CN-121997305-A - Debug port opening method, arm service equipment, security debugging method and system

Abstract

The invention discloses a debug port opening method, an arm service device, a secure debug method and a system of an arm platform, wherein the debug port opening method comprises the steps of setting a one-time programmable memory, and storing a hash value of an authentication public key in the one-time programmable memory; the method comprises the steps of receiving an open authentication request sent by a key terminal, wherein the open authentication request comprises an authentication public key and appointed algorithm information, verifying whether the authentication public key is legal or not according to a stored hash value and the appointed algorithm information, generating a random number and feeding back an authentication feedback signal containing the random number to the key terminal if the authentication public key is legal, receiving a signature of the random number, the authentication public key and the appointed algorithm information sent by the key terminal, verifying whether the authentication public key is legal or not according to the hash value and the appointed algorithm information, if the signature passes, checking the signature by using the authentication public key, opening a debugging port, and if the signature passes or fails, ending. Compared with the prior art, the invention has high safety and reliability.

Inventors

• WANG LONGFEI
• XIE HAITAO
• CHEN ZHENGSHENG
• LUO YONG

Assignees

• 遇贤微电子(广州)有限公司

Dates

Publication Date

20260508

Application Date

20260121

Claims (9)

1. 1. The method for opening the debug port of the arm platform is characterized by comprising the following steps: setting a one-time programmable memory, and storing a hash value of an authentication public key in the one-time programmable memory; receiving an open authentication request sent by a key terminal, wherein the open authentication request comprises an authentication public key and appointed algorithm information; verifying whether the authentication public key is legal or not according to the stored hash value and the specified algorithm information, if so, generating a random number and feeding back an authentication feedback signal containing the random number to the key terminal; And receiving the signature of the random number, the authentication public key and the appointed algorithm information sent by the key terminal, verifying whether the authentication public key is legal or not according to the hash value and the appointed algorithm information, if so, checking the signature by using the authentication public key, opening a debugging port after the signature passes, and if not or if the signature fails, ending.
2. 2. The method for opening a debug port of an arm platform according to claim 1, wherein verifying whether the authentication public key is legal based on the hash value and specified algorithm information comprises: And acquiring the hash value of the authentication public key by using specified algorithm information, judging whether the hash value of the authentication public key is consistent with the hash value stored in the one-time programmable memory, if so, legally judging, and if not, ending.
3. 3. The method for opening a debug port of an arm platform according to claim 1, wherein said specified algorithm information comprises specified hash algorithm information and specified public key algorithm information.
4. 4. An arm service device comprising one or more processors, a memory, one or more operating instructions stored in the memory, and a one-time programmable memory, wherein the one-time programmable memory stores a hash value of an authentication public key, and the processor invokes the operating instructions and executes the operating instructions to implement the debug port opening method of the arm platform according to any one of claims 1-3.
5. 5. The safety debugging method of the arm platform is characterized by comprising the following steps: Generating a pair of matched authentication public key and authentication secret key, and writing the hash value of the authentication public key into a one-time programmable memory of the equipment before leaving a factory; Before the equipment is subjected to secure debugging, a key terminal sends an open authentication request to the equipment, wherein the open authentication request comprises an authentication public key and appointed algorithm information; the device verifies whether the authentication public key is legal or not according to the hash value in the one-time programmable memory and the appointed algorithm information, if so, a random number is generated, and an authentication feedback signal containing the random number is fed back to the key terminal; The key terminal extracts the random number from the authentication feedback signal, signs the random number according to the authentication key of the key terminal, and sends the signature of the random number, the authentication public key and the appointed algorithm information to the authentication module; And the equipment verifies whether the authentication public key is legal or not according to the hash value and the appointed algorithm information, if so, the signature is checked by using the authentication public key, a debugging port is opened after the signature checking is passed, the equipment is subjected to safe debugging, and if not or the signature checking fails, the equipment is ended.
6. 6. The method for secure debugging of arm platform of claim 5, wherein the device verifying whether the authentication public key is legal based on the hash value and the specified algorithm information comprises: The device acquires the hash value of the authentication public key by using the appointed algorithm information, judges whether the hash value of the authentication public key is consistent with the hash value stored in the one-time programmable memory, if so, the device is legal, and if not, the device is finished.
7. 7. The method for secure debugging of arm platform of claim 5, wherein the specified algorithm information comprises specified hash algorithm information and specified public key algorithm information.
8. 8. The arm platform security debugging method of claim 5, wherein the key terminal invokes a corresponding authentication key according to the authentication public key, takes the random number as an authentication value, and signs the random number according to the authentication key.
9. 9. A secure debugging system of an arm platform, comprising an arm server and a key terminal, wherein the arm server comprises one or more first processors, a first memory, one or more first operation instructions stored in the first memory, and a one-time programmable memory, wherein the one-time programmable memory stores hash values of authentication public keys, the key terminal comprises one or more second processors, a second memory, and one or more second operation instructions stored in the second memory, and the first and second processors execute the first and second operation instructions respectively to realize the secure debugging method of the arm platform according to any one of claims 5-8.

Description

Debug port opening method, arm service equipment, security debugging method and system Technical Field The invention relates to the field of electronics, in particular to secure debugging of an arm server. Background The debugging port is an important function in the product development process, and the product generally uses the debugging port to analyze and solve the discovered functional problems in the development process. Through the debugging interface, the running state of the product can be monitored, the numerical value of the register can be checked or modified, the data change in the memory can be observed, and various troublesome problems can be conveniently checked through the cooperation of development tools such as IDE, debugger and the like. Because the debugging interface has strong functions, the debugging interface is a sharp tool in the development process, and hidden danger of security holes and intellectual property leakage is brought to products. An attacker can access various resources inside the device through the debugging port, can utilize a powerful debugging interface to perform various attacks on the device, steals sensitive information in a product, and forms a serious security hole. Thus, the debug port is disabled or locked at the time of product shipment. To address this problem, many high value added or security sensitive products choose to permanently disable the debug interface by modifying the OTP/eFuse, etc. in the final step of the manufacturing process. After the product leaves the factory, the debugging interface is sealed, and the risk brought by the debugging interface is simply and roughly solved. Therefore, a safe and reliable debug port opening method, arm service equipment, a safe debug method and a safe debug system are urgently needed. Disclosure of Invention The invention aims to provide a debug port opening method, an arm service device, a secure debug method and a secure debug system of an arm platform, which are high in security. The invention provides a debugging port opening method of an arm platform, which comprises the steps of setting a one-time programmable memory, storing a hash value of an authentication public key in the one-time programmable memory, receiving an opening authentication request sent by a key terminal, wherein the opening authentication request comprises the authentication public key and appointed algorithm information, verifying whether the authentication public key is legal or not according to the stored hash value and the appointed algorithm information, generating a random number and feeding back an authentication feedback signal containing the random number to the key terminal if the authentication public key is legal, receiving a signature of the random number, the authentication public key and the appointed algorithm information sent by the key terminal, verifying whether the authentication public key is legal or not according to the hash value and the appointed algorithm information, checking the signature by using the authentication public key if the authentication public key is legal, opening the debugging port if the signature is not legal or the authentication public key fails, and ending if the signature is not legal. Preferably, verifying whether the authentication public key is legal or not according to the hash value and the specified algorithm information comprises the steps of acquiring the hash value of the authentication public key by using the specified algorithm information, judging whether the hash value of the authentication public key is consistent with the hash value stored in the one-time programmable memory, if so, verifying, if not, ending. Preferably, the specified algorithm information includes specified hash algorithm information and specified public key algorithm information. The invention also provides an arm service device, which comprises one or more processors, a memory, one or more operation instructions stored in the memory, and an one-time programmable memory, wherein the one-time programmable memory stores a hash value of an authentication public key, and the processor calls the operation instructions and executes the operation instructions to realize the method for opening the debug port of the arm platform. The invention further provides a secure debugging method of the arm platform, a pair of matched authentication public keys and authentication secret keys are generated, hash values of the authentication public keys are written into a one-time programmable memory of equipment before leaving a factory, before secure debugging is carried out on the equipment, a key terminal sends an open authentication request to the equipment, the open authentication request comprises the authentication public keys and appointed algorithm information, the equipment verifies whether the authentication public keys are legal or not according to the hash values and the appointed algorithm information in the