Method for loading a patch code

The method securely loads corrective codes into ROM by using a volatile memory area and BSEC circuit to decrypt and store in a one-time programmable memory, addressing the challenge of unauthorized code modification and ensuring only the manufacturer can load the code, thereby enhancing system security and functionality.

FR3170067A1Pending Publication Date: 2026-06-19STMICROELECTRONICS INT NV

Patent Information

Authority / Receiving Office
FR · FR
Patent Type
Applications
Current Assignee / Owner
STMICROELECTRONICS INT NV
Filing Date
2024-12-18
Publication Date
2026-06-19

AI Technical Summary

Technical Problem

Existing electronic systems face challenges in loading corrective codes into read-only memory (ROM) due to errors in the ROM code, which prevents modification of the ROM contents, and there is a need for a secure method to ensure only the manufacturer can load and secure the corrective code.

Method used

A method involving a volatile memory area for encrypted patch code storage, a BSEC circuit for decryption and secure loading into a one-time programmable memory area, with security states to prevent unauthorized access and modification, ensuring only the manufacturer can load and secure the corrective code.

Benefits of technology

Ensures secure and reliable loading of corrective codes into ROM, preventing unauthorized modification and maintaining system integrity by allowing only the manufacturer to load and secure the code, thus enhancing system security and functionality.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure 00000000_0000_ABST
    Figure 00000000_0000_ABST
Patent Text Reader

Abstract

Method for Loading a Patch Code This description relates to a method for loading code into a system (2). In a first state of the system (2), the ciphertext is written to a volatile memory (200) via a programming port (100). In a second state of the system (2), the ciphertext is loaded into a first circuit (BSEC) where it is decrypted before being written to a one-time programmatic (OTP) memory. The system (2) then switches to a third state. The one-time programmatic (OTP) memory area is programmable only by the first circuit (BSEC) and only in the second state. Figure for the abstract: Fig. 2
Need to check novelty before this filing date? Find Prior Art

Description

Title of the invention: Method for loading a corrective code technical field

[0001] The present description relates generally to electronic systems, and, more particularly, to a method of loading a patch code for a read-only memory of such an electronic system. Previous technique

[0002] Many known electronic systems include at least one processor and a read-only memory ("ROM") containing code executable by the processor.

[0003] When the code stored in read-only memory contains one or more errors, the contents of read-only memory cannot be modified to correct this or these errors.

[0004] Various solutions have been proposed for providing the electronic system with a correction code, the latter being for example stored in a non-volatile memory of the system.

[0005] However, these known solutions have drawbacks. Summary of the invention

[0006] There is a need for a method of loading a corrective code into an electronic system which overcomes all or part of the drawbacks of known solutions for supplying a corrective code to an electronic system, when this corrective code is intended to correct one or more errors of a code stored in a read-only memory of the system.

[0007] There is also a need for an electronic system which overcomes all or part of the disadvantages of known electronic systems configured to receive a correction code, when this correction code is intended to correct one or more errors of a code stored in a read-only memory of the system.

[0008] An embodiment overcomes all or part of the disadvantages of known solutions for providing a corrective code to an electronic system, when the corrective code is intended to correct one or more errors of a code stored in a read-only memory of the system.

[0009] An embodiment overcomes all or part of the disadvantages of known electronic systems configured to receive a correction code intended to correct one or more errors of a code stored in a read-only memory of the system.

[0010] One embodiment provides a method for loading a corrective code into an electronic system comprising: a memory area with unique programming; a first circuit; a first read-only memory in which the first instructions are stored; a volatile memory area configured to retain its data during system resets; a first processor; and a programming port for external access, the process comprising: * in a first state of the system, write the encrypted patch code into the volatile memory area with the programming port, command a system switch to a second state at the next reset and reset the system; * In the second state, at system startup, execute the first instructions with the first processor, the execution causing: - access to the volatile memory area to check if the encrypted patch code is present there, - a command to switch the system to a third state at the next reset and a system reset if the encrypted patch code is missing from the volatile memory area, and - a loading of the encrypted patch code into the first circuit if the encrypted patch code is present in the volatile memory area; * in the second state, in response to the loading of the encrypted patch code in the first circuit: - decrypt the encrypted correction code received by the first circuit, using the first circuit and a decryption key stored in the first circuit, - write the deciphered correction code to the single-programmable memory area using the first circuit, then command the system to switch to the third state at the next reset and reset the system; and * In the second state, upon completion of loading the decrypted patch code into the single-programmable memory area, the system is commanded to switch to the third state at the next reset and reset. The single-programmable memory area is programmable only by the first circuit and only in the second state.

[0011] According to one embodiment, a transition from the second state to the first state is prohibited.

[0012] According to one embodiment, a transition from the third state to any of the first and second states is prohibited.

[0013] According to one embodiment, programming of the volatile memory area with the external port is prohibited in the second and third states.

[0014] According to one embodiment, execution of the first instructions is prohibited in the first and third states.

[0015] According to one embodiment, the patch code is encrypted outside the system with an encryption key known only to the system manufacturer.

[0016] According to one embodiment: - the encrypted patch code is encapsulated in a structure comprising the encrypted patch code and a first validity code calculated outside the system on the encrypted patch code; - the structure is recorded in the volatile memory area when the encrypted patch code is written to the volatile memory area; and - the loading of the encrypted patch code into the first circuit is conditioned by an equality between the first validity code and a second validity code calculated in the system on the encrypted patch code stored in the volatile memory area.

[0017] According to one embodiment: - the encrypted patch code includes a validity code calculated outside the system on the patch code prior to its encryption; and - at the end of the loading of the decrypted patch code into the single-programmable memory area, the system switching command into the third state and the system reset are conditioned by an equality between the validity code calculated outside the system on the patch code prior to its encryption and a validity code calculated in the system on the decrypted patch code present in the single-programmable memory area.

[0018] According to one embodiment, the encrypted correction code includes one or more error corrections, each error correction comprising a memory address and a corrected replacement data for erroneous data stored at said memory address.

[0019] According to one embodiment: - for each error correction, the correction code includes a duplicate of the memory address and a duplicate of the corrected data; and - the writing of each error correction in a uniquely programmable memory area after decryption by the first circuit is conditioned by an equality between the memory address and twice the memory address and between the corrected data and twice the corrected data.

[0020] According to one embodiment: The loading of the encrypted correction code into the first circuit is done error correction by error correction; and The decryption of the correction code encrypted with the first circuit includes, after each reception of an encrypted error correction, the decryption of the error correction.

[0021] According to one embodiment, the system includes at least one second processor and at least one second read-only memory.

[0022] According to one embodiment, each error correction further includes an indication of the system read-only memory to which the error correction applies.

[0023] According to one embodiment, the first processor and the first read-only memory are more secure than said at least a second processor and said at least a second read-only memory, the first instructions being executable only by the first processor.

[0024] Another embodiment provides for an electronic system comprising: a memory area with unique programming; a volatile memory area configured to retain its data during system resets; an external programming port adapted to write to the volatile memory area in a first state of the system; a read-only memory in which initial instructions are stored; a first circuit configured, when the system is in a second state and an encrypted patch code is loaded into the first circuit, to decode the patch code and to write the decrypted patch code into the single-programmable memory area; and A first processor is configured, at system startup in the second state, to read and execute the first instructions. These first instructions are configured to access the volatile memory area to check if the encrypted patch code is present, and to load the encrypted patch code into the first circuit if it is present in the volatile memory area. The system is configured as follows: - to switch from the second state to a third state after writing the decrypted correction code into the single-programmable memory area; - to switch from the second state to the third state if no encrypted patch code is present when accessing the volatile memory area; - so that the single-programmable memory area is programmable only by the first circuit and only in the second state.

[0025] According to one embodiment, the system is further configured: - to prevent switching from the second state to the first state; - to prohibit a switch from the third state to either of the first and second states; - to prevent programming of the volatile memory area with the port in the second and third states; - to prohibit access to the first instructions in the first and third states. Brief description of the drawings

[0026] These features and advantages, as well as others, will be described in detail in the following description of particular embodiments, given by way of non-limiting example, in relation to the accompanying figures, among which:

[0027] [Fig.1] represents, in block form, an example of an electronic system configured to receive a correction code for a code stored in a read-only memory of the system;

[0028] [Fig.2] represents, in block form, an embodiment of an electronic system configured to receive a correction code for a code stored in a read-only memory of the system;

[0029] [Fig.3] represents, in the form of a flowchart, an embodiment of a method for loading a corrective code into the electronic system of [Fig.2];

[0030] [Fig.4] represents, in block form, a variant embodiment of the electronic system of [Fig.2];

[0031] [Fig. 5] represents, in the form of a flowchart, a detailed example of the implementation of a step in the process of [Fig. 3]; and

[0032] [Fig.6] represents, in the form of a flowchart, a detailed example of the implementation of yet another step of the process of [Fig.3]. Description of the implementation methods

[0033] The same elements have been designated by the same reference numerals in the different figures. In particular, the structural and / or functional elements common to the different embodiments may have the same reference numerals and may have identical structural, dimensional and material properties.

[0034] For the sake of clarity, only the steps and elements useful for understanding the described embodiments have been represented and are detailed.

[0035] Unless otherwise specified, when referring to two elements connected together, this means directly connected without intermediate elements other than conductors, and when referring to two elements connected (in English "coupled") together, this means that these two elements can be connected or linked through one or more other elements.

[0036] In the following description, when reference is made to absolute position qualifiers, such as the terms "front", "back", "top", "bottom", "left", "right", etc., or relative position qualifiers, such as the terms "above", "below", "superior", "inferior", etc., or to orientation qualifiers, such as the terms "horizontal", "vertical", etc., reference is made, unless otherwise specified, to the orientation of the figures.

[0037] Unless otherwise specified, the expressions "approximately", "roughly", and "on the order of" mean to within 10% or 10°, preferably to within 5% or 5°.

[0038] In the remainder of this description, unless otherwise specified, the term "a memory" refers to a memory circuit comprising a data storage space and circuits controlling access to that data storage space. Furthermore, the term "a memory area" refers to all or part of a data storage space that is not necessarily part of a memory. In particular, the storage space of a memory may be divided into several memory areas, and the rights and conditions of access to these memory areas may differ between two memory areas.

[0039] Fig. 1 represents in block form an example of an electronic system 1 configured to receive a correction code for a code stored in a read-only memory of the system.

[0040] System 1 comprises a pCl processor and a read-only memory R0M1 associated with the pCl processor. Furthermore, system 1 comprises a communication structure 104, for example one or more communication buses, configured to ensure data exchange between the elements of system 1, for example between the pCl processor and the R0M1 memory.

[0041] Typically, the R0M1 memory includes a Mem memory area where code intended for execution by the pCl processor is stored. The R0M1 memory also includes a Ctrl memory controller. The Ctrl memory controller is, for example, configured to receive read access requests to the R0M1 memory and to respond by returning a numeric word stored in the Mem memory area of ​​the R0M1 memory to the address corresponding to the read access request.

[0042] When the code stored in memory R0M1 contains an error, a corrective code can be loaded into system 1.

[0043] For this purpose, system 1 includes a programming port 100 for system 1 from outside the system. System 100 further includes a non-volatile memory area 102 ("Patch mem" in [Fig. 1]), into which the patch code is loaded from outside, via port 100. For example, port 100 is a JTAG port. For example, port 100 and memory area 102 are coupled to each other via structure 104.

[0044] If a read access to memory R0M1 is requested at an address corresponding to erroneous data, and a correction code corresponding to that address and containing corrected data has been stored in memory area 102, system 1, for example the Ctrl memory controller, is configured so that the data sent to structure 104 in response to the read access is the corrected data contained in the correction code, and not the erroneous data stored in memory R0M1. In this way, system 1 functions as if the erroneous data stored in memory R0M1 had been replaced by the corrected data.

[0045] However, although the possibility of loading a patch code for code stored in read-only memory R0M1 of system 1 is advantageous, it poses various problems.

[0046] Indeed, the code stored in memory R0M1 generally includes functions that should not be modified by a user of the system, for example when these functions relate to the security of system 1.

[0047] Furthermore, loading the corrective code into memory area 102 is usually achieved by executing numerous instructions stored in memory R0M1, which poses a problem when memory R0M1 contains one or more errors that the corrective code is specifically designed to correct. Indeed, in this case, loading the corrective code into memory area 102 may not be possible.

[0048] It would therefore be desirable to have an electronic system and a method for loading a corrective code into this electronic system in which only the manufacturer of the system, i.e. the programmer of the read-only memory or memories of the system, is able to load a corrective code into the system to correct one or more errors present in these read-only memories.

[0049] It would also be desirable to have an electronic system and a method for loading a patch code into this electronic system in which, once a patch code from the system's read-only memory(ies) has been loaded into the system, this patch code can no longer be modified and no other patch code can be loaded into the system. Indeed, this allows for the implementation of a certification step for the code stored in the system's read-only memory(ies) and the patch code loaded into the system, viewed as a single unit.

[0050] Fig. 2 represents in block form an embodiment of an electronic system 2 configured to receive a correction code for a code stored in a read-only memory of the system 2.

[0051] The electronic system 2 includes, like system 1, a port 100 for programming from the outside, a pCl processor, a read-only memory R0M1, and a communication structure 104 called bus 104 in the rest of the description.

[0052] System 2 further includes circuits (not shown in [Fig. 2]) for defining a safety state of system 2. The current safety state of system 2 indicates at what point in its lifecycle the system is located. Furthermore, depending on its current safety state, certain functionalities of system 2 are permitted or, conversely, prohibited. For example, the current safety state of the system does not The system's current security state can only be modified towards a subsequent security state and cannot be modified towards a previous security state. In other words, the system's current security state can only take on increasing values ​​from an initial value, for example, 1.

[0053] System 2 further includes a one-time programmable (OTP) memory area. The OTP memory area is intended to receive a patch code for code stored in read-only memory R0M1. The OTP memory area may be part of a one-time programmable memory comprising other areas, for example, an area for storing the current security state of the system.

[0054] System 2 also includes a BSEC circuit. The BSEC circuit is configured to write, that is, to program, the OTP memory area intended to receive a correction code for the code programmed in memory R0M1. More specifically, this OTP memory area can only be programmed by the BSEC circuit.

[0055] The BSEC circuit and the OTP memory area are, for example, coupled to each other via bus 104.

[0056] Furthermore, the system 2 includes a volatile memory area, for example, RAM, 200 ("Backup register" in [Fig. 2]). Although volatile, memory 200 is configured to retain its data during a system reset, for example, a reset implemented to update the system's security state. Memory area 200 is, for example, configured to receive a patch code via port 100, so that this code is stored there before being written (or programmed) by the BSEC circuit into the OTP memory area intended for this purpose.

[0057] Furthermore, in system 2, instructions, hereafter referred to as first instructions, are present (or recorded or stored) in memory R0M1. These first instructions are executed, as will be described in more detail in relation to [Fig. 3], when a patch code is loaded into system 2. However, as will be described in more detail in relation to [Fig. 3], compared to a system 1 in which the loading of a patch code into memory area 102 relies essentially on the execution, by the pCl processor of system 1, of second instructions present in memory R0M1 of system 1, the number of first instructions in system 2 is lower than the number of second instructions in system 1. This reduces the need to use memory R0M1 to load a patch code into the system.In other words, this reduces the probability that the loading of the corrective code will be impossible because it calls upon code that is present in memory R0M1 and contains one or more errors.

[0058] System 2 may further include many other circuits, memories or memory areas not shown in [Fig. 2]. For example, system 2 includes a single-programmable OTPpub memory area, for example, which is part of a single-programmable memory comprising the OTP memory area.

[0059] The operation of system 2 when loading a patch code into system 2 will now be described in more detail in relation to [Fig.3].

[0060] Fig. 3 represents, in the form of a flowchart, an embodiment of a method for loading a corrective code into the electronic system 2 of Fig. 2.

[0061] At step 300 ("State 1: load encrypted patch in backup register" in [Fig. 3]), the system is in a first security state, or, in other words, the current security state of the system is the first security state. It is in this first security state of system 2 that a patch code can be loaded into system 2 from the outside.

[0062] In this first security state, port 100 of system 2 is open, and it is possible to load (or write) data, for example a patch code, into memory area 200 via port 100.

[0063] When a patch code is loaded into memory 200, via port 100, from outside system 2, this patch code is encrypted. For example, the encryption of the patch code is implemented by the manufacturer of system 2, outside system 2, by means of an encryption key known only to them. The corresponding decryption key is present (or stored) in system 2, preferably in the B SEC circuit.

[0064] In the first security state, programming by the BSEC circuit of the OTP memory area intended to receive a patch code is prohibited. This prevents the BSEC circuit from programming this OTP memory area with anything other than the patch code provided by the manufacturer to system 2.

[0065] Furthermore, in the first security state, access to the first instructions in memory R0M1 is prohibited, so the pCl processor cannot execute these first instructions. This prevents port 100 from being used to read sensitive or secret information stored in memory R0M1.

[0066] By way of example, the first security state of system 2 in which port 100 is open allows, in addition to the possibility of loading an encrypted patch code into memory 220, the implementation of tests in system 2 to verify its functionalities after manufacturing of system 2 and / or to program configuration bits of system 2 via port 100.

[0067] Preferably, system 2 therefore always goes through the first security state, that is to say through step 300, whether or not an encrypted patch code is loaded into memory 200 from the outside via port 100 when system 2 is in this first security state. In other words, in the case of a system 2 not requiring to receive a patch code of the code stored in read-only memory, the step of loading a patch code into memory 200 is omitted, but step 300 where the system is in the first safe state is preferably implemented to allow system testing and / or programming of system configuration bits 2.

[0068] Once step 300 is completed, whether or not an encrypted patch code has been stored in memory 200 via port 100, in a subsequent step 302 ("Change State to State 2 + reset" in [Fig. 3]), system 2 is instructed to switch to a second security state during the next reset, and then is reset. For example, this request to switch from the first to the second security state and this reset are instructed via port 100.

[0069] After the system 2 reset in step 302, the system starts in the second security state in a subsequent step 304 ("State 2: encrypted patch in back up register?" in [Fig.3]).

[0070] In the second security state, programming of memory area 200 via port 100 is prohibited. Thus, the encrypted patch code that was loaded into memory area 200 in step 300 and stored in that memory area 200 during the system 2 reset at the end of step 302 cannot be modified externally via port 100.

[0071] In the second security state, the BSEC circuit has the ability, or, in other words, the authorization, to program the OTP memory area dedicated to storing a patch code. More specifically, the BSEC circuit is only authorized to program the OTP memory area dedicated to storing a patch code in this second security state.

[0072] Furthermore, in the second safe state, the first instructions stored in memory R0M1 are accessible to the pCl processor. Thus, when system 2 starts up in the second safe state, that is, at the beginning of step 304, the pCl processor reads and executes the first instructions from memory ROME. These instructions are few in number and their execution triggers the implementation of very simple functions.

[0073] More specifically, the execution of these first instructions by the pCl processor causes an access to memory area 200 to check whether or not an encrypted patch code has been loaded there before step 304.

[0074] If there is no encrypted patch code present in memory area 200 (output N of block 304), the process continues to a next step 308 ("Change State to State 3 + reset" in [Fig.3]).

[0075] On the other hand, if an encrypted patch code is present in memory area 200 (output Y of block 304), the process continues at a subsequent step 306 ("State 2: load encrypted patch in BSEC" in [Fig.3]).

[0076] At step 306, the execution of the first instructions by the pCl processor causes the loading into the BSEC circuit, for example into internal registers of the B SEC circuit, of the encrypted patch code which is present in memory area 200. At step 306, the system is still in the second security state.

[0077] Step 306 is followed by a step 309 ("State 2: decrypt"). This step is implemented by the BSEC circuit, and not by the execution of first instructions stored in memory R0M1, which limits the number of first instructions required to implement the loading of a patch code into system 2. At step 309, the system is still in the second security state.

[0078] In step 309, the BSEC circuit decrypts the encrypted patch code it has just received. For this purpose, the BSEC circuit includes a decryption key hard-coded within the BSEC circuit. For example, the encryption of the patch code prior to its loading into memory area 200 via port 100 and the decryption of the encrypted patch code by the BSEC circuit use an asymmetric encryption algorithm, for example, of the AES type. As an example, the BSEC circuit includes a circuit adapted to implement the decryption of the encrypted patch code with the decryption key stored in the BSEC circuit.

[0079] Once the decryption of the code received in step 306 is completed, the process continues to an optional step 310 ("State 2: decrypt ok?), or directly to a step 312 (block "State 2: load in OTP" in [Fig.3]) if step 310 is omitted.

[0080] In step 310, the BSEC circuit checks whether the decryption result is correct. An example of the implementation of this step will be described later, in relation to [Fig. 6].

[0081] If the decryption result is correct (output Y of block 310), the process continues to step 312.

[0082] Conversely, if the patch code is incorrect (output N of block 310), this means that the patch code has been corrupted, whether intentionally or not, compared to the initial patch code. In this case, the process continues to a step 313 ("Exit + Error" in [Fig. 3]) where the loading of the patch code into system 2 is interrupted and, preferably, an error message is sent out of system 2 to warn of this patch code corruption. Once in step 313, system 2 is blocked and cannot proceed to any further process steps. System 2 is then unusable.

[0083] At step 312, while system 2 is still in the second security state, the BSEC circuit programs the OTP memory area with the correction code decrypted in the previous step 309.

[0084] According to a first embodiment, in step 306, all the encrypted correction code is loaded from memory 200 into the BSEC circuit. In this case, step 309, the step Optional 310 and step 312 are, for example, implemented across the entire patch code.

[0085] In this first embodiment, step 312 is then followed by an optional step 316 (block "State 2: integrity OK"), or by step 308 if step 316 is omitted.

[0086] However, according to a second embodiment, in order to reduce the memory requirements in the BSEC circuit, in step 306, only a portion of the encrypted patch code is loaded into the BSEC circuit from memory 200. In this case, step 309 is implemented only on this portion of the encrypted patch code, the optional step 310 is implemented on the decryption result of this portion of the encrypted patch code, and step 312 consists of loading the decryption result of the portion of the encrypted code received by the BSEC circuit in step 306 into the OTP memory area. Then, as long as all portions of the encrypted code have not been received by the BSEC circuit, decrypted by the BSEC circuit, and written to the OTP memory area by the BSEC circuit once decrypted, step 312 loops back to step 306 to process the next portion of encrypted patch code.For example, when the encrypted patch code includes multiple error corrections, each portion of the encrypted patch code loaded into the BSEC circuit at step 306 corresponds to one error correction.

[0087] Figure 3 illustrates this second embodiment. Thus, in Figure 3, step 312 is followed by step 314 (the "end load?" block in Figure 3). In step 314, system 2, for example the BSEC circuit or the pCl processor, checks whether all portions of the ciphertext have been loaded into the BSEC circuit from memory 200 in order to be decrypted and written to the OTP memory area.

[0088] If this is not the case (output N of block 314) and there remains a part of the ciphercode stored in memory 200 to be transferred, then step 314 is followed by step 306 which is implemented for the next portion of ciphercode.

[0089] If this is the case (output Y of block 314), step 314 is followed by an optional step 316 (block "State 2: integrity ok?"), or by step 308 if the optional step 316 is omitted.

[0090] At step 316, the pCl processor, for example via the execution of the first instructions present in memory R0M1, or the BESC circuit verifies that the decrypted patch code which is now present in the OTP memory area has not been corrupted compared to the patch code which was encrypted outside of system 2.

[0091] If the correction code has been corrupted (output N of block 316), the process continues at a step 315 (block "Exit + Error") similar to step 313. Otherwise (output Y of block 316), the process continues at step 308.

[0092] According to one embodiment, prior to its encryption outside of system 2, a validity code Crcl, for example a checksum (in English), is calculated on the still unencrypted patch code. This validity code is encrypted at the same time as the patch code, hence the encrypted patch code which is loaded into memory area 200 at step 300 includes the encrypted Crcl validity code.

[0093] In such an embodiment, when the BSEC circuit decodes the patch code encrypted in step 309, it obtains the validity code Crcl calculated outside of system 2 on the initial unencrypted patch code, and this validity code Crcl is stored in a memory area, for example in the OTPpub memory area.

[0094] Preferably, when the Crcl code calculated outside of system 2 is stored in a single-programmable non-volatile memory, system 2 checks whether the memory location where this Crcl validity code is to be stored is indeed empty. If so, the process continues and the Crcl code is stored. Conversely, if it is not empty, this means that this step of storing the Crcl validity code from outside the system has already been implemented once, and, for example, that system 2 has since been reset. In this case, the process is interrupted, and an error message is sent outside of system 2.

[0095] If the encrypted patch code includes the validity code Crcl calculated outside of system 2, step 316 ([Fig. 4]) can then be implemented as follows. The validity code Crcl is recalculated on the decrypted patch code present in the OTP memory area, and then this recalculated Crcl code is compared to the validity code Crcl that was present in the encrypted patch code stored in memory area 200. If these two validity codes are identical, step 316 is completed and the process continues at step 308. Otherwise, it means that the decrypted patch code present in the OTP memory area is not identical to the initial patch code that was encrypted outside of system 2, and the process continues at step 315.As an example, the calculation of the Crcl validity code on the correction code present in the OTP memory area and its comparison to the Crcl validity code present in the encrypted correction code stored in memory area 200 results from the execution, by the pCl processor, of the first instructions present in memory R0M1. As an alternative example, this calculation and comparison are implemented by the BSEC circuit.

[0096] At step 308, system 2 is commanded to switch from the second security state to a third security state at the next reset, and then is reset.

[0097] At a step 318 ("State 3" in [Fig.3]) following step 308, system 2 starts in the third state.

[0098] In this third security state, memory area 200 cannot be programmed by port 100 or system 2 itself; in other words, memory 200 cannot It can no longer be programmed. Furthermore, the first instructions in memory R0M1 can no longer be accessed, making the execution of these initial instructions forbidden or impossible. Finally, in the third state, the BSEC circuit can no longer program the OTP memory area dedicated to storing a correction code.

[0099] Furthermore, as already mentioned previously, system 2 is designed in such a way that the transition of system 2 from the third state to the second state or the first state is prohibited, and the transition from the second state to the first state is prohibited.

[0100] It follows that, once system 2 is in the third state, it is no longer possible to load a patch code into system 2. Nor is it possible to modify a patch code stored in the OTP memory area.

[0101] Preferably, in all other security states of system 2 after the third security state, programming of memory area 200 is prohibited, programming of the OTP memory area intended for storing a patch code by the BSEC circuit is prohibited, and execution of the first instructions stored in memory R0M1 is prohibited. Thus, once the patch code is loaded into the OTP memory area, it can no longer be modified. In other words, programming of the OTP memory area intended for storing a patch code is only possible when system 2 is in state 2, and only by the BSEC circuit.

[0102] The implementation of the process of [Fig.3] in system 2 of [Fig.2] therefore makes it possible to load a patch code into the OTP memory area, ensuring that this patch code comes from the manufacturer of system 2 thanks to the encryption / decryption implemented, and also ensures that this patch code cannot be modified by a third party.

[0103] Furthermore, the implementation of the process in [Fig.3] in system 2 makes it possible to avoid creating security breaches in system 2 when loading the patch code into system 2 and during future use of system 2.

[0104] Optionally, once all the decrypted patch code has been written into the OTP memory area, the decryption key hard-coded in the BSEC circuit is made permanently inaccessible or unusable.

[0105] Optionally, once all the decrypted patch code has been written into the OTP memory area, memory area 200 is made inaccessible or erased, so that the encrypted patch code in it is not accessible to a third party.

[0106] From step 318 onwards, when system 2 starts in the third state or in a state subsequent to the third state, system 2 checks whether there is a correction code stored in the OTP memory area. If a correction code is present in the OTP memory area, it includes at least one error correction comprising, on the one hand, an address of memory R0M1 where erroneous data is stored and, on the other hand, corrected data to replace the erroneous data. System 2 then Program the Ctrl controller of memory R0M1, from the OTP memory area. Once programmed, the Ctrl controller responds with the corrected data and not with the erroneous data when it receives a read access request at that address.

[0107] Although not illustrated by a figure, by way of example, the pre-encryption correction code includes one or more error corrections. Each error correction includes an address corresponding to erroneous data stored in a read-only memory of the system, for example in memory R0M1 of system 2, and corrected data to replace the erroneous data.

[0108] Preferably, for each error correction, the correction code includes a duplicate of the address and a duplicate of the corrected data, or, in other words, for each error correction, the correction code includes the address and the duplicated address, as well as the corrected data and the duplicated corrected data. Thus, optionally, the writing of the correction code to the OTP memory area by the BSEC circuit in step 312 can be conditioned on the equality, for each error correction, between the address and the duplicated address, and between the corrected data and the duplicated corrected data. In this way, if a change is made to an error correction between the manufacturer's original correction code and the correction code deciphered by the BSEC circuit, this change is detected by the BSEC circuit and the correction is not recorded in the OTP memory area.

[0109] Optionally, each error correction includes a validity indication showing whether the corrected address / data pair of the error correction is valid.

[0110] Optionally, each error correction includes an indication of the system ROM to which the correction applies. Indeed, in a system with multiple ROMs, this makes it possible to correct errors in one or more ROMs by implementing the process of [Fig. 3] only once, that is, by loading only one correction code into system 2, and by using only one OTP memory area to store this correction code.

[0111] An example of such a variant embodiment of system 2 is illustrated in [Fig.4].

[0112] System 2 of [Fig.4] includes the elements of system 2 of [Fig.2], and further includes at least one other read-only memory and at least one other processor.

[0113] In the example of [Fig.4], system 2 includes only one other read-only memory R0M2 and only one other processor pC2.

[0114] According to one embodiment, in system 2 of [Fig. 4], the pCl processor and the R0M1 memory are more secure than the pC2 processor and the R0M2 memory. Furthermore, the first instructions that are stored in the R0M1 memory and executed by the pCl processor during the implementation of the process of [Fig. 3] are accessible only by the more secure processor, i.e. The pCl processor. In other words, the first instructions in memory R0M1 can only be executed by the pCl processor, and more specifically, only by the pCl processor when system 2 is in the second state. Preferably, when system 2 is in the second state and the pCl processor executes the first instructions in memory R0M1, the pC2 processor is kept inactive, for example in a reset state, to avoid conflicting with the steps implemented by the pCl processor.

[0115] Figure [Fig. 5] represents, in the form of a flowchart, a detailed example of the implementation of step 304 of the process of [Fig. 3].

[0116] In this implementation example, according to one embodiment, during the writing of the encrypted patch code to memory area 200 in step 300 (see [Fig. 3]), a predetermined word "wordO" is written to memory area 200 at a "Backup register 0" address within memory area 200. Step 304 then begins with step 3041 ("Backup register 0 = wordO?" in [Fig. 5]), which consists of verifying whether the word stored at address "Backup register 0" of memory area 200 is indeed the word "wordO". By way of example, the implementation of this step 3041 results from the execution, by the pCl processor, of the first instructions present in memory R0M1.

[0117] If this is not the case (output N of block 3041), then it means that no patch code has been loaded into memory area 200, or that what has been loaded into memory area 200 is not a legitimate patch code. Step 304 ends and the process continues to step 308 (see [Fig. 3]).

[0118] Conversely, if this is the case (output Y of block 3041), then it means that a correction code has been loaded into memory area 204. For example, step 304 is then completed and the process continues to step 306 (see [Fig. 3]). As an alternative example, step 3041 is followed by step 3042 ("Clear back up register 0" in [Fig. 5]) during which the word stored at address "Back up register 0" in memory area 200 is erased before the end of step 304 and the continuation of the process to step 306. For example, the implementation of this step 3042 results from the execution, by the pCl processor, of the first instructions present in memory R0M1.

[0119] The prediction of steps 3041 and 3042 during step 304 ensures that, even if step 304 is implemented a second time in an unintended manner, the second implementation of step 304 will not detect that a patch code is present in memory area 200. Thus, if the process is interrupted after step 304 and the encrypted patch code stored in memory area 200 is intentionally modified to create a security breach in system 2, this modified patch code will not be stored in the OTP memory area and will never be used by system 2.

[0120] According to one embodiment, during step 300 of loading the encrypted patch code into memory area 200, the encrypted patch code is encapsulated in a a data structure comprising the encrypted patch code and a validity code CrcO calculated on the encrypted patch code. This structure is constructed outside of system 2. The validity code CrcO, for example a checksum, is calculated outside of system 2 on the encrypted patch code. Loading the encrypted patch code into memory area 200 in step 300 then includes loading the entire data structure in which the encrypted patch code is encapsulated, and, in particular, the validity code CrcO. In such an embodiment, preferably, step 304 includes a step 3043 ("CrcO cale" in [Fig. 5]) in which the validity code CrcO is recalculated on the encrypted code stored in memory area 200. This step 3043 is followed by a step 3044 ("CrcO = CrcO cale?" in [Fig. 5]).5]) during which it is checked whether the validity code CrcO, which was calculated outside system 2 and then stored in memory area 200 with the encrypted patch code, is equal to the validity code CrcO calculated inside system 2 on the encrypted patch code stored in memory area 200. If so (output Y of block 3044), step 304 continues and the process proceeds to step 306. If not (output N of block 3044), this means that the encrypted code stored in memory area 200 has been modified compared to the encrypted patch code provided by the manufacturer. Step 304 is then interrupted at step 3045 ("Clear Back up register 0 Exit + Error" in [Fig. 5]), which consists of interrupting the process and sending an error message outside system 2.

[0121] The prediction of steps 3043 and 3044 makes it possible to condition the implementation of step 306, that is to say the loading of the encrypted patch code from memory area 200 to the BSEC circuit, on an equality between the validity code CrcO calculated outside the system 2 on the encrypted code obtained at the end of the encryption implemented outside the system, and the code CrcO calculated on the encrypted patch code stored in memory area 200. As an example, the implementation of steps 3043 and 3044 results from the execution, by the pCl processor, of the first instructions present in memory R0M1.

[0122] In the example of [Fig.5], step 304 includes steps 3041, 3042 and steps 3043, 3044, the latter being, for example, implemented between steps 3041 and 3042. In this case, preferably, at step 3045, the word stored at address "Back up register 0" in memory area 200 is erased.

[0123] In another unillustrated example where step 304 includes steps 3041, 3042, 3043 and 3044, the order of these steps may be modified from that shown in [Fig.5].

[0124] In yet another unillustrated example, step 304 includes steps 3043 and 3044, but does not include steps 3041 and 3042.

[0125] In yet another unillustrated example, step 304 includes steps 3041 and 3042, but does not include steps 3043 and 3044.

[0126] Of course, the implementation of step 304 is not limited to the examples described above in relation to [Fig. 5]. For example, step 304 may include a simple check that memory area 200 is not empty to determine whether or not an encrypted patch code was stored in memory area 200 in step 300.

[0127] Figure 6 represents, in the form of an organizational chart, a detailed example of implementation of step 310 of the process in [Fig.3].

[0128] In the example of [Fig. 6], an embodiment is considered in which the correction code available outside the system includes, for each error correction, a duplication of the address and the corrected data corresponding to that error correction. Step 310 then includes a step 3100 ("Duplication ok?" in [Fig. 6]) which consists of verifying, for each error correction deciphered in the preceding step 309, whether the address and the duplicated address are identical and whether the corrected data and the duplicated corrected data are identical.

[0129] If this is not the case (output N of block 3100), this means that the error correction of the correction code decrypted by the B SEC circuit has been modified compared to the unencrypted correction code available outside of system 2. Step 310 is then followed by step 313 ([Fig.3]).

[0130] On the other hand, if this is the case (output Y of block 3100), the process can continue and step 310 can be followed by step 312.

[0131] Thus, when step 3100 is implemented, the writing of the correction code in the OTP memory area after decryption by the BSEC circuit is conditioned by an equality, for each error correction, between the memory address and twice the memory address and between the corrected data and twice the corrected data.

[0132] Various embodiments and variations have been described. A person skilled in the art will understand that certain features of these various embodiments and variations could be combined, and other variations will become apparent to a person skilled in the art.

[0133] Finally, the practical implementation of the embodiments and variants described is within the reach of a person skilled in the art, based on the functional indications given above.

Claims

1. Demands A method for loading a patch code into an electronic system (2) comprising: a single-programmable memory (SPM) area; a first circuit (BSEC); a first read-only memory (ROM1) in which first instructions are stored; a volatile memory area (200) configured to retain its data during system resets; a first processor (pC1); and a programming port (100) for external programming, the method comprising: * in a first state of the system (2), write the encrypted patch code into the volatile memory area (200) with the programming port (100), command a switching of the system (2) into a second state at the next reset and reset the system (2); * In the second state, at system startup (2), execute the first instructions with the first processor (pCl), the execution causing: - access to the volatile memory area (200) to check if the encrypted patch code is present there, - a system switching command (2) to a third state at the next reset and a system reset (2) if the encrypted patch code is absent from the volatile memory area (200), and - a loading of the encrypted patch code into the first circuit (BSEC) if the encrypted patch code is present in the volatile memory area (200); * in the second state, in response to the loading of the encrypted patch code in the first circuit (BSEC): - decrypt the encrypted correction code received by the first circuit (BSEC), using the first circuit (BSEC) and a decryption key stored in the first circuit (BSEC), - write the deciphered correction code to the one-time programmable (OTP) memory area using the first circuit (BSEC), then command the system to switch to the third state at the next reset and reset the system; and * in the second state, in response to the completion of loading the decrypted patch code into the single-programmable memory area, command a switching of the system into the third state at the next reset and reset the system, in which: - the one-time programmable memory area (OTP) is programmable only by the first circuit (BSEC) and only in the second state.

2. A method according to claim 1, wherein: - a transition from the second state to the first state is prohibited; - a transition from the third state to any of the first and second states is prohibited; - programming of the volatile memory area with the external port is prohibited in the second and third states; and - execution of the first instructions is prohibited in the first and third states.

3. A method according to claim 1 or 2, wherein the patch code is encrypted outside the system (2) with an encryption key known only to the system manufacturer.

4. A method according to any one of claims 1 to 3, wherein: - the encrypted patch code is encapsulated in a structure comprising the encrypted patch code and a first validity code calculated outside the system on the encrypted patch code; - the structure is recorded in the volatile memory area (200) when the encrypted patch code is written into the volatile memory area (200); and - the loading of the encrypted patch code into the first circuit (BSEC) is conditioned by an equality between the first validity code and a second validity code calculated in the system (2) on the encrypted patch code recorded in the volatile memory area (200).

5. A method of any one of claims 1 to 4, wherein: - the encrypted patch code includes a validity code calculated outside the system (2) on the patch code prior to its encryption; and - at the end of the loading of the decrypted patch code into the single-programmable memory area, the command to switch the system to the third state and the system reset are conditioned on an equality between the calculated validity code outside the system (2) on the patch code prior to its encryption and a validity code calculated in the system (2) on the decrypted patch code present in the one-time programmable (OTP) memory area.

6. A method according to any one of claims 1 to 5, wherein the encrypted correction code comprises one or more error corrections, each error correction comprising a memory address and corrected data to replace erroneous data stored at said memory address.

7. A method according to claim 6, wherein: - for each error correction, the correction code comprises a double of the memory address and a double of the corrected data; and - the writing of each error correction in a uniquely programmable memory area (OTP) after decryption by the first circuit (BSEC) is conditioned by an equality between the memory address and the double of the memory address and between the corrected data and the double of the corrected data.

8. A method according to claim 6 or 7, wherein: the loading of the encrypted correction code into the first circuit (BSEC) is done error correction by error correction; and the decryption of the encrypted correction code with the first circuit (BSEC) comprises, after each receipt of an encrypted error correction, the decryption of the error correction.

9. A method according to any one of claims 6 to 8, wherein the system (2) comprises at least one second processor (pc2) and at least one second read-only memory (ROM2).

10. A method according to claim 9 wherein each error correction further includes an indication of the system read-only memory (2) to which the error correction applies.

11. A method according to claim 9 or 10, wherein the first processor (pCl) and the first read-only memory (R0M1) are more secure than said at least a second processor (pC2) and said at least a second read-only memory (R0M2), the first instructions being executable only by the first processor (pCl).

12. Electronic system (2) comprising: a one-time programmable (OTP) memory area; a volatile memory area (200) configured to retain its data during system resets; an external programming port (100) adapted to write to the volatile memory area (200) in a first system state; a read-only memory (R0M1) in which initial instructions are stored; a first circuit (BSEC) configured, when the system is in a second state and an encrypted patch code is loaded into the first circuit (BSEC), to decode the patch code and to write the decrypted patch code into the one-time program (OTP) memory area;and a first processor (pCl) configured, at system (2) startup in the second state, to read and execute the first instructions, the first instructions being configured to cause an access to the volatile memory area (200) to check if the encrypted patch code is present there, and a loading of the encrypted patch code into the first circuit (BSEC) if the encrypted patch code is present in the volatile memory area (200), in which the system (2) is configured: - to switch from the second state to a third state after writing the decrypted patch code into the one-time programmatic memory area (OTP); - to switch from the second state to the third state if no encrypted patch code is present when accessing the volatile memory area (200); - so that the one-time programmatic memory area (OTP) is programmable only by the first circuit (BSEC) and only in the second state.

13. System according to claim 12, wherein the system (2) is further configured: - to prohibit switching from the second state to the first state; - to prohibit switching from the third state to either of the first and second states; - to prohibit programming of the volatile memory area (200) with the port (100) in the second and third states; - to prohibit access to the first instructions in the first and third states.