1. Field of the Invention
The present invention generally relates to digital data processing units and, more specifically, to central processing units (CPU) which interpret program instructions contained in one or several memories external to the processing unit.
The present invention more specifically applies to processing units intended to execute programs updated by instructions stored (for example, downloaded) in a memory different from that containing the original programs.
2. Discussion of the Related Art
In a processing unit, the original program(s) are stored in a ROM on manufacturing of the circuit containing the unit. Such programs are likely to be corrected or completed along the product lifetime by correction codes (patches) loaded into a programmable non-volatile memory or a RAM (for single-use patches). Such updating programs should be able to take over the circuit control, in particular if said patches are intended for the program hosted in ROM, which is not reprogrammable.
A disadvantage then is that a malicious patch may be able to take over the circuit control, for example, to hack secret quantities or to deactivate the access control mechanisms.
To protect circuit against the execution of unauthorized programs, mechanisms checking the integrity of the executed program code (for example, by a signature calculation) are generally provided to make sure that the programs being executed actually correspond to authorized programs.
However, it is difficult for such mechanisms to be efficient for updatings with a signature that cannot be known in advance. For the original program, it is possible to calculate the signature on manufacturing and store it in ROM. However, for updatings, the signature is also stored in a reprogrammable memory since it cannot be known from as soon as the manufacturing. A malicious patch can thus be stored with a signature considered as acceptable by the circuit.
Another technique disclosed in US-A-2003/0031499 consists in ciphering a program after or during its loading in the circuit using a key known of the circuit and a symmetrical algorithm. Ciphered instructions are stored in memory areas the call of which activates (from the address) a deciphering when the instructions are executed. However, a hacker who would achieve the loading of a program in the circuit would get round this protection as the ciphering is made by the circuit itself.