US20020166065A1 - Method and system for providing security to processors - Google Patents
Method and system for providing security to processors Download PDFInfo
- Publication number
- US20020166065A1 US20020166065A1 US10/137,005 US13700502A US2002166065A1 US 20020166065 A1 US20020166065 A1 US 20020166065A1 US 13700502 A US13700502 A US 13700502A US 2002166065 A1 US2002166065 A1 US 2002166065A1
- Authority
- US
- United States
- Prior art keywords
- memory
- processor
- external
- status
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1416—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
- G06F12/1425—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block
- G06F12/1433—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block for a module or a part of a module
Definitions
- the present invention relates to security methods for use in microcontroller-based products. More particularly, the present invention relates to security methods to facilitate the security of programs and data located in microcontroller-based products.
- microcontroller-based products use various types of processors, such as general purpose microprocessors, for controlling the operation of various digital devices, such as clock radios, microwave ovens, digital video recorders, and the like, and special purpose microprocessors, such as math coprocessors for mathematical computations, or digital signal processors used to manipulate various types of information, including sound, imaging, and video information.
- processors such as general purpose microprocessors, for controlling the operation of various digital devices, such as clock radios, microwave ovens, digital video recorders, and the like
- special purpose microprocessors such as math coprocessors for mathematical computations, or digital signal processors used to manipulate various types of information, including sound, imaging, and video information.
- a microcontroller typically includes a central processing unit (“CPU”) core to perform the processing functions and a bus interface for communication with the various memory devices as well as external or other peripheral devices.
- CPU central processing unit
- bus interface for communication with the various memory devices as well as external or other peripheral devices.
- the microcontroller may include various types of memory.
- the microcontroller may include Random Access Memory (“RAM”) as well as Read-Only Memory (“ROM”).
- RAM Random Access Memory
- ROM Read-Only Memory
- the microcontroller may also include flash memory which can be erased and reprogrammed.
- microcontrollers For the transmitting and receiving of data between various devices and components, microcontrollers, and other devices utilize various types of serial interfaces.
- One such type of interface definition typically used is the serial peripheral interface (“SPI”).
- SPI serial peripheral interface
- the microcontrollers For the temporary storage of data, for example, to permit the microcontrollers to manipulate the data before transferring the data through the SPI to another device, the microcontrollers generally utilize one or more buffers. These buffers are configured with the SPI to enable the processors to transmit and receive data to and from the buffers as needed in an application.
- Microcontrollers may be produced as self-contained devices. That is, they are produced as products that include a processor as well as a memory containing a program. In some instances, the program may be pre-loaded in the memory, and the processor with program may be purchased as a complete unit. It may not be desirable to have the contents of the program become available to the public, if the entity that created the program wishes to protect its intellectual property in the program.
- Microcontroller 100 suitably comprises a central processing unit (CPU) core 102 configured for the processing of data, and a bus interface 104 for communication with the various memory or input and output devices.
- microcontroller 100 can comprise various types of memory.
- microcontroller 100 can comprise an internal CPU static random access memory (SRAM) 106 that can provide very low access time, e.g., as low as 10 nanoseconds.
- SRAM CPU static random access memory
- microcontroller 100 can also include data memory 114 which may also comprise SRAM-type memory, and read-only memory (ROM) 116 .
- microcontroller 100 can also include flash memory for the programming and storage of data, such as a page of memory 124 comprising, for example, 32 KB of data storage, as well as a smaller configuration of flash memory 126 , comprising, for example, 128 kilobits of data storage.
- microcontroller 100 may also include a serial peripheral interface (SPI) 110 which can communicate with the CPU memory 106 via direct memory access (DMA) 112 , i.e., SPI 110 can transfer data from main memory to a device without passing the data through the CPU.
- SPI serial peripheral interface
- DMA direct memory access
- microcontroller 100 may also include various input/output devices.
- an I/O port device 118 can be provided, as well as a breakpoint device 120 .
- microcontroller 100 can also include a system clock 130 for providing the clock cycles for triggering various functions and sequences during operation.
- Microcontroller 100 may also include a Power On Reset (POR) 128 for use during ramping up of a power supply.
- POR Power On Reset
- External Address Enable pin on the 8051 microprocessor (EAn).
- the processor uses internal memory (memory 126 and memory 124 , for example) for access to program and data memory.
- the processor is able to fetch code from memory locations which are external to microcontroller 100 .
- Such a feature enables a microcontroller to access larger amounts of code than is available from microcontroller 100 alone.
- the ability to fetch code from external memory locations can be exploited in an unscrupulous manner.
- an unauthorized user may be able to force EAn to a low state to enable external memory accesses.
- the unauthorized user could then create a program located in external memory where the program is configured to download the program located on the microcontroller by switching EAn to a high state, a condition which enables reads from internal memory, thus permitting the unauthorized user to read the contents of the internal memory or otherwise access the contents of the internal memory.
- I/O ports can be accessed in some instances. For example, if EAn is set high, the internal memory is being accessed, but the data retrieved on the internal memory may be viewable at certain I/O ports. In those situations, although the processor is accessing internal memory, microcontroller 100 outputs those contents of the internal memory to the I/O ports. By monitoring I/O ports, such as the P 0 port on the 8051 microprocessor, an unauthorized user may be able to monitor the contents of the internal program and data memory from the I/O port and thus have access to intellectual property.
- I/O ports such as the P 0 port on the 8051 microprocessor
- a further security problem that may be present is the ability to re-program flash memory.
- a supplier of microcontrollers will typically enable the microcontroller to be programmed by a vendor, so it can be used in a specific application.
- a company which manufactures power meters may buy microcontroller 100 and program the microcontroller to perform certain functions.
- flash memory can facilitate the programming because a flash memory is more easily reprogrammed with changes to a desired program.
- a ROM may be copied through the use of photography to produce an optical mask, such a technique is not possible with flash memory.
- the power meter company ships its product to end users, it may not want the program and data used in the power meter to be accessible by, e.g., possible competitors.
- a device and method according to the present invention addresses many of the shortcomings of the prior art.
- an improved security scheme is provided to prevent the unauthorized access to program and data information.
- the security method comprises sampling of an external address access pin at startup or reset events such that an unauthorized user is unable to switch from internal memory access to external memory access, in between results/start ups, in order to gain access to information stored in the processor/memory combination.
- the security method involves masking data on the input/output ports of the processor such that internal memory accesses cannot be monitored.
- the security method includes a configuration which prevents the dumping or selective reprogramming of the contents of a flash memory.
- FIG. 1 illustrates a block diagram of an exemplary microcontroller in accordance with an exemplary embodiment of the present invention
- FIG. 2 shows an exemplary method for securing a micrcontroller in accordance with an exemplary embodiment of the present invention
- FIG. 3 shows an exemplary method for securing a microcontroller by masking an output pin in accordance with an exemplary embodiment of the present invention
- FIG. 4 illustrates a method which combines security methods in accordance with an exemplary embodiment of the present invention.
- FIG. 5 illustrates a method for securing the flash memory of a microcontroller in accordance with an exemplary embodiment of the present invention.
- the present invention may be described herein in terms of various functional components and various processing steps. It should be appreciated that such functional components may be realized by a number of hardware or structural components configured to perform the specified functions.
- the present invention may employ various integrated components, e.g., buffers, voltage and current references, memory components and the like, comprised of various electrical devices, e.g., resistors, transistors, capacitors, diodes or other devices, whose values may be suitably configured for various intended purposes.
- the present invention may be practiced in any microprocessor-based application.
- various components may be suitably coupled or connected to other components within exemplary circuits, such connections and couplings can be realized by direct connection between components, or by connection through other components and devices located therebetween.
- a security problem involving EAn may exist in certain processors, such as those based on the Intel 8051 architecture.
- the above-described technique of holding EAn to a low state to read the contents of the memory is prevented from working by partially disabling the operation of EAn.
- this may be accomplished in the following manner.
- the processor samples EAn to determine if internal memory or external memory is to be used, i.e., to determine if EAn is enabled (step 204 ). If external memory is to be accessed, the processor accesses external memory to run the appropriate programs (step 206 ). In the event internal memory is used, the processor executes the program located in internal memory (step 208 ). After sampling the value of EAn at power-on or reset, the processor will ignore future changes to the status of EAn and limit memory accesses to the type of memory selected upon power-on or reset (step 210 ).
- EAn is only checked upon a power-on or reset.
- a program running from internal memory begins execution, a program running from external memory cannot begin.
- no access to internal memory is allowed, as only one of external memory or internal memory can be accessed.
- Another possible security weakness is the ability to monitor the contents of a processor's memory by monitoring the P 0 port.
- An exemplary embodiment of the present invention protects against such a method of hacking by masking port P 0 when an internal memory access is detected. This may be accomplished by forcing port P 0 to logic level 0 during internal memory accesses. Thus, an unauthorized user will be unable to determine the contents of the memory bus during internal memory accesses.
- step 302 a determination is made to as to whether or not an internal memory access is desired (step 302 ). If so, then pin P 0 is masked such that only zeroes are output on pin P 0 (step 304 ). It should be understood that pin P 0 can also be masked to a logical-high state in accordance with other exemplary embodiments.
- step 306 operation of the processor continues (step 306 ). If an external memory access is desired, pin P 0 is used in traditional fashion to transmit data and address information (step 305 ), then operation of the processor continues (step 306 ).
- the feature discussed with respect to FIG. 3 can be combined with the feature discussed in FIG. 2.
- An exemplary combination of these features is shown in FIG. 4.
- a determination can be made whether only internal memory will be used by determining the status of EAn (step 404 ).
- EAn is enabled, pin P 0 can be masked to a high or low state (step 406 ). If it is determined that external memory is used, pin P 0 can be configured to operate in the traditional manner (step 407 ). Regardless of the state of EAn, operation of the processor will resume (step 408 ) and future changes to the value of EAn will be ignored (step 410 ).
- step 410 may be a continuing
- an exemplary embodiment of the present invention uses a programmable bit within the controller that instructs the controller that the only operation allowed during reprogramming is a mass erase of the contents of the flash memory.
- a page erase of an individual page of the flash memory is allowed.
- Such a feature may be accomplished through the use of a programmable security bit which indicates if flash memory dumps are allowed. In this manner, during debugging, the dumping of flash memory contents is allowed for testing purposes. However, once debugging has been accomplished, a user can turn on the security bit such that no memory dumps are possible.
- the security bit is stored in flash memory and is read once, during a power-on/reset.
- unauthorized users are prevented from reprogramming portions of the code, which some may desire to do for nefarious reasons, e.g., to make a device fail. Users are also prevented from dumping the contents of the flash memory into another device for examination and possible duplication.
- the programmable bit can prevent all accesses to the flash memory except for a mass erase of the entire contents followed by a mass read of new contents. It is important to also mention the erase order during a mass erase. When a mass erase occurs, the internal program is erased first, then the security bit is erased. If the order were reversed, it may be possible for an unauthorized user to power-off the system after the first erase (of the security bit). Then the unauthorized user can power on the system with the security bit cleared and the program running. The unauthorized user would then be able to download the program. However, if the program is erased before the security bit is erased such a situation would be prevented.
- the microcontroller determines if the programmable security bit is set (step 504 ). If the programmable security bit is set, flash memory commands are disabled (step 506 ). It should be understood that it is not necessary for all the flash memory commands to be disabled, as the mass erase of flash memory may still be available.
- the normal operation of the processor then proceeds (step 508 ). If the programmable security bit is not set, then the flash memory commands are set. (step 507 ). Then normal operation of the processor then proceeds (step 508 ).
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Software Systems (AREA)
- Storage Device Security (AREA)
Abstract
There are various methods of securing programs and data on a processor. The external address enable pin of the processor is sampled upon a power-on or reset to the processor, to determine whether or not accesses to external memory are allowed. Other changes to the external address enable pin are thereafter ignored. In addition, if it is determined that an internal memory access is occurring, the contents of such an access can be masked to prevent unauthorized viewing of the memory contents via an external memory bus. In addition, a programmable security bit may be set to disable the dumping of flash memory contents, allowing only the erasing of the flash memory.
Description
- This application claims priority from U.S. Provisional Patent Application serial No. 60/288,914, filed May 4, 2001.
- The present invention relates to security methods for use in microcontroller-based products. More particularly, the present invention relates to security methods to facilitate the security of programs and data located in microcontroller-based products.
- The demand for high performance, microcontroller-based products for use in communication and processing applications continues to increase rapidly. As a result, microcontroller-based product manufacturers are typically requiring that the components and devices within these products be regularly improved to meet the design requirements of a myriad of emerging audio, video, and imaging applications.
- These microcontroller-based products use various types of processors, such as general purpose microprocessors, for controlling the operation of various digital devices, such as clock radios, microwave ovens, digital video recorders, and the like, and special purpose microprocessors, such as math coprocessors for mathematical computations, or digital signal processors used to manipulate various types of information, including sound, imaging, and video information.
- A microcontroller typically includes a central processing unit (“CPU”) core to perform the processing functions and a bus interface for communication with the various memory devices as well as external or other peripheral devices.
- For the storage of data, the microcontroller may include various types of memory. For example, the microcontroller may include Random Access Memory (“RAM”) as well as Read-Only Memory (“ROM”). In addition, the microcontroller may also include flash memory which can be erased and reprogrammed.
- For the transmitting and receiving of data between various devices and components, microcontrollers, and other devices utilize various types of serial interfaces. One such type of interface definition typically used is the serial peripheral interface (“SPI”). In addition, for the temporary storage of data, for example, to permit the microcontrollers to manipulate the data before transferring the data through the SPI to another device, the microcontrollers generally utilize one or more buffers. These buffers are configured with the SPI to enable the processors to transmit and receive data to and from the buffers as needed in an application.
- Microcontrollers may be produced as self-contained devices. That is, they are produced as products that include a processor as well as a memory containing a program. In some instances, the program may be pre-loaded in the memory, and the processor with program may be purchased as a complete unit. It may not be desirable to have the contents of the program become available to the public, if the entity that created the program wishes to protect its intellectual property in the program.
- With reference to FIG. 1, an
exemplary microcontroller 100 is illustrated.Microcontroller 100 suitably comprises a central processing unit (CPU)core 102 configured for the processing of data, and abus interface 104 for communication with the various memory or input and output devices. For the storage of data,microcontroller 100 can comprise various types of memory. For example,microcontroller 100 can comprise an internal CPU static random access memory (SRAM) 106 that can provide very low access time, e.g., as low as 10 nanoseconds. In addition,microcontroller 100 can also includedata memory 114 which may also comprise SRAM-type memory, and read-only memory (ROM) 116. Still further,microcontroller 100 can also include flash memory for the programming and storage of data, such as a page ofmemory 124 comprising, for example, 32 KB of data storage, as well as a smaller configuration offlash memory 126, comprising, for example, 128 kilobits of data storage. For the transmitting and receiving of data between various components,microcontroller 100 may also include a serial peripheral interface (SPI) 110 which can communicate with theCPU memory 106 via direct memory access (DMA) 112, i.e.,SPI 110 can transfer data from main memory to a device without passing the data through the CPU. - In addition,
microcontroller 100 may also include various input/output devices. For example, an I/O port device 118 can be provided, as well as abreakpoint device 120. Further,microcontroller 100 can also include asystem clock 130 for providing the clock cycles for triggering various functions and sequences during operation.Microcontroller 100 may also include a Power On Reset (POR) 128 for use during ramping up of a power supply. - It has been discovered that certain systems, including several systems based on the Intel 8051 microprocessor architecture, as well as other systems based on architectures with similar features, may be vulnerable to various types of security breaches.
- For example, there is an External Address Enable pin on the 8051 microprocessor (EAn). In certain configurations, when the voltage at this pin is high, the processor uses internal memory (
memory 126 andmemory 124, for example) for access to program and data memory. When the voltage at this pin is held low, the processor is able to fetch code from memory locations which are external tomicrocontroller 100. - Such a feature enables a microcontroller to access larger amounts of code than is available from
microcontroller 100 alone. However, the ability to fetch code from external memory locations can be exploited in an unscrupulous manner. For example, an unauthorized user may be able to force EAn to a low state to enable external memory accesses. The unauthorized user could then create a program located in external memory where the program is configured to download the program located on the microcontroller by switching EAn to a high state, a condition which enables reads from internal memory, thus permitting the unauthorized user to read the contents of the internal memory or otherwise access the contents of the internal memory. - Another possible security problem with microcontroller systems is that the input/output (“I/O”) ports can be accessed in some instances. For example, if EAn is set high, the internal memory is being accessed, but the data retrieved on the internal memory may be viewable at certain I/O ports. In those situations, although the processor is accessing internal memory,
microcontroller 100 outputs those contents of the internal memory to the I/O ports. By monitoring I/O ports, such as the P0 port on the 8051 microprocessor, an unauthorized user may be able to monitor the contents of the internal program and data memory from the I/O port and thus have access to intellectual property. - A further security problem that may be present is the ability to re-program flash memory. A supplier of microcontrollers will typically enable the microcontroller to be programmed by a vendor, so it can be used in a specific application. For example, a company which manufactures power meters may buy
microcontroller 100 and program the microcontroller to perform certain functions. The use of flash memory can facilitate the programming because a flash memory is more easily reprogrammed with changes to a desired program. While a ROM may be copied through the use of photography to produce an optical mask, such a technique is not possible with flash memory. However, when the power meter company ships its product to end users, it may not want the program and data used in the power meter to be accessible by, e.g., possible competitors. - When one attempts to program a flash memory, there may be several options available. Certain memory locations or groups of memory locations (such as pages of memory) may be accessed at one time. An additional option that may be used by an unauthorized user to “dump” the contents of the memory in order to determine the contents of the flash memory.
- Accordingly, a need exists to solve the above-mentioned potential security problems in microcontollers and processors.
- A device and method according to the present invention addresses many of the shortcomings of the prior art. In accordance with various aspects of the present invention, an improved security scheme is provided to prevent the unauthorized access to program and data information.
- In accordance with an exemplary embodiment, the security method comprises sampling of an external address access pin at startup or reset events such that an unauthorized user is unable to switch from internal memory access to external memory access, in between results/start ups, in order to gain access to information stored in the processor/memory combination.
- In accordance with another aspect of the present invention, the security method involves masking data on the input/output ports of the processor such that internal memory accesses cannot be monitored.
- In accordance with a further aspect of the present invention, the security method includes a configuration which prevents the dumping or selective reprogramming of the contents of a flash memory.
- A more complete understanding of the present invention may be derived by referring to the detailed description and claims when considered in connection with the Figure, where:
- FIG. 1 illustrates a block diagram of an exemplary microcontroller in accordance with an exemplary embodiment of the present invention;
- FIG. 2 shows an exemplary method for securing a micrcontroller in accordance with an exemplary embodiment of the present invention;
- FIG. 3 shows an exemplary method for securing a microcontroller by masking an output pin in accordance with an exemplary embodiment of the present invention;
- FIG. 4 illustrates a method which combines security methods in accordance with an exemplary embodiment of the present invention; and
- FIG. 5 illustrates a method for securing the flash memory of a microcontroller in accordance with an exemplary embodiment of the present invention.
- The present invention may be described herein in terms of various functional components and various processing steps. It should be appreciated that such functional components may be realized by a number of hardware or structural components configured to perform the specified functions. For example, the present invention may employ various integrated components, e.g., buffers, voltage and current references, memory components and the like, comprised of various electrical devices, e.g., resistors, transistors, capacitors, diodes or other devices, whose values may be suitably configured for various intended purposes. In addition, the present invention may be practiced in any microprocessor-based application. Further, it should be noted that while various components may be suitably coupled or connected to other components within exemplary circuits, such connections and couplings can be realized by direct connection between components, or by connection through other components and devices located therebetween.
- As described above, a security problem involving EAn may exist in certain processors, such as those based on the Intel 8051 architecture. In accordance with one aspect of the present invention, the above-described technique of holding EAn to a low state to read the contents of the memory is prevented from working by partially disabling the operation of EAn.
- With additional reference to FIG. 2, this may be accomplished in the following manner. In accordance with an exemplary embodiment, upon the startup (i.e., the powering on) or the reset of the processor (step202), the processor samples EAn to determine if internal memory or external memory is to be used, i.e., to determine if EAn is enabled (step 204). If external memory is to be accessed, the processor accesses external memory to run the appropriate programs (step 206). In the event internal memory is used, the processor executes the program located in internal memory (step 208). After sampling the value of EAn at power-on or reset, the processor will ignore future changes to the status of EAn and limit memory accesses to the type of memory selected upon power-on or reset (step 210).
- It can be seen that a security risk is drastically reduced through the use of such an exemplary scheme. Under the prior art scheme discussed earlier, the typical method of examining the contents of memory is to start the processor running the program located in internal memory such that internal memory is accessible. Then EAn would be changed such that a program located in external memory is running and internal memory is accessible.
- In contrast, under an exemplary embodiment of the present invention as discussed above, EAn is only checked upon a power-on or reset. Thus, once a program running from internal memory begins execution, a program running from external memory cannot begin. In a similar manner, once a program is running from external memory, no access to internal memory is allowed, as only one of external memory or internal memory can be accessed.
- As described above, another possible security weakness is the ability to monitor the contents of a processor's memory by monitoring the P0 port. An exemplary embodiment of the present invention protects against such a method of hacking by masking port P0 when an internal memory access is detected. This may be accomplished by forcing port P0 to logic level 0 during internal memory accesses. Thus, an unauthorized user will be unable to determine the contents of the memory bus during internal memory accesses.
- For example, with reference to FIG. 3, an exemplary method for preventing such unauthorized use is illustrated. Initially, a determination is made to as to whether or not an internal memory access is desired (step302). If so, then pin P0 is masked such that only zeroes are output on pin P0 (step 304). It should be understood that pin P0 can also be masked to a logical-high state in accordance with other exemplary embodiments. Following masking
step 304, operation of the processor continues (step 306). If an external memory access is desired, pin P0 is used in traditional fashion to transmit data and address information (step 305), then operation of the processor continues (step 306). It should be understood that the above-described steps may be carried out upon the execution of any instruction. However, such an execution at every step may result in an unwanted performance reduction. It should be understood that the order of steps is not material and may vary from the order in which the steps are presented in FIG. 3. - In accordance with another exemplary embodiment, the feature discussed with respect to FIG. 3 can be combined with the feature discussed in FIG. 2. An exemplary combination of these features is shown in FIG. 4. After power-on or reset (step402), a determination can be made whether only internal memory will be used by determining the status of EAn (step 404). At that time, if EAn is enabled, pin P0 can be masked to a high or low state (step 406). If it is determined that external memory is used, pin P0 can be configured to operate in the traditional manner (step 407). Regardless of the state of EAn, operation of the processor will resume (step 408) and future changes to the value of EAn will be ignored (step 410). In a controller used with both internal and external memory, the accesses to internal memory can still be masked through the use of an exemplary embodiment of the present invention. Accesses to the external memory remain unmasked. It should be understood that the order of steps may vary from the order in which the steps are presented in FIG. 4. For example, step 410 may be a continuing
- As described above, another potential security weakness of a processor is the ability to “dump” the contents of the flash memory. In order to prevent such a situation, an exemplary embodiment of the present invention uses a programmable bit within the controller that instructs the controller that the only operation allowed during reprogramming is a mass erase of the contents of the flash memory. In accordance with another exemplary embodiment, a page erase of an individual page of the flash memory is allowed.
- Such a feature may be accomplished through the use of a programmable security bit which indicates if flash memory dumps are allowed. In this manner, during debugging, the dumping of flash memory contents is allowed for testing purposes. However, once debugging has been accomplished, a user can turn on the security bit such that no memory dumps are possible. The security bit is stored in flash memory and is read once, during a power-on/reset.
- Thus, unauthorized users are prevented from reprogramming portions of the code, which some may desire to do for nefarious reasons, e.g., to make a device fail. Users are also prevented from dumping the contents of the flash memory into another device for examination and possible duplication. The programmable bit can prevent all accesses to the flash memory except for a mass erase of the entire contents followed by a mass read of new contents. It is important to also mention the erase order during a mass erase. When a mass erase occurs, the internal program is erased first, then the security bit is erased. If the order were reversed, it may be possible for an unauthorized user to power-off the system after the first erase (of the security bit). Then the unauthorized user can power on the system with the security bit cleared and the program running. The unauthorized user would then be able to download the program. However, if the program is erased before the security bit is erased such a situation would be prevented.
- With reference to FIG. 5, the operation of this exemplary feature will be described in more detail. After power-on/reset (step502), the microcontroller determines if the programmable security bit is set (step 504). If the programmable security bit is set, flash memory commands are disabled (step 506). It should be understood that it is not necessary for all the flash memory commands to be disabled, as the mass erase of flash memory may still be available. The normal operation of the processor then proceeds (step 508). If the programmable security bit is not set, then the flash memory commands are set. (step 507). Then normal operation of the processor then proceeds (step 508).
- The present invention has been described above with reference to an exemplary embodiment. However, those skilled in the art will recognize that changes and modifications may be made to the exemplary embodiment without departing from the scope of the present invention. For example, the various components may be implemented in alternate ways, such as varying or alternating the steps in different orders. These alternatives can be suitably selected depending upon the particular application or in consideration of any number of factors associated with the operation of the system. In addition, the techniques described herein may be extended or modified for use with other types of devices, in addition to the microprocessor or to any other master or slave devices. These and other changes or modifications are intended to be included within the scope of the present invention.
Claims (18)
1. A method of securing the contents of the memory in a microprocessor system comprising:
determining, after a power-on/reset of the microprocessor, the status of an external addressing status pin; and
preventing accesses to external addresses if said external addressing pin is set.
2. The method of claim 1 further comprising:
ignoring subsequent changes to the status of the external addressing status pin.
3. The method of claim 1 further comprising:
masking the memory output ports such that the results of a memory access is not accessible through monitoring of the memory output ports.
4. The method of claim 1 wherein said microprocessor system comprises a microcontroller.
5. A method of securing the contents of the memory in a microprocessor system comprising:
determining, upon a power-on/reset of the microprocessor, the status of a programmable security bit; and
disabling flash memory commands in the event that the programmable security bit is set, such that a disabled flash memory command has no effect on the microprocessor system.
6. The method of claim 5 wherein said disabling step allows for mass erasure of the contents of the flash memory.
7. The method of claim 6 wherein said disabling step disables all flash memory commands except mass erasure.
8. The method of claim 5 wherein said microprocessor system comprises a microcontroller.
9. A method of securing the contents of the memory in a processor system comprising:
determining whether a particular memory access requests access to external memory; and
in the event that the memory access does not request access to external memory, masking the memory output ports such that the result of the memory access is not accessible through monitoring of the processor.
10. The method of claim 9 wherein said determining and masking steps occur with each processor access to memory.
11. The method of claim 9 further comprising:
performing a power-on/reset of the processor; and
ascertaining the status of an external addressing status pin;
wherein said determining step follows said ascertaining step; and
said masking step masks the memory output ports until the processor experiences a power-on/reset.
12. The method of claim 11 further comprising:
preventing memory accesses to external addresses.
13. The method of claim 11 wherein said masking step comprises:
outputting a predetermined value to the memory output port.
14. The method of claim 13 wherein said predetermined value is a logical low level.
15. The method of claim 13 wherein said predetermined value is a logical high level.
16. A processor with security features comprising:
means for determining the status of a pin indicating the status of external memory accesses; and
means for preventing accesses to external memory.
17. The processor of claim 16 wherein
said means for determining comprises a software program configured to monitor the status of said pin indicating the status of external memory accesses.
18. The processor of claim 16 wherein said means for preventing comprises a software program configured to prevent access to external memory.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/137,005 US20020166065A1 (en) | 2001-05-04 | 2002-05-02 | Method and system for providing security to processors |
US12/563,511 US8060929B2 (en) | 2001-05-04 | 2009-09-21 | Method and system for providing security to processors |
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US28900401P | 2001-05-04 | 2001-05-04 | |
US28891401P | 2001-05-04 | 2001-05-04 | |
US10/137,005 US20020166065A1 (en) | 2001-05-04 | 2002-05-02 | Method and system for providing security to processors |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/563,511 Continuation US8060929B2 (en) | 2001-05-04 | 2009-09-21 | Method and system for providing security to processors |
Publications (1)
Publication Number | Publication Date |
---|---|
US20020166065A1 true US20020166065A1 (en) | 2002-11-07 |
Family
ID=27384938
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/137,005 Abandoned US20020166065A1 (en) | 2001-05-04 | 2002-05-02 | Method and system for providing security to processors |
US12/563,511 Expired - Fee Related US8060929B2 (en) | 2001-05-04 | 2009-09-21 | Method and system for providing security to processors |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/563,511 Expired - Fee Related US8060929B2 (en) | 2001-05-04 | 2009-09-21 | Method and system for providing security to processors |
Country Status (1)
Country | Link |
---|---|
US (2) | US20020166065A1 (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080109903A1 (en) * | 2006-11-07 | 2008-05-08 | Spansion Llc | Secure co-processing memory controller integrated into an embedded memory subsystem |
US20090055637A1 (en) * | 2007-08-24 | 2009-02-26 | Ingemar Holm | Secure power-on reset engine |
US11055226B2 (en) * | 2018-06-29 | 2021-07-06 | Intel Corporation | Mitigation of cache-latency based side-channel attacks |
WO2023038812A1 (en) * | 2021-09-10 | 2023-03-16 | Qualcomm Incorporated | Protecting memory regions based on occurrence of an event |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI436588B (en) * | 2010-03-16 | 2014-05-01 | Acer Inc | Setting method of power lock-up and electronic apparatus thereof |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4583196A (en) * | 1983-10-28 | 1986-04-15 | Honeywell Inc. | Secure read only memory |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CH545835A (en) | 1970-10-01 | 1974-02-15 | ||
US4209250A (en) | 1978-12-26 | 1980-06-24 | James Randall P | System for making multiple original holograms or copies of a hologram and method |
IT8121966V0 (en) | 1981-06-03 | 1981-06-03 | Repro Master Electonic Srl | IMPROVEMENT IN GRAPHIC MACHINES OF THE PHOTO-LITO, REPRO, SERIGRAPHIC, BROMOGRAPHIC TYPE. |
FR2701471B1 (en) | 1993-02-10 | 1995-05-24 | Rhone Poulenc Chimie | Process for the synthesis of compositions based on mixed oxides of zirconium and cerium, compositions thus obtained and uses of the latter. |
US6151678A (en) * | 1997-09-09 | 2000-11-21 | Intel Corporation | Anti-theft mechanism for mobile computers |
US6160734A (en) * | 1998-06-04 | 2000-12-12 | Texas Instruments Incorporated | Method for ensuring security of program data in one-time programmable memory |
US6412081B1 (en) * | 1999-01-15 | 2002-06-25 | Conexant Systems, Inc. | System and method for providing a trap and patch function to low power, cost conscious, and space constrained applications |
EP1058216B1 (en) | 1999-06-04 | 2002-12-11 | D'Udekem D'Acoz, Xavier Guy Bernard | Memory card |
-
2002
- 2002-05-02 US US10/137,005 patent/US20020166065A1/en not_active Abandoned
-
2009
- 2009-09-21 US US12/563,511 patent/US8060929B2/en not_active Expired - Fee Related
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4583196A (en) * | 1983-10-28 | 1986-04-15 | Honeywell Inc. | Secure read only memory |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080109903A1 (en) * | 2006-11-07 | 2008-05-08 | Spansion Llc | Secure co-processing memory controller integrated into an embedded memory subsystem |
US8356361B2 (en) * | 2006-11-07 | 2013-01-15 | Spansion Llc | Secure co-processing memory controller integrated into an embedded memory subsystem |
US20090055637A1 (en) * | 2007-08-24 | 2009-02-26 | Ingemar Holm | Secure power-on reset engine |
US7895426B2 (en) * | 2007-08-24 | 2011-02-22 | International Business Machines Corporation | Secure power-on reset engine |
US11055226B2 (en) * | 2018-06-29 | 2021-07-06 | Intel Corporation | Mitigation of cache-latency based side-channel attacks |
WO2023038812A1 (en) * | 2021-09-10 | 2023-03-16 | Qualcomm Incorporated | Protecting memory regions based on occurrence of an event |
Also Published As
Publication number | Publication date |
---|---|
US20100011160A1 (en) | 2010-01-14 |
US8060929B2 (en) | 2011-11-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP0851358B1 (en) | Processing system security | |
US8971144B2 (en) | Hardware write-protection | |
US5515540A (en) | Microprocessor with single pin for memory wipe | |
US5640542A (en) | On-chip in-circuit-emulator memory mapping and breakpoint register modules | |
US7761717B2 (en) | Memory device with data security in a processor | |
US8838950B2 (en) | Security architecture for system on chip | |
US5970246A (en) | Data processing system having a trace mechanism and method therefor | |
US8533777B2 (en) | Mechanism to determine trust of out-of-band management agents | |
US7822995B2 (en) | Apparatus and method for protecting diagnostic ports of secure devices | |
JP4319712B2 (en) | Method and apparatus with access protection in an integrated circuit | |
JP2002519760A (en) | Virtual data storage (VDS) system | |
JP2000076133A (en) | Security guarantee method for program data inside memory writable only once | |
EP3413194B1 (en) | Processing system and related method of operating a processing system | |
EP0694828A2 (en) | Data processor with secure communication | |
US8060929B2 (en) | Method and system for providing security to processors | |
CN111191214B (en) | Embedded processor and data protection method | |
JP3943616B2 (en) | Data processor with transparent operation in background mode | |
JPH09171488A (en) | Microcontroller for restriction of access to internal memory | |
EP3413195B1 (en) | Processing system, related integrated circuit, device and method | |
US20020166034A1 (en) | Protection circuit for preventing unauthorized access to the memory device of a processor | |
US20060259726A1 (en) | Systems and methods for secure debugging and profiling of a computer system | |
CN117633920B (en) | Sensitive data transmission bus architecture, control logic circuit and transmission system | |
US12068057B2 (en) | Processing system, related integrated circuit, device and method | |
CN117472808A (en) | Data protection method, device and system | |
EP1862908A1 (en) | Integrated circuit arrangement, a method for monitoring access requests to an integrated circuit arrangement component of an integrated circuit arrangement and a computer program product |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: TEXAS INSTRUMENTS INCORPORATED, TEXAS Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:CHEUNG, HUGO;YUAN, LU;CHIU, TERENCE;AND OTHERS;REEL/FRAME:012859/0184;SIGNING DATES FROM 20020415 TO 20020425 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |