[go: up one dir, main page]

CN112083961A - Boot Loading Method of Embedded Chip - Google Patents

Boot Loading Method of Embedded Chip Download PDF

Info

Publication number
CN112083961A
CN112083961A CN202010779915.2A CN202010779915A CN112083961A CN 112083961 A CN112083961 A CN 112083961A CN 202010779915 A CN202010779915 A CN 202010779915A CN 112083961 A CN112083961 A CN 112083961A
Authority
CN
China
Prior art keywords
embedded chip
rom
time programmable
boot
programmable memory
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010779915.2A
Other languages
Chinese (zh)
Other versions
CN112083961B (en
Inventor
陈雷
甘杰
崔炳荣
王赟
刘浩
蒋大伟
王林鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Information and Telecommunication Co Ltd
Beijing Smartchip Microelectronics Technology Co Ltd
Original Assignee
State Grid Information and Telecommunication Co Ltd
Beijing Smartchip Microelectronics Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Information and Telecommunication Co Ltd, Beijing Smartchip Microelectronics Technology Co Ltd filed Critical State Grid Information and Telecommunication Co Ltd
Priority to CN202010779915.2A priority Critical patent/CN112083961B/en
Publication of CN112083961A publication Critical patent/CN112083961A/en
Application granted granted Critical
Publication of CN112083961B publication Critical patent/CN112083961B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/4401Bootstrapping
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/4401Bootstrapping
    • G06F9/4403Processor initialisation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44521Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Stored Programmes (AREA)

Abstract

本发明涉及集成电路芯片领域,公开一种嵌入式芯片的引导加载方法,嵌入式芯片内的ROM被配置为:用于存储嵌入式芯片的寄存器的配置流程的第一ROM;及用于存储嵌入式芯片的用户程序的引导流程的第二ROM。所述引导加载方法包括:基于第一一次性可编程存储器内的配置数据与第一ROM内的所述配置流程,对嵌入式芯片的寄存器进行配置;将所述嵌入式芯片切换到测试下载模式;及在所述测试下载模式下,响应于指令指针由所述第一ROM跳转到所述第二ROM,基于第二一次性可编程存储器内的配置数据与所述第二ROM内的所述引导流程,执行相应的用户程序的引导操作。本发明可降低不同流程代码的耦合性,且能更有针对性地保护敏感数据不被随意读写,从而提高芯片的安全性。

Figure 202010779915

The invention relates to the field of integrated circuit chips, and discloses a boot loading method of an embedded chip. A ROM in the embedded chip is configured as: a first ROM for storing a configuration process of a register of the embedded chip; The second ROM of the boot flow of the user program of the type chip. The boot loading method includes: configuring the registers of the embedded chip based on the configuration data in the first one-time programmable memory and the configuration process in the first ROM; switching the embedded chip to test download mode; and in the test download mode, in response to an instruction pointer jumping from the first ROM to the second ROM, based on the configuration data in the second one-time programmable memory and the second ROM The boot flow of the corresponding user program is executed. The present invention can reduce the coupling of different process codes, and can more targetedly protect sensitive data from being arbitrarily read and written, thereby improving the security of the chip.

Figure 202010779915

Description

嵌入式芯片的引导加载方法Boot Loading Method of Embedded Chip

技术领域technical field

本发明涉及集成电路芯片,具体地涉及一种嵌入式芯片的引导加载方法。The present invention relates to an integrated circuit chip, in particular to a boot loading method of an embedded chip.

背景技术Background technique

在嵌入式系统中,整个系统的加载启动任务完全由BootLoader来完成。比如大部分的嵌入式系统中,系统在上电或复位时通常都从地址0x00000000处开始执行,而在这个地址处安排的通常就是系统的BootLoader程序。In an embedded system, the loading and starting tasks of the entire system are completely completed by the BootLoader. For example, in most embedded systems, the system usually starts to execute from the address 0x00000000 when it is powered on or reset, and the BootLoader program of the system is usually arranged at this address.

简单地说,BootLoader就是在用户程序运行之前运行的一段小程序。通过这段小程序,可以初始化硬件设备、初始化内存空间,从而将系统的软硬件环境带到一个合适的状态,以便为最终调用操作系统内核准备好正确的环境。通常,BootLoader是严重地依赖于硬件而实现的,特别是在嵌入式世界。因此,在嵌入式世界里建立一个通用的BootLoader几乎是不可能的。尽管如此,仍然可以对BootLoader归纳出一些通用性的东西,以指导用户特定的BootLoader设计与实现。Simply put, BootLoader is a small program that runs before the user program runs. Through this small program, you can initialize the hardware device and initialize the memory space, so as to bring the software and hardware environment of the system to a suitable state, so as to prepare the correct environment for the final call to the operating system kernel. Typically, BootLoader is implemented heavily relying on hardware, especially in the embedded world. Therefore, it is almost impossible to build a generic BootLoader in the embedded world. Nonetheless, some general things can be generalized about BootLoader to guide user-specific BootLoader design and implementation.

比如在大部分芯片上电流程中,BootLoader依次完成以下工作:(1)对使用的RAM区域进行初始化;(2)根据一次性可编程存储器区域(一次性可编程模块)的配置值对CPU相关的硬件寄存器进行初始化;(3)不可逆的跳转到用户区执行用户程序。若安全芯片对自身的安全性提出更高的要求,往往需要对一些关键区域和关键模块进行额外的安全校验,比如在上面流程(1)和(2)之间增加一次性可编程存储器区域的数据的合法性校验;在流程(2)和(3)之间增加芯片特定模块(例如,随机数模块、传感器(sensor)信号检测模块等)的安全自检等。For example, in the power-on process of most chips, BootLoader completes the following tasks in sequence: (1) Initialize the RAM area used; (2) According to the configuration value of the one-time programmable memory area (one-time programmable module), the related CPU (3) irreversibly jump to the user area to execute the user program. If the security chip has higher requirements on its own security, it is often necessary to perform additional security checks on some key areas and key modules, such as adding a one-time programmable memory area between the above processes (1) and (2) The validity of the data is checked; between the processes (2) and (3), the safety self-check of the chip-specific modules (for example, the random number module, the sensor signal detection module, etc.) is added.

然而,BooLoadert程序包含与寄存器的配置流程、芯片的自检流程、样品验证流程及用户系统流程相关的指令,这些指令代码的结构散乱且耦合性高,较容易给芯片系统带来安全隐患。However, the BooLoadert program contains instructions related to the configuration process of registers, the self-checking process of the chip, the sample verification process and the user system process. The structure of these instruction codes is scattered and highly coupled, which can easily bring security risks to the chip system.

发明内容SUMMARY OF THE INVENTION

本发明的目的是为了克服现有技术存在的各个流程代码的结构散乱且耦合性高的缺陷,提供一种嵌入式芯片的引导加载方法,其可降低不同流程代码的耦合性,且能更有针对性地保护敏感数据不被随意读写,从而提高芯片的安全性。The purpose of the present invention is to overcome the defects in the prior art that the structure of each process code is scattered and the coupling is high, and provide a boot loading method of an embedded chip, which can reduce the coupling of different process codes, and can be more Targeted protection of sensitive data from being arbitrarily read and written, thereby improving the security of the chip.

为了实现上述目的,本发明一方面提供一种嵌入式芯片的引导加载方法,其特征在于,所述嵌入式芯片内的ROM被配置为:用于存储关于所述嵌入式芯片的寄存器的配置流程的第一ROM;以及用于存储关于所述嵌入式芯片的用户程序的引导流程的第二ROM,相应地,所述嵌入式芯片内的一次性可编程存储器被配置为:用于存储与所述配置流程相关的配置数据的第一一次性可编程存储器;以及用于存储与所述用户程序的引导流程相关的配置数据的第二一次性可编程存储器,该引导加载方法包括:基于所述第一一次性可编程存储器内的配置数据与所述第一ROM内的所述配置流程,对所述嵌入式芯片的寄存器进行配置;将所述嵌入式芯片切换到测试下载模式;以及在所述测试下载模式下,响应于指令指针由所述第一ROM跳转到所述第二ROM,基于所述第二一次性可编程存储器内的配置数据与所述第二ROM内的所述引导流程,执行相应的用户程序的引导操作。In order to achieve the above object, one aspect of the present invention provides a method for boot loading an embedded chip, wherein the ROM in the embedded chip is configured to store a configuration flow of registers related to the embedded chip The first ROM of the embedded chip; and the second ROM for storing the boot flow of the user program on the embedded chip, correspondingly, the one-time programmable memory in the embedded chip is configured to: a first one-time programmable memory for configuration data related to the configuration process; and a second one-time programmable memory for storing configuration data related to the boot process of the user program, the boot loading method comprising: based on The configuration data in the first one-time programmable memory and the configuration process in the first ROM configure the registers of the embedded chip; switch the embedded chip to a test download mode; and in the test download mode, in response to the instruction pointer jumping from the first ROM to the second ROM, based on the configuration data in the second one-time programmable memory and the second ROM The boot flow of the corresponding user program is executed.

优选地,所述对所述嵌入式芯片的寄存器进行配置包括:判断所述第一一次性可编程存储器内的流程标识的类型;在所述第一一次性可编程存储器内的流程标识为标准分支标识的情况下,对所述第一一次性可编程存储器内的配置数据的正确性进行校验;以及在所述配置数据的正确性通过校验的情况下,对所述寄存器进行配置。Preferably, the configuring the register of the embedded chip includes: judging the type of the process identifier in the first one-time programmable memory; the process identifier in the first one-time programmable memory In the case of a standard branch identification, verifying the correctness of the configuration data in the first one-time programmable memory; and in the case that the correctness of the configuration data passes the verification, verifying the register to configure.

优选地,在执行所述对所述嵌入式芯片的寄存器进行配置的步骤之后,该引导加载方法还包括:按照已配置的寄存器对所述嵌入式芯片的相应功能模块进行自检;以及在所述相应功能模块通过自检的情况下,执行所述将所述嵌入式芯片切换到测试下载模式的步骤。Preferably, after the step of configuring the registers of the embedded chip is performed, the boot loading method further comprises: performing self-inspection on the corresponding function modules of the embedded chip according to the configured registers; When the corresponding function module passes the self-check, the step of switching the embedded chip to the test download mode is performed.

优选地,所述执行相应的用户程序的引导操作包括:判断所述第二一次性可编程存储器内的流程标识的类型;以及在所述第二一次性可编程存储器内的流程标识为用户标识的情况下,响应于指令指针跳转到用户区,执行用户区内的用户程序。Preferably, the booting operation for executing the corresponding user program includes: judging the type of the process identifier in the second one-time programmable memory; and the process identifier in the second one-time programmable memory is: In the case of the user identification, in response to the instruction pointer jumping to the user area, the user program in the user area is executed.

优选地,在执行所述执行用户区内的用户程序的步骤之前,所述执行相应的用户程序的引导操作还包括:设置所述第二一次性可编程存储器的访问模式为不可写模式。Preferably, before executing the step of executing the user program in the user area, the bootstrapping operation of executing the corresponding user program further includes: setting the access mode of the second one-time programmable memory to a non-writable mode.

优选地,所述执行相应的用户程序的引导操作还包括:对所述第二一次性可编程存储器内的配置数据的正确性进行校验;以及在所述第二一次性可编程存储器内的配置数据的正确性通过校验的情况下,执行所述判断所述第二一次性可编程存储器内的流程标识的类型的步骤。Preferably, the booting operation of executing the corresponding user program further includes: verifying the correctness of the configuration data in the second one-time programmable memory; If the correctness of the configuration data in the memory passes the verification, the step of judging the type of the process identifier in the second one-time programmable memory is performed.

优选地,在执行所述判断所述第一一次性可编程存储器内的流程标识的类型的步骤之前,所述对所述嵌入式芯片的寄存器进行配置还包括:对所述第一ROM所需的RAM区进行初始化;以及在执行所述对所述第二一次性可编程存储器内的配置数据的正确性进行校验的步骤之前,所述执行相应的用户程序的引导操作还包括:对所述第二ROM所需的RAM区进行初始化。Preferably, before executing the step of judging the type of the process identifier in the first one-time programmable memory, the configuring the registers of the embedded chip further includes: configuring the registers of the first ROM. The required RAM area is initialized; and before executing the step of verifying the correctness of the configuration data in the second one-time programmable memory, the booting operation of executing the corresponding user program also includes: The RAM area required for the second ROM is initialized.

优选地,在执行所述将所述嵌入式芯片切换到所述测试下载模式的步骤之后,该引导加载方法还包括:设置所述第一ROM、所述第一一次性可编程存储器及已配置的寄存器的访问模式为不可写模式。Preferably, after performing the step of switching the embedded chip to the test download mode, the boot loading method further includes: setting the first ROM, the first one-time programmable memory and the The access mode of the configured registers is not writable.

优选地,所述第一ROM的安全性高于所述第二ROM。Preferably, the security of the first ROM is higher than that of the second ROM.

通过上述技术方案,本发明创造性地将嵌入式芯片内的ROM配置为用于存储关于所述嵌入式芯片的寄存器的配置流程的第一ROM;以及用于存储关于所述嵌入式芯片的用户程序的引导流程的第二ROM,并根据第一一次性可编程存储器内的配置数据与所述配置流程,对所述嵌入式芯片的寄存器进行配置,然后在该嵌入式芯片被切换至测试下载状态并响应于指令指针跳转到第二ROM的情况下,根据第二一次性可编程存储器内的配置数据与所述引导流程,执行相应的用户程序的引导操作。由此,本发明可降低实现不同功能的流程代码的耦合性,且能更有针对性地保护敏感数据不被随意读写,从而提高芯片的安全性。Through the above technical solutions, the present invention creatively configures the ROM in the embedded chip as the first ROM for storing the configuration flow of the registers of the embedded chip; and the user program for storing the embedded chip The second ROM of the boot process, and according to the configuration data in the first one-time programmable memory and the configuration process, the registers of the embedded chip are configured, and then the embedded chip is switched to the test download state and in response to the instruction pointer jumping to the second ROM, according to the configuration data in the second one-time programmable memory and the boot process, the boot operation of the corresponding user program is performed. Therefore, the present invention can reduce the coupling of the process codes for realizing different functions, and can more specifically protect sensitive data from being arbitrarily read and written, thereby improving the security of the chip.

本发明的其它特征和优点将在随后的具体实施方式部分予以详细说明。Other features and advantages of the present invention will be described in detail in the detailed description that follows.

附图说明Description of drawings

附图是用来提供对本发明的进一步理解,并且构成说明书的一部分,与下面的具体实施方式一起用于解释本发明,但并不构成对本发明的限制。在附图中:The accompanying drawings are used to provide a further understanding of the present invention, and constitute a part of the specification, and together with the following specific embodiments, are used to explain the present invention, but do not constitute a limitation to the present invention. In the attached image:

图1是本发明实施例提供的嵌入式芯片的引导加载方法的流程图;1 is a flowchart of a boot loading method for an embedded chip provided by an embodiment of the present invention;

图2是本发明实施例提供的对所述嵌入式芯片的寄存器进行配置的流程图;2 is a flowchart of configuring a register of the embedded chip provided by an embodiment of the present invention;

图3是本发明实施例提供的执行相应的用户程序的引导操作的流程图;3 is a flowchart of a bootstrap operation for executing a corresponding user program provided by an embodiment of the present invention;

图4是本发明实施例提供的嵌入式芯片的验证过程的流程图;4 is a flowchart of a verification process of an embedded chip provided by an embodiment of the present invention;

图5是本发明实施例提供的嵌入式芯片的引导加载方法的流程图;以及5 is a flowchart of a method for boot loading an embedded chip provided by an embodiment of the present invention; and

图6是本发明实施例提供的嵌入式芯片的验证过程及引导加载过程的流程图。FIG. 6 is a flowchart of a verification process and a boot loading process of an embedded chip provided by an embodiment of the present invention.

具体实施方式Detailed ways

以下结合附图对本发明的具体实施方式进行详细说明。应当理解的是,此处所描述的具体实施方式仅用于说明和解释本发明,并不用于限制本发明。The specific embodiments of the present invention will be described in detail below with reference to the accompanying drawings. It should be understood that the specific embodiments described herein are only used to illustrate and explain the present invention, but not to limit the present invention.

在介绍具体实施例之前,简单介绍下本发明的设计思路:考虑到寄存器的配置流程具有一定的敏感性,而芯片的验证流程的安全性要求较低,故可按照安全性和关联性将寄存器配置和安全检测放在安全级别较高的第一ROM(例如,ROM1)中,及将芯片的用户程序(在测试下载模式下,所述用户程序可通过第一测试下载指令被写入用户区)的引导流程放到第二ROM(例如,ROM2)中。由此,可降低不同流程中的代码的耦合性,且能更有针对性地保护敏感数据不被随意读写,从而提高芯片的安全性。Before introducing the specific embodiments, the design idea of the present invention is briefly introduced: considering that the configuration process of the register has a certain sensitivity, and the security requirements of the verification process of the chip are low, the register can be divided according to the security and relevance. The configuration and security detection are placed in the first ROM (for example, ROM1) with a higher security level, and the user program of the chip (in the test download mode, the user program can be written into the user area through the first test download instruction) ) into the second ROM (eg, ROM2). As a result, the coupling of codes in different processes can be reduced, and sensitive data can be protected from being arbitrarily read and written in a more targeted manner, thereby improving the security of the chip.

具体地,所述嵌入式芯片内的ROM被配置为:用于存储关于所述嵌入式芯片的寄存器的配置流程的第一ROM;以及用于存储关于所述嵌入式芯片的用户程序的引导流程的第二ROM,相应地,所述嵌入式芯片内的一次性可编程存储器被配置为:用于存储与所述配置流程相关的配置数据的第一一次性可编程存储器;以及用于存储与所述用户程序的引导流程相关的配置数据的第二一次性可编程存储器。Specifically, the ROM in the embedded chip is configured as: a first ROM for storing a configuration flow of registers of the embedded chip; and a boot flow for storing a user program of the embedded chip The second ROM, correspondingly, the one-time programmable memory in the embedded chip is configured as: a first one-time programmable memory for storing configuration data related to the configuration process; and a first one-time programmable memory for storing A second one-time programmable memory for configuration data related to the boot flow of the user program.

图1是本发明一实施例提供的嵌入式芯片的引导加载方法的流程图。如图1所示,所述嵌入式芯片的引导加载方法可包括以下步骤S101-S103。FIG. 1 is a flowchart of a method for bootloading an embedded chip according to an embodiment of the present invention. As shown in FIG. 1 , the boot loading method of the embedded chip may include the following steps S101-S103.

步骤S101,基于所述第一一次性可编程存储器内的配置数据与所述第一ROM内的所述配置流程,对所述嵌入式芯片的寄存器进行配置。Step S101 , configure the registers of the embedded chip based on the configuration data in the first one-time programmable memory and the configuration process in the first ROM.

对于步骤S101,如图2所示,所述对所述嵌入式芯片的寄存器进行配置包括以下步骤S201-S203。For step S101, as shown in FIG. 2, the configuration of the registers of the embedded chip includes the following steps S201-S203.

步骤S201,判断所述第一一次性可编程存储器内的流程标识的类型。Step S201, judging the type of the process identifier in the first one-time programmable memory.

所述流程标识的类型与第一一次性可编程(OTP)存储器(例如,配置区OTP存储器)内的配置数据的具体情况相关。具体地,当所述配置区OTP存储器未被初始化时,所述流程标识可通过默认的配置数据的具体情况被判定为快速分支标识;当所述配置区OTP存储器已被初始化时,所述流程标识可通过相应的配置数据的具体情况被判定为标准分支标识。The type of the process identification is related to the specific situation of the configuration data in the first one-time programmable (OTP) memory (eg, the configuration area OTP memory). Specifically, when the configuration area OTP memory has not been initialized, the process identification can be determined as a fast branch identification according to the specific situation of the default configuration data; when the configuration area OTP memory has been initialized, the flow The identification can be determined as a standard branch identification according to the specific situation of the corresponding configuration data.

需说明的是,为了保证程序运行的初始状态,在执行步骤S201之前,所述对所述嵌入式芯片的寄存器进行配置还包括:对所述第一ROM所需的RAM区及栈空间进行初始化。具体地,响应于所述嵌入式芯片被供电,从ROM1的0地址处开始执行对其所需的RAM区与栈空间的初始化,以保证下述样品验证过程能够正常执行。It should be noted that, in order to ensure the initial state of program operation, before step S201 is executed, the configuring the registers of the embedded chip further includes: initializing the RAM area and stack space required by the first ROM . Specifically, in response to the embedded chip being powered on, initialization of the RAM area and stack space required for the embedded chip is performed from address 0 of ROM1, so as to ensure that the following sample verification process can be performed normally.

步骤S202,在所述第一一次性可编程存储器内的流程标识为标准分支标识的情况下,判断所述第一一次性可编程存储器内的配置数据的正确性校验是否成功,若成功,则执行步骤S203;否则,芯片进入沉默状态。Step S202, in the case that the process identification in the first one-time programmable memory is a standard branch identification, determine whether the correctness check of the configuration data in the first one-time programmable memory is successful, if If successful, step S203 is executed; otherwise, the chip enters a silent state.

由于第一一次性可编程(OTP)存储器(例如,配置区OTP)所存储的数据是ROM1运行的关键数据,且嵌入式芯片的关键寄存器的值也是通过配置区存储器读入,故为了保证所述与引导加载过程相关的流程执行的正确性,通过步骤S202执行配置数据的正确性校验。具体地,在提前写入配置数据的循环冗余校验(CRC)值的情况下,对配置数据的CRC值的正确性进行校验。Since the data stored in the first one-time programmable (OTP) memory (for example, the configuration area OTP) is the key data for the operation of the ROM1, and the values of the key registers of the embedded chip are also read in through the configuration area memory, in order to ensure The correctness of the execution of the process related to the boot loading process is performed through step S202 to perform correctness verification of the configuration data. Specifically, in the case of writing the Cyclic Redundancy Check (CRC) value of the configuration data in advance, the correctness of the CRC value of the configuration data is checked.

步骤S203,对所述寄存器进行配置。Step S203, configure the register.

该步骤S203可为步骤S103中的用户程序的引导操作的执行奠定基础,这是因为所述引导操作只有采用寄存器的配置数据才能顺利进行。This step S203 can lay a foundation for the execution of the bootstrap operation of the user program in step S103, because the bootstrap operation can only be performed smoothly by using the configuration data of the register.

在执行步骤S203之后,所述引导加载方法还可包括:按照已配置的寄存器(即芯片的安全要求以被配置在该寄存器内)对所述嵌入式芯片的相应功能模块进行自检;以及在所述相应功能模块通过自检的情况下,执行所述将所述嵌入式芯片切换到测试下载模式的步骤。After step S203 is performed, the bootloading method may further include: performing a self-check on the corresponding function module of the embedded chip according to the configured register (that is, the security requirements of the chip to be configured in the register); and When the corresponding function module passes the self-check, the step of switching the embedded chip to the test download mode is performed.

其中,所述嵌入式芯片的相应功能模块可为算法模块、随机数模块或传感器模块等。Wherein, the corresponding functional module of the embedded chip may be an algorithm module, a random number module, or a sensor module or the like.

步骤S102,将所述嵌入式芯片切换到测试下载模式。Step S102, switching the embedded chip to a test download mode.

与此同时,可将指令指针设置为由ROM1跳转到ROM2。At the same time, the instruction pointer can be set to jump from ROM1 to ROM2.

在执行步骤S102之后,所述引导加载方法还可包括:设置所述第一ROM、所述第一一次性可编程存储器及已配置的寄存器的访问模式为不可写模式。具体地,可通过专用的第一设置寄存器设置所述ROM1、所述配置区OTP存储器及所述寄存器为不可写状态。由此,可屏蔽对ROM1、所述配置区OTP存储器及所述寄存器的恶意修改,从而提高系统的安全性。After step S102 is performed, the boot loading method may further include: setting the access mode of the first ROM, the first one-time programmable memory and the configured registers to a non-writable mode. Specifically, the ROM1, the configuration area OTP memory and the register can be set to an unwritable state through a dedicated first setting register. Thus, malicious modification to the ROM1, the configuration area OTP memory and the registers can be shielded, thereby improving the security of the system.

步骤S103,在所述测试下载模式下,响应于指令指针由所述第一ROM跳转到所述第二ROM,基于所述第二一次性可编程存储器内的配置数据与所述第二ROM内的所述引导流程,执行相应的用户程序的引导操作。Step S103, in the test download mode, in response to the instruction pointer jumping from the first ROM to the second ROM, based on the configuration data in the second one-time programmable memory and the second ROM The boot process in the ROM executes the boot operation of the corresponding user program.

对于步骤S103,如图3所示,所述执行相应的用户程序的引导操作可包括如下步骤S301-S302。For step S103, as shown in FIG. 3, the bootstrap operation for executing the corresponding user program may include the following steps S301-S302.

步骤S301,判断所述第二一次性可编程存储器内的流程标识的类型。Step S301, judging the type of the process identifier in the second one-time programmable memory.

其中,所述第二一次性可编程存储器内的流程标识可通过测试下载模式下的第二测试下载指令被设置。Wherein, the process identifier in the second one-time programmable memory can be set by the second test download instruction in the test download mode.

由于用户流程也依赖于第二一次性可编程(OTP)存储器(例如,用户区OTP存储器)内的配置数据,故为了保证所述用户流程执行的正确性,在执行所述步骤S301之前,所述执行相应的用户操作还可包括:对所述第二一次性可编程存储器内的配置数据的正确性进行校验,并在所述配置数据的正确性通过校验的情况下,再执行步骤S301。比如,在提前写入配置数据的循环冗余校验(CRC)值的情况下,对配置数据的CRC值的正确性进行校验。Since the user flow also depends on the configuration data in the second one-time programmable (OTP) memory (for example, the user area OTP memory), in order to ensure the correctness of the execution of the user flow, before performing the step S301, The performing the corresponding user operation may further include: verifying the correctness of the configuration data in the second one-time programmable memory, and in the case that the correctness of the configuration data passes the verification, re-checking the correctness of the configuration data. Step S301 is executed. For example, when the cyclic redundancy check (CRC) value of the configuration data is written in advance, the correctness of the CRC value of the configuration data is checked.

并且,在执行所述对所述第二一次性可编程存储器内的配置数据的正确性进行校验的步骤之前,所述执行相应的用户操作还可包括:对所述第二ROM所需的RAM区及栈空间进行初始化。Moreover, before performing the step of verifying the correctness of the configuration data in the second one-time programmable memory, the performing the corresponding user operation may further include: The RAM area and stack space are initialized.

步骤S302,在所述第二一次性可编程存储器内的流程标识为用户标识的情况下,响应于指令指针跳转到用户区,执行用户区内的用户程序。Step S302, in the case that the process identifier in the second one-time programmable memory is the user identifier, jump to the user area in response to the instruction pointer, and execute the user program in the user area.

响应于指令指针跳转到用户区,在执行所述执行用户区内的用户程序的步骤之前,还可将所述第二一次性可编程存储器的访问模式设置为不可写模式。例如,可通过专用的第二设置寄存器将用户区OTP存储器设置为不可写状态,从而可屏蔽对用户区OTP存储器的恶意修改,进而提高系统的安全性。In response to the instruction pointer jumping to the user area, before executing the step of executing the user program in the user area, the access mode of the second one-time programmable memory may also be set to a non-writable mode. For example, the user area OTP memory can be set to a non-writable state through a dedicated second setting register, so that malicious modification to the user area OTP memory can be shielded, thereby improving the security of the system.

上述的嵌入式芯片的引导加载过程是在默认为第一一次性可编程存储器(例如,配置区OTP存储器)与第二一次性可编程存储器(例如,用户区OTP存储器)已被初始化的前提下进行的。当然,本发明还可采用由下文描述的嵌入式芯片的验证方法所获取的与配置流程及用户程序的引导流程相关的配置数据分别对配置区OTP存储器及用户区OTP存储器进行初始化。The above-mentioned boot loading process of the embedded chip is that the first one-time programmable memory (for example, the configuration area OTP memory) and the second one-time programmable memory (for example, the user area OTP memory) have been initialized by default. under the premise. Of course, the present invention can also use the configuration data related to the configuration process and the boot process of the user program obtained by the embedded chip verification method described below to initialize the configuration area OTP memory and the user area OTP memory respectively.

在常规引导加载流程中,首先需要按照一次性可编程(OTP)存储器内的配置数据对芯片的寄存器进行配置;然后需要按照已配置的寄存器(即芯片的安全要求以被配置在该寄存器内)进行芯片自身的特殊模块进行安全自检;最后在自检成功的情况下对芯片进行样品验证。其中某些检测的边界值依赖于OTP存储器内的某数据的读入,在芯片制作完毕时,如果OTP存储器内的某数据不存在,那么就会导致安全自检失败,继而不能进入样品验证过程。这是由于样品验证的进行严重依赖于OTP存储器内的配置数据,且样品验证过程又比较复杂,样品验证的过程会受到严重限制而无法执行。此外,由于芯片的安全自检的特殊性,在此阶段更容易出现问题,导致后续样品验证无法执行。针对上述缺陷,本发明加入快速分支标识,会跳过寄存器的配置和芯片的安全自检,按照寄存器默认配置进入样品验证指令系统,从而能够帮助样品验证提高工作效率,增加发现隐藏问题的几率。In the conventional bootloading process, the registers of the chip need to be configured first according to the configuration data in the one-time programmable (OTP) memory; then the registers need to be configured according to the configured registers (that is, the security requirements of the chip to be configured in the registers) The special module of the chip itself is carried out for safety self-inspection; finally, the sample verification of the chip is carried out if the self-inspection is successful. Some of the detection boundary values depend on the read-in of a certain data in the OTP memory. After the chip is fabricated, if a certain data in the OTP memory does not exist, it will cause the safety self-inspection to fail, and then the sample verification process cannot be entered. . This is because the sample verification process depends heavily on the configuration data in the OTP memory, and the sample verification process is complicated, so the sample verification process will be severely restricted and cannot be executed. In addition, due to the particularity of the chip's security self-inspection, problems are more likely to occur at this stage, resulting in failure to perform subsequent sample verification. In view of the above defects, the present invention adds a quick branch identification, which skips the configuration of the register and the safety self-check of the chip, and enters the sample verification instruction system according to the default configuration of the register, thereby helping the sample verification to improve work efficiency and increase the probability of discovering hidden problems.

具体地,样品验证过程是指对嵌入式芯片内的功能进行验证以确定其是否满足设计需求,从而可防止被恶意攻击之后配置区OTP内的配置数据被修改或被删除,进而该配置区OTP存储器内的正确且完整的配置数据可确保后续用户系统内的用户程序能够安全正常地运行。而用户程序的引导流程是指用于将嵌入式芯片的执行流程引导进入用户系统中的用户程序的流程。。Specifically, the sample verification process refers to verifying the functions in the embedded chip to determine whether it meets the design requirements, so as to prevent the configuration data in the configuration area OTP from being modified or deleted after being maliciously attacked, and then the configuration area OTP can be prevented from being modified or deleted. Correct and complete configuration data in memory ensures that user programs in subsequent user systems can run safely and properly. The boot flow of the user program refers to a flow for guiding the execution flow of the embedded chip into the user program in the user system. .

具体而言,以设置有两个ROM(ROM1与ROM2)的情况为例对嵌入式芯片(以下简称为芯片)的验证过程进行详细地解释和说明,具体包括以下步骤S401-S408,如图4所示。并且,可提前将第二OTP存储器(例如,用户区OTP存储器)内的流程标识设置为验证标识。Specifically, taking the case where two ROMs (ROM1 and ROM2) are provided as an example, the verification process of the embedded chip (hereinafter referred to as the chip) is explained in detail, including the following steps S401-S408, as shown in FIG. 4 shown. Also, the process identifier in the second OTP storage (eg, the user area OTP storage) may be set as the verification identifier in advance.

步骤S401,响应于芯片被供电,对ROM1所需的RAM区及栈空间进行初始化。Step S401, in response to the chip being powered on, initialize the RAM area and stack space required by the ROM1.

步骤S402,判断配置区OTP存储器内的流程标识的类型。Step S402, judging the type of the process identifier in the OTP memory in the configuration area.

步骤S403,在所述配置区OTP存储器内的流程标识为快速分支标识的情况下,对用户区OTP存储器执行初始化。Step S403, in the case that the process identifier in the OTP memory in the configuration area is a fast branch identifier, perform initialization on the OTP memory in the user area.

步骤S404,将芯片切换到测试下载模式。Step S404, switching the chip to the test download mode.

与此同时,可将指令指针设置为由ROM1跳转到ROM2。At the same time, the instruction pointer can be set to jump from ROM1 to ROM2.

步骤S405,响应于指令指针由ROM1跳转到ROM2,对ROM2所需的RAM区及栈空间进行初始化。Step S405, in response to the instruction pointer jumping from ROM1 to ROM2, initialize the RAM area and stack space required by ROM2.

步骤S406,判断用户区OTP存储器内的配置数据的正确性校验是否成功,若成功,则执行步骤S407;否则,芯片进入沉默状态。In step S406, it is judged whether the correctness check of the configuration data in the OTP memory of the user area is successful, if successful, step S407 is executed; otherwise, the chip enters a silent state.

步骤S407,判断用户区OTP存储器内的流程标识的类型。Step S407, judging the type of the process identifier in the OTP memory in the user area.

步骤S408,在所述用户区OTP存储器内的流程标识为验证标识的情况下,对芯片执行验证过程。Step S408, in the case that the process identifier in the user area OTP memory is the verification identifier, perform the verification process on the chip.

在验证成功的条件下,可将用户区OTP存储器内的流程标识设置为用户标识,以便于执行所述嵌入式芯片的引导加载流程。Under the condition that the verification is successful, the process identifier in the OTP memory of the user area can be set as the user identifier, so as to facilitate the execution of the boot loading process of the embedded chip.

上述芯片的验证过程首先判断第一OTP存储器内的流程标识的类型,并当该流程标识为快速分支标识时对第二一次性可编程存储器执行初始化;然后将嵌入式芯片切换到测试下载模式;之后在测试下载模式下基于第二一次性可编程存储器内的配置数据与验证流程,对嵌入式芯片执行验证过程,从而可跳过芯片的安全自检阶段并快速进入样品验证过程,从而增加芯片的可测试性。The verification process of the above-mentioned chip firstly judges the type of the process identification in the first OTP memory, and performs initialization on the second one-time programmable memory when the process identification is a fast branch identification; then the embedded chip is switched to the test download mode ; Then in the test download mode, based on the configuration data and the verification process in the second one-time programmable memory, the verification process is performed on the embedded chip, so that the security self-inspection stage of the chip can be skipped and the sample verification process can be quickly entered, thereby Increase the testability of the chip.

具体而言,以设置有两个ROM(ROM1与ROM2)的情况为例对嵌入式芯片(以下简称为芯片)的引导加载过程进行详细地解释和说明,具体包括以下步骤S501-S513,如图5所示。并且,已提前将第二OTP存储器(例如,用户区OTP存储器)内的流程标识设置为用户标识。Specifically, taking the case where two ROMs (ROM1 and ROM2) are provided as an example, the boot-loading process of the embedded chip (hereinafter referred to as the chip) is explained and described in detail, including the following steps S501-S513, as shown in the figure 5 shown. And, the process identifier in the second OTP storage (eg, the user area OTP storage) has been set as the user identifier in advance.

步骤S501,采用上述芯片的验证过程获取的配置数据对配置区OTP存储器与用户区OTP存储器执行初始化。Step S501 , initialize the configuration area OTP memory and the user area OTP memory by using the configuration data obtained in the verification process of the chip.

步骤S502,对ROM1所需的RAM区及栈空间进行初始化。Step S502, initialize the RAM area and stack space required by the ROM1.

步骤S503,判断配置区OTP存储器内的流程标识的类型。Step S503, judging the type of the process identifier in the OTP memory in the configuration area.

步骤S504,在所述配置区OTP存储器内的流程标识为标准分支标识的情况下,判断配置区OTP存储器内的配置数据的正确性的校验是否成功,若成功,则执行步骤S505;否则,芯片进入沉默状态。Step S504, when the process identification in the configuration area OTP memory is a standard branch identification, determine whether the verification of the correctness of the configuration data in the configuration area OTP memory is successful, if successful, then execute step S505; otherwise, The chip goes silent.

步骤S505,根据配置区OTP存储器内的配置数据对与芯片的寄存器进行配置。Step S505, configure the registers of the chip according to the configuration data in the OTP memory in the configuration area.

步骤S506,判断各个自检标识是否生效,若生效,则执行步骤S607;否则,执行步骤S508。In step S506, it is judged whether each self-checking identifier is valid, and if it is valid, step S607 is performed; otherwise, step S508 is performed.

步骤S507,判断各个自检过程是否均成功,若成功,执行步骤S608;否则,芯片进入沉默状态。In step S507, it is judged whether each self-checking process is successful. If successful, step S608 is executed; otherwise, the chip enters a silent state.

步骤S508,将芯片切换到测试下载模式。Step S508, switching the chip to the test download mode.

与此同时,可将指令指针设置为由ROM1跳转到ROM2。At the same time, the instruction pointer can be set to jump from ROM1 to ROM2.

步骤S509,响应于指令指针由ROM1跳转到ROM2,对ROM2所需的RAM区及栈空间进行初始化。Step S509, in response to the instruction pointer jumping from ROM1 to ROM2, initialize the RAM area and stack space required by ROM2.

步骤S510,判断用户区OTP存储器内的配置数据的正确性的校验是否成功,若成功,则执行步骤S511;否则,芯片进入沉默状态。In step S510, it is judged whether the verification of the correctness of the configuration data in the OTP memory of the user area is successful. If successful, step S511 is executed; otherwise, the chip enters a silent state.

步骤S511,判断用户区OTP存储器内的流程标识的类型。Step S511, judging the type of the process identifier in the OTP memory in the user area.

步骤S512,在所述用户区OTP存储器内的流程标识为用户标识的情况下,设置用户区OTP存储器的访问模式为不可写模式。Step S512, in the case that the process identifier in the user area OTP memory is a user identifier, set the access mode of the user area OTP memory to a non-writable mode.

步骤S513,响应于指令指针跳转到用户区,执行用户区内的用户程序。Step S513, in response to the instruction pointer jumping to the user area, the user program in the user area is executed.

在实际应用中,对于一个嵌入式芯片而言,其配置区OTP存储器可能已被初始化或者可能未被初始化。在配置区OTP存储器已被初始化的情况下,可认为该芯片已完成验证过程,并可判定配置区OTP存储器内的流程标识为标准流程分支,然后执行标准流程分支的流程进入用户系统;而在配置区OTP存储器可能未被初始化的情况下,可判定配置区OTP存储器内的流程标识为快速流程分支,然后通过快速流程分支的流程执行芯片的验证流程,再通过标准流程分支的流程进入用户系统。In practical applications, for an embedded chip, its configuration area OTP memory may or may not be initialized. In the case that the OTP memory in the configuration area has been initialized, it can be considered that the chip has completed the verification process, and it can be determined that the process in the OTP memory in the configuration area is identified as a standard process branch, and then the process of the standard process branch is executed to enter the user system; When the OTP memory in the configuration area may not be initialized, it can be determined that the process in the OTP memory in the configuration area is marked as a fast process branch, and then the verification process of the chip is executed through the process of the fast process branch, and then enters the user system through the process of the standard process branch. .

具体而言,以设置有两个ROM(ROM1与ROM2)的情况为例对嵌入式芯片(以下简称为芯片)的引导加载过程进行详细地解释和说明,具体包括以下步骤S601-S615,如图6所示。Specifically, taking the case where two ROMs (ROM1 and ROM2) are provided as an example, the boot loading process of the embedded chip (hereinafter referred to as the chip) is explained and described in detail, including the following steps S601-S615, as shown in the figure 6 shown.

步骤S601,对ROM1所需的RAM区及栈空间进行初始化。Step S601, initialize the RAM area and stack space required by the ROM1.

步骤S602,判断配置区OTP存储器内的流程标识是否为快速分支标识,若是,执行步骤S603;否则,执行步骤S610。Step S602, it is judged whether the process identifier in the OTP memory of the configuration area is a fast branch identifier, if so, step S603 is performed; otherwise, step S610 is performed.

步骤S603,对用户区OTP存储器执行初始化。Step S603, initialize the user area OTP memory.

与此同时,可将用户区OTP存储器内的流程标识设置为验证标识。At the same time, the process identifier in the OTP memory of the user area can be set as the verification identifier.

步骤S604,将芯片切换到测试下载模式。Step S604, switching the chip to the test download mode.

与此同时,可将指令指针设置为由ROM1跳转到ROM2。At the same time, the instruction pointer can be set to jump from ROM1 to ROM2.

步骤S605,响应于指令指针由ROM1跳转到ROM2,对ROM2所需的RAM区及栈空间进行初始化。Step S605, in response to the instruction pointer jumping from ROM1 to ROM2, initialize the RAM area and stack space required by ROM2.

步骤S606,判断用户区OTP存储器内的配置数据的正确性的校验是否成功,若成功,则执行步骤S707;否则,芯片进入沉默状态。In step S606, it is judged whether the verification of the correctness of the configuration data in the OTP memory of the user area is successful, if successful, step S707 is executed; otherwise, the chip enters a silent state.

步骤S607,判断用户区OTP存储器内的流程标识是否为验证标识,若是,执行步骤S608;否则,执行步骤S614。In step S607, it is judged whether the process identifier in the OTP memory of the user area is a verification identifier, and if so, step S608 is performed; otherwise, step S614 is performed.

步骤S608,对芯片执行验证过程,并在验证成功的条件下,将用户区OTP存储器内的流程标识设置为用户标识,并执行步骤S609。In step S608, the verification process is performed on the chip, and under the condition that the verification is successful, the process identifier in the OTP memory of the user area is set as the user identifier, and step S609 is performed.

步骤S609,对配置区OTP存储器与用户区OTP存储器执行初始化,并执行步骤S601。In step S609, initialization is performed on the OTP memory in the configuration area and the OTP memory in the user area, and step S601 is performed.

经过步骤S601-S602,当判断得到配置区OTP存储器内的流程标识不为快速分支标识(即流程标识为标准分支标识)时,执行步骤S610。After steps S601-S602, when it is determined that the process identifier in the OTP memory in the configuration area is not a fast branch identifier (ie, the process identifier is a standard branch identifier), step S610 is executed.

步骤S610,判断配置区OTP存储器内的配置数据的正确性的校验是否成功,若成功,则执行步骤S611;否则,芯片进入沉默状态。In step S610, it is judged whether the verification of the correctness of the configuration data in the OTP memory in the configuration area is successful. If successful, step S611 is executed; otherwise, the chip enters a silent state.

步骤S611,根据配置区OTP存储器内的配置数据对与芯片的寄存器进行配置。Step S611, configure the registers of the chip according to the configuration data in the OTP memory in the configuration area.

步骤S612,判断各个自检标识是否生效,若生效,则执行步骤S613;否则,执行步骤S604。In step S612, it is judged whether each self-checking identifier is valid, and if it is valid, step S613 is performed; otherwise, step S604 is performed.

步骤S613,判断各个自检过程是否均成功,若成功,执行步骤S604;否则,芯片进入沉默状态。In step S613, it is judged whether each self-checking process is successful. If successful, step S604 is executed; otherwise, the chip enters a silent state.

经过步骤S604-S607,当判断得到用户区OTP存储器内的流程标识不为验证标识(即流程标识为用户标识)时,执行步骤S614。After steps S604-S607, when it is determined that the process identifier in the OTP memory of the user area is not the verification identifier (ie, the process identifier is the user identifier), step S614 is executed.

步骤S614,设置用户区OTP存储器的访问模式为不可写模式。Step S614, setting the access mode of the OTP memory in the user area to the non-writable mode.

步骤S615,响应于指令指针跳转到用户区,执行用户区内的用户程序。Step S615, in response to the instruction pointer jumping to the user area, the user program in the user area is executed.

综上所述,本发明创造性地将嵌入式芯片内的ROM配置为用于存储关于所述嵌入式芯片的寄存器的配置流程的第一ROM;以及用于存储关于所述嵌入式芯片的用户程序的引导流程的第二ROM,并根据第一一次性可编程存储器内的配置数据与所述配置流程,对所述嵌入式芯片的寄存器进行配置,然后在该嵌入式芯片被切换至测试下载状态并响应于指令指针跳转到第二ROM的情况下,根据第二一次性可编程存储器内的配置数据与所述引导流程,执行相应的用户程序的引导操作。由此,本发明可降低实现不同功能的流程代码的耦合性,且能更有针对性地保护敏感数据不被随意读写,从而提高芯片的安全性。To sum up, the present invention creatively configures the ROM in the embedded chip as the first ROM for storing the configuration flow of the registers of the embedded chip; and the user program for storing the embedded chip The second ROM of the boot process, and according to the configuration data in the first one-time programmable memory and the configuration process, the registers of the embedded chip are configured, and then the embedded chip is switched to the test download state and in response to the instruction pointer jumping to the second ROM, according to the configuration data in the second one-time programmable memory and the boot process, the boot operation of the corresponding user program is performed. Therefore, the present invention can reduce the coupling of the process codes for realizing different functions, and can more specifically protect sensitive data from being arbitrarily read and written, thereby improving the security of the chip.

相应地,本发明实施例还提供一种机器可读存储介质,所述机器可读存储介质上存储有指令,该指令用于使得机器执行上述的嵌入式芯片的引导加载方法。Correspondingly, an embodiment of the present invention further provides a machine-readable storage medium, where an instruction is stored on the machine-readable storage medium, and the instruction is used to cause a machine to execute the above-mentioned boot loading method of an embedded chip.

所述机器可读存储介质包括但不限于相变内存(相变随机存取存储器的简称,Phase Change Random Access Memory,PRAM,亦称为RCM/PCRAM)、静态随机存取存储器(SRAM)、动态随机存取存储器(DRAM)、其他类型的随机存取存储器(RAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、快闪记忆体(Flash Memory)或其他内存技术、只读光盘只读存储器(CD-ROM)、数字多功能光盘(DVD)或其他光学存储、磁盒式磁带,磁带磁盘存储或其他磁性存储设备等各种可以存储程序代码的介质。The machine-readable storage medium includes but is not limited to phase change memory (abbreviation for phase change random access memory, Phase Change Random Access Memory, PRAM, also known as RCM/PCRAM), static random access memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), Flash Memory, or other memory technology, compact disc read only memory (CD-ROM), digital versatile disc (DVD) or other optical storage, magnetic cassettes, magnetic tape disk storage or other magnetic storage devices, etc., various media that can store program code.

以上结合附图详细描述了本发明的优选实施方式,但是,本发明并不限于上述实施方式中的具体细节,在本发明的技术构思范围内,可以对本发明的技术方案进行多种简单变型,这些简单变型均属于本发明的保护范围。The preferred embodiments of the present invention have been described in detail above with reference to the accompanying drawings. However, the present invention is not limited to the specific details of the above-mentioned embodiments. Within the scope of the technical concept of the present invention, various simple modifications can be made to the technical solutions of the present invention, These simple modifications all belong to the protection scope of the present invention.

另外需要说明的是,在上述具体实施方式中所描述的各个具体技术特征,在不矛盾的情况下,可以通过任何合适的方式进行组合。为了避免不必要的重复,本发明对各种可能的组合方式不再另行说明。In addition, it should be noted that each specific technical feature described in the above-mentioned specific implementation manner may be combined in any suitable manner under the circumstance that there is no contradiction. In order to avoid unnecessary repetition, the present invention will not further describe various possible combinations.

此外,本发明的各种不同的实施方式之间也可以进行任意组合,只要其不违背本发明的思想,其同样应当视为本发明所公开的内容。In addition, the various embodiments of the present invention can also be combined arbitrarily, as long as they do not violate the spirit of the present invention, they should also be regarded as the contents disclosed in the present invention.

Claims (10)

1. A boot loading method of an embedded chip, wherein a ROM within the embedded chip is configured to: a first ROM for storing a configuration flow regarding a register of the embedded chip; and a second ROM for storing a boot flow of a user program with respect to the embedded chip, and accordingly, the one-time programmable memory within the embedded chip is configured to: a first one-time programmable memory for storing configuration data relating to the configuration flow; and a second one-time programmable memory for storing configuration data relating to a boot flow of the user program, the boot loading method comprising:
configuring a register of the embedded chip based on configuration data in the first one-time programmable memory and the configuration process in the first ROM;
switching the embedded chip to a test downloading mode; and
and in the test downloading mode, responding to the jump of an instruction pointer from the first ROM to the second ROM, and executing the corresponding boot operation of the user program based on the configuration data in the second one-time programmable memory and the boot flow in the second ROM.
2. The boot loading method of the embedded chip according to claim 1, wherein the configuring the register of the embedded chip comprises:
judging the type of the process identifier in the first one-time programmable memory;
under the condition that the flow identification in the first one-time programmable memory is a standard branch identification, checking the correctness of the configuration data in the first one-time programmable memory; and
and configuring the register under the condition that the correctness of the configuration data passes the verification.
3. The boot loading method of the embedded chip according to claim 1, wherein after the step of configuring the register of the embedded chip is performed, the boot loading method further comprises:
self-checking the corresponding functional module of the embedded chip according to the configured register; and
and under the condition that the corresponding functional module passes the self-test, executing the step of switching the embedded chip to a test downloading mode.
4. The boot loading method of the embedded chip according to claim 1, wherein the executing the boot operation of the corresponding user program comprises:
judging the type of the process identifier in the second one-time programmable memory; and
and in the case that the flow identifier in the second one-time programmable memory is the user identifier, responding to the instruction pointer jumping to the user area, and executing the user program in the user area.
5. The boot loading method of the embedded chip according to claim 4, wherein before the step of executing the user program in the user area, the step of executing the corresponding user program further comprises: and setting the access mode of the second one-time programmable memory to be a non-writable mode.
6. The boot loading method of the embedded chip according to claim 4, wherein the executing the boot operation of the corresponding user program further comprises:
checking the correctness of the configuration data in the second one-time programmable memory; and
and under the condition that the correctness of the configuration data in the second one-time programmable memory passes the verification, executing the step of judging the type of the process identifier in the second one-time programmable memory.
7. The boot loading method of an embedded chip according to claim 6,
before the step of determining the type of the process identifier in the first otp memory is executed, the configuring the register of the embedded chip further includes: initializing a RAM area required by the first ROM; and
before the step of checking the correctness of the configuration data in the second otp memory is executed, the executing the boot operation of the corresponding user program further includes: initializing a RAM area required for the second ROM.
8. The boot loading method of the embedded chip according to claim 1, wherein after the step of switching the embedded chip to the test download mode is performed, the boot loading method further comprises: setting an access mode of the first ROM, the first one-time programmable memory, and the configured register to a non-writable mode.
9. The boot loading method of an embedded chip according to claim 1, wherein the first ROM is higher in security than the second ROM.
10. A machine-readable storage medium having stored thereon instructions for causing a machine to perform the method of bootloading an embedded chip according to any one of claims 1-9.
CN202010779915.2A 2020-08-05 2020-08-05 Embedded chip boot loading method Active CN112083961B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010779915.2A CN112083961B (en) 2020-08-05 2020-08-05 Embedded chip boot loading method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010779915.2A CN112083961B (en) 2020-08-05 2020-08-05 Embedded chip boot loading method

Publications (2)

Publication Number Publication Date
CN112083961A true CN112083961A (en) 2020-12-15
CN112083961B CN112083961B (en) 2022-01-14

Family

ID=73735523

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010779915.2A Active CN112083961B (en) 2020-08-05 2020-08-05 Embedded chip boot loading method

Country Status (1)

Country Link
CN (1) CN112083961B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113590209A (en) * 2021-09-29 2021-11-02 翱捷科技(深圳)有限公司 Chip starting control method, chip and electronic equipment
TWI799135B (en) * 2021-12-20 2023-04-11 瑞昱半導體股份有限公司 Chip design verification system, chip design verification method, and computer readable recording media with stored programs

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040163080A1 (en) * 2003-01-10 2004-08-19 Amitabh Menon Multiple patches to on-chip ROM in a processor with a multilevel memory system without affecting performance
CN104424008A (en) * 2013-08-30 2015-03-18 飞思卡尔半导体公司 System and method for secure boot ROM patch
CN104981778A (en) * 2013-02-22 2015-10-14 马维尔国际贸易有限公司 Patching boot code of read-only memory

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040163080A1 (en) * 2003-01-10 2004-08-19 Amitabh Menon Multiple patches to on-chip ROM in a processor with a multilevel memory system without affecting performance
CN104981778A (en) * 2013-02-22 2015-10-14 马维尔国际贸易有限公司 Patching boot code of read-only memory
CN104424008A (en) * 2013-08-30 2015-03-18 飞思卡尔半导体公司 System and method for secure boot ROM patch

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113590209A (en) * 2021-09-29 2021-11-02 翱捷科技(深圳)有限公司 Chip starting control method, chip and electronic equipment
TWI799135B (en) * 2021-12-20 2023-04-11 瑞昱半導體股份有限公司 Chip design verification system, chip design verification method, and computer readable recording media with stored programs

Also Published As

Publication number Publication date
CN112083961B (en) 2022-01-14

Similar Documents

Publication Publication Date Title
CN103718165B (en) BIOS flash memory attack protection and notice
TWI643130B (en) SYSTEM AND METHOD FOR AUTO-ENROLLING OPTION ROMs IN A UEFI SECURE BOOT DATABASE
US9613214B2 (en) Self-measuring nonvolatile memory devices with remediation capabilities and associated systems and methods
US7822965B2 (en) BIOS file switching method and controller device thereof
US10909247B2 (en) Computing device having two trusted platform modules
US20210149681A1 (en) Secure Firmware Management with Hierarchical Boot Sequence using Last Known Good Firmware
KR20190085387A (en) Semiconductor device and method for operating semiconductor device
CN107567629A (en) Dynamic firmware module loader in credible performing environment container
EP4170488B1 (en) Chip enable control method, chip, display panel and electronic device
US9753870B2 (en) Hardware monitor with context switching and selection based on a data memory access and for raising an interrupt when a memory access address is outside of an address range of the selected context
CN112083961B (en) Embedded chip boot loading method
WO2022058459A1 (en) Bootloaders
KR100833627B1 (en) Repairable semiconductor memory device and method
US7941583B2 (en) Controlled frequency core processor and method for starting-up said core processor in a programmed manner
CN114721493B (en) Chip starting method, computer equipment and readable storage medium
WO2017143513A1 (en) Method, cpu and single board for starting boot
JP7087142B2 (en) Lifecycle state memory integrity verification with multi-threshold supply voltage detection
TW201833772A (en) Secure code jump and execution gating
CN111736911B (en) Verification method and boot loading method of embedded chip
US20100169584A1 (en) System and method for erasing and writing desktop management interface data under a linux system
CN112114908A (en) Hardware platform, starting method and device thereof, and electronic equipment
CN105512571A (en) Device and method for write-protection of flash memory with built-in mask ROM
CN112817619B (en) Computer system and its safety management method and computer software product
CN112468296B (en) Key programming method, system, electronic equipment and storage medium
JP7247638B2 (en) Electronic information storage medium, IC card, falsification check method, and program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant