FR2957436A1 - Microprocessor system for use in automobile, has non-volatile memory storing software, and memory portion readable by microprocessor, where software has cache software portions that are stored in cache memory portion - Google Patents

Abstract

The system has a non-volatile memory i.e. flash ROM, storing software. The memory comprises a memory portion that serves as a cache memory portion (17) from an exterior of the system when the system is in non-current carrying state. The memory portion is only readable by a microprocessor. The software has cache software portions i.e. program libraries (16f-6s), stored in the cache memory portion. The software verifies the presence of an anti-theft control unit during its execution, so as to continue the execution of the software.

Description

The present invention relates to a microprocessor system and particularly a means of protection against fraudulent use of said system. In the field of microprocessor systems, it is known to use at least one microprocessor capable of executing at least one software. Conventionally for the system to be operable, software, in the form of a list of executable instructions, is stored in nonvolatile memory in order to achieve persistent storage, even when the system is powered off. During execution, the instructions of the software are either loaded into another working memory, or read directly into the non-volatile memory, to be successively executed by the microprocessor. The problem is that all the software is present in one place.

At the stage of the design / production of the microprocessor system product, before being loaded into the non-volatile memory of said microprocessor system, the list of executable instructions constituting the software is conventionally present in the form of one or more computer files. Such files, present on computer systems and networks, can easily be copied, and thus stolen, pirated. Knowing that the hardware part of the microprocessor system is a product most often standard, it is easy to obtain, sometimes even from several sources, even for an unauthorized person. This unauthorized person, if he has the software can easily restore the microprocessor system. During the use phase of the product, the list of executable instructions constituting the software is conventionally loaded into the non-volatile memory of the microprocessor system. This memory, in a conventional manner for purposes of testing and debugging the software, is readable, in addition to the microprocessor, by external means. The software can by such means of reading be easily copied and reproduced, including by an unauthorized person. This unauthorized person, if he has a copy of the original microprocessor system, can easily reconstruct the microprocessor system, reproducing said software on a standard hardware part of the microprocessor system. The object of the present invention is to separate, in the different phases of the product's life, the software into a visible software part and at least a hidden software part, in order to limit the copy access of the complete software and thus to limit the reproduction and unauthorized use of the product. The invention relates to a microprocessor system of the type comprising at least one microprocessor, at least one software and at least one non-volatile memory for storing said software, even when the system is powered off, a part of said memory being a hidden memory part from outside the system in that it is readable only by said microprocessor, the software comprising a hidden software portion stored in said hidden memory portion. According to another characteristic of the invention, the hidden software part comprises an antitheft control means, and the software verifies during its execution the presence of said antitheft control means, in order to continue said execution.

According to another characteristic of the invention, the antitheft control means comprises essential functions of the software, the verification of their presence being effected by their use by the software. According to another characteristic of the invention, said essential functions are chosen from among very little software functions.

Other characteristics, details and advantages of the invention will emerge more clearly from the detailed description given below as an indication in relation to drawings in which: FIG. 1 shows a memory map according to the prior art; FIG. 2 shows a comparable memory map according to the invention. A conventional microprocessor system comprises at least one microprocessor, at least one software and at least one non-volatile memory capable of storing said software. A microprocessor here refers to any logical processing unit, such as a processor, a microprocessor, a microcontroller or any equivalent device. Said microprocessor is able to execute software. The software is composed of a list of executable instructions. In a conventional manner, the non-volatile memory, for example of the "Flash ROM" type (read-only mass memory with rewritable solid-state, "ROM" being the acronym for "Read Only Memory", ie memory to read simple), is readable by the microprocessor. It is also readable by external means, especially for the development and

software test. Such a memory can be written by the microprocessor itself or by a "clapper" or "burner" which makes it possible to register software in said memory. Such memory may be physically included in the microprocessor component (integrated circuit), according to one embodiment. It may also be in the form of a component external to the microprocessor, but typically disposed on the same printed circuit as said microprocessor. It is possible to dispose a part of said non-volatile memory in such a way that it can only be read by the microprocessor and not by the conventional external means of debugging and testing. This part of memory is called later: hidden memory part. It has the characteristic of not being legible from the outside of the system, and therefore not to be copiable. It is not visible from the outside and in particular not from the tracing port, and is not executable step by step by an external debugger. These characteristics, although limiting for the development and testing of a software, prove very advantageous with regard to the object of the invention: to protect a part of the software by making it less accessible and by separating it from the rest of the software. The object of the invention is achieved by separating from the rest of the software a selected software part and hiding it. For this, this selected software part is, according to the invention, stored in said hidden memory part. It is named in the following: hidden software part.

According to one embodiment, the hidden software part may comprise an antitheft control means. In this case, the software verifies during its execution the presence of said antitheft control means, in order to continue said execution. Thus, if the antitheft control means is absent, and / or can not be found by the software, the software stops its execution. The presence test of said antitheft control means can be performed at the beginning of the execution of the software and / or regularly at any time during the execution. The anti-theft control means may be reduced to a mere presence of the hidden memory portion, detectable by reading at an address in the hidden memory portion. Such a reading if it succeeds thus testifies to the presence of the hidden memory part.

The anti-theft control means may further comprise a simple code written in the hidden memory part. This code can then be read by the software and verified in its authenticity by any certification mechanism. This code can still be used to match a microprocessor system with for example a vehicle, another microprocessor system or another control means. The anti-theft control means may further advantageously include software producing code or authorization necessary for the execution of the software.

According to a preferred embodiment, the antitheft control means comprises a useful part of the software comprising essential functions or function libraries of the latter. Thus, the presence check is performed by the software when it tries to use these essential functions.

In addition, the absence of one of these functions, for example caused by the use, typically fraudulent, of a standard microprocessor system not comprising a hidden memory part or having such a hidden memory part but without the software part hidden, makes the software incomplete and thus inoperable, and helps to strengthen the protection.

The writing of a hidden software part in the hidden memory part thus advantageously makes it possible to differentiate, by signing it, a microprocessor system "improved" by said writing, of a "standard" microprocessor system such as it leaves the string of manufacturing, and whose hidden memory remained untouched.

The writing of a hidden software part in the hidden memory part requires specific tools and can only be performed by the manufacturer of the integrated circuit including the memory. This limits the access of this protection means and thus reduces the possibility of unauthorized reproduction of the microprocessor system.

The content of what is intended to be so hidden becomes more difficult to modify, in that it participates in what appears to be a hardware integrated circuit cycle more than a software manufacturing cycle. According to an advantageous embodiment, the hidden code or the hidden software part is defined and integrated in the design or definition file of the microprocessor system, for example in the form of microcode in the

VHDL folder (VHDL is the English abbreviation of "VHSICHDL", ie "Very High Speed Integrated Hardware Circuit Language Description." VHDL is a hardware description language intended to represent the behavior and architecture of a digital electronic system) relating to the microprocessor or the memory. Thus, in the different files, a separation of the software is performed: the hidden software is defined with the hardware folder while the visible software is defined with the software file. These two files following different circuits, it becomes more difficult for an unauthorized person to enter possession and copy the entire software. In the case where the antitheft control means comprises a part of the software comprising essential functions it is interesting to choose which part of the software is hidden or not. It has been seen previously that the writing of a hidden software part in the hidden memory part requires particular tools and can only be performed by the manufacturer. A possible evolution of the software contained in this hidden software part thus becomes almost as difficult as an evolution of the integrated circuit containing the memory and / or the processor. It was also seen that the hidden software part, since stored in the hidden memory part, is therefore non-readable, non-editable and not executable step by step. Also for these reasons, the hidden software part extracted from the software and including the essential functions is chosen to contain only very little software evolution functions.

In addition, in order to limit the number of different configurations of "enhanced" microprocessor system, these hidden functions are preferably selected from generic functions used by many applications. The functions caused to vary from one use to another of the microprocessor system, or requiring a modification, for example in the tuning / focusing phase, are, on the contrary, preferably stored in an undisclosed part of the memory. Thus they benefit from the evolutionary flexibility associated with the software. In order to further illustrate the invention, a particular case of application of the invention to a microprocessor system as conventionally used for automotive applications will now be described.

FIG. 1 presents a cartography 1, according to the prior art, of the organization of the memory of such a microprocessor system. Comprehensive mapping 1 breaks down into different areas. Thus a zone 2 or CALIB includes the parts of the software related to calibration and debugging. An area 3 or AGGR, for "aggregate" in English, more particularly understand the specific objects or functions of a given microprocessor system, also called application. A zone 4 or HAL, for "Hardware Abstraction Layer" in English, includes a software layer of interfaces ensuring complete independence with respect to the underlying hardware. A zone 5 or BIOS includes libraries 6a-6s, generically designated 6, functions useful to the application. Finally an area 8 or BOOT contains the software functions launched first at the start of the software and that allow its initialization and startup. FIG. 2 shows a comparable map 11, according to the invention, of the organization of the memory of such a microprocessor system. This map 11 contains identical zones. All the identical elements are identified by the same reference sign, increased by 10. Thus, the complete map 11 is broken down into different zones.

A zone 12 or CALIB comprises the parts of the software relating to calibration and debugging. An area 13 or AGGR more particularly understand the specific objects or functions of the application. A zone 14 or HAL comprises a software interface layer providing complete independence with respect to the underlying hardware. An area 15 or BIOS includes libraries, generically designated 16, of functions useful to the application. Finally an area 18 or BOOT contains the parts of the software launched first at the start of the software and that allow its initialization and startup. In relation to the prior art, the memory further comprises a hidden zone 17. It is for example chosen to hide in this hidden zone 17 a portion of the libraries 16. The libraries 16a-16e (INJ, IGN, CRK, CAM, KNK) are considered dependent on the application or are intended to evolve and therefore preferentially placed in a visible zone 15 of the memory map 11. On the contrary, it is estimated that the 16f-16s libraries (DIP, DOP,

ADC, DCM, PIM, PWM, ASY, CAN, MCC, SPI, RAM, INT, TIM, SIG) are sufficiently generic and not very scalable to be able to be hidden in the hidden memory portion 17. These libraries 16f-16s constitute here the part hidden software. The functions they contain, however, are essential to the application, and their absence, because, for example, a use of a "standard" microprocessor on which would be copied the only software visible and copiable, makes the execution impossible software.

Claims (4)

REVENDICATIONS1. Microprocessor system of the type comprising at least one microprocessor, at least one software and at least one nonvolatile memory for storing said software, even when the system is de-energized, a part of said memory being a hidden memory portion (17) of the outside the system in that it is readable only by said microprocessor, characterized in that the software comprises a hidden software portion (16f-16s) stored in said hidden memory portion (17). 2. System according to claim 1, wherein the hidden software part (16f-16s) comprises antitheft control means, and wherein the software verifies at its execution the presence of said antitheft control means, in order to continue said execution. 3. System according to claim 2, wherein the antitheft control means comprises essential functions of the software, the verification of their presence being effected by their use by the software. 4. System according to claim 3, wherein said essential functions are chosen from among very little software functions.