公开(公告)号：US09230112B1

公开(公告)日：2016-01-05

申请号：US13775151

申请日：2013-02-23

Applicant: Xilinx, Inc.

Inventor： Edward S. Peterson ,  Roger D. Flateau, Jr. ,  James D. Wesselkamper ,  Steven E. McNeil ,  Jason J. Moore ,  Lester S. Sanders ,  Lawrence C. Hung ,  Yatharth K. Kochar

IPC: G06F9/00 ,  G06F15/177 ,  G06F21/57 ,  G06F9/44 ,  G06F21/76

CPC classification number: G06F21/575 ,  G06F9/4401 ,  G06F9/4406 ,  G06F9/4416 ,  G06F21/76

Abstract: A system generally relating to an SoC, which may be a field programmable SoC (“FPSoC”), is disclosed. In this SoC, dedicated hardware includes a processing unit, a first internal memory, a second internal memory, an authentication engine, and a decryption engine. A storage device is coupled to the SoC. The storage device has access to a boot image. The first internal memory has boot code stored therein. The boot code is for a secure boot of the SoC. The boot code is configured to cause the processing unit to control the secure boot.

Abstract translation: 通常涉及可能是现场可编程SoC（“FPSoC”）的SoC的系统被公开。 在该SoC中，专用硬件包括处理单元，第一内部存储器，第二内部存储器，认证引擎和解密引擎。 存储设备耦合到SoC。 存储设备可以访问引导映像。 第一内部存储器具有存储在其中的引导代码。 引导代码用于安全引导SoC。 引导代码被配置为使处理单元控制安全启动。

公开(公告)号：US09411688B1

公开(公告)日：2016-08-09

申请号：US14103723

申请日：2013-12-11

Applicant: Xilinx, Inc.

Inventor： Ramakrishna G. Poolla ,  Yatharth K. Kochar ,  Krishna C. Patakamuri

IPC: G06F11/14 ,  H03K19/177

CPC classification number: G06F11/1417 ,  H03K19/17764

Abstract: In some disclosed implementations, a system-on-chip on a first IC die includes a boot loader circuit configured to search a first boot device, of a plurality of boot devices coupled to and external to the first IC die, for an uncorrupt boot image. The boot loader circuit is configured to search a second boot device of the plurality of boot devices for an uncorrupt boot image, in response to failing to find an uncorrupt boot image in the first boot device. The boot loader is also configured to load a set of instructions included in the uncorrupt boot image into a memory circuit of the SOC, in response to finding an uncorrupt boot image.

Abstract translation: 在一些公开的实现中，第一IC芯片上的片上系统包括引导加载器电路，其被配置为搜索耦合到第一IC管芯并且在第一IC管芯外部的多个引导器件中的第一引导器件用于未破坏的引导映像 。 引导加载器电路被配置为响应于在第一引导设备中找不到未破坏的引导映像而搜索多个引导设备中的第二引导设备的未破坏的引导映像。 引导加载程序还被配置为响应于发现未破坏的引导映像而将包含在未破坏的引导映像中的一组指令加载到SOC的存储器电路中。

公开(公告)号：US09336010B2

公开(公告)日：2016-05-10

申请号：US13833371

申请日：2013-03-15

Applicant: Xilinx, Inc.

Inventor： Yatharth K. Kochar

IPC: G06F9/44 ,  G06F11/14 ,  G06F21/57

CPC classification number: G06F9/4401 ,  G06F9/4406 ,  G06F9/441 ,  G06F11/1417 ,  G06F21/575

Abstract: A method includes initiating a boot of a system-on-chip coupled to a boot device. The boot is initiated from boot code stored in nonvolatile memory responsive to a power-on-reset. Under control of the boot code: a first register value is loaded into a register; a name string from the boot code is accessed; the first register value is obtained from the register; and the first register value and name string are converted to a first string value, which is provided as a first filename. The boot device is searched for a boot image file with the first filename. If the first filename is not found in the boot device, the first register value is incremented to provide a second register value. The obtaining, converting, and searching are repeated using a second filename generated using the second register value, and a valid filename for the boot image file is iteratively generated.

Abstract translation: 一种方法包括启动耦合到引导设备的片上系统的引导。 根据上电复位，引导是从存储在非易失性存储器中的引导代码启动的。 在引导代码的控制下：第一个寄存器值被加载到一个寄存器中; 访问引导代码中的一个名称字符串; 第一个寄存器值从寄存器获得; 并将第一个寄存器值和名称字符串转换为第一个字符串值，该字符串值作为第一个文件名提供。 使用第一个文件名搜索引导设备的引导映像文件。 如果引导设备中没有找到第一个文件名，则第一个寄存器值递增，以提供第二个寄存器值。 使用使用第二寄存器值生成的第二文件重复获取，转换和搜索，并且迭代地生成用于引导映像文件的有效文件名。

公开(公告)号：US09152794B1

公开(公告)日：2015-10-06

申请号：US14019323

申请日：2013-09-05

Applicant: Xilinx, Inc.

Inventor： Lester S. Sanders ,  Yatharth K. Kochar

IPC: G06F21/57 ,  H04L9/32

CPC classification number: G06F21/575 ,  H04L9/0877 ,  H04L9/3247 ,  H04L9/3249 ,  H04L2209/38

Abstract: A method relating generally to generating a boot image, as performed by an information handling system, for an embedded device is disclosed. This method includes a public key obtained by a boot image generator. A first hash for the public key is generated by the boot image generator. The first hash is provided to a signature generator. A first signature for the first hash is generated by the signature generator. A first partition for the boot image is obtained by the boot image generator. A second hash for the first partition is generated by the boot image generator. The second hash is provided to the signature generator. A second signature for the second hash is generated by the signature generator. The boot image generator and the signature generator are programmed into the information handling system. The boot image includes the public key, the first signature, and the second signature. The boot image is output from the information handling system.

Abstract translation: 公开了一种通常用于生成针对嵌入式设备的由信息处理系统执行的引导映像的方法。 该方法包括由引导图像生成器获得的公开密钥。 公钥的第一个散列由引导映像生成器生成。 第一个散列被提供给签名生成器。 第一个散列的第一个签名由签名生成器生成。 引导映像生成器获得引导映像的第一个分区。 第一个分区的第二个散列由引导映像生成器生成。 第二个散列被提供给签名生成器。 第二个散列的第二个签名由签名生成器生成。 引导图像生成器和签名生成器被编程到信息处理系统中。 启动映像包括公钥，第一签名和第二签名。 引导映像从信息处理系统输出。

公开(公告)号：US20140281455A1

公开(公告)日：2014-09-18

申请号：US13833371

申请日：2013-03-15

Applicant: Xilinx, Inc.

Inventor： Yatharth K. Kochar

IPC: G06F9/44

CPC classification number: G06F9/4401 ,  G06F9/4406 ,  G06F9/441 ,  G06F11/1417 ,  G06F21/575

Abstract: A method includes initiating a boot of a system-on-chip coupled to a boot device. The boot is initiated from boot code stored in nonvolatile memory responsive to a power-on-reset. Under control of the boot code: a first register value is loaded into a register; a name string from the boot code is accessed; the first register value is obtained from the register; and the first register value and name string are converted to a first string value, which is provided as a first filename. The boot device is searched for a boot image file with the first filename. If the first filename is not found in the boot device, the first register value is incremented to provide a second register value. The obtaining, converting, and searching are repeated using a second filename generated using the second register value, and a valid filename for the boot image file is iteratively generated.

Abstract translation: 一种方法包括启动耦合到引导设备的片上系统的引导。 根据上电复位，引导是从存储在非易失性存储器中的引导代码启动的。 在引导代码的控制下：第一个寄存器值被加载到一个寄存器中; 访问引导代码中的一个名称字符串; 第一个寄存器值从寄存器获得; 并将第一个寄存器值和名称字符串转换为第一个字符串值，该字符串值作为第一个文件名提供。 使用第一个文件名搜索引导设备的引导映像文件。 如果引导设备中没有找到第一个文件名，则第一个寄存器值递增，以提供第二个寄存器值。 使用使用第二寄存器值生成的第二文件重复获取，转换和搜索，并且迭代地生成引导映像文件的有效文件名。

公开(公告)号：US09652252B1

公开(公告)日：2017-05-16

申请号：US14527709

申请日：2014-10-29

Applicant: Xilinx, Inc.

Inventor： Yatharth K. Kochar ,  Ramakrishna G. Poolla ,  Krishna C. Patakamuri ,  Madhubala Sharma

IPC: G06F12/02 ,  G06F9/44 ,  G06F1/32

CPC classification number: G06F9/4408 ,  G06F1/3212 ,  G06F1/3234 ,  G06F9/441 ,  G06F12/0238 ,  Y02D10/174

Abstract: Circuits and methods for power dependent selection of boot images are disclosed. In an example implementation, an apparatus includes a memory circuit and a processor disposed on an integrated circuit die. The processor is configured to retrieve and execute instructions from the memory circuit. The apparatus also includes a power management circuit configured to determine a value indicative of an amount of power available to power the IC die. A boot loader circuit is coupled to the power management circuit and is configured to select one of a plurality of boot images based on the determined value indicative of the amount of power available. The boot loader circuit loads a set of instructions included in the selected one of the boot images into the memory circuit and enables the processor to execute the set of instructions.

公开(公告)号：US09165143B1

公开(公告)日：2015-10-20

申请号：US13833177

申请日：2013-03-15

Applicant: Xilinx, Inc.

Inventor： Lester S. Sanders ,  Yatharth K. Kochar ,  Steven E. McNeil ,  Jason J. Moore ,  Roger D. Flateau, Jr. ,  Lawrence C. Hung

IPC: G06F11/30 ,  G06F12/14 ,  G06F21/57

CPC classification number: G06F21/575 ,  G06F21/572 ,  G06F21/76

Abstract: A method relating generally to loading a boot image is disclosed. In such a method, a header of a boot image file is read by boot code executed by a system-on-chip. It is determined whether the header read has an authentication certificate. If the header has the authentication certificate, authenticity of the header is verified with the first authentication certificate. It is determined whether the header is encrypted. If the header is encrypted, the header is decrypted.

Abstract translation: 公开了一般涉及加载引导图像的方法。 在这种方法中，通过由片上系统执行的引导代码来读取引导映像文件的标题。 确定头读取是否具有认证证书。 如果标头具有认证证书，则使用第一认证证书验证报头的真实性。 确定头部是否被加密。 如果标题被加密，则头部被解密。