Advances in technology and consumers demand for such technology increasingly drive electronic devices, such as mobile handheld devices, to higher levels of capability. The processing power available today allows many of these demands to be met using sophisticated processors such as System-on-Chip (SOC) integrated circuits that provide high levels of capability and flexibility through being programmable.
Software and software development have become critical to providing new and improved capabilities, features and functions of electronic devices. As such, there is a need to protect the software from misappropriation, or alteration for malicious purposes. For example, software may be misappropriated or altered even at the integrated circuit level by attacks directed toward specific features and functions of the chip. At the same time, it may be necessary to gain access to software for debugging, updating or for various development needs.
One method to reduce misappropriation of software is to verify whether a particular program image is authorized to run on a particular circuit. Referring to FIG. 1, exemplary operations that can be performed to securely boot a program image by verifying the image are generally identified at 100. The process starts at 102 when a program image is to be loaded in a circuit. At 104, the circuit reads the program image. At 106, the circuit reads a production public key. At 108, the circuit uses the production public key to verify whether the program image is authorized to run on the circuit. At 110, the circuit determines whether the verification is successful. If the verification is successful, the circuit loads the program image at 112 and the process ends at 114. However, if the verification is not successful, the circuit fails the program image boot at 116 and the process ends at 114.
Although this method is useful in verifying whether a program image is authorized to run on a particular circuit, there are a number of drawbacks. One such drawback is that developmental program images also have to be verified. Verifying program images during development and/or debugging can increase time required to create new program images, which can also increase the cost of new program images. In addition, because the production public key is used to verify developmental program images, an increased number of program images are linked to the production public key. By having a large number of program images linked to the production public key, cryptanalysis techniques could be used to determine the production public key. Therefore, it is desirable, among other things, to provide a circuit and method that is capable of verifying whether a program image is authorized to run on a particular circuit without the aforementioned drawbacks.