WO1998025205A1 - System and method for performing software patches in embedded systems - Google Patents
System and method for performing software patches in embedded systems Download PDFInfo
- Publication number
- WO1998025205A1 WO1998025205A1 PCT/US1997/023143 US9723143W WO9825205A1 WO 1998025205 A1 WO1998025205 A1 WO 1998025205A1 US 9723143 W US9723143 W US 9723143W WO 9825205 A1 WO9825205 A1 WO 9825205A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- patch
- processor
- breakpoint
- instructions
- executing
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/30—Arrangements for executing machine instructions, e.g. instruction decode
- G06F9/32—Address formation of the next instruction, e.g. by incrementing the instruction counter
- G06F9/322—Address formation of the next instruction, e.g. by incrementing the instruction counter for non-sequential address
- G06F9/328—Address formation of the next instruction, e.g. by incrementing the instruction counter for non-sequential address for runtime instruction patching
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
- G06F8/66—Updates of program code stored in read-only memory [ROM]
Definitions
- TITLE SYSTEM AND METHOD FOR PERFORMING SOFTWARE PATCHES IN
- the present invention relates to embedded systems and in particular to software patches of embedded systems with non-alterable firmware
- embedded system devices are intelligent controllers for televisions, automobile engines, microwave ovens, telephone answe ⁇ ng machines, medical equipment, etc
- the embedded system devices typically compnse a processor, such as a microprocessor, micro-controller, or digital signal processor (DSP), and storage elements, such as read only memory (ROM)
- DSP digital signal processor
- ROM read only memory
- the storage elements typically include software which the processor executes to perform functions of an application, such as those previously listed
- the device further includes application logic to interface with the television, automobile engine, telephone, or other application to gather data from and/or control the application
- embedded system devices employ permanent storage elements, such as ROM to store their software Permanent storage elements are used because many embedded systems do not reside m a computer svstem, or similar system That is, the systems do not have secondary permanent storage, such as a disk or tape dnve, to store the embedded svstem software Hence, permanent storage is required on the embedded svstem device itself in order to store the embedded system software, since the embedded system software cannot be stored elsewhere within the system Most economical forms of solid state permanent storage, such as ROM, are non-alterable storage elements
- the embedded system software is frequently referred to as "firmware ', since software is permanently stored in the hardware of the system Histoncally, although the firmware of vanous embedded systems may have been sophisticated, I e , employing sophisticated DSP algonthms for example, typically, firmware is not complex, relatively speaking That is. firmware is traditionally relatively small, and therefore the likelihood of firmware errors, or bugs, has been relatively small
- contemporary embedded systems are rapidly increasing in complexity, which is increasing the likelihood of programming errors in the
- the processor within the computer svstem includes a program counter register which contains the address of the current instruction to be fetched and executed
- the processor further comprises debug registers At least one of the debug registers contains an instruction address When the value of the program counter equals the value of the instruction address debug register, a debug exception or interrupt, occurs When the processor receives the debug exception, the processor deviates execution of the currently executing program to a debug handler program, or routine
- One of the debug registers is a debug control register containing one or more bits to enable or disable the breakpoint mechanism
- An example of a processor employing a breakpoint mechanism is the INTEL i486 processor
- the i486 processor compnses four Debug Address Registers (D0-D3) and a Debug Control Register (DR7) If the appropnate bits are present in the Debug Control Register, when the value of the program counter register equals the value in one of the Debug Address Registers, a debug exception (INT 1) occurs More specifically, an instruction breakpoint fault occurs A debug exception causes the processor to deviate execution from the current program to a debug exception handler
- the debug exception handler invokes a debugger program which allows the user of a computer svstem to interact with the computer system to debug the software executing on the svstem
- the debugger program allows the user to perform such tasks as examine memory locations and register contents of the computer system for the purpose of determining software errors, I e , bugs
- the present invention compnses a system and method for performing software patches for embedded svstem devices in which the firmware of the system is included in non-alterable storage of the device
- the patch mechamsm advantageously provides a means for finding firmware errors, prototyping fixes to the errors and/or prototyping new functionality of the firmware of the embedded system
- the system compnses an embedded svstem device coupled to an external memory source
- the device compnses a non- alterable memory, including firmware, coupled to a processor
- the device further compnses a relatively small amount of patch RAM within the device
- the patches are not part of the system under test, but are instead loaded into the patch RAM
- the device further comprises a means for determining if one or more patches are to be applied If the device detects patches to be applied the device loads the patches from the external memory into the patch RAM via an external memory interface of the device
- the device also compnses a means for causing the firmware to deviate from normal execution and to execute the patch
- the deviation means compnses a breakpoint register
- the points of deviation are referred to as breakpoints
- program flow can either return from where normal execution deviated, or can continue elsewhere as specified bv the patch developer
- the embedded system device compnses a single integrated circuit
- the patch compnses a sequence of bytes included in the external memory
- the patch compnses a portion including executable patch instructions Another portion, preferably the first portion, of the patch contains an offset to the executable patch instructions Another portion, preferably the second portion, of the patch
- One embodiment of the invention compnses a breakpoint handler, wherein the processor deviates to the breakpoint handler when the program counter value equals the breakpoint register value
- the breakpoint handler detects the presence of a breakpoint condition and branches to the patch
- One embodiment of the invention compnses command interface logic, wherein vanous aspects of patch loading are controlled
- any or all of the address of the patch in external memory, the address of the patch in the patch RAM, the patch start address, the breakpoint address, the loading of the breakpoint register, the patch size, and the presence of a patch may be controlled via the command interface
- One embodiment of the invention contemplates a method for chaining together multiple patches
- the invention further contemplates run-time loading of patches, in addition to boot-time loading of patches, for the purpose, inter alia, of replacing a currently executing patch
- the invention contemplates an embodiment in which the patches are loaded into the patch RAM via a direct memory access transfer
- the processor compnses multiple breakpoint registers allowing for multiple patch insertions
- the invention contemplates storing the patch in the external memory in an encrypted form and decrypting the patch as it is loaded into the patch RAM.
- the encryption mechamsm increases the security of the system by preventing unauthorized users from loading and inserting patches.
- the present invention comprises a system and method for performing software patches for embedded system devices in which the firmware of the system is included in non-alterable storage of the device in order to find firmware enors, prototype fixes to the errors and/or prototype new functionality of the firmware of the embedded system.
- Fig. 1 is a block diagram of an embedded system according to the present invention.
- Fig. 2 is a block diagram illustrating deviation of normal firmware execution to execution of patch instructions in the system of Fig. 1;
- Fig. 3 is a flowchart illustrating steps taken by the system of Fig. 1 to perform a boot sequence including selectively loading a patch;
- Fig. 4 illustrates the layout of one embodiment of a patch
- Fig. 5 is a flowchart illustrating detailed steps taken to perform the patch loading step of Fig. 3;
- Fig. 6 is a flowchart illustrating detailed steps taken to perform the firmware execution step of Fig.
- Fig. 7 is a block diagram illustrating an embodiment of the present invention comprising a breakpoint handler.
- the device comprises a processor 12.
- the device further comprises ROM 14, patch
- RAM 16 application logic 18, external memory interface logic 22, and a patch presence detection means 28 all coupled to the processor 12.
- the processor 12 comprises a microprocessor, micro-controller, digital signal processor (DSP), or other type of software instruction processing device.
- the processor 12 is an ADI 2171 DSP core
- the processor 12 fetches firmware instructions from the ROM 14 and executes the firmware instructions Upon certain conditions, descnbed below, the processor 12 deviates from fetching instructions from the ROM 14 and fetches firmware patch instructions from the patch RAM 16 and executes the firmware patch instructions
- the ROM 14 compnses read only memory storage elements as are well known in the art of solid state memory circuits The invention, however, is not limited to ROM technology, but rather is intended to comprehend other forms of non-alterable, l e , once-programmable, solid state memory elements
- the ROM 14 compnses read only memory storage which is programmed dunng fabncation of the device 10 That is, the firmware of the device 10 is determined by the fabncation mask of the ROM 14 portion of the device 10 Consequently, changing the firmware (such as for determimng
- the patch RAM 16 compnses dynamic random access memory (DRAM) or static random access memory (SRAM) storage elements as are well known m the art of solid state memory circuits
- DRAM dynamic random access memory
- SRAM static random access memory
- the application logic 18 compnses circuitry to interface with the application which the device 10 is employed or to perform functions of the application
- the application logic 18 is a buffer, receiver, transceiver, or register for interfacing with other circuitry such as telephone signals
- the processor 12 compnses a program counter 24 and a breakpoint register 26
- the program counter 24 contains the cunent address of the instruction to be fetched by the processor 12
- the program counter 24 is updated by the processor 12 each time an instruction is fetched
- the breakpoint register 26 contains a breakpoint location, or breakpoint address
- the processor 12 deviates execution from fetching and executing firmware instructions in the ROM 14 to fetching and executing firmware patch instructions in the patch RAM 16 as shown in Fig 2
- Fig. 2 illustrates the normal program flow of execution of firmware instructions included within the ROM 14 of the device 10
- the firmware instructions are shown included in sequential address locations within the ROM 14
- the program counter 24 (of Fig 1) value equals the breakpoint register 26 value
- a patch insertion occurs, I e
- the processor 12 deviates from normal program flow to the patch start address to execute the patch execution instructions included in the patch RAM 16 as shown
- the external memory interface logic 22 compnses digital circuitry coupled to an external memory 23 for loading patches from the external memory 23 to the patch RAM 16
- the external memory 23 is an EPROM, FLASH ROM, RAM, or any other suitable external storage device
- the invention contemplates an embodiment in which the device 10 compnses command interface logic 20 coupled to the processor 12
- the command interface logic 20 compnses circuitry for receiving commands and providing status to an external device which communicates with the device 10 via a command interface
- the invention contemplates an embodiment in which the command interface logic 20 compnses a senal interface such as an RS-232 interface
- a second embodiment contemplates the command interface logic 20 compnsing a parallel interface such as those commonly found on personal computers, commonlv for communicating with pnnters
- the command interface logic 20 is used, inter aha, to load patches into the patch RAM 16 and/or control the loading of patches to the patch RAM 16 through another interface such as the external memory interface logic 22
- the patch presence detection means 28 is readable by the processor 12 and is used to indicate to the processor 12 whether or not a patch is present
- the patch presence detection means 28 is a mode register compnsmg a bit to indicate the presence of a patch Data is forced by an external device (not shown) onto output pins of the device 10 dunng reset of the device 10 to wnte the mode register with a value to selectively indicate the presence or absence of a patch
- the patch presence detection means 28 is a test mode input pin of the device 10 which is dnven by an external device
- the patch presence detection means 28 is a mode register included within the command interface logic 20 and is wntten with a value to selectively indicate the presence or absence of a patch
- a flowchart illustrating steps taken by the device 10 (of Fig 1) to perform a boot sequence including selectively loading a patch is shown
- the processor 12 When the processor 12 (of Fig 1) is reset, it initializes its program counter 24 to a predetermined value in step 40 and begins fetching and executing instructions at the address contained m the program counter 24
- the initial address, I e , boot address, contained in the program counter 24 is an address in the ROM 14
- the boot address is near the top or bottom of the processor 12 address space In one embodiment the boot address is address zero
- a plurality of the instructions fetched from the boot address examine the patch presence detection means 28 in step 42
- the processor 12 determines if the device is in a patch mode, I e , that a patch is present, in step 44 based upon the value of the patch presence detection means 28 If a patch is present, the processor 12 loads the patch m step 46 The processor 12 then proceeds to execute the firmware m step 48 More details about how the patch is loaded and the firmware is executed will be
- the first portion of the patch 50, I e the data at the internal patch address, compnses a patch offset 1 from the internal patch address to the patch execution instructions
- the sum of the internal patch address and the patch offset 51 determines the patch start address, l e , the address of the patch execution instructions, as shown
- the next portion of the patch 50 includes the patch size 52
- the patch size 52 is the number of double words (l e , 32-bit words) compnsing the patch 50
- the next portion of the patch 50 includes the breakpoint address 54 of the patch 50.
- I e the address to be loaded into the breakpoint register 26 (of Fig 1)
- the loading of the breakpoint address 54 into the breakpoint register 26 will be descnbed in the discussion of Fig 5
- the next portion of the patch 50 includes a set of patch startup instructions 56
- the patch startup instructions 56 initialize patch local vanables 58 and perform any other actions which are required on a once only basis
- the execution of the patch startup instructions 56 will be descnbed in the discussion of Fig 5
- the next portion of the patch 50 includes the patch execution instructions 57, the location of which is specified bv the patch offset 51
- the patch execution instructions 57 compnse instructions executable by the processor 12 (of Fig 1) to perform the desired functionality of the patch, such as finding firmware enors, prototyping fixes to firmware errors and/or prototyping new functionality of the firmware
- the processor 12 deviates from fetching and executing instructions in the ROM 14 and begins fetching and executing the patch execution instructions 57 from the patch RAM 16
- the next portion of the patch 50 includes the patch local vanables 58
- the patch local vanables 58 are vanables used by the patch execution instructions to perform the desired patch functions
- Fig 5 a flowchart illustrating in more detail steps taken to perform the patch loading step 46 of Fig 3 is shown
- the processor 12 determines the internal patch address, i.e . the address in the patch RAM 16 at which the patch is to be loaded, in step 60
- the internal patch address is address fixed at address zero in the patch RAM 16
- the internal patch address is specified by an external device m a register within the device 10
- the internal patch address is specified in the command interface logic 20 via the command interface
- the processor 12 determines the external patch address, I e , the address in the external memory 23 at which the patch is stored, in step 62
- the external patch address is fixed at an address within the external memory 23 which is a number of bytes from the end of the external memory 23 which is equal to the size of the patch RAM 16
- the external patch address would be at address 65024 (l e , 65536 - 512)
- the external patch address is specified by an external device in a register within the device 10
- the external patch address is specified in the command interface logic 20 via the command interface
- the processor determines the patch size, I e , the number of bytes of the patch, m step 64
- the patch includes the number of 32-bit words compnsing the patch, as shown in Fig 4
- the patch size is included in the fourth byte of the patch
- the patch size is specified bv an external device in a register within the device 10
- the patch size is specified in the command interface logic 20 via the command interface
- the patch size is fixed at a predetermined length
- the processor 12 assumes the patch size is equal to the size of the patch RAM 16
- the processor 12 copies patch size words of data from the external patch address of the external memory 23 to the internal patch address of the patch RAM 16 m step 66
- the patch size is specified near the beginning of the patch itself Hence, the processor 12 copies enough of the patch to determine the size of the patch and then copies the remaimng bytes of the patch after determining the size
- a set of patch startup instructions 56 exists in the patch, as shown in Fig 4 After copying the patch to the patch RAM 16, the processor 12 executes the patch startup instructions 56 in step 68
- the patch startup instructions 56 initialize the patch local vanables and perform any other actions which are required on a once only basis
- the processor 12 then loads the breakpoint register 26 with the breakpoint address, l e , the address at which the processor 12 deviates execution from the firmware instructions included in the ROM 14 to the patch execution instructions included in the patch RAM 16 in step 70
- the breakpoint address 54 is included in the patch as shown in Fig 4
- the breakpoint address is specified by an external device in a register within the device 10
- the breakpoint address is specified in the command interface logic 20 via the command interface
- the processor 12 then returns to the boot code to begin executing the firmware Refernng now to Fig 6, a flowchart illustrating in more detail steps taken to perform the firmware execution step 48 of Fig 3 is shown
- the processor 12 fetches an instruction at the value of the program counter 24 in step 80
- the processor 12 next increments the program counter 24 by the size of the instruction fetched in step 82
- the processor 12 instruction size is fixed, hence the program counter 24 is incremented by a fixed amount after each instruction fetch
- the processor 12 instruction size is vanable
- the processor 12 executes
- a block diagram illustrating an embodiment of the present invention compnsing a breakpoint handler is shown Preferably, branching to the patch start address, l e , step 92 (of Fig 6), compnses the processor deviating to a breakpoint handler, wherein the breakpoint handler executes a branch instruction to the patch start address
- the breakpoint handler resides in the ROM 14 as part of the firmware
- the breakpoint handler entry point resides at a fixed location m the processor 12 address space, l e., in a fixed location m the ROM 14
- the processor 12 When a breakpoint condition occurs, I e , when the value of the breakpoint register 26 equals the value of the program counter 24, the processor 12 deviates from normal execution, l e , execution of the cunent instruction, and begins fetching and executing instructions from the breakpoint handler entry point, as shown
- the breakpoint handler calculates the patch start address by adding the internal patch address to the patch offset 51 (of Fig 4) The breakpoint handler then executes a branch instruction to the patch start address and the processor 12 begins fetching and executing the patch execution instructions 57 (of Fig 4)
- the processor 12 compnses a non-maskable interrupt (NMI)
- NMI occurs under at least two conditions The first condition is when an NMI input signal to the processor 12 becomes active The second condition is a breakpoint condition, I e , when the value of the breakpoint register 26 equals the value of the program counter 24
- the processor 12 receives an NMI whenever either of the two NMI conditions occurs When an NMI condition occurs, the processor 12
- the breakpoint handler determines which of the two NMI conditions generated the NMI In one embodiment, the NMI input signal indicates a power down condition In this embodiment, the device 10 compnses a means for determimng if a power down condition is present The breakpoint handler determines if the power down condition is present, by reading the power down condition determimng means If a power down condition is not present, the breakpoint handler assumes that a breakpoint condition has occurred and conespondingly branches to the patch start address as descnbed supra
- the step 92 (of Fig 6) of branching to the patch start address compnses the processor 12 (of Fig 1) directly loading the program counter 24 with the value of the patch start address
- the processor 12 directly loads the program counter 24 from a patch start address register
- the processor 12, dunng the boot sequence calculates the patch start address bv adding the internal patch address to the patch offset 51 and populating the patch start address register
- the processor 12 directly loads the program counter 24 by calculating the patch start address and loading it into the program counter 24 In this embodiment, the processor 12 calculates the patch start address by adding the internal patch address to the patch offset 51
- the step 92 (of Fig 6) of branching to the patch start address compnses a branch instruction to the patch start address being forced into the instruction stream
- the processor 12 compnses a data bus upon which instructions are fetched from the ROM 14 and patch RAM 16 Forcing the branch instruction into the instruction stream compnses forcing onto the data bus of the processor 12 the branch instruction to the patch start address whenever the processor 12 fetches an instruction from a 'known address"
- the "known address" is the address to which the processor deviates upon the occunence of a breakpoint condition
- the actual data at the "known address" in ROM 14 or patch RAM 16 is discarded in favor of the sunogate branch instruction to the patch start address
- the processor 12 executing the branch instruction to the patch start address causes the program counter 24 to get updated with the patch start address and the patch execution instructions 57 to be fetched and executed
- the processor 12 fetches and executes instructions in a pipelined manner, as is well known in the art of processor design
- the processor 12 may execute one or more instructions beyond the instruction at which the breakpoint is to occur In such case the patch programmer must be aware of the pipelined charactenstics of the processor 12 and create a patch which takes these charactenstics into consideration Alternate Embodiments
- the present invention contemplates an embodiment in which the patch start address is specified in the command interface logic 20 via the command interface, rather than in the patch itself
- Another embodiment is contemplated in which the internal patch address is specified by an external device in a register within the device 10
- the patch start address is fixed I e , hard-coded into the processor 12
- the present invention contemplates an embodiment in which the processor 12 compnses a plurality of breakpoint registers Each breakpoint register may be loaded with a different value, thus providing the ability to insert a plurality of patches, I e , each breakpoint register has an associated patch start address If the program counter 24 value equals any of the values in the plurality of breakpoint registers, a patch insertion of the patch corresponding to the breakpoint register whose value equals the value of the program counter 24 occurs.
- the plurality of patch start addresses associated with each of the breakpoint registers are specified by any of the means descnbed supra, I e , within the patch itself, via the command interface logic 20, by a plurality of registers within the device 10, or at a fixed address associated with each breakpoint register
- the present invention further contemplates an embodiment in which the patch execution instructions alter the contents of the breakpoint register and patch start address, thereby providing a means to achieve "patch chaimng "
- a first patch, patch A executes and dunng execution alters the patch start address with a new value conespondmg to a patch B and loads the breakpoint register with a new value conesponding to a patch B, thus enabling patch B and disabling itself, I e , disabling patch A
- patch B has been "chained" to patch A
- Patch B then performs the reverse action, I e , enable patch A and disable patch B
- the number of patches which may be chained is unrestncted Further, patch chaining may be combined with the embodiment compnsing a plurality of breakpoint registers
- the present invention contemplates an embodiment in which patches are run-time loaded" in addition to lnit-time loaded That is, patches are loaded dunng real time operation of the device 10, I e , dunng firmware execution (step 48 of Fig 3) m addition to dunng the boot sequence
- Run-time patch loading provides a mechanism for replacing patches which are cunently executing
- the present invention contemplates employing run-time patch loading to accomplish patch chaimng as descnbed supra
- the present invention contemplates an embodiment in which patches are loaded by a DMA operation from the external memory 23 into the patch RAM 16 This embodiment allows real-time execution of the svstem to continue while the patch is being loaded
- the breakpoint register 26 and patch start address are loaded via the
- the present invention contemplates an encryption mechanism for increasing the secunty of the embedded system compnsing the device 10
- the patch is encrypted pnor to storage in the external memory and decrypted as the patch is loaded into the device 10 m order to recover the ongmal bit sequence of the patch, 1 e , a bit sequence of instructions executable bv the processor 12
- a "one time pad" encryption mechamsm is employed A one time pad is a stnng of random numbers used to encrypt a message, in particular, a bit sequence of software program instructions Each stnng of random numbers is used only once to encrypt the software, I e , the patch
- the random numbers are obtained by sampling lonosphenc scatter
- the patch is encrypted b ⁇ multiplying the patch by a polynomial, or encryption key, in the Galois Field (2), I e , GF(2)
- the patch is decrypted bv dividing the patch by the same polynomial as it is being loaded into the device 10
- Galois Fields are u ell known in the art of coding The reader is referred to Introduction to Trellis-Coded
- the patch once decrypted, will be a bit sequence which will have an extremely high probability of not being valid processor instructions Preferably when the processor executes invalid instructions with unexpected results
- an unauthonzed user is prevented from executing a patch which might allow a means for extracting the firmware of the embedded svstem device or from executing a patch to perform an unauthonzed function
- the processor 12 performs the decryption
- the present invention also contemplates the device 10 compnsing dedicated logic to perform the decryption
- the present invention is not intended to be limited to GF polynomial encryption techniques, but rather is intended to encompass any suitable encryption technique
Abstract
A system and method for performing software patches for embedded system devices in which the firmware of the system is included in non-alterable storage of the device. The patch mechanism provides a means for finding firmware errors, prototyping fixes to the errors and/or prototyping new functionality of the firmware of the embbeded system. The system comprises an embedded system device coupled to an external memory. The device includes a non-alterable memory, including firmware, coupled to a processor. The device further includes a relatively small amount of patch RAM within the device also coupled to the processor. The patches are loaded from the external memory into the patch RAM. The device further includes a means for determining if one or more patches are to be applied. If the device detects a patch to be applied, the system loads the patch from the external memory into the patch RAM. The device also includes a breakpoint register. When the value of the program counter of the processor equals the value in the breakpoint register, a patch insertion occurs, i.e., the processor deviates from executing firmware to executing patch instructions. Preferably, the embedded system device comprises a single integrated circuit. The processor may include a plurality of breakpoint registers. The patch may be encrypted for increased security. Multiple patches may be chained together, and run-time patch replacement is contemplated.
Description
TITLE: SYSTEM AND METHOD FOR PERFORMING SOFTWARE PATCHES IN
EMBEDDED SYSTEMS
BACKGROUND OF THE INVENTION
Field of the Invention
The present invention relates to embedded systems and in particular to software patches of embedded systems with non-alterable firmware
Descnption of the Related Art
As integrated circuit technology has advanced at a relatively rapid rate, embedded systems incorporating integrated circuit devices have become more and more commonplace Examples of embedded system devices are intelligent controllers for televisions, automobile engines, microwave ovens, telephone answeπng machines, medical equipment, etc The embedded system devices typically compnse a processor, such as a microprocessor, micro-controller, or digital signal processor (DSP), and storage elements, such as read only memory (ROM) The storage elements typically include software which the processor executes to perform functions of an application, such as those previously listed The device further includes application logic to interface with the television, automobile engine, telephone, or other application to gather data from and/or control the application
Typically, embedded system devices employ permanent storage elements, such as ROM to store their software Permanent storage elements are used because many embedded systems do not reside m a computer svstem, or similar system That is, the systems do not have secondary permanent storage, such as a disk or tape dnve, to store the embedded svstem software Hence, permanent storage is required on the embedded svstem device itself in order to store the embedded system software, since the embedded system software cannot be stored elsewhere within the system Most economical forms of solid state permanent storage, such as ROM, are non-alterable storage elements The embedded system software is frequently referred to as "firmware ', since software is permanently stored in the hardware of the system Histoncally, although the firmware of vanous embedded systems may have been sophisticated, I e , employing sophisticated DSP algonthms for example, typically, firmware is not complex, relatively speaking That is. firmware is traditionally relatively small, and therefore the likelihood of firmware errors, or bugs, has been relatively small However, contemporary embedded systems are rapidly increasing in complexity, which is increasing the likelihood of programming errors in the firmware, which is included m non-alterable storage
Furthermore, in rapidly evolving marketplaces in which the embedded svstems are commonly sold, it is often desirable to add new features to an existing product to increase functionality Given the permanent nature of the firmware, lengthy cycles are involved in making a firmware change duπng the process of developing the new features
Traditional techniques of adding new functionality to a firmware system require the existence of special logic which either includes its own random access memory (RAM) for firmware storage, or is capable of being interfaced to external RAM for firmware storage An example of this special logic is an In-Circuit Emulator (ICE) In many instances an ICE is simply not a viable alternative, as this could require the development of a special purpose part at enormous expense This is also uneconomical for embedded systems in particular as there will likely not be a market for sales of the debug part to help mitigate the development costs
It is also often desirable to be able to perform analysis or development of existing firmware in the final target svstem, since the characteπstics of the real system may be either very difficult or even impossible, to model in any type of emulator or simulator This is also difficult or impossible due to the permanent nature of the firmware
Therefore, a system and method for finding firmware errors, prototyping fixes to the errors, and/or * prototyping new functionality of the firmware of an embedded system is desired
The notion of software breakpoints for debugging software is well known in the art of computer systems Typically, the processor within the computer svstem includes a program counter register which contains the address of the current instruction to be fetched and executed The processor further comprises debug registers At least one of the debug registers contains an instruction address When the value of the program counter equals the value of the instruction address debug register, a debug exception or interrupt, occurs When the processor receives the debug exception, the processor deviates execution of the currently executing program to a debug handler program, or routine One of the debug registers is a debug control register containing one or more bits to enable or disable the breakpoint mechanism
An example of a processor employing a breakpoint mechanism is the INTEL i486 processor The i486 processor compnses four Debug Address Registers (D0-D3) and a Debug Control Register (DR7) If the appropnate bits are present in the Debug Control Register, when the value of the program counter register equals the value in one of the Debug Address Registers, a debug exception (INT 1) occurs More specifically, an instruction breakpoint fault occurs A debug exception causes the processor to deviate execution from the current program to a debug exception handler
Typically, the debug exception handler invokes a debugger program which allows the user of a computer svstem to interact with the computer system to debug the software executing on the svstem The debugger program allows the user to perform such tasks as examine memory locations and register contents of the computer system for the purpose of determining software errors, I e , bugs
However, computer systems, unlike embedded systems whose firmware resides in non-alterable storage, enjoy the privilege of prototyping fixes to software errors and/or prototyping new software functionality by simply recompiling the program, loading the newly compiled program, and executing the program on the system In contrast, embedded systems do not enjoy this luxury
SUMMARY OF THE INVENTION
The present invention compnses a system and method for performing software patches for embedded svstem devices in which the firmware of the system is included in non-alterable storage of the device The patch mechamsm advantageously provides a means for finding firmware errors, prototyping fixes to the errors and/or prototyping new functionality of the firmware of the embedded system The system compnses an embedded svstem device coupled to an external memory source The device compnses a non- alterable memory, including firmware, coupled to a processor The device further compnses a relatively small amount of patch RAM within the device The patches are not part of the system under test, but are instead loaded into the patch RAM
The device further comprises a means for determining if one or more patches are to be applied If the device detects patches to be applied the device loads the patches from the external memory into the patch RAM via an external memory interface of the device The device also compnses a means for causing the firmware to deviate from normal execution and to execute the patch Preferably the deviation means compnses a breakpoint register The points of deviation are referred to as breakpoints At the end of a patch, program flow can either return from where normal execution deviated, or can continue elsewhere as specified bv the patch developer When the value of the program counter of the processor equals the value in the breakpoint register, the deviation from firmware execution to patch instruction execution, l e , a patch insertion occurs Preferably, the embedded system device compnses a single integrated circuit The patch compnses a sequence of bytes included in the external memory The patch compnses a portion including executable patch instructions Another portion, preferably the first portion, of the patch contains an offset to the executable patch instructions Another portion, preferably the second portion, of the patch contains the length of the patch Another portion of the patch contains local vanables for the patch Another portion of the patch contains executable startup instructions of the patch, I e , instructions which are executions after loading the patch to perform once only operations prior to insertion of the patch
One embodiment of the invention compnses a breakpoint handler, wherein the processor deviates to the breakpoint handler when the program counter value equals the breakpoint register value The breakpoint handler detects the presence of a breakpoint condition and branches to the patch
One embodiment of the invention compnses command interface logic, wherein vanous aspects of patch loading are controlled In particular, any or all of the address of the patch in external memory, the address of the patch in the patch RAM, the patch start address, the breakpoint address, the loading of the breakpoint register, the patch size, and the presence of a patch may be controlled via the command interface
One embodiment of the invention contemplates a method for chaining together multiple patches The invention further contemplates run-time loading of patches, in addition to boot-time loading of patches, for the purpose, inter alia, of replacing a currently executing patch The invention contemplates an embodiment in which the patches are loaded into the patch RAM via a direct memory access transfer In one embodiment the processor compnses multiple breakpoint registers allowing for multiple patch insertions
The invention contemplates storing the patch in the external memory in an encrypted form and decrypting the patch as it is loaded into the patch RAM. The encryption mechamsm increases the security of the system by preventing unauthorized users from loading and inserting patches.
Thus, the present invention comprises a system and method for performing software patches for embedded system devices in which the firmware of the system is included in non-alterable storage of the device in order to find firmware enors, prototype fixes to the errors and/or prototype new functionality of the firmware of the embedded system.
BRIEF DESCRIPTION OF THE DRAWINGS
A better understanding of the present invention can be obtained when the following detailed description of the preferred embodiment is considered in conjunction with the following drawings, in which:
Fig. 1 is a block diagram of an embedded system according to the present invention;
Fig. 2 is a block diagram illustrating deviation of normal firmware execution to execution of patch instructions in the system of Fig. 1;
Fig. 3 is a flowchart illustrating steps taken by the system of Fig. 1 to perform a boot sequence including selectively loading a patch;
Fig. 4, illustrates the layout of one embodiment of a patch;
Fig. 5 is a flowchart illustrating detailed steps taken to perform the patch loading step of Fig. 3;
Fig. 6 is a flowchart illustrating detailed steps taken to perform the firmware execution step of Fig.
4;
Fig. 7 is a block diagram illustrating an embodiment of the present invention comprising a breakpoint handler.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT
Referring now to Fig. 1, a block diagram of an embedded system device 10 according to the present invention is shown. The device comprises a processor 12. The device further comprises ROM 14, patch
RAM 16. application logic 18, external memory interface logic 22, and a patch presence detection means 28 all coupled to the processor 12.
The processor 12 comprises a microprocessor, micro-controller, digital signal processor (DSP), or other type of software instruction processing device. In one embodiment of the present invention the
processor 12 is an ADI 2171 DSP core The processor 12 fetches firmware instructions from the ROM 14 and executes the firmware instructions Upon certain conditions, descnbed below, the processor 12 deviates from fetching instructions from the ROM 14 and fetches firmware patch instructions from the patch RAM 16 and executes the firmware patch instructions The ROM 14 compnses read only memory storage elements as are well known in the art of solid state memory circuits The invention, however, is not limited to ROM technology, but rather is intended to comprehend other forms of non-alterable, l e , once-programmable, solid state memory elements Preferably, the ROM 14 compnses read only memory storage which is programmed dunng fabncation of the device 10 That is, the firmware of the device 10 is determined by the fabncation mask of the ROM 14 portion of the device 10 Consequently, changing the firmware (such as for determimng bugs, testing bug fixes, or testing new functionality) is very costly and time consuming since making a firmware change would require fabncating a new version of the device 10
The patch RAM 16 compnses dynamic random access memory (DRAM) or static random access memory (SRAM) storage elements as are well known m the art of solid state memory circuits The patch RAM 16, however, is not limited to RAM technology, but rather is intended to comprehend other forms of alterable solid state memory elements
The application logic 18 compnses circuitry to interface with the application which the device 10 is employed or to perform functions of the application For example, the application logic 18 is a buffer, receiver, transceiver, or register for interfacing with other circuitry such as telephone signals Another example of the application logic compnses circuitry for performing analog to digital conversion
The processor 12 compnses a program counter 24 and a breakpoint register 26 The program counter 24 contains the cunent address of the instruction to be fetched by the processor 12 The program counter 24 is updated by the processor 12 each time an instruction is fetched The breakpoint register 26 contains a breakpoint location, or breakpoint address When the value of the program counter 24 equals the value of the breakpoint register 26 a "patch insertion" occurs, l e , the processor 12 deviates execution from fetching and executing firmware instructions in the ROM 14 to fetching and executing firmware patch instructions in the patch RAM 16 as shown in Fig 2
Fig. 2 illustrates the normal program flow of execution of firmware instructions included within the ROM 14 of the device 10 The firmware instructions are shown included in sequential address locations within the ROM 14 When the program counter 24 (of Fig 1) value equals the breakpoint register 26 value, a patch insertion occurs, I e , the processor 12 (of Fig 1) deviates from normal program flow to the patch start address to execute the patch execution instructions included in the patch RAM 16 as shown
Referring again to Fig 1, the external memory interface logic 22 compnses digital circuitry coupled to an external memory 23 for loading patches from the external memory 23 to the patch RAM 16 The external memory 23 is an EPROM, FLASH ROM, RAM, or any other suitable external storage device
The invention contemplates an embodiment in which the device 10 compnses command interface logic 20 coupled to the processor 12 The command interface logic 20 compnses circuitry for receiving commands and providing status to an external device which communicates with the device 10 via a command interface The invention contemplates an embodiment in which the command interface logic 20
compnses a senal interface such as an RS-232 interface A second embodiment contemplates the command interface logic 20 compnsing a parallel interface such as those commonly found on personal computers, commonlv for communicating with pnnters The command interface logic 20 is used, inter aha, to load patches into the patch RAM 16 and/or control the loading of patches to the patch RAM 16 through another interface such as the external memory interface logic 22
The patch presence detection means 28 is readable by the processor 12 and is used to indicate to the processor 12 whether or not a patch is present Preferably the patch presence detection means 28 is a mode register compnsmg a bit to indicate the presence of a patch Data is forced by an external device (not shown) onto output pins of the device 10 dunng reset of the device 10 to wnte the mode register with a value to selectively indicate the presence or absence of a patch Alternatively, the patch presence detection means 28 is a test mode input pin of the device 10 which is dnven by an external device Alternatively, the patch presence detection means 28 is a mode register included within the command interface logic 20 and is wntten with a value to selectively indicate the presence or absence of a patch
Refernng now to Fig 3, a flowchart illustrating steps taken by the device 10 (of Fig 1) to perform a boot sequence including selectively loading a patch is shown When the processor 12 (of Fig 1) is reset, it initializes its program counter 24 to a predetermined value in step 40 and begins fetching and executing instructions at the address contained m the program counter 24 The initial address, I e , boot address, contained in the program counter 24 is an address in the ROM 14 Preferably, the boot address is near the top or bottom of the processor 12 address space In one embodiment the boot address is address zero A plurality of the instructions fetched from the boot address examine the patch presence detection means 28 in step 42 The processor 12 determines if the device is in a patch mode, I e , that a patch is present, in step 44 based upon the value of the patch presence detection means 28 If a patch is present, the processor 12 loads the patch m step 46 The processor 12 then proceeds to execute the firmware m step 48 More details about how the patch is loaded and the firmware is executed will be given below Refernng now to Fig 4, the layout of one embodiment of a patch 50 is shown A patch compnses a sequential set of data bytes in memory The patch 50 is loaded from the external memory 23 (of Fig 1) into the patch RAM 16 (of Fig 1) at an internal patch address, l e . the address in the patch RAM 16 where the patch 50 is loaded The first portion of the patch 50, I e , the data at the internal patch address, compnses a patch offset 1 from the internal patch address to the patch execution instructions The sum of the internal patch address and the patch offset 51 determines the patch start address, l e , the address of the patch execution instructions, as shown
The next portion of the patch 50 includes the patch size 52 Preferably, the patch size 52 is the number of double words (l e , 32-bit words) compnsing the patch 50
The next portion of the patch 50 includes the breakpoint address 54 of the patch 50. I e . the address to be loaded into the breakpoint register 26 (of Fig 1) The loading of the breakpoint address 54 into the breakpoint register 26 will be descnbed in the discussion of Fig 5
The next portion of the patch 50 includes a set of patch startup instructions 56 The patch startup instructions 56 initialize patch local vanables 58 and perform any other actions which are required on a once only basis The execution of the patch startup instructions 56 will be descnbed in the discussion of Fig 5
The next portion of the patch 50 includes the patch execution instructions 57, the location of which is specified bv the patch offset 51 The patch execution instructions 57 compnse instructions executable by the processor 12 (of Fig 1) to perform the desired functionality of the patch, such as finding firmware enors, prototyping fixes to firmware errors and/or prototyping new functionality of the firmware When the value of the program counter 24 equals the value of the breakpoint register 26, a patch insertion occurs, I e , the processor 12 deviates from fetching and executing instructions in the ROM 14 and begins fetching and executing the patch execution instructions 57 from the patch RAM 16
The next portion of the patch 50 includes the patch local vanables 58 The patch local vanables 58 are vanables used by the patch execution instructions to perform the desired patch functions Refernng now to Fig 5, a flowchart illustrating in more detail steps taken to perform the patch loading step 46 of Fig 3 is shown The processor 12 determines the internal patch address, i.e . the address in the patch RAM 16 at which the patch is to be loaded, in step 60 Preferably, the internal patch address is address fixed at address zero in the patch RAM 16 Alternatively, the internal patch address is specified by an external device m a register within the device 10 Alternatively, the internal patch address is specified in the command interface logic 20 via the command interface
The processor 12 determines the external patch address, I e , the address in the external memory 23 at which the patch is stored, in step 62 Preferably, the external patch address is fixed at an address within the external memory 23 which is a number of bytes from the end of the external memory 23 which is equal to the size of the patch RAM 16 For example, if the external memory 23 is a 64KB EPROM, and the patch RAM 16 is 512 bytes of RAM, the external patch address would be at address 65024 (l e , 65536 - 512)
Alternatively, the external patch address is specified by an external device in a register within the device 10 Alternatively, the external patch address is specified in the command interface logic 20 via the command interface
The processor determines the patch size, I e , the number of bytes of the patch, m step 64 Preferably the patch includes the number of 32-bit words compnsing the patch, as shown in Fig 4 In one embodiment, the patch size is included in the fourth byte of the patch Alternatively, the patch size is specified bv an external device in a register within the device 10 Alternatively, the patch size is specified in the command interface logic 20 via the command interface Alternatively, the patch size is fixed at a predetermined length Alternatively, the processor 12 assumes the patch size is equal to the size of the patch RAM 16
Once the processor 12 has determined the external patch address, the internal patch address, and the patch size, the processor 12 copies patch size words of data from the external patch address of the external memory 23 to the internal patch address of the patch RAM 16 m step 66 As previously stated, in one embodiment, the patch size is specified near the beginning of the patch itself Hence, the processor 12 copies enough of the patch to determine the size of the patch and then copies the remaimng bytes of the patch after determining the size
In one embodiment, a set of patch startup instructions 56 exists in the patch, as shown in Fig 4 After copying the patch to the patch RAM 16, the processor 12 executes the patch startup instructions 56 in
step 68 The patch startup instructions 56 initialize the patch local vanables and perform any other actions which are required on a once only basis
The processor 12 then loads the breakpoint register 26 with the breakpoint address, l e , the address at which the processor 12 deviates execution from the firmware instructions included in the ROM 14 to the patch execution instructions included in the patch RAM 16 in step 70 Preferably the breakpoint address 54 is included in the patch as shown in Fig 4 Alternatively, the breakpoint address is specified by an external device in a register within the device 10 Alternatively, the breakpoint address is specified in the command interface logic 20 via the command interface The processor 12 then returns to the boot code to begin executing the firmware Refernng now to Fig 6, a flowchart illustrating in more detail steps taken to perform the firmware execution step 48 of Fig 3 is shown The processor 12 fetches an instruction at the value of the program counter 24 in step 80 The processor 12 next increments the program counter 24 by the size of the instruction fetched in step 82 In one embodiment, the processor 12 instruction size is fixed, hence the program counter 24 is incremented by a fixed amount after each instruction fetch In another embodiment, the processor 12 instruction size is vanable The processor 12 executes the instruction fetched, in step 84 The processor 12 determines if the program counter 24 value is equal to the breakpoint register 26 value in step 86 If the values are not equal, the processor 12 determines if the instruction executed in step 84 is a branch instruction in step 88 If the instruction is a branch instruction, the processor 12 updates the program counter 24 to the address specified by the branch instruction in step 90 If the instruction is not a branch instruction, the processor 12 returns to step 80 to fetch another instruction at the program counter 24 If in step 86 the processor 12 determines that the values of the program counter 24 and the breakpoint register 26 are equal, the processor 12 branches to the patch start address, I e , the address of the patch execution instructions, in step 92, as illustrated in Fig 2 Branching to the patch start address compnses updating the program counter 24 to have a value equal to the patch start address The processor 12 then returns to step 80 to begin fetching instructions at the updated program counter 24, l e . the patch start address
Refernng now to Fig 7, a block diagram illustrating an embodiment of the present invention compnsing a breakpoint handler is shown Preferably, branching to the patch start address, l e , step 92 (of Fig 6), compnses the processor deviating to a breakpoint handler, wherein the breakpoint handler executes a branch instruction to the patch start address The breakpoint handler resides in the ROM 14 as part of the firmware The breakpoint handler entry point resides at a fixed location m the processor 12 address space, l e., in a fixed location m the ROM 14
When a breakpoint condition occurs, I e , when the value of the breakpoint register 26 equals the value of the program counter 24, the processor 12 deviates from normal execution, l e , execution of the cunent instruction, and begins fetching and executing instructions from the breakpoint handler entry point, as shown The breakpoint handler calculates the patch start address by adding the internal patch address to the patch offset 51 (of Fig 4) The breakpoint handler then executes a branch instruction to the patch start address and the processor 12 begins fetching and executing the patch execution instructions 57 (of Fig 4)
In one embodiment, the processor 12 compnses a non-maskable interrupt (NMI) An NMI occurs under at least two conditions The first condition is when an NMI input signal to the processor 12 becomes active The second condition is a breakpoint condition, I e , when the value of the breakpoint register 26 equals the value of the program counter 24 The processor 12 receives an NMI whenever either of the two NMI conditions occurs When an NMI condition occurs, the processor 12 branches to an NMI vector, l e , a fixed address in the address space of the processor 12 Preferably, the NMI vector address is the address of the breakpoint handler entry point descnbed supra
The breakpoint handler determines which of the two NMI conditions generated the NMI In one embodiment, the NMI input signal indicates a power down condition In this embodiment, the device 10 compnses a means for determimng if a power down condition is present The breakpoint handler determines if the power down condition is present, by reading the power down condition determimng means If a power down condition is not present, the breakpoint handler assumes that a breakpoint condition has occurred and conespondingly branches to the patch start address as descnbed supra
Alternatively, the step 92 (of Fig 6) of branching to the patch start address compnses the processor 12 (of Fig 1) directly loading the program counter 24 with the value of the patch start address In one embodimenL the processor 12 directly loads the program counter 24 from a patch start address register In this embodiment, the processor 12, dunng the boot sequence, calculates the patch start address bv adding the internal patch address to the patch offset 51 and populating the patch start address register
In another embodiment, the processor 12 directly loads the program counter 24 by calculating the patch start address and loading it into the program counter 24 In this embodiment, the processor 12 calculates the patch start address by adding the internal patch address to the patch offset 51
Alternatively, the step 92 (of Fig 6) of branching to the patch start address compnses a branch instruction to the patch start address being forced into the instruction stream The processor 12 compnses a data bus upon which instructions are fetched from the ROM 14 and patch RAM 16 Forcing the branch instruction into the instruction stream compnses forcing onto the data bus of the processor 12 the branch instruction to the patch start address whenever the processor 12 fetches an instruction from a 'known address" Preferably the "known address" is the address to which the processor deviates upon the occunence of a breakpoint condition Thus, the actual data at the "known address" in ROM 14 or patch RAM 16 is discarded in favor of the sunogate branch instruction to the patch start address The processor 12 executing the branch instruction to the patch start address causes the program counter 24 to get updated with the patch start address and the patch execution instructions 57 to be fetched and executed
In one embodiment, the processor 12 fetches and executes instructions in a pipelined manner, as is well known in the art of processor design In this embodiment, the processor 12 may execute one or more instructions beyond the instruction at which the breakpoint is to occur In such case the patch programmer must be aware of the pipelined charactenstics of the processor 12 and create a patch which takes these charactenstics into consideration
Alternate Embodiments
The present invention contemplates an embodiment in which the patch start address is specified in the command interface logic 20 via the command interface, rather than in the patch itself Another embodiment is contemplated in which the internal patch address is specified by an external device in a register within the device 10 Alternatively, the patch start address is fixed I e , hard-coded into the processor 12
The present invention contemplates an embodiment in which the processor 12 compnses a plurality of breakpoint registers Each breakpoint register may be loaded with a different value, thus providing the ability to insert a plurality of patches, I e , each breakpoint register has an associated patch start address If the program counter 24 value equals any of the values in the plurality of breakpoint registers, a patch insertion of the patch corresponding to the breakpoint register whose value equals the value of the program counter 24 occurs The plurality of patch start addresses associated with each of the breakpoint registers are specified by any of the means descnbed supra, I e , within the patch itself, via the command interface logic 20, by a plurality of registers within the device 10, or at a fixed address associated with each breakpoint register
The present invention further contemplates an embodiment in which the patch execution instructions alter the contents of the breakpoint register and patch start address, thereby providing a means to achieve "patch chaimng " To illustrate by way of example, a first patch, patch A, executes and dunng execution alters the patch start address with a new value conespondmg to a patch B and loads the breakpoint register with a new value conesponding to a patch B, thus enabling patch B and disabling itself, I e , disabling patch A Thus, patch B has been "chained" to patch A
Patch B then performs the reverse action, I e , enable patch A and disable patch B The number of patches which may be chained is unrestncted Further, patch chaining may be combined with the embodiment compnsing a plurality of breakpoint registers The present invention contemplates an embodiment in which patches are run-time loaded" in addition to lnit-time loaded That is, patches are loaded dunng real time operation of the device 10, I e , dunng firmware execution (step 48 of Fig 3) m addition to dunng the boot sequence Run-time patch loading provides a mechanism for replacing patches which are cunently executing The present invention contemplates employing run-time patch loading to accomplish patch chaimng as descnbed supra The present invention contemplates an embodiment in which patches are loaded by a DMA operation from the external memory 23 into the patch RAM 16 This embodiment allows real-time execution of the svstem to continue while the patch is being loaded In this embodiment, the breakpoint register 26 and patch start address are loaded via the command interface
In many embedded systems it is desirable to protect the device 10 from being scrutinized bv the end user of the device 10 It is desirable that an unauthonzed person not be able to load a patch It is further desirable that an unauthonzed person not be able to extract the firmware from the device The existence of a mechamsm for loading software patches creates a secunty breach The present invention contemplates an encryption mechanism for increasing the secunty of the embedded system compnsing the device 10 Preferably the patch is encrypted pnor to storage in the external memory and decrypted as the patch is loaded
into the device 10 m order to recover the ongmal bit sequence of the patch, 1 e , a bit sequence of instructions executable bv the processor 12
In one embodiment, a "one time pad" encryption mechamsm is employed A one time pad is a stnng of random numbers used to encrypt a message, in particular, a bit sequence of software program instructions Each stnng of random numbers is used only once to encrypt the software, I e , the patch In one embodiment, the random numbers are obtained by sampling lonosphenc scatter
In one embodiment of the one time pad encryption mechamsm, the patch is encrypted b\ multiplying the patch by a polynomial, or encryption key, in the Galois Field (2), I e , GF(2) The patch is decrypted bv dividing the patch by the same polynomial as it is being loaded into the device 10 Galois Fields are u ell known in the art of coding The reader is referred to Introduction to Trellis-Coded
Modulation with Applications, Biglien, et al , Macmillan Publishing Compay, 1991, which is hereby incorporated by reference, for a more detailed descnption of Galois Fields
If an encrypted patch is loaded with an invalid encryption polynomial, the patch, once decrypted, will be a bit sequence which will have an extremely high probability of not being valid processor instructions Preferably when the processor executes invalid instructions with unexpected results Thus, an unauthonzed user is prevented from executing a patch which might allow a means for extracting the firmware of the embedded svstem device or from executing a patch to perform an unauthonzed function
Preferably the processor 12 performs the decryption The present invention also contemplates the device 10 compnsing dedicated logic to perform the decryption The present invention is not intended to be limited to GF polynomial encryption techniques, but rather is intended to encompass any suitable encryption technique
Although the system and method of the present invention has been descnbed in connection with the prefened embodiment, it is not intended to be limited to the specific form set forth herein, but on the contrary, it is intended to cover such alternatives, modifications, and equivalents, as can be reasonably included the spint and scope of the invention as defined by the appended claims
Claims
WHAT IS CLAIMED:
1 A software-patchable embedded system device , compnsing
a processor including a breakpoint register and a program counter, each adapted for stonng a value.
a non-alterable memory coupled to said processor, wherein said non-alterable memory includes instructions executable by said processor, and
an alterable memory coupled to said processor configured to store a patch, wherein said patch compnses patch instructions executable by said processor,
wherein said processor is configured to deviate from executing said instructions included in said non-alterable memory to execute said patch instructions stored m said alterable memory when said program counter value equals said breakpoint register value
2 The device as recited in claim 1, wherein said device compnses a single integrated circuit
3 The device as recited in claim 1, wherein said device is configured to load said patch into said alterable memory from a memory external to said device
4 The device as recited in claim 1, wherein said device further compnses
patch presence detection means for indicating a presence of a patch in an external memory,
wherein said device is coupled to said patch presence detection means and is configured to load said patch into said alterable memory if said patch presence detection means indicates the presence of said patch
5 The device as recited m claim 1 , wherein said patch further compnses a patch offset indicating the location of said patch instructions
6 The device as recited in claim 1, wherein said patch further compnses a patch size indicating the size of said patch
7 The device as recited m claim 1, wherein said patch further compnses a breakpoint address for loading into said breakpoint register, wherein said processor deviates from executing said instructions included in said non-alterable memory to execute said patch instructions stored in said alterable memory when said program counter value equals said breakpoint register value loaded into said breakpoint register
8 The device as recited in claim 1. wherein said patch further compnses vanables used in operation of said patch instructions
9 The device as recited in claim 1, wherein said patch further compnses startup instructions, wherein said processor is configured to execute a plurality of said startup instructions after loading said patch and pnor to executing said patch instructions
10 The device as recited m claim 1, wherein said non-alterable memory includes breakpoint handler instructions, wherein said processor is configured to deviate from executing said instructions included in said non-alterable memory to execute said breakpoint handler instructions when said program counter value equals said breakpoint register value, wherein said breakpoint handler instructions branch to said patch instructions
11 The device as recited m claim 1, wherein said device compnses a plurality of breakpoint registers each containing a value, wherein said alterable memory is configured to store a plurality of patches each compnsing patch instructions, wherein said plurality of patches conespond to said plurality of breakpoint registers, wherein said processor is configured to deviate from executing said instructions included in said non-alterable memory to execute said patch instructions of one of said plurality of patches stored in said alterable memory when said program counter value equals a conesponding one of said breakpoint register values
12 The device as recited in claim 1, wherein said device further compnses
means for receiving a direct memory access transfer of said patch into said alterable memory
13 The device as recited in claim 1, wherein said processor compnses an interrupt signal generated when said program counter value equals said breakpoint register value, wherein said deviation occurs in response to said interrupt signal
14 The device as recited in claim 1, wherein said patch is encrypted pnor to being loaded into said alterable memory, wherein said device is configured to decrypt said patch when loading said patch into said alterable memory
15 The device as recited in claim 1, wherein said device further compnses command interface logic operably coupled to said processor to control loading said patch into said alterable memory
16 The device as recited in claim 15, wherein said breakpoint register value is loaded into said breakpoint register using said command interface logic
17 A software-patchable embedded system, compnsing
an embedded system device compnsing
a processor including a breakpoint register and a program counter, each containing a value,
a non-alterable memory coupled to said processor, wherein said non-alterable memory includes instructions executable by said processor, and
an alterable memory coupled to said processor configured to store a patch, wherein said patch compnses patch instructions executable by said processor, and
an external memory operably coupled to said device including said patch,
wherein said processor is configured to load said patch from said external memory to said alterable memory and to execute said patch
18. The system as recited in claim 17, wherein said patch further compnses a patch offset indicating the location of said patch instructions
19 The system as recited in claim 17, wherein said patch further compnses a patch size indicating the size of said patch
20 The system as recited in claim 17, wherein said patch further compnses a breakpoint address for loading into said breakpoint register, wherein said processor deviates from executing said instructions included in said non-alterable memory to execute said patch instructions stored in said alterable memory when said program counter value equals said breakpoint register value loaded into said breakpoint register
21 The system as recited in claim 17, wherein said patch further compnses vanables used in operation of said patch instructions
22 The system as recited m claim 17, wherein said patch further compnses startup instructions. wherein said processor is configured to execute a plurality of said startup instructions after loading said patch and pnor to executing said patch instructions 23 A method for executing a patch in an embedded svstem device compnsing a processor including a breakpoint register and a program counter, each contaimng a value, a non-alterable memory coupled to said processor, wherein said non-alterable memory includes instructions executable by said processor, and an alterable memory coupled to said processor configured to store a patch, wherein a portion of said patch compnses patch instructions executable bv said processor, the method compnsing
initializing said program counter to a value,
loading said breakpoint register with a breakpoint address,
fetching an instruction from said non-alterable memory at an address equal to said program counter value,
incrementing said program counter in response to said fetching,
executing said instruction,
performing said fetching, said incrementing and said executing until said program counter value equals said breakpoint register value,
deviating from said fetching, said incrementing and said executing when said program counter value equals said breakpoint address,
executing a plurality of patch instructions of a patch included in said alterable memory m response to said deviating
24 The method as recited in claim 23, further compnsing
determining a presence of said patch after said initializing said program counter value and before said loading said breakpoint register,
loading said patch into said alterable memory before said loading said breakpoint register if said patch is present
25 The method as recited in claim 24, wherein said loading said patch compnses copying said patch from an external memory coupled to said device into said alterable memory 26 The device as recited in claim 25, wherein said copying compnses said processor performing said copying
27 The device as recited in claim 25. wherein said copying compnses a direct memory access transfer
28 The method as recited in claim 24, further compnsing
encrypting said patch pnor to said initializing said program counter to a value, and
decrypting said encrypted patch dunng said loading said patch
29 The method as recited m claim 23, wherein said patch compnses startup instructions, wherein the method further compnses executing said startup instructions pnor to said loading said breakpoint register
30 The method as recited in claim 23, wherein said patch compnses said breakpoint address, wherein said loading said breakpoint register with said breakpoint address compnses loading said breakpoint address from said patch into said breakpoint register
31 The method as recited in claim 23, wherein said non-alterable memory further includes breakpoint handler instructions, the method further compnsing
executing said breakpoint handler instructions after said deviating, and
said breakpoint handler instructions branching to said patch instructions
32 The method as recited in claim 23, wherein said deviating compnses loading said program counter with the address of said patch instructions
33 The method as recited in claim 23, wherein said deviating compnses forcing a branch instruction to said patch instructions when performing said fetching an instruction from said non-alterable memory when said fetching address is a predetermined address
34 The method as recited in claim 23, wherein a single integrated circuit compnses said device
35 A method for executing a senes of patches in an embedded system device compnsing a processor including a breakpoint register and a program counter, each containing a value, a non-alterable memory coupled to said processor, wherein said non-alterable memory includes firmware instructions executable by said processor, and an alterable memory coupled to said processor configured to store said senes of patches. wherein a portion of each of said series of patches compnses patch instructions executable by said processor, the method compnsing
executing said firmware instructions,
loading a first of said senes of patches into said alterable memory,
loading said break point register with a first breakpoint address after said loading said first of said senes of patches,
deviating from said executing said firmware instruction when said program counter value equals said first breakpoint address,
executing said first of said senes of patches in response to said deviating from said executing said firmware instructions,
loading a second of said senes of patches into said alterable memory,
loading said breakpoint register with a second breakpoint address after said loading said second of said senes of patches,
deviating from said executing said first of said senes of patches when said program counter value equals said second breakpoint address,
executing said second of said senes of patches in response to said deviating from said executing said first of said senes of patches
36 A method for executing a senes of patches in an embedded system device compnsing a processor including a breakpoint register and a program counter, each contaimng a value, a non-alterable memory coupled to said processor, wherein said non-alterable memory includes firmware instructions executable by said processor, and an alterable memory coupled to said processor configured to store said senes of patches, wherein a portion of each of said senes of patches compnses patch instructions executable by said processor, the method compnsing
loading a first of said senes of patches into said alterable memory,
loading a second of said senes of patches into said alterable memory, loading said breakpoint register with a first breakpoint address after said loading said first and second of said senes of patches,
executing said firmware instructions
deviating from said executing said firmware instruction when said program counter value equals said first breakpoint address,
executing said first of said senes of patches in response to said deviating from said executing said firmware instructions,
loading said breakpoint register with a second breakpoint address after said loading said second of said senes of patches,
deviating from said executing said first of said senes of patches when said program counter value equals said second breakpoint address,
executing said second of said senes of patches in response to said deviating from said executing said first of said senes of patches
37 A method for replacing a patch in an embedded system device compnsing a processor including a breakpoint register and a program counter, each containing a value, a non-alterable memory coupled to said processor wherein said non-alterable memory includes firmware instructions executable by said processor, and an alterable memory coupled to said processor configured to store said senes of patches wherein a portion of each of said senes of patches compnses patch instructions executable bv said processor, the method compnsing
loading a first patch into said alterable memory,
loading said breakpoint register with a first breakpoint address after said loading said first patch,
executing said firmware instructions,
deviating from said executing said firmware instruction when said program counter value equals said first breakpoint address,
executing said first patch in response to said deviating from said executing said firmware instructions loading a second patch into said alterable memory,
loading said breakpoint register with a second breakpoint address after said loading said second patch,
deviating from said executing said first patch when said program counter value equals said second breakpoint address,
executing said second patch in response to said deviating from said executing said first patch
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US08/759,611 US5901225A (en) | 1996-12-05 | 1996-12-05 | System and method for performing software patches in embedded systems |
US08/759,611 | 1996-12-05 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO1998025205A1 true WO1998025205A1 (en) | 1998-06-11 |
Family
ID=25056312
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US1997/023143 WO1998025205A1 (en) | 1996-12-05 | 1997-12-04 | System and method for performing software patches in embedded systems |
Country Status (2)
Country | Link |
---|---|
US (1) | US5901225A (en) |
WO (1) | WO1998025205A1 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102007016170A1 (en) * | 2007-04-02 | 2008-10-09 | Francotyp-Postalia Gmbh | Security module for a franking machine |
EP2019356A1 (en) * | 2007-07-24 | 2009-01-28 | VIA Technologies, Inc. | On-chip memory providing for microcode patch overlay and constant update functions |
Families Citing this family (144)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6158018A (en) * | 1997-11-25 | 2000-12-05 | Philips Semiconductor, Inc. | Integrated circuit including patching circuitry to bypass portions of an internally flawed read only memory and a method therefore |
JPH11184724A (en) * | 1997-12-18 | 1999-07-09 | Matsushita Electric Ind Co Ltd | In-circuit emulator and semiconductor integrated circuit |
US6141756A (en) * | 1998-04-27 | 2000-10-31 | Motorola, Inc. | Apparatus and method of reading a program into a processor |
US6351822B1 (en) * | 1999-03-05 | 2002-02-26 | Seagate Technology Llc | Method and apparatus for remapping read only memory locations |
AU7495300A (en) * | 1999-09-14 | 2001-04-17 | Qualcomm Incorporated | Method and apparatus for modifying microinstructions in a static memory device |
US6438664B1 (en) * | 1999-10-27 | 2002-08-20 | Advanced Micro Devices, Inc. | Microcode patch device and method for patching microcode using match registers and patch routines |
DE19964003A1 (en) * | 1999-12-30 | 2001-07-12 | Micronas Gmbh | Circuit arrangement and method for generating and reading out replacement data |
US7082615B1 (en) | 2000-03-31 | 2006-07-25 | Intel Corporation | Protecting software environment in isolated execution |
US6996710B1 (en) | 2000-03-31 | 2006-02-07 | Intel Corporation | Platform and method for issuing and certifying a hardware-protected attestation key |
US7194634B2 (en) * | 2000-03-31 | 2007-03-20 | Intel Corporation | Attestation key memory device and bus |
US6754815B1 (en) | 2000-03-31 | 2004-06-22 | Intel Corporation | Method and system for scrubbing an isolated area of memory after reset of a processor operating in isolated execution mode if a cleanup flag is set |
US7073071B1 (en) | 2000-03-31 | 2006-07-04 | Intel Corporation | Platform and method for generating and utilizing a protected audit log |
US6760441B1 (en) | 2000-03-31 | 2004-07-06 | Intel Corporation | Generating a key hieararchy for use in an isolated execution environment |
US6934817B2 (en) * | 2000-03-31 | 2005-08-23 | Intel Corporation | Controlling access to multiple memory zones in an isolated execution environment |
US7013484B1 (en) | 2000-03-31 | 2006-03-14 | Intel Corporation | Managing a secure environment using a chipset in isolated execution mode |
US6769058B1 (en) | 2000-03-31 | 2004-07-27 | Intel Corporation | Resetting a processor in an isolated execution environment |
US7356817B1 (en) | 2000-03-31 | 2008-04-08 | Intel Corporation | Real-time scheduling of virtual machines |
US7013481B1 (en) | 2000-03-31 | 2006-03-14 | Intel Corporation | Attestation key memory device and bus |
US6990579B1 (en) | 2000-03-31 | 2006-01-24 | Intel Corporation | Platform and method for remote attestation of a platform |
US6957332B1 (en) | 2000-03-31 | 2005-10-18 | Intel Corporation | Managing a secure platform using a hierarchical executive architecture in isolated execution mode |
GB0009941D0 (en) | 2000-04-20 | 2000-06-07 | Sgs Thomson Microelectronics | Computer system |
GB0009943D0 (en) | 2000-04-20 | 2000-06-07 | Sgs Thomson Microelectronics | Operating a computer system |
GB0009945D0 (en) * | 2000-04-20 | 2000-06-07 | Sgs Thomson Microelectronics | Debugging device nad method |
GB0009940D0 (en) * | 2000-04-20 | 2000-06-07 | Sgs Thomson Microelectronics | Debugging embedded system |
US6948095B2 (en) | 2000-04-20 | 2005-09-20 | Stmicroelectronics Limited | Methods and apparatus for dynamically loading a file on a target computer system |
GB0009939D0 (en) | 2000-04-20 | 2000-06-07 | Sgs Thomson Microelectronics | Input/output in embedded systems |
US6976162B1 (en) * | 2000-06-28 | 2005-12-13 | Intel Corporation | Platform and method for establishing provable identities while maintaining privacy |
US7389427B1 (en) | 2000-09-28 | 2008-06-17 | Intel Corporation | Mechanism to secure computer output from software attack using isolated execution |
US6463549B1 (en) * | 2000-09-28 | 2002-10-08 | Motorola, Inc. | Device and method for patching code residing on a read only memory module utilizing a random access memory for storing a set of fields, each field indicating validity of content of a group, and for receiving an address of a memory portion of the read only memory |
US7793111B1 (en) * | 2000-09-28 | 2010-09-07 | Intel Corporation | Mechanism to handle events in a machine with isolated execution |
US7194502B1 (en) | 2000-11-15 | 2007-03-20 | National Semiconductor Corporation | Network interface card using physical layer microcontroller and method of operation |
US7055148B2 (en) * | 2000-12-07 | 2006-05-30 | Hewlett-Packard Development Company, L.P. | System and method for updating firmware |
US7215781B2 (en) | 2000-12-22 | 2007-05-08 | Intel Corporation | Creation and distribution of a secret value between two devices |
US6970565B1 (en) * | 2000-12-22 | 2005-11-29 | Xm Satellite Radio Inc. | Apparatus for and method of securely downloading and installing a program patch in a processing device |
US7818808B1 (en) | 2000-12-27 | 2010-10-19 | Intel Corporation | Processor mode for limiting the operation of guest software running on a virtual machine supported by a virtual machine monitor |
US7035963B2 (en) * | 2000-12-27 | 2006-04-25 | Intel Corporation | Method for resolving address space conflicts between a virtual machine monitor and a guest operating system |
US7225441B2 (en) * | 2000-12-27 | 2007-05-29 | Intel Corporation | Mechanism for providing power management through virtualization |
US6907600B2 (en) | 2000-12-27 | 2005-06-14 | Intel Corporation | Virtual translation lookaside buffer |
US6865667B2 (en) * | 2001-03-05 | 2005-03-08 | Freescale Semiconductors, Inc. | Data processing system having redirecting circuitry and method therefor |
US7272831B2 (en) | 2001-03-30 | 2007-09-18 | Intel Corporation | Method and apparatus for constructing host processor soft devices independent of the host processor operating system |
US7096497B2 (en) | 2001-03-30 | 2006-08-22 | Intel Corporation | File checking using remote signing authority via a network |
US6754895B1 (en) * | 2001-04-26 | 2004-06-22 | Palm Source, Inc. | Method and system for automatic firmware updates in a portable hand-held device |
US7143407B2 (en) * | 2001-07-26 | 2006-11-28 | Kyocera Wireless Corp. | System and method for executing wireless communications device dynamic instruction sets |
US7191440B2 (en) | 2001-08-15 | 2007-03-13 | Intel Corporation | Tracking operating system process and thread execution and virtual machine execution in hardware or in a virtual machine monitor |
US7024555B2 (en) | 2001-11-01 | 2006-04-04 | Intel Corporation | Apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment |
US7103771B2 (en) * | 2001-12-17 | 2006-09-05 | Intel Corporation | Connecting a virtual token to a physical token |
US20030126454A1 (en) * | 2001-12-28 | 2003-07-03 | Glew Andrew F. | Authenticated code method and apparatus |
US7308576B2 (en) | 2001-12-31 | 2007-12-11 | Intel Corporation | Authenticated code module |
GB2384582A (en) * | 2002-01-28 | 2003-07-30 | Ericsson Telefon Ab L M | Software correction |
US7480806B2 (en) | 2002-02-22 | 2009-01-20 | Intel Corporation | Multi-token seal and unseal |
US7124273B2 (en) * | 2002-02-25 | 2006-10-17 | Intel Corporation | Method and apparatus for translating guest physical addresses in a virtual machine environment |
US7631196B2 (en) * | 2002-02-25 | 2009-12-08 | Intel Corporation | Method and apparatus for loading a trustable operating system |
US7028149B2 (en) | 2002-03-29 | 2006-04-11 | Intel Corporation | System and method for resetting a platform configuration register |
US7069442B2 (en) | 2002-03-29 | 2006-06-27 | Intel Corporation | System and method for execution of a secured environment initialization instruction |
US20030191943A1 (en) * | 2002-04-05 | 2003-10-09 | Poisner David I. | Methods and arrangements to register code |
US20030196096A1 (en) * | 2002-04-12 | 2003-10-16 | Sutton James A. | Microcode patch authentication |
US7058807B2 (en) * | 2002-04-15 | 2006-06-06 | Intel Corporation | Validation of inclusion of a platform within a data center |
US7076669B2 (en) * | 2002-04-15 | 2006-07-11 | Intel Corporation | Method and apparatus for communicating securely with a token |
US7127548B2 (en) | 2002-04-16 | 2006-10-24 | Intel Corporation | Control register access virtualization performance improvement in the virtual-machine architecture |
US7139890B2 (en) | 2002-04-30 | 2006-11-21 | Intel Corporation | Methods and arrangements to interface memory |
US7290081B2 (en) * | 2002-05-14 | 2007-10-30 | Stmicroelectronics, Inc. | Apparatus and method for implementing a ROM patch using a lockable cache |
US6820177B2 (en) | 2002-06-12 | 2004-11-16 | Intel Corporation | Protected configuration space in a protected environment |
US7142674B2 (en) * | 2002-06-18 | 2006-11-28 | Intel Corporation | Method of confirming a secure key exchange |
US7392415B2 (en) * | 2002-06-26 | 2008-06-24 | Intel Corporation | Sleep protection |
US6996748B2 (en) | 2002-06-29 | 2006-02-07 | Intel Corporation | Handling faults associated with operation of guest software in the virtual-machine architecture |
US7124327B2 (en) | 2002-06-29 | 2006-10-17 | Intel Corporation | Control over faults occurring during the operation of guest software in the virtual-machine architecture |
US7296267B2 (en) | 2002-07-12 | 2007-11-13 | Intel Corporation | System and method for binding virtual machines to hardware contexts |
US7028174B1 (en) * | 2002-09-30 | 2006-04-11 | Western Digital Technologies, Inc. | Disk drive employing a non-volatile serial semiconductor memory for storing a control program for a microprocessor |
US7165181B2 (en) * | 2002-11-27 | 2007-01-16 | Intel Corporation | System and method for establishing trust without revealing identity |
US7440571B2 (en) * | 2002-12-03 | 2008-10-21 | Nagravision S.A. | Method for securing software updates |
US20040117532A1 (en) * | 2002-12-11 | 2004-06-17 | Bennett Steven M. | Mechanism for controlling external interrupts in a virtual machine system |
US7318235B2 (en) | 2002-12-16 | 2008-01-08 | Intel Corporation | Attestation using both fixed token and portable token |
DE10260103A1 (en) * | 2002-12-19 | 2004-07-01 | Robert Bosch Gmbh | Method and device for changing software in a control unit and corresponding control unit |
US7900017B2 (en) | 2002-12-27 | 2011-03-01 | Intel Corporation | Mechanism for remapping post virtual machine memory pages |
US20040128345A1 (en) * | 2002-12-27 | 2004-07-01 | Robinson Scott H. | Dynamic service registry |
US20040128465A1 (en) * | 2002-12-30 | 2004-07-01 | Lee Micheil J. | Configurable memory bus width |
US7076802B2 (en) * | 2002-12-31 | 2006-07-11 | Intel Corporation | Trusted system clock |
US8225293B2 (en) * | 2003-02-13 | 2012-07-17 | Accurate Technologies Inc. | Method for supporting calibration parameters in an ECU |
US20040163078A1 (en) * | 2003-02-13 | 2004-08-19 | Correa Colt R. | Method for rapidly prototyping, testing and verifying application software |
US7650596B2 (en) | 2003-02-13 | 2010-01-19 | Accurate Technologies Inc. | Method for ECU calibration and diagnostics development |
US7415708B2 (en) * | 2003-06-26 | 2008-08-19 | Intel Corporation | Virtual machine management using processor state information |
US20050038832A1 (en) * | 2003-08-14 | 2005-02-17 | International Business Machines Corporation | Application error recovery using solution database |
US20050044292A1 (en) * | 2003-08-19 | 2005-02-24 | Mckeen Francis X. | Method and apparatus to retain system control when a buffer overflow attack occurs |
US7287197B2 (en) * | 2003-09-15 | 2007-10-23 | Intel Corporation | Vectoring an interrupt or exception upon resuming operation of a virtual machine |
US7739521B2 (en) * | 2003-09-18 | 2010-06-15 | Intel Corporation | Method of obscuring cryptographic computations |
US7296189B2 (en) * | 2003-09-19 | 2007-11-13 | International Business Machines Corporation | Method, apparatus and computer program product for implementing autonomic testing and verification of software fix programs |
US7610611B2 (en) * | 2003-09-19 | 2009-10-27 | Moran Douglas R | Prioritized address decoder |
JP4837247B2 (en) * | 2003-09-24 | 2011-12-14 | パナソニック株式会社 | Processor |
US7177967B2 (en) * | 2003-09-30 | 2007-02-13 | Intel Corporation | Chipset support for managing hardware interrupts in a virtual machine system |
US20050080934A1 (en) | 2003-09-30 | 2005-04-14 | Cota-Robles Erik C. | Invalidating translation lookaside buffer entries in a virtual machine (VM) system |
TW200513850A (en) * | 2003-10-13 | 2005-04-16 | Design Technology Inc G | Patch and expansion method of memory program for digital signal processor |
US7636844B2 (en) * | 2003-11-17 | 2009-12-22 | Intel Corporation | Method and system to provide a trusted channel within a computer system for a SIM device |
US20050108534A1 (en) * | 2003-11-19 | 2005-05-19 | Bajikar Sundeep M. | Providing services to an open platform implementing subscriber identity module (SIM) capabilities |
US20050108171A1 (en) * | 2003-11-19 | 2005-05-19 | Bajikar Sundeep M. | Method and apparatus for implementing subscriber identity module (SIM) capabilities in an open platform |
US8156343B2 (en) | 2003-11-26 | 2012-04-10 | Intel Corporation | Accessing private data about the state of a data processing machine from storage that is publicly accessible |
US7383540B2 (en) * | 2003-12-12 | 2008-06-03 | International Business Machines Corporation | Altering execution flow of a computer program |
US8037314B2 (en) | 2003-12-22 | 2011-10-11 | Intel Corporation | Replacing blinded authentication authority |
US20050152539A1 (en) * | 2004-01-12 | 2005-07-14 | Brickell Ernie F. | Method of protecting cryptographic operations from side channel attacks |
TWI237786B (en) * | 2004-02-11 | 2005-08-11 | Benq Corp | Program correction method, storage medium and program-driven electronic device using the same |
US7802085B2 (en) | 2004-02-18 | 2010-09-21 | Intel Corporation | Apparatus and method for distributing private keys to an entity with minimal secret, unique information |
US7312396B1 (en) * | 2004-03-13 | 2007-12-25 | Protectconnect, Inc. | Universal electrical wiring component |
US20050216920A1 (en) * | 2004-03-24 | 2005-09-29 | Vijay Tewari | Use of a virtual machine to emulate a hardware device |
US7356735B2 (en) * | 2004-03-30 | 2008-04-08 | Intel Corporation | Providing support for single stepping a virtual machine in a virtual machine environment |
US7620949B2 (en) * | 2004-03-31 | 2009-11-17 | Intel Corporation | Method and apparatus for facilitating recognition of an open event window during operation of guest software in a virtual machine environment |
US8239673B2 (en) * | 2004-04-08 | 2012-08-07 | Texas Instruments Incorporated | Methods, apparatus and systems with loadable kernel architecture for processors |
US20050288056A1 (en) * | 2004-06-29 | 2005-12-29 | Bajikar Sundeep M | System including a wireless wide area network (WWAN) module with an external identity module reader and approach for certifying the WWAN module |
US7305592B2 (en) * | 2004-06-30 | 2007-12-04 | Intel Corporation | Support for nested fault in a virtual machine environment |
US20060048226A1 (en) * | 2004-08-31 | 2006-03-02 | Rits Maarten E | Dynamic security policy enforcement |
US7840962B2 (en) * | 2004-09-30 | 2010-11-23 | Intel Corporation | System and method for controlling switching between VMM and VM using enabling value of VMM timer indicator and VMM timer value having a specified time |
US8146078B2 (en) | 2004-10-29 | 2012-03-27 | Intel Corporation | Timer offsetting mechanism in a virtual machine environment |
TWI263940B (en) * | 2004-11-23 | 2006-10-11 | Ene Technology Inc | Memory device firmware patch method |
US8924728B2 (en) | 2004-11-30 | 2014-12-30 | Intel Corporation | Apparatus and method for establishing a secure session with a device without exposing privacy-sensitive information |
US8533777B2 (en) | 2004-12-29 | 2013-09-10 | Intel Corporation | Mechanism to determine trust of out-of-band management agents |
US7395405B2 (en) * | 2005-01-28 | 2008-07-01 | Intel Corporation | Method and apparatus for supporting address translation in a virtual machine environment |
US20070006166A1 (en) * | 2005-06-20 | 2007-01-04 | Seagate Technology Llc | Code coverage for an embedded processor system |
US8028154B2 (en) * | 2005-07-29 | 2011-09-27 | Broadcom Corporation | Method and system for reducing instruction storage space for a processor integrated in a network adapter chip |
US7523299B2 (en) * | 2005-07-29 | 2009-04-21 | Broadcom Corporation | Method and system for modifying operation of ROM based boot code of a network adapter chip |
US7809957B2 (en) | 2005-09-29 | 2010-10-05 | Intel Corporation | Trusted platform module for generating sealed data |
US20070083713A1 (en) * | 2005-10-11 | 2007-04-12 | Antonio Torrini | System on a chip integrated circuit, processing system and methods for use therewith |
US20070113064A1 (en) * | 2005-11-17 | 2007-05-17 | Longyin Wei | Method and system for secure code patching |
US8014530B2 (en) | 2006-03-22 | 2011-09-06 | Intel Corporation | Method and apparatus for authenticated, recoverable key distribution with no database secrets |
US8423832B2 (en) * | 2006-11-07 | 2013-04-16 | Hewlett-Packard Development Company, L.P. | System and method for preventing processor errors |
US20080155172A1 (en) * | 2006-12-22 | 2008-06-26 | Mediatek Inc. | Microcode patching system and method |
US9348730B2 (en) * | 2007-01-31 | 2016-05-24 | Standard Microsystems Corporation | Firmware ROM patch method |
US20090013124A1 (en) * | 2007-07-03 | 2009-01-08 | Dsp Group Limited | Rom code patch method |
US20090031109A1 (en) * | 2007-07-24 | 2009-01-29 | Via Technologies | Apparatus and method for fast microcode patch from memory |
US20090031103A1 (en) * | 2007-07-24 | 2009-01-29 | Via Technologies | Mechanism for implementing a microcode patch during fabrication |
US20090031121A1 (en) * | 2007-07-24 | 2009-01-29 | Via Technologies | Apparatus and method for real-time microcode patch |
US20090031090A1 (en) * | 2007-07-24 | 2009-01-29 | Via Technologies | Apparatus and method for fast one-to-many microcode patch |
US20090031110A1 (en) * | 2007-07-24 | 2009-01-29 | Via Technologies | Microcode patch expansion mechanism |
US20090031108A1 (en) * | 2007-07-24 | 2009-01-29 | Via Technologies | Configurable fuse mechanism for implementing microcode patches |
US7861119B1 (en) | 2007-12-07 | 2010-12-28 | American Megatrends, Inc. | Updating a firmware image using a firmware debugger application |
US9348597B2 (en) * | 2008-06-30 | 2016-05-24 | Infineon Technologies Ag | Device and method for bypassing a first program code portion with a replacement program code portion |
US8156486B2 (en) * | 2008-10-29 | 2012-04-10 | Mediatek Inc. | Patching devices and methods thereof for patching firmware functions |
US8468516B1 (en) * | 2008-12-19 | 2013-06-18 | Juniper Networks, Inc. | Creating hot patches for embedded systems |
US8438558B1 (en) | 2009-03-27 | 2013-05-07 | Google Inc. | System and method of updating programs and data |
US8806446B2 (en) * | 2010-03-22 | 2014-08-12 | Analog Devices, Inc. | Methods and apparatus for debugging programs in shared memory |
EP2378417A1 (en) * | 2010-04-16 | 2011-10-19 | Accenture Global Services Limited | Extending the functionality of an embedded system |
US9552201B2 (en) * | 2011-08-31 | 2017-01-24 | Avaya Inc. | System and method for incremental software installation |
EP2959378A1 (en) * | 2013-02-22 | 2015-12-30 | Marvell World Trade Ltd. | Patching boot code of read-only memory |
FR3012655B1 (en) | 2013-10-25 | 2015-12-25 | Proton World Int Nv | FLASH MEMORY COUNTER |
US9690571B2 (en) | 2013-12-31 | 2017-06-27 | Nxp Usa, Inc. | System and method for low cost patching of high voltage operation memory space |
US10042625B2 (en) | 2015-03-04 | 2018-08-07 | International Business Machines Corporation | Software patch management incorporating sentiment analysis |
US9678682B2 (en) * | 2015-10-13 | 2017-06-13 | International Business Machines Corporation | Backup storage of vital debug information |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4028684A (en) * | 1975-10-16 | 1977-06-07 | Bell Telephone Laboratories, Incorporated | Memory patching circuit with repatching capability |
GB2227584A (en) * | 1989-01-28 | 1990-08-01 | Int Computers Ltd | Computer control data modification system |
JPH04312126A (en) * | 1991-04-11 | 1992-11-04 | Nec Corp | Data processing system |
US5357627A (en) * | 1989-03-28 | 1994-10-18 | Olympus Optical Co., Ltd. | Microcomputer having a program correction function |
EP0640916A2 (en) * | 1993-08-31 | 1995-03-01 | Nec Corporation | Microcomputer |
US5454100A (en) * | 1992-09-18 | 1995-09-26 | Sony Corporation | Electronic apparatus |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4319079A (en) * | 1979-09-13 | 1982-03-09 | Best Robert M | Crypto microprocessor using block cipher |
JPH0235524A (en) * | 1988-03-14 | 1990-02-06 | Advanced Micro Devicds Inc | Bus convertible programmable sequencer |
US5740413A (en) * | 1995-06-19 | 1998-04-14 | Intel Corporation | Method and apparatus for providing address breakpoints, branch breakpoints, and single stepping |
US5764884A (en) * | 1996-10-31 | 1998-06-09 | International Business Machines Corp. | Method and apparatus for improved instruction counting schemes |
-
1996
- 1996-12-05 US US08/759,611 patent/US5901225A/en not_active Expired - Lifetime
-
1997
- 1997-12-04 WO PCT/US1997/023143 patent/WO1998025205A1/en active Application Filing
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4028684A (en) * | 1975-10-16 | 1977-06-07 | Bell Telephone Laboratories, Incorporated | Memory patching circuit with repatching capability |
GB2227584A (en) * | 1989-01-28 | 1990-08-01 | Int Computers Ltd | Computer control data modification system |
US5357627A (en) * | 1989-03-28 | 1994-10-18 | Olympus Optical Co., Ltd. | Microcomputer having a program correction function |
JPH04312126A (en) * | 1991-04-11 | 1992-11-04 | Nec Corp | Data processing system |
US5454100A (en) * | 1992-09-18 | 1995-09-26 | Sony Corporation | Electronic apparatus |
EP0640916A2 (en) * | 1993-08-31 | 1995-03-01 | Nec Corporation | Microcomputer |
Non-Patent Citations (2)
Title |
---|
PATENT ABSTRACTS OF JAPAN vol. 017, no. 138 (P - 1505) 22 March 1993 (1993-03-22) * |
WILKINSON M A: "BREAKPOINTS IN MASKED MICROCONTROLLERS TO FIC LATENT SOFTWARE DEFECTS", MOTOROLA TECHNICAL DEVELOPMENTS, vol. 26, 1 November 1995 (1995-11-01), pages 2/3, XP000552115 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102007016170A1 (en) * | 2007-04-02 | 2008-10-09 | Francotyp-Postalia Gmbh | Security module for a franking machine |
EP2019356A1 (en) * | 2007-07-24 | 2009-01-28 | VIA Technologies, Inc. | On-chip memory providing for microcode patch overlay and constant update functions |
Also Published As
Publication number | Publication date |
---|---|
US5901225A (en) | 1999-05-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US5901225A (en) | System and method for performing software patches in embedded systems | |
EP0092646B1 (en) | Method and apparatus of program patching in a data processing system | |
US6477702B1 (en) | Bytecode program interpreter apparatus and method with pre-verification of data type restrictions and object initialization | |
US5958037A (en) | Apparatus and method for identifying the features and the origin of a computer microprocessor | |
US5671352A (en) | Error injection to a behavioral model | |
US5920721A (en) | Compiler generating functionally-alike code sequences in an executable program intended for execution in different run-time environments | |
US6820192B2 (en) | Central processing unit for easily testing and debugging programs | |
US4635193A (en) | Data processor having selective breakpoint capability with minimal overhead | |
US7373446B2 (en) | Method and system for dynamically patching an operating system's interrupt mechanism | |
US7120572B1 (en) | Memory efficient program pre-execution verifier and method | |
Shelton et al. | Robustness testing of the Microsoft Win32 API | |
Koppe et al. | Reverse engineering x86 processor microcode | |
Ghosh et al. | An approach to testing COTS software for robustness to operating system exceptions and errors | |
Padaryan et al. | Automated exploit generation for stack buffer overflow vulnerabilities | |
Silva et al. | Experimental assessment of parallel systems | |
US5894549A (en) | System and method for fault detection in microcontroller program memory | |
Spensky et al. | Glitching demystified: analyzing control-flow-based glitching attacks and defenses | |
Dresel et al. | Artist: the android runtime instrumentation toolkit | |
Rimén et al. | A study of the error behavior of a 32-bit RISC subjected to simulated transient fault injection | |
US5787241A (en) | Method and apparatus for locating exception correction routines | |
Becker et al. | Binary mutation testing through dynamic translation | |
Alshaer et al. | Variable-length instruction set: Feature or bug? | |
US6772372B2 (en) | System and method for monitoring unaligned memory accesses | |
Desfossez et al. | Stealth malware analysis from kernel space with Kolumbo | |
JPH0550016B2 (en) |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): JP KR |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): AT BE CH DE DK ES FI FR GB GR IE IT LU MC NL PT SE |
|
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
122 | Ep: pct application non-entry in european phase |