公开(公告)号：US08694767B2

公开(公告)日：2014-04-08

申请号：US13776998

申请日：2013-02-26

Applicant: Broadcom Corporation

Inventor： Stephane Rodgers ,  Andrew Dellow ,  Xuemin Chen ,  Iue-Shuenn Chen ,  Qiang Ye

IPC: G06F9/00 ,  H04L9/00 ,  G06F21/57

CPC classification number: G06F21/575 ,  G06F21/572

Abstract: A system and method that enables secure system boot up with a restricted central processing unit (CPU). The system includes a memory, a segmenting device, and a security sub-system. The memory is a NAND flash memory with a block structure that comprises a guaranteed block and non-guaranteed blocks. The guaranteed block is guaranteed to be useable. A boot code is segmented into boot code segments and the boot code segments are stored separately in the guaranteed and non-guaranteed blocks. The security sub-system is configured to locate the boot code segments stored in the non-guaranteed blocks and validate them independently based on data in the guaranteed block. The security sub-system is further configured to assemble the boot code segments into the boot code and execute the boot code.

Abstract translation: 一种使用受限制的中央处理单元（CPU）实现安全系统启动的系统和方法。 该系统包括存储器，分段设备和安全子系统。 存储器是具有块结构的NAND闪存，其包括保证块和非保证块。 保证的块被保证是可用的。 引导代码被分段为引导代码段，引导代码段分别存储在保证和无保证的块中。 安全子系统被配置为定位存储在非保证块中的引导代码段，并基于保证块中的数据独立地进行验证。 安全子系统还被配置为将引导代码段组合到引导代码中并执行引导代码。