Chip starting method and device, electronic equipment, chip and storage medium

By using the cryptographic algorithm engine of the main chip to uniformly process the boot files of multi-chip systems, the complexity of the boot process and the security management problems in traditional multi-chip systems are solved, thereby optimizing hardware resources and improving system security.

CN122197022APending Publication Date: 2026-06-12BEIJING X RING TECHNOLOGY CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
BEIJING X RING TECHNOLOGY CO LTD
Filing Date
2026-01-23
Publication Date
2026-06-12

Smart Images

  • Figure CN122197022A_ABST
    Figure CN122197022A_ABST
Patent Text Reader

Abstract

The present disclosure provides a chip starting method and device, electronic equipment, chip and storage medium. The method comprises: obtaining a target chip starting file, the target chip starting file being obtained by performing security processing on a first chip starting file by a password algorithm engine of a first chip of a terminal; and based on the target chip starting file, completing starting of a second chip of the terminal. The area and cost of the chip can be reduced.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This disclosure relates to the field of communications, and more particularly to a chip boot method, apparatus, electronic device, chip, and storage medium. Background Technology

[0002] With the rapid development of fields such as artificial intelligence, autonomous driving, and high-performance computing, the requirements for the processing power, real-time performance, and reliability of terminal devices are becoming increasingly stringent. In many application scenarios, the computing power and functionality provided by a single chip are gradually becoming insufficient to meet the needs of complex tasks. Therefore, adopting a system architecture that uses dual or multiple chips working together has become the mainstream solution to improve overall performance. Summary of the Invention

[0003] This disclosure provides a chip boot method, apparatus, electronic device, chip, and storage medium to solve problems in the related art.

[0004] The first aspect of this disclosure provides a chip boot method, the method comprising: obtaining a target chip boot file, wherein the target chip boot file is obtained by performing secure processing on a first chip boot file by a cryptographic algorithm engine of a first chip of a terminal; and booting a second chip of the terminal based on the target chip boot file.

[0005] In some embodiments of this disclosure, obtaining the target chip startup file includes: the first chip performing startup; after startup is completed, the first chip obtains the first chip startup file from the first storage space connected to the first chip; the cryptographic algorithm engine of the first chip performs security processing on the first chip startup file to obtain the target chip startup file.

[0006] In some embodiments of this disclosure, obtaining the target chip boot file includes: the cryptographic algorithm engine of the first chip decrypts and / or performs security verification on the first chip boot file to obtain the target chip boot file, wherein the security verification is used to verify the integrity and authenticity of the first image chip boot file.

[0007] In some embodiments of this disclosure, the first chip performs startup as follows: after the first chip is powered on, the first chip is de-reset; the first chip executes a startup program in a second storage space connected to the first chip to initialize the hardware environment of the first chip; if the startup program executes successfully, the first chip obtains a second chip startup file from the first storage space; and the first chip completes startup based on the second chip startup file.

[0008] In some embodiments of this disclosure, the first chip completes the startup process based on the second chip startup file, including: the cryptographic algorithm engine of the first chip performs security processing on the second chip startup file to obtain a third chip startup file, the security processing including decryption and / or security verification; the first chip executes the third chip startup file to complete the startup.

[0009] In some embodiments of this disclosure, the startup of the second chip of the terminal is completed based on the target chip startup file, including: after the second chip is powered on, the reset state of the second chip is released; the second chip obtains the target chip startup file sent by the first chip through a communication link, wherein the communication link is a communication link between the first chip and the second chip; and the second chip executes the target chip startup file to complete the startup.

[0010] In some embodiments of this disclosure, the second chip obtains the target chip startup file sent by the first chip through a communication link, including: after the second chip successfully de-resets, it sends a notification message to the first chip through a first interface, the notification message indicating that the second chip has successfully de-reset; in response to the notification message, the first chip configures the communication link controller of the second chip through a second interface; the first chip and the second chip complete the communication link initialization to establish a communication link between the first chip and the second chip; and the second chip obtains the target chip startup file sent by the first chip through the communication link between the first chip and the second chip.

[0011] A second aspect of this disclosure provides a chip that does not include a cryptographic algorithm engine. The chip is configured to: obtain a target chip startup file by securely processing a first chip startup file using the cryptographic algorithm engine of another chip in the terminal; and complete the startup of the chip based on the target chip startup file.

[0012] In some embodiments of this disclosure, the chip does not include a storage device for storing the chip startup file, and the first chip startup file is obtained by other chips of the terminal from the storage device corresponding to other chips.

[0013] In some embodiments of this disclosure, the chip does not include a storage device for storing a boot program.

[0014] A third aspect of this disclosure provides a chip system, characterized in that it includes: a first chip including a cryptographic algorithm engine; and a second chip not including a cryptographic algorithm engine; wherein the first chip is configured to: perform secure processing on a first chip startup file using the cryptographic algorithm engine of the first chip to obtain a target chip startup file, and send the target chip startup file to the second chip; wherein the second chip is configured to: receive the target chip startup file sent by the first chip, and complete the startup of the second chip based on the target chip startup file.

[0015] In some embodiments of this disclosure, the first chip further includes a first storage device configured to store a first chip startup file; the second chip does not include a storage device for storing the chip startup file, and the first chip startup file is obtained by the first chip from the first storage device.

[0016] In some embodiments of this disclosure, the first chip further includes a second storage device configured to store a boot program of the first chip; the second chip does not include a storage device for storing the boot program.

[0017] In some embodiments of this disclosure, the second chip is configured to acquire the target chip startup file sent by the first chip via a high-speed serial computer extended bus standard interface.

[0018] A fourth aspect of this disclosure provides a chip booting device, which includes: a processing module for acquiring a target chip boot file, wherein the target chip boot file is obtained by performing secure processing on the first chip boot file through a cryptographic algorithm engine of a first chip of the terminal; and for booting a second chip of the terminal based on the target chip boot file.

[0019] A fifth aspect of this disclosure provides an electronic device comprising: at least one processor; and a memory communicatively connected to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the methods described in the first aspect of this disclosure.

[0020] A sixth aspect of this disclosure provides a non-transitory computer-readable storage medium storing computer instructions, wherein the computer instructions are used to cause a computer to perform the methods described in the first aspect of this disclosure.

[0021] In summary, the chip boot method proposed in this disclosure allows the second chip to obtain the target chip boot file by the cryptographic algorithm engine of the first chip of the terminal through secure processing of the first chip boot file, and to complete the boot of the second chip of the terminal based on the target chip boot file, thereby reducing the area and design complexity of the second chip. It should be understood that the above general description and the following detailed description are exemplary and explanatory only, and are not intended to limit this disclosure. Attached Figure Description

[0022] The accompanying drawings, which are incorporated in and form part of this specification, illustrate embodiments consistent with this disclosure and, together with the description, serve to explain the principles of this disclosure, and are not intended to unduly limit this disclosure.

[0023] Figure 1 A flowchart illustrating a chip boot method provided in this embodiment of the present disclosure. Figure 1 ; Figure 2 A flowchart illustrating a chip boot method provided in this embodiment of the present disclosure. Figure 2 ; Figure 3 A flowchart illustrating a chip boot method provided in this embodiment of the present disclosure. Figure 3 ; Figure 4A This is a schematic diagram of the structure of a chip provided in an embodiment of the present disclosure; Figure 4B This is a schematic diagram of the structure of a chip system provided in an embodiment of the present disclosure; Figure 4C A flowchart illustrating a dual-chip secure boot method for a System-on-a-Chip (SOC) provided in this embodiment of the present disclosure; Figure 5 This is a schematic diagram of the structure of a chip startup device provided in an embodiment of the present disclosure; Figure 6 This is a schematic diagram of the structure of an electronic device provided in an embodiment of this disclosure. Detailed Implementation

[0024] Embodiments of this disclosure are described in detail below. Examples of these embodiments are illustrated in the accompanying drawings, wherein the same or similar reference numerals denote the same or similar elements or elements having the same or similar functions throughout. The embodiments described below with reference to the accompanying drawings are exemplary and intended to explain this disclosure, and should not be construed as limiting this disclosure.

[0025] With the rapid development of fields such as artificial intelligence, autonomous driving, and high-performance computing, the requirements for the processing power, real-time performance, and reliability of terminal devices are becoming increasingly stringent. In many application scenarios, the computing power and functions provided by a single chip are gradually becoming insufficient to meet the needs of complex tasks. Therefore, adopting a system architecture that uses dual or multiple chips working together has become the mainstream solution to improve overall performance. In such systems, multiple chips perform their respective functions, such as general computing, dedicated acceleration, real-time control, or security management, and work together to achieve computing power aggregation and energy efficiency optimization.

[0026] However, the introduction of dual-chip systems also brings new design challenges. Traditional multi-chip solutions are usually viewed as a simple superposition of multiple independent subsystems, with each chip possessing a complete, self-sufficient boot and security module. In one implementation, security subsystems are integrated on both the master and slave chips, each containing corresponding read-only memory (ROM) and cryptographic algorithm engines, as well as corresponding universal flash storage (UFS) chips. In this solution, both the master and slave chips need to support ROM boot, resulting in significant area overhead; in another solution, both the master and slave chips need to support UFS boot, requiring corresponding UFS chips, leading to high cost. Furthermore, the boot process of the slave chip is completely identical to that of the master chip, with each chip's boot process being entirely independent. This not only results in redundant hardware resource configuration, increasing chip area and system cost, but also introduces complexity to system-level security management and collaborative booting.

[0027] Therefore, in order to solve the above problems, this disclosure proposes a chip boot method. In some embodiments, the solution of this disclosure can be executed by a chip system, such as by a dual-chip system, or by an electronic device, such as by a terminal.

[0028] The specific details of this method are as follows.

[0029] Figure 1 A flowchart illustrating a chip boot method provided in this embodiment of the present disclosure. Figure 1 .like Figure 1 As shown, the method may include the following steps.

[0030] Step 101: Obtain the target chip's startup file.

[0031] In some embodiments, the target chip boot file is obtained by securely processing the first chip boot file through the cryptographic algorithm engine of the first chip in the terminal.

[0032] In some embodiments, the terminal may include a first chip, which may have a corresponding cryptographic algorithm engine. The cryptographic algorithm engine can be used to perform security processing on the chip's startup file. Security processing may include decryption, decoding, security verification (signature verification), etc., where security verification may involve verifying data integrity and authenticity. The first chip may be a main chip. Further, the cryptographic algorithm engine may be a hardened cryptographic algorithm engine capable of performing cryptographic algorithm services such as symmetric encryption / decryption, key generation, key derivation, digital signature, signature verification, and key encapsulation.

[0033] Among them, data integrity verification can be used to confirm that the first chip boot file has not been illegally tampered with, deleted or replaced during storage and transmission, so as to avoid abnormal chip boot, operation failure or even malicious code injection due to file damage or tampering. Data authenticity verification is used to confirm that the source of the first chip boot file is legitimate and credible, that is, the file is indeed an authorized chip boot image, rather than an illegal file forged by attackers, thus blocking the security risks caused by malicious image injection (such as privacy data leakage, AI model tampering, system hijacking, etc.) from the source.

[0034] In some embodiments, the chip startup file may be a file required by the chip during startup. The chip startup file may include the code that the chip needs to execute during startup, as well as the required startup data. The chip startup file may be, for example, an image file.

[0035] In some embodiments, the terminal may include a second chip, which can obtain the cryptographic algorithm engine of the terminal's first chip to perform secure processing on the first chip's startup file to obtain the target chip's startup file. The second chip does not have a corresponding cryptographic algorithm engine, and may not have decryption, decoding, or security verification (signature verification) functions. The second chip may be a slave chip.

[0036] In some embodiments, obtaining the target chip boot file includes: the first chip performing a boot; after the first chip completes the boot process, obtaining the first chip boot file from the first storage space connected to the first chip; and the cryptographic algorithm engine of the first chip performing security processing on the first chip boot file to obtain the target chip boot file.

[0037] In some embodiments, the first chip may have a corresponding first storage space, which may be a first storage device. The first storage space may store chip startup files, that is, the first storage space may be used to store files required for chip startup. The first storage space may also store the first chip startup files corresponding to the second chip. The second chip does not have a first storage space, that is, the second chip does not have a storage device for storing chip startup files.

[0038] In some embodiments, the first storage space or the first storage device may be UFS.

[0039] In some embodiments, after the first chip completes the boot process, it can obtain the first chip boot file of the second chip from the first storage space and use the cryptographic algorithm engine of the first chip to perform secure processing on the first chip boot file to obtain the target chip boot file. That is, the second chip does not need to perform the operations of reading the first chip boot file and performing secure processing on the first chip boot file.

[0040] In some embodiments, obtaining the target chip boot file includes: the cryptographic algorithm engine of the first chip decrypts and / or performs security verification on the first chip boot file to obtain the target chip boot file, wherein the security verification is used to verify the integrity and authenticity of the first image chip boot file.

[0041] In some embodiments, the cryptographic algorithm engine of the first chip can decrypt the first chip startup file to obtain the target chip startup file, or the cryptographic algorithm engine of the first chip can perform security verification on the first chip startup file to obtain the target chip startup file, or the cryptographic algorithm engine of the first chip can decrypt and perform security verification on the first chip startup file to obtain the target chip startup file.

[0042] In some embodiments, the first chip performing the startup process includes: after the first chip is powered on, releasing the reset state of the first chip; the first chip executing a startup program in a second storage space connected to the first chip to initialize the hardware environment of the first chip; if the startup program executes successfully, the first chip obtaining a second chip startup file from the first storage space; and the first chip completing the startup process based on the second chip startup file.

[0043] The first chip may include a second storage space, which may be a second storage device. The second storage device can be used to store the boot program of the first chip. After the first chip successfully executes the boot program stored in the second storage space, it can retrieve a second chip boot file from the first storage space. The second chip boot file is the boot file of the first chip, for example, an image file of the first chip. Furthermore, if the first chip fails to execute the boot program, it is not allowed to retrieve the chip boot file from the first storage space.

[0044] In some embodiments, powering on the first chip can be a complete power-on of the first chip, meaning that all hardware modules of the first chip (including core functional modules, second storage space, and other peripheral circuits not necessary for startup) simultaneously receive power and enter the initial state. Core functional modules include hardware components necessary for the startup phase, such as a Central Processing Unit (CPU), Random Access Memory (RAM), cryptographic algorithm engine, communication interface controllers (e.g., General Purpose Input / Output (GPIO), Peripheral Component Interconnect Express (PCIe) controllers), timers, watchdog timers (wdt), etc.

[0045] In some embodiments, the second chip does not have a second storage space, that is, the second chip does not have a storage device for storing the boot program, but when the first chip successfully boots, the target chip boot file can be provided to the second chip, so the second chip may not execute the boot program.

[0046] In some embodiments, the second storage space may be ROM.

[0047] In some embodiments, the first chip completes the startup process based on the second chip startup file, including: the cryptographic algorithm engine of the first chip performs security processing on the second chip startup file to obtain a third chip startup file, the security processing including decryption and / or security verification; the first chip executes the third chip startup file to complete the startup.

[0048] In other words, the first chip can perform security processing on the second chip's boot file to verify the integrity, authenticity, and reliability of the stored second chip boot file, thereby obtaining the third chip boot file. The first chip can then execute the third chip boot file to complete the boot process. After completing the boot process, the first chip can enter the running phase, which refers to the state in which the first chip can work normally. The running phase refers to the stable working state that the first chip enters after completing its own boot process.

[0049] In some embodiments, after the first chip enters the running phase, the first chip startup file can be obtained from the first storage space, and the first chip startup file can be securely processed by a cryptographic algorithm engine to obtain the target chip startup file. After that, the first chip can send the target chip startup file to the second chip.

[0050] Step 102: Based on the target chip's boot file, complete the boot of the terminal's second chip.

[0051] In some embodiments, the second chip can complete the startup of the terminal based on the target chip startup file. The second chip can execute the target chip startup file to complete the startup, or the second chip can use the target chip startup file to complete the startup, or the second chip can load the target chip startup file to complete the startup.

[0052] In summary, the embodiments of this application eliminate the need for the second chip to integrate an independent cryptographic algorithm engine, a first storage space, and a second storage space, thereby reducing chip area and design complexity. Furthermore, the unified security processing of the boot file by the first chip ensures a single and controllable source of trust in the boot process, preventing insecure booting due to differences in security strategies or implementations in multi-chip systems and improving overall system security. The boot process of the second chip is simplified, eliminating the need for a complex sequence of reading from storage devices, security verification, and loading, making boot collaboration in multi-chip systems simpler and more reliable, and reducing the complexity and integration difficulty of system hardware and software design.

[0053] Figure 2 A flowchart illustrating a chip boot method provided in this embodiment of the present disclosure. Figure 2 .like Figure 2 As shown, the method may include the following steps.

[0054] Step 201: After the second chip is powered on, the reset state of the second chip is released.

[0055] In some embodiments, powering on the second chip can be a complete power-on of the second chip, meaning that all hardware modules of the second chip (including core functional modules, other non-boot-required peripheral circuits, etc.) simultaneously receive power and enter the initial state. Core functional modules include hardware components necessary for the boot phase, such as a Central Processing Unit (CPU), Random Access Memory (RAM), communication interface controllers (e.g., General Purpose Input / Output (GPIO), Peripheral Component Interconnect Express (PCIe) controllers), timers, watchdog timers (WDT), etc.

[0056] In some embodiments, after the second chip is powered on, the second chip can perform a de-reset, that is, release the reset state of the second chip. De-reset is a hardware control operation that allows the chip to enter a responsive and executable state from an initial static state after power-on. By canceling the reset signal and releasing the forced constraints on the core circuit of the chip, the chip is able to receive external instructions, initialize basic modules and establish communication links. It is a necessary pre-step in the chip startup process.

[0057] Step 202: The second chip obtains the target chip startup file sent by the first chip through the communication link.

[0058] In some embodiments, the communication link is a communication link between the first chip and the second chip; further, the communication link may be a PCIe communication link.

[0059] In some embodiments, the second chip obtains the target chip startup file sent by the first chip through a communication link, including: after the second chip successfully de-resets, it sends a notification message to the first chip through a first interface, the notification message indicating that the second chip has successfully de-reset; in response to the notification message, the first chip configures the communication link controller of the second chip through a second interface; the first chip and the second chip complete the communication link initialization to establish a communication link between the first chip and the second chip; and the second chip obtains the target chip startup file sent by the first chip through the communication link between the first chip and the second chip.

[0060] The first interface can be a GPIO interface, and the second interface can be a Serial Peripheral Interface (SPI).

[0061] In some embodiments, after the second chip successfully de-resets, it sends a notification message to the first chip through the first interface to indicate that it has successfully de-reset, thereby synchronizing the boot-ready states between the master and slave chips. Upon receiving the notification message, the first chip immediately responds and writes customized configuration parameters (including link rate, transmission protocol, data encoding method, address mapping rules, and error verification mechanism) to the communication link controller (such as a PCIe controller) of the second chip through the second interface, adjusting the communication hardware of the slave chip from the default initial state to a working state adapted for boot file transmission. Subsequently, the first chip and the second chip complete initialization operations such as link negotiation, resource allocation, and optional link authentication based on the configured hardware parameters, establishing a dedicated bidirectional communication link (such as a PCIe link) that meets the requirements of high-capacity, low-latency transmission and has security protection capabilities. Finally, the second chip obtains the target chip boot file, which the first chip reads from the first storage space it is connected to and has been decrypted, integrity verified, and authenticity verified by the cryptographic algorithm engine corresponding to the first chip, through the established communication link.

[0062] Step 203: The second chip executes the target chip startup file to complete the startup process.

[0063] In some embodiments, the second chip may execute the target chip startup file to complete the startup, or the second chip may use the target chip startup file to complete the startup, or the second chip may load the target chip startup file to complete the startup.

[0064] In summary, the embodiments disclosed above reduce the area and hardware cost of the second chip by having the first chip perform the acquisition and secure processing of the chip boot file of the second chip. By using the GPIO interface to synchronize the master and slave chip boot-ready states, the SPI interface to complete the customized configuration of the communication link controller, and the PCIe link to transmit the chip boot file, the orderly connection and efficient advancement of the dual-chip system boot process are achieved, avoiding the synchronization disorder problem of traditional dual-chip independent boot. Through the secure processing of the boot file by the first chip throughout the entire process, the secure boot of the dual-chip system is achieved, meeting data security requirements.

[0065] Figure 3 A flowchart illustrating a chip boot method provided in this embodiment of the present disclosure. Figure 3 .like Figure 3 As shown, the method can be executed by a chip, and further, by a second chip. The method includes the following steps.

[0066] Step 301: Obtain the target chip's startup file.

[0067] In some embodiments, the second chip can obtain the target chip startup file sent by the first chip. The second chip can obtain the target chip startup file through the communication link between the first chip and the second chip. The target chip startup file is a legitimate and trustworthy file generated by the cryptographic algorithm engine of the first chip after reading the first chip startup file from the first storage space it is connected to, and after completing security processing such as decryption, data integrity verification and authenticity verification (signature verification).

[0068] In some embodiments, after establishing a communication link with the first chip, the second chip can obtain the target chip's startup file through the communication link. After power-on, the first chip can perform a reset, enter a responsive and executable state from the initial static state, and send a notification message of successful reset to the first chip through the first interface. After responding to the notification, the first chip configures the communication link controller of the second chip through the second interface, and the two parties complete the initial establishment of the communication link.

[0069] Step 302: Based on the target chip's startup file, complete the startup process.

[0070] In some embodiments, the second chip may execute the target chip startup file to complete the startup, or the second chip may use the target chip startup file to complete the startup, or the second chip may load the target chip startup file to complete the startup.

[0071] In summary, the embodiments of this application eliminate the need for the second chip to integrate an independent cryptographic algorithm engine, a first storage space, and a second storage space, thereby reducing chip area and design complexity. Furthermore, the unified security processing of the boot file by the first chip ensures a single and controllable source of trust in the boot process, preventing insecure booting due to differences in security strategies or implementations in multi-chip systems and improving overall system security. The boot process of the second chip is simplified, eliminating the need for a complex sequence of reading from storage devices, security verification, and loading, making boot collaboration in multi-chip systems simpler and more reliable, and reducing the complexity and integration difficulty of system hardware and software design.

[0072] like Figure 4A As shown, this disclosure also proposes a chip that does not include a cryptographic algorithm engine. The chip is configured to: obtain the cryptographic algorithm engine of other chips in the terminal, perform secure processing on the startup file of the first chip to obtain the startup file of the target chip; and complete the startup of the chip based on the startup file of the target chip.

[0073] In some embodiments, the chip does not include a storage device for storing the chip startup file, and the first chip startup file is obtained by other chips of the terminal from the storage device corresponding to other chips.

[0074] In some embodiments, the chip does not include a storage device for storing the boot program.

[0075] In some embodiments, the chip may be the second chip described above, that is, the chip may not have a cryptographic algorithm engine, a storage device (first storage device / first storage space) for storing chip startup files, and a storage device (second storage device / second storage space) for storing startup programs.

[0076] In some embodiments, the chip may also include a corresponding CPU, RAM, Universal Asynchronous Receiver / Transmitter (UART), SPI interface, timer, and watchdog timer (WDT), etc.

[0077] like Figure 4B As shown, this disclosure also proposes a chip system, characterized in that it includes: a first chip 401, the first chip including a cryptographic algorithm engine; and a second chip 402, the second chip not including a cryptographic algorithm engine; wherein the first chip is configured to: use the cryptographic algorithm engine of the first chip to perform secure processing on the first chip startup file to obtain a target chip startup file, and send the target chip startup file to the second chip; wherein the second chip is configured to: receive the target chip startup file sent by the first chip, and complete the startup of the second chip based on the target chip startup file.

[0078] In some embodiments, the first chip further includes a first storage device configured to store a first chip startup file; the second chip does not include a storage device for storing the chip startup file, wherein the first chip startup file is obtained by the first chip from the first storage device.

[0079] In some embodiments, the first chip further includes a second storage device configured to store a boot program of the first chip; the second chip does not include a storage device for storing the boot program.

[0080] In some embodiments, the second chip is configured to acquire the target chip startup file sent by the first chip via a high-speed serial computer extended bus standard interface.

[0081] The first chip can have a master chip root of trust (ROT) security subsystem, and the second chip can have a slave chip ROT security subsystem. The master chip ROT security subsystem and the slave chip ROT security subsystem have their own independent CPU, RAM, ROM, hardened cryptographic algorithm engine and related peripherals, such as timer, WDT, SPI, UART, etc.

[0082] The main chip ROT security subsystem and the slave chip ROT security subsystem can access all address spaces in the System on Chip (SOC). The main chip ROT security subsystem and the slave chip ROT security subsystem contain a hardened cryptographic algorithm engine that can perform cryptographic algorithm services such as symmetric encryption and decryption, key generation, key derivation, digital signature, signature verification, and key encapsulation.

[0083] In some embodiments, the master chip ROT security subsystem and the slave chip ROT security subsystem can communicate with their respective PCIe controllers via a bus (BUS), and the master chip ROT security subsystem can communicate with the UFS via the BUS to obtain the image data stored in the UFS.

[0084] Compared to the main chip's ROT security subsystem, the slave chip's ROT security subsystem reduces ROM, UFS, and cryptographic algorithm engine. The main chip and slave chip transfer images via PCIe, and the images are stored in the main chip's UFS.

[0085] The technical solutions of this disclosure will be further described in detail below with reference to specific application embodiments.

[0086] The following is a dual-chip secure boot method for a System-on-a-Chip (SOC) provided in an embodiment of this disclosure, such as... Figure 4C As shown, the method includes the following steps.

[0087] 1. The master chip executes and the slave chip executes power-on.

[0088] 2. After the main chip performs a reset and executes the ROM, it completes the startup process and enters the running phase.

[0089] 3. The slave chip performs a reset. After a successful reset, the slave chip sends a notification to the master chip via the GPIO interface to notify the slave chip that it has completed power-on and reset.

[0090] 4. After receiving the notification, the master chip configures the slave chip's PCIe controller via the SPI interface, and configures the slave chip to perform PCIe initialization in order to establish a PCIe interface between the master chip and the slave chip.

[0091] 5. The master chip obtains the image of the slave chip from UFS. After the master chip's cryptographic algorithm engine decodes and verifies the signature of the image, it sends the image to the slave chip through the PCIe interface.

[0092] 6. Receive the image from the chip via the PCIe interface and execute the image to complete the boot process.

[0093] In summary, the above examples disclosed herein have no UFS on the slave chip, all images come from the master chip, the slave chip has no ROM and no cryptographic algorithm engine, which can reduce the area overhead of the slave chip.

[0094] Figure 5 This is a schematic diagram of the structure of a chip startup device 500 provided in an embodiment of this disclosure. Figure 5 As shown, the device includes: a processing module 510, used to obtain a target chip boot file, which is obtained by securely processing the first chip boot file through the cryptographic algorithm engine of the terminal's first chip; and to complete the booting of the terminal's second chip based on the target chip boot file. The processing module can be used to execute at least one of the other communication steps (e.g., steps 101, 102, 201, 202, 203, 301, 302, etc., but not limited to these) executed by the chip booting device 500 in any of the above methods, which will not be elaborated here.

[0095] In summary, the chip boot device 500 can obtain the cryptographic algorithm engine of the first chip of the terminal, perform secure processing on the first chip boot file to obtain the target chip boot file, and complete the boot of the second chip of the terminal based on the target chip boot file, which can reduce the area and design complexity of the second chip.

[0096] The methods and apparatus provided in the embodiments of this application have been described above. To implement the functions of the methods provided in the embodiments of this application, the electronic device may include a hardware structure and software modules, and may implement the above functions in the form of a hardware structure, software modules, or a hardware structure plus software modules. One of the above functions may be executed in the form of a hardware structure, software modules, or a hardware structure plus software modules.

[0097] Figure 6 This is a block diagram illustrating an electronic device 600 for implementing the above-described method according to an exemplary embodiment. For example, the electronic device 600 may be a mobile phone, computer, messaging device, game console, tablet device, medical device, fitness equipment, personal digital assistant, etc.

[0098] Reference Figure 6 The electronic device 600 may include one or more of the following components: a processing component 602, a memory 604, a power supply component 606, a multimedia component 608, an audio component 610, an input / output (I / O) interface 612, a sensor component 614, and a communication component 616.

[0099] Processing component 602 typically controls the overall operation of electronic device 600, such as operations associated with display, telephone calls, data communication, camera operation, and recording operations. Processing component 602 may include one or more processors 620 to execute instructions to perform all or part of the steps of the methods described above. Furthermore, processing component 602 may include one or more modules to facilitate interaction between processing component 602 and other components. For example, processing component 602 may include a multimedia module to facilitate interaction between multimedia component 608 and processing component 602.

[0100] Memory 604 is configured to store various types of data to support the operation of electronic device 600. Examples of such data include instructions for any application or method operating on electronic device 600, contact data, phonebook data, messages, pictures, videos, etc. Memory 604 can be implemented by any type of volatile or non-volatile storage device or a combination thereof, such as static random access memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic storage, flash memory, magnetic disk, or optical disk.

[0101] Power supply component 606 provides power to various components of electronic device 600. Power supply component 606 may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power to electronic device 600.

[0102] Multimedia component 608 includes a screen that provides an output interface between electronic device 600 and user. In some embodiments, the screen may include a liquid crystal display (LCD) and a touch panel (TP). If the screen includes a touch panel, the screen may be implemented as a touchscreen to receive input signals from the user. The touch panel includes one or more touch sensors to sense touches, swipes, and gestures on the touch panel. The touch sensors may sense not only the boundaries of touch or swipe actions but also the duration and pressure associated with the touch or swipe operation. In some embodiments, multimedia component 608 includes a front-facing camera and / or a rear-facing camera. When electronic device 600 is in an operating mode, such as a shooting mode or video mode, the front-facing camera and / or rear-facing camera may receive external multimedia data. Each front-facing camera and rear-facing camera may be a fixed optical lens system or have focal length and optical zoom capabilities.

[0103] Audio component 610 is configured to output and / or input audio signals. For example, audio component 610 includes a microphone (MIC) configured to receive external audio signals when electronic device 600 is in an operating mode, such as call mode, recording mode, and voice recognition mode. The received audio signals may be further stored in memory 604 or transmitted via communication component 616. In some embodiments, audio component 610 also includes a speaker for outputting audio signals.

[0104] I / O interface 612 provides an interface between processing component 602 and peripheral interface modules, such as keyboards, click wheels, buttons, etc. These buttons may include, but are not limited to, home buttons, volume buttons, power buttons, and lock buttons.

[0105] Sensor assembly 614 includes one or more sensors for providing state assessments of various aspects of electronic device 600. For example, sensor assembly 614 may detect the on / off state of electronic device 600, the relative positioning of components such as the display and keypad of electronic device 600, changes in position of electronic device 600 or a component of electronic device 600, the presence or absence of user contact with electronic device 600, orientation or acceleration / deceleration of electronic device 600, and temperature changes of electronic device 600. Sensor assembly 614 may include a proximity sensor configured to detect the presence of nearby objects without any physical contact. Sensor assembly 614 may also include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, sensor assembly 614 may also include an accelerometer, gyroscope, magnetometer, pressure sensor, or temperature sensor.

[0106] Communication component 616 is configured to facilitate wired or wireless communication between electronic device 600 and other devices. Electronic device 600 can access wireless networks based on communication standards, such as WiFi, 2G or 3G, 4G LTE, 5G NR (NewRadio), or combinations thereof. In one exemplary embodiment, communication component 616 receives broadcast signals or broadcast-related information from an external broadcast management system via a broadcast channel. In one exemplary embodiment, communication component 616 also includes a near-field communication (NFC) module to facilitate short-range communication. For example, the NFC module may be implemented based on radio frequency identification (RFID) technology, Infrared Data Association (IrDA) technology, ultra-wideband (UWB) technology, Bluetooth (BT) technology, and other technologies.

[0107] In an exemplary embodiment, the electronic device 600 may be implemented by one or more application-specific integrated circuits (ASICs), digital signal processors (DSPs), digital signal processing devices (DSPDs), programmable logic devices (PLDs), field-programmable gate arrays (FPGAs), controllers, microcontrollers, microprocessors, or other electronic components to perform the methods described above.

[0108] In an exemplary embodiment, a non-transitory computer-readable storage medium including instructions is also provided, such as a memory 604 including instructions, which can be executed by a processor 620 of an electronic device 600 to perform the above-described method. For example, the non-transitory computer-readable storage medium may be a ROM, random access memory (RAM), CD-ROM, magnetic tape, floppy disk, and optical data storage device, etc.

[0109] Embodiments of this disclosure also provide a non-transitory computer-readable storage medium storing computer instructions, wherein the computer instructions are used to cause a computer to perform the methods described in the above embodiments of this disclosure.

[0110] It should be noted that the terms "first," "second," etc., used in the specification, claims, and accompanying drawings of this disclosure are used to distinguish similar objects and are not necessarily used to describe a specific order or sequence. It should be understood that such data can be interchanged where appropriate so that the embodiments of this disclosure described herein can be implemented in orders other than those illustrated or described herein. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with this disclosure. Rather, they are merely examples of apparatuses and methods consistent with some aspects of this disclosure as detailed in the appended claims.

[0111] In the description of this specification, the references to terms such as "one embodiment," "some embodiments," "illustrative embodiment," "example," "specific example," or "some examples," etc., indicate that a specific feature, structure, material, or characteristic described in connection with an embodiment or example is included in at least one embodiment or example of the present invention. In this specification, the illustrative expressions of the above terms do not necessarily refer to the same embodiment or example. Furthermore, the specific features, structures, materials, or characteristics described may be combined in any suitable manner in at least one embodiment or example.

[0112] Any process or method description in the flowchart or otherwise herein can be understood as representing a module, segment, or portion of code comprising one or more executable instructions for implementing a particular logical function or process, and the scope of the preferred embodiments of the invention includes additional implementations in which functions may be performed not in the order shown or discussed, including substantially simultaneously or in reverse order depending on the functions involved, as will be understood by those skilled in the art to which embodiments of the invention pertain.

[0113] The logic and / or steps represented in the flowchart or otherwise described herein, for example, can be considered as a sequenced list of executable instructions for implementing logical functions, and can be embodied in any computer-readable medium for use by, or in conjunction with, an instruction execution system, apparatus, or device (such as a computer-based system, a system including a processing module, or other system that can fetch and execute instructions from, an instruction execution system, apparatus, or device). For the purposes of this specification, "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transmit programs for use by, or in conjunction with, an instruction execution system, apparatus, or device. More specific examples (a non-exhaustive list) of computer-readable media include: an electrical connection having at least one wiring (control method), a portable computer disk drive (magnetic device), random access memory (RAM), read-only memory (ROM), erasable and editable read-only memory (EPROM or flash memory), fiber optic devices, and portable optical disc read-only memory (CDROM). Furthermore, computer-readable media can even be paper or other suitable media on which programs can be printed, because programs can be obtained electronically, for example, by optically scanning the paper or other media, followed by editing, interpreting, or otherwise processing as necessary, and then stored in computer memory.

[0114] It should be understood that various parts of the embodiments of the present invention can be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, multiple steps or methods can be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, it can be implemented using any one or a combination of the following techniques known in the art: discrete logic circuits having logic gates for implementing logical functions on data signals, application-specific integrated circuits (ASICs) having suitable combinational logic gates, programmable gate arrays (PGAs), field-programmable gate arrays (FPGAs), etc.

[0115] Those skilled in the art will understand that all or part of the steps of the methods described in the above embodiments can be implemented by a program instructing related hardware. The program can be stored in a computer-readable storage medium, and when executed, the program includes one or a combination of the steps of the method embodiments.

[0116] Furthermore, the functional units in the various embodiments of the present invention can be integrated into a processing module, or each unit can exist physically separately, or two or more units can be integrated into a module. The integrated module can be implemented in hardware or as a software functional module. If the integrated module is implemented as a software functional module and sold or used as an independent product, it can also be stored in a computer-readable storage medium. The storage medium mentioned above can be a read-only memory, a disk, or an optical disk, etc.

[0117] Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention. Those skilled in the art can make changes, modifications, substitutions and variations to the above embodiments within the scope of the present invention.

Claims

1. A chip boot method, characterized in that, include: The target chip boot file is obtained by performing secure processing on the first chip boot file through the cryptographic algorithm engine of the first chip of the terminal; Based on the target chip's boot file, the second chip of the terminal is booted up.

2. The method according to claim 1, characterized in that, The process of obtaining the target chip's boot file includes: The first chip initiates the startup process; After the first chip completes its startup, it retrieves the first chip's startup file from the first storage space connected to the first chip. The cryptographic algorithm engine of the first chip performs security processing on the first chip's startup file to obtain the target chip's startup file.

3. The method according to claim 1 or 2, characterized in that, The process of obtaining the target chip's boot file includes: The cryptographic algorithm engine of the first chip decrypts and / or performs security verification on the first chip's boot file to obtain the target chip's boot file. The security verification is used to verify the integrity and authenticity of the first image chip's boot file.

4. The method according to claim 2, characterized in that, The first chip performs the startup process including: After the first chip is powered on, the reset state of the first chip is released; The first chip executes the boot program in the second storage space connected to the first chip to initialize the hardware environment of the first chip; If the startup program executes successfully, the first chip retrieves the second chip startup file from the first storage space; The first chip starts up based on the second chip's startup file.

5. The method according to claim 4, characterized in that, The first chip, based on the boot file of the second chip, completes the boot process successfully, including: The cryptographic algorithm engine of the first chip performs security processing on the startup file of the second chip to obtain the startup file of the third chip. The security processing includes decryption and / or security verification. The first chip executes the startup file of the third chip to complete the startup process.

6. The method according to claim 1 or 2, characterized in that, The step of booting the second chip of the terminal based on the target chip boot file includes: After the second chip is powered on, the reset state of the second chip is released; The second chip obtains the target chip startup file sent by the first chip through a communication link, wherein the communication link is the communication link between the first chip and the second chip; The second chip executes the target chip startup file to complete the startup process.

7. The method according to claim 6, characterized in that, The second chip obtains the target chip startup file sent by the first chip through a communication link, including: After the second chip successfully releases the reset state, it sends a notification message to the first chip through the first interface. The notification message is used to indicate that the second chip has successfully released the reset state. In response to the notification information, the first chip configures the communication link controller of the second chip through the second interface; The first chip and the second chip complete the communication link initialization to establish a communication link between the first chip and the second chip; The second chip obtains the target chip startup file sent by the first chip through the communication link between the first chip and the second chip.

8. A chip, characterized in that, The chip does not include a cryptographic algorithm engine, and the chip is configured as follows: The cryptographic algorithm engine of other chips in the terminal performs security processing on the boot file of the first chip to obtain the boot file of the target chip; based on the boot file of the target chip, the chip is started.

9. The chip according to claim 8, characterized in that, The chip does not include a storage device for storing the chip startup file, and the first chip startup file is obtained by other chips of the terminal from the storage device corresponding to other chips.

10. The chip according to claim 8 or 9, characterized in that, The chip does not include a storage device for storing the boot program.

11. A chip system, characterized in that, include: The first chip includes a cryptographic algorithm engine; The second chip does not include a cryptographic algorithm engine; The first chip is configured to: use the cryptographic algorithm engine of the first chip to perform secure processing on the first chip startup file to obtain the target chip startup file, and send the target chip startup file to the second chip; The second chip is configured to receive the target chip startup file sent by the first chip, and to start the second chip based on the target chip startup file.

12. The system according to claim 11, characterized in that, The first chip further includes a first storage device, which is configured to store the startup file of the first chip; The second chip does not include a storage device for storing the chip startup file, and the first chip startup file is obtained by the first chip from the first storage device.

13. The system according to claim 11, characterized in that, The first chip further includes a second storage device configured to store the boot program of the first chip; The second chip does not include a storage device for storing the boot program.

14. The system according to any one of claims 11 to 13, characterized in that, The second chip is configured as follows: The target chip startup file sent by the first chip is obtained through the high-speed serial computer extended bus standard interface.

15. A chip startup device, characterized in that, The device includes: The processing module is used to obtain the target chip boot file, which is obtained by the cryptographic algorithm engine of the first chip of the terminal through secure processing of the first chip boot file; Based on the target chip's boot file, the second chip of the terminal is booted up.

16. An electronic device, characterized in that, include: At least one processor; as well as A memory communicatively connected to the at least one processor; wherein, The memory stores instructions that can be executed by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-7.

17. A non-transitory computer-readable storage medium storing computer instructions, characterized in that, The computer instructions are used to cause the computer to perform the method according to any one of claims 1-7.