1. Field of the Invention
This invention relates generally to the field of computing devices, and more specifically to protecting memory, e.g., data and/or program instructions, e.g., in a system-on-chip included in a computer system.
2. Description of the Related Art
Many hardware systems include a central processing unit (CPU), i.e., a main or host processor, and one or more embedded controllers for performing auxiliary functions for the system, such as initialization, input/output (I/O), management, and reset functionality. For example, an embedded controller may be part of a system-on-chip (SoC) that may also include various additional components that coupled to the embedded controller, e.g., memory, etc. Such systems may be vulnerable to unauthorized access or tampering by malicious users or external agents, e.g., during system initialization prior to boot-up of the system CPU.
In some approaches to preventing such unauthorized access a “secret” is stored in a safe location, e.g., in SoC memory, and used via software executed by the controller, e.g., to verify that the system in which the SoC is located is authorized and has not been modified through tampering, or to enable or disable some aspect, e.g., component or functionality, of the system, either based on authorization of the secret or using the secret itself to enable the function, among other uses. In most cost-sensitive designs, secrets are simply held in SoC memory and it is assumed that an attacker is either insufficiently motivated or insufficiently clever to read the secret in an unauthorized way. Approaches with less cost-sensitivity often use strong cryptographic techniques, including the use of a hardware TPM (Trusted Platform Module).
However, keeping a secret through simple obscurity may be insufficient to defend against a sufficiently dedicated attack, while hardware based solutions, such as the use of a TPM, may be too expensive. Moreover, cryptographically strong algorithms may require more computational power than an inexpensive embedded controller can provide. Thus, improved systems and methods for protecting data for an embedded controller are desired.
Other corresponding issues related to the prior art will become apparent to one skilled in the art after comparing such prior art with embodiments of the present invention as described herein.