1. Field of the Invention
The present invention relates to a data processing apparatus and a validity verification method for maintaining security upon activation and the like.
2. Description of the Related Art
With conventional computers, server devices, and other data processing apparatuses that are attached to personal computers (PC), electronic devices, and electrical devices, there is performed a process of determining whether data of, for example, a program stored in an auxiliary storage device has been tampered with or destroyed. This process, which is referred to as validity verification, is executed, for example, when the data processing apparatus is activated.
FIG. 1 is a schematic diagram illustrating a configuration of a personal computer according to a related art example. As illustrated in FIG. 1, the personal computer includes, for example, a CPU (Central Processing Unit), a boot device, an auxiliary storage device, a TPM (Trusted Platform Module), a code calculation engine, and a RAM (Random Access Memory) that are connected to each other by a bus.
The boot device is, for example, a flash ROM (Read Only Memory). The boot device stores programs (e.g., BIOS (Basic Input/Output System), a program for verifying validity) that are executed, for example, when the personal computer is activated. The auxiliary storage device is, for example, a HDD (Hard Disk Drive), a flash memory, or an EEPROM (Electrically Erasable and Programmable Read Only Memory). The auxiliary storage device stores, for example, an operating system, various application programs, and databases. The TPM is a security chip that is resistant against, for example, tampering of stored data. The TPM can store or generate, for example, key data used for code calculation and comparison data used for validity verification. The TPM can rewrite the stored/generated key data by performing predetermined procedures. The code calculation engine is a calculation unit that performs code (cipher) calculation such as RSA encryption calculation or hash calculation. The TPM may include the function(s) of the code calculation engine.
For example, in performing the validity verification using the personal computer illustrated in FIG. 1, target verification data (e.g., program, data) stored in the auxiliary storage device is copied to the RAM. Then, the code calculation engine performs code calculation on the target verification data by using key data. Then, the calculation result of code calculation by the code calculation engine is compared with comparison data. In a case where the calculation result matches the comparison data, it is determined that the target verification data is valid (normal). In the case where the target verification data is valid, the operating system of the personal computer is activated and proceeds to a normal operating status.
In a case where a problem occurs in a program used for validity verification in the personal computer of the related art example, this problem can be addressed by rewriting the program because the boot device and the TPM are both rewritable devices. Thus, there is an advantage that processes related to validity verification and other processes not related to validity verification can be written relatively freely with the boot device and the TPM.
Further, various documents are disclosed in relation to the above-described validity verification technology. For example, Japanese Laid-Open Patent Application 2009-129061 describes a data processing apparatus that performs validity verification by calculating a hash value of an activation target (e.g., program) and then comparing the calculated hash value with a hash value stored beforehand.
However, with the personal computer of the related art example, the use of rewritable devices such as the boot device and the TPM makes cost-reduction and size-reduction difficult. In addition, a rewritable device (e.g., flash ROM, TPM), is not mounted on integration technology devices such as SoC (System-on-a-Chip) and ASIC (Application Specific Integrate Circuit).
In a case where the above-described rewritable device of a data processing apparatus is replaced with a mask ROM. or the like, operation of the data processing apparatus becomes complicated when target verification data is determined to be invalid. This may lead to degradation of usability (convenience) of the data processing apparatus.