TW202102999A - Rpmc flash emulation - Google Patents
Rpmc flash emulation Download PDFInfo
- Publication number
- TW202102999A TW202102999A TW108142984A TW108142984A TW202102999A TW 202102999 A TW202102999 A TW 202102999A TW 108142984 A TW108142984 A TW 108142984A TW 108142984 A TW108142984 A TW 108142984A TW 202102999 A TW202102999 A TW 202102999A
- Authority
- TW
- Taiwan
- Prior art keywords
- controller
- flash memory
- host
- platform module
- volatile memory
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/02—Addressing or allocation; Relocation
- G06F12/0223—User address space allocation, e.g. contiguous or non contiguous base addressing
- G06F12/023—Free address space management
- G06F12/0238—Memory management in non-volatile memory, e.g. resistive RAM or ferroelectric memory
- G06F12/0246—Memory management in non-volatile memory, e.g. resistive RAM or ferroelectric memory in block erasable memory, e.g. flash memory
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
- Information Transfer Systems (AREA)
Abstract
Description
本發明係有關於安全計算環境,特別是有關於一種用於仿真(emulate)具有嵌入式安全單向性計數器快閃記憶體之方法以及系統。The present invention relates to a secure computing environment, and particularly relates to a method and system for emulating a flash memory with an embedded secure one-way counter.
個人電腦(PC)平台通常使用串列快閃記憶體來儲存非揮發性資料,例如,基本輸入輸出系統(BIOS)程式碼。在一些情況下串列快閃記憶體亦提供永久儲存功能以支援重要的功能,例如安全以及電源管理。Personal computer (PC) platforms usually use serial flash memory to store non-volatile data, such as basic input output system (BIOS) code. In some cases, serial flash memory also provides permanent storage to support important functions, such as security and power management.
為了符合安全需求,快閃記憶體裝置可包含一個或多個重放保護單向性計數器(replay protection monotonic counter, RPMC),其耦接密鑰以及適當的軟體,用以保護快閃記憶體防範未經授權操作,例如重放攻擊(replay attack)。In order to meet security requirements, the flash memory device may include one or more replay protection monotonic counters (RPMC), which are coupled to a key and appropriate software to protect the flash memory against Unauthorized operations, such as replay attacks.
目前本技術領域已知有多種使用單向性計數器的安全技術,例如美國專利案號9,405,707,其描述一種系統包含一快閃記憶體裝置,其包含一單向性計數器以及一主機裝置,該主機裝置與快閃記憶體裝置耦接並可進行通訊,用以產生鑑別憑證、使用此鑑別憑證以及一裝置金鑰產生的第一簽章,從快閃記憶體裝置之單向性計數器要求一數值,從單向性計數器接收此數值以及從快閃記憶體裝置接收此鑑別憑證,再傳送一指令以及上述裝置金鑰產生之第二簽章以增加快閃記憶體之單向性計數器之數值。其中快閃記憶體裝置可用自己的金鑰驗證上述從單向性計數器要數值的要求以及指令,以增加單向性計數器。At present, there are a variety of security technologies using one-way counters known in the art. For example, US Patent No. 9,405,707 describes a system including a flash memory device, which includes a one-way counter and a host device. The device is coupled to the flash memory device and can communicate with each other to generate an authentication certificate, use the authentication certificate and the first signature generated by a device key, and request a value from the one-way counter of the flash memory device , Receive this value from the one-way counter and receive the authentication certificate from the flash memory device, and then send a command and the second signature generated by the device key to increase the value of the one-way counter of the flash memory. The flash memory device can use its own key to verify the above-mentioned requirements and instructions from the one-way counter to increase the one-way counter.
為解決上述問題,本發明提供一種控制器,其包含: 一主機介面,用以與一主機進行通訊;以及一處理器,用以透過該主機介面從該主機接收在一非揮發性記憶體(NVM)執行的多個指令,在該多個指令之中識別初一有關於安全單向性計數器且在嵌有安全單向性計數器之一NVM中執行的指令,以及執行該所識別之指令,並取代該NVM向該主機回應該所識別之指令。To solve the above problems, the present invention provides a controller, which includes: a host interface for communicating with a host; and a processor for receiving a non-volatile memory from the host through the host interface ( NVM) a plurality of instructions executed, identifying among the plurality of instructions the first instruction related to the safety one-way counter and executed in the NVM embedded with the safety one-way counter, and executing the identified instruction, And instead of the NVM, respond to the recognized command to the host.
根據一實施例,控制器,更包含一記憶體介面,而處理器係透過該記憶體介面與一不具有嵌入式安全單向性計數器的NVM進行通訊,以及將該所識別之指令以外的該指令轉送至該NVM以執行。根據一實施例,當處理器執行該所識別之指令時,該處理器係覆蓋一晶片選擇(CS)訊號,該主機係將該晶片選擇訊號設定有效以選擇該NVM。根據一實施例,處理器係藉由攔截一晶片選擇訊號以接收試圖存取該NVM之指令,該主機係將該晶片選擇訊號設定有效以選擇該NVM。According to one embodiment, the controller further includes a memory interface, and the processor communicates with an NVM that does not have an embedded secure one-way counter through the memory interface, and the instructions other than the recognized instruction The instructions are forwarded to the NVM for execution. According to one embodiment, when the processor executes the identified instruction, the processor overrides a chip select (CS) signal, and the host sets the chip select signal to be valid to select the NVM. According to one embodiment, the processor intercepts a chip selection signal to receive an instruction that attempts to access the NVM, and the host sets the chip selection signal to be valid to select the NVM.
根據一實施例,處理器係用以與一信任平台模組(TPM)結合執行該所識別之指令。根據一實施例,信任平台模組係整合在該控制器中。根據一實施例,信任平台模組係位於該控制器外部,該控制器更包含一信任平台模組介面用以與該信任平台模組進行通訊。根據一實施例,信任平台模組係位於該控制器外部且係連接至該主機,該處理器係透過該主機介面與該信任平台模組進行通訊。According to one embodiment, the processor is used to execute the identified instruction in combination with a trusted platform module (TPM). According to an embodiment, the trust platform module is integrated in the controller. According to one embodiment, the trusted platform module is located outside the controller, and the controller further includes a trusted platform module interface for communicating with the trusted platform module. According to one embodiment, the trusted platform module is located outside the controller and connected to the host, and the processor communicates with the trusted platform module through the host interface.
根據一實施例,所識別之指令係符合一重放保護單向性計數器(replay-protected monotonic counter, RPMC)規範,該處理器係根據該RPMC規範用以執行該所識別之指令。According to one embodiment, the identified instruction complies with a replay-protected monotonic counter (RPMC) specification, and the processor is used to execute the identified instruction according to the RPMC specification.
本發明再提供一種控制方法,其包含:在一控制器中,從一主機接收用以在一非揮發性記憶體(NVM)中執行的多個指令;從該多個指令中識別出一與安全單向性計數器有關且試圖在一嵌有安全單向性計數器之NVM中執行的指令;以及由該控制器代替該NVM執行該所識別之指令。The present invention further provides a control method, which includes: in a controller, receiving a plurality of instructions for execution in a non-volatile memory (NVM) from a host; and identifying an AND from the plurality of instructions The safe one-way counter is related to an instruction that is attempting to be executed in an NVM embedded with a safe one-way counter; and the controller replaces the NVM to execute the identified instruction.
以下將配合圖式及實施例來詳細說明本發明之實施方式,藉此對本發明如何應用技術手段來解決技術問題並達成技術功效的實現過程能充分理解並據以實施。The following describes the implementation of the present invention in detail with the drawings and embodiments, so as to fully understand and implement the implementation process of how the present invention uses technical means to solve technical problems and achieve technical effects.
當在此使用時,除非文中另行明確地表示,否則「一」、「該」、「此」等單數型式亦旨在包含複數型式。圖式中相似之參考符號代表相似之元件。When used here, unless expressly stated otherwise in the text, singular forms such as "one", "the", and "this" are also intended to include plural forms. Similar reference symbols in the drawings represent similar components.
非揮發性記憶體(NVM)裝置,例如快閃記憶體,可用於儲存電腦系統使用的啟動代碼或其他敏感資訊,其為敏感資訊而有電腦駭客會嘗試駭入。傳統NVM提供非常低程度的保護,例如NVM之區段有防寫保護。 RPMC規範包含一寫入256位元之“根金鑰"的指令。根金鑰係儲存在快閃記憶體而不可從外部讀取。 經驗證的指令以及回應係使用雜湊值訊息驗證碼(Hash Message Authentication Code, HMAC)金鑰簽章。可使用HMAC驗證此簽章。 HMAC金鑰係儲存在快閃記憶體內且不可透過測試模式讀取。經驗證的"HMAC金鑰更新指令"可用於衍生一256位元之HMAC金鑰。Non-volatile memory (NVM) devices, such as flash memory, can be used to store startup codes or other sensitive information used by the computer system. It is sensitive information and computer hackers will try to hack into it. Traditional NVM provides a very low degree of protection. For example, NVM sections are protected against write. The RPMC specification includes a command to write a 256-bit "root key". The root key is stored in flash memory and cannot be read from the outside. Verified commands and responses are signed with Hash Message Authentication Code (HMAC) keys. You can use HMAC to verify this signature. The HMAC key is stored in the flash memory and cannot be read through the test mode. The verified "HMAC key update command" can be used to derive a 256-bit HMAC key.
安全單向性計數器之示例係為重放保護單向性計數器(replay protected monotonic counter, RPMC)。 英特爾2013年修訂版0.7之“Serial Flash harden Product External Architecture Specification( EAS)"規範(文件編號:328802-001EN)有描述RPMC規範,其包含架構以及指令集。其做為參考文獻通過引用併入本文。An example of a safe one-way counter is a replay protected monotonic counter (RPMC). Intel's 2013 revision 0.7 "Serial Flash harden Product External Architecture Specification (EAS)" specification (document number: 328802-001EN) describes the RPMC specification, which includes the architecture and instruction set. It is incorporated herein by reference as a reference.
RPMC規範包含一寫入256位元之“根金鑰”的指令。此根金鑰係儲存在快閃記憶體內且不可從外部讀取。根金鑰只能在系統製造期間一次性編程。32位元單向性計數器係與根金鑰相關。不管根金鑰的值為何,當有效256位元寫入根金鑰操作執行時,32位元單向性計數器會初始化為零。The RPMC specification includes a command to write a 256-bit "root key". This root key is stored in flash memory and cannot be read from outside. The root key can only be programmed once during system manufacturing. The 32-bit one-way counter is related to the root key. Regardless of the value of the root key, the 32-bit one-way counter will be initialized to zero when the effective 256-bit write to the root key operation is performed.
經過驗證的指令以及回應係為使用雜湊訊息驗證碼金鑰(HMAC Key)簽章的指令以及回應。 可使用HMAC驗證此簽章。HMAC金鑰係儲存在快閃記憶體內且不可透過測試模式讀取,一經過驗證的"HMAC金鑰更新指令"可用於衍生一256位元HMAC金鑰。 HMAC金鑰係使用HMAC-SHA-256在從根金鑰以及在此指令期間供應的金鑰資料所取得。因此,此指令會執行兩個HMAC-SHA-256操作,其中一個用於取得HMAC金鑰,而另一個用於驗證簽章。The verified commands and responses are the commands and responses signed with the hash message verification code key (HMAC Key). You can use HMAC to verify this signature. The HMAC key is stored in the flash memory and cannot be read through the test mode. A verified "HMAC key update command" can be used to derive a 256-bit HMAC key. The HMAC key is obtained using HMAC-SHA-256 from the root key and the key data supplied during this command. Therefore, this command will perform two HMAC-SHA-256 operations, one of which is used to obtain the HMAC key, and the other is used to verify the signature.
其他經過驗證的指令係用於支援增加以及讀取RPMC計數器。RPMC規範要求四個計數器之最小相關資源,例如支援根金鑰暫存器(root key register)以及HMAC金鑰暫存器(HMAC key register)。上述英特爾RPMC規範之2.1段落中有列出RPMC指令之清單。Other verified commands are used to support incrementing and reading RPMC counters. The RPMC specification requires the minimum related resources of the four counters, such as supporting root key register and HMAC key register. There is a list of RPMC instructions in paragraph 2.1 of the above Intel RPMC specification.
本發明的實施例係揭露一種方法以及系統,其使用一非安全性快閃記憶體以及一控制器以仿真(emulate)一具有嵌入式單向性計數器的安全性NVM(例如,支援RPMC之快閃記憶體)。控制器位於非安全性快閃記憶體之外部,且可為一嵌入控制器(EC)、一基板管理控制器(BMC)、一超級輸入輸出(super I/O)控制器、或是其他任何適合控制器。 在一實施例中,運算系統包含一控制器,其與一主機以及一非安全性快閃記憶體(例如,傳統串列式快閃記憶體裝置)進行通訊。主機執行快閃記憶體指令,包含存取儲存在快閃記憶體中之資料的指令、以及安全相關的指令(例如RPMC指令)。 控制器配合非安全性快閃記憶體進行操作,以對仿真(emulate)一面向該主機的安全性快閃記憶體。Embodiments of the present invention disclose a method and system that use a non-secure flash memory and a controller to emulate a secure NVM with an embedded one-way counter (for example, support RPMC fast Flash memory). The controller is located outside the non-secure flash memory, and can be an embedded controller (EC), a baseboard management controller (BMC), a super input output (super I/O) controller, or any other Suitable for controllers. In one embodiment, the computing system includes a controller that communicates with a host and a non-secure flash memory (for example, a traditional serial flash memory device). The host executes flash memory commands, including commands for accessing data stored in the flash memory, and safety-related commands (such as RPMC commands). The controller cooperates with the non-secure flash memory to operate to emulate a secure flash memory facing the host.
雖然下列說明主要參考RPMC,但本發明之技術適用其他嵌在NVM中的任何適合類型之安全單向性計數器。雖然下列說明主要參考串列式快閃記憶體(serial Flash),但是本發明之技術適用其他任何適合類型之NVM。 以下對串列式快閃記憶體以及RPMC的說明僅是示例,而非為限制本發明。Although the following description mainly refers to RPMC, the technology of the present invention is applicable to any suitable type of secure one-way counter embedded in NVM. Although the following description mainly refers to serial flash memory, the technology of the present invention is applicable to any other suitable type of NVM. The following description of serial flash memory and RPMC is only an example, and is not intended to limit the present invention.
為了方便起見,以下內容會將支援安全功能的快閃記憶體稱為安全性快閃記憶體(Secure-Flash),而不支援安全功能的快閃記憶體稱為非安全性快閃記憶體(non-Secure-Flash)。進一步,以下內容會將支援RPMC的安全性快閃記憶體稱為RPMC快閃記憶體(RPMC-Flash),而不支援RPMC之快閃記憶體稱為非RPMC快閃記憶體(non-RPMC-Flash)。For the sake of convenience, the following content will refer to the flash memory that supports the security function as secure flash memory (Secure-Flash), and the flash memory that does not support the security function as non-secure flash memory (non-Secure-Flash). Furthermore, the following content refers to the security flash memory that supports RPMC as RPMC flash memory (RPMC-Flash), and the flash memory that does not support RPMC as non-RPMC flash memory (non-RPMC- Flash).
在一實施例中,運算系統包含一控制器,其與主機以及非安全性快閃記憶體(例如非安全性快閃記憶體)進行通訊。 主機執行快閃記憶體指令,其包含存取儲存在快閃記憶體中的資料的指令、以及存取安全相關的指令(例如RPMC指令)。控制器配合非安全性快閃記憶體進行操作以仿真一面向對主機的安全性快閃記憶體。 例如,在一個包含一非安全性快閃記憶體以及一控制器的系統中,主機可發布一增加單向性計數器之指令,由RPMC-Flash執行。控制器可攔截此指令,以及面對主機通透地(transparent)代替快閃記憶體執行此指令。In one embodiment, the computing system includes a controller that communicates with the host and non-secure flash memory (for example, non-secure flash memory). The host executes flash memory commands, which include commands for accessing data stored in the flash memory and accessing security-related commands (such as RPMC commands). The controller cooperates with the non-secure flash memory to operate to simulate a host-oriented security flash memory. For example, in a system that includes a non-secure flash memory and a controller, the host can issue an instruction to increase the one-way counter, which is executed by the RPMC-Flash. The controller can intercept this command, and transparently replace the flash memory to execute the command facing the host.
在一些實施例中,控制器包含一主機介面用以與主機進行通訊;以及一處理器用於透過主機介面從主機接收多個在安全性快閃記憶體中執行的指令。處理器會識別出安全相關的快閃記憶體指令(例如RPMC指令),並執行此些安全相關指令中的至少一些,以回應主機。 非安全性快閃記憶體可執行主機發出的非安全相關指令。In some embodiments, the controller includes a host interface for communicating with the host; and a processor for receiving a plurality of commands executed in the secure flash memory from the host through the host interface. The processor recognizes safety-related flash memory commands (such as RPMC commands), and executes at least some of these safety-related commands in response to the host. The non-secure flash memory can execute non-secure related commands issued by the host.
根據本發明的其他實施例,運算系統包含一非安全性快閃記憶體裝置,此控制器包含一快閃記憶體介面單元耦接於非安全性快閃記憶體,在此組態中,經由控制器連接至主機的快閃記憶體係稱為從屬附加快閃記憶體(slave-attached-flash, SAF)。 處理器透過主機介面單元從主機接收多個快閃記憶體指令。 處理器執行安全相關的指令,並經由快閃記憶體介面傳送非安全相關的指令(non-security-related instruction)至非安全性快閃記憶體中執行。 處理器接著透過主機介面單元回應主機。According to other embodiments of the present invention, the computing system includes a non-secure flash memory device, and the controller includes a flash memory interface unit coupled to the non-secure flash memory. In this configuration, via The flash memory system in which the controller is connected to the host is called slave-attached-flash (SAF). The processor receives a plurality of flash memory commands from the host through the host interface unit. The processor executes safety-related instructions, and transmits non-security-related instructions to the non-security-related flash memory for execution via the flash memory interface. The processor then responds to the host through the host interface unit.
在一些實施例中,主機透過串列匯流排,例如序列周邊介面(SPI)或是延伸增強序列週邊設備介面(eSPI),與控制器進行通訊;串列匯流排包含,例如,双向資料線、時脈線以及複數條晶片選擇(CS)線。對應每一裝置的CS線係連接至串列匯流排。 被主機設定有效以與一安全性快閃記憶體進行通訊的CS線係連接至控制器,並藉由控制器轉達(relay)CS訊號至一非安全性快閃記憶體。針對非安全相關的指令,控制器將此CS訊號轉達至快閃記憶體;針對安全相關的指令(例如RPMC指令),控制器會對非安全性快閃記憶體覆蓋此CS訊號。In some embodiments, the host communicates with the controller through a serial bus, such as a serial peripheral interface (SPI) or an extended enhanced serial peripheral interface (eSPI); the serial bus includes, for example, a bidirectional data line, Clock line and multiple chip select (CS) lines. The CS line corresponding to each device is connected to the serial bus. The CS line, which is set valid by the host to communicate with a secure flash memory, is connected to the controller, and the CS signal is relayed to a non-secure flash memory through the controller. For non-safety-related commands, the controller transfers this CS signal to the flash memory; for safety-related commands (such as RPMC commands), the controller overwrites the CS signal on the non-safety flash memory.
根據本發明之其他實施例,非安全性快閃記憶體係透過SPI匯流排或是eSPI匯流排連接至主機,而主機為了與一安全性快閃記憶體進行通訊而產生的CS訊號係連接至非安全性快閃記憶體之CS輸入端。 然而,非安全性快閃記憶體不會回應安全相關指令,其表示非安全性快閃記憶體無法執行安全相關指令。 控制器會攔截(intercept)主機傳送至快閃記憶體的CS訊號,並檢查此指令類型。控制器將執行快閃記憶體無法執行的指令。According to other embodiments of the present invention, the non-secure flash memory system is connected to the host through an SPI bus or an eSPI bus, and the CS signal generated by the host to communicate with a secure flash memory is connected to the non-secure flash memory. CS input terminal of security flash memory. However, the non-secure flash memory does not respond to safety-related commands, which means that the non-secure flash memory cannot execute safety-related commands. The controller will intercept the CS signal sent from the host to the flash memory and check the command type. The controller will execute commands that the flash memory cannot execute.
在一些實施例中,執行安全相關指令之操作包含處理安全功能,例如進行安全簽章(security-signing)或是驗證安全簽章(verification of a security signature)。在一實施例中,主機包含一信任平台模組(TPM)。 信任平台模組係為一安全加密處理的國際標準(ISO/IEC11889),其專用於微控制器設計以使用整合加密金鑰保護硬體安全。 控制器以及信任平台模組可共用一用於致能控制器與信任平台模組之間通訊的機密資料。控制器可處理主機使用信任平台模組作為具有安全連結之安全NV儲存單元而發出的安全相關指令。In some embodiments, the operation of executing security-related instructions includes processing security functions, such as security-signing or verification of a security signature. In one embodiment, the host includes a Trusted Platform Module (TPM). The Trusted Platform Module is an international standard (ISO/IEC11889) for secure encryption processing, which is specifically designed for microcontrollers to use integrated encryption keys to protect hardware security. The controller and the trusted platform module can share a confidential data for enabling communication between the controller and the trusted platform module. The controller can process security-related commands issued by the host using the trusted platform module as a secure NV storage unit with secure connections.
在本發明的一些實施例中,控制器包含一信任平台模組,而控制器與信任平台模組之間的通訊係以本來就安全的方式(或是至少比晶片間(I2C)通訊還安全的方式)在晶片內完成。In some embodiments of the present invention, the controller includes a trusted platform module, and the communication between the controller and the trusted platform module is inherently secure (or at least more secure than inter-chip (I2C) communication) The way) is completed in the wafer.
在其他的實施例,控制器不包含用於信任平台模組(TPM)的介面,而是透過主機與信任平台模組進行通訊。 為了存取信任平台模組,控制器傳送一要求至主機,主機將要求轉達至信任平台模組。當信任平台模組有回應,主機接收此回應並將其傳送至控制器。In other embodiments, the controller does not include an interface for the trusted platform module (TPM), but communicates with the trusted platform module through the host. In order to access the trusted platform module, the controller sends a request to the host, and the host relays the request to the trusted platform module. When the trusted platform module has a response, the host receives the response and sends it to the controller.
在本發明之一些實施例中,由控制器代替安全性快閃記憶體執行的安全相關指令包含RPMC指令,其由RPMC規範或是其一部分所定義。In some embodiments of the present invention, the safety-related instructions executed by the controller instead of the safety flash memory include RPMC instructions, which are defined by or part of the RPMC specification.
能遵守上述RPMC規範的快閃記憶體裝置係稱為RPMC快閃記憶體,其包含唯一控制(unique control)、狀態以及組態暫存器以及機制。RPMC快閃記憶體裝置係回應多個專用RPMC指令。控制器仿真此RPMC指令,並當偵測到RPMC指令時,控制器可覆蓋非RPMC快閃記憶體之CS訊號。 除此之外,控制器可包含一快閃記憶體忙碌暫存器(flash busy register)用於覆蓋非安全性快閃記憶體之快閃記憶體忙碌訊號、一快閃記憶體延伸狀態暫存器用於仿真RPMC之延伸狀態暫存器、以及一串列式快閃記憶體可發現參數(serial flash discoverable parameter, SFDP)結構。The flash memory device that can comply with the above-mentioned RPMC specification is called RPMC flash memory, which includes unique control, status and configuration registers and mechanisms. RPMC flash memory devices respond to multiple dedicated RPMC commands. The controller emulates this RPMC command, and when the RPMC command is detected, the controller can overwrite the CS signal of the non-RPMC flash memory. In addition, the controller can include a flash busy register to cover the flash busy signal of non-secure flash memory, and a flash memory extended state temporary storage The device is used to simulate the extended state register of RPMC and a serial flash discoverable parameter (SFDP) structure.
控制器亦可包含RPMC快閃記憶體所要求之一部分快閃記憶體暫存器以及一些擴充資料之記憶體快取(例如鏡射),記憶體快取可代表快閃記憶體進行回應。The controller may also include a part of the flash register required by the RPMC flash memory and some memory caches for extended data (such as mirroring). The memory cache can respond on behalf of the flash memory.
在一些實施例中,快閃記憶體可包含一些但非所有定義在RPMC規範的RPMC功能,例如快閃記憶體可實現規範定義之四個RPMC計數器中的兩個;控制器可仿真其他漏掉的功能。In some embodiments, the flash memory may include some but not all of the RPMC functions defined in the RPMC specification. For example, the flash memory may implement two of the four RPMC counters defined in the specification; the controller may emulate the others. Function.
因此,本發明的實施例可包含一控制器以及一信任平台模組;並對於不包含安全性快閃記憶體的系統,本發明的實施例可提供安全性快閃記憶體之仿真。在一些實施例中,信任平台模組係為一分離的模組;然而,在其他的實施例中,信任平台模組可嵌入於控制器中。 在一些實施例中,主機直接耦接非安全性快閃記憶體;在其他的實施例中,例如在一從屬附加快閃記憶體組態(slave-attached-flash configuration),非安全性快閃記憶體係經由控制器連接至主機。Therefore, the embodiment of the present invention can include a controller and a trusted platform module; and for a system that does not include a secure flash memory, the embodiment of the present invention can provide a secure flash memory emulation. In some embodiments, the trusted platform module is a separate module; however, in other embodiments, the trusted platform module can be embedded in the controller. In some embodiments, the host is directly coupled to the non-secure flash memory; in other embodiments, for example, in a slave-attached-flash configuration, the non-secure flash memory is The memory system is connected to the host via the controller.
雖然上述RPMC規範之範例係有關串列式快閃記憶體中RPMC之特殊規範,但可以理解的是本發明的實施例不限於此規範,並可用於任何適合的串列式快閃記憶體、並列式快閃記憶體、或是其他任何類型NVM的RPMC規範。Although the above-mentioned example of the RPMC specification is related to the special specification of RPMC in serial flash memory, it is understood that the embodiments of the present invention are not limited to this specification and can be used for any suitable serial flash memory, Parallel flash memory, or any other type of RPMC specification for NVM.
在一些實施例中,例如,當快閃記憶體支援被要求之RPMC架構之一子集合時,中央處理單元發出的一些指令之執行可由非安全性快閃記憶體以及控制器聯合完成。In some embodiments, for example, when the flash memory supports a subset of the required RPMC architecture, the execution of some commands issued by the central processing unit can be performed jointly by the non-secure flash memory and the controller.
系統說明systems mannual
第1圖係根據本發明的第一實施例示意性繪示具有附屬附加快閃記憶體(SAF)組態之運算系統100的方塊圖。 運算系統包含一主機102用以執行軟體指令,此指令包含與安全性快閃記憶體裝置(例如,具有重放保護單向性計數器(RPCM)的快閃記憶體裝置)安全存取相關的指令。 一信任平台模組104,用以實現安全功能;一非安全性快閃記憶體106,其不支援一些或是所有主機發布至快閃記憶體裝置的指令; 以及一控制器108,用以仿真主機發出之快閃記憶體安全功能。FIG. 1 is a block diagram schematically showing a
在第1圖所示之實施例中,主機在SPI匯流排上與信任平台模組(TPM)進行通訊,而並在eSPI匯流排上與控制器進行通訊。控制器在I2C匯流排上與信任平台模組進行通訊,而在SPI匯流排上與快閃記憶體進行通訊。 可以理解的是,本發明之其他實施例可使用其他任何適合匯流排,例如串列式或是並列式匯流排。In the embodiment shown in Figure 1, the host communicates with the Trusted Platform Module (TPM) on the SPI bus, and communicates with the controller on the eSPI bus. The controller communicates with the trusted platform module on the I2C bus, and communicates with the flash memory on the SPI bus. It can be understood that other embodiments of the present invention can use any other suitable bus, such as a serial bus or a parallel bus.
第1圖之示例實施例中,快閃記憶體係附加於一控制器,且由控制器完與快閃記憶體的所有通訊。此組態係稱為從屬附加快閃記憶體(SAF)組態。In the exemplary embodiment shown in Figure 1, the flash memory system is attached to a controller, and all communications with the flash memory are completed by the controller. This configuration is called a slave attached flash memory (SAF) configuration.
主機所執行的有關於存取快閃記憶體的一些指令包含快閃記憶體讀/寫功能以及快閃記憶體安全功能(例如RPMC指令)。 在以下說明內容,所有有關於存取快閃記憶體的指令係稱為快閃記憶體指令。Some commands executed by the host to access the flash memory include flash memory read/write functions and flash memory security functions (such as RPMC commands). In the following description, all instructions related to access to flash memory are called flash memory instructions.
控制器之詳細方塊圖係繪製於第1圖之下方。控制器包含處理器110;主機介面112,其用以與主機102以及處理器110之間的通訊,且包含一eSPI端口(eSPI port);一I2C端口114,其用於信任平台模組104以及處理器110之間的通訊; 以及一SPI端口(SPI port)116,其用以快閃記憶體106以及處理器110之間的通訊。The detailed block diagram of the controller is drawn below the first figure. The controller includes a
主機執行快閃記憶體指令以及非快閃記憶體指令。為了執行快閃記憶體指令,主機係在eSPI匯流排上與快閃記憶體裝置進行通訊。 在第1圖之示例性SAF組態中,控制器接收且回應主機發出之快閃記憶體指令。The host executes flash memory commands and non-flash memory commands. In order to execute flash memory commands, the host communicates with the flash memory device on the eSPI bus. In the exemplary SAF configuration in Figure 1, the controller receives and responds to flash memory commands issued by the host.
在控制器108中,處理器110經由主機介面112接收快閃記憶體指令。處理器可將一些指令導向非安全性快閃記憶體106,由其直接執行。處理器執行其他指令,例如非安全性快閃記憶體無法執行的指令。其他指令之執行可能會需要存取非安全性快閃記憶體,以及經由I2C端口104存取信任平台模組104。In the
處理器可藉由回傳任何所要求的資料至主機,及/或回傳一指令執行完成的指示,以結束一些快閃記憶體指令。The processor can end some flash memory commands by returning any required data to the host, and/or returning an instruction to complete the execution of the command.
綜上所述,根據第1圖繪示之示例實施例,運算系統可包含一不支援一些安全功能的附屬附加快閃記憶體,其經由控制器連接至主機。 控制器與快閃記憶體以及信任平台模組進行通訊,並通透(transparently)至主機,直接執行或是結合非安全性快閃記憶體及/或信任平台模組執行所有快閃記憶體指令。 因此,本發明之運算系統可實現安全性快閃記憶體功能,其成本比具有快閃記憶體以實現所有快閃記憶體指令之運算系統更低。In summary, according to the exemplary embodiment shown in FIG. 1, the computing system may include an auxiliary flash memory that does not support some security functions, which is connected to the host via the controller. The controller communicates with the flash memory and the trusted platform module, and transparently to the host, executes all flash memory commands directly or in combination with the non-secure flash memory and/or the trusted platform module . Therefore, the computing system of the present invention can implement a secure flash memory function, and its cost is lower than that of a computing system that has a flash memory to implement all flash memory instructions.
第2圖係根據本發明之第二實施例示意性繪示具有主機附加快閃記憶體組態(configuration)之運算系統200之方塊圖。 運算系統包含主機202,其用以執行包含快閃記憶體指令之軟體指令; 一信任平台模組(TPM)204,其用以實現安全功能;一快閃記憶體(在以下內容稱為非安全性快閃記憶體)206,其不支援主機發出給快閃記憶體裝置的一些或是所有指令; 一控制器208,其用以仿真主機202發出要求之快閃記憶體安全功能。FIG. 2 is a block diagram schematically showing a
在第2圖之示例實施例,主機202係在SPI匯流排上與信任平台模組204、控制器208以及非安全性快閃記憶體206進行通訊。可以理解的是,其他實施例可使用其他任何適合匯流排,例如串列式或是並列式匯流排。In the example embodiment in FIG. 2, the
在第2圖之示例實施例,非安全性快閃記憶體206可接收所有快閃記憶體通訊資料; 然而,非安全性快閃記憶體206僅回應其能支援的指令。 例如,若主機202發出一RPMC指令,非安全性快閃記憶體206不支援RPMC指令,則非安全性快閃記憶體206會忽視此指令。In the example embodiment in FIG. 2, the
控制器208的詳細方塊圖係繪示於第2圖之下方。控制器208包含一處理器210; 一主機介面212,其用於主機202以及處理器210之間的通訊;以及一I2C端口214,其用於信任平台模組204以及控制器208之間的通訊。The detailed block diagram of the
為了執行快閃記憶體指令,主機202係在SPI匯流排上與安全性快閃記憶體裝置進行通訊。 當與安全性快閃記憶體進行通訊時,主機202將晶片選擇(CS)線設定有效(assert),且此晶片選擇線(第2圖中以Flash CS表示)係連接至非安全性快閃記憶體206以及控制器208。當主機202發出非安全性快閃記憶體206不支援的一安全相關的指令時,控制器208會讀取並執行此安全相關指令。In order to execute flash memory commands, the
在控制器208中,主機介面212係連接至SPI匯流排,其包含上述的CS線。 處理器210經由主機介面212接收所有來自主機202的快閃記憶體指令。 若處理器210識別出非安全性快閃記憶體206無法執行所接收的指令,例如RPMC指令,則處理器210將執行此指令。當非安全性快閃記憶體206無法執行的指令進行執行時,可能會經由I2C端口104存取信任平台模組204。 例如,若信任平台模組204中有一些RPMC計數器而主機202發出一讀RPCM指令,則處理器210將經由I2C端口214存取信任平台模組204,並要求信任平台模組204回傳儲存在RPCM計數器中的數值。 處理器210接著經由主機介面212回傳所要求到的資料給主機202。In the
藉由回傳任何所要求的資料、及/或回傳指令執行完成的指示,處理器210可結束此多個快閃記憶體指令中的一些。By returning any requested data and/or returning an instruction to complete the execution of the command, the
綜上所述,根據第2圖繪示之示例實施例,運算系統可包含一非安全性快閃記憶體,其經由串列匯流排與控制器並聯並連接至主機。 非安全性快閃記憶體可執行快閃記憶體指令之一子集合(subset),而控制器執行非安全性快閃記憶體不支援的其他快閃記憶體指令。 上述實現安全性快閃記憶體功能的運算系統的成本可比具有安全性快閃記憶體之運算系統更低。In summary, according to the exemplary embodiment shown in FIG. 2, the computing system may include a non-secure flash memory, which is connected in parallel with the controller via the serial bus and connected to the host. Non-secure flash memory can execute a subset of flash memory commands, and the controller executes other flash memory commands that are not supported by non-secure flash memory. The cost of the computing system that implements the secure flash memory function can be lower than that of the computing system with secure flash memory.
第3圖係根據本發明的第三實施方式示意性繪示具有SAF組態之運算系統300之方塊圖。 第3圖繪示之示例實施例係與第1圖之示例實施例相似,而不同處在於第3圖之示例實施例之控制器不是直接耦接至信任平台模組。FIG. 3 is a block diagram schematically showing a
運算系統300包含一主機302,其用以執行包含快閃記憶體指令之軟體指令,其包含安全指令以及非安全指令。 一信任平台模組304,用以實現安全功能;一非安全性快閃記憶體306,其不支援主機發出至快閃記憶體裝置之多個指令的一些或是所有; 以及,一控制器308,用以仿真主機302發出的快閃記憶體安全功能。The
第3圖之示例實施例,主機302係在SPI匯流排上與信任平台模組304進行通訊,並在eSPI匯流排上與控制器308進行通訊; 控制器308在SPI匯流排上與快閃記憶體306進行通訊。可以理解的是,其他實施例可使用其他任何適合匯流排,例如串列式或是並列式匯流排。 在第3圖之示例實施例中,在SAF組態中,快閃記憶體係附加於(attached to)控制器。In the example embodiment in Figure 3, the
主機302執行快閃記憶體指令,其包含非安全性快閃記憶體306可執行的指令以及非安全性快閃記憶體306不支援而會由控制器308執行的指令。The
控制器308之詳細方塊圖係繪示在第3圖之下方。 控制器308包含一處理器310;一主機介面312,用於主機302以及處理器之間的通訊,且包含一eSPI端口; 一SPI端口316,其用於快閃記憶體306以及處理器310之間的通訊。The detailed block diagram of the
主機308係在eSPI匯流排上與快閃記憶體裝置進行通訊。在第3圖之SAF組態之示例中,控制器308係接收且回應主機302發出之快閃記憶體指令。The
在此控制器308中,處理器310經由主機介面312接收快閃記憶體指令。 處理器310可將一些指令導向非安全性快閃記憶體306以直接執行。 或者,處理器310將執行其他指令,例如,非安全性快閃記憶體306無法執行的指令。 其他指令執行時可能會需要經由主機302存取信任平台模組304以及存取非安全性快閃記憶體306。以下將詳細描述。In the
處理器310可回傳任何所要求的資料給主機、及/或回傳表示指令已經執行完成的指示,以結束一些快閃記憶體指令。The
以下將搭配第3圖簡單說明根據本發明的實施例的軟體驅動程式之範例。 在第3圖繪示之示例實施例中,主機302中有至少二驅動程式係同時處於活動狀態,即快閃記憶體應用驅動程式318以及安全服務驅動程式320。Hereinafter, an example of the software driver according to the embodiment of the present invention will be briefly described in conjunction with FIG. 3. In the exemplary embodiment shown in FIG. 3, at least two drivers in the
快閃記憶體應用驅動程式318係提供軟體介面至快閃記憶體裝置。在第3圖之示例實施例中,快閃記憶體應用驅動程式318係與控制器308進行通訊。 然而,所述之驅動程式可與主機在一包含安全性快閃記憶體之運算系統中使用的驅動程式相似(或是相同。快閃記憶體驅動程式318亦可使用於第1以及2圖所示之示例實施例。The flash
安全服務驅動程式320提供一介於安全服務用戶端以及信任平台模組304之間的介面。 在第3圖所示之示例實施例中,處理器310可經由主機介面312要求來自安全服務驅動程式320的信任平台模組服務(TPM service)。 安全服務驅動程式可存取信任平台模組304以執行服務,並經由控制器308之主機介面312回覆處理器310。The
在一些實施例中,在早期開機前階段(類似電腦的ME開機),信任平台模組(TPM)驅動程式尚未啟動,因此信任平台模組無法用於一些安全功能,例如單向性計數器功能。 此時,控制器308可藉由回報儲存在非安全性快閃記憶體內之單向性數值,在上電期間支援追溯(retro-active)RPMC功能,並等待來自信任平台模組之經驗證的單向性計數器之讀數。此單向性計數器之讀數係儲存在一緩衝器中。 若單向性計數器之讀數無法在一預先定義期間內通過驗證,則控制器308可重置或中斷主機302,並發出安全故障之警訊。In some embodiments, in the early pre-boot phase (similar to the ME booting of a computer), the trusted platform module (TPM) driver has not been activated, so the trusted platform module cannot be used for some security functions, such as the one-way counter function. At this time, the
綜上所述,根據第3圖所示之示例實施例,運算系統可包含不支援一些安全功能的附屬附加快閃記憶體(Slave-Attached-Flash),其係經由控制器連接至主機。 控制器不包含對向信任平台模組的介面,而是改成控制器係經由主機運行之服務驅動程式來存取信任平台模組(TPM)。 運算系統實現此安全性快閃記憶體功能的成本係低於具有能實現所有快閃記憶體指令之快閃記憶體的運算系統。In summary, according to the exemplary embodiment shown in FIG. 3, the computing system may include a slave-attached flash memory (Slave-Attached-Flash) that does not support some security functions, which is connected to the host via the controller. The controller does not include an interface to the trusted platform module. Instead, the controller accesses the trusted platform module (TPM) through a service driver running on the host. The cost of the operating system to implement this secure flash memory function is lower than that of an operating system with flash memory that can implement all flash memory instructions.
第4圖係根據本發明的第四實施例示意性繪示具有主機附加快閃記憶體之運算系統400之方塊圖。在本實施例中,控制器包含一信任平台模組。FIG. 4 is a block diagram schematically showing a
運算系統400包含一主機402,其用以執行包含快閃記憶體指令的軟體指令;一非安全性快閃記憶體406; 以及一控制器408,其用以仿真主機402發出要求之快閃記憶體安全功能。The
在第4圖之示例實施例中,主機402在一SPI匯流排上與控制器408以及非安全性快閃記憶體406進行通訊。可以理解的是,其他實施例可使用其他任何適合的匯流排,例如串列式(serial)或是並列式(parallel)匯流排。In the example embodiment of FIG. 4, the
在第4圖之示例實施例中,非安全性快閃記憶體406接收所有快閃記憶體的通訊資料;然而,快閃記憶體406只回應其有支援的指令。 例如,若主機402發布一RPMC指令,而非安全性快閃記憶體406不支援RPMC指令,則非安全性快閃記憶體406將忽視此RPMC指令。In the example embodiment of FIG. 4, the
控制器408之詳細方塊圖係繪示在第4圖之下方。 控制器408包含一處理器410;一主機介面412,其用於主機202以及處理器410之間的通訊;以及一內嵌式信任平台模組(embedded TPM)414,其用以實現安全功能。The detailed block diagram of the
為了執行快閃記憶體指令,主機402係在SPI匯流排上與一安全性快閃記憶體裝置進行通訊。當主機402欲與安全性快閃記憶體進行通訊時,主機402會將晶片選擇(CS)線設定有效,而此CS線係連接至非安全性快閃記憶體406以及控制器408。當主機402發布一安全相關指令,而非安全性快閃記憶體406不支援此安全相關指令時,控制器408會讀取並執行此安全相關指令。In order to execute flash memory commands, the
在此控制器408中,主機介面412係連接至SPI匯流排,其包含上述CS線。 處理器410係經由主機介面412從主機402接收所有快閃記憶體指令。 若處理器410識別出所接收的指令(例如RPMC指令)無法由非安全性快閃記憶體406執行,則將由處理器410執行此指令。 非安全性快閃記憶體406無法執行的指令在執行時可能需要存取嵌入式信任平台模組414。 例如,若嵌入式信任平台模組414中有一些RPMC計數器而主機402發出一讀取RPCM指令,則處理器410將存取嵌入式信任平台模組414並要求嵌入式信任平台模組414回傳儲存在RPCM中的數值。 處理器410接著經由主機介面412將回傳所要求的資料給主機402。In the
處理器410可藉由回傳任何所要求的資料給主機402、及/或回傳指令執行完成之指示,以結束一些快閃記憶體指令。The
綜上所述,根據第4圖繪示之示例實施例,運算系統可包含非安全性快閃記憶體,其經由串列匯流排連接至主機,且與控制器並聯。 非安全性快閃記憶體執行快閃記憶體指令之子集合,而控制器執行非安全性快閃記憶體不支援的快閃記憶體指令。 上述可實現安全性快閃記憶體功能的運算系統的成本係低於具有安全性快閃記憶體之運算系統。In summary, according to the exemplary embodiment shown in FIG. 4, the computing system may include non-secure flash memory, which is connected to the host via a serial bus and is connected in parallel with the controller. Non-secure flash memory executes a sub-set of flash memory commands, and the controller executes flash memory commands that are not supported by non-secure flash memory. The cost of the above-mentioned computing system that can implement the secure flash memory function is lower than that of the computing system with secure flash memory.
第5圖係根據本發明的第五實施例示意性繪示具有SAF組態之運算系統500之方塊圖。在本實施例中,控制器508包含一信任平台模組514,而此非安全性快閃記憶體所用的組態係為附屬附加快閃記憶體(SAF)組態。FIG. 5 is a block diagram schematically showing a
運算系統500包含一主機502,其用以執行多個軟體指令,其包含快閃記憶體指令。 非安全性快閃記憶體506;以及一控制器508,其用以仿真主機502發出要求之快閃記憶體安全功能。The
在第5圖之示例實施例中,主機502傳送包含安全指令之多個快閃記憶體指令給控制器508。 非安全性快閃記憶體506係連接至控制器508。控制器508包含一處理器510、一主機介面512、一嵌入式信任平台模組514以及一SPI端口516。In the example embodiment of FIG. 5, the
在控制器508中,處理器510係經由主機介面512接收快閃記憶體指令。處理器510可將此些指令中的一部分導向非安全性快閃記憶體506以直接執行。 處理器510可執行其他指令,例如,非安全性快閃記憶體506無法執行的指令。此些指令之執行可能需要存取嵌入式信任平台模組514以及存取非安全性快閃記憶體506。In the
處理器510可藉由回傳任何所要求的資料給主機502、及/或回傳指令執行完成之指示,以結束此些快閃記憶體指令之一部分。The
綜上所述,根據第5圖繪示之示例實施例,在SAF組態中,運算系統可包含非安全性快閃記憶體,其經由控制器連接至主機。 控制器執行所有快閃記憶體指令(包含安全相關指令以及非安全相關指令),並存取附加的非安全性快閃記憶體以及內部嵌入式信任平台模組。 上述可實現安全性快閃記憶體功能之運算系統的成本可低於具有安全性快閃記憶體之運算系統。In summary, according to the exemplary embodiment shown in FIG. 5, in the SAF configuration, the computing system may include non-secure flash memory, which is connected to the host via the controller. The controller executes all flash memory commands (including safety-related commands and non-safety-related commands), and accesses additional non-secure flash memory and internal embedded trust platform modules. The cost of the above-mentioned computing system that can realize the security flash memory function can be lower than that of the computing system with the security flash memory.
可以理解的是,第1至5圖繪示之運算系統之實施例係僅為舉例,而非為限制本發明。 本發明之運算系統不限於上述示例實施例。例如,在其他實施例,可使用其他類型之非揮發性記憶體,而連接系統之多種元件的匯流排可與上述實施例之匯流排不同。 在一些實施例中,可包含複數個主機、複數個安全性快閃記憶體裝置、及/或複數個控制器。在一實施例中,單一控制器可耦接複數個快閃記憶體裝置及/或複數個信任平台模組(TPM)。It can be understood that the embodiments of the computing system shown in FIGS. 1 to 5 are only examples, and are not intended to limit the present invention. The computing system of the present invention is not limited to the above exemplary embodiment. For example, in other embodiments, other types of non-volatile memory may be used, and the bus bar connecting various components of the system may be different from the bus bar of the above-mentioned embodiment. In some embodiments, it may include a plurality of hosts, a plurality of security flash memory devices, and/or a plurality of controllers. In one embodiment, a single controller can be coupled to a plurality of flash memory devices and/or a plurality of trusted platform modules (TPM).
在一些實施例中,主機可發布指令以在原子程度上讀取快閃記憶體以及增加RPMC。處理器藉由存取非安全性快閃記憶體之資料以及存取信任平台模組以增加對應的RPMC,以仿真此指令。In some embodiments, the host can issue instructions to atomically read the flash memory and increase the RPMC. The processor adds the corresponding RPMC by accessing the data of the non-secure flash memory and accessing the trusted platform module to simulate this command.
在一些實施例中,單一信任平台模組除了作為信任平台模組服務主機之外,可使用作為電路板上其他元件之一般用途安全NV存儲裝置。在一實施例中,上述控制器之功能可實現在信任平台模組中,而不需要使用控制器。In some embodiments, a single trusted platform module can be used as a general-purpose secure NV storage device for other components on the circuit board in addition to serving as the host of the trusted platform module. In one embodiment, the functions of the above-mentioned controller can be implemented in the trusted platform module without using the controller.
在一些非SAF實施例中,主機用於快閃記憶體的CS線係連接至控制器而非快閃記憶體,而快閃記憶體接收的CS線係連接至控制器而非主機; 回應於控制器從主機接收的CS線,控制器產生CS訊號;而回應於其他快閃記憶體存取週期,控制器啟動以執行安全性快閃記憶體功能。In some non-SAF embodiments, the CS line used by the host for the flash memory is connected to the controller instead of the flash memory, and the CS line received by the flash memory is connected to the controller instead of the host; When the controller receives the CS line from the host, the controller generates a CS signal; and in response to other flash memory access cycles, the controller activates to perform the security flash memory function.
在本發明之一些實施例中,控制器可包含一快取記憶體,用於頻繁存取安全數據,例如金鑰。In some embodiments of the present invention, the controller may include a cache memory for frequent access to secure data, such as keys.
控制器108、208、308、408以及508、或是其元件,可用任何適合硬體來實現,例如特殊應用積體電路(ASIC)或是現場可程式邏輯閘陣列(FPGA)。 在一些實施例中,控制器之一些或是全部元件可使用軟體、硬體、或是硬體以及軟體元件之組合來實現。The
通常,主機102、202、302、402以及502包含一通用處理器,其可用軟體編程以執行上述內容中的功能。 此軟體可從一網路以電子訊號形式下載至處理器,或是可提供及/或儲存在非暫時性有形媒體上,例如磁性記憶體、光學記憶體、或是電子記憶體。Generally, the
雖然本發明以前述之實施例揭露如上,然其並非用以限定本發明,任何熟習相像技藝者,在不脫離本發明之精神和範圍內,當可作些許之更動與潤飾,因此本發明之專利保護範圍須視本說明書所附之申請專利範圍所界定者為準。Although the present invention is disclosed in the foregoing embodiments as above, it is not intended to limit the present invention. Anyone familiar with similar art can make some changes and modifications without departing from the spirit and scope of the present invention. Therefore, the present invention The scope of patent protection shall be determined by the scope of the patent application attached to this specification.
100、200、300、400、500:運算系統
102、202、302、402、502:主機
104、204、304、414、514:TPM
106、206、306、406、506:快閃記憶體
108、208、308、408、508:控制器
110、210、310、410、510:處理器
112、212、312、412、512:主機介面
114、214、414、514:I2C端口
116、316、516:SPI端口
318:快閃記憶體應用驅動程式
320:服務驅動程式100, 200, 300, 400, 500: computing
第1圖係根據本發明之一實施例示意性繪示具有從屬附加快閃記憶體(Slave-Attached-Flash, SAF)組態之運算系統之方塊圖,該SAF組態係執行重放保護單向性計數器(RPMC)快閃記憶體仿真。Figure 1 is a block diagram of a computing system with a Slave-Attached-Flash (Slave-Attached-Flash, SAF) configuration according to an embodiment of the present invention. The SAF configuration executes the replay protection list. The directional counter (RPMC) flash memory emulation.
第2圖係根據本發明的另一實施例示意性繪示具有主機附加快閃記憶體組態(host-attached Flash configuration)之運算系統之方塊圖,該主機附加快閃記憶體組態係執行RPMC快閃記憶體仿真。Figure 2 is a block diagram of a computing system with a host-attached Flash configuration according to another embodiment of the present invention. The host-attached Flash configuration is executed RPMC flash memory emulation.
第3圖係根據本發明的又一實施例示意性繪示具有一SAF組態之運算系統之方塊圖,SAF組態係執行RPMC快閃記憶體仿真。FIG. 3 is a block diagram schematically showing a computing system with a SAF configuration according to another embodiment of the present invention, and the SAF configuration executes RPMC flash memory simulation.
第4圖係根據本發明的再一實施例示意性繪示具有主機附加快閃記憶體組態之運算系統之方塊圖,該主機附加快閃記憶體組態係執行RPMC快閃記憶體仿真。FIG. 4 is a block diagram schematically showing a computing system with a host-attached flash memory configuration according to another embodiment of the present invention, and the host-attached flash memory configuration executes RPMC flash memory emulation.
第5圖係根據本發明的第五實施例示意性繪示具有SAF組態之運算系統之方塊圖,該SAF組態執行RPMC快閃記憶體仿真。FIG. 5 is a block diagram schematically showing a computing system with SAF configuration according to the fifth embodiment of the present invention, and the SAF configuration executes RPMC flash memory simulation.
100:運算系統 100: computing system
102:主機 102: host
104:TPM 104: TPM
106:快閃記憶體 106: flash memory
108:控制器 108: Controller
110:處理器 110: processor
112:主機介面 112: Host Interface
114:I2C端口 114: I2C port
116:SPI端口 116: SPI port
Claims (18)
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US16/503,501 | 2019-07-04 | ||
US16/503,501 US10846438B2 (en) | 2014-07-24 | 2019-07-04 | RPMC flash emulation |
Publications (2)
Publication Number | Publication Date |
---|---|
TW202102999A true TW202102999A (en) | 2021-01-16 |
TWI728572B TWI728572B (en) | 2021-05-21 |
Family
ID=73919520
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW108142984A TWI728572B (en) | 2019-07-04 | 2019-11-26 | Rpmc flash emulation |
Country Status (3)
Country | Link |
---|---|
JP (1) | JP7293163B2 (en) |
CN (1) | CN112181860B (en) |
TW (1) | TWI728572B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI775436B (en) * | 2021-05-17 | 2022-08-21 | 新唐科技股份有限公司 | Bus system |
Family Cites Families (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080320263A1 (en) * | 2007-06-20 | 2008-12-25 | Daniel Nemiroff | Method, system, and apparatus for encrypting, integrity, and anti-replay protecting data in non-volatile memory in a fault tolerant manner |
US8588228B1 (en) * | 2010-08-16 | 2013-11-19 | Pmc-Sierra Us, Inc. | Nonvolatile memory controller with host controller interface for retrieving and dispatching nonvolatile memory commands in a distributed manner |
WO2013095387A1 (en) * | 2011-12-20 | 2013-06-27 | Intel Corporation | Secure replay protected storage |
US9218490B2 (en) * | 2011-12-30 | 2015-12-22 | Intel Corporation | Using a trusted platform module for boot policy and secure firmware |
CN103247612B (en) * | 2013-04-09 | 2015-09-23 | 北京兆易创新科技股份有限公司 | A kind of enhancement mode FLASH chip and a kind of chip packaging method |
TWI640895B (en) * | 2013-07-12 | 2018-11-11 | 華邦電子股份有限公司 | Nonvalatile memory device having authentication, and methods of operation and manufacture thereof |
US9407636B2 (en) * | 2014-05-19 | 2016-08-02 | Intel Corporation | Method and apparatus for securely saving and restoring the state of a computing platform |
US10303880B2 (en) * | 2014-07-24 | 2019-05-28 | Nuvoton Technology Corporation | Security device having indirect access to external non-volatile memory |
US9716710B2 (en) * | 2015-06-26 | 2017-07-25 | Intel Corporation | Technologies for virtualized access to security services provided by a converged manageability and security engine |
-
2019
- 2019-11-26 TW TW108142984A patent/TWI728572B/en active
- 2019-11-27 CN CN201911179841.2A patent/CN112181860B/en active Active
-
2020
- 2020-04-16 JP JP2020073271A patent/JP7293163B2/en active Active
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI775436B (en) * | 2021-05-17 | 2022-08-21 | 新唐科技股份有限公司 | Bus system |
CN115378755A (en) * | 2021-05-17 | 2022-11-22 | 新唐科技股份有限公司 | Bus system |
US11630787B2 (en) | 2021-05-17 | 2023-04-18 | Nuvoton Technology Corporation | Bus system |
CN115378755B (en) * | 2021-05-17 | 2023-12-29 | 新唐科技股份有限公司 | Bus system |
Also Published As
Publication number | Publication date |
---|---|
CN112181860B (en) | 2023-11-24 |
JP7293163B2 (en) | 2023-06-19 |
TWI728572B (en) | 2021-05-21 |
JP2021012679A (en) | 2021-02-04 |
CN112181860A (en) | 2021-01-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10846438B2 (en) | RPMC flash emulation | |
Lentz et al. | Secloak: Arm trustzone-based mobile peripheral control | |
CN106605233B (en) | Providing trusted execution environment using processor | |
EP3582129B1 (en) | Technologies for secure hardware and software attestation for trusted i/o | |
Zhou et al. | Building verifiable trusted path on commodity x86 computers | |
CN109918919B (en) | Management of authentication variables | |
Koeberl et al. | TrustLite: A security architecture for tiny embedded devices | |
US9575790B2 (en) | Secure communication using a trusted virtual machine | |
CN107851162B (en) | Techniques for secure programming of a cryptographic engine for secure I/O | |
US20220171841A1 (en) | Remote attestation for multi-core processor | |
US20180060077A1 (en) | Trusted platform module support on reduced instruction set computing architectures | |
KR20170095161A (en) | Secure system on chip | |
EP3329416B1 (en) | Secure input/output device management | |
US10146962B2 (en) | Method and apparatus for protecting a PCI device controller from masquerade attacks by malware | |
CN107567629B (en) | Dynamic firmware module loader in trusted execution environment container | |
KR102105760B1 (en) | Heterogeneous isolated execution for commodity gpus | |
TWI728572B (en) | Rpmc flash emulation | |
CN113268447A (en) | Computer architecture and access control, data interaction and safe starting method in computer architecture | |
US20230342472A1 (en) | Computer System, Trusted Function Component, and Running Method | |
TWI751962B (en) | Secured device, secured method, secured system, and secured apparatus | |
Kaplan | Hardware VM Isolation in the Cloud: Enabling confidential computing with AMD SEV-SNP technology | |
US11960737B2 (en) | Self-deploying encrypted hard disk, deployment method thereof, self-deploying encrypted hard disk system and boot method thereof | |
US20220222340A1 (en) | Security and support for trust domain operation | |
Kaplan | Hardware VM Isolation in the Cloud | |
Gazidedja | HW-SW architectures for security and data protection at the edge |