WO1998025205A1 - System and method for performing software patches in embedded systems - Google Patents

System and method for performing software patches in embedded systems Download PDF

Info

Publication number
WO1998025205A1
WO1998025205A1 PCT/US1997/023143 US9723143W WO9825205A1 WO 1998025205 A1 WO1998025205 A1 WO 1998025205A1 US 9723143 W US9723143 W US 9723143W WO 9825205 A1 WO9825205 A1 WO 9825205A1
Authority
WO
WIPO (PCT)
Prior art keywords
patch
processor
breakpoint
instructions
executing
Prior art date
Application number
PCT/US1997/023143
Other languages
French (fr)
Inventor
Mark A. Ireton
Gerald Champagne
Corbett A. Marler
Original Assignee
Advanced Micro Devices, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Advanced Micro Devices, Inc. filed Critical Advanced Micro Devices, Inc.
Publication of WO1998025205A1 publication Critical patent/WO1998025205A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/32Address formation of the next instruction, e.g. by incrementing the instruction counter
    • G06F9/322Address formation of the next instruction, e.g. by incrementing the instruction counter for non-sequential address
    • G06F9/328Address formation of the next instruction, e.g. by incrementing the instruction counter for non-sequential address for runtime instruction patching
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • G06F8/66Updates of program code stored in read-only memory [ROM]

Definitions

  • TITLE SYSTEM AND METHOD FOR PERFORMING SOFTWARE PATCHES IN
  • the present invention relates to embedded systems and in particular to software patches of embedded systems with non-alterable firmware
  • embedded system devices are intelligent controllers for televisions, automobile engines, microwave ovens, telephone answe ⁇ ng machines, medical equipment, etc
  • the embedded system devices typically compnse a processor, such as a microprocessor, micro-controller, or digital signal processor (DSP), and storage elements, such as read only memory (ROM)
  • DSP digital signal processor
  • ROM read only memory
  • the storage elements typically include software which the processor executes to perform functions of an application, such as those previously listed
  • the device further includes application logic to interface with the television, automobile engine, telephone, or other application to gather data from and/or control the application
  • embedded system devices employ permanent storage elements, such as ROM to store their software Permanent storage elements are used because many embedded systems do not reside m a computer svstem, or similar system That is, the systems do not have secondary permanent storage, such as a disk or tape dnve, to store the embedded svstem software Hence, permanent storage is required on the embedded svstem device itself in order to store the embedded system software, since the embedded system software cannot be stored elsewhere within the system Most economical forms of solid state permanent storage, such as ROM, are non-alterable storage elements
  • the embedded system software is frequently referred to as "firmware ', since software is permanently stored in the hardware of the system Histoncally, although the firmware of vanous embedded systems may have been sophisticated, I e , employing sophisticated DSP algonthms for example, typically, firmware is not complex, relatively speaking That is. firmware is traditionally relatively small, and therefore the likelihood of firmware errors, or bugs, has been relatively small
  • contemporary embedded systems are rapidly increasing in complexity, which is increasing the likelihood of programming errors in the
  • the processor within the computer svstem includes a program counter register which contains the address of the current instruction to be fetched and executed
  • the processor further comprises debug registers At least one of the debug registers contains an instruction address When the value of the program counter equals the value of the instruction address debug register, a debug exception or interrupt, occurs When the processor receives the debug exception, the processor deviates execution of the currently executing program to a debug handler program, or routine
  • One of the debug registers is a debug control register containing one or more bits to enable or disable the breakpoint mechanism
  • An example of a processor employing a breakpoint mechanism is the INTEL i486 processor
  • the i486 processor compnses four Debug Address Registers (D0-D3) and a Debug Control Register (DR7) If the appropnate bits are present in the Debug Control Register, when the value of the program counter register equals the value in one of the Debug Address Registers, a debug exception (INT 1) occurs More specifically, an instruction breakpoint fault occurs A debug exception causes the processor to deviate execution from the current program to a debug exception handler
  • the debug exception handler invokes a debugger program which allows the user of a computer svstem to interact with the computer system to debug the software executing on the svstem
  • the debugger program allows the user to perform such tasks as examine memory locations and register contents of the computer system for the purpose of determining software errors, I e , bugs
  • the present invention compnses a system and method for performing software patches for embedded svstem devices in which the firmware of the system is included in non-alterable storage of the device
  • the patch mechamsm advantageously provides a means for finding firmware errors, prototyping fixes to the errors and/or prototyping new functionality of the firmware of the embedded system
  • the system compnses an embedded svstem device coupled to an external memory source
  • the device compnses a non- alterable memory, including firmware, coupled to a processor
  • the device further compnses a relatively small amount of patch RAM within the device
  • the patches are not part of the system under test, but are instead loaded into the patch RAM
  • the device further comprises a means for determining if one or more patches are to be applied If the device detects patches to be applied the device loads the patches from the external memory into the patch RAM via an external memory interface of the device
  • the device also compnses a means for causing the firmware to deviate from normal execution and to execute the patch
  • the deviation means compnses a breakpoint register
  • the points of deviation are referred to as breakpoints
  • program flow can either return from where normal execution deviated, or can continue elsewhere as specified bv the patch developer
  • the embedded system device compnses a single integrated circuit
  • the patch compnses a sequence of bytes included in the external memory
  • the patch compnses a portion including executable patch instructions Another portion, preferably the first portion, of the patch contains an offset to the executable patch instructions Another portion, preferably the second portion, of the patch
  • One embodiment of the invention compnses a breakpoint handler, wherein the processor deviates to the breakpoint handler when the program counter value equals the breakpoint register value
  • the breakpoint handler detects the presence of a breakpoint condition and branches to the patch
  • One embodiment of the invention compnses command interface logic, wherein vanous aspects of patch loading are controlled
  • any or all of the address of the patch in external memory, the address of the patch in the patch RAM, the patch start address, the breakpoint address, the loading of the breakpoint register, the patch size, and the presence of a patch may be controlled via the command interface
  • One embodiment of the invention contemplates a method for chaining together multiple patches
  • the invention further contemplates run-time loading of patches, in addition to boot-time loading of patches, for the purpose, inter alia, of replacing a currently executing patch
  • the invention contemplates an embodiment in which the patches are loaded into the patch RAM via a direct memory access transfer
  • the processor compnses multiple breakpoint registers allowing for multiple patch insertions
  • the invention contemplates storing the patch in the external memory in an encrypted form and decrypting the patch as it is loaded into the patch RAM.
  • the encryption mechamsm increases the security of the system by preventing unauthorized users from loading and inserting patches.
  • the present invention comprises a system and method for performing software patches for embedded system devices in which the firmware of the system is included in non-alterable storage of the device in order to find firmware enors, prototype fixes to the errors and/or prototype new functionality of the firmware of the embedded system.
  • Fig. 1 is a block diagram of an embedded system according to the present invention.
  • Fig. 2 is a block diagram illustrating deviation of normal firmware execution to execution of patch instructions in the system of Fig. 1;
  • Fig. 3 is a flowchart illustrating steps taken by the system of Fig. 1 to perform a boot sequence including selectively loading a patch;
  • Fig. 4 illustrates the layout of one embodiment of a patch
  • Fig. 5 is a flowchart illustrating detailed steps taken to perform the patch loading step of Fig. 3;
  • Fig. 6 is a flowchart illustrating detailed steps taken to perform the firmware execution step of Fig.
  • Fig. 7 is a block diagram illustrating an embodiment of the present invention comprising a breakpoint handler.
  • the device comprises a processor 12.
  • the device further comprises ROM 14, patch
  • RAM 16 application logic 18, external memory interface logic 22, and a patch presence detection means 28 all coupled to the processor 12.
  • the processor 12 comprises a microprocessor, micro-controller, digital signal processor (DSP), or other type of software instruction processing device.
  • the processor 12 is an ADI 2171 DSP core
  • the processor 12 fetches firmware instructions from the ROM 14 and executes the firmware instructions Upon certain conditions, descnbed below, the processor 12 deviates from fetching instructions from the ROM 14 and fetches firmware patch instructions from the patch RAM 16 and executes the firmware patch instructions
  • the ROM 14 compnses read only memory storage elements as are well known in the art of solid state memory circuits The invention, however, is not limited to ROM technology, but rather is intended to comprehend other forms of non-alterable, l e , once-programmable, solid state memory elements
  • the ROM 14 compnses read only memory storage which is programmed dunng fabncation of the device 10 That is, the firmware of the device 10 is determined by the fabncation mask of the ROM 14 portion of the device 10 Consequently, changing the firmware (such as for determimng
  • the patch RAM 16 compnses dynamic random access memory (DRAM) or static random access memory (SRAM) storage elements as are well known m the art of solid state memory circuits
  • DRAM dynamic random access memory
  • SRAM static random access memory
  • the application logic 18 compnses circuitry to interface with the application which the device 10 is employed or to perform functions of the application
  • the application logic 18 is a buffer, receiver, transceiver, or register for interfacing with other circuitry such as telephone signals
  • the processor 12 compnses a program counter 24 and a breakpoint register 26
  • the program counter 24 contains the cunent address of the instruction to be fetched by the processor 12
  • the program counter 24 is updated by the processor 12 each time an instruction is fetched
  • the breakpoint register 26 contains a breakpoint location, or breakpoint address
  • the processor 12 deviates execution from fetching and executing firmware instructions in the ROM 14 to fetching and executing firmware patch instructions in the patch RAM 16 as shown in Fig 2
  • Fig. 2 illustrates the normal program flow of execution of firmware instructions included within the ROM 14 of the device 10
  • the firmware instructions are shown included in sequential address locations within the ROM 14
  • the program counter 24 (of Fig 1) value equals the breakpoint register 26 value
  • a patch insertion occurs, I e
  • the processor 12 deviates from normal program flow to the patch start address to execute the patch execution instructions included in the patch RAM 16 as shown
  • the external memory interface logic 22 compnses digital circuitry coupled to an external memory 23 for loading patches from the external memory 23 to the patch RAM 16
  • the external memory 23 is an EPROM, FLASH ROM, RAM, or any other suitable external storage device
  • the invention contemplates an embodiment in which the device 10 compnses command interface logic 20 coupled to the processor 12
  • the command interface logic 20 compnses circuitry for receiving commands and providing status to an external device which communicates with the device 10 via a command interface
  • the invention contemplates an embodiment in which the command interface logic 20 compnses a senal interface such as an RS-232 interface
  • a second embodiment contemplates the command interface logic 20 compnsing a parallel interface such as those commonly found on personal computers, commonlv for communicating with pnnters
  • the command interface logic 20 is used, inter aha, to load patches into the patch RAM 16 and/or control the loading of patches to the patch RAM 16 through another interface such as the external memory interface logic 22
  • the patch presence detection means 28 is readable by the processor 12 and is used to indicate to the processor 12 whether or not a patch is present
  • the patch presence detection means 28 is a mode register compnsmg a bit to indicate the presence of a patch Data is forced by an external device (not shown) onto output pins of the device 10 dunng reset of the device 10 to wnte the mode register with a value to selectively indicate the presence or absence of a patch
  • the patch presence detection means 28 is a test mode input pin of the device 10 which is dnven by an external device
  • the patch presence detection means 28 is a mode register included within the command interface logic 20 and is wntten with a value to selectively indicate the presence or absence of a patch
  • a flowchart illustrating steps taken by the device 10 (of Fig 1) to perform a boot sequence including selectively loading a patch is shown
  • the processor 12 When the processor 12 (of Fig 1) is reset, it initializes its program counter 24 to a predetermined value in step 40 and begins fetching and executing instructions at the address contained m the program counter 24
  • the initial address, I e , boot address, contained in the program counter 24 is an address in the ROM 14
  • the boot address is near the top or bottom of the processor 12 address space In one embodiment the boot address is address zero
  • a plurality of the instructions fetched from the boot address examine the patch presence detection means 28 in step 42
  • the processor 12 determines if the device is in a patch mode, I e , that a patch is present, in step 44 based upon the value of the patch presence detection means 28 If a patch is present, the processor 12 loads the patch m step 46 The processor 12 then proceeds to execute the firmware m step 48 More details about how the patch is loaded and the firmware is executed will be
  • the first portion of the patch 50, I e the data at the internal patch address, compnses a patch offset 1 from the internal patch address to the patch execution instructions
  • the sum of the internal patch address and the patch offset 51 determines the patch start address, l e , the address of the patch execution instructions, as shown
  • the next portion of the patch 50 includes the patch size 52
  • the patch size 52 is the number of double words (l e , 32-bit words) compnsing the patch 50
  • the next portion of the patch 50 includes the breakpoint address 54 of the patch 50.
  • I e the address to be loaded into the breakpoint register 26 (of Fig 1)
  • the loading of the breakpoint address 54 into the breakpoint register 26 will be descnbed in the discussion of Fig 5
  • the next portion of the patch 50 includes a set of patch startup instructions 56
  • the patch startup instructions 56 initialize patch local vanables 58 and perform any other actions which are required on a once only basis
  • the execution of the patch startup instructions 56 will be descnbed in the discussion of Fig 5
  • the next portion of the patch 50 includes the patch execution instructions 57, the location of which is specified bv the patch offset 51
  • the patch execution instructions 57 compnse instructions executable by the processor 12 (of Fig 1) to perform the desired functionality of the patch, such as finding firmware enors, prototyping fixes to firmware errors and/or prototyping new functionality of the firmware
  • the processor 12 deviates from fetching and executing instructions in the ROM 14 and begins fetching and executing the patch execution instructions 57 from the patch RAM 16
  • the next portion of the patch 50 includes the patch local vanables 58
  • the patch local vanables 58 are vanables used by the patch execution instructions to perform the desired patch functions
  • Fig 5 a flowchart illustrating in more detail steps taken to perform the patch loading step 46 of Fig 3 is shown
  • the processor 12 determines the internal patch address, i.e . the address in the patch RAM 16 at which the patch is to be loaded, in step 60
  • the internal patch address is address fixed at address zero in the patch RAM 16
  • the internal patch address is specified by an external device m a register within the device 10
  • the internal patch address is specified in the command interface logic 20 via the command interface
  • the processor 12 determines the external patch address, I e , the address in the external memory 23 at which the patch is stored, in step 62
  • the external patch address is fixed at an address within the external memory 23 which is a number of bytes from the end of the external memory 23 which is equal to the size of the patch RAM 16
  • the external patch address would be at address 65024 (l e , 65536 - 512)
  • the external patch address is specified by an external device in a register within the device 10
  • the external patch address is specified in the command interface logic 20 via the command interface
  • the processor determines the patch size, I e , the number of bytes of the patch, m step 64
  • the patch includes the number of 32-bit words compnsing the patch, as shown in Fig 4
  • the patch size is included in the fourth byte of the patch
  • the patch size is specified bv an external device in a register within the device 10
  • the patch size is specified in the command interface logic 20 via the command interface
  • the patch size is fixed at a predetermined length
  • the processor 12 assumes the patch size is equal to the size of the patch RAM 16
  • the processor 12 copies patch size words of data from the external patch address of the external memory 23 to the internal patch address of the patch RAM 16 m step 66
  • the patch size is specified near the beginning of the patch itself Hence, the processor 12 copies enough of the patch to determine the size of the patch and then copies the remaimng bytes of the patch after determining the size
  • a set of patch startup instructions 56 exists in the patch, as shown in Fig 4 After copying the patch to the patch RAM 16, the processor 12 executes the patch startup instructions 56 in step 68
  • the patch startup instructions 56 initialize the patch local vanables and perform any other actions which are required on a once only basis
  • the processor 12 then loads the breakpoint register 26 with the breakpoint address, l e , the address at which the processor 12 deviates execution from the firmware instructions included in the ROM 14 to the patch execution instructions included in the patch RAM 16 in step 70
  • the breakpoint address 54 is included in the patch as shown in Fig 4
  • the breakpoint address is specified by an external device in a register within the device 10
  • the breakpoint address is specified in the command interface logic 20 via the command interface
  • the processor 12 then returns to the boot code to begin executing the firmware Refernng now to Fig 6, a flowchart illustrating in more detail steps taken to perform the firmware execution step 48 of Fig 3 is shown
  • the processor 12 fetches an instruction at the value of the program counter 24 in step 80
  • the processor 12 next increments the program counter 24 by the size of the instruction fetched in step 82
  • the processor 12 instruction size is fixed, hence the program counter 24 is incremented by a fixed amount after each instruction fetch
  • the processor 12 instruction size is vanable
  • the processor 12 executes
  • a block diagram illustrating an embodiment of the present invention compnsing a breakpoint handler is shown Preferably, branching to the patch start address, l e , step 92 (of Fig 6), compnses the processor deviating to a breakpoint handler, wherein the breakpoint handler executes a branch instruction to the patch start address
  • the breakpoint handler resides in the ROM 14 as part of the firmware
  • the breakpoint handler entry point resides at a fixed location m the processor 12 address space, l e., in a fixed location m the ROM 14
  • the processor 12 When a breakpoint condition occurs, I e , when the value of the breakpoint register 26 equals the value of the program counter 24, the processor 12 deviates from normal execution, l e , execution of the cunent instruction, and begins fetching and executing instructions from the breakpoint handler entry point, as shown
  • the breakpoint handler calculates the patch start address by adding the internal patch address to the patch offset 51 (of Fig 4) The breakpoint handler then executes a branch instruction to the patch start address and the processor 12 begins fetching and executing the patch execution instructions 57 (of Fig 4)
  • the processor 12 compnses a non-maskable interrupt (NMI)
  • NMI occurs under at least two conditions The first condition is when an NMI input signal to the processor 12 becomes active The second condition is a breakpoint condition, I e , when the value of the breakpoint register 26 equals the value of the program counter 24
  • the processor 12 receives an NMI whenever either of the two NMI conditions occurs When an NMI condition occurs, the processor 12
  • the breakpoint handler determines which of the two NMI conditions generated the NMI In one embodiment, the NMI input signal indicates a power down condition In this embodiment, the device 10 compnses a means for determimng if a power down condition is present The breakpoint handler determines if the power down condition is present, by reading the power down condition determimng means If a power down condition is not present, the breakpoint handler assumes that a breakpoint condition has occurred and conespondingly branches to the patch start address as descnbed supra
  • the step 92 (of Fig 6) of branching to the patch start address compnses the processor 12 (of Fig 1) directly loading the program counter 24 with the value of the patch start address
  • the processor 12 directly loads the program counter 24 from a patch start address register
  • the processor 12, dunng the boot sequence calculates the patch start address bv adding the internal patch address to the patch offset 51 and populating the patch start address register
  • the processor 12 directly loads the program counter 24 by calculating the patch start address and loading it into the program counter 24 In this embodiment, the processor 12 calculates the patch start address by adding the internal patch address to the patch offset 51
  • the step 92 (of Fig 6) of branching to the patch start address compnses a branch instruction to the patch start address being forced into the instruction stream
  • the processor 12 compnses a data bus upon which instructions are fetched from the ROM 14 and patch RAM 16 Forcing the branch instruction into the instruction stream compnses forcing onto the data bus of the processor 12 the branch instruction to the patch start address whenever the processor 12 fetches an instruction from a 'known address"
  • the "known address" is the address to which the processor deviates upon the occunence of a breakpoint condition
  • the actual data at the "known address" in ROM 14 or patch RAM 16 is discarded in favor of the sunogate branch instruction to the patch start address
  • the processor 12 executing the branch instruction to the patch start address causes the program counter 24 to get updated with the patch start address and the patch execution instructions 57 to be fetched and executed
  • the processor 12 fetches and executes instructions in a pipelined manner, as is well known in the art of processor design
  • the processor 12 may execute one or more instructions beyond the instruction at which the breakpoint is to occur In such case the patch programmer must be aware of the pipelined charactenstics of the processor 12 and create a patch which takes these charactenstics into consideration Alternate Embodiments
  • the present invention contemplates an embodiment in which the patch start address is specified in the command interface logic 20 via the command interface, rather than in the patch itself
  • Another embodiment is contemplated in which the internal patch address is specified by an external device in a register within the device 10
  • the patch start address is fixed I e , hard-coded into the processor 12
  • the present invention contemplates an embodiment in which the processor 12 compnses a plurality of breakpoint registers Each breakpoint register may be loaded with a different value, thus providing the ability to insert a plurality of patches, I e , each breakpoint register has an associated patch start address If the program counter 24 value equals any of the values in the plurality of breakpoint registers, a patch insertion of the patch corresponding to the breakpoint register whose value equals the value of the program counter 24 occurs.
  • the plurality of patch start addresses associated with each of the breakpoint registers are specified by any of the means descnbed supra, I e , within the patch itself, via the command interface logic 20, by a plurality of registers within the device 10, or at a fixed address associated with each breakpoint register
  • the present invention further contemplates an embodiment in which the patch execution instructions alter the contents of the breakpoint register and patch start address, thereby providing a means to achieve "patch chaimng "
  • a first patch, patch A executes and dunng execution alters the patch start address with a new value conespondmg to a patch B and loads the breakpoint register with a new value conesponding to a patch B, thus enabling patch B and disabling itself, I e , disabling patch A
  • patch B has been "chained" to patch A
  • Patch B then performs the reverse action, I e , enable patch A and disable patch B
  • the number of patches which may be chained is unrestncted Further, patch chaining may be combined with the embodiment compnsing a plurality of breakpoint registers
  • the present invention contemplates an embodiment in which patches are run-time loaded" in addition to lnit-time loaded That is, patches are loaded dunng real time operation of the device 10, I e , dunng firmware execution (step 48 of Fig 3) m addition to dunng the boot sequence
  • Run-time patch loading provides a mechanism for replacing patches which are cunently executing
  • the present invention contemplates employing run-time patch loading to accomplish patch chaimng as descnbed supra
  • the present invention contemplates an embodiment in which patches are loaded by a DMA operation from the external memory 23 into the patch RAM 16 This embodiment allows real-time execution of the svstem to continue while the patch is being loaded
  • the breakpoint register 26 and patch start address are loaded via the
  • the present invention contemplates an encryption mechanism for increasing the secunty of the embedded system compnsing the device 10
  • the patch is encrypted pnor to storage in the external memory and decrypted as the patch is loaded into the device 10 m order to recover the ongmal bit sequence of the patch, 1 e , a bit sequence of instructions executable bv the processor 12
  • a "one time pad" encryption mechamsm is employed A one time pad is a stnng of random numbers used to encrypt a message, in particular, a bit sequence of software program instructions Each stnng of random numbers is used only once to encrypt the software, I e , the patch
  • the random numbers are obtained by sampling lonosphenc scatter
  • the patch is encrypted b ⁇ multiplying the patch by a polynomial, or encryption key, in the Galois Field (2), I e , GF(2)
  • the patch is decrypted bv dividing the patch by the same polynomial as it is being loaded into the device 10
  • Galois Fields are u ell known in the art of coding The reader is referred to Introduction to Trellis-Coded
  • the patch once decrypted, will be a bit sequence which will have an extremely high probability of not being valid processor instructions Preferably when the processor executes invalid instructions with unexpected results
  • an unauthonzed user is prevented from executing a patch which might allow a means for extracting the firmware of the embedded svstem device or from executing a patch to perform an unauthonzed function
  • the processor 12 performs the decryption
  • the present invention also contemplates the device 10 compnsing dedicated logic to perform the decryption
  • the present invention is not intended to be limited to GF polynomial encryption techniques, but rather is intended to encompass any suitable encryption technique

Abstract

A system and method for performing software patches for embedded system devices in which the firmware of the system is included in non-alterable storage of the device. The patch mechanism provides a means for finding firmware errors, prototyping fixes to the errors and/or prototyping new functionality of the firmware of the embbeded system. The system comprises an embedded system device coupled to an external memory. The device includes a non-alterable memory, including firmware, coupled to a processor. The device further includes a relatively small amount of patch RAM within the device also coupled to the processor. The patches are loaded from the external memory into the patch RAM. The device further includes a means for determining if one or more patches are to be applied. If the device detects a patch to be applied, the system loads the patch from the external memory into the patch RAM. The device also includes a breakpoint register. When the value of the program counter of the processor equals the value in the breakpoint register, a patch insertion occurs, i.e., the processor deviates from executing firmware to executing patch instructions. Preferably, the embedded system device comprises a single integrated circuit. The processor may include a plurality of breakpoint registers. The patch may be encrypted for increased security. Multiple patches may be chained together, and run-time patch replacement is contemplated.

Description

TITLE: SYSTEM AND METHOD FOR PERFORMING SOFTWARE PATCHES IN
EMBEDDED SYSTEMS
BACKGROUND OF THE INVENTION
Field of the Invention
The present invention relates to embedded systems and in particular to software patches of embedded systems with non-alterable firmware
Descnption of the Related Art
As integrated circuit technology has advanced at a relatively rapid rate, embedded systems incorporating integrated circuit devices have become more and more commonplace Examples of embedded system devices are intelligent controllers for televisions, automobile engines, microwave ovens, telephone answeπng machines, medical equipment, etc The embedded system devices typically compnse a processor, such as a microprocessor, micro-controller, or digital signal processor (DSP), and storage elements, such as read only memory (ROM) The storage elements typically include software which the processor executes to perform functions of an application, such as those previously listed The device further includes application logic to interface with the television, automobile engine, telephone, or other application to gather data from and/or control the application
Typically, embedded system devices employ permanent storage elements, such as ROM to store their software Permanent storage elements are used because many embedded systems do not reside m a computer svstem, or similar system That is, the systems do not have secondary permanent storage, such as a disk or tape dnve, to store the embedded svstem software Hence, permanent storage is required on the embedded svstem device itself in order to store the embedded system software, since the embedded system software cannot be stored elsewhere within the system Most economical forms of solid state permanent storage, such as ROM, are non-alterable storage elements The embedded system software is frequently referred to as "firmware ', since software is permanently stored in the hardware of the system Histoncally, although the firmware of vanous embedded systems may have been sophisticated, I e , employing sophisticated DSP algonthms for example, typically, firmware is not complex, relatively speaking That is. firmware is traditionally relatively small, and therefore the likelihood of firmware errors, or bugs, has been relatively small However, contemporary embedded systems are rapidly increasing in complexity, which is increasing the likelihood of programming errors in the firmware, which is included m non-alterable storage
Furthermore, in rapidly evolving marketplaces in which the embedded svstems are commonly sold, it is often desirable to add new features to an existing product to increase functionality Given the permanent nature of the firmware, lengthy cycles are involved in making a firmware change duπng the process of developing the new features Traditional techniques of adding new functionality to a firmware system require the existence of special logic which either includes its own random access memory (RAM) for firmware storage, or is capable of being interfaced to external RAM for firmware storage An example of this special logic is an In-Circuit Emulator (ICE) In many instances an ICE is simply not a viable alternative, as this could require the development of a special purpose part at enormous expense This is also uneconomical for embedded systems in particular as there will likely not be a market for sales of the debug part to help mitigate the development costs
It is also often desirable to be able to perform analysis or development of existing firmware in the final target svstem, since the characteπstics of the real system may be either very difficult or even impossible, to model in any type of emulator or simulator This is also difficult or impossible due to the permanent nature of the firmware
Therefore, a system and method for finding firmware errors, prototyping fixes to the errors, and/or * prototyping new functionality of the firmware of an embedded system is desired
The notion of software breakpoints for debugging software is well known in the art of computer systems Typically, the processor within the computer svstem includes a program counter register which contains the address of the current instruction to be fetched and executed The processor further comprises debug registers At least one of the debug registers contains an instruction address When the value of the program counter equals the value of the instruction address debug register, a debug exception or interrupt, occurs When the processor receives the debug exception, the processor deviates execution of the currently executing program to a debug handler program, or routine One of the debug registers is a debug control register containing one or more bits to enable or disable the breakpoint mechanism
An example of a processor employing a breakpoint mechanism is the INTEL i486 processor The i486 processor compnses four Debug Address Registers (D0-D3) and a Debug Control Register (DR7) If the appropnate bits are present in the Debug Control Register, when the value of the program counter register equals the value in one of the Debug Address Registers, a debug exception (INT 1) occurs More specifically, an instruction breakpoint fault occurs A debug exception causes the processor to deviate execution from the current program to a debug exception handler
Typically, the debug exception handler invokes a debugger program which allows the user of a computer svstem to interact with the computer system to debug the software executing on the svstem The debugger program allows the user to perform such tasks as examine memory locations and register contents of the computer system for the purpose of determining software errors, I e , bugs
However, computer systems, unlike embedded systems whose firmware resides in non-alterable storage, enjoy the privilege of prototyping fixes to software errors and/or prototyping new software functionality by simply recompiling the program, loading the newly compiled program, and executing the program on the system In contrast, embedded systems do not enjoy this luxury SUMMARY OF THE INVENTION
The present invention compnses a system and method for performing software patches for embedded svstem devices in which the firmware of the system is included in non-alterable storage of the device The patch mechamsm advantageously provides a means for finding firmware errors, prototyping fixes to the errors and/or prototyping new functionality of the firmware of the embedded system The system compnses an embedded svstem device coupled to an external memory source The device compnses a non- alterable memory, including firmware, coupled to a processor The device further compnses a relatively small amount of patch RAM within the device The patches are not part of the system under test, but are instead loaded into the patch RAM
The device further comprises a means for determining if one or more patches are to be applied If the device detects patches to be applied the device loads the patches from the external memory into the patch RAM via an external memory interface of the device The device also compnses a means for causing the firmware to deviate from normal execution and to execute the patch Preferably the deviation means compnses a breakpoint register The points of deviation are referred to as breakpoints At the end of a patch, program flow can either return from where normal execution deviated, or can continue elsewhere as specified bv the patch developer When the value of the program counter of the processor equals the value in the breakpoint register, the deviation from firmware execution to patch instruction execution, l e , a patch insertion occurs Preferably, the embedded system device compnses a single integrated circuit The patch compnses a sequence of bytes included in the external memory The patch compnses a portion including executable patch instructions Another portion, preferably the first portion, of the patch contains an offset to the executable patch instructions Another portion, preferably the second portion, of the patch contains the length of the patch Another portion of the patch contains local vanables for the patch Another portion of the patch contains executable startup instructions of the patch, I e , instructions which are executions after loading the patch to perform once only operations prior to insertion of the patch
One embodiment of the invention compnses a breakpoint handler, wherein the processor deviates to the breakpoint handler when the program counter value equals the breakpoint register value The breakpoint handler detects the presence of a breakpoint condition and branches to the patch
One embodiment of the invention compnses command interface logic, wherein vanous aspects of patch loading are controlled In particular, any or all of the address of the patch in external memory, the address of the patch in the patch RAM, the patch start address, the breakpoint address, the loading of the breakpoint register, the patch size, and the presence of a patch may be controlled via the command interface
One embodiment of the invention contemplates a method for chaining together multiple patches The invention further contemplates run-time loading of patches, in addition to boot-time loading of patches, for the purpose, inter alia, of replacing a currently executing patch The invention contemplates an embodiment in which the patches are loaded into the patch RAM via a direct memory access transfer In one embodiment the processor compnses multiple breakpoint registers allowing for multiple patch insertions The invention contemplates storing the patch in the external memory in an encrypted form and decrypting the patch as it is loaded into the patch RAM. The encryption mechamsm increases the security of the system by preventing unauthorized users from loading and inserting patches.
Thus, the present invention comprises a system and method for performing software patches for embedded system devices in which the firmware of the system is included in non-alterable storage of the device in order to find firmware enors, prototype fixes to the errors and/or prototype new functionality of the firmware of the embedded system.
BRIEF DESCRIPTION OF THE DRAWINGS
A better understanding of the present invention can be obtained when the following detailed description of the preferred embodiment is considered in conjunction with the following drawings, in which:
Fig. 1 is a block diagram of an embedded system according to the present invention;
Fig. 2 is a block diagram illustrating deviation of normal firmware execution to execution of patch instructions in the system of Fig. 1;
Fig. 3 is a flowchart illustrating steps taken by the system of Fig. 1 to perform a boot sequence including selectively loading a patch;
Fig. 4, illustrates the layout of one embodiment of a patch;
Fig. 5 is a flowchart illustrating detailed steps taken to perform the patch loading step of Fig. 3;
Fig. 6 is a flowchart illustrating detailed steps taken to perform the firmware execution step of Fig.
4;
Fig. 7 is a block diagram illustrating an embodiment of the present invention comprising a breakpoint handler.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT
Referring now to Fig. 1, a block diagram of an embedded system device 10 according to the present invention is shown. The device comprises a processor 12. The device further comprises ROM 14, patch
RAM 16. application logic 18, external memory interface logic 22, and a patch presence detection means 28 all coupled to the processor 12.
The processor 12 comprises a microprocessor, micro-controller, digital signal processor (DSP), or other type of software instruction processing device. In one embodiment of the present invention the processor 12 is an ADI 2171 DSP core The processor 12 fetches firmware instructions from the ROM 14 and executes the firmware instructions Upon certain conditions, descnbed below, the processor 12 deviates from fetching instructions from the ROM 14 and fetches firmware patch instructions from the patch RAM 16 and executes the firmware patch instructions The ROM 14 compnses read only memory storage elements as are well known in the art of solid state memory circuits The invention, however, is not limited to ROM technology, but rather is intended to comprehend other forms of non-alterable, l e , once-programmable, solid state memory elements Preferably, the ROM 14 compnses read only memory storage which is programmed dunng fabncation of the device 10 That is, the firmware of the device 10 is determined by the fabncation mask of the ROM 14 portion of the device 10 Consequently, changing the firmware (such as for determimng bugs, testing bug fixes, or testing new functionality) is very costly and time consuming since making a firmware change would require fabncating a new version of the device 10
The patch RAM 16 compnses dynamic random access memory (DRAM) or static random access memory (SRAM) storage elements as are well known m the art of solid state memory circuits The patch RAM 16, however, is not limited to RAM technology, but rather is intended to comprehend other forms of alterable solid state memory elements
The application logic 18 compnses circuitry to interface with the application which the device 10 is employed or to perform functions of the application For example, the application logic 18 is a buffer, receiver, transceiver, or register for interfacing with other circuitry such as telephone signals Another example of the application logic compnses circuitry for performing analog to digital conversion
The processor 12 compnses a program counter 24 and a breakpoint register 26 The program counter 24 contains the cunent address of the instruction to be fetched by the processor 12 The program counter 24 is updated by the processor 12 each time an instruction is fetched The breakpoint register 26 contains a breakpoint location, or breakpoint address When the value of the program counter 24 equals the value of the breakpoint register 26 a "patch insertion" occurs, l e , the processor 12 deviates execution from fetching and executing firmware instructions in the ROM 14 to fetching and executing firmware patch instructions in the patch RAM 16 as shown in Fig 2
Fig. 2 illustrates the normal program flow of execution of firmware instructions included within the ROM 14 of the device 10 The firmware instructions are shown included in sequential address locations within the ROM 14 When the program counter 24 (of Fig 1) value equals the breakpoint register 26 value, a patch insertion occurs, I e , the processor 12 (of Fig 1) deviates from normal program flow to the patch start address to execute the patch execution instructions included in the patch RAM 16 as shown
Referring again to Fig 1, the external memory interface logic 22 compnses digital circuitry coupled to an external memory 23 for loading patches from the external memory 23 to the patch RAM 16 The external memory 23 is an EPROM, FLASH ROM, RAM, or any other suitable external storage device
The invention contemplates an embodiment in which the device 10 compnses command interface logic 20 coupled to the processor 12 The command interface logic 20 compnses circuitry for receiving commands and providing status to an external device which communicates with the device 10 via a command interface The invention contemplates an embodiment in which the command interface logic 20 compnses a senal interface such as an RS-232 interface A second embodiment contemplates the command interface logic 20 compnsing a parallel interface such as those commonly found on personal computers, commonlv for communicating with pnnters The command interface logic 20 is used, inter aha, to load patches into the patch RAM 16 and/or control the loading of patches to the patch RAM 16 through another interface such as the external memory interface logic 22
The patch presence detection means 28 is readable by the processor 12 and is used to indicate to the processor 12 whether or not a patch is present Preferably the patch presence detection means 28 is a mode register compnsmg a bit to indicate the presence of a patch Data is forced by an external device (not shown) onto output pins of the device 10 dunng reset of the device 10 to wnte the mode register with a value to selectively indicate the presence or absence of a patch Alternatively, the patch presence detection means 28 is a test mode input pin of the device 10 which is dnven by an external device Alternatively, the patch presence detection means 28 is a mode register included within the command interface logic 20 and is wntten with a value to selectively indicate the presence or absence of a patch
Refernng now to Fig 3, a flowchart illustrating steps taken by the device 10 (of Fig 1) to perform a boot sequence including selectively loading a patch is shown When the processor 12 (of Fig 1) is reset, it initializes its program counter 24 to a predetermined value in step 40 and begins fetching and executing instructions at the address contained m the program counter 24 The initial address, I e , boot address, contained in the program counter 24 is an address in the ROM 14 Preferably, the boot address is near the top or bottom of the processor 12 address space In one embodiment the boot address is address zero A plurality of the instructions fetched from the boot address examine the patch presence detection means 28 in step 42 The processor 12 determines if the device is in a patch mode, I e , that a patch is present, in step 44 based upon the value of the patch presence detection means 28 If a patch is present, the processor 12 loads the patch m step 46 The processor 12 then proceeds to execute the firmware m step 48 More details about how the patch is loaded and the firmware is executed will be given below Refernng now to Fig 4, the layout of one embodiment of a patch 50 is shown A patch compnses a sequential set of data bytes in memory The patch 50 is loaded from the external memory 23 (of Fig 1) into the patch RAM 16 (of Fig 1) at an internal patch address, l e . the address in the patch RAM 16 where the patch 50 is loaded The first portion of the patch 50, I e , the data at the internal patch address, compnses a patch offset 1 from the internal patch address to the patch execution instructions The sum of the internal patch address and the patch offset 51 determines the patch start address, l e , the address of the patch execution instructions, as shown
The next portion of the patch 50 includes the patch size 52 Preferably, the patch size 52 is the number of double words (l e , 32-bit words) compnsing the patch 50
The next portion of the patch 50 includes the breakpoint address 54 of the patch 50. I e . the address to be loaded into the breakpoint register 26 (of Fig 1) The loading of the breakpoint address 54 into the breakpoint register 26 will be descnbed in the discussion of Fig 5
The next portion of the patch 50 includes a set of patch startup instructions 56 The patch startup instructions 56 initialize patch local vanables 58 and perform any other actions which are required on a once only basis The execution of the patch startup instructions 56 will be descnbed in the discussion of Fig 5 The next portion of the patch 50 includes the patch execution instructions 57, the location of which is specified bv the patch offset 51 The patch execution instructions 57 compnse instructions executable by the processor 12 (of Fig 1) to perform the desired functionality of the patch, such as finding firmware enors, prototyping fixes to firmware errors and/or prototyping new functionality of the firmware When the value of the program counter 24 equals the value of the breakpoint register 26, a patch insertion occurs, I e , the processor 12 deviates from fetching and executing instructions in the ROM 14 and begins fetching and executing the patch execution instructions 57 from the patch RAM 16
The next portion of the patch 50 includes the patch local vanables 58 The patch local vanables 58 are vanables used by the patch execution instructions to perform the desired patch functions Refernng now to Fig 5, a flowchart illustrating in more detail steps taken to perform the patch loading step 46 of Fig 3 is shown The processor 12 determines the internal patch address, i.e . the address in the patch RAM 16 at which the patch is to be loaded, in step 60 Preferably, the internal patch address is address fixed at address zero in the patch RAM 16 Alternatively, the internal patch address is specified by an external device m a register within the device 10 Alternatively, the internal patch address is specified in the command interface logic 20 via the command interface
The processor 12 determines the external patch address, I e , the address in the external memory 23 at which the patch is stored, in step 62 Preferably, the external patch address is fixed at an address within the external memory 23 which is a number of bytes from the end of the external memory 23 which is equal to the size of the patch RAM 16 For example, if the external memory 23 is a 64KB EPROM, and the patch RAM 16 is 512 bytes of RAM, the external patch address would be at address 65024 (l e , 65536 - 512)
Alternatively, the external patch address is specified by an external device in a register within the device 10 Alternatively, the external patch address is specified in the command interface logic 20 via the command interface
The processor determines the patch size, I e , the number of bytes of the patch, m step 64 Preferably the patch includes the number of 32-bit words compnsing the patch, as shown in Fig 4 In one embodiment, the patch size is included in the fourth byte of the patch Alternatively, the patch size is specified bv an external device in a register within the device 10 Alternatively, the patch size is specified in the command interface logic 20 via the command interface Alternatively, the patch size is fixed at a predetermined length Alternatively, the processor 12 assumes the patch size is equal to the size of the patch RAM 16
Once the processor 12 has determined the external patch address, the internal patch address, and the patch size, the processor 12 copies patch size words of data from the external patch address of the external memory 23 to the internal patch address of the patch RAM 16 m step 66 As previously stated, in one embodiment, the patch size is specified near the beginning of the patch itself Hence, the processor 12 copies enough of the patch to determine the size of the patch and then copies the remaimng bytes of the patch after determining the size
In one embodiment, a set of patch startup instructions 56 exists in the patch, as shown in Fig 4 After copying the patch to the patch RAM 16, the processor 12 executes the patch startup instructions 56 in step 68 The patch startup instructions 56 initialize the patch local vanables and perform any other actions which are required on a once only basis
The processor 12 then loads the breakpoint register 26 with the breakpoint address, l e , the address at which the processor 12 deviates execution from the firmware instructions included in the ROM 14 to the patch execution instructions included in the patch RAM 16 in step 70 Preferably the breakpoint address 54 is included in the patch as shown in Fig 4 Alternatively, the breakpoint address is specified by an external device in a register within the device 10 Alternatively, the breakpoint address is specified in the command interface logic 20 via the command interface The processor 12 then returns to the boot code to begin executing the firmware Refernng now to Fig 6, a flowchart illustrating in more detail steps taken to perform the firmware execution step 48 of Fig 3 is shown The processor 12 fetches an instruction at the value of the program counter 24 in step 80 The processor 12 next increments the program counter 24 by the size of the instruction fetched in step 82 In one embodiment, the processor 12 instruction size is fixed, hence the program counter 24 is incremented by a fixed amount after each instruction fetch In another embodiment, the processor 12 instruction size is vanable The processor 12 executes the instruction fetched, in step 84 The processor 12 determines if the program counter 24 value is equal to the breakpoint register 26 value in step 86 If the values are not equal, the processor 12 determines if the instruction executed in step 84 is a branch instruction in step 88 If the instruction is a branch instruction, the processor 12 updates the program counter 24 to the address specified by the branch instruction in step 90 If the instruction is not a branch instruction, the processor 12 returns to step 80 to fetch another instruction at the program counter 24 If in step 86 the processor 12 determines that the values of the program counter 24 and the breakpoint register 26 are equal, the processor 12 branches to the patch start address, I e , the address of the patch execution instructions, in step 92, as illustrated in Fig 2 Branching to the patch start address compnses updating the program counter 24 to have a value equal to the patch start address The processor 12 then returns to step 80 to begin fetching instructions at the updated program counter 24, l e . the patch start address
Refernng now to Fig 7, a block diagram illustrating an embodiment of the present invention compnsing a breakpoint handler is shown Preferably, branching to the patch start address, l e , step 92 (of Fig 6), compnses the processor deviating to a breakpoint handler, wherein the breakpoint handler executes a branch instruction to the patch start address The breakpoint handler resides in the ROM 14 as part of the firmware The breakpoint handler entry point resides at a fixed location m the processor 12 address space, l e., in a fixed location m the ROM 14
When a breakpoint condition occurs, I e , when the value of the breakpoint register 26 equals the value of the program counter 24, the processor 12 deviates from normal execution, l e , execution of the cunent instruction, and begins fetching and executing instructions from the breakpoint handler entry point, as shown The breakpoint handler calculates the patch start address by adding the internal patch address to the patch offset 51 (of Fig 4) The breakpoint handler then executes a branch instruction to the patch start address and the processor 12 begins fetching and executing the patch execution instructions 57 (of Fig 4) In one embodiment, the processor 12 compnses a non-maskable interrupt (NMI) An NMI occurs under at least two conditions The first condition is when an NMI input signal to the processor 12 becomes active The second condition is a breakpoint condition, I e , when the value of the breakpoint register 26 equals the value of the program counter 24 The processor 12 receives an NMI whenever either of the two NMI conditions occurs When an NMI condition occurs, the processor 12 branches to an NMI vector, l e , a fixed address in the address space of the processor 12 Preferably, the NMI vector address is the address of the breakpoint handler entry point descnbed supra
The breakpoint handler determines which of the two NMI conditions generated the NMI In one embodiment, the NMI input signal indicates a power down condition In this embodiment, the device 10 compnses a means for determimng if a power down condition is present The breakpoint handler determines if the power down condition is present, by reading the power down condition determimng means If a power down condition is not present, the breakpoint handler assumes that a breakpoint condition has occurred and conespondingly branches to the patch start address as descnbed supra
Alternatively, the step 92 (of Fig 6) of branching to the patch start address compnses the processor 12 (of Fig 1) directly loading the program counter 24 with the value of the patch start address In one embodimenL the processor 12 directly loads the program counter 24 from a patch start address register In this embodiment, the processor 12, dunng the boot sequence, calculates the patch start address bv adding the internal patch address to the patch offset 51 and populating the patch start address register
In another embodiment, the processor 12 directly loads the program counter 24 by calculating the patch start address and loading it into the program counter 24 In this embodiment, the processor 12 calculates the patch start address by adding the internal patch address to the patch offset 51
Alternatively, the step 92 (of Fig 6) of branching to the patch start address compnses a branch instruction to the patch start address being forced into the instruction stream The processor 12 compnses a data bus upon which instructions are fetched from the ROM 14 and patch RAM 16 Forcing the branch instruction into the instruction stream compnses forcing onto the data bus of the processor 12 the branch instruction to the patch start address whenever the processor 12 fetches an instruction from a 'known address" Preferably the "known address" is the address to which the processor deviates upon the occunence of a breakpoint condition Thus, the actual data at the "known address" in ROM 14 or patch RAM 16 is discarded in favor of the sunogate branch instruction to the patch start address The processor 12 executing the branch instruction to the patch start address causes the program counter 24 to get updated with the patch start address and the patch execution instructions 57 to be fetched and executed
In one embodiment, the processor 12 fetches and executes instructions in a pipelined manner, as is well known in the art of processor design In this embodiment, the processor 12 may execute one or more instructions beyond the instruction at which the breakpoint is to occur In such case the patch programmer must be aware of the pipelined charactenstics of the processor 12 and create a patch which takes these charactenstics into consideration Alternate Embodiments
The present invention contemplates an embodiment in which the patch start address is specified in the command interface logic 20 via the command interface, rather than in the patch itself Another embodiment is contemplated in which the internal patch address is specified by an external device in a register within the device 10 Alternatively, the patch start address is fixed I e , hard-coded into the processor 12
The present invention contemplates an embodiment in which the processor 12 compnses a plurality of breakpoint registers Each breakpoint register may be loaded with a different value, thus providing the ability to insert a plurality of patches, I e , each breakpoint register has an associated patch start address If the program counter 24 value equals any of the values in the plurality of breakpoint registers, a patch insertion of the patch corresponding to the breakpoint register whose value equals the value of the program counter 24 occurs The plurality of patch start addresses associated with each of the breakpoint registers are specified by any of the means descnbed supra, I e , within the patch itself, via the command interface logic 20, by a plurality of registers within the device 10, or at a fixed address associated with each breakpoint register
The present invention further contemplates an embodiment in which the patch execution instructions alter the contents of the breakpoint register and patch start address, thereby providing a means to achieve "patch chaimng " To illustrate by way of example, a first patch, patch A, executes and dunng execution alters the patch start address with a new value conespondmg to a patch B and loads the breakpoint register with a new value conesponding to a patch B, thus enabling patch B and disabling itself, I e , disabling patch A Thus, patch B has been "chained" to patch A
Patch B then performs the reverse action, I e , enable patch A and disable patch B The number of patches which may be chained is unrestncted Further, patch chaining may be combined with the embodiment compnsing a plurality of breakpoint registers The present invention contemplates an embodiment in which patches are run-time loaded" in addition to lnit-time loaded That is, patches are loaded dunng real time operation of the device 10, I e , dunng firmware execution (step 48 of Fig 3) m addition to dunng the boot sequence Run-time patch loading provides a mechanism for replacing patches which are cunently executing The present invention contemplates employing run-time patch loading to accomplish patch chaimng as descnbed supra The present invention contemplates an embodiment in which patches are loaded by a DMA operation from the external memory 23 into the patch RAM 16 This embodiment allows real-time execution of the svstem to continue while the patch is being loaded In this embodiment, the breakpoint register 26 and patch start address are loaded via the command interface
In many embedded systems it is desirable to protect the device 10 from being scrutinized bv the end user of the device 10 It is desirable that an unauthonzed person not be able to load a patch It is further desirable that an unauthonzed person not be able to extract the firmware from the device The existence of a mechamsm for loading software patches creates a secunty breach The present invention contemplates an encryption mechanism for increasing the secunty of the embedded system compnsing the device 10 Preferably the patch is encrypted pnor to storage in the external memory and decrypted as the patch is loaded into the device 10 m order to recover the ongmal bit sequence of the patch, 1 e , a bit sequence of instructions executable bv the processor 12
In one embodiment, a "one time pad" encryption mechamsm is employed A one time pad is a stnng of random numbers used to encrypt a message, in particular, a bit sequence of software program instructions Each stnng of random numbers is used only once to encrypt the software, I e , the patch In one embodiment, the random numbers are obtained by sampling lonosphenc scatter
In one embodiment of the one time pad encryption mechamsm, the patch is encrypted b\ multiplying the patch by a polynomial, or encryption key, in the Galois Field (2), I e , GF(2) The patch is decrypted bv dividing the patch by the same polynomial as it is being loaded into the device 10 Galois Fields are u ell known in the art of coding The reader is referred to Introduction to Trellis-Coded
Modulation with Applications, Biglien, et al , Macmillan Publishing Compay, 1991, which is hereby incorporated by reference, for a more detailed descnption of Galois Fields
If an encrypted patch is loaded with an invalid encryption polynomial, the patch, once decrypted, will be a bit sequence which will have an extremely high probability of not being valid processor instructions Preferably when the processor executes invalid instructions with unexpected results Thus, an unauthonzed user is prevented from executing a patch which might allow a means for extracting the firmware of the embedded svstem device or from executing a patch to perform an unauthonzed function
Preferably the processor 12 performs the decryption The present invention also contemplates the device 10 compnsing dedicated logic to perform the decryption The present invention is not intended to be limited to GF polynomial encryption techniques, but rather is intended to encompass any suitable encryption technique
Although the system and method of the present invention has been descnbed in connection with the prefened embodiment, it is not intended to be limited to the specific form set forth herein, but on the contrary, it is intended to cover such alternatives, modifications, and equivalents, as can be reasonably included the spint and scope of the invention as defined by the appended claims

Claims

WHAT IS CLAIMED:
1 A software-patchable embedded system device , compnsing
a processor including a breakpoint register and a program counter, each adapted for stonng a value.
a non-alterable memory coupled to said processor, wherein said non-alterable memory includes instructions executable by said processor, and
an alterable memory coupled to said processor configured to store a patch, wherein said patch compnses patch instructions executable by said processor,
wherein said processor is configured to deviate from executing said instructions included in said non-alterable memory to execute said patch instructions stored m said alterable memory when said program counter value equals said breakpoint register value
2 The device as recited in claim 1, wherein said device compnses a single integrated circuit
3 The device as recited in claim 1, wherein said device is configured to load said patch into said alterable memory from a memory external to said device
4 The device as recited in claim 1, wherein said device further compnses
patch presence detection means for indicating a presence of a patch in an external memory,
wherein said device is coupled to said patch presence detection means and is configured to load said patch into said alterable memory if said patch presence detection means indicates the presence of said patch
5 The device as recited m claim 1 , wherein said patch further compnses a patch offset indicating the location of said patch instructions
6 The device as recited in claim 1, wherein said patch further compnses a patch size indicating the size of said patch
7 The device as recited m claim 1, wherein said patch further compnses a breakpoint address for loading into said breakpoint register, wherein said processor deviates from executing said instructions included in said non-alterable memory to execute said patch instructions stored in said alterable memory when said program counter value equals said breakpoint register value loaded into said breakpoint register
8 The device as recited in claim 1. wherein said patch further compnses vanables used in operation of said patch instructions
9 The device as recited in claim 1, wherein said patch further compnses startup instructions, wherein said processor is configured to execute a plurality of said startup instructions after loading said patch and pnor to executing said patch instructions
10 The device as recited m claim 1, wherein said non-alterable memory includes breakpoint handler instructions, wherein said processor is configured to deviate from executing said instructions included in said non-alterable memory to execute said breakpoint handler instructions when said program counter value equals said breakpoint register value, wherein said breakpoint handler instructions branch to said patch instructions
11 The device as recited m claim 1, wherein said device compnses a plurality of breakpoint registers each containing a value, wherein said alterable memory is configured to store a plurality of patches each compnsing patch instructions, wherein said plurality of patches conespond to said plurality of breakpoint registers, wherein said processor is configured to deviate from executing said instructions included in said non-alterable memory to execute said patch instructions of one of said plurality of patches stored in said alterable memory when said program counter value equals a conesponding one of said breakpoint register values
12 The device as recited in claim 1, wherein said device further compnses
means for receiving a direct memory access transfer of said patch into said alterable memory
13 The device as recited in claim 1, wherein said processor compnses an interrupt signal generated when said program counter value equals said breakpoint register value, wherein said deviation occurs in response to said interrupt signal
14 The device as recited in claim 1, wherein said patch is encrypted pnor to being loaded into said alterable memory, wherein said device is configured to decrypt said patch when loading said patch into said alterable memory
15 The device as recited in claim 1, wherein said device further compnses command interface logic operably coupled to said processor to control loading said patch into said alterable memory
16 The device as recited in claim 15, wherein said breakpoint register value is loaded into said breakpoint register using said command interface logic
17 A software-patchable embedded system, compnsing
an embedded system device compnsing
a processor including a breakpoint register and a program counter, each containing a value,
a non-alterable memory coupled to said processor, wherein said non-alterable memory includes instructions executable by said processor, and
an alterable memory coupled to said processor configured to store a patch, wherein said patch compnses patch instructions executable by said processor, and
an external memory operably coupled to said device including said patch,
wherein said processor is configured to load said patch from said external memory to said alterable memory and to execute said patch
18. The system as recited in claim 17, wherein said patch further compnses a patch offset indicating the location of said patch instructions
19 The system as recited in claim 17, wherein said patch further compnses a patch size indicating the size of said patch
20 The system as recited in claim 17, wherein said patch further compnses a breakpoint address for loading into said breakpoint register, wherein said processor deviates from executing said instructions included in said non-alterable memory to execute said patch instructions stored in said alterable memory when said program counter value equals said breakpoint register value loaded into said breakpoint register
21 The system as recited in claim 17, wherein said patch further compnses vanables used in operation of said patch instructions
22 The system as recited m claim 17, wherein said patch further compnses startup instructions. wherein said processor is configured to execute a plurality of said startup instructions after loading said patch and pnor to executing said patch instructions 23 A method for executing a patch in an embedded svstem device compnsing a processor including a breakpoint register and a program counter, each contaimng a value, a non-alterable memory coupled to said processor, wherein said non-alterable memory includes instructions executable by said processor, and an alterable memory coupled to said processor configured to store a patch, wherein a portion of said patch compnses patch instructions executable bv said processor, the method compnsing
initializing said program counter to a value,
loading said breakpoint register with a breakpoint address,
fetching an instruction from said non-alterable memory at an address equal to said program counter value,
incrementing said program counter in response to said fetching,
executing said instruction,
performing said fetching, said incrementing and said executing until said program counter value equals said breakpoint register value,
deviating from said fetching, said incrementing and said executing when said program counter value equals said breakpoint address,
executing a plurality of patch instructions of a patch included in said alterable memory m response to said deviating
24 The method as recited in claim 23, further compnsing
determining a presence of said patch after said initializing said program counter value and before said loading said breakpoint register,
loading said patch into said alterable memory before said loading said breakpoint register if said patch is present
25 The method as recited in claim 24, wherein said loading said patch compnses copying said patch from an external memory coupled to said device into said alterable memory 26 The device as recited in claim 25, wherein said copying compnses said processor performing said copying
27 The device as recited in claim 25. wherein said copying compnses a direct memory access transfer
28 The method as recited in claim 24, further compnsing
encrypting said patch pnor to said initializing said program counter to a value, and
decrypting said encrypted patch dunng said loading said patch
29 The method as recited m claim 23, wherein said patch compnses startup instructions, wherein the method further compnses executing said startup instructions pnor to said loading said breakpoint register
30 The method as recited in claim 23, wherein said patch compnses said breakpoint address, wherein said loading said breakpoint register with said breakpoint address compnses loading said breakpoint address from said patch into said breakpoint register
31 The method as recited in claim 23, wherein said non-alterable memory further includes breakpoint handler instructions, the method further compnsing
executing said breakpoint handler instructions after said deviating, and
said breakpoint handler instructions branching to said patch instructions
32 The method as recited in claim 23, wherein said deviating compnses loading said program counter with the address of said patch instructions
33 The method as recited in claim 23, wherein said deviating compnses forcing a branch instruction to said patch instructions when performing said fetching an instruction from said non-alterable memory when said fetching address is a predetermined address
34 The method as recited in claim 23, wherein a single integrated circuit compnses said device
35 A method for executing a senes of patches in an embedded system device compnsing a processor including a breakpoint register and a program counter, each containing a value, a non-alterable memory coupled to said processor, wherein said non-alterable memory includes firmware instructions executable by said processor, and an alterable memory coupled to said processor configured to store said senes of patches. wherein a portion of each of said series of patches compnses patch instructions executable by said processor, the method compnsing
executing said firmware instructions,
loading a first of said senes of patches into said alterable memory,
loading said break point register with a first breakpoint address after said loading said first of said senes of patches,
deviating from said executing said firmware instruction when said program counter value equals said first breakpoint address,
executing said first of said senes of patches in response to said deviating from said executing said firmware instructions,
loading a second of said senes of patches into said alterable memory,
loading said breakpoint register with a second breakpoint address after said loading said second of said senes of patches,
deviating from said executing said first of said senes of patches when said program counter value equals said second breakpoint address,
executing said second of said senes of patches in response to said deviating from said executing said first of said senes of patches
36 A method for executing a senes of patches in an embedded system device compnsing a processor including a breakpoint register and a program counter, each contaimng a value, a non-alterable memory coupled to said processor, wherein said non-alterable memory includes firmware instructions executable by said processor, and an alterable memory coupled to said processor configured to store said senes of patches, wherein a portion of each of said senes of patches compnses patch instructions executable by said processor, the method compnsing
loading a first of said senes of patches into said alterable memory,
loading a second of said senes of patches into said alterable memory, loading said breakpoint register with a first breakpoint address after said loading said first and second of said senes of patches,
executing said firmware instructions
deviating from said executing said firmware instruction when said program counter value equals said first breakpoint address,
executing said first of said senes of patches in response to said deviating from said executing said firmware instructions,
loading said breakpoint register with a second breakpoint address after said loading said second of said senes of patches,
deviating from said executing said first of said senes of patches when said program counter value equals said second breakpoint address,
executing said second of said senes of patches in response to said deviating from said executing said first of said senes of patches
37 A method for replacing a patch in an embedded system device compnsing a processor including a breakpoint register and a program counter, each containing a value, a non-alterable memory coupled to said processor wherein said non-alterable memory includes firmware instructions executable by said processor, and an alterable memory coupled to said processor configured to store said senes of patches wherein a portion of each of said senes of patches compnses patch instructions executable bv said processor, the method compnsing
loading a first patch into said alterable memory,
loading said breakpoint register with a first breakpoint address after said loading said first patch,
executing said firmware instructions,
deviating from said executing said firmware instruction when said program counter value equals said first breakpoint address,
executing said first patch in response to said deviating from said executing said firmware instructions loading a second patch into said alterable memory,
loading said breakpoint register with a second breakpoint address after said loading said second patch,
deviating from said executing said first patch when said program counter value equals said second breakpoint address,
executing said second patch in response to said deviating from said executing said first patch
PCT/US1997/023143 1996-12-05 1997-12-04 System and method for performing software patches in embedded systems WO1998025205A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US08/759,611 US5901225A (en) 1996-12-05 1996-12-05 System and method for performing software patches in embedded systems
US08/759,611 1996-12-05

Publications (1)

Publication Number Publication Date
WO1998025205A1 true WO1998025205A1 (en) 1998-06-11

Family

ID=25056312

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US1997/023143 WO1998025205A1 (en) 1996-12-05 1997-12-04 System and method for performing software patches in embedded systems

Country Status (2)

Country Link
US (1) US5901225A (en)
WO (1) WO1998025205A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102007016170A1 (en) * 2007-04-02 2008-10-09 Francotyp-Postalia Gmbh Security module for a franking machine
EP2019356A1 (en) * 2007-07-24 2009-01-28 VIA Technologies, Inc. On-chip memory providing for microcode patch overlay and constant update functions

Families Citing this family (144)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6158018A (en) * 1997-11-25 2000-12-05 Philips Semiconductor, Inc. Integrated circuit including patching circuitry to bypass portions of an internally flawed read only memory and a method therefore
JPH11184724A (en) * 1997-12-18 1999-07-09 Matsushita Electric Ind Co Ltd In-circuit emulator and semiconductor integrated circuit
US6141756A (en) * 1998-04-27 2000-10-31 Motorola, Inc. Apparatus and method of reading a program into a processor
US6351822B1 (en) * 1999-03-05 2002-02-26 Seagate Technology Llc Method and apparatus for remapping read only memory locations
AU7495300A (en) * 1999-09-14 2001-04-17 Qualcomm Incorporated Method and apparatus for modifying microinstructions in a static memory device
US6438664B1 (en) * 1999-10-27 2002-08-20 Advanced Micro Devices, Inc. Microcode patch device and method for patching microcode using match registers and patch routines
DE19964003A1 (en) * 1999-12-30 2001-07-12 Micronas Gmbh Circuit arrangement and method for generating and reading out replacement data
US7082615B1 (en) 2000-03-31 2006-07-25 Intel Corporation Protecting software environment in isolated execution
US6996710B1 (en) 2000-03-31 2006-02-07 Intel Corporation Platform and method for issuing and certifying a hardware-protected attestation key
US7194634B2 (en) * 2000-03-31 2007-03-20 Intel Corporation Attestation key memory device and bus
US6754815B1 (en) 2000-03-31 2004-06-22 Intel Corporation Method and system for scrubbing an isolated area of memory after reset of a processor operating in isolated execution mode if a cleanup flag is set
US7073071B1 (en) 2000-03-31 2006-07-04 Intel Corporation Platform and method for generating and utilizing a protected audit log
US6760441B1 (en) 2000-03-31 2004-07-06 Intel Corporation Generating a key hieararchy for use in an isolated execution environment
US6934817B2 (en) * 2000-03-31 2005-08-23 Intel Corporation Controlling access to multiple memory zones in an isolated execution environment
US7013484B1 (en) 2000-03-31 2006-03-14 Intel Corporation Managing a secure environment using a chipset in isolated execution mode
US6769058B1 (en) 2000-03-31 2004-07-27 Intel Corporation Resetting a processor in an isolated execution environment
US7356817B1 (en) 2000-03-31 2008-04-08 Intel Corporation Real-time scheduling of virtual machines
US7013481B1 (en) 2000-03-31 2006-03-14 Intel Corporation Attestation key memory device and bus
US6990579B1 (en) 2000-03-31 2006-01-24 Intel Corporation Platform and method for remote attestation of a platform
US6957332B1 (en) 2000-03-31 2005-10-18 Intel Corporation Managing a secure platform using a hierarchical executive architecture in isolated execution mode
GB0009941D0 (en) 2000-04-20 2000-06-07 Sgs Thomson Microelectronics Computer system
GB0009943D0 (en) 2000-04-20 2000-06-07 Sgs Thomson Microelectronics Operating a computer system
GB0009945D0 (en) * 2000-04-20 2000-06-07 Sgs Thomson Microelectronics Debugging device nad method
GB0009940D0 (en) * 2000-04-20 2000-06-07 Sgs Thomson Microelectronics Debugging embedded system
US6948095B2 (en) 2000-04-20 2005-09-20 Stmicroelectronics Limited Methods and apparatus for dynamically loading a file on a target computer system
GB0009939D0 (en) 2000-04-20 2000-06-07 Sgs Thomson Microelectronics Input/output in embedded systems
US6976162B1 (en) * 2000-06-28 2005-12-13 Intel Corporation Platform and method for establishing provable identities while maintaining privacy
US7389427B1 (en) 2000-09-28 2008-06-17 Intel Corporation Mechanism to secure computer output from software attack using isolated execution
US6463549B1 (en) * 2000-09-28 2002-10-08 Motorola, Inc. Device and method for patching code residing on a read only memory module utilizing a random access memory for storing a set of fields, each field indicating validity of content of a group, and for receiving an address of a memory portion of the read only memory
US7793111B1 (en) * 2000-09-28 2010-09-07 Intel Corporation Mechanism to handle events in a machine with isolated execution
US7194502B1 (en) 2000-11-15 2007-03-20 National Semiconductor Corporation Network interface card using physical layer microcontroller and method of operation
US7055148B2 (en) * 2000-12-07 2006-05-30 Hewlett-Packard Development Company, L.P. System and method for updating firmware
US7215781B2 (en) 2000-12-22 2007-05-08 Intel Corporation Creation and distribution of a secret value between two devices
US6970565B1 (en) * 2000-12-22 2005-11-29 Xm Satellite Radio Inc. Apparatus for and method of securely downloading and installing a program patch in a processing device
US7818808B1 (en) 2000-12-27 2010-10-19 Intel Corporation Processor mode for limiting the operation of guest software running on a virtual machine supported by a virtual machine monitor
US7035963B2 (en) * 2000-12-27 2006-04-25 Intel Corporation Method for resolving address space conflicts between a virtual machine monitor and a guest operating system
US7225441B2 (en) * 2000-12-27 2007-05-29 Intel Corporation Mechanism for providing power management through virtualization
US6907600B2 (en) 2000-12-27 2005-06-14 Intel Corporation Virtual translation lookaside buffer
US6865667B2 (en) * 2001-03-05 2005-03-08 Freescale Semiconductors, Inc. Data processing system having redirecting circuitry and method therefor
US7272831B2 (en) 2001-03-30 2007-09-18 Intel Corporation Method and apparatus for constructing host processor soft devices independent of the host processor operating system
US7096497B2 (en) 2001-03-30 2006-08-22 Intel Corporation File checking using remote signing authority via a network
US6754895B1 (en) * 2001-04-26 2004-06-22 Palm Source, Inc. Method and system for automatic firmware updates in a portable hand-held device
US7143407B2 (en) * 2001-07-26 2006-11-28 Kyocera Wireless Corp. System and method for executing wireless communications device dynamic instruction sets
US7191440B2 (en) 2001-08-15 2007-03-13 Intel Corporation Tracking operating system process and thread execution and virtual machine execution in hardware or in a virtual machine monitor
US7024555B2 (en) 2001-11-01 2006-04-04 Intel Corporation Apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment
US7103771B2 (en) * 2001-12-17 2006-09-05 Intel Corporation Connecting a virtual token to a physical token
US20030126454A1 (en) * 2001-12-28 2003-07-03 Glew Andrew F. Authenticated code method and apparatus
US7308576B2 (en) 2001-12-31 2007-12-11 Intel Corporation Authenticated code module
GB2384582A (en) * 2002-01-28 2003-07-30 Ericsson Telefon Ab L M Software correction
US7480806B2 (en) 2002-02-22 2009-01-20 Intel Corporation Multi-token seal and unseal
US7124273B2 (en) * 2002-02-25 2006-10-17 Intel Corporation Method and apparatus for translating guest physical addresses in a virtual machine environment
US7631196B2 (en) * 2002-02-25 2009-12-08 Intel Corporation Method and apparatus for loading a trustable operating system
US7028149B2 (en) 2002-03-29 2006-04-11 Intel Corporation System and method for resetting a platform configuration register
US7069442B2 (en) 2002-03-29 2006-06-27 Intel Corporation System and method for execution of a secured environment initialization instruction
US20030191943A1 (en) * 2002-04-05 2003-10-09 Poisner David I. Methods and arrangements to register code
US20030196096A1 (en) * 2002-04-12 2003-10-16 Sutton James A. Microcode patch authentication
US7058807B2 (en) * 2002-04-15 2006-06-06 Intel Corporation Validation of inclusion of a platform within a data center
US7076669B2 (en) * 2002-04-15 2006-07-11 Intel Corporation Method and apparatus for communicating securely with a token
US7127548B2 (en) 2002-04-16 2006-10-24 Intel Corporation Control register access virtualization performance improvement in the virtual-machine architecture
US7139890B2 (en) 2002-04-30 2006-11-21 Intel Corporation Methods and arrangements to interface memory
US7290081B2 (en) * 2002-05-14 2007-10-30 Stmicroelectronics, Inc. Apparatus and method for implementing a ROM patch using a lockable cache
US6820177B2 (en) 2002-06-12 2004-11-16 Intel Corporation Protected configuration space in a protected environment
US7142674B2 (en) * 2002-06-18 2006-11-28 Intel Corporation Method of confirming a secure key exchange
US7392415B2 (en) * 2002-06-26 2008-06-24 Intel Corporation Sleep protection
US6996748B2 (en) 2002-06-29 2006-02-07 Intel Corporation Handling faults associated with operation of guest software in the virtual-machine architecture
US7124327B2 (en) 2002-06-29 2006-10-17 Intel Corporation Control over faults occurring during the operation of guest software in the virtual-machine architecture
US7296267B2 (en) 2002-07-12 2007-11-13 Intel Corporation System and method for binding virtual machines to hardware contexts
US7028174B1 (en) * 2002-09-30 2006-04-11 Western Digital Technologies, Inc. Disk drive employing a non-volatile serial semiconductor memory for storing a control program for a microprocessor
US7165181B2 (en) * 2002-11-27 2007-01-16 Intel Corporation System and method for establishing trust without revealing identity
US7440571B2 (en) * 2002-12-03 2008-10-21 Nagravision S.A. Method for securing software updates
US20040117532A1 (en) * 2002-12-11 2004-06-17 Bennett Steven M. Mechanism for controlling external interrupts in a virtual machine system
US7318235B2 (en) 2002-12-16 2008-01-08 Intel Corporation Attestation using both fixed token and portable token
DE10260103A1 (en) * 2002-12-19 2004-07-01 Robert Bosch Gmbh Method and device for changing software in a control unit and corresponding control unit
US7900017B2 (en) 2002-12-27 2011-03-01 Intel Corporation Mechanism for remapping post virtual machine memory pages
US20040128345A1 (en) * 2002-12-27 2004-07-01 Robinson Scott H. Dynamic service registry
US20040128465A1 (en) * 2002-12-30 2004-07-01 Lee Micheil J. Configurable memory bus width
US7076802B2 (en) * 2002-12-31 2006-07-11 Intel Corporation Trusted system clock
US8225293B2 (en) * 2003-02-13 2012-07-17 Accurate Technologies Inc. Method for supporting calibration parameters in an ECU
US20040163078A1 (en) * 2003-02-13 2004-08-19 Correa Colt R. Method for rapidly prototyping, testing and verifying application software
US7650596B2 (en) 2003-02-13 2010-01-19 Accurate Technologies Inc. Method for ECU calibration and diagnostics development
US7415708B2 (en) * 2003-06-26 2008-08-19 Intel Corporation Virtual machine management using processor state information
US20050038832A1 (en) * 2003-08-14 2005-02-17 International Business Machines Corporation Application error recovery using solution database
US20050044292A1 (en) * 2003-08-19 2005-02-24 Mckeen Francis X. Method and apparatus to retain system control when a buffer overflow attack occurs
US7287197B2 (en) * 2003-09-15 2007-10-23 Intel Corporation Vectoring an interrupt or exception upon resuming operation of a virtual machine
US7739521B2 (en) * 2003-09-18 2010-06-15 Intel Corporation Method of obscuring cryptographic computations
US7296189B2 (en) * 2003-09-19 2007-11-13 International Business Machines Corporation Method, apparatus and computer program product for implementing autonomic testing and verification of software fix programs
US7610611B2 (en) * 2003-09-19 2009-10-27 Moran Douglas R Prioritized address decoder
JP4837247B2 (en) * 2003-09-24 2011-12-14 パナソニック株式会社 Processor
US7177967B2 (en) * 2003-09-30 2007-02-13 Intel Corporation Chipset support for managing hardware interrupts in a virtual machine system
US20050080934A1 (en) 2003-09-30 2005-04-14 Cota-Robles Erik C. Invalidating translation lookaside buffer entries in a virtual machine (VM) system
TW200513850A (en) * 2003-10-13 2005-04-16 Design Technology Inc G Patch and expansion method of memory program for digital signal processor
US7636844B2 (en) * 2003-11-17 2009-12-22 Intel Corporation Method and system to provide a trusted channel within a computer system for a SIM device
US20050108534A1 (en) * 2003-11-19 2005-05-19 Bajikar Sundeep M. Providing services to an open platform implementing subscriber identity module (SIM) capabilities
US20050108171A1 (en) * 2003-11-19 2005-05-19 Bajikar Sundeep M. Method and apparatus for implementing subscriber identity module (SIM) capabilities in an open platform
US8156343B2 (en) 2003-11-26 2012-04-10 Intel Corporation Accessing private data about the state of a data processing machine from storage that is publicly accessible
US7383540B2 (en) * 2003-12-12 2008-06-03 International Business Machines Corporation Altering execution flow of a computer program
US8037314B2 (en) 2003-12-22 2011-10-11 Intel Corporation Replacing blinded authentication authority
US20050152539A1 (en) * 2004-01-12 2005-07-14 Brickell Ernie F. Method of protecting cryptographic operations from side channel attacks
TWI237786B (en) * 2004-02-11 2005-08-11 Benq Corp Program correction method, storage medium and program-driven electronic device using the same
US7802085B2 (en) 2004-02-18 2010-09-21 Intel Corporation Apparatus and method for distributing private keys to an entity with minimal secret, unique information
US7312396B1 (en) * 2004-03-13 2007-12-25 Protectconnect, Inc. Universal electrical wiring component
US20050216920A1 (en) * 2004-03-24 2005-09-29 Vijay Tewari Use of a virtual machine to emulate a hardware device
US7356735B2 (en) * 2004-03-30 2008-04-08 Intel Corporation Providing support for single stepping a virtual machine in a virtual machine environment
US7620949B2 (en) * 2004-03-31 2009-11-17 Intel Corporation Method and apparatus for facilitating recognition of an open event window during operation of guest software in a virtual machine environment
US8239673B2 (en) * 2004-04-08 2012-08-07 Texas Instruments Incorporated Methods, apparatus and systems with loadable kernel architecture for processors
US20050288056A1 (en) * 2004-06-29 2005-12-29 Bajikar Sundeep M System including a wireless wide area network (WWAN) module with an external identity module reader and approach for certifying the WWAN module
US7305592B2 (en) * 2004-06-30 2007-12-04 Intel Corporation Support for nested fault in a virtual machine environment
US20060048226A1 (en) * 2004-08-31 2006-03-02 Rits Maarten E Dynamic security policy enforcement
US7840962B2 (en) * 2004-09-30 2010-11-23 Intel Corporation System and method for controlling switching between VMM and VM using enabling value of VMM timer indicator and VMM timer value having a specified time
US8146078B2 (en) 2004-10-29 2012-03-27 Intel Corporation Timer offsetting mechanism in a virtual machine environment
TWI263940B (en) * 2004-11-23 2006-10-11 Ene Technology Inc Memory device firmware patch method
US8924728B2 (en) 2004-11-30 2014-12-30 Intel Corporation Apparatus and method for establishing a secure session with a device without exposing privacy-sensitive information
US8533777B2 (en) 2004-12-29 2013-09-10 Intel Corporation Mechanism to determine trust of out-of-band management agents
US7395405B2 (en) * 2005-01-28 2008-07-01 Intel Corporation Method and apparatus for supporting address translation in a virtual machine environment
US20070006166A1 (en) * 2005-06-20 2007-01-04 Seagate Technology Llc Code coverage for an embedded processor system
US8028154B2 (en) * 2005-07-29 2011-09-27 Broadcom Corporation Method and system for reducing instruction storage space for a processor integrated in a network adapter chip
US7523299B2 (en) * 2005-07-29 2009-04-21 Broadcom Corporation Method and system for modifying operation of ROM based boot code of a network adapter chip
US7809957B2 (en) 2005-09-29 2010-10-05 Intel Corporation Trusted platform module for generating sealed data
US20070083713A1 (en) * 2005-10-11 2007-04-12 Antonio Torrini System on a chip integrated circuit, processing system and methods for use therewith
US20070113064A1 (en) * 2005-11-17 2007-05-17 Longyin Wei Method and system for secure code patching
US8014530B2 (en) 2006-03-22 2011-09-06 Intel Corporation Method and apparatus for authenticated, recoverable key distribution with no database secrets
US8423832B2 (en) * 2006-11-07 2013-04-16 Hewlett-Packard Development Company, L.P. System and method for preventing processor errors
US20080155172A1 (en) * 2006-12-22 2008-06-26 Mediatek Inc. Microcode patching system and method
US9348730B2 (en) * 2007-01-31 2016-05-24 Standard Microsystems Corporation Firmware ROM patch method
US20090013124A1 (en) * 2007-07-03 2009-01-08 Dsp Group Limited Rom code patch method
US20090031109A1 (en) * 2007-07-24 2009-01-29 Via Technologies Apparatus and method for fast microcode patch from memory
US20090031103A1 (en) * 2007-07-24 2009-01-29 Via Technologies Mechanism for implementing a microcode patch during fabrication
US20090031121A1 (en) * 2007-07-24 2009-01-29 Via Technologies Apparatus and method for real-time microcode patch
US20090031090A1 (en) * 2007-07-24 2009-01-29 Via Technologies Apparatus and method for fast one-to-many microcode patch
US20090031110A1 (en) * 2007-07-24 2009-01-29 Via Technologies Microcode patch expansion mechanism
US20090031108A1 (en) * 2007-07-24 2009-01-29 Via Technologies Configurable fuse mechanism for implementing microcode patches
US7861119B1 (en) 2007-12-07 2010-12-28 American Megatrends, Inc. Updating a firmware image using a firmware debugger application
US9348597B2 (en) * 2008-06-30 2016-05-24 Infineon Technologies Ag Device and method for bypassing a first program code portion with a replacement program code portion
US8156486B2 (en) * 2008-10-29 2012-04-10 Mediatek Inc. Patching devices and methods thereof for patching firmware functions
US8468516B1 (en) * 2008-12-19 2013-06-18 Juniper Networks, Inc. Creating hot patches for embedded systems
US8438558B1 (en) 2009-03-27 2013-05-07 Google Inc. System and method of updating programs and data
US8806446B2 (en) * 2010-03-22 2014-08-12 Analog Devices, Inc. Methods and apparatus for debugging programs in shared memory
EP2378417A1 (en) * 2010-04-16 2011-10-19 Accenture Global Services Limited Extending the functionality of an embedded system
US9552201B2 (en) * 2011-08-31 2017-01-24 Avaya Inc. System and method for incremental software installation
EP2959378A1 (en) * 2013-02-22 2015-12-30 Marvell World Trade Ltd. Patching boot code of read-only memory
FR3012655B1 (en) 2013-10-25 2015-12-25 Proton World Int Nv FLASH MEMORY COUNTER
US9690571B2 (en) 2013-12-31 2017-06-27 Nxp Usa, Inc. System and method for low cost patching of high voltage operation memory space
US10042625B2 (en) 2015-03-04 2018-08-07 International Business Machines Corporation Software patch management incorporating sentiment analysis
US9678682B2 (en) * 2015-10-13 2017-06-13 International Business Machines Corporation Backup storage of vital debug information

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4028684A (en) * 1975-10-16 1977-06-07 Bell Telephone Laboratories, Incorporated Memory patching circuit with repatching capability
GB2227584A (en) * 1989-01-28 1990-08-01 Int Computers Ltd Computer control data modification system
JPH04312126A (en) * 1991-04-11 1992-11-04 Nec Corp Data processing system
US5357627A (en) * 1989-03-28 1994-10-18 Olympus Optical Co., Ltd. Microcomputer having a program correction function
EP0640916A2 (en) * 1993-08-31 1995-03-01 Nec Corporation Microcomputer
US5454100A (en) * 1992-09-18 1995-09-26 Sony Corporation Electronic apparatus

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4319079A (en) * 1979-09-13 1982-03-09 Best Robert M Crypto microprocessor using block cipher
JPH0235524A (en) * 1988-03-14 1990-02-06 Advanced Micro Devicds Inc Bus convertible programmable sequencer
US5740413A (en) * 1995-06-19 1998-04-14 Intel Corporation Method and apparatus for providing address breakpoints, branch breakpoints, and single stepping
US5764884A (en) * 1996-10-31 1998-06-09 International Business Machines Corp. Method and apparatus for improved instruction counting schemes

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4028684A (en) * 1975-10-16 1977-06-07 Bell Telephone Laboratories, Incorporated Memory patching circuit with repatching capability
GB2227584A (en) * 1989-01-28 1990-08-01 Int Computers Ltd Computer control data modification system
US5357627A (en) * 1989-03-28 1994-10-18 Olympus Optical Co., Ltd. Microcomputer having a program correction function
JPH04312126A (en) * 1991-04-11 1992-11-04 Nec Corp Data processing system
US5454100A (en) * 1992-09-18 1995-09-26 Sony Corporation Electronic apparatus
EP0640916A2 (en) * 1993-08-31 1995-03-01 Nec Corporation Microcomputer

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
PATENT ABSTRACTS OF JAPAN vol. 017, no. 138 (P - 1505) 22 March 1993 (1993-03-22) *
WILKINSON M A: "BREAKPOINTS IN MASKED MICROCONTROLLERS TO FIC LATENT SOFTWARE DEFECTS", MOTOROLA TECHNICAL DEVELOPMENTS, vol. 26, 1 November 1995 (1995-11-01), pages 2/3, XP000552115 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102007016170A1 (en) * 2007-04-02 2008-10-09 Francotyp-Postalia Gmbh Security module for a franking machine
EP2019356A1 (en) * 2007-07-24 2009-01-28 VIA Technologies, Inc. On-chip memory providing for microcode patch overlay and constant update functions

Also Published As

Publication number Publication date
US5901225A (en) 1999-05-04

Similar Documents

Publication Publication Date Title
US5901225A (en) System and method for performing software patches in embedded systems
EP0092646B1 (en) Method and apparatus of program patching in a data processing system
US6477702B1 (en) Bytecode program interpreter apparatus and method with pre-verification of data type restrictions and object initialization
US5958037A (en) Apparatus and method for identifying the features and the origin of a computer microprocessor
US5671352A (en) Error injection to a behavioral model
US5920721A (en) Compiler generating functionally-alike code sequences in an executable program intended for execution in different run-time environments
US6820192B2 (en) Central processing unit for easily testing and debugging programs
US4635193A (en) Data processor having selective breakpoint capability with minimal overhead
US7373446B2 (en) Method and system for dynamically patching an operating system's interrupt mechanism
US7120572B1 (en) Memory efficient program pre-execution verifier and method
Shelton et al. Robustness testing of the Microsoft Win32 API
Koppe et al. Reverse engineering x86 processor microcode
Ghosh et al. An approach to testing COTS software for robustness to operating system exceptions and errors
Padaryan et al. Automated exploit generation for stack buffer overflow vulnerabilities
Silva et al. Experimental assessment of parallel systems
US5894549A (en) System and method for fault detection in microcontroller program memory
Spensky et al. Glitching demystified: analyzing control-flow-based glitching attacks and defenses
Dresel et al. Artist: the android runtime instrumentation toolkit
Rimén et al. A study of the error behavior of a 32-bit RISC subjected to simulated transient fault injection
US5787241A (en) Method and apparatus for locating exception correction routines
Becker et al. Binary mutation testing through dynamic translation
Alshaer et al. Variable-length instruction set: Feature or bug?
US6772372B2 (en) System and method for monitoring unaligned memory accesses
Desfossez et al. Stealth malware analysis from kernel space with Kolumbo
JPH0550016B2 (en)

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): JP KR

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH DE DK ES FI FR GB GR IE IT LU MC NL PT SE

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase