| 摘要 |
A digital system is provided that has a hardware platform with a means for periodically checking the firmware integrity and authenticity during application run time, thus detecting any dynamic alteration of the external memory content. The platform includes means for binding the software module (code and data) to the hardware platform with the creation of a specific certificate, called a platform certificate, allowing its further authentication and integrity checking. The hardware platform is formed on a single integrated chip, and includes means for generating a unique Key Encryption Key (KEK) located on-chip. The platform includes means to identify a requester before entering a specific mode of the device (i.e:Test, Emulation...) without storing on-chip the corresponding requester's identity code. The platform is controled by a firmware code module. There is also provided means to create a certificate for the firmware code, signed by the trusted originator's asymmetrical private key of the firmware module (called MAN_PRI_KEY), the certificate containing information about the code it authenticates (size, storage address in memory, start address, signature), the public key of the trusted originator (called MAN_PUB_KEY), and also the platform configuration parameters to control clock frequency, memory accesses, test and emulation.
|
