PROGRAM CODE ATTESTATION CIRCUITRY, A DATA PROCESSING APPARATUS INCLUDING SUCH PROGRAM CODE ATTESTATION CIRCUITRY AND A PROGRAM ATTESTATION METHOD

摘要

Program code attestation circuitry and a method of operating such circuitry are provided. The program code attestation circuitry includes first storage, and measurement value generation circuitry that is arranged to store within that first storage a measurement value that is determined by applying a first hash algorithm to input data determined from a code block of the program code. Within a second storage a private key is stored. Further, signature generator circuitry is responsive to an attestation request from a request source external to the program code attestation circuitry to apply, to a derived value derived from the measurement value, a signature algorithm using the private key, in order to generate a signature for output to the request source. From this signature, the request source can then derive information about the stored measurement value sufficient to enable it to ascertain whether that stored measurement value agrees with an expected measurement value for the code block in question. This provides a simple and secure mechanism for attesting as to the correctness of code blocks of program code within a data processing apparatus.

主权项

1. Program code attestation circuitry, comprising:
a first storage; measurement value generation circuitry to store in said first storage a measurement value determined by applying a first hash algorithm to input data determined from a code block of program code; a second storage to store a private key; and signature generator circuitry, responsive to an attestation request from a request source external to the program code attestation circuitry, to apply, to a derived value derived from the measurement value, a signature algorithm using the private key, in order to generate a signature for output to the request source.