KR-20260066069-A - Consistent key management across multiple chiplets

Abstract

Systems and techniques for establishing a connection are provided. For example, a process may include: receiving a request for a cryptographic key at a first chiplet trust root (C-RoT) of a first chiplet among a plurality of chiplets; generating a cryptographic key by the first C-RoT; generating a wrapped cryptographic key by wrapping the cryptographic key using a wrapping key by the first C-RoT; outputting the wrapped cryptographic key by the first C-RoT; receiving the wrapped cryptographic key at a second C-RoT of a second chiplet among a plurality of chiplets; unwrapping the wrapped cryptographic key using a wrapping key by the second C-RoT; and performing an operation based on the cryptographic key by the second C-RoT.

Inventors

• 라가반 렌가라잔
• 메논 아룬
• 아스베 사마르
• 브라흐마 아심
• 혼갈 쉬바프라사드
• 가오 창??
• 포추에프 데니스

Assignees

• 퀄컴 인코포레이티드

Dates

Publication Date

20260512

Application Date

20240906

Priority Date

20230915

Claims (20)

1. As an electronic device, A memory system including instructions; and The above-mentioned memory system includes a processor system coupled thereto, the processor system includes a plurality of chiplets, and the processor system: In the first chiplet trust root (C-RoT) of the first chiplet among the plurality of chiplets above, a request for a cryptographic key is received; Generate the encryption key by the above-mentioned first C-RoT; By the above-mentioned first C-RoT, a wrapped cryptographic key is generated by wrapping the cryptographic key using a wrapping key; Output the wrapped encryption key by the above first C-RoT; Receiving the wrapped cryptographic key from the second chiplet among the plurality of chiplets; Unwrapping the wrapped cryptographic key in the second chiplet using the wrapping key; and An electronic device configured to perform operations based on the cryptographic key by the second C-RoT.
2. An electronic device according to claim 1, wherein, for wrapping the cryptographic key, the processor system is configured to encrypt the cryptographic key using the wrapping key by the first C-RoT.
3. An electronic device according to claim 1, wherein the encryption key is generated based on a common pairing key.
4. In paragraph 3, the common pairing key is an electronic device provisioned to two or more C-RoTs of the plurality of chiplets.
5. In claim 1, the wrapped cryptographic key is an electronic device received at a cryptographic endpoint associated with the second C-RoT.
6. In paragraph 5, the wrapped cryptographic key is an electronic device that is unwrapped by the cryptographic endpoint.
7. An electronic device according to claim 1, wherein the wrapping key comprises one of a common transmission key or a key swap key.
8. An electronic device according to claim 7, wherein the wrapping key includes a key swap key, and in order to output the wrapped cryptographic key, the processor system is configured to store the wrapped cryptographic key in the memory system, and the wrapped cryptographic key is received from the memory system.
9. An electronic device according to claim 1, wherein the wrapping key is provisioned to the C-RoTs of the plurality of chiplets.
10. In claim 1, the wrapping key is an electronic device provisioned during the boot procedure of the processor system.
11. As a method for security processing, A step of receiving a request for a cryptographic key at the first chiplet trust root (C-RoT) of the first chiplet among a plurality of chiplets; A step of generating the encryption key by the above-mentioned first C-RoT; A step of generating a wrapped cryptographic key by wrapping the cryptographic key using a wrapping key according to the first C-RoT above; A step of outputting the wrapped cryptographic key by the first C-RoT; A step of receiving the wrapped cryptographic key from the second chiplet among the plurality of chiplets; A step of unwrapping the wrapped cryptographic key in the second chiplet using the wrapping key; and A method for security processing comprising the step of performing an operation based on the cryptographic key by the second C-RoT.
12. A method for security processing according to claim 11, wherein wrapping the cryptographic key comprises encrypting the cryptographic key using the wrapping key by the first C-RoT.
13. In paragraph 11, the above cryptographic key is a method for security processing generated based on a common pairing key.
14. A method for security processing according to claim 13, wherein the common pairing key is provisioned to two or more C-RoTs of the plurality of chiplets.
15. A method for security processing in claim 11, wherein the wrapped cryptographic key is received at a cryptographic endpoint associated with the second C-RoT.
16. A method for security processing according to claim 15, wherein the wrapped cryptographic key is unwrapped by the cryptographic endpoint.
17. A method for secure processing according to claim 11, wherein the wrapping key comprises one of a common transmission key or a key swap key.
18. A method for security processing according to claim 17, wherein the wrapping key includes a key swap key, outputting the wrapped cryptographic key includes storing the wrapped cryptographic key in a memory system, and the wrapped cryptographic key is received from the memory system.
19. A method for security processing according to claim 11, wherein the wrapping key is provisioned to the C-RoTs of the plurality of chiplets.
20. A method for security processing according to claim 11, wherein the wrapping key is provisioned during the boot procedure of the plurality of chiplets.

Description

Consistent key management across multiple chiplets Aspects of the present disclosure generally relate to device security. For example, aspects of the present disclosure relate to consistent key management across a number of chiplets. Computing devices typically store sensitive data owned by users or enterprises using firmware or operating system software on the computing devices owned by the manufacturer of the computing device or security module. To assist secure computing devices, the firmware or software may include security measures that protect against them, such as removing brute-force attack mitigation measures, disabling secure boot/trusted boot, and/or loading other unauthorized firmware or software on the computing devices. For example, a processor or SoC may include a Root of Trust (RoT), which is a source of information such as an inherently trusted cryptographic key. In some cases, the RoT may be embedded hardware included in the SoC, such as a hardware-based trusted platform module or a trusted execution environment. The following presents a simplified summary relating to one or more embodiments disclosed herein. Accordingly, the following summary should not be construed as a comprehensive overview relating to all embodiments considered, nor should it be construed as identifying key or decisive elements relating to all embodiments considered, or describing categories associated with any particular embodiment. Accordingly, the following summary is intended solely to present specific concepts relating to one or more embodiments relating to the mechanisms disclosed herein, in a simplified form preceding the detailed description provided below. Systems, methods, devices, and computer-readable media for secure processing are disclosed. According to at least one exemplary example, an electronic device is provided. The electronic device includes a memory system comprising instructions and a processor system coupled to the memory system. The processor system includes a plurality of chiplets. The processor system is configured to receive a request for a cryptographic key at a first chiplet trust root (C-RoT) of a first chiplet among the plurality of chiplets; generate a cryptographic key by the first C-RoT; generate a wrapped cryptographic key by wrapping the cryptographic key using a wrapping key by the first C-RoT; output a wrapped cryptographic key by the first C-RoT; receive a wrapped cryptographic key at a second chiplet among the plurality of chiplets; unwrap a wrapped cryptographic key at the second chiplet using a wrapping key; and perform an operation based on the cryptographic key by the second C-RoT. As another example, a method for security processing is provided. The method comprises the steps of: receiving a request for a cryptographic key at a first chiplet trust root (C-RoT) of a first chiplet among a plurality of chiplets; generating a cryptographic key by the first C-RoT; generating a wrapped cryptographic key by wrapping the cryptographic key using a wrapping key by the first C-RoT; outputting the wrapped cryptographic key by the first C-RoT; receiving the wrapped cryptographic key at a second chiplet among a plurality of chiplets; unwrapping the wrapped cryptographic key at the second chiplet using a wrapping key; and performing an operation based on the cryptographic key by the second C-RoT. In another example, a non-transient computer-readable medium is provided. When the non-transient computer-readable medium is executed by a processor system, the processor system causes: to receive a request for a cryptographic key at a first chiplet trust root (C-RoT) of a first chiplet among a plurality of chiplets; to generate a cryptographic key by the first C-RoT; to generate a wrapped cryptographic key by wrapping the cryptographic key using a wrapping key by the first C-RoT; to output the wrapped cryptographic key by the first C-RoT; to receive the wrapped cryptographic key at a second chiplet among a plurality of chiplets; to unwrap the wrapped cryptographic key at the second chiplet using a wrapping key; and to perform an operation based on the cryptographic key by the second C-RoT. As another example, an apparatus for security processing is provided. The apparatus includes means for receiving a request for a cryptographic key at a first chiplet trust root (C-RoT) of a first chiplet among a plurality of chiplets; means for generating a cryptographic key by the first C-RoT; means for generating a wrapped cryptographic key by wrapping the cryptographic key using a wrapping key by the first C-RoT; means for outputting the wrapped cryptographic key by the first C-RoT; means for receiving the wrapped cryptographic key at a second chiplet among a plurality of chiplets; means for unwrapping the wrapped cryptographic key at the second chiplet using a wrapping key; and means for performing an operation based on the cryptographic key by the second C-RoT. The embodiments generally include methods,