Patent Application
20130282951
This disclosure relates generally to the field of computer systems and, more specifically, to the systems, methods and computer program products for secure booting and debugging of system on a chip (SoC) devices.
Modern mobile communication devices, such as smartphones, tablets and netbooks, often use system on a chip (SoC) processors and similar types of integrated devices. A SoC processor is an integrated circuit in which various components, such as an application processor (e.g., CPU), memory subsystem (e.g., ROM, RAM), video/graphics subsystem (e.g., DSP, GPU), audio subsystem (e.g., DSP, ADC, DAC), power management subsystem, security subsystem (e.g., encryption, DRM), I/O subsystem (e.g., keyboard, touch screen), and wired and wireless connectivity subsystems (e.g., USB, GPS, Wi-Fi, GSM, CDMA, 4G LTE modems), are integrated on a single-chip substrate. SoC processors and devices are usually more compact, consume less power and have a lower cost and higher reliability than the conventional multi-chip systems.
However, as any other computer system, SoC devices are subject to crashes and other failures of its various peripheral subsystems (e.g., GPU or modem). During a crash of any of the peripheral subsystems of the SoC, the software (SW) of the subsystem is typically configured to perform a memory dump. A memory dump generally involves, but not limited to include, at least copying the processor cache dump, CPU register contents, copying the contents of hardware resources used by the crashed peripheral subsystem and copying the contents of the system memory used by the crashed peripheral subsystem to a separate memory location (e.g., RAM or HDD). The memory dump is typically followed by a reboot of the crashed peripheral subsystem. Memory dump data of the peripheral subsystem can then be accessed by the application processor of the SoC and sent for debugging to human analysts for the analysis and correction of problems related to the crash and for improvement of system's reliability.
In a secure SoC device, where different subsystems have different security levels and typically cannot access each other's resources without permission, the memory dump data of the crashed peripheral subsystem may be stored in a secure memory region. This secure memory region of the peripheral subsystem may not be accessible to the application processor in order to prevent possible attacks on the peripheral subsystem memory data from malicious applications, e.g., viruses. As a result, the application processor cannot access memory dump data to perform debugging and determine the root cause of the crash. Therefore, it is necessary to provide a mechanism by which the application processor can access the secure memory dump data without jeopardizing security of the peripheral subsystem.
The following presents a simplified summary of one or more aspects of the invention in order to provide a basic understanding of such aspects of the invention overall. This summary is not an extensive overview of all contemplated aspects of the invention, and is intended to neither identify key or critical elements of all aspects nor delineate the scope of any or all aspects. Its sole purpose is to present some concepts of one or more aspects in a simplified form as a prelude to the more detailed description that is presented later.
Disclosed are systems, methods and computer program products for secure rebooting and debugging a peripheral subsystem of a system on a chip (SoC) device. According to one aspect of the method, when an application processor of the SoC device detects crash of the peripheral subsystem, it loads a secure boot agent (SBA) into a memory of the SoC device. The SBA is configured to access a secure memory region of the peripheral subsystem that contains memory dump data associated with the peripheral subsystem. This secure memory region is inaccessible to the application processor. The SBA encrypts the memory dump data in the secure memory region and allows the application processor to access to the secure memory region of the peripheral subsystem containing the encrypted memory dump data. The application processor can then access the secure memory region and collects the encrypted memory dump data for the purpose of providing it to a third party for debugging.
To the accomplishment of the foregoing and related ends, the one or more aspects comprise the features hereinafter fully described and particularly pointed out in the claims. The following description and the annexed drawings set forth in detail certain illustrative features of the one or more aspects. These features are indicative, however, of but a few of the various ways in which the principles of various aspects may be employed, and this description is intended to include all such aspects and their equivalents.
The disclosed aspects will hereinafter be described in conjunction with the appended drawings, provided to illustrate and not to limit the disclosed aspects, wherein like designations denote like elements, and in which:
Various aspects of the invention are described next with reference to the drawings. In the following description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of one or more aspects. It may be evident, however, that such aspect(s) may be practiced without these specific details.
The SoC processor 100 further includes a plurality of different peripheral subsystems 120 controlled by the application processor 110. The peripheral subsystems 120 may include but not limited to a memory subsystem (e.g., ROM, RAM), video/graphics subsystem (e.g., DSP, GPU), audio subsystem (e.g., DSP, ADC, DAC), power management subsystem, security subsystem (e.g., encryption, DRM), I/O subsystem (e.g., keyboard, touchscreen), and wired and wireless connectivity subsystems (e.g., USB, GPS, Wi-Fi, GSM, CDMA, 4G LTE modems). A peripheral subsystem 120, such as a modem subsystem, may include a digital signal processor (DSP) 122, various hardware (HW) and software (SW) components 124, and various RF components 126. In one aspect, each peripheral subsystem 120 also includes a boot ROM 128 that stores a primary boot image (not shown) of the associated peripheral subsystems 120.
The SoC processor 100 further includes various internal shared HW resources 130, such as internal shared memory 132 (e.g. DDR SDRAM, DRAM, Flash memory), which is shared by the application processor 110 and various peripheral subsystems 120 to store various runtime data. In one aspect, components 110, 118, 120, 128 and 130 of the SoC processor 100 may be integrated on a single-chip substrate. The SoC processor 100 further includes various external shared HW resources 140, which may be located on a different chip substrate and communicate with the SoC processor 100 via a system bus (not shown). The external shared HW resources 140 may include, for example, an external shared memory 142 (e.g. DDR SDRAM, DRAM, Flash memory) and/or permanent data storage 144 (e.g., SD card, HDD), which are shared by the application processor 110 and various peripheral subsystems 120 to store various data, such as an OS, system files, programs, applications, user data, audio/video files, etc.
In one aspect, the SoC processor 100 is a secure system in which application processor 110 and peripheral subsystems 120, e.g., a modem subsystem, may have same security level (e.g., isolated security domains). In other words, the modem subsystem 120 cannot access secure regions of shared memory 132 or 142 used by the application processor 110 to store application data and other resources, and the application processor 110 cannot access secure regions of shared memory 132 or 142 used by the modem subsystem 120 to store modem data and other modem resources. This security configuration protects peripheral subsystem 120 from attacks by malicious applications, such as viruses, Trojans and worms, which may be run by the application processor 110, and also protects application processor 110 from attacks, e.g., network attacks, that may be carried out through the modem subsystem 120 by hackers.
When the mobile communication devices is turned on, the secure SoC processor 100 begins the system boot up process. Particularly, the application processor 110 access boot ROM 118 to retrieve boot instructions for the SoC processor 100, including boot sequence instructions for various peripheral subsystems 120. During booting of a peripheral subsystem 120, e.g., modem subsystem, application processor 110 first loads peripheral SW 124 into memory 132 and peripheral subsystem 120 boots itself based on the loaded SW 124 and a primary boot image stored in boot ROM 128. The SoC processor 100 identifies, during this initial boot stage, the resources that belong exclusively to the subsystem (e.g., modem). The resources that are pre-allocated during boot to the peripheral subsystem cannot be accessed by the CPU during normal runtime operations. In the case of CPU based on ARM licensed architecture, even the trust zone privileged mode is prevented from accessing the exclusive subsystem resource that are managed by the peripheral subsystem (e.g. clocks, memory, etc).
If the peripheral subsystem 120 crashes during operation, the peripheral SW 124 will automatically perform memory dump to a secure memory region 134 of the peripheral subsystem 120, and the application processor 110 will re-load the peripheral SW. However, the application processor 120 is not allowed to access the secure memory region 134 of the peripheral subsystem 120, and cannot view the memory dump data 136 stored therein in order to assess the root cause of the crash. Alternatively, the memory dump may be performed to a secure memory region of the peripheral subsystem in the external shared memory 142 or in the permanent data storage 144, such as a Secure Digital (SD) card or Hard Disk Drive (HDD).
To overcome this problem, the SoC processor 100 may be modified as shown in
Operation of the modified SoC processor 200 is described next with reference to
With reference to
The access to the shared resources (by modem 120 and application processor 110) may be controlled by a set of Secure Access Control tags 285A and 285B and firewall(s) 290. Master access tag 285 is a HW scheme that maps the origin of given transaction in the system to an access authority level. For example, application processor 110 will have level authority level 0, and a modem subsystem and power management subsystem will have authority level 1, etc. Client firewall 290 determines if the entity that wants to access the resource (example copy/read data in a specific memory location) has the appropriate authority to do so. For example, application processor 110 and modem subsystem may be authorized to access a certain secure region 234 in external memory 140, but power management subsystem is not.
As used in this application, the terms “component,” “module,” “system” and the like are intended to include a computer-related entity, such as but not limited to hardware, firmware, a combination of hardware and software, software, or software in execution. For example, a component may be, but is not limited to being, a process running on a processor, a processor, an object, an executable, a thread of execution, a program, and/or a computer. By way of illustration, both an application running on a computing device and the computing device can be a component. One or more components can reside within a process and/or thread of execution and a component may be localized on one computer and/or distributed between two or more computers. In addition, these components can execute from various computer readable media having various data structures stored thereon. The components may communicate by way of local and/or remote processes such as in accordance with a signal having one or more data packets, such as data from one component interacting with another component in a local system, distributed system, and/or across a network such as the Internet with other systems by way of the signal.
Moreover, various aspects or features described herein can be implemented as a method, apparatus, or article of manufacture using standard programming and/or engineering techniques. The term “article of manufacture” as used herein is intended to encompass a computer program accessible from any computer-readable device, carrier, or media. For example, computer-readable media can include but are not limited to magnetic storage devices (e.g., hard disk drive, floppy disk, magnetic strips, etc.), optical disks (e.g., compact disk (CD), digital versatile disk (DVD), etc.), smart cards, and flash memory devices (e.g., EPROM, card, stick, key drive, etc.). Additionally, various storage media described herein can represent one or more devices and/or other machine-readable media for storing information. The term “machine-readable medium” can include, without being limited to, wireless channels and various other media capable of storing, containing, and/or carrying instruction(s) and/or data.
Various aspects or features will be presented in terms of systems that may include a number of devices, components, modules, and the like. It is to be understood and appreciated that the various systems may include additional devices, components, modules, etc. and/or may not include all of the devices, components, modules etc. discussed in connection with the figures. A combination of these approaches may also be used.
The various illustrative logics, logical blocks, modules, and circuits described in connection with the embodiments disclosed herein may be implemented or performed with a general purpose processor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), a field programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof designed to perform the functions described herein. A general-purpose processor may be a microprocessor, but, in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing devices, e.g., a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such configuration. Additionally, at least one processor may comprise one or more modules operable to perform one or more of the steps and/or actions described above.
Further, the steps and/or actions of a method or algorithm described in connection with the aspects disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, a hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. An exemplary storage medium may be coupled to the processor, such that the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. Further, in some aspects, the processor and the storage medium may reside in an ASIC. Additionally, the ASIC may reside in a user terminal. In the alternative, the processor and the storage medium may reside as discrete components in a user terminal. Additionally, in some aspects, the steps and/or actions of a method or algorithm may reside as one or any combination or set of codes and/or instructions on a machine readable medium and/or computer readable medium, which may be incorporated into a computer program product.
In one or more aspects, the functions described may be implemented in hardware, software, firmware, or any combination thereof. If implemented in software, the functions may be stored or transmitted as one or more instructions or code on a computer-readable medium. Computer-readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. A storage medium may be any available media that can be accessed by a computer. By way of example, and not limitation, such computer-readable media can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer. Also, any connection may be termed a computer-readable medium. For example, if software is transmitted from a website, server, or other remote source using a coaxial cable, fiber optic cable, twisted pair, digital subscriber line (DSL), or wireless technologies such as infrared, radio, and microwave, then the coaxial cable, fiber optic cable, twisted pair, DSL, or wireless technologies such as infrared, radio, and microwave are included in the definition of medium. Disk and disc, as used herein, includes compact disc (CD), laser disc, optical disc, digital versatile disc (DVD), floppy disk and blue-ray disc where disks usually reproduce data magnetically, while discs usually reproduce data optically with lasers. Combinations of the above should also be included within the scope of computer-readable media.
While the foregoing disclosure discusses illustrative aspects and/or embodiments, it should be noted that various changes and modifications could be made herein without departing from the scope of the described aspects and/or embodiments as defined by the appended claims. Furthermore, although elements of the described aspects and/or embodiments may be described or claimed in the singular, the plural is contemplated unless limitation to the singular is explicitly stated. Additionally, all or a portion of any aspect and/or embodiment may be utilized with all or a portion of any other aspect and/or embodiment, unless stated otherwise.
The present application for patent claims priority to Provisional Application No. 61/635,578, entitled “Apparatus to enable debugging for peripheral subsystem SW within distributed secure boot SoC system” filed Apr. 19, 2012, and assigned to the assignee hereof and hereby expressly incorporated by reference herein.
| Number | Date | Country | |
|---|---|---|---|
| 61635578 | Apr 2012 | US |
