WO2021203767A1 - 内存访问方法、系统级芯片和电子设备 - Google Patents

内存访问方法、系统级芯片和电子设备 Download PDF

Info

Publication number
WO2021203767A1
WO2021203767A1 PCT/CN2021/000066 CN2021000066W WO2021203767A1 WO 2021203767 A1 WO2021203767 A1 WO 2021203767A1 CN 2021000066 W CN2021000066 W CN 2021000066W WO 2021203767 A1 WO2021203767 A1 WO 2021203767A1
Authority
WO
WIPO (PCT)
Prior art keywords
memory
area
data
access
encryption
Prior art date
Application number
PCT/CN2021/000066
Other languages
English (en)
French (fr)
Inventor
王永
徐华锋
郭彬
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Priority to EP21784583.3A priority Critical patent/EP4134845A4/en
Publication of WO2021203767A1 publication Critical patent/WO2021203767A1/zh

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data

Definitions

  • This application relates to the field of information technology, in particular to memory access methods, system-level chips and electronic devices.
  • SoC System-on-a-Chip
  • an embodiment of the present application provides a memory access method applied to a system-level chip, including:
  • the system-level chip interface writes business data into the first area of the memory
  • the device after the interface reads the data to be processed in the corresponding area of the memory of the previous device, and writes it into the next area of the memory after processing, until the last device reads the data to be processed in the corresponding area of the memory of the previous device. After processing, the feedback data is obtained and written into the first area;
  • the processor as the interfaced device only has the access authority of the first area.
  • an embodiment of the present application provides a system-on-chip, including: an interface connected by a bus, a device behind the interface, and a memory;
  • the interface is configured to write business data into the first area of the memory
  • the device after the interface reads the data to be processed in the corresponding area of the memory of the previous device, and writes it into the next area of the memory after processing, until the last device reads the data to be processed in the corresponding area of the memory of the previous device. After processing, feedback data is obtained and written into the first area;
  • the processor as the interfaced device only has the access authority of the first area.
  • an embodiment of the present application provides an electronic device, including the system-on-chip provided in the embodiment of the present application.
  • FIG. 1 is a schematic flowchart of a memory access method provided by an embodiment of the application
  • FIG. 2 is a schematic diagram of a memory access path provided by an embodiment of the application
  • FIG. 3 is a schematic diagram of another flow chart of a memory access method provided by an embodiment of the application.
  • FIG. 4 is a schematic diagram of a structure of a system-on-chip provided by an embodiment of the application.
  • FIG. 5 is a schematic diagram of another structure of a system-on-chip provided by an embodiment of the application.
  • FIG. 6 is a schematic diagram of another structure of a system-on-chip provided by an embodiment of the application.
  • the system-on-chip in the embodiments of the present application involves two devices: a host device and a slave device.
  • the host device refers to a device in the system-on-chip that can actively issue read and write commands, such as a processor with built-in direct memory.
  • Devices that access (Direct Memory Access, DMA) modules; slave devices refer to devices that cannot actively issue read and write commands in the system-level chip, but can only passively receive read and write commands, such as memory (memory), etc.
  • DMA Direct Memory Access
  • the execution body of the following method embodiments may be a memory access device, and the device may be implemented as part or all of the above-mentioned system-on-chip through software, hardware, or a combination of software and hardware.
  • the execution subject is a system-level chip as an example for description.
  • FIG. 1 is a schematic flowchart of a memory access method provided by an embodiment of the application. As shown in FIG. 1, this embodiment relates to the specific process of how each host device in the system-on-chip accesses the memory. As shown in FIG. 1, the method may include the following steps S101 to S103.
  • the interface of the system-on-chip writes service data into the first area of the memory.
  • the interface is used to connect an external device of the system-level chip.
  • the external device may be an input/output device.
  • the input/output device may be a data collection sensor, a touch screen, or a display.
  • the interface may be an I2C interface, a Mobile Industry Processor Interface (MIPI), an Ethernet interface, or other bus interfaces that can be connected to external devices.
  • MIPI Mobile Industry Processor Interface
  • the interface of the system-level chip can receive business data sent by an external device, and write the business data into the first area of the memory through its built-in DMA module.
  • Business data is encrypted data to be processed, such as an encrypted video stream.
  • the above-mentioned first area supports access of all host devices of the system-on-chip, that is, the first area is a general area with unlimited access.
  • Other areas of the memory are access restricted areas, that is, they can only be accessed by a designated host device, and a host device that is not designated to have access rights cannot access it.
  • Memory access includes reading or writing to the memory.
  • the system-level chip's memory can be divided into multiple areas in advance.
  • the size of each area and the start address and end address of each area can be based on actual conditions. Storage requirements are configured.
  • the processor can divide the memory area in a trusted execution environment.
  • the device after the interface reads the to-be-processed data in the memory corresponding area of the previous device, and writes it into the next area of the memory after processing, until the last device reads the to-be-processed data in the memory corresponding area of the previous device Data, the feedback data obtained after processing is written into the first area.
  • the device after the interface mainly refers to the host device of the system-level chip, which participates in the processing of the service data, that is, the host device participating in the processing of the service data is the device after the interface.
  • the process of business data processing involves encryption and decryption, encoding and decoding operations, etc.
  • the devices after the interface may include encryption and decryption devices, encoding and decoding devices, and processors.
  • the device after the interface may also include devices with corresponding functions, which is not limited in this embodiment.
  • the processor is a device after the interface, the system-level chip restricts the processor to only have access rights to the first area, and it does not have access rights to other areas in the memory, thereby avoiding software programs running in the processor from accessing other areas of the memory. Access to avoid data leakage.
  • the plaintext data is not allowed to be written into the first area (that is, the normal area), and needs to be written into other areas of the memory.
  • the other areas are restricted access areas, and only designated devices are allowed to access.
  • the access process of the device after the interface to the memory can be: according to the processing process of the business data, the first device after the interface reads the data to be processed in the corresponding area of the memory written by the interface, and writes it to the memory after processing.
  • the next device reads the data to be processed in the corresponding area of the memory by the first device, and writes it to the next area of the memory after processing, until the last device reads the previous device in the memory
  • the final feedback data obtained after processing is written into the first area.
  • the feedback data is the data after the business data is processed by the system-level chip.
  • the device after the interface may be a first encryption and decryption device for encryption and decryption operations and a data processing device for data processing.
  • the above process of S102 may be: the first encryption and decryption device writes the first data obtained by decrypting the service data in the first area into the second area of the memory; the data processing device processes the first data The latter second data is written into the third area of the memory; the first encryption and decryption device writes the feedback data encrypted by the second data into the first area of the memory.
  • the access rights of the first area, the second area, and the third area are different.
  • the first area is an unrestricted access area, that is, the first area is a normal area; the second area and the third area are memory access restricted areas.
  • the second area can be processed according to the business data processing flow.
  • the access rights of the third area are configured.
  • the second area may be configured to only support the write operation of the first encryption and decryption device and the read operation of the data processing device
  • the third area may be configured to only support the write operation of the data processing device and the first encryption and decryption device. Read operation of the device.
  • the first area, the second area, and the third area are not necessarily adjacent to each other, and their naming is only to distinguish different areas of the memory.
  • the access rights of the first area, the second area, and the third area can also be configured in other ways.
  • the interface, the first encryption and decryption device, and the data processing device need to be accessed according to the configuration. Permission to access the corresponding area.
  • the encryption and decryption algorithms that can be implemented in the first encryption and decryption device include international algorithm symmetric encryption (AES), asymmetric encryption (DES), public key algorithm (RSA), elliptic curve cryptography (ECC), hash algorithm (HASH), national secret algorithm SM2/3/4 and random numbers, etc.
  • the data processing device is used to implement data processing, such as encoding and decoding of audio and video streams or message processing.
  • the processor of the system-on-chip before the interface of the system-on-chip writes the service data into the first area of the memory, the processor of the system-on-chip is required to configure the first area in the trusted execution environment. Area, second area, and third area access rights.
  • the system-on-chip can control its processor to run in a trusted execution environment, and configure the access rights of the first area, the second area, and the third area in this environment, such as configuration
  • the first area supports access to all host devices of the system-on-chip
  • the second area only supports the write operation of the first encryption and decryption device and the read operation of the data processing device
  • the third area only supports the write operation of the data processing device and the first add The read operation of the decryption device.
  • the configuration of the access authority parameters of the memory only needs to be performed once during the system initialization, and there is no need for the processor to frequently switch from the normal execution environment to the trusted execution environment for the configuration of the access authority parameters, which improves the performance of the system-level chip.
  • Security also avoids system performance degradation caused by repeated switching of the execution environment.
  • the first encryption and decryption device has a built-in OTP (One Time Programmable) memory, and the OTP memory stores a key used by the first encryption and decryption device for decryption or encryption operations.
  • the key is written into the OTP memory by the processor in the trusted execution environment, and cannot be changed after being written.
  • the key can only be read by the first encryption and decryption device, and can only be used inside the first encryption and decryption device, and cannot be accessed by software programs.
  • the first encryption and decryption device decrypts the service data, it needs to read the key from its internal OTP memory, and use the key to decrypt the service data to obtain the first data.
  • the first encryption and decryption device encrypts the second data, it also needs to read the key from its internal OTP memory, and use the key to encrypt the second data to obtain the feedback data.
  • the interface sends the feedback data.
  • the interface reads the processed feedback data from the first area, and sends the feedback data to the external device of the system-level chip to complete the processing of the service data.
  • the data transmission path implemented by the system-on-chip includes: 1. From the interface to the first area of the memory; 2. From the first area to the first area Encryption and decryption device; 3. From the first encryption and decryption device to the second area of the memory; 4. From the second area of the memory to the data processing device; 5. From the data processing device to the third area of the memory; 6. From the memory The third area to the first encryption and decryption device; 7. From the first encryption and decryption device to the first area of the memory; 8. From the first area of the memory to the interface.
  • the second path is configured to only support the writing of the first encryption and decryption device For operation and read operations of the data processing device, other host devices and software programs cannot access this area, ensuring that the path is dedicated and reliable; for the fourth path, configure the second area to be only available for the data processing device The read operation also ensures that the path is dedicated and credible, and the security of the plaintext data in the processing process; for the fifth path, the third area is configured to only support the write operation of the data processing device and For the read operation of the first encryption and decryption device, other host devices and software programs cannot access the area, ensuring that the path is dedicated and reliable; for the sixth path, because the first encryption and de
  • the processor In the process of trusted processing of the entire business data, the processor only configures the access authority parameters of the first area, the second area, and the third area, and cannot participate in the trusted path, that is, the processor cannot access the memory in the Clear text data, thereby isolating the possibility of software programs accessing trusted paths and obtaining clear text data, thereby improving the system-level chip's data security protection level.
  • the interface of the system-on-chip writes the business data into the first area of the memory, and the device after the interface reads the data to be processed in the corresponding area of the memory of the previous device, and then processes it.
  • the device after the interface reads the data to be processed in the corresponding area of the memory of the previous device, and then processes it.
  • the feedback data is written into the first area, and then the interface sends the feedback data; the processor acts as the interface
  • the latter device only has access to the first area.
  • the access permissions of each area of the memory are set, so that the interface of the system-level chip and the device after the interface can only access the designated area in the memory, and cannot access any area of the memory at will;
  • the processor of the system-on-chip only has access to the first area of the memory, and it cannot access other areas of the memory except the first area. That is, the interface of the system-on-chip and the access to the memory of the device after the interface are affected by the access to the memory. Limited, compared with unlimited memory access, it improves the security of memory access, thereby reducing the risk of data leakage.
  • the device after the interface in S102 reads the data to be processed in the memory corresponding area of the previous device, and writes the data to the next area of the memory after processing, which may include:
  • the device after the interface reads the data to be processed in the corresponding area of the memory of the previous device, and obtains the processed data after processing:
  • the memory isolation device receives an access request sent by the device behind the interface, where the access request includes the identity of the device behind the interface and the current access type;
  • the memory isolation device determines that the device after the interface has the write permission for the next area of the memory according to the identity identifier, the current access type, and the currently stored access mapping relationship
  • the device after the interface is allowed to process the processed data.
  • the data is written into the next area
  • the access mapping relationship includes the correspondence between the different areas of the memory and the identity of the access device with the area access authority, and the access type between the different areas and the access device with the area access authority. Correspondence between.
  • the first encryption and decryption device directly reads the data to be processed from the first area of the memory, using The key stored in the OTP memory decrypts the data to be processed to obtain the decrypted data.
  • the first encryption and decryption device writes the decrypted data into the second area
  • the first encryption and decryption device sends an access request to the memory isolation device.
  • the access The request carries the identity of the first encryption and decryption device and the current access type.
  • the current access type includes a read operation or a write operation.
  • the current access type is a write operation.
  • the memory isolation device compares the identity identifier and the current access type with the access mapping relationship stored by itself. If the comparison is successful, it is determined that the first encryption and decryption device has the write permission of the second area, and The first encryption and decryption device is allowed to write the decrypted data in the second area. If the comparison fails, it is determined that the first encryption and decryption device does not have the write permission of the second area, and the first encryption and decryption device is not allowed to write the decrypted data into the second area.
  • the above-mentioned access mapping relationship may be pre-configured in the memory isolation device, or when the system-on-chip is initialized, the access mapping relationship may be configured in the memory isolation device by the processor in a trusted execution environment.
  • the memory isolation device will also receive the read request sent by the device behind the interface, and the read request carries the data after the interface.
  • the memory isolation device determines that the device behind the interface has the read permission of the corresponding area of the memory according to the identity, the current access type, and the currently stored access mapping relationship. Allow the device behind the interface to read the data to be processed from the corresponding area of the memory. If it is determined that the device behind the interface does not have the read permission of the corresponding area of the memory, the device behind the interface is not allowed to read the data to be processed from the corresponding area of the memory.
  • the processor when the device behind the interface is a processor, the processor will also issue an access request to the memory. At this time, since the processor does not have access to other areas of the memory, when the processor issues an access request to the memory When requesting access to the second area or the third area, the memory isolation device compares the processor’s identity and the current access type with the access mapping relationship stored in itself, and then determines that the processor does not have access to the second area and the third area. Access authority, at this time, the processor will deny access to the second and third areas of the memory.
  • the memory isolation device can be used to determine whether it has the access authority of the restricted area, and the device after the interface is determined to have the access Only after the access permission of the restricted area is allowed, the device behind the interface is allowed to access the restricted area, thereby further improving the security of the system-level chip and further reducing the risk of data leakage.
  • the services that need to be processed by the system-on-chip may include services that require memory protection, and may also include services that do not require memory protection.
  • Services with memory protection requirements refer to services that have limited access to memory during business processing
  • services without memory protection requirements refer to services that have unlimited access to memory during business processing.
  • the processing of paid videos can be regarded as a service with memory protection requirements
  • the processing of free videos can be regarded as a service without memory protection requirements.
  • the second encryption and decryption device can be invoked to perform data encryption and decryption processing.
  • the above-mentioned first encryption and decryption device is dedicated to processing services that require memory protection, that is, the system-level chip provides independent computing resources for different services.
  • the memory access method may further include; the second encryption and decryption device obtains the key from the first encryption and decryption device, and uses the key to decrypt the service data to obtain the third Data is written in the first area of the memory.
  • the interface of the system-on-chip, the second encryption and decryption device, and the data processing device all access the first area of the memory, that is, the second encryption and decryption device from the memory
  • the first area reads the business data without memory protection requirements, and obtains the key from the first encryption and decryption device (the key is directly read from the OTP memory by the first encryption and decryption device and passed to the second encryption and decryption device) Device, or the first encryption and decryption device directly reads from the OTP memory and derives a new key and transmits it to the second encryption and decryption device), uses the key to decrypt the service data to obtain the third data, and Three data is written into the first area of the memory.
  • the second encryption and decryption device when used for encryption, the second encryption and decryption device also needs to obtain the key from the first encryption and decryption device, and use the key to encrypt the data to be processed and write it into the first memory of the memory. Area. At the same time, the key is only used inside the second encryption and decryption device, and cannot be accessed by software programs, which also improves the security of the system-level chip.
  • the second encryption and decryption device has a built-in DMA module, so that the second encryption and decryption device can directly read the business data to be processed from the first area of the memory for processing. Switching the execution environment reduces the risk of data leakage during the switching process.
  • the second encryption and decryption device in this embodiment can only access the ordinary area of the memory (that is, the first area), and cannot access the restricted access area of the memory (that is, the second area and the third area); and the above-mentioned first encryption
  • the decryption device can access both the normal area of the memory and the restricted access area of the memory. That is, the first encryption and decryption device can improve the security protection level of data during the process of accessing the memory.
  • the system-level chip when the service to which the service data received by the interface belongs is a service that does not require memory protection, the system-level chip can also perform encryption and decryption operations through the second encryption and decryption device, and the first encryption and decryption device is dedicated to The encryption and decryption operations of services with memory protection requirements are equivalent to that the system-level chip provides independent computing resources for different services, thereby improving the system performance of the system-level chip.
  • FIG. 4 is a schematic structural diagram of a system-on-chip provided by an embodiment of the application.
  • the system-on-chip includes: an interface 10 connected by a bus, a device 11 after the interface, and a memory 12; the interface 10 is configured to write business data into the first area of the memory 12; the device 11 after the interface reads Take the to-be-processed data in the memory corresponding area of the previous device, perform processing and write it into the next area of the memory 12, until the last device reads the to-be-processed data in the memory corresponding area of the previous device, and obtain the result after processing The feedback data is written into the first area; the interface 10 sends the feedback data.
  • the device 11 after the interface includes a processor 13 which only has access rights to the first area.
  • the interface of the system-on-chip writes business data into the first area of the memory, and the device after the interface reads the data to be processed in the corresponding area of the memory of the previous device, and writes it after processing.
  • the feedback data is written into the first area, and then the interface sends the feedback data; the processor acts as the interface
  • the device only has access to the first area.
  • the access permissions of each area of the memory are set, so that the interface of the system-level chip and the device after the interface can only access the designated area in the memory, and cannot access any area of the memory at will;
  • the processor of the system-on-chip only has access to the first area of the memory, and it cannot access other areas of the memory except the first area. That is, the interface of the system-on-chip and the access to the memory of the device after the interface are affected by the access to the memory. Limited, compared with unlimited memory access, it improves the security of memory access, thereby reducing the risk of data leakage.
  • the device after the interface may further include a first encryption and decryption device 14 and a data processing device 15; the first encryption and decryption device 14 decrypts the service data in the first area
  • the obtained first data is written into the second area of the memory 12; the data processing device 15 writes the second data processed by the first data into the third area of the memory 12; the first encryption and decryption device 14 writes The feedback data encrypted by the second data is written into the first area of the memory 12.
  • the first area supports access to all host devices of the system-on-chip
  • the second area only supports the write operation of the first encryption and decryption device 14 and the read operation of the data processing device 15
  • the third area only supports The write operation of the data processing device 15 and the read operation of the first encryption and decryption device 14.
  • the processor 13 configures the access rights of the first area, the second area, and the third area in a trusted execution environment.
  • the first encryption and decryption device 14 stores a key used for decryption or encryption.
  • the system-on-chip further includes: a memory isolation device 16 connected via a bus; the device after the interface reads the data to be processed in the memory corresponding area of the previous device, and the processed data is obtained after processing;
  • the memory isolation device 16 receives the access request sent by the device after the interface, and the access request includes the identity of the device after the interface and the current access type; the memory isolation device 16 according to the identity, the current access type and the currently stored access
  • the mapping relationship determines that the device after the interface has the write permission for the next area of the memory, the device after the interface is allowed to write the processed data into the next area.
  • the access mapping relationship includes the different areas of the memory and the Correspondence between the identities of the access devices with regional access rights, and the corresponding relationships between different areas and the access types of the access devices with regional access rights.
  • the processor 13 configures the access mapping relationship in the memory isolation device 16 in a trusted execution environment.
  • the system-on-chip further includes: a second encryption and decryption device 17 connected via a bus, and the service to which the service data belongs includes a service with memory protection requirements or a service without memory protection requirements; when the service data belongs When the service is a service that does not require memory protection, the second encryption and decryption device 17 obtains the key from the first encryption and decryption device 14, and uses the key to decrypt the service data to obtain the third Data is written in the first area of the memory 12.
  • the first encryption and decryption device 14, the data processing device 15, and the second encryption and decryption device 17 are all provided with a DMA module.
  • the first encryption and decryption device, the data processing device, the memory isolation device, and the second encryption and decryption device in the above-mentioned system-on-chip can be implemented by an application specific integrated circuit (ASIC) or a field programmable gate array (FPGA).
  • ASIC application specific integrated circuit
  • FPGA field programmable gate array
  • the system-on-chip may include an interface 20 connected by a bus, a data processing device 21, and processing The device 22, the memory isolation device 23, the memory 24, the second encryption and decryption device 25 (that is, a general encryption and decryption device for processing services without memory protection requirements), and the first encryption and decryption device 26 (that is, a trust encryption and decryption device, which uses For processing services that require memory protection), the second encryption and decryption device 25 may include a second DMA module 251 and a second encryption and decryption unit 252, and the first encryption and decryption device 26 may include a first DMA module 261 and a first encryption and decryption unit 252. Decryption unit 262, and OTP memory 263.
  • the interface 20 is configured to receive encrypted data outside the system-on-chip, such as encrypted audio and video streams, store it in a common area (ie, the first area) of the memory, and send the processed data to the outside of the system-on-chip.
  • encrypted data outside the system-on-chip such as encrypted audio and video streams
  • the data processing device 21 is configured to implement data processing, such as encoding and decoding of audio and video streams or message processing.
  • the processor 22 is configured to run a software program of a system-level chip, and can support a Trusted Execution Environment (TEE) and a normal execution environment (Rich Execution Environment, REE).
  • TEE Trusted Execution Environment
  • REE Normal execution environment
  • the memory isolation device 23 is configured to divide the memory 24 into a normal area (i.e., a first area) and an access restricted area (i.e., a second area and a third area).
  • the ordinary area can be read and written by any access, including ordinary access and trusted access. Access restricted areas can only be read and written by designated trusted access, and ordinary access is denied.
  • the memory 24 is configured to store data in real time while the system-level chip is running.
  • the bus is configured to connect each host device and slave device of the system-level chip to realize data and control signal transmission.
  • the above-mentioned OTP memory 263 stores information such as the key required by the second encryption and decryption unit or the first encryption and decryption unit, and realizes the storage and management of sensitive information such as the key on the internal hardware of the first encryption and decryption device to ensure a higher level Security.
  • the OTP memory 263 can only be read and written by the first encryption and decryption unit, and the key is only written into the OTP memory 263 in a trusted execution environment, and cannot be changed after being written.
  • Information such as the key required by the first encryption and decryption unit is directly read from the OTP memory by the first encryption and decryption unit, and can only be used inside the first encryption and decryption unit, and cannot be accessed by software.
  • the key and other information required by the second encryption and decryption unit is read or derived from the OTP memory by the first encryption and decryption unit, and then transferred to the second encryption and decryption unit. It can only be used inside the second encryption and decryption unit. Inaccessible.
  • the trusted path of the system-on-chip in the data processing process is as follows.
  • the interface of the system-level chip receives encrypted data from the outside, such as encrypted audio and video, messages and other data, and stores it in the general area of the memory (the first area). All host devices can access the general area. Because the data itself is encrypted, it can be stored in a common area.
  • the first DMA module in the first encryption and decryption device reads the encrypted business data from the general area of the memory, and sends it to the internal first encryption and decryption unit for decryption processing , Get the plaintext data.
  • the decrypted key is directly read from the internal OTP memory, and cannot be accessed by external hardware and software programs.
  • the decryption process is completed inside the first encryption and decryption device, ensuring safety.
  • Access restricted area 1 from the first encryption and decryption device to the memory (ie the second area): the first DMA module writes plaintext data to the restricted access area 1 of the memory, and the memory isolation device restricts access to the memory Area 1 is limited to only the first DMA module can write and only the data processing device can read, and other host devices and software programs cannot access this area. In this way, it is guaranteed that the path is dedicated and credible.
  • the data processing device reads the plaintext data from the access restricted area 1 of the memory, and performs data processing such as encoding and decoding, packet processing, etc. Only the data processing device can read the access restricted area 1, ensuring the security of the plaintext data.
  • Access restricted area 2 from the data processing device to the memory that is, the third area
  • the data processing device writes the processed data into the access restricted area 2 of the memory
  • the memory isolation device puts the memory access restricted area 2 It is limited to only being written by the data processing device and read by the first DMA module, and other host devices and software programs cannot access this area. In this way, it is guaranteed that the path is dedicated and credible.
  • the first DMA module of the first encryption and decryption device reads the plaintext data from the access restricted area 2 of the memory and sends it to the internal first encryption and decryption unit, Do encryption processing to get the encrypted feedback data.
  • the encrypted key is read directly from the OTP memory, and cannot be accessed by external hardware and software programs. The encryption process is completed inside the trusted part to ensure security.
  • the first DMA module From the first encryption and decryption device to the general area of the memory: the first DMA module writes the encrypted feedback data into the general area of the memory.
  • the data itself is encrypted and can be stored in a common area.
  • the interface reads the encrypted feedback data from the common area of the memory and sends it to the device outside the system-level chip.
  • An embodiment of the present application also provides an electronic device, which includes the system-on-chip described in any of the foregoing embodiments.
  • the electronic device may be, for example, a set-top box with audio and video processing functions, a high-density digital video disc (Digital Video Disc, DVD), and a mobile phone.
  • the interface of the system-on-chip writes service data into the first area of the memory, and the device after the interface reads the waiting device in the corresponding area of the memory. Process the data, write it into the next area of the memory after processing, until the last device reads the data to be processed in the corresponding area of the memory of the previous device, and get the feedback data written into the first area after processing, and then the interface sends feedback Data; the device after the processor as the interface only has the access authority of the first area.
  • the access rights of each area of the memory are set, so that the interface of the system-level chip and the device after the interface can only access the designated area in the memory, and cannot access any area of the memory at will;
  • the processor of the system-on-chip only has access rights to the first area of the memory, and it cannot access other areas of the memory except the first area, that is, the interface of the system-on-chip and the access to the memory of the device after the interface are affected by the access to the memory.
  • Limited compared with unlimited memory access, it improves the security of memory access, thereby reducing the risk of data leakage.
  • electronic equipment encompasses any suitable type of user equipment, such as mobile phones, portable data processing devices, portable web browsers, or vehicle-mounted mobile stations.
  • the various embodiments of the present application can be implemented in hardware or dedicated circuits, software or any combination thereof.
  • some aspects may be implemented in hardware, while other aspects may be implemented in firmware or software that may be executed by a controller, microprocessor, or other computing device, although the present application is not limited thereto.
  • Computer program instructions can be assembly instructions, instruction set architecture (ISA) instructions, machine instructions, machine-related instructions, microcode, firmware instructions, state setting data, or source code written in any combination of one or more programming languages or Object code.
  • ISA instruction set architecture
  • the block diagram of any logic flow in the drawings of the present application may represent program steps, or may represent interconnected logic circuits, modules, and functions, or may represent a combination of program steps and logic circuits, modules, and functions.
  • the computer program can be stored on the memory.
  • the memory can be of any type suitable for the local technical environment and can be implemented using any suitable data storage technology, such as but not limited to read only memory (ROM), random access memory (RAM), optical storage devices and systems (digital multi-function optical discs) DVD or CD) etc.
  • Computer-readable media may include non-transitory storage media.
  • the processor can be any type suitable for the local technical environment, such as but not limited to general-purpose computers, special-purpose computers, microprocessors, digital signal processors (DSP), application-specific integrated circuits (ASIC), programmable logic devices (FGPA), and A processor based on a multi-core processor architecture.
  • DSP digital signal processors
  • ASIC application-specific integrated circuits
  • FGPA programmable logic devices

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

本申请实施例提供一种内存访问方法、一种系统级芯片和一种电子设备。所述内存访问方法包括:系统级芯片的接口将业务数据写入内存的第一区域;接口后的装置读取前一装置在内存对应区域中的待处理数据,进行处理后写入内存的下一区域中,直至最后的装置读取前一装置在内存对应区域中的待处理数据,进行处理后得到反馈数据写入第一区域;以及接口发送反馈数据;其中,处理器作为接口后的装置仅具有第一区域的访问权限。

Description

内存访问方法、系统级芯片和电子设备
相关申请的交叉引用
本申请要求于2020年4月8日提交的中国专利申请NO.202010269161.6的优先权,该中国专利申请的内容通过引用的方式整体合并于此。
技术领域
本申请涉及信息技术领域,具体涉及内存访问方法、系统级芯片和电子设备。
背景技术
随着技术的不断发展,系统级芯片(System-on-a-Chip,SoC)的应用越来越广泛。例如,在如机顶盒、手机以及多媒体播放器等各种电子产品的开发过程中,通常会采用SoC,以降低电子产品的开发成本、缩短开发周期以及提高电子产品的竞争力。随着人们信息安全意识的增强,业界对SoC在数据处理过程中的安全防护提出了更高的要求,但是,传统方式对数据的安全防护级别仍较低,数据被泄露的风险仍较高。
公开内容
第一方面,本申请实施例提供一种内存访问方法,应用于系统级芯片,包括:
系统级芯片的接口将业务数据写入内存的第一区域;
接口后的装置读取前一装置在内存对应区域中的待处理数据,进行处理后写入内存的下一区域中,直至最后的装置读取前一装置在内存对应区域中的待处理数据,进行处理后得到反馈数据写入所述第一区域;以及
所述接口发送所述反馈数据;
其中,处理器作为接口后的装置仅具有第一区域的访问权限。
第二方面,本申请实施例提供一种系统级芯片,包括:通过总线连接的接口、接口后的装置和内存;
接口配置为将业务数据写入内存的第一区域;
接口后的装置读取前一装置在内存对应区域中的待处理数据,进行处理后写入内存的下一区域中,直至最后的装置读取前一装置在内存对应区域中的待处理数据,进行处理后得到反馈数据写入所述第一区域;
所述接口发送所述反馈数据;
其中,处理器作为接口后的装置仅具有第一区域的访问权限。
第三方面,本申请实施例提供一种电子设备,包括本申请实施例提供的系统级芯片。
附图说明
图1为本申请实施例提供的内存访问方法的一种流程示意图;
图2为本申请实施例提供的内存访问路径的示意图;
图3为本申请实施例提供的内存访问方法的另一种流程示意图;
图4为本申请实施例提供的系统级芯片的一种结构示意图;
图5为本申请实施例提供的系统级芯片的另一种结构示意图;
图6为本申请实施例提供的系统级芯片的又一种结构示意图。
具体实施方式
为使本申请的目的、技术方案和优点更加清楚明白,下文中将结合附图对本申请的实施例进行详细说明。需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互任意组合。
本申请实施例中的系统级芯片中涉及两种装置:主机装置和从机装置,其中,主机装置是指系统级芯片中能够主动发出读写命令的设备,比如,处理器、内置有直接内存访问(Direct Memory Access,DMA)模块的设备等;从机装置是指系统级芯片中不能主动发出读写 命令,而只能被动接收读写命令的设备,比如,存储器(内存)等。
需要说明的是,下述方法实施例的执行主体可以是内存访问装置,该装置可以通过软件、硬件或者软件和硬件结合的方式实现成为上述系统级芯片的部分或者全部。下述方法实施例以执行主体是系统级芯片为例进行说明。
图1为本申请实施例提供的内存访问方法的一种流程示意图。如图1所示,本实施例涉及的是系统级芯片中的各个主机装置如何对内存进行访问的具体过程,如图1所示,该方法可以包括以下步骤S101至S103。
S101、系统级芯片的接口将业务数据写入内存的第一区域。
具体的,接口用于连接系统级芯片的外部设备,该外部设备可以为输入/输出设备,例如,输入/输出设备可以为数据采集传感器、触摸屏或显示器等。另外,该接口可以为I2C接口、移动产业处理器接口(Mobile Industry Processor Interface,MIPI)、以太网接口或者可以与外部设备连接的其他总线接口。当需要进行业务处理时,系统级芯片的接口可以接收外部设备发送的业务数据,并通过其内置的DMA模块将业务数据写入内存的第一区域中。业务数据为待处理的加密数据,如加密的视频流。上述第一区域支持系统级芯片的所有主机装置的访问,即第一区域为访问不受限的普通区域。内存的其它区域为访问受限区域,即仅能由指定的主机装置进行访问,未被指定具有访问权限的主机装置无法对其进行访问。内存的访问包括对内存进行读操作或者写操作。
在实际应用中,为了提高系统级芯片对数据的安全防护级别,可以预先将系统级芯片的内存划分为多个区域,每个区域的大小以及每个区域的起始地址和终止地址可以根据实际存储需求进行配置。当然,为了进一步提高系统级芯片的安全性,即提高系统级芯片对数据的安全防护级别,处理器可以在可信执行环境下对内存进行区域的划分。
S102、接口后的装置读取前一装置在内存对应区域中的待处理数据,进行处理后写入内存的下一区域中,直至最后的装置读取前一 装置在内存对应区域中的待处理数据,进行处理后得到反馈数据写入所述第一区域。
具体的,接口后的装置主要是指系统级芯片的主机装置,其会参与到业务数据的处理过程中,即参与业务数据处理的主机装置均为接口后的装置。例如,业务数据处理过程中会涉及到加解密、编解码操作等,对此,接口后的装置可以包括加解密装置、编解码装置和处理器等。当然,若业务数据处理过程中还涉及其它处理过程,接口后的装置还可以包括对应功能的装置,本实施例在此不做限定。另外,处理器作为接口后的装置,系统级芯片限定处理器仅具有第一区域的访问权限,其不具有内存中其它区域的访问权限,从而避免处理器中运行的软件程序对内存的其它区域的访问,进而避免数据被泄露。
为了避免数据处理过程中的明文数据被泄露,明文数据不允许被写入第一区域(即普通区域),需要写入到内存的其它区域中。而其它区域为访问受限区域,只允许指定的装置进行访问。为此,接口后的装置对内存的访问过程可以为:按照业务数据的处理过程,接口后的首个装置读取接口写入内存对应区域中的待处理数据,对其进行处理后写入内存的下一区域中,然后下一个装置读取首个装置写入内存对应区域中的待处理数据,进行处理后写入内存的再下一区域中,直至最后一个装置读取前一装置在内存对应区域中的待处理数据,进行处理后得到最终的反馈数据写入第一区域中。反馈数据为业务数据经过系统级芯片处理后的数据。
在一些实施方式中,接口后的装置可以为用于加解密操作的第一加解密装置和用于数据处理的数据处理装置。针对此情况,上述S102的过程可以为:第一加解密装置将所述第一区域中的业务数据解密得到的第一数据写入所述内存的第二区域;数据处理装置将第一数据处理后的第二数据写入所述内存的第三区域;所述第一加解密装置将所述第二数据加密后的反馈数据写入所述内存的第一区域。
第一区域、第二区域以及第三区域的访问权限不同。第一区域为访问不受限区域,即第一区域为普通区域;第二区域以及第三区域为内存的访问受限区域,在实际应用中,可以按照业务数据的处理流 程,对第二区域以及第三区域的访问权限进行配置。在一些实施方式中,可以将第二区域配置为仅支持第一加解密装置的写操作以及数据处理装置的读操作,将第三区域配置为仅支持数据处理装置的写操作以及第一加解密装置的读操作。第一区域、第二区域以及第三区域并非必须是相互相邻的区域,其命名仅是为了区分内存的不同区域。当然,也可以按照其它方式配置第一区域、第二区域以及第三区域的访问权限,对此,在业务数据的处理过程中,接口、第一加解密装置以及数据处理装置需要按照配置的访问权限对对应的区域进行访问。上述第一加解密装置中可实现的加密以及解密算法包括国际算法对称加密(AES)、非对称加密(DES)、公共密钥算法(RSA)、椭圆曲线密码编码学(ECC)、哈希算法(HASH)、国密算法SM2/3/4以及随机数等。该数据处理装置用于实现数据处理,如音视频流的编解码或者报文的处理等。
为了进一步提高系统级芯片的安全性,在一些实施方式中,在系统级芯片的接口将业务数据写入内存的第一区域之前,需要系统级芯片的处理器在可信执行环境下配置第一区域、第二区域以及第三区域的访问权限。
在系统级芯片上电初始化时,系统级芯片可以控制其处理器运行在可信执行环境下,并在该环境下对第一区域、第二区域以及第三区域的访问权限进行配置,比如配置第一区域支持系统级芯片的所有主机装置的访问、第二区域仅支持第一加解密装置的写操作以及数据处理装置的读操作、第三区域仅支持数据处理装置的写操作以及第一加解密装置的读操作。这样,仅在系统初始化时进行一次内存的访问权限参数的配置即可,不需要处理器频繁地从普通执行环境切换到可信执行环境下进行访问权限参数的配置,既提高了系统级芯片的安全性,也避免了反复进行执行环境的切换造成系统性能的下降。
另外,第一加解密装置内置有OTP(One Time Programmable)存储器,该OTP存储器中存储有第一加解密装置进行解密或者加密操作时所使用的密钥。该密钥是处理器在可信执行环境中写入OTP存储器中,且写入后无法更改。同时,该密钥仅能被第一加解密装置读取, 且仅能在第一加解密装置内部使用,软件程序无法访问。对此,第一加解密装置在对业务数据进行解密时,需要从自身内部的OTP存储器中读取密钥,使用该密钥对业务数据进行解密得到第一数据。相应地,第一加解密装置在对第二数据进行加密时,也需要从自身内部的OTP存储器中读取密钥,使用该密钥对第二数据进行加密得到反馈数据。
S103、所述接口发送所述反馈数据。
具体的,接口从第一区域中读取处理后的反馈数据,并将反馈数据发送至系统级芯片的外部设备,以完成业务数据的处理过程。
从上述整个系统级芯片的业务数据处理流程来看,如图2所示,系统级芯片实现的数据传输路径包括:1、从接口到内存的第一区域;2、从第一区域到第一加解密装置;3、从第一加解密装置到内存的第二区域;4、从内存的第二区域到数据处理装置;5、从数据处理装置到内存的第三区域;6、从内存的第三区域到第一加解密装置;7、从第一加解密装置到内存的第一区域;8、从内存的第一区域到接口。
对于第1条路径,由于业务数据本身是加密的,因此该条路径为可信路径;对于第2条路径,由于第一加解密装置对业务数据进行解密时所采用的密钥是直接从自身内部的OTP存储器处读取,外部硬件以及软件程序无法访问该OTP存储器,因此,保证了解密过程的安全性;对于第3条路径,将第二区域配置为仅支持第一加解密装置的写操作以及数据处理装置的读操作,其它主机装置和软件程序均不能访问该区域,保证了该路径是专用的,可信的;对于第4条路径,将第二区域配置为仅数据处理装置才能进行读操作,也保证了该路径是专用的、可信的,保证了处理过程中的明文数据的安全性;对于第5条路径,将第三区域配置为仅支持数据处理装置的写操作以及第一加解密装置的读操作,其它主机装置和软件程序均不能访问该区域,保证了该路径是专用的,可信的;对于第6条路径,由于第一加解密装置对明文数据进行加密时所采用的密钥是直接从自身内部的OTP存储器处读取,外部硬件以及软件程序无法访问该OTP存储器,因此,保证了明文数据加密过程的安全性;对于第7条路径,由于加密后得到的反馈数据本身是加密的,因此,存放到第一区域即可;对于第8 条路径,接口从第一区域中读取的也是加密后的反馈数据,因此该条路径为可信路径。
在整个业务数据的可信处理过程中,处理器仅是进行第一区域、第二区域以及第三区域的访问权限参数的配置,无法参与到可信路径中,即处理器无法访问内存中的明文数据,从而隔绝了软件程序访问可信路径以及获取明文数据的可能性,进而提高了系统级芯片对数据的安全防护级别。
本申请实施例提供的内存的访问方法中,系统级芯片的接口将业务数据写入内存的第一区域,接口后的装置读取前一装置在内存对应区域中的待处理数据,进行处理后写入内存的下一区域中,直至最后的装置读取前一装置在内存对应区域中的待处理数据,进行处理后得到反馈数据写入第一区域,然后接口发送反馈数据;处理器作为接口后的装置仅具有第一区域的访问权限。在系统级芯片的整个数据处理过程中,设置了内存的各个区域的访问权限,使得系统级芯片的接口以及接口后的装置仅能访问内存中所指定的区域,不能随意访问内存的任意区域;同时,系统级芯片的处理器仅具有内存的第一区域的访问权限,其不能访问内存中除第一区域以外的其它区域,即系统级芯片的接口以及接口后的装置对内存的访问是受限的,相比不受限的内存访问方式,提高了对内存访问的安全性,从而降低了数据泄露的风险。
在实际应用中,为了进一步提高系统级芯片的安全性,还可以在对内存的访问受限区域(如上述的第二区域和第三区域)进行访问前,通过内存隔离装置判断当前来访的主机装置是否具有访问受限区域的访问权限,在确定其具有访问受限区域的访问权限后,才允许该主机装置进行访问。在一些实施方式中,如图3所示,上述S102中的接口后的装置读取前一装置在内存对应区域中的待处理数据,进行处理后写入内存的下一区域中可以包括:
S201、接口后的装置读取前一装置在内存对应区域中的待处理数据,进行处理后得到处理后的数据∶
S202、内存隔离装置接收接口后的装置发送的访问请求,所述 访问请求包括接口后的装置的身份标识以及当前访问类型;
S203、在内存隔离装置根据所述身份标识、当前访问类型以及当前存储的访问映射关系确定所述接口后的装置具有内存的下一区域的写入权限后,允许接口后的装置将处理后的数据写入下一区域中,所述访问映射关系包括内存的不同区域与具有区域访问权限的访问装置的身份标识之间的对应关系、以及不同区域与具有区域访问权限的访问装置的访问类型之间的对应关系。
以接口后的装置为第一加解密装置为例,由于第一区域为访问不受限的普通区域,因此,第一加解密装置直接从内存的第一区域中读取待处理的数据,采用OTP存储器中存储的密钥对待处理的数据进行解密得到解密数据,第一加解密装置在将解密数据写入第二区域时,第一加解密装置向内存隔离装置发送访问请求,此时,访问请求中携带第一加解密装置的身份标识和当前访问类型。当前访问类型包括读操作或者写操作,由于第一加解密装置此时是向第二区域中写数据,因此,当前访问类型为写操作。内存隔离装置在接收到访问请求后,将身份标识和当前访问类型与自身存储的访问映射关系进行比对,若比对成功,则确定第一加解密装置具有第二区域的写入权限,并允许第一加解密装置将解密数据写入第二区域中。若比对失败,则确定第一加解密装置不具有第二区域的写入权限,不允许第一加解密装置将解密数据写入第二区域中。上述访问映射关系可以预先配置在内存隔离装置中,也可以在系统级芯片初始化时,由处理器在可信执行环境下将该访问映射关系配置到内存隔离装置中。
当然,当接口后的装置在读取前一装置在内存对应区域中的待处理数据时,内存隔离装置也会接收该接口后的装置发送的读取请求,此读取请求中携带该接口后的装置的身份标识和当前访问类型(读操作),内存隔离装置根据该身份标识、当前访问类型以及当前存储的访问映射关系,确定该接口后的装置具有该内存对应区域的读取权限后,允许接口后的装置从该内存对应区域读取待处理数据。若确定该接口后的装置不具有该内存对应区域的读取权限,则不允许该接口后的装置从该内存对应区域读取待处理数据。
尤其注意的是,当接口后的装置为处理器时,处理器也会发出对内存的访问请求,此时由于处理器不具有内存的其它区域的访问权限,因此,当处理器发出对内存的第二区域或者第三区域的访问请求时,内存隔离装置将处理器的身份标识和当前访问类型与自身存储的访问映射关系进行比对后,确定处理器不具有第二区域以及第三区域的访问权限,此时会拒绝处理器对内存的第二区域以及第三区域的访问。
在本实施例中,在接口后的装置对内存中的访问受限区域进行访问时,可以通过内存隔离装置判断其是否具有该访问受限区域的访问权限,在确定接口后的装置具有该访问受限区域的访问权限后,才允许该接口后的装置访问该访问受限区域,从而进一步提高了系统级芯片的安全性,进一步降低了数据泄露的风险。
在实际应用中,需要系统级芯片处理的业务可以包括有内存保护要求的业务,也可以包括无内存保护要求的业务。有内存保护要求的业务是指在业务处理过程中对内存的访问有限制的业务,无内存保护要求的业务是指在业务处理过程中对内存的访问无限制的业务。例如,对付费视频的处理可以认为是有内存保护要求的业务,对免费视频的处理可以认为是无内存保护要求的业务。当接口接收到的业务数据所属的业务为无内存保护要求的业务时,为了提高系统级芯片的处理性能,可以通过调用第二加解密装置进行数据的加解密处理。而上述第一加解密装置被专用于处理有内存保护要求的业务,即系统级芯片为不同的业务提供了独立的运算资源。针对此情况,所述内存访问方法还可以包括;第二加解密装置从第一加解密装置处获取所述密钥,并将采用所述密钥对所述业务数据进行解密后得到的第三数据写入所述内存的第一区域中。
对于无内存保护要求的业务来说,在整个数据的处理过程中,系统级芯片的接口、第二加解密装置以及数据处理装置均访问内存的第一区域,即第二加解密装置从内存的第一区域读取该无内存保护要求的业务数据,并从第一加解密装置处获取密钥(该密钥由第一加解密装置从OTP存储器中直接读取出并传递给第二加解密装置,或者由 第一加解密装置从OTP存储器中直接读取后派生一个新的密钥并传递给第二加解密装置),利用该密钥对业务数据进行解密得到第三数据,并将第三数据写入内存的第一区域中。相应地,在采用第二加解密装置进行加密时,第二加解密装置也需要从第一加解密装置处获取密钥,并利用该密钥对待处理数据进行加密处理后写入内存的第一区域中。与此同时,该密钥仅在第二加解密装置内部使用,软件程序无法访问,也提高了系统级芯片的安全性。另外,第二加解密装置中内置有DMA模块,使得第二加解密装置可以直接从内存的第一区域中读取待处理的业务数据进行处理,不需要处理器搬运数据,避免了处理器频繁进行执行环境的切换,降低了切换过程中的数据被泄露的风险。
另外,本实施例中的第二加解密装置仅能访问内存的普通区域(即第一区域),无法访问内存的访问受限区域(即第二区域和第三区域);而上述第一加解密装置既能够访问内存的普通区域,又可以访问内存的访问受限区域,即第一加解密装置在对内存的访问过程中,可以提升数据的安全防护级别。
在本实施例中,当接口接收到的业务数据所属的业务为无内存保护要求的业务时,系统级芯片还可以通过第二加解密装置进行加解密运算,而第一加解密装置被专用于有内存保护要求的业务的加解密运算,即相当于系统级芯片为不同的业务提供了独立的运算资源,从而提高了系统级芯片的系统性能。
图4为本申请实施例提供的一种系统级芯片的结构示意图。如图4所示,该系统级芯片包括:通过总线连接的接口10、接口后的装置11和内存12;接口10配置为将业务数据写入内存12的第一区域;接口后的装置11读取前一装置在内存对应区域中的待处理数据,进行处理后写入内存12的下一区域中,直至最后的装置读取前一装置在内存对应区域中的待处理数据,进行处理后得到反馈数据写入所述第一区域;所述接口10发送所述反馈数据。
在一些实施方式中,所述接口后的装置11包括处理器13,其仅具有第一区域的访问权限。
本申请实施例提供的系统级芯片中,系统级芯片的接口将业务 数据写入内存的第一区域,接口后的装置读取前一装置在内存对应区域中的待处理数据,进行处理后写入内存的下一区域中,直至最后的装置读取前一装置在内存对应区域中的待处理数据,进行处理后得到反馈数据写入第一区域,然后接口发送反馈数据;处理器作为接口后的装置仅具有第一区域的访问权限。在系统级芯片的整个数据处理过程中,设置了内存的各个区域的访问权限,使得系统级芯片的接口以及接口后的装置仅能访问内存中所指定的区域,不能随意访问内存的任意区域;同时,系统级芯片的处理器仅具有内存的第一区域的访问权限,其不能访问内存中除第一区域以外的其它区域,即系统级芯片的接口以及接口后的装置对内存的访问是受限的,相比不受限的内存访问方式,提高了对内存访问的安全性,从而降低了数据泄露的风险。
在一些实施方式中,如图5所示,所述接口后的装置还可包括第一加解密装置14和数据处理装置15;第一加解密装置14将所述第一区域中的业务数据解密得到的第一数据写入所述内存12的第二区域;数据处理装置15将第一数据处理后的第二数据写入所述内存12的第三区域;所述第一加解密装置14将所述第二数据加密后的反馈数据写入所述内存12的第一区域。
在一些实施方式中,所述第一区域支持系统级芯片的所有主机装置的访问、第二区域仅支持第一加解密装置14的写操作以及数据处理装置15的读操作、第三区域仅支持数据处理装置15的写操作以及第一加解密装置14的读操作。
在一些实施方式中,处理器13在可信执行环境下配置所述第一区域、第二区域以及第三区域的访问权限。
在一些实施方式中,所述第一加解密装置14中存储有解密或者加密时所使用的密钥。
在一些实施方式中,该系统级芯片还包括:通过总线连接的内存隔离装置16;接口后的装置读取前一装置在内存对应区域中的待处理数据,进行处理后得到处理后的数据;内存隔离装置16接收接口后的装置发送的访问请求,所述访问请求包括接口后的装置的身份标识以及当前访问类型;在内存隔离装置16根据所述身份标识、当 前访问类型以及当前存储的访问映射关系确定所述接口后的装置具有内存的下一区域的写入权限后,允许接口后的装置将处理后的数据写入下一区域中,所述访问映射关系包括内存的不同区域与具有区域访问权限的访问装置的身份标识之间的对应关系、以及不同区域与具有区域访问权限的访问装置的访问类型之间的对应关系。
在一些实施方式中,在系统级芯片初始化时,处理器13在可信执行环境下将所述访问映射关系配置到内存隔离装置16中。
在一些实施方式中,该系统级芯片还包括:通过总线连接的第二加解密装置17,所述业务数据所属的业务包括有内存保护要求的业务或者无内存保护要求的业务;当业务数据所属的业务为无内存保护要求的业务时,第二加解密装置17从第一加解密装置14处获取所述密钥,并将采用所述密钥对所述业务数据进行解密后得到的第三数据写入所述内存12的第一区域中。
在一些实施方式中,所述第一加解密装置14、所述数据处理装置15以及所述第二加解密装置17中均设置有DMA模块。
在实际应用中,上述系统级芯片中的第一加解密装置、数据处理装置、内存隔离装置以及第二加解密装置均可由专用集成电路(ASIC)或者现场可编程门阵列(FPGA)实现。
为了便于本领域技术人员的理解,以图6为例具体介绍本申请实施例所述的系统级芯片,参见图6,该系统级芯片可以包括通过总线连接的接口20、数据处理装置21、处理器22、内存隔离装置23、内存24、第二加解密装置25(即通用加解密装置,用于处理无内存保护要求的业务)和第一加解密装置26(即可信加解密装置,用于处理有内存保护要求的业务),第二加解密装置25中可以包括第二DMA模块251和第二加解密单元252,第一加解密装置26中可以包括第一DMA模块261、第一加解密单元262、以及OTP存储器263。
接口20配置为接收系统级芯片外部的加密数据,如加密音视频流,存放到内存的普通区域(即第一区域)以及发送处理后的数据到系统级芯片外部。
数据处理装置21配置为实现数据处理,如音视频流的编解码或 者报文的处理等。
处理器22配置为运行系统级芯片的软件程序,可以支持可信执行环境(Trusted Execution Environment,TEE)、普通执行环境(Rich Execution Environment,REE)。
内存隔离装置23配置为把内存24划分为普通区域(即第一区域)和访问受限区域(即第二区域和第三区域)。普通区域可以被任何访问读写,包括普通访问和可信访问。访问受限区域仅能够被指定的可信访问读写,拒绝普通访问。
内存24配置为系统级芯片运行时实时存储数据。
总线配置为连接系统级芯片的各个主机装置和从机装置,实现数据、控制信号传输。
上述OTP存储器263中存放第二加解密单元或第一加解密单元所需的密钥等信息,在第一加解密装置的内部硬件上实现密钥等敏感信息的存储和管理,保证更高级别的安全性。OTP存储器263只能被第一加解密单元读写,且密钥仅在可信执行环境下被写入OTP存储器263中,同时写入后不能更改。第一加解密单元所需的密钥等信息,由第一加解密单元直接从OTP存储器中读出,只能在第一加解密单元内部使用,软件上无法访问。第二加解密单元所需的密钥等信息,由第一加解密单元从OTP存储器中读出或派生,再传递给第二加解密单元,只能在第二加解密单元内部使用,软件上无法访问。
该系统级芯片在数据处理过程中的可信路径如下。
1、从接口到内存的普通区域:系统级芯片的接口从外部接收加密的数据,如加密音视频、报文等数据,并存放到内存的普通区域(即第一区域)。所有主机装置都可以访问普通区域。因为数据本身是加密的,所以存到普通区域即可。
2、从内存的普通区域到第一加解密装置:第一加解密装置中的第一DMA模块从内存的普通区域读取加密的业务数据,送给内部的第一加解密单元,做解密处理,得到明文数据。解密的密钥直接从内部的OTP存储器中读取,外部硬件及软件程序无法访问。解密的过程在第一加解密装置内部完成,保证了安全性。
3、从第一加解密装置到内存的访问受限区域1(即第二区域):第一DMA模块把明文数据写入到内存的访问受限区域1,内存隔离装置把内存的访问受限区域1限定为只能第一DMA模块写入、只能数据处理装置读取,其它主机装置和软件程序均不能访问该区域。这样,保证了该路径是专用的、可信的。
4、从内存的访问受限区域1到数据处理装置:数据处理装置从内存的访问受限区域1读取明文数据,做编解码、报文包处理等数据处理。只有数据处理装置才能读取访问受限区域1,保证了明文数据的安全。
5、从数据处理装置到内存的访问受限区域2(即第三区域);数据处理装置把处理后的数据写入内存的访问受限区域2,内存隔离装置把内存的访问受限区域2限定为只能数据处理装置写入、第一DMA模块读取,其它主机装置和软件程序均不能访问该区域。这样,保证了该路径是专用的、可信的。
6、从内存的访问受限区域2到第一加解密装置:第一加解密装置的第一DMA模块从内存的访问受限区域2读取明文数据,送给内部的第一加解密单元,做加密处理,得到加密后的反馈数据。加密的密钥直接从OTP存储器中读取,外部硬件及软件程序无法访问。加密的过程在可信部分内部完成,保证了安全性。
7、从第一加解密装置到内存的普通区域:第一DMA模块把加密后的反馈数据写入到内存的普通区域。数据本身是加密的,存到普通区域即可。
8、从内存的普通区域到接口:接口从内存的普通区域读取加密后的反馈数据,发送到系统级芯片外部的设备。
本申请实施例还提供了一种电子设备,该电子设备包括上述任一实施例所述的系统级芯片。
电子设备可以为如具有音视频处理功能的机顶盒、高密度数字视频光盘(Digital Video Disc,DVD)以及手机等。
本申请实施例提供的内存访问方法、系统级芯片和电子设备中,系统级芯片的接口将业务数据写入内存的第一区域,接口后的装置读 取前一装置在内存对应区域中的待处理数据,进行处理后写入内存的下一区域中,直至最后的装置读取前一装置在内存对应区域中的待处理数据,进行处理后得到反馈数据写入第一区域,然后接口发送反馈数据;处理器作为接口后的装置仅具有第一区域的访问权限。在系统级芯片的整个数据处理过程中,设置了内存的各个区域的访问权限,使得系统级芯片的接口以及接口后的装置仅能访问内存中所指定的区域,不能随意访问内存的任意区域;同时,系统级芯片的处理器仅具有内存的第一区域的访问权限,其不能访问内存中除第一区域以外的其它区域,即系统级芯片的接口以及接口后的装置对内存的访问是受限的,相比不受限的内存访问方式,提高了对内存访问的安全性,从而降低了数据泄露的风险。
以上所述,仅为本申请的示例性实施例而已,并非用于限定本申请的保护范围。
本领域内的技术人员应明白,术语电子设备涵盖任何适合类型的用户设备,例如移动电话、便携数据处理装置、便携网络浏览器或车载移动台。
一般来说,本申请的多种实施例可以在硬件或专用电路、软件或其任何组合中实现。例如,一些方面可以被实现在硬件中,而其它方面可以被实现在可以被控制器、微处理器或其它计算装置执行的固件或软件中,尽管本申请不限于此。
本申请的实施例的部分可以通过处理器执行计算机程序指令来实现,例如在处理器实体中,或者通过硬件,或者通过软件和硬件的组合。计算机程序指令可以是汇编指令、指令集架构(ISA)指令、机器指令、机器相关指令、微代码、固件指令、状态设置数据、或者以一种或多种编程语言的任意组合编写的源代码或目标代码。
本申请附图中的任何逻辑流程的框图可以表示程序步骤,或者可以表示相互连接的逻辑电路、模块和功能,或者可以表示程序步骤与逻辑电路、模块和功能的组合。计算机程序可以存储在存储器上。存储器可以具有任何适合于本地技术环境的类型并且可以使用任何适合的数据存储技术实现,例如但不限于只读存储器(ROM)、随机 访问存储器(RAM)、光存储器装置和系统(数码多功能光碟DVD或CD光盘)等。计算机可读介质可以包括非瞬时性存储介质。处理器可以是任何适合于本地技术环境的类型,例如但不限于通用计算机、专用计算机、微处理器、数字信号处理器(DSP)、专用集成电路(ASIC)、可编程逻辑器件(FGPA)以及基于多核处理器架构的处理器。
通过示范性和非限制性的示例,上文已提供了对本申请的示范实施例的详细描述。但结合附图和权利要求来考虑,对以上实施例的多种修改和调整对本领域技术人员来说是显而易见的,其不偏离本申请的范围。因此,本申请的恰当范围将根据权利要求确定。

Claims (18)

  1. 一种内存访问方法,其特征在于,应用于系统级芯片,包括:
    系统级芯片的接口将业务数据写入内存的第一区域;
    接口后的装置读取前一装置在内存对应区域中的待处理数据,进行处理后写入内存的下一区域中,直至最后的装置读取前一装置在内存对应区域中的待处理数据,进行处理后得到反馈数据写入所述第一区域:以及
    所述接口发送所述反馈数据;
    其中,处理器作为接口后的装置仅具有第一区域的访问权限。
  2. 根据权利要求1所述的方法,其中,所述接口后的装置读取前一装置在内存对应区域中的待处理数据,进行处理后写入内存的下一区域中,直至最后的装置读取前一装置在内存对应区域中的待处理数据,进行处理后得到反馈数据写入所述第一区域,包括:
    第一加解密装置将所述第一区域中的业务数据解密得到的第一数据写入所述内存的第二区域;
    数据处理装置将第一数据处理后的第二数据写入所述内存的第三区域;以及
    所述第一加解密装置将所述第二数据加密后的反馈数据写入所述内存的第一区域。
  3. 根据权利要求2所述的方法,其中,所述第一区域支持系统级芯片的所有主机装置的访问、第二区域仅支持第一加解密装置的写操作以及数据处理装置的读操作、第三区域仅支持数据处理装置的写操作以及第一加解密装置的读操作。
  4. 根据权利要求3所述的方法,还包括:
    在所述系统级芯片的接口将业务数据写入内存的第一区域之前,处理器在可信执行环境下配置所述第一区域、第二区域以及第三区域 的访问权限。
  5. 根据权利要求2所述的方法,其中,所述第一加解密装置中存储有解密或者加密时所使用的密钥。
  6. 根据权利要求1至5中任一项所述的方法,其中,所述接口后的装置读取前一装置在内存对应区域中的待处理数据,进行处理后写入内存的下一区域中,包括:
    接口后的装置读取前一装置在内存对应区域中的待处理数据,进行处理后得到处理后的数据;
    内存隔离装置接收接口后的装置发送的访问请求,所述访问请求包括接口后的装置的身份标识以及当前访问类型;以及
    在内存隔离装置根据所述身份标识、当前访问类型以及当前存储的访问映射关系确定所述接口后的装置具有内存的下一区域的写入权限后,允许接口后的装置将处理后的数据写入下一区域中,其中,所述访问映射关系包括内存的不同区域与具有区域访问权限的访问装置的身份标识之间的对应关系、以及不同区域与具有区域访问权限的访问装置的访问类型之间的对应关系。
  7. 根据权利要求6所述的方法,还包括:
    在系统级芯片初始化时,处理器在可信执行环境下将所述访问映射关系配置到内存隔离装置中。
  8. 根据权利要求5所述的方法,其中,所述业务数据所属的业务包括有内存保护要求的业务或者无内存保护要求的业务,当业务数据所属的业务为无内存保护要求的业务时,所述方法还包括:
    第二加解密装置从第一加解密装置处获取所述密钥,并将采用所述密钥对所述业务数据进行解密后得到的第三数据写入所述内存的第一区域中。
  9. 一种系统级芯片,包括:通过总线连接的接口、接口后的装置和内存;
    接口配置为将业务数据写入内存的第一区域;
    接口后的装置读取前一装置在内存对应区域中的待处理数据,进行处理后写入内存的下一区域中,直至最后的装置读取前一装置在内存对应区域中的待处理数据,进行处理后得到反馈数据写入所述第一区域;
    所述接口发送所述反馈数据;
    其中,处理器作为接口后的装置仅具有第一区域的访问权限。
  10. 根据权利要求9所述的系统级芯片,其中,所述接口后的装置包括第一加解密装置和数据处理装置;
    第一加解密装置将所述第一区域中的业务数据解密得到的第一数据写入所述内存的第二区域;
    数据处理装置将第一数据处理后的第二数据写入所述内存的第三区域;以及
    所述第一加解密装置将所述第二数据加密后的反馈数据写入所述内存的第一区域。
  11. 根据权利要求10所述的系统级芯片,其中,所述第一区域支持系统级芯片的所有主机装置的访问、第二区域仅支持第一加解密装置的写操作以及数据处理装置的读操作、第三区域仅支持数据处理装置的写操作以及第一加解密装置的读操作。
  12. 根据权利要求11所述的系统级芯片,其中,处理器在可信执行环境下配置所述第一区域、第二区域以及第三区域的访问权限。
  13. 根据权利要求10所述的系统级芯片,其中,所述第一加解密装置中存储有解密或者加密时所使用的密钥。
  14. 根据权利要求9至13中任一项所述的系统级芯片,还包括:通过总线连接的内存隔离装置;
    接口后的装置读取前一装置在内存对应区域中的待处理数据,进行处理后得到处理后的数据;
    内存隔离装置接收接口后的装置发送的访问请求,所述访问请求包括接口后的装置的身份标识以及当前访问类型;以及
    在内存隔离装置根据所述身份标识、当前访问类型以及当前存储的访问映射关系确定所述接口后的装置具有内存的下一区域的写入权限后,允许接口后的装置将处理后的数据写入下一区域中,其中,所述访问映射关系包括内存的不同区域与具有区域访问权限的访问装置的身份标识之间的对应关系、以及不同区域与具有区域访问权限的访问装置的访问类型之间的对应关系。
  15. 根据权利要求14所述的系统级芯片,其中,在系统级芯片初始化时,处理器在可信执行环境下将所述访问映射关系配置到内存隔离装置中。
  16. 根据权利要求13所述的系统级芯片,还包括:通过总线连接的第二加解密装置,所述业务数据所属的业务包括有内存保护要求的业务或者无内存保护要求的业务;
    当业务数据所属的业务为无内存保护要求的业务时,第二加解密装置从第一加解密装置处获取所述密钥,并将采用所述密钥对所述业务数据进行解密后得到的第三数据写入所述内存的第一区域中。
  17. 根据权利要求16所述的系统级芯片,其中,所述第一加解密装置、所述数据处理装置以及所述第二加解密装置中均设置有直接内存访问模块。
  18. 一种电子设备,包括如权利要求9至17中任一项所述的系统级芯片。
PCT/CN2021/000066 2020-04-08 2021-04-08 内存访问方法、系统级芯片和电子设备 WO2021203767A1 (zh)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP21784583.3A EP4134845A4 (en) 2020-04-08 2021-04-08 MEMORY ACCESS METHOD, SYSTEM ON A CHIP AND ELECTRONIC DEVICE

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202010269161.6A CN113496016A (zh) 2020-04-08 2020-04-08 一种内存的访问方法、系统级芯片和电子设备
CN202010269161.6 2020-04-08

Publications (1)

Publication Number Publication Date
WO2021203767A1 true WO2021203767A1 (zh) 2021-10-14

Family

ID=77995784

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/000066 WO2021203767A1 (zh) 2020-04-08 2021-04-08 内存访问方法、系统级芯片和电子设备

Country Status (3)

Country Link
EP (1) EP4134845A4 (zh)
CN (1) CN113496016A (zh)
WO (1) WO2021203767A1 (zh)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115514484A (zh) * 2022-11-22 2022-12-23 国开启科量子技术(北京)有限公司 数字证书请求在线发送方法、数字证书在线颁发方法

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114785512A (zh) * 2022-03-03 2022-07-22 瑞芯微电子股份有限公司 处理安全密钥的方法和装置及电子设备
CN118070298A (zh) * 2022-12-20 2024-05-24 深圳市速腾聚创科技有限公司 芯片的数据访问方法、装置、设备和计算机可读存储介质

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180032448A1 (en) * 2013-08-20 2018-02-01 Synopsys, Inc. Guarded Memory Access in a Multi-Thread Safe System Level Modeling Simulation
CN108369629A (zh) * 2015-12-15 2018-08-03 大陆-特韦斯贸易合伙股份公司及两合公司 微控制器系统和用于在微控制器系统中控制内存访问的方法
CN108460287A (zh) * 2018-03-21 2018-08-28 南通大学 内存保护单元中用户控制区域的划分方法及内存保护系统
CN110929304A (zh) * 2019-12-04 2020-03-27 四川虹微技术有限公司 一种基于risc-v的内存保护方法

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6715085B2 (en) * 2002-04-18 2004-03-30 International Business Machines Corporation Initializing, maintaining, updating and recovering secure operation within an integrated system employing a data access control function
US9607177B2 (en) * 2013-09-30 2017-03-28 Qualcomm Incorporated Method for securing content in dynamically allocated memory using different domain-specific keys

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180032448A1 (en) * 2013-08-20 2018-02-01 Synopsys, Inc. Guarded Memory Access in a Multi-Thread Safe System Level Modeling Simulation
CN108369629A (zh) * 2015-12-15 2018-08-03 大陆-特韦斯贸易合伙股份公司及两合公司 微控制器系统和用于在微控制器系统中控制内存访问的方法
CN108460287A (zh) * 2018-03-21 2018-08-28 南通大学 内存保护单元中用户控制区域的划分方法及内存保护系统
CN110929304A (zh) * 2019-12-04 2020-03-27 四川虹微技术有限公司 一种基于risc-v的内存保护方法

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP4134845A4

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115514484A (zh) * 2022-11-22 2022-12-23 国开启科量子技术(北京)有限公司 数字证书请求在线发送方法、数字证书在线颁发方法

Also Published As

Publication number Publication date
CN113496016A (zh) 2021-10-12
EP4134845A4 (en) 2024-04-17
EP4134845A1 (en) 2023-02-15

Similar Documents

Publication Publication Date Title
WO2021203767A1 (zh) 内存访问方法、系统级芯片和电子设备
US20230110230A1 (en) Technologies for secure i/o with memory encryption engines
US11088846B2 (en) Key rotating trees with split counters for efficient hardware replay protection
US9954681B2 (en) Systems and methods for data encryption
US8873747B2 (en) Key management using security enclave processor
US20140310536A1 (en) Storage device assisted inline encryption and decryption
TWI793215B (zh) 資料加密、解密方法及裝置
US10713351B2 (en) Authentication and control of encryption keys
TWI809026B (zh) 用於在一加密系統中管理密碼密鑰之一集合的積體電路(ic)系統、用於一積體電路(ic)系統之方法及非暫時性電腦可讀媒體
US10691404B2 (en) Technologies for protecting audio data with trusted I/O
US20170185539A1 (en) Method and device for protecting dynamic random access memory
WO2020029254A1 (zh) 一种SoC芯片及总线访问控制方法
CN106469124A (zh) 一种存储器访问控制方法和装置
WO2024094137A1 (zh) 一种数据传输方法、装置、系统及电子设备和存储介质
WO2019075622A1 (zh) 一种安全元件及相关设备
WO2020118583A1 (zh) 数据处理方法、电路、终端设备及存储介质
US12056266B2 (en) Secure transient buffer management
US11503000B2 (en) Technologies for establishing secure channel between I/O subsystem and trusted application for secure I/O data transfer
WO2021031087A1 (zh) 一种证书管理方法及装置
WO2020093290A1 (zh) 一种存储控制器、文件处理方法、装置及系统
US20100275023A1 (en) Transmitter, receiver, and content transmitting and receiving method
US20220207192A1 (en) Crypto device, integrated circuit and computing device having the same, and writing method thereof
US20240073007A1 (en) Enforcing access control for embedded controller resources and interfaces
US20230208821A1 (en) Method and device for protecting and managing keys

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21784583

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2021784583

Country of ref document: EP

Effective date: 20221108