CN111506324B - Method for realizing MCU chip safety by combining traditional ROM with storage island - Google Patents
Method for realizing MCU chip safety by combining traditional ROM with storage island Download PDFInfo
- Publication number
- CN111506324B CN111506324B CN202010606503.9A CN202010606503A CN111506324B CN 111506324 B CN111506324 B CN 111506324B CN 202010606503 A CN202010606503 A CN 202010606503A CN 111506324 B CN111506324 B CN 111506324B
- Authority
- CN
- China
- Prior art keywords
- unit
- rom
- module
- security program
- storage island
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000003860 storage Methods 0.000 title claims abstract description 59
- 238000000034 method Methods 0.000 title claims abstract description 19
- 238000012795 verification Methods 0.000 claims description 13
- 238000004891 communication Methods 0.000 claims description 7
- 230000003993 interaction Effects 0.000 claims description 7
- 238000012545 processing Methods 0.000 claims description 3
- 230000007547 defect Effects 0.000 abstract description 3
- 238000005336 cracking Methods 0.000 description 4
- 230000006399 behavior Effects 0.000 description 2
- 238000009395 breeding Methods 0.000 description 2
- 230000001488 breeding effect Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000007796 conventional method Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/61—Installation
- G06F8/63—Image based installation; Cloning; Build to order
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
- G06F8/66—Updates of program code stored in read-only memory [ROM]
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Mathematical Physics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method for realizing MCU chip safety by utilizing ROM combined with a storage island, which comprises an MCU module, wherein the MCU module comprises a storage island unit and a ROM starting unit; further comprising the steps of: writing a security program, and encrypting the security program through a private key; the storage island unit stores the security program encrypted by the private key; the ROM unit responds to an external starting signal and pairs the public key with the security program encrypted by the private key; if the pairing is successful, the ROM starting unit reads the safety program, and then the ROM starting unit is started; if the pairing is unsuccessful, the ROM starting unit cannot read the security program, and further the ROM starting unit cannot be started. The recording module is used for recording, upgrading and replacing the content of the storage island unit, and the defect that secondary expansion cannot be achieved when only the ROM is used is overcome. After the encrypted content is transmitted to the storage island unit, the encrypted content can only be decrypted by using a correct public key through a user, so that the safety performance is improved.
Description
Technical Field
The invention belongs to the field of MCU chip safety design, and particularly relates to a method for realizing MCU chip safety by combining a traditional ROM with a storage island.
Background
Currently, the Read Only Memory (ROM) with dynamic password (OTP) is commonly used in the industry to develop some boot upgrade code logic with high security requirements. And the MCU chip is burnt in once during streaming, so that a user can be prevented from changing the starting upgrading logic of the MCU, and therefore some logic implementation of safety verification or upgrading interaction is hidden from the source, and the effect of protecting the MCU chip program from being maliciously tampered and upgraded is achieved.
However, the MCU chip prepared by the method can only be programmed once in the whole life cycle. In the process of chip development, developers are unlikely to consider all the requirements of a chip at one time, and often need to upgrade gradually along with the mass production application of the chip. The original code logic which is written by burning is already solidified, so that the code logic which is originally written by burning cannot be modified and is difficult to upgrade, and the solidified code logic is already fixed and has the risk of divulgence. Therefore, an MCU chip with high safety and capable of upgrading and modifying part of logic is urgently needed.
Disclosure of Invention
The invention aims to provide a method for realizing MCU chip safety by combining a traditional ROM with a storage island.
In order to achieve the purpose of the invention, the technical scheme adopted by the invention is as follows: a method for realizing MCU chip safety by combining a traditional ROM with a storage island comprises an MCU module, wherein the MCU module comprises a storage island unit and a ROM starting unit; further comprising the steps of:
writing a security program, and encrypting the security program through a private key;
the storage island unit stores the security program encrypted by the private key;
the ROM starting unit responds to an external starting signal and pairs the public key and the safety program encrypted by the private key;
if the pairing is successful, the ROM starting unit reads a security program, and then the ROM starting unit is started; if the pairing is unsuccessful, the ROM starting unit cannot read the security program, and further the ROM starting unit cannot be started.
Preferably, the system further comprises a cloud service module, wherein the cloud service module is used for storing a private key, and the cloud service module encrypts the security program by using the private key to form a ciphertext.
Preferably, the system further comprises a burning module, and the burning module is used for burning the ciphertext into the storage island unit.
Preferably, the burning module includes a set first access timing sequence, and the storage island unit receives the first access timing sequence and performs data interaction with the burning module.
Preferably, the burning module includes a communication interface connected to the storage island unit, and the communication interface includes an SWD interface or a serial interface.
Preferably, the ROM starting unit includes a set second access timing sequence, and the storage island receives the second access timing sequence and performs information interaction with the ROM starting unit.
Preferably, when software needs to be upgraded or updated, the burning module erases and reads data of the storage island unit.
Preferably, the security program includes a patch unit, and the patch unit is configured to perform HASH integrity check and ECDSA digital signature verification on the ROM boot unit, where the ROM boot unit can only boot after the HASH integrity check and the ECDSA digital signature verification pass.
Preferably, the public key and the private key are paired by a universal unique identification code specific to the MCU module, the universal unique identification code comprises the ID information of the client, and different public keys and different private keys are paired according to different ID information.
Preferably, if the storage island unit does not include a security program encrypted by a private key, the ROM starting unit does not pair the private key and the public key, and the ROM starting unit cannot be started.
The invention has the following beneficial effects: the invention relates to a method for realizing MCU chip safety by combining a traditional ROM with a storage island, which comprises an MCU module, wherein the MCU module comprises a storage island unit and a ROM starting unit; further comprising the steps of: writing a security program, and encrypting the security program through a private key; the storage island unit stores the security program encrypted by the private key; the ROM starting unit responds to an external starting signal and pairs the public key and the safety program encrypted by the private key; if the pairing is successful, the ROM starting unit reads the safety program, and then the ROM starting unit is started; if the pairing is unsuccessful, the ROM starting unit cannot read the security program, and further the ROM starting unit cannot be started.
Through set up storage island unit in the MCU module, can utilize the burning record module to type in, upgrade and change etc. the content of storage island unit, solved the defect that traditional simple unable secondary extension when only using ROM. And the RSA asymmetric encryption processing is also carried out on the content transmitted to the storage island unit by the burning module. Namely, the private key encryption is carried out on the content at the cloud service module, and after the content is transmitted to the storage island unit, the encrypted content can only be decrypted by using a correct public key through a user. After decryption, the ROM starting unit can read the content in the storage island unit, and then the MCU chip can be started normally. Therefore, illegal molecules can be prevented from stealing or cracking programs, and the breeding of illegal behaviors is fundamentally stopped.
Drawings
FIG. 1 is a logic flow diagram of the present invention;
FIG. 2 is a block flow diagram of the present invention.
Detailed Description
At present, the MCU chip adopts a conventional ROM to boot a bootloader in the chip, which is a small program that runs before software starts, and mainly adjusts the running environment of the software. However, the safety of the MCU chip is not considered, and the software can normally run by burning any program into the corresponding area of the FLASH. For example, research and development personnel expend hundreds of millions of dollars to develop a product, the product is well sold after being subjected to a series of strict product certifications and being sold in the market, so that many lawbreakers directly burn programs in the chip into clone hardware of a copy board to run by breaking and modifying the chip, and the product is sold at low price to earn violence. Undoubtedly cause serious economic losses to the developers. The method can overcome the commonly used means for cracking the chip and guarantee the right of chip research personnel. The technology of the present application will be described in detail below.
As shown in fig. 1 and fig. 2, a method for implementing MCU chip security by using a conventional ROM in combination with a storage island includes an MCU module, where the MCU module includes a storage island unit and a ROM start unit; further comprising the steps of: writing a security program, and encrypting the security program through a private key; the storage island unit stores the security program encrypted by the private key; the ROM starting unit responds to an external starting signal and pairs the public key and the safety program encrypted by the private key; if the pairing is successful, the ROM starting unit reads the safety program, and then the ROM starting unit is started; if the pairing is unsuccessful, the ROM starting unit cannot read the security program, and further the ROM starting unit cannot be started. Through set up storage island unit in the MCU module, can utilize the burning record module to type in, upgrade and change etc. the content of storage island unit, solved the defect that traditional simple unable secondary extension when only using ROM. And the RSA asymmetric encryption processing is also carried out on the content transmitted to the storage island unit by the burning module. Namely, the private key encryption is carried out on the content at the cloud service module, and after the content is transmitted to the storage island unit, the encrypted content can only be decrypted by using a correct public key through a user. After decryption, the ROM starting unit can read the content in the storage island unit, and then the MCU chip can be started normally. Therefore, illegal molecules can be prevented from stealing or cracking programs, and the breeding of illegal behaviors is fundamentally stopped.
The embodiment further comprises a cloud service module, wherein the cloud service module is used for storing the private key, and the cloud service module encrypts the security program by using the private key to form a ciphertext. A user compiles a plaintext through an IDE (integrated development environment) at a PC (personal computer) end, then the plaintext is transmitted to a cloud server, the cloud server selects different keys according to a specific chip, and then the keys are used for encrypting the plaintext to form a ciphertext. And then the ciphertext is transmitted to the burning module without transmitting the key. The cloud service module manages the secret key, and as long as the secret key is not leaked, even if a lawless person takes the public key, the cipher text cannot be cracked, and the cracking program cannot normally run, so that the rights and interests of software research and development personnel are further guaranteed.
The embodiment further comprises a burning module, wherein the burning module is used for burning the ciphertext into the storage island unit. The burning module of the embodiment includes a set first access timing sequence, and the storage island unit receives the first access timing sequence and performs data interaction with the burning module. Because the storage island module is arranged in the MCU chip and is used as an information island region, and other parts are used as user regions. And users in the information isolated island do not have direct access right, and even some conventional chip reading tools on the market cannot access the information isolated island. Therefore, the present embodiment designs a specific first access timing sequence through the digital circuit, and the first access timing sequence is specific to the burning module. Therefore, some burning modules which do not comprise the first access time sequence cannot read the chip.
The burning module of the embodiment includes a communication interface connected with the storage island unit, and the communication interface includes an SWD interface or a serial interface. The SWD interface is a debugging interface and is used for carrying out simulation debugging on the MCU chip. The serial port interface is mainly used for data communication. The ROM starting unit of this embodiment includes a set second access timing sequence, and the storage island receives the second access timing sequence and performs information interaction with the ROM starting unit. And setting a specific second access time sequence, wherein the second access time sequence is specific to the ROM starting unit, so that some ROMs without the second access time sequence cannot access the storage island unit.
In this embodiment, when software needs to be upgraded or updated, the burning module erases and reads data of the storage island unit. When the chip is started for the first time, the whole storage island has no content. Therefore, the ROM starting unit can not be started normally, and then the ROM starting unit can directly enter the ISP burning subprogram, namely the burning module is started. The burning module records the content of the safety program into the storage island unit through the specific burning APP of the original factory. In the process, the burning module needs to read the storage island, and if the safety program needs to be replaced, the original data needs to be erased.
The security program of this embodiment includes a patch unit, and the patch unit is configured to perform HASH integrity check and ECDSA digital signature verification on the ROM boot unit, and after both verification passes, the ROM boot unit can be booted. The HASH integrity check can check the whole software, and if a certain part is lacked, the check is not passed. The ECDSA digital signature verification process is to firstly use a private key to carry out signature, then carry out verification through a public key, and only start the ROM starting unit after the verification is passed.
The specific universal unique identification code for the MCU module in this embodiment pairs the public key and the private key, where the universal unique identification code includes ID information of a client, and different public keys and private keys are paired according to different ID information. The universal unique identifier is a UUID, and the UUID is a standard constructed by software, and each MCU chip can have a different UUID. Each MCU chip is equivalent to a corresponding number, so that an independent private key and an independent public key can be distributed, and the possibility of stealing software is reduced.
In this embodiment, if the storage island unit does not include the security program encrypted by the private key, the ROM boot unit does not pair the private key and the public key, and the ROM boot unit cannot boot. If lawbreakers acquire the plaintext of the security program and then burn the plaintext of the security program into the MCU module by using other tools, the public key of the ROM starting unit cannot be identified even if the plaintext is detected, and only the ciphertext encrypted by the private key can be identified, so that the security of the software program is improved.
Some conventional methods for cracking programs are generally to read programs, which can be HEX or BIN files, in FLASH in the MCU module through various tools, and then to directly burn the programs into their own hardware boards through hardware copy boards. In this embodiment, two measures are combined to prevent this. Firstly, a storage island unit is added, the storage island unit can be read only by acquiring a specific first access time sequence and a specific second access time sequence, if the storage island unit is not read, a ROM starting unit cannot be started, and a user can modify and upgrade the storage island unit by using a legal access time sequence. To put it back, even if a lawless person obtains the specific access timing sequence from a certain place, the ROM starting unit of the embodiment decrypts the program in the storage island, and performs integrity and legitimacy check, and the ROM starting unit can be normally started only if the check is passed. In the verification process, a globally unique UUID which cannot be repeated by each chip is used, so that a program directly cloned to an MCU developed by others cannot be started up when being burnt on a blank MCU.
The above disclosure is only for a few specific embodiments of the present invention, but the present invention is not limited thereto, and any variations that can be made by those skilled in the art are intended to fall within the scope of the present invention.
Claims (5)
1. A method for realizing MCU chip safety by utilizing ROM combined with a storage island is characterized by comprising an MCU module, wherein the MCU module comprises a storage island unit and a ROM starting unit; further comprising the steps of:
writing a security program, and encrypting the security program through a private key;
the storage island unit stores the security program encrypted by the private key;
the ROM starting unit responds to an external starting signal and pairs the public key and the safety program encrypted by the private key;
if the pairing is successful, the ROM starting unit reads a security program, and then the ROM starting unit is started; if the pairing is unsuccessful, the ROM starting unit cannot read the security program, and further the ROM starting unit cannot be started;
the device comprises a burning module, a data reading module and a data processing module, wherein the burning module is used for burning a ciphertext into the storage island unit, and when software needs to be upgraded or updated, the burning module erases and reads data of the storage island unit;
the system comprises a security program, a cloud service module and a cloud service module, wherein the security program is encrypted by the cloud service module to form a ciphertext;
the PC terminal compiles a plaintext through the IDE, then transmits the plaintext to the cloud server, the cloud server selects different keys according to a specific chip, encrypts the plaintext by using the keys to form a ciphertext, and then transmits the ciphertext to the burning module without transmitting the keys;
the burning module comprises a set first access time sequence, and the storage island unit receives the first access time sequence and performs data interaction with the burning module;
the ROM starting unit comprises a set second access time sequence, and the storage island receives the second access time sequence and carries out information interaction with the ROM starting unit.
2. The method according to claim 1, wherein the burning module includes a communication interface connected to the storage island unit, and the communication interface includes an SWD interface or a serial interface.
3. The method according to claim 1, wherein the security program comprises a patch unit, the patch unit is configured to perform HASH integrity verification and ECDSA digital signature verification on the ROM boot unit, and the ROM boot unit can only boot after the HASH integrity verification and the ECDSA digital signature verification pass.
4. The method according to claim 1, wherein a public key and a private key are paired with a specific universal unique identification code of the MCU module, the universal unique identification code comprises ID information of a client, and different public keys and private keys are paired according to different ID information.
5. The method according to claim 1, wherein if the storage island unit does not include a security program encrypted by a private key, the ROM boot unit does not pair the private key and the public key, and the ROM boot unit cannot boot.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010606503.9A CN111506324B (en) | 2020-06-30 | 2020-06-30 | Method for realizing MCU chip safety by combining traditional ROM with storage island |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010606503.9A CN111506324B (en) | 2020-06-30 | 2020-06-30 | Method for realizing MCU chip safety by combining traditional ROM with storage island |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111506324A CN111506324A (en) | 2020-08-07 |
| CN111506324B true CN111506324B (en) | 2020-11-06 |
Family
ID=71873778
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010606503.9A Active CN111506324B (en) | 2020-06-30 | 2020-06-30 | Method for realizing MCU chip safety by combining traditional ROM with storage island |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111506324B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114415001B (en) * | 2021-12-15 | 2025-05-27 | 上海泰矽微电子有限公司 | Chip test mode switching method and system |
| CN117034297B (en) * | 2023-09-11 | 2024-08-20 | 深圳市航顺芯片技术研发有限公司 | MCU-based safe starting implementation method and related equipment |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP3131675B2 (en) * | 1993-10-12 | 2001-02-05 | 三菱電機株式会社 | Development and evaluation method of one-chip microcomputer and its program |
| CN102981428B (en) * | 2012-10-29 | 2014-12-31 | 天津大学 | Microcontroller order protection structure based on security application and encryption and decryption method thereof |
-
2020
- 2020-06-30 CN CN202010606503.9A patent/CN111506324B/en active Active
Non-Patent Citations (2)
| Title |
|---|
| [加密]展讯secureboot方案;weixin_34014555;《https://blog.csdn.net/weixin_34014555/article/details/86260459》;20180510;第1-8页 * |
| 痞子衡嵌入式:恩智浦MCU安全加密启动一站式工具NXP-MCUBootUtility用户指南;zhaoem82;《https://blog.csdn.net/zhaoem82/article/details/103060720》;20191114;第1-15页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111506324A (en) | 2020-08-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10841628B1 (en) | System and techniques for digital data lineage verification | |
| CN102624699B (en) | Method and system for protecting data | |
| TW201820132A (en) | Unified programming environment for programmable devices | |
| CN109313690A (en) | Self-contained encryption boot policy verifying | |
| CN202795383U (en) | Device and system for protecting data | |
| CN111814132B (en) | Security authentication method and device, security authentication chip, storage medium | |
| CN110334531B (en) | Virtual machine key management method, master node, system, storage medium and device | |
| CN103378971B (en) | A kind of data encryption system and method | |
| CN101968834A (en) | Encryption method and device for anti-copy plate of electronic product | |
| CN110414248B (en) | Method for debugging microprocessor and microprocessor | |
| US20210012017A1 (en) | Method and apparatus for storing and processing application program information | |
| CN109150834A (en) | A kind of embedded device license authorization management method | |
| CN111506324B (en) | Method for realizing MCU chip safety by combining traditional ROM with storage island | |
| US9641339B2 (en) | System and method for authentication for field replaceable units | |
| CN107784226A (en) | Method and system for preventing malicious tampering of codes by using asymmetric encryption algorithm | |
| CN104104650A (en) | Data file visit method and terminal equipment | |
| JP6199712B2 (en) | Communication terminal device, communication terminal association method, and computer program | |
| CN112749383B (en) | Software Authentication Methods and Related Products | |
| CN114040221B (en) | Anti-copy method for security authentication based on double signatures of set top box server side | |
| CN111585995A (en) | Method and device for transmitting and processing safety wind control information, computer equipment and storage medium | |
| WO2017137481A1 (en) | A removable security device and a method to prevent unauthorized exploitation and control access to files | |
| CN118075022A (en) | Applet login method and device, electronic equipment and storage medium | |
| CN100464341C (en) | Generation and management method for digital content use trace based on reliable computing technology | |
| CN108363912B (en) | Program code secret protection method and device | |
| CN115688120A (en) | Secure chip firmware importing method, secure chip and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |