阅读说明：本技术 半导体装置与数据保护方法 (Semiconductor device and data protection method ) 是由 林宗民 于 2019-12-31 设计创作，主要内容包括：本发明提供了一种半导体装置与数据保护方法,该半导体装置包括一处理单元、一系统资源群组以及一除错验证逻辑单元。系统资源群组包括多个系统资源。系统资源包括一既定存储器,既定存储器存储多个程序代码,并且既定存储器被定义为仅能执行的存储器。除错验证逻辑单元耦接至一外部除错器,用以控制外部除错器存取系统资源的一权限。除错验证逻辑单元自外部除错器接收请求存取一系统资源的一存取请求。存取请求包括一存取位址。除错验证逻辑单元根据该处理单元目前的一操作状态与存取位址判断是否允许存取请求。当除错验证逻辑单元判断不允许存取请求时,除错验证逻辑单元忽略存取请求,或者回复一错误信息或回复一既定数据给外部除错器。(The invention provides a semiconductor device and a data protection method. The group of system resources includes a plurality of system resources. The system resource includes a given memory storing a plurality of program codes, and the given memory is defined as an executable-only memory. The debug verification logic is coupled to an external debugger for controlling an access right of the external debugger to the system resources. The debug verification logic receives an access request from the debugger requesting access to a system resource. The access request includes an access address. The debug verification logic unit determines whether to allow the access request according to a current operating state and the access address of the processing unit. When the DIG logic determines that the access request is not allowed, the DIG logic ignores the access request, and returns an error message or returns predetermined data to the external debugger.)

1. A semiconductor device, comprising:

a processing unit;

a system resource group comprising a plurality of system resources, wherein the plurality of system resources comprise a predetermined memory, the predetermined memory stores a plurality of program codes, and the predetermined memory is defined as an executable-only memory; and

a debug verification logic coupled to an external debugger for controlling an access permission of the external debugger to the plurality of system resources;

wherein the DBG logic receives an access request from the debugger requesting access to a system resource, the access request including an access address, and the DBG logic determines whether to allow the access request based on a current operating state of the processing unit and the access address; and is

Wherein when the DBG logic determines that the access request is not allowed, the DBG logic ignores the access request, or returns an error message or returns a predetermined data to the debugger.

2. The semiconductor device as claimed in claim 1, wherein said debug verification logic obtains address information of a current instruction access by said processing unit, said debug verification logic allowing said access request when said debug verification logic determines that said processing unit is not executing said plurality of program codes stored in said predetermined memory based on said current instruction access address information by said processing unit.

3. The semiconductor device as claimed in claim 1, wherein the DBG logic obtains address information of the current instruction access of the processing unit and a current status information of the processing unit, and allows the access request when the DBG logic determines that the processing unit is executing the plurality of codes stored in the predetermined memory according to the current instruction access address information of the processing unit, and the DBG logic determines that the processing unit is not currently operating in a debug state according to the status information of the processing unit.

4. The semiconductor device as claimed in claim 1, wherein the debug verification logic obtains address information of the processing unit currently performing instruction access and a status information of the processing unit currently performing instruction access, the debug verification logic further determines whether the access address is an allowed address when the debug verification logic determines that the processing unit is executing the plurality of codes stored in the predetermined memory according to the address information of the processing unit currently performing instruction access, and the debug verification logic determines that the processing unit is currently operating in a debug state according to the status information of the processing unit, the debug verification logic allows the access request when the access address is an allowed address.

5. The semiconductor device of claim 4, wherein the debug verification logic disallows the access request when the access address is an disallowed address.

6. A method for data protection in a semiconductor device, the semiconductor device comprising a processing unit, a debug verification logic, and a group of system resources, the group of system resources comprising a plurality of system resources, the plurality of system resources comprising a given memory configured as an executable-only memory, the given memory storing a plurality of program codes, the debug verification logic configured to control access to the plurality of system resources by an external debugger, the method comprising:

receiving an access request from the debugger requesting access to a system resource, wherein the access request includes an access address;

determining whether to allow the access request according to a current operating state of the processing unit and the access address; and

when the access request is not allowed, the access request is ignored, or an error message or predetermined data is returned to the debugger.

7. The data protection method of claim 6, further comprising:

obtaining address information of a current instruction access of the processing unit, and determining whether to allow the access request according to the current operating status and the access address of the processing unit further comprises:

judging whether the processing unit is executing the program codes stored in the predetermined memory according to the address information of the current instruction access of the processing unit; and

when the processing unit is not executing the program codes stored in the predetermined memory, the access request of the debugger is allowed.

8. The data protection method of claim 6, further comprising:

obtaining address information of a current instruction access of the processing unit and current state information of the processing unit, and determining whether to allow the access request according to the current operating state and the access address of the processing unit further comprises:

judging whether the processing unit is executing the program codes stored in the predetermined memory according to the address information of the current instruction access of the processing unit;

when the processing unit is judged to be executing the program codes stored in the established memory, further judging whether the processing unit is currently operated in a debugging state according to the state information of the processing unit; and

the access request by the debugger is allowed when it is determined that the processing unit is not currently operating in the debug state.

9. The data protection method of claim 6, further comprising:

obtaining address information of a current instruction access of the processing unit and current state information of the processing unit, and determining whether to allow the access request according to the current operating state and the access address of the processing unit further comprises:

judging whether the processing unit is executing the program codes stored in the predetermined memory according to the address information of the current instruction access of the processing unit;

when the processing unit is judged to be executing the program codes stored in the established memory, further judging whether the processing unit is currently operated in a debugging state according to the state information of the processing unit;

when the processing unit is judged to be operated in the debugging state at present, further judging whether the access address is an allowed address; and

when the access address is an allowed address, the access request of the debugger is allowed.

10. The data protection method of claim 9, wherein the access request of the debugger is not allowed when the access address is an disallowed address.

Technical Field

The present invention relates to a semiconductor device, and more particularly, to a semiconductor device including a protection circuit capable of effectively protecting data stored in an XOM region.

Background

executable-Only-Memory (XOM) is a firmware protection technique that protects critical program code by defining an executable-Only Memory region. With the protection of XOM, only a portion of the program memory space supports program execution and no device can read back the contents of the memory.

FIG. 1 shows an example of a memory space. As shown, memory space 100 is configured with an XOM region. The program code stored in the normal memory area can call the program stored in the XOM area by calling the program (function call), but the program code cannot be read, and the data content stored in the XOM area cannot be seen. In other words, the XOM area only allows instruction fetch (instruction fetch) and does not allow other data to be read or written.

For a device connected to an debugger, the XOM area may prevent the debugger from directly reading data from the device's processing unit, but may not prevent an attacker from using the debugger to control the processing unit to enter a debug state and read instructions to observe changes in the instruction in a single step (single step) manner.

In order to solve the above problems, the present invention provides a semiconductor device, which can effectively protect the data content stored in the XOM area, and can maintain the connection between the semiconductor device and the external debugger while preventing the external debugger from reading the instruction by any way, so as not to cause the external debugger to mistakenly think that the connection is interrupted and cause debug failure or other adverse effects.

Disclosure of Invention

According to an embodiment of the present invention, a semiconductor device includes a processing unit, a system resource group, and a debug verification logic. The group of system resources includes a plurality of system resources. The system resource includes a given memory storing a plurality of program codes, and the given memory is defined as an executable-only memory. The debug verification logic is coupled to an external debugger for controlling an access right of the external debugger to the system resources. The debug verification logic receives an access request from the debugger requesting access to a system resource. The access request includes an access address. The debug verification logic unit determines whether to allow the access request according to a current operating state and the access address of the processing unit. When the DIG logic determines that the access request is not allowed, the DIG logic ignores the access request, and returns an error message or returns predetermined data to the external debugger.

According to another embodiment of the present invention, a method for data protection in a semiconductor device, the semiconductor device comprising a processing unit, a debug verification logic and a group of system resources, the group of system resources comprising a plurality of system resources, the system resources comprising a predetermined memory configured as an executable-only memory, the predetermined memory storing a plurality of program codes, the debug verification logic configured to control access to the system resources, the method comprising: receiving an access request from the debugger requesting access to a system resource, wherein the access request includes an access address; judging whether to allow the access request according to a current operating state and the access address of the processing unit; and when the access request is not allowed, ignoring the access request, or returning an error message or returning a predetermined data to the debugger.

Drawings

FIG. 1 shows an example of a memory space.

Fig. 2 is a block diagram illustrating an exemplary semiconductor device according to a first embodiment of the present invention.

Fig. 3 is a flowchart illustrating a data protection method for protecting data stored in XOM of a semiconductor device according to an embodiment of the invention.

Fig. 4 is a block diagram illustrating an example of a semiconductor device according to a second embodiment of the present invention.

Fig. 5 is a block diagram illustrating an example of a semiconductor device according to a third embodiment of the present invention.

Reference numerals:

50-external debugger

100-memory space

200. 400, 500-semiconductor device

210-debug access port device

220. 420, 520 debug verification logic

230. 430, 530 processing unit

240-System resource group

250-system bus

260-monitoring logic

241. 242 control register

243. XOM-executable only memory

250-system bus

DBG _ Bus debug Bus

Fetch _ Addr address information for instruction access

JTAG-joint test work group

SWD-SEQUENCE DEBUGGING

State _ Info-State information

XOM _ Region _ Info-XOM area address

Detailed Description

In order to make the objects, features and advantages of the present invention comprehensible, specific embodiments accompanied with figures are described in detail below. For the purposes of illustrating the spirit of the present invention and not for limiting the scope of the present invention, it is to be understood that the following embodiments may be implemented in software, hardware, firmware, or any combination thereof.

As described above, although the XOM area can prevent the debugger and the processing unit from reading data, it cannot prevent an attacker from using the debugger to control the processing unit to enter a debug state and reading instructions to observe changes in the instructions in a single step (single step) execution manner. One conventional solution is to control the authority of the processing unit to enter the debug mode. When it is detected that the processing unit is executing the program code stored in the XOM, the processing unit is not allowed to enter the debug mode. Therefore, the processing unit cannot execute the debugging operation when executing the program code stored in the XOM. However, as a result of this implementation, the debugger may not be able to access system resources when the processing unit executes the program code stored in the XOM, causing the debugger to mistakenly assume that the connection between the device and the debugger has been interrupted, thereby causing a debug failure or other adverse effects. The semiconductor device architecture and the data protection method provided by the invention can effectively solve the problems. The semiconductor device architecture and the data protection method according to the present invention will be described in detail by several embodiments.

Fig. 2 is a block diagram illustrating an exemplary semiconductor device according to a first embodiment of the present invention. According to an embodiment of the present invention, the semiconductor device 200 is a chip, such as a microprocessor chip. The semiconductor device 200 may include a Debug Access Port (DAP) device 210, a Debug verification logic unit 220, a processing unit 230, a system resource group 240, and a system bus 250. An external debugger 50 may be coupled to the semiconductor device 200. The debug access port means 210 provides an interface for interfacing the debugger 50 with internal device elements of the semiconductor device 200. The debugger 50 communicates with the Debug access port device 210 via a communication protocol such as Serial Wire Debug (SWD) or Joint Test Action Group (JTAG).

The debug access port device 210 is coupled to the debug verification logic 220 via a debug Bus DBG _ Bus. The debug Bus DBG _ Bus may be an Advanced High performance Bus (AHB). According to an embodiment of the present invention, the debug verification logic 220 is used to control the access rights of the debugger 50 to the system resources of the semiconductor device 200.

According to the first embodiment of the present invention, the DBG _ Bus couples the DBG _ Bus to the processing unit 230 via the debug Bus 220. The processing unit 230 is used for controlling the operation of the semiconductor device 200. The system resource group 240 may include a plurality of system resources, which may be, for example, memory devices, control registers, and the like. As shown, system resource group 240 may include control registers 241 and 242, and an executable only memory (XOM)243 (defined memory). The control registers 241 and 242 may be used to temporarily store system parameters or data. XOM 243 stores a plurality of program codes.

It is noted that fig. 2 only shows the elements relevant to the present invention for the sake of brevity. Those skilled in the art will appreciate that the semiconductor device may also include one or more internal components not shown in fig. 2, and thus, the present invention is not limited to the semiconductor device structure shown in fig. 2.

According to an embodiment of the present invention, the debug verification logic 220 may receive an access request from the debugger 50 requesting access to a system resource, the access request including an access address. Upon receiving the access request, the DBG logic 220 determines whether to grant the access request according to an operating status of the processing unit 230 and an access address associated with the access request.

According to an embodiment of the present invention, each system resource included in the system resource group 240 has a corresponding address, such that each device of the semiconductor device can access the required system resource according to the corresponding address. The DBG logic 220 may obtain the local address XOM _ Region _ Info of XOM 243 from the processing unit 230 or a memory controller (not shown) within the system resource group 240. For example, when the processing unit 230 executes an initialization procedure to initialize each element of the semiconductor device 200, a corresponding address may be set for each system resource of the system resource group 240, and an address of a region of the memory that is set or defined as executable only is provided to the debug verification logic 220 after the setting. For another example, the system resource group 240 may include a memory (e.g., a flash memory) and a corresponding memory controller. The memory controller may set or define a specific area of the memory as an executable-only memory according to system requirements, and provide the address of the set or defined area to the DBG logic 220 after the setting.

In addition, according to an embodiment of the present invention, the debug verification logic 220 may obtain the address information fetch _ Addr currently accessed by the instruction of the processing unit 230 from a monitoring logic 260. The monitoring logic 260 may be configured to couple to the system bus 250 or to couple to a physical interface between the processing unit 230 and the system bus 250, for monitoring the access instruction issued by the processing unit 230, to obtain the address information fetch _ Addr of the instruction currently accessed by the processing unit 230, and to provide the information to the debug verification logic 220.

In addition, according to an embodiment of the present invention, the processing unit 230 may also provide the current State information State _ Info of the processing unit 230 to the DBG _ UIT 220. For example, the processing unit 230 may inform the DBG logic 220 whether it is currently operating in a debug state.

In an embodiment of the invention, the processing unit 230 can determine a current operating State of the processing unit 240 (e.g., whether the program code stored in the XOM 243 is being executed, whether the processing unit is currently operating in a debug State, etc.) according to the local address XOM _ Region _ Info of the XOM 243, the address information fetch _ Addr of the processing unit 230 currently performing instruction access, and/or a current State information State _ Info of the processing unit 230.

Fig. 3 is a flowchart illustrating a data protection method for protecting data stored in XOM of a semiconductor device according to an embodiment of the invention. The data protection method begins when the DBG logic 220 receives an access request from the debugger 50 requesting access to a system resource. First, the DBG logic 220 determines whether the processing unit 230 is executing the program code stored in the XOM according to a current operating status of the processing unit 230 (step S302). For example, the DBG logic 220 can determine whether the processing unit 230 is executing the code stored in the XOM 243 according to the obtained local address XOM _ Region _ Info of the XOM 243 and the address information fetch _ Addr of the processing unit 230 currently performing the instruction access.

If not, indicating that the program code currently stored in the XOM 243 is not accessed, the debug verification logic 220 may directly determine that the access request of the debugger 50 is allowed (step S308).

If so, the DIG logic 220 further determines whether the processing unit 230 is currently operating in a debug State according to the State information State _ Info (step S304). If not, indicating that the program code currently stored in the XOM 243 is not in risk of being accessed, the debug verification logic 220 may directly determine that the access request of the debugger 50 is allowed.

If so, the DBG logic 220 further determines whether the access address is allowed according to the access address of the access request (step S306). If so, indicating that the currently stored code in the XOM 243 is not accessed, the debug verification logic 220 may directly determine that the access request of the debugger 50 is allowed (step S308). However, if the access address of the access request determines that the access address is not allowed, the DBG logic 220 will not allow the access request of the debugger 50 (step S310).

According to an embodiment of the present invention, the system designer of the semiconductor device may define some addresses that the debugger 50 is allowed to access, such as the addresses of the system control block, the debug control block, and the registers for recording the system control information (e.g. the control information of system reset, system clock, power mode, etc.), in advance, so that when the processing unit 230 is executing the program code stored in the XOM and operating in a debug state, the debugger 50 may still access the necessary information to know the current system state, and thus the debugger 50 may not affect the operation of the debugger 50, and the debugger 50 may still maintain the connection with the semiconductor device 200. In addition, in some embodiments of the present invention, by setting the address allowing the debugger 50 to access, only a portion of the system control block, the debug control block, and other blocks may be allowed to be accessed by the debugger 50. That is, if there are other areas containing information about the program code executed by the processing unit 230, they can still be set to the addresses that prohibit the debugger 50 from accessing them.

According to the first embodiment of the present invention, when the debug verification logic 220 allows an access request of the debugger 50, the access request may be transmitted to the processing unit 230, and the processing unit 230 further controls the permission of the debugger 50 to access the system resource according to the access request. For example, a device or logic circuit within the processing unit 230 or the semiconductor device 200 may set a debug enable flag value DBG _ EN. When the debug enable flag value DBG _ EN is set, the delegate processing unit 230 may perform a debug operation. When the debug enable flag value DBG _ EN is not asserted, the processing unit 230 may not perform the debug operation, and in this state, the processing unit 230 may continue to ignore the signal received from the debug Bus DBG _ Bus until the debug enable flag value DBG _ EN is asserted again.

On the other hand, when the DBG logic 220 does not allow the access request of the debugger 50, the DBG logic 220 may directly ignore the access request, i.e., the DBG logic 220 does not reply to the access request, or the error checking logic 220 may reply with an error message (e.g., a bus error message) or a predetermined data (e.g., all 0 or all 1 data) to the debugger 50. Thus, the debugger 50 may maintain the connection with the semiconductor device 200.

Fig. 4 is a block diagram illustrating an example of a semiconductor device according to a second embodiment of the present invention. The semiconductor device 400 has a structure substantially the same as that of the semiconductor device 200, except that the debug verification logic 420 may be directly connected to the system Bus via the debug Bus DBG _ Bus. For the same or similar elements, reference may be made to the related content of fig. 2, and the description thereof is not repeated here.

In the second embodiment of the present invention, the flow of the data protection method implemented by the semiconductor device 400 is the same as that of the semiconductor device 200, and therefore, the related contents of fig. 3 can be referred to in the flow chart of the data protection method according to the second embodiment of the present invention, and are not repeated herein.

According to the second embodiment of the present invention, when the DBG logic 420 allows an access request from the debugger 50, the system resources may be accessed directly according to the access request. That is, in the second embodiment of the present invention, the access rights of the debugger 50 will be controlled by the DBG logic 420, and the debugger 50 will no longer access system resources through the processing unit 430.

Alternatively, when the DBG logic 420 determines that the access request from the debugger 50 is not allowed according to the process shown in FIG. 3, the DBG logic 420 may ignore the access request directly (i.e., not respond to the access request), and the DBG logic 420 may also choose to respond with an error message (e.g., a bus error message) or a predetermined data (e.g., all 0 or all 1 data) to the debugger 50. Thus, the debugger 50 may remain connected to the semiconductor device 400.

It is noted that fig. 4 only shows the elements relevant to the present invention for the sake of brevity. Those skilled in the art will appreciate that the semiconductor device may also include one or more internal components not shown in fig. 4, and thus, the present invention is not limited to the semiconductor device structure shown in fig. 4.

Fig. 5 is a block diagram illustrating an example of a semiconductor device according to a third embodiment of the present invention. The semiconductor device 500 has a structure substantially the same as the semiconductor device 200, except that the debug verification logic 520 may have connections to the processing unit 530 and to the system Bus via the debug Bus DBG _ Bus. For the same or similar elements, reference may be made to the related content of fig. 2, and the description thereof is not repeated here.

In the third embodiment of the present invention, the flow of the data protection method implemented by the semiconductor device 500 is the same as that of the semiconductor device 200, and therefore, the related contents of fig. 3 can be referred to in the flow chart of the data protection method according to the third embodiment of the present invention, and are not repeated herein.

According to the third embodiment of the present invention, when the debug verification logic 520 allows the access request of the debugger 50, the system resource may be accessed directly according to the access request, or the access request may be transmitted to the processing unit 530, and the processing unit 530 further controls the permission of the debugger 50 to access the system resource according to the access request. In other words, in the third embodiment of the present invention, a system designer of the semiconductor device can flexibly design a path for the debugger 50 to access system resources as desired. For example, when the processing unit 530 is executing the program code stored in the XOM and the processing unit 530 is currently operating in the debug state, the debug verification logic 520 does not send an access request to the processing unit 530, so that the external debugger 50 can only access system resources through the debug verification logic 520. For another example, the system designer may design the system such that for a particular access address, the debugger 50 can only access system resources through the DBG logic 520, and the remaining access addresses can access system resources through the processing unit 530.

It is noted that fig. 5 only shows the elements relevant to the present invention for the sake of brevity. Those skilled in the art will appreciate that the semiconductor device may also include one or more internal components not shown in fig. 5, and thus, the present invention is not limited to the semiconductor device structure shown in fig. 4.

Conventionally, the related control logic disables the debug enable flag value DBG _ EN (i.e., the debug enable flag value DBG _ EN is not asserted) only because the processing unit is executing the program code stored in the XOM. This may cause the debugger to mistakenly assume that the connection between the device and the debugger has been interrupted, which may result in a debug failure or other adverse effects. Unlike the conventional technique, in the embodiment of the present invention, the access request of the debugger is determined by the debug verification logic according to the current operating state of the processing unit and the access address requested by the debugger, and when it is determined that the request is not allowed, the debug verification logic may maintain the connection between the semiconductor device and the debugger by recovering specific information or data. Therefore, the problems in the prior art are effectively solved. In addition, the debugger may optionally be designed to access system resources through the processing unit or the DBG logic, so that designers may flexibly design the data according to the importance of the data, thereby further improving the data protection performance.

Although the present invention has been described with reference to the preferred embodiments, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.