TWM643038U - Microcontroller authority management execution system - Google Patents

Microcontroller authority management execution system Download PDF

Info

Publication number
TWM643038U
TWM643038U TW112202460U TW112202460U TWM643038U TW M643038 U TWM643038 U TW M643038U TW 112202460 U TW112202460 U TW 112202460U TW 112202460 U TW112202460 U TW 112202460U TW M643038 U TWM643038 U TW M643038U
Authority
TW
Taiwan
Prior art keywords
mode
microcontroller
memory
user mode
user
Prior art date
Application number
TW112202460U
Other languages
Chinese (zh)
Inventor
連一真
Original Assignee
漢芝電子股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 漢芝電子股份有限公司 filed Critical 漢芝電子股份有限公司
Priority to TW112202460U priority Critical patent/TWM643038U/en
Publication of TWM643038U publication Critical patent/TWM643038U/en

Links

Images

Abstract

A microcontroller authority management execution system includes a microcontroller and a computer device. The computer device sets a user mode and an administrator mode corresponding to memory resources of the microcontroller by using a development software kit through an authority management interface. The computer device indicates available peripheral device sets and function sets for the user mode through the memory resources when the administrator mode is performed. When the peripheral device sets and the function sets are used under the user mode, the peripheral device sets and the function sets are unchangeable.

Description

微控制器之權限管理執行系統Authorization Management Execution System of Microcontroller

本創作揭露一種微控制器之權限管理執行系統,尤指一種具有管理者模式及使用者模式的微控制器之權限管理執行系統。This creation discloses a microcontroller authority management execution system, especially a microcontroller authority management implementation system with a manager mode and a user mode.

隨著科技日新月異,各種微控制器(Microcontroller)也逐漸應用於日常生活中。微控制器可將處理器、記憶體、定時/計數器、以及各種輸入/輸出介面都整合在一塊積體電路晶片上,因此也稱為微型計算機。現行的微控制器支援32位元以及64位元的可信賴執行環境(Trusted Execution Environment,TEE)。可信賴執行環境是專用於運作安全關鍵任務的環境,可以保證其中的程式和資料在機密性和完整性上得到保護。With the rapid development of science and technology, various microcontrollers (Microcontroller) are gradually used in daily life. A microcontroller can integrate a processor, memory, timer/counter, and various input/output interfaces on an integrated circuit chip, so it is also called a microcomputer. Current microcontrollers support 32-bit and 64-bit Trusted Execution Environment (TEE). A Trusted Execution Environment is an environment dedicated to operating security-critical missions, in which programs and data can be guaranteed to be protected in terms of confidentiality and integrity.

可信賴執行環境根據硬體廠商出廠時的設定規劃,給不同層級的使用者對應的資源使用。然而,現行的微控制器的TEE機制缺乏彈性以應用於各種場景。舉例而言,如果有程式開發者想要保護自己的設計資源,呼叫和返回各個安全領域將會非常複雜。The Trusted Execution Environment provides corresponding resource usage for users at different levels according to the hardware manufacturer's factory setting plan. However, the current TEE mechanism of microcontrollers lacks the flexibility to be applied in various scenarios. For example, if an application developer wants to protect his own design resources, calling and returning various security fields will be very complicated.

本創作一實施例提出一種微控制器之權限管理執行系統。微控制器之權限管理執行系統包含微控制器及電腦裝置。微控制器包含使用者模式區域及管理者模式區域。使用者模式區域包含使用者模式應用模組、使用者模式記憶體模組、使用者模式中斷請求模組及使用者模式輸入/輸出模組。使用者模式記憶體模組耦接於使用者模式應用模組。使用者模式中斷請求模組耦接於使用者模式記憶體模組。使用者模式輸入/輸出模組耦接於使用者模式中斷請求模組。管理者模式區域包含管理者模式應用模組、管理者模式記憶體模組、管理者模式中斷請求模組及管理者模式輸入/輸出模組。管理者模式記憶體模組耦接於管理者模式應用模組。管理者模式中斷請求模組耦接於管理者模式記憶體模組。管理者模式輸入/輸出模組耦接於管理者模式中斷請求模組。電腦裝置耦接於微控制器,用以設定微控制器。電腦裝置透過權限管理介面,利用開發軟體套件設定微控制器之記憶體資源對應管理者模式區域下的管理者模式及使用者模式區域下的使用者模式。電腦裝置設定在管理者模式下,透過記憶體資源指向所設定的管理者模式應用模組內之周邊裝置集合及函式集合給使用者模式下使用。在使用者模式下使用周邊裝置集合及函式集合時,周邊裝置集合及函式集合無法更改。An embodiment of the present invention proposes a microcontroller authority management execution system. The authority management execution system of the microcontroller includes a microcontroller and a computer device. The microcontroller includes a user mode area and a supervisor mode area. The user mode area includes a user mode application module, a user mode memory module, a user mode interrupt request module and a user mode input/output module. The user mode memory module is coupled to the user mode application module. The user mode interrupt request module is coupled to the user mode memory module. The user mode input/output module is coupled to the user mode interrupt request module. The supervisor mode area includes a supervisor mode application module, a supervisor mode memory module, a supervisor mode interrupt request module and a supervisor mode input/output module. The supervisor mode memory module is coupled to the supervisor mode application module. The supervisor mode interrupt request module is coupled to the supervisor mode memory module. The supervisor mode I/O module is coupled to the supervisor mode interrupt request module. The computer device is coupled to the microcontroller for setting the microcontroller. Through the authority management interface, the computer device uses the development software kit to set the memory resources of the microcontroller to correspond to the administrator mode in the administrator mode area and the user mode in the user mode area. The computer device is set in the manager mode, and the set of peripheral devices and function sets in the set manager mode application module are pointed to for use in the user mode through the memory resource. When using peripheral set and function set in user mode, peripheral set and function set cannot be changed.

第1圖係為本創作之微控制器之權限管理執行系統100之實施例的方塊圖。微控制器之權限管理執行系統100包含微控制器10以及電腦裝置PC。微控制器100的各種軟體、硬體甚至周邊設備可以劃分為兩區。例如,在第1圖中,微控制器10可分為使用者模式區域10U以及管理者模式區域10A。使用者模式區域10U對應後文所述的使用者模式,具有較低的管理權限。管理者模式區域10A對應後文所述的管理者模式,具有較高的管理權限。使用者模式區域10U包含使用者模式應用模組10U1、使用者模式記憶體模組10U2、使用者模式中斷請求(Interrupt Request、IRQ)模組10U3以及使用者模式輸入/輸出模組10U4。使用者模式應用模組10U1包含使用者可操作的物件、應用函式或屬性。使用者模式記憶體模組10U2可為使用者專屬配置的靜態隨機存取記憶體(Static Random Access Memory,SRAM)。使用者模式記憶體模組10U2耦接於使用者模式應用模組10U1。使用者模式中斷請求模組10U3耦接於使用者模式記憶體模組10U2。於此說明,中斷請求可以暫時停止正在運行的程序,並允許運行特殊程序(如中斷處理程序)。在實作上,中斷請求可由一個帶有IRQ格式的索引標識。使用者模式輸入/輸出模組10U4耦接於使用者模式中斷請求模組10U3。使用者模式輸入/輸出模組10U4可為控制使用者可用的如非同步收發傳輸器(Universal Asynchronous Receiver/Transmitter,UART)、通用型之輸入輸出(General-Purpose Input/output,GPIO)或是外圍周邊裝置等等。管理者模式區域10A包含管理者模式應用模組10A1、管理者模式記憶體模組10A2、管理者模式中斷請求模組10A3以及管理者模式輸入/輸出模組10A4。管理者模式應用模組10A1包含管理者可操作的物件、應用函式或屬性。管理者模式記憶體模組10A2可為使用者專屬配置的靜態隨機存取記憶體。管理者模式記憶體模組10A2耦接於管理者模式應用模組10A1。管理者模式中斷請求模組10A3耦接於管理者模式記憶體模組10A2。管理者模式輸入/輸出模組10A4耦接於管理者模式中斷請求模組10A3。管理者模式輸入/輸出模組10A4可為控制管理者可用的如非同步收發傳輸器、通用型之輸入輸出或是外圍周邊裝置等等。電腦裝置PC耦接於微控制器10,用以設定微控制器10。在微控制器之權限管理執行系統100中,電腦裝置PC可透過權限管理介面,並利用開發軟體套件設定微控制器10之記憶體資源對應管理者模式區域10A下的管理者模式及使用者模式區域10U下的使用者模式。電腦裝置10可以設定在管理者模式下,透過記憶體資源指向所設定的管理者模式應用模組內之周邊裝置集合及函式集合給使用者模式下使用。由於在管理者模式下的權限大於使用者模式,因此管理者模式下可以「配置」一些諸如周邊裝置及函式庫等資源,給使用者模式下使用。然而,由於使用者權限較低,故在使用者模式下使用管理者配置之周邊裝置集合及函式集合時,周邊裝置集合及該函式集合是無法更改的,也無法瀏覽其原始碼內容。微控制器10還可以包含特定檔案暫存器10B。特定檔案暫存器10B用以存放特定檔案或特殊檔案,可以指定在使用者模式下及/或管理者模式下使用。FIG. 1 is a block diagram of an embodiment of the authority management execution system 100 of the microcontroller of the present invention. The microcontroller authority management execution system 100 includes a microcontroller 10 and a computer device PC. Various software, hardware and even peripheral devices of the microcontroller 100 can be divided into two areas. For example, in FIG. 1 , the microcontroller 10 can be divided into a user mode area 10U and an administrator mode area 10A. The user mode area 10U corresponds to the user mode described later, and has relatively low management authority. The administrator mode area 10A corresponds to the administrator mode described later, and has higher management authority. The user mode area 10U includes a user mode application module 10U1 , a user mode memory module 10U2 , a user mode interrupt request (Interrupt Request, IRQ) module 10U3 and a user mode I/O module 10U4. The user-mode application module 10U1 includes user-operable objects, application functions or attributes. The user mode memory module 10U2 may be a Static Random Access Memory (SRAM) configured exclusively for the user. The user mode memory module 10U2 is coupled to the user mode application module 10U1. The user mode interrupt request module 10U3 is coupled to the user mode memory module 10U2. As explained here, an interrupt request can temporarily stop a running program and allow a special program (such as an interrupt handler) to run. In practice, an interrupt request can be identified by an index with an IRQ format. The user mode input/output module 10U4 is coupled to the user mode interrupt request module 10U3. The user mode input/output module 10U4 can be used to control users such as asynchronous transceiver transmitter (Universal Asynchronous Receiver/Transmitter, UART), general-purpose input and output (General-Purpose Input/output, GPIO) or peripheral Peripherals and more. The supervisor mode area 10A includes a supervisor mode application module 10A1 , a supervisor mode memory module 10A2 , a supervisor mode interrupt request module 10A3 and a supervisor mode input/output module 10A4 . The administrator mode application module 10A1 includes objects, application functions or attributes operable by the administrator. The supervisor mode memory module 10A2 can be a static random access memory configured exclusively for the user. The administrator mode memory module 10A2 is coupled to the administrator mode application module 10A1. The supervisor mode interrupt request module 10A3 is coupled to the supervisor mode memory module 10A2. The supervisor mode I/O module 10A4 is coupled to the supervisor mode interrupt request module 10A3. The administrator mode I/O module 10A4 can be used to control administrators, such as asynchronous transceivers, general-purpose input/output or peripheral devices, and the like. The computer device PC is coupled to the microcontroller 10 for setting the microcontroller 10 . In the authority management execution system 100 of the microcontroller, the computer device PC can set the memory resources of the microcontroller 10 to correspond to the administrator mode and the user mode under the administrator mode area 10A through the authority management interface and using the development software kit User mode under area 10U. The computer device 10 can be set to be in the manager mode, and the set of peripheral devices and function sets in the set manager mode application module can be pointed to for use in the user mode through the memory resource. Since the authority in the administrator mode is greater than that in the user mode, some resources such as peripheral devices and libraries can be "configured" in the administrator mode for use in the user mode. However, due to the low user authority, when using the peripheral device set and function set configured by the administrator in the user mode, the peripheral device set and the function set cannot be changed, and the source code content cannot be browsed. The microcontroller 10 may also include a specific file register 10B. The specific file register 10B is used to store specific files or special files, and can be designated to be used in the user mode and/or the administrator mode.

第2圖係為微控制器之權限管理執行系統100中,管理者模式以及使用者模式在記憶體資源內配置的示意圖。如前述提及,微控制器10內包含管理者模式記憶體模組10A2以及使用者模式記憶體模組10U2。管理者模式記憶體模組10A2以及使用者模式記憶體模組10U2對應的記憶體位址是分開的,細節如下。管理者模式的一般資料可配置於記憶體資源的第一記憶體區間SRAM_NA1中。因此,第一記憶體區間SRAM_NA1也可稱為管理者的一般記憶體區間SRAM_NA1。使用者模式的一般資料可配置於記憶體資源的第二記憶體區間SRAM_NU1中。因此,第二記憶體區間SRAM_NU1也可稱為使用者的一般記憶體區間SRAM_NU1。管理者模式的安全資料可配置於記憶體資源的第三記憶體區間SRAM_SECA1中。因此,第三記憶體區間SRAM_SECA1也可稱為管理者的安全記憶體區間SRAM_SECA1。使用者模式的安全資料可配置於記憶體資源的第四記憶體區間中SRAM_SECU1。因此,第四記憶體區間SRAM_SECU1也可稱為使用者的安全記憶體區間SRAM_SECU1。因此,管理者的一般記憶體區間SRAM_NA1以及使用者的一般記憶體區間SRAM_NU1屬於一般記憶體區間SRAM_N。一般記憶體區間SRAM_N可以存取一般安全層級的資料。管理者的安全記憶體區間SRAM_SECA1以及使用者的安全記憶體區間SRAM_SECU1屬於安全記憶體區間SRAM_SEC。在實作上,安全記憶體區間SRAM_SEC可用硬體以資料打亂方式(如Scramble)儲存於實體的隨機存取記憶體中,因此具有較高的安全層級,可以存取較為機密的資料。或者,可以產生映射表(Mapping Table),依據映射表,對應記憶體資源中輸出位址及輸入位址,如此可加強安全性。映射表可由複數個隨機亂數產生。例如,該些隨機亂數可用物理不可仿製功能(Physical Unclonable Function,PUF)的亂數源生成。並且,管理者的一般記憶體區間SRAM_NA1、使用者的一般記憶體區間SRAM_NU1、管理者的安全記憶體區間SRAM_SECA1及使用者的安全記憶體區間SRAM_SECU1不會重疊。FIG. 2 is a schematic diagram of the configuration of the administrator mode and the user mode in memory resources in the authority management execution system 100 of the microcontroller. As mentioned above, the microcontroller 10 includes a supervisor mode memory module 10A2 and a user mode memory module 10U2. The memory addresses corresponding to the supervisor mode memory module 10A2 and the user mode memory module 10U2 are separated, and the details are as follows. The general data of the supervisor mode can be allocated in the first memory area SRAM_NA1 of the memory resource. Therefore, the first memory section SRAM_NA1 can also be called the general memory section SRAM_NA1 of the manager. The general data of the user mode can be allocated in the second memory area SRAM_NU1 of the memory resource. Therefore, the second memory section SRAM_NU1 can also be called the user's general memory section SRAM_NU1. The security data of the supervisor mode can be allocated in the third memory section SRAM_SECA1 of the memory resource. Therefore, the third memory section SRAM_SECA1 can also be called the administrator's secure memory section SRAM_SECA1. The security data of the user mode can be allocated in the fourth memory section SRAM_SECU1 of the memory resource. Therefore, the fourth memory section SRAM_SECU1 can also be called the user's secure memory section SRAM_SECU1. Therefore, the general memory area SRAM_NA1 of the administrator and the general memory area SRAM_NU1 of the user belong to the general memory area SRAM_N. The general memory area SRAM_N can access data of general security level. The administrator's secure memory section SRAM_SECA1 and the user's secure memory section SRAM_SECU1 belong to the secure memory section SRAM_SEC. In practice, the secure memory section SRAM_SEC can be stored in the physical random access memory by hardware in a data scrambled manner (such as scramble), so it has a higher security level and can access more confidential data. Alternatively, a mapping table (Mapping Table) can be generated to correspond to the output address and the input address in the memory resource according to the mapping table, which can enhance security. The mapping table can be generated by a plurality of random random numbers. For example, the random random numbers can be generated by a Physical Unclonable Function (PUF) random number source. Moreover, the administrator's normal memory section SRAM_NA1 , the user's normal memory section SRAM_NU1 , the administrator's secure memory section SRAM_SECA1 , and the user's secure memory section SRAM_SECU1 do not overlap.

第3圖係為微控制器之權限管理執行系統100中,權限管理介面UI的示意圖。權限管理介面UI可為第3圖所示的模式,但不以此為限制,任何合理的介面變更都屬於本創作所揭露的範疇。權限管理介面UI可為開發軟體套件產生,用以在電腦裝置PC端設定微控制器10。權限管理介面UI可以包含多個視窗,例如視窗W1至W5。管理者可以開啟權限管理介面UI設定各種不同的參數。舉例而言,管理者可以透過視窗W1,分配管理者可用的靜態隨機存取記憶體大小,其包含前述提及之一般記憶體區間(如6KB)以及安全記憶體區間(如2KB)。剩下的一般記憶體區間以及安全記憶體區間則會分配給使用者。管理者可以透過視窗W2,分配管理者可用的快閃記憶體(Flash)以及電子抹除式可複寫唯讀記憶體(Electrically-Erasable Programmable Read-Only Memory,EEPROM)大小,如設定快閃記憶體為64KB且EEPROM為7.5KB。管理者可以透過視窗W3,設定周邊裝置特權(Peripheral Privilege)的權限,如利用勾選與下拉選單的方式選擇管理者模式下可用的周邊裝置。管理者可以透過視窗W4,設定通用型之輸入輸出(GPIO)每個腳位特權(GPIO Privilege)的權限,如利用勾選與下拉選單的方式選擇管理者模式下可用的通用型之輸入輸出腳位。管理者可以透過視窗W5,設定系統控制參數特權的權限,如利用勾選與下拉選單的方式選擇管理者模式下可控制的參數。然而,第3圖所示的視窗位置,介面調整模式,介面參數設定方法以及模板並不會侷限於本創作。FIG. 3 is a schematic diagram of the authority management interface UI in the authority management execution system 100 of the microcontroller. The rights management interface UI can be in the mode shown in Figure 3, but it is not limited thereto, and any reasonable interface changes belong to the category disclosed in this creation. The authority management interface UI can be generated by a development software kit for configuring the microcontroller 10 on the PC side of the computer device. The rights management interface UI may include multiple windows, such as windows W1 to W5. The administrator can open the authority management interface UI to set various parameters. For example, the administrator can allocate the SRAM size available to the administrator through the window W1, which includes the above-mentioned general memory interval (eg 6KB) and secure memory interval (eg 2KB). The rest of the general memory area and the security memory area will be allocated to the user. The administrator can allocate the flash memory (Flash) and the electronically erasable rewritable read-only memory (Electrically-Erasable Programmable Read-Only Memory, EEPROM) size available to the administrator through the window W2, such as setting the flash memory is 64KB and EEPROM is 7.5KB. The administrator can set the Peripheral Privilege authority through the window W3, such as selecting the available peripheral devices in the administrator mode by using check boxes and drop-down menus. The administrator can set the authority of each pin privilege (GPIO Privilege) of the general-purpose input and output (GPIO) through the window W4, such as using the check box and the drop-down menu to select the general-purpose input and output pins available in the administrator mode bit. The administrator can set the authority to control the parameter privileges of the system through the window W5, such as selecting the parameters that can be controlled in the administrator mode by using the check box and the drop-down menu. However, the window positions, interface adjustment modes, interface parameter setting methods and templates shown in Figure 3 are not limited to this creation.

第4圖係為微控制器之權限管理執行系統100中,執行開機程序的流程圖。第5圖微控制器之權限管理執行系統100中,開機唯讀記憶體11與摘要檢視器12在匹配時的示意圖。微控制器之權限管理執行系統100執行開機程序的流程包含步驟S401制步驟S411。任何合理的步驟變更或是技術置換都屬於本創作所揭露的範疇。步驟S401制步驟S411描述於下: 步驟S401: 微控制器10初始化; 步驟S402: 微控制器10透過開發軟體套件與電腦裝置PC同步; 步驟S403: 進入寫入模式; 步驟S404: 判斷是否離開寫入模式,若是,進入步驟S405;若否,返回步驟S403; 步驟S405: 執行安全開機程序; 步驟S406: 檢查管理者摘要資料; 步驟S407: 管理者摘要資料是否通過檢查,若是,進入步驟S408;若否,進入步驟S411; 步驟S408: 檢查使用者摘要資料; 步驟S409: 使用者摘要資料是否通過檢查,若是,進入步驟S410;若否,進入步驟S411; 步驟S410: 進入待命狀態。 步驟S411: 產生開機失敗訊息。 FIG. 4 is a flow chart of executing the boot program in the authority management execution system 100 of the microcontroller. FIG. 5 is a schematic diagram of the match between the boot ROM 11 and the summary viewer 12 in the authorization management execution system 100 of the microcontroller. The process of executing the boot program by the authority management execution system 100 of the microcontroller includes step S401 to step S411. Any reasonable step change or technical replacement belongs to the category disclosed in this creation. Step S401 to step S411 is described as follows: Step S401: microcontroller 10 initialization; Step S402: The microcontroller 10 is synchronized with the computer device PC through the development software kit; Step S403: enter write mode; Step S404: Judging whether to leave the writing mode, if so, enter step S405; if not, return to step S403; Step S405: Execute the secure boot procedure; Step S406: Check manager summary data; Step S407: Whether the summary information of the manager passes the inspection, if yes, go to step S408; if not, go to step S411; Step S408: Check user summary data; Step S409: Whether the user summary information is checked, if yes, go to step S410; if not, go to step S411; Step S410: Enter the standby state. Step S411: A boot failure message is generated.

當電腦裝置PC透過開發軟體套件與微控制器10連線後,在步驟S401中,微控制器10可以被初始化。接著,微控制器10透過開發軟體套件與電腦裝置PC同步。在步驟S403中,微控制器10進入寫入模式。在步驟S404中,電腦裝置PC判斷微控制器10是否離開寫入模式。若離開寫入模式,則進入步驟S405,執行安全開機程序。若尚未離開寫入模式,返回步驟S403。安全開機程序可以參閱第5圖,在實作上可以用第一硬體以及第二硬體來檢測是否匹配。若第一硬體以及第二硬體匹配,則通過安全性開機的驗證。舉例而言,第一硬體可為開機唯讀記憶體(Boot Read-Only Memory),且第二硬體可為摘要檢測(Digest Check)器。開機唯讀記憶體11與摘要檢視器12的內容可利用預定位元長度的字串以檢查是否匹配。舉例而言,開機唯讀記憶體11與摘要檢視器12的內容可利用256位元的雜湊(Hash)碼進行比較,以確定是否匹配。之後的步驟都是依據第5圖的安全開機匹配方法而完成。在步驟S406中,檢查管理者摘要資料。接著,摘要檢視器12中的管理者摘要資料會與開機唯讀記憶體11比較,在步驟S407中,若管理者摘要資料通過檢查,則進入步驟S408。若管理者摘要資料沒有通過檢查,表示匹配失敗,進入步驟S411產生開機失敗訊息。在步驟S408中,摘要檢視器12中的使用者摘要資料會與開機唯讀記憶體11比較,在步驟S409中,若使用者摘要資料通過檢查,則進入步驟S410。若使用者摘要資料沒有通過檢查,表示匹配失敗,進入步驟S411產生開機失敗訊息。換句話說,由於微控制器之權限管理執行系統100可以將不同硬體之間的字串檢查以判定是否開機,因此具備高度的安全性。After the computer device PC is connected to the microcontroller 10 through the development software kit, in step S401, the microcontroller 10 can be initialized. Then, the microcontroller 10 is synchronized with the computer device PC through the development software kit. In step S403, the microcontroller 10 enters the write mode. In step S404, the computer device PC determines whether the microcontroller 10 is out of the writing mode. If leaving the writing mode, enter step S405 to execute a secure boot procedure. If the writing mode has not been left, return to step S403. Please refer to Figure 5 for the secure boot procedure. In practice, the first hardware and the second hardware can be used to check whether they match. If the first hardware and the second hardware match, then the verification of safe boot is passed. For example, the first hardware can be a Boot Read-Only Memory, and the second hardware can be a Digest Checker. The content of the boot ROM 11 and the summary viewer 12 can use a predetermined bit length string to check for a match. For example, the contents of the boot ROM 11 and the summary viewer 12 can be compared using a 256-bit hash code to determine whether they match. Subsequent steps are all completed according to the secure boot matching method shown in FIG. 5 . In step S406, the manager's summary information is checked. Next, the manager summary data in the summary viewer 12 will be compared with the boot ROM 11. In step S407, if the manager summary data passes the check, then go to step S408. If the administrator's summary information does not pass the check, it means that the matching fails, and then proceed to step S411 to generate a boot failure message. In step S408, the user summary data in the summary viewer 12 will be compared with the boot ROM 11, and in step S409, if the user summary data pass the check, then go to step S410. If the user summary data does not pass the check, it means that the matching fails, and the process proceeds to step S411 to generate a boot failure message. In other words, since the permission management execution system 100 of the microcontroller can check the string between different hardware to determine whether to boot, it has a high degree of security.

微控制器之權限管理執行系統100之任何合理的權限設定或是函式呼叫都屬於本創作所揭露的範疇。舉例而言,微控制器10可以是16位元的微控制器。微控制器之權限管理執行系統100可以取得一組中斷向量資源,並利用開發軟體套件將該組中斷向量資源指向管理者模式及使用者模式。如前述提及,管理者模式具有較高的權限,因此在管理者模式下,可以使用微控制器的全部的中斷向量資源。並且,在管理者模式下,也可以規劃該組中斷向量資源中,於使用者模式下可被呼叫的中斷向量資源。在另一個實施例中,微控制器之權限管理執行系統100可以取得特殊中斷向量。管理者模式利用特殊中斷向量,在執行完函式後進入使用者模式。接著,由使用者模式再進入管理者模式,並利用特殊字串寫入特別記憶體位置。於此,若在管理者模式下預先保留使用者模式的副程式呼叫,則使用者模式進入管理者模式執行完副程式呼叫後,可返回使用者模式。微控制器之權限管理執行系統100還可以引入密碼的機制以增加安全性。舉例而言,微控制器之權限管理執行系統100可以設定管理者模式密碼。因此,進入管理者模式時,開發軟體套件可以認證管理者模式密碼,以保護管理者模式下所設定的周邊裝置集合的參數及函式集合。Any reasonable permission setting or function calling of the permission management execution system 100 of the microcontroller belongs to the category disclosed in this invention. For example, the microcontroller 10 can be a 16-bit microcontroller. The permission management execution system 100 of the microcontroller can obtain a set of interrupt vector resources, and use the development software kit to direct the set of interrupt vector resources to the supervisor mode and the user mode. As mentioned above, the supervisor mode has higher authority, so in the supervisor mode, all the interrupt vector resources of the microcontroller can be used. Moreover, in the manager mode, it is also possible to plan the interrupt vector resources that can be called in the user mode in the group of interrupt vector resources. In another embodiment, the permission management execution system 100 of the microcontroller can obtain a special interrupt vector. The manager mode uses a special interrupt vector to enter the user mode after executing the function. Then, enter the manager mode again from the user mode, and use the special character string to write the special memory location. Here, if the subroutine call of the user mode is reserved in advance in the manager mode, the user mode can return to the user mode after entering the manager mode and executing the subroutine call. The authority management execution system 100 of the microcontroller can also introduce a password mechanism to increase security. For example, the authority management execution system 100 of the microcontroller can set the administrator mode password. Therefore, when entering the administrator mode, the development software package can authenticate the administrator mode password to protect the parameters and function sets of the set of peripheral devices set in the administrator mode.

第6圖係為微控制器之權限管理執行系統100運行微控制器之權限管理方法的流程圖。微控制器之權限管理方法的流程包含步驟S601至步驟S604。任何合理的技術變更都屬於本創作所揭露的範疇。步驟S601至步驟S604描述於下: 步驟S601: 提供微控制器10; 步驟S602: 產生權限管理介面UI; 步驟S603: 透過權限管理介面UI,利用開發軟體套件設定微控制器10之記憶體資源對應的管理者模式及使用者模式; 步驟S604: 在管理者模式下,透過記憶體資源指向所設定的周邊裝置集合及函式集合給使用者模式下使用。 FIG. 6 is a flow chart of the microcontroller authority management execution system 100 operating the microcontroller authority management method. The flow of the permission management method of the microcontroller includes step S601 to step S604. Any reasonable technical changes belong to the category disclosed in this creation. Step S601 to step S604 are described as follows: Step S601: providing a microcontroller 10; Step S602: Generate the rights management interface UI; Step S603: Through the authority management interface UI, use the development software kit to set the administrator mode and user mode corresponding to the memory resources of the microcontroller 10; Step S604: In the manager mode, the set peripheral device set and function set are pointed to by the memory resource for use in the user mode.

步驟S601至步驟S604的細節已於前文中詳述,故於此將不再贅述。微控制器之權限管理執行系統100由於可以將微控制器所用的函式、功能以及周邊裝置獨立地設定其權限,因此適用於各種場景以及各種應用,除了具備高資料保護能力外,更具備高度的操作彈性。The details of step S601 to step S604 have been described above in detail, so they will not be repeated here. The permission management execution system 100 of the microcontroller can independently set the permissions of the functions, functions and peripheral devices used by the microcontroller, so it is suitable for various scenarios and applications. In addition to having high data protection capabilities, it also has high operating flexibility.

綜上所述,本創作描述一種微控制器之權限管理執行方法以及微控制器之權限管理執行系統。微控制器之權限管理執行系統可以透過權限管理介面,將微控制器所用的函式、功能以及周邊裝置獨立地設定其權限。例如在管理者模式下將被設定較高的權限,而在使用者模式下將被設定較低的權限。因此,由於微控制器所用的函式、功能以及周邊裝置可以獨立地設定其權限,因此本創作的權限管理執行系統適用於各種場景以及各種應用,除了具備高資料保護能力外,更具備高度的操作彈性。To sum up, this creation describes a microcontroller rights management execution method and a microcontroller rights management execution system. The authority management execution system of the microcontroller can independently set the authority of the functions, functions and peripheral devices used by the microcontroller through the authority management interface. For example, a higher authority will be set in the administrator mode, and a lower authority will be set in the user mode. Therefore, since the functions, functions and peripheral devices used by the microcontroller can independently set their permissions, the permission management execution system of this creation is suitable for various scenarios and applications. In addition to having high data protection capabilities, it also has a high degree of Operational flexibility.

100:微控制器之權限管理執行系統 10:微控制器 11:開機唯讀記憶體 12:摘要檢視器 PC:電腦裝置 10U:使用者模式區域 10A:管理者模式區域 10U1:使用者模式應用模組 10U2:使用者模式記憶體模組 10U3:使用者模式中斷請求模組 10U4:使用者模式輸入/輸出模組 10A1:管理者模式應用模組 10A2:管理者模式記憶體模組 10A3:管理者模式中斷請求模組 10A4:管理者模式輸入/輸出模組 10B:特定檔案暫存器 UI:權限管理介面 SRAM_N:一般記憶體區間 SRAM_SEC:安全記憶體區間 SRAM_NA1:管理者的一般記憶體區間 SRAM_NU1:使用者的一般記憶體區間 SRAM_SECA1:管理者的安全記憶體區間 SRAM_SECU1:使用者的安全記憶體區間 W1至W5:視窗 S401至S411:步驟 S601至S604:步驟 100: Authority Management Execution System of Microcontroller 10: Microcontroller 11:Boot read-only memory 12:Summary Viewer PC: computer device 10U: User Mode Area 10A: Manager mode area 10U1: User Mode Application Module 10U2: User Mode Memory Module 10U3: User mode interrupt request module 10U4: User mode input/output module 10A1: Manager mode application module 10A2: Supervisor Mode Memory Module 10A3: Supervisor mode interrupt request module 10A4: Supervisor mode input/output module 10B: Specific file temporary register UI: permission management interface SRAM_N: general memory area SRAM_SEC: Secure memory interval SRAM_NA1: general memory area of the manager SRAM_NU1: User's general memory area SRAM_SECA1: Secure memory area of the manager SRAM_SECU1: user's security memory area W1 to W5: Windows S401 to S411: Steps S601 to S604: Steps

第1圖係為本創作之微控制器之權限管理執行系統之實施例的方塊圖。 第2圖係為第1圖之微控制器之權限管理執行系統中,管理者模式以及使用者模式在記憶體資源內配置的示意圖。 第3圖係為第1圖之微控制器之權限管理執行系統中,權限管理介面的示意圖。 第4圖係為第1圖之微控制器之權限管理執行系統中,執行開機程序的流程圖。 第5圖係為第1圖之微控制器之權限管理執行系統中,開機唯讀記憶體與摘要檢視器在匹配時的示意圖。 第6圖係為第1圖之微控制器之權限管理執行系統運行微控制器之權限管理方法的流程圖。 Fig. 1 is a block diagram of an embodiment of the authority management execution system of the microcontroller of the present invention. FIG. 2 is a schematic diagram of the configuration of the administrator mode and the user mode in the memory resources in the authority management execution system of the microcontroller in FIG. 1 . Figure 3 is a schematic diagram of the authority management interface in the authority management execution system of the microcontroller in Figure 1. Fig. 4 is a flow chart of executing the boot program in the authority management execution system of the microcontroller in Fig. 1. Fig. 5 is a schematic diagram of the matching between the boot ROM and the summary viewer in the authority management execution system of the microcontroller in Fig. 1. Fig. 6 is a flow chart of the authorization management method for operating the microcontroller in the authorization management execution system of the microcontroller in Fig. 1.

100:微控制器之權限管理執行系統 100: Authority Management Execution System of Microcontroller

10:微控制器 10: Microcontroller

PC:電腦裝置 PC: computer device

10U:使用者模式區域 10U: User Mode Area

10A:管理者模式區域 10A: Manager mode area

10U1:使用者模式應用模組 10U1: User Mode Application Module

10U2:使用者模式記憶體模組 10U2: User Mode Memory Module

10U3:使用者模式中斷請求模組 10U3: User mode interrupt request module

10U4:使用者模式輸入/輸出模組 10U4: User mode input/output module

10A1:管理者模式應用模組 10A1: Manager mode application module

10A2:管理者模式記憶體模組 10A2: Supervisor Mode Memory Module

10A3:管理者模式中斷請求模組 10A3: Supervisor mode interrupt request module

10A4:管理者模式輸入/輸出模組 10A4: Supervisor mode input/output module

10B:特定檔案暫存器 10B: Specific file temporary register

UI:權限管理介面 UI: permission management interface

Claims (10)

一種微控制器之權限管理執行系統,包含: 一微控制器,包含: 一使用者模式區域,包含: 一使用者模式應用模組; 一使用者模式記憶體模組,耦接於該使用者模式應用模組; 一使用者模式中斷請求模組,耦接於該使用者模式記憶體模組;及 一使用者模式輸入/輸出模組,耦接於該使用者模式中斷請求模組;及 一管理者模式區域,包含: 一管理者模式應用模組; 一管理者模式記憶體模組,耦接於該管理者模式應用模組; 一管理者模式中斷請求模組,耦接於該管理者模式記憶體模組;及 一管理者模式輸入/輸出模組,耦接於該管理者模式中斷請求模組;及 一電腦裝置,耦接於該微控制器,用以設定該微控制器; 其中該電腦裝置透過一權限管理介面,利用一開發軟體套件設定該微控制器之記憶體資源對應該管理者模式區域下的一管理者模式及該使用者模式區域下的一使用者模式,該電腦裝置設定在該管理者模式下,透過該記憶體資源指向所設定的該管理者模式應用模組內之周邊裝置集合及函式集合給該使用者模式下使用,且在該使用者模式下使用該周邊裝置集合及該函式集合時,該周邊裝置集合及該函式集合無法更改。 A permission management execution system for a microcontroller, comprising: A microcontroller, comprising: a user mode area, including: a user mode application module; a user mode memory module coupled to the user mode application module; a user mode interrupt request module coupled to the user mode memory module; and a user mode input/output module coupled to the user mode interrupt request module; and A manager mode area, including: A manager mode application module; a manager mode memory module coupled to the manager mode application module; a supervisor mode interrupt request module coupled to the supervisor mode memory module; and a supervisor mode input/output module coupled to the supervisor mode interrupt request module; and a computer device coupled to the microcontroller for setting the microcontroller; Wherein the computer device uses a development software kit to set the memory resources of the micro-controller to correspond to an administrator mode under the administrator mode area and a user mode under the user mode area through an authority management interface, the The computer device is set in the manager mode, and the set of peripheral devices and function sets in the manager mode application module are pointed to for use in the user mode through the memory resource, and in the user mode When using the set of peripheral devices and the set of functions, the set of peripheral devices and the set of functions cannot be changed. 如請求項1所述之系統,其中該微控制器是十六位元的微控制器,該電腦裝置設定該微控制器取得一組中斷向量資源,該電腦裝置利用該開發軟體套件將該組中斷向量資源指向該管理者模式及該使用者模式,該電腦裝置在該管理者模式下授權使用該微控制器的全部的中斷向量資源,且該電腦裝置在該管理者模式下規劃該組中斷向量資源中,於該使用者模式下被授權呼叫的中斷向量資源。The system as described in claim 1, wherein the microcontroller is a sixteen-bit microcontroller, the computer device sets the microcontroller to obtain a group of interrupt vector resources, and the computer device uses the development software kit to obtain the set The interrupt vector resource points to the manager mode and the user mode, the computer device is authorized to use all the interrupt vector resources of the microcontroller in the manager mode, and the computer device plans the set of interrupts in the manager mode Among the vector resources, the interrupt vector resources that are authorized to be called in the user mode. 如請求項1所述之系統,其中該電腦裝置設定該微控制器取得特殊中斷向量,該電腦裝置於該管理者模式下,利用該特殊中斷向量,在執行完一函式後進入該使用者模式,再由該使用者模式進入該管理者模式後,利用一特殊字串寫入一特別記憶體位置,且若在該管理者模式下預先保留該使用者模式的一副程式呼叫,該使用者模式進入該管理者模式執行完該副程式呼叫後,返回該使用者模式。The system as described in claim 1, wherein the computer device sets the microcontroller to obtain a special interrupt vector, and the computer device uses the special interrupt vector in the supervisor mode to enter the user after executing a function mode, and then enter the administrator mode from the user mode, use a special character string to write a special memory location, and if a subprogram call of the user mode is reserved in advance in the administrator mode, the use After the manager mode enters the manager mode and executes the subroutine call, it returns to the user mode. 如請求項1所述之系統,其中該電腦裝置產生一映射表,並依據該映射表,對應該記憶體資源中輸出位址及輸入位址,且該映射表係由複數個隨機亂數產生。The system as described in Claim 1, wherein the computer device generates a mapping table, and according to the mapping table, corresponds to the output address and the input address in the memory resource, and the mapping table is generated by a plurality of random random numbers . 如請求項4所述之系統,其中該些隨機亂數係以一物理不可仿製功能(Physical Unclonable Function,PUF)的亂數源生成。The system as claimed in claim 4, wherein the random numbers are generated by a physical unclonable function (Physical Unclonable Function, PUF) source of random numbers. 如請求項1所述之系統,其中該電腦裝置設定管理者模式密碼,及在進入管理者模式時,該開發軟體套件認證該管理者模式密碼,以保護管理者模式下設定的該周邊裝置集合的參數及該函式集合。The system as described in claim 1, wherein the computer device is set with an administrator mode password, and when entering the administrator mode, the development software kit authenticates the administrator mode password to protect the set of peripheral devices set in the administrator mode The parameters and collection of the function. 如請求項1所述之系統,其中該電腦裝置將該管理者模式的一般資料配置於該記憶體資源的一第一記憶體區間中、將該使用者模式的一般資料配置於該記憶體資源的一第二記憶體區間中、將該管理者模式的安全資料配置於該記憶體資源的一第三記憶體區間中、將該使用者模式的安全資料配置於該記憶體資源的一第四記憶體區間中,且該第一記憶體區間、該第二記憶體區間、該第三記憶體區間及該第四記憶體區間不重疊。The system as described in claim 1, wherein the computer device allocates the general data of the administrator mode in a first memory section of the memory resource, and allocates the general data of the user mode in the memory resource In a second memory section of the memory resource, the security data of the administrator mode is allocated in a third memory section of the memory resource, and the security data of the user mode is allocated in a fourth memory section of the memory resource In the memory section, the first memory section, the second memory section, the third memory section and the fourth memory section do not overlap. 如請求項1所述之系統,其中該電腦裝置啟動安全性開機,並檢查該微控制器內的一第一硬體以及一第二硬體是否匹配,若該第一硬體以及該第二硬體匹配,則通過該安全性開機的一驗證,該第一硬體包含一開機唯讀記憶體(Boot Read-Only Memory),且該第二硬體包含一摘要檢測(Digest Check)器。The system as described in claim 1, wherein the computer device starts a secure boot, and checks whether a first hardware and a second hardware in the microcontroller match, if the first hardware and the second If the hardware matches, a verification of the secure boot is passed. The first hardware includes a boot read-only memory (Boot Read-Only Memory), and the second hardware includes a digest check (Digest Check) device. 如請求項8所述之系統,其中該開機唯讀記憶體與該摘要檢測器是利用一預定位元長度的字串以檢查是否匹配。The system of claim 8, wherein the boot ROM and the digest detector use a string of predetermined bit length to check for a match. 如請求項1所述之系統,其中該管理者模式具有較高的管理權限,且該使用者模式具有較低的管理權限。The system according to claim 1, wherein the administrator mode has higher management authority, and the user mode has lower management authority.
TW112202460U 2023-03-20 2023-03-20 Microcontroller authority management execution system TWM643038U (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW112202460U TWM643038U (en) 2023-03-20 2023-03-20 Microcontroller authority management execution system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW112202460U TWM643038U (en) 2023-03-20 2023-03-20 Microcontroller authority management execution system

Publications (1)

Publication Number Publication Date
TWM643038U true TWM643038U (en) 2023-06-21

Family

ID=87805393

Family Applications (1)

Application Number Title Priority Date Filing Date
TW112202460U TWM643038U (en) 2023-03-20 2023-03-20 Microcontroller authority management execution system

Country Status (1)

Country Link
TW (1) TWM643038U (en)

Similar Documents

Publication Publication Date Title
US11741230B2 (en) Technologies for secure hardware and software attestation for trusted I/O
US10831886B2 (en) Virtual machine manager facilitated selective code integrity enforcement
US8074262B2 (en) Method and apparatus for migrating virtual trusted platform modules
US7975117B2 (en) Enforcing isolation among plural operating systems
US20110138166A1 (en) Extensible Pre-Boot Authentication
US10528749B2 (en) Methods and apparatus for containerized secure computing resources
KR20010040979A (en) Stack-based access control
US20170185344A1 (en) Memory access control
US11575672B2 (en) Secure accelerator device pairing for trusted accelerator-to-accelerator communication
US20090307451A1 (en) Dynamic logical unit number creation and protection for a transient storage device
CN116010957A (en) Multiple physical request interfaces for secure processor
US20220159004A1 (en) Method for granting access to objects in a computerized system, computer program product, and field device
US10387681B2 (en) Methods and apparatus for controlling access to secure computing resources
TWM643038U (en) Microcontroller authority management execution system
US20170115911A1 (en) Memory access control
González Operating Security System Support for Run-Time Security with a Trusted Execution Environment
TWI833533B (en) Key management device, processor chip and method for avoid using incomplete keys
CN112784263B (en) Bit-locked disk handler management system and method
Zhou On-demand Isolated I/O for Security-sensitive Applications on Commodity Platforms
Savagaonkar Memory enclaves with software configuration information
CN116318658A (en) Key verification method, device, electronic equipment and medium of trust domain expansion medium