1. Field of the Invention
The present invention relates to a data processing apparatus and a validity verification method for maintaining security upon activation and the like.
2. Description of the Related Art
With conventional computers, server devices, and other data processing apparatuses that are attached to personal computers (PC), electronic devices, and electric devices, there is performed a process of determining whether data of, for example, a program stored in an auxiliary storage device has been tampered with or destroyed. This process, which is referred to as validity verification, is executed, for example, when the data processing apparatus is activated.
FIG. 1 is a schematic diagram illustrating a configuration of a personal computer according to a related art example. As illustrated in FIG. 1, the personal computer includes, for example, a CPU (Central Processing Unit), a boot device, an auxiliary storage device, a TPM (Trusted Platform Module), a code calculation engine, and a RAM (Random Access Memory) that are connected to each other by a bus.
The boot device is, for example, a flash ROM (Read Only Memory). The boot device stores programs (e.g., BIOS (Basic Input/Output System), a program for verifying validity) that are executed, for example, when the personal computer is activated. The auxiliary storage device is, for example, a HDD (Hard Disk Drive), a flash memory, or an EEPROM (Electrically Erasable and Programmable Read Only Memory). The auxiliary storage device stores, for example, an operating system, various application programs, and databases. The TPM is a security chip that is resistant against, for example, tampering of stored data. The TPM can store or generate, for example, key data used for code calculation and comparison data used for validity verification. The TPM can rewrite the stored/generated key data by performing predetermined procedures. The code calculation engine is a calculation unit that performs code (cipher) calculation such as RSA encryption calculation or hash calculation. The TPM may include the function(s) of the code calculation engine.
For example, in performing the validity verification using the personal computer illustrated in FIG. 1, target verification data (e.g., program, data) stored in the auxiliary storage device is copied to the RAM. Then, the code calculation engine performs code calculation on the target verification data by using key data. Then, the calculation result of code calculation by the code calculation engine is compared with comparison data. In a case where the calculation result matches the comparison data, it is determined that the target verification data is valid (normal). In the case where the target verification data is valid, the operating system of the personal computer is activated and proceeds to a normal operating status.
Various documents are disclosed in relation to the above-described technology. For example, Japanese Laid-Open Patent Application 2009-129061 describes a data processing apparatus that performs validity verification by calculating a hash value of an activation target (e.g., program) and then comparing the calculated hash value with a hash value stored beforehand.
However, with a conventional data processing apparatus, it becomes necessary to access the RAM, for example, when copying the target verification data (arrow (A) in FIG. 1), when loading a program used for validity verification (arrow (B) in FIG. 1), when reading the target verification data as a calculation object (arrow (C) in FIG. 1), and when writing various parameters in a work area (arrow (D) in FIG. 1). Further, the RAM of the conventional data processing apparatus is required to be divided (demarcated) into separate areas beforehand, such as a copy area for copying the target verification data and another being a work area for executing a program for performing code calculation. Thus, it may be necessary to rearrange (reallocate) data in the RAM after performing validity verification. The arrangement of data leads to delay of the activation of the data processing apparatus.