Search

US-20260128898-A1 - PROCESSING SYSTEM, RELATED INTEGRATED CIRCUIT, DEVICE AND METHOD

US20260128898A1US 20260128898 A1US20260128898 A1US 20260128898A1US-20260128898-A1

Abstract

A processing system includes a non-volatile memory including a first memory slot arranged to store a first master password, a second memory slot arranged to store a second master password and a third memory slot arranged to store a security password. A password verification circuit is configured to set an overwrite signal to indicate a success verification of the first master password or a success verification of the second master password. A protection circuit is configured to manage write access to the third memory slot arranged to store a security password. The protection circuit receives a write request for writing a new security password to the third memory slot. The protection circuit determines whether security access data indicate that the third memory slot is associated with the first master password or with the second master password, and determines whether the overwrite signal indicates a success verification of the first master password or the second master password. The protection circuit enables or disables writing the new security password to the third memory slot based on whether the security access data indicate that the third memory slot is associated with the first master password or with the second master password, and the value of the overwrite signal..

Inventors

  • Rosario Martorana
  • Roberto Colombo
  • Francesca Maria Grazia CUTULI

Assignees

  • STMICROELECTRONICS INTERNATIONAL N.V.

Dates

Publication Date
20260507
Application Date
20251028
Priority Date
20241106

Claims (20)

  1. 1 . A processing system comprising: a non-volatile memory comprising a memory area configured to store password data, wherein the memory area comprises a first memory slot arranged to store a first master password, a second memory slot arranged to store a second master password, and a third memory slot arranged to store a security password; a password verification circuit configured to: receive a password verification command comprising a password and a slot number; determine whether the slot number is associated with the first master password or the second master password; in response to determining that the slot number is associated with the first master password: determine whether the received password corresponds to the first master password; and in response to determining that the received password corresponds to the first master password, set an overwrite signal to indicate a success verification of the first master password; and in response to determining that the slot number is associated with the second master password: determine whether the received password corresponds to the second master password; and in response to determining that the received password corresponds to the second master password, set the overwrite signal to indicate a success verification of the second master password; and a protection circuit configured to: receive a write request for writing a new security password to the third memory slot configured to store the security password; and in a first operating mode: determine whether security access data indicate that the third memory slot is associated with the first master password or with the second master password; determine whether the overwrite signal indicates a success verification of the first master password or the second master password; in response to determining that the security access data indicate that the third memory slot is associated with the first master password and the overwrite signal indicates a success verification of the first master password, enable writing the new security password to the third memory slot; in response to determining that the security access data indicate that the third memory slot is associated with the first master password and the overwrite signal does not indicate a success verification of the first master password, inhibit writing the new security password to the third memory slot; and in response to determining that the security access data indicate that the third memory slot is associated with the second master password and the overwrite signal indicates a success verification of the second master password, enable writing the new security password to the third memory slot configured to store the security password.
  2. 2 . The processing system according to claim 1 , comprising: a password repository; and a configuration circuit configured to transfer the password data from the non-volatile memory to the password repository, wherein the password verification circuit is configured to provide the slot number to the password repository and receive a respective password associated with the slot number from the password repository.
  3. 3 . The processing system according to claim 1 , wherein the password verification circuit is configured to: determine whether the slot number is associated with the security password; and in response to determining that the slot number is associated with the security password: determine whether the received password corresponds to the security password; and in response to determining that the received password corresponds to the security password, set the overwrite signal to indicate a success verification of the security password, wherein the processing system comprises a circuit and a further protection circuit, wherein the further protection circuit is configured to enable access to the circuit in response to determining that the overwrite signal indicates a success verification of the security password.
  4. 4 . The processing system according to claim 1 , wherein the protection circuit comprises a register providing the security access data, wherein a field of the security access data indicates whether the third memory slot configured to store the security password is associated with the first master password, is associated with the second master password , or is unassigned, wherein the protection circuit is configured to: receive configuration data from a configuration circuit of the processing system; determine whether the field of the security access data indicates that the third memory slot is unassigned; and in response to determining that the field of the security access data indicates that the third memory slot is unassigned, overwrite bits of the field of the security access data with respective bits of the received configuration data.
  5. 5 . The processing system according to claim 4 , wherein the protection circuit has associated an address, wherein the non-volatile memory comprises a further memory area arranged to store frames of configuration data, each frame of configuration data comprising an address and respective configuration data, wherein the configuration circuit is configured to: sequentially read the frames of configuration data from the non-volatile memory; determine whether the address of a frame of configuration data corresponds to the address associated with the protection circuit; and in response to determining that the address of the frame of configuration data corresponds to the address associated with the protection circuit, transmit the configuration data of the frame of configuration data to the protection circuit.
  6. 6 . The processing system according to claim 1 , wherein the protection circuit is configured to: receive a write request for writing a new master password to the first memory slot configured to store the first master password; and in the first operating mode: determine whether the overwrite signal indicates a success verification of the first master password; in response to determining that the overwrite signal indicates a success verification of the first master password, enable writing the new master password to the first memory slot; and in response to determining that the overwrite signal does not indicate a success verification of the first master password, inhibit writing the new master password to the first memory slot.
  7. 7 . The processing system according to claim 1 , wherein the protection circuit is configured to determine the operating mode as a function of life-cycle data indicating a life-cycle stage of the processing system or configuration data, wherein the first operating mode corresponds to an in-field life-cycle stage.
  8. 8 . The processing system according to claim 1 , wherein the protection circuit is configured to: in a second operating mode, enable write access to the first master password, the second master password, and the security password.
  9. 9 . The processing system according to claim 1 , wherein the protection circuit is configured to: in a third operating mode: determine whether the security access data indicate that the third memory slot is associated with the first master password, is associated with the second master password, or is unassigned; determine whether the overwrite signal indicates a success verification of the first master password or the second master password; in response to determining that the security access data indicate that the third memory slot is associated with the second master password or is unassigned, enable writing the new security password to the third memory slot; in response to determining that the security access data indicate that the third memory slot is associated with the first master password and the overwrite signal indicates a success verification of the first master password, enable writing the new security password to the third memory slot; and in response to determining that the security access data indicate that the third memory slot is associated with the first master password and the overwrite signal does not indicate a success verification of the first master password, inhibit writing the new security password to the third memory slot.
  10. 10 . The processing system according to claim 1 , wherein the overwrite signal comprises a first signal and a second signal, wherein the password verification circuit is configured to: assert the first signal to indicate a success verification of the first master password and de-assert the first signal to not indicate a success verification of the first master password; and assert the second signal to indicate a success verification of the second master password and de-assert the second signal to not indicate a success verification of the second master password.
  11. 11 . The processing system according to claim 1 , comprising a processing circuit or a communication interface configured to provide the password verification command and the write request.
  12. 12 . An integrated circuit comprising the processing system according to claim 1 .
  13. 13 . A device comprising a plurality of processing systems according to claim 1 and a communication system for exchanging data between the plurality of processing systems.
  14. 14 . A method comprising: receiving a password verification command comprising a password and a slot number; determining whether the slot number is associated with a first master password or a second master password; in response to determining that the slot number is associated with the first master password: determining whether the received password corresponds to the first master password; and in response to determining that the received password corresponds to the first master password, setting an overwrite signal to indicate a success verification of the first master password; in response to determining that the slot number is associated with the second master password: determining whether the received password corresponds to the second master password; and in response to determining that the received password corresponds to the second master password, setting the overwrite signal to indicate a success verification of the second master password; receiving a write request for writing a new security password to a third memory slot configured to store the security password; determining whether security access data indicate that the third memory slot is associated with the first master password or with the second master password; determining whether the overwrite signal indicates a success verification of the first master password or the second master password; in response to determining that the security access data indicate that the third memory slot is associated with the first master password and the overwrite signal indicates a success verification of the first master password, enabling writing the new security password to the third memory slot; in response to determining that the security access data indicate that the third memory slot is associated with the first master password and the overwrite signal does not indicate a success verification of the first master password, inhibiting writing the new security password to the third memory slot; and in response to determining that the security access data indicate that the third memory slot is associated with the second master password and the overwrite signal indicates a success verification of the second master password, enabling writing the new security password to the third memory slot configured to store the security password.
  15. 15 . The method according to claim 14 , comprising: storing the first master password to the first memory slot of a non-volatile memory; storing a security password to the third memory slot of the non-volatile memory; and setting the security access data to indicate that the third memory slot is associated with the first master password.
  16. 16 . An apparatus comprising: a non-volatile memory comprising a memory area arranged to store password data, wherein the memory area comprises a first memory slot arranged to store a first master password, a second memory slot arranged to store a second master password, and a third memory slot arranged to store a security password; a password verification circuit configured to: receive a password verification command comprising a password and a slot number; determine whether the slot number is associated with the first master password or the second master password; based on determining that the slot number is associated with the first master password and that the received password corresponds to the first master password, set an overwrite signal to indicate a success verification of the first master password; and based on determining that the slot number is associated with the second master password and that the received password corresponds to the second master password, set the overwrite signal to indicate a success verification of the second master password; a protection circuit configured to: receive a write request for writing a new security password to the third memory slot arranged to store the security password; and in a first operating mode: determine whether security access data indicate that the third memory slot is associated with the first master password or with the second master password; determine whether the overwrite signal indicates a success verification of the first master password or the second master password, based on determining that the security access data indicate that the third memory slot is associated with the first master password and the overwrite signal indicates a success verification of the first master password, enable writing the new security password to the third memory slot; based on determining that the security access data indicate that the third memory slot is associated with the first master password and the overwrite signal does not indicate a success verification of the first master password, inhibit writing the new security password to the third memory slot; and based on determining that the security access data indicate that the third memory slot is associated with the second master password and the overwrite signal indicates a success verification of the second master password, enable writing the new security password to the third memory slot configured to store the security password.
  17. 17 . The apparatus according to claim 16 , comprising: a password repository; and a configuration circuit configured to transfer the password data from the non-volatile memory to the password repository, wherein the password verification circuit is configured to provide the slot number to the password repository and receive a respective password associated with the slot number from the password repository.
  18. 18 . The apparatus according to claim 16 , wherein the password verification circuit is configured to: determine whether the slot number is associated with the security password; and in response to determining that the slot number is associated with the security password: determine whether the received password corresponds to the security password; and in response to determining that the received password corresponds to the security password, set the overwrite signal to indicate a success verification of the security password, wherein the processing system comprises a circuit and a further protection circuit, wherein the further protection circuit is configured to enable access to the circuit in response to determining that the overwrite signal indicates a success verification of the security password.
  19. 19 . The apparatus according to claim 16 , wherein the protection circuit comprises a register providing the security access data, wherein a field of the security access data indicates whether the third memory slot arranged to store the security password is associated with the first master password, is associated with the second master password, or is unassigned, wherein the protection circuit is configured to: receive configuration data from a configuration circuit of the processing system; determine whether the field of the security access data indicates that the third memory slot is unassigned; and in response to determining that the field of the security access data indicates that the third memory slot is unassigned, overwrite bits of the field of the security access data with respective bits of the received configuration data.
  20. 20 . The apparatus according to claim 16 , wherein the protection circuit has associated an address, wherein the non-volatile memory comprising a further memory area arranged to store frames of configuration data, each frame of configuration data comprising an address and respective configuration data, wherein the configuration circuit is configured to: sequentially read the frames of configuration data from the non-volatile memory; determine whether the address of a frame of configuration data corresponds to the address associated with the protection circuit; and in response to determining that the address of the frame of configuration data corresponds to the address associated with the protection circuit, transmit the configuration data of the frame of configuration data to the protection circuit.

Description

TECHNICAL FIELD Embodiments of the present disclosure relate to processing systems, in particular solutions for updating a password of the processing system. BRIEF SUMMARY In view of the above, it is an objective of various embodiments of the present disclosure to provide solutions for updating one or more passwords of a processing system. According to one or more embodiments, one or more of the above objectives is achieved by means of a processing system having the features specifically set forth in the claims that follow. Embodiments moreover concern a related integrated circuit, device and method. The scope of protection is defined in the enclosed claims, which are an integral part of the technical teaching of the disclosure provided herein. As mentioned before, various embodiments of the present disclosure relate to a processing system. The processing system comprises a non-volatile memory comprising a memory area arranged to store password data, a password verification circuit and a protection circuit managing access to the non-volatile memory, e.g., in order to update the password data. Specifically, in various embodiments, the memory area comprise a first memory slot arranged to store a first master password, a second memory slot arranged to store a second master password and a third memory slot arranged to store a security password. The memory area may comprise further slots for storing further master passwords and/or further security passwords. In various embodiments, the password verification circuit is configured to receive a password verification command comprising a password and a slot number. Moreover, the password verification circuit is configured to determine whether the slot number is associated with the first master password or the second master password. Specifically, in response to determining that the slot number is associated with the first master password, the password verification circuit determines whether the received password corresponds to the first master password and, in response to determining that the received password corresponds to the first master password, sets an overwrite signal to indicate a success verification of the first master password. In some embodiments, in response to determining that the slot number is associated with the second master password, the password verification circuit determines whether the received password corresponds to the second master password and, in response to determining that the received password corresponds to the second master password, sets the overwrite signal to indicate a success verification of the second master password. For example, the overwrite signal may comprise a first signal and a second signal, and the password verification circuit may be configured to assert the first signal to indicate a success verification of the first master password and de-assert the first signal to not indicate a success verification of the first master password, and assert the second signal to indicate a success verification of the second master password and de-assert the second signal to not indicate a success verification of the second master password. Similarly, in various embodiments, the password verification circuit may be configured to determine whether the slot number is associated with the security password. Accordingly, in response to determining that the slot number is associated with the security password, the password verification circuit may determine whether the received password corresponds to the security password and, in response to determining that the received password corresponds to the security password, set the overwrite signal to indicate a success verification of the security password. For example, in order to implement a password verification operation, the processing system may also comprise a password repository and a configuration circuit configured to transfer the password data from the non-volatile memory to the password repository. Accordingly, in this case, the password verification circuit may be configured to provide the slot number to the password repository and receive a respective password associated with the slot number from the password repository. In various embodiments, the security password may be used to selectively disable one or more protections. For example, in this case, the processing system may comprise a circuit and a further protection circuit, wherein the further protection circuit is configured to enable access to the circuit in response to determining that the overwrite signal indicates a success verification of the security password. In various embodiments, the master passwords may be used to selectively enable (at least) write access to the security password. Accordingly, in various embodiments, the protection circuit is configured to receive a write request for writing a new security password to the third memory slot arranged to store the security password. For this purpose, the processing