阅读说明：本技术 电子装置和安全防护方法 (Electronic device and safety protection method ) 是由 潘时林 于 2020-03-06 设计创作，主要内容包括：一种电子装置和安全防护方法,该电子装置包括安全防护装置和第一处理器,安全防护装置和第一处理器之间存在安全隔离；第一处理器,用于在软件的驱动下运行,该软件包括操作系统和应用；安全防护装置,用于对该软件进行安全检测,在检测出该软件被篡改时,对电子装置执行安全保护操作。从而可以在电子装置运行过程中对电子装置进行实时监控,避免秘钥数据等重要数据被盗窃或修改,提高电子装置的安全性。(An electronic device and a safety protection method, the electronic device comprises a safety protection device and a first processor, and safety isolation exists between the safety protection device and the first processor; a first processor for operating under the drive of software, the software including an operating system and an application; and the safety protection device is used for carrying out safety detection on the software and executing safety protection operation on the electronic device when the software is detected to be tampered. Therefore, the electronic device can be monitored in real time in the running process of the electronic device, important data such as key data and the like are prevented from being stolen or modified, and the safety of the electronic device is improved.)

An electronic device, comprising a security device and a first processor, wherein a secure isolation exists between the security device and the first processor;

the first processor is used for running under the driving of software, and the software comprises an operating system and an application;

the safety protection device is used for carrying out safety detection on the software and executing safety protection operation on the electronic device when the software is detected to be tampered.

The electronic device of claim 1, wherein the security protection operation comprises one or more of: triggering an alarm, resetting the electronic device, denying a service requested by the software, instructing the first processor to stop running the software, disabling at least part of a function of the software, or preventing the software from accessing data stored within the electronic device.

The electronic device of claim 1 or 2, wherein the secure isolation comprises at least one of: operating system isolation, power isolation, or clock signal isolation.

The electronic device of any of claims 1-3, wherein the security check comprises:

and detecting whether at least one of the instruction or the data of the software is preset information.

The electronic device of any of claims 1-4, wherein the first processor comprises an on-chip trace unit;

the on-chip trace unit is to: when the first processor rewrites data, an instruction sequence for rewriting data is stored in a dedicated memory.

The electronic device of claim 5, wherein the security detection comprises: detecting whether the instruction sequence stored in the dedicated memory is a reference instruction sequence.

The electronic device according to claim 5 or 6, wherein the electronic device comprises a memory for storing instructions and data of the software;

the special memory is a storage space which is arranged in the memory and is specially used for reading and writing by the on-chip tracking unit and the safety protection device.

The electronic device of any of claims 1-7, wherein the safety shield device comprises a second processor;

the second processor to: carrying out periodic safety detection on the software based on the time set by the timer; or carrying out safety detection on the software based on an interrupt event sent by the first processor.

The electronic device of claim 8, wherein the secure gatekeeper further comprises a hash accelerator coupled to the second processor;

when the software is detected safely, the second processor is used for:

controlling the hash accelerator to acquire the software, and carrying out hash operation on the acquired software to obtain a reference value;

and comparing the reference value with a pre-stored hash reference value, and determining whether the software is tampered or not based on the comparison result.

A safety shield apparatus according to claim 8 or 9, wherein the safety shield apparatus further comprises a watchdog, the electronic apparatus further comprises a reset unit, the watchdog is coupled with the second processor and the reset unit;

the second processor is further configured to periodically send a heartbeat instruction to the watchdog;

the watchdog is used for resetting the electronic device through the resetting unit when the heartbeat instruction sent by the second processor is not received within preset time.

The electronic device according to any of claims 1-10, wherein the operating system comprises a rich execution environment REE and a trusted execution environment TEE.

The electronic device of claim 11, wherein the safety shield is specifically configured to:

when the running environment of the first processor is converted from REE to TEE, periodically performing the safety detection on the software for driving the conversion of the running environment of the first processor and the software running in the TEE;

stopping the security detection when the operating environment of the first processor is converted from a TEE to a REE.

A safety protection method is applied to an electronic device, and is characterized by comprising the following steps:

a first processor in the electronic device runs under the drive of software, wherein the software comprises an operating system and an application;

the safety protection device in the electronic device carries out safety detection on the software, and safety isolation exists between the safety protection device and the first processor;

and when the software is detected to be tampered, the safety protection device executes safety protection operation on the electronic device.