JPH1063579A - One-chip microcomputer - Google Patents

Abstract

PROBLEM TO BE SOLVED: To inexpensively realize a protecting function for protecting the secrecy of ROM(read only memory) data in a one-chip microcomputer only by adding necessary minimum circuit. SOLUTION: The one-chip microcomputer with an interruption control circuit and ROM 12 is provided with a second flag register 212 storing a second permission flag controlling the permission/prohibition of the passage of the interruption request signal of ROM reading and a second gate circuit 222 controlling the permission/prohibition of the passage of the interruption request signal of ROM reading based on the second permission signal. Then, when a priority deciding and vector address generating circuit 23 judges the priority order of the interruption request signal of ROM read from the second gate circuit 222 to be higher than that of present processing and the vector table address of the interruption request of ROM reading is generated, CPU 10 controls the interruption processing of the starting of ROM reading to be executed.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a one-chip microcomputer (one-chip microcomputer), and more particularly to a ROM.
It relates to a data protection circuit (security circuit) for preventing unauthorized reading of data, and is used, for example, in a microcontroller.

[0002]

2. Description of the Related Art A one-chip microcomputer includes a CPU (Central Processing Unit) and an RO for storing system program data and the like.
M (read-only memory) are formed on the same chip, and R for preventing unauthorized reading (dead copy, etc.) of ROM data and protecting the confidentiality of ROM data.
An OM data protection circuit is often built in.

FIG. 4 shows a general configuration of a conventional one-chip microcomputer. Reference numeral 10 denotes a CPU for overall control of the microcomputer system, 11 denotes a bus line, 12 denotes a ROM for storing system program data and the like, and 13 denotes a data memory for storing data (a volatile memory such as a RAM and a nonvolatile memory such as an EEPROM). Memory), 15 is an input / output control circuit, 16 is an input / output port, and 17 is a ROM data protection circuit.

The conventional ROM data protection circuit 17 employs at least one of the following functions: instruction code conversion, memory access restriction, ROM read data conversion, address conversion, program conversion, and the like.

[0005] Regarding the technique of converting instruction codes for ROM data protection, the instruction codes are encrypted beforehand.
As shown in FIG. 5, after the encrypted instruction code from the internal data bus 51 is stored in the instruction register 52, it is returned to the normal instruction code in the decryption register 53, and is read out from the ROM 12 by the output decoded by the instruction decode circuit 54. Is known.

On the other hand, with respect to the technique of restricting memory access for ROM data protection, an input / output port 1
6 is read into the data memory 13, and further different data is read from the input / output port 16.
The two data are calculated and, as shown in FIG. 6, the code stored in the code storage circuit 61 and the calculation result are compared by the match detection circuit 62.
A method that enables reading of M12 is known.

However, as described above, a special circuit (encryption circuit, decryption circuit, code storage circuit, coincidence detection circuit, etc.) for ROM data protection is required, so that the hardware configuration of the one-chip microcomputer is required. And the chip area is increased, which leads to an increase in chip cost.

On the other hand, with respect to the ROM read data conversion technique, for example, when a specified address of the ROM is specified when a specified address of the ROM is scanned, the read data after this address is read.
(1) prohibit the output of read data; (2) convert read data into erroneous data by modifying it with the address signal itself; and (3) semi-fixed erroneous read data having any regularity. (4) Converting the read data into erroneous data by inverting the read data and outputting it; (5) Performing arithmetic processing on the read data and the output data of the random data generating circuit by an arithmetic circuit A method of converting the data into erroneous data and outputting the converted data is known.

However, the method (1) makes it easy for a person who attempts unauthorized reading to determine a specific address at which output inhibition of read data starts. In each of the methods (2) to (4), when a specific address is specified, the read data subsequent to this address is erroneously read. It is relatively easy to determine the address.

As described above, when it is relatively easy to determine the specific address at which the output of erroneous data starts, the original read data may be analyzed by determining the specific address. Therefore, even if a particular address of the ROM is accessed, the contents of the ROM may be destroyed, but by jumping the access of the specific address to another sample of the ROM, it is possible to deal with other addresses. May be obtained. Moreover, considering that a legitimate user of the ROM may access a specific address by mistake, it is not preferable to destroy the contents of the ROM as described above.

[0011]

As described above, the conventional one-chip microcomputer ROM data protection circuit requires special circuits such as an encryption circuit, a decryption circuit, a code storage circuit, and a coincidence detection circuit. However, there has been a problem that the configuration of the hardware becomes complicated and the chip area is increased, thereby increasing the chip cost.

SUMMARY OF THE INVENTION The present invention has been made to solve the above-mentioned problem, and it is an object of the present invention to increase the number of circuit elements by simply adding a minimum necessary circuit for a data protection circuit for protecting the confidentiality of ROM data. It is another object of the present invention to provide a one-chip microcomputer which can be realized at low cost.

[0013]

According to the present invention, there is provided a one-chip microcomputer having an R chip storing a system program.
OM; a plurality of first flag storage means for storing second permission flags for individually controlling whether or not a plurality of interrupt request signals other than ROM reading are allowed to pass;
A plurality of first gate circuits for controlling whether or not an interrupt request signal other than the ROM read is allowed to pass based on the first permission flag stored in the flag storage means;
Second flag storage means for storing a second permission flag for controlling whether or not an M-read interrupt request signal passes;
A second gate circuit for controlling whether or not the ROM read interrupt request signal is allowed to pass based on a second permission flag stored in the second flag storage means; A priority determining / vector address generating circuit for receiving an interrupt enable signal output from each of the second gate circuits, determining a priority of the interrupt enable signal, and generating a vector table address of a high-priority interrupt factor; Priority determination
An interrupt control means for controlling a ROM read start process or another interrupt process specified according to the vector table address supplied from the vector address generation circuit is provided.

Further, the one-chip microcomputer of the present invention comprises a ROM storing a system program, and a ROM.
A plurality of first flag storage means for storing second permission flags for individually controlling whether or not a plurality of interrupt request signals other than the OM read are allowed to pass, and a plurality of first flag storage means stored in the first flag storage means. A plurality of first gate circuits for controlling whether or not an interrupt request signal other than the ROM read is allowed to pass based on the first permission flag;
A priority determining / vector address generating circuit for determining the priority of the interrupt enabling signal and generating a vector table address of an interrupt factor having a higher priority; Interrupt control means for controlling interrupt processing specified according to the vector table address supplied from the order determination / vector address generation circuit;
A second flag storage unit for storing a secret second permission flag for controlling whether or not an OM read interrupt request signal passes; and a second permission flag stored in the second flag storage unit. A second gate circuit for controlling whether or not the ROM read interrupt request signal passes based on the ROM read circuit; and a ROM read circuit for receiving the interrupt request signal input from the second gate circuit and reading the ROM. It is characterized by having.

[0015]

Embodiments of the present invention will be described below in detail with reference to the drawings. FIG. 1 shows a one-chip microcomputer having a data protection circuit according to the first embodiment of the present invention.

In FIG. 1, reference numeral 10 denotes a CPU for overall control of the microcomputer system, 11 denotes a bus line, 12 denotes a ROM for storing system program data and the like, 13
Is a data memory for storing data (volatile memory such as RAM or nonvolatile memory such as EEPROM), 15 is an input / output control circuit, and 16 is an input / output port.

Reference numeral 211 denotes a plurality of first flag storage means (first flag storage means) for storing first permission flags (1 to several bits of data) for individually controlling whether or not a plurality of interrupt request signals other than ROM reading are allowed to pass. For example, a register circuit).

Reference numeral 221 denotes a plurality of first gate circuits for controlling whether or not an interrupt request signal other than the ROM read is allowed to pass based on a first permission flag stored in the first flag storage means. .

Reference numeral 212 denotes second flag storage means (for example, a register circuit) for storing a secret second permission flag (1 to several bits of data) for controlling whether or not a ROM read interrupt request signal can pass. is there.

A second control unit 222 controls whether or not the ROM read interrupt request signal can pass based on the second permission flag stored in the second flag storage means.
Gate circuit.

An interrupt enable signal 23 is output from each of the first gate circuit and the plurality of second gate circuits. The interrupt enable signal 23 determines the priority of the interrupt enable signal. This is a priority determination / vector address generation circuit that generates a table address.

The CPU 10 includes a priority determination / vector address generation circuit 2 in the ROM program.
An interrupt control function for controlling the interrupt processing for the current main task in accordance with the processing content (ROM read start processing or other various interrupt processing) at the position specified by the vector table address supplied from 3 It has a control function of the whole system.

In this case, as shown in FIG. 2, a ROM read start program is incorporated in the jump destination of the ROM read vector table address (in the interrupt service task program) as a ROM storage program. Confidentiality can be increased.

In the one-chip microcomputer of FIG. 1, when the priority determination / vector address generation circuit 23 receives the ROM read interrupt enable signal output from the second flag register 212 and the second gate circuit 222, The priority of the read interrupt enable signal is determined to be higher than the current processing, and the vector table address of the ROM read interrupt request is generated.
As a result, the CPU 10 performs a ROM read start process.

At this time, the second flag register 212
The second permission flag which controls whether or not the ROM read interrupt request signal stored in the ROM is allowed to pass is one chip.
Since it is not disclosed to a third party other than a specific user, such as a microcomputer designer, it is possible to prevent unauthorized reading of the ROM data by the third party and protect the confidentiality of the ROM data.

According to the one-chip microcomputer having the above-described configuration, a normally used interrupt control circuit generates an interrupt enable signal for ROM reading, and the interrupt control circuit has a data protection function. A ROM data protection function can be realized inexpensively by adding only necessary minimum circuits such as the second flag register 212 and the second gate circuit 222 without developing and designing a new special circuit. it can.

Therefore, it is possible to minimize the increase in the chip area and the increase in the chip cost without increasing the design cost and complicating the hardware configuration.
FIG. 3 shows a one-chip microcomputer having a data protection circuit according to a second embodiment of the present invention.

The one-chip microcomputer shown in FIG. 3 is different from the one-chip microcomputer shown in FIG. 1 in that (1) the interrupt request signal output from the second gate circuit 222 determines the priority and generates the vector address. The input to the ROM readout circuit 30 for performing the readout process of the ROM 12 without inputting to the circuit 23. (2) The interrupt processing function of the CPU 10 is provided with a priority determination / vector address generation circuit among the ROM storage programs. The difference is that interrupt processing for the current main task is performed in accordance with the processing content (various interrupt processing not including ROM read start processing) at the position specified by the vector table address supplied from 23, and the other is the same. So Figure 1
The same reference numerals as in the figure are used.

In the one-chip microcomputer of FIG. 3, the RO is also controlled by the second flag storage means and the second gate circuit.
When an interrupt request signal for reading M is received, the ROM
Since the read circuit performs read processing of the ROM,
The same effect as the one-chip microcomputer of FIG. 1 can be obtained.

[0030]

As described above, according to the one-chip microcomputer of the present invention, the design cost is increased only by adding a minimum necessary circuit for a data protection function for protecting the confidentiality of ROM data. Without increasing the complexity of the hardware configuration, the increase in chip area and the increase in chip cost can be suppressed to a minimum, and the cost can be reduced.

[Brief description of the drawings]

FIG. 1 is a block diagram showing a one-chip microcomputer having a data protection circuit according to a first embodiment of the present invention.

FIG. 2 is a flowchart showing a part of a program stored in a ROM in FIG. 1;

FIG. 3 is a block diagram showing a one-chip microcomputer having a data protection circuit according to a second embodiment of the present invention.

FIG. 4 is a block diagram showing a one-chip microcomputer having a conventional ROM data protection circuit.

FIG. 5 is a block diagram showing an example of a conventional ROM data protection circuit in FIG. 4;

FIG. 6 is a block diagram showing another conventional example of the ROM data protection circuit in FIG. 4;

[Explanation of symbols]

 DESCRIPTION OF SYMBOLS 10 ... CPU, 11 ... Bus line, 12 ... ROM, 13 ... Data memory, 15 ... I / O control circuit, 16 ... I / O port, 211 ... First flag register, 221 ... First gate circuit, 212 ... 2, a flag register 222, a second gate circuit 23, a priority determination / vector address generation circuit 30, a ROM read circuit

Claims (4)

[Claims] 1. A ROM storing a system program
A plurality of first flag storage means for storing second permission flags for individually controlling whether or not a plurality of interrupt request signals other than the ROM read are allowed to pass; and a plurality of first flag storage means for storing the second permission flags. A plurality of first gate circuits for controlling whether or not an interrupt request signal other than the ROM read is allowed to pass based on a first permission flag, and a second permission for controlling whether or not a ROM read interrupt request signal is allowed to pass. A second flag storing means for storing a flag, and a second gate for controlling whether or not the ROM read interrupt request signal can be passed based on a second permission flag stored in the second flag storing means. A priority order of interrupt request signals respectively input from the first gate circuit and the plurality of second gate circuits; A priority determination / vector address generation circuit for generating a vector table address of only the cause; a ROM read start processing or other interrupt designated according to the vector table address supplied from the priority determination / vector address generation circuit A one-chip microcomputer comprising: interrupt control means for controlling processing; and a CPU for controlling the entire microcomputer system. 2. The one-chip microcomputer according to claim 1, wherein the second permission flag is not disclosed. 3. The one-chip microcomputer according to claim 1, wherein the system program stored in the ROM is a ROM.
R to jump destination of read vector table address
A one-chip microcomputer having a built-in OM read start program. 4. A ROM storing a system program.
A plurality of first flag storage means for storing second permission flags for individually controlling whether or not a plurality of interrupt request signals other than the ROM read are allowed to pass; and a plurality of first flag storage means for storing the second permission flags. A plurality of first gate circuits for controlling whether or not an interrupt request signal other than the ROM read is allowed to pass based on the first permission flag, and a priority of an interrupt request signal input from each of the plurality of first gate circuits. A priority determination / vector address generation circuit for determining a priority and generating a vector table address of a high priority interrupt factor; and a priority determination / vector address generation circuit specified in accordance with the vector table address supplied from the priority determination / vector address generation circuit. Interrupt control means for controlling the interrupt processing to be performed, Second flag storage means for storing a non-disclosed second permission flag for controlling rejection, and an interrupt request signal for reading the ROM based on the second permission flag stored in the second flag storage means A second gate circuit for controlling whether or not the signal passes through; a ROM reading circuit for receiving the interrupt request signal input from the second gate circuit to read the ROM; and performing overall control of the microcomputer system A one-chip microcomputer including a CPU.