This application claims priority of China Patent Application No. 202111414402.2, filed on Nov. 25, 2021, the entirety of which is incorporated by reference herein.
The present invention relates to a memory device and an erase method thereof, and more particularly it relates to a secure memory device and an erase method thereof.
In the era of the Internet of Things, in order to prevent data in a device from being stolen by unauthorized personnel, more and more equipment manufacturers are using secure chips as development tools. The practice of storing programs and data in a secure memory device inside the chips has gradually attracted the attention and favor of the market.
With the increase in equipment application complexity, the memory capacity of the chip as a development tool for internal data storage must increase as well. In view of this, many chip designers have begun to try to place more than one memory unit inside the chip so that the data in each memory can be protected by security functions and facilitate unified control. Chip designers often use a main memory to be responsible for switching the security functions of itself and each sub-memory.
However, when the user clears the security functions, how should the chip designer ensure that the memory data of each block is not accidentally exposed, so as to avoid problems of data security? Therefore, it is necessary to optimize the memory erase procedure for the security of the memory.
Secure memory devices and erase methods thereof are provided herein. Since the security controls of sub-memories in a memory device are stored in the main memory, the sub-memories need to be erased prior to the main memory when the main memory needs to be erased, so as to prevent the sub-memories from entering an unlocked state after the main memory is erased, leading to the secure data in the memory being exposed.
In an embodiment, a memory device comprises a main memory, a first sub-memory, and a controller. When the first sub-memory is erased, the first sub-memory outputs a first erase completion signal. The controller receives an erase signal to erase the main memory. The controller performs an erase operation on the main memory according to the erase signal and the first erase completion signal.
According to an embodiment of the invention, the memory device further comprises a second sub-memory. When the second sub-memory is erased, the second sub-memory outputs a second erase completion signal. The controller performs the erase operation on the main memory according to the erase signal, the first erase completion signal, and the second erase completion signal.
According to an embodiment of the invention, when the first sub-memory does not generate the first erase completion signal and/or the second sub-memory does not generate the second erase completion signal, the controller does not perform the erase operation on the main memory.
According to an embodiment of the invention, the memory device further comprises a security register. The security register stores a first security control and a second security control. The first sub-memory operates in a locked state according to the first security control and the second sub-memory operates in the locked state according to the second security control. When the controller completes an initialization procedure, the controller writes the first security control and the second security control from the main memory to the security register. When the first sub-memory and/or the second sub-memory is/are erased, the first sub-memory and/or the second sub-memory operate(s) in an unlocked state according to the first security control and/or the second security control.
According to an embodiment of the invention, either one of the first sub-memory and the second sub-memory further comprises a multiplexer and a flip-flop. The multiplexer selects either one of a first sub erase control signal and the first erase completion signal for use as an intermediate signal according to the first security control, or selects either one of a second sub erase control signal and the second erase completion signal for use as the intermediate signal according to the second security control. The flip-flop outputs the intermediate signal for use as the first erase completion signal according to a clock signal, or outputs the intermediate signal for use as the second erase completion signal according to the clock signal.
According to an embodiment of the invention, when the controller receives the first sub erase control signal to erase the first sub-memory and/or receives the second sub erase control signal to erase the second sub-memory, the controller operates the first sub-memory and/or the second sub-memory in an unlocked state by the first security control and/or the second security control, and the multiplexers of the first sub-memory and the second sub-memory generate the first erase completion signal and the second erase completion signal respectively.
According to an embodiment of the invention, the controller comprises an AND gate. The AND gate receives the erase signal, the first erase completion signal, and the second erase completion signal to generate an enable signal. When the erase signal, the first erase completion signal, and the second erase completion signal are all at a first logic level, the enable signal output by the AND gate is at the first logic level. The controller performs the erase operation on the main memory in response to the enable signal.
In another embodiment, an erase method adapted to a memory device is provided. The memory device comprises a main memory and a first sub-memory. The erase method comprises receiving an erase signal to erase the main memory; determining whether the first sub-memory is erased; when the first sub-memory is erased, performing an erase operation on the main memory; and when the first sub-memory is not erased, not performing the erase operation on the main memory.
According to an embodiment of the invention, the memory device further comprises a second sub-memory, wherein the erase method further comprises determining whether the second sub-memory is erased; when the first sub-memory and the second sub-memory are both erased, performing the erase operation on the main memory; and when the first sub-memory and/or the second sub-memory is not erased, not performing the erase operation on the main memory.
According to an embodiment of the invention, the memory device further comprises a security register configured to store a first security control and a second security control. The first sub-memory and the second sub-memory respectively operate in a locked state according to the first security control and the second security control. When the memory device completes an initialization procedure, the first security control and the second security control are written from the main memory to the security register. When the first sub-memory and/or the second sub-memory is/are erased, the first sub-memory and/or the second sub-memory operate(s) in an unlocked state according to the first security control and/or the second security control respectively.
A detailed description is given in the following embodiments with reference to the accompanying drawings.
The invention can be more fully understood by reading the subsequent detailed description and examples with references made to the accompanying drawings, wherein:
This description is made for the purpose of illustrating the general principles of the invention and should not be taken in a limiting sense. In addition, the present disclosure may repeat reference numerals and/or letters in the various examples. This repetition is for the purpose of simplicity and clarity and does not in itself dictate a relationship between the various embodiments and/or configurations discussed. The scope of the invention is best determined by reference to the appended claims.
It should be understood that, in the description herein and throughout the claims that follow, although the terms “first,” “second,” etc. may be used to describe various elements, these elements should not be limited by these terms. These terms are only used to distinguish one element from another. For example, a first element could be termed a second element, and, similarly, a second element could be termed a first element, without departing from the scope of the embodiments.
It is understood that the following disclosure provides many different embodiments, or examples, for implementing different features of the application. Specific examples of components and arrangements are described below to simplify the present disclosure. These are, of course, merely examples and are not intended to be limiting. In addition, the present disclosure may repeat reference numerals and/or letters in the various examples. This repetition is for the purpose of simplicity and clarity and does not in itself dictate a relationship between the various embodiments and/or configurations discussed. Moreover, the formation of a feature on, connected to, and/or coupled to another feature in the present disclosure that follows may include embodiments in which the features are formed in direct contact, and may also include embodiments in which additional features may be formed interposing the features, such that the features may not be in direct contact.
The security register 120 is configured to store a first security control SC1, a second security control SC2 . . . , and an N-th security control SCN for controlling the first sub-memory 130-1, the second sub-memory 130-2 . . . , and the N-th sub-memory 130-N respectively. According to an embodiment of the invention, when the controller 140 completes the initialization procedure, the controller 140 writes the first security control SC1, the second security control SC2 . . . , and the N-th security control SCN from the main memory 110 to the security register 120. In addition, the controller 140 respectively controls the security of the first sub-memory 130-1, the second sub-memory 130-2 . . . , and the N-th sub-memory 130-N by the first security control SC1, the second security control SC2 . . . , and the N-th security control SCN stored in the safety register 120. According to an embodiment of the invention, as shown in
According to an embodiment of the invention, when any one of the first security control SC1, the second security control SC2 . . . , and the N-th security control SCN is at the first logic level, the corresponding one(s) of the first sub-memory 130-1, the second sub-memory 130-2 . . . , or the N-th sub-memory 130-N is/are operated in a locked state, so that the controller 140 cannot perform the erase operation on the corresponding one(s) of the first sub-memory 130-1, the second sub-memory 130-2 . . . , and 130-N. The secure data stored in the first sub-memory 130-1, the second sub-memory 130-2 . . . , and the N-th sub-memory 130-N is thus protected.
According to another embodiment of the present invention, when any one of the first security control SC1, the second security control SC2 . . . , and the N-th security control SCN is at the second logic level, the first sub-memory 130-1, the corresponding one(s) of the second sub-memory 130-2 . . . , and the N-th sub-memory 130-N is/are operated in the unlocked state, so that the controller 140 can perform the erase operation on the corresponding one(s) of the first sub-memory 130-1, the second sub-memory 130-2 . . . , and the N-th sub-memory 130-N. The data stored in the first sub-memory 130-1, the second sub-memory 130-2 . . . , and the N-th sub-memory 130-N is thus not protected.
When any one of the first sub-memory 130-1, the second sub-memory 130-2 . . . , and the N-th sub-memory 130-N completes the erase operation, the first sub-memory 130-1, the second sub-memory 130-2 . . . , and the N-th sub-memory 130-N respectively generate a first erase completion signal EC1, a second erase completion signal EC2, . . . and an N-th eras completion signal ECN. In addition, the first sub-memory 130-1, the second sub-memory 130-2 . . . , and the N-th sub-memory 130-N respectively send the first erase completion signal EC1, the second erase completion signal EC2 . . . , and the N-th erase completion signal ECN to the controller 140.
The controller 140 receives the erase signal SE, the first sub erase signal SES1, the second sub erase signal SES2 . . . , the N-th sub erase signal SESN, the first erase completion signal EC1, the second erase completion signal EC2 . . . , and the N-th erase completion signal ECN to perform the corresponding erase operation, where the erase signal SE is configured to erase the main memory 110, and the first sub erase signal SES1, the second sub erase signal The SES2, . . . and the N-th sub erase signal SESN are configured to erase the first sub-memory 130-1, the second sub-memory 130-2 . . . , and the N-th sub-memory 130-N respectively. The controller 140 further provides the first sub erase signal SES1, the second sub erase signal SES2 . . . , and the N-th sub erase signal SESN to the first sub-memory 130-1, the second sub-memory 130-2 . . . , and the N-th sub-memory 130-N respectively. According to an embodiment of the invention, the controller 140 performs the erase operation on the main memory 110 according to the erase signal SE, the first erase completion signal EC1, the second erase completion signal EC2 . . . , and the N-th erase completion signal ECN.
In other words, when any one of the first sub-memory 130-1, the second sub-memory 130-2 . . . , and the N-th sub-memory 130-N has not completed the erase operation, the controller 140 does not perform the erase operation on the main memory 110 until the first sub-memory 130-1, the second sub-memory 130-2 . . . , and the N-th sub-memory 130-N are all erased.
The first security control SC1, the second security control SC2 . . . , and the N-th security control SCN of the first sub-memory 130-1, the second sub-memory 130-2 . . . , and the N-th sub-memory 130-N are stored in the main memory 110. If the main memory 110 is erased before the first sub-memory 130-1, the second sub-memory 130-2 . . . , and the N-th sub-memory 130-N are cleared, the first sub-memory 130-1, the second sub-memory 130-2 . . . , and the N-th sub-memory 130-N will be forced to enter the unlocked state, thereby exposing the stored data.
As shown in
For example, when the N-th sub-memory 130-N is operated in the locked state according to the N-th security control SCN (corresponding to the security control SC shown in
For example, when the N-th sub-memory 130-N is operated in the unlocked state according to the N-th security control SCN (corresponding to the security control SC shown in
According to an embodiment of the invention, when the enable signal EN is at the high logic level, it indicates that the erase operations of the first sub-memory 130-1, the second sub-memory 130-2 . . . , and the N-th sub-memory 130-N have both been completed, and the erase signal SE for erasing the main memory 110 has also been received. The AND gate 310 thus generates the enable signal EN at the high logic level. The controller 140 erases the main memory 110 in response to the enable signal EN at the high logic level, which ensures that the main memory 110 is not erased before any one of the first sub-memory 130-1, the second sub-memory 130-2 . . . , and the N-th sub-memory 130-N has not completed the erase operation. Therefore, the security controls of the first sub-memory 130-1, the second sub-memory 130-2 . . . , and the first sub-memory 130-N are retained.
As shown in the erase method 400 shown in
When it is determined that the first sub-memory 130-1, the second sub-memory 130-2 . . . , and the N-th sub-memory 130-N are all erased, the erase operation is performed on the main memory 110 (step S430). More specifically, the AND gate 310 in
When it is determined that any one of the first sub-memory 130-1, the second sub-memory 130-2 . . . , and the N-th sub-memory 130-N has not been erased, the erase operation is not performed on the main memory 110 (Step S440), and step S420 is repeated until the first sub-memory 130-1, the second sub-memory 130-2 . . . , and the N-th sub-memory 130-N are all erased. When the first sub-memory 130-1, the second sub-memory 130-2 . . . , and the N-th sub-memory 130-N are all erased, the erase operation can be performed on the main memory 110.
Secure memory devices and erase methods thereof are provided herein. Since the security controls of the sub-memories in the memory device are stored in the main memory, the sub-memories need to be erased prior to the main memory when the main memory needs to be erased, so as to prevent the sub-memories from entering an unlocked state after the main memory is erased, leading to the secure data in the memory being exposed.
Although some embodiments of the present disclosure and their advantages have been described in detail, it should be understood that various changes, substitutions and alterations can be made herein without departing from the spirit and scope of the disclosure as defined by the appended claims. For example, it will be readily understood by those skilled in the art that many of the features, functions, processes, and materials described herein may be varied while remaining within the scope of the present disclosure. Moreover, the scope of the present application is not intended to be limited to the particular embodiments of the process, machine, manufacture, composition of matter, means, methods and steps described in the specification. As one of ordinary skill in the art will readily appreciate from the disclosure of the present disclosure, processes, machines, manufacture, compositions of matter, means, methods, or steps, presently existing or later to be developed, that perform substantially the same function or achieve substantially the same result as the corresponding embodiments described herein may be utilized according to the present disclosure. Accordingly, the appended claims are intended to include within their scope such processes, machines, manufacture, compositions of matter, means, methods, or steps.
Number | Date | Country | Kind |
---|---|---|---|
202111414402.2 | Nov 2021 | CN | national |