Search

CN-121996584-A - Processing system, related integrated circuit, device and method

CN121996584ACN 121996584 ACN121996584 ACN 121996584ACN-121996584-A

Abstract

The present disclosure relates to processing systems, related integrated circuits, devices, and methods. The processing system includes a non-volatile memory including a first/second memory slot configured to store a first/second master password and a third memory slot configured to store a security password. The password verification circuitry is configured to set an override signal to indicate successful verification of the first or second master password. The protection circuit is configured to manage write access to a third memory slot configured to store a security password. The protection circuit receives a write request for writing a new security password to the third memory slot. The protection circuit determines whether the security access data indicates that the third memory slot is associated with the first or second master password and determines whether the override signal indicates a successful verification of the first or second master password. The protection circuit enables or disables writing of a new security code to the third memory slot based on whether the security access data indicates that the third memory slot is associated with the first or second master code and the override signal value.

Inventors

  • R. Matorana
  • R. Cologne Bo
  • F. Kutuli

Assignees

  • 意法半导体国际公司

Dates

Publication Date
20260508
Application Date
20251105
Priority Date
20241106

Claims (20)

  1. 1. A processing system, comprising: A non-volatile memory comprising a memory area configured to store password data, wherein the memory area comprises a first memory slot arranged to store a first master password, a second memory slot arranged to store a second master password, and a third memory slot arranged to store a security password; Password verification circuitry configured to: receiving a password verification command including a password and a slot number; determining whether the slot number is associated with the first master password or the second master password; in response to determining that the slot number is associated with the first master password: Determining whether the received password corresponds to the first master password, and In response to determining that the received password corresponds to the first master password, setting an override signal to indicate successful verification of the first master password, and In response to determining that the slot number is associated with the second master password: determining whether the received password corresponds to the second master password, and In response to determining that the received password corresponds to the second master password, setting an override signal to indicate successful verification of the second master password, and A protection circuit configured to: receiving a write request to write a new security password to a third memory slot configured to store the security password, and In a first mode of operation: determining whether the security access data indicates that the third memory slot is associated with the first master password or the second master password; determining whether the override signal indicates a successful verification of the first master password or the second master password; responsive to determining that the security access data indicates that the third memory slot is associated with the first master password and that the override signal indicates successful verification of the first master password, enabling writing of the new security password to the third memory slot; In response to determining that the security access data indicates that the third memory slot is associated with the first master password and that the override signal does not indicate successful verification of the first master password, disabling writing of the new security password to the third memory slot, and In response to determining that the security access data indicates that the third memory slot is associated with the second master password and that the override signal indicates successful verification of the second master password, writing a new security password to the third memory slot configured to store the security password is enabled.
  2. 2. The processing system of claim 1, comprising: Password repository A configuration circuit configured to transfer the cryptographic data from the non-volatile memory to the cryptographic repository, Wherein the password verification circuitry is configured to provide the slot numbers to the password repository and receive respective passwords associated with the slot numbers from the password repository.
  3. 3. The processing system of claim 1, wherein the password verification circuitry is configured to: determining whether the slot number is associated with a security password, and In response to determining that the slot number is associated with the security password: Determining whether the received password corresponds to a security password; in response to determining that the received password corresponds to the security password, an override signal is set to indicate successful verification of the security password, Wherein the processing system comprises circuitry and further protection circuitry, wherein the further protection circuitry is configured to enable access to the circuitry in response to determining that the override signal indicates a successful verification of the security password.
  4. 4. The processing system of claim 1, wherein the protection circuitry comprises a register to provide security access data, wherein a field of the security access data indicates whether a third memory slot configured to store a security password is associated with the first master password, associated with the second master password, or unassigned, wherein the protection circuitry is configured to: receiving configuration data from configuration circuitry of the processing system; determining whether a field of the security access data indicates that the third memory slot is unallocated, and In response to determining that the field of the security access data indicates that the third memory slot is unassigned, the bits of the field of the security access data are overwritten with the corresponding bits of the received configuration data.
  5. 5. The processing system of claim 4, wherein the protection circuit has associated an address, wherein the non-volatile memory comprises a further memory area arranged to store frames of configuration data, each frame of configuration data comprising the address and the corresponding configuration data, wherein the configuration circuit is configured to: sequentially reading frames of configuration data from the nonvolatile memory; determining whether an address of a frame of configuration data corresponds to an address associated with a protection circuit, and In response to determining that the address of the frame of configuration data corresponds to an address associated with the protection circuit, the configuration data of the frame of configuration data is transmitted to the protection circuit.
  6. 6. The processing system of claim 1, wherein the protection circuit is configured to: receiving a write request to write a new master password to a first memory slot configured to store a first master password, and In a first mode of operation: determining whether the override signal indicates a successful verification of the first master password; Enabling writing of a new master password to the first memory slot in response to determining that the override signal indicates successful verification of the first master password, and In response to determining that the override signal does not indicate successful verification of the first master password, writing of the new master password to the first memory slot is disabled.
  7. 7. The processing system of claim 1, wherein the protection circuit is configured to determine the mode of operation from lifecycle data or configuration data indicative of a lifecycle stage of the processing system, wherein the first mode of operation corresponds to a live lifecycle stage.
  8. 8. The processing system of claim 1, wherein the protection circuit is configured to: In a second mode of operation, write access to the first master password, the second master password, and the security password is enabled.
  9. 9. The processing system of claim 1, wherein the protection circuit is configured to: in a third mode of operation: determining whether the security access data indicates that the third memory slot is associated with the first master password, associated with the second master password, or unassigned; determining whether the override signal indicates a successful verification of the first master password or the second master password; Responsive to determining that the security access data indicates that the third memory slot is associated with the second master password or unassigned, enabling writing of a new security password to the third memory slot; responsive to determining that the security access data indicates that the third memory slot is associated with the first master password and that the override signal indicates successful verification of the first master password, enabling writing of a new security password to the third memory slot, and In response to determining that the security access data indicates that the third memory slot is associated with the first master password and that the override signal does not indicate successful verification of the first master password, writing of a new security password to the third memory slot is prohibited.
  10. 10. The processing system of claim 1, wherein the override signal comprises a first signal and a second signal, wherein the password verification circuitry is configured to: asserting the first signal to indicate successful verification of the first master password, de-asserting the first signal to not indicate successful verification of the first master password, and The second signal is asserted to indicate successful verification of the second master password and de-asserted to not indicate successful verification of the second master password.
  11. 11. The processing system of claim 1, comprising a communication interface or processing circuit configured to provide the password verification command and the write request.
  12. 12. An integrated circuit comprising the processing system of claim 1.
  13. 13. An apparatus comprising a plurality of processing systems according to claim 1 and a communication system for exchanging data between the plurality of processing systems.
  14. 14. A method, comprising: receiving a password verification command including a password and a slot number; determining whether the slot number is associated with the first master password or the second master password; in response to determining that the slot number is associated with the first master password: Determining whether the received password corresponds to the first master password, and In response to determining that the received password corresponds to the first master password, setting an override signal to indicate successful verification of the first master password; In response to determining that the slot number is associated with the second master password: determining whether the received password corresponds to the second master password, and In response to determining that the received password corresponds to the second master password, setting an override signal to indicate successful verification of the second master password; receiving a write request for writing a new security password to a third memory slot configured to store the security password; determining whether the security access data indicates that the third memory slot is associated with the first master password or the second master password; determining whether the override signal indicates a successful verification of the first master password or the second master password; responsive to determining that the security access data indicates that the third memory slot is associated with the first master password and that the override signal indicates successful verification of the first master password, enabling writing of the new security password to the third memory slot; In response to determining that the security access data indicates that the third memory slot is associated with the first master password and that the override signal does not indicate successful verification of the first master password, disabling writing of the new security password to the third memory slot, and In response to determining that the security access data indicates that the third memory slot is associated with the second master password and that the override signal indicates successful verification of the second master password, writing a new security password to the third memory slot configured to store the security password is enabled.
  15. 15. The method of claim 14, comprising: storing the first master password to a first memory slot of the non-volatile memory; storing the security password to a third memory slot of the non-volatile memory, and Security access data is set to indicate that the third memory slot is associated with the first master password.
  16. 16. An apparatus, comprising: a non-volatile memory comprising a memory area arranged to store cryptographic data, wherein the memory area comprises a first memory slot arranged to store a first master password, a second memory slot arranged to store a second master password, and a third memory slot arranged to store a security password; Password verification circuitry configured to: receiving a password verification command including a password and a slot number; determining whether the slot number is associated with the first master password or the second master password; based on determining that the slot number is associated with the first master password and that the received password corresponds to the first master password, setting an override signal to indicate successful verification of the first master password, and Based on determining that the slot number is associated with the second master password and that the received password corresponds to the second master password, setting an override signal to indicate successful verification of the second master password; A protection circuit configured to: receiving a write request for writing a new security code into a third memory slot arranged to store the security code, and In a first mode of operation: determining whether the security access data indicates that the third memory slot is associated with the first master password or the second master password; determining whether the override signal indicates a successful verification of the first master password or the second master password, Enabling writing of the new security password to the third memory slot based on determining that the security access data indicates that the third memory slot is associated with the first master password and that the override signal indicates successful verification of the first master password; Based on determining that the security access data indicates that the third memory slot is associated with the first master password and that the override signal does not indicate successful verification of the first master password, disabling writing of the new security password to the third memory slot, and Based on determining that the security access data indicates that the third memory slot is associated with the second master password and that the override signal indicates successful verification of the second master password, writing a new security password to the third memory slot configured to store the security password is enabled.
  17. 17. The apparatus of claim 16, comprising: Password repository A configuration circuit configured to transfer the cryptographic data from the non-volatile memory to the cryptographic repository, Wherein the password verification circuitry is configured to provide the slot numbers to the password repository and receive respective passwords associated with the slot numbers from the password repository.
  18. 18. The apparatus of claim 16, wherein the password verification circuitry is configured to: determining whether the slot number is associated with a security password, and In response to determining that the slot number is associated with the security password: Determining whether the received password corresponds to a security password, and In response to determining that the received password corresponds to the security password, an override signal is set to indicate successful verification of the security password, Wherein the processing system comprises circuitry and further protection circuitry, wherein the further protection circuitry is configured to enable access to the circuitry in response to determining that the override signal indicates a successful verification of the security password.
  19. 19. The apparatus of claim 16, wherein the protection circuit comprises a register to provide security access data, wherein a field of the security access data indicates whether a third memory slot arranged to store a security password is associated with the first master password, associated with the second master password, or unassigned, wherein the protection circuit is configured to: receiving configuration data from configuration circuitry of the processing system; determining whether a field of the security access data indicates that the third memory slot is unallocated, and In response to determining that the field of the security access data indicates that the third memory slot is unassigned, the bits of the field of the security access data are overwritten with the corresponding bits of the received configuration data.
  20. 20. The apparatus of claim 16, wherein the protection circuit has associated an address, wherein the non-volatile memory comprises a further memory area arranged to store frames of configuration data, each frame of configuration data comprising the address and the corresponding configuration data, wherein the configuration circuit is configured to: sequentially reading frames of configuration data from the nonvolatile memory; determining whether an address of a frame of configuration data corresponds to an address associated with a protection circuit, and In response to determining that the address of the frame of configuration data corresponds to an address associated with the protection circuit, the configuration data of the frame of configuration data is transmitted to the protection circuit.

Description

Processing system, related integrated circuit, device and method Technical Field Embodiments of the present disclosure relate to processing systems, and in particular, to solutions for updating passwords of processing systems. Disclosure of Invention In view of the above, it is an object of various embodiments of the present disclosure to provide a solution for updating one or more passwords of a processing system. According to one or more embodiments, one or more of the above objects are achieved by means of a processing system having the features specifically set forth in the appended claims. Moreover, embodiments are also related to related integrated circuits, devices, and methods. The scope of protection is defined in the appended claims, which are part of the technical teaching of the disclosure provided herein. As previously mentioned, various embodiments of the present disclosure relate to a processing system. The processing system includes a non-volatile memory including a memory region arranged to store cryptographic data, a cryptographic verification circuit, and a protection circuit that manages access to the non-volatile memory (e.g., to update the cryptographic data). Specifically, in various embodiments, the memory area includes a first memory slot arranged to store a first master password, a second memory slot arranged to store a second master password, and a third memory slot arranged to store a security password. The memory area may include other slots for storing other master passwords and/or other security passwords. In various embodiments, the password verification circuitry is configured to receive a password verification command comprising a password and a slot number. Further, the password verification circuitry is configured to determine whether the slot number is associated with the first master password or the second master password. Specifically, in response to determining that the slot number is associated with the first master password, the password verification circuitry determines whether the received password corresponds to the first master password, and in response to determining that the received password corresponds to the first master password, sets an override signal to indicate successful verification of the first master password. In some embodiments, in response to determining that the slot number is associated with the second master password, the password verification circuitry determines whether the received password corresponds to the second master password, and in response to determining that the received password corresponds to the second master password, sets an override signal to indicate successful verification of the second master password. For example, the override signal may include a first signal and a second signal, and the password verification circuitry may be configured to assert the first signal to indicate successful verification of the first master password and de-assert the first signal to not indicate successful verification of the first master password, and assert the second signal to indicate successful verification of the second master password and de-assert the second signal to not indicate successful verification of the second master password. Similarly, in various embodiments, the password verification circuitry may be configured to determine whether the slot number is associated with a security password. Accordingly, in response to determining that the slot number is associated with a security password, the password verification circuitry may determine whether the received password corresponds to the security password, and in response to determining that the received password corresponds to the security password, set an override signal to indicate successful verification of the security password. For example, to implement a password verification operation, the processing system may further include a password repository and configuration circuitry configured to transfer password data from the non-volatile memory to the password repository. Accordingly, in this case, the password verification circuitry may be configured to provide the slot numbers to the password repository and receive the respective passwords associated with the slot numbers from the password repository. In various embodiments, a security password may be used to selectively disable one or more protections. For example, in this case, the processing system may include circuitry and further protection circuitry, wherein the further protection circuitry is configured to enable access to the circuitry in response to determining that the override signal indicates a successful verification of the security password. In various embodiments, the master password may be used to selectively enable (at least) write access to the security password. Accordingly, in various embodiments, the protection circuit is configured to receive a write request for writing a new security password to a t