JP2020187650A - Controller system and method - Google Patents

Abstract

To provide a mechanism for a multi-controller system, with which it is possible to realize appropriate protection against risks such as program falsification or deterioration at a low cost while avoiding the excessive extension of a processing time.SOLUTION: The controller system comprises: a first controller including a first determination unit for determining whether a program for the first controller which is executed by the first controller is valid; and a second controller including a second determination unit for determining whether a program for the second controller which is executed by the second controller is valid. The first controller determines whether a validity determination program for the second controller which is executed by the second determination unit in order to determine whether the program for the second controller is valid. A corresponding method is also provided.SELECTED DRAWING: Figure 3

Description

The present disclosure relates generally to controller systems, and more specifically to verifying the validity of programs in controller systems.

Cyber attacks are known that attempt to illegally use information devices by falsifying programs such as firmware embedded in information devices. One of the solutions to such attacks is secure boot. In secure boot, the boot loader, which usually loads the boot program for the processor, verifies the boot program's digital signature (hereinafter simply referred to as the signature) before executing the boot program to ensure that the boot program is valid. Confirm. The bootloader is implemented in a way that makes it difficult to rewrite the logic (eg, using hardware) and provides a root of trust (RoT). A boot program determined to be legitimate by a boot loader trusted as RoT confirms the legitimacy of other programs such as BIOS (Basic Input Output System) and operating system. By confirming the validity of all the programs constituting the system while forming a chain of trust in this way, it is possible to protect the information device against unauthorized use due to falsification of the programs. Such a technique also provides protection of information equipment against malfunctions caused by deterioration of program data, rather than tampering with the program.

The digital signature of the program is generated by encrypting the hash value derived from the program data with the signature key, which is the private key of the public key cryptographic key pair. As a method for generating a digital signature, for example, a method based on RSA encryption, a DSA (Digital Signature Algorithm) method, and an ECDSA (Elliptic Curve DSA) method are known. The generated digital signature is typically stored in non-volatile memory along with the program data. To verify the validity of a program, verify whether the hash value derived from the program data in memory matches the hash value restored from the digital signature using the verification key (public key of the key pair). It is done by. If these hash values match, the program data has not been tampered with and has not deteriorated.

Patent Document 1 proposes a method for detecting tampering on a platform of a multifunction device including a plurality of CPUs (Central Processing Units) in one controller. Specifically, in the method disclosed in Patent Document 1, the sub CPU collectively verifies the validity of the program for the sub CPU and the program for the main CPU, thereby shortening the processing time for tampering detection. Is realized.

Japanese Unexamined Patent Publication No. 2014-021953

However, in a multi-controller system with multiple interconnected controllers, if a single controller attempts to verify the validity of all programs at once, the processing time can be rather long due to communication between the controllers. .. On the other hand, if individual controllers try to implement a mechanism for verifying the validity of a program in the controller independently of each other, the implementation cost can be large.

Therefore, in a multi-controller system, it is required to provide a mechanism capable of realizing appropriate protection against risks such as program falsification and deterioration at low cost while avoiding an excessively prolonged processing time. ..

According to a certain viewpoint, the first controller including the first determination unit for determining whether the program for the first controller executed by the first controller is valid, and the second controller executed by the second controller. The second controller including the second determination unit for determining whether the controller program is valid, and the first controller is used to determine whether the second controller program is valid. A controller system for determining whether the validity determination program for the second controller executed by the second determination unit is valid is provided.

According to the present disclosure, in a multi-controller system, it is possible to realize appropriate protection against risks such as program falsification and deterioration at low cost while avoiding an excessively long processing time.

The hardware block diagram of the multifunction device which concerns on one Embodiment. The block diagram of the main controller and the sub controller which concerns on one Embodiment. A program layout diagram showing an example of program layout in a multifunction device according to an embodiment together with a chain of trust. A flowchart showing an example of a schematic flow of processing executed by a controller system according to an embodiment. FIG. 3 is a flowchart showing an example of the flow of the program validity determination process for the main controller shown in FIG. The flowchart which shows an example of the flow of the legitimacy determination process between controllers shown in FIG. FIG. 5 is a flowchart showing an example of the flow of the program validity determination process for the sub controller shown in FIG. Explanatory drawing for explaining multi-step inter-controller verification which concerns on one modification.

Hereinafter, embodiments will be described in detail with reference to the accompanying drawings. The following embodiments do not limit the invention according to the claims. Although a plurality of features are described in the embodiment, not all of the plurality of features are essential to the invention, and the plurality of features may be arbitrarily combined. Further, in the accompanying drawings, the same or similar configurations are given the same reference numbers, and duplicate description is omitted.

<< 1. Device configuration example >>
<1-1. Overall configuration>
The technique according to the present disclosure can be applied to all information processing devices having a controller system including a plurality of controllers as a platform, although not limited to the above. This section describes an example in which the technology according to the present disclosure is applied to a digital multifunction device (Multi-Function Peripheral (MFP)). Hereinafter, the digital multifunction device is also simply referred to as a multifunction device. However, the technique according to the present disclosure is not limited to the multifunction device, and may be applied to any kind of information processing device.

FIG. 1 is a hardware configuration diagram of the multifunction device 10 according to the embodiment. Referring to FIG. 1, the multifunction device 10 includes a main controller 20, a scanner controller 30, a scanner 40, a printer controller 50, a printer 60, a user interface (UI) controller 70, and a UI 80.

The main controller 20 is a controller that integrally controls the operations of a plurality of components included in the multifunction device 10. The main controller 20 is connected to the scanner controller 30, the printer controller 50, and the UI controller 70, which will be described later. The main controller 20 may be further connected to the external network or external device of the multifunction device 10 by wire or wirelessly.

The scanner controller 30 is a controller that controls the operation of the scanner 40. The scanner 40 has a role as an image reading unit that scans a document and reads an image of the document. For example, when the image of the original is read by the scanner 40, the scanner controller 30 executes image processing on the read image as necessary, and transmits the processed image to the main controller 20.

The printer controller 50 is a controller that controls the operation of the printer 60. The printer 60 has a role as a printing unit for printing an image. For example, the printer controller 50 receives an image to be printed from the main controller 20, executes image processing on the received image as necessary, and outputs the processed image to the printer 60. The printer 60 prints an image input from the printer controller 50. The printer 60 may receive the image read by the scanner 40 via the scanner controller 30 and the printer controller 50 under the control of the main controller 20, and print (that is, copy) the received image.

The UI controller 70 is a controller that controls acceptance of operations by the user and output of information to the user via the UI 80. The UI 80 has a role as an operation unit that accepts operations by the user. For example, the UI 80 displays a menu related to the operation of the multifunction device 10 on a display (not shown). Further, the UI 80 accepts a user operation requesting execution of a function such as scanning or copying a document or printing an image via an input interface (not shown) such as a touch panel, a button or a switch. The UI controller 70 transmits a corresponding command to the main controller 20 in response to such a user operation. The main controller 20 causes the scanner 40 to scan the document via the scanner controller 30 and / or causes the printer 60 to print the image via the printer controller 50 in response to receiving the command.

In the following description, each of the scanner controller 30, the printer controller 50, and the UI controller 70 that communicates with the main controller 20 and is controlled by the main controller 20 is referred to as a sub controller. Each of the main controller 20 and the sub controller has a memory for storing one or more programs and a processor (for example, a CPU) for executing the programs. More detailed configurations of these programs will be described later.

<1-2. Main controller configuration>
FIG. 2 is a configuration diagram of a main controller and a sub controller according to an embodiment. Here, an example in which the sub controller is the printer controller 50 is shown.

Referring to FIG. 2, the main controller 20 includes a system-on-chip (SOC) 21, DRAM 121, NOR flash memory 122 and LED 125. The SOC 21 is a semiconductor chip in which components for realizing the control function of the main controller 20 are integrated. Specifically, the SOC 21 includes a system bus 100, a CPU 101, a CPU 102, a ROM 103, an OTP 104, a secure assist unit 105, and an image processing unit 106. The SOC 21 further includes a RAM interface (I / F) 111, a flash memory I / F 112, a printer controller I / F 113, an image transmitter 114, and an external port I / F 115. The system bus 100 connects these components contained in the SOC 21 to each other.

The CPU 101 is a processor that executes a boot loader (also referred to as an IPL (Initial Program Loader)) described later. The CPU 101 executes the boot loader to determine whether the boot program is valid (for example, whether it has been changed due to falsification or deterioration), and if the validity is affirmed, the CPU 102 is released from the reset. Determining whether a boot program is legitimate is made by verifying the signature associated with the boot program. Additionally, the CPU 101 may determine if one or more programs for purposes other than booting for the main controller 20 are legitimate.

The CPU 102 executes a boot program determined to be valid to start the system of the main controller 20. Further, the CPU 102 may execute another program for the main controller 20 determined to be legitimate to control various components of the main controller 20. In the present embodiment, the program for the main controller 20 includes at least a function of booting the first system running on the main controller 20. The first system may include, for example, the BIOS of the main controller 20 and the operating system. Further, in the present embodiment, the CPU 102 determines whether the validity determination program used in the printer controller 50, which is a sub controller, is valid by verifying the signature associated with the program. As an example, the validity determination program for the printer controller 50 and its signature are stored in advance in the NOR flash memory 222, which will be described later, and are read out via the main controller I / F 208 and the printer controller I / F 113. The CPU 102 releases the reset of the CPU 202 of the printer controller 50 when it is determined that the validity determination program for the printer controller 50 is valid.

The ROM (Read Only Memory) 103 stores in advance the above-mentioned boot loader executed by the CPU 101. The ROM 103 may be composed of, for example, a mask ROM in which the data once written cannot be rewritten. As a result, it becomes difficult to rewrite the logic of the boot loader, and the boot loader (or CPU101) can be positioned as RoT.

The OTP (One Time Programmable ROM) 104 is a ROM that can be written only once at the time of manufacture, and stores a verification key used for verifying a signature associated with an individual program. The verification key corresponds to the public key in the key pair of public key cryptography, and it is possible to recover a valid hash value from the hash value (that is, signature) of the program encrypted with the signature key corresponding to the private key. To do.

The secure assist unit 105 supports signature verification by providing a function of calculating a hash value of the program data from the program data. For example, if the hash value calculated from the program data of the boot program read from the NOR flash memory 122 does not match the hash value restored from the signature of the program, the boot program may be determined to be invalid. This means that the boot program has changed against the intent of a legitimate developer due to tampering or degradation. Similarly, if the hash value calculated from the legitimacy determination program read from the NOR flash memory 222 does not match the hash value restored from the signature of the program, the legitimacy determination program may be determined to be invalid. The secure assist unit 105 also provides a function of decrypting the encrypted data encrypted with the signature key with the verification key stored in the OTP 104. For example, the secure assist unit 105 can be used to decrypt the signature associated with the boot program and the signature associated with the legitimacy determination program for the printer controller 50. The signatures of a plurality of programs may be decrypted with different verification keys unique to each program, or may be decrypted with a single common verification key.

The image processing unit 106 is a component that executes image processing such as shading of the scanned image received from the scanner controller 30 and halftone of the printed image transmitted to the printer controller 50.

The RAM I / F 111 is an interface for accessing the DRAM 121 by the SOC 21. The RAM I / F 111 can control operations such as reading data from the DRAM 121 and writing data to the DRAM 121, for example. The DRAM 121 is used as a work memory for the CPU 102 and the image processing unit 106, and temporarily stores a program and other data executed by the CPU 102.

The flash memory I / F 112 is an interface for accessing the NOR flash memory 122 by the SOC 21. The flash memory I / F 112 can control operations such as reading data from the NOR flash memory 122 and writing data to the NOR flash memory 122, for example. The NOR flash memory 122 stores the boot program described above and signature data associated with the boot program.

The printer controller I / F 113 is an interface for communication between the main controller 20 and the printer controller 50. In the present embodiment, the main controller 20 may receive data (for example, a validity determination program and a signature for the printer controller 50) read from the memory in the printer controller 50, which will be described later, via the printer controller I / F 113. ..

The image transmission unit 114 transmits an image to be printed by the printer 60 from the main controller 20 to the printer controller 50. The image to be printed by the printer 60 may be, for example, a halftone image processed by the image processing unit 106.

The external port I / F 115 is an interface for controlling a general-purpose port that provides an input / output function of the multifunction device 10. For example, the external port I / F 115 may turn on, turn off, or blink the LED 125 via an output port (not shown), if necessary. The external port I / F 115 may turn on or blink the LED 125 (for example, in a pattern corresponding to the type of abnormality such as software abnormality or hardware abnormality) in order to notify the user of the abnormality that has occurred in the multifunction device 10. Good.

<1-3. Sub-controller configuration>
As described above, the printer controller 50 is an example of the sub-controller of the multifunction device 10 according to the embodiment.

Referring to FIG. 2, the printer controller 50 includes an SOC 51, a DRAM 221 and a NOR flash memory 222. The SOC 51 is a semiconductor chip in which components for realizing the control function of the printer controller 50 are integrated. Specifically, the SOC 51 includes a system bus 200, a CPU 202, an image processing unit 206, a main controller I / F 208, an image receiving unit 209, a RAM I / F 211, a flash memory I / F 212, a system control unit 215, and a printer I / F 216. including. The system bus 200 connects these components included in the SOC 51 to each other.

When the validity determination program for the printer controller 50 is determined to be valid in the main controller 20, the CPU 202 executes the validity determination program and determines the validity of another program for the printer controller 50. .. As described above, the legitimacy of the legitimacy determination program for the printer controller 50 can be determined by verifying the signature associated with the legitimacy determination program in the CPU 102 of the main controller 20. In the present embodiment, the program for the printer controller 50 includes at least a function of booting a second system running on the printer controller 50. The second system may include, for example, the BIOS of the printer controller 50 and the operating system. In addition, the CPU 202 may execute other programs for the printer controller 50 that are determined to be legitimate to control various components of the printer controller 50.

The image processing unit 206 is a component that executes preprocessing for printing such as minute scaling and PWM (Pulse Width Modulation) on the halftone image received from the main controller 20.

The main controller I / F 208 is an interface for communication between the printer controller 50 and the main controller 20. In the present embodiment, the printer controller 50 may transmit the validity determination program and the signature for the printer controller 50 read from the NOR flash memory 222 described later to the main controller 20 via the main controller I / F 208.

The image receiving unit 209 receives an image to be printed by the printer 60 from the main controller 20. The image received by the image receiving unit 209 may be, for example, a halftone image processed by the main controller 20.

The RAM I / F 211 is an interface for accessing the DRAM 221 by the SOC 51. The RAM I / F 211 can control operations such as reading data from DRAM 221 and writing data to DRAM 221 for example. The DRAM 221 is used as a work memory for the CPU 202 and the image processing unit 206, and temporarily stores a program and other data executed by the CPU 202.

The flash memory I / F 212 is an interface for accessing the NOR flash memory 222 by the SOC 51. The flash memory I / F 212 can control operations such as reading data from the NOR flash memory 222 and writing data to the NOR flash memory 222, for example. The NOR flash memory 222 stores the legitimacy determination program for the printer controller 50 described above and the signature data associated with the legitimacy determination program.

The system control unit 215 activates the minimum functions of the printer controller 50 in response to the power-on of the printer controller 50. For example, the minimum functions of the printer controller 50 may include the functions of the main controller I / F208, the flash memory I / F212, and the NOR flash memory 222, and the communication function via the bus between these functions. Activation of these functions may be controlled, for example, only by a hard sequencer. The system control unit 215 may perform clock control and reset control in the SOC 51 in cooperation with the CPU 202 and the main controller I / F 208.

The printer I / F 216 is an interface for control communication related to control of the printer 60 by the printer controller 50 and transmission of a print image to the printer 60.

<1-4. Software configuration>
FIG. 3 is a program layout diagram showing an example of program layout in the multifunction device 10 according to the embodiment together with a chain of trust.

In the example shown in FIG. 3, in the main controller 20, the boot loader 300 is arranged in the ROM 103 of the main controller 20, and the boot program 310 and the signature 314 associated with the boot program are arranged in the NOR flash memory 122. Further, in the printer controller 50 which is a sub controller, the validity determination program 330, the signature 324 associated with the validity determination program 330, and the system startup program 325 are arranged in the NOR flash memory 222.

The boot loader 300 is a program executed by the CPU 101 when the power of the multifunction device 10 is turned on. The boot loader 300 is stored in the ROM 103 in a form that makes it difficult to rewrite the logic, thereby providing RoT, which is the starting point of the chain of trust for guaranteeing the reliability of the entire system of the multifunction device 10. The boot loader 300 includes a first determination unit 301.

The first determination unit 301 verifies whether one or more main controller programs executed by the main controller 20 are valid. In the example of FIG. 3, the program for the main controller includes the boot program 310. Therefore, the first determination unit 301 determines whether the boot program 310 is valid by verifying the signature 314 associated with the boot program 310 (arrow A1 in the figure). More specifically, for example, if the hash value restored from the encrypted hash value contained in the signature 314 matches the hash value derived from the boot program 310, the boot program 310 is justified. It is judged. If these hash values do not match, it is presumed that the boot program 310 has changed due to falsification or deterioration, and the boot program 310 is determined to be invalid. Restoration of the hash value from the encrypted hash value can be performed by decrypting the encrypted hash value with the verification key stored in advance by OTP104. As the digital signature method for generating and verifying the signature, any kind of method such as an RSA encryption-based method, a DSA method, and an ECDSA method may be used. When the boot program 310 is determined to be valid, the first determination unit 301 releases the reset of the CPU 102 and causes the CPU 102 to execute the boot program 310.

The boot program 310 is a program for the main controller 20 that is executed by the CPU 102 when the boot loader 300 determines that the boot program 310 is valid. In the example of FIG. 3, the boot program 310 includes an initialization unit 311 and an inter-controller determination unit 312. The initialization unit 311 initializes various components of the main controller 20 such as the RAM I / F111 and the printer controller I / F113. The initialization unit 311 may start the BIOS and the operating system of the first system operating in the main controller 20.

The inter-controller determination unit 312 determines whether the validity determination program 330 for the printer controller 50, which will be described later, is valid by verifying the signature 324 associated with the validity determination program 330 (arrow A2 in the figure). .. As described above, the determination of the validity is based on the execution of the boot program 310 (one of the programs for the main controller) determined to be valid by the first determination unit 301. Specifically, the inter-controller determination unit 312 determines the validity when the hash value restored from the encrypted hash value included in the signature 324 matches the hash value derived from the validity determination program 330. The determination program 330 is determined to be valid. If these hash values do not match, it is presumed that the legitimacy determination program 330 has changed due to falsification or deterioration, and the legitimacy determination program 330 is determined to be invalid. Restoration of the hash value from the encrypted hash value can be performed by decrypting the encrypted hash value with the verification key stored in advance by OTP104. Here, as the digital signature method, any kind of method such as an RSA encryption-based method, a DSA method, and an ECDSA method may be used. When the legitimacy determination program 330 is determined to be legitimate, the inter-controller determination unit 312 releases the reset of the CPU 202 of the printer controller 50 and causes the CPU 202 to execute the legitimacy determination program 330.

Note that FIG. 3 shows an example in which the initialization unit 311 and the inter-controller determination unit 312 are included in a single program, but the initialization unit 311 and the inter-controller determination unit 312 are included in separate programs, respectively. It may be.

The validity determination program 330 is a program executed by the CPU 202 to determine whether or not one or more programs for the printer controller 50 are valid. The legitimacy determination program 330 is executed when the boot program 310 determines that the legitimacy determination program 330 is legitimate. In the example of FIG. 3, the legitimacy determination program 330 includes the second determination unit 321.

The second determination unit 321 verifies whether one or more programs for the printer controller 50 (that is, a program for the sub controller) executed by the printer controller 50 are valid. In the example of FIG. 3, the sub-controller program includes the system boot program 325. Therefore, the second determination unit 321 determines whether the system startup program 325 is valid, for example, by verifying the signature or hash value associated with the system startup program 325 (arrow A3 in the figure). The signature or hash value of the system boot program 325 may be held by the validity determination program 330, or may be stored in any memory in the printer controller 50. The determination of correctness here may be performed in the same manner as the determination for the boot program 310 and the validity determination program 330 described above. The second determination unit 321 causes the CPU 202 to execute the system startup program 325 when it is determined that the system startup program 325 is valid.

The system startup program 325 is a program executed when the second determination unit 321 determines that the system startup program 325 is valid. The system boot program 325 may boot (ie boot) the BIOS and operating system of the second system running on the printer controller 50, for example.

Here, the main controller 20 executes the process for the system of the main controller 20 without waiting for the printer controller 50 to determine whether the program for the printer controller 50 performed by the validity determination program 330 is valid. Can be done. As described above, in the present embodiment, the resources of the main controller are controlled by the system earlier than the case where the legitimacy is determined by the main controller for all the programs of the sub controller whose validity should be guaranteed. It is possible to release for.

As shown in FIG. 3, the boot loader 300 (or the first determination unit 301) of the main controller 20 provides the RoT, while the printer controller 50, which is the sub controller, does not provide the RoT. As described above, in the present embodiment, in the multi-controller system in which a plurality of interconnected controllers exist, the implementation of RoT on the controller other than the main controller is omitted, so that the increase in the mounting cost can be suppressed. Further, in the present embodiment, in the sub-controller, the legitimacy of the sub-controller program executed by the sub-controller is determined in the sub-controller except for the legitimacy of the legitimacy determination program for the sub-controller. Therefore, the need to communicate a large number of data bits between controllers for validity verification is avoided, so that the communication load can be reduced and (including the waiting time for waiting for the processing of other controllers to finish). ) The processing time for verification of correctness can be shortened. Moreover, in the present embodiment, starting from RoT provided in the main controller 20, a chain of trust across a plurality of controllers is constructed without interruption. Therefore, the entire multi-controller system can realize appropriate protection (secure boot) against risks such as program falsification and deterioration.

Further, in the present embodiment, as described above, the NOR flash memory 222 of the printer controller 50 has a role as a program storage unit that stores the legitimacy determination program for the sub-controller together with the signature associated with the program in advance. On the other hand, the OTP 104 of the main controller 20 has a role as a key storage unit that stores in advance the verification key corresponding to the signature key used when generating the signature. In this way, by adopting a configuration in which the sub-controller validation program and its signature are held on the sub-controller side and the verification key is held on the main controller side, a high level of independence between the controllers is ensured. Can be done. That is, when the program is legitimately changed to modify the system on the sub-controller side, only the data (program and signature) on the sub-controller side needs to be updated, and the influence on the main controller is avoided.

<< 2. Example of processing flow >>
<2-1. General flow>
FIG. 4 is a flowchart showing an example of a schematic flow of processing executed by the controller system according to the embodiment. The process shown in FIG. 4 can be executed in order to verify the validity of the program in the controller system including the first controller and the second controller. The first controller may be the main controller and the second controller may be the sub controller. In this specification, the controller that provides the base point in the chain of trust is referred to as a main controller, and the other controllers are referred to as sub-controllers. The terms main and sub simply mean the positional relationship in the chain of trust (the one that provides the starting point of trust is the main, and the others are the sub), and suggests any other hierarchical relationship. is not.

As a specific example, it is assumed that the processing shown in FIG. 4 is executed by the main controller 20 and the printer controller 50 of the multifunction device 10. In the following description, S (step) is abbreviated as the processing step.

First, in S10, the main controller 20 executes the program validity determination process for the main controller. The program validity determination process for the main controller can be executed by, for example, the CPU 101 whose reset is released when the power of the multifunction device 10 is turned on. An example of a more detailed flow of the program validity determination process for the main controller will be further described later.

If the main controller program is determined to be valid as a result of the main controller program validity determination process, the process proceeds to S20 via the branch in S15. If it is determined that the program for the main controller is not valid, the process proceeds to S40.

When it is determined that the program for the main controller is valid, the main controller 20 further executes the inter-controller validity determination process in S20. The target of the legitimacy determination in the inter-controller validity determination process is only the legitimacy determination program 330 of the printer controller 50. The inter-controller validity determination process can be executed by, for example, the CPU 102 whose reset result of the validity determination in S10 is released. An example of a more detailed flow of the legitimacy determination process between controllers will be further described later.

If the legitimacy determination program 330 is determined to be legitimate as a result of the inter-controller validity determination process, the process proceeds to S30 via the branch in S25. On the other hand, if the legitimacy determination program 330 is determined to be invalid, the process proceeds to S40.

When the validity determination program 330 is determined to be valid, in S28, the main controller 20 performs processing for the system of the main controller 20 without waiting for the determination of the validity of the subcontroller program in S30. Run. Meanwhile, in S30, the printer controller 50, which is a sub-controller, executes the program validity determination process for the sub-controller. The program validity determination process for the sub controller can be executed by, for example, the CPU 202 whose reset as a result of the validity determination in S20 is released. An example of a more detailed flow of the program validity determination process for the sub controller will be further described later.

If the sub-controller program is determined to be valid as a result of the sub-controller program validity determination process, the process proceeds to S38 via the branch in S35. On the other hand, if it is determined that the sub-controller program is not valid, the process proceeds to S40.

If it is determined that the sub-controller program is valid, in S38, the sub-controller printer controller 50 executes the process for the system of the printer controller 50.

If the validity of the program is denied in at least one of S10, S20, and S30, the startup of the multifunction device 10 will fail. In this case, in S40, the main controller 20 executes an error notification. The error notification may be performed by any method such as blinking of the LED 125, output of an alarm sound, or display of an error message on the display.

<2-2. Validity judgment in the main controller>
FIG. 5 is a flowchart showing an example of the flow of the program validity determination process for the main controller shown in S10 of FIG. This process can be executed by a processor of the main controller (for example, CPU 101 of the main controller 20 of the multifunction device 10) whose reset is released when the power of the apparatus is turned on.

First, in S100, the CPU 101 starts the boot loader 300 stored in advance in the ROM 103.

Next, in S101, the CPU 101 reads the boot program 310 from the NOR flash memory 122, and causes the secure assist unit 105 to calculate the hash value of the boot program 310 to derive the boot program 310.

Then, in S102, the CPU 101 reads the signature 314 associated with the boot program 310 from the NOR flash memory 122. Then, the CPU 101 restores the legitimate hash value of the boot program 310 by causing the secure assist unit 105 to decrypt the signature 314 with the verification key stored in the OTP 104.

Next, in S103, the CPU 101 determines whether the hash value derived in S101 matches the hash value restored in S102. If these hash values match, the process proceeds to S104. On the other hand, if the hash values do not match, the process proceeds to S106.

If the hash values match, in S104, the CPU 101 determines that the boot program 310 is valid, and in S105, releases the reset of the CPU 102 of the main controller 20. As a result, execution of the boot program 310 confirmed to be safe may be started by the CPU 102.

If the hash values do not match, in S106, the CPU 101 determines that the boot program 310 is not valid. As a result, the error notification described in S40 of FIG. 4 can be performed.

<2-3. Validity between controllers>
FIG. 6 is a flowchart showing an example of the flow of the inter-controller validity determination process shown in S20 of FIG. This process can be executed by the processor of the main controller (for example, the CPU 102 of the main controller 20 of the multifunction device 10) whose reset is released as a result of the validity determination of the program for the main controller.

First, in S200, the CPU 102 starts the boot program 310.

Then, in S201, the CPU 102 activates the printer controller I / F 113, which corresponds to the interface for the sub-controller.

Next, in S202, the CPU 102 reads the legitimacy determination program 330 from the NOR flash memory 222 of the printer controller 50 via the printer controller I / F 113, and derives the hash value of the legitimacy determination program 330. The hash value of the legitimacy determination program 330 can be calculated by the secure assist unit 105 based on, for example, the program data of the legitimacy determination program 330.

Next, in S203, the CPU 102 reads the signature 324 associated with the validity determination program 330 from the NOR flash memory 222. Further, the CPU 102 restores the legitimate hash value of the validity determination program 330 by causing the secure assist unit 105 to decrypt the signature 324 with the verification key stored in the OTP 104.

Next, in S204, the CPU 102 determines whether the hash value derived in S202 matches the hash value restored in S203. If these hash values match, the process proceeds to S205. On the other hand, if the hash values do not match, the process proceeds to S207.

When the hash values match, in S205, the CPU 102 determines that the validity determination program 330 is valid, and in S206, the reset of the CPU 202 of the printer controller 50, which is a sub controller, is released. As a result, execution of the legitimacy determination program 330 confirmed to be safe can be started by the CPU 202.

If the hash values do not match, in S207, the CPU 102 determines that the validity determination program 330 is not valid. As a result, the error notification described in S40 of FIG. 4 can be performed.

<2-4. Validity judgment in the sub controller>
FIG. 7 is a flowchart showing an example of the flow of the program validity determination process for the sub-controller shown in S30 of FIG. This process can be executed by the processor of the sub-controller (for example, CPU 202 of the printer controller 50 of the multifunction device 10) whose reset is released as a result of the validity determination of the validity determination program.

Before the program validity determination process for the sub-controller is executed, the system control unit 215 activates the above-mentioned minimum functions of the printer controller 50 in response to the power-on of the multifunction device 10 or the printer controller 50. It is assumed that it has been done.

First, in S300, the CPU 202 reads the validity determination program 330 from the NOR flash memory 222 and starts it.

Next, in S301, the CPU 202 reads the program for the printer controller 50 from the NOR flash memory 222, and derives the hash value of the read program.

Then, in S302, the CPU 202 acquires a valid hash value of the program for the printer controller 50. The hash value of the program for the printer controller 50 may be restored from the signature associated with the program, or may be pre-held in an unencrypted state.

Next, in S303, the CPU 202 determines whether the hash value derived in S301 matches the hash value acquired in S302. If these hash values match, the process proceeds to S304. On the other hand, if the hash values do not match, the process proceeds to S306.

If the hash values match, in S304, the CPU 202 determines that the program for the printer controller 50 is valid, and in S305, starts the program for the printer controller 50. For example, the system boot program 325 may be started by the CPU 202.

If the hash values do not match, in S306, the CPU 202 determines that the program for the printer controller 50 is not valid. As a result, the error notification described in S40 of FIG. 4 can be performed.

As described above, according to the present embodiment, in the controller system including the first controller and the second controller, the first controller determines whether the program for the first controller executed by the first controller is valid. judge. The first controller further determines whether the second controller validity determination program executed by the second controller is valid in order to determine whether the second controller program is valid. The second controller determines whether the program for the second controller is valid. In other words, the legitimacy of the legitimacy determination program for the second controller is determined by the first controller, but the legitimacy of the other program for the second controller is determined by executing the legitimacy determination program. Determined by the controller. Therefore, it is possible to avoid the need to communicate a large number of data bits between the controllers for correctness verification, so that the communication load can be reduced and the processing time required for correctness verification can be shortened. Moreover, the controller system as a whole can realize appropriate protection (secure boot) against risks such as program tampering and deterioration at low cost.

<< 3. Modification example >>
The present invention is not limited to the above embodiment, and various modifications are possible. For example, in the above embodiment, an example of application of the multifunction device 10 to the main controller 20 and the printer controller 50 has been mainly described. However, in general, the techniques according to the present disclosure are applicable to controller systems including at least first and second controllers, or devices including such controller systems. Notwithstanding the above example, the first controller and the second controller are two controllers that are functionally positioned in parallel (eg, any two pairs of the scanner controller 30, the printer controller 50 and the UI controller 70). There may be. Further, there may be two or more second controllers for one first controller.

Further, although not shown in FIG. 2 for the sake of simplicity of explanation, the main controller 20 provides a communication I / F for communicating with the scanner controller 30 and a communication I / F for communicating with the UI controller 70. Can include. Like the printer controller 50, the scanner controller 30 may include at least one processor (eg, a CPU), a memory that stores programs executed by the processor, and a communication I / F for communicating with the main controller 20. .. The UI controller 70 may also include at least one processor, a memory storing programs executed by the processor, and a communication I / F for communicating with the main controller 20. The program whose validity is determined in each controller along the chain of trust is not limited to the program described in the above embodiment, and may be any number of programs of any kind.

In the above embodiment, an example in which inter-controller verification targeting a legitimacy determination program is executed between one main controller and one sub-controller has been mainly described. However, multi-step inter-controller verification may be performed among more controllers. FIG. 8 is an explanatory diagram for explaining such a multi-step inter-controller verification according to a modified example.

FIG. 8 schematically shows the programs involved in the chain of trust within the main controller 20, the printer controller 50 as the first subcontroller, and the UI controller 70 as the second subcontroller.

The boot loader 300 of the main controller 20 includes a first determination unit 301 and provides a RoT. The boot program 310 of the main controller 20 includes an inter-controller determination unit 312. The first determination unit 301 determines the validity of the boot program 310 (that is, the inter-controller determination unit 312) by verifying the signature 314 associated with the boot program 310 (arrow B1).

The validity determination program 330 of the printer controller 50 includes a second determination unit 321. The inter-controller determination unit 312 of the main controller 20 determines the validity of the validity determination program 330 (that is, the second determination unit 321) by verifying the signature 324 associated with the validity determination program 330 (arrow B2). ). The printer controller 50 has a system startup program 325 and an inter-controller verification program 340 as sub-controller programs. The inter-controller verification program 340 includes an inter-controller determination unit 342. The second determination unit 321 of the printer controller 50 determines the validity of the system startup program 325 and the inter-controller verification program 340 (that is, the inter-controller determination unit 342) (arrows B3 and B4).

The validity determination program 360 of the UI controller 70 is a program for determining whether or not the program for the UI controller 70 executed by the UI controller 70 is valid. The legitimacy determination program 360 includes a third determination unit 351. The inter-controller determination unit 342 of the printer controller 50 determines the validity of the validity determination program 360 (that is, the third determination unit 351) by verifying the signature 354 associated with the validity determination program 360 (arrow B5). ). The UI controller 70 has a system start program 365 as a sub controller program. The third determination unit 351 of the UI controller 70 determines the validity of the system startup program 365 (arrow B6).

In this modification, in a multi-controller system in which there are three or more interconnected controllers, it is possible to suppress the mounting cost due to the mounting of RoT and prevent the processing time required for verification of validity from being prolonged. be able to. Moreover, since the chain of trust across multiple controllers is built without interruption starting from the RoT provided in the main controller, appropriate protection against the risk of unintended program changes is also realized. Further, in this modification, since the validity determination between the controllers is sequentially performed in multiple stages, the load of the determination process is not concentrated on a specific controller. Therefore, it is possible to release the resources of the main controller and the sub controller at an early stage for the control of each system.

<< 4. Other embodiments >>
The present invention supplies a program that realizes one or more functions of the above-described embodiment to a system or device via a network or storage medium, and one or more processors in the computer of the system or device reads the program. It can also be realized in the form of processing to be executed. It can also be realized by a circuit (for example, an ASIC) that realizes one or more functions.

The present invention is not limited to the above-described embodiments, and various modifications and modifications can be made without departing from the spirit and scope of the invention. Therefore, a claim is attached to make the scope of the invention public.

10: Multifunction device, 20: Main controller, 30: Scanner (sub) controller, 50: Printer (sub) controller, 70: UI (sub) controller, 301: First judgment unit, 312: Inter-controller judgment unit, 321: Second judgment unit

Claims (10)

The first controller including the first determination unit for determining whether the program for the first controller executed by the first controller is valid, and
The second controller including a second determination unit for determining whether the program for the second controller executed by the second controller is valid, and
With
The first controller determines whether the validity determination program for the second controller executed by the second determination unit is valid in order to determine whether the program for the second controller is valid.
Controller system. The controller system according to claim 1.
The first determination unit provides a starting point of trust and
The second controller, including the second determination unit, does not provide a reliable base point.
Controller system. The controller system according to claim 1 or 2.
The first controller further includes an inter-controller determination unit that determines whether the validity determination program for the second controller is valid.
The inter-controller determination unit operates based on the execution of the first controller program when the first determination unit determines that the first controller program is valid.
Controller system. The controller system according to any one of claims 1 to 3.
The second controller further includes a program storage unit that stores the validity determination program for the second controller in advance.
Controller system. The controller system according to claim 4.
The program storage unit further stores the signature associated with the second controller validation program and includes the encrypted hash value encrypted with the signature key.
The first controller further includes a key storage unit that stores a verification key corresponding to the signature key in advance.
When the hash value restored by decrypting the encrypted hash value using the verification key in the first controller matches the hash value derived from the validity determination program for the second controller. , Judging that the validity determination program for the second controller is valid,
Controller system. The controller system according to any one of claims 1 to 5.
The program for the second controller includes a function of booting a second system running on the second controller.
When the second determination unit determines that the program for the second controller is valid, the second controller executes the program for the second controller and boots the second system.
Controller system. The controller system according to claim 6.
The first controller executes processing for the first system operating in the first controller without waiting for the determination as to whether the program for the second controller is valid.
Controller system. The controller system according to any one of claims 1 to 7.
The third controller including a third determination unit for determining whether the program for the third controller executed by the third controller is valid is further provided.
The second controller determines whether the validity determination program for the third controller executed by the third controller is valid in order to determine whether the program for the third controller is valid.
Controller system. The controller system according to any one of claims 1 to 8.
At least one of a printing unit that prints an image, an image reading unit that scans a document and reads an image of the document, and an operation unit that accepts operations by a user.
Including
The second controller controls at least one of the printing unit, the image reading unit, and the operating unit.
Information processing device. A method of verifying the validity of a program in a controller system including a first controller and a second controller.
In the first controller, determining whether the program for the first controller executed by the first controller is valid, and
In the first controller, in order to determine whether the program for the second controller is valid, it is determined whether the validity determination program for the second controller executed by the second controller is valid.
In the second controller, determining whether the program for the second controller is valid and
How to include.

Images