1. Field of the Invention
This invention relates generally to the field of computing devices, and more specifically to a configurable signature, e.g., for verifying data or program code, e.g., initialization code, in a computer system.
2. Description of the Related Art
Many hardware systems include a central processing unit (CPU), i.e., a main or host processor, and one or more embedded controllers for performing auxiliary functions for the system, such as initialization, input/output (I/O), management, and reset functionality. For example, an embedded controller may be part of a system-on-chip (SoC) that may also include various additional components that coupled to the embedded controller, e.g., memory, etc. Such systems may be vulnerable to unauthorized access or tampering by malicious users or agents, e.g., during boot-up.
It is important that initialization for the system be trustworthy; otherwise, an attacker could modify the code to perform unauthorized operations, e.g., to copy otherwise protected verification information, keys, passwords, etc., to some memory or I/O where it would be easily accessible. If the initialization code is contained in on-chip ROM, it cannot be modified and so it can be trusted by the chip manufacturer and the system vendor who purchases the chip. If, however, the code is loaded into on-chip RAM from an off-chip memory (for example, an SPI Flash memory chip), then the external memory is vulnerable to malicious interference. A memory image, e.g., of the initialization code, can be authenticated using digital signatures or MAC (Message Authentication Code). However, these methods are computationally intensive, and may be impractical for a low cost device. Thus, improved systems and methods for authenticating data or program code are desired.
Other corresponding issues related to the prior art will become apparent to one skilled in the art after comparing such prior art with embodiments of the present invention as described herein.