US20080126728A1 - Method and apparatus for protecting internal memory from external access - Google Patents
Method and apparatus for protecting internal memory from external access Download PDFInfo
- Publication number
- US20080126728A1 US20080126728A1 US11/872,939 US87293907A US2008126728A1 US 20080126728 A1 US20080126728 A1 US 20080126728A1 US 87293907 A US87293907 A US 87293907A US 2008126728 A1 US2008126728 A1 US 2008126728A1
- Authority
- US
- United States
- Prior art keywords
- memory
- address
- space
- user
- location
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1416—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
- G06F12/1425—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block
- G06F12/1441—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block for a range
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1458—Protection against unauthorised use of memory or access to memory by checking the subject access rights
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/79—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
Definitions
- the present disclosure pertains in general to memory systems and, more particularly, to a data protected memory system.
- microprocessor core which microprocessor core is operable to access any and all locations in the memory by generating an appropriate address.
- the processor requires access to the memory in order to both execute instructions and also read data from an address location or write data thereto.
- certain instructions are proprietary in nature and it is the desire of a manufacturer to protect that code. It is not the execution of the code that is to be protected but, rather, the ability of a user to gain access to the code, i.e., download the code, for reverse engineering thereof to determine the functionality that is embedded within the code.
- circuitry is provided for monitoring the contents of the Program Counter and generating an inhibit signal whenever the Program Counter is at a certain value. This inhibit signal inhibits access to certain portions of the memory.
- protection of the memory is also important to the “lock” the memory from external access. This has typically been facilitated by generating lock bits in predetermined locations. Once these lock bits are set, the hardware will check a lock bit prior to allowing access to a particular section of memory. If a lock bit for that memory is set, then access to the memory for a read or write, depending upon which function is locked, will be prohibited. In order to reset the lock bit, the entire memory has to be erased.
- the present disclosure comprises, in one aspect thereof, a method for protecting a memory space from external access.
- a plurality of lock bits are stored in a location in memory, each associated with a separate logical portion of the memory space and determinative as to the access thereof for a predetermined operation thereon.
- a request is then detected for access to a location in the memory space for operating thereon.
- the requested operation is then compared with the associated lock bit in the associated logical portion and then it is determined if access is allowed for the requested operation. If allowed, the requested operation is performed.
- FIG. 1 illustrates a block diagram of the overall system associated with the present disclosed embodiment
- FIG. 2 illustrates a detailed diagram of the processor core and memory with the associated protected control logic
- FIG. 3 illustrates a diagrammatic view of the memory map for the restricted space and user space
- FIG. 4 illustrates an exemplary flowchart illustrating a processor between the user space and the restricted space
- FIG. 5 illustrates a diagrammatic view of a system using the protected memory of the present disclosure
- FIG. 6 illustrates a more detailed block diagram of a microprocessor core and memory with the protective logic interface
- FIG. 7 illustrates a detailed block diagram of one aspect of the protective logic
- FIG. 8 illustrates a block diagram of another embodiment of the protective logic
- FIG. 9 illustrates another embodiment of the protective logic
- FIG. 10 illustrates an additional embodiment of the protective logic
- FIG. 11 illustrates a diagrammatic view of the reserve space and user space illustrating the reserved and user lock bits
- FIG. 12 illustrates a diagram of the hardware for protecting portions of the memory
- FIG. 13 illustrates a diagrammatic view of the association of the lock bits with various pages in the associated memory
- FIG. 14 illustrates a flow chart depicting the operation of reading or writing to potentially protected portions of the memory
- FIG. 15 illustrates a flow chart depicting erasing all or a section of the user space.
- FIG. 1 there is illustrated a top-level diagram of a system utilizing the protected memory of the present disclosure.
- An integrated circuit 10 is provided which has disposed therein a protected memory 12 .
- the protected memory 12 has associated therewith a protected memory region 14 and a user memory region 16 .
- the integrated circuit 10 can be interfaced to any type of application 18 , which can be any type of integrated circuit or board level device that interfaces with the integrated circuit 10 .
- This integrated circuit 10 could be a part of a PC board, which includes other integrated circuits or it could be a stand-alone integrated circuit that contains substantially all functionality needed to interface with the application 18 .
- the protected memory region 14 contains proprietary instructions that can be executed under the control of the user memory region 16 . However, the user cannot, through program instructions stored in the user memory section 16 , access information in the protected memory region 14 for retrieval therefrom for the purpose of viewing the instruction code or even the data stored in the protected memory region 14 .
- FIG. 2 there is illustrated a block diagram of the interface between a memory block 202 and a processor core 204 .
- the processor core 204 contains general processing architecture and is operable to generate addresses, receive data, generate various control functions, etc. Typically, this will contain a Program Counter for substantially stepping through various instructions that are retrieved from the memory 202 .
- a control logic block 206 is disposed between the processor core 204 and the memory 202 , this having associated therewith the various logic function to achieve the protected memory function described hereinbelow.
- the control logic block 206 is operable to interpret addresses received from the processor core 204 and compare them with information stored in a limit register 208 .
- This limit register 208 is either mask programmed or it is electronically programmed as a Write-Once, Read-Many (WORM) memory that allows a limit to be input to the integrated circuit 10 , which limit defines the boundary between the protected memory region 14 and the user memory region 16 .
- the control logic block 206 is operable to monitor the contents of the address bus and determine whether the contents of the address bus are directed toward the operation of fetching data or attempting to fetch an instruction code, i.e., whether the contents of the address bus constitute the contents of the Program Counter. With this information, the control logic block can then determine whether access is to be allowed to the memory 202 . If not, some type of inhibit or other protected operation is undertaken.
- the memory 202 is comprised of a plurality of memory locations which are accessible by generating an address. When the address is generated, a plurality of memory locations are accessed which typically constitute a “byte” of data, although any length is anticipated. For each address generated, one byte of data will be output.
- the memory map of FIG. 3 represents a sequence of byte locations from a lower byte location 302 to an upper byte location 304 .
- the memory is divided into a restricted space and a user space, the restricted space comprising memory locations 306 and the user space comprising memory locations 308 .
- memory location 310 which constitutes the boundary memory location.
- the address of this boundary location constitutes an address that is in the restricted space 306 and which address comprises the “limit” for the operation, as will be described in more detail hereinbelow.
- the Program Counter is basically a pointer that defines an address for a particular instruction to be carried out. When this Program Counter address is generated, it is placed onto the address bus and the information at that address location extracted therefrom and routed to the processor core 204 for operations thereon. In the execution of the various instructions, the Program Counter may actually jump from the user space 308 up to the restricted space 306 to execute instructions therein. This is allowed in accordance with the embodiment herein to facilitate executing instructions in the restricted space 306 in response to a “call” instruction executed in the user space 308 . However, as will be further described hereinbelow, instructions in the user space 308 cannot generate an address for the purpose of reading data from the restricted space 306 which would allow output of information stored in the restricted space from the system. The protective operation described herein is operable to prevent such an operation from occurring.
- FIG. 4 there is illustrated an exemplary flowchart that depicts operation of the system wherein the instructions jump between the user space and the restricted space.
- the flowchart is executed along a flow path which has inserted therein a “Call” instruction in a block 406 .
- the program is instructed to jump to the restricted space 306 by changing the value of the Program Counter (PC) and execute instructions therein in accordance with the new value of the PC.
- PC Program Counter
- These blocks in the flowchart are a combination of various function blocks “Fun” and decision blocks “D.”
- the Call instruction is incurred at the block 406 , the program will jump to the restricted space, represented by region 408 .
- the Call instruction 406 must have associated therewith an Operand that has a Program Counter value associated with an addressable location within the restricted space 306 .
- the program will begin execution therefrom. This is represented by the various operational blocks in the program within the region 408 .
- the program will then continue in the user space, as represented by a portion 414 of the flowchart.
- the protective circuitry By executing instructions in the user portion 402 or the user portion 414 of the flowchart, the protective circuitry, as will be described hereinbelow, prohibits any instructions from accessing an addressable location within the restricted space 306 for reading of information therein or writing of information thereto. This is facilitated by examining the contents of the address bus and determining whether the contents of the address bus constitute an address for the purpose of reading or writing data or they constitute a Program Counter value for the purpose of executing an instruction. If the program is operating in the user space and the information placed on the address bus is that of an address, as opposed to a Program Counter value, then the system is restricted.
- the program in the restricted space is capable of reading information from an addressable location anywhere in the memory and writing information thereto. This, of course, will be under the control of proprietary software and not under the control of user-generated software in the user space 308 .
- FIG. 5 there is illustrated a block diagram of an integrated circuit 10 incorporating the protected memory.
- a microprocessor core 504 is provided having a Program Counter 506 associated therewith.
- the microprocessor core 504 is interfaced with an address bus 508 , a control bus 510 and a data bus 512 .
- a program memory 514 the protected memory in the system, and a data memory 516 .
- the data memory 516 can be any type of memory, a volatile memory or a non-volatile memory, for storing readily accessible data in the such.
- an input/output interface block 518 which is operable to interface external circuitry with the buses 508 - 512 .
- the program memory 514 and the data memory 516 are also interfaced with the buses 508 - 512 .
- the memory 514 is interfaced with the buses 508 - 512 through a control logic block 520 .
- This control logic block 520 is operable to examine both the address information on the address bus 508 and also the information in the Program Counter (or information relating thereto), which is interfaced therewith, through a Program Counter bus 522 .
- this control logic 520 could be incorporated into the microprocessor core 504 and merely the results of a comparison operation provided as a limited value output.
- the control logic block 520 is interfaced with a limit register 524 , which is similar to the limit register 208 in that it contains information regarding the addressable location of the output between the restricted space 306 and the user space 308 , this essentially being the address of the limit location 310 . However, it should be understood that multiple limits could be provided within the restricted space providing different restricted spaces. It is merely noted that the control logic block 520 is operable to monitor the operation of the system and determine whether access to the memory 514 is to be allowed when this address is generated. This is based upon various considerations, as will be discussed hereinbelow.
- the control logic block 520 is operable, when a determination is made that access is to be prohibited, to take one of a number of actions.
- One action could be to actually inhibit the address from being routed to the memory 14 ; one action could be to alter the address such that the desired location is not actually addressed, but the address is forced to the unrestricted space.
- Another action could be to inhibit output of data during that time or to output a preset data value such as an eight bit value of 00 h .
- a further action is to inhibit the control circuitry feeding the memory.
- the Program Counter value can be placed onto the address bus for the purpose of addressing the memory.
- the eight-bit Operand CD h constitutes an operation wherein this eight-bit value is appended onto another value, in this example, an eight-bit value of 00h to result in the overall address value of 00CD h .
- the address bus value is an address value that is output from an address register and, therefore, the contents of the Program Counter are a “don't care.” As the instructions continue, the Program Counter will be incremented up to or jumped to a value of 00F1 h .
- the Opcode in the memory will be a long jump command, LJMP, which requires both the high and low address values to the output over the next two increments of the Program Counter.
- the first address will be a PC counter value of 00F2 h at the value of FE h , and the next Program Counter increment of 00F3h will result in an Operand of FE h being output.
- These two Operands are assembled as the high and low portions of the memory address and placed into the Program Register as an address FEFE h .
- a third section of the code is illustrated. This is initiated at a program counter value of FEFE h as a MOVEC command. This is operable to, on the next two increments of the program counter to FEFF h and FF00 h , respectively, to output the two operands FF h and FF h . This results in an address value of FFFF h being placed onto the address bus to extract data from that location in the restricted space, wherein the boundary between the restricted space and the user space is the address F000h.
- the system will examine the fact that the PC value on the previous operand was within the restricted space, but that it was an allowed operation, since the instruction originated within the restricted space due to the fact that the program counter exists in the restricted space.
- a fourth section of the code originating with a MOVEC command at an address of 00FE h Program Counter value, an address attempt is made to the address location FFFF h . If the limit between the restricted and user space is an address location of F000h, then this would indicate that a command originating in the user location 00FE h was trying to attempt to place an address on the address bus that was in the restricted area, i.e., attempting to extract data therefrom. It can be seen by comparison of the last two sections of the code, that an instruction originating in the restricted space accessing information in the restricted space (or even in the user space) is allowed, wherein access to information in the restricted space in response to an instruction from the user space is not allowed.
- the memory 202 is realized with a flash memory, which has a data output port, Dout, interfaced with data output bus 602 and a data input port, Din, interfaced with a data input bus 604 .
- a control input CTL which receives controls from a control bus 606 .
- the address is received on an address input via an address bus 608 .
- the control device 206 is comprised of a flash access control which is operable to interface with a TDI input bus 610 , a serial bus, and provide data output on a TDO serial output bus 612 .
- the control 206 also is interfaced with the data bus 602 such that the output by the memory 202 can be received thereby.
- the control device 206 is operable to store the limit information and provide that on a bus 614 to the microprocessor core 204 as the Program Counter limit, represented by a phantom block 616 .
- the comparison operation compares the actual value of the Program Counter with the PC limit in phantom block 616 . This is output by a phantom block 618 which is labeled “PC Compare.” This is output as a signal on a signal line 620 to the control block 206 .
- the control block 206 is operable to interface with, and include as part thereof, an address modifying the circuit, which is comprised in this example of multiplexer 622 .
- the multiplexer 622 is operable to receive a portion of the address on an address bus 624 , which address is also input to the control block 206 , this operation described in more detail hereinbelow. This portion of the address can be modified and output to the multiplexer on a bus 626 .
- the multiplexer 622 is controlled by a control line 628 such that the multiplexer can output the full address on bus 624 or a modified address on a bus 626 .
- This modified address basically is operable to inhibit address input to the memory 202 when it is determined that this address is the result of a program instruction that is attempting to download or move data from the restricted portion of the memory space when the instruction code is derived from the user portion of the memory space.
- program instructions when program instructions are extracted from the memory 202 in response to a Program Counter value as an address being placed on the address bus 624 , then program data will be output on the output bus 602 into a program data input on microprocessor 4204 via the data bus 602 .
- a register interface 630 between the control block 206 and the microprocessor core 204 .
- This is a flash access control function provided by the control block 206 and is generally a conventional access to a flash memory. Serial data can be input to the flash memory via the input bus 610 and data read therefrom for the purpose of programming the memory initially and for programming instruction registers in the control block 206 , this being a configuration operation—a conventional operation.
- the microprocessor core 204 has contained therein, in a simplified illustration, a Program Counter 702 and an address register 704 .
- the Program Counter 702 is operable to output a count value for programming instructions that will be provided it to the microprocessor logic and also provided to a comparator 706 .
- the comparator 706 is also operable to interface through a bus 708 to a user limit register 710 , this typically in the control block 206 .
- the comparator 706 is operable to compare the value of the Program Counter with the value in the user limit register. In this manner, the comparator will provide an output on a signal line 712 which will indicate whether the Program Counter is in the restricted or in the user space with a public/private signal. This signal line 712 is input to logic block 714 .
- the address register 704 in the microprocessor 204 is output on an address bus 720 , which has a width of N.
- This bus has a portion of the bits thereof extracted therefrom, there being M bits extracted therefrom on a bus 722 . Therefore, the bus 720 is divided into a bus 722 with M bus lines and a bus 724 with N ⁇ M bus lines.
- the bus 722 is input to a logic block 714 , this typically representing the upper block of memory. If there is no inhibit operation on the memory 202 to be performed due to an attempt to access data in the restricted space while operating the program in the user space, then the logic 714 will pass the received bits on the bus 722 out onto a bus 730 to be combined with the bus 724 on a bus 732 .
- the bus 730 provides the bits M′ wherein the bus 732 provides bits N′. This represents a situation wherein the bus may actually be modified by having the upper block altered. Typically, the upper block of memory addressing bits, the M bits, will be altered in the event of a positive decision on the signal line 712 that the Program Counter 702 is operating in the public area and the address output thereof is from the address register 704 and is addressing information in the private area. It should be understood that this example illustrates an address from the address register 704 where, in program situations, the information on the address bus 720 is from the Program Counter 702 . This is not illustrated for simplicity purposes. However, the conduct of the address bus 720 is typically selected by a multiplexer (not shown) that selects either the output of the address register 704 or the output Program Counter 702 .
- FIG. 8 there is illustrated a block diagram of an alternate embodiment for inhibiting access to the memory 202 whenever an instruction executed in the user space attempts to access data in the restricted space, it being understood that a jump to a program instruction in the restricted space is allowed from the user space.
- a multiplexer 802 that is operable to interface between the address register 704 and the Program Counter 702 .
- the Program Counter 702 provides an output therefrom on a bus 804 to one input of the multiplexer 802 , whereas the output of the address register is input to the other input of the multiplexer 802 through a second bus 806 .
- the output of the multiplexer comprises an address bus output that is connected to an address bus 810 that is connected to the address input of the memory 202 .
- the multiplexer 802 receives a PC select signal on an internal line 812 within the microprocessor core 204 . This also is a conventional output provided by the microprocessor core 204 on a signal line 814 . This line 814 indicates whether the PC register 702 is selected or the address register 704 is selected.
- the contents of the address bus 810 are compared with that of the user limit register 710 with a comparator 818 .
- This comparator 818 determines whether the address is in the public or private region of the address space, i.e., the user or restricted space, respectively.
- the output of this comparison operation is input to a logic block 820 which also receives the signal on the signal line 814 .
- This logic block 820 provides an output indicating a positive decision whenever it is determined that the contents of the PC register 702 are not output on the bus 810 , i.e., the contents of the address register 704 output on the address bus 810 and that the address is above the limit in the limit register 710 .
- This positive result indicates an unauthorized attempt to access the memory 202 in the restricted space.
- a signal is output on a line 824 to a multiplexer 826 , which multiplexer 826 will select either the data output of the memory 202 or a value of 0000h, a “null” value. For a positive result, the null value is selected for input to the memory 204 on the program data input via a bus 828 .
- Logic block 820 in the alternate operational mode in the restricted space, can determine that the Program Counter value is selected for output on the bus 810 and that the Program Counter value is in the restricted address space. This indicates a program instruction that is generated by the program in the restricted space. This is latched by the logic block 820 , since the comparator 818 will indicate this as being in the private region.
- an indication on the line 814 that the Program Counter 702 is selected by the multiplexer 802 and that the information on the address bus 810 is in the private or restricted space is latched such that, if a subsequent instruction indicates that the contents of the address register 704 are selected, i.e., the signal line 814 indicates that the address register is selected, and that the address is attempting to address information in the memory 202 , this will be allowed due to the fact that the previous program instruction was generated by program instructions in the restricted space.
- a Verilog output is provided representing the operation wherein access to data in the memory with an address that is greater than the read limit resulting from the program instruction executed in the reader space:
- FIG. 9 there is illustrated a block diagram of an alternate embodiment.
- the contents of the Program Counter 702 are output to a comparator 902 which compares the information thereof with the contents of the limit register 710 to determine if the Program Counter value is in a public or private region.
- the contents of the address bus 810 are compared with a comparator 904 with a limit in the limit register 710 .
- the limit register 710 is illustrated as two registers for simplicity purposes, to determine if the contents of the address register are in the public or private region.
- the output of both comparators 902 and 904 are input to the logic block 906 .
- Logic block 906 determines whether the Program Counter is in the private or public area and also determines whether the information in the address bus 810 is in the public or private area. If it is determined that the Program Counter 702 is operating in the private area and that the information in the address bus 810 is operating in the private area, then the multiplexer will allow data to flow therethrough, since the logic block 906 can determine that the address is the result of a previous Program Counter instruction in the private area or restricted area. However, when it is determined that the Program Counter is in the public area, the user area, and the address is an address value from address register 704 and this is in the restricted or private area, then the logic block 906 will control the multiplexer to select the null value.
- FIG. 10 there is illustrated a view of an alternate embodiment for inhibiting the memory operation.
- a control block or logic block 1002 that is operable to receive the output of the Program Counter on a bus 1004 and the address bus on an address bus 1006 .
- the logic block 1002 compares this with information in the limit register 710 to determine what type of operation is being performed, i.e., a program instruction or a memory access instruction, and where in the memory map the address resides. This was described hereinabove.
- an inhibit circuit 1010 that is operable to inhibit a read/write operation to memory 202 in the event that the logic block 1002 makes a determination that this is a restricted operation.
- FIG. 11 there is illustrated a diagrammatic view of the memory, which, as described hereinabove is incorporated in FLASH.
- the memory is divided into a reserved space 1102 and into a user space 1104 .
- the reserved space is, as described hereinabove, protected from reading by the user and is used primarily for executing instructions.
- the user space is space which the user can utilize for execution of user defined functions and for reading of data therefrom or for writing of data thereto.
- the user lock byte contains user lock bits each associated with a page in the user space 1104 . Once the lock bit has been set to a logic “0” for that page, access thereto for reading or writing/erasure is prohibited. It should be noted that the lock bit can be associated with reading or writing/erasure. It is also noted that each of the reserve lock byte 1106 and user lock byte 1108 is comprised of two bytes, one for reading and one for writing/erasing. This is illustrated a lock byte 1110 for locking read operations in select portions of the reserve space 1102 and a lock byte 1112 for locking write/erase operations in the reserve space. A lock byte 1114 is associated with locking read operations in the user space and a lock byte 1116 is associated with locking write/erase operations in the user space.
- the user lock byte 1108 is disposed at the upper portion of the user space which upper portion is defined by the user limit 1118 , this being a variable location.
- This value is typically stored somewhere in the reserve space, typically in the upper portion of the memory in a reserve space 1102 , a known location and not variable. This is typically associated with a number of different vectors defining various operations in the user space. By reading this value from the user space, the system then knows where the user limit is and subsequently, where the user lock byte resides. The user lock byte and the reserve lock byte are always located in the upper portion of the associated space.
- the user space lock byte is erased by erasing one logical block of memory at a time, i.e., a page, beginning at the lower end thereof until the user lock byte 1108 is erased.
- a time i.e., a page
- the entire memory must be erased.
- a single sector or page can be erased in either section if it is not locked.
- the FLASH memory is illustrated by a memory 1202 , which is operable to receive read/write control operations via a control line 1204 in the form of a bus from a control state machine 1206 . Additionally, an address received from an address bus 1208 and data is output on a data bus 1210 .
- the controls that are input into the FLASH 1202 are facilitated by external access which requires an external interface. As described hereinabove, the access is through a JTAG test port standard, which is a serial communication protocol.
- the access commands that are available are a READ operation which will allow a single memory byte to be read, a WRITE operation which will allow a single memory byte to be read and erase sector operation which will allow a memory sector to be defined by the memory architecture and to be erased, this the logical sector such as a page.
- the ability to read a byte, write a byte or erase a particular sector is a lockable function.
- commands are available to allow the entire user memory space to be erased, a command to allow the entire reserve space to be erased or a command to erase the entire program memory. All of these commands can be encoded as a single byte followed by an address and data bytes, as required for a particular microprocessor architecture.
- the control state machine can receive either a READ request, a WRITE request, a page erase request or a user space erase request, in addition to an entire memory erase command. In order to execute these commands, it is necessary to access the various lock bytes, the limit address and the such.
- a multiplexer 1210 is provided which is controlled by the control state machine 1206 to select various addresses. These addresses are the user limit address, which defines where the user lock bytes are stored, which is facilitated by accessing the memory 1202 at the upper address therein where the limit address is stored, reading this information and then storing this information in a user limit register 1212 .
- the location of the lock byte for the user space is hard coded as being at a predetermined address in the top page therein and, in the preferred embodiment, in the top two bytes therein.
- the reserve read and write/erase lock address is a value that is hard coded in the hardware and is provided as an input to the multiplexer 1210 , this being the top of the memory space and a known and fixed value.
- the user lock address determined from the user limit address is provided in addition to a general user address, this being the address that a user inputs into the memory.
- the multiplexer 1210 receives the output of a page counter 1214 which counts pages in the user space as will be described hereinbelow.
- lock bits When the lock bits are read for either the user space or the reserved space, they are stored in a register 1214 for use by the control state machine. Additionally, the user limit register 1212 is loaded initially by the control state machine by reading the upper addressable location in the memory. In order to read the lock bits, the lock bits for the reserve space are read by selecting the reserve read/write lock address with the multiplexer 1210 and, for the user space, selecting the user limit address.
- a comparator 1220 is provided for comparing the user limit address value with the value in the page counter, this constituting the upper address in the page. When the page counter exceeds this value, then the page counter is stopped, this being a control signal output by the comparator 1220 .
- FIG. 13 there is illustrated a diagrammatic view of how each of the lock bytes and the bits associated therewith are associated with various logical pages or sectors in the memory.
- a section of the memory being the reserved or the user section, is illustrated as a section 1302 .
- the section 1302 is divided into eight pages 1304 labeled Page 0 -Page 7 .
- a lock byte 1306 is provided which has seven bits. It should be understood that there will be two lock bytes, one for READ and one for WRITE/ERASE, although only one is illustrated.
- a lock byte has eight bits associated therewith. Each bit is associated with one of the pages 1304 of the memory. However, although being illustrated as eight bits in eight sectors, there may in fact be less sectors. There may in fact be one of the lock bits that is associated with a different function and not necessarily with locking a particular sector of memory. As such, it is possible for only portions of the memory to be locked as opposed to the entire memory.
- FIG. 14 there is illustrated a flow chart depicting the operation of reading or writing to a particular memory location or erasing a page.
- the program is initiated at a block 1402 and then proceeds to a block 1404 to read the user limit and then load the register 1212 .
- the control state machine 1206 then reads the appropriate lock byte 1106 or 1108 , depending upon whether the addressed location is in the reserve space 1102 or the user space 1104 , respectively, it being understood that this comprises both of the lock bytes 1114 and 1116 for the user space 1104 and both of the lock bytes 1110 and 1112 for the reserve space 1102 , this indicated by a function block 1406 , it being understood that only a single lock byte will be read depending upon whether it is a READ or a WRITE operation.
- This information is then sent to the control state machine 1206 , as indicated by block 1408 .
- a decision is then made at a decision block 1410 to determine if the particular address defined by the user address is locked.
- fail block 1411 If so, then the operation will fail, as indicated by fail block 1411 , and user access will be inhibited for a READ, a WRITE or page erase depending upon the function locked. However, if it is not locked, then the particular READ or WRITE operation or page erase operation can be performed as indicated by function block 1412 . The program then flows to a function block 1414 .
- FIG. 15 there is illustrated a flow chart depicting the operation of erasing the user space. Whenever the entire user space is to be erased, as described hereinabove, the bottom pages must be erased first.
- the program is initiated at a block 1502 and then proceeds to a block 1504 to read the user limit and then to block 1506 to read the lock byte at the user limit.
- the program then initiates a start counter as indicated by a block 1508 at Page 0 .
- the program then flows to function block 1510 to erase this block of memory and into a block 1512 to increment the page counter.
- a decision is then made at a decision block 1516 as to whether the user limit has been exceeded, i.e., the address is in the reserve space.
Abstract
Method and apparatus for protecting internal memory from external access. A method for protecting a memory space from external access is provided. A plurality of lock bits are stored in a location in memory, each associated with a separate logical portion of the memory space and determinative as to the access thereof for a predetermined operation thereon. A request is then detected for access to a location in the memory space for operating thereon. The requested operation is then compared with the associated lock bit in the associated logical portion and then it is determined if access is allowed for the requested operation. If allowed, the requested operation is performed.
Description
- The present application is a Continuation of pending U.S. patent application Ser. No. 09/901,918, filed Jul. 9, 2001, and entitled “METHOD AND APPARATUS FOR PROTECTING INTERNAL MEMORY FROM EXTERNAL ACCESS” (Atty. Dkt. No. CYGL-24,692), which is a Continuation-in-Part of U.S. patent application Ser. No. 09/479,551, filed Jan. 7, 2000, and entitled “EMBEDDED MICROPROCESSOR MULTI-LEVEL SECURITY SYSTEM IN FLASH MEMORY” (Atty. Dkt. No. CYGL-24,693), issued Sep. 2, 2003 as U.S. Pat. No. 6,615,324.
- The present disclosure pertains in general to memory systems and, more particularly, to a data protected memory system.
- Currently available memory systems are typically interfaced with a microprocessor core, which microprocessor core is operable to access any and all locations in the memory by generating an appropriate address. The processor requires access to the memory in order to both execute instructions and also read data from an address location or write data thereto.
- In some situations, certain instructions are proprietary in nature and it is the desire of a manufacturer to protect that code. It is not the execution of the code that is to be protected but, rather, the ability of a user to gain access to the code, i.e., download the code, for reverse engineering thereof to determine the functionality that is embedded within the code. In systems that have provided this protected memory to prevent access to data or programs stored in the memory, circuitry is provided for monitoring the contents of the Program Counter and generating an inhibit signal whenever the Program Counter is at a certain value. This inhibit signal inhibits access to certain portions of the memory.
- Additionally, protection of the memory is also important to the “lock” the memory from external access. This has typically been facilitated by generating lock bits in predetermined locations. Once these lock bits are set, the hardware will check a lock bit prior to allowing access to a particular section of memory. If a lock bit for that memory is set, then access to the memory for a read or write, depending upon which function is locked, will be prohibited. In order to reset the lock bit, the entire memory has to be erased.
- The present disclosure comprises, in one aspect thereof, a method for protecting a memory space from external access. A plurality of lock bits are stored in a location in memory, each associated with a separate logical portion of the memory space and determinative as to the access thereof for a predetermined operation thereon. A request is then detected for access to a location in the memory space for operating thereon. The requested operation is then compared with the associated lock bit in the associated logical portion and then it is determined if access is allowed for the requested operation. If allowed, the requested operation is performed.
- For a more complete understanding of the present disclosure and the advantages thereof, reference is now made to the following description taken in conjunction with the accompanying Drawings in which:
-
FIG. 1 illustrates a block diagram of the overall system associated with the present disclosed embodiment; -
FIG. 2 illustrates a detailed diagram of the processor core and memory with the associated protected control logic; -
FIG. 3 illustrates a diagrammatic view of the memory map for the restricted space and user space; -
FIG. 4 illustrates an exemplary flowchart illustrating a processor between the user space and the restricted space; -
FIG. 5 illustrates a diagrammatic view of a system using the protected memory of the present disclosure; -
FIG. 6 illustrates a more detailed block diagram of a microprocessor core and memory with the protective logic interface; -
FIG. 7 illustrates a detailed block diagram of one aspect of the protective logic; -
FIG. 8 illustrates a block diagram of another embodiment of the protective logic; -
FIG. 9 illustrates another embodiment of the protective logic; -
FIG. 10 illustrates an additional embodiment of the protective logic; -
FIG. 11 illustrates a diagrammatic view of the reserve space and user space illustrating the reserved and user lock bits; -
FIG. 12 illustrates a diagram of the hardware for protecting portions of the memory; - Responsive
FIG. 13 illustrates a diagrammatic view of the association of the lock bits with various pages in the associated memory; -
FIG. 14 illustrates a flow chart depicting the operation of reading or writing to potentially protected portions of the memory; and -
FIG. 15 illustrates a flow chart depicting erasing all or a section of the user space. - Referring now to
FIG. 1 , there is illustrated a top-level diagram of a system utilizing the protected memory of the present disclosure. An integratedcircuit 10 is provided which has disposed therein a protectedmemory 12. Theprotected memory 12 has associated therewith a protectedmemory region 14 and auser memory region 16. Theintegrated circuit 10 can be interfaced to any type ofapplication 18, which can be any type of integrated circuit or board level device that interfaces with the integratedcircuit 10. This integratedcircuit 10 could be a part of a PC board, which includes other integrated circuits or it could be a stand-alone integrated circuit that contains substantially all functionality needed to interface with theapplication 18. As will be described hereinbelow, the protectedmemory region 14 contains proprietary instructions that can be executed under the control of theuser memory region 16. However, the user cannot, through program instructions stored in theuser memory section 16, access information in theprotected memory region 14 for retrieval therefrom for the purpose of viewing the instruction code or even the data stored in theprotected memory region 14. - Referring now to
FIG. 2 , there is illustrated a block diagram of the interface between amemory block 202 and aprocessor core 204. Theprocessor core 204 contains general processing architecture and is operable to generate addresses, receive data, generate various control functions, etc. Typically, this will contain a Program Counter for substantially stepping through various instructions that are retrieved from thememory 202. Acontrol logic block 206 is disposed between theprocessor core 204 and thememory 202, this having associated therewith the various logic function to achieve the protected memory function described hereinbelow. Thecontrol logic block 206 is operable to interpret addresses received from theprocessor core 204 and compare them with information stored in alimit register 208. Thislimit register 208 is either mask programmed or it is electronically programmed as a Write-Once, Read-Many (WORM) memory that allows a limit to be input to the integratedcircuit 10, which limit defines the boundary between theprotected memory region 14 and theuser memory region 16. Thecontrol logic block 206, as will be described further hereinbelow, is operable to monitor the contents of the address bus and determine whether the contents of the address bus are directed toward the operation of fetching data or attempting to fetch an instruction code, i.e., whether the contents of the address bus constitute the contents of the Program Counter. With this information, the control logic block can then determine whether access is to be allowed to thememory 202. If not, some type of inhibit or other protected operation is undertaken. - Referring now to
FIG. 3 , there is illustrated a diagrammatic view of a memory map for thememory 202. Thememory 202, as is conventional, is comprised of a plurality of memory locations which are accessible by generating an address. When the address is generated, a plurality of memory locations are accessed which typically constitute a “byte” of data, although any length is anticipated. For each address generated, one byte of data will be output. The memory map ofFIG. 3 represents a sequence of byte locations from alower byte location 302 to anupper byte location 304. The memory is divided into a restricted space and a user space, the restricted space comprisingmemory locations 306 and the user space comprisingmemory locations 308. There is one addressable memory location,memory location 310, which constitutes the boundary memory location. The address of this boundary location constitutes an address that is in the restrictedspace 306 and which address comprises the “limit” for the operation, as will be described in more detail hereinbelow. - The Program Counter (PC) is basically a pointer that defines an address for a particular instruction to be carried out. When this Program Counter address is generated, it is placed onto the address bus and the information at that address location extracted therefrom and routed to the
processor core 204 for operations thereon. In the execution of the various instructions, the Program Counter may actually jump from theuser space 308 up to the restrictedspace 306 to execute instructions therein. This is allowed in accordance with the embodiment herein to facilitate executing instructions in the restrictedspace 306 in response to a “call” instruction executed in theuser space 308. However, as will be further described hereinbelow, instructions in theuser space 308 cannot generate an address for the purpose of reading data from the restrictedspace 306 which would allow output of information stored in the restricted space from the system. The protective operation described herein is operable to prevent such an operation from occurring. - Referring now to
FIG. 4 , there is illustrated an exemplary flowchart that depicts operation of the system wherein the instructions jump between the user space and the restricted space. In thefirst portion 402, the flowchart is executed along a flow path which has inserted therein a “Call” instruction in ablock 406. At this instruction, the program is instructed to jump to the restrictedspace 306 by changing the value of the Program Counter (PC) and execute instructions therein in accordance with the new value of the PC. These blocks in the flowchart are a combination of various function blocks “Fun” and decision blocks “D.” When the Call instruction is incurred at theblock 406, the program will jump to the restricted space, represented byregion 408. Of course, theCall instruction 406 must have associated therewith an Operand that has a Program Counter value associated with an addressable location within the restrictedspace 306. Once in the restricted space at the jumped-to location, the program will begin execution therefrom. This is represented by the various operational blocks in the program within theregion 408. Once all the instructions have been executed in the restricted space associated with the jumped-to location, there will be an instruction at the end of the executable portion representing a return to the user space, indicated by afunction block 412. This will then result in the Program Counter being returned back to the user space, typically at the next sequential Program Counter value as that associated with theCall instruction 406. The program will then continue in the user space, as represented by aportion 414 of the flowchart. - By executing instructions in the
user portion 402 or theuser portion 414 of the flowchart, the protective circuitry, as will be described hereinbelow, prohibits any instructions from accessing an addressable location within the restrictedspace 306 for reading of information therein or writing of information thereto. This is facilitated by examining the contents of the address bus and determining whether the contents of the address bus constitute an address for the purpose of reading or writing data or they constitute a Program Counter value for the purpose of executing an instruction. If the program is operating in the user space and the information placed on the address bus is that of an address, as opposed to a Program Counter value, then the system is restricted. However, once the program is jumped over to the restrictedspace 408 through the incrementing of the Program Counter to an addressable location within the restricted space and placing of that Program Counter value on the address bus, then the operation will be transferred to the restricted space. Once in the restricted space, the program in the restricted space is capable of reading information from an addressable location anywhere in the memory and writing information thereto. This, of course, will be under the control of proprietary software and not under the control of user-generated software in theuser space 308. - Referring now to
FIG. 5 , there is illustrated a block diagram of anintegrated circuit 10 incorporating the protected memory. Amicroprocessor core 504 is provided having aProgram Counter 506 associated therewith. Themicroprocessor core 504 is interfaced with anaddress bus 508, acontrol bus 510 and adata bus 512. There is also provided aprogram memory 514, the protected memory in the system, and adata memory 516. Thedata memory 516 can be any type of memory, a volatile memory or a non-volatile memory, for storing readily accessible data in the such. There is also provided an input/output interface block 518, which is operable to interface external circuitry with the buses 508-512. Theprogram memory 514 and thedata memory 516 are also interfaced with the buses 508-512. However, thememory 514, the protected memory, is interfaced with the buses 508-512 through acontrol logic block 520. Thiscontrol logic block 520 is operable to examine both the address information on theaddress bus 508 and also the information in the Program Counter (or information relating thereto), which is interfaced therewith, through aProgram Counter bus 522. Of course, it should be understood that some of thiscontrol logic 520 could be incorporated into themicroprocessor core 504 and merely the results of a comparison operation provided as a limited value output. Thecontrol logic block 520 is interfaced with alimit register 524, which is similar to thelimit register 208 in that it contains information regarding the addressable location of the output between the restrictedspace 306 and theuser space 308, this essentially being the address of thelimit location 310. However, it should be understood that multiple limits could be provided within the restricted space providing different restricted spaces. It is merely noted that thecontrol logic block 520 is operable to monitor the operation of the system and determine whether access to thememory 514 is to be allowed when this address is generated. This is based upon various considerations, as will be discussed hereinbelow. - The
control logic block 520 is operable, when a determination is made that access is to be prohibited, to take one of a number of actions. One action could be to actually inhibit the address from being routed to thememory 14; one action could be to alter the address such that the desired location is not actually addressed, but the address is forced to the unrestricted space. Another action could be to inhibit output of data during that time or to output a preset data value such as an eight bit value of 00h. A further action is to inhibit the control circuitry feeding the memory. Each of these different alternatives will be described hereinbelow. However, it should be understood that any manner of preventing access to information within the memory, once it has been determined that access to the restricted space is to be denied, would be anticipated by the present disclosure. - In order to describe how the system operates with respect to the Program Counter and the contents of the address register which can selectively be placed on the address bus, reference is made to the following Table 1.
-
TABLE 1 MEM PC BUS BUS CONTENT (OPCODE) MOVEC 0001h 0001h PC Value (OPERAND) CDh 0002h 0002h PC Value (DATA) FCh xxxx 00CDh ADDR-Allowed • • • • • • • • • • • • • • • (OPCODE) LJMP 00F1h 00F1h PC Value (OPERAND) FEh 00F2h 00F2h PC Value (OPERAND) FEh 00F3h 00F3h PC Value (OPCODE) PUSH FEFEh FEFEh PC Value • • • • • • • • • • • • • • • (OPCODE) MOVEC FEFEh FEFEh PC Value (OPERAND) FFh FEFFh FEFFh PC Value (OPERAND) FFh FF00h FF00h PC Value (DATA) C2h xxxx FFFFh ADDR-Allowed • • • • • • • • • • • • • • • (OPCODE) MOVEC 00FEh 00FEh PC Value (OPERAND) FFh FEFFh C0FFh PC Value (OPERAND) FFh C000h C000h PC Value (DATA) C2h xxxx FFFFh ADDR-Not Allowed - In Table 1, it can be seen that there is provided the content of the memory location being addressed, the value of the Program Counter, the value actually placed on the address bus and the contents of the address bus. In the first line, the Program Counter is initiated at a value of 0001h representing the first instructions which are initiated at the first location in the memory. By example, this is a move command which is operable to control information to the access from the memory and move to a register, such an accumulator or another location. This is referred to as the command “MOVEC.” This constitutes the Opcode. The second part of the instruction will be the Operand, which, in this instance, will be output when the Program Counter changes to 0002h. This results in the eight-bit value CDh being output on the address bus in the next operation. Therefore, for the first two steps, it can be seen that the Program Counter value can be placed onto the address bus for the purpose of addressing the memory. The eight-bit Operand CDh constitutes an operation wherein this eight-bit value is appended onto another value, in this example, an eight-bit value of 00h to result in the overall address value of 00CDh. At this point in time, the address bus value is an address value that is output from an address register and, therefore, the contents of the Program Counter are a “don't care.” As the instructions continue, the Program Counter will be incremented up to or jumped to a value of 00F1h. The Opcode in the memory will be a long jump command, LJMP, which requires both the high and low address values to the output over the next two increments of the Program Counter. The first address will be a PC counter value of 00F2h at the value of FEh, and the next Program Counter increment of 00F3h will result in an Operand of FEh being output. These two Operands are assembled as the high and low portions of the memory address and placed into the Program Register as an address FEFEh. This constitutes a new Program Counter value which is then the subject of some command in the memory, a PUSH command in this example, although it could be any type of command, the result of the overall LJMP operation being to increment the Program Counter the value FEFEh to execute this command.
- To illustrate the operation wherein a data move command is allowed within the restricted space, a third section of the code is illustrated. This is initiated at a program counter value of FEFEh as a MOVEC command. This is operable to, on the next two increments of the program counter to FEFFh and FF00h, respectively, to output the two operands FFh and FFh. This results in an address value of FFFFh being placed onto the address bus to extract data from that location in the restricted space, wherein the boundary between the restricted space and the user space is the address F000h. The system will examine the fact that the PC value on the previous operand was within the restricted space, but that it was an allowed operation, since the instruction originated within the restricted space due to the fact that the program counter exists in the restricted space.
- In a fourth section of the code, originating with a MOVEC command at an address of 00FEh Program Counter value, an address attempt is made to the address location FFFFh. If the limit between the restricted and user space is an address location of F000h, then this would indicate that a command originating in the user location 00FEh was trying to attempt to place an address on the address bus that was in the restricted area, i.e., attempting to extract data therefrom. It can be seen by comparison of the last two sections of the code, that an instruction originating in the restricted space accessing information in the restricted space (or even in the user space) is allowed, wherein access to information in the restricted space in response to an instruction from the user space is not allowed.
- In the operation described in Table 1, a decision would be made at the point that the commands in the memory would result in an address being placed onto the address bus. It is at this point in time that the system examines the location within the memory of the Program Counter, and then also looks at the address to determine whether the address is seeking to address information within the user space or the restricted space. As described hereinabove and as will be further described hereinbelow in more detail, if the Program Counter is in user space, addressing information in restricted space for the purpose of outputting this information or examining the contents thereof will be prohibited. Alternatively, if the Program Counter is within the restricted space, i.e., executing instructions of a proprietary nature to the chip vendor, then addressing within the restricted space or the user space will be permitted.
- Referring now to
FIG. 6 , there is illustrated a more detailed block diagram of the embodiment ofFIG. 2 , wherein like numerals refer to like parts in the various figures. Thememory 202 is realized with a flash memory, which has a data output port, Dout, interfaced withdata output bus 602 and a data input port, Din, interfaced with adata input bus 604. There is also provided a control input CTL, which receives controls from acontrol bus 606. The address is received on an address input via anaddress bus 608. Thecontrol device 206 is comprised of a flash access control which is operable to interface with aTDI input bus 610, a serial bus, and provide data output on a TDOserial output bus 612. Thecontrol 206 also is interfaced with thedata bus 602 such that the output by thememory 202 can be received thereby. - The
control device 206 is operable to store the limit information and provide that on abus 614 to themicroprocessor core 204 as the Program Counter limit, represented by aphantom block 616. Internal to themicroprocessor core 204, in one embodiment, the comparison operation compares the actual value of the Program Counter with the PC limit inphantom block 616. This is output by aphantom block 618 which is labeled “PC Compare.” This is output as a signal on asignal line 620 to thecontrol block 206. - The
control block 206 is operable to interface with, and include as part thereof, an address modifying the circuit, which is comprised in this example ofmultiplexer 622. Themultiplexer 622 is operable to receive a portion of the address on anaddress bus 624, which address is also input to thecontrol block 206, this operation described in more detail hereinbelow. This portion of the address can be modified and output to the multiplexer on abus 626. Themultiplexer 622 is controlled by acontrol line 628 such that the multiplexer can output the full address onbus 624 or a modified address on abus 626. This modified address basically is operable to inhibit address input to thememory 202 when it is determined that this address is the result of a program instruction that is attempting to download or move data from the restricted portion of the memory space when the instruction code is derived from the user portion of the memory space. During operation of thememory 202, when program instructions are extracted from thememory 202 in response to a Program Counter value as an address being placed on theaddress bus 624, then program data will be output on theoutput bus 602 into a program data input on microprocessor 4204 via thedata bus 602. Further, there is provided aregister interface 630 between thecontrol block 206 and themicroprocessor core 204. This is a flash access control function provided by thecontrol block 206 and is generally a conventional access to a flash memory. Serial data can be input to the flash memory via theinput bus 610 and data read therefrom for the purpose of programming the memory initially and for programming instruction registers in thecontrol block 206, this being a configuration operation—a conventional operation. - Referring now to
FIG. 7 , there is illustrated a detailed block diagram of one embodiment for restricting access. Themicroprocessor core 204 has contained therein, in a simplified illustration, aProgram Counter 702 and anaddress register 704. TheProgram Counter 702 is operable to output a count value for programming instructions that will be provided it to the microprocessor logic and also provided to acomparator 706. Thecomparator 706 is also operable to interface through abus 708 to auser limit register 710, this typically in thecontrol block 206. However, this could be a limit that could be hard wired into themicroprocessor core 204 or in a completely separate register in thecore 204. This could even be a register within theflash memory 202 that is accessible by a certain sequence of program instructions. In any event, once loaded, this limit is unalterable by the user and, in some situations, by the actual vendor themselves. - The
comparator 706 is operable to compare the value of the Program Counter with the value in the user limit register. In this manner, the comparator will provide an output on asignal line 712 which will indicate whether the Program Counter is in the restricted or in the user space with a public/private signal. Thissignal line 712 is input tologic block 714. - The
address register 704 in themicroprocessor 204 is output on anaddress bus 720, which has a width of N. This bus has a portion of the bits thereof extracted therefrom, there being M bits extracted therefrom on abus 722. Therefore, thebus 720 is divided into abus 722 with M bus lines and abus 724 with N−M bus lines. Thebus 722 is input to alogic block 714, this typically representing the upper block of memory. If there is no inhibit operation on thememory 202 to be performed due to an attempt to access data in the restricted space while operating the program in the user space, then thelogic 714 will pass the received bits on thebus 722 out onto abus 730 to be combined with thebus 724 on abus 732. Thebus 730 provides the bits M′ wherein thebus 732 provides bits N′. This represents a situation wherein the bus may actually be modified by having the upper block altered. Typically, the upper block of memory addressing bits, the M bits, will be altered in the event of a positive decision on thesignal line 712 that theProgram Counter 702 is operating in the public area and the address output thereof is from theaddress register 704 and is addressing information in the private area. It should be understood that this example illustrates an address from theaddress register 704 where, in program situations, the information on theaddress bus 720 is from theProgram Counter 702. This is not illustrated for simplicity purposes. However, the conduct of theaddress bus 720 is typically selected by a multiplexer (not shown) that selects either the output of theaddress register 704 or theoutput Program Counter 702. - Referring now to
FIG. 8 , there is illustrated a block diagram of an alternate embodiment for inhibiting access to thememory 202 whenever an instruction executed in the user space attempts to access data in the restricted space, it being understood that a jump to a program instruction in the restricted space is allowed from the user space. In themicroprocessor core 204, there is provided amultiplexer 802 that is operable to interface between theaddress register 704 and theProgram Counter 702. TheProgram Counter 702 provides an output therefrom on abus 804 to one input of themultiplexer 802, whereas the output of the address register is input to the other input of themultiplexer 802 through asecond bus 806. The output of the multiplexer comprises an address bus output that is connected to anaddress bus 810 that is connected to the address input of thememory 202. Themultiplexer 802 receives a PC select signal on aninternal line 812 within themicroprocessor core 204. This also is a conventional output provided by themicroprocessor core 204 on asignal line 814. Thisline 814 indicates whether thePC register 702 is selected or theaddress register 704 is selected. - The contents of the
address bus 810 are compared with that of theuser limit register 710 with acomparator 818. Thiscomparator 818 determines whether the address is in the public or private region of the address space, i.e., the user or restricted space, respectively. The output of this comparison operation is input to alogic block 820 which also receives the signal on thesignal line 814. Thislogic block 820 provides an output indicating a positive decision whenever it is determined that the contents of thePC register 702 are not output on thebus 810, i.e., the contents of theaddress register 704 output on theaddress bus 810 and that the address is above the limit in thelimit register 710. This positive result indicates an unauthorized attempt to access thememory 202 in the restricted space. A signal is output on aline 824 to amultiplexer 826, which multiplexer 826 will select either the data output of thememory 202 or a value of 0000h, a “null” value. For a positive result, the null value is selected for input to thememory 204 on the program data input via abus 828.Logic block 820, in the alternate operational mode in the restricted space, can determine that the Program Counter value is selected for output on thebus 810 and that the Program Counter value is in the restricted address space. This indicates a program instruction that is generated by the program in the restricted space. This is latched by thelogic block 820, since thecomparator 818 will indicate this as being in the private region. Therefore, an indication on theline 814 that theProgram Counter 702 is selected by themultiplexer 802 and that the information on theaddress bus 810 is in the private or restricted space is latched such that, if a subsequent instruction indicates that the contents of theaddress register 704 are selected, i.e., thesignal line 814 indicates that the address register is selected, and that the address is attempting to address information in thememory 202, this will be allowed due to the fact that the previous program instruction was generated by program instructions in the restricted space. - A Verilog output is provided representing the operation wherein access to data in the memory with an address that is greater than the read limit resulting from the program instruction executed in the reader space:
-
wire addr_gt_readlimit = (mem_addr> {4 ′ h7, read-limit, 4 ′ hf}); always @ (posedge clk or posedge rst) if (rst) user_code_executing <= 0; else if (pc_valid) user_code_executing <= ~addr_gt_readlimit; assign ~core-reset & ~suspend // uP access that read_limit_exceeded = is ~mem_psenb & // a read cycle, by user_code_executing // user code that & is not ~pc_valid & // an instruction fetch addr_gt_readlimit; *---------------------------------------------mem_rdata Mux----------------------------------------*/ // // if either a S/W read access exceeds the “read_limit” or the JTAG // port trys to read a “read_locked” region - the security H/W will mux // ZEROs onto the “security_dout” bus // assign security_dout = read_limit_exceeded ?8 ’ h00 // output all zeros : dout; // read data from flash - Referring now to
FIG. 9 , there is illustrated a block diagram of an alternate embodiment. In the embodiment ofFIG. 9 , the contents of theProgram Counter 702 are output to acomparator 902 which compares the information thereof with the contents of thelimit register 710 to determine if the Program Counter value is in a public or private region. Similarly, the contents of theaddress bus 810 are compared with acomparator 904 with a limit in thelimit register 710. Thelimit register 710 is illustrated as two registers for simplicity purposes, to determine if the contents of the address register are in the public or private region. The output of bothcomparators logic block 906.Logic block 906 determines whether the Program Counter is in the private or public area and also determines whether the information in theaddress bus 810 is in the public or private area. If it is determined that theProgram Counter 702 is operating in the private area and that the information in theaddress bus 810 is operating in the private area, then the multiplexer will allow data to flow therethrough, since thelogic block 906 can determine that the address is the result of a previous Program Counter instruction in the private area or restricted area. However, when it is determined that the Program Counter is in the public area, the user area, and the address is an address value fromaddress register 704 and this is in the restricted or private area, then thelogic block 906 will control the multiplexer to select the null value. - Referring now to
FIG. 10 , there is illustrated a view of an alternate embodiment for inhibiting the memory operation. In this simplified embodiment, there is provided a control block orlogic block 1002 that is operable to receive the output of the Program Counter on abus 1004 and the address bus on anaddress bus 1006. Thelogic block 1002 compares this with information in thelimit register 710 to determine what type of operation is being performed, i.e., a program instruction or a memory access instruction, and where in the memory map the address resides. This was described hereinabove. In this embodiment, there is provided an inhibitcircuit 1010 that is operable to inhibit a read/write operation tomemory 202 in the event that thelogic block 1002 makes a determination that this is a restricted operation. - Referring now to
FIG. 11 , there is illustrated a diagrammatic view of the memory, which, as described hereinabove is incorporated in FLASH. As noted hereinabove, the memory is divided into a reservedspace 1102 and into auser space 1104. The reserved space is, as described hereinabove, protected from reading by the user and is used primarily for executing instructions. The user space, on the other hand, is space which the user can utilize for execution of user defined functions and for reading of data therefrom or for writing of data thereto. - In addition to the above noted operations of the reserved space and the user space, there is also the provision for protecting all or a portion of the reserved space or the user space from reading or writing, after creation thereof. This utilizes lock bits which are stored in a
reserve lock byte 1106 in thereserve space 1102 for locking all or a portion of the reserve space, and in auser lock byte 1108 in theuser space 1104, which is associated with all or a portion of theuser space 1104. The reserve lock bits in thelock byte 1106 each are associated with a page of thereserve space 1102. Once set to a logic “0,” this particular page and all addressable locations therein is locked and cannot be unlocked without erasure of the page. Similarly, the user lock byte contains user lock bits each associated with a page in theuser space 1104. Once the lock bit has been set to a logic “0” for that page, access thereto for reading or writing/erasure is prohibited. It should be noted that the lock bit can be associated with reading or writing/erasure. It is also noted that each of thereserve lock byte 1106 anduser lock byte 1108 is comprised of two bytes, one for reading and one for writing/erasing. This is illustrated alock byte 1110 for locking read operations in select portions of thereserve space 1102 and alock byte 1112 for locking write/erase operations in the reserve space. Alock byte 1114 is associated with locking read operations in the user space and alock byte 1116 is associated with locking write/erase operations in the user space. - It is noted that the
user lock byte 1108 is disposed at the upper portion of the user space which upper portion is defined by theuser limit 1118, this being a variable location. This value is typically stored somewhere in the reserve space, typically in the upper portion of the memory in areserve space 1102, a known location and not variable. This is typically associated with a number of different vectors defining various operations in the user space. By reading this value from the user space, the system then knows where the user limit is and subsequently, where the user lock byte resides. The user lock byte and the reserve lock byte are always located in the upper portion of the associated space. - As will be described hereinbelow, the user space lock byte is erased by erasing one logical block of memory at a time, i.e., a page, beginning at the lower end thereof until the
user lock byte 1108 is erased. To erase the reserve space lock byte, the entire memory must be erased. However, a single sector or page can be erased in either section if it is not locked. - Referring now to
FIG. 12 , there is illustrated a diagrammatic view of the hardware for implementing the external user access protection via the lock bytes. The FLASH memory is illustrated by amemory 1202, which is operable to receive read/write control operations via acontrol line 1204 in the form of a bus from acontrol state machine 1206. Additionally, an address received from anaddress bus 1208 and data is output on adata bus 1210. The controls that are input into theFLASH 1202 are facilitated by external access which requires an external interface. As described hereinabove, the access is through a JTAG test port standard, which is a serial communication protocol. The access commands that are available are a READ operation which will allow a single memory byte to be read, a WRITE operation which will allow a single memory byte to be read and erase sector operation which will allow a memory sector to be defined by the memory architecture and to be erased, this the logical sector such as a page. The ability to read a byte, write a byte or erase a particular sector is a lockable function. Additionally, commands are available to allow the entire user memory space to be erased, a command to allow the entire reserve space to be erased or a command to erase the entire program memory. All of these commands can be encoded as a single byte followed by an address and data bytes, as required for a particular microprocessor architecture. - The control state machine can receive either a READ request, a WRITE request, a page erase request or a user space erase request, in addition to an entire memory erase command. In order to execute these commands, it is necessary to access the various lock bytes, the limit address and the such. A
multiplexer 1210 is provided which is controlled by thecontrol state machine 1206 to select various addresses. These addresses are the user limit address, which defines where the user lock bytes are stored, which is facilitated by accessing thememory 1202 at the upper address therein where the limit address is stored, reading this information and then storing this information in auser limit register 1212. It is noted that the location of the lock byte for the user space is hard coded as being at a predetermined address in the top page therein and, in the preferred embodiment, in the top two bytes therein. The reserve read and write/erase lock address is a value that is hard coded in the hardware and is provided as an input to themultiplexer 1210, this being the top of the memory space and a known and fixed value. The user lock address determined from the user limit address is provided in addition to a general user address, this being the address that a user inputs into the memory. In addition, themultiplexer 1210 receives the output of apage counter 1214 which counts pages in the user space as will be described hereinbelow. - When the lock bits are read for either the user space or the reserved space, they are stored in a
register 1214 for use by the control state machine. Additionally, theuser limit register 1212 is loaded initially by the control state machine by reading the upper addressable location in the memory. In order to read the lock bits, the lock bits for the reserve space are read by selecting the reserve read/write lock address with themultiplexer 1210 and, for the user space, selecting the user limit address. - When erasing the user lock byte in the user space, it is necessary to erase the lower pages of memory first, since the memory is organized in logical blocks of 512 bytes. These logical pages must be erased one at a time and, as such, one cannot erase the memory location containing the user lock byte until all lower pages or blocks have been erased. Therefore, the counter is utilized to begin erasing the lower page first up to the upper page. A
comparator 1220 is provided for comparing the user limit address value with the value in the page counter, this constituting the upper address in the page. When the page counter exceeds this value, then the page counter is stopped, this being a control signal output by thecomparator 1220. - Referring now to
FIG. 13 , there is illustrated a diagrammatic view of how each of the lock bytes and the bits associated therewith are associated with various logical pages or sectors in the memory. A section of the memory, being the reserved or the user section, is illustrated as asection 1302. Thesection 1302 is divided into eightpages 1304 labeled Page 0-Page 7. Alock byte 1306 is provided which has seven bits. It should be understood that there will be two lock bytes, one for READ and one for WRITE/ERASE, although only one is illustrated. A lock byte has eight bits associated therewith. Each bit is associated with one of thepages 1304 of the memory. However, although being illustrated as eight bits in eight sectors, there may in fact be less sectors. There may in fact be one of the lock bits that is associated with a different function and not necessarily with locking a particular sector of memory. As such, it is possible for only portions of the memory to be locked as opposed to the entire memory. - Referring now to
FIG. 14 , there is illustrated a flow chart depicting the operation of reading or writing to a particular memory location or erasing a page. The program is initiated at ablock 1402 and then proceeds to ablock 1404 to read the user limit and then load theregister 1212. Thecontrol state machine 1206 then reads theappropriate lock byte reserve space 1102 or theuser space 1104, respectively, it being understood that this comprises both of thelock bytes user space 1104 and both of thelock bytes reserve space 1102, this indicated by afunction block 1406, it being understood that only a single lock byte will be read depending upon whether it is a READ or a WRITE operation. This information is then sent to thecontrol state machine 1206, as indicated byblock 1408. A decision is then made at adecision block 1410 to determine if the particular address defined by the user address is locked. If so, then the operation will fail, as indicated byfail block 1411, and user access will be inhibited for a READ, a WRITE or page erase depending upon the function locked. However, if it is not locked, then the particular READ or WRITE operation or page erase operation can be performed as indicated byfunction block 1412. The program then flows to afunction block 1414. - Referring now to
FIG. 15 , there is illustrated a flow chart depicting the operation of erasing the user space. Whenever the entire user space is to be erased, as described hereinabove, the bottom pages must be erased first. The program is initiated at ablock 1502 and then proceeds to ablock 1504 to read the user limit and then to block 1506 to read the lock byte at the user limit. The program then initiates a start counter as indicated by ablock 1508 atPage 0. The program then flows to functionblock 1510 to erase this block of memory and into ablock 1512 to increment the page counter. A decision is then made at adecision block 1516 as to whether the user limit has been exceeded, i.e., the address is in the reserve space. If not, then this particular page is erased by flowing back to the input offunction block 1510. However, once the counter has been incremented past the user limit, then the program will flow from thedecision block 1516 along the “Y” path to afunction block 1518 to stop the counter and then to functionblock 1520 to an END block. As noted, the entire user space can be erased or just one sector in the user space. This selective access to portions of a space with a single lock byte provides an increased versatility to the system. - Although the preferred embodiment has been described in detail, it should be understood that various changes, substitutions and alterations can be made therein without departing from the spirit and scope of the disclosure as defined by the appended claims.
Claims (7)
1. A method for protecting a memory space from external access, comprising the steps of:
storing in a location in memory a plurality of lock bits, each associated with a separate logical portion of the memory space and determinative as to the access thereof for a predetermined memory access operation thereon;
detecting a request for access to a desired location in the memory space for operating thereon;
comparing the requested memory access operation with the associated lock bit in the associated logical portion and determining if access is allowed for the requested memory access operation; and
if allowed, performing the requested memory access operation on the desired location in the memory space.
2. The method of claim 1 , wherein the predetermined operation is a read of an addressable location in the associated logical portion.
3. The method of claim 1 , wherein the predetermined operation is a write of an addressable location in the associated logical portion.
4. The method of claim 1 , wherein the predetermined operation is an erase of the associated logical portion for an addressable location therein.
5. The method of claim 1 , wherein the step of storing in a location the plurality of lock bits comprises storing in a variable location in the memory the plurality of lock bits and storing the lock bit location in a known location in the memory, such that in the step of comparing, the location of the lock bits is first read from the memory and then the lock bits read from the memory.
6. The method of claim 5 , wherein the predetermined operation is an erase of the lock bits.
7. The method of claim 6 , wherein the predetermined operation of erasing the lock bits requires that each of an associated lower logical portion of the memory having a relatively lower logical memory address and not containing lock bits be erased before a top most portion of memory having a relatively higher logical address than the lower logical portion is erased, which top most portion of the memory contains the lock bits.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/872,939 US20080126728A1 (en) | 2000-01-07 | 2007-10-16 | Method and apparatus for protecting internal memory from external access |
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US09/479,551 US6615324B1 (en) | 2000-01-07 | 2000-01-07 | Embedded microprocessor multi-level security system in flash memory |
US09/901,918 US7284106B1 (en) | 2000-01-07 | 2001-07-09 | Method and apparatus for protecting internal memory from external access |
US11/872,939 US20080126728A1 (en) | 2000-01-07 | 2007-10-16 | Method and apparatus for protecting internal memory from external access |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/901,918 Continuation US7284106B1 (en) | 2000-01-07 | 2001-07-09 | Method and apparatus for protecting internal memory from external access |
Publications (1)
Publication Number | Publication Date |
---|---|
US20080126728A1 true US20080126728A1 (en) | 2008-05-29 |
Family
ID=27766338
Family Applications (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/479,551 Expired - Lifetime US6615324B1 (en) | 2000-01-07 | 2000-01-07 | Embedded microprocessor multi-level security system in flash memory |
US09/901,918 Expired - Lifetime US7284106B1 (en) | 2000-01-07 | 2001-07-09 | Method and apparatus for protecting internal memory from external access |
US11/872,939 Abandoned US20080126728A1 (en) | 2000-01-07 | 2007-10-16 | Method and apparatus for protecting internal memory from external access |
Family Applications Before (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/479,551 Expired - Lifetime US6615324B1 (en) | 2000-01-07 | 2000-01-07 | Embedded microprocessor multi-level security system in flash memory |
US09/901,918 Expired - Lifetime US7284106B1 (en) | 2000-01-07 | 2001-07-09 | Method and apparatus for protecting internal memory from external access |
Country Status (1)
Country | Link |
---|---|
US (3) | US6615324B1 (en) |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7979685B1 (en) * | 2007-11-27 | 2011-07-12 | Oracle America, Inc. | Multiple instruction execution mode resource-constrained device |
US8127104B1 (en) | 2007-08-06 | 2012-02-28 | Marvell International Ltd. | Alignment matrix memory copy |
US8131915B1 (en) * | 2008-04-11 | 2012-03-06 | Marvell Intentional Ltd. | Modifying or overwriting data stored in flash memory |
US20120137046A1 (en) * | 2010-11-29 | 2012-05-31 | Hynix Semiconductor Inc. | Block control device of semiconductor memory and method for controlling the same |
US8423710B1 (en) | 2009-03-23 | 2013-04-16 | Marvell International Ltd. | Sequential writes to flash memory |
US8688947B1 (en) | 2007-11-21 | 2014-04-01 | Marvell International Ltd. | Aligned data access |
US8843723B1 (en) | 2010-07-07 | 2014-09-23 | Marvell International Ltd. | Multi-dimension memory timing tuner |
USRE45192E1 (en) * | 2007-03-19 | 2014-10-14 | At&T Intellectual Property I, L.P. | System and method for storing user data |
US8924598B1 (en) | 2008-05-06 | 2014-12-30 | Marvell International Ltd. | USB interface configurable for host or device mode |
US9070454B1 (en) | 2009-04-21 | 2015-06-30 | Marvell International Ltd. | Flash memory |
US9105319B2 (en) | 2003-03-13 | 2015-08-11 | Marvell World Trade Ltd. | Multiport memory architecture |
WO2015166494A1 (en) * | 2014-04-29 | 2015-11-05 | Raphael Cohen | An address intercepting integrated circuit for write-once operation of a storage |
DK201470778A1 (en) * | 2014-12-12 | 2016-06-27 | Gn Resound As | Hearing device with service mode and related method |
US10785578B2 (en) | 2014-12-12 | 2020-09-22 | Gn Hearing A/S | Hearing device with service mode and related method |
Families Citing this family (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6615324B1 (en) * | 2000-01-07 | 2003-09-02 | Cygnal Integrated Products, Inc. | Embedded microprocessor multi-level security system in flash memory |
US6968242B1 (en) * | 2000-11-07 | 2005-11-22 | Schneider Automation Inc. | Method and apparatus for an active standby control system on a network |
US7023795B1 (en) | 2000-11-07 | 2006-04-04 | Schneider Automation Inc. | Method and apparatus for an active standby control system on a network |
US20040015709A1 (en) * | 2002-07-18 | 2004-01-22 | Bei-Chuan Chen | Software delivery device and method for providing software copy protection |
JP4437650B2 (en) | 2003-08-25 | 2010-03-24 | 株式会社日立製作所 | Storage system |
JP4257783B2 (en) | 2003-10-23 | 2009-04-22 | 株式会社日立製作所 | Logically partitionable storage device and storage device system |
JP4141391B2 (en) | 2004-02-05 | 2008-08-27 | 株式会社日立製作所 | Storage subsystem |
JP2005267008A (en) | 2004-03-17 | 2005-09-29 | Hitachi Ltd | Method and system for storage management |
JP4669666B2 (en) * | 2004-03-19 | 2011-04-13 | 東芝キヤリア株式会社 | Microcomputer |
CA2462495A1 (en) * | 2004-03-30 | 2005-09-30 | Dspfactory Ltd. | Method and system for protecting content in a programmable system |
US7919979B1 (en) * | 2005-01-21 | 2011-04-05 | Actel Corporation | Field programmable gate array including a non-volatile user memory and method for programming |
WO2006095335A2 (en) * | 2005-03-07 | 2006-09-14 | Noam Camiel | System and method for a dynamic policies enforced file system for a data storage device |
US20070271609A1 (en) * | 2006-05-18 | 2007-11-22 | Phison Electronics Corp. | Security system of flash memory and method thereof |
US7971017B1 (en) | 2006-08-21 | 2011-06-28 | Rockwell Automation Technologies, Inc. | Memory card with embedded identifier |
GB2442023B (en) * | 2006-09-13 | 2011-03-02 | Advanced Risc Mach Ltd | Memory access security management |
US7644322B2 (en) * | 2006-11-21 | 2010-01-05 | Atmel Corporation | Hardware flow control monitor |
US7730253B2 (en) * | 2006-11-27 | 2010-06-01 | Research In Motion Limited | System and method for controlling access to a memory device of an electronic device |
TW200832436A (en) * | 2007-01-26 | 2008-08-01 | Holtek Semiconductor Inc | Data securing method and structure for non-volatile storage device |
US7861305B2 (en) * | 2007-02-07 | 2010-12-28 | International Business Machines Corporation | Method and system for hardware based program flow monitor for embedded software |
JP4939387B2 (en) * | 2007-12-06 | 2012-05-23 | ルネサスエレクトロニクス株式会社 | Data processing apparatus and address space protection method |
US8935494B2 (en) * | 2012-07-27 | 2015-01-13 | Lenovo Enterprise Solutions (Singapore) Pte. Ltd. | Backing up an image in a computing system |
KR102139327B1 (en) | 2012-11-15 | 2020-07-29 | 삼성전자주식회사 | Non-volatile memory device and method of operating the same |
KR102271502B1 (en) * | 2017-10-25 | 2021-07-01 | 삼성전자주식회사 | Memory Device and method for control the same |
Citations (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US3573855A (en) * | 1968-12-31 | 1971-04-06 | Texas Instruments Inc | Computer memory protection |
US3742458A (en) * | 1970-09-30 | 1973-06-26 | Yokogawa Electric Works Ltd | Memory protection system providing fixed, conditional and free memory portions corresponding to ranges of memory address numbers |
US4975878A (en) * | 1988-01-28 | 1990-12-04 | National Semiconductor | Programmable memory data protection scheme |
US5321825A (en) * | 1991-06-18 | 1994-06-14 | Advanced Micro Devices, Inc. | Processing system with lock spaces for providing critical section access |
US5432950A (en) * | 1990-09-28 | 1995-07-11 | Motorola Inc. | System for securing a data processing system and method of operation |
US5442704A (en) * | 1994-01-14 | 1995-08-15 | Bull Nh Information Systems Inc. | Secure memory card with programmed controlled security access control |
US5452431A (en) * | 1991-10-30 | 1995-09-19 | U.S. Philips Corporation | Microcircuit for a chip card comprising a protected programmable memory |
US5600818A (en) * | 1991-05-08 | 1997-02-04 | Gao Gesellschaft Fuer Automation Und Organisation | Data protective microprocessor circuit for portable data carriers, for example credit cards |
US5615381A (en) * | 1989-02-01 | 1997-03-25 | Kabushiki Kaisha Toshiba | Security for a data processing system having multiple distinct program instruction sections |
US5657444A (en) * | 1995-08-03 | 1997-08-12 | National Semiconductor Corporation | Microprocessor with secure programmable read only memory circuit |
US5809544A (en) * | 1995-10-06 | 1998-09-15 | Motorola, Inc. | Microcontroller which limits access to internal memory |
US5844843A (en) * | 1992-03-17 | 1998-12-01 | Hitachi, Ltd. | Single chip data processing apparatus having a flash memory which is rewritable under the control of built-in CPU in the external write mode |
US5848435A (en) * | 1990-10-19 | 1998-12-08 | Emc Corporation | Address protection circuit and method for preventing access to unauthorized address rangers |
US5986564A (en) * | 1984-03-28 | 1999-11-16 | Computerized Security Systems, Inc. | Microcomputer controlled locking system |
US5991858A (en) * | 1995-03-10 | 1999-11-23 | Siemens Aktiengesellschaft | Multi-user data processing system with storage protection |
US6101586A (en) * | 1997-02-14 | 2000-08-08 | Nec Corporation | Memory access control circuit |
US6438666B2 (en) * | 1997-09-26 | 2002-08-20 | Hughes Electronics Corporation | Method and apparatus for controlling access to confidential data by analyzing property inherent in data |
US6615324B1 (en) * | 2000-01-07 | 2003-09-02 | Cygnal Integrated Products, Inc. | Embedded microprocessor multi-level security system in flash memory |
US6633964B2 (en) * | 2001-03-30 | 2003-10-14 | Intel Corporation | Method and system using a virtual lock for boot block flash |
US6636906B1 (en) * | 2000-04-28 | 2003-10-21 | Hewlett-Packard Development Company, L.P. | Apparatus and method for ensuring forward progress in coherent I/O systems |
US6681300B2 (en) * | 1999-12-28 | 2004-01-20 | Intel Corporation | Read lock miss control and queue management |
-
2000
- 2000-01-07 US US09/479,551 patent/US6615324B1/en not_active Expired - Lifetime
-
2001
- 2001-07-09 US US09/901,918 patent/US7284106B1/en not_active Expired - Lifetime
-
2007
- 2007-10-16 US US11/872,939 patent/US20080126728A1/en not_active Abandoned
Patent Citations (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US3573855A (en) * | 1968-12-31 | 1971-04-06 | Texas Instruments Inc | Computer memory protection |
US3742458A (en) * | 1970-09-30 | 1973-06-26 | Yokogawa Electric Works Ltd | Memory protection system providing fixed, conditional and free memory portions corresponding to ranges of memory address numbers |
US5986564A (en) * | 1984-03-28 | 1999-11-16 | Computerized Security Systems, Inc. | Microcomputer controlled locking system |
US4975878A (en) * | 1988-01-28 | 1990-12-04 | National Semiconductor | Programmable memory data protection scheme |
US5615381A (en) * | 1989-02-01 | 1997-03-25 | Kabushiki Kaisha Toshiba | Security for a data processing system having multiple distinct program instruction sections |
US5432950A (en) * | 1990-09-28 | 1995-07-11 | Motorola Inc. | System for securing a data processing system and method of operation |
US5848435A (en) * | 1990-10-19 | 1998-12-08 | Emc Corporation | Address protection circuit and method for preventing access to unauthorized address rangers |
US5600818A (en) * | 1991-05-08 | 1997-02-04 | Gao Gesellschaft Fuer Automation Und Organisation | Data protective microprocessor circuit for portable data carriers, for example credit cards |
US5321825A (en) * | 1991-06-18 | 1994-06-14 | Advanced Micro Devices, Inc. | Processing system with lock spaces for providing critical section access |
US5452431A (en) * | 1991-10-30 | 1995-09-19 | U.S. Philips Corporation | Microcircuit for a chip card comprising a protected programmable memory |
US5844843A (en) * | 1992-03-17 | 1998-12-01 | Hitachi, Ltd. | Single chip data processing apparatus having a flash memory which is rewritable under the control of built-in CPU in the external write mode |
US5442704A (en) * | 1994-01-14 | 1995-08-15 | Bull Nh Information Systems Inc. | Secure memory card with programmed controlled security access control |
US5991858A (en) * | 1995-03-10 | 1999-11-23 | Siemens Aktiengesellschaft | Multi-user data processing system with storage protection |
US5657444A (en) * | 1995-08-03 | 1997-08-12 | National Semiconductor Corporation | Microprocessor with secure programmable read only memory circuit |
US5809544A (en) * | 1995-10-06 | 1998-09-15 | Motorola, Inc. | Microcontroller which limits access to internal memory |
US6101586A (en) * | 1997-02-14 | 2000-08-08 | Nec Corporation | Memory access control circuit |
US6438666B2 (en) * | 1997-09-26 | 2002-08-20 | Hughes Electronics Corporation | Method and apparatus for controlling access to confidential data by analyzing property inherent in data |
US6681300B2 (en) * | 1999-12-28 | 2004-01-20 | Intel Corporation | Read lock miss control and queue management |
US6615324B1 (en) * | 2000-01-07 | 2003-09-02 | Cygnal Integrated Products, Inc. | Embedded microprocessor multi-level security system in flash memory |
US6636906B1 (en) * | 2000-04-28 | 2003-10-21 | Hewlett-Packard Development Company, L.P. | Apparatus and method for ensuring forward progress in coherent I/O systems |
US6633964B2 (en) * | 2001-03-30 | 2003-10-14 | Intel Corporation | Method and system using a virtual lock for boot block flash |
Cited By (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9105319B2 (en) | 2003-03-13 | 2015-08-11 | Marvell World Trade Ltd. | Multiport memory architecture |
USRE45192E1 (en) * | 2007-03-19 | 2014-10-14 | At&T Intellectual Property I, L.P. | System and method for storing user data |
US8127104B1 (en) | 2007-08-06 | 2012-02-28 | Marvell International Ltd. | Alignment matrix memory copy |
US8688947B1 (en) | 2007-11-21 | 2014-04-01 | Marvell International Ltd. | Aligned data access |
US7979685B1 (en) * | 2007-11-27 | 2011-07-12 | Oracle America, Inc. | Multiple instruction execution mode resource-constrained device |
US8943486B2 (en) | 2007-11-27 | 2015-01-27 | Oracle America, Inc. | Multiple instruction execution mode resource-constrained device |
US8131915B1 (en) * | 2008-04-11 | 2012-03-06 | Marvell Intentional Ltd. | Modifying or overwriting data stored in flash memory |
US9070451B1 (en) | 2008-04-11 | 2015-06-30 | Marvell International Ltd. | Modifying data stored in a multiple-write flash memory cell |
US8533386B1 (en) | 2008-04-11 | 2013-09-10 | Marvell International, Ltd. | Modifying data stored in flash memory |
US8924598B1 (en) | 2008-05-06 | 2014-12-30 | Marvell International Ltd. | USB interface configurable for host or device mode |
US8874833B1 (en) | 2009-03-23 | 2014-10-28 | Marvell International Ltd. | Sequential writes to flash memory |
US8423710B1 (en) | 2009-03-23 | 2013-04-16 | Marvell International Ltd. | Sequential writes to flash memory |
US9070454B1 (en) | 2009-04-21 | 2015-06-30 | Marvell International Ltd. | Flash memory |
US8843723B1 (en) | 2010-07-07 | 2014-09-23 | Marvell International Ltd. | Multi-dimension memory timing tuner |
US8503239B2 (en) * | 2010-11-29 | 2013-08-06 | Hynix Semiconductor Inc. | Device for controlling lock state of block in a semiconductor memory and method for controlling the same |
US20120137046A1 (en) * | 2010-11-29 | 2012-05-31 | Hynix Semiconductor Inc. | Block control device of semiconductor memory and method for controlling the same |
WO2015166494A1 (en) * | 2014-04-29 | 2015-11-05 | Raphael Cohen | An address intercepting integrated circuit for write-once operation of a storage |
DK201470778A1 (en) * | 2014-12-12 | 2016-06-27 | Gn Resound As | Hearing device with service mode and related method |
US10785578B2 (en) | 2014-12-12 | 2020-09-22 | Gn Hearing A/S | Hearing device with service mode and related method |
US11206496B2 (en) | 2014-12-12 | 2021-12-21 | Gn Hearing A/S | Hearing device with service mode and related method |
US11546699B2 (en) | 2014-12-12 | 2023-01-03 | Gn Hearing A/S | Hearing device with service mode and related method |
Also Published As
Publication number | Publication date |
---|---|
US7284106B1 (en) | 2007-10-16 |
US6615324B1 (en) | 2003-09-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7284106B1 (en) | Method and apparatus for protecting internal memory from external access | |
US6339815B1 (en) | Microcontroller system having allocation circuitry to selectively allocate and/or hide portions of a program memory address space | |
US6505279B1 (en) | Microcontroller system having security circuitry to selectively lock portions of a program memory address space | |
US6952778B1 (en) | Protecting access to microcontroller memory blocks | |
JP3710671B2 (en) | One-chip microcomputer, IC card using the same, and access control method for one-chip microcomputer | |
US9390278B2 (en) | Systems and methods for code protection in non-volatile memory systems | |
US9311255B2 (en) | Multi-layer content protecting microcontroller | |
JP3396043B2 (en) | Micro circuit | |
US7574576B2 (en) | Semiconductor device and method of controlling the same | |
KR960701415A (en) | Secure memory card with programmatic security access control | |
JP3917839B2 (en) | Data processing apparatus, lockdown controller in data processing apparatus, and method for locking data value | |
JPH05173890A (en) | Data protecting microprocessor circuit for portable data carrier | |
JP2002519760A (en) | Virtual data storage (VDS) system | |
JP2003523554A (en) | Memory management method and apparatus for partitioning similar memories and restricting access of installed applications to a predetermined memory range | |
US7260690B2 (en) | Microprocessor circuit for data carriers and method for organizing access to data stored in a memory | |
JPH0526217B2 (en) | ||
US8417902B2 (en) | One-time-programmable memory emulation | |
JP2001356963A (en) | Semiconductor device and its control device | |
US20070271609A1 (en) | Security system of flash memory and method thereof | |
JPS6017135B2 (en) | data processing equipment | |
JP4559552B2 (en) | Chip card with integrated circuit | |
US20070133280A1 (en) | Semiconductor integrated circuit apparatus and electronic system | |
EP0411255A2 (en) | Memory system | |
US20060085702A1 (en) | Integrated circuit fuses having corresponding storage circuitry | |
JP2000148594A (en) | Read protection circuit for rom data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |