The demand for high performance, microcontroller-based products for use in communication and processing applications continues to increase rapidly. As a result, microcontroller-based product manufacturers are typically requiring that the components and devices within these products be regularly improved to meet the design requirements of a myriad of emerging audio, video, and imaging applications.
These microcontroller-based products use various types of processors, such as general purpose microprocessors, for controlling the operation of various digital devices, such as clock radios, microwave ovens, digital video recorders, and the like, and special purpose microprocessors, such as math coprocessors for mathematical computations, or digital signal processors used to manipulate various types of information, including sound, imaging, and video information.
A microcontroller typically includes a central processing unit (“CPU”) core to perform the processing functions and a bus interface for communication with the various memory devices as well as external or other peripheral devices.
For the storage of data, the microcontroller may include various types of memory. For example, the microcontroller may include Random Access Memory (“RAM”) as well as Read-Only Memory (“ROM”). In addition, the microcontroller may also include flash memory which can be erased and reprogrammed.
For the transmitting and receiving of data between various devices and components, microcontrollers, and other devices utilize various types of serial interfaces. One such type of interface definition typically used is the serial peripheral interface (“SPI”). In addition, for the temporary storage of data, for example, to permit the microcontrollers to manipulate the data before transferring the data through the SPI to another device, the microcontrollers generally utilize one or more buffers. These buffers are configured with the SPI to enable the processors to transmit and receive data to and from the buffers as needed in an application.
Microcontrollers may be produced as self-contained devices. That is, they are produced as products that include a processor as well as a memory containing a program. In some instances, the program may be pre-loaded in the memory, and the processor with program may be purchased as a complete unit. It may not be desirable to have the contents of the program become available to the public, if the entity that created the program wishes to protect its intellectual property in the program.
With reference to FIG. 1, an exemplary microcontroller 100 is illustrated. Microcontroller 100 suitably comprises a central processing unit (CPU) core 102 configured for the processing of data, and a bus interface 104 for communication with the various memory or input and output devices. For the storage of data, microcontroller 100 can comprise various types of memory. For example, microcontroller 100 can comprise an internal CPU static random access memory (SRAM) 106 that can provide very low access time, e.g., as low as 10 nanoseconds. In addition, microcontroller 100 can also include data memory 114 which may also comprise SRAM-type memory, and read-only memory (ROM) 116. Still further, microcontroller 100 can also include flash memory for the programming and storage of data, such as a page of memory 124 comprising, for example, 32 KB of data storage, as well as a smaller configuration of flash memory 126, comprising, for example, 128 kilobits of data storage. For the transmitting and receiving of data between various components, microcontroller 100 may also include a serial peripheral interface (SPI) 110 which can communicate with the CPU memory 106 via direct memory access (DMA) 112, i.e., SPI 110 can transfer data from main memory to a device without passing the data through the CPU.
In addition, microcontroller 100 may also include various input/output devices. For example, an I/O port device 118 can be provided, as well as a breakpoint device 120. Further, microcontroller 100 can also include a system clock 130 for providing the clock cycles for triggering various functions and sequences during operation. Microcontroller 100 may also include a Power On Reset (POR) 128 for use during ramping up of a power supply.
It has been discovered that certain systems, including several systems based on the Intel 8051 microprocessor architecture, as well as other systems based on architectures with similar features, may be vulnerable to various types of security breaches.
For example, there is an External Address Enable pin on the 8051 microprocessor (EAn). In certain configurations, when the voltage at this pin is high, the processor uses internal memory (memory 126 and memory 124, for example) for access to program and data memory. When the voltage at this pin is held low, the processor is able to fetch code from memory locations which are external to microcontroller 100.
Such a feature enables a microcontroller to access larger amounts of code than is available from microcontroller 100 alone. However, the ability to fetch code from external memory locations can be exploited in an unscrupulous manner. For example, an unauthorized user may be able to force EAn to a low state to enable external memory accesses. The unauthorized user could then create a program located in external memory where the program is configured to download the program located on the microcontroller by switching EAn to a high state, a condition which enables reads from internal memory, thus permitting the unauthorized user to read the contents of the internal memory or otherwise access the contents of the internal memory.
Another possible security problem with microcontroller systems is that the input/output (“I/O”) ports can be accessed in some instances. For example, if EAn is set high, the internal memory is being accessed, but the data retrieved on the internal memory may be viewable at certain I/O ports. In those situations, although the processor is accessing internal memory, microcontroller 100 outputs those contents of the internal memory to the I/O ports. By monitoring I/O ports, such as the P0 port on the 8051 microprocessor, an unauthorized user may be able to monitor the contents of the internal program and data memory from the I/O port and thus have access to intellectual property.
A further security problem that may be present is the ability to re-program flash memory. A supplier of microcontrollers will typically enable the microcontroller to be programmed by a vendor, so it can be used in a specific application. For example, a company which manufactures power meters may buy microcontroller 100 and program the microcontroller to perform certain functions. The use of flash memory can facilitate the programming because a flash memory is more easily reprogrammed with changes to a desired program. While a ROM may be copied through the use of photography to produce an optical mask, such a technique is not possible with flash memory. However, when the power meter company ships its product to end users, it may not want the program and data used in the power meter to be accessible by, e.g., possible competitors.
When one attempts to program a flash memory, there may be several options available. Certain memory locations or groups of memory locations (such as pages of memory) may be accessed at one time. An additional option that may be used by an unauthorized user to “dump” the contents of the memory in order to determine the contents of the flash memory.
Accordingly, a need exists to solve the above-mentioned potential security problems in microcontrollers and processors.