WO2018103274A1 - Soc chip having tamper-resistant mechanism for internal data of memory, and method therefor - Google Patents

Soc chip having tamper-resistant mechanism for internal data of memory, and method therefor Download PDF

Info

Publication number
WO2018103274A1
WO2018103274A1 PCT/CN2017/085623 CN2017085623W WO2018103274A1 WO 2018103274 A1 WO2018103274 A1 WO 2018103274A1 CN 2017085623 W CN2017085623 W CN 2017085623W WO 2018103274 A1 WO2018103274 A1 WO 2018103274A1
Authority
WO
WIPO (PCT)
Prior art keywords
storage unit
feature value
microprocessor
unit
chip
Prior art date
Application number
PCT/CN2017/085623
Other languages
French (fr)
Chinese (zh)
Inventor
王健
杨灿华
Original Assignee
上海新微技术研发中心有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 上海新微技术研发中心有限公司 filed Critical 上海新微技术研发中心有限公司
Publication of WO2018103274A1 publication Critical patent/WO2018103274A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory

Definitions

  • the invention belongs to the field of system on chip, and relates to a SOC chip and method having a memory internal data anti-tampering mechanism.
  • SOC System on Chip
  • SOC is the core of information system integration, is the integration of key components of the system on a chip; in a broad sense, SOC is a micro-mini system, which will Microprocessors, analog IP cores, digital IP cores, and memory (or off-chip memory control interfaces) are integrated on a single chip and are typically custom-tailored or standard-oriented for specific applications.
  • the Microcontroller Unit is internally integrated with Non-Volatile Memory (NVM) for storing user programs and data.
  • NVM Non-Volatile Memory
  • User code stored in the MVM's internal NVM memory is often an important component of an illegal attack, and the purpose of controlling the user's system is achieved by tampering with internal user code.
  • NVM memory may also suffer from internal data loss or partial data bit tampering.
  • an object of the present invention is to provide a SOC chip and method having a memory internal data tamper-proof mechanism for solving the problem of high security risk of the SOC chip in the prior art.
  • the present invention provides a SOC chip having a memory internal data tamper-proof mechanism, including:
  • a first storage unit for storing sensitive system data maintained by a chip production provider
  • a second storage unit for storing user data and programs maintained by the user
  • a microprocessor for accessing the first storage unit or the second storage unit
  • An access control unit is connected between the microprocessor and the first storage unit and the second storage unit for completing timing control of the microprocessor accessing the first storage unit and the second storage unit;
  • An eigenvalue unit coupled to the microprocessor, for calculating a feature value of the user code in the second storage unit, and comparing with a feature value pre-stored in the first storage unit to determine a user code Whether it has been illegally tampered with.
  • the feature value unit is configured to generate an interrupt of the user code being illegally tampered to the microprocessor when it is determined to be illegally tampering.
  • the microprocessor is arranged to reset the chip upon receiving the interrupt.
  • the feature value unit includes a feature value calculation unit, a first latch, and a comparator; wherein:
  • the feature value calculation unit is connected between the microprocessor and the first latch, and configured to receive a user code read by the microprocessor from the second storage unit, and calculate the user code. a feature value, and inputting the calculated feature value into the first latch;
  • a first input of the comparator is coupled to the microprocessor, a second input of the comparator is coupled to an output of the first latch, an output of the comparator and the micro And a processor connection, configured to compare the feature value read by the microprocessor from the first storage unit with the feature value calculated by the feature value calculation unit.
  • a second lock is further connected between the input end of the feature value calculation unit and the comparator And a register for powering up the comparator.
  • the feature value pre-stored in the first storage unit is 128 bits
  • the feature value calculated by the feature value unit according to the user code is 128 bits
  • the user code in the second storage unit is 32 bits.
  • the first storage unit and the second storage unit are both non-volatile memories.
  • the sensitive system data includes one or more of a bootloader, a user key, system storage space configuration information, a calibration value, and a chip unique identification code.
  • the present invention also provides a method for preventing a tampering mechanism of a data internal memory, which is applied to a SOC chip having a memory internal data tamper prevention mechanism according to any one of the preceding claims, the method comprising:
  • the first storage unit and the second storage unit are all accessible through the address space of the microprocessor
  • the program is executed from the first storage unit, the microprocessor reads out the user code in the second storage unit to the feature value unit, and the feature value unit calculates a corresponding feature value;
  • the feature value unit compares the calculated feature value with a 128-bit feature value stored in the first storage unit
  • the chip After the microprocessor receives an interrupt of illegal tampering, the chip is reset.
  • the SOC chip and method having the memory internal data tamper-proof mechanism of the present invention has the following beneficial effects: the present invention uses different NVM memories to store system information and user code data respectively, and when the system is powered on, the user is checked first. Whether the code has been tampered with, if the verification is correct, the user program is executed. If the verification fails, the chip is reset.
  • the feature value unit may be any general or private hash algorithm, which is difficult to crack. Through the feature value verification circuit after power-on, it is possible to detect whether the NVM memory accidentally loses data and improve the reliability of the chip.
  • FIG. 1 is a schematic structural view of a SOC chip having a memory internal data tamper-proof mechanism according to the present invention.
  • Fig. 2 is a circuit diagram showing the characteristic value unit.
  • FIG. 3 is a flow chart showing a method of the internal data tamper prevention mechanism of the memory of the present invention.
  • the present invention provides a SOC chip having a memory internal data tamper-proof mechanism.
  • a schematic structural diagram of the SOC chip is shown, including a first storage unit 1, a second storage unit 2, an access control unit 3, and a micro processing. 4 and feature value unit 5.
  • the first storage unit 1 is configured to store sensitive system data that is maintained by a chip production provider.
  • the sensitive system data includes one or more of a bootloader, a user key, system storage space configuration information, a calibration value, and a chip unique identification code.
  • the first storage unit 1 stores 128-bit feature values.
  • the second storage unit 2 is used to store user data and programs that are maintained by the user.
  • a 32-bit user code is stored in the second storage unit 2.
  • the first storage unit 1 and the second storage unit 2 both use a non-volatile memory (NVM).
  • NVM non-volatile memory
  • the invention separates sensitive data and common data into different memories, and is physically isolated, which is beneficial to increase the security of the chip.
  • the microprocessor 4 is used for read/write access to the first storage unit 1 or the second storage unit 2.
  • the access control unit 3 is connected between the microprocessor 4 and the first storage unit 1 and the second storage unit 2 for completing the access of the microprocessor 4 to the first storage unit 1. Timing control of the second storage unit 2.
  • the feature value unit 5 is connected to the microprocessor 4, and is configured to calculate a feature value of the user code in the second storage unit 2, and a feature value pre-stored in the first storage unit. Compare to determine if the user code has been illegally tampered with.
  • the feature value unit 5 is set to generate an interruption of the user code being illegally tampered to the microprocessor 4 when it is determined to be illegally tampering.
  • the microprocessor 4 is arranged to reset the chip upon receiving the interrupt.
  • FIG. 2 a circuit configuration diagram of the feature value unit 5 is shown in FIG. 2, including a feature value calculation unit 501, a first latch 502, and a comparator 503;
  • the feature value calculation unit 501 is connected between the microprocessor 4 and the first latch 502 for receiving a user code read by the microprocessor 4 from the second storage unit 2, Calculating the feature value of the user code, and inputting the calculated feature value into the first latch 502;
  • the first input of the comparator 503 is connected to the microprocessor 4, the second input of the comparator 503 is connected to the output of the first latch 502, and the output of the comparator 503
  • the terminal is connected to the microprocessor 4 for comparing the feature value read by the microprocessor 4 from the first storage unit 1 with the feature value calculated by the feature value calculation unit 501.
  • the feature value stored in the first storage unit 1 in advance is 128 bits
  • the feature value calculated by the feature value unit 5 according to the user code is also 128 bits.
  • the feature value calculation unit 501 is some digital logic for receiving 32-bit data from the microprocessor 4 and calculating 128-bit feature values by combinatorial logic.
  • the first latch 502 is a set of 128-bit wide latches for latching the feature values output by the feature value calculation unit 501.
  • the feature value unit 501 can adopt any general or private hash algorithm, which is difficult to crack.
  • the second latch 504 when the microprocessor transmits the last 32-bit data, the second latch 504 is set by a write operation, indicating that the result of the feature value calculation unit 501 has been calculated.
  • the output of the second latch 504 is used to enable the comparator 503 to indicate that the output of the comparator 503 is active.
  • the second latch 504 receives a 1-bit input signal.
  • the comparator 503 performs an exclusive OR operation, and outputs a "0" when the comparison result is the same, without interruption. If the comparison result is different, "1" is output and the interrupt is generated.
  • the feature value unit 5 of the present invention uses a digital circuit architecture to calculate whether the user code is tampered by calculating the feature value of the user code and comparing it with the 128-bit feature value stored in the first storage unit 1 in advance.
  • the secure storage of data in the second storage unit is achieved, and the reliability of the chip is improved.
  • FIG. 3 is a flow chart showing a method for preventing tampering of an internal data of a memory according to the present invention. The method includes:
  • Step S1 After the chip is powered on and the reset operation is completed, both the first storage unit 1 and the second storage unit 2 can be accessed through the address space of the microprocessor 4.
  • Step S2 the program is executed from the first storage unit 1, and the microprocessor 4 reads out the user code in the second storage unit 2 to the feature value unit 5, and the feature value unit 5 calculates The corresponding feature value is output.
  • Step S3 After multiple iteration calculations, the final 128-bit eigenvalue is obtained.
  • Step S4 The feature value unit 5 compares the calculated feature value with a 128-bit feature value stored in the first storage unit 1.
  • Step S5 If the comparison result is consistent, jump to the user program area to execute the user program; if the comparison result is inconsistent, an interrupt is generated to the microprocessor 4.
  • Step S6 After the microprocessor 4 receives the interrupt of the illegal tampering, the chip is reset.
  • the SOC chip and method having the memory internal data anti-tamper mechanism of the present invention use different NVM memories to store system information and user code data respectively.
  • the feature value unit may be any general or private hash algorithm, which is difficult to crack.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Storage Device Security (AREA)

Abstract

Provided are an SOC chip having a tamper-resistant mechanism for internal data of a memory, and a method, the chip comprising: a first storage unit for storing sensitive system data, the maintenance thereof being the responsibility of a chip production provider; a second storage unit for storing user data and a program, the maintenance thereof being the responsibility of a user; a microprocessor for accessing the first storage unit and second storage unit; an access control unit which is connected between the microprocessor and the first storage unit and between the microprocessor and the second storage unit, and which is used for completing control over a time sequence of the microprocessor accessing the first storage unit and second storage unit; and a characteristic value unit, which is connected to the microprocessor, and is used for calculating a characteristic value of a user code in the second storage unit, and comparing same to a feature value pre-stored in the first storage unit so as to determine whether the user code has been illegally tampered with. The invention, by means of a characteristic value verification circuit which has been powered on, can detect whether an NVM memory has accidentally lost data, improving the reliability of a chip.

Description

一种具有存储器内部数据防篡改机制的SOC芯片及方法SOC chip and method with memory internal data anti-tamper mechanism 技术领域Technical field
本发明属于片上系统领域,涉及一种具有存储器内部数据防篡改机制的SOC芯片及方法。The invention belongs to the field of system on chip, and relates to a SOC chip and method having a memory internal data anti-tampering mechanism.
背景技术Background technique
片上系统(System on Chip,简称SOC),从狭义角度讲,它是信息系统核心的芯片集成,是将系统关键部件集成在一块芯片上;从广义角度讲,SOC是一个微小型系统,其将微处理器、模拟IP核、数字IP核和存储器(或片外存储控制接口)集成在单一芯片上,通常是客户定制的,或是面向特定用途的标准产品。System on Chip (SOC), in a narrow sense, is the core of information system integration, is the integration of key components of the system on a chip; in a broad sense, SOC is a micro-mini system, which will Microprocessors, analog IP cores, digital IP cores, and memory (or off-chip memory control interfaces) are integrated on a single chip and are typically custom-tailored or standard-oriented for specific applications.
微控制单元(Microcontroller Unit;MCU)一般内部都集成了非易失性存储器(Non-Volatile Memory,NVM)用于存放用户程序和数据。随着MCU的使用越来越普及,对于MCU内部数据安全性的要求也越来越高。如何保护NVM非易失性存储器内的数据变得尤为重要。The Microcontroller Unit (MCU) is internally integrated with Non-Volatile Memory (NVM) for storing user programs and data. As the use of MCUs becomes more and more popular, the requirements for data security within MCUs are becoming higher and higher. How to protect the data in NVM non-volatile memory becomes especially important.
存储于MCU内部NVM存储器内的用户代码往往是非法攻击的重要部件,通过篡改内部的用户代码达到控制用户系统的目的。User code stored in the MVM's internal NVM memory is often an important component of an illegal attack, and the purpose of controlling the user's system is achieved by tampering with internal user code.
同样,NVM存储器在某些特定条件下(如:高温/高压等极限状况),也可能发生内部数据丢失或者部分数据比特位被篡改的情况。Similarly, under certain conditions (such as high temperature/high voltage limit conditions), NVM memory may also suffer from internal data loss or partial data bit tampering.
因此,如何提供一种具有存储器内部数据防篡改机制的SOC芯片及方法,以提高芯片安全性,成为本领域技术人员亟待解决的一个重要技术问题。Therefore, how to provide a SOC chip and method with a memory internal data anti-tampering mechanism to improve chip security has become an important technical problem to be solved by those skilled in the art.
发明内容 Summary of the invention
鉴于以上所述现有技术的缺点,本发明的目的在于提供一种具有存储器内部数据防篡改机制的SOC芯片及方法,用于解决现有技术中SOC芯片安全风险较高的问题。In view of the above-mentioned shortcomings of the prior art, an object of the present invention is to provide a SOC chip and method having a memory internal data tamper-proof mechanism for solving the problem of high security risk of the SOC chip in the prior art.
为实现上述目的及其他相关目的,本发明提供一种具有存储器内部数据防篡改机制的SOC芯片,包括:To achieve the above and other related objects, the present invention provides a SOC chip having a memory internal data tamper-proof mechanism, including:
第一存储单元,用于存储由芯片生产提供者负责维护的敏感系统数据;a first storage unit for storing sensitive system data maintained by a chip production provider;
第二存储单元,用于存储由用户负责维护的用户数据和程序;a second storage unit for storing user data and programs maintained by the user;
微处理器,用于访问所述第一存储单元或第二存储单元;a microprocessor for accessing the first storage unit or the second storage unit;
访问控制单元,连接于所述微处理器与所述第一存储单元、第二存储单元之间,用于完成所述微处理器访问所述第一存储单元、第二存储单元的时序控制;An access control unit is connected between the microprocessor and the first storage unit and the second storage unit for completing timing control of the microprocessor accessing the first storage unit and the second storage unit;
特征值单元,连接于所述微处理器,用于计算所述第二存储单元中用户代码的特征值,并与预先存储在所述第一存储单元内的特征值进行比较,以判断用户代码是否被非法篡改。An eigenvalue unit, coupled to the microprocessor, for calculating a feature value of the user code in the second storage unit, and comparing with a feature value pre-stored in the first storage unit to determine a user code Whether it has been illegally tampered with.
可选地,所述特征值单元被设置为当判定为非法篡改后,产生一个用户代码被非法篡改的中断给所述微处理器。Optionally, the feature value unit is configured to generate an interrupt of the user code being illegally tampered to the microprocessor when it is determined to be illegally tampering.
可选地,所述微处理器被设置为当接收到所述中断后,将所述芯片复位。Optionally, the microprocessor is arranged to reset the chip upon receiving the interrupt.
可选地,所述特征值单元包括特征值计算单元、第一锁存器及比较器;其中:Optionally, the feature value unit includes a feature value calculation unit, a first latch, and a comparator; wherein:
所述特征值计算单元连接于所述微处理器与所述第一锁存器之间,用于接收所述微处理器从所述第二存储单元读出的用户代码,计算所述用户代码的特征值,并将计算所得的特征值输入所述第一锁存器;The feature value calculation unit is connected between the microprocessor and the first latch, and configured to receive a user code read by the microprocessor from the second storage unit, and calculate the user code. a feature value, and inputting the calculated feature value into the first latch;
所述比较器的第一输入端与所述微处理器相连,所述比较器的第二输入端与所述第一锁存器的输出端连接,所述比较器的输出端与所述微处理器连接,用于将所述微处理器从所述第一存储单元读出的特征值与所述特征值计算单元计算得到的特征值进行比较。a first input of the comparator is coupled to the microprocessor, a second input of the comparator is coupled to an output of the first latch, an output of the comparator and the micro And a processor connection, configured to compare the feature value read by the microprocessor from the first storage unit with the feature value calculated by the feature value calculation unit.
可选地,所述特征值计算单元的输入端与所述比较器之间还连接有第二锁 存器,用于给所述比较器上电。Optionally, a second lock is further connected between the input end of the feature value calculation unit and the comparator And a register for powering up the comparator.
可选地,预先存储在所述第一存储单元内的特征值为128比特,所述特征值单元根据用户代码计算出的特征值为128比特。Optionally, the feature value pre-stored in the first storage unit is 128 bits, and the feature value calculated by the feature value unit according to the user code is 128 bits.
可选地,所述第二存储单元中用户代码为32比特。Optionally, the user code in the second storage unit is 32 bits.
可选地,所述第一存储单元及第二存储单元均为非易失性存储器。Optionally, the first storage unit and the second storage unit are both non-volatile memories.
可选地,所述敏感系统数据包括启动装载(bootloader)、用户密钥、系统存储空间配置信息、校准值及芯片唯一标识码中的一种或多种。Optionally, the sensitive system data includes one or more of a bootloader, a user key, system storage space configuration information, a calibration value, and a chip unique identification code.
本发明还提供一种存储器内部数据防篡改机制的方法,应用于如上任意一项所述的具有存储器内部数据防篡改机制的SOC芯片,所述方法包括:The present invention also provides a method for preventing a tampering mechanism of a data internal memory, which is applied to a SOC chip having a memory internal data tamper prevention mechanism according to any one of the preceding claims, the method comprising:
芯片上电且完成复位操作后,所述第一存储单元和第二存储单元都可以通过微处理器的地址空间进行访问;After the chip is powered on and the reset operation is completed, the first storage unit and the second storage unit are all accessible through the address space of the microprocessor;
程式从所述第一存储单元开始执行,所述微处理器将所述第二存储单元中的用户代码读出到所述特征值单元,所述特征值单元计算出对应的特征值;The program is executed from the first storage unit, the microprocessor reads out the user code in the second storage unit to the feature value unit, and the feature value unit calculates a corresponding feature value;
经过多次迭代计算后,得到最终的128比特特征值;After multiple iterations, the final 128-bit eigenvalue is obtained;
所述特征值单元将计算所得的特征值与存储在所述第一存储单元内的128比特特征值进行比较;The feature value unit compares the calculated feature value with a 128-bit feature value stored in the first storage unit;
若比较结果一致,则跳转到用户程序区执行用户程序;若比较结果不一致,则产生一个中断给微处理器;If the comparison result is consistent, jump to the user program area to execute the user program; if the comparison result is inconsistent, an interrupt is generated to the microprocessor;
所述微处理器收到非法篡改的中断后,将所述芯片复位。After the microprocessor receives an interrupt of illegal tampering, the chip is reset.
如上所述,本发明的具有存储器内部数据防篡改机制的SOC芯片及方法,具有以下有益效果:本发明使用不同的NVM存储器分别存储系统信息和用户代码数据,当系统上电后,先检查用户代码是否被篡改,如果校验正确,则执行用户程序。如果校验失败,则复位芯片。其中,特征值单元可以是采用任何通用或私有的杂凑算法,破解难度高。通过上电后特征值校验电路,可以检测NVM存储器是否意外丢失数据,提高芯片的可靠性。As described above, the SOC chip and method having the memory internal data tamper-proof mechanism of the present invention has the following beneficial effects: the present invention uses different NVM memories to store system information and user code data respectively, and when the system is powered on, the user is checked first. Whether the code has been tampered with, if the verification is correct, the user program is executed. If the verification fails, the chip is reset. The feature value unit may be any general or private hash algorithm, which is difficult to crack. Through the feature value verification circuit after power-on, it is possible to detect whether the NVM memory accidentally loses data and improve the reliability of the chip.
附图说明 DRAWINGS
图1显示为本发明的具有存储器内部数据防篡改机制的SOC芯片的结构示意图。FIG. 1 is a schematic structural view of a SOC chip having a memory internal data tamper-proof mechanism according to the present invention.
图2显示为所述特征值单元的电路结构图。Fig. 2 is a circuit diagram showing the characteristic value unit.
图3显示为本发明的存储器内部数据防篡改机制的方法的流程示意图。3 is a flow chart showing a method of the internal data tamper prevention mechanism of the memory of the present invention.
元件标号说明Component label description
1第一存储单元1 first storage unit
2第二存储单元2 second storage unit
3访问控制单元3 access control unit
4微处理器4 microprocessor
5特征值单元5 eigenvalue unit
501特征值计算单元501 eigenvalue calculation unit
502第一锁存器502 first latch
503比较器503 comparator
504第二锁存器504 second latch
S1~S6步骤S1 to S6 steps
具体实施方式detailed description
以下通过特定的具体实例说明本发明的实施方式,本领域技术人员可由本说明书所揭露的内容轻易地了解本发明的其他优点与功效。本发明还可以通过另外不同的具体实施方式加以实施或应用,本说明书中的各项细节也可以基于不同观点与应用,在没有背离本发明的精神下进行各种修饰或改变。The embodiments of the present invention are described below by way of specific examples, and those skilled in the art can readily understand other advantages and effects of the present invention from the disclosure of the present disclosure. The present invention may be embodied or applied in various other specific embodiments, and various modifications and changes can be made without departing from the spirit and scope of the invention.
请参阅图1至图3。需要说明的是,本实施例中所提供的图示仅以示意方式说明本发明的基本构想,遂图式中仅显示与本发明中有关的组件而非按照实际实施时的组件数目、形状及尺寸绘制,其实际实施时各组件的型态、数量及比例可为一种随意的改变,且其组件布局型态也可能更为复杂。 Please refer to Figure 1 to Figure 3. It should be noted that the illustrations provided in the present embodiment merely illustrate the basic concept of the present invention in a schematic manner, and only the components related to the present invention are shown in the drawings, instead of the number and shape of components in actual implementation. Dimensional drawing, the actual type of implementation of each component's type, number and proportion can be a random change, and its component layout can be more complicated.
本发明提供一种具有存储器内部数据防篡改机制的SOC芯片,请参阅图1,显示为该SOC芯片的结构示意图,包括第一存储单元1、第二存储单元2、访问控制单元3、微处理器4及特征值单元5。The present invention provides a SOC chip having a memory internal data tamper-proof mechanism. Referring to FIG. 1, a schematic structural diagram of the SOC chip is shown, including a first storage unit 1, a second storage unit 2, an access control unit 3, and a micro processing. 4 and feature value unit 5.
具体的,所述第一存储单元1用于存储由芯片生产提供者负责维护的敏感系统数据。作为示例,所述敏感系统数据包括启动装载(bootloader)、用户密钥、系统存储空间配置信息、校准值及芯片唯一标识码中的一种或多种。本实施例中,所述第一存储单元1中存储有128比特特征值。Specifically, the first storage unit 1 is configured to store sensitive system data that is maintained by a chip production provider. As an example, the sensitive system data includes one or more of a bootloader, a user key, system storage space configuration information, a calibration value, and a chip unique identification code. In this embodiment, the first storage unit 1 stores 128-bit feature values.
所述第二存储单元2用于存储由用户负责维护的用户数据和程序。本实施例中,所述第二存储单元2中存储有32比特的用户代码。The second storage unit 2 is used to store user data and programs that are maintained by the user. In this embodiment, a 32-bit user code is stored in the second storage unit 2.
本实施例中,所述第一存储单元1及第二存储单元2均采用非易失性存储器(Non-Volatile Memory,NVM),当电源关掉后,其所存储的数据不会消失。本发明将敏感数据和普通数据分别放在不同的存储器内,从物理上隔离,有利于增加芯片的安全性。In this embodiment, the first storage unit 1 and the second storage unit 2 both use a non-volatile memory (NVM). When the power is turned off, the stored data does not disappear. The invention separates sensitive data and common data into different memories, and is physically isolated, which is beneficial to increase the security of the chip.
所述微处理器4用于读/写访问所述第一存储单元1或第二存储单元2。所述访问控制单元3连接于所述微处理器4与所述第一存储单元1、第二存储单元2之间,用于完成所述微处理器4访问所述第一存储单元1、第二存储单元2的时序控制。The microprocessor 4 is used for read/write access to the first storage unit 1 or the second storage unit 2. The access control unit 3 is connected between the microprocessor 4 and the first storage unit 1 and the second storage unit 2 for completing the access of the microprocessor 4 to the first storage unit 1. Timing control of the second storage unit 2.
特别的,所述特征值单元5连接于所述微处理器4,用于计算所述第二存储单元2中用户代码的特征值,并与预先存储在所述第一存储单元内的特征值进行比较,以判断用户代码是否被非法篡改。Specifically, the feature value unit 5 is connected to the microprocessor 4, and is configured to calculate a feature value of the user code in the second storage unit 2, and a feature value pre-stored in the first storage unit. Compare to determine if the user code has been illegally tampered with.
具体的,所述特征值单元5被设置为当判定为非法篡改后,产生一个用户代码被非法篡改的中断给所述微处理器4。所述微处理器4被设置为当接收到所述中断后,将所述芯片复位。Specifically, the feature value unit 5 is set to generate an interruption of the user code being illegally tampered to the microprocessor 4 when it is determined to be illegally tampering. The microprocessor 4 is arranged to reset the chip upon receiving the interrupt.
作为示例,图2中展示了所述特征值单元5的电路结构图,包括特征值计算单元501、第一锁存器502及比较器503;其中: As an example, a circuit configuration diagram of the feature value unit 5 is shown in FIG. 2, including a feature value calculation unit 501, a first latch 502, and a comparator 503;
所述特征值计算单元501连接于所述微处理器4与所述第一锁存器502之间,用于接收所述微处理器4从所述第二存储单元2读出的用户代码,计算所述用户代码的特征值,并将计算所得的特征值输入所述第一锁存器502;The feature value calculation unit 501 is connected between the microprocessor 4 and the first latch 502 for receiving a user code read by the microprocessor 4 from the second storage unit 2, Calculating the feature value of the user code, and inputting the calculated feature value into the first latch 502;
所述比较器503的第一输入端与所述微处理器4相连,所述比较器503的第二输入端与所述第一锁存器502的输出端连接,所述比较器503的输出端与所述微处理器4连接,用于将所述微处理器4从所述第一存储单元1读出的特征值与所述特征值计算单元501计算得到的特征值进行比较。The first input of the comparator 503 is connected to the microprocessor 4, the second input of the comparator 503 is connected to the output of the first latch 502, and the output of the comparator 503 The terminal is connected to the microprocessor 4 for comparing the feature value read by the microprocessor 4 from the first storage unit 1 with the feature value calculated by the feature value calculation unit 501.
本实施例中,预先存储在所述第一存储单元1内的特征值为128比特,所述特征值单元5根据用户代码计算出的特征值也为128比特。In this embodiment, the feature value stored in the first storage unit 1 in advance is 128 bits, and the feature value calculated by the feature value unit 5 according to the user code is also 128 bits.
具体的,所述特征值计算单元501是一些数字逻辑,用于接收来自所述微处理器4的32比特数据,并经过组合逻辑计算得到128比特特征值。所述第一锁存器502是一组128比特位宽的锁存器,用于锁存所述特征值计算单元501输出的特征值。Specifically, the feature value calculation unit 501 is some digital logic for receiving 32-bit data from the microprocessor 4 and calculating 128-bit feature values by combinatorial logic. The first latch 502 is a set of 128-bit wide latches for latching the feature values output by the feature value calculation unit 501.
特别的,所述特征值单元501可以采用任何通用或私有的杂凑算法,破解难度高。In particular, the feature value unit 501 can adopt any general or private hash algorithm, which is difficult to crack.
具体的,当微处理器传送完最后的一个32比特数据后,会通过写操作将所述第二锁存器504置位,表明所述特征值计算单元501的结果已经计算完成。所述第二锁存器504的输出用于使能所述比较器503,表明所述比较器503的输出是有效的。本实施例中,所述第二锁存器504接收1比特的输入信号。Specifically, when the microprocessor transmits the last 32-bit data, the second latch 504 is set by a write operation, indicating that the result of the feature value calculation unit 501 has been calculated. The output of the second latch 504 is used to enable the comparator 503 to indicate that the output of the comparator 503 is active. In this embodiment, the second latch 504 receives a 1-bit input signal.
所述比较器503是做“异或”操作,比较结果相同则输出“0”,无中断产生。比较结果不同则输出“1”,中断产生。The comparator 503 performs an exclusive OR operation, and outputs a "0" when the comparison result is the same, without interruption. If the comparison result is different, "1" is output and the interrupt is generated.
本发明的特征值单元5采用数字电路架构,通过计算用户代码的特征值并与预先存储在第一存储单元1内的128比特特征值进行比较,来达到检测用户代码是否被篡改的目的,从而实现第二存储单元内数据的安全存储,同时提高芯片的可靠性。The feature value unit 5 of the present invention uses a digital circuit architecture to calculate whether the user code is tampered by calculating the feature value of the user code and comparing it with the 128-bit feature value stored in the first storage unit 1 in advance. The secure storage of data in the second storage unit is achieved, and the reliability of the chip is improved.
图3展示为本发明所述存储器内部数据防篡改机制的方法的流程示意图, 所述方法包括:3 is a flow chart showing a method for preventing tampering of an internal data of a memory according to the present invention. The method includes:
步骤S1:芯片上电且完成复位操作后,所述第一存储单元1和第二存储单元2都可以通过微处理器4的地址空间进行访问。Step S1: After the chip is powered on and the reset operation is completed, both the first storage unit 1 and the second storage unit 2 can be accessed through the address space of the microprocessor 4.
步骤S2:程式从所述第一存储单元1开始执行,所述微处理器4将所述第二存储单元2中的用户代码读出到所述特征值单元5,所述特征值单元5计算出对应的特征值。Step S2: the program is executed from the first storage unit 1, and the microprocessor 4 reads out the user code in the second storage unit 2 to the feature value unit 5, and the feature value unit 5 calculates The corresponding feature value is output.
步骤S3:经过多次迭代计算后,得到最终的128比特特征值。Step S3: After multiple iteration calculations, the final 128-bit eigenvalue is obtained.
步骤S4:所述特征值单元5将计算所得的特征值与存储在所述第一存储单元1内的128比特特征值进行比较。Step S4: The feature value unit 5 compares the calculated feature value with a 128-bit feature value stored in the first storage unit 1.
步骤S5:若比较结果一致,则跳转到用户程序区执行用户程序;若比较结果不一致,则产生一个中断给微处理器4。Step S5: If the comparison result is consistent, jump to the user program area to execute the user program; if the comparison result is inconsistent, an interrupt is generated to the microprocessor 4.
步骤S6:所述微处理器4收到非法篡改的中断后,将所述芯片复位。Step S6: After the microprocessor 4 receives the interrupt of the illegal tampering, the chip is reset.
综上所述,本发明的具有存储器内部数据防篡改机制的SOC芯片及方法使用不同的NVM存储器分别存储系统信息和用户代码数据,当系统上电后,先检查用户代码是否被篡改,如果校验正确,则执行用户程序。如果校验失败,则复位芯片。其中,特征值单元可以是采用任何通用或私有的杂凑算法,破解难度高。通过上电后特征值校验电路,可以检测NVM存储器是否意外丢失数据,提高芯片的可靠性。所以,本发明有效克服了现有技术中的种种缺点而具高度产业利用价值。In summary, the SOC chip and method having the memory internal data anti-tamper mechanism of the present invention use different NVM memories to store system information and user code data respectively. When the system is powered on, first check whether the user code has been tampered with. If the test is correct, the user program is executed. If the verification fails, the chip is reset. The feature value unit may be any general or private hash algorithm, which is difficult to crack. Through the feature value verification circuit after power-on, it is possible to detect whether the NVM memory accidentally loses data and improve the reliability of the chip. Therefore, the present invention effectively overcomes various shortcomings in the prior art and has high industrial utilization value.
上述实施例仅例示性说明本发明的原理及其功效,而非用于限制本发明。任何熟悉此技术的人士皆可在不违背本发明的精神及范畴下,对上述实施例进行修饰或改变。因此,举凡所属技术领域中具有通常知识者在未脱离本发明所揭示的精神与技术思想下所完成的一切等效修饰或改变,仍应由本发明的权利要求所涵盖。 The above-described embodiments are merely illustrative of the principles of the invention and its effects, and are not intended to limit the invention. Modifications or variations of the above-described embodiments may be made by those skilled in the art without departing from the spirit and scope of the invention. Therefore, all equivalent modifications or changes made by those skilled in the art without departing from the spirit and scope of the invention will be covered by the appended claims.

Claims (10)

  1. 一种具有存储器内部数据防篡改机制的SOC芯片,其特征在于,包括:A SOC chip having a memory internal data anti-tampering mechanism, comprising:
    第一存储单元,用于存储由芯片生产提供者负责维护的敏感系统数据;a first storage unit for storing sensitive system data maintained by a chip production provider;
    第二存储单元,用于存储由用户负责维护的用户数据和程序;a second storage unit for storing user data and programs maintained by the user;
    微处理器,用于访问所述第一存储单元或第二存储单元;a microprocessor for accessing the first storage unit or the second storage unit;
    访问控制单元,连接于所述微处理器与所述第一存储单元、第二存储单元之间,用于完成所述微处理器访问所述第一存储单元、第二存储单元的时序控制;An access control unit is connected between the microprocessor and the first storage unit and the second storage unit for completing timing control of the microprocessor accessing the first storage unit and the second storage unit;
    特征值单元,连接于所述微处理器,用于计算所述第二存储单元中用户代码的特征值,并与预先存储在所述第一存储单元内的特征值进行比较,以判断用户代码是否被非法篡改。An eigenvalue unit, coupled to the microprocessor, for calculating a feature value of the user code in the second storage unit, and comparing with a feature value pre-stored in the first storage unit to determine a user code Whether it has been illegally tampered with.
  2. 根据权利要求1所述的具有存储器内部数据防篡改机制的SOC芯片,其特征在于:所述特征值单元被设置为当判定为非法篡改后,产生一个用户代码被非法篡改的中断给所述微处理器。The SOC chip with a memory internal data tamper-proof mechanism according to claim 1, wherein said feature value unit is set to generate an interruption of a user code being illegally falsified to the micro when it is determined to be illegally falsified. processor.
  3. 根据权利要求2所述的具有存储器内部数据防篡改机制的SOC芯片,其特征在于:所述微处理器被设置为当接收到所述中断后,将所述芯片复位。The SOC chip with a memory internal data tamper resistance mechanism according to claim 2, wherein said microprocessor is arranged to reset said chip after receiving said interrupt.
  4. 根据权利要求1所述的具有存储器内部数据防篡改机制的SOC芯片,其特征在于:所述特征值单元包括特征值计算单元、第一锁存 器及比较器;其中:The SOC chip with a memory internal data tamper prevention mechanism according to claim 1, wherein said feature value unit comprises a feature value calculation unit and a first latch And comparator; where:
    所述特征值计算单元连接于所述微处理器与所述第一锁存器之间,用于接收所述微处理器从所述第二存储单元读出的用户代码,计算所述用户代码的特征值,并将计算所得的特征值输入所述第一锁存器;The feature value calculation unit is connected between the microprocessor and the first latch, and configured to receive a user code read by the microprocessor from the second storage unit, and calculate the user code. a feature value, and inputting the calculated feature value into the first latch;
    所述比较器的第一输入端与所述微处理器相连,所述比较器的第二输入端与所述第一锁存器的输出端连接,所述比较器的输出端与所述微处理器连接,用于将所述微处理器从所述第一存储单元读出的特征值与所述特征值计算单元计算得到的特征值进行比较。a first input of the comparator is coupled to the microprocessor, a second input of the comparator is coupled to an output of the first latch, an output of the comparator and the micro And a processor connection, configured to compare the feature value read by the microprocessor from the first storage unit with the feature value calculated by the feature value calculation unit.
  5. 根据权利要求4所述的具有存储器内部数据防篡改机制的SOC芯片,其特征在于:所述特征值计算单元的输入端与所述比较器之间还连接有第二锁存器,用于给所述比较器上电。The SOC chip with a memory internal data tamper-proof mechanism according to claim 4, wherein a second latch is further connected between the input end of the characteristic value calculating unit and the comparator for The comparator is powered up.
  6. 根据权利要求1所述的具有存储器内部数据防篡改机制的SOC芯片,其特征在于:预先存储在所述第一存储单元内的特征值为128比特,所述特征值单元根据用户代码计算出的特征值为128比特。The SOC chip with a memory internal data tamper-proof mechanism according to claim 1, wherein a feature value pre-stored in said first storage unit is 128 bits, and said feature value unit is calculated based on a user code. The eigenvalue is 128 bits.
  7. 根据权利要求1所述的具有存储器内部数据防篡改机制的SOC芯片,其特征在于:所述第二存储单元中用户代码为32比特。The SOC chip with a memory internal data tamper-proof mechanism according to claim 1, wherein the user code in the second storage unit is 32 bits.
  8. 根据权利要求1所述的具有存储器内部数据防篡改机制的SOC芯片,其特征在于:所述第一存储单元及第二存储单元均为非易失性存储器。 The SOC chip with a memory internal data tamper-proof mechanism according to claim 1, wherein the first storage unit and the second storage unit are both non-volatile memories.
  9. 根据权利要求1所述的具有存储器内部数据防篡改机制的SOC芯片,其特征在于:所述敏感系统数据包括启动装载(bootloader)、用户密钥、系统存储空间配置信息、校准值及芯片唯一标识码中的一种或多种。The SOC chip with a memory internal data tamper-proof mechanism according to claim 1, wherein the sensitive system data comprises a bootloader, a user key, system storage space configuration information, a calibration value, and a chip unique identifier. One or more of the codes.
  10. 一种存储器内部数据防篡改机制的方法,其特征在于,应用于如权利要求1-9任意一项所述的具有存储器内部数据防篡改机制的SOC芯片,所述方法包括:A method for tamper-proofing a memory internal data, which is characterized in that it is applied to a SOC chip having a memory internal data tamper-proof mechanism according to any one of claims 1-9, the method comprising:
    芯片上电且完成复位操作后,所述第一存储单元和第二存储单元都可以通过微处理器的地址空间进行访问;After the chip is powered on and the reset operation is completed, the first storage unit and the second storage unit are all accessible through the address space of the microprocessor;
    程式从所述第一存储单元开始执行,所述微处理器将所述第二存储单元中的用户代码读出到所述特征值单元,所述特征值单元计算出对应的特征值;The program is executed from the first storage unit, the microprocessor reads out the user code in the second storage unit to the feature value unit, and the feature value unit calculates a corresponding feature value;
    经过多次迭代计算后,得到最终的128比特特征值;After multiple iterations, the final 128-bit eigenvalue is obtained;
    所述特征值单元将计算所得的特征值与存储在所述第一存储单元内的128比特特征值进行比较;The feature value unit compares the calculated feature value with a 128-bit feature value stored in the first storage unit;
    若比较结果一致,则跳转到用户程序区执行用户程序;若比较结果不一致,则产生一个中断给微处理器;If the comparison result is consistent, jump to the user program area to execute the user program; if the comparison result is inconsistent, an interrupt is generated to the microprocessor;
    所述微处理器收到非法篡改的中断后,将所述芯片复位。 After the microprocessor receives an interrupt of illegal tampering, the chip is reset.
PCT/CN2017/085623 2016-12-09 2017-05-24 Soc chip having tamper-resistant mechanism for internal data of memory, and method therefor WO2018103274A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201611126360.1A CN108229207B (en) 2016-12-09 2016-12-09 SOC chip with memory internal data tamper-proof mechanism and method
CN201611126360.1 2016-12-09

Publications (1)

Publication Number Publication Date
WO2018103274A1 true WO2018103274A1 (en) 2018-06-14

Family

ID=62491694

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/085623 WO2018103274A1 (en) 2016-12-09 2017-05-24 Soc chip having tamper-resistant mechanism for internal data of memory, and method therefor

Country Status (2)

Country Link
CN (1) CN108229207B (en)
WO (1) WO2018103274A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1445680A (en) * 2002-03-20 2003-10-01 株式会社东芝 Internal memory type anti-falsification processor and security method
US7062598B1 (en) * 2003-04-29 2006-06-13 Advanced Micro Devices, Inc. Bypass custom array and related method for implementing ROM fixes in a data processor
CN102148054A (en) * 2010-02-05 2011-08-10 群联电子股份有限公司 Flash memory storage system, controller of flash memory storage system and data falsification preventing method
CN103425909A (en) * 2012-05-15 2013-12-04 富士电机株式会社 Control system, device and program execution control method

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101771680B (en) * 2008-12-29 2013-03-13 中国移动通信集团公司 Method for writing data to smart card, system and remote writing-card terminal
CN102567245B (en) * 2011-12-27 2014-10-01 深圳国微技术有限公司 Memory controller for system on chip (SOC) chip system and method for implementing memory controller
US8856864B2 (en) * 2012-09-27 2014-10-07 Intel Corporation Detecting, enforcing and controlling access privileges based on sandbox usage
CN105320581B (en) * 2014-07-14 2018-01-19 瑞昱半导体股份有限公司 A kind of integrated circuit, verification method and the method for producing characteristic value adjustment code
CN104515950B (en) * 2015-01-12 2018-05-22 华南师范大学 A kind of build-in self-test method of integrated circuit and application

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1445680A (en) * 2002-03-20 2003-10-01 株式会社东芝 Internal memory type anti-falsification processor and security method
US7062598B1 (en) * 2003-04-29 2006-06-13 Advanced Micro Devices, Inc. Bypass custom array and related method for implementing ROM fixes in a data processor
CN102148054A (en) * 2010-02-05 2011-08-10 群联电子股份有限公司 Flash memory storage system, controller of flash memory storage system and data falsification preventing method
CN103425909A (en) * 2012-05-15 2013-12-04 富士电机株式会社 Control system, device and program execution control method

Also Published As

Publication number Publication date
CN108229207B (en) 2021-09-14
CN108229207A (en) 2018-06-29

Similar Documents

Publication Publication Date Title
US10129037B2 (en) System and method for authenticating and enabling functioning of a manufactured electronic device
KR102079854B1 (en) System and method for generating secret information using a high reliability physically unclonable function
US10762210B2 (en) Firmware protection and validation
KR102080375B1 (en) Secret key generation using a high reliability physically unclonable function
JP5586628B2 (en) Distributed PUF
TWI701571B (en) Computer-implemented method and apparatus of determining a verification hash of a code image, and for digitally signing a message
JP5607546B2 (en) Method and apparatus for controlling system access during a protected mode of operation
JP7038185B2 (en) A system for verifying the integrity of register contents and its method
US9996711B2 (en) Asset protection of integrated circuits during transport
WO2018103275A1 (en) Soc chip having debugging interface security mechanism, and method
US10289871B2 (en) Integrated circuit lifecycle security with redundant and overlapping crosschecks
WO2017097042A1 (en) Secure chip, and nonvolatile storage control device and method for same
US20170039364A1 (en) System and method to cause an obfuscated non-functional device to transition to a starting functional state using a specified number of cycles
US20110145919A1 (en) Method and apparatus for ensuring consistent system configuration in secure applications
US10915402B2 (en) Software fault monitoring
US10372545B2 (en) Safe reset techniques for microcontroller systems in safety related applications
JP4693245B2 (en) Protection of computer core against unauthorized manipulation from outside
TWI522914B (en) Microprocessor and method of revoking first password
US9813242B2 (en) Method and apparatus for secure recordation of time of attempted breach of IC package
WO2018103274A1 (en) Soc chip having tamper-resistant mechanism for internal data of memory, and method therefor
CN116126095A (en) Clock safety detection method and device and chip
US11531785B2 (en) PUF-based data integrity
JP2008287449A (en) Data processor
US20230237156A1 (en) System and method for storing system state data in a hardware register
TWI428824B (en) Microprocessor and method for limiting access

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17877759

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17877759

Country of ref document: EP

Kind code of ref document: A1