摘要 |
A computer system with a secure bootloading function is disclosed. Security logic ( 20 ) is implemented on-chip with a central processing unit (CPU) ( 10 ), and performs security functions following a system reset, such as upon power-up or a hardware or software reset. A security key value from a security key store ( 36 ), which is read-protected from subsequent read accesses, is used to authenticate each code block associated with secure applications. Write-protect registers ( 34 ) store the memory addresses of authenticated code blocks, so that these code blocks cannot be altered. A shadow memory ( 32 ) is provided on-chip with the CPU ( 10 ), to which access is granted for program instructions having a physical memory address within the memory address ranges stored in the write-protect registers ( 34 ), and thus usable by the secure applications. Successful authentication of the user code block ensures that the bootloaded code is not corrupt, prior to passing control to the operating system.
|