The present disclosure is related to securing software images for execution by various integrated circuit processors.
Electronic devices such as wireless communications devices are being constantly driven to higher levels of capability based on advances in technology, consumer demand and marketing drivers such as a need for product differentiation. The processing power available today allows many of these requirements to be met using sophisticated processors such as System-on-Chip (SOC) integrated circuits that provide high levels of capability and flexibility through being programmable.
As a result, software and software development have become critical to providing capabilities, new features and functions, etc. Along with the pervasiveness of software however, there is also a need to protect the software from misappropriation, or alteration for malicious purposes. For example, software may be misappropriated or altered even at the integrated circuit level by attacks directed toward specific features and functions of the chip. At the same time, it may be necessary to gain access to software for debugging, updating or for various development needs. Also, it may be desirable to be able to provide back-ups of software in the event a primary copy becomes corrupted and unusable. However, it may be inappropriate for software copies to be easily accessible since this may lead to misappropriation of the code, etc.
For example, it may be desirable to have various code images that are specific to a given electronic device or, more specifically an integrated circuit within the electronic device, such that the code images are not usable or alterable by any other device.
The various embodiments herein disclosed include a method wherein an integrated circuit may receive a code image from an external device, encrypt the code image using a cryptographic logic with a Hardware Unique Key to create a Hardware Unique Code Image where the Hardware Unique Key is inaccessible to the external device. The integrated circuit will then store the Hardware Unique Code Image wherein the Hardware Unique Code Image is executable only after decryption using the Hardware Unique Key.
The method also includes sending a command to request decryption of the Hardware Unique Code Image by the cryptographic logic using the Hardware Unique Key and executing the Hardware Unique Code Image by the boot software after the decryption.
The embodiments disclosed herein also provide an integrated circuit including a memory, and a cryptographic logic coupled to the memory. Where the cryptographic logic is operative to encrypt a code image using a Hardware Unique Key to create a Hardware Unique Code Image where the Hardware Unique Key is inaccessible via any port of the integrated circuit. The integrated circuit further includes the ability to store the Hardware Unique code Image in memory where the Hardware Unique Code Image is executable only after decryption using the Hardware Unique Key.
The integrated circuit herein disclosed may also include a peripheral controller, operative to control an external device to receive a code image, a memory controller, connected to the cryptographic logic, and a boot ROM, connected to the memory controller and operative to send a request for decryption of the Hardware Unique Code Image by the cryptographic logic using the Hardware Unique Key, and execute the Hardware Unique Code Image after the decryption.
An integrated circuit herein disclosed includes a peripheral controller operative to control an external device to receive a code image, a memory, a Hardware Unique Key Logic, a cryptographic logic coupled to the memory and to the Hardware Unique Key Logic and operative to send a request to the Hardware Unique Key Logic for the Hardware Unique Key, receive the Hardware Unique Key from the Hardware Unique Key Logic in response to the request, encrypt the code image using the Hardware Unique Key to create a Hardware Unique Code Image, where the Hardware Unique Key is inaccessible via any port of the integrated circuit, and store the Hardware Unique Code Image in the memory where the Hardware Unique Code Image is executable only after decryption using the Hardware Unique Key. The integrated circuit further includes a memory controller connected to the cryptographic logic and a boot ROM connected to the memory controller where in the boot ROM is operative to send a request to the cryptographic logic to request decryption of the Hardware Unique Code Image by the cryptographic logic using the Hardware Unique Key and execute the Hardware Unique Code Image after the decryption.
An integrated circuit as disclosed herein may also include a memory controller wherein the memory controller is operative to arbitrate access to memory. The integrated circuit is further operative to send a command to the cryptographic logic in response to a request by the boot ROM to cause the cryptographic logic to generate a random key, and where the cryptographic logic is further operative to generate the random key in response to the command, encrypt the random key using the Hardware Unique Key to create an encrypted random key, store the encrypted random key in a key storage memory and encrypt the code image using the encrypted random key. Alternatively, the random key may be used in an unencrypted form in some embodiments.
The integrated circuit disclosed herein may further include a peripheral controller that is operative to receive a push of a flash loader code into an internal memory of the integrated circuit and where the boot ROM is operative to verify that the flash loader code is trusted code, execute the flash loader code, and perform a challenge/response security routine with the external device, and obtain a push of the code image from the external device in response to a correct response to the challenge/response security routine.
Turning now to the drawing wherein like numerals represent like components,
The internal RAM 107 which may be a static RAM may be physically located on the die of the integrated circuit. The external RAM 117 which may be for example a DRAM may be physically within the package of the integrated circuit 100 but not necessarily on the same die as the memory controller. However memory may be located in any suitable position whether on the die or off the die of the integrated circuit 100. The memory controller 101 is further coupled to a boot ROM 103. The boot ROM 103 controls booting procedures of the integrated circuit 100 and may include boot ROM software and/or logic operative for the purpose of boot up of the integrated circuit 100. For example the boot ROM 103 may refer to software running from the boot ROM 103 where the boot ROM software is executed by the Central Processing Unit 105. In other embodiments, the boot ROM 103 may include software and also logic operations by logic operative to interact with the software, or independently of the software. Further, the boot ROM 103 may include secure memory wherein the secure memory is locked from access by various non-boot related logic of the integrated circuit 100.
The memory controller 101 may further be coupled to an encryption logic 102 for encrypting various information used by the integrated circuit 100 such as but not limited to software code or various encryption keys for encrypting and decrypting software such as video media software, etc. The encryption logic 102 may be for example a hashing logic for hashing a software code and providing the hash to the memory controller for storage for example internal RAM 107 or external RAM 117. The memory controller 101 is also coupled to a cryptographic logic 113. The cryptographic logic 113 is used for checking the validity of various software images to be loaded and run on the integrated circuit 100 by for example the Central Processing Unit 105. The cryptographic logic 113 may be a crypto core processor in some embodiments, an ASIC, or other appropriate logic suitable for encrypting and decrypting software code in accordance with the description provided herein. The cryptographic logic in some embodiments may further include a random number generator 121, a key storage memory 123 and a Hardware Unique Key storage 125.
The integrated circuit 100 further includes the hardware unique key logic 115 which may contain information related to the integrated circuit 100 configuration. The hardware unique key logic 115, contains fuses that once blown cannot be restored. Therefore the hardware unique key logic 115 creates a permanent set of bits which may be used for encryption of various software within the integrated circuit 100. Thus the hardware unique key logic 115 creates a Hardware Unique Key for use in encrypting images as will be described further herein.
The hardware unique key logic is coupled to the cryptographic logic 113 and shares with the cryptographic logic 113 a clocking signal from clock logic 114. A hardware unique key logic 115 bit pattern, which constitutes the Hardware Unique Key, may be serially clocked using a clock signal from clock logic 114 into the cryptographic logic 113. The cryptographic logic may then store the Hardware Unique Key in Hardware Unique Key storage memory 125. The Hardware Unique Key is specific to the integrated circuit 100 and is unlike any other Hardware Unique Key in any other integrated circuit instance. The Hardware Unique Key contained by the hardware unique key logic 115 and also within the Hardware Unique Key storage memory 125 is inaccessible through any interface of the integrated circuit 100. In other words the Hardware Unique Key may not be read out from the hardware unique key logic 115, the cryptographic logic 113 via the memory controller 101 or via any other logic within the integrated circuit 100.
This process is illustrated in further detail in
In accordance with the various embodiments the Hardware Unique Key stored within the cryptographic logic 113 may be used to encrypt software loaded into the integrated circuit 100 such that the software encrypted using the Hardware Unique Key is unique to the integrated circuit 100 and cannot be used by any other integrated circuit or device. An exemplary method of the various embodiments is illustrated in
Assuming that no previously stored versions were located in 603, the boot ROM 103 may send a command to the cryptographic 113 requesting the cryptographic to generate a random key. As shown in 607, the cryptographic logic 113 may use a random number generator 121, which in some embodiments may be a true random number generator, to generate the random key as requested. As shown in 609, the cryptographic logic 113 may proceed to encrypt the random key using the Hardware Unique Key stored in Hardware Unique Key storage 125, after which the boot ROM 103 may store the encrypted random key in an appropriate location in memory. As shown in 611 the cryptographic logic may then encrypt the code image such as code image 111 using the encrypted random key and proceed to store the encrypted code image as final integrated circuit image 119 for example.
To execute the final integrated circuit image code 119, the boot ROM software 103 will send the random key, in an encrypted form, to the cryptographic logic 113 and request that the cryptographic logic 113 decrypt the final integrated circuit image 119 using the random key. The random key must be decrypted using the hardware unique key in some embodiments. As shown in 703, the final integrated circuit image 119 will be passed through the cryptographic logic with the request from the boot ROM 103 to decrypt it using the random key as shown in 703. In 705 the cryptographic logic may run an additional hashing test on the decrypted image wherein the hash in also encrypted using the Hardware Unique Key.
The above detailed description and the examples described therein have been presented for the purposes of illustration and description only and not for limitation. For example, the operations described may be done in any suitable manner. The method steps may be done in any suitable order still providing the described operation and results. It is therefore contemplated that the present embodiments cover any and all modifications, variations or equivalents that fall within the spirit and scope of the basic underlying principles disclosed above and claimed herein.