Search

EP-4742068-A1 - PROCESSING SYSTEM, RELATED INTEGRATED CIRCUIT, DEVICE AND METHOD

EP4742068A1EP 4742068 A1EP4742068 A1EP 4742068A1EP-4742068-A1

Abstract

A processing system (10a) is described. The processing system comprises a non-volatile memory (104a) comprising a first memory slot arranged to store a first master password (MPW0), a second memory slot arranged to store a second master password (MPW1) and a third memory slot arranged to store a security password (SPW0). A password verification circuit (152a) is configured to set an overwrite signal (OW; OWM) to indicate a success verification of the first master password (MPW0) or a success verification of said second master password (MPW1). Specifically, a protection circuit (150a) is configured to manage write access to the third memory slot arranged to store a security password (SPWO). For this purpose, the protection circuit receives a write request (CMD) for writing a new security password to the third memory slot. Moreover, the protection circuit determines whether security access data (SIi, SPW_CTR) indicate that the third memory slot is associated with the first master password (MPW0) or with the second master password (MPW1), and determines whether the overwrite signal (OW; OWM) indicates a success verification of the first master password (MPW0) or the second master password (MPW1). Accordingly, the protection circuit may selectively enable or disable the writing of the new security password to the third memory slot based on whether the security access data (SIi, SPW_CTR) indicate that the third memory slot is associated with the first master password (MPW0) or with the second master password (MPW1), and the value of the overwrite signal (OW; OWM).

Inventors

  • MARTORANA, ROSARIO
  • COLOMBO, ROBERTO
  • CUTULI, Francesca Maria Grazia

Assignees

  • STMicroelectronics International N.V.

Dates

Publication Date
20260513
Application Date
20251022

Claims (15)

  1. A processing system (10a) comprising: - a non-volatile memory (104a) comprising a memory area arranged to store password data (PWD), wherein said memory area comprise a first memory slot arranged to store a first master password (MPWO), a second memory slot arranged to store a second master password (MPW1) and a third memory slot arranged to store a security password (SPW0); - a password verification circuit (152a) configured to: - receive a password verification command (VPW) comprising a password (K, PSW) and a slot number (SLOT, PSW_INDEX), - determine whether said slot number (SLOT, PSW_INDEX) is associated with said first master password (MPWO) or said second master password (MPW1), - in response to determining that said slot number (SLOT, PSW_INDEX) is associated with said first master password (MPWO), determine (1522) whether said received password (K, PSW) corresponds to said first master password (MPWO) and, in response to determining that said received password (K, PSW) corresponds to said first master password (MPWO), set an overwrite signal (OW; OWM) to indicate a success verification of said first master password (MPWO), and - in response to determining that said slot number (SLOT, PSW_INDEX) is associated with said second master password (MPW1), determine (1522) whether said received password (K, PSW) corresponds to said second master password (MPW1) and, in response to determining that said received password (K, PSW) corresponds to said second master password (MPW1), set said overwrite signal (OW; OWM) to indicate a success verification of said second master password (MPW1); - a protection circuit (150a) configured to: - receive a write request (CMD) for writing a new security password to said third memory slot arranged to store said security password (SPW0), and - in a first operating mode (LC3): - determine whether security access data (SIi, SPW_CTR) indicate that said third memory slot is associated with said first master password (MPWO) or with said second master password (MPW1), - determine whether said overwrite signal (OW; OWM) indicates a success verification of said first master password (MPWO) or said second master password (MPW1), - in response to determining that said security access data (SIi, SPW_CTR) indicate that said third memory slot is associated with said first master password (MPWO) and said overwrite signal (OW; OWM) indicates a success verification of said first master password (MPWO), enable the writing of said new security password to said third memory slot, - in response to determining that said security access data (SIi, SPW_CTR) indicate that said third memory slot is associated with said first master password (MPWO) and said overwrite signal (OW; OWM) does not indicate a success verification of said first master password (MPWO), inhibit the writing of said new security password to said third memory slot, - in response to determining that said security access data (SIi, SPW_CTR) indicate that said third memory slot is associated with said second master password (MPW1) and said overwrite signal (OW; OWM) indicates a success verification of said second master password (MPW1), enable the writing of said new security password to said third memory slot arranged to store said security password (SPW0).
  2. The processing system (10a) according to Claim 1, comprising: - a password repository (156a); - a configuration circuit (108) configured to transfer said password data (PWD) from said non-volatile memory (104a) to said password repository (156a); wherein said password verification circuit (152a) is configured to provide said slot number (SLOT, PSW_INDEX) to said password repository (156a) and receive a respective password associated with the slot number (SLOT, PSW_INDEX) from said password repository (156a).
  3. The processing system (10a) according to Claim 1 or Claim 2, wherein said password verification circuit (152a) is configured to: - determine whether said slot number (SLOT, PSW_INDEX) is associated with said security password (SPW0), and - in response to determining that said slot number (SLOT, PSW_INDEX) is associated with said security password (SPW0), determine (1522) whether said received password (K, PSW) corresponds to said security password (SPW0) and, in response to determining that said received password (K, PSW) corresponds to said security password (SPW0), set said overwrite signal (OW) to indicate a success verification of said security password (SPW0); wherein said processing system (10a) comprises a circuit (160) and a further protection circuit (150), wherein said further protection circuit (150) is configured to enable access to said circuit (160) in response to determining that said overwrite signal (OW) indicates a success verification of said security password (SPW0).
  4. The processing system (10a) according to any of the previous claims, wherein said protection circuit (150a) comprises a register (1502) providing said security access data (SIi, SPW_CTR), wherein a field (SIi) of said security access data (SPW_CTR) indicates whether said third memory slot arranged to store said security password (SPW0) is associated with said first master password (MPWO), is associated with said second master password (MPW1) or is unassigned, wherein said protection circuit (150a) is configured to: - receive configuration data (CD) from a configuration circuit (108) of said processing system (10a), - determine whether said field (SIi) of said security access data (SPW_CTR) indicates that said third memory slot is unassigned, and - in response to determining that said field (SIi) of said security access data (SPW_CTR) indicates that said third memory slot is unassigned, overwrite the bits of said field (SIi) of said security access data (SPW_CTR) with respective bits of the received configuration data (CD).
  5. The processing system (10a) according to Claim 4, wherein said protection circuit (150) has associated an address, wherein said non-volatile memory (104a) comprising a further memory area arranged to store frames of configuration data (CD), each frame of configuration data (CD) comprising an address and respective configuration data, wherein said configuration circuit (108) is configured to: - sequentially read said frames of configuration data (CD) from said non-volatile memory (104a); - determine whether the address of a frame of configuration data corresponds to the address associated with said protection circuit (150) and, in response to determining that the address of the frame of configuration data corresponds to the address associated with said protection circuit (150), transmit the configuration data of the frame of configuration data to said protection circuit.
  6. The processing system (10a) according to any of the previous claims, wherein said protection circuit (150) is configured to: - receive a write request (CMD) for writing a new master password to said first memory slot arranged to store said first master password (MPWO), and - in said first operating mode (LC3): - determine whether said overwrite signal (OW; OWM) indicates a success verification of said first master password (MPWO), - in response to determining that said overwrite signal (OW; OWM) indicates a success verification of said first master password (MPWO), enable the writing of said new master password to said first memory slot, - in response to determining that said overwrite signal (OW; OWM) does not indicate a success verification of said first master password (MPWO), inhibit the writing of said new master password to said first memory slot,
  7. The processing system (10a) according to any of the previous claims, wherein said protection circuit (150) is configured to determine the operating mode as a function of life-cycle data (LCD) indicating a life-cycle stage of said processing system (10a) and/or configuration data (CD), wherein said first operating mode preferably corresponds to an in-field life-cycle stage.
  8. The processing system (10a) according to any of the previous claims, wherein said protection circuit (150a) is configured to: - in a second operating mode (LC0), such as a production life-cycle stage, enable write access to said first master password (MPWO), said second master password (MPW1) and said security password (SPW0).
  9. The processing system (10a) according to any of the previous claims, wherein said protection circuit (150a) is configured to: - in a third operating mode (LC1), such as a software development life-cycle stage: - determine whether said security access data (SIi, SPW_CTR) indicate that said third memory slot is associated with said first master password (MPWO), is associated with said second master password (MPW1) or is unassigned, - determine whether said overwrite signal (OW; OWM) indicates a success verification of said first master password (MPWO) or said second master password (MPW1), - in response to determining that said security access data (SIi, SPW_CTR) indicate that said third memory slot is associated with said second master password (MPW1) or is unassigned, enable the writing of said new security password to said third memory slot, - in response to determining that said security access data (SIi, SPW_CTR) indicate that said third memory slot is associated with said first master password (MPWO) and said overwrite signal (OW; OWM) indicates a success verification of said first master password (MPWO), enable the writing of said new security password to said third memory slot, - in response to determining that said security access data (SIi, SPW_CTR) indicate that said third memory slot is associated with said first master password (MPWO) and said overwrite signal (OW; OWM) does not indicate a success verification of said first master password (MPWO), inhibit the writing of said new security password to said third memory slot.
  10. The processing system (10a) according to any of the previous claims, wherein said overwrite signal (OW; OWM) comprises a first signal (OWMO) and a second signal (OWM1), wherein said password verification circuit (152a) is configured to: - assert said first signal (OWMO) to indicate a success verification of said first master password (MPWO) and de-assert said first signal (OWMO) to not indicate a success verification of said first master password (MPWO), and - assert said second signal (OWM1) to indicate a success verification of said second master password (MPW1) and de-assert said second signal (OWM1) to not indicate a success verification of said second master password (MPW1).
  11. The processing system (10a) according to any of the previous claims, comprising a processing circuit (102) and/or a communication interface (IF) configured to provide said password verification command (VPW) and said write request (CMD).
  12. An integrated circuit, such as a micro-controller, comprising a processing system (10a) according to any of Claims 1 to 11.
  13. A device, such as a vehicle, comprising a plurality of processing systems (10a) according to any of Claims 1 to 10 and a communication system (20) for exchanging data between said processing systems (10a).
  14. A method of operating a processing system (10a) according to any of Claim 1 to 11, wherein the processing system (10a) comprises a non-volatile memory (104a) comprising a memory area arranged to store password data (PWD), wherein said memory area comprise a first memory slot arranged to store a first master password (MPWO), a second memory slot arranged to store a second master password (MPW1) and a third memory slot arranged to store a security password (SPW0), the method comprising the steps of: - receiving a password verification command (VPW) comprising a password (K, PSW) and a slot number (SLOT, PSW_INDEX), - determining whether said slot number (SLOT, PSW_INDEX) is associated with a first master password (MPWO) or a second master password (MPW1), - in response to determining that said slot number (SLOT, PSW_INDEX) is associated with said first master password (MPWO), determining (1522) whether said received password (K, PSW) corresponds to said first master password (MPWO) and, in response to determining that said received password (K, PSW) corresponds to said first master password (MPWO), setting an overwrite signal (OW; OWM) to indicate a success verification of said first master password (MPWO), - in response to determining that said slot number (SLOT, PSW_INDEX) is associated with said second master password (MPW1), determining (1522) whether said received password (K, PSW) corresponds to said second master password (MPW1) and, in response to determining that said received password (K, PSW) corresponds to said second master password (MPW1), setting said overwrite signal (OW; OWM) to indicate a success verification of said second master password (MPW1), - receiving a write request (CMD) for writing a new security password to the third memory slot arranged to store said security password (SPW0), - determining whether security access data (SIi, SPW_CTR) indicate that said third memory slot is associated with said first master password (MPWO) or with said second master password (MPW1), - determining whether said overwrite signal (OW; OWM) indicates a success verification of said first master password (MPWO) or said second master password (MPW1), - in response to determining that said security access data (SIi, SPW_CTR) indicate that said third memory slot is associated with said first master password (MPWO) and said overwrite signal (OW; OWM) indicates a success verification of said first master password (MPWO), enabling the writing of said new security password to said third memory slot, - in response to determining that said security access data (SIi, SPW_CTR) indicate that said third memory slot is associated with said first master password (MPWO) and said overwrite signal (OW; OWM) does not indicate a success verification of said first master password (MPWO), inhibiting the writing of said new security password to said third memory slot, and - in response to determining that said security access data (SIi, SPW_CTR) indicate that said third memory slot is associated with said second master password (MPW1) and said overwrite signal (OW; OWM) indicates a success verification of said second master password (MPW1), enabling the writing of said new security password to said third memory slot arranged to store said security password (SPW0).
  15. The method according to Claim 14, comprising - storing a first master password (MPWO) to said first memory slot of said non-volatile memory (104a), - storing a security password (SPW0) to said third memory slot of said non-volatile memory (104a), and - setting said security access data (SIi, SPW_CTR) to indicate that said third memory slot is associated with said first master password (MPWO).

Description

Technical Field Embodiments of the present disclosure relate to processing systems, in particular solutions for updating a password of the processing system. Background Figure 1 shows a typical electronic system, such as the electronic system of a vehicle, comprising a plurality of processing systems 10, such as embedded systems or integrated circuits, e.g., a Field Programmable Gate Array (FPGA), a Digital Signal Processor (DSP) or a micro-controller (e.g., dedicated to the automotive market). For example, in Figure 1 are shown three processing systems 101, 102 and 103 connected through a suitable communication system 20. For example, the communication system may include a vehicle control bus, such as a Controller Area Network (CAN) bus, and possibly a multimedia bus, such as a Media Oriented Systems Transport (MOST) bus, connected to vehicle control bus via a gateway. Typically, the processing systems 10 are located at different positions of the vehicle and may include, e.g., an Engine Control Unit, a Transmission Control Unit (TCU), an Anti-lock Braking System (ABS), a Body Control Module (BCM), and/or a navigation and/or multimedia audio system. Accordingly, one or more of the processing systems 10 may also implement real-time control and regulation functions. These processing systems are usually identified as Electronic Control Units. Figure 2 shows a block diagram of an exemplary digital processing system 10, such as a micro-controller, which may be used as any of the processing systems 10 of Figure 1. In the example considered, the processing system 10 comprises a microprocessor 102, usually the Central Processing Unit (CPU), programmed via software instructions. Usually, the software executed by the microprocessor 102 is stored in a non-volatile program memory 104, such as a Flash memory or EEPROM. Thus, the memory 104 is configured to store the firmware of the processing unit 102, wherein the firmware includes the software instructions to be executed by the microprocessor 102. Generally, the non-volatile memory 104 may also be used to store other data, such as configuration data, e.g., calibration data. The microprocessor 102 usually has associated also a volatile memory 104b, such as a Random-Access-Memory (RAM). For example, the memory 104b may be used to store temporary data. As shown in Figure 2, usually the communication with the memories 104 and/or 104b is performed via one or more memory controllers 100. The memory controller(s) 100 may be integrated in the microprocessor 102 or connected to the microprocessor 102 via a communication channel, such as a system bus of the processing system 10. Similarly, the memories 104 and/or 104b may be integrated with the microprocessor 102 in a single integrated circuit, or the memories 104 and/or 104b may be in the form of a separate integrated circuit and connected to the microprocessor 102, e.g., via the traces of a printed circuit board. In the example considered, the microprocessor 102 may have associated one or more (hardware) resources/peripherals 106 selected from the group of: one or more communication interfaces IF, e.g., for exchanging data via the communication system 20, such as a Universal asynchronous receiver/transmitter (UART), Serial Peripheral Interface Bus (SPI), Inter-Integrated Circuit (I2C), Controller Area Network (CAN) bus, and/or Ethernet interface, and/or a debug interface; and/orone or more analog-to-digital converters AD and/or digital-to-analog converters DA; and/orone or more dedicated digital components DC, such as hardware timers and/or counters, or a cryptographic co-processor; and/orone or more analog components AC, such as comparators, sensors, such as a temperature sensor, etc.; and/orone or more mixed signal components MSC, such as a PWM (Pulse-Width Modulation) driver. Generally, a dedicated digital components DC may also correspond to a FPGA integrated in the processing system 10. For example, in this case, the memory 104 may also comprise the program data for such a FPGA. Accordingly, the digital processing system 10 may support different functionalities. For example, the behavior of the microprocessor 102 is determined by the firmware stored in the memory 104, e.g., the software instructions to be executed by a microprocessor 102 of a micro-controller 10. Thus, by installing a different firmware, the same hardware (micro-controller) can be used for different applications. In this respect, future generation of such processing systems 10, e.g., microcontrollers adapted to be used in automotive applications, are expected to exhibit an increase in complexity, mainly due to the increasing number of requested functionalities (new protocols, new features, etc.) and to the tight constraints of execution conditions (e.g., lower power consumption, increased calculation power and speed, etc.). For example, recently more complex multi-core processing systems 10 have been proposed. For example, such multi-core processing syste