Semiconductor device and data protection method
阅读说明:本技术 半导体装置与数据保护方法 (Semiconductor device and data protection method ) 是由 林宗民 于 2019-12-31 设计创作,主要内容包括:本发明提供了一种半导体装置与数据保护方法,该半导体装置包括一处理单元、一系统资源群组以及一除错验证逻辑单元。系统资源群组包括多个系统资源。系统资源包括一既定存储器,既定存储器存储多个程序代码,并且既定存储器被定义为仅能执行的存储器。除错验证逻辑单元耦接至一外部除错器,用以控制外部除错器存取系统资源的一权限。除错验证逻辑单元自外部除错器接收请求存取一系统资源的一存取请求。存取请求包括一存取位址。除错验证逻辑单元根据该处理单元目前的一操作状态与存取位址判断是否允许存取请求。当除错验证逻辑单元判断不允许存取请求时,除错验证逻辑单元忽略存取请求,或者回复一错误信息或回复一既定数据给外部除错器。(The invention provides a semiconductor device and a data protection method. The group of system resources includes a plurality of system resources. The system resource includes a given memory storing a plurality of program codes, and the given memory is defined as an executable-only memory. The debug verification logic is coupled to an external debugger for controlling an access right of the external debugger to the system resources. The debug verification logic receives an access request from the debugger requesting access to a system resource. The access request includes an access address. The debug verification logic unit determines whether to allow the access request according to a current operating state and the access address of the processing unit. When the DIG logic determines that the access request is not allowed, the DIG logic ignores the access request, and returns an error message or returns predetermined data to the external debugger.)
1. A semiconductor device, comprising:
a processing unit;
a system resource group comprising a plurality of system resources, wherein the plurality of system resources comprise a predetermined memory, the predetermined memory stores a plurality of program codes, and the predetermined memory is defined as an executable-only memory; and
a debug verification logic coupled to an external debugger for controlling an access permission of the external debugger to the plurality of system resources;
wherein the DBG logic receives an access request from the debugger requesting access to a system resource, the access request including an access address, and the DBG logic determines whether to allow the access request based on a current operating state of the processing unit and the access address; and is
Wherein when the DBG logic determines that the access request is not allowed, the DBG logic ignores the access request, or returns an error message or returns a predetermined data to the debugger.
2. The semiconductor device as claimed in claim 1, wherein said debug verification logic obtains address information of a current instruction access by said processing unit, said debug verification logic allowing said access request when said debug verification logic determines that said processing unit is not executing said plurality of program codes stored in said predetermined memory based on said current instruction access address information by said processing unit.
3. The semiconductor device as claimed in claim 1, wherein the DBG logic obtains address information of the current instruction access of the processing unit and a current status information of the processing unit, and allows the access request when the DBG logic determines that the processing unit is executing the plurality of codes stored in the predetermined memory according to the current instruction access address information of the processing unit, and the DBG logic determines that the processing unit is not currently operating in a debug state according to the status information of the processing unit.
4. The semiconductor device as claimed in claim 1, wherein the debug verification logic obtains address information of the processing unit currently performing instruction access and a status information of the processing unit currently performing instruction access, the debug verification logic further determines whether the access address is an allowed address when the debug verification logic determines that the processing unit is executing the plurality of codes stored in the predetermined memory according to the address information of the processing unit currently performing instruction access, and the debug verification logic determines that the processing unit is currently operating in a debug state according to the status information of the processing unit, the debug verification logic allows the access request when the access address is an allowed address.
5. The semiconductor device of claim 4, wherein the debug verification logic disallows the access request when the access address is an disallowed address.
6. A method for data protection in a semiconductor device, the semiconductor device comprising a processing unit, a debug verification logic, and a group of system resources, the group of system resources comprising a plurality of system resources, the plurality of system resources comprising a given memory configured as an executable-only memory, the given memory storing a plurality of program codes, the debug verification logic configured to control access to the plurality of system resources by an external debugger, the method comprising:
receiving an access request from the debugger requesting access to a system resource, wherein the access request includes an access address;
determining whether to allow the access request according to a current operating state of the processing unit and the access address; and
when the access request is not allowed, the access request is ignored, or an error message or predetermined data is returned to the debugger.
7. The data protection method of claim 6, further comprising:
obtaining address information of a current instruction access of the processing unit, and determining whether to allow the access request according to the current operating status and the access address of the processing unit further comprises:
judging whether the processing unit is executing the program codes stored in the predetermined memory according to the address information of the current instruction access of the processing unit; and
when the processing unit is not executing the program codes stored in the predetermined memory, the access request of the debugger is allowed.
8. The data protection method of claim 6, further comprising:
obtaining address information of a current instruction access of the processing unit and current state information of the processing unit, and determining whether to allow the access request according to the current operating state and the access address of the processing unit further comprises:
judging whether the processing unit is executing the program codes stored in the predetermined memory according to the address information of the current instruction access of the processing unit;
when the processing unit is judged to be executing the program codes stored in the established memory, further judging whether the processing unit is currently operated in a debugging state according to the state information of the processing unit; and
the access request by the debugger is allowed when it is determined that the processing unit is not currently operating in the debug state.
9. The data protection method of claim 6, further comprising:
obtaining address information of a current instruction access of the processing unit and current state information of the processing unit, and determining whether to allow the access request according to the current operating state and the access address of the processing unit further comprises:
judging whether the processing unit is executing the program codes stored in the predetermined memory according to the address information of the current instruction access of the processing unit;
when the processing unit is judged to be executing the program codes stored in the established memory, further judging whether the processing unit is currently operated in a debugging state according to the state information of the processing unit;
when the processing unit is judged to be operated in the debugging state at present, further judging whether the access address is an allowed address; and
when the access address is an allowed address, the access request of the debugger is allowed.
10. The data protection method of claim 9, wherein the access request of the debugger is not allowed when the access address is an disallowed address.
Technical Field
The present invention relates to a semiconductor device, and more particularly, to a semiconductor device including a protection circuit capable of effectively protecting data stored in an XOM region.
Background
executable-Only-Memory (XOM) is a firmware protection technique that protects critical program code by defining an executable-Only Memory region. With the protection of XOM, only a portion of the program memory space supports program execution and no device can read back the contents of the memory.
FIG. 1 shows an example of a memory space. As shown, memory space 100 is configured with an XOM region. The program code stored in the normal memory area can call the program stored in the XOM area by calling the program (function call), but the program code cannot be read, and the data content stored in the XOM area cannot be seen. In other words, the XOM area only allows instruction fetch (instruction fetch) and does not allow other data to be read or written.
For a device connected to an debugger, the XOM area may prevent the debugger from directly reading data from the device's processing unit, but may not prevent an attacker from using the debugger to control the processing unit to enter a debug state and read instructions to observe changes in the instruction in a single step (single step) manner.
In order to solve the above problems, the present invention provides a semiconductor device, which can effectively protect the data content stored in the XOM area, and can maintain the connection between the semiconductor device and the external debugger while preventing the external debugger from reading the instruction by any way, so as not to cause the external debugger to mistakenly think that the connection is interrupted and cause debug failure or other adverse effects.
Disclosure of Invention
According to an embodiment of the present invention, a semiconductor device includes a processing unit, a system resource group, and a debug verification logic. The group of system resources includes a plurality of system resources. The system resource includes a given memory storing a plurality of program codes, and the given memory is defined as an executable-only memory. The debug verification logic is coupled to an external debugger for controlling an access right of the external debugger to the system resources. The debug verification logic receives an access request from the debugger requesting access to a system resource. The access request includes an access address. The debug verification logic unit determines whether to allow the access request according to a current operating state and the access address of the processing unit. When the DIG logic determines that the access request is not allowed, the DIG logic ignores the access request, and returns an error message or returns predetermined data to the external debugger.
According to another embodiment of the present invention, a method for data protection in a semiconductor device, the semiconductor device comprising a processing unit, a debug verification logic and a group of system resources, the group of system resources comprising a plurality of system resources, the system resources comprising a predetermined memory configured as an executable-only memory, the predetermined memory storing a plurality of program codes, the debug verification logic configured to control access to the system resources, the method comprising: receiving an access request from the debugger requesting access to a system resource, wherein the access request includes an access address; judging whether to allow the access request according to a current operating state and the access address of the processing unit; and when the access request is not allowed, ignoring the access request, or returning an error message or returning a predetermined data to the debugger.
Drawings
FIG. 1 shows an example of a memory space.
Fig. 2 is a block diagram illustrating an exemplary semiconductor device according to a first embodiment of the present invention.
Fig. 3 is a flowchart illustrating a data protection method for protecting data stored in XOM of a semiconductor device according to an embodiment of the invention.
Fig. 4 is a block diagram illustrating an example of a semiconductor device according to a second embodiment of the present invention.
Fig. 5 is a block diagram illustrating an example of a semiconductor device according to a third embodiment of the present invention.
Reference numerals:
50-external debugger
100-memory space
200. 400, 500-semiconductor device
210-debug access port device
220. 420, 520 debug verification logic
230. 430, 530 processing unit
240-System resource group
250-system bus
260-monitoring logic
241. 242 control register
243. XOM-executable only memory
250-system bus
DBG _ Bus debug Bus
Fetch _ Addr address information for instruction access
JTAG-joint test work group
SWD-SEQUENCE DEBUGGING
State _ Info-State information
XOM _ Region _ Info-XOM area address
Detailed Description
In order to make the objects, features and advantages of the present invention comprehensible, specific embodiments accompanied with figures are described in detail below. For the purposes of illustrating the spirit of the present invention and not for limiting the scope of the present invention, it is to be understood that the following embodiments may be implemented in software, hardware, firmware, or any combination thereof.
As described above, although the XOM area can prevent the debugger and the processing unit from reading data, it cannot prevent an attacker from using the debugger to control the processing unit to enter a debug state and reading instructions to observe changes in the instructions in a single step (single step) execution manner. One conventional solution is to control the authority of the processing unit to enter the debug mode. When it is detected that the processing unit is executing the program code stored in the XOM, the processing unit is not allowed to enter the debug mode. Therefore, the processing unit cannot execute the debugging operation when executing the program code stored in the XOM. However, as a result of this implementation, the debugger may not be able to access system resources when the processing unit executes the program code stored in the XOM, causing the debugger to mistakenly assume that the connection between the device and the debugger has been interrupted, thereby causing a debug failure or other adverse effects. The semiconductor device architecture and the data protection method provided by the invention can effectively solve the problems. The semiconductor device architecture and the data protection method according to the present invention will be described in detail by several embodiments.
Fig. 2 is a block diagram illustrating an exemplary semiconductor device according to a first embodiment of the present invention. According to an embodiment of the present invention, the semiconductor device 200 is a chip, such as a microprocessor chip. The semiconductor device 200 may include a Debug Access Port (DAP)
The debug
According to the first embodiment of the present invention, the DBG _ Bus couples the DBG _ Bus to the
It is noted that fig. 2 only shows the elements relevant to the present invention for the sake of brevity. Those skilled in the art will appreciate that the semiconductor device may also include one or more internal components not shown in fig. 2, and thus, the present invention is not limited to the semiconductor device structure shown in fig. 2.
According to an embodiment of the present invention, the
According to an embodiment of the present invention, each system resource included in the
In addition, according to an embodiment of the present invention, the
In addition, according to an embodiment of the present invention, the
In an embodiment of the invention, the
Fig. 3 is a flowchart illustrating a data protection method for protecting data stored in XOM of a semiconductor device according to an embodiment of the invention. The data protection method begins when the
If not, indicating that the program code currently stored in the
If so, the
If so, the
According to an embodiment of the present invention, the system designer of the semiconductor device may define some addresses that the
According to the first embodiment of the present invention, when the
On the other hand, when the
Fig. 4 is a block diagram illustrating an example of a semiconductor device according to a second embodiment of the present invention. The semiconductor device 400 has a structure substantially the same as that of the semiconductor device 200, except that the debug verification logic 420 may be directly connected to the system Bus via the debug Bus DBG _ Bus. For the same or similar elements, reference may be made to the related content of fig. 2, and the description thereof is not repeated here.
In the second embodiment of the present invention, the flow of the data protection method implemented by the semiconductor device 400 is the same as that of the semiconductor device 200, and therefore, the related contents of fig. 3 can be referred to in the flow chart of the data protection method according to the second embodiment of the present invention, and are not repeated herein.
According to the second embodiment of the present invention, when the DBG logic 420 allows an access request from the
Alternatively, when the DBG logic 420 determines that the access request from the
It is noted that fig. 4 only shows the elements relevant to the present invention for the sake of brevity. Those skilled in the art will appreciate that the semiconductor device may also include one or more internal components not shown in fig. 4, and thus, the present invention is not limited to the semiconductor device structure shown in fig. 4.
Fig. 5 is a block diagram illustrating an example of a semiconductor device according to a third embodiment of the present invention. The semiconductor device 500 has a structure substantially the same as the semiconductor device 200, except that the
In the third embodiment of the present invention, the flow of the data protection method implemented by the semiconductor device 500 is the same as that of the semiconductor device 200, and therefore, the related contents of fig. 3 can be referred to in the flow chart of the data protection method according to the third embodiment of the present invention, and are not repeated herein.
According to the third embodiment of the present invention, when the
It is noted that fig. 5 only shows the elements relevant to the present invention for the sake of brevity. Those skilled in the art will appreciate that the semiconductor device may also include one or more internal components not shown in fig. 5, and thus, the present invention is not limited to the semiconductor device structure shown in fig. 4.
Conventionally, the related control logic disables the debug enable flag value DBG _ EN (i.e., the debug enable flag value DBG _ EN is not asserted) only because the processing unit is executing the program code stored in the XOM. This may cause the debugger to mistakenly assume that the connection between the device and the debugger has been interrupted, which may result in a debug failure or other adverse effects. Unlike the conventional technique, in the embodiment of the present invention, the access request of the debugger is determined by the debug verification logic according to the current operating state of the processing unit and the access address requested by the debugger, and when it is determined that the request is not allowed, the debug verification logic may maintain the connection between the semiconductor device and the debugger by recovering specific information or data. Therefore, the problems in the prior art are effectively solved. In addition, the debugger may optionally be designed to access system resources through the processing unit or the DBG logic, so that designers may flexibly design the data according to the importance of the data, thereby further improving the data protection performance.
Although the present invention has been described with reference to the preferred embodiments, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.
- 上一篇:一种医用注射器针头装配设备
- 下一篇:基于局部总线的数据采集系统的并行化存储实现方法