Search

US-12625536-B2 - Circuit to protect against multi-rail voltage glitching attacks

US12625536B2US 12625536 B2US12625536 B2US 12625536B2US-12625536-B2

Abstract

A circuit includes a bandgap circuit configured to generate multiple reference voltages. A first voltage glitching detection circuit utilizes a first one of the reference voltages and a first power rail to generate a first reset signal in response to a voltage glitching attack on the first power rail, and a second voltage glitching detection circuit operates independently of the reference voltages to generate a second reset signal in response to the voltage glitching attack on the first power rail.

Inventors

  • Jiale Liang
  • Prashant Singh
  • Nishit Harshad Shah
  • Daniel Nguyen
  • Kaushik Krishna Raghuraman
  • Suhas Satheesh
  • Ting Lu
  • Roman Surgutchik
  • Tezaswi Raja

Assignees

  • NVIDIA CORP.

Dates

Publication Date
20260512
Application Date
20230627

Claims (17)

  1. 1 . A circuit comprising: a bandgap circuit configured to generate a plurality of reference voltages; a first voltage glitching detection circuit; the first voltage glitching detection circuit configured to utilize a first one of the reference voltages and a first power rail voltage to generate a first reset signal in response to a voltage glitching attack on the first power rail; a second voltage glitching detection circuit configured to operate independently of the reference voltages to generate a second reset signal in response to the voltage glitching attack on the first power rail; a third voltage glitching detection circuit comprising: a digital-to-analog converter configured to generate a plurality of digital-to-analog converter-generated reference voltages; and a plurality of comparators configured to each receive at a first input a second power rail voltage, the comparators further configured to each receive at a second input one of the digital-to-analog converter-generated reference voltages.
  2. 2 . The circuit of claim 1 , wherein the second voltage glitching detection circuit comprises a self-referencing power-on detector for the first power rail.
  3. 3 . The circuit of claim 1 , wherein the power-on detector and bandgap circuit are configured to receive power from the first power rail.
  4. 4 . The circuit of claim 1 , wherein the first reset signal generated by the first voltage glitching detection circuit is a fine level reset signal.
  5. 5 . The circuit of claim 1 , wherein the second reset signal generated by the second voltage glitching detection circuit is a coarse level reset signal.
  6. 6 . The circuit of claim 1 , the first voltage glitching detection circuit comprising: a comparator configured to receive at a first input the first one of the reference voltages from the bandgap circuit; and the comparators configured to receive at a second input a scaled voltage from the first power rail.
  7. 7 . The circuit of claim 6 , wherein the power-on detector, bandgap circuit, and comparator are configured to receive power from the first power rail.
  8. 8 . The circuit of claim 1 , the third voltage glitching detection circuit utilizing a second one of the reference voltages and the second power rail voltage to generate a third reset signal in response to a voltage glitching attack on the second power rail.
  9. 9 . The circuit of claim 1 , wherein the digital-to-analog converter is programmable to generate the digital-to-analog converter-generated reference voltages in a window of a reference voltage received from the bandgap circuit.
  10. 10 . The circuit of claim 1 , wherein the power-on detector, bandgap circuit, and the third voltage glitching detection circuit are configured to receive power from the first power rail.
  11. 11 . A device comprising: a system-on-a-chip configured to receive power from a first power rail; a plurality of input-output devices configured to receive power from a second power rail; a bandgap circuit configured to generate a plurality of reference voltages; a first voltage glitching detection circuit configured to utilize a plurality of the reference voltages to generate a first reset signal in response to a voltage glitching attack on the first power rail; a second voltage glitching detection circuit configured to utilize one of the plurality of reference voltages to generate a second reset signal in response to a voltage glitching attack on the second power rail; a third voltage glitching detection circuit configured to operate independently of the reference voltages to generate a third reset signal in response to the voltage glitching attack on the second power rail; and fourth voltage glitching detection circuit configured to utilize one of the plurality of reference voltages to generate a fourth reset signal in in response to a voltage glitching attack on a third power rail, the fourth voltage glitching detection circuit comprising: a digital-to-analog converter configured to generate a plurality of digital-to-analog converter-generated reference voltages; and a plurality of comparators configured to each receive at a first input a voltage from the third power rail, the comparators further configured to each receive at a second input one of the digital-to-analog converter-generated reference voltages.
  12. 12 . The device of claim 11 , wherein the third voltage glitching detection circuit comprises a self-referencing power-on detector for the second power rail.
  13. 13 . The device of claim 11 , wherein the second reset signal is a fine level reset signal.
  14. 14 . The device of claim 11 , wherein the third reset signal is a coarse level reset signal.
  15. 15 . The device of claim 11 , further comprising: logic to form a combined reset signal from the second reset signal and the third reset signal.
  16. 16 . The circuit of claim 11 , the first voltage glitching detection circuit comprising: logic configured to monitor a window of the first power rail voltage.
  17. 17 . A method comprising: operating a bandgap circuit to generate a plurality of reference voltages; applying a first one of the reference voltages and a first power rail voltage to a first voltage glitching detection circuit to generate a first reset signal in response to a voltage glitching attack on the first power rail; operating a second voltage glitching detection circuit independently of the reference voltages to generate a second reset signal in response to the voltage glitching attack on the first power rail; operating a third voltage glitching detection circuit by: generating a plurality of additional reference voltages with a digital-to-analog converter; applying a different one of the additional reference voltages at a first input to each of a plurality of comparators; and applying a second power rail voltage to a second input to each of the comparators.

Description

BACKGROUND A concern with modern chips is protecting the integrated circuits on those chips against voltage glitching attacks. Voltage glitching attacks are intrusions in chips used in devices that utilize integrated circuits for securing gaming, automotive, and server applications, for example. A voltage glitching attack is an intentional fault introduced to undermine device security. The fault can cause instruction skipping, instruction decoding errors, and improper data read and write backs. An electrical type of voltage glitching attack can target the clock or the power systems. A power voltage glitching attack may involve a pull to ground (i.e., blackout), pulling down the supply voltage (i.e., brownout), or an increase in voltage (i.e., spiking). Supply voltage glitching is a type of hardware attack. By voltage glitching the power supply voltage, a hacker may either bypass a device authentication process or enter unauthorized logic through Joint Test Action Group (JTAG) access. If voltage glitching attacks can be detected, they may be prevented for example by resetting the circuits under attack. Conventional voltage glitch protection circuits utilize power-on detectors that may exhibit large voltage-temperature variation in operation. The generation of reset signals from these conventional power-on detectors in response to voltage glitching attacks may therefor be unreliable. Additionally, it has proven challenging to implement solutions that protect multiple power rails from simultaneous or compounded voltage glitching attacks. Power-on detectors have been utilized to force a reset of a circuit system (e.g., a system-on-a-chip) in the event of a forced power or glitches below a configured voltage threshold. However, conventional power-on detectors may exhibit relatively high process, voltage, and temperature variation. This may necessitate setting the voltage threshold conservatively, creating a wide vulnerability band to voltage glitching and a risk of reset signals not propagating properly. Moreover, conventional power-on detector mechanisms lack dependent power rail voltage glitching protections. The dependent power rail is the power rail supplying the circuitry that generates reference voltages utilized by the detectors to generate reset signals in response to voltage glitching attacks. If the dependent power rail is attacked, downstream glitch monitors may not operate reliably. Conventional power-on detectors may also utilize fixed settings for voltage thresholds with no programmability, and hence may have constrained applicability. BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS To easily identify the discussion of any particular element or act, the most significant digit or digits in a reference number refer to the figure number in which that element is first introduced. FIG. 1 depicts a device comprising a voltage glitching protection circuit 102 in one embodiment. FIG. 2 depicts a circuit to protect against voltage glitching attacks on multiple power rails, in accordance with one embodiment. FIG. 3 depicts an exemplary signal timing diagram for a blackout glitch on a power rail. FIG. 4 depicts example voltage profiles for the circuit embodiment of FIG. 2. FIG. 5 depicts an example of the type of voltage glitching that may be detected with a system in accordance with the embodiment of FIG. 2 FIG. 6 depicts a process for detecting voltage glitching attacks on multiple power rails in a digital device in accordance with one embodiment. DETAILED DESCRIPTION Circuit embodiments are disclosed that improve the accuracy and robustness of aberrant voltage events detection on multiple power rails. The circuits utilize a plurality of monitor circuits for multiple power rails, each utilizing reference voltages generated by a bandgap voltage generator. The voltage monitor for the dependent power rail is supplemented by a self-referencing power-on detector. In one embodiment the bandgap circuit and the power-on detector are supplied by a common power rail (the dependent power rail). The bandgap generates multiple reference voltages for multiple different voltage monitors and by its nature provides improved immunity to the effects of voltage-temperate variation on these voltage monitors. Various terminology utilized herein may be better understood in light of the following: “Bandgap circuit” refers to any number of well-known circuits designed to generate one or more reference voltage that is held constant to a high degree regardless of power supply variations, temperature changes, or circuit loading.“Coarse level reset signal” refers to a reset signal that is generated responsive to slower changes in some monitored voltage, subject to larger process, voltage, and temperature variations in a configured voltage threshold level that triggers the reset signal.“Fine level reset signal” refers to a reset signal that is generated responsive to faster changes (relative to changes that trigger a coarse level