CN117472808A - Data protection methods, devices and systems - Google Patents

Abstract

The application discloses a data protection method, device and system, and belongs to the technical field of computers. The method is applied to a controller, which is a flash memory controller internal to the system on chip or a programmable logic controller disposed between the system on chip and the flash memory. The controller receives an access command for the flash memory sent by the processing core, wherein the access command comprises a command word and an access address. If the command word indicates that the access type of the access command is write or erase and the access address belongs to the protection address range of the flash memory configured in the controller, the controller intercepts the access command. According to the method and the device, the protection address range of the flash memory is configured on the controller, if the processing core in the system on chip wants to modify the content corresponding to the protection address range in the flash memory, the controller prevents the modification, the data tamper-proof function of the flash memory is achieved, and the safety and the reliability of the data in the flash memory can be improved.

Description

Data protection methods, devices and systems

Technical field

The present application relates to the field of computer technology, and in particular to a data protection method, device and system.

Background technique

Flash memory is a non-volatile memory that can keep stored data from being lost after a power outage. A system on a chip (SoC) containing a processing core and a flash memory controller can access flash memory deployed off-chip. However, due to the low access interface rate of flash memory, even if the SoC completes verification of the data in the flash memory before accessing the flash memory, there is still a time window for being attacked after the verification passes until the SoC successfully accesses the flash memory. During this time window, an attacker may gain access to the flash memory and tamper with the data in the flash memory, causing the SoC to be unable to access the original data in the flash memory. The security and reliability of data currently in flash memory is generally low.

Contents of the invention

This application provides a data protection method, device and system.

In the first aspect, a data protection method is provided, which is applied to the system-on-chip. The system-on-chip includes processing cores and flash memory controllers. The flash memory controller receives a first access command for the flash memory sent by the processing core. The flash memory is deployed external to the system-on-chip. The first access command includes a first command word and a first access address. The first command word is used to indicate the access type of the first access command, and the access type includes read, write or erase. The first access address is used to indicate the address range accessed by the first access command in the flash memory. If the first command word indicates that the access type of the first access command is write or erase, and the first access address belongs to the protection address range of the flash memory configured in the flash memory controller, the flash memory controller intercepts the first access command.

This application configures the protection address range of the flash memory in the flash memory controller. If the processing core wants to modify the content corresponding to the protection address range in the flash memory, the flash memory controller prevents the modification behavior, thereby protecting the flash memory corresponding to the protection address range. The content cannot be tampered with, and the data tamper-proof function for flash memory can be realized, which can improve the security and reliability of data in flash memory.

Optionally, a program file is deployed in the flash memory, and the flash memory protection address range configured in the flash memory controller includes the address range of the program file. Among them, the program file includes code segments and data segments. In this way, the flash memory controller can protect the program file in the flash memory from being tampered with and ensure that the processing core can run the code in the program file normally.

Optionally, the implementation of the flash memory controller receiving the first access command sent by the processing core for the flash memory includes: the flash memory controller receiving the first access command sent by the processing core in the indirect access mode.

In this application, the flash memory controller is configured with two access modes, including direct access mode and indirect access mode. When the flash controller is in direct access mode, only read operations to the flash memory are supported. Supports processing of read, write, and erase operations to flash memory when the flash controller is in indirect access mode.

Optionally, the flash memory controller receives a second access command for the flash memory sent by the processing core in the direct access mode, the second access command includes a second access address, and the second access address is used to indicate where the second access command is located in the flash memory. Accessed address range. If the second access address does not belong to the readable address range of the flash memory configured in the flash memory controller, the flash memory controller intercepts the second access command.

This application configures the readable address range of the flash memory in the flash memory controller, so that when the flash memory controller is in direct access mode, the processing core cannot read content outside the readable address range in the flash memory, thereby achieving access control.

Optionally, if the second access address belongs to the readable address range of the flash memory configured in the flash memory controller, the flash memory controller generates a second command word, and the second command word is used to indicate that the access type of the second access command is read. The flash memory controller reads the content corresponding to the second access address from the flash memory based on the second command word and the second access address, and sends the content corresponding to the second access address to the processing core.

Optionally, the readable address range of the flash memory configured in the flash memory controller is the same as the protection address range.

In this application, by configuring the same readable address range and protected address range in the flash memory controller, the content corresponding to the protected address range in the flash memory cannot be tampered with, and the processing core can only read the readable address range when directly accessing the flash memory. The content corresponding to the address range can therefore ensure that the content read from the flash memory by the processing core through direct access has not been tampered with, thereby improving the operational reliability of the processing core.

Optionally, if the first command word indicates that the access type of the first access command is read, the flash memory controller reads the content corresponding to the first access address from the flash memory based on the first command word and the first access address, and writes the first The content corresponding to the access address is sent to the processing core.

Optionally, the flash memory controller receives a mode switching instruction sent by the processing core, where the mode switching instruction is used to instruct the flash memory controller to switch from the direct access mode to the indirect access mode, or from the indirect access mode to the direct access mode.

Optionally, before the flash memory controller receives the first access command for the flash memory sent by the processing core, the processing core configures the protection address range in the flash memory controller by running the first trusted program. The processing core verifies the content corresponding to the protected address range in the flash memory by running the second trusted program, and determines that the content corresponding to the protected address range passes the verification.

In this application, the protection address range of the flash memory is first configured in the flash memory controller, and then the content corresponding to the protection address range in the flash memory is verified. In this way, after the verification of the content corresponding to the protected address range in the flash memory passes, if the flash memory controller receives a modification instruction for the content corresponding to the protected address range in the flash memory, the flash memory controller intercepts the modification instruction to prevent the modification. The modification of the flash memory can prevent the verified content in the flash memory from being tampered with during the time window from when the processing core verification is passed to when the flash memory is accessed, thereby improving the security and reliability of the data in the flash memory.

Optionally, the above system on chip also includes a read-only memory and a random access memory. After the on-chip system is powered on or reset, the processing core reads the second program file and the first signature in the flash memory through the flash memory controller by running the first program file in the read-only memory, and transfers the read second program file and The first signature is stored in the random access memory and the first signature is generated based on the first private key and the contents of the second program file. The processing core uses the first public key corresponding to the first private key to verify the first signature. After passing the verification of the first signature, the processing core obtains the first trusted program and the second trusted program from the second program file stored in the random access memory.

This application completes the trust chain verification during the secure boot process of the processing core and realizes the trusted configuration of the flash memory protection function of the flash memory controller.

Optionally, the processing core verifies the content corresponding to the protected address range in the flash memory by running a second trusted program, including: the processing core reads the flash memory through the flash memory controller by running the second trusted program. The content corresponding to the protected address range and the second signature are stored in the random access memory, and the second signature is based on the second private key and the content corresponding to the protected address range. Generated. The processing core uses the second public key corresponding to the second private key to verify the second signature.

Optionally, after the processing core configures the protection address range in the flash memory controller by running a first trusted program, the processing core locks the protection function configuration of the flash memory controller for the flash memory by running a third trusted program. Among them, the protection function configuration of the flash memory controller for the flash memory is locked, which means that the protection function configuration of the flash memory controller for the flash memory cannot be modified. The protection function configuration of the flash memory controller for the flash memory includes anti-tampering configuration and/or access permission control configuration. Among them, the anti-tampering configuration includes configuring the protection address range of the flash memory on the flash memory controller, and configuring the flash memory controller to protect the content corresponding to the protection address range in the flash memory from being tampered with in the indirect access mode. The access control configuration includes configuring the readable address range of the flash memory on the flash memory controller, and configuring the content corresponding to the readable address range in the read-only flash memory of the flash memory controller in direct access mode.

The second aspect provides another method of data protection. The programmable logic controller receives the first access command for the flash memory sent by the on-chip system. The programmable logic controller is deployed between the system-on-chip and the flash memory. The first access command includes a first command word and a first access address. The first command word is used to indicate the access type of the first access command, and the access type includes read, write or erase. The first access address is used to indicate the address range accessed by the first access command in the flash memory. If the first command word indicates that the access type of the first access command is write or erase, and the first access address belongs to the protection address range of the flash memory configured in the programmable logic controller, the programmable logic controller intercepts the first access command.

This application deploys a programmable logic controller between the on-chip system and the flash memory, and configures the protection address range of the flash memory on the programmable logic controller. If the processing core inside the on-chip system wants to modify the protection address range corresponding to the flash memory, content, the programmable logic controller prevents the modification behavior, thereby protecting the content corresponding to the protected address range in the flash memory from being tampered with, realizing the data anti-tampering function for the flash memory, and improving the security and reliability of the data in the flash memory.

Optionally, the implementation of the programmable logic controller receiving the first access command sent by the on-chip system for the flash memory includes: the programmable logic controller receives the first access command sent by the on-chip system in the indirect access mode.

In this application, the programmable logic controller can be set with two access modes, including direct access mode and indirect access mode. In this case, the access pattern of the programmable logic controller is consistent with the access pattern of the flash memory controller. That is, when the flash memory controller is in direct access mode, the programmable logic controller is also in direct access mode. When the flash controller is in indirect access mode, the programmable logic controller is also in indirect access mode.

Optionally, the programmable logic controller receives a second access command for the flash memory sent by the on-chip system in the direct access mode. The second access command includes a second command word and a second access address, and the second command word is used to indicate the second access command. The access type of the second access command is read, and the second access address is used to indicate the address range accessed by the second access command in the flash memory. If the second access address does not belong to the readable address range of the flash memory configured in the programmable logic controller, the programmable logic controller intercepts the second access command.

This application configures the readable address range of the flash memory in the programmable logic controller, so that when the programmable logic controller is in direct access mode, the SoC cannot read content outside the readable address range in the flash memory, thereby achieving access rights. control.

Optionally, if the second access address belongs to the readable address range of the flash memory configured in the programmable logic controller, the programmable logic controller transparently transmits the second access command and the on-chip system reads from the flash memory based on the second access command. content.

Optionally, if the first command word indicates that the access type of the first access command is read, the programmable logic controller transparently transmits the first access command and the content read by the system-on-chip from the flash memory based on the first access command.

Optionally, the programmable logic controller receives a mode switching instruction sent by the on-chip system. The mode switching instruction is used to instruct the programmable logic controller to switch from the direct access mode to the indirect access mode, or to switch from the indirect access mode to the direct access mode. .

Optionally, before the programmable logic controller receives the first access command for the flash memory sent by the on-chip system, the programmable logic controller receives a configuration command sent by the on-chip system, and the configuration command includes the protection address range. The programmable logic controller configures the protection address range in the programmable logic controller according to the configuration command.

In this application, the on-chip system completes the configuration of the flash memory protection function of the programmable logic controller.

Optionally, after the programmable logic controller configures the protection address range in the programmable logic controller according to the configuration command, the programmable logic controller receives the lock command sent by the on-chip system. The programmable logic controller locks the protection function configuration of the programmable logic controller for the flash memory according to the lock command. Among them, the protection function configuration of the programmable logic controller for the flash memory is locked, which means that the protection function configuration of the programmable logic controller for the flash memory cannot be modified. The protection function configuration of the programmable logic controller for flash memory includes anti-tamper configuration and/or access control configuration. Among them, the anti-tampering configuration includes configuring the protection address range of the flash memory on the programmable logic controller, and configuring the programmable logic controller to protect the content corresponding to the protection address range in the flash memory from being tampered with in the indirect access mode. The access control configuration includes configuring the readable address range of the flash memory on the programmable logic controller, and configuring the content corresponding to the readable address range in the read-only flash memory of the programmable logic controller in direct access mode.

In the third aspect, an on-chip system is provided, including: a processing core, a memory and a flash memory controller. The memory is used to store program instructions. After reading the program instructions stored in the memory, the processing core cooperates with the flash memory controller to implement the method in the above first aspect and each embodiment thereof.

In a fourth aspect, a programmable logic controller is provided, including: a programmable logic unit and a programmable input/output (IO) unit. Programmable IO unit is used to send and receive instructions. The programmable logic unit is used to execute logical functions according to the instructions received by the programmable IO unit to implement the methods in the above second aspect and its various implementations.

In the fifth aspect, a data protection system is provided, including: a system on a chip and a programmable logic controller. The system-on-chip includes processing cores and flash memory controllers. The programmable logic controller is connected to the flash memory controller.

Wherein, the processing core is used to first configure the protection address range of the flash memory in the programmable logic controller by running the first trusted program, and then run the second trusted program to calibrate the content corresponding to the protection address range in the flash memory. After confirming that the content corresponding to the protected address range has passed the verification, an access command is sent to the flash memory through the flash memory controller. The programmable logic controller is used to implement the method in the above second aspect and its various implementations after configuring the protection address range in the programmable logic controller.

In a sixth aspect, a computer-readable storage medium is provided. Instructions are stored on the computer-readable storage medium. When the instructions are executed by a processor, the methods in the above-mentioned first aspect and its various embodiments are implemented or Methods in the above-mentioned second aspect and its various embodiments.

In a seventh aspect, a computer program product is provided, including a computer program. When the computer program is executed by a processor, it implements the method in the above-mentioned first aspect and its various embodiments or the above-mentioned second aspect and its various embodiments. Methods.

In an eighth aspect, a chip is provided. The chip includes programmable logic circuits and/or program instructions. When the chip is running, the method in the above-mentioned first aspect and its various embodiments or the above-mentioned second aspect and its various embodiments are implemented. method in.

Description of the drawings

Figure 1 is a schematic structural diagram of an SoC provided by an embodiment of the present application;

Figure 2 is a schematic diagram of an application scenario provided by the embodiment of the present application;

Figure 3 is a schematic diagram of another application scenario provided by the embodiment of the present application;

Figure 4 is a schematic flowchart of a data protection method provided by an embodiment of the present application;

Figure 5 is a schematic flow chart of another data protection method provided by an embodiment of the present application;

FIG. 6 is a schematic structural diagram of a programmable logic controller provided by an embodiment of the present application.

Detailed ways

In order to make the purpose, technical solutions and advantages of the present application clearer, the embodiments of the present application will be further described in detail below with reference to the accompanying drawings.

Flash memory is a type of non-volatile memory. Flash memory supports reading data, writing data and erasing data, and flash memory can keep stored data from being lost after power is turned off. Flash memory has the characteristics of reading and writing in blocks, slow reading and writing speed, and low cost. For example, compared to double data rate synchronous dynamic random-access memory (DDR SDRAM), flash memory has a lower access interface rate. NOR flash memory (English: NOR flash, where "NOR" is taken from the initials of its inventor's company) is a relatively common non-volatile memory at present. It supports on-chip execution (execute on chip), that is, it supports program direct execution. Executed within the flash memory chip. Therefore, in embedded systems, NOR flash memory is more suitable as a storage medium for startup programs.

SoC refers to an integrated circuit that integrates a processing core, memory, peripheral interfaces and other computer components onto a single chip. SoC can process digital signals, analog signals or mixed signals, etc. The SoC provided in the embodiment of this application is integrated with a flash memory controller, and the SoC can access the flash memory deployed off-chip. For example, FIG. 1 is a schematic structural diagram of an SoC provided by an embodiment of the present application. As shown in FIG. 1 , SoC 100 includes a processing core 101 , a memory 102 and a flash memory controller 103 . The processing core 101, the memory 102 and the flash memory controller 103 are connected through an on-chip bus 104. Optionally, the on-chip bus 104 includes, but is not limited to, an advanced extensible interface (AXI) bus, an advanced peripheral bus (APB), an advanced high-performance bus (AHB) or Advanced system bus (ASB).

Among them, the processing core 101 is the core unit responsible for calculation inside the SoC 100 . The processing core 101 is, for example, a central processing unit (CPU) core.

Memory 102 is a storage medium within SoC 100 . Memory 102 includes random access memory (RAM). RAM is a volatile memory that supports reading and writing data at any time, but the data will be lost once the power is turned off. In the embodiment of the present application, RAM is used as a running memory to store computer programs that the processing core 101 needs to execute. An executable computer program is usually deployed with a code segment/text segment, a data segment, a block started by symbol (BSS) segment, a stack and a heap. The contents in the code segment usually remain unchanged during the running of the computer program, while the contents in the data segment, BSS segment, stack and heap will change during the running of the computer program. RAM can be used to store code segments, data segments, BSS segments, stacks, heaps, etc.

Optionally, the memory 102 also includes other storage media such as read-only memory (ROM) and/or one-time programmable memory (eFuse). Among them, ROM is a kind of non-volatile memory. The data stored in ROM will be saved permanently and the data will not be lost after power failure. ROM only supports reading out stored data and does not support writing or deleting data. In the embodiment of the present application, the ROM is used to store the basic program files required for the operation of the processing core 101 after the SoC 100 is powered on or reset. The program files here refer to the codes and data (including variables, etc.) required for the operation of the computer program, including But not limited to code segments and data segments. One-time programmable memories are often used to store security-related information. In the embodiment of the present application, the one-time programmable memory is used to store key-related information, such as the key or the hash value of the key.

The flash memory controller 103 is a device inside the SoC 100 used to control off-chip flash memory. The processing core 101 accesses the off-chip flash memory through the flash memory controller 103 . The access types of the processing core 101 to the flash memory include reading, writing and erasing. Reading refers to reading the contents stored in the flash memory. Writing means writing new content to the flash memory. Erase refers to deleting the original content in flash memory.

Optionally, the SoC 100 also includes a peripheral interface 105, which is connected to the processing core 101 and the memory 102 through the on-chip bus 104. The processing core 101 can receive externally input commands or data through a peripheral interface.

The SoC 100 shown in FIG. 1 is only exemplary. During the implementation process, the SoC 100 may also include other computer components, which will not be listed one by one in the embodiment of this application.

Currently, in the embedded miniaturization scenario, in order to save costs, the code can be directly deployed and run on flash memory. For example, for the SoC 100 shown in Figure 1, the RAM inside the SoC 100 is used as the stack space. The processing core 101 directly reads the program file from the off-chip flash memory and executes the code therein, without the need to convert the read program file into the SoC 100. The code is moved to memory 102. This scenario is called execute in place (XIP). But this application scenario brings some security risks. Since the code is stored in the flash memory, and the access interface rate of the flash memory is low, even if the processing core completes the security verification of the code in the flash memory before accessing the flash memory, it will not be until the processing core successfully accesses the code in the flash memory after the verification passes. During the process, there is still a time window for being attacked. During this time window, an attacker may gain access to the flash memory and tamper with the code in the flash memory, causing the processing core to be unable to access the original code in the flash memory and thus unable to operate normally.

Based on this, this application provides a data protection method for flash memory. By configuring the protection function for flash memory on the controller deployed between the processing core and the flash memory, for example, configuring the protection address range of the flash memory in the controller, if the processing core wants to modify the content corresponding to the protection address range in the flash memory, Then the controller prevents the modification behavior, thereby protecting the content corresponding to the protected address range in the flash memory from being tampered with, realizing the data anti-tampering function for the flash memory, and improving the security and reliability of the data in the flash memory.

Optionally, the above-mentioned controller configured with a protection function for flash memory is a flash memory controller inside the SoC or a programmable logic controller deployed between the SoC and the flash memory. For example, Figure 2 and Figure 3 are respectively schematic diagrams of an application scenario provided by the embodiment of the present application. As shown in Figure 2, the application scenario includes SoC 100 and flash memory 200. As shown in Figure 3, the application scenario includes SoC 100, flash memory 200 and programmable logic controller 300. The programmable logic controller 300 is deployed between SoC 100 and flash memory 200. The structure of the SoC 100 is illustrated in FIG. 1 . The processing core 101 in the SoC 100 can access the flash memory 200 through the flash memory controller 103.

The flash memory 200 supports data being read, data being written, and data being erased. Optionally, the flash memory 200 is used to store program files, which include code segments, data segments, etc. The processing core 101 in the SoC 100 can directly execute the code on the flash memory 200 through the flash memory controller 103, and the corresponding data segment, BSS segment, heap and stack are deployed in the memory 102. The flash memory 200 is also used to store software packages, firmware and other data. The flash memory 200 is, for example, a NOR type flash memory.

In the application scenario shown in FIG. 2 , the flash memory controller 103 in the SoC 100 is connected to the flash memory 200 through the inter-chip bus 400 . The SoC 100 and the flash memory 200 may be installed on separate chips, or may be installed on the same chip.

In the application scenario shown in FIG. 3 , the flash memory controller 103 in the SoC 100 is connected to the programmable logic controller 300 through the inter-chip bus 400 , and the programmable logic controller 300 and the flash memory 200 are connected through the inter-chip bus 400 . The SoC 100, the programmable logic controller 300 and the flash memory 200 may be respectively provided on separate chips, or may be at least partially or entirely provided on the same chip.

Optionally, the programmable logic controller 300 is a programmable logic device (PLD), including but not limited to a complex programmable logic device (CPLD), a field-programmable logic gate array (field-programmable logic device). programmable gate array (FPGA), general array logic (GAL) or any combination thereof.

The inter-chip bus 400 is any type of communication bus used to interconnect different devices, such as a system bus.

Optionally, the flash memory controller 103 is provided with two access modes, including a direct access mode and an indirect access mode. When the flash memory controller 103 is in the direct access mode, the processing core 101 directly reads the content corresponding to the address in the flash memory 200 by sending the address. For example, the running pointer (such as a program counter (PC) pointer) of the processing core 101 directly points to a certain program address of the flash memory 200, and then the flash memory controller 103 constructs a command word with an access type of read, and based on the command word The corresponding program file is read from the flash memory 200 to the processing core 101 with the address provided by the processing core 101, and the processing core 101 executes the code in the program file. That is to say, when the flash memory controller 103 is in the direct access mode, the processing core 101 can read the contents of the flash memory 200 without running software code. When the flash memory controller 103 is in the indirect access mode, the processing core 101 constructs a command word to access the flash memory 200 by running the software code, and then reads the content corresponding to the address from the flash memory 200 by sending the command word and address, and sends the command word to the flash memory 200 . The address writes content or erases the content corresponding to the address in the flash memory 200 . That is to say, when the flash memory controller 103 is in the indirect access mode, the processing core 101 needs to run software code to complete the read, write or erase operation for the flash memory 200 . In the embodiment of the present application, the processing core 101 accessing the flash memory 200 when the flash memory controller 103 is in the indirect access mode is called the processing core 101 indirectly accessing the flash memory 200. The processing core 101 accessing the flash memory 200 when the flash memory controller 103 is in the direct access mode. Access to the flash memory 200 is called direct access by the processing core 101 to the flash memory 200 .

It is worth noting that the flash memory controller 103 can only enable one access mode at the same time. When the flash memory controller 103 is in the direct access mode, only the read operation of the flash memory 200 by the processing core 101 is supported. When the flash memory controller 103 is in the indirect access mode, the processing core 101 supports read, write and erase operations on the flash memory 200 . Optionally, the access mode of the flash memory controller 103 is switched under the control of the processing core 101 . For example, the flash memory controller 103 receives a mode switching instruction sent by the processing core 101. The mode switching instruction is used to instruct the flash memory controller 103 to switch from the direct access mode to the indirect access mode, or from the indirect access mode to the direct access mode. For example, when the processing core 101 needs to directly run the code (XIP) in the flash memory 200, the processing core 101 controls the flash memory controller 103 to switch to the direct access mode. When the processing core 101 needs to modify the content in the flash memory 200, the processing core 101 controls the flash memory controller 103 to switch to the indirect access mode.

The embodiments of the present application provide detailed descriptions of the technical solutions of the present application for the two application scenarios shown in Figures 2 and 3 above.

The first optional embodiment of this application is applied to the application scenario shown in Figure 2. The technical solution is as follows: the flash memory controller receives an access command for the flash memory sent by the processing core, and the access command includes a command word and an access address. The command word is used to indicate the access type of the access command, which includes read, write or erase. The access address is used to indicate the address range accessed by the access command in the flash memory. If the command word indicates that the access type of the access command is write or erase, and the access address belongs to the protected address range of the flash memory configured in the flash memory controller, the flash memory controller intercepts the access command. In the embodiment of the present application, by configuring the protection function for flash memory on the flash memory controller, for example, configuring the protection address range of the flash memory in the flash memory controller, if the processing core wants to modify the content corresponding to the protection address range in the flash memory, the flash memory The controller prevents this modification behavior, thereby protecting the content corresponding to the protected address range in the flash memory from being tampered with, realizing the data anti-tampering function for the flash memory, and improving the security and reliability of the data in the flash memory.

The following embodiments of this application take the flash memory controller configured with two access modes as an example for description. For example, FIG. 4 is a schematic flowchart of a data protection method 400 provided by an embodiment of the present application. As shown in Figure 4, the method 400 includes but is not limited to the following steps 401 to 407. Among them, steps 401 to 403 show that the flash memory controller protects the contents of the flash memory from tampering in the indirect access mode. Steps 404 to 407 illustrate the access permission control of the flash memory by the flash memory controller in the direct access mode.

Step 401: The flash memory controller receives the access command 11 for the flash memory sent by the processing core in the indirect access mode. The access command 11 includes the command word 11 and the access address 11.

Command word 11 is used to indicate the access type of access command 11. The access type of access command 11 includes read, write or erase. Access address 11 is used to indicate the address range accessed by the access command 11 in the flash memory. Among them, command word 11 is generated by the processing core by running software code. Optionally, if the access type of the access command 11 is writing, the access command 11 also includes content to be written.

Before executing step 401, the processing core needs to ensure that the flash memory controller is in indirect access mode. For example, the processing core first sends a mode switching instruction 11 to the flash memory controller. The mode switching instruction 11 is used to instruct the flash memory controller to switch from the direct access mode to the indirect access mode. Then the processing core generates and issues the access command 11. If the flash memory controller is in the direct access mode when it receives the mode switching command 11, the flash memory controller switches to the indirect access mode, and then receives and processes the access command 11 in the indirect access mode.

Step 402: If the command word 11 indicates that the access type of the access command 11 is write or erase, and the access address 11 belongs to the protection address range of the flash memory configured in the flash memory controller, the flash memory controller intercepts the access command 11.

Command word 11 indicates that the access type of access command 11 is write or erase, which means that access command 11 will modify the contents of the flash memory. After the flash memory controller receives the access command sent by the processing core in the indirect access mode, it will determine whether the access command will modify the protection address range corresponding to the flash memory configured in the flash memory controller based on the command word and access address in the access command. content. If the access command will modify the content corresponding to the protected address range in the flash memory, the flash memory controller intercepts the access command to prevent the modification, thereby protecting the content corresponding to the protected address range in the flash memory from being tampered with.

Optionally, after determining that the access command sent by the processing core will modify the content corresponding to the protected address range of the flash memory configured in the flash memory controller, the flash memory controller issues an alarm prompt, which is used to indicate that the flash memory is at risk of being tampered with, so that Operation and maintenance personnel promptly investigate attacks.

Optionally, a program file is deployed in the flash memory, and the protection address range of the flash memory configured in the flash memory controller includes the address range of the program file in the flash memory. The program file includes code segments and data segments. In this way, the flash memory controller can protect the program file in the flash memory from being tampered with and ensure that the processing core can run the code in the program file normally. Optionally, the flash memory is also used to store other contents besides program files, such as software packages or firmware. The protection address range of the flash memory configured in the flash memory controller also includes the address range of other contents in the flash memory to protect this part of the contents. Not tampered with. The protection address range in the flash memory controller can be configured according to actual needs, and this is not limited in the embodiments of this application.

Step 403. If the command word 11 indicates that the access type of the access command 11 is read, the flash memory controller reads the content corresponding to the access address 11 from the flash memory based on the command word 11 and the access address 11, and sends the content corresponding to the access address 11 to Process core.

Command word 11 indicates that the access type of access command 11 is read, which means that access command 11 will not modify the contents of the flash memory. If the flash memory controller receives a read command sent by the processing core in indirect access mode, the flash memory controller directly reads the corresponding content from the flash memory and sends the read content to the processing core to help the processing core complete the processing of the flash memory. access. Alternatively, if the flash memory controller receives a write command or erase command sent by the processing core in the indirect access mode but the access address does not fall within the configured protection address range, the flash memory controller executes the write command or erase command for the flash memory.

Step 404: The flash memory controller receives the access command 12 for the flash memory sent by the processing core in the direct access mode. The access command 12 includes the access address 12.

The access address 12 is used to indicate the address range accessed by the access command 12 in the flash memory. Access command 12 is a read command. Before executing step 404, the processing core needs to ensure that the flash memory controller is in direct access mode. For example, the processing core first sends a mode switching instruction 12 to the flash memory controller. The mode switching instruction 12 is used to instruct the flash memory controller to switch from the indirect access mode to the direct access mode, and then the processing core sends the access command 12. If the flash memory controller is in the indirect access mode when it receives the mode switching command 12, the flash memory controller switches to the direct access mode, and then receives and processes the access command 12 in the direct access mode.

Step 405: If the access address 12 does not belong to the readable address range of the flash memory configured in the flash memory controller, the flash memory controller intercepts the access command 12.

After receiving the access command sent by the processing core in the direct access mode, the flash memory controller will determine whether the content to be read by the access command is within the configured readable address range based on the access address in the access command. If the content to be read by the access command is not within the configured readable address range, the flash memory controller intercepts the access command to prevent the reading behavior of the processing core.

Optionally, after determining that the content to be read by the access command sent by the processing core is not within the configured readable address range, the flash memory controller issues an error prompt, and the error prompt is used to indicate that the access address of the processing core is incorrect.

In the embodiment of the present application, by configuring the readable address range of the flash memory in the flash memory controller, the processing core can only read the content corresponding to the readable address range in the flash memory when the flash memory controller is in the direct access mode, realizing Access control. For example, if the address range of a program file stored in the flash memory is configured as a readable address range, the processing core can read the program file in the flash memory through direct access and run the code segment in the program file. Correspondingly, other addresses in the flash memory except the address range of the program file are configured as unreadable address ranges to ensure that the processing core cannot read the contents corresponding to the unreadable address range in the flash memory through direct access.

Optionally, the readable address range of the flash memory configured in the flash memory controller is the same as the protected address range of the configured flash memory.

In the embodiment of this application, by configuring the same readable address range and protected address range in the flash memory controller, the content corresponding to the protected address range in the flash memory cannot be tampered with, and the processing core can only read it when directly accessing the flash memory. The content corresponding to the readable address range can ensure that the content read from the flash memory by the processing core through direct access has not been tampered with, thereby improving the operational reliability of the processing core. For example, when the configured protection address range and readable address range include a program file deployed in flash memory, by configuring the protection function for the program file in the flash memory controller, the content of the program file cannot be modified and only the program file can be modified. Program files are readable in direct access mode, that is, the processing core can only directly run protected program files in flash memory. This avoids the situation where an attacker modifies an unprotected program file in the flash memory and modifies the running pointer of the processing core to point to the address of the modified program file, causing the processing core to read and run incorrect code from the flash memory.

Step 406: If the access address 12 belongs to the readable address range of the flash memory configured in the flash memory controller, the flash memory controller generates a command word 12. The command word 12 is used to indicate that the access type of the access command 12 is read.

Step 407: The flash memory controller reads the content corresponding to the access address 12 from the flash memory based on the command word 12 and the access address 12, and sends the content corresponding to the access address 12 to the processing core.

Optionally, the content corresponding to the access address 12 includes a code segment, and the processing core directly runs the code segment after receiving the code segment. Optionally, the content corresponding to the access address 12 also includes the data segment, BSS segment, heap and stack. After the processing core receives the data segment, BSS segment, heap and stack, etc., it saves these contents in the memory inside the SoC. On, for example, RAM, the software and hardware environment deployment for on-chip execution is completed.

In the embodiment of the present application, before the above-mentioned steps 401 to 403 are executed, the protection address range of the flash memory needs to be configured in the flash memory controller for use by the flash memory controller in the indirect access mode. Before the above steps 404 to 407 are executed, the readable address range of the flash memory needs to be configured in the flash memory controller for use by the flash memory controller in the direct access mode. To ensure configuration security and reliability, the flash controller can be configured through trusted components. Trusted components are components that have been verified and run in a secure environment. The embodiment of this application ensures the trustworthiness of components through the hardware isolation mechanism in the SoC. The components here refer to program files that process core operation. For example, before the above steps 401 to 403 are executed, the following steps S11 to S12 are executed.

In step S11, the processing core configures the protection address range of the flash memory in the flash memory controller by running the first trusted program.

Optionally, the first trusted program is a program that is stored in the memory inside the SoC and has been verified. The processing core configures the protection address range of the flash memory in the flash memory controller so that the contents corresponding to the protection address range in the flash memory of the flash memory controller are not tampered with in the indirect access mode.

In step S12, the processing core verifies the content corresponding to the protected address range in the flash memory by running the second trusted program.

Optionally, the second trusted program is a program that is stored in the memory inside the SoC and has been verified. After the processing core determines that the content corresponding to the protected address range in the flash memory has passed the verification, it then executes the above step 401.

In the embodiment of the present application, the protection address range of the flash memory is first configured in the flash memory controller, and then the content corresponding to the protection address range in the flash memory is verified. In this way, after the verification of the content corresponding to the protected address range in the flash memory passes, if the flash memory controller receives a modification instruction for the content corresponding to the protected address range in the flash memory, the flash memory controller intercepts the modification instruction to prevent the modification. The modification of the flash memory can prevent the verified content in the flash memory from being tampered with during the time window from when the processing core verification is passed to when the flash memory is accessed, thereby improving the security and reliability of the data in the flash memory.

Optionally, the above steps S11 to S12 are executed by the processing core during the secure boot process. During the safe startup process, the processing core follows the principle of "verify first, then execute" to complete trust chain verification. That is, the program file currently running in the processing core is responsible for verifying the program file to be run in the next stage, and waits until the next stage to be run. After the program file becomes the program file currently run by the processing core, it continues to verify the new program file to be run in the next stage, and the cycle repeats. For example, the SoC includes ROM and RAM. The ROM stores the basic program files required for the processing core to run after the SoC is powered on or reset, which is called the first program file here. Optionally, the SoC also includes one-time programmable memory. The hash value of the key is stored in the one-time programmable memory. Then, before the above-mentioned steps S11 to step S12 are executed, the following steps S13 to step S15 are first executed.

In step S13, after the SoC is powered on or reset, the processing core reads the second program file and the first signature in the flash memory through the flash memory controller by running the first program file in the ROM, and transfers the read second program file The file and first signature are saved in RAM.

Wherein, the first signature is generated based on the first private key and the contents of the second program file. For example, the first signature is a signature of the content of the second program file using the first private key, or the first signature is a signature of a hash value of the content of the second program file using the first private key. Optionally, the first private key is the private key of the publisher of the second program file. Before writing the second program file to the flash memory, the publisher first writes the second program file based on his own private key and the second program file's private key. The content generates a first signature, and then packages and writes the public key corresponding to its own private key (i.e., the first public key), the first signature, and the second program file into the flash memory. The first program file in ROM is the root of trust.

Optionally, in this step S13, the processing core reads the second program file and the first signature in the flash memory when the flash memory controller is in the direct access mode. That is to say, before executing step S13, the processing core needs to ensure that the flash memory controller is in the direct access mode.

In order to facilitate readers' understanding, signature and signature verification are briefly introduced below. Digital signature (signature for short) is a means of protecting the sender's data. The sender signs the message using the private key. No third party without the private key can forge the signature. Any third party who possesses the public key corresponding to the private key held by the sender can verify the signature to confirm the source and integrity of the message. After receiving the data, the recipient uses the public key to verify the signature and outputs a Boolean value indicating that the signature is legal (passed the signature verification) or illegal (failed the signature verification). If the signature verification passes, it means that the data has not been tampered with. If the signature verification fails, it means the data has been tampered with. Signature verification can be used to verify the integrity of the data (not tampered with) and the reliability of the data source (not false data or forged data).

In step S14, the processing core uses the first public key corresponding to the first private key to verify the first signature.

Optionally, the hash value of the first public key is pre-stored in the one-time programmable memory, and the processing core first uses the hash value of the first public key to verify the first public key carried in the second program file. After the processing core passes the verification of the first public key, it then uses the first public key to verify the first signature. Alternatively, the first public key is stored in the one-time programmable memory. In this implementation, the second program file does not need to carry the first public key. Since the information stored in the one-time programmable memory cannot be changed, the reliability of the security verification can be guaranteed.

In step S15, after passing the verification of the first signature, the processing core acquires the first trusted program and the second trusted program from the second program file saved in the RAM.

After the verification of the first signature is passed, it is determined that the second program file stored in the RAM is a trusted program file. Afterwards, the processing core acquires the first trusted program and the second trusted program from the second program file saved in the RAM, and continues to execute the above steps S11 to S12.

Optionally, an implementation manner of the above step S12 includes: the processing core reads the content corresponding to the protected address range and the second signature in the flash memory through the flash memory controller by running the second trusted program, and transfers the read The content corresponding to the protected address range and the second signature are stored in the random access memory. The processing core uses the second public key corresponding to the second private key to verify the second signature.

The second signature is generated based on the second private key and the content corresponding to the protected address range in the flash memory. For example, the second signature uses the second private key to sign the content corresponding to the protected address range in the flash memory, or the second signature uses the second private key to sign the hash value of the content corresponding to the protected address range in the flash memory. sign. Optionally, the second private key is the private key of the publisher of the content corresponding to the protected address range in the flash memory. The publisher of the content corresponding to the protected address range first writes the content according to his own private key before writing the content to the flash memory. Generate a second signature with the content, and then package the public key (second public key) corresponding to your private key, the second signature, and the content into the flash memory.

Optionally, the second program file includes a hash value of the second public key, and the processing core first uses the hash value of the second public key to verify the second public key read from the flash memory. After the processing core passes the verification of the second public key, it then uses the second public key to verify the second signature. Alternatively, the second program file includes the second public key, and the publisher of the content corresponding to the protection address range in the flash memory does not need to package the second public key and write it into the flash memory.

The implementation method of configuring the readable address range in the flash memory controller may refer to the above-mentioned implementation method of configuring the protection address range in the flash memory controller, which will not be described in detail here. Optionally, when the readable address range configured in the flash memory controller is the same as the protected address range, in the above step S11, the processing core configures the protected address range of the flash memory in the flash memory controller and enables the flash memory controller. The protected address range stored in is a readable address range.

Optionally, after the above step S11 is executed, the processing core locks the protection function configuration of the flash memory controller for the flash memory by running a third trusted program. Optionally, the processing core obtains the third trusted program from the second program file saved in the RAM. The flash memory controller's protection function configuration for flash memory is locked, which means that the flash memory controller's protection function configuration for flash memory cannot be modified. The protection function configuration of the flash memory controller for the flash memory includes anti-tampering configuration and/or access permission control configuration. Among them, the anti-tampering configuration includes configuring the protection address range of the flash memory on the flash memory controller, and configuring the flash memory controller to protect the content corresponding to the protection address range in the flash memory from being tampered with in the indirect access mode. The access control configuration includes configuring the readable address range of the flash memory on the flash memory controller, and configuring the content corresponding to the readable address range in the read-only flash memory of the flash memory controller in direct access mode. In other words, during the secure boot process, the processing core inside the SoC first configures the flash memory protection function in the flash memory controller, then locks the flash memory controller's flash memory protection function configuration, and then secures the protected content in the flash memory. Verification, which ensures that the protected content in the flash memory cannot be tampered with after passing the security verification of the processing core.

Optionally, the flash memory controller includes a flash memory protection function register and a flash memory protection lock register. The flash protection function register is protected by the flash protection lock register. The processing core configures the flash memory protection function in the flash memory controller, for example, configuring the protection address range and/or the readable address range in the flash memory protection function register. Processes the configuration of the core lock flash controller's protection functions for flash memory, such as configuring the flash protection lock register. After the flash protection lock register is configured, the configuration content of the flash protection function register cannot be modified before the SoC is reset. After the SoC is reset, the flash protection lock register returns to the default value (unlocked state). At this time, the flash protection function register can be modified, and the processing core can reconfigure the flash protection function in the flash memory controller.

In the data protection method provided by the embodiment of the present application, the protection function for flash memory is configured on the flash memory controller. For example, the protection address range of the flash memory is configured in the flash memory controller so that the processing core cannot modify the content corresponding to the protection address range in the flash memory when the flash memory controller is in indirect access mode, so that the content corresponding to the protection address range in the flash memory is not Tampering, improving the security and reliability of data in flash memory. Another example is configuring the readable address range of the flash memory in the flash memory controller, so that when the flash memory controller is in direct access mode, the processing core can only read the content corresponding to the readable address range in the flash memory to implement access control.

The sequence of the steps of the above-mentioned data protection method provided by the embodiments of the present application can be adjusted appropriately, and the steps can also be increased or decreased accordingly according to the situation. For example, the above-mentioned steps 404 to 407 and the above-mentioned steps 401 to 403 can be executed independently, and there is no step sequence relationship between the above-mentioned steps 404 to 407 and the above-mentioned steps 401 to 403. Any person familiar with the technical field can easily think of modified methods within the technical scope disclosed in this application, and they should be covered by the protection scope of this application. For example, under the inventive concept provided by the embodiments of this application, the same flash memory can be implemented to support multi-user code isolation. An administrator can manage the code read, write and erase permissions in different address ranges on the flash memory. The administrator can change the flash memory controller when switching users. The protected address range and readable address range configured in , enable multiple users to only access the code in the corresponding address range, achieving code isolation between multiple users.

The second optional embodiment of the present application is applied to the application scenario shown in Figure 3. The technical solution is as follows. The programmable logic controller receives an access command for the flash memory sent by the on-chip system. The access command includes a command word and an access address. The command word is used to indicate the access type of the access command, which includes read, write or erase. The access address is used to indicate the address range accessed by the access command in the flash memory. If the command word indicates that the access type of the access command is write or erase, and the access address belongs to the protected address range of the flash memory configured in the programmable logic controller, the programmable logic controller intercepts the access command. In the embodiment of the present application, a programmable logic controller is deployed between the system-on-chip and the flash memory, and the protection function for the flash memory is configured on the programmable logic controller. For example, the protection address range of the flash memory is configured in the programmable logic controller. , if the processing core inside the on-chip system wants to modify the content corresponding to the protected address range in the flash memory, the programmable logic controller prevents the modification behavior, thereby protecting the content corresponding to the protected address range in the flash memory from being tampered with, realizing the goal of flash memory The data anti-tampering function can improve the security and reliability of data in flash memory.

The following embodiments of this application take the flash memory controller configured with two access modes as an example for description. Optionally, the programmable logic controller is also set with two access modes, including direct access mode and indirect access mode. In this case, the access pattern of the programmable logic controller is consistent with the access pattern of the flash memory controller. That is, when the flash memory controller is in direct access mode, the programmable logic controller is also in direct access mode. When the flash controller is in indirect access mode, the programmable logic controller is also in indirect access mode.

Optionally, the access mode of the programmable logic controller is controlled by the processing core and switched together with the flash memory controller. For example, the programmable logic controller receives a mode switching instruction sent by the SoC. The mode switching instruction is used to instruct the programmable logic controller to switch from direct access mode to indirect access mode, or from indirect access mode to direct access mode. For example, when the processing core needs to directly run code in flash memory (XIP), the processing core controls the flash memory controller and programmable logic controller to switch to direct access mode. When the processing core needs to modify the contents of the flash memory, the processing core controls the flash memory controller and the programmable logic controller to switch to the indirect access mode.

Alternatively, the programmable logic controller may have only one access mode, or no access mode may be set in the programmable logic controller. In this case, no matter which access mode the flash memory controller is in, the programmable logic controller uses the same processing logic to process the access command for the flash memory sent by the SoC.

The following embodiments of this application take a programmable logic controller equipped with two access modes as an example for description. For example, FIG. 5 is a schematic flowchart of another data protection method provided by an embodiment of the present application. As shown in Figure 5, the method 500 includes but is not limited to the following steps 501 to 506. Among them, steps 501 to 503 show that the programmable logic controller protects the contents of the flash memory from tampering in the indirect access mode. Steps 504 to 506 illustrate the access permission control of the programmable logic controller to the flash memory in the direct access mode.

Step 501: The programmable logic controller receives the access command 21 for the flash memory sent by the SoC in the indirect access mode. The access command 21 includes the command word 21 and the access address 21.

The command word 21 is used to indicate the access type of the access command 21. The access type of the access command 21 includes read, write or erase. The access address 21 is used to indicate the address range accessed by the access command 21 in the flash memory. Among them, the command word 21 is generated by the processing core inside the SoC by running software code, that is, the command word in the access command received by the programmable logic controller in the indirect access mode is generated by the processing core. Optionally, if the access type of the access command 21 is writing, the access command 21 also includes content to be written.

Before executing step 401, the processing core inside the SoC needs to ensure that the programmable logic controller is in indirect access mode. For example, the processing core first sends a mode switching instruction 21 to the programmable logic controller. The mode switching instruction 21 is used to instruct the programmable logic controller to switch from the direct access mode to the indirect access mode. Then the processing core generates and issues the access command 21 . If the programmable logic controller is in the direct access mode when it receives the mode switching command 21, the programmable logic controller switches to the indirect access mode, and then receives and processes the access command 21 in the indirect access mode.

Step 502: If the command word 21 indicates that the access type of the access command 21 is write or erase, and the access address 21 belongs to the protection address range of the flash memory configured in the programmable logic controller, the programmable logic controller intercepts the access command 21.

The command word 21 indicates that the access type of the access command 21 is write or erase, which means that the access command 21 will modify the content in the flash memory. After the programmable logic controller receives the access command sent by the processing core in the indirect access mode, it will determine whether the access command will modify the protection of the flash memory configured in the programmable logic controller based on the command word and access address in the access command. The content corresponding to the address range. If the access command will modify the content corresponding to the protected address range in the flash memory, the programmable logic controller intercepts the access command to prevent the modification, thereby protecting the content corresponding to the protected address range in the flash memory from being tampered with.

Optionally, after determining that the access command sent by the processing core will modify the content corresponding to the protection address range of the flash memory configured in the programmable logic controller, the programmable logic controller issues an alarm prompt, which is used to indicate that the flash memory has been accessed. Tampering risks allow operation and maintenance personnel to detect attacks in a timely manner.

Optionally, a program file is deployed in the flash memory, and the protection address range of the flash memory configured in the programmable logic controller includes the address range of the program file in the flash memory. The program file includes code segments and data segments. In this way, the programmable logic controller can protect the program files in the flash memory from being tampered with and ensure that the processing core inside the SoC can normally run the code in the program file. Optionally, the flash memory is also used to store other contents besides program files, such as software packages or firmware. The protection address range of the flash memory configured in the programmable logic controller also includes the address range of other contents in the flash memory to protect the Some content has not been tampered with. The protection address range in the programmable logic controller can be configured according to actual needs, and this is not limited in the embodiments of this application.

Step 503: If the command word 21 indicates that the access type of the access command 21 is read, the programmable logic controller transparently transmits the access command 21 and the content read by the SoC from the flash memory based on the access command 21.

The command word 21 indicates that the access type of the access command 21 is read, which means that the access command 21 will not modify the content in the flash memory. Optionally, if the programmable logic controller receives a read command sent by the SoC in indirect access mode, or receives a write command or erase command sent by the SoC but the access address does not belong to the configured protection address range, the programmable logic controller The controller directly transparently transmits the read command to the flash memory and the content read from the flash memory based on the read command to the SoC.

Step 504: The programmable logic controller receives the access command 22 for the flash memory sent by the SoC in the direct access mode. The access command 22 includes the command word 22 and the access address 22.

The command word 22 is used to indicate that the access type of the access command 22 is read. The access address 22 is used to indicate the address range accessed by the access command 22 in the flash memory. Among them, the command word 22 is generated by the flash memory controller inside the SoC, that is, the command word in the access command received by the programmable logic controller in the direct access mode is generated by the flash memory controller.

Before executing step 504, the processing core inside the SoC needs to ensure that the programmable logic controller is in direct access mode. For example, the processing core first sends a mode switching instruction 22 to the programmable logic controller. The mode switching instruction 22 is used to instruct the programmable logic controller to switch from the indirect access mode to the direct access mode. Then the processing core sends a read command to the flash memory. The controller generates the command word and proceeds to issue access command 22. If the programmable logic controller is in the indirect access mode when it receives the mode switching instruction 22, the programmable logic controller switches to the direct access mode, and then receives and processes the access command 22 in the direct access mode.

Step 505: If the access address 22 does not belong to the readable address range of the flash memory configured in the programmable logic controller, the programmable logic controller intercepts the access command 22.

After the programmable logic controller receives the access command sent by the processing core in the direct access mode, it will determine whether the content to be read by the access command is within the configured readable address range based on the access address in the access command. If the content to be read by the access command is not within the configured readable address range, the programmable logic controller intercepts the access command to prevent the SoC from reading.

Optionally, after determining that the content to be read by the access command sent by the SoC is not within the configured readable address range, the programmable logic controller issues an error prompt, which is used to indicate that the access address of the processing core is incorrect.

In the embodiment of the present application, by configuring the readable address range of the flash memory in the programmable logic controller, the SoC can only read the address corresponding to the readable address range in the flash memory when the programmable logic controller is in the direct access mode. content to implement access control. For example, if the address range of a program file stored in the flash memory is configured as a readable address range, the processing core inside the SoC can read the program file in the flash memory and run the code segment in the program file through direct access. Correspondingly, other addresses in the flash memory except the address range of the program file are configured as unreadable address ranges to ensure that the processing core cannot read the contents corresponding to the unreadable address range in the flash memory through direct access.

Optionally, the readable address range of the flash memory configured in the programmable logic controller is the same as the protected address range of the configured flash memory.

In the embodiment of this application, by configuring the same readable address range and protected address range in the programmable logic controller, the content corresponding to the protected address range in the flash memory cannot be tampered with, and the processing core inside the SoC cannot directly access the flash memory. Only the content corresponding to the readable address range can be read, so it can be ensured that the content read from the flash memory by the processing core through direct access has not been tampered with, thus improving the operational reliability of the processing core. For example, when the configured protection address range and readable address range include a program file deployed in flash memory, by configuring the protection function for the program file in the programmable logic controller, the content of the program file cannot be modified and Only the program file is readable in direct access mode, that is, the processing core inside the SoC can only directly run the protected program file in the flash memory. This avoids the situation where the attacker modifies unprotected program files in the flash memory and modifies the running pointer of the processing core inside the SoC to point to the address of the modified program file, causing the processing core to read and run incorrect code from the flash memory.

Step 506: If the access address 22 belongs to the readable address range of the flash memory configured in the programmable logic controller, the programmable logic controller transparently transmits the access command 22 and the content read by the SoC from the flash memory based on the access command 22.

The implementation of step 506 may refer to the implementation of step 503 above, which will not be described again in this embodiment of the present application.

It is worth noting that when the programmable logic controller has only one access mode, different from the above step 503, after the programmable logic controller receives the read command for the flash memory sent by the SoC, it directly responds according to the read command in the read command. The access address determines whether the content to be read by the read command is within the configured readable address range. If the content to be read by the read command is not within the configured readable address range, the programmable logic controller intercepts the read command to prevent the SoC from reading the flash memory. That is to say, when the programmable logic controller has only one access mode, after the programmable logic controller receives the read command for the flash memory sent by the SoC, it executes the above steps 505 and 506.

In the embodiment of the present application, before the above-mentioned steps 501 to 503 are executed, the protection address range of the flash memory needs to be configured in the programmable logic controller for use by the programmable logic controller in the indirect access mode. Before the above steps 504 to 506 are performed, the readable address range of the flash memory needs to be configured in the programmable logic controller for use by the programmable logic controller in the direct access mode. To ensure configuration security and reliability, the flash controller can be configured through trusted components. Trusted components are components that have been verified and run in a secure environment. The embodiment of this application ensures the trustworthiness of components through the hardware isolation mechanism in the SoC. The components here refer to program files that process core operation. For example, before the above-mentioned steps 501 to 503 are executed, the following steps S21 to step S24 are executed.

In step S21, the programmable logic controller receives the configuration command sent by the SoC, where the configuration command includes the protection address range of the flash memory.

This configuration command is generated and sent by the processing core inside the SoC. For example, the processing core configures the protected address range of the flash memory in the programmable logic controller by running the first trusted program. This implementation may refer to the implementation of the processing core configuring the protected address range of the flash memory in the flash memory controller in step S11 above. process.

In step S22, the programmable logic controller configures the protection address range in the programmable logic controller according to the configuration command.

Optionally, after the programmable logic controller completes the configuration of the protection address range, it sends a configuration completion response to the SoC, and then the SoC further verifies the content corresponding to the protection address range in the flash memory. For example, after the processing core determines that the programmable logic controller has completed the configuration of the protected address range of the flash memory, it verifies the content corresponding to the protected address range in the flash memory by running the second trusted program. The implementation method can be referred to the above. Step S12.

Optionally, the processing core inside the SoC sends configuration commands to the programmable logic controller during the secure boot process and verifies the content corresponding to the protected address range in the flash memory. For example, after the SoC is powered on or reset, the processing core inside the SoC performs a safe startup process, including but not limited to the following five steps. In the first step, the processing core runs the first program file in the ROM inside the SoC, reads the second program file and the first signature in the flash memory through the flash memory controller, and reads the second program file and the first signature. Save it in the RAM inside the SoC (corresponding to step S13 above). In the second step, the processing core uses the first public key corresponding to the first private key to verify the first signature (corresponding to the above step S14). In the third step, after the processing core passes the verification of the first signature, it obtains the first trusted program and the second trusted program from the second program file saved in the RAM (correspondingly, refer to the above-mentioned step S15). In the fourth step, the processing core configures the protection address range of the flash memory in the programmable logic controller by running the first trusted program. Specifically, it sends a configuration command containing the protection address range of the flash memory to the programmable logic controller (corresponding to the above). Step S21). In the fifth step, after determining that the programmable logic controller has completed configuring the protected address range of the flash memory, the processing core verifies the content corresponding to the protected address range in the flash memory by running the second trusted program.

In the embodiment of the present application, the protection address range of the flash memory is first configured in the programmable logic controller, and then the content corresponding to the protection address range in the flash memory is verified. In this way, after the verification of the content corresponding to the protected address range in the flash memory passes, if the programmable logic controller receives a modification instruction for the content corresponding to the protected address range in the flash memory, the programmable logic controller intercepts the modification Instructions are used to prevent modifications to the flash memory, thereby preventing the verified content in the flash memory from being tampered with during the time window from when the processing core passes the verification to accessing the flash memory, thereby improving the security and reliability of the data in the flash memory.

The implementation method of configuring the readable address range in the programmable logic controller may refer to the above-mentioned implementation method of configuring the protection address range in the programmable logic controller, which will not be described in detail here. Optionally, when the readable address range configured in the programmable logic controller is the same as the protected address range, the processing core carries an indication in the generated configuration instruction to indicate that the address range in the configuration instruction is the configured protection. address range and readable address range. After receiving the configuration instruction, the programmable logic controller configures the address range carried by the configuration instruction as a protected address range and a readable address range.

Optionally, after the above-mentioned step S22 is executed, the following steps S23 to S24 are continued to be executed.

In step S23, the programmable logic controller receives the lock command sent by the SoC.

In step S24, the programmable logic controller locks the protection function configuration of the programmable logic controller for the flash memory according to the lock command.

The protection function configuration of the programmable logic controller for the flash memory is locked, which means that the protection function configuration of the programmable logic controller for the flash memory cannot be modified. The protection function configuration of the programmable logic controller for flash memory includes anti-tamper configuration and/or access control configuration. Among them, the anti-tampering configuration includes configuring the protection address range of the flash memory on the programmable logic controller, and configuring the programmable logic controller to protect the content corresponding to the protection address range in the flash memory from being tampered with in the indirect access mode. The access control configuration includes configuring the readable address range of the flash memory on the programmable logic controller, and configuring the content corresponding to the readable address range in the read-only flash memory of the programmable logic controller in direct access mode. For example, during the secure boot process, the processing core inside the SoC first configures the protection function for flash memory in the programmable logic controller, then locks the protection function configuration of the programmable logic controller for flash memory, and then configures the protected content in the flash memory. Perform security verification to ensure that the protected content in the flash memory cannot be tampered with after passing the security verification of the processing core.

Optionally, the programmable logic controller includes a flash memory protection function register and a flash memory protection lock register. The flash protection function register is protected by the flash protection lock register. The programmable logic controller configures the flash memory protection function after receiving the configuration instruction sent by the SoC, for example, configuring the protection address range and/or the readable address range in the flash memory protection function register. After receiving the lock command sent by the SoC, the programmable logic controller locks the protection function configuration for the flash memory, such as configuring the flash memory protection lock register. After the flash protection lock register is configured, the configuration content of the flash protection function register cannot be modified before the SoC and programmable logic controller are reset. After the SoC and programmable logic controller are reset, the flash protection lock register returns to the default value (unlocked state). At this time, the flash protection function register can be modified, and the SoC can reconfigure the flash protection function in the programmable logic controller. Among them, SoC and programmable logic controller reset are synchronous.

In the data protection method provided by the embodiment of the present application, the protection function for flash memory is configured on the programmable logic controller. For example, the protection address range of the flash memory is configured in the programmable logic controller so that the processing core cannot modify the content corresponding to the protection address range in the flash memory when the programmable logic controller is in indirect access mode, thereby realizing the corresponding protection address range in the flash memory. The content is not tampered with, which improves the security and reliability of the data in the flash memory. Another example is configuring the readable address range of the flash memory in the programmable logic controller, so that when the programmable logic controller is in direct access mode, the processing core can only read the content corresponding to the readable address range in the flash memory to achieve access. Permission control.

The sequence of the steps of the above-mentioned data protection method provided by the embodiments of the present application can be adjusted appropriately, and the steps can also be increased or decreased accordingly according to the situation. For example, the above-mentioned steps 504 to 506 and the above-mentioned steps 501 to 503 can be executed independently, and there is no step sequence relationship between the above-mentioned steps 504 to 506 and the above-mentioned steps 501 to 503. Any person familiar with the technical field can easily think of modified methods within the technical scope disclosed in this application, and they should be covered by the protection scope of this application. For example, under the inventive concept provided by the embodiments of this application, the same flash memory can be implemented to support multi-user code isolation. An administrator can manage the code read, write and erase permissions in different address ranges on the flash memory. The administrator can change the programmable logic when switching users. The protected address range and readable address range configured in the controller enable multiple users to only access the code in the corresponding address range, achieving code isolation between multiple users.

The embodiment of the present application provides a data protection method, which is applied to a system on a chip. The system-on-chip includes processing cores and flash memory controllers. The method includes the following steps A101 to A102.

In step A101, the flash memory controller receives a first access command for the flash memory sent by the processing core. The flash memory is deployed outside the on-chip system. The first access command includes a first command word and a first access address. The first command word is In order to indicate the access type of the first access command, the access type includes read, write or erase, and the first access address is used to indicate the address range accessed by the first access command in the flash memory.

In step A102, if the first command word indicates that the access type of the first access command is write or erase, and the first access address belongs to the protection address range of the flash memory configured in the flash memory controller, the flash memory controller intercepts the first access command .

This method is specifically used to implement the above method 400. The first access command is, for example, access command 11, the first command word is, for example, command word 11, and the first access address is, for example, access address 11. For the specific implementation process of step A101 and step A102, refer to step 401 to step 402 in the above-mentioned method 400, which will not be described again in this embodiment of the present application.

Optionally, a program file is deployed in the flash memory, and the flash memory protection address range configured in the flash memory controller includes the address range of the program file.

Optionally, the implementation of the flash memory controller receiving the first access command sent by the processing core for the flash memory includes: the flash memory controller receiving the first access command sent by the processing core in the indirect access mode.

Optionally, the flash memory controller receives a second access command for the flash memory sent by the processing core in the direct access mode, the second access command includes a second access address, and the second access address is used to indicate where the second access command is located in the flash memory. Accessed address range. If the second access address does not belong to the readable address range of the flash memory configured in the flash memory controller, the flash memory controller intercepts the second access command. The second access command is, for example, access command 12 , the second command word is, for example, command word 12 , and the second access address is, for example, access address 12 . For the specific implementation process of this step, refer to steps 404 to 405 in the above-mentioned method 400, which will not be described again in the embodiment of the present application.

Optionally, if the second access address belongs to the readable address range of the flash memory configured in the flash memory controller, the flash memory controller generates a second command word, and the second command word is used to indicate that the access type of the second access command is read. The flash memory controller reads the content corresponding to the second access address from the flash memory based on the second command word and the second access address, and sends the content corresponding to the second access address to the processing core. For the specific implementation process of this step, refer to steps 406 to 407 in the above-mentioned method 400, which will not be described again in the embodiment of the present application.

Optionally, the readable address range of the flash memory configured in the flash memory controller is the same as the protection address range.

Optionally, if the first command word indicates that the access type of the first access command is read, the flash memory controller reads the content corresponding to the first access address from the flash memory based on the first command word and the first access address, and writes the first The content corresponding to the access address is sent to the processing core. For the specific implementation process of this step, refer to step 403 in the above-mentioned method 400, which will not be described again in the embodiment of the present application.

Optionally, the flash memory controller receives a mode switching instruction sent by the processing core, where the mode switching instruction is used to instruct the flash memory controller to switch from the direct access mode to the indirect access mode, or from the indirect access mode to the direct access mode.

Optionally, before the flash memory controller receives the first access command for the flash memory sent by the processing core, the processing core configures the protection address range in the flash memory controller by running the first trusted program. The processing core verifies the content corresponding to the protected address range in the flash memory by running the second trusted program, and determines that the content corresponding to the protected address range passes the verification. For the specific implementation process of this step, refer to the above steps S11 to S12, which will not be described again in the embodiment of the present application.

Optionally, the above system on chip also includes a read-only memory and a random access memory. After the on-chip system is powered on or reset, the processing core reads the second program file and the first signature in the flash memory through the flash memory controller by running the first program file in the read-only memory, and transfers the read second program file and The first signature is stored in the random access memory and the first signature is generated based on the first private key and the contents of the second program file. The processing core uses the first public key corresponding to the first private key to verify the first signature. After passing the verification of the first signature, the processing core obtains the first trusted program and the second trusted program from the second program file stored in the random access memory. For the specific implementation process of this step, refer to the above steps S13 to S15, which will not be described again in the embodiment of the present application.

Optionally, the processing core verifies the content corresponding to the protected address range in the flash memory by running a second trusted program, including: the processing core reads the flash memory through the flash memory controller by running the second trusted program. The content corresponding to the protected address range and the second signature are stored in the random access memory, and the second signature is based on the second private key and the content corresponding to the protected address range. Generated. The processing core uses the second public key corresponding to the second private key to verify the second signature.

Optionally, after the processing core configures the protection address range in the flash memory controller by running a first trusted program, the processing core locks the protection function configuration of the flash memory controller for the flash memory by running a third trusted program.

The embodiment of this application provides another data protection method. The method includes the following steps B101 to B102.

In step B101, the programmable logic controller receives a first access command for the flash memory sent by the on-chip system. The programmable logic controller is deployed between the on-chip system and the flash memory. The first access command includes a first command word and a first access command. Address, the first command word is used to indicate the access type of the first access command, which includes read, write or erase, and the first access address is used to indicate the address range accessed by the first access command in the flash memory.

In step B102, if the first command word indicates that the access type of the first access command is write or erase, and the first access address belongs to the protection address range of the flash memory configured in the programmable logic controller, the programmable logic controller intercepts First access command.

This method is specifically used to implement the above method 500. The first access command is, for example, access command 21, the first command word is, for example, command word 21, and the first access address is, for example, access address 21. For the specific implementation process of step B101 and step B102, refer to step 501 to step 502 in the above-mentioned method 500, which will not be described again in the embodiment of the present application.

Optionally, the implementation of the programmable logic controller receiving the first access command sent by the on-chip system for the flash memory includes: the programmable logic controller receives the first access command sent by the on-chip system in the indirect access mode.

Optionally, the programmable logic controller receives a second access command for the flash memory sent by the on-chip system in the direct access mode. The second access command includes a second command word and a second access address, and the second command word is used to indicate the second access command. The access type of the second access command is read, and the second access address is used to indicate the address range accessed by the second access command in the flash memory. If the second access address does not belong to the readable address range of the flash memory configured in the programmable logic controller, the programmable logic controller intercepts the second access command. The second access command is, for example, access command 22, the second command word is, for example, command word 22, and the second access address is, for example, access address 22. For the specific implementation process of this step, refer to steps 504 to 505 in the above-mentioned method 500, which will not be described again in the embodiment of the present application.

Optionally, if the second access address belongs to the readable address range of the flash memory configured in the programmable logic controller, the programmable logic controller transparently transmits the second access command and the on-chip system reads from the flash memory based on the second access command. content. For the specific implementation process of this step, refer to step 506 in the above-mentioned method 500, which will not be described again in the embodiment of the present application.

Optionally, if the first command word indicates that the access type of the first access command is read, the programmable logic controller transparently transmits the first access command and the content read by the system-on-chip from the flash memory based on the first access command. For the specific implementation process of this step, refer to step 503 in the above-mentioned method 500, which will not be described again in the embodiment of the present application.

Optionally, the programmable logic controller receives a mode switching instruction sent by the on-chip system. The mode switching instruction is used to instruct the programmable logic controller to switch from the direct access mode to the indirect access mode, or to switch from the indirect access mode to the direct access mode. .

Optionally, before the programmable logic controller receives the first access command for the flash memory sent by the on-chip system, the programmable logic controller receives a configuration command sent by the on-chip system, and the configuration command includes the protection address range. The programmable logic controller configures the protection address range in the programmable logic controller according to the configuration command. For the specific implementation process of this step, refer to the above steps S21 to S22, which will not be described again in the embodiment of the present application.

Optionally, after the programmable logic controller configures the protection address range in the programmable logic controller according to the configuration command, the programmable logic controller receives the lock command sent by the on-chip system. The programmable logic controller locks the protection function configuration of the programmable logic controller for the flash memory according to the lock command. For the specific implementation process of this step, refer to the above steps S23 to S24, which will not be described again in the embodiment of the present application.

Embodiments of the present application provide a system on a chip, including: a processing core, a memory, and a flash memory controller. The memory is used to store program instructions. After reading the program instructions saved in the memory, the processing core cooperates with the flash memory controller to execute the method 400 shown in Figure 4 . The structure of the system-on-chip is illustrated in Figure 1 .

An embodiment of the present application provides a programmable logic controller, including: a programmable logic unit and a programmable IO unit. Programmable IO unit is used to send and receive instructions. The programmable logic unit is used to execute logic functions according to instructions received by the programmable IO unit to implement method 500 as shown in Figure 5.

For example, FIG. 6 is a schematic structural diagram of a programmable logic controller provided by an embodiment of the present application. As shown in Figure 6, the programmable logic controller includes a programmable logic unit 601 and a programmable IO unit 602. The programmable logic unit 601 and the programmable IO unit 602 are connected through a programmable internal connection 603 .

The programmable logic unit 601 is composed of multiple programmable logic gates, such as AND gates, OR gates, NOT gates, etc. The programmable logic unit 601 is responsible for executing specific logic functions, such as Boolean operations, conditional judgments, etc. In the embodiment of the present application, by configuring the protected address range and/or the readable address range of the flash memory in the programmable logic unit 601, the programmable logic unit 601 executes the corresponding logic function to implement the method 500 shown in Figure 5 . For example, the programmable logic controller is a CPLD, and the programmable logic unit 601 is composed of multiple logic array blocks (LAB).

The programmable IO unit 602 is used for signal input and output with external circuits or other devices. In the embodiment of the present application, the programmable IO unit 602 is used, for example, to receive an access command for the flash memory sent by the SoC.

The programmable internal connection 603 is also called an internal interconnect network and is used to connect the programmable logic unit 601 and the programmable IO unit 602. It provides a connection between the programmable logic unit 601 and the programmable IO unit 602. signal transmission path.

Optionally, the programmable logic controller also includes a configuration memory 604. The configuration memory 604 is connected to the programmable logic unit 601 and the programmable IO unit 602 through a programmable internal connection 603 . The configuration memory 604 is used to store the configuration information of the programmable logic controller, such as the connection relationship of the programmable logic unit 601, the pin function settings of the programmable IO unit 602, etc. The configuration memory 604 is, for example, a non-volatile memory or a volatile memory.

The programmable logic controller shown in FIG. 6 is only exemplary. During the implementation process, the programmable logic controller may also include other components, which will not be listed one by one in the embodiment of this application.

Embodiments of the present application provide a data protection system, including: a system on a chip and a programmable logic controller. The system-on-chip includes processing cores and flash memory controllers. The programmable logic controller is connected to the flash memory controller. Wherein, the processing core is used to first configure the protection address range of the flash memory in the programmable logic controller by running the first trusted program, and then run the second trusted program to calibrate the content corresponding to the protection address range in the flash memory. After it is determined that the content corresponding to the protected address range has passed the verification, the access command is sent to the flash memory through the flash memory controller. The specific implementation process can be referred to the above step S22. After the SoC is powered on or reset, the processing core inside the SoC executes secure boot process. The programmable logic controller is used to execute the method 500 shown in Figure 5 after configuring the protection address range in the programmable logic controller.

Embodiments of the present application provide a computer-readable storage medium. Instructions are stored on the computer-readable storage medium. When the instructions are executed by a processor, the method 400 shown in Figure 4 or the method shown in Figure 5 is implemented. method 500.

An embodiment of the present application provides a computer program product, which includes a computer program. When the computer program is executed by a processor, the method 400 shown in Figure 4 or the method 500 shown in Figure 5 is implemented.

The embodiment of the present application provides a chip, which includes a programmable logic circuit and/or program instructions. When the chip is run, the method 400 shown in Figure 4 or the method 500 shown in Figure 5 is implemented.

Those of ordinary skill in the art can understand that all or part of the steps to implement the above embodiments can be completed by hardware, or can be completed by instructing the relevant hardware through a program. The program can be stored in a computer-readable storage medium. The above-mentioned The storage medium can be read-only memory, magnetic disk or optical disk, etc.

In the embodiments of the present application, the terms "first", "second" and "third" are only used for description purposes and cannot be understood as indicating or implying relative importance.

The term "and/or" in this application is just an association relationship describing related objects, indicating that there can be three relationships, for example, A and/or B, which can mean: A alone exists, A and B exist simultaneously, alone There are three situations B. In addition, the character "/" in this article generally indicates that the related objects are an "or" relationship.

It should be noted that the information (including but not limited to user equipment information, user personal information, etc.), data (including but not limited to data used for analysis, stored data, displayed data, etc.) and signals involved in this application, All are authorized by the user or fully authorized by all parties, and the collection, use and processing of relevant data need to comply with relevant laws, regulations and standards of relevant countries and regions.

The above are only optional embodiments of the present application and are not intended to limit the present application. Any modifications, equivalent substitutions, improvements, etc. made within the concepts and principles of the present application shall be included in the protection scope of the present application. Inside.

Claims (26)

1. A data protection method, characterized in that it is applied to a system on a chip, the system on a chip includes a processing core and a flash memory controller, and the method includes: The flash memory controller receives a first access command for the flash memory sent by the processing core. The flash memory is deployed outside the on-chip system. The first access command includes a first command word and a first access address. The first command word is used to indicate the access type of the first access command. The access type includes read, write or erase. The first access address is used to indicate that the first access command is in the flash memory. The range of addresses visited; If the first command word indicates that the access type of the first access command is write or erase, and the first access address belongs to the protection address range of the flash memory configured in the flash memory controller, the flash memory The controller intercepts the first access command. 2. The method according to claim 1, wherein a program file is deployed in the flash memory, and the protection address range includes the address range of the program file. 3. The method according to claim 1 or 2, characterized in that the flash memory controller receives the first access command for the flash memory sent by the processing core, including: The flash memory controller receives the first access command sent by the processing core in the indirect access mode. 4. The method according to claim 3, characterized in that the method further includes: The flash memory controller receives a second access command for the flash memory sent by the processing core in the direct access mode, the second access command includes a second access address, and the second access address is used to indicate the The address range accessed by the second access command in the flash memory; If the second access address does not belong to the readable address range of the flash memory configured in the flash memory controller, the flash memory controller intercepts the second access command. 5. The method according to claim 4, characterized in that, the method further comprises: If the second access address belongs to the readable address range of the flash memory configured in the flash memory controller, the flash memory controller generates a second command word, the second command word is used to indicate the second access The access type of the command is read; The flash memory controller reads the content corresponding to the second access address from the flash memory based on the second command word and the second access address, and sends the content corresponding to the second access address to the flash memory. Described processing core. 6. The method according to claim 4 or 5, characterized in that the readable address range is the same as the protected address range. 7. The method according to any one of claims 3 to 6, characterized in that the method further includes: If the first command word indicates that the access type of the first access command is read, the flash memory controller reads the first data from the flash memory based on the first command word and the first access address. Access the content corresponding to the address, and send the content corresponding to the first access address to the processing core. 8. The method according to any one of claims 3 to 7, characterized in that the method further includes: The flash memory controller receives a mode switching instruction sent by the processing core, and the mode switching instruction is used to instruct the flash memory controller to switch from the direct access mode to the indirect access mode, or to switch from the indirect access mode to the direct access mode. 9. The method according to any one of claims 1 to 8, characterized in that, before the flash memory controller receives the first access command for the flash memory sent by the processing core, the method further includes: The processing core configures the protected address range in the flash memory controller by running a first trusted program; The processing core verifies the content corresponding to the protected address range in the flash memory by running a second trusted program, and determines that the content corresponding to the protected address range passes the verification. 10. The method of claim 9, wherein the system-on-chip further includes a read-only memory and a random access memory, and the method further includes: After the on-chip system is powered on or reset, the processing core reads the second program file and the first signature in the flash memory through the flash memory controller by running the first program file in the read-only memory, and save the read second program file and the first signature in the random access memory, where the first signature is generated based on the first private key and the content of the second program file; The processing core uses the first public key corresponding to the first private key to verify the first signature; After the processing core passes the verification of the first signature, it obtains the first trusted program and the second trusted program from the second program file stored in the random access memory. 11. The method of claim 10, wherein the processing core verifies the content corresponding to the protected address range in the flash memory by running a second trusted program, including: By running the second trusted program, the processing core reads the content corresponding to the protected address range and the second signature in the flash memory through the flash memory controller, and stores the read protected address range corresponding to The content and the second signature are stored in the random access memory, and the second signature is generated based on the content corresponding to the second private key and the protected address range; The processing core uses the second public key corresponding to the second private key to verify the second signature. 12. The method according to any one of claims 9 to 11, characterized in that after the processing core configures the protected address range in the flash memory controller by running a first trusted program, the method Also includes: The processing core locks the protection function configuration of the flash memory controller for the flash memory by running a third trusted program. 13. A data protection method, characterized in that the method includes: The programmable logic controller receives the first access command for the flash memory sent by the on-chip system. The programmable logic controller is deployed between the on-chip system and the flash memory. The first access command includes a first command word and A first access address, the first command word is used to indicate the access type of the first access command, the access type includes read, write or erase, the first access address is used to indicate the first access The address range accessed by the command in the flash memory; If the first command word indicates that the access type of the first access command is write or erase, and the first access address belongs to the protection address range of the flash memory configured in the programmable logic controller, then The programmable logic controller intercepts the first access command. 14. The method of claim 13, wherein the programmable logic controller receives the first access command for the flash memory sent by the system-on-chip, including: The programmable logic controller receives the first access command sent by the system-on-chip in the indirect access mode. 15. The method according to claim 14, characterized in that the method further comprises: The programmable logic controller receives a second access command for the flash memory sent by the on-chip system in the direct access mode, the second access command includes a second command word and a second access address, and the second The command word is used to indicate that the access type of the second access command is read, and the second access address is used to indicate the address range accessed by the second access command in the flash memory; If the second access address does not belong to the readable address range of the flash memory configured in the programmable logic controller, the programmable logic controller intercepts the second access command. 16. The method according to claim 15, characterized in that, the method further comprises: If the second access address belongs to the readable address range of the flash memory configured in the programmable logic controller, the programmable logic controller transparently transmits the second access command and the system-on-chip based on the The second access command reads the contents from the flash memory. 17. The method according to any one of claims 14 to 16, characterized in that the method further comprises: If the first command word indicates that the access type of the first access command is read, the programmable logic controller transparently transmits the first access command and the on-chip system obtains the data from the first access command based on the first access command. Contents read from flash memory. 18. The method according to any one of claims 14 to 17, characterized in that the method further comprises: The programmable logic controller receives a mode switching instruction sent by the on-chip system. The mode switching instruction is used to instruct the programmable logic controller to switch from the direct access mode to the indirect access mode, or to switch from the indirect access mode to Direct access mode. 19. The method according to any one of claims 13 to 18, characterized in that, before the programmable logic controller receives the first access command for the flash memory sent by the system-on-chip, the method further includes: The programmable logic controller receives a configuration command sent by the on-chip system, where the configuration command includes the protection address range; The programmable logic controller configures the protection address range in the programmable logic controller according to the configuration command. 20. The method of claim 19, wherein after the programmable logic controller configures the protection address range in the programmable logic controller according to the configuration command, the method further includes : The programmable logic controller receives a lock command sent by the system-on-chip; The programmable logic controller locks the protection function configuration of the programmable logic controller for the flash memory according to the lock command. 21. A system on a chip, characterized in that it includes: a processing core, a memory and a flash memory controller; The memory is used to store program instructions, After reading the program instructions stored in the memory, the processing core cooperates with the flash memory controller to execute the data protection method according to any one of claims 1 to 12. 22. A programmable logic controller, characterized by comprising: a programmable logic unit and a programmable input and output unit; The programmable input and output unit is used to send and receive instructions; The programmable logic unit is configured to execute logical functions according to instructions received by the programmable input and output unit to implement the data protection method as described in any one of claims 13 to 20. 23. A data protection system, characterized in that it includes: a system on a chip and a programmable logic controller, the system on a chip includes a processing core and a flash memory controller, and the programmable logic controller is connected to the flash memory controller; The processing core is configured to first configure a protected address range of the flash memory in the programmable logic controller by running a first trusted program, and by running a second trusted program, configure the corresponding protected address range in the flash memory. Verify the content, and after determining that the content corresponding to the protected address range passes the verification, send an access command to the flash memory through the flash memory controller; The programmable logic controller is configured to execute the data protection method according to any one of claims 13 to 20 after configuring the protection address range in the programmable logic controller. 24. A computer-readable storage medium, characterized in that instructions are stored on the computer-readable storage medium. When the instructions are executed by a processor, the data protection as claimed in any one of claims 1 to 20 is achieved. method. 25. A computer program product, characterized in that it includes a computer program. When the computer program is executed by a processor, the data protection method according to any one of claims 1 to 20 is implemented. 26. A chip, characterized in that it includes a programmable logic circuit and/or program instructions, and when the chip is running, the data protection method according to any one of claims 1 to 20 is implemented.