The U.S. Pat. No. 7,401,234 describes an electronic device having an autonomous memory checker for runtime security assurance. Assuring code integrity of embedded systems software and safe operation of hardware blocks at runtime is becoming a significant security issue for an embedded electronic device.
During boot-time, an embedded processor may execute hardware and software initialization instructions to validate and configure the hardware and hardware related data in order to present a known execution environment and user interface for the system software. Once the boot-time instruction has checked for authenticity, the system control is passed to the validated runtime code, e.g. the operating system or application execution image, and enters the runtime mode.
During runtime, the processor executes the runtime code. It is during this latter stage, when the runtime environment is fully established, that it is possible for untrusted user application code or downloaded dynamic code to be run and for memory corruption to occur on the original trusted and authenticated code, due to non-boot-time factors such as computer viruses or internal programming bugs.
The autonomous memory checker in U.S. Pat. No. 7,401,234 comprises a controller, a memory reference file coupled to the controller, and an authentication engine coupled to the controller. A check is performed during runtime operation of the electronic device. The autonomous memory checker generates runtime reference values corresponding to trusted information stored in memory. The runtime reference values are compared against memory reference values stored in the memory reference file. The memory reference values are generated from the trusted information stored in memory. An error signal is generated when the runtime reference values are not identical to the memory reference values thereby indicating that the trusted information has been modified.
The autonomous memory checker is first set up by a host processor to define memory start addresses and blocks to be checked. The checker may also have the capability to monitor contents of registers in peripheral devices. The host processor may cooperate with the checker to receive and compare a hash value generated for a memory block by the checker.
A drawback of such a device is that the host processor is required to define the memory locations to be tested, and thereto defines address and length pairs, which are to be stored by the checker.