WO2018103275A1 - Soc chip having debugging interface security mechanism, and method - Google Patents

Soc chip having debugging interface security mechanism, and method Download PDF

Info

Publication number
WO2018103275A1
WO2018103275A1 PCT/CN2017/085624 CN2017085624W WO2018103275A1 WO 2018103275 A1 WO2018103275 A1 WO 2018103275A1 CN 2017085624 W CN2017085624 W CN 2017085624W WO 2018103275 A1 WO2018103275 A1 WO 2018103275A1
Authority
WO
WIPO (PCT)
Prior art keywords
password
debug
debug interface
chip
port
Prior art date
Application number
PCT/CN2017/085624
Other languages
French (fr)
Chinese (zh)
Inventor
王健
杨灿华
Original Assignee
上海新微技术研发中心有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 上海新微技术研发中心有限公司 filed Critical 上海新微技术研发中心有限公司
Publication of WO2018103275A1 publication Critical patent/WO2018103275A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Definitions

  • the invention belongs to the field of system on chip, and relates to a SOC chip and method with a debugging interface security mechanism.
  • SOC System on Chip
  • SOC is the core of information system integration, is the integration of key components of the system on a chip; in a broad sense, SOC is a micro-mini system, which will Microprocessors, analog IP cores, digital IP cores, and memory (or off-chip memory control interfaces) are integrated on a single chip and are typically custom-tailored or standard-oriented for specific applications.
  • the hardware debug interface provides an effective method for system testing and on-chip debugging of the SoC chip, but it also poses a security risk.
  • the current SoC chip will be integrated with the debug interface for chip testing and system debugging. Users can use the PC software for application development or use the programmer to program user programs. However, it provides convenience and brings security risks.
  • the debug interface has been called the "back door" in the industry, that is, by applying specific incentives to the debug port, the purpose of acquiring and modifying the internal resources of the chip and the memory data can be achieved.
  • an object of the present invention is to provide a SOC chip and method having a debug interface security mechanism for solving the problem of high security risk of the SOC chip in the prior art.
  • the present invention provides a SOC chip and method having a debug interface security mechanism, including:
  • Microprocessor including debug interface
  • a storage unit configured to pre-store a debug interface security access password
  • a security control unit connected between the debug port and the debug interface, for monitoring an input timing of an external device connected to the debug port; when the input timing is correct, the password is entered and the debug interface is securely accessed.
  • the password is compared; if the comparison result is consistent, the channel between the debug port and the debug interface is opened; if the comparison result is inconsistent, the channel between the debug port and the debug interface is closed.
  • the security control unit includes:
  • a first password register connected to the storage unit, for receiving and temporarily storing a debug interface secure access password from the storage unit after the chip is powered on and completing the reset operation;
  • a second password register for temporarily storing an input password from the external device
  • An input timing monitoring unit connected to the debug port and the second password register for monitoring an input timing of an external device connected to the debug port, and writing an input password to the second when the input timing is correct Password register
  • a comparator wherein the two inputs of the comparator are respectively connected to the first password register and the second password register, and are used for comparing the input password with the debug interface security access password.
  • the debug interface secure access password from the storage unit is written to the first password register by pure hardware logic, and the first password register cannot be Processor access.
  • the security control unit is configured to lock the chip when the number of password comparisons exceeds a preset number of times.
  • the security control unit is configured to lock the chip.
  • the password comparison data is no longer received, and only the memory erase command is received.
  • the preset number of times is 1 to 10.
  • the debug interface security access password is 128 bits.
  • the storage unit is a non-volatile memory.
  • the external device is a host computer or a programmer.
  • the invention also provides a method for debugging an interface security mechanism, which is applied to a SOC chip with a debug interface security mechanism according to any of the preceding claims, the method comprising:
  • the debug interface security access password pre-stored in the storage unit is written into the first password register by pure hardware logic, and the first password register cannot be used by the microprocessor. access;
  • the security control unit constantly monitors an input timing of an external device connected to the debug port, and when the timing is correct, writes an input password to the password register;
  • the security control unit compares the input password with the debug interface secure access password
  • the channel between the debug port and the debug interface is opened; if the comparison result is inconsistent, the channel between the debug port and the debug interface is closed.
  • the SOC chip and method having the debug interface security mechanism of the present invention have the following beneficial effects: the present invention adopts a digital circuit architecture to implement secure access of the debug interface, and adds security between the physical debug port and the internal debug interface.
  • Control unit isolated from the physical connection.
  • the debug port can be physically connected to the internal debug interface only by entering a timing waveform signal containing the correct password on the debug port to gain access to internal resources.
  • the security control unit is responsible for verifying the password and counting the number of comparisons. If the number of comparisons exceeds 3, it is automatically locked. After the chip is locked, the security control unit no longer receives the password comparison data and only receives the NVM memory erase command. The user can only regain the chip control right after executing the NVM memory erase command, and the user data stored in the NVM memory has been erased at this time, thereby realizing the purpose of protecting the user data in the NVM memory unit.
  • FIG. 1 is a schematic diagram showing the structure of a SOC chip with a debug interface security mechanism according to the present invention.
  • Fig. 2 is a circuit diagram showing the safety control unit.
  • FIG. 3 is a schematic flow chart showing a method for debugging an interface security mechanism according to the present invention.
  • the present invention provides a SOC chip and method having a debug interface security mechanism.
  • a schematic structural diagram of the SOC chip is shown, including a debug port 1, a microprocessor 2, and a microprocessor.
  • the storage unit 3 is configured to pre-store the debug interface security access password, and the chip production provider is responsible for maintenance.
  • the storage unit 3 uses a non-volatile memory (NVM), and when the power is turned off, the stored data does not disappear.
  • the debug interface secure access password is 128 bits.
  • the security control unit 4 is connected between the debug port 1 and the debug interface 201 for monitoring an input timing of an external device 5 connected to the debug port 1; when the input timing is correct, a password is input. Comparing with the debug interface security access password; if the comparison result is consistent, the channel between the debug port 1 and the debug interface 201 is opened; if the comparison result is inconsistent, the debug port 1 is closed to the debug The channel between the interfaces 201.
  • the external device includes but is not limited to a programmer or a host computer.
  • the invention adopts a digital circuit architecture to realize secure access of the debug interface, and a security control unit is added between the physical debug port and the internal debug interface, and the debug interface of the SOC chip is isolated from the internal debug interface of the chip from the physical connection.
  • the debug port can be physically connected to the internal debug interface only by entering a timing waveform signal containing the correct password on the debug port to gain access to internal resources.
  • FIG. 2 a circuit configuration diagram of the security control unit 4 is shown in FIG. 2, which includes a first password register 401, a second password register 402, an input timing detection unit 403, and a comparator 404;
  • the first password register 401 is connected to the storage unit 3 for receiving and temporarily storing the debug interface secure access password from the storage unit 3 after the chip is powered on and the reset operation is completed.
  • the debug interface security access password stored in the storage unit 3 can be written into the specific register by the hardware logic only after the system is powered on, and the CPU and the debug interface cannot access the storage unit 3 and The first password register 401.
  • the second password register 402 is used to temporarily store an input password from the external device 1.
  • the input timing monitoring unit 403 and the debug port 1 and the second password register 402 Connected for monitoring the input timing of an external device connected to the debug port 1, and writing an input password to the second password register 402 when the input timing is correct.
  • the two inputs of the comparator 404 are respectively connected to the first password register 401 and the second password register 402 for comparing the input password with the debug interface secure access password.
  • the security control unit 4 is configured to count the number of comparisons when verifying the password, and lock the chip when the number of password comparisons exceeds a preset number of times.
  • the preset number of times may be 1 to 10.
  • the preset number of times is preferably 3, that is, when the password comparison fails more than 3 times, the chip is automatically locked.
  • the security control unit 4 is further configured to receive no password comparison data and only receive the memory erase command after the chip is locked. That is, the user can only regain the control of the chip after executing the memory erase command, and the user data stored in the memory has been erased at this time, even if the chip is illegally acquired, only the "white film” is obtained, thereby The purpose of protecting the user program in the memory is achieved.
  • FIG. 3 is a schematic flow chart of a method for modulating an interface security mechanism according to the present invention, where the method includes:
  • Step S1 After the chip is powered on and the reset operation is completed, the debug interface security access password pre-stored in the storage unit 3 is written into the first password register by pure hardware logic, and the first password register cannot be used. Microprocessor 2 access;
  • Step S2 The security control unit 4 monitors the input timing of the external device 5 connected to the debug port 1 at a time, and when the timing is correct, writes the input password into the second password register;
  • Step S3 After the input password is received, the security control unit 4 compares the input password with the debug interface security access password;
  • Step S4 If the comparison result is consistent, the channel between the debug port 1 and the debug interface 201 is opened; if the comparison result is inconsistent, the channel between the debug port 1 and the debug interface 201 is closed.
  • the method for modulating the interface security mechanism of the present invention saves the 128-bit debug interface secure access password in a specific non-volatile memory, and the system configuration phase can be written into the specific password register by the hardware logic after the chip is powered on, the CPU and the debug The interface cannot access the non-volatile memory and the password register.
  • the password comparison fails more than a certain number of times, the chip is locked. After the chip is locked, the security control unit no longer accepts the password comparison data, and only accepts the non-volatile memory wipe. In addition to instructions, it is possible to effectively prevent illegal acquisition and modification of internal resources of the chip as well as memory data.
  • the SOC chip and method with the internal data anti-tampering mechanism of the invention adopts a digital circuit architecture to implement secure access of the debug interface, and a security control unit is added between the physical debug port and the internal debug interface, and the physical connection is obtained. Isolated on.
  • the debug port can be physically connected to the internal debug interface only by entering a timing waveform signal containing the correct password on the debug port to gain access to internal resources.
  • the security control unit is responsible for verifying the password and counting the number of comparisons. If the number of comparisons exceeds 3, it is automatically locked. After the chip is locked, the security control unit no longer receives the password comparison data and only receives the NVM memory erase command.
  • the present invention effectively overcomes various shortcomings in the prior art and has high industrial utilization value.

Abstract

Provided are a SOC chip having a debugging interface security mechanism, and a method. The chip comprises: a debugging port; a microprocessor, comprising a debugging interface; a storage unit used for pre-storing a security access password of the debugging interface; and a security control unit connected between the debugging port and the debugging interface, and used for monitoring an input timing of an external device connected to the debugging port. When the input timing is correct, an input password is compared with the security access password of the debugging interface; if the comparison result is consistent, a channel from the debugging port to the debugging interface is opened; and if the comparison result is inconsistent, the channel is closed. The present invention adds a security control unit between a physical debugging port and an internal debugging interface, so as to isolate same in terms of physical connection, and the debugging port and the internal debugging interface can be physically connected only when a timing waveform signal including a correct password is input on the debugging port, thereby acquiring a right to access an internal resource.

Description

一种具有调试接口安全机制的SOC芯片及方法SOC chip and method with debugging interface security mechanism 技术领域Technical field
本发明属于片上系统领域,涉及一种具有调试接口安全机制的SOC芯片及方法。The invention belongs to the field of system on chip, and relates to a SOC chip and method with a debugging interface security mechanism.
背景技术Background technique
片上系统(System on Chip,简称SOC),从狭义角度讲,它是信息系统核心的芯片集成,是将系统关键部件集成在一块芯片上;从广义角度讲,SOC是一个微小型系统,其将微处理器、模拟IP核、数字IP核和存储器(或片外存储控制接口)集成在单一芯片上,通常是客户定制的,或是面向特定用途的标准产品。System on Chip (SOC), in a narrow sense, is the core of information system integration, is the integration of key components of the system on a chip; in a broad sense, SOC is a micro-mini system, which will Microprocessors, analog IP cores, digital IP cores, and memory (or off-chip memory control interfaces) are integrated on a single chip and are typically custom-tailored or standard-oriented for specific applications.
硬件调试接口为SoC芯片的系统测试和片上调试提供了行之有效的方法,然而也造成了安全隐患。The hardware debug interface provides an effective method for system testing and on-chip debugging of the SoC chip, but it also poses a security risk.
目前的SoC芯片都会集成调试接口用于芯片测试及系统调试,用户可以非常方便的使用上位机软件进行应用程序开发或者使用烧录器烧写用户程序。但是提供方便之余,也带来了安全隐患。调试接口一直被业界称为“后门”,即通过对调试端口施加特定的激励,可以实现获取和修改芯片内部资源以及存储器数据的目的。The current SoC chip will be integrated with the debug interface for chip testing and system debugging. Users can use the PC software for application development or use the programmer to program user programs. However, it provides convenience and brings security risks. The debug interface has been called the "back door" in the industry, that is, by applying specific incentives to the debug port, the purpose of acquiring and modifying the internal resources of the chip and the memory data can be achieved.
因此,如何提供具有调试接口安全机制的SOC芯片及方法,以提高芯片安全性,成为本领域技术人员亟待解决的一个重要技术问题。Therefore, how to provide a SOC chip and method with a debug interface security mechanism to improve chip security has become an important technical problem to be solved by those skilled in the art.
发明内容Summary of the invention
鉴于以上所述现有技术的缺点,本发明的目的在于提供一种具有调试接口安全机制的SOC芯片及方法,用于解决现有技术中SOC芯片安全风险较高的问题。 In view of the above-mentioned shortcomings of the prior art, an object of the present invention is to provide a SOC chip and method having a debug interface security mechanism for solving the problem of high security risk of the SOC chip in the prior art.
为实现上述目的及其他相关目的,本发明提供一种具有调试接口安全机制的SOC芯片及方法,包括:To achieve the above and other related objects, the present invention provides a SOC chip and method having a debug interface security mechanism, including:
调试端口;Debug port;
微处理器,包括调试接口;Microprocessor, including debug interface;
存储单元,用于预先存储调试接口安全访问密码;a storage unit, configured to pre-store a debug interface security access password;
安全控制单元,连接于所述调试端口与所述调试接口之间,用于监测连接于所述调试端口的外部设备的输入时序;当输入时序正确,则将输入密码与所述调试接口安全访问密码进行比较;如果比较结果一致,则打开所述调试端口到所述调试接口之间的通道;如果比较结果不一致,则关闭所述调试端口到所述调试接口之间的通道。a security control unit, connected between the debug port and the debug interface, for monitoring an input timing of an external device connected to the debug port; when the input timing is correct, the password is entered and the debug interface is securely accessed. The password is compared; if the comparison result is consistent, the channel between the debug port and the debug interface is opened; if the comparison result is inconsistent, the channel between the debug port and the debug interface is closed.
可选地,所述安全控制单元包括:Optionally, the security control unit includes:
第一密码寄存器,与所述存储单元连接,用于在芯片上电且完成复位操作后接收并暂存来自所述存储单元的调试接口安全访问密码;a first password register, connected to the storage unit, for receiving and temporarily storing a debug interface secure access password from the storage unit after the chip is powered on and completing the reset operation;
第二密码寄存器,用于暂存来自所述外部设备的输入密码;a second password register for temporarily storing an input password from the external device;
输入时序监测单元,与所述调试端口及所述第二密码寄存器相连,用于监测连接于所述调试端口的外部设备的输入时序,并在输入时序正确时将输入密码写入所述第二密码寄存器;An input timing monitoring unit connected to the debug port and the second password register for monitoring an input timing of an external device connected to the debug port, and writing an input password to the second when the input timing is correct Password register
比较器,所述比较器的两个输入端分别与所述第一密码寄存器与第二密码寄存器相连,用于将所述输入密码与所述调试接口安全访问密码进行比较。And a comparator, wherein the two inputs of the comparator are respectively connected to the first password register and the second password register, and are used for comparing the input password with the debug interface security access password.
可选地,芯片上电且完成复位操作后,来自所述存储单元的调试接口安全访问密码是通过纯硬件逻辑写入到所述第一密码寄存器,所述第一密码寄存器无法被所述微处理器访问。Optionally, after the chip is powered on and the reset operation is completed, the debug interface secure access password from the storage unit is written to the first password register by pure hardware logic, and the first password register cannot be Processor access.
可选地,所述安全控制单元被设置为当密码比对次数超过预设次数,则锁定芯片。Optionally, the security control unit is configured to lock the chip when the number of password comparisons exceeds a preset number of times.
可选地,所述安全控制单元被设置为锁定芯片后,不再接收密码比对数据,只接收存储器擦除指令。Optionally, after the security control unit is configured to lock the chip, the password comparison data is no longer received, and only the memory erase command is received.
可选地,所述预设次数为1~10。Optionally, the preset number of times is 1 to 10.
可选地,所述调试接口安全访问密码为128比特。 Optionally, the debug interface security access password is 128 bits.
可选地,所述存储单元为非易失性存储器。Optionally, the storage unit is a non-volatile memory.
可选地,所述存外部设备为上位机或烧录器。Optionally, the external device is a host computer or a programmer.
本发明还提供一种调试接口安全机制的方法,应用于如上任意一项所述的具有调试接口安全机制的SOC芯片,所述方法包括:The invention also provides a method for debugging an interface security mechanism, which is applied to a SOC chip with a debug interface security mechanism according to any of the preceding claims, the method comprising:
芯片上电且完成复位操作后,通过纯硬件逻辑将预先存储在所述存储单元内的调试接口安全访问密码写入到第一密码寄存器内,所述第一密码寄存器无法被所述微处理器访问;After the chip is powered on and the reset operation is completed, the debug interface security access password pre-stored in the storage unit is written into the first password register by pure hardware logic, and the first password register cannot be used by the microprocessor. access;
所述安全控制单元时刻监测连接于所述调试端口的外部设备的输入时序,当时序正确,则将输入密码写入所述密码寄存器;The security control unit constantly monitors an input timing of an external device connected to the debug port, and when the timing is correct, writes an input password to the password register;
当输入密码接收完成后,所述安全控制单元将输入密码与所述调试接口安全访问密码进行比较;After the input password is received, the security control unit compares the input password with the debug interface secure access password;
如果比较结果一致,则打开所述调试端口到所述调试接口之间的通道;如果比较结果不一致,则关闭所述调试端口到所述调试接口之间的通道。If the comparison result is consistent, the channel between the debug port and the debug interface is opened; if the comparison result is inconsistent, the channel between the debug port and the debug interface is closed.
如上所述,本发明的具有调试接口安全机制的SOC芯片及及方法,具有以下有益效果:本发明采用数字电路架构实现调试接口的安全访问,在物理调试端口与内部调试接口之间加入了安全控制单元,从物理连接上隔离。只有在调试端口上输入包含正确密码的时序波形信号时才能在物理上将调试端口与内部调试接口连通,从而获得访问内部资源的权限。安全控制单元负责密码的校验并记入比对的次数,如果比对次数超过3次,则自动锁定。芯片锁定后,安全控制单元不再接收密码比对数据,只接收NVM存储器擦除指令。用户只能在执行NVM存储器擦除指令后才能重新取得芯片控制权,而此时存储在NVM存储器内的用户数据已经被擦除,从而实现保护NVM存储器单元中用户数据的目的。As described above, the SOC chip and method having the debug interface security mechanism of the present invention have the following beneficial effects: the present invention adopts a digital circuit architecture to implement secure access of the debug interface, and adds security between the physical debug port and the internal debug interface. Control unit, isolated from the physical connection. The debug port can be physically connected to the internal debug interface only by entering a timing waveform signal containing the correct password on the debug port to gain access to internal resources. The security control unit is responsible for verifying the password and counting the number of comparisons. If the number of comparisons exceeds 3, it is automatically locked. After the chip is locked, the security control unit no longer receives the password comparison data and only receives the NVM memory erase command. The user can only regain the chip control right after executing the NVM memory erase command, and the user data stored in the NVM memory has been erased at this time, thereby realizing the purpose of protecting the user data in the NVM memory unit.
附图说明DRAWINGS
图1显示为本发明的具有调试接口安全机制的SOC芯片及的结构示意图。FIG. 1 is a schematic diagram showing the structure of a SOC chip with a debug interface security mechanism according to the present invention.
图2显示为所述安全控制单元的电路结构图。Fig. 2 is a circuit diagram showing the safety control unit.
图3显示为本发明的调试接口安全机制的方法的流程示意图。 FIG. 3 is a schematic flow chart showing a method for debugging an interface security mechanism according to the present invention.
元件标号说明Component label description
1调试端口1 debug port
2微处理器2 microprocessor
201调试接口201 debug interface
3存储单元3 storage unit
4安全控制单元4 security control unit
401第一密码寄存器401 first password register
402第二密码寄存器402 second password register
403输入时序监测单元403 input timing monitoring unit
404比较器404 comparator
5外部设备5 external equipment
S1~S4步骤S1 to S4 steps
具体实施方式detailed description
以下通过特定的具体实例说明本发明的实施方式,本领域技术人员可由本说明书所揭露的内容轻易地了解本发明的其他优点与功效。本发明还可以通过另外不同的具体实施方式加以实施或应用,本说明书中的各项细节也可以基于不同观点与应用,在没有背离本发明的精神下进行各种修饰或改变。The embodiments of the present invention are described below by way of specific examples, and those skilled in the art can readily understand other advantages and effects of the present invention from the disclosure of the present disclosure. The present invention may be embodied or applied in various other specific embodiments, and various modifications and changes can be made without departing from the spirit and scope of the invention.
请参阅图1至图3。需要说明的是,本实施例中所提供的图示仅以示意方式说明本发明的基本构想,遂图式中仅显示与本发明中有关的组件而非按照实际实施时的组件数目、形状及尺寸绘制,其实际实施时各组件的型态、数量及比例可为一种随意的改变,且其组件布局型态也可能更为复杂。Please refer to Figure 1 to Figure 3. It should be noted that the illustrations provided in the present embodiment merely illustrate the basic concept of the present invention in a schematic manner, and only the components related to the present invention are shown in the drawings, instead of the number and shape of components in actual implementation. Dimensional drawing, the actual type of implementation of each component's type, number and proportion can be a random change, and its component layout can be more complicated.
本发明提供一种具有调试接口安全机制的SOC芯片及方法,请参阅图1,显示为该SOC芯片的结构示意图,包括调试端口1、微处理器2、微处理器内 的调试接口201、存储单元3及安全控制单元4。The present invention provides a SOC chip and method having a debug interface security mechanism. Referring to FIG. 1, a schematic structural diagram of the SOC chip is shown, including a debug port 1, a microprocessor 2, and a microprocessor. The debug interface 201, the storage unit 3 and the security control unit 4.
具体的,所述存储单元3用于预先存储调试接口安全访问密码,由芯片生产提供者负责维护。本实施例中,所述存储单元3采用非易失性存储器(Non-Volatile Memory,NVM),当电源关掉后,其所存储的数据不会消失。所述调试接口安全访问密码为128比特。Specifically, the storage unit 3 is configured to pre-store the debug interface security access password, and the chip production provider is responsible for maintenance. In this embodiment, the storage unit 3 uses a non-volatile memory (NVM), and when the power is turned off, the stored data does not disappear. The debug interface secure access password is 128 bits.
所述安全控制单元4,连接于所述调试端口1与所述调试接口201之间,用于监测连接于所述调试端口1的外部设备5的输入时序;当输入时序正确,则将输入密码与所述调试接口安全访问密码进行比较;如果比较结果一致,则打开所述调试端口1到所述调试接口201之间的通道;如果比较结果不一致,则关闭所述调试端口1到所述调试接口201之间的通道。The security control unit 4 is connected between the debug port 1 and the debug interface 201 for monitoring an input timing of an external device 5 connected to the debug port 1; when the input timing is correct, a password is input. Comparing with the debug interface security access password; if the comparison result is consistent, the channel between the debug port 1 and the debug interface 201 is opened; if the comparison result is inconsistent, the debug port 1 is closed to the debug The channel between the interfaces 201.
本实施例中,所述外部设备包括但不限于烧录器或上位机。In this embodiment, the external device includes but is not limited to a programmer or a host computer.
本发明采用数字电路架构实现调试接口的安全访问,在物理调试端口与内部调试接口之间加入了安全控制单元,从物理连接上将SOC芯片的调试接口与芯片内部调试接口进行隔离。只有在调试端口上输入包含正确密码的时序波形信号时才能在物理上将调试端口与内部调试接口连通,从而获得访问内部资源的权限。The invention adopts a digital circuit architecture to realize secure access of the debug interface, and a security control unit is added between the physical debug port and the internal debug interface, and the debug interface of the SOC chip is isolated from the internal debug interface of the chip from the physical connection. The debug port can be physically connected to the internal debug interface only by entering a timing waveform signal containing the correct password on the debug port to gain access to internal resources.
作为示例,图2中展示了所述安全控制单元4的电路结构图,其包括第一密码寄存器401、第二密码寄存器402、输入时序检测单元403及比较器404;其中:As an example, a circuit configuration diagram of the security control unit 4 is shown in FIG. 2, which includes a first password register 401, a second password register 402, an input timing detection unit 403, and a comparator 404;
所述第一密码寄存器401与所述存储单元3连接,用于在芯片上电且完成复位操作后接收并暂存来自所述存储单元3的调试接口安全访问密码。The first password register 401 is connected to the storage unit 3 for receiving and temporarily storing the debug interface secure access password from the storage unit 3 after the chip is powered on and the reset operation is completed.
本实施例中,存储在所述存储单元3内的调试接口安全访问密码只有在芯片上电后系统配置阶段才能被硬件逻辑写入特定寄存器内,CPU和调试接口无法访问所述存储单元3和所述第一密码寄存器401。In this embodiment, the debug interface security access password stored in the storage unit 3 can be written into the specific register by the hardware logic only after the system is powered on, and the CPU and the debug interface cannot access the storage unit 3 and The first password register 401.
所述第二密码寄存器402用于暂存来自所述外部设备1的输入密码。The second password register 402 is used to temporarily store an input password from the external device 1.
所述输入时序监测单元403与所述调试端口1及所述第二密码寄存器402 相连,用于监测连接于所述调试端口1的外部设备的输入时序,并在输入时序正确时将输入密码写入所述第二密码寄存器402。The input timing monitoring unit 403 and the debug port 1 and the second password register 402 Connected for monitoring the input timing of an external device connected to the debug port 1, and writing an input password to the second password register 402 when the input timing is correct.
所述比较器404的两个输入端分别与所述第一密码寄存器401与第二密码寄存器402相连,用于将所述输入密码与所述调试接口安全访问密码进行比较。The two inputs of the comparator 404 are respectively connected to the first password register 401 and the second password register 402 for comparing the input password with the debug interface secure access password.
具体的,所述安全控制单元4被设置为在校验密码时计入比对的次数,当密码比对次数超过预设次数,则锁定芯片。Specifically, the security control unit 4 is configured to count the number of comparisons when verifying the password, and lock the chip when the number of password comparisons exceeds a preset number of times.
作为示例,所述预设次数可以为1~10。本实施例中,所述预设次数优选为3,即当密码比对失败超过3次,则芯片自动锁定。As an example, the preset number of times may be 1 to 10. In this embodiment, the preset number of times is preferably 3, that is, when the password comparison fails more than 3 times, the chip is automatically locked.
本实施例中,所述安全控制单元4进一步被设置为当芯片锁定后,不再接收密码比对数据,只接收存储器擦除指令。即用户只能在执行存储器擦除指令后才能重新取得芯片控制权,而此时存储在存储器内的用户数据已经被擦除,即使被非法获取到芯片,得到的也只是“白片”,从而实现保护存储器内用户程序的目的。In this embodiment, the security control unit 4 is further configured to receive no password comparison data and only receive the memory erase command after the chip is locked. That is, the user can only regain the control of the chip after executing the memory erase command, and the user data stored in the memory has been erased at this time, even if the chip is illegally acquired, only the "white film" is obtained, thereby The purpose of protecting the user program in the memory is achieved.
图3展示为本发明所述调制接口安全机制的方法的流程示意图,所述方法包括:3 is a schematic flow chart of a method for modulating an interface security mechanism according to the present invention, where the method includes:
步骤S1:芯片上电且完成复位操作后,通过纯硬件逻辑将预先存储在所述存储单元3内的调试接口安全访问密码写入到第一密码寄存器内,所述第一密码寄存器无法被所述微处理器2访问;Step S1: After the chip is powered on and the reset operation is completed, the debug interface security access password pre-stored in the storage unit 3 is written into the first password register by pure hardware logic, and the first password register cannot be used. Microprocessor 2 access;
步骤S2:所述安全控制单元4时刻监测连接于所述调试端口1的外部设备5的输入时序,当时序正确,则将输入密码写入第二密码寄存器;Step S2: The security control unit 4 monitors the input timing of the external device 5 connected to the debug port 1 at a time, and when the timing is correct, writes the input password into the second password register;
步骤S3:当输入密码接收完成后,所述安全控制单元4将输入密码与所述调试接口安全访问密码进行比较;Step S3: After the input password is received, the security control unit 4 compares the input password with the debug interface security access password;
步骤S4:如果比较结果一致,则打开所述调试端口1到所述调试接口201之间的通道;如果比较结果不一致,则关闭所述调试端口1到所述调试接口201之间的通道。 Step S4: If the comparison result is consistent, the channel between the debug port 1 and the debug interface 201 is opened; if the comparison result is inconsistent, the channel between the debug port 1 and the debug interface 201 is closed.
本发明的调制接口安全机制的方法将128比特调试接口安全访问密码保存在特定的非易失性存储器内,只有芯片上电后系统配置阶段才能被硬件逻辑写入特定密码寄存器内,CPU和调试接口无法访问该非易失性存储器和密码寄存器,当密码比对失败超过一定次数,则芯片被锁定,芯片锁定后,安全控制单元不再接受密码比对数据,只接受非易失性存储器擦除指令,从而可以有效防止非法获取和修改芯片内部资源以及存储器数据。The method for modulating the interface security mechanism of the present invention saves the 128-bit debug interface secure access password in a specific non-volatile memory, and the system configuration phase can be written into the specific password register by the hardware logic after the chip is powered on, the CPU and the debug The interface cannot access the non-volatile memory and the password register. When the password comparison fails more than a certain number of times, the chip is locked. After the chip is locked, the security control unit no longer accepts the password comparison data, and only accepts the non-volatile memory wipe. In addition to instructions, it is possible to effectively prevent illegal acquisition and modification of internal resources of the chip as well as memory data.
综上所述,本发明的具有存储器内部数据防篡改机制的SOC芯片及方法采用数字电路架构实现调试接口的安全访问,在物理调试端口与内部调试接口之间加入了安全控制单元,从物理连接上隔离。只有在调试端口上输入包含正确密码的时序波形信号时才能在物理上将调试端口与内部调试接口连通,从而获得访问内部资源的权限。安全控制单元负责密码的校验并记入比对的次数,如果比对次数超过3次,则自动锁定。芯片锁定后,安全控制单元不再接收密码比对数据,只接收NVM存储器擦除指令。用户只能在执行NVM存储器擦除指令后才能重新取得芯片控制权,而此时存储在NVM存储器内的用户数据已经被擦除,从而实现保护NVM存储器单元中用户数据的目的。所以,本发明有效克服了现有技术中的种种缺点而具高度产业利用价值。In summary, the SOC chip and method with the internal data anti-tampering mechanism of the invention adopts a digital circuit architecture to implement secure access of the debug interface, and a security control unit is added between the physical debug port and the internal debug interface, and the physical connection is obtained. Isolated on. The debug port can be physically connected to the internal debug interface only by entering a timing waveform signal containing the correct password on the debug port to gain access to internal resources. The security control unit is responsible for verifying the password and counting the number of comparisons. If the number of comparisons exceeds 3, it is automatically locked. After the chip is locked, the security control unit no longer receives the password comparison data and only receives the NVM memory erase command. The user can only regain the chip control right after executing the NVM memory erase command, and the user data stored in the NVM memory has been erased at this time, thereby realizing the purpose of protecting the user data in the NVM memory unit. Therefore, the present invention effectively overcomes various shortcomings in the prior art and has high industrial utilization value.
上述实施例仅例示性说明本发明的原理及其功效,而非用于限制本发明。任何熟悉此技术的人士皆可在不违背本发明的精神及范畴下,对上述实施例进行修饰或改变。因此,举凡所属技术领域中具有通常知识者在未脱离本发明所揭示的精神与技术思想下所完成的一切等效修饰或改变,仍应由本发明的权利要求所涵盖。 The above-described embodiments are merely illustrative of the principles of the invention and its effects, and are not intended to limit the invention. Modifications or variations of the above-described embodiments may be made by those skilled in the art without departing from the spirit and scope of the invention. Therefore, all equivalent modifications or changes made by those skilled in the art without departing from the spirit and scope of the invention will be covered by the appended claims.

Claims (10)

  1. 一种具有调试接口安全机制的SOC芯片及方法,其特征在于,包括:A SOC chip and method having a debug interface security mechanism, comprising:
    调试端口;Debug port;
    微处理器,包括调试接口;Microprocessor, including debug interface;
    存储单元,用于预先存储调试接口安全访问密码;a storage unit, configured to pre-store a debug interface security access password;
    安全控制单元,连接于所述调试端口与所述调试接口之间,用于监测连接于所述调试端口的外部设备的输入时序;当输入时序正确,则将输入密码与所述调试接口安全访问密码进行比较;如果比较结果一致,则打开所述调试端口到所述调试接口之间的通道;如果比较结果不一致,则关闭所述调试端口到所述调试接口之间的通道。a security control unit, connected between the debug port and the debug interface, for monitoring an input timing of an external device connected to the debug port; when the input timing is correct, the password is entered and the debug interface is securely accessed. The password is compared; if the comparison result is consistent, the channel between the debug port and the debug interface is opened; if the comparison result is inconsistent, the channel between the debug port and the debug interface is closed.
  2. 根据权利要求1所述的具有调试接口安全机制的SOC芯片及方法,其特征在于:所述安全控制单元包括:The SOC chip and method with a debug interface security mechanism according to claim 1, wherein the security control unit comprises:
    第一密码寄存器,与所述存储单元连接,用于在芯片上电且完成复位操作后接收并暂存来自所述存储单元的调试接口安全访问密码;a first password register, connected to the storage unit, for receiving and temporarily storing a debug interface secure access password from the storage unit after the chip is powered on and completing the reset operation;
    第二密码寄存器,用于暂存来自所述外部设备的输入密码;a second password register for temporarily storing an input password from the external device;
    输入时序监测单元,与所述调试端口及所述第二密码寄存器相连,用于监测连接于所述调试端口的外部设备的输入时序,并在输入时序正确时将输入密码写入所述第二密码寄存器;An input timing monitoring unit connected to the debug port and the second password register for monitoring an input timing of an external device connected to the debug port, and writing an input password to the second when the input timing is correct Password register
    比较器,所述比较器的两个输入端分别与所述第一密码寄存器与第二密码寄存器相连,用于将所述输入密码与所述调试接口安全访问密码进行比较。 And a comparator, wherein the two inputs of the comparator are respectively connected to the first password register and the second password register, and are used for comparing the input password with the debug interface security access password.
  3. 根据权利要求2所述的具有调试接口安全机制的SOC芯片及方法,其特征在于:芯片上电且完成复位操作后,来自所述存储单元的调试接口安全访问密码是通过纯硬件逻辑写入到所述第一密码寄存器,所述第一密码寄存器无法被所述微处理器访问。The SOC chip and method with a debug interface security mechanism according to claim 2, wherein after the chip is powered on and the reset operation is completed, the debug interface secure access password from the storage unit is written by pure hardware logic. The first password register, the first password register is inaccessible to the microprocessor.
  4. 根据权利要求1所述的具有调试接口安全机制的SOC芯片及方法,其特征在于:所述安全控制单元被设置为当密码比对次数超过预设次数,则锁定芯片。The SOC chip and method with a debug interface security mechanism according to claim 1, wherein the security control unit is configured to lock the chip when the number of password comparisons exceeds a preset number of times.
  5. 根据权利要求4所述的具有调试接口安全机制的SOC芯片及方法,其特征在于:所述安全控制单元被设置为锁定芯片后,不再接收密码比对数据,只接收存储器擦除指令。The SOC chip and method with a debug interface security mechanism according to claim 4, wherein the security control unit is configured to lock the chip, no longer receive the password comparison data, and only receive the memory erase command.
  6. 根据权利要求4所述的具有调试接口安全机制的SOC芯片及方法,其特征在于:所述预设次数为1~10。The SOC chip and method with a debug interface security mechanism according to claim 4, wherein the preset number of times is 1 to 10.
  7. 根据权利要求1所述的具有调试接口安全机制的SOC芯片及方法,其特征在于:所述调试接口安全访问密码为128比特。The SOC chip and method with a debug interface security mechanism according to claim 1, wherein the debug interface secure access password is 128 bits.
  8. 根据权利要求1所述的具有调试接口安全机制的SOC芯片及方法,其特征在于:所述存储单元为非易失性存储器。The SOC chip and method having a debug interface security mechanism according to claim 1, wherein the storage unit is a non-volatile memory.
  9. 根据权利要求1所述的具有调试接口安全机制的SOC芯片及方法,其特征在于:所述存外部设备为上位机或烧录器。 The SOC chip and method with a debug interface security mechanism according to claim 1, wherein the external device is a host computer or a programmer.
  10. 一种调试接口安全机制的方法,其特征在于,应用于如权利要求1-9任意一项所述的具有调试接口安全机制的SOC芯片,所述方法包括:A method for debugging an interface security mechanism, which is characterized in that it is applied to a SOC chip having a debug interface security mechanism according to any one of claims 1-9, the method comprising:
    芯片上电且完成复位操作后,通过纯硬件逻辑将预先存储在所述存储单元内的调试接口安全访问密码写入到第一密码寄存器内,所述第一密码寄存器无法被所述微处理器访问;After the chip is powered on and the reset operation is completed, the debug interface security access password pre-stored in the storage unit is written into the first password register by pure hardware logic, and the first password register cannot be used by the microprocessor. access;
    所述安全控制单元时刻监测连接于所述调试端口的外部设备的输入时序,当时序正确,则将输入密码写入第二密码寄存器;The security control unit constantly monitors an input timing of an external device connected to the debug port, and when the timing is correct, writes the input password to the second password register;
    当输入密码接收完成后,所述安全控制单元将输入密码与所述调试接口安全访问密码进行比较;After the input password is received, the security control unit compares the input password with the debug interface secure access password;
    如果比较结果一致,则打开所述调试端口到所述调试接口之间的通道;如果比较结果不一致,则关闭所述调试端口到所述调试接口之间的通道。 If the comparison result is consistent, the channel between the debug port and the debug interface is opened; if the comparison result is inconsistent, the channel between the debug port and the debug interface is closed.
PCT/CN2017/085624 2016-12-09 2017-05-24 Soc chip having debugging interface security mechanism, and method WO2018103275A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201611126402.1 2016-12-09
CN201611126402.1A CN108460296A (en) 2016-12-09 2016-12-09 SOC chip with debugging interface security mechanism and method

Publications (1)

Publication Number Publication Date
WO2018103275A1 true WO2018103275A1 (en) 2018-06-14

Family

ID=62490766

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/085624 WO2018103275A1 (en) 2016-12-09 2017-05-24 Soc chip having debugging interface security mechanism, and method

Country Status (2)

Country Link
CN (1) CN108460296A (en)
WO (1) WO2018103275A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112788382A (en) * 2020-12-31 2021-05-11 成都长虹网络科技有限责任公司 Set top box with safety debugging function
CN116756781A (en) * 2023-08-23 2023-09-15 菁音核创科技(厦门)有限公司 Encryption protection method, device and equipment for chip and storage medium

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109977023A (en) * 2019-04-03 2019-07-05 北京智芯微电子科技有限公司 Support the cpu chip emulator of debugging permission control
CN113918392B (en) * 2020-07-10 2023-10-13 珠海格力电器股份有限公司 Debug protection system and debug processing module
CN112100691A (en) * 2020-09-11 2020-12-18 浪潮(北京)电子信息产业有限公司 Protection method and protection system of hardware debugging interface and programmable controller
CN112380119A (en) * 2020-11-12 2021-02-19 上海东软载波微电子有限公司 Chip, programming debugger, system and method for locking programming debugging entry

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7900064B2 (en) * 2005-04-20 2011-03-01 Honeywell International Inc. Encrypted debug interface
CN103324506A (en) * 2013-06-24 2013-09-25 上海天奕达电子科技有限公司 Method and mobile phone for controlling installation of Android applications
CN103793325A (en) * 2014-01-24 2014-05-14 深圳市同洲电子股份有限公司 Kernel debugging method and system
CN103871379A (en) * 2012-12-14 2014-06-18 乐金显示有限公司 Apparatus and method for controlling data interface
CN104777761A (en) * 2014-01-15 2015-07-15 上海华虹集成电路有限责任公司 Method and circuit for realizing safety of MCU (micro controller unit)

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8407457B2 (en) * 2007-09-28 2013-03-26 Freescale Semiconductor, Inc. System and method for monitoring debug events
CN101620656B (en) * 2009-07-29 2012-11-28 深圳国微技术有限公司 Safety JTAG module and method for protecting safety of information inside chip
CN102592064A (en) * 2011-01-07 2012-07-18 深圳同方电子设备有限公司 Dynamic crypto chip
CN202102448U (en) * 2011-06-07 2012-01-04 郑州信大捷安信息技术股份有限公司 SoC (System on Chip)-based external-data safe-storing framework
CN103235749A (en) * 2013-03-26 2013-08-07 江南大学 FPGA-based sensor network SoC proto verification platform

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7900064B2 (en) * 2005-04-20 2011-03-01 Honeywell International Inc. Encrypted debug interface
CN103871379A (en) * 2012-12-14 2014-06-18 乐金显示有限公司 Apparatus and method for controlling data interface
CN103324506A (en) * 2013-06-24 2013-09-25 上海天奕达电子科技有限公司 Method and mobile phone for controlling installation of Android applications
CN104777761A (en) * 2014-01-15 2015-07-15 上海华虹集成电路有限责任公司 Method and circuit for realizing safety of MCU (micro controller unit)
CN103793325A (en) * 2014-01-24 2014-05-14 深圳市同洲电子股份有限公司 Kernel debugging method and system

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112788382A (en) * 2020-12-31 2021-05-11 成都长虹网络科技有限责任公司 Set top box with safety debugging function
CN116756781A (en) * 2023-08-23 2023-09-15 菁音核创科技(厦门)有限公司 Encryption protection method, device and equipment for chip and storage medium
CN116756781B (en) * 2023-08-23 2023-11-14 菁音核创科技(厦门)有限公司 Encryption protection method, device and equipment for chip and storage medium

Also Published As

Publication number Publication date
CN108460296A (en) 2018-08-28

Similar Documents

Publication Publication Date Title
WO2018103275A1 (en) Soc chip having debugging interface security mechanism, and method
US9710651B2 (en) Secure processor for SoC initialization
US7681078B2 (en) Debugging a processor through a reset event
US20180059184A1 (en) Jtag debug apparatus and jtag debug method
US11809544B2 (en) Remote attestation for multi-core processor
US8572410B1 (en) Virtualized protected storage
WO2020037612A1 (en) Embedded program secure boot method, apparatus and device, and storage medium
US10592671B2 (en) Preventing code modification after boot
US9479331B2 (en) Managing security in a system on a chip (SOC) that powers down a secure processor
US20130188437A1 (en) Hardware write-protection
US8427193B1 (en) Intellectual property core protection for integrated circuits
US20090271536A1 (en) Descriptor integrity checking in a dma controller
US8621298B2 (en) Apparatus for protecting against external attack for processor based on arm core and method using the same
US20150106609A1 (en) Multi-threaded low-level startup for system boot efficiency
US20180373878A1 (en) Secure boot for multi-core processor
KR20140019599A (en) Method of managing key for secure storage of data, and and apparatus there-of
JP4319712B2 (en) Method and apparatus with access protection in an integrated circuit
US10915402B2 (en) Software fault monitoring
JP2003091459A (en) System and method for applying security to code and data in semiconductor device
US10452844B2 (en) Protecting isolated secret data of integrated circuit devices
JP4693245B2 (en) Protection of computer core against unauthorized manipulation from outside
US9813242B2 (en) Method and apparatus for secure recordation of time of attempted breach of IC package
US20180328988A1 (en) Controlling a transition between a functional mode and a test mode
US7774758B2 (en) Systems and methods for secure debugging and profiling of a computer system
US11734457B2 (en) Technology for controlling access to processor debug features

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17879308

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17879308

Country of ref document: EP

Kind code of ref document: A1