM cryptographic module and the TCM cryptographic module are built in the TEE, and the TPM service module and the TCM service module are built in the SE; or the TPM cryptographic module and the TCM cryptographic module are built in the SE, and the TPM service module and the TCM service module are built in the TEE. By means of physical isolation between the TEE and the SE and the REE, the implementation mode can ensure the safety of the TPM cryptographic module and the TCM cryptographic module, and the implementation mode realizes centralized setting of the cryptographic module and the service module, so that the management and maintenance are convenient.
In one implementation, the TCM includes a TCM driver module, and the TPM includes a TPM driver module; the TCM driving module is used for responding to a TCM service initiation request of an application program, initiating a TCM security service request, and requesting the TCM to provide security measurement service; the TPM driving module is used for responding to a TPM service initiation request of an application program and initiating a TPM security service request, wherein the TPM security service request is used for requesting the TPM to provide security measurement service. Based on the implementation mode, the TCM driving module and the TPM driving module can meet the requirement of an application program for initiating the security service request, and smooth triggering of the security service request is realized.
In one implementation, the TCM driver module is disposed in the REE and/or the TEE, and the TPM driver module is disposed in the REE and/or the TEE. These implementations provide TCM driver modules and TPM driver modules in the REEs and/or TEEs, which may implement security architecture systems of different structures, while enabling applications in the REEs and/or TEEs to initiate security service requests in a variety of different ways.
In one implementation, the security/trusted service platform includes one or more of the following: a nonvolatile memory area, a volatile memory area, a password acceleration engine and a random number generator; wherein the nonvolatile memory area is used for storing one or more of the following information: processor security trusted firmware, keys, root keys, trusted roots, PCR values corresponding to trusted metrics, owner authorization data and permanent flags, trusted reference values and signatures for the trusted cryptography service module, and other critical data; the volatile memory area is used for storing one or more of the following information: the variable value, the transient key and the PCR value corresponding to the hash algorithm generated in the running process of the trusted cryptography service module; the password acceleration engine is used for providing password operation service for the trusted password service module; the random number generator is used to generate a key, a random number required for signing, and entropy to enhance password access. The hardware structure is arranged, so that the security/credibility service platform has a hardware base for providing credible calculation service, and smooth implementation of the credible calculation service is ensured.
In a second aspect, the present utility model provides a computer device comprising the secure processor architecture described above. The security processor architecture is applied to the computer equipment, so that the whole computer equipment can be operated in a security environment by virtue of the excellent security performance of the security processor architecture, the data security of the computer equipment is ensured, and the user information security of the computer equipment is ensured.
Drawings
In order to more clearly illustrate the embodiments of the present utility model or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present utility model, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of a secure processor architecture according to an embodiment of the present utility model;
FIGS. 2 (a) and 2 (b) are schematic diagrams illustrating two other secure processor architectures according to embodiments of the present utility model;
fig. 3 (a) and fig. 3 (b) are schematic diagrams of two different implementation manners of the same subsystem commonly constructed in a software layer corresponding to a security/trusted service platform by the TCM service module, the TCM cryptographic module, the TPM service module and the TPM cryptographic module provided in the embodiments of the present utility model;
Fig. 4 (a) to fig. 4 (f) are schematic diagrams of different implementation manners provided in the embodiments of the present utility model, in which a TPM cryptographic module and a TCM cryptographic module are built in the same subsystem in a software layer corresponding to a security/trusted service platform, and simultaneously, the TPM service module and the TCM service module are not built in the same subsystem with the TPM cryptographic module and the TCM cryptographic module at the same time;
FIGS. 5 (a) -5 (i) are schematic diagrams illustrating different implementation manners of the TCM driver module and the TPM driver module in the distributed arrangement of the TEE and the REE according to the embodiment of the present utility model;
fig. 6 and fig. 7 are schematic structural diagrams of two other secure processor architectures according to an embodiment of the present utility model.
Detailed Description
An embodiment of the present utility model proposes a secure processor architecture, which may be an architecture of a central processor 100, as shown in fig. 1, and includes a central processor hardware layer 101, where at least one processor core 102 and a secure/trusted service platform 103 are disposed inside the central processor hardware layer 101. Inside the security/trusted service platform 103 are built a trusted cryptography module TCM, a trusted platform module TPM and a trusted platform control module TPCM.
Wherein, at least one processor core 102 is connected through an on-chip high-speed interconnection channel, and a data channel is set up between the on-chip high-speed interconnection channel between the secure/trusted service platform 103 and the processor core 102, so that the secure/trusted service platform 103 can perform data communication with any one or more processor cores 102 through the on-chip high-speed interconnection channel.
A bus interface unit 104 is also provided in the cpu hardware layer 101, which bus interface unit 104 is connected to the on-chip high-speed interconnect channel described above, so that at least one processor core 102, as well as the security/trusted service platform 103 described above, can be connected to the bus interface unit 104 via the on-chip high-speed interconnect channel.
The bus interface unit 104 serves as a data interface between the cpu hardware layer 101 and other hardware modules of the cpu 100, and enables data interaction between the cpu 100 (including the security/trusted service platform 103 and the processor core 102) and the other hardware modules. Other hardware modules of the cpu 100 may be a memory management unit, an input/output (I/O) interface, and the like, and may further include components of a processor software layer.
In the secure processor architecture according to the embodiment of the present utility model, a trusted cryptography module TCM, a trusted platform module TPM, and a trusted platform control module TPCM are disposed inside the secure/trusted service platform 103.
Trusted cryptography module TCM (Trusted Cryptography Module), trusted platform module TPM (Trusted Platform Module), and trusted platform control module TPCM (Trusted Platform Control Module) are three mainstream trusted computing standards.
Among them, the TPM standard is introduced by TCG (Trusted Computing Group ), and the TPM technical specification complies with the corresponding international specification, so that it provides standard services conforming to the TPM international specification. In general, a TPM may include two parts, a TPM cryptographic module and a TPM service module, which work cooperatively to support the services of implementing a TPM trusted computing technology.
The TPM cryptographic module is used for providing trusted computing resources for TPM trusted computing services, and the trusted computing resources specifically comprise storage space for storing data such as keys and random numbers, and hardware resources such as algorithm modules for various cryptographic algorithms. For example, in general, the TPM cryptographic module is capable of supporting the digest algorithm units SHA-1, SHA-256, the signature verification and encryption and decryption algorithm unit RSA, ECC, AES, and may also support new algorithms in future evolution iterations. The TPM specification is an evolving iteration that differs somewhat in the types of algorithms and connotation techniques supported by its different versions of the specification. But the intrinsic safety technology is implemented for the same purpose and method. Thus, the schemes mentioned herein are applicable to different versions of the TPM specification.
And the TPM service module is used for providing TPM trusted computing service by calling computing resources of the TPM cryptographic module and mainly comprises programs, algorithms and the like for calling the TPM trusted computing resources to execute the TPM trusted computing service.
In general, when the TPM service module responds to the security service request, the security service needs to be implemented by calling the computing resources of the TPM cryptographic module, that is, when the TPM service module receives the security service request, the computing resources of the TPM cryptographic module are called to implement security metrics, so as to provide security metric services. In some cases, the TPM cryptographic module can directly respond to some security service requests and directly provide security measurement services; alternatively, the TPM service module may also independently provide security metrics services through its own software calculations in response to certain security service requests.
In practical application, the TPM cryptographic module and the TPM service module can be arranged in the same operating environment, so that an integrated TPM module is formed; or the TPM cryptographic module and the TPM service module can be arranged in different running environments, and when the TPM service module responds to the security service request, if the computing resources of the TPM cryptographic module need to be called, the computing resources of the TPM cryptographic module are called in a cross-running environment calling mode.
In order to master the technical dominance and the industrial dominance in the trusted computing field, the core technology for guaranteeing the international information security is mastered in the own hand, and TCM (Trusted Cryptography Module ) standards are introduced in the trusted computing field in China. Similar to a TPM, the TCM module may also include a TCM cryptography module and a TCM service module, which work cooperatively to support services implementing TCM trusted computing technology.
The TCM cryptographic module is an independent cryptographic algorithm module with a protected storage space, and can safely provide hardware computing resources such as cryptographic operation, TRNG, trusted root, storage and the like for trusted computing. The algorithms of the TCM cryptographic module comprise a digest algorithm unit SM3, signature verification and encryption and decryption algorithm units SM2 and SM4 and the like, and can also support new algorithms in future evolution iteration. TCM specifications differ somewhat in terms of the types of algorithms and connotation techniques supported by the evolution iterations, their different versions of the specifications. But the intrinsic safety technology is implemented for the same purpose and method. Thus, the schemes mentioned herein are applicable to different versions of TCM specifications.
The TCM service module can provide trusted computing services such as trusted measurement, trusted report, trusted storage and the like for the application program by calling hardware resources of the TCM cryptographic module.
In general, when the TCM service module responds to the security service request, the TCM service module needs to be implemented by calling the computing resource of the TCM cryptographic module, that is, when the TCM service module receives the security service request, the TCM service module calls the computing resource of the TCM cryptographic module to implement security measurement, and provides security measurement service. In some cases, the TCM cryptographic module can directly respond to some security service requests and directly provide security measurement services; alternatively, the TCM service module may also independently respond to certain security service requests to provide security metric services through its own software calculations.
In practical application, the TCM cryptographic module and the TCM service module may be disposed in the same operating environment, thereby forming an integrated TCM module; or, the TCM cryptographic module and the TCM service module may be set in different operation environments, and when the TCM service module responds to the security service request, if the computing resource of the TCM cryptographic module needs to be called, the computing resource of the TCM cryptographic module is called in a cross-operation environment calling mode.
For example, the TPM and the TCM may be used as cores of trusted computing, and the specific implementation forms may be a system-level chip installed on a motherboard and including a hardware module (cryptographic module) and a software module (service module), and may provide functions such as secure and trusted key storage, integrity report, and basic cryptographic operation for trusted computing. The difference is that the TPM and the TCM provide security services based on different technical routes through different algorithms, so as to realize security measurement of the system.
The safety measurement services provided by the TPM and the TCM are passive safety measurement services, when the system is started, the BIOS must be started first, after the hardware and the system are detected, the BIOS loads the TPM chip or the TCM chip to play the safety measurement role, and the opportunity is provided for hackers to invade and attack the BIOS.
In order to further improve the protection of the security measure to the system, china researches the TPCM standard capable of actively measuring the security of the system.
The TPCM can make integrity measurements on the firmware before the CPU runs the firmware code, ensuring that the firmware has not been tampered with. In the TPCM technology, one TPCM software (hereinafter referred to as TPCM module) and TCM module are included. Wherein the TPCM software is to incorporate TCM modules to implement cryptographic support functions for trusted software bases. The TPCM module is a secure independent module that utilizes TCM to implement active metrics. It encompasses two types of metrology processes: in the power-on starting process of the system, the TPCM module needs to be powered on preferentially to actively measure and verify the firmware; the second is that when the system is running, the TPCM module will perform active metric verification and recording on the application program with a certain frequency.
When the TPM or the TCM is applied to the processor architecture system, the TPM or the TCM is a called resource, and an application program realizes the security measurement of the target object by requesting security service from the TPM or the TCM.
While TPCM has a higher initiative, it can actively measure the security of the system according to preset rules. For example, during a power-on boot process, the TPCM module actively measures the validation firmware; or when the system is running, the TPCM module periodically performs active metric verification and recording on the application program at a certain frequency.
In summary, TPM, TCM, TPCM enables a measure of security to the system. Therefore, the TPM, TCM and TPCM are applied to the processor architecture system, for example, the security/trusted service platform in the secure processor architecture provided by the embodiment of the present utility model includes the trusted cryptography module TCM, the trusted platform module TPM and the trusted platform control module TPCM at the same time, so that the secure processor architecture can provide the TCM security metric service and/or the TPM security metric service and/or the TPCM security metric service, and based on the above security metric service, the secure processor architecture can timely determine the security of the running object in the processor architecture, thereby identifying the dangerous running object, and thus being beneficial to guaranteeing the security of the whole processor architecture.
Furthermore, the security processor architecture provided by the embodiment of the utility model integrates the TCM, the TPM and the TPCM, so that various security measurement services can be provided, the security measurement requirements of different applications or different users can be met, the security of the processor architecture is ensured, and the universality of the processor architecture can be improved.
In addition, it should be noted that, in the related art, the implementation manner of the external TPM, TCM, and TPCM may additionally increase the consumption of hardware resources in the computer device. The design concept provided by the utility model can directly upgrade the setting of the processor in the traditional technology under the scene of not involving trusted computing; in scenarios involving trusted computing, settings in the processor regarding trusted technology may be updated directly. Here, implementations on trusted technology may include: one or more of external TPM, TCM and TPCM; alternatively, the processor integrates a TPM inside; alternatively, the processor integrates a TCM inside; alternatively, the processor integrates a TPM and a TCM inside, etc.
Further, with continued reference to fig. 1, the architecture of the secure processor according to the embodiment of the present utility model further includes a central processor software layer 105, where the central processor software layer 105 includes a general execution environment subsystem REE (Rich Execution Environment), a trusted execution environment subsystem TEE (Trusted Execution Environment), and a secure element subsystem SE (Secure Element), and the trusted execution environment subsystem TEE and the secure element subsystem SE form a software layer corresponding to the secure/trusted service platform 103, that is, the secure/trusted service platform software layer 106.
The general execution environment subsystem REE may comprise a general operating system running on a general purpose embedded processor, in which application programs are installed. The applications running in the REEs may be referred to as normal applications (Client Application, CA), which are less secure and vulnerable to attacks. For example, an application running on the REEs may be a program that relates to a payment scenario in which basic services such as browsing goods, selecting goods, submitting orders, etc. are implemented. Although many security measures such as device access control, device data encryption mechanism, isolation mechanism at application runtime, access control based on permission verification, etc. are taken in the REEs, security of important data in the application cannot be guaranteed.
The trusted execution environment subsystem TEE may be a stand-alone operating environment running outside of a general operating system, which may provide trusted services to and be isolated from, such as a REE. 1 to a plurality of Trusted Applications (TA) can be executed in the TEE, a trusted running environment is provided for a common execution environment subsystem REE through the trusted applications, and the end-to-end security is ensured through confidentiality and integrity protection and data access authority control. Furthermore, the TEE may run in parallel with the REEs, and interact with the REEs through a secure application programming interface (Application Programming Interface, API), for example.
TEE provides a higher security level of operating environment than REEs, but fails to provide a hardware isolation level of secure key storage and key operating environment. Generally, the TEE may provide many application programming interfaces for the REEs, so that the more the REEs call the resources of the TEE, the more the application programming interfaces for performing services provided by the TEE, the greater the risk the TEE faces, and it is difficult to ensure that the application programming interfaces themselves have no security hidden danger, such as security holes, and thus the security risk exists in the resources such as keys in the TEE. Further, multiple trusted application TAs will run in the TEE, and the trusted application TAs completely depend on an isolation mechanism provided by the TEE operating system, and have no hardware level isolation, so that if the trusted application TAs have security holes or the trusted application TAs actively access keys or root keys corresponding to other trusted application TAs, sensitive resources such as keys can also have a great security risk.
The software system in the secure element subsystem SE is relatively simple and comprises fewer hardware components, so that physical protection and implementation of security are easy to establish, thereby improving the security strength of the secure element subsystem SE to serve a security system with higher security requirements. As an example, the TEE may pass a security service request to the SE requesting to provide a corresponding security service and respond based on the request, e.g., the security service may be a service that requests the SE to perform cryptographic operations, etc.
The application running in the secure element subsystem SE may be referred to as the secure element application (Applet), the security of which is highest among the three types of subsystems. Because the security of the secure element subsystem SE is highest compared with that of the normal execution environment subsystem REE and the trusted execution environment subsystem TEE, the secure element subsystem SE generally stores important resources, such as root keys and other information, and the security of the important resources stored in the secure element subsystem SE is ensured by means of authority verification, cryptographic technology and the like.
The REE, TEE, and SE described above collectively comprise the CPU software layer 105, where the TEE and SE collectively comprise the security/trusted service platform software layer 106.
Based on the above-mentioned settings, the software layer of the security/trusted service platform 103 in the secure processor architecture provided by the embodiment of the present utility model only includes the trusted execution environment subsystem TEE and the secure element subsystem SE, so that the software program of the security/trusted service platform 103 runs in the TEE or SE, and based on the isolation mechanism of the TEE and SE and the re, the security of the software program of the security/trusted service platform 103 can be ensured, and the attack of the common application in the re is avoided.
As an alternative implementation manner, in the secure processor architecture proposed in the embodiment of the present utility model, the TEE and the SE may run on the same processor core, or may run on different processor cores. When both the TEE and the SE run on the same processor core, a processor architecture system with isomorphic TEE and SE is constructed, and when both the TEE and the SE run on different processor cores, a processor architecture system with isomorphic TEE and SE is constructed.
For the above-described isomorphic TEE and SE processor architecture system, the TEE and SE run on the same processor core, e.g., in the first processor core, rather than on separate processor cores, in this way processor resources may be saved; in addition, the device is arranged in an isomorphic mode, so that the design complexity can be reduced.
The first processor core may be any one of the at least one processor core 102 shown in fig. 1, or may be a processor core independent of the at least one processor core 102 shown in fig. 1.
For the above-described heterogeneous TEE and SE processor architecture system, the TEE and SE are running on different processor cores, respectively, e.g., the TEE runs in a first processor core and the SE runs in a second processor core. The SE has the capability of independently processing tasks and responding to requests, so that the task execution of the SE is completely independent and is not influenced by the execution environments of other subsystems, the safety of a safety architecture system is improved, and meanwhile, the task execution efficiency of the SE is improved. Further, in this implementation manner, the hardware resource consumption of the processor can be reduced, and the processing performance of the processor can be improved.
The first processor core and the second processor core may be any one of the at least one processor core 102 shown in fig. 1, or may be independent of the at least one processor core 102 shown in fig. 1.
Whether the TEE and SE are disposed on the same processor core or on different processor cores, the security metric function of the overall processor architecture system is not affected. Thus, the description of the structure of various types of secure architecture systems in subsequent embodiments of the present utility model includes by default cases where the TEE and SE are located on the same or different processor cores.
As described in the previous embodiments, in the secure processor architecture proposed by the present utility model, a secure/trusted service platform 103 is included, and a corresponding secure/trusted service platform software layer 106, the secure/trusted service platform software layer 106 being composed of TEE and SE. Inside the security/trusted service platform 103 are provided TCM, TPM and TPCM.
In some implementations, the TCM, the TPM, and the TPCM described above may be co-built in the same subsystem in the software layer 106 corresponding to the security/trusted service platform 103, such as shown in fig. 2 (a), the TCM, the TPM, and the TPCM may be co-built in the TEE, or, as shown in fig. 2 (b), the TCM, the TPM, and the TPCM may be co-built in the SE.
Alternatively, the TCM, TPM and TPCM are built in separate subsystems in the corresponding software layer 106 of the security/trusted service platform 103, e.g. TCM, TPM and TPCM are distributed in TEE and SE.
The TCM, the TPM and the TPCM may be set in a centralized manner in the same subsystem of the security/trusted service platform software layer 106, or set in a decentralized manner in different subsystems, so that the architecture of the security processor architecture provided in the embodiment of the present utility model is more various, and can meet the requirements of different performance configurations and different scenarios on the architecture of the security architecture system.
As described in the above embodiments, the TCM includes a TCM service module and a TCM cryptographic module, and the TPM includes a TPM service module and a TPM cryptographic module.
In the case where TCM, TPM and TPCM are commonly built in the same subsystem in the software layer 106 corresponding to the security/trusted service platform 103, the TCM service module, TCM cryptographic module, TPM service module and TPM cryptographic module are all built in the same subsystem in the software layer 106 corresponding to the security/trusted service platform 103, for example, are all built in TEE or SE.
In the case where TCM, TPM and TPCM are separately built in different subsystems in the software layer 106 corresponding to the security/trusted service platform 103, the TCM service module, TCM cryptographic module, TPM service module and TPM cryptographic module may be commonly built in the same subsystem in the software layer 106 corresponding to the security/trusted service platform 103, for example, as shown in fig. 3 (a), the TCM service module, TCM cryptographic module, TPM service module and TPM cryptographic module are commonly built in TEE and TPCM is built in SE, or, as shown in fig. 3 (b), the TCM service module, TCM cryptographic module, TPM service module and TPM cryptographic module are commonly built in SE and TPCM is built in TEE.
Alternatively, the TCM service module, the TCM cryptographic module, the TPM service module, and the TPM cryptographic module may be separately built in different subsystems in the software layer corresponding to the security/trusted service platform 103, for example, the TCM service module, the TCM cryptographic module, the TPM service module, and the TPM cryptographic module are separately arranged in TEE and SE.
Various cases in which the TCM service module, the TCM cryptographic module, the TPM service module, and the TPM cryptographic module are distributed in TEE and SE are exemplarily described below.
Illustratively, the TCM cryptographic module and the TCM service module are built in different subsystems in the software layer 106 corresponding to the security/trusted service platform 103, for example, the TCM cryptographic module is built in TEE, the TCM service module is built in SE, or the TCM service module is built in TEE, the TCM cryptographic module is built in SE. On this basis, the TPM cryptographic module and the TPM service module may be built in the TEE or the SE at the same time, or the TPM cryptographic module and the TPM service module may be built in the TEE and the SE in a distributed manner, for example, the TPM cryptographic module is built in the TEE, the TPM service module is built in the SE, or the TPM service module is built in the TEE, the TPM cryptographic module is built in the SE.
And/or the number of the groups of groups,
the TPM cryptographic module and the TPM service module are built in different subsystems in the software layer 106 corresponding to the security/trusted service platform 103, e.g. the TPM cryptographic module is built in TEE, the TPM service module is built in SE, or the TPM service module is built in TEE, the TPM cryptographic module is built in SE. On this basis, the TCM cryptographic module and the TCM service module may be built in the TEE or the SE at the same time, or the TCM cryptographic module and the TCM service module may be built in the TEE and the SE in a decentralized manner, for example, the TCM cryptographic module is built in the TEE, the TCM service module is built in the SE, or the TCM service module is built in the TEE, the TCM cryptographic module is built in the SE.
As a preferred implementation, the TPM cryptographic module and the TCM cryptographic module may be built into the same subsystem in the software layer 106 corresponding to the security/trusted service platform 103, while the TPM service module and the TCM service module are not built into the same subsystem at the same time.
For example, a TPM cryptographic module and a TCM cryptographic module are built in the SE, while a TPM service module and a TCM service module are not built in the SE at the same time.
Specifically, referring to fig. 4 (a), the TPM cryptographic module and the TCM cryptographic module may be built in SE, while the TPM service module is built in SE and the TCM service module is built in TEE.
Referring to fig. 4 (b), the TPM cryptographic module and the TCM cryptographic module may be built in SE, while the TCM service module is built in SE and the TPM service module is built in TEE.
Referring to fig. 4 (c), the TPM and TCM cryptographic modules may be built in the SE, while the TPM and TCM service modules are built in the TEE.
Or the TPM cryptographic module and the TCM cryptographic module are built in the TEE, and meanwhile, the TPM service module and the TCM service module are not built in the TEE at the same time.
Specifically, referring to fig. 4 (d), the TPM cryptographic module and the TCM cryptographic module may be built in the TEE, while the TPM service module is built in the TEE and the TCM service module is built in the SE.
Referring to fig. 4 (e), the TPM cryptographic module and the TCM cryptographic module may be built in the TEE, while the TCM service module is built in the TEE and the TPM service module is built in the SE.
Referring to fig. 4 (f), the TPM cryptographic module and the TCM cryptographic module may be built in the TEE, while the TPM service module and the TCM service module are built in the SE.
In the above arrangement, the TPM cryptographic module and the TCM cryptographic module are jointly disposed in the same subsystem, so that the TPM cryptographic module and the TCM cryptographic module may operate on the same processor core, rather than on different processor cores.
In addition, the service module and the password module can be separately arranged in the arrangement mode, so that the security of the password module can be effectively improved. Meanwhile, the flexibility of development and design of software products of the TPCM, the TPM service module and the TCM service module can be improved.
It should be noted that fig. 3 (a), 3 (b) and 4 (a) to 4 (f) are intended to specifically illustrate the arrangement of the TPM cryptographic module, the TCM cryptographic module, the TPM service module and the TCM service module in the TEE and SE of the secure processor architecture shown in fig. 1, and in order to intuitively and severely illustrate these matters, other parts of the processor architecture are not specifically illustrated. For example, for the setting of the TPCM, it may be set in the TEE or SE of the secure processor architecture of various structures described above. For the specific structure of the other parts of the secure processor architecture corresponding to fig. 3 (a), 3 (b) and 4 (a) to 4 (f), reference may be made to fig. 1 or 2 (a), 2 (b).
The application program calls the TPM or the TCM and needs to be realized by a corresponding driving module. Specifically, the TPM further comprises a TPM driving module, and the application program realizes the invocation of the TPM through the TPM driving module; the TCM also comprises a TCM driving module, and the application program realizes the call of the TCM through the TCM driving module.
The TPM driving module is also called a TPM user terminal protocol unit or a firmware-TPM (fTPM for short) and is used for responding to a TPM service initiation request of an application program and initiating a TPM security service request; the TCM driver module is also called a TCM client protocol unit or a firmware-TCM (fTCM for short), and is used for responding to a TCM service initiation request of an application program and initiating a TCM security service request. When the application program needs to call the TPM or the TCM, a TPM service initiation request or a TCM service initiation request is sent to the TPM driving module or the TCM driving module, and when the TPM driving module or the TCM driving module receives the TPM service initiation request or the TCM service initiation request, a TPM security service request is sent to the TPM or a TCM security service request is sent to the TCM. When the TPM or the TCM receives the TPM security service request or the TCM security service request, the TPM or the TCM responds to the request to provide the security measurement service.
In practical application, the TPM driving module can be arranged together with the TPM or can be arranged separately, and the TCM driving module can be arranged together with the TCM or can be arranged separately.
That is, the set position of the TPM driver module does not affect its interaction with the TPM, and similarly, the set position of the TCM driver module does not affect its interaction with the TCM. So long as the TPM driver module and TCM driver module are able to initiate corresponding security service requests in response to requests from the generic applications in the REEs and trusted applications in the TEEs.
Thus, the TCM driver module and the TPM driver module may be selectively configured to REE and/or TEE. Specifically, the TCM driver module may be disposed in the re and/or TEE, and the TPM driver module may be disposed in the re and/or TEE.
Specifically, referring to fig. 5 (a) to 5 (i), various distribution cases of TCM driving modules and TPM driving modules in REEs and TEEs are enumerated (in which TCMs and TPMs are not labeled, but the arrangement of TCM driving modules and TPM driving modules in REEs and TEEs is mainly shown), where fTCM represents a TCM driving module, and fTPM represents a TPM driving module. It should be noted that, fig. 5 (a) to fig. 5 (i) mainly show various situations of the configuration modes of the TCM driving module and the TPM driving module in the REEs and TEEs of the processor architecture, and the specific structure of the processor architecture is not specifically shown, but is not limited, and the specific structure of the processor architecture can be described with reference to fig. 1 or fig. 2 (a) and fig. 2 (b).
The various configurations of the TCM driver module and the TPM driver module shown in fig. 5 (a) to 5 (i) in the REEs and TEEs may be applied to any of the secure processor architectures described in the foregoing embodiments, respectively, so as to obtain secure processor architectures with various structures.
For example, the configuration of the TCM driver module and the TPM driver module shown in fig. 5 (a) is applied to the secure processor architecture shown in fig. 2 (a), and the secure processor architecture shown in fig. 6 may be obtained.
The configuration of the TCM driver module and the TPM driver module shown in fig. 5 (a) is applied to the secure processor architecture shown in fig. 2 (b), and the secure processor architecture shown in fig. 7 can be obtained.
By analogy, the various configurations of the TCM driver module and the TPM driver module shown in fig. 5 (a) to 5 (i) in the REEs and TEEs are respectively applied to any of the secure processor architectures described in any of the above embodiments, so that secure processor architectures with various structures can be obtained, and these combinations are all clear and implemented by those skilled in the art based on the description of the above embodiments of the present utility model, and therefore will not be described in detail.
With continued reference to fig. 1 or fig. 2 (a), fig. 2 (b), the secure/trusted service credential platform 103 of the secure processor architecture according to the present utility model includes one or more of a nonvolatile memory area, a volatile memory area, a cryptographic acceleration engine, and a random number generator.
The nonvolatile storage area is configured to provide a nonvolatile storage space for the security/trusted service platform 103 according to the TPM and/or TCM specifications and/or TPCM specifications, and is specifically configured to store one or more of the following information: processor security trusted firmware, keys, root keys, trusted roots, platform configuration register (platformconfiguration register, PCR) values for trusted metrics, owner authorization data and permanent flags, trusted reference values and signatures for trusted cryptography service modules, and other critical data, etc.
A volatile memory area for storing one or more of the following information in accordance with the TPM and/or TCM specifications and/or TPCM specifications: variable values, transient keys and platform configuration register (Platform Configuration Register, PCR) values corresponding to hash algorithms such as SHA256/SM3/SHA1 generated during the operation of the security/trusted service platform. The PCR is used to store the results of the above-described trusted metric actions, of course, the contents of the PCR are reset after the system is powered down or restarted.
A cryptographic acceleration engine for providing cryptographic operation services to a secure/trusted service platform, in particular, a specialized computing engine providing cryptographic algorithms to the secure/trusted service platform in accordance with a TPM and/or TCM specification and/or a TPCM specification, the cryptographic algorithms including, but not limited to, one or more of the following: SM3, SHA256, SHA1, RSA, ECC, AES, DES, SM4 and SM2.
The random number generator, which is a true random number generator provided by the processor, conforms to the TPM and/or TCM specifications, is a source of randomness for the trusted computing module, and is used to provide the security/trusted service platform with random numbers required to perform security/trusted operations, such as providing random or non-repeated random numbers nonces required for key generation, signing that are used only once, and entropy to enhance password access, etc.
Based on the above secure processor architecture, the embodiment of the present utility model further proposes a computer device, which includes any one of the secure processor architectures described in any one of the above embodiments.
In addition, the computer device may further include other necessary hardware structures, such as a memory, an input/output device, and the like, which is not limited in this embodiment.
Specifically, the computer device may be any processor-based computing device such as a personal computer, an intelligent terminal, a wearable device, a server, etc., which is not illustrated in this embodiment.
The security processor architecture provided by the embodiment of the utility model is applied to the computer equipment, so that the whole computer equipment can be operated in a security environment by means of excellent security performance of the security processor architecture, the data security of the computer equipment is ensured, and the user information security of the computer equipment is ensured.
It should be noted that, in the present specification, each embodiment is described in a progressive manner, and each embodiment is mainly described as different from other embodiments, and identical and similar parts between the embodiments are all enough to be referred to each other. The modules and sub-modules in the device and the terminal of each embodiment of the present application may be combined, divided, and deleted according to actual needs, and features described in each embodiment may be replaced or combined.
In the embodiments provided in the present application, it should be understood that the disclosed terminal and apparatus may be implemented in other manners. For example, the division of a module or sub-module is merely a logical function division, and there may be other manners of division when actually implemented, for example, multiple sub-modules or modules may be combined or integrated into another module, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or modules, which may be in electrical, mechanical, or other forms.
The modules or sub-modules illustrated as separate components may or may not be physically separate, and components that are modules or sub-modules may or may not be physical modules or sub-modules, i.e., may be located in one place, or may be distributed over multiple network modules or sub-modules. Some or all of the modules or sub-modules may be selected according to actual needs to achieve the purpose of the embodiment.
In addition, each functional module or sub-module in each embodiment of the present application may be integrated in one processing module, or each module or sub-module may exist alone physically, or two or more modules or sub-modules may be integrated in one module.
Finally, it is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that an article or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such article or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in an article or apparatus that comprises the element.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (3)

1. A secure processor architecture, comprising:
the system comprises a central processor hardware layer, wherein the central processor hardware layer comprises at least one processor core and a secure/trusted service platform, the at least one processor core is connected with the secure/trusted service platform through an on-chip high-speed interconnection channel, and the secure/trusted service platform comprises a trusted cryptography module TCM, a trusted platform module TPM and a trusted platform control module TPCM.
2. The secure processor architecture of claim 1, wherein the secure/trusted service platform comprises one or more of: a nonvolatile memory area, a volatile memory area, a password acceleration engine and a random number generator.
3. A computer device comprising the secure processor architecture of claim 1.
CN202223407344.3U 2022-12-16 2022-12-16 Secure processor architecture and computer device Active CN220509432U (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202223407344.3U CN220509432U (en) 2022-12-16 2022-12-16 Secure processor architecture and computer device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202223407344.3U CN220509432U (en) 2022-12-16 2022-12-16 Secure processor architecture and computer device

Publications (1)

Publication Number Publication Date
CN220509432U true CN220509432U (en) 2024-02-20

Family

ID=89876979

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202223407344.3U Active CN220509432U (en) 2022-12-16 2022-12-16 Secure processor architecture and computer device

Country Status (1)

Country Link
CN (1) CN220509432U (en)

Similar Documents

Publication Publication Date Title
KR101662618B1 (en) Measuring platform components with a single trusted platform module
US10552138B2 (en) Technologies for secure software update using bundles and merkle signatures
EP3275159B1 (en) Technologies for secure server access using a trusted license agent
US8856544B2 (en) System and method for providing secure virtual machines
CN107667347B (en) Techniques for virtualized access to security services provided by a converged manageability and security engine
US8595483B2 (en) Associating a multi-context trusted platform module with distributed platforms
EP1805571B1 (en) Verifying binding of an initial trusted device to a secured processing system
US11487852B2 (en) Blockchain-based license management
US20120246470A1 (en) Information processing device, information processing system, software routine execution method, and remote attestation method
US9015454B2 (en) Binding data to computers using cryptographic co-processor and machine-specific and platform-specific keys
JP2008500651A (en) Method and apparatus for providing secure virtualization of a trusted platform module
WO2009051471A2 (en) Trusted computer platform method and system without trust credential
CN104539622A (en) Depth proof method of virtual machine, computing device and computer system
CN115618364B (en) Method for realizing safe and reliable starting, safe architecture system and related equipment
CN111125707A (en) BMC (baseboard management controller) safe starting method, system and equipment based on trusted password module
CN112955888A (en) Protecting a group of nodes
CN101582765A (en) User bound portable trusted mobile device
US11580225B2 (en) Determine whether to perform action on computing device based on analysis of endorsement information of a security co-processor
CN220509432U (en) Secure processor architecture and computer device
CN220509433U (en) Secure processor architecture and computer device
Guo et al. Building trust in container environment
US10621355B2 (en) Method for initializing a computerized system and computerized system
CN116263832A (en) Distributed authentication in heterogeneous computing clusters
CN112269980A (en) Processor architecture
CN115618328B (en) Security architecture system, security management method, computing device, and readable storage medium

Legal Events

Date Code Title Description
GR01 Patent grant
GR01 Patent grant