1. Field of the Invention
The present invention relates to a non-volatile semiconductor storage device which holds data even after power is turned off, and more particularly to a write control method for disabling a rewrite of data which has been once written into a non-volatile semiconductor storage device.
2. Description of the Related Art
In recent years, non-volatile semiconductor storage devices (hereinafter called the xe2x80x9csemiconductor memoryxe2x80x9d) which hold data even after power is turned off, such as EEPROM (Electrically Erasable and Programmable Read Only Memory), flash memory and the like have been used in a variety of applications.
Such a non-volatile memory permits a rewrite even after data for a program and the like has been once written therein. For this reason, in some applications which employ the non-volatile memory, it is required that once data has been written into the non-volatile memory, the contents of data cannot be read therefrom or overwritten by other data. For example, when a program for controlling an engine of an automotive vehicle is written into a non-volatile memory which is then supplied, a safety problem would arise if a general user who purchased the automotive vehicle could read out and modify the program.
Such a problem can be solved if a program is written into a mask ROM for use in a situation as mentioned above. However, manufacturing of mask ROM involves previously fabricating masks, which require extra time for the fabrication, thereby limiting a time period available for developing a program. Also, when the program should be modified due to bugs found therein, the program in the mask ROM cannot be modified until its masks are fabricated again for debugging. For the reasons set forth above, it is a general tendency that non-volatile memories such as a flash memory are used at an initial stage of the development of a program, instead of the mask ROM.
The requirements as described above have been addressed, for example, by Japanese Patent Application Laid Open No.2000-181898 which proposes a non-volatile memory that disables a rewrite after data has been once written therein.
Specifically, Japanese Patent Application Laid Open No.2000-181898 discloses a non-volatile memory based on a flash memory which comprises a programming area and an area for storing management information for the programming area, arranged in a one-to-one correspondence, such that a CPU, in response to a programming request from the outside, refers to the management information storing area to determine whether the programming is enabled or disabled into the programming area.
However, this conventional method involves the determination on whether the programming is enabled or disabled, made by the CPU which reads the management information, so that if a malicious third party modifies a program itself of the CPU, the flash memory can be programmed in a programming area even if the management information associated therewith disables a rewrite of the contents in the programming area.
It is an object of the present invention to provide a non-volatile semiconductor storage device which effectively disables a malicious third party to rewrite data stored therein, and a rewrite disable control method for use with the non-volatile semiconductor storage device.
The non-volatile semiconductor storage device according to the present invention is applied to a non-volatile semiconductor storage device which has a storage area made up of a plurality of memory blocks, where data is erased memory block by memory block. To achieve the above object, in the non-volatile semiconductor storage device of the present invention, each of at least three of the plurality of memory blocks store a security flag of the same content indicative of a rewrite disable state. A rewrite control circuit is provided for making a majority decision on the values of the three or more stored security flags to determine a rewrite disable/enable state to establish the logic of a disable control signal based on the result of the determination. Then, the rewrite control circuit controls disabling or enabling a rewrite to the storage area based on the logic of the disable control signal.
According to the present invention, the security flags each indicative of a rewrite disable state are stored in a security flag storage area provided in the storage area, and the disable/enable state is directly set by hardware, i.e., the rewrite control circuit in accordance with the values of the stored security flags. Therefore, for a certain program stored in the storage area of the non-volatile semiconductor storage device, if a subsequent rewrite, such as an erasure and an overwrite, is to be disabled, the security flags can be set in accordance with particular behaviors which should be disabled, to prevent a malicious third party from rewriting the stored program.
Also, in the non-volatile semiconductor storage device of the present invention, the security flags of the same contents are stored in at least three or more memory blocks, such that the rewrite control circuit makes a majority decision on the values of the three or more security flags to determine the disable/enable state. Therefore, even if an instantaneous power supply interruption or the like occurs during an erasure of a certain memory block to unintentionally rewrite the security flag in one memory block, the security flags stored in the remaining two or more memory blocks maintain the original values, thereby making it possible to prevent problems such as validation of unintended disable setting.
The security flag may comprise a write disable flag indicative of a disable/enable state for a new data write into the storage area and a disable/enable state for an erasure in blocks; a block erasure disable flag indicative of a disable/enable state for an erasure in blocks; and a chip erasure disable flag indicative of a disable/enable state for a collective erasure of the overall storage area and a disable/enable state for an erasure in blocks, wherein the disable control signal may comprise a write disable control signal, a block erasure disable control signal and a chip erasure disable control signal.
The above and other objects, features and advantages of the present invention will become apparent from the following description with reference to the accompanying drawings which illustrate examples of the present invention.