[go: up one dir, main page]

CN119166564B - Mass production on-chip microcontroller, method and system based on serial flash memory - Google Patents

Mass production on-chip microcontroller, method and system based on serial flash memory

Info

Publication number
CN119166564B
CN119166564B CN202411325932.3A CN202411325932A CN119166564B CN 119166564 B CN119166564 B CN 119166564B CN 202411325932 A CN202411325932 A CN 202411325932A CN 119166564 B CN119166564 B CN 119166564B
Authority
CN
China
Prior art keywords
container
chip
flash memory
command
serial flash
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202411325932.3A
Other languages
Chinese (zh)
Other versions
CN119166564A (en
Inventor
杨帆
钱江浩
赵建斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Xianji Semiconductor Technology Co ltd
Original Assignee
Shanghai Xianji Semiconductor Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Xianji Semiconductor Technology Co ltd filed Critical Shanghai Xianji Semiconductor Technology Co ltd
Priority to CN202411325932.3A priority Critical patent/CN119166564B/en
Publication of CN119166564A publication Critical patent/CN119166564A/en
Application granted granted Critical
Publication of CN119166564B publication Critical patent/CN119166564B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • G06F13/14Handling requests for interconnection or transfer
    • G06F13/16Handling requests for interconnection or transfer for access to memory bus
    • G06F13/1668Details of memory controller
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11CSTATIC STORES
    • G11C29/00Checking stores for correct operation ; Subsequent repair; Testing stores during standby or offline operation
    • G11C29/04Detection or location of defective memory elements, e.g. cell constructio details, timing of test signals
    • G11C29/08Functional testing, e.g. testing during refresh, power-on self testing [POST] or distributed testing

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Mathematical Physics (AREA)
  • Read Only Memory (AREA)

Abstract

本申请提供一种基于串行闪存的量产片上微控制器、方法及系统,通过片上微控制器及其片上启动代码,实现了高效安全的产品量产。可支持按内存最优块进行擦除,以优化烧录时间,提高烧录效率;同时还提供了配置选项,方便用户监控量产状态;此外还可支持用户自定义指令,满足更复杂的量产需求;并内置安全启动和加密机制,保障烧录过程的安全性和数据的保密性。从而有效提升了生产效率,保障了产品安全,满足了更复杂的量产需求。

This application provides a serial flash-based mass-production on-chip microcontroller, method, and system. Through the on-chip microcontroller and its on-chip boot code, efficient and secure product mass production is achieved. It supports erasing based on optimal memory blocks to optimize programming time and improve programming efficiency. Configuration options are also provided to facilitate user monitoring of production status. User-defined instructions are also supported to meet more complex production requirements. A built-in secure boot and encryption mechanism ensures the security of the programming process and data confidentiality. This effectively improves production efficiency, ensures product safety, and meets the needs of more complex mass production.

Description

On-chip microcontroller, method and system for mass production based on serial flash memory
Technical Field
The present application relates to the field of integrated circuits, and in particular, to a serial flash memory based on-chip micro controller, method and system for mass production.
Background
With the increasing complexity of embedded systems, the demand for off-chip flash memory chips in various embedded products has increased significantly. These products often require programming of specific programs during mass production to ensure that the device has specific functionality at the point of shipment. The mass production process of modern systems presents challenges compared to conventional embedded systems, resulting in increasingly complex processes. For example, in the mass production process, the interface selection needs to be considered, such as serial ports, USB, SPI, SWD, JTAG and other application modes, and in order to ensure the confidentiality of the mass production program, measures such as safe starting, encryption programming and the like are generally required to be implemented, which undoubtedly increases the design difficulty of the mass production scheme. Meanwhile, the improvement of mass production efficiency generally depends on a special jig, and parallel programming of a plurality of devices is adopted, so that not only is the economic cost increased, but also higher requirements are put on hardware design.
For these complexities, some manufacturers have proposed an improved solution to improve mass production efficiency by curing the boot code on-chip, in combination with off-chip flash mass production firmware. The method comprises the steps of firstly, pre-programming encrypted mass production firmware into an off-chip serial flash memory by using an off-line burner, wherein the mass production firmware comprises a command sequence capable of executing basic erasing and programming, secondly, presetting a public key for safe starting and a seed for generating a symmetric key of the mass production firmware when leaving a factory, and finally, analyzing the mass production firmware from a 4KB offset position of the off-chip serial flash memory by an on-chip starting code when the system is started for the first time, and executing erasing and programming operation while decrypting after signature verification is completed.
Although the prior art scheme improves the convenience of the mass production process to a certain extent, the prior art scheme still has obvious defects. First, since the above scheme requires operation from a fixed 4KB offset, the erasure of off-chip flash can only be performed at a granularity of less than or equal to 4KB, which limits the application of larger granularity (e.g., 32KB or 64 KB) erasures, thereby affecting the practical mass production efficiency. Secondly, the lack of a command sequence for indicating the mass production state and result makes the mass production process opaque, and the user cannot intuitively monitor the mass production process or timely learn the mass production result, resulting in asymmetry of information. Finally, because the system relies mainly on several basic erase and write operations, and lacks flexibility, it cannot meet the needs of customers to interact with mass-production programs in complex environments, such as burning product serial numbers or performing write protection of flash memory, and its scalability is limited.
Disclosure of Invention
In view of the above-mentioned drawbacks of the prior art, the present application aims to provide a serial flash memory-based on-chip microcontroller, method and system, which are used for solving the problems that in the prior art, the mass production efficiency is low, the processing time is increased, the monitoring mechanism is lacking in the mass production process, the user cannot know the mass production state and result in time, the expandability is poor, and the interaction requirements under the complex environment, such as the burning of serial numbers and data protection, cannot be met.
In order to achieve the above and other related objects, a first aspect of the present application provides an on-chip microcontroller for mass production based on serial flash, the on-chip microcontroller comprising a serial flash controller, a command container detection unit, a command container operation module and a control module, wherein the serial flash controller is in communication connection with an off-chip serial flash, the serial flash controller is used for constructing a data transmission management channel between the on-chip microcontroller and the off-chip serial flash, the command container detection unit is respectively in communication connection with the off-chip serial flash and a security algorithm verification unit, the command container detection unit is used for detecting whether a mass production burn container with preset characteristics is contained in the off-chip serial flash, and reading the mass production burn container when the mass production burn container with the preset characteristics is detected, and sending the mass production burn container to the security algorithm verification unit, the security algorithm verification unit is respectively connected with the command container detection unit and the command container processing unit, the security algorithm verification unit is used for receiving the command container, and the command container processing module is used for executing the command processing operation module and the command processing unit is connected with the command container processing unit and the command processing unit.
In some embodiments of the first aspect of the present application, the pre-formatted mass production burn container includes a firmware container for indicating command container metadata of the mass production burn container, a command container including one or more command blocks, each command block including command content and a command trailer, each command content including one or more firmware management functions, the trailer of each command block including authentication information of a next command content, and performing a parsing process operation on the next command content in response to the authentication information of the next command content satisfying a condition.
In some embodiments of the first aspect of the present application, the process of detecting whether the on-chip serial flash memory includes the step of detecting an offset position corresponding to an erasure granularity of the on-chip serial flash memory based on the erasure granularity of the on-chip serial flash memory to determine whether the current offset position includes the on-chip serial flash memory in the preset format.
In some embodiments of the first aspect of the present application, detecting an offset position corresponding to the erasure granularity in the off-chip serial flash memory based on the erasure granularity of the off-chip serial flash memory to determine whether the current offset position includes a volume-produced-in-a-package container in a preset format, wherein the process includes traversing the off-chip serial flash memory with the erasure granularity of the off-chip serial flash memory as a step size, comparing a data memory of a data block read by each traversal with the volume-in-a-package container in the preset format, reading volume-in-package container header information in response to the data memory of the read data block being consistent with a volume-in-a-package container in the preset format, and performing a data security verification operation in response to the data memory of the read data block being inconsistent with the volume-in-a-package container in the preset format, determining whether a current access offset is smaller than a memory size of the off-chip serial flash memory, if the current access offset is smaller than the memory size of the off-chip serial flash memory, increasing the erasure granularity of the off-chip serial flash memory by a large increase in size of the off-chip serial flash memory, and if not, continuing to execute the process.
In some embodiments of the first aspect of the present application, the security algorithm verification unit includes one or more of a digital signature verification module, a symmetric encryption and decryption module, and a secure hash algorithm module.
In some embodiments of the first aspect of the present application, the command container processing unit includes one or more of a command container parsing engine, a timer triggering engine, a configuration save and trigger module, a memory read-write module, a custom command interaction execution module, and a generic off-chip read-write application program interface.
In some embodiments of the first aspect of the present application, the process of executing the programming operation on the on-chip module by the command container processing unit based on the volume production programming container includes loading and verifying each command block in the command container of the volume production programming container in turn, responding to the verification of the current command block in the command container of the volume production programming container, analyzing the command content of the current command block, executing the corresponding firmware management function on the on-chip module according to the analysis result, judging whether the volume production tail of the volume production programming container is reached after the execution of the corresponding firmware management function is completed, if the volume production tail of the volume production programming container is reached, completing the volume production task, and loading and verifying the next command block in the command container of the volume production programming container if the volume production tail of the volume production programming container is not reached, and repeatedly executing the command content analysis and the firmware management function.
In some embodiments of the first aspect of the present application, the process of constructing a data transmission management channel between the on-chip microcontroller and the off-chip serial flash memory by the serial flash memory controller includes obtaining parameter information of the off-chip serial flash memory, configuring an access sequence and an access parameter of the serial flash memory controller based on the parameter information of the off-chip serial flash memory, and configuring an interface of the off-chip serial flash memory using a general-purpose off-chip flash memory read-write application program based on the access sequence and the access parameter of the serial flash memory controller to realize access to the off-chip serial flash memory.
To achieve the above and other related objects, a second aspect of the present application provides a serial flash memory-based mass production method, which is applied to an on-chip microcontroller, and the method includes constructing a data transmission management channel with the off-chip serial flash memory, detecting whether a mass production recording container including a preset feature is included in the off-chip serial flash memory, reading the mass production recording container when the mass production recording container including the preset feature is detected, performing a data security verification operation on the mass production recording container, and performing a recording operation on the on-chip module based on the mass production recording container after the data security verification operation is passed.
To achieve the above and other related objects, a third aspect of the present application provides a serial flash-based mass production system, which includes an off-chip serial flash memory, an on-chip microcontroller, and an on-chip module, wherein an interaction process of the system includes constructing a data transmission management channel between the on-chip microcontroller and the off-chip serial flash memory, detecting whether a mass production recording container including a preset feature is included in the off-chip serial flash memory, and reading the mass production recording container when the mass production recording container including the preset feature is detected, and performing a data security verification operation on the mass production recording container by the on-chip microcontroller, and performing a recording operation on the on-chip module based on the mass production recording container after passing the data security verification operation.
As described above, the serial flash memory-based on-chip microcontroller, the serial flash memory-based on-chip method and the serial flash memory-based on-chip system have the advantages that the mode of erasing according to the optimal block size of the flash memory is supported, the overall mass production time is remarkably saved, the efficiency is improved, the configuration of mass production state indexes is supported, the transparency of the mass production process is improved, the loading and execution of user-defined instructions are supported, more complex mass production interaction logic is realized, the diversified demands of customers are met, and in addition, all operations are performed under the double protection of safe starting and encryption starting, so that the safety and confidentiality in the mass production implementation process are ensured to the greatest extent.
Drawings
FIG. 1 is a schematic diagram of an on-chip microcontroller based on serial flash memory according to an embodiment of the present application.
FIG. 2 is a schematic diagram showing a mass production system based on serial flash memory according to an embodiment of the application.
FIG. 3 is a schematic diagram showing a configuration of a pre-configured form of a burn-in container of a mass-produced chip microcontroller according to an embodiment of the present application.
Fig. 4 is a schematic flow chart of detection and verification by a mass production burn-in container detection module in an on-chip microcontroller based on serial flash memory according to an embodiment of the application.
FIG. 5 is a flow chart of the command container processing procedure in an embodiment of the on-chip microcontroller based on serial flash memory according to the present application.
FIG. 6 is a flow chart of a serial flash based mass production method according to an embodiment of the application.
FIG. 7 is a flow chart showing the interaction process in an embodiment of the serial flash based mass production system of the present application.
Detailed Description
Other advantages and effects of the present application will become apparent to those skilled in the art from the following disclosure, which describes the embodiments of the present application with reference to specific examples. The application may be practiced or carried out in other embodiments that depart from the specific details, and the details of the present description may be modified or varied from the spirit and scope of the present application. It should be noted that the following embodiments and features in the embodiments may be combined with each other without conflict.
Before explaining the present invention in further detail, terms and terminology involved in the embodiments of the present invention will be explained, and the terms and terminology involved in the embodiments of the present invention are applicable to the following explanation:
<1> on-chip microcontroller the on-chip microcontroller is a microcomputer integrated on a chip and comprises a Central Processing Unit (CPU), a memory (RAM) and peripherals responsible for controlling the operation of the chip.
<2> Off-chip serial flash memory is a flash memory chip that is independent of the outside of the chip, communicates with the chip through a serial interface (SPI, I2C, etc.) for storing data.
<3> On-chip module means a module inside a chip specially used for performing a specific function, for example, an analog-to-digital converter (ADC) converts an analog signal into a digital signal, a digital-to-analog converter (DAC) converts a digital signal into an analog signal, a timer is used for precise timing, and a serial port is used for serial communication with other devices.
<4> Command container probing, command container probing is a step in the data processing flow for identifying and locating data blocks containing command information, typically by analyzing specific identifiers or data structures in the data stream.
<5> Command container processing-command container processing refers to a process of parsing, verifying, and executing a command container. Firstly analyzing the command and parameters in the command container, then verifying to ensure that the command is legal and effective, and finally executing corresponding operation according to the command.
<6> Firmware container the firmware container is a file or data structure containing program codes and configuration information required for the operation of the chip, for updating or upgrading the functions of the chip.
<7> Command container the command container is a data structure containing commands and related parameters for controlling the behavior of the chip. For example, a command container that controls the brightness of a chip LED lamp may contain an "led_on" command and a brightness value.
<8> Erasure granularity the erasure granularity refers to the smallest data unit that can be erased when the flash memory chip performs an erasure operation. Flash memory chips cannot erase a single byte, but rather need to erase a sector or a block.
<9> Memory block the memory block refers to a contiguous block of memory space in the memory for storing data. Each memory block has a unique address through which a program can access the data in that block.
<10> Byte-by-byte comparison method-byte-by-byte comparison method is used to compare whether two data streams are identical. Which compares the two data streams byte by byte and considers them identical if all bytes are identical.
<11> Feature code comparison method the feature code comparison method judges whether the data streams are identical by comparing specific feature codes in the data streams. A signature is a piece of data at a specific location in a data stream that is used to identify the type or version of the data stream.
<12> Erase operation, erase operation means that all data in the flash memory chip is cleared to restore it to an initial state at the time of shipment.
<13> Digital signature verification is a security mechanism used to verify the integrity and origin of data. It encrypts data using a digital signature algorithm, generates a digital signature, and attaches it to the data. The recipient can ensure the integrity and source of the data by verifying the digital signature.
<14> Symmetric encryption and decryption is an encryption method that uses the same key for encryption and decryption. The encryption party and the decryption party need to share the same secret key, and only the person with the secret key can decrypt the data.
<15> Secure hash algorithm the secure hash algorithm is an algorithm that converts data of an arbitrary length into a hash value of a fixed length. The hash value is a fingerprint of the data that can be used to verify the integrity and non-tamper resistance of the data.
<16> JESD216 Standard is an interface standard of a serial flash memory chip, which defines a protocol for communication between the serial flash memory chip and other chips, including data transmission format, timing, etc.
<17> ESDSA-P256 algorithm the ESDSA-P256 algorithm is an elliptic curve digital signature algorithm that uses elliptic curve cryptography to generate and verify digital signatures that can ensure data integrity and source reliability.
<18> AES-CBC encryption algorithm the AES-CBC encryption algorithm is a commonly used symmetric encryption algorithm that divides data into several blocks and encrypts each block using the same key.
<19> On-chip disposable programmer-a device dedicated to one-time programming of chips that can be programmed only once and then no further modification can be made.
<20> On-chip SRAM is a fast memory, but is a volatile memory that loses stored data upon power down. Which is typically used to store program code, work data, etc. for data that requires quick access.
To facilitate an understanding of embodiments of the present application, a detailed description is first provided with reference to fig. 1. Fig. 1 shows a schematic diagram of an on-chip microcontroller based on serial flash memory in accordance with an embodiment of the present application. The on-chip microcontroller based on the mass production of the serial flash memory in the embodiment mainly comprises the following units:
The serial flash memory controller 101 is in communication connection with the off-chip serial flash memory and is used for constructing a data transmission management channel between the on-chip microcontroller and the off-chip serial flash memory.
In an embodiment of the invention, the process of constructing a data transmission management channel between the on-chip microcontroller and the off-chip serial flash memory by the serial flash memory controller comprises the steps of obtaining parameter information of the off-chip serial flash memory, configuring an access sequence and access parameters of the serial flash memory controller based on the parameter information of the off-chip serial flash memory, and performing interface configuration on the off-chip serial flash memory by using a general off-chip flash memory read-write application program based on the access sequence and the access parameters of the serial flash memory controller so as to realize the access to the off-chip serial flash memory.
In this embodiment, the serial flash controller implements a set of basic operation logic of serial flash, and is compatible with the serial flash of the main stream on the market in cooperation with the general off-chip flash read-write program. The serial flash memory controller provides flexible configuration options, and can customize corresponding access sequences according to the characteristics of the off-chip serial flash memory. The part is combined with a read-write application program interface of the general off-chip flash memory, and the non-perception support of the main stream serial flash memory on the market is realized. By such a design, a user can easily interact with serial flash of different brands and types without concern for underlying implementation details.
In this embodiment, the parameter information of the off-chip serial flash memory includes, but is not limited to, one or more of a flash type (e.g., NOR flash memory or NAND flash memory), a storage capacity (e.g., 8MB, 16MB, etc.), a page size (number of bytes per write operation, e.g., 256 bytes), a block size (number of bytes per erase operation), a clock frequency (maximum operating frequency of flash operation, determining a read/write speed), an access delay (time required for read/write operation), and an interface protocol (e.g., SPI or QSPI).
In this embodiment, the process of configuring the access sequence and access parameters of the serial flash controller is intended to achieve compatibility with a variety of mass-produced interfaces (such as serial ports, USB, SPI, SWD, and JTAG). The process includes designing access sequence, defining device selection, sending operation command (such as read, write or erase command), providing corresponding data address, and executing data transmission (read or write), configuring access parameters including setting clock frequency (ensuring maximum working frequency match with flash memory), selecting bus width (such as single channel, double channel or four channel), determining transmission mode (full duplex or half duplex), then ensuring compatibility of different mass production interfaces of electric characteristics (such as voltage level and signal integrity) and physical connection (such as interface pins or adapter) to avoid faults caused by electric mismatch, and integrating corresponding software driver and middleware layer to enable mass production interfaces to access and manage multiple interfaces in unified mode.
In the embodiment, the process of carrying out interface configuration on the off-chip serial flash memory by using the universal off-chip flash memory read-write application program based on the access sequence and the access parameters of the serial flash memory controller comprises the steps of analyzing parameter information of the flash memory, wherein the parameter information comprises one or more of flash memory type, storage capacity and access delay to determine an optimal configuration mode, sending an initialization command to the serial flash memory controller to ensure correct device selection, command sending and address configuration, configuring the access parameters such as clock frequency, bus width and transmission mode to adapt to different mass production interfaces, executing actual read-write operation, and carrying out data interaction with the off-chip serial flash memory through a standardized interface to realize effective access and management on the flash memory.
Further, the general-purpose off-chip flash read-write application is a software tool for interacting and managing with various types of off-chip serial flash. The general off-chip flash read-write application supports a variety of interface protocols including SPI, I2C, USB, etc. to ensure adaptability and compatibility in different hardware environments. The core functions of the general off-chip flash read-write application include initializing the flash memory device, performing read and write operations, erasing the memory area, querying the device status, configuring access parameters, and the like. The serial flash memory controller is in data communication with the serial flash memory controller through standard command and data formats, so that flexible mass production interface configuration is realized.
Fig. 2 shows a schematic structural diagram of a serial flash-based mass production system according to an embodiment of the application. The system comprises an on-chip microcontroller based on mass production of the serial flash memory, an off-chip serial flash memory 15 based on mass production of the serial flash memory and an on-chip module 12 based on mass production of the serial flash memory. The on-chip microcontroller is a main innovation point of the application, and comprises an on-chip starting code 1, wherein the on-chip starting code 1 comprises a security algorithm soft and hard module 2, a command container detection module 6, a command container processing module 7 and a serial flash memory controller 14. The security algorithm soft and hard module 2 comprises a digital signature verification module 3, a symmetric encryption and decryption module 4 and a security hash algorithm module 5. The command container processing module 7 comprises a command container analysis engine 8, a timer triggering module 9, a configuration storage and triggering module 10, a storage read-write module 11, a custom command interaction execution module 12 and a general off-chip flash read-write application program interface 13. The on-chip module 12 includes a memory module 16 and on-chip peripherals 21. Wherein the memory module 16 comprises a memory protection unit 17, an on-chip flash memory 18, an on-chip one-time programmer 19, and an on-chip SRAM20. The on-chip peripheral 21 supports GPIO, UART, SPI, I, C, CAN, USB, ethernet, etc. for communication connection.
The command container detection unit 102 is respectively in communication connection with the off-chip serial flash memory and the security algorithm verification unit, and is used for detecting whether the on-chip serial flash memory contains the mass production recording container with preset characteristics or not, reading the mass production recording container when the mass production recording container containing the preset characteristics is detected, and sending the mass production recording container to the security algorithm verification unit.
In an embodiment of the invention, the mass production programming container in the preset format comprises a firmware container, a command container and a command processing operation, wherein the firmware container is used for indicating command container metadata of the mass production programming container, the command container comprises one or more command blocks, each command block comprises command content and command tail, each command content comprises one or more firmware management functions, the tail of each command block comprises authentication information of the next command content, and the next command content is subjected to analysis processing operation in response to the authentication information of the next command content meeting a condition.
Fig. 3 shows a schematic structural diagram of the preset format of the volume production burning container according to an embodiment of the present invention. The device comprises a firmware container and a command container. The firmware container integrates a plurality of firmware components and provides necessary management information by adopting a standardized packaging mode for organizing a firmware structure. The command container effectively guarantees the safety and stability of command execution and prevents illegal command execution through the authentication mechanism of each command block.
Further, the firmware container includes a firmware container header, a firmware information table, a device configuration block, a signature block, and a FW Blob module. Wherein the firmware container header contains important metadata including one or more of signature information, encryption related information, firmware container size, command container start offset, version information, and checksum for verifying the integrity and origin of the firmware. The firmware information table includes names, sizes, types, addresses, and version information of the respective firmware components for managing and identifying the components. The device configuration block is used to store hardware and software configuration information of the device, such as processor type, memory size, peripheral information, operating system version, network configuration, and application configuration. The signature block contains a digital signature for verifying the integrity of the firmware container, typically signed by a certification authority. The FW BLOB (Firmware Binary Large Object) module refers to a data format for storing firmware. In embedded systems and hardware devices, firmware is a program or software that controls the operation of the hardware, which is stored in an internal memory of the device, such as a flash memory. BLOBs are used to represent a method of storing large amounts of binary data, and are commonly used in databases or storage systems. FW BLOBs are used to package firmware into one large binary file for storage and updating on the device.
Further, the command container is made up of a series of independent command blocks, each containing command content and command trailer. The command content portion contains specific instruction operations that configure memory, erase regions, write data, configure running status indicating peripherals, load custom applets, etc. In order to ensure safe execution of the commands, the tail of each command block contains authentication information for verifying the next command, and the next command can be correctly analyzed and processed only if the authentication condition is met. The command container in the invention effectively prevents illegal command execution and ensures the safety and stability of the system.
In an embodiment of the present invention, the process of detecting whether the on-chip serial flash memory includes the step of detecting an offset position corresponding to an erasure granularity of the on-chip serial flash memory based on the erasure granularity of the on-chip serial flash memory to determine whether the current offset position includes the on-chip serial flash memory with the preset format.
In this embodiment, the command container detection module is used to locate and identify command containers in the off-chip serial flash memory. It detects at the corresponding offset address based on the erasure granularity of the flash memory and confirms its presence by analyzing the characteristics of the command container (e.g., specific data structure, checksum or flag bits). For example, if the erasure granularity of the off-chip serial flash memory is 4KB and the command container starting address is 0x10000, the probe module starts from 0x10000 and examines each erasure block one by one in 4KB steps to find a predefined characteristic, such as "CMD_ CONTAINER" byte sequence. If a feature is found, it is determined that the block contains a command container and its starting address is recorded.
In one embodiment of the invention, the process of detecting the offset position corresponding to the erasure granularity in the off-chip serial flash memory based on the erasure granularity of the off-chip serial flash memory to determine whether the current offset position contains the mass production burning container in the preset format or not comprises traversing the off-chip serial flash memory by taking the erasure granularity of the off-chip serial flash memory as a step length from the initial address of the off-chip serial flash memory, comparing the data memory of the data block read in each traversal with the mass production burning container in the preset format, responding to the characteristic of the data memory of the read data block consistent with the characteristic of the mass production burning container in the preset format, reading the head information of the mass production burning container, executing the data security verification operation, responding to the characteristic of the data memory of the read data block inconsistent with the characteristic of the mass production burning container in the preset format, judging whether the current access offset is smaller than the memory size of the off-chip serial flash memory, if the current access offset is smaller than the memory size of the off-chip serial flash memory, increasing the erasure granularity of the off-chip serial flash memory according to the size of the off-chip serial flash memory, and exiting the current serial flash memory, and executing the process if not, continuing to traverse the off-chip serial flash memory.
In this embodiment, the algorithm for comparing the data memory of the data block read in each traversal with the mass-produced recording container in the preset format includes a byte-by-byte comparison algorithm or a feature code comparison algorithm. The byte-by-byte comparison algorithm directly compares each byte of two data blocks, which is applicable to the case of smaller data block length, but is less efficient and sensitive to data. The feature code comparison algorithm can be used for comparing the feature codes of the data blocks, for example, CRC check codes, MD5 or SHA-256 hash algorithms are used, so that larger data blocks can be compared quickly.
In this embodiment, the user is allowed to flexibly set the erasing range according to the requirement, and is not limited by the fixed size. The flexible erasing mode is combined with the searching result (the block alignment area) to erase, so that efficient erasing operation can be realized. However, existing system designs have limitations that necessitate parsing and performing mass production operations from a fixed off-chip flash 4KB offset, resulting in flash memory that can only be erased at a granularity of less than or equal to 4 KB. This design limits the possibilities of using a larger erasure granularity to improve erasure efficiency. For example, when a flash memory space of 64KB needs to be erased, 16 times of erasing operations need to be performed by using the granularity of 4KB, and only one time of erasing operations need to be performed by using the granularity of 64KB, so that the efficiency gap is obvious, and the problem of the influence on the erasing efficiency caused by the limitation of the granularity of the off-chip flash memory in the prior art is solved.
Fig. 4 is a schematic flow chart of detection and verification performed by the detecting module of the volume production burn container according to an embodiment of the invention. After the on-chip starting code is powered on and starts to execute, whether the triggering conditions of detection and verification are met or not is judged, and if the triggering conditions are met, the characteristics of the mass production burning container are searched in sequence according to the size of the FLASH block. If the characteristics of the volume production burning container are detected, loading the firmware container head in the volume production burning container and verifying, if the firmware container head passes the verification, entering a command container processing subprocess, and otherwise, exiting the volume production flow. If the characteristics of the mass production burning container are not detected, further judging whether the FLASH memory tail is reached, if the FLASH memory tail is reached, exiting the mass production flow, otherwise, increasing the access offset according to the FLASH block size.
The security algorithm verification unit 103 is respectively in communication connection with the command container detection unit and the command container processing unit, and is used for receiving the volume production burning container sent by the command container detection unit, executing data security verification operation on the volume production burning container, and sending the volume production burning container to the command container processing unit after passing the data security verification operation.
In one embodiment of the invention, the security algorithm verification unit comprises one or more of a digital signature verification module, a symmetric encryption and decryption module and a secure hash algorithm module.
In the embodiment, the digital signature verification module verifies the integrity and the source of the off-chip data by verifying the digital signature based on the principle of public key cryptography, and the digital signature verification process comprises the steps of obtaining the digital signature corresponding to the off-chip data and verifying the digital signature by using the public key of the system on chip. If the verification is successful, the off-chip data is considered complete and from a legitimate source. The data is signed by the private key by adopting the off-chip serial flash memory to generate a digital signature, the on-chip starting code verifies the digital signature by using the public key of the off-chip serial flash memory, and if the verification is passed, the data is not tampered and comes from a legal source.
In this embodiment, the symmetric encryption and decryption module uses the same key to perform encryption and decryption operations, so as to ensure security in the off-chip data transmission process. The verification process of the symmetric encryption and decryption module comprises the steps of encrypting off-chip data by using a secret key and decrypting the encrypted data by using the same secret key. If the decryption is successful, the data is considered not to be stolen or tampered with. The same key is used for encryption and decryption operations by adopting a symmetric encryption algorithm. The encryption process converts the plaintext into ciphertext and the decryption process converts the ciphertext into plaintext.
In this embodiment, the secure hash algorithm module uses a hash algorithm to calculate a digest of off-chip data for verifying the integrity of the data. The verification process of the secure hash algorithm module comprises the steps of calculating a hash value of off-chip data and comparing the calculated hash value with a stored hash value. If the two hash values are the same, the data is considered not tampered with. And converting the data with any length into a hash value with a fixed length by adopting a hash algorithm. Even if the data changes slightly, the hash value thereof changes greatly. The hash value may be used to verify the integrity of the data.
The command container processing unit 104 is respectively in communication connection with the security algorithm verification unit and the on-chip module, and is used for receiving the volume production burning container sent by the security algorithm verification unit and executing burning operation on the on-chip module based on the volume production burning container.
In one embodiment of the invention, the command container processing unit comprises one or more of a command container analysis engine, a timer triggering engine, a configuration storage and triggering module, a memory read-write module, a custom command interaction execution module and a general off-chip read-write application program interface.
In an embodiment of the present invention, the command container parsing module is configured to parse various commands stored in the command container, and sequentially execute corresponding actions according to the parsing result, such as erasing a flash memory or lighting an error indicator. The module first parses the received command, determines the type and parameters of the command, and then performs the corresponding functions according to the desired operation. During execution, the module may take care of the order and conditions of execution to ensure that the user's intent is properly reflected. This design may ensure that the on-chip module responds appropriately to various events in different states, thereby improving the stability and reliability of the system.
In one embodiment of the invention, a timer trigger engine is used to time the user-defined operation, and can automatically take certain actions within a specific time interval, such as flashing an indicator light when running. The module periodically executes specific tasks according to the preset time interval of the user by setting the timer, so that the dynamic response capability and interactivity of the on-chip module are improved. The user may adjust the settings of the timer as needed, for example, to modify the flashing frequency or duration, to achieve a personalized function.
In an embodiment of the present invention, the configuration save and trigger module is configured to save the action sequences and the trigger conditions indicated in the mass production process. This means that the user can set various behavior specifications, such as pins corresponding to the indicator lights, frequency of blinking, etc., when configuring the device. Whenever the device is started or reset, the module quickly reverts to the previous state according to the saved configuration, thereby ensuring consistency and stability. Preferably, the module also provides a simple interface so that the user is not confused in the configuration process, and the action sequence and the trigger condition can be easily managed and updated.
In an embodiment of the invention, the memory read/write module is used for erasing, reading and writing operations of an on-chip memory module or a plug-in serial flash memory. The module supports various memories, ensures the safe access of data and effectively manages memory resources. In the read-write process, the module processes various states, such as busy waiting, error processing and the like, so as to ensure the consistency and accuracy of the data, thereby realizing the persistence and flexible management of the data.
In an embodiment of the present invention, the custom command interactive executing module is used for loading and executing the specified applet, which provides high flexibility and extensibility. The user may write and upload applets as desired, which may perform particular tasks or interact with other portions of the system. The module will check for security and compatibility before executing the applet to prevent potential errors or security vulnerabilities. The design not only improves the system customization, but also enables the system to quickly adapt to changing demands and application situations.
Further, the on-chip module can realize the small programs with multiple functions through the custom command interaction execution module so as to meet different application requirements. Illustratively, the LED control applet controls the status of the LEDs via serial commands, including functions such as on, off, and blinking. The temperature monitoring and alarming applet reads the temperature sensor data in real time and triggers an alarm when the temperature exceeds a set threshold. The data logging and storage applet periodically collects environmental sensor data and stores it for later analysis. Through serial command analysis and execution of the applet, the user can send custom commands, and the system analyzes and executes corresponding operations. The real clock and the timing wake-up applet maintain time accuracy in a low power state and have a timing wake-up function. The custom task scheduler performs a series of operations, such as enabling the device periodically or collecting data, at regular intervals according to a user-set policy. The simple user interaction interface applet provides a basic input interface for facilitating the adjustment of the device state. The remote firmware update applet supports receiving and burning new firmware over a network, optimizing the device update process. These applets enhance the application capabilities of the on-chip module.
In an embodiment of the present invention, the universal off-chip flash read/write application program interface is an interface implemented based on JESD216 standard, and supports off-chip Serial flash (Serial NOR) that is mainstream in the market. The design of the interface aims at providing a unified operation method, so that a developer can read and write data in a consistent manner, and the universality and portability of the system are improved. Through the interface, a developer can quickly realize the support of multiple types of flash memories without considering specific hardware implementation details, so that development time and cost are saved. The interface can meet market demands and improve the overall performance and stability of the system. Wherein JESD216 refers to a standard regarding serial NOR flash memory formulated by JEDEC (solid State technology Association) and aims to standardize the interface and performance characteristics of flash memories and promote the uniformity and compatibility of markets.
In an embodiment of the invention, the command container processing unit executes the programming operation on the on-chip module based on the mass production programming container, and comprises the steps of sequentially loading and verifying each command block in the command container of the mass production programming container, responding to the current command block in the command container of the mass production programming container to carry out command content analysis on the current command block, executing a corresponding firmware management function on the on-chip module according to an analysis result, judging whether the mass production tail of the mass production programming container is reached after the corresponding firmware management function is executed, if the mass production tail of the mass production programming container is reached, completing the mass production task, and loading and verifying the next command block in the command container of the mass production programming container and repeatedly executing the command content analysis and the firmware management function.
In an embodiment of the invention, the process of mass production burning of the on-chip module under the cooperation of the on-chip code and the off-chip serial flash memory comprises the following steps that an on-chip starting program of a user is burnt to a 256KB offset position of the off-chip serial flash memory, so that a plurality of key functions are provided to ensure the safety and the high efficiency of equipment in the mass production process. Firstly, the on-chip starting program performs digital signature by using ESDSA-P256 algorithm and adopts AES-CBC encryption algorithm to encrypt so as to ensure the integrity and security of the program. After the mass production process is started, the PA10 pin in the on-chip module is set to be an operation indicator lamp through an on-chip starting program, and when the burning process is normally operated, the pin is set to flash once every 100 milliseconds so as to clearly indicate the operation state of the program.
Further, in order to timely feed back the possible problems in the mass production process, the PA11 pin is set as a mass production failure indicator lamp, and if the fault occurs, the pin is set to flash once every 500 milliseconds so as to remind a user of the fault in the burning process. The on-chip boot program will then perform the erase and write the user program to the 4KB offset of the off-chip flash memory to ensure that the user program is loaded correctly.
FIG. 5 is a flow chart of a command container processing procedure according to an embodiment of the invention. After the volume production burning container passes the verification, starting the command container to analyze, loading and verifying the first command, judging whether the volume production burning container passes the verification, and if so, further analyzing the content of the command block in the volume production burning container. Wherein the structure of the command block is shown in fig. 3. Each command block contains command content and command tail, wherein the command tail contains relevant information of the next command. To further enhance security. The parsed command block content includes configuration run status indication, configuration memory, erase memory, write memory, load run definition instructions (programs), and reset. And judging whether the tail of the mass production burning container is reached after the execution of the current command block is finished, if so, completing the current mass production process, otherwise, loading and verifying the next command block. If the verification is not passed, the current mass production process is exited.
Further, the program writes the hash value of the secure starting key into the on-chip one-time programmer, further ensures the security of the starting process, and burns the life cycle related codes to effectively manage the service cycle of the equipment and ensure the stable operation of the equipment. After the safety setting is completed, the on-chip starting program loads a section of special chip definition instruction, and the instruction configures the UART and communicates with the mass production machine to realize the burning of the serial number of the product. When the sequence number entry is completed, the program will return the corresponding command sequence for subsequent processing. Finally, after all the operations are completed, the on-chip starting program can be executed to erase the on-chip starting program and restart the chip of the on-chip module, so that the whole mass production process of the product is smoothly completed. During this time, the on-chip boot code will complete the detection and verification of the command container required for mass production according to the steps shown in fig. 4, and then complete the parsing and execution of the command container according to the flow shown in fig. 5. Through the series of interrelated steps, the on-chip starting program ensures the safety, correct burning and integrity of the user equipment, thereby realizing the efficient mass production flow.
Further, the command block for burning the on-chip module includes configuring an operational status indication to confirm whether the module has been successfully started and is operating properly, such as illuminating an LED light or setting a status register. And the memory is configured, the type, the size and the access mode of the memory in the module are set, and correct storage and reading of programs and data are ensured. And erasing the memory, and restoring the memory to an initial state to make room for new programs and data. The write memory transfers the new program code and associated data to the memory of the module so that the module can run the program and access the data. The load operation definition instructions (programs) load the program code into the memory of the module, enabling it to run the program. Resetting, resetting the module to an initial state, clearing an internal state register, and stopping program operation so as to perform new burning operation.
It should be understood that the division of the units and the modules in the embodiments of the present application is illustrative, and is merely a logic function division, and other division manners may be implemented in practice. In addition, each functional module in the embodiments of the present application may be integrated in one processor, or may exist alone physically, or two or more modules may be integrated in one module. The integrated modules may be implemented in hardware or in software functional modules.
In the embodiments of the present application, words such as "exemplary" or "such as" denote examples, illustrations, or descriptions. Any embodiment or design described herein as "exemplary" or "for example" should not be construed as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "exemplary" or "such as" is intended to present related concepts in a concrete fashion.
In the embodiments of the present application, "at least one" means one or more, and "a plurality" means two or more. "and/or" describes an association of associated objects, meaning that there may be three relationships, e.g., A and/or B, and that there may be A alone, while A and B are present, and B alone, where A, B may be singular or plural. The character "/" generally indicates that the context-dependent object is an "or" relationship. "at least one of" or the like means any combination of these items, including any combination of single item(s) or plural items(s). For example, at least one (a, b or c) of a, b, c, a-b, a-c, b-c or a-b-c may be represented, wherein a, b, c may be single or plural.
Fig. 6 is a flowchart of a mass production method of serial flash memory according to an embodiment of the present application, where the method is applied to an on-chip microcontroller. As shown in fig. 6, the method comprises the steps of:
And step S61, constructing a data transmission management channel between the chip and the off-chip serial flash memory.
Step S62, detecting whether the on-chip serial flash memory contains a mass production programming container with preset characteristics or not, and reading the mass production programming container when the mass production programming container containing the preset characteristics is detected.
And step S63, performing data security verification operation on the mass production burning container, and performing burning operation on the on-chip module based on the mass production burning container after passing the data security verification operation.
It should be understood that the specific process of executing the corresponding steps in each flow step is already described in detail in the embodiment of the on-chip microcontroller, and is not described herein for brevity.
FIG. 7 is a schematic diagram showing an interaction process of an embodiment of a serial flash based mass production system of the present application, the system including an off-chip serial flash, a microcontroller on chip and a module on chip, the interaction process of the system comprising:
the on-chip microcontroller detects whether the on-chip microcontroller comprises a mass production burning container with preset characteristics in the off-chip serial flash memory, reads the mass production burning container when the mass production burning container with the preset characteristics is detected, performs data security verification operation on the mass production burning container, and performs burning operation on the on-chip module based on the mass production burning container after the data security verification operation is passed.
In an embodiment of the present invention, the implementation of the present solution relies on multiple storage related modules in the on-chip module to ensure feasibility and security of the solution. Specifically, the memory protection unit in the memory module is used to prevent execution of illegal codes during mass production, thereby enhancing security of the system. On-chip flash memory and on-chip disposable programmers are important components of mass production schemes, and are mainly used for programming and burning on-chip storage. In addition, on-chip SRAM is used to store some configuration data or user-defined instructions required in the production process. Meanwhile, the on-chip peripheral bears the function of indicating the mass production state and supports the execution of user-defined instructions, communication processes and other operations. The cooperative work of the modules ensures the smooth progress of the mass production process, and further improves the reliability and user experience of the whole system.
It should be understood that the specific process of executing the corresponding steps in each flow step is already described in detail in the embodiment of the on-chip microcontroller, and is not described herein for brevity.
As used in this specification, the terms "component," "module," "system," and the like are intended to refer to a computer-related entity, either hardware, firmware, a combination of hardware and software, or software in execution. For example, a component may be, but is not limited to being, a process running on a processor, an object, an executable, a thread of execution, a program, and/or a computer. By way of illustration, both an application running on a computing device and the computing device can be a component. One or more components may reside within a process and/or thread of execution and a component may be localized on one computer and/or distributed between 2 or more computers. Furthermore, these components can execute from various computer readable media having various data structures stored thereon. The components may communicate by way of local and/or remote processes such as in accordance with a signal having one or more data packets (e.g., data from two components interacting with one another in a local system, distributed system, and/or across a network such as the internet with other systems by way of the signal).
Those of ordinary skill in the art will appreciate that the various illustrative logical blocks (Illustrative Logical Block) and steps (Step) described in connection with the embodiments disclosed herein can be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, and are not repeated herein.
In the several embodiments provided by the present application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of elements is merely a logical functional division, and there may be additional divisions of actual implementation, e.g., multiple elements or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
In the above-described embodiments, the functions of the respective functional units may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions (programs). When the computer program instructions (program) are loaded and executed on a computer, the processes or functions in accordance with embodiments of the present application are produced in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by a wired (e.g., coaxial cable, fiber optic, digital subscriber line (Digital Subscriber Line, DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). Computer readable storage media can be any available media that can be accessed by a computer or data storage devices, such as servers, data centers, etc., that contain an integration of one or more available media. Usable media may be magnetic media (e.g., floppy disk, hard disk, magnetic tape), optical media (e.g., high density digital video disc (Digital Video Disc, DVD), or semiconductor media (e.g., solid state disk (Solid STATE DISK, SSD)), etc.
The foregoing is merely illustrative of the present application, and the present application is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present application. Therefore, the protection scope of the application is subject to the protection scope of the claims.
In summary, the application provides a serial flash memory based mass production on-chip microcontroller, a serial flash memory based mass production on-chip method and a serial flash memory based mass production system. The method can support erasing according to the optimal block of the memory to optimize the burning time and improve the burning efficiency, simultaneously provides configuration options, is convenient for a user to monitor the mass production state, can support user-defined instructions to meet more complex mass production requirements, is internally provided with a safe starting and encrypting mechanism, and ensures the safety of the burning process and the confidentiality of data. Therefore, the production efficiency is effectively improved, the product safety is ensured, and the more complex mass production requirement is met. Therefore, the application effectively overcomes various defects in the prior art and has high industrial utilization value.
The above embodiments are merely illustrative of the principles of the present application and its effectiveness, and are not intended to limit the application. Modifications and variations may be made to the above-described embodiments by those skilled in the art without departing from the spirit and scope of the application. Accordingly, it is intended that all equivalent modifications and variations of the application be covered by the claims, which are within the ordinary skill of the art, be within the spirit and scope of the present disclosure.

Claims (8)

1. An on-chip microcontroller based on serial flash memory mass production, the on-chip microcontroller comprising:
The serial flash memory controller is in communication connection with the off-chip serial flash memory, and is used for constructing a data transmission management channel between the on-chip microcontroller and the off-chip serial flash memory, and the process comprises the steps of obtaining parameter information of the off-chip serial flash memory, configuring an access sequence and access parameters of the serial flash memory controller based on the parameter information of the off-chip serial flash memory, and performing interface configuration on the off-chip serial flash memory by using a general off-chip flash memory read-write application program based on the access sequence and the access parameters of the serial flash memory controller so as to realize the access to the off-chip serial flash memory;
The command container detection unit is respectively in communication connection with the off-chip serial flash memory and the security algorithm verification unit; the command container detection unit is used for detecting whether the on-chip serial flash memory contains a mass production recording container with preset characteristics or not, reading the mass production recording container when the mass production recording container containing the preset characteristics is detected, and sending the mass production recording container to the security algorithm verification unit; the command container detection unit detects offset positions corresponding to the erasure granularity in the off-chip serial flash memory based on the erasure granularity of the off-chip serial flash memory to determine whether the current offset positions contain the mass production recording containers in the preset format;
The safety algorithm verification unit is respectively in communication connection with the command container detection unit and the command container processing unit, and is used for receiving the volume production burning container sent by the command container detection unit, executing data safety verification operation on the volume production burning container, and sending the volume production burning container to the command container processing unit after passing the data safety verification operation;
the command container processing unit is respectively in communication connection with the security algorithm verification unit and the on-chip module, and is used for receiving the volume production burning container sent by the security algorithm verification unit and executing burning operation on the on-chip module based on the volume production burning container.
2. The serial flash based mass produced on chip microcontroller of claim 1 wherein the pre-formatted mass produced burn-in container comprises:
A firmware container for command container metadata indicating the volume production burn container;
The command container comprises one or more command blocks, each command block comprises command content and a command tail, each command content comprises one or more firmware management functions, the tail of each command block comprises authentication information of the next command content, and analysis processing operation is performed on the next command content in response to the authentication information of the next command content meeting the condition.
3. The on-chip microcontroller according to claim 1, wherein the process of detecting offset positions corresponding to erasure granularity in the off-chip serial flash memory based on the erasure granularity of the off-chip serial flash memory to determine whether the current offset positions include a pre-formatted mass production burn-in container comprises:
traversing the off-chip serial flash memory by taking the erasing granularity of the off-chip serial flash memory as a step length from the starting address of the off-chip serial flash memory;
responding to the fact that the data memory of the read data block is consistent with the characteristics of the mass production burning container in a preset format, reading head information of the mass production burning container, and executing data security verification operation;
And judging whether the current access offset is smaller than the memory size of the off-chip serial flash memory or not in response to the fact that the data memory of the read data block is inconsistent with the characteristics of the mass production burning container in the preset format, if so, increasing the access offset according to the size of the erasure granularity of the off-chip serial flash memory, and continuing to traverse the off-chip serial flash memory, otherwise, exiting the current mass production flow.
4. The serial flash memory based mass production on-chip microcontroller of claim 1, wherein the security algorithm verification unit comprises one or more of a digital signature verification module, a symmetric encryption and decryption module and a secure hash algorithm module.
5. The serial flash memory based mass produced on-chip microcontroller of claim 1, wherein the command container processing unit comprises one or more of a command container parsing engine, a timer triggering engine, a configuration save and trigger module, a memory read-write module, a custom command interactive execution module, and a generic off-chip read-write application program interface.
6. The serial flash based mass produced on-chip microcontroller of claim 2, wherein the process of the command container processing unit performing a burn operation on the on-chip module based on the mass produced burn container comprises:
sequentially loading and verifying each command block in a command container of the mass production burning container;
responding to the current command block in the command container of the volume production burning container, analyzing the command content of the current command block, executing a corresponding firmware management function on the on-chip module according to the analysis result, judging whether the volume production tail of the volume production burning container is reached after the corresponding firmware management function is executed, completing the volume production task if the volume production tail of the volume production burning container is reached, loading and verifying the next command block in the command container of the volume production burning container if the volume production tail of the volume production burning container is not reached, and repeatedly executing the command content analysis and the firmware management function.
7. A serial flash based mass production method, characterized in that the method is applied to the serial flash based mass production on-chip microcontroller according to any one of claims 1 to 6, the method comprising:
Constructing a data transmission management channel with the off-chip serial flash memory;
Detecting whether a mass production programming container with preset characteristics is contained in the off-chip serial flash memory, and reading the mass production programming container when the mass production programming container with the preset characteristics is detected;
and executing data security verification operation on the mass production burning container, and executing burning operation on the on-chip module based on the mass production burning container after passing the data security verification operation.
8. A serial flash based mass production system, wherein the system comprises an off-chip serial flash memory, an on-chip microcontroller and an on-chip module for serial flash based mass production as claimed in any one of claims 1 to 6, the interaction process of the system comprising:
a data transmission management channel is constructed between the on-chip microcontroller and the off-chip serial flash memory;
The on-chip microcontroller detects whether the on-chip serial flash memory contains a mass production programming container with preset characteristics or not, and reads the mass production programming container when the mass production programming container with the preset characteristics is detected;
And the on-chip microcontroller executes data security verification operation on the mass production burning container, and executes burning operation on the on-chip module based on the mass production burning container after passing the data security verification operation.
CN202411325932.3A 2024-09-23 2024-09-23 Mass production on-chip microcontroller, method and system based on serial flash memory Active CN119166564B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202411325932.3A CN119166564B (en) 2024-09-23 2024-09-23 Mass production on-chip microcontroller, method and system based on serial flash memory

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202411325932.3A CN119166564B (en) 2024-09-23 2024-09-23 Mass production on-chip microcontroller, method and system based on serial flash memory

Publications (2)

Publication Number Publication Date
CN119166564A CN119166564A (en) 2024-12-20
CN119166564B true CN119166564B (en) 2025-09-30

Family

ID=93891143

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202411325932.3A Active CN119166564B (en) 2024-09-23 2024-09-23 Mass production on-chip microcontroller, method and system based on serial flash memory

Country Status (1)

Country Link
CN (1) CN119166564B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111258631A (en) * 2020-01-13 2020-06-09 广芯微电子(广州)股份有限公司 Automatic mass production system and method for terminal equipment parameters
CN115993976A (en) * 2022-11-14 2023-04-21 广东德赛矽镨技术有限公司 Method, system and burner for burning electric quantity management product

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8332931B1 (en) * 2008-09-04 2012-12-11 Marvell International Ltd. Processing commands according to authorization
TWI450099B (en) * 2009-12-10 2014-08-21 Phison Electronics Corp Flash memory storage system for simulating a rewritable disc device, flash memory controller, comupter system and method theeof

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111258631A (en) * 2020-01-13 2020-06-09 广芯微电子(广州)股份有限公司 Automatic mass production system and method for terminal equipment parameters
CN115993976A (en) * 2022-11-14 2023-04-21 广东德赛矽镨技术有限公司 Method, system and burner for burning electric quantity management product

Also Published As

Publication number Publication date
CN119166564A (en) 2024-12-20

Similar Documents

Publication Publication Date Title
US11741230B2 (en) Technologies for secure hardware and software attestation for trusted I/O
TW480443B (en) Virus resistant and hardware independent method of flashing system BIOS
TWI570592B (en) System, method and computer readable storage medium for updating computer firmware
US7318129B1 (en) Flash memory protection scheme for secured shared BIOS implementation in personal computers with an embedded controller
US20080040580A1 (en) Microcontroller based flash memory digital controller system
US11354259B1 (en) Computer system configurations based on accessing data elements presented by baseboard management controllers
US12197368B2 (en) Component firmware interaction using hardware registers
CN104486355A (en) Method and device for preventing codes from being maliciously tampered with
CN101018131A (en) Information security device with the function selection device and its control method
CN107784226A (en) Method and system for preventing malicious tampering of codes by using asymmetric encryption algorithm
CN119166564B (en) Mass production on-chip microcontroller, method and system based on serial flash memory
US20150363712A1 (en) Systems and methods for distinguishing information handling system provider-supported information handling resource via system license
CN106909382B (en) Method and device for outputting different types of system starting information
CN103164658A (en) Protecting method and protecting system for configuration files
CN116028100B (en) Software version upgrading method and electronic equipment
CN118295678A (en) Firmware programming method, device and medium for basic input/output system
CN116431186A (en) Upgrading method, device and medium of vehicle-mounted ECU
US8001313B2 (en) Insertion and removal of computing cards in server I/O slots
CN119938072A (en) A chip offline burning method, system, device and medium
CN121233410A (en) Compatibility and reliability testing method for solid state disk
US10768816B2 (en) Method and apparatus to manipulate customer data without using the host interface
CN117271232A (en) Processing system, related integrated circuit, apparatus and method
CN119597323A (en) Offline software refreshing method and device
CN121008811A (en) Multi-channel chip mass production programming apparatus, system and method
CN121187599A (en) Complete machine software integration method and complete machine software integration system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address

Address after: 201203 Shanghai Pudong New Area, China (Shanghai) Pilot Free Trade Zone, No. 57 Boxia Road, 1st Floor

Patentee after: Shanghai Xianji Semiconductor Technology Co.,Ltd.

Country or region after: China

Address before: 200120 Shanghai Pudong New Area, China (Shanghai) Free Trade Zone, Room 203, Building 3, No. 111 Xiangke Road

Patentee before: Shanghai Xianji Semiconductor Technology Co.,Ltd.

Country or region before: China