Pioneer official engineer's practical knowledge: HPM6000 series Security Flash introduction
[Copy link]
This issue introduces the security flash content in the HPM6000 series. I hope it can help users understand the design that Xianji has made for user information security.
Security Flash Module Overview
First, some explanations of terms:
Execution In Place: The access mode that can directly access the external memory without copying the external memory data to the internal memory before execution is called Execution In Place.
DEK (Data Encryption Key): Data encryption key, the key used by users to encrypt data/code on storage;
KEK (Key-Encryption Key): Key encryption key, the secret key for encrypting DEK.
Introduction to EXIP online decryption engine
The EXIP online decryption engine designed by Pioneer Semiconductor HPM6000 series MCU supports online execution function and can perform real-time decryption of encrypted external NOR Flash to achieve online real-time decryption execution. The main features of EXIP are:
(1) Support AES-128 CTR mode decryption
EXIP supports AES-128 CTR mode decryption with a key length of 128 bits. The keys are stored in registers RGNx_KEY0, RGNx_KEY1, RGNx_KEY2, and RGNx_KEY3.
AES-128 CTR mode requires that the data encrypted with the same key must not have the same counter value for each data block. The Counter length is the same as the AES data block length, which is also 128 bits. For each 128-bit data block in EXIP, the Counter consists of the 32-bit system address of the data block and the 64-bit NONCE, where the NONCE is stored in RGNx_CTR0 and RGNx_CTR1.
(2) Supports 4 segments, each segment can be encrypted with a different key
(3) Supports encapsulating sensitive information such as data encryption keys through Key Blob (compliant with RFC3394 standard)
(4) Support hardware decryption of Key Blob (compliant with RFC3394 standard)
(5) Support reading KEK from OTP for decrypting Key Blob
XPI NOR boot image layout introduction
XPI NOR boot image layout
As shown in the figure above, a complete XPI NOR boot image consists of EXIP BLOB, XPI configuration options, FW BLOB, firmware header and firmware. The dashed boxes are optional content, and the solid boxes are required content.
To implement an encrypted image, the image header must contain EXIP BLOB content. This content uses the key encapsulation and key decapsulation algorithms defined in RFC3394, is encrypted by KEK and stored in Flash in ciphertext form to protect the DEK used for EXIP decryption and related sensitive data.
Security Flash System Process Introduction
Security Flash Schematic Diagram
As shown in the figure above, the Security Flash process includes three aspects:
(1) The user generates an encrypted image to enable online encrypted execution function;
(2) EXIP decrypts the EXIP BLOB to obtain decryption information such as DEK;
(3) EXIP uses AES-128 CTR mode to decrypt the Flash ciphertext firmware online.
When the ENCRYPT_XIP field in OTP is set to 1, BootROM starts the encrypted in-place execution function. BootROM will force EXIP to open in XPI NOR startup and try to decrypt EXIP Blob with EXIP0_KEK (XPI_INSTANCE value is 0) or EXPI1_KEK (XPI_INSTANCE value is 1). When the EXIP BLOB is decrypted correctly, ROM will configure the corresponding decryption information according to the information in the EXIP BLOB, and load the recovered DEK, NONCE, and the start and end address information of the encrypted area into the corresponding register of RGNx. When the EXIP BLOB is decrypted correctly, EXIP can perform in-place decryption execution according to the AES-128 CTR mode.
Performance comparison test
As for the impact of encryption on the execution link, Xianji conducted a simple test comparison. In the single-core test of plain text and cipher text,
Test procedure conditions:
(1) Close all caches, including D-Cache and I-Cache
(2) The specific mathematical calculations were run 600 times in a loop, and the test results of the running time consumption were obtained as shown in the following table:
It can be seen that under the same software and hardware platform, the execution of the encrypted image has no substantial impact on the processor performance.
Note: Since the encryption process involves burning the OTP, a mistake may cause the chip to fail to start normally. Therefore, Xianji recommends that developers contact Xianji when there is an actual need, so that they can get better support.
| 
提升卡
变色卡
千斤顶
京公网安备 11010802033920号
