CN114077743A

CN114077743A - System-on-chip debugging circuit and method

Info

Publication number: CN114077743A
Application number: CN202010794102.0A
Authority: CN
Inventors: 吴建文
Original assignee: Gree Electric Appliances Inc of Zhuhai; Zhuhai Zero Boundary Integrated Circuit Co Ltd
Current assignee: Gree Electric Appliances Inc of Zhuhai; Zhuhai Zero Boundary Integrated Circuit Co Ltd
Priority date: 2020-08-10
Filing date: 2020-08-10
Publication date: 2022-02-22

Abstract

The invention provides a system-on-chip debugging circuit and method, the circuit includes: a trace protection unit, a key generation unit and an encryption unit, wherein: the trace protection unit is used to obtain a debug data stream from a processor core, The debug data stream is encrypted, and the encryption key corresponding to the debug data stream of the processor core is obtained from the key generation unit, and the encryption key and the debug data stream are sent to the encryption unit; the key generation unit is used to generate the corresponding debug data stream. Encryption key; encryption unit used to encrypt the debug data stream according to the encryption key. The invention can encrypt and protect the data and instructions of the processor core in the system-on-chip to prevent the confidential information in the device from being leaked by mistake when the device is debugged in a non-invasive debugging mode, and can flexibly track each processor core safely. , to avoid leaking the information of other processor cores when debugging a processor core, and protect the information security of the device.

Description

System-on-chip debugging circuit and method

Technical Field

The invention relates to the technical field of chip debugging, in particular to a system-on-chip debugging circuit and a method.

Background

With the development of science and technology, the concept of interconnection of everything is well-known, the internet of things technology provides great convenience for modern production and life, the production efficiency and the quality of life of the modern society can be effectively improved, a system program or an application program runs on the internet of things equipment, when the program goes wrong, the internet of things equipment is caused to go wrong, at the moment, the internet of things equipment needs to be debugged, the currently commonly used modes for debugging the program in each processor of the internet of things equipment mainly include invasive debugging and non-invasive debugging, wherein the invasive debugging is the most basic debugging technology and comprises single-step execution, breakpoints, read-write registers and the like, the invasive debugging mode can damage the full-speed running of the program in the processor, and the non-invasive debugging is tracking technology (Trace feature), under the condition that the processor is not stopped, a large amount of useful information is derived in real time, so that the method has irreplaceable powerful functions when a software system and a multi-core processor under a multi-task environment are debugged, and the common non-invasive debugging technology has the modes of instruction tracking, data tracking and the like.

The non-intrusive debugging can lead out a large amount of useful information (instructions, data and the like) while the processor is not stopped, so that the confidential information of the equipment is easily leaked out in the information leading-out process of the equipment, the great hidden danger of the safety information is caused for the safety-paying attention to the Internet of things equipment, and the problem of leaking the confidential information of the equipment is easily brought while the program problem is solved by using a non-intrusive debugging mode.

Disclosure of Invention

The invention provides a system-on-chip debugging circuit and a method, which are used for solving the problem that when non-invasive debugging can be carried out without stopping the operation of a processor, a large amount of useful information (instructions, data and the like) is led out, so that confidential information of equipment is easily leaked out in the information leading-out process of the equipment, and great potential safety information hazards are caused.

A first aspect of the present invention provides a system-on-chip debug circuit, the circuit comprising: a tracking protection unit, a key generation unit and an encryption unit, wherein:

the trace protection unit is used for acquiring a debugging data stream from at least one processor core, acquiring an encryption key corresponding to the debugging data stream of the processor core from the key generation unit if the debugging data stream is determined to be required to be encrypted, and sending the encryption key and the debugging data stream to the encryption unit;

the key generation unit is used for generating an encryption key corresponding to the debugging data stream;

and the encryption unit is used for encrypting the debugging data stream according to the encryption key.

Optionally, the tracking protection unit is further configured to:

acquiring an encrypted debugging data stream sent by the encryption unit, and sending the encrypted debugging data stream to debugging equipment; and/or

And sending the debugging data stream determined not to need to be encrypted to debugging equipment.

Optionally, the circuit further comprises: a merging unit and a tracking port interface unit;

the merging unit is configured to receive at least one debug data stream sent by the trace protection unit, merge the at least one debug data stream into one data stream, and send the merged data stream to the trace port interface unit;

and the tracking port interface unit is used for converting the merged data stream into a data packet which accords with a preset interface protocol standard and sending the data packet to debugging equipment.

Optionally, the tracking protection unit is further configured to:

determining whether the debugging data stream needs to be encrypted according to an encryption identifier carried by the debugging data stream;

and if the encryption identifier is a preset value, determining that the debugging data stream needs to be encrypted, otherwise, determining that the debugging data stream does not need to be encrypted.

Optionally, the key generation unit is further configured to:

and determining an encryption key corresponding to the debugging data stream according to the processor identification number carried by the debugging data stream.

Optionally, the encryption unit is configured to:

and encrypting the debugging data stream according to the encryption key by using a symmetric encryption algorithm AES.

The second aspect of the present invention provides a system-on-chip debugging method, applied to a system-on-chip side, including:

obtaining a debug data stream from at least one processor core;

and if the debugging data stream needs to be encrypted, acquiring an encryption key corresponding to the debugging data stream of the processor core, and encrypting the debugging data stream according to the encryption key.

Optionally, the method further comprises:

acquiring an encrypted debugging data stream, and sending the encrypted debugging data stream to debugging equipment; and/or

Optionally, the method further comprises:

merging at least one debug data stream into one data stream;

and converting the merged data stream into a data packet which accords with the preset interface protocol standard, and sending the data packet to the debugging equipment.

Optionally, the method further comprises:

A third aspect of the present invention provides a system-on-chip debugging method, applied to a debugging device, the method including:

receiving a data packet sent by a system on chip;

splitting the data packet into at least one debug data stream;

and decrypting the encrypted debugging data stream in the debugging data stream to obtain the decrypted debugging data stream.

A fourth aspect of the present invention provides a system-on-chip debugging apparatus, comprising:

a memory to store instructions;

a processor for reading the instructions in the memory, performing the following processes:

obtaining a debug data stream from at least one processor core;

Optionally, the processor is further configured to:

merging at least one debug data stream into one data stream;

Optionally, the processor is further configured to:

A fifth aspect of the present invention provides a system-on-chip debugging apparatus, comprising:

a memory to store instructions;

receiving a data packet sent by a system on chip;

splitting the data packet into at least one debug data stream;

A sixth aspect of the invention provides a computer storage medium having stored thereon a computer program which, when executed by a processor, performs the method provided by the second aspect of the invention, or performs the method provided by the third aspect of the invention.

By using the method provided by the invention, the data and the instruction of the processor core in the SoC can be encrypted and protected, so that the confidential information in the equipment can be prevented from being leaked by mistake when the equipment is debugged in a non-invasive debugging mode, and each processor core in the multi-core processor can be flexibly and safely tracked, thereby avoiding the information of other processor cores from being leaked when the processor core is debugged, and protecting the information safety in the equipment.

Drawings

Fig. 1 is a system for debugging internet-of-things equipment;

FIG. 2 is a circuit diagram of a system-on-chip debug circuit;

FIG. 3 is a flowchart of the steps of a system-on-chip debugging method applied to the system-on-chip side;

FIG. 4 is a flowchart of the steps of a system-on-chip debugging method applied to a debugging device side;

FIG. 5 is a diagram of a system-on-chip debugging apparatus;

FIG. 6 is a diagram of another debug apparatus for a system-on-chip.

Detailed Description

In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.

Under the condition of non-intrusive debugging, the debugging equipment is not attached to a target program, the debugging equipment suspends all threads of the target and accesses a memory, a registry and other information of the target, but a debugger cannot control the debugged target, when the debugging is finished, the debugging equipment releases the target program, the target program continues to run, and meanwhile, a large amount of useful information (instructions, data and the like) is exported, so that the confidential information of the equipment is easily revealed in the process of exporting the information by the equipment, and for the safety-emphasized equipment of the internet of things, the great potential safety information hazard is caused, and the problem of revealing the confidential information of the equipment is easily brought while convenience is brought to the solution of the program problem by using a non-intrusive debugging mode.

The application provides a system for debugging internet of things equipment, as shown in fig. 1, the system includes internet of things equipment 101, a system-on-chip 102 and debugging host equipment 103, wherein various system programs or application programs run in a processor core of the system-on-chip 102 of the internet of things equipment 101, when the internet of things equipment 101 has a problem, the program running on the system-on-chip 102 inside the internet of things equipment 101 usually has a problem, and in order to solve the problem of the internet of things equipment 101, the debugging host equipment 103 needs to process the program running on the debugging system-on-chip 102 in a non-invasive manner to solve the problem, wherein a general debugging signal is sent to the internet of things equipment 101 by the debugging host equipment 103, the internet of things equipment 101 sends a data packet containing the system programs or the application programs to the debugging host equipment 103 through an equipment data output interface, for example, the data output interface can be a data interface such as a trace port interface unit TPIU, the system-on-chip 102 in the internet-of-things device 101 sends the called data of the at least one processor core to the debugging host device 103 according to the debugging signal.

The device failure related in this embodiment may specifically include a hardware failure and/or a software failure, where the hardware failure refers to a situation that each device on the internet of things device 101 has an abnormal or abnormal operation, such as a failure of device hardware itself, such as a central processing unit CPU, a microprocessor, a memory, a register, and the like, and the software failure may include an internal system program failure and an application program failure, such as a failure of an internal operating system of the internet of things that cannot operate due to a device downtime, and therefore, there are various types of failures detected, in addition, the internet of things device 101 may also actively detect whether a failure itself exists, specifically, the internet of things device may collect various operating parameters in the internet of things device, compare the collected operating parameters with a preset specified parameter range, and if the collected operating parameters are not within the preset parameter range, it is indicated that a device or an internal program in the device has a fault, and of course, the device fault may also be represented in a passive detection manner, when the system program operates abnormally, alarm information may be automatically generated, and when the detected alarm information is received, it is determined that the internet of things device 101 has a fault.

Specifically, the debugging host device 103 may further monitor, trace and change the operating state of the CPU through a communication interface, such as a JTAG interface, and allow a system developer to monitor the operating condition of the internet of things device, and insert a scan chain into the internet of things device to be monitored, so as to allow the debugging host device 103 to read the operating state of the CPU through various interfaces, and the debugging host device 103 may collect the result of debugging trace by using a connector, where the connector or an integrated port may provide a power interface, may be at least partially or completely reversible, and may include a general data interface and an additional dedicated data interface, such as a display interface, an audio interface, and the like. A USB Type-C connection is used.

Various communication circuits may also be coupled to the internal antenna of the internet of things device 101 for the purpose of communicating information, both transmitted and received. In particular, there may be Radio Frequency (RF) transceivers and Wireless Local Area Network (WLAN) transceivers, and typically, RF transceivers may be used to receive and transmit wireless data and calls according to a given wireless communication protocol, such as a 3G, 4G, or 5G wireless communication protocol (e.g., according to Code Division Multiple Access (CDMA), global system for mobile communications (GSM), Long Term Evolution (LTE), or other protocols). In addition, a GPS sensor may be present, and other wireless communications may also be provided, such as receiving and transmitting radio signals, such as AM/FM and other signals. Additionally, sending debug data to the debug host device 103, for example, according to the Bluetooth standard or IEEE 802.11 standard (e.g., IEEE 802.11a/b/g/n) may also be implemented via a WLAN transceiver.

While system-on-a-chip 102(SoC), in various embodiments below, may function as a multi-core processor for a main Central Processing Unit (CPU) of the system, in different embodiments, the SoC may include a variety of integrated processing engines, including general purpose processor cores (which may be homogeneous and/or heterogeneous cores), graphics processors (e.g., one or more Graphics Processing Units (GPUs)), special purpose processing units, fixed function units, and so forth, as well as one or more levels of cache, memory controllers, communication circuits, interface circuits, and so forth.

The commissioning host device 103 can range from a relatively small portable electronic device (e.g., a smartphone, a tablet computer, a tablet, a notebook computer, a digital infotainment device, etc.) up to any type of computing system that is larger (e.g., a desktop computer, a server computer, etc.), and can also be a wireless communicator for receiving various commissioning data sent from the internet-of-things device 101 and commissioning according to the received commissioning data.

Further, although in many cases the debug data issued is analog-based, embodiments are not limited in this respect, e.g., the debug data may include digital information regarding internal registers, memory space, the state of GPIO pins, etc., may also include identification information of whether a particular device is connected to the platform, or other types of information regarding the environment in which the device is in an operational state, and is not limited herein.

The debug host device 103 may receive debug trace data (trace) collected by debug control and communications, and the debug host device 103 may include: an external connector or integral port, at least a portion of which is or is fully reversible, and may include a generic data interface and additional dedicated data interfaces coupled to the SoC, e.g., via multiple interfaces such as one or more GPIO interconnects, one or more USB interconnects, one or more I2C interconnects, etc., depending on the type of instruction received.

When the internet of things equipment transmits debugging data to the debugging host equipment, the sent data packet can be easily received by other equipment, and once the sent data packet is received by other equipment, the problem of leakage of confidential information of the internet of things equipment can be caused.

In order to solve the above problem, an embodiment of the present invention provides a system on chip debug circuit, as shown in fig. 2, the circuit includes: a tracking protection unit 201, a key generation unit 202, and an encryption unit 203, wherein:

the trace protection unit 201 is configured to obtain a debug data stream from at least one processor core, and if it is determined that the debug data stream needs to be encrypted, obtain an encryption key corresponding to the debug data stream of the processor core from the key generation unit, and send the encryption key and the debug data stream to an encryption unit;

the system on chip adopts an Advanced Trace Bus (ATB) to connect each processing unit, and because not every processor core in the system on chip needs to be debugged, each core of the multi-core processor can be safely traced by using the ATB, thereby avoiding the information of other cores being leaked when a certain core is debugged.

Specifically, the debug data stream may be internal system program or application program data cached inside the processor, and may also be various operating parameters of various hardware devices connected to the processor core, which is not limited herein.

In addition, the debugging data stream stored in each multi-core processor is different, some processor cores store the debugging data stream used daily, some processor cores store the debugging data stream containing privacy data such as user information, and according to the processing function of different cores, the ID of each processor core is different, and a person skilled in the art can modify the ID of each processor core traced by the high-level trace bus so as to distinguish when in subsequent encryption, whether the traced processor data packet needs to be encrypted or not, optionally, when the SoC stores each program, the data stream needing to be encrypted can be stored in a specific processor core, and the data stream in the specific processor core needs to be encrypted.

When determining that a debug data stream needs to be encrypted, an encryption key corresponding to the debug data stream needs to be obtained from the key generation unit 202, specifically, the key generation unit 202 has different encryption keys for the ID of a specific processor core, the corresponding decryption side also has a decryption key corresponding to the encryption key, and in addition, in order to further increase the confidentiality of the corresponding encryption key, the encryption key can be associated with the current time information, that is, the encryption key corresponding to the data stream is valid only for the preset time, and once the preset time is exceeded, even if the decryption key corresponding to the encryption key is used, the data stream cannot be analyzed, so that the safety of the data stream is ensured, and the decryption of the confidential information in the subsequent debugging data stream after other equipment intercepts the encryption key corresponding to the processor core is avoided.

An encrypting unit 203, configured to encrypt the debug data stream according to the encryption key, where an encryption manner may include the following methods:

1. symmetric encryption, i.e. the key can be used both for encryption and decryption.

The symmetric encryption comprises DES algorithm encryption and AES algorithm encryption;

in DES algorithm encryption, keys are 64 bits in total of 8 bytes and are working keys of the DES algorithm; data is also 8 bytes of 64 bits, which is the data to be encrypted or decrypted.

While AES algorithm encryption is based on permutation and permutation operations to encrypt data streams, the encrypted bytes are longer than DES.

2. Asymmetric encryption: using two keys, where the public key is used for encryption and the private key is used for decryption, security can be guaranteed without exposing the private key, e.g., RSA encryption method: RSA is an encryption scheme based on large number factorization. Multiplication of two large prime numbers is easy, but factoring its product is extremely difficult, so the product can be disclosed as an encryption key.

3. The hash algorithm: for example, MD5 is a secure hash algorithm, and the input of two different keys does not result in the same output value, and the original key cannot be obtained from the output value, which is irreversible.

4. And (3) an encoding mode: for example, the base64 encoding method is an encoding method often used in program development, and is a representation method based on representing binary data by 64 printable characters, and is generally used as an encryption method for storing and transmitting some binary data.

The encryption method may be, but not limited to, the above method, and any other encryption method that a person skilled in the art can think may be applied to the present application, which is not limited herein.

As an optional implementation manner, the tracking protection unit 201 is further configured to:

Specifically, in the actual process of acquiring the debug data stream, it is first determined whether an encryption key needs to be acquired from the key generation unit 202 according to a trace source ID carried by the debug data stream, and the encryption key and the debug data stream that needs to be encrypted are sent to the encryption unit 203, and after the encryption unit 203 successfully encrypts the encryption key, the encryption key and the debug data stream that needs to be encrypted are sent back to the trace protection unit 201, so that the trace protection unit 201 sends the encrypted debug data stream to the debug device, and when it is determined that the encryption is not needed, the trace protection unit 201 directly receives the debug data stream, and sends the debug data stream that does not need to be encrypted to the debug device.

In addition, the manner of sending the data stream to the debugging device may be, after obtaining one debugging data stream, performing encryption/non-encryption processing on the debugging data stream, and directly sending the debugging data stream to the debugging device, or may also be, respectively, obtaining the debugging data streams of each CPU to be debugged, and sending the data streams to the debugging device together in the form of a data packet after waiting for all the debugging data streams to be encrypted/non-encrypted, which is not limited herein.

As an optional implementation, the circuit further comprises: a merging unit 204 and a trace port interface unit 205;

the merging unit 204 is configured to receive at least one debug data stream sent by the trace protection unit 201, merge the at least one debug data stream into one data stream, and send the merged data stream to the trace port interface unit 205;

specifically, the merging unit 204 is configured to merge encrypted/unencrypted data from different trace source CPUs together, and finally merge at least one debug data stream into one data stream, where each debug data stream carries a trace source ID of each CPU, and even if the debug data stream is merged into one data stream, the debug data stream can be re-split according to the trace source ID in the debug apparatus.

The trace port interface unit 205 is configured to convert the merged data stream into a data packet meeting a preset interface protocol standard, and send the data packet to the debugging device.

Specifically, the trace Port Interface unit 205 is a standard component of a non-intrusive debugging circuit, and is configured to encapsulate and package the merged data according to a certain preset protocol, so that the debugging device can analyze the data.

Specifically, a technician may modify an encryption flag carried in a tracking source ID in advance, where the modification may be a tracking component provided by ARM CoreSight, such as an ITM Trace Control register, where an ITM refers to an instrumented Trace macro cell (Instrumentation Trace macro cell), and encrypts the encryption flag carried in the tracking source ID, in this embodiment, bits 24 to 31 of the Trace Control register are reserved bits, and at least one of the reserved bits is modified to an encryption flag bit, for example, modifying the scarmble flag bit to 1 is a CPU that needs to be encrypted, and modifying the scarmble flag bit to 0 is a CPU that does not need to be encrypted.

As an optional implementation manner, the key generation unit 202 is further configured to:

Specifically, bits 16-bit 22 of the Trace Control register are the tracking source ID or the processor identification number, and the OTP memory is used for determining the encryption key corresponding to the debug data stream according to the tracking source ID. The OTP memory (one time program) is only programmable once and is not modifiable after programming, the OTP register is similar to the FLASH data area, and 1 can be rewritten to 0, but 0 can never be written to 1, for example, if there is a 32-bit OTP register, the factory value is 0 xffffffffffff, and after the value of the OTP memory is written to 0 xffffffffe by programming, the OTP memory can no longer be written back to 0xFFFFFFFF, and in addition, the value of this OTP register can also be rewritten to 0 xffffffffffd, and the user can store some specific information in the OTP, such as information of software version number, hardware version number, and key corresponding to ID. Thus, each tracing source has a different key corresponding to the ID, and the tracing source is prevented from being copied and used.

As an optional implementation manner, the encryption unit 203 is configured to:

Specifically, an AES accelerator is used for encrypting the debug data stream, the AES encryption algorithm belongs to a symmetric encryption algorithm, and an encryption key is the basis for realizing encryption and decryption by the AES algorithm. The encryption and decryption of the symmetric encryption algorithm AES require the use of the same key, and AES supports keys of three lengths: 128 bits, 192 bits, 256 bits, AES256 is the highest security, AES128 encoding performance is the highest.

The invention can prevent the confidential information in the device from being leaked by mistake when debugging the device by using a non-invasive debugging mode through carrying out encryption protection on the data and the instruction of the processor core in the SoC, can flexibly carry out safety tracking on each processor core in the multi-core processor, avoids the information of other processor cores from being leaked when debugging a certain processor core, and protects the information safety in the device.

An embodiment of the present invention provides a system-on-chip debugging method, which is applied to a system-on-chip side, and as shown in fig. 3, the method includes:

step S301, obtaining a debugging data stream from at least one processor core;

step S302, if it is determined that the debugging data stream needs to be encrypted, an encryption key corresponding to the debugging data stream of the processor core is obtained, and the debugging data stream is encrypted according to the encryption key.

As an optional implementation, the method further comprises:

merging at least one debug data stream into one data stream;

The system-on-chip debugging method applied to the system-on-chip side provided by the embodiment of the invention is based on the same inventive concept as the system-on-chip debugging circuit provided by the embodiment, and can be applied to various implementation modes of the embodiment, and the implementation modes can be applied to the embodiment, and are not repeated here.

An embodiment of the present invention further provides a system-on-chip debugging method, which is applied to a debugging device side, and as shown in fig. 4, the method includes:

step S401, receiving a data packet sent by a system on chip;

step S402, splitting the data packet into at least one debugging data stream;

step S403, decrypting the encrypted debug data stream in the debug data stream to obtain a decrypted debug data stream.

An embodiment of the present invention provides a system-on-chip debugging apparatus, as shown in fig. 5, the apparatus includes:

one or more processors (CPU) 501 (e.g., one or more processors) and memory 502, one or more storage media 503 (e.g., one or more mass storage devices) storing applications 504 or data 506. Memory 502 and storage medium 503 may be, among other things, transient or persistent storage. The program stored on the storage medium 503 may include one or more modules (not shown). Still further, the processor 501 may be configured to communicate with the storage medium 503, and the apparatus 500 executes a series of instruction operations in the storage medium 503.

The apparatus 500 may also include one or more power supplies 509, one or more wired or wireless network interfaces 507, one or more input-output interfaces 508, and/or one or more operating systems 505, such as Windows Server, Mac OS X, Unix, Linux, FreeBSD, etc. A processor for reading the instructions in the memory, performing the following processes:

obtaining a debug data stream from at least one processor core;

Optionally, the processor 501 is further configured to:

merging at least one debug data stream into one data stream;

Optionally, the processor 501 is further configured to:

The system-on-chip debugging apparatus provided in the embodiment of the present invention is based on the same inventive concept as the system-on-chip debugging circuit provided in the above embodiment, and can be applied to various implementation manners of the above embodiment, and will not be described again here.

An embodiment of the present invention provides a system-on-chip debugging apparatus, as shown in fig. 6, the apparatus includes:

one or more processors (CPU) 601 (e.g., one or more processors) and memory 602, one or more storage media 603 (e.g., one or more mass storage devices) storing applications 604 or data 606. Wherein the memory 602 and storage medium 603 may be transient or persistent storage. The program stored in the storage medium 603 may include one or more modules (not shown). Further, the processor 601 may be configured to communicate with the storage medium 603, and the apparatus 600 executes a series of instruction operations in the storage medium 603.

The device 600 may also include one or more power supplies 609, one or more wired or wireless network interfaces 607, one or more input-output interfaces 608, and/or one or more operating systems 605, such as Windows Server, Mac OS X, Unix, Linux, FreeBSD, etc. A processor for reading the instructions in the memory, performing the following processes:

receiving a data packet sent by a system on chip;

splitting the data packet into at least one debug data stream;

An embodiment of the present invention further provides a computer storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the system-on-chip debugging method applied to the system-on-chip side provided in the foregoing embodiment, or implements the system-on-chip debugging method applied to the debugging device side provided in the foregoing embodiment.

As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.

Claims

1. A system-on-chip debug circuit, the circuit comprising: a tracking protection unit, a key generation unit and an encryption unit, wherein:

2. The circuit of claim 1, wherein the tracking protection unit is further configured to:

3. The circuit of claim 1, further comprising: a merging unit and a tracking port interface unit;

4. The circuit of claim 1, wherein the tracking protection unit is further configured to:

5. The circuit of claim 4, wherein the key generation unit is further configured to:

6. The circuit of claim 1, wherein the encryption unit is configured to:

7. A system-on-chip debugging method is applied to a system-on-chip side, and is characterized by comprising the following steps:

obtaining a debug data stream from at least one processor core;

8. The method of claim 7, further comprising:

9. The method of claim 7, further comprising:

merging at least one debug data stream into one data stream;

10. A system-on-chip debugging method is applied to a debugging device side, and is characterized by comprising the following steps:

receiving a data packet sent by a system on chip;

splitting the data packet into at least one debug data stream;