 English |
|
|
|
|
|
|
|
| DS5002FP_06 Datasheet, PDF (16/25 Pages) Dallas Semiconductor – Secure Microprocessor Chip | |||
| |||
| ◁ |
Figure 9. Security Circuitry
DS5002FP Secure Microprocessor Chip
The address encryptor translates each âlogicalâ address, i.e., the normal sequence of addresses that are generated
in the logical flow of program execution, into an encrypted address (or âphysicalâ address) at which the byte is
actually stored. Each time a logical address is generated, either during program loading or during program
execution, the address encryptor circuitry uses the value of the 64-bit key word and of the address itself to form the
physical address, which are presented on the address lines of the RAM. The encryption algorithm is such that there
is one and only one physical address for every possible logical address. The address encryptor operates over the
entire memory range, which is configured during bootstrap loading for access on the byte-wide bus.
As bootstrap loading of the application software is performed, the data encryptor logic transforms the op code,
operand, or data byte at any given memory location into an encrypted representation. As each byte is read back to
the CPU during program execution, the internal data encryptor restores it to its original value. When a byte is
written to the external nonvolatile program/ data RAM during program execution, that byte is stored in encrypted
form as well. The data encryption logic uses the value of the 64-bit key, the logical address to which the data is
being written, and the value of the data itself to form the encrypted data, which is written to the nonvolatile
program/data RAM. The encryption algorithm is repeatable, such that for a given data value, encryption key value,
and logical address the encrypted byte will always be the same. However, there are many possible encrypted data
values for each possible true data value due to the algorithmâs dependency on the values of the logical address
and encryption key.
When the application software is executed, the internal CPU of the DS5002FP operates as normal. Logical
addresses are calculated for op code fetch cycles and also data read and write operations. The DS5002FP has the
ability to perform address encryption on logical addresses as they are generated internally during the normal
course of program execution. In a similar fashion, data is manipulated by the CPU in its true representation.
However, it is also encrypted when it is written to the external program/data RAM, and is restored to its original
value when it is read back.
When an application program is stored in the format described above, it is virtually impossible to disassemble op
codes or to convert data back into its true representation. Address encryption has the effect that the op codes and
data are not stored in the contiguous form in which they were assembled, but rather in seemingly random locations
in memory. This in itself makes it virtually impossible to determine the normal flow of the program. As an added
16 of 25
|
▷ |
German
Russian
Spanish
Italian
Polish
Chinese
Japanese
Korean
French
Portuguese