1. Field of the Invention
The present invention relates generally to integrated circuits including non-volatile storage, and more specifically, to a method and apparatus that automatically secure non-volatile (NV) storage from external intrusion.
2. Background of the Invention
A significant amount of the value contained in micro-controllers and other integrated circuits having non-volatile (NV) storage is in the proprietary program code and data stored in the integrated circuit. Without a method and circuit for securing the program code against read operations, the intellectual property (IP) contained therein can be easily copied and used by unauthorized persons. While micro-controllers and other integrated circuits such as one-time programmable (OTP) memory, and logic such as programmable logic devices (PLDs), have long included protection circuits, such as one-time fuses that control read mechanisms, techniques have been developed to get around such mechanisms to obtain the IP.
In particular, in micro-controllers, software pirates have used techniques to gain control of the processor core or scan logic interfaces by manipulating clock and control logic signals in a manner that defeats the protection mechanisms. For example, if a micro-controller core reads a “secured” bit that indicates that the program code has been secured prior to disabling functionality that might provide access to the values stored in the program code, then if the micro-controller can be manipulated to change its intended execution path, then the micro-controller might be forced to bypass the protection mechanisms and grant access to the IP. If access to the non-volatile storage can be accomplished through a programming interface such as Joint Tactical Action Group (JTAG) interface, or a port interface such as a serial port protocol provided for programming and verifying an integrated circuit NV storage, then the security is overcome.
While a one-time fuse can be used to provide a total bar to external access to the NV storage, signal manipulation techniques, such as those described above, can be employed to gain external access via what is treated as an internal access by the logic, and further a one-time fuse is disadvantageous in that the integrated circuit can typically only be programmed once, making debugging problems in the field very difficult. Other security techniques such as password/key matching have been employed to provide access to the read interface and/or programming interfaces of an integrated circuit having NV storage. However, simple password/key match techniques can be defeated by repetitive trial-and-error attacks.
Therefore, it is desirable to provide a method and apparatus having improved security for program code and other NV storage. It would further be desirable to provide a mechanism that can automatically lock NV storage in an integrated circuit.