 English |
|
|
|
|
|
|
|
| DS5002FP_1 Datasheet, PDF (9/29 Pages) Dallas Semiconductor – Secure Microprocessor Chip | |||
| |||
| ◁ |
DS5002FP
The random number generator circuit uses the asynchronous frequency differences of two internal ring
oscillator and the processor master clock (determined by XTAL1 and XTAL2). As a result, a true random
number is produced.
VECTOR RAM
A 48-byte Vector RAM area is incorporated on-chip, and is used to contain the reset and interrupt vector
code in the DS5002FP. It is included in the architecture to help insure the security of the application
program.
If reset and interrupt vector locations were accessed from the external nonvolatile program/data RAM
during the execution of the program, then it would be possible to determine the encrypted value of known
addresses. This could be done by forcing an interrupt or reset condition and observing the resulting
addresses on the byte-wide address/data bus. For example, it is known that when a hardware reset is
applied the logical program address is forced to location 0000H and code is executed starting from this
location. It would then be possible to determine the encrypted value (or physical address) of the logical
address value 0000H by observing the address presented to the external RAM following a hardware reset.
Interrupt vector address relationships could be determined in a similar fashion. By using the on-chip
Vector RAM to contain the interrupt and reset vectors, it is impossible to observe such relationships.
Although it is very unlikely that an application program could be deciphered by observing vector address
relationships, the Vector RAM eliminates this possibility. Note that the dummy accesses mentioned
above are conducted while fetching from Vector RAM.
The Vector RAM is automatically loaded with the userâs reset and interrupt vectors during bootstrap
loading.
SECURITY LOCK
Once the application program has been loaded into the DS5002FPâs NV RAM, the Security Lock may be
enabled by issuing the âZâ command in the Bootstrap Loader. While the Security Lock is set, no further
access to program/ data information is possible via the on-chip ROM. Access is prevented by both the
Bootstrap Loader firmware and the DS5002FP encryptor circuits.
Access to the NVRAM may only be regained by clearing the Security Lock via the âUâ command in the
Bootstrap Loader. This action triggers several events which defeat tampering. First, the Encryption Key is
instantaneously erased. Without the Encryption Key, the DS5002FP is no longer able to decrypt the
contents of the RAM. Therefore, the application software can no longer be correctly executed, nor can it
be read back in its true form via the Bootstrap Loader. Second, the Vector RAM area is also
instantaneously erased, so that the reset and vector information is lost. Third, the Bootstrap Loader
firmware sequentially erases the encrypted RAM area. Lastly, the loader creates and loads a new random
key.
The Security Lock bit itself is constructed using a multiple-bit latch which is interlaced for self-destruct in
the event of tampering. The lock is designed to set-up a âdomino-effectâ such that erasure of the bit will
result in an unstoppable sequence of events that clears critical data including Encryption Key and Vector
RAM. In addition, this bit is protected from probing by the top-coating feature mentioned below.
SELF-DESTRUCT INPUT
The Self-Destruct Input (SDI) pin is an active high input which is used to reset the Security Lock in
response to an external event. The SDI input is intended to be used with external tamper detection
circuitry. It can be activated with or without operating power applied to the VCC pin. Activation of the
SDI pin instantly resets the Security Lock and causes the same sequence of events described above for
9 of 29
|
▷ |
German
Russian
Spanish
Italian
Polish
Chinese
Japanese
Korean
French
Portuguese