This application claims priority to French Application Serial Number 03 08405, filed Aug. 9, 2003.
1. Field of the Invention
The invention relates generally to sequential logic cell content and specifically to protecting register content in microcontrollers.
2. The Prior Art
Integrated circuits (ICs) are typically tested for defects arising out of fabrication, and one of the tests used is a scan test. One problem with ICs is protecting sensitive register content. Registers may be comprised of sequential logic cells and each sequential logic cell is scannable. Scan methods are very efficient but provide an easy means of seeing the logical values of many nets or registers of the IC. Downloading the content of each register using the scan test is possible after a period of operation for the circuit. A problem occurs when some of the register contains sensitive information from, for example, crypt algorithm keys or parameters for special digital filters or other value to be more or less protected.
In some applications, for example secure microcontrollers and smart cards, scan tests are not available or they use scan methods combined with built-in scan vector generators and signature analyzer modules so that nothing can be downloaded from the pins of the ICs but defects may be found even if scan chain inputs and outputs do not appear on the top-level pin of the circuit.
For on-chip and off-chip memory arrays, for example SRAM (Static RAM) or Flash, the data could be scrambled using crypt algorithms when write access is performed or unscrambled/decrypt when read. Methods of protecting such memory content are typically dedicated to memory arrays because the methods are too complex in terms of gate count to be applied to sequential elements of pre-characterized cell types (typically configuration registers of peripherals or digital filter status/result/parameter variables). Moreover, memory array content is not subject to download by scan test methods whereas sequential cells of pre-characterized type are subject to download by scan test methods.
Peripherals 108 may be functional logic, for example UART, crypto-processing, digital signal processing (DSP), and digital filtering.
Scan chain system 126 connects to microcontroller 100. Dashed lines are used in the Figures to illustrate the path of signals related to scan chain system 126, while solid lines represent the path of signals following non-scan chain circuitry. Microcontroller 100 receives a scan chain control signal on scan chain control 128 and data on scan chain input 130. Microcontroller 100 transmits data to scan chain system 126 on scan chain output 132. Within microcontroller 100, microprocessor 102 transmits control and data information on scan chain 134 to peripherals 108. Output from scan chain input determines whether peripherals 108 have fabrication defects.
During normal operation, address sub-decoder 200 receives signals from microprocessor 102 and address decoder 106. Address sub-decoder 200 transmits a write enable signal along enable write line 206 to selected multiplexers 208. As a multiplexer receives a write enable signal it selects from input available through data bus 116 and also from a sequential cell, for example a scan D flip-flop (SDFF) 210. Multiplexers 208 transmit received input to their respective SDFFs 210. SDFFs 210 transmit to processing logic 204 when they receive clock signals from clock 118.
A SDFF is a normal DFF with the D input driven by the output of a two-to-one multiplexer (not shown), the multiplexer having inputs SD and D, and a select pin SC (the two-to-one multiplexer is shown as a part of scan DFF 210, with inputs SC, SD and D). The SD input is driven by either scan chain input 130 or output from a preceding scan DFF. For example, SDFF 210-1 receives data at input SD from scan chain input 130, while SDFF 210-2 receives data at input SD from the output of SDFF 210-1. Both SDFF 2101 and 2 receive scan chain control signals (select signals) at input SC from scan chain control 130.
Microcontroller 100 may be operated normally, storing values in peripherals 108, and then switched to scan mode and the content of registers in peripherals 108 may be read out and analyzed. In scan mode, SDFF 210-2 will transmit its value through scan register output 214 to processing logic 204. Processing logic 204 transfers data from scan register output 214 directly to scan chain output 132 without altering the value. Control signals transfer data from SDFF 210-1 to SDFF 210-2 and then out to scan chain output 132. In this manner, sensitive data loaded into registers, or SDFFs, may be read out using scan methodology.
A system and method of protecting sequential cell, or register content, in systems employing scan chain methodology is needed. The system should protect sensitive data loaded into registers while allowing scan chain testing for functionality.
The system and method described here provides a way to scramble the value of the register without affecting the functionality of the associated logic. A combinatorial network of logic cells is placed in front of the register and acts as a scrambling function not specified in any user datasheet because there is no user functionality associated. The reverse combinatorial function is placed after the register. Therefore, even if register location is known through the scan register chain and its content after regular operation is downloaded, it is more difficult to ascertain the functional meaning of the value for the current application.
The invention reduces the ability to download the content of any sequential cell (register) by means of the most popular test method (scan) without compromising the purpose of scan chain systems.
The following description the invention is not intended to limit the scope of the invention to these embodiments, but rather to enable any person skilled in the art to make and use the invention.
The invention may use combinatorial networks to scramble memory cells making this method more convenient for pre-characterized DFFs, or SDFFs, (for example those DFFs within a register) while making sensitive material within the register more secure. Moreover, the invention allows scrambling and unscrambling of the content of a register in one clock cycle, in the case of a combinatorial network. Alternatively, a sequential algorithm in front and after the targeted register may replace the combinatorial networks, though the sequential algorithm may take more than 1 clock cycle to scramble and unscramble the register content.
Protecting content of a register may be achieved by not inserting the DFFs in the scan chain so that the DFFs will not be tested. The invention allows a straightforward test design flow (full scan) without the lack of confidentiality in a scan test. The invention may be used on sequential elements acting as a configuration register in order to protect their content from being easily downloaded.
The scan chain system allows a read-out of the register content while the registers may hold sensitive or confidential data. The invention scrambles the data in the register so that it is difficult to match the value downloaded with the functional value of the application. Few people will know the scrambling method, for example the architect and designer of the circuit. If random or pseudo-random scrambling is used, nobody will know the exact register content from a functional point of view.
Scrambling unit 300 is coupled to data bus 116 and configuration register 202. Scrambling unit 300 is configured to receive data, or scrambling unit input, from data bus 116 and to scramble the input in either a predetermined, random, or pseudo-random method. The scrambled data is transmitted to configuration register 202. If normal operations are halted and the register content read out by scan chain system 126, only scrambled data will be transmitted through scan register output 214 and scan chain output 132, protecting register content.
Descrambling unit 310 is coupled to configuration register 202 and is configured to receive the scrambled data from configuration register 202. Descrambling unit 310 is configured to descramble the scrambled data in the reverse manner that scrambling unit 300 scrambled the data. The values output from descrambling unit 310 should be identical to the values input from data bus 116. Although scrambling unit 300 and descrambling unit 310 are shown without a direct connection between them, one skilled in the art will recognize that they may receive/share a random or pseudo-randomly generated value.
In one embodiment, a scrambling function works as follows. A first combinatorial network, scrambling unit 300, uses function F1 and a second combinatorial network, descrambling unit 310, uses function F2. If X is an n-bit (n being an integer) binary coded input from data bus 116, then F1 (X) is the resulting output value of the first combinatorial network.
If the 2 combinatorial networks were connected in series, Y being the output of the first network driving the input of the second network, Z being the output of the second network (Y, X being binary values), then:
Y=F1(X),
Z=F2(Y) and,
Z=F2(F1(X)).
If N is the bit size for X, F1(X) and F2(X), then solving for F1 and F2 by making Z=X yields, for example:
F1(X)=(X+1) mod 2N and
F2(X)=(X-1) mod 2N.
Therefore, Z=F2(F1(X))=F2(X+1)=(X+1)−1=X and Z=X
F1(X), F2(X) may be selected from among various functions including translation tables where each X binary value is coded with another value or F1(X) can be a binary to gray code translator and F2(X) being its reverse function: gray to binary code.
Processing logic 204 should receive the initial input value of “11,” so inverter 420 and XNOR 430 of descrambling unit 310 produce the mathematical function “−1 modulo 4.” A descrambling unit input of “00” becomes “00-1 modulo 4,” which is equal to “11.” In one embodiment, scrambling unit 300 produces a scrambling unit output that is loaded into configuration register 202 and transmitted to descrambling unit 310, which then produces a descrambled output, all within a single clock cycle.
If configuration register 202 is downloaded by scan chain system 126 then there will be no consistency between the value read and the functional value configured by the application because scan chain system 126 is reading out scrambled input values before descrambling unit 310 has descrambled the values to the original input values from 116.
Although
Number generator 505 outputs a value to storage unit 510 and scrambling unit 300. Scrambling unit 300 receives the output from number generator 505 and adder 500 adds that number to a two-bit value received from data bus 116. The resulting sum is then transmitted to configuration register 202. For example, if number generator 505 produces the binary value “01,” and scrambling unit 300 receives “11” at its D[0] and D[1] inputs, then the resulting sum is “00.” “00” is the binary value transmitted to configuration register 202.
Storage unit 510 saves the value output from number generator 505 so that whenever new data is written from data bus 116, a signal from write enable line 206 instructs storage unit 510 to output the new value, otherwise storage unit 510 outputs the last value used in scrambling unit 300.
Descrambling unit 310 receives from storage unit the binary value transmitted from number generator 505 to storage unit 510 during a given clock cycle. Continuing with the above example, configuration register 202, after receiving the value “00” from scrambling unit 300, transfers the value “00” to descrambling unit 310. Descrambling unit 310 comprises two-bit subtractor 520, therefore descrambling unit 310 subtracts the value “01” from “00.” The value “01” was generated by number generator 505 and stored in storage unit 510 during the same clock cycle that descrambling unit 310 receives the value “00.” The result is “11,” which is the original value output from data bus 116 at the beginning of the clock cycle.
In one embodiment, storage unit 510 comprises multiplexer 530 and DFF 540.
The content of configuration register 202 changes whenever it is being written to by data bus 116. In the next embodiment, the content of configuration register 202 changes every clock cycle, regardless of whether or not it is being written to.
DFF 630 also receives the random or pseudo-random number from number generator 505 and in the same clock cycle during which DFF 630 received the number, DFF 630 transmits the number to descrambling unit 310. Descrambling unit 310 receives the random or pseudo-random number from DFF 630 and it receives the scrambled content from SDFFs 620. Descrambling unit subtracts the random or pseudo-random number from the scrambled number using subtractor 525. Descrambling unit 310 outputs the descrambled value to processing logic 204 and to multiplexer 600.
During a clock cycle in which there is no “write” operation from data bus 116 to multiplexer 600, multiplexer 600 receives only descrambled output from descrambling unit 310. With no write-enable signal from enable write line 206, multiplexer 600 selects the descrambled output and transmits it to scrambling unit 300. Scrambling unit 300 receives a random or pseudo-random number from number generator 505 and the descrambled output, adds them and loads them into SDFFs 620. The effect of this is to rescramble with a new number, each clock cycle, the descrambled output from descrambling unit 310.
One skilled in the art will recognize that number generator 505 could be another configuration register, a configurable register that is not part of scan chain system 126, the output of a finite state machine status flag, interrupt flag, or any other random or determinable value generator. Sensitive or confidential material loaded into configuration register 610 is more difficult to recover due to a variable and continuous scrambling function.
One advantage of the invention is that the combinatorial networks used to scramble and descramble the register have a low gate count, allowing them to more easily fit on an IC and keep its cost down.
As any person skilled in the art will recognize from the previous description and from the figures and claims that modifications and changes can be made to the invention without departing from the scope of the invention defined in the following claims.
Number | Date | Country | Kind |
---|---|---|---|
03 08405 | Aug 2003 | FR | national |