An electronic system may include, among other electronic units, a memory unit where data is stored and a processing unit for example for executing operations with the data or for running computer programs stored in the memory unit.
For a secure functioning of the electronic system and to protect the data from unauthorized access or manipulation, the data of the memory unit requires to be verified. Verification for the correct and safe functioning of the electronic system is usually performed by the processing unit in a start-up phase of the electronic system.
United States patent application US2008/0215847 discloses a device comprising an unsecure memory unit and a secure controller. The unsecure memory unit may be a non-volatile mass storage flash memory where authorization is not required in order to gain read/write access to data stored therein. The secure controller may be a processor to control operations of retrieval and storage of the data in the unsecure memory unit. In order to provide security against unauthorized copies of the data that may be stored in the unsecure memory unit, the device is provided with a secure firmware stored in the unsecure memory unit. The secure firmware needs to be authenticated to provide security to the device. This is done by signing the secure firmware typically at a time of loading it. Signing the secure firmware involves a calculation of one or more HASH values calculated for one or more portions of the secure firmware and a comparison of the calculated HASH values with pre-stored HASH values in the device. A mismatch between the calculated HASH values and the pre-stored HASH values indicates that the secure firmware is not authentic anymore. After the secure firmware has been signed, the secure firmware is executed to control the device comprising the unsecure memory unit.
A problem of the device disclosed in US2008/0215847 is that the secure firmware needs to be signed and executed in two successive steps in order to provide the security to the device.
A further problem of the device disclosed in US2008/0215847 is that before the secure firmware may be efficiently executed, the secure firmware needs to be copied from the unsecure memory unit to another memory, typically a volatile RAM (Random Access Memory). In fact the unsecure memory unit is typically slower than the volatile RAM and not inherently executable because it does not have random access capability as long as it is used as a mass storage flash memory.
A further disadvantage associated with the above-mentioned problem is that the secure firmware has typically a size larger than a size of the volatile RAM. For this reason the secure firmware needs to be split in portions and each one of the portions needs to be copied to the volatile RAM and to be executed by the volatile RAM. Consequently a maximum size of each one the portions of the secure firmware is determined by the size of the volatile RAM capable of executing each one of the portions of the secure firmware.