Dual secure processor system, chip and electronic device
By combining a hardware security processor and a security management processor in a dual-security processor system, the security threats and performance deficiencies of RISC-V chips are solved, achieving high performance and high security while reducing the difficulty of hardware system integration.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- SANECHIPS TECH CO LTD
- Filing Date
- 2026-05-20
- Publication Date
- 2026-06-19
Smart Images

Figure CN122241723A_ABST
Abstract
Description
Technical Field
[0001] This application relates to, but is not limited to, the field of communication technology, and in particular to a dual-security processor system, chip, and electronic device. Background Technology
[0002] With the development of fifth-generation Reduced Instruction Set Computer Architecture (RISC-V) processor chip technology, the security threats it faces, such as fault injection attacks, memory information leakage, and logic attacks, are becoming increasingly prominent, posing a severe challenge to the security and reliability of the chips.
[0003] To address the aforementioned risks, a single-core system based on a single secure processor architecture is typically employed, or a dual-core system consisting of a secure processor and a non-secure processor, to provide security functions and management services. However, a single-core system based on a single secure processor architecture is limited by the performance of the single-core processor, unable to provide comprehensive security functions and management services, and may introduce new security vulnerabilities. For example, to improve testability, the single-processor architecture uses a design that supports secondary firmware imports, which could be exploited by attackers to carry out malicious tampering attacks. A dual-core system consisting of a secure processor and a non-secure processor benefits from the dual-core feature, which can alleviate the problem of insufficient chip performance to some extent, but the security of services provided by the non-secure processor still lacks effective guarantees. This significantly increases the overall difficulty of hardware system integration design and exacerbates the complexity of implementing security solutions.
[0004] How to build a new secure processor architecture that can simultaneously meet the needs of high-performance and high-security scenarios, and has a relatively low overall difficulty in hardware system integration design, has become a key technical issue that urgently needs to be addressed. Summary of the Invention
[0005] This application proposes a dual-security processor system, chip, and electronic device, providing a dual-security processor architecture that can simultaneously meet the requirements of high-performance and high-security scenarios. The overall difficulty of hardware system integration design of this dual-security processor architecture is relatively low, reducing the complexity of implementing security solutions.
[0006] In a first aspect, embodiments of this application provide a dual-security processor system, comprising: a hardware security processor subsystem, on which cryptography-related security services are deployed, the security services including one or more of the following: digital signature service, symmetric encryption / decryption service, asymmetric encryption / decryption service, hash calculation service, random number generation service, key storage support service, and key management support service; and a security management processor subsystem, on which a first cryptography-related system management service and a second cryptography-independent system management service are deployed, the first system management service including one or more of the following: system secure boot service, system security service, interface security service, and storage security service; when executing the first system management service, the security management processor subsystem invokes the security services on the hardware security processor subsystem through inter-core communication with the hardware security processor subsystem.
[0007] Secondly, embodiments of this application provide a chip including the dual-security processor system as described in the first aspect.
[0008] Thirdly, embodiments of this application provide an electronic device including the chip described in the first aspect.
[0009] In this embodiment, by combining two security processor systems with different positioning—a hardware security processor subsystem and a security management processor subsystem—not only are the performance and security deficiencies of single-core systems based on a single security processor addressed, but the security vulnerabilities of dual-core systems based on both security and non-security processors are also resolved. This approach can simultaneously meet the requirements of both high-performance and high-security scenarios. Furthermore, the security management processor subsystem and the hardware security processor subsystem can communicate with each other via inter-core communication to enable cryptography-related system management services to call cryptography-related security services. The overall structural design is simple, reducing the overall difficulty of hardware system integration design and the complexity of implementing security solutions. Attached Figure Description
[0010] Figure 1 This is a schematic diagram of the structure of the dual security processor system 10 provided in an embodiment of this application.
[0011] Figure 2 A schematic diagram of the structure of the chip 40 provided in the embodiments of this application. Figure 1 .
[0012] Figure 3 A schematic diagram of the structure of the chip 40 provided in the embodiments of this application. Figure 2 .
[0013] Figure 4 This is an example diagram of a system secure boot based on chip 40 provided in an embodiment of this application.
[0014] Explanation of icon numbers: 10. Dual-Security Processor System; 20. Hardware Security Processor Subsystem; 201. First Processor Core; 202. First Read-Only Memory; 203. First Random Access Memory; 204. Key Memory; 2041. First Secure Memory; 2042. Second Secure Memory; 2043. Key Register; 205. Security Algorithm Module; 206. First Shared Memory; 207. First System Register; 208. First Interconnect Component; 209. First Debugging Component; 210. First Interrupt Controller; 211. Second Interrupt Controller; 212. First Hardware Monitoring Module; 213. First Direct Memory Access Module; 30. Security Management Processor subsystem; 301, Second processor core; 302, Second read-only memory; 303, Second random access memory; 304, Third secure memory; 305, Second shared memory; 306, Second system register; 307, Second interconnect component; 308, Second debug component; 309, Third interrupt controller; 310, Fourth interrupt controller; 311, Second hardware monitoring module; 312, Second direct memory access module; 40, Chip; 401, On-chip interconnect component; 402, Clock reset module; 403, Sensor; 404, On-chip storage; 405, Status register; 406, Peripheral; 407, Application processor. Detailed Implementation
[0015] To enable those skilled in the art to better understand the technical solutions of this application, the technical solutions provided in this application will be described in detail below with reference to the accompanying drawings.
[0016] Exemplary embodiments will be described more fully below with reference to the accompanying drawings; however, the described exemplary embodiments may be embodied in different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this application will be thorough and complete, and will enable those skilled in the art to fully understand the scope of this application.
[0017] As used herein, the term “and / or” includes any and all combinations of one or more related enumerations.
[0018] As used herein, the terms "first," "second," etc., are for descriptive purposes only and should not be construed as indicating or implying their relative importance or implicitly specifying the number of technical features indicated. Therefore, a feature defined as "first" or "second" may explicitly or implicitly include at least one of that feature. In the description of embodiments of this application, "multiple" means at least two, such as two, three, etc., unless otherwise explicitly specified.
[0019] As used herein, all directional indicators (such as up, down, left, right, front, back, etc.) are only used to explain the relative positional relationships and movement of the components in a specific posture (as shown in the attached figure). If the specific posture changes, the directional indicator will also change accordingly.
[0020] The terminology used herein is for describing specific embodiments only and is not intended to limit the scope of this application.
[0021] As used herein, the singular forms “a” and “the” are also intended to include the plural forms, unless the context clearly indicates otherwise. It will also be understood that when the terms “comprising” and / or “made of” are used in this specification, they specify the presence of a feature, integral, step, operation, element, and / or component, but do not preclude the presence or addition of one or more other features, integrals, steps, operations, elements, components, and / or groups thereof.
[0022] Unless otherwise specified, all terms used herein (including technical and scientific terms) have the same meaning as commonly understood by one of ordinary skill in the art. It will also be understood that terms such as those defined in common dictionaries should be interpreted as having a meaning consistent with their meaning in the context of the relevant art and this application, and will not be interpreted as having an idealized or overly formal meaning, unless expressly so defined in the embodiments of this application.
[0023] To address the security risks faced by fifth-generation Reduced Instruction Set Computer Architecture (RISC-V) System-on-Chip (SoC), traditional security defense technologies mainly focus on adding voltage and temperature sensors and expanding physical memory protection units within the processor core. However, these security defense technologies are relatively scattered and limited, and cannot be systematically applied to the RISC-V SoC architecture.
[0024] In addition, there are two other security defense technologies from a system perspective: one is a single-core system based on a single secure processor architecture, and the other is a dual-core system composed of a secure processor and a non-secure processor. However, the single-core system based on a single secure processor architecture is limited by the performance of the single-core processor, and cannot provide complete security functions and management services. Furthermore, it introduces new security vulnerabilities. For example, to improve testability, the single-processor architecture supports secondary firmware imports, which could be exploited by attackers to carry out malicious tampering attacks. The dual-core system, composed of a secure processor and a non-secure processor, benefits from the dual-core feature and can alleviate the chip performance limitations to some extent, but the security of services provided by the non-secure processor still lacks effective guarantees. This significantly increases the overall difficulty of hardware system integration design and exacerbates the complexity of implementing security solutions.
[0025] Therefore, how to improve the performance and security of the security processor (SP) system while reducing the difficulty of hardware system integration design, that is, how to build a new security processor architecture that can meet the requirements of high-performance scenarios and high-security scenarios at the same time, and with lower hardware system integration design difficulty, has become a key technical issue that urgently needs to be solved.
[0026] To address the aforementioned issues, embodiments of this application provide a dual-security processor system, chip, and electronic device.
[0027] It should be noted that the dual-security processor system architecture provided in this application embodiment is applicable to, but not limited to, RISC-V architecture chip deployment, and is also of reference significance for Advanced Reduced Instruction Set Machine (ARM) architecture and X86 architecture chip deployment.
[0028] Please see Figure 1 , Figure 1 This is a schematic diagram of the structure of the dual-security processor system 10 provided in an embodiment of this application. Figure 1 As shown, the dual-security processor system 10 includes a hardware security processor subsystem 20 and a security management processor subsystem 30, wherein: Deploy cryptography-related security services on the hardware security processor subsystem 20; The security management processor subsystem 30 deploys a first system management service related to cryptography and a second system management service unrelated to cryptography. When executing the first system management service, the security management processor subsystem 30 calls the security services on the hardware security processor subsystem 20 through inter-core communication with the hardware security processor subsystem 20.
[0029] The hardware security processor subsystem 20, also known as the hardware secure module (HSM), serves as the chip's root of trust (RoT) and provides trusted security hardware functional services to the chip through cryptographic-related security services.
[0030] Among them, cryptography-related security services refer to security hardware function services provided based on cryptographic technology.
[0031] In this embodiment, the hardware security processor subsystem 20 may deploy one or more of the following cryptography-related security services: digital signature service, symmetric encryption and decryption service, asymmetric encryption and decryption service, hash calculation service, random number generation service, key storage support service, and key management support service (such as key negotiation service and key derivation service).
[0032] In this embodiment, in the hardware security processor subsystem 20, cryptography-related security services are stored in a fixed form and do not support secondary import, making the cryptography-related security services completely trustworthy and preventing security risks such as malicious tampering vulnerabilities from being introduced due to secondary import, thus achieving higher security.
[0033] The Secure Management Processor (SMP) subsystem 30 provides system management services for the chip, which are system-level management services. Within the SMP subsystem 30, cryptography-related system management services are those that rely on cryptography for implementation, while cryptography-independent system management services are those that do not require cryptography for implementation. For clarity, cryptography-related system management services are referred to as first-level system management services, and cryptography-independent system management services are referred to as second-level system management services.
[0034] In this embodiment, the security management processor subsystem 30 may deploy one or more of the following first system management services: system secure startup service, system security service, interface security service, and storage security service.
[0035] In this embodiment, the security management processor subsystem 30 may deploy one or more of the following second system management services: lifecycle management service, peripheral management service, system status monitoring service, and system reliability-availability-maintainability (RAS) management service.
[0036] In this embodiment, in the security management processor subsystem 30, the first system management service and the second system management service are stored in a fixed form and support firmware secondary import, which is beneficial for chip testing and maintenance.
[0037] When executing the first system management service, the security management processor subsystem 30 invokes security services on the hardware security processor subsystem 20 through inter-core communication with it. In specific implementation, the security management processor subsystem 30 can send inter-core communication messages to the hardware security processor subsystem 20. The hardware security processor subsystem 20 can respond to these messages, invoke the corresponding security service, obtain the result of the service's operation, and return an inter-core communication message carrying that result to the security management processor subsystem 30.
[0038] As can be seen, in this embodiment, combining the hardware security processor subsystem 20 and the security management processor subsystem 30—two security processor systems with different roles—firstly avoids the system performance issues caused by deploying system management services and cryptography-related security services in the same processor subsystem; secondly, by verifying the firmware in the security management processor subsystem 30 through the hardware security processor subsystem 20, the trustworthiness of the first and second system management services can be guaranteed, and malicious tampering vulnerabilities introduced by supporting secondary firmware imports to improve the testability of a single-core system can be avoided; thirdly, by enabling inter-core communication between the hardware security processor subsystem 20 and the security management processor subsystem 30 to complete the invocation of security services by the first system management service, the overall security of the dual-core system can be further improved. Thus, it not only solves the performance and security deficiencies of a single-core system based on a single security processor, but also addresses the security vulnerabilities of dual-core systems based on both secure and non-secure processors. Furthermore, the overall architecture is simple, reducing the difficulty of hardware system integration design and consequently lowering the complexity of implementing the security solution.
[0039] Please see Figure 2 , Figure 2 A schematic diagram of the structure of the chip 40 provided in the embodiments of this application. Figure 1 .like Figure 2 As shown, chip 40 includes a dual-security processor system 10, which comprises a hardware security processor subsystem 20 and a security management processor subsystem 30. The hardware security processor subsystem 20 and the security management processor subsystem 30 are described in the foregoing embodiments and will not be repeated here. The dual-security processor system 10 improves the security and performance of chip 40, enabling it to simultaneously meet the requirements of high-performance and high-security scenarios, and reducing the integration design difficulty of chip 40 and the complexity of implementing security solutions.
[0040] In this embodiment, the chip 40 also includes an on-chip interconnect component 401, and the hardware security processor subsystem 20 and the security management processor subsystem 30 can communicate between cores through the on-chip interconnect component 401.
[0041] As an example, chip 40 may also include one or more of the following structures: clock reset module 402, sensor 403, on-chip memory 404, status register 405, peripherals 406, and application processor 407. Peripherals 406 may include Joint Debug Group (JTAG), Universal Asynchronous Receiver / Transmitter (UART), General Purpose Input / Output (GPIO), Serial Peripheral Interface (SPI), etc.
[0042] Please see Figure 3 , Figure 3A schematic diagram of the structure of the chip 40 provided in the embodiments of this application. Figure 2 .
[0043] Below, in conjunction with Figure 3 , and provides embodiments related to the hardware security processor subsystem 20.
[0044] In this embodiment, as Figure 3 As shown, the hardware security processor subsystem 20 includes: First processor core 201; The first read-only memory (ROM) 202 is configured to store a first boot program and security services. The first boot program is used to guide the initialization process of the hardware security processor subsystem 20 after power-on. The first boot program and security services are stored in a fixed form. The first random access memory (RAM) 203 is configured to store data generated by the first processor core 201 during operation; Key storage 204 is configured to store key information related to security services; The security algorithm module 205 includes a hardware unit that executes cryptographic algorithms related to security services; The first processor core 201 is connected to the first read-only memory 202, the first random access memory 203, the key memory 204, and the security algorithm module 205.
[0045] The first processor core 201, as the main control core of the hardware security processor subsystem 20, may include an instruction fetch unit, a decoding unit, an execution unit, a memory management unit, and a physical memory protection unit. It can fetch, decode, and execute the first boot program and security services stored in the first read-only memory 202.
[0046] The first bootloader, also known as BootRom, is configured to boot the initialization process of the hardware security processor subsystem 20 after power-on. As part of the root of trust, the first bootloader ensures that neither the bootloader itself nor other hard-coded content in the hardware security processor subsystem 20 is written to the outside. Additionally, the first read-only memory 202 can also store a first self-test program, which is used for self-testing of the first bootloader and security services to ensure their integrity.
[0047] The first boot program and security services are stored in a fixed form in the first read-only memory 202. The first read-only memory 202 does not support secondary import of the fixed content, which can ensure the security of the first boot program and security services.
[0048] As an example, such as Figure 3As shown, in the first read-only memory 202, "asymmetric encryption and decryption" provides asymmetric encryption and decryption services, "symmetric encryption and decryption" provides symmetric encryption and decryption services, "key negotiation" provides key negotiation services, "digital signature" provides digital signature services, "random number generation" provides random number generation services, and "key derivation" provides key derivation services.
[0049] The first random access memory 203, as the dynamic random access memory (DRAM) in the hardware security processor subsystem 20, is configured to store data generated by the first processor core 201 during operation.
[0050] The key memory 204 is configured to store key information related to the security service. During the operation of the security service by the first processor core 201, the first processor core 201 can read the required key information by accessing the key memory 204.
[0051] The security algorithm module 205 includes a hardware unit that executes cryptographic algorithms related to security services. By executing cryptographic algorithms, the hardware unit accelerates the encryption, decryption, and cryptographic derivation processes of the hardware security processor subsystem 20, and provides information security encryption and decryption services to subsystems (such as the security management processor subsystem 30) or components in the chip 40.
[0052] In the security algorithm module 205, the hardware unit executing the cryptographic algorithms related to security services may include one or more of the following: asymmetric cryptographic algorithm hardware, such as RSA, elliptic curve cryptography (ECC), SM2 elliptic curve public-key cryptography, etc.; symmetric cryptographic algorithm hardware, such as Advanced Encryption Standard (AES) algorithm, SM4 block cipher algorithm; hash algorithm hardware, such as Secure Hash Algorithm (SHA), SM3 cryptographic hash algorithm, etc.; and a True Random Number Generator (TRNG). Furthermore, key derivation can be completed by calling the aforementioned hash algorithm hardware as a hardware accelerator.
[0053] In this embodiment, the key information related to the security service includes the Root Trusted Public Key (ROTPK); such as Figure 3 As shown, the key storage 204 includes a first secure storage 2041, configured to store secure storage information containing the ROTPK; wherein, the first secure storage 2041 is a one-time programmable (OTP) storage device. Therefore, the contents of the first secure storage 2041 cannot be rewritten, providing security for the storage of the secure storage information containing the ROTPK.
[0054] ROTPK is used for security services such as certificate signing.
[0055] When the first processor core 201 is running a security service in the first read-only memory 202, if the security service requires security storage information containing ROTPK, the first processor core 201 can read the security storage information containing ROTPK from the first security memory 2041.
[0056] In this embodiment, the first secure storage 2041 includes multiple key slots, which are used for storing and updating secure storage information containing ROTPK. Each key slot includes the storage location corresponding to the following fields: key identifier (key_id), key validity (key_validity), key version (key_version), key state (key_state), and key value (key_value).
[0057] The key state is a status identifier that indicates the key's lifecycle status. The status identifier that indicates the key's lifecycle status can be any of the following: a status identifier that indicates the key's generation or injection status, a status identifier that indicates the key's active-state status, or a status identifier that indicates the key's discard-state status.
[0058] Different key lifecycle states correspond to different management states for the secure storage information containing ROTPK: The key generation or injection state is an initial state, during which the secure storage information containing ROTPK can only be generated or injected; the key activation state allows authorized use of the secure storage information containing ROTPK; and the key expiration state discards the secure storage information containing ROTPK, meaning it is prohibited from injection, reading, and use. Thus, strict management of key permissions is achieved through different key lifecycle states.
[0059] In the process of updating the secure storage information containing ROTPK, the status flag indicating the key's lifecycle in the key slot where the old secure storage information was located is switched to a status flag indicating the key's obsolescence. The updated secure storage information is then written to the storage location corresponding to the available key slot. Thus, by first obsolescence of the old secure storage information containing ROTPK and then writing the new secure storage information containing ROTPK into the available key slot, secure updates of the secure storage information containing ROTPK are achieved without replacing the chip.
[0060] The switching of the key lifetime status identifier is a one-way switch to achieve strict management of the key lifetime status containing the secure storage information of ROTPK and improve system security.
[0061] One-way switching of the status identifier of the key lifecycle state may include one or more of the following: switching from the status identifier of the key generation / injection state to the status identifier of the key activation state, switching from the status identifier of the key activation state to the status identifier of the key obsolescence state, and switching from the status identifier of the key generation / injection state to the status identifier of the key obsolescence state.
[0062] As an example, the storage of n key slots in the first secure memory 2041 is shown in Table 1 below: Table 1
[0063] Different ROTPK categories are used to identify different key slots. ROTPK_1, ROTPK_2, ROTPK_3, ..., ROTPK_(n-1), and ROTPK_n respectively identify the 1st, 2nd, 3rd, ..., n-1th, and nth key slots, where n is greater than or equal to 1. The ROTPK content corresponds to the storage location of multiple fields. The key_value pair can contain key hash values or key values for one or more algorithms, such as the public key hash value for RSA, the original public key value for SM2, and / or the original public key value for ECC.
[0064] In this embodiment, the key information related to the security service includes the public key (pkey) of the first-level or multi-level certificate of the digital certificate; the key storage 204 includes a second secure storage 2042 configured to store the public key of the first-level or multi-level certificate of the digital certificate; wherein, the second secure storage 2042 is a storage that supports one-time write (OTW). Therefore, the second secure storage 2042 supporting OTW provides security for the storage of the public key of the first-level or multi-level certificate of the digital certificate.
[0065] The second secure memory 2042 can be an OTW-enabled RAM, such as a secure RAM (SECRAM). The hardware path isolation feature of the secure RAM can prevent unauthorized access to the public keys of first-level or multi-level certificates from the outside.
[0066] After the i-th level public key is written, the OTW mechanism can be enabled through software configuration. After it is enabled, the i-th level public key and its related information cannot be modified during the power-on operation of the chip 40. The protection of the OTW mechanism can only be removed by powering on and restarting the chip 40. i is a positive integer from 1 to m, and m is the total number of levels of public keys for one or more levels of certificates. m is greater than or equal to 1.
[0067] Among them, the public keys of digital certificates at one or more levels can be used for certificate verification in scenarios such as secure boot and version upgrade.
[0068] In this embodiment, the second secure storage 2042 includes one or more public key slots, which are used to store one or more public key certificates. Each public key slot includes the storage location corresponding to the following fields: public key identifier (key_id), public key validity (key_validity), public key version (key_version), public key state (key_state), and public key value (key_value).
[0069] The public key status is a status identifier that indicates the public key's lifecycle status. The public key lifecycle status and the status identifier that indicates the public key lifecycle status can be referred to as the key lifecycle status and the status identifier that indicates the key lifecycle status in the previous embodiments, and will not be repeated here.
[0070] In each level of public key slot, the storage location corresponding to the reserved field can also be included to improve the scalability of one or more levels of public key slots.
[0071] As an example, the storage of the m-level public key slots in the second secure memory 2042 is shown in Table 2 below: Table 2
[0072] The public key categories for each certificate level are used to identify the public key slots at each level. pkey_info_level_1, pkey_info_level_2, pkey_info_level_3, ..., pkey_info_level_(m-1), and pkey_info_level_m respectively identify the 1st, 2nd, 3rd, ..., m-1st, and mth public key slots. The public key content for each certificate level corresponds to the storage content of multiple fields in the public key slot at each level.
[0073] In this embodiment, the key information related to security services includes keys dynamically generated by the hardware security processor subsystem 20 during operation; such as Figure 3 As shown, the key memory 204 includes a key register (keyReg) 2043, configured to store and manage keys dynamically generated by the hardware security processor subsystem 20 during operation. Thus, the key register 2043 enables rapid storage and secure management of keys dynamically generated by the hardware security processor subsystem 20 during operation.
[0074] In this embodiment, as Figure 3As shown, the hardware security processor subsystem 20 further includes: a first shared memory (shared RAM) 206 configured to store first inter-core communication messages, including inter-core communication messages from the security management processor subsystem 30; and a first system register (sysreg) 207 configured to generate an interrupt related to inter-core communication in response to a write operation.
[0075] The first processor core 201 is connected to the first shared memory 206 and the first system register 207. The first processor core 201 can poll the first system register 207 to determine whether there is an interrupt in the first system register 207. If there is an interrupt in the first system register 207, it can read the first core communication message from the first shared memory 206.
[0076] In this embodiment, the security management processor subsystem 30, while executing the first system management service, can perform a write operation to the first system register 207 and write inter-core communication messages to the first shared memory 206. The first processor core 201 in the hardware security processor subsystem 20 polls the first system register 207 to determine if an interrupt exists. If an interrupt exists, it reads the first inter-core communication messages from the first shared memory 206, including inter-core communication messages from the security management processor subsystem 30, thus enabling inter-core communication between the security management processor subsystem 30 and the hardware security processor subsystem 20. Subsequently, the first processor core 201 can respond to the inter-core communication messages from the security management processor subsystem 30 and call the service interface provided by the security service in the first read-only memory 202, enabling the security management processor subsystem 30 to call the security services deployed in the hardware security processor subsystem 20 while executing the first system management service.
[0077] The first shared memory 206 is configured to store messages received or sent between different processor subsystems for inter-core communication. This is not limited to inter-core communication messages from the security management processor subsystem 30; therefore, the first inter-core communication messages may also include inter-core communication messages from other processor subsystems besides the security management processor subsystem 30. For example, the first inter-core communication message may be a RISC-V Platform Management Interface (RPMI) message.
[0078] The first system register 207 is also configured to store internal status information of the hardware security processor subsystem 20, the current status of the chip 40, and other information that can be read and written by software and used by hardware. The first system register 207 also includes input / output interfaces for interacting with the outside world to complete corresponding hardware functions and software business.
[0079] In this embodiment, as Figure 3 As shown, the hardware security processor subsystem 20 also includes a first interconnect component 208; the first processor core 201 is connected to the key memory 204, the security algorithm module 205, the first shared memory 206, and the first system register 207 through the first interconnect component 208. Thus, through the first interconnect component 208, the first processor core 201 can access the key memory 204, the security algorithm module 205, the first shared memory 206, and the first system register 207; moreover, under the restriction of the first interconnect component 208, external systems cannot access key components inside the hardware security processor subsystem 20 such as the first read-only memory 202, the first random access memory 203, the key memory 204, and the security algorithm module 205, and can only call the security services in the first read-only memory 202 through inter-core communication, thereby improving system security.
[0080] In this embodiment, as Figure 3 As shown, the hardware security processor subsystem 20 also includes one or more of the following: The first debug component 209 is configured to debug the first processor core 201 and / or debug the chip 40 through the first processor core 201; The first interrupt controller 210 is connected to at least some components of the first processor core 201 and the chip 40 to report interrupts of at least some components to the first processor core 201; the first interrupt controller 210 may be a platform-level interrupt controller (PLIC). The second interrupt controller 211 is configured to implement software interrupts and timer interrupts within the first processor core 201; the second interrupt controller 211 may be a core local interrupt controller (CLINT). The first hardware monitoring module 212 is configured to monitor the running status of the first processor core 201 and / or the timed tasks of the first processor core 201 at the software level. The first hardware monitoring module 212 includes a watchdog and / or a timer; for example, it uses the working clock to count down. If the timed task of the first processor core 201 times out, it generates an interrupt and reports it to the first processor core 201 to monitor whether the first processor core 201 is hung and / or monitor the timed tasks running on the first processor core 201. The first direct memory access (DMA) module 213 is configured to perform data transfer in place of the first processor core 201. The first direct memory access module 213 has a fast data transfer rate, which can effectively reduce the hardware burden of the first processor core 201 and improve the software and hardware efficiency of the hardware security processor subsystem 20.
[0081] In this embodiment, as Figure 3 As shown, the first debugging component 209, the first interrupt controller 210, and the second interrupt controller 211 can be directly connected to the first processor core 201, and the first processor core 201 can access the first debugging component 209, the first interrupt controller 210, and the second interrupt controller 211.
[0082] In this embodiment, as Figure 3 As shown, the first processor core 201 is also connected to the first hardware monitoring module 212 and the first direct memory access module 213 via the first interconnect component 208, allowing the first processor core 201 to actively initiate access to one or more of them. Furthermore, due to the restrictions imposed by the first interconnect component 208, external systems cannot access critical components within the hardware security processor subsystem 20, such as the first debugging component 209, the first interrupt controller 210, the second interrupt controller 211, the first hardware monitoring module 212, and the first direct memory access module 213. Additionally, since the first direct memory access module 213 can perform data transfer on behalf of the first processor core 201, the arrow between the first direct memory access module 213 and the first interconnect component 208 is a bidirectional arrow, indicating a bidirectional data flow where the first direct memory access module 213 actively initiates access after being configured by the first processor core 201.
[0083] Below, in conjunction with Figure 3 , and provides embodiments related to the security management processor subsystem 30.
[0084] In this embodiment, as Figure 3 As shown, the security management processor subsystem 30 includes: Second processor core 301; The second read-only memory 302 is configured to store a second boot program, which is used to guide the initialization process of the chip 40 where the dual security processor system 10 is located after power-on. The second random access memory 303 is configured to store data generated by the first system management service, the second system management service and the second processor core 301 during operation. The first system management service and the second system management service are stored in a fixed form. The second processor core 301 is connected to the second read-only memory 302 and the second random access memory 303.
[0085] The second processor core 301, as the main control core of the security management processor subsystem 30, may include an instruction fetch unit, a decoding unit, an execution unit, a memory management unit, and a physical memory protection unit. It can fetch, decode, and execute the first boot program stored in the second read-only memory 302, and can also fetch, decode, and execute the first system management service and the second system management service stored in the second random access memory 303.
[0086] The second bootloader, also known as BootRom, is configured to boot the initialization process of the chip 40 where the dual-security processor system 10 is located after power-on. As part of the root of trust, the second bootloader ensures that neither the second bootloader itself nor other firmware contents in the dual-security processor system 10 are written to the outside. The second read-only memory 302 may also store a second self-test program, which is used for self-testing of the second bootloader to ensure its integrity.
[0087] The second boot program is stored in a fixed form in the second read-only memory 302.
[0088] The second random access memory 303 is only accessible to the hardware security processor subsystem 20 for signature verification operations, thereby enabling control over the core resources surrounding the dual security processor system 10.
[0089] In this embodiment, the security management processor subsystem 30 further includes a third security memory 304, configured to store configuration information related to system management; wherein the third security memory 304 is an OTP-enabled memory. This provides security for the storage of configuration information related to system management.
[0090] The configuration information related to system management may include the configuration information required by the security management processor subsystem 30 and the configuration information required by other components on the chip 40 other than the security management processor subsystem 30, such as the life cycle status of the chip 40, the firmware rollback prevention version number, and the system preset configuration information.
[0091] In this embodiment, the security management processor subsystem 30 further includes: a second shared memory 305 configured to store second inter-core communication messages, the second inter-core communication messages including inter-core communication messages from the hardware security processor subsystem 20; a second system register 306 configured to generate an interrupt related to inter-core communication in response to a write operation; and a third interrupt controller 309 connected to at least some components of the second processor core 301 and the chip 40 to report interrupts of at least some components to the second processor core 301, the at least some components including the second system register 306.
[0092] The second processor core 301 is also connected to the second shared memory 305 and the second system register 306. The second processor core 301 can determine whether there is an interrupt in the second system register 306 by polling the second system register 306 or by reporting through the third interrupt controller 309. If there is an interrupt in the second system register 306, the second processor core 301 can read the inter-core communication message from the second shared memory 305.
[0093] In this embodiment, after completing the security service call, the hardware security processor subsystem 20 can perform a write operation to the second system register 306 and write an inter-core communication message carrying the security service call result to the second shared memory 305. The security management processor subsystem 30 can receive the interrupt by actively polling the second system register 306 for interrupts via the second processor core 301 or by reporting to the second processor core 301 via the third interrupt controller 309. After receiving the interrupt, the first system management service running on the second processor core 301 enters the interrupt handling function to process the interrupt, reads the second inter-core communication message from the second shared memory 305, including reading the inter-core communication message from the hardware security processor subsystem 20, and obtains the security service call result. In this way, the security service call in the hardware security processor subsystem 20 is completed through the inter-core communication between the security management processor subsystem 30 and the hardware security processor subsystem 20.
[0094] The third interrupt controller 309 may be connected to at least some components via a hardware interrupt line. For example, the third interrupt controller 309 and the second system register 306 are connected via a hardware interrupt line, which is not shown in the figure.
[0095] In this embodiment, the security management processor subsystem 30 further includes a second interconnect component 307; the second processor core 301 is connected to the third secure memory 304, the second shared memory 305, and the second system register 306 via the second interconnect component 307. Thus, the second processor core 301 can access the third secure memory 304, the second shared memory 305, and the second system register 306 through the second interconnect component 307; moreover, under the restriction of the second interconnect component 307, external systems cannot access critical components inside the security management processor subsystem 30, such as the second read-only memory 302 and the third secure memory 304, thereby improving system security.
[0096] In this embodiment, the first interconnect component 208 and the second interconnect component 307 are respectively connected to the on-chip interconnect component 401, so as to assist in realizing inter-core communication between the hardware security processor subsystem 20 and the security management processor subsystem 30 through the on-chip interconnect component 401, the first interconnect component 208 and the second interconnect component 307.
[0097] In this embodiment, the security management processor subsystem 30 further includes one or more of the following: The second debugging component 308 is configured to debug the second processor core 301 and / or debug the chip 40 through the second processor core 301; The fourth interrupt controller 310 is configured to implement software interrupts and timer interrupts within the second processor core 301; The second hardware monitoring module 311 is configured to monitor the running status of the second processor core 301 and / or the timed tasks of the second processor core 301 at the software level. The second hardware monitoring module 311 includes a watchdog timer and / or a timer; for example, it uses the working clock to count down. If the timed task of the second processor core 301 times out, it generates an interrupt and reports to the second processor core 301 to monitor whether the second processor core 301 is hung and / or monitor the timed tasks running on the second processor core 301. The second direct memory access module 312 is configured to replace the second processor core 301 for data transfer; the second direct memory access module 312 has a fast data transfer rate, which can effectively reduce the hardware burden of the second processor core 301 and improve the software and hardware efficiency of the security management processor subsystem 30.
[0098] In this embodiment, as Figure 3 As shown, the second debugging component 308, the third interrupt controller 309, and the fourth interrupt controller 310 can be directly connected to the second processor core 301, and the second processor core 301 can access the second debugging component 308, the third interrupt controller 309, and the fourth interrupt controller 310.
[0099] In this embodiment, as Figure 3 As shown, the second processor core 301 is also connected to the second hardware monitoring module 311 and / or the second direct memory access module 312 via the second interconnect component 307, allowing the second processor core 301 to actively initiate access to one or more of these modules. Furthermore, due to the restrictions imposed by the second interconnect component 307, external systems cannot access critical components within the security management processor subsystem 30, such as the second debugging component 308, the third interrupt controller 309, the fourth interrupt controller 310, the second hardware monitoring module 311, and the second direct memory access module 312. Additionally, since the second direct memory access module 312 can perform data transfer in place of the second processor core 301, the arrow between the second direct memory access module 312 and the second interconnect component 307 is a bidirectional arrow, indicating a bidirectional data flow where the second direct memory access module 312 actively initiates external access after being configured by the second processor core 301.
[0100] For example, please refer to Figure 4 , Figure 4 This application provides an example diagram of a system secure boot based on chip 40, the structure of which can be referred to... Figure 3 Related descriptions. For example... Figure 4As shown, taking the dual-security processor system 10 completing the secure boot of chip 40 as an example, the secure boot process of this system may include the following steps: Step S1: After the chip 40 is powered on, the clock reset module 402 releases the reset of the security management processor subsystem 30. The second processor core 301 of the security management processor subsystem 30 starts to run the second boot program stored in the second read-only memory 302 to initialize the second processor core 301 and the components in the security management processor subsystem 30.
[0101] Step S2: The second boot program reads the boot mode, selectively boots and initializes the corresponding peripheral 406 (such as SPI).
[0102] Step S3: The second bootloader reads the off-chip flash memory via the SPI in peripheral 406 and loads the digital version of the firmware (such as the first system management service and the second system management service) in the security management processor subsystem 30 into the second random access memory 303.
[0103] Step S4: The second bootloader writes the security authentication request header and message data into the first shared memory 206 of the hardware security processor subsystem 20, and simultaneously writes the RPMI register in the first system register 207 of the hardware security processor subsystem 20 to transmit an inter-core communication message (also known as an RPMI message) to request the hardware security processor subsystem 20 to perform security authentication on the firmware digital version of the security management processor subsystem 30. The security authentication request header may include the identification information of the service group (i.e., the service group to which the system secure boot service belongs), the identification information of the target service (i.e., the system secure boot service), the message type, the valid data length, the request / response matching identifier, and other flags. The security authentication request message data may include the certificate starting address of the digital certificate, the certificate length of the digital certificate, the public key type, the address of the firmware version to be verified, the length of the firmware version to be verified, and the type of hash algorithm.
[0104] Step S5: The digital signature security service of the hardware security processor subsystem 20 polls the RPMI register in the first system register 207 to determine if an interrupt exists. If an interrupt exists, it reads the security authentication request from the security management processor subsystem 30 in the first shared memory 206. Based on the request, it invokes security components such as the security algorithm module 205, the first secure memory 2041, the second secure memory 2042, and the key register 2043 to perform security authentication on the firmware version stored in the second random access memory 303. The security authentication may include operations such as parsing the digital certificate, obtaining the certificate public key, authenticating the certificate public key, verifying the certificate fingerprint, authenticating the image content, and transmitting the secure trust chain.
[0105] Step S6: After the security authentication and signature verification of the firmware version is passed, the digital signature security service triggers inter-core communication by writing to the RPMI register in the second shared memory 305 and the second system register 306. The second boot program polls the RPMI register in the second system register 306 to determine whether there is an interrupt corresponding to the authentication result reported by the hardware security processor subsystem 20.
[0106] Step S7: If there is an authentication result interruption in the second system register 306, the second boot program reads the second shared memory 305 to obtain the inter-core communication message. Based on the signature verification result, hash result, hash length, hash value and other information in the inter-core communication message, it determines whether the signature verification is successful. If successful, the firmware program (such as the first system management service) in the security management processor subsystem 30 is started to run, and the subsequent startup process is performed, such as the configuration of the on-chip interconnect component 401, firmware version distribution, on-chip storage 404 initialization, application processor 407 initialization, operating system loading and initialization configuration of other related components.
[0107] This application also provides a chip in one embodiment, which includes the dual security processor system provided in the above embodiments, and therefore has all the beneficial effects brought about by the technical solutions of any of the above embodiments, which will not be repeated here.
[0108] An embodiment of this application also provides an electronic device, including the chip provided in the above embodiments, and thus has all the beneficial effects brought about by the technical solutions of any of the above embodiments, which will not be repeated here.
[0109] The above description is merely an exemplary implementation of this application and does not limit the patent scope of the embodiments of this application. Any equivalent structural transformations made based on the technical concept of the embodiments of this application and the contents of the specification and drawings of the embodiments of this application, or direct / indirect applications in other related technical fields, are included within the patent protection scope of the embodiments of this application.
Claims
1. A dual-security processor system, characterized in that, include: A hardware security processor subsystem, on which cryptography-related security services are deployed, including one or more of the following: digital signature service, symmetric encryption and decryption service, asymmetric encryption and decryption service, hash calculation service, random number generation service, key storage support service, and key management support service; A security management processor subsystem, on which a first system management service related to cryptography and a second system management service unrelated to cryptography are deployed, wherein the first system management service includes one or more of the following: system secure startup service, system security service, interface security service and storage security service; When executing the first system management service, the security management processor subsystem invokes the security service on the hardware security processor subsystem through inter-core communication with the hardware security processor subsystem.
2. The dual-security processor system according to claim 1, characterized in that, The hardware security processor subsystem includes: First processor core; A first read-only memory is configured to store a first bootloader and the security service. The first bootloader is used to guide the initialization process of the hardware security processor subsystem after power-on. The first bootloader and the security service are stored in a fixed form. A first random access memory is configured to store data generated during the operation of the first processor core; A key storage device is configured to store key information related to the security service; The security algorithm module includes a hardware unit that executes cryptographic algorithms related to the security service; The first processor core is connected to the first read-only memory, the first random access memory, the key memory, and the security algorithm module.
3. The dual-security processor system according to claim 2, characterized in that, The key information includes the trusted root public key ROTPK; The key storage includes: A first secure storage memory is configured to store secure storage information containing the ROTPK; The first secure memory is a memory that supports one-time programmable OTP.
4. The dual-security processor system according to claim 3, characterized in that, The first secure storage includes multiple key slots, which are used for storing and updating the secure storage information; Each of the aforementioned key slots includes the storage locations corresponding to the following various fields of information: Key identifier, key validity, key version, key status, and key value; The key status is a status identifier that indicates the key lifecycle status. The status identifier that indicates the key lifecycle status can be any of the following: a status identifier that indicates the key generation or injection status, a status identifier that indicates the key activation status, or a status identifier that indicates the key obsolescence status. The switching of the status identifier that indicates the key lifecycle status is a one-way switching. Different key lifecycle statuses correspond to different management and control statuses of the secure storage information. During the update process of the secure storage information, the status identifier in the key slot where the secure storage information was located before the update, which indicates the key life cycle status, is switched to the status identifier indicating the key obsolescence status, and the updated secure storage information is written into the storage location corresponding to the free key slot.
5. The dual-security processor system according to claim 2, characterized in that, The key information includes the public key of the first-level or multi-level certificate of the digital certificate; The key storage includes: A second secure storage device is configured to store the certificate public key; The second secure memory is a memory that supports one-time write-over-the-whole (OTW).
6. The dual-security processor system according to claim 5, characterized in that, The second secure storage includes one or more public key slots, which are used to store the certificate public key; The public key slot includes the storage locations corresponding to the following fields: Public key identifier, public key validity, public key version, public key status, and public key value; The public key status is a status identifier that indicates the lifecycle status of the public key.
7. The dual-security processor system according to claim 2, characterized in that, The key information includes keys dynamically generated during the operation of the hardware security processor subsystem; The key storage includes: The key register is configured to store and manage the dynamically generated keys.
8. The dual-security processor system according to claim 2, characterized in that, The hardware security processor subsystem also includes: A first shared memory is configured to store a first inter-core communication message, the first inter-core communication message including inter-core communication messages from the security management processor subsystem; The first system register is configured to generate an interrupt related to the inter-core communication in response to a write operation; The first processor core is connected to the first shared memory and the first system register. The first processor core polls the first system register to determine whether there is an interrupt in the first system register. If there is an interrupt in the first system register, it reads the inter-core communication message from the first shared memory.
9. The dual-security processor system according to claim 8, characterized in that, The hardware security processor subsystem also includes: First interconnect component; The first processor core is connected to the key memory, the security algorithm module, the first shared memory, and the first system register through the first interconnect component.
10. The dual-security processor system according to any one of claims 2 to 9, characterized in that, The hardware security processor subsystem also includes one or more of the following: The first debugging component is configured to debug the first processor core and / or debug the chip through the first processor core; A first interrupt controller is connected to the first processor core and at least some components of the chip to report interrupts of the at least some components to the first processor core; The second interrupt controller is configured to implement software interrupts and timer interrupts within the first processor core; The first hardware monitoring module is configured to monitor the running status of the first processor core and / or the timed tasks of the first processor core at the software level. The first hardware monitoring module includes a watchdog timer and / or a timer. The first direct memory access (DMA) module is configured to perform data transfer in place of the first processor core.
11. The dual-security processor system according to any one of claims 1 to 9, characterized in that, The security management processor subsystem includes: Second processor core; The second read-only memory is configured to store a second boot program, which is used to guide the initialization process of the chip where the dual security processor system is located after power-on. The second boot program is stored in a fixed form. The second random access memory is configured to store data generated by the first system management service, the second system management service and the second processor core, wherein the first system management service and the second system management service are stored in a fixed form. The second processor core is connected to the second read-only memory and the second random access memory.
12. The dual-security processor system according to claim 11, characterized in that, The security management processor subsystem also includes: The third security storage is configured to store configuration information related to system management; The third secure memory is a memory that supports OTP.
13. The dual-security processor system according to claim 11, characterized in that, The security management processor subsystem also includes: The second shared memory is configured to store second inter-core communication messages, which include inter-core communication messages from the hardware security processor subsystem. The second system register is configured to generate an interrupt related to the inter-core communication in response to a write operation. A third interrupt controller is connected to the second processor core and at least some components in the chip to report interrupts of the at least some components to the second processor core, the at least some components including a second system register; The second processor core is also connected to the second shared memory and the second system register. The second processor core determines whether there is an interrupt in the second system register by polling the second system register or by reporting through the third interrupt controller. If there is an interrupt in the second system register, it reads the inter-core communication message from the second shared memory.
14. The dual-security processor system according to claim 13, characterized in that, The security management processor subsystem also includes: Second interconnect component; The second processor core is connected to the second shared memory and the second system register via the second interconnect component.
15. The dual-security processor system according to claim 11, characterized in that, The security management processor subsystem also includes one or more of the following: The second debugging component is configured to debug the second processor core and / or debug the chip through the second processor core; The fourth interrupt controller is configured to implement software interrupts and timer interrupts within the second processor core; The second hardware monitoring module is configured to monitor the running status of the second processor core and / or the timed tasks of the second processor core at the software level. The second hardware monitoring module includes a watchdog timer and / or a timer. The second direct memory access module is configured to perform data transfer in place of the second processor core.
16. A chip, characterized in that, include: The dual-security processor system as described in any one of claims 1 to 15.
17. An electronic device, characterized in that, include: The chip as described in claim 16.