• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    Any portion of a program code to be copied to the cache memory (120) of a microprocessor (1) transits encrypted between the RAM (6) and the processor (1) and the decryption is performed at the memory level cache (120). A checksum may be inserted into the cache lines to allow integrity checking and this checksum is then replaced by a specific instruction before issuing an instruction word to the CPU (11) of the microprocessor (1).
    公开号:FR3017226A1
    申请号:FR1400289
    申请日:2014-02-03
    公开日:2015-08-07
    发明作者:Bruno Fel
    申请人:STMicroelectronics SA;
    IPC主号:
    专利说明:

    [0001] The invention relates to the securing of program codes intended to be executed by a computer processing module, for example but not limited to a microprocessor. The invention is particularly but not exclusively applicable to systems-on-a-chip, commonly designated by those skilled in the art under the acronym "SoC" ("System-On-Chip"). Currently, a complex system-on-a-chip may comprise, in addition to a microprocessor, hundreds of different modules, commonly designated by the skilled person by the acronym IP Anglo (Intellectual Property). Most of these modules may contain microcontrollers that execute code. And these modules can be used by attackers as entry points to spy on and possibly later modify the program code executed by the microprocessor.
    [0002] According to an embodiment and implementation, it is proposed to secure a program code intended to be executed by a microprocessor for example, which makes this program code less susceptible to attacks. According to a mode of implementation and implementation, it is also proposed to secure a program code that allows verification of the integrity of this program code. According to a mode of implementation and realization, it is still proposed a security scheme of the program code distributed throughout the production and execution chain and not only at the level of the boot sequence (better known by the skilled person under the acronym Anglosaxon of "Boot"). According to one aspect, there is provided a method of securing a program code intended to be executed by a computer processing module, for example a processor or a microprocessor, comprising at least a level one cache of a cache memory containing cache lines each having an address field and a data field, said data field being for storing instruction words executable by the central unit of the computer processing module. The method according to this aspect comprises: a) a storage of the program code compiled and encrypted in memory locations of a first memory, for example a dynamic random access memory (DRAM), external to the computer processing module, these memory locations corresponding to cache line data fields, and during a request of an instruction word by the central unit not present in the data field of a cache cache line, b) an extraction of the first memory of the encrypted content of the memory location containing said requested instruction word and a delivery of this encrypted content to the automatic processing module, and c) a decryption within the computer processing module of said encrypted content. Thus, during a cache miss ("cache miss" in English) the contents of a memory location of the first memory, for example the DRAM, is delivered encrypted on the communication medium, for example a network on chip (more commonly referred to by those skilled in the art under the acronym of NOC: "Network-On-Chip") to the microprocessor which decrypts only within it, and more particularly locally in the cache memory. As a result, no plaintext content of part of the program code is accessible by an attacker at an entry point of the system. It is possible that the cache is a cache hierarchy and contains, in addition to the level one cache, at least one higher level cache, for example a level two cache and a level three cache, the level three cache can be possibly outside the computer processing module. In this case, the decryption of said encrypted content is advantageously performed locally at the level of the level one cache, ie between the level two cache and the level one cache or downstream of the level one cache, and the content encrypted delivered to the cache remains stored encrypted in the different levels of cache levels greater than or equal to two.
    [0003] However, there are several possibilities as to the instant of this decryption with respect to storage in the cache memory. Thus, it is possible to perform, prior to decryption of the encrypted content, a storage of this encrypted content in the data field of a cache line of the cache memory.
    [0004] In other words, the encrypted content is first stored in the cache before decoding. As a variant, however, it appears preferable to perform a decryption of the encrypted content, and subsequent to this decryption, a storage of the decrypted content in the data field of a cache line of the level one cache of the cache memory. According to one embodiment, during a query of an instruction word by the central unit already present in an encrypted content of the data field of a cache line of the cache memory, the method advantageously comprises a decryption within the computer processing module of said encrypted content. According to a simplified variant, the method comprises, subsequent to said decryption, a delivery of the instruction word required to the central unit. In other words, for example, no verification of the integrity of this decrypted content is carried out before issuing the required instruction word to the central unit.
    [0005] That being so, it is preferable, to further increase the level of security, to perform a verification of the integrity of the program code. Thus, according to one embodiment, the method further comprises, before issuing the required instruction word, a verification of the integrity of said decrypted content and a delivery of the instruction word required if the result of said verification is representative of an integrated content. More precisely, according to one embodiment, the method comprises: an initial phase, for example during the compilation of the program code, prior to step a), comprising a storage of the modified program code compiled and encrypted in memory locations of an initial memory, for example a non-volatile memory of the FLASH type, external to the computer processing module, these memory locations corresponding again to cache line data fields, the modified program code compiled comprising groups of instruction words stored in said memory locations of the initial memory, each group of instruction words comprising first instruction words resulting from the compilation of the program code and a second instruction word, for example an instruction of "no "operation" (better known by those skilled in the art under the acronym "NOP instruction": No OPeration), every second word of struction are identical and located respectively at reference locations in the corresponding instruction groups (these reference locations may occupy identical positions, for example the last position, in the corresponding groups of instructions, or the position of a reference location in the corresponding group can be computable from a parameter of the group, for example the address of the cache line or that of its associated memory location), a first phase, for example during the phase of 'boot' comprising a decryption of the compiled and modified code, a replacement of the second instruction word of each instruction group by a control indication obtained from at least some of the first instruction words of said group instruction, for example a checksum (more known to those skilled in the art under the acronym Anglosaxon "checksum"), so as to form a gro modified instructions, an encryption of the modified groups of instructions and said step a) then comprises the storage of the encrypted modified instruction groups in the memory locations of said first memory, for example the DRAM memory, and said verification of the integrity of said decrypted content includes a verification of the integrity of the control indication, an integrated control indication then being representative of the integrity of said decrypted content, and, if the result of said verification is representative of an integrity content , the method then further comprises, before delivery of the instruction word required to the central unit, a replacement of the control indication by the second instruction word, in this case the instruction "NOP". This gives a program code security scheme that is distributed throughout the production and execution chain of this program code, that is to say during the compilation of the program code, when issuing the program code. this program code from the FLASH memory to the DRAM memory and during the execution of the program code in that the decryption of the portion of the program code delivered to the microprocessor in the case of a cache fault is performed only inside the microprocessor and more precisely locally at the cache memory. As indicated above, the control indication may be a checksum and the verification of the integrity of said control indication then comprises, after decryption of the encrypted content, a new calculation of a sum control and a comparison of the checksum present in the decrypted report and the newly calculated checksum.
    [0006] In order to further increase the security level, it is particularly advantageous that the first phase further comprises a check of the integrity of the compiled modified program code before replacing each second instruction word.
    [0007] In this regard, said verification of the integrity of the modified program code can again be performed using an additional checksum calculated from the modified program code. Thus, for example, one can calculate a checksum before encrypting the modified program code and storage in the FLASH memory. As indicated above, said first phase can be performed when launching a boot program. In another aspect, there is provided a system comprising: a computer processing module comprising at least a level one cache of a cache memory containing cache lines each having an address field and a data field for storing instruction words executable by the central unit of the computer processing module, a first memory external to the computer processing module having memory locations corresponding to data fields of cache lines and intended to store the compiled program code and encrypted, -a first memory controller coupled to the first external memory, -a communication medium coupled to the first memory controller and the computer processing module, -the computer processing module further comprising control means configured for, in presence of a request for an instruction word by the central unit not present in the data field in a cache cache line, delivering on the communication medium destined for the first memory controller a command for reading the encrypted content of the memory location containing said requested instruction word, the first memory controller being configured to deliver this encrypted content to the computer processing module, the computer processing module further comprising decryption means configured to decrypt this encrypted content. When the cache memory comprises the level one cache and at least one higher level cache, the decryption means are advantageously configured to perform the decryption of said encrypted content at the level one cache.
    [0008] According to one embodiment, the control means are configured to carry out, prior to the decryption of the encrypted content, a storage of this encrypted content in the data field of a cache line of the cache memory. According to another possible embodiment, the control means are configured to carry out, after decryption of the encrypted content, storage of the decrypted content in the data field of a cache line of the level one cache of the cache memory. According to another embodiment, in the presence of a request of an instruction word by the central unit present in an encrypted content of the data field of a cache line of the cache memory, the decryption means are configured to decrypt said locally encrypted content at the level one cache.
    [0009] According to a first variant, the control means are configured for subsequent decryption, to deliver the required instruction word to the central unit. According to another variant, the system further comprises verification means configured for, before issuing the required instruction word, performing a verification of the integrity of said decrypted content and delivering the instruction word required if the result of said verification is representative of an integrity content. According to one embodiment, the system further comprises an initial memory external to the computer processing module having memory locations corresponding to cache line data fields and intended to store a compiled and encrypted modified program code comprising groups of data. instruction words, each group of instruction words comprising first instruction words resulting from the compilation of the program code and a second instruction word, all second instruction words being identical and located at reference locations , for example at the same reference location, in the corresponding groups of instructions, an initial memory controller coupled to the external initial memory and to the communication medium, processing means configured to perform a decryption of the modified compiled code, replace the second instruction word in each instruction group with an indication obtained from at least some of the first instruction words of said instruction group so as to form a modified instruction group, encrypting the modified instruction groups for storage of the modified instruction groups encrypted in the memory locations of said first memory, and the verification means are configured to perform a verification of the integrity of the control indication, an integrated control indication being representative of the integrity of said decrypted content, and if the result of said verification is representative of an integrity content, to replace, before issuing the required instruction word to the central unit, the control indication by the second instruction word. According to one embodiment, said control indication is a checksum and the verification means comprise calculation means configured to perform, after decryption of said encrypted content, a new calculation of a checksum and a comparison of the sum control in the decrypted content and the newly calculated checksum.
    [0010] According to one embodiment, the processing means further comprise initial verification means configured to carry out a verification of the integrity of the compiled modified program code before replacing each second instruction word. In this regard, the initial verification means may comprise initial calculation means configured to calculate an additional checksum from the modified program code.
    [0011] The system may comprise a boot controller advantageously containing said processing means. The system can be a system-on-chip ("System-OnChip"). In another aspect, there is provided a computer processing module, for example a processor or a microprocessor, comprising an interface intended to be coupled to a communication medium, a central unit, at least a level one cache, a cache memory containing cache lines each having an address field and a data field for storing instruction words executable by the central unit of the computer processing module, control means configured for, in presence of a query of an instruction word by the central unit not present in the data field of a cache cache line, delivering on the communication medium to an external memory, a command for reading the encrypted content of the memory location of this external memory containing said requested instruction word, the interface being configured to receive this encrypted content, and optimally configured to decrypt this encrypted content. According to one embodiment, the control means are configured to carry out, prior to the decryption of the encrypted content, a storage of this encrypted content in the data field of a cache line of the cache memory. According to another possible embodiment, the control means are configured to carry out, after decryption of the encrypted content, storage of the decrypted content in the data field of a cache line of the level one cache of the cache memory. According to one embodiment, in the presence of a request of an instruction word by the central unit present in an encrypted content of the data field of a cache line of the cache memory, the decryption means are configured to decrypt said locally encrypted content at the level one cache. According to a first possible variant, the control means are configured for subsequent decryption, to deliver the required instruction word to the central unit. According to another possible variant, the module further comprises verification means configured for, before issuing the required instruction word, performing a verification of the integrity of the decrypted content of the data field of a cache line and delivering the instruction word required if the result of said verification is representative of an integrity content. According to one embodiment, the decrypted content of the data field of a cache line contains a group of instruction words comprising first instruction words relating to a compiled program code and a control indication obtained from certain at least one of the first instruction words and located at a reference location in the cache line, which may be the same for all cache lines, and the verification means is configured to perform a integrity check of the cache line, a control indication, an integrated control indication being representative of the integrity of said decrypted content, and if the result of said checking is representative of an integrity content, to replace, before issuing the required instruction word to the central unit , the control indication by a second instruction word, this instruction word being identical for all the cache lines. The second instruction word may be a non-operation instruction and said control indication may be a checksum and the verification means then comprise, for example, calculation means configured to perform, after decryption of said decrypted content, a new calculating a checksum and comparing the checksum present in the decrypted content with the newly calculated checksum.
    [0012] Other objects, features and advantages of the invention will become apparent on examining the detailed description of embodiments and embodiments, in which FIGS. 1 to 10 diagrammatically illustrate various embodiments and embodiments of FIG. the invention.
    [0013] In FIG. 1, the reference SYS designates a system, for example a system-on-chip (SOC) system comprising a computer processing module 1, for example a microprocessor, coupled to a communication medium 2, in a a Network-On-Chip (NOC).
    [0014] In addition to the microprocessor 1, the SYS system comprises a memory 4, also called the initial memory, for example a non-volatile memory of FLASH type, associated with an initial memory controller 3 coupled to the network 2. The SYS system also comprises another memory 6 , also called the first memory, for example a DRAM memory and a first associated memory controller 5 also coupled to the network 2. The SYS system also comprises different modules or IP, 7 (only one is shown for simplification purposes) coupled 2. Finally, in this case, the SYS system comprises a boot controller 18 ("boot controller") also coupled to the network 2 and configured to launch a boot sequence ("boot") of the SYS system. , and in particular microprocessor 1.
    [0015] In the present case, the priming controller 18 comprises processing means 180 which themselves comprise initial verification means 1800 including initial calculation means 1801, which can be implemented for example in a software manner, and which will be discussed later. in detail below on the function. The microprocessor 1 comprises an interface 10 coupled to the network 2, a central unit 11 (also known by those skilled in the art under the acronym of the CPU: "Central Processing Unit").
    [0016] The processor 1 also comprises in this exemplary embodiment, a cache memory 12 which is assumed to be here only level 1 and comprising a level 1 instruction cache 120 and a level 1 data cache 130. The processor 1 also comprises a cache controller 14 as well as control means 15, decryption means 16 and verification means 17 on the functions of which will be discussed in more detail below. The SYS system also comprises a compiler 19. As is conventional in the field, and illustrated in FIG. 2, the instruction cache 120 comprises lines of LCHJ caches each comprising an address field TGJ and a data field. CHDJ. The data field CHDJ comprises several instruction words executable by the central unit 11 of the microprocessor and the address field TG; comprises the address of the data field CHD, in the first memory 6. Some bits of this address make it possible to identify the different instruction words present in the data field CHDJ. With reference to FIGS. 3 to 9, various embodiments of the method according to the invention will now be described.
    [0017] In FIG. 3, the reference CP designates a program code intended to be executed by the microprocessor 1. In step 30, the program code CP is compiled and supplemented by specific instruction words, in this case instruction instructions. non-operation (NOP instruction: "No OPeration") so as to obtain a program code compiled and modified CPM. As illustrated in this FIG. 3, this modified compiled program code CPM includes groups J of instruction words.
    [0018] Each group J of instruction words comprises first instruction words MI1 resulting from the compilation of the program code and a second instruction word, in this case a NOP instruction, all the second instruction words being identical and located in the same place in the corresponding instruction groups.
    [0019] In the example described here, the NOP instruction is placed at the last position of each instruction group J. This being so, this position could be different provided that it is for example identical in each of the groups or is easily calculable. .
    [0020] Similarly, the second instruction word could be a different instruction from the NOP instruction but this would then require the sacrifice of a microprocessor register since such an instruction can be executed by the processor. In order to allow a first level of integrity checking, the compiler 19 performs a calculation 31 of a check sum CHS1 ("Checksum") from at least some, and in practice, all the instruction words modified compiled program code. The modified compiled program code CPM and the checksum CHS1 are encrypted (step 32) by conventional encryption means that can be incorporated into the compiler 19. By way of non-limiting example, an algorithm can be used as an encryption algorithm of the AES type. The compiled and encrypted modified program code is then stored (step 33) under the control of the memory controller 3, in the memory locations EMO, of the initial memory 4. These memory locations correspond to data fields of cache lines. The security method then comprises a first phase performed advantageously during the boot phase 34 ("boot") of the processor. The operations that will now be described are typically performed by the boot controller 18. The boot controller's processing means 180 perform a decryption of the modified compiled program code and the CHS1 checksum stored in the initial memory. 4, and extracted from this memory via the memory controller 3. The initial verification means 1800 then perform a check 36 of the checksum CHS1. More specifically, conventionally, the initial calculation means 1801 are configured to calculate an additional checksum again from the modified program code CPM and the initial verification means 1800 compare the checksum CHS1 with the additional checksum just calculated (step 37, figure 4). If the check turns out to be negative, that is, if the two checksums are different, then this is representative of an unhealthy modified program code that has been potentially corrupted. In this case, a specific error processing 38 may be applied. The content of such an error processing varies according to the applications and may for example consist of a blocking of the SYS system. In the case where the result of the comparison is positive, that is to say representative of an integrated content of the modified program code CPM, the processing means 180 determine (step 39) for each instruction group J, a checksum CHS2, obtained from the instruction words MI1 and NOP of the group J, and replace the second instruction word, in this case the instruction NOP, by this checksum CHS2 'so as to form a modified instruction group JM ,.
    [0021] Then, the processing means 180 perform an encryption 40 of the modified instruction groups JM, and store them (step 41) via the memory controller 5 in the memory locations EM1, of the first memory 6.
    [0022] Here again, these memory locations EM1 correspond to data fields of cache lines. At this point, the program code is ready to be executed by the microprocessor 1.
    [0023] This will be explained in more detail with reference to FIGS. 5 to 9. It is assumed in FIG. 5 that, in a step 50, the central unit 11 of the microprocessor requires the instruction word MI. The control means 15, which in practice can for example be implemented in a software manner within the cache controller 14, verify, by a comparison of addresses in the different address fields TG, the cache 12, if this word d MI instruction is present in an LCH cache line 120 cache. If this is not the case, that is to say, in the case of a cache fault, the control means deliver on the network 2 (step 52) a CMD command to read the encrypted content of the memory location of the first memory 6 containing the required instruction word. This command therefore contains the address of this memory location.
    [0024] The memory controller 5 then extracts from this memory location its encrypted content, that is to say the modified group of instructions encrypted, which is supposed to be in this example the group JM. The memory controller then delivers this encrypted group JM on the network 2 to the microprocessor 1 (step 54).
    [0025] The decryption means 16, which can also be implemented in a software manner within the cache controller 14, then proceed, in this variant embodiment, with decryption 55 of the modified encrypted instruction group JM, and the verification means 17. , which may also be software incorporated within the cache controller, perform a verification 56 of the integrity of this decrypted content, i.e., the modified instruction group decrypted JM ,. In this respect, the verification means will verify the integrity of the checksum CHS2, (step 57).
    [0026] This verification is carried out in a conventional manner by a recalculation of a new check sum CHS2'j and by a comparison of the checksum CHS2J received and the checksum CHS2'j calculated.
    [0027] In the case of a negative comparison, representative of a non-integrity of the received modified instruction group, the cache controller may implement a specific error processing 58. In the case where the checksum verification is representative of an integrated content of the group of instructions modified JMJ received, the verification means 17 replace the checksum CHS2J by the second instruction word, in this case the instruction NOP so as to obtain again the group d Jj instructions that had been obtained at the end of step 30 of Figure 3.
    [0028] This group of instructions JJ which includes the first instruction words MI1 and the instruction NOP, is then stored (step 60) in the data field of a cache line, in this case the cache line LCH ' ,. Then, the requested instruction word MI is delivered (step 61) to the central unit 11 for execution, the required instruction word MI can be either one of the instruction words MI1 or the instruction NOP. In this embodiment, it has been assumed that the decryption of encrypted content and the verification of the integrity of the decrypted content have been performed prior to storage in a cache line. Under these conditions, if in step 51, the required instruction word MI already belongs to an LCH cache line, it is directly delivered (step 61). Other implementation variants are possible.
    [0029] Thus, as illustrated in FIG. 7, after the issuing of the modified instruction group JMJ encrypted to the microprocessor 1, it is possible directly (step 70) to store this encrypted JMJ group in a cache line, in this case the LCH cache line ..
    [0030] Then, the decryption means 16 decrypts the modified instruction group JMj (step 71) and the verification means 17 proceeds (step 72) to a verification of the integrity of the modified instruction group decrypted in a manner. analogous to what has been previously described in relation to step 56 of FIG. 5. In the case where this verification process is representative of an unhealthy content (step 73), an error processing 74 is set up. square.
    [0031] If the verification process proves to be positive, that is to say representative of an integrated content of the modified instruction group JMj, the verification means then proceed (step 75) to a replacement of the checksum CHS2j by the instruction NOP in a manner analogous to that described with reference to step 59 of FIG. 6, so as to restore the instruction group Jj and then to deliver, in step 76, the word of instruction required MI. If, as illustrated in FIG. 8, the required instruction word MI belongs to a line LCH, for example the cache line LCH ,,, whose data field is encrypted, then, go directly (step 81) to step 71 of FIG. 7 to then perform steps 72, 73, possibly 74, 75 and 76. It is also possible, as illustrated in FIG. 9, in the case where the required instruction word MI belongs to a LCH cache line (step 90), for example the cache line LCH ', already decrypted, that the verification process is carried out not before the storage of the decrypted content in the cache line but after this storage before delivery the instruction word required. In this case, step 91 leads directly to step 56 of FIG. 5 so as to execute steps 56, 57, possibly 58 and 59 to 61. In all the foregoing, it has been assumed that the cache memory had a level one cache.
    [0032] However, as shown in FIG. 10, the cache memory may be a cache hierarchy and have different level caches, for example, a level one cache 1201, a two level cache 1202, and a three level cache 1203.
    [0033] Some of these caches may even be located outside the microprocessor, such as the level three cache. In this case, all that has just been described above, namely decryption, integrity checking, are performed locally at level one cache. In other words, any decryption of content will be performed only between the level two cache and the level one cache or downstream of the level one cache before issuing the instruction word to the CPU. And, any content extracted from memory 6 will remain encrypted as long as it remains in a higher level cache at level one.
    [0034] Each cache is associated with a cache controller. If the required instruction word is not present in the level one cache but is present in the level two cache, for example, the contents of the corresponding cache line of the level two cache remain encrypted in the level two cache and is issued by the level two cache controller to the level one cache controller. It can then store the encrypted content in the cache line of the level one cache before decryption or perform the decryption before storage first. In the case where the required instruction word does not belong to any cache, that is to say in the case of a cache miss, the encrypted content extracted from the DRAM is delivered. to the level three cache controller which is here supposed to be outside the microprocessor. At this point the level three cache controller can either update the level 3 cache by storing the encrypted content and then deliver the encrypted content to the microprocessor and more specifically to the level two cache controller, or deliver the content directly. encrypted to the level two cache controller before updating the level three cache.
    [0035] The level two cache controller can either update the level 2 cache by storing the encrypted content and deliver the encrypted content to the level one cache controller, or deliver the encrypted content directly to the level one cache controller before updating the level two cache. And again the level one cache controller can then store the encrypted content in the cache line of the level one cache before decryption or first perform the decryption before storage. The invention is not limited to the embodiments and implementations which have just been described but embraces all the variants. Thus, in a simplified variant, if one does not wish to carry out integrity verification processing, one can simply proceed to decrypt the encrypted content extracted from the DRAM and issue the instruction word required. Furthermore, the system is not necessarily a system-on-a-chip (SoC) but may for example comprise a processor and external memories connected to a card and mutually coupled by a conventional bus.
    权利要求:
    Claims (40)
    [0001]
    REVENDICATIONS1. A method of securing program code for execution by a computer processing module having at least a level one cache of a cache memory (120) containing cache lines each having an address field and a cache field. data for storing executable instruction words by the CPU of the computer processing module, the method comprising a) storing (41) the compiled and encrypted program code in memory locations of a first external memory (6) to the computer processing module corresponding to data fields of cache lines, and during a request of an instruction word (MI) by the central unit not present in the data field of a cache line of the cache memory, b) an extraction (53) of the first memory (6) of the encrypted content of the memory location containing said required instruction word and a delivery of this encrypted content (JMJ) to the module of t computing (1) and, c) a decryption (55) within the computer processing module, said encrypted content.
    [0002]
    The method of claim 1, wherein the cache memory comprises the level one cache and at least one higher level cache, and the decryption of said encrypted content is performed locally at said level one cache.
    [0003]
    The method of claim 1 or 2, comprising, prior to decrypting (71) the encrypted content, storing (70) that encrypted content in the data field of a cache line of the cache memory.
    [0004]
    A method according to claim 1 or 2, comprising, after the decryption (55) of the encrypted content, storing (60) the decrypted content in the data field of a cache line of the level one cache of the cache memory ( 120).
    [0005]
    5. Method according to claim 1 or 2, comprising, during a request of an instruction word by the central unit present in an encrypted content of the data field of a cache cache line cache, a decryption (71) said encrypted content within the computer processing module locally at the level one cache level.
    [0006]
    6. Method according to one of the preceding claims, further comprising subsequent to said decryption, a delivery (61) of the instruction word required to the central unit.
    [0007]
    The method according to one of claims 1 to 5, further comprising prior to issuing the required instruction word, checking (56) the integrity of said decrypted content and issuing (61) the required instruction word if the result of said verification is representative of an integrity content.
    [0008]
    The method according to claim 7, comprising an initial phase, prior to step a), comprising storing (33) a modified program code compiled and encrypted in memory locations of an initial memory (4) external to the computer processing module corresponding to cache line data fields, said compiled modified program code comprising groups of instruction words (J,) stored in said memory locations of the initial memory, each group of instruction words comprising first instruction words (MI1) resulting from the compilation of the program code and a second instruction word (NOP), all the second instruction words being identical and located respectively at reference locations in the groups of instructions corresponding, a first phase comprising a decryption (35) of the modified compiled code, a replacement (39) of the second instruction word (NOP) of each group of instants. by a control indication (CHS2,) obtained from at least some of the first instruction words of said instruction group (J,) so as to form a modified instruction group (JM,), an encryption ( 40) groups of modified instructions and said step a) comprising storing (41) the groups of modified instructions encrypted in the memory locations of said first memory (6), and wherein said checking (56) of the integrity said decrypted content comprises a verification of the integrity of the control indication, an integrated control indication being representative of the integrity of said decrypted content, and if the result of said verification is representative of an integrity content, the method comprises in in addition to delivery (61) of the required instruction word to the central unit, a replacement (59) of the control indication by the second instruction word (NOP).
    [0009]
    The method of claim 8, wherein the reference locations occupy identical positions in the corresponding groups of instructions.
    [0010]
    The method of claim 8 or 9, wherein the second instruction word is a non-operation instruction (NOP).
    [0011]
    11. The method of claim 8, 9 or 10, wherein said control indication is a checksum (CHS2), and verification of the integrity of said control indication comprises after decryption of said encrypted content a new calculation of a checksum and a comparison of the checksum present in the decrypted content and the newly calculated checksum.
    [0012]
    The method according to one of claims 8 to 11, wherein the first phase further comprises checking (36) the integrity of the modified program code compiled before replacing each second instruction word.
    [0013]
    The method of claim 12, wherein said verifying the integrity of the modified program code is performed using an additional checksum (CHS1) calculated from the modified program code.
    [0014]
    14. Method according to one of claims 8 to 13, wherein said first phase is performed during the launch (34) of a boot program.
    [0015]
    A system, comprising a computer processing module (1) having at least a level one cache of a cache memory (120) containing cache lines each having an address field and a data field for storing instruction words executable by the central unit of the computer processing module, a first memory (6) external to the computer processing module having memory locations corresponding to data fields of cache lines and intended to store the code compiled and encrypted program, -a first memory controller (5) coupled to the first external memory, -a communication medium (2) coupled to the first memory controller and the computer processing module, -the computer processing module (1). ) further comprising control means (15) configured for, in the presence of a query of an instruction word by the central unit not present in the data field of a cache cache line, delivering on the communication medium to the first memory controller a command (CMD) for reading the encrypted content of the memory location containing said requested instruction word, -the first memory controller ( 5) being configured to deliver this encrypted content to the computer processing module, the computer processing module (1) further comprising decryption means (16) configured to decrypt this encrypted content.
    [0016]
    The system of claim 15, wherein the cache includes the level one cache and at least one higher level cache, and the decryption means (16) is configured to decrypt said locally encrypted content at said cache. level one.
    [0017]
    17. System according to claim 15 or 16, wherein the control means (15) are configured to carry out, prior to the decryption of the encrypted content, an encrypted storage of content in the data field of a cache line of the memory. hidden.
    [0018]
    18. System according to claim 15 or 16, wherein the control means (15) are configured to carry out, after decryption of the encrypted content, a storage of the decrypted content in the data field of a cache line of the cache. level one of the cache.
    [0019]
    19. System according to claim 15 or 16, wherein, in the presence of a query of an instruction word by the central unit present in an encrypted content of the data field of a cache line of the cache memory. the decryption means (16) is configured to decrypt said locally encrypted content at the level one cache.
    [0020]
    20. System according to one of claims 15 to 19, wherein the control means (15) are configured for subsequent decryption, deliver the required instruction word to the central unit.
    [0021]
    21. System according to one of claims 15 to 19, wherein the computer processing module (1) further comprises verification means (17) configured for, before issuing the instruction word required, perform a verification of the integrity of said decrypted content and issue the instruction word required if the result of said verification is representative of an integrity content.
    [0022]
    The system of claim 21, further comprising: an initial memory (4) external to the computer processing module having memory locations corresponding to cache line data fields and for storing a compiled and encrypted modified program code comprising groups of instruction words, each group of instruction words comprising first instruction words resulting from the compilation of the program code and a second instruction word, all the second instruction words being identical and located respectively at reference locations in the corresponding instruction groups, -an initial memory controller (3) coupled to the external initial memory (4) and the communication medium (2), -processing means (180) configured to perform a decryption of the modified compiled code, replace the second instruction word of each group of instructions with a control indication obtained from at least some of the first instruction words of said instruction group so as to form a modified instruction group, encrypting the modified instruction groups for storage of the modified instruction groups encrypted in the memory locations of said first memory, and the verification means (17) are configured to perform a verification of the integrity of the control indication, an integrated control indication being representative of the integrity of said decrypted content, and if the result said check is representative of an integral content, to replace, before delivery of the required instruction word to the central unit, a control indication by the second instruction word.
    [0023]
    The system of claim 22, wherein the reference locations occupy identical positions in the corresponding groups of instructions.
    [0024]
    The system of claim 22 or 23, wherein the second instruction word is a non-operation instruction (NOP).
    [0025]
    25. System according to claim 22, 23 or 24, wherein said control indication is a checksum (CHS2), and the verification means comprise calculation means configured to perform, after decryption of said encrypted content, a new calculation. a checksum and a comparison of the checksum present in the decrypted content and the newly calculated checksum.
    [0026]
    26. System according to one of claims 19 to 21, wherein the processing means (180) further comprises initial verification means (1800) configured to perform a verification of the integrity of the compiled modified program code before replacing each second instruction word.
    [0027]
    The system of claim 22, wherein the initial verification means (1800) comprises initial calculation means (1801) configured to calculate an additional checksum from the modified program code.
    [0028]
    28. System according to one of claims 19 to 23, further comprising a boot controller (18) containing said processing means (180).
    [0029]
    29. System according to one of claims 15 to 28, forming a system-on-a-chip.
    [0030]
    Computer processing module, comprising an interface (10) to be coupled to a communication medium (2), a central unit (11), at least a level one cache of a cache memory (120) containing cache lines each having an address field and a data field for storing instruction words executable by the central unit of the computer processing module, control means (15) configured for, in the presence of a querying an instruction word by the central unit not present in the data field of a cache cache line, delivering on the communication medium to an external memory, a read command of the encrypted content of the memory location of that memory containing said required instruction word, the interface (10) being configured to receive that encrypted content, and decryption means (16) configured to decrypt that encrypted content.
    [0031]
    The module of claim 30, wherein the cache memory includes the level one cache and at least one higher level cache, and the decryption means (16) is configured to decrypt said locally encrypted content at said cache. level one.
    [0032]
    32. Module according to claim 30 or 31, wherein the control means (15) are configured to carry out, prior to the decryption of the encrypted content, an encrypted storage of content in the data field of a cache line of the memory. hidden.
    [0033]
    33. Module according to claim 30 or 31, wherein the control means (15) are configured to carry out, after decryption of the encrypted content, a storage of the decrypted content in the data field of a cache line of the cache. level one of the cache.
    [0034]
    34. Module according to claim 30 or 31, wherein, in the presence of a query of an instruction word by the central unit present in an encrypted content of the data field of a cache line of the cache memory. the decryption means (16) is configured to decrypt said locally encrypted content at the level one cache.
    [0035]
    35. Module according to one of claims 30 to 34, wherein the control means (15) are configured for subsequent decryption, deliver the required instruction word to the central unit.
    [0036]
    36. Module according to one of claims 30 to 34, further comprising verification means (17) configured for, before issuing the required instruction word, performing a verification of the integrity of the decrypted content of the data field d a cache line and issue the instruction word required if the result of said verification is representative of an integrity content.
    [0037]
    37. Module according to claim 36, in which the decrypted content of the data field of a cache line contains a group of instruction words comprising first instruction words relating to a compiled program code and a control indication obtained. from at least some of the first instruction words and located at a reference point in the cache line, and the checking means (17) is configured to perform a verification of the integrity of the inspection indication, an integrated control indication being representative of the integrity of said decrypted content, and if the result of said verification is representative of an integrity content, to replace, before issuing the required instruction word to the central unit, the control indication by a second instruction word (NOP), this instruction word being identical for all the cache lines.
    [0038]
    The module of claim 37, wherein the reference locations are the same for all cache lines.
    [0039]
    The module of claim 37 or 38, wherein the second instruction word is a non-operation instruction (NOP).
    [0040]
    40. The module of claim 37, 38 or 39, wherein said control indication is a checksum and the verification means (17) comprises calculation means configured to perform, after decryption of said encrypted content, a new calculation of a checksum and a comparison of the checksum present in the decrypted content and the newly calculated checksum.
    类似技术:
    公开号 | 公开日 | 专利标题
    FR3017226A1|2015-08-07|METHOD FOR SECURING A PROGRAM CODE, SYSTEM AND CORRESPONDING PROCESSOR
    WO2009156615A1|2009-12-30|Method and device for updating a computer application
    EP2940690B1|2017-07-05|Bi-directional counter in flash memory
    EP1687717A1|2006-08-09|Secured start-up of an electronic device having an smp architecture
    EP1607878A1|2005-12-21|Method and computer program for managing a virtual address used to program a DMA controller and associated system on a chip.
    EP2565810A1|2013-03-06|Microprocessor protected against memory dump
    FR2972821A1|2012-09-21|METHOD AND DEVICE FOR INSTALLING / UNINSTALLING SOFTWARE MODULES WITH CENTRALIZED RESOLUTION OF CONSTRAINTS IN AIRCRAFT EQUIPMENT
    EP1983436A1|2008-10-22|Integrity check for a memory external to a processor
    FR2683061A1|1993-04-30|MEMORY SEGMENTATION SYSTEM.
    FR2682783A1|1993-04-23|MAINTAINING HIDDEN CONSISTENCY.
    EP3147811B1|2019-02-06|Storage and retrieval of a message authentication code from an external memory.
    FR2923627A1|2009-05-15|METHOD FOR UNLOCKING A MOTOR CONTROL COMPUTER
    EP3293637A1|2018-03-14|Index management in a flash memory
    EP2453356A1|2012-05-16|Method, computer program and device for securing byte code to be run by a virtual machine
    FR3051574A1|2017-11-24|MANAGING STORAGE IN A FLASH MEMORY
    FR2748134A1|1997-10-31|METHOD AND APPARATUS FOR A FIXED POWER PROGRAM TO DEVELOP
    EP1488386A1|2004-12-22|Method and device for automatic validation of a computer program using cryptography functions
    EP3712795B1|2021-08-04|Method for the execution, by a microprocessor, of a binary code comprising a calling function and a called function
    EP3761199A1|2021-01-06|Method for executing a binary code of a secure function by a microprocessor
    FR2821449A1|2002-08-30|METHOD FOR MANAGING INSTRUCTIONS WITHIN A PROCESSOR WITH DECOUPLED ARCHITECTURE, IN PARTICULAR A PROCESSOR FOR DIGITAL SIGNAL PROCESSING, AND CORRESPONDING PROCESSOR
    FR3097994A1|2021-01-01|Modification of a memory of a secure microprocessor
    FR2919401A1|2009-01-30|METHOD FOR TESTING DATA PATHS IN AN ELECTRONIC CIRCUIT
    EP3712794A1|2020-09-23|Method for executing a binary code of a function secured by a microprocessor
    FR3010598A1|2015-03-13|METHOD FOR MANAGING COHERENCE COACHES
    FR3020163A1|2015-10-23|METHOD OF DEACTIVATING A PAYMENT MODULE, COMPUTER PROGRAM PRODUCT, STORAGE MEDIUM AND PAYMENT MODULE THEREOF
    同族专利:
    公开号 | 公开日
    US20150220456A1|2015-08-06|
    US10613993B2|2020-04-07|
    FR3017226B1|2016-01-29|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    JPH09265397A|1996-03-29|1997-10-07|Hitachi Ltd|Processor for vliw instruction|
    JP5118036B2|2006-07-18|2013-01-16|パナソニック株式会社|Instruction generating apparatus, instruction generating method, program, and integrated circuit|
    US8438365B2|2006-10-06|2013-05-07|Calos Fund Limited Liability Company|Efficient data loading in a data-parallel processor|
    US8055848B2|2008-07-31|2011-11-08|Samsung Electronics Co., Ltd.|Method and system for securing instruction caches using substantially random instruction mapping scheme|
    US9317708B2|2008-08-14|2016-04-19|Teleputers, Llc|Hardware trust anchors in SP-enabled processors|
    US9298894B2|2009-06-26|2016-03-29|International Business Machines Corporation|Cache structure for a computer system providing support for secure objects|
    CA2767368C|2009-08-14|2013-10-08|Azuki Systems, Inc.|Method and system for unified mobile content protection|
    US8997058B2|2010-03-26|2015-03-31|Software Diagnostics Technology Gmbh|Method for automatically generating a trace data set for a software system, a computer system, and a computer program product|
    GB2509422B|2011-09-29|2020-12-30|Hewlett Packard Development Co|Decryption and encryption of application data|
    US20140282883A1|2013-03-13|2014-09-18|Ronald Simon CHAN|System and method for distributing, monitoring and controlling information|
    US9563565B2|2013-08-14|2017-02-07|Micron Technology, Inc.|Apparatuses and methods for providing data from a buffer|US9767318B1|2015-08-28|2017-09-19|Frank Dropps|Secure controller systems and associated methods thereof|
    FR3047585B1|2016-02-09|2018-03-09|StmicroelectronicsSas|METHOD AND DEVICE FOR MONITORING THE EXECUTION OF A PROGRAM CODE|
    KR20190044879A|2017-10-23|2019-05-02|삼성전자주식회사|Data encryption method and electronic apparatus thereof|
    US10956585B2|2018-05-28|2021-03-23|Royal Bank Of Canada|System and method for secure electronic transaction platform|
    法律状态:
    2015-02-20| PLFP| Fee payment|Year of fee payment: 2 |
    2016-01-21| PLFP| Fee payment|Year of fee payment: 3 |
    2017-01-24| PLFP| Fee payment|Year of fee payment: 4 |
    2018-01-23| PLFP| Fee payment|Year of fee payment: 5 |
    2020-01-22| PLFP| Fee payment|Year of fee payment: 7 |
    2021-11-12| ST| Notification of lapse|Effective date: 20211005 |
    优先权:
    申请号 | 申请日 | 专利标题
    FR1400289A|FR3017226B1|2014-02-03|2014-02-03|METHOD FOR SECURING A PROGRAM CODE, SYSTEM AND CORRESPONDING PROCESSOR|FR1400289A| FR3017226B1|2014-02-03|2014-02-03|METHOD FOR SECURING A PROGRAM CODE, SYSTEM AND CORRESPONDING PROCESSOR|
    US14/610,924| US10613993B2|2014-02-03|2015-01-30|Method for protecting a program code, corresponding system and processor|
    [返回顶部]