A system-on-a-chip (one-chip system, SoC) is an integrated circuit (IC) in which numerous functions of a corresponding system are integrated on a single chip (die). These types of SoCs may include, for example, a hardware-configurable logic unit (programmable logic (PL) part) and a processor unit (processor system (PS) part).
This type of processor unit may include an advantageous processor or processor core, or a multicore processor. Multicore processors include multiple (at least two) processor cores. A processor core includes an arithmetic logic unit (ALU) which represents the actual electronic arithmetic unit for carrying out tasks, programs, arithmetic instructions, etc., as well as a local memory.
Hardware of a hardware-configurable logic unit is not unchangeable; it may be changed at any time. Hardware-configurable logic units may be reprogrammed or reconfigured on the hardware level with the aid of a hardware description language (HDL). Thus, different functionalities may be assigned to the hardware-configurable logic circuits. To reconfigure a hardware-configurable logic unit, individual circuit areas of the hardware-configurable logic unit may be wired differently. A configuration of hardware elements (for example, lookup tables (LUT), multiplexers (MUX), interconnections between logical instances (programmable interconnect points, for example), and/or global resources such as clock, VCC, GND) is changed in the individual circuit areas. These types of hardware-configurable logic units may in particular be so-called field programmable gate arrays (FPGAs).
Numerous functionalities may be implemented with the aid of such SoCs. In this regard, it is extremely important to take appropriate security measures and safeguard the SoC against malicious attacks. In particular, firmware of the SoC must be protected. The firmware includes in particular the programming of the hardware-configurable logic unit (programmable logic (PL) part) and the processor unit (processor system (PS) part). For example, the firmware of the SoC must be protected from manipulation, reconstruction (reverse engineering), or unlicensed duplication.
SoCs may typically be safeguarded by encrypting a data stream of the SoC with the aid of an advantageous encryption method, for example with the aid of a so-called advanced encryption standard (AES) algorithm. With the aid of such a method, the data stream of the SoC may be safeguarded, but the SoC cannot be safeguarded against manipulation (primarily at the hardware level). In addition, such encryption methods are susceptible to side channel attacks.
SoCs may also be safeguarded with the aid of so-called secure boot methods, asymmetrical encryption methods usually being used. In these types of asymmetrical encryption methods, key pairs from a public key and a private key are used. The firmware having the public key is signed offline. This signature is checked in the SoC, using the public key. However, only the integrity or authenticity of the data is safeguarded in these types of signature methods. Maintaining secrecy of the data of the SoC is not ensured.