The present invention relates generally to processing systems and, more particularly, a method and system for resuming operation of a processing system from a sleep state.
Processing systems such as computer systems or systems on a chip (SOC) often have various modes of operation, such as functional mode, sleep mode, and deep sleep mode. The system has a certain configuration in each of its modes and must run a certain procedure to transition or switch from one mode to another. In the sleep state one or more components of the system may be powered-off or configured to operate in a power-saving mode. The sleep state may be a deep sleep mode in which a majority of components of the system are powered off. Data used by the system may be saved to a memory device in the sleep state. To resume operation from the sleep state, a boot or power-up procedure is performed in which data necessary to resume operation is loaded from the memory device.
It is desired for the resume operation to be fast—such as within 1 second—and secure. In order to provide security against data corruption or malicious intervention with the data stored in the memory device, the data should be authenticated. In some approaches a cryptographic operation such as a hash of a boot image stored in the memory device is determined and compared against a result of a second cryptographic operation obtained from a previously stored signature for the image. The result of the second cryptographic operation may be obtained by decrypting the signature. However this process is time-consuming in that it requires a cryptographic operation to be performed on the entire boot image and decryption of the signature to obtain the second result.
Furthermore, in some systems, a two-stage resume process is used. In a first stage of the process, instructions stored in a secure-boot ROM are executed to load a first-level boot image from non-volatile memory, which may be located off-chip, to on-chip memory. The instructions in the secure-boot ROM then authenticate the first-level boot image before a processor of the system begins to operate from the first-level image. In a second stage, a second-level boot image, such as containing an operating system, is loaded into external memory before the processor authenticates the second-level image. This approach is time consuming since authentication is performed twice. Thus, it would be advantageous to have a fast and secure method to transition from one state to another state.