Search

CN-115146306-B - Secure commissioning

CN115146306BCN 115146306 BCN115146306 BCN 115146306BCN-115146306-B

Abstract

Embodiments of the present disclosure relate to secure debugging. In one embodiment, a method for debugging a processing device includes generating a first count value by a monotonic counter of the processing device, transmitting the first count value by the monotonic counter to a debug access control circuit, comparing the first count value by the debug access control circuit of the processing device with one or more reference values, and authorizing or preventing debug access by the debug access control circuit based on the comparing.

Inventors

  • F. Alberta
  • N. Ann Quaid

Assignees

  • 意法半导体 (ALPS) 有限公司
  • 意法半导体 (ALPS) 有限公司
  • 意法半导体(大西部)公司
  • 意法半导体(大西部)公司

Dates

Publication Date
20260421
Application Date
20220331
Priority Date
20210331

Claims (16)

  1. 1. A method for debugging a processing apparatus, the method comprising: Generating a first count value by a monotonic counter of the processing device during a first boot of the processing device; During the first boot, transmitting the first count value to a debug access control circuit and to a memory access control circuit of a memory by the monotonic counter; comparing, during the first boot, the first count value with one or more reference values by the debug access control circuitry and by the memory access control circuitry; Authorizing or preventing debug access by the debug access control circuitry during the first boot based on comparing by the debug access control circuitry; during the first boot, authorizing, by the memory access control circuit, reading of first data stored in the memory based on the first count value; incrementing the monotonic counter to a second count value after transmitting the first count value; During a second boot, transmitting the second count value to the debug access control circuitry and to the memory access control circuitry via the monotonic counter, and During the second booting, reading of the first data stored in the memory based on the second count value is prevented by the memory access control circuit.
  2. 2. The method according to claim 1, wherein: The authorizing or preventing includes preventing the debug access based on the first count value; and the method further comprises: Comparing, by the debug access control circuitry, the second count value with the one or more reference values, and The debug access is granted based on the second count value.
  3. 3. The method according to claim 1, wherein: the first count value corresponding to a first initialization value of the monotonic counter for the first boot of the processing device, and The second count value corresponds to a second initialization value of the monotonic counter for the second boot of the processing device.
  4. 4. A method according to claim 3, wherein: During the first boot, the processing device is initially placed in a first state and the debug access is granted by the debug access control circuitry based on the first count value, and The processing device is locked in a second state during the second boot, and the debug access is prevented by the debug access control circuitry based on the second count value.
  5. 5. The method of claim 1, further comprising: and authorizing, by the memory access control circuit, reading of second data stored in the memory based on the second count value.
  6. 6. The method according to claim 5, wherein: during the first boot, the processing device is initially placed in a first state; the debug access is authorized by the debug access control circuitry based on the first count value, and; During the second boot, the processing device is locked in a second state, and the debug access is prevented by the debug access control circuitry based on the first count value, and The first and second states of the processing device are defined by one or more values stored in the memory.
  7. 7. The method of claim 1, wherein the debug access control circuitry grants the debug access when a count value of the monotonic counter is greater than or equal to the one or more reference values and prevents the debug access when a current count value of the monotonic counter is strictly less than a count value of the one or more reference values.
  8. 8. The method of claim 1, further comprising, prior to authorizing or preventing the debug access: receiving a debug access request from an external device via the debug access control circuitry, and Verifying authentication of the external device by the debug access control circuit; Authorizing or preventing the debug access by the debug access control circuitry is also performed based on verifying the authentication of the external device.
  9. 9. A data processing apparatus comprising: a monotonic counter configured to generate a first count value during a first boot of the data processing apparatus, to communicate the first count value to debug access control circuitry and to memory access control circuitry of a memory, and to generate a second count value that is greater than the first count value; the debug access control circuitry configured to: comparing the first count value with one or more reference values, and Authorizing or preventing debug access based on comparing by the debug access control circuitry, and The memory access control circuit is configured to: Comparing the first count value with the one or more reference values; authorizing a read of first data stored in the memory during the first boot based on the first count value, and Reading of the first data stored in the memory is prevented during a second boot based on the second count value.
  10. 10. The data processing apparatus of claim 9, wherein the monotonic counter is configured to: the second count value is generated by incrementing the first count value.
  11. 11. The data processing apparatus of claim 10, wherein: during the second boot, the debug access control circuitry is further configured to: Comparing the second count value with the one or more reference values, and The debug access is granted based on the second count value.
  12. 12. The data processing apparatus of claim 10, wherein: the first count value corresponding to a first initialization value of the monotonic counter for the first boot of the processing device, and The second count value corresponds to a second initialization value of the monotonic counter for the second boot of the processing device.
  13. 13. The data processing apparatus according to claim 10, wherein the memory access control circuit is configured to read second data stored in the memory based on the second count value.
  14. 14. The data processing apparatus of claim 13, wherein the memory is a non-volatile memory.
  15. 15. The data processing apparatus of claim 9, wherein the debug access control circuitry is configured to: Authorizing said debug access when a count value of said monotonic counter is greater than or equal to said one or more reference values, and The debug access is prevented when the count value of the monotonic counter is strictly less than the one or more reference values.
  16. 16. The data processing apparatus of claim 9, wherein the debug access control circuitry is configured to: receiving a debug access request from an external device before authorizing or preventing the debug access; Verifying authentication of the external device, and The debug access is also authorized or prevented based on the verification of the authentication.

Description

Secure commissioning Cross Reference to Related Applications The present application claims the benefit of French patent application No.2103315 filed on 3.31 of 2021, which is incorporated herein by reference. Technical Field The present disclosure relates to methods and apparatus for protecting electronic circuits, and in particular, to apparatus and methods for performing secure debugging of such circuits. Background The debugging process for a processing device can be problematic in applications where the memory of the device contains confidential, sensitive data. This may include encryption keys, passwords, codes stored in device memory by the device manufacturer or an intermediate entity between the manufacturer and the end user, or keys, boot codes, or proprietary protocols used over the life of the circuit. It is desirable that the security of sensitive data should not be compromised during the debugging process. Disclosure of Invention Embodiments provide an improvement in security for accessing sensitive data. Various embodiments address all or some of the shortcomings of known processing devices. Another embodiment provides a method for debugging a processing device comprising generating a first count value by a monotonic counter, transmitting the first count value by the monotonic counter to a debug access control circuit, comparing the first count with one or more reference values by the debug access control circuit, and authorizing or preventing access to debugging by the debug access control circuit based on the comparing. According to one embodiment, the first count value is generated in a first step of a boot sequence of the processing device, the first step comprising incrementing a monotonic counter to the second count value after transmitting the first count value. According to one embodiment, the authorizing or preventing comprises preventing access to a debug based on the first count value, the method further comprising transmitting, by the monotonic counter, the second count value to the debug access control circuitry, comparing, by the debug access control circuitry, the second count value to the one or more reference values, and authorizing debug access based on the second count value. According to one embodiment, the first count value corresponds to an initialization value of the monotonic counter during a first boot of the processing device and the second count value corresponds to an initialization value of the monotonic counter at a second boot of the processing device. According to one embodiment, during a first boot, the processing device is initially placed in a first state in which debug access through the debug access circuitry is authorized based on a first count value, and during a second boot, the processing device is locked in a second state in which debug access through the debug access circuitry is prevented based on the first count value. According to one embodiment, the method further comprises transmitting, by the monotonic counter, the first count value to access control circuitry of a memory of the processing device, reading, based on the first count value, the first data stored in the memory, transmitting, by the monotonic counter, the second count value to access control circuitry of a memory of the processing device, and reading, based on the second count value, the second data stored in the memory, the memory access control circuitry being configured such that reading of the first data is not authorized based on the second count value. According to one embodiment, the first state and the second state of the processing device are defined by one or more values stored in a memory. According to one embodiment, the debug access control circuitry grants debug access based on the count value being greater than or equal to the one or more reference values and prevents debug access based on the count value being strictly less than the one or more reference values. According to one embodiment, the method further comprises, prior to authorizing or preventing debug access, receiving, by the debug access circuitry, a debug access request from the external device and verifying, by the debug access circuitry, authentication of the external device, wherein authorizing or preventing, by the debug access control circuitry, debug access is also performed based on the authentication verification. One embodiment provides a data processing apparatus comprising a monotonic counter configured to generate a first count value and debug access control circuitry configured to compare the first count value to one or more reference values and grant or prevent debug access based on the comparison. Drawings The foregoing and other features and advantages will be given in the following description of specific embodiments by way of illustration and not limitation with reference to the accompanying drawings, in which: FIG. 1 is a schematic representation in block form of an electronic device ac