WO2000010074A1 - Microcontroller having allocation circuitry to selectively allocate and/or hide portions of a program memory address space - Google Patents

Microcontroller having allocation circuitry to selectively allocate and/or hide portions of a program memory address space Download PDF

Info

Publication number
WO2000010074A1
WO2000010074A1 PCT/US1999/018443 US9918443W WO0010074A1 WO 2000010074 A1 WO2000010074 A1 WO 2000010074A1 US 9918443 W US9918443 W US 9918443W WO 0010074 A1 WO0010074 A1 WO 0010074A1
Authority
WO
WIPO (PCT)
Prior art keywords
program memory
mode
memory space
program
block
Prior art date
Application number
PCT/US1999/018443
Other languages
French (fr)
Inventor
Eugene Feng
Gary Phillips
Original Assignee
Silicon Storage Technology, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US09/134,242 external-priority patent/US6339815B1/en
Priority claimed from US09/135,410 external-priority patent/US6505279B1/en
Application filed by Silicon Storage Technology, Inc. filed Critical Silicon Storage Technology, Inc.
Priority to EP99942170A priority Critical patent/EP1031072A1/en
Publication of WO2000010074A1 publication Critical patent/WO2000010074A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/38Concurrent instruction execution, e.g. pipeline, look ahead
    • G06F9/3802Instruction prefetching
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/38Concurrent instruction execution, e.g. pipeline, look ahead
    • G06F9/3802Instruction prefetching
    • G06F9/3814Implementation provisions of instruction buffers, e.g. prefetch buffer; banks

Definitions

  • the present invention relates to microcontroller systems having flash memory in a program memory address space and, in particular, to a microcontroller system that selectively allocates portions of the program memory space to either internal or external memories, or a combination thereof, for reasons of security of the internal memory contents.
  • the present invention also relates to such microcontroller systems having security circuitry such that a program executing from one portion of the flash memory of the microcontroller can securely program or reprogram another portion of the flash memory.
  • Microcontroller systems including memory are known in the art. With a conventional microcontroller system, blocks of the memory may be locked such that a locked block cannot be interrogated. This locking thus secures program code contained in the locked blocks from unauthorized access by f ⁇ rmware piraters and from accidental erasing and programming.
  • a microcontroller system is desirable for a microcontroller system to be configurable such that blocks of memory can be locked from unauthorized interrogation or code corruption, but can also be reprogrammed and/or accessed under a predetermined secure environment.
  • a microcontroller system includes program memory space allocation means.
  • program memory space allocation means In a first mode of operation, a first block of program memory is hidden for code fetching such that a processor is prohibited from retrieving program instructions from the first block of program memory.
  • the first block of program memory In a second mode, however, the first block of program memory is accessible for code fetching.
  • the program memory space allocation means allocates the program memory space such that the processor may retrieve program instructions only from an external memory, that is not unitarily formed in the integrated circuit.
  • the mode of operation of the program memory space allocation is controlled in response to the contents of a configuration register.
  • a microcontroller system includes a security lock circuit to regulate access requests to contents of locations of a program memory.
  • the regulation is selective, based on an operating mode of the security lock circuit, and also based on the source of the access request and the location of the program memory for which the access request is intended.
  • one major advantage provided by the security lock circuit is that concurrent — j — programming (i.e., programming of one area of memory using instructions executing from another area of memory) can be initiated under predetermined secure conditions.
  • FIG. 1 is a block functional illustration of an embodiment of a microcontroller system.
  • Fig. 2 is a block functional illustration of an embodiment of a flash operation controller of the Fig. 1 microcontroller system.
  • Fig. 3A is a table that summarizes security functions of the Fig. 1 microcontroller system.
  • Fig. 3B is a table that further details the activated mode of the security lock circuit.
  • Figs. 4A to 4C illustrate various states of program memory organization of the Fig. 1 microcontroller system.
  • Fig. 1 illustrates, in block functional form, a microcontroller system 100 in accordance with an embodiment of the present invention, unitarily formed in an integrated circuit.
  • the system 100 includes a microcontroller unit (MCU) core 103, designated by part number T8052 in Fig. 1.
  • MCU microcontroller unit
  • Embedded program memory 102 includes two independent program memory blocks 102a and 102b.
  • the program memory blocks 102a and 102b are erasable and reprogrammable, and are preferably flash EEPROM of the type disclosed, for example, in U.S. Patent No. 5,572,054, issued November 5, 1996 and assigned to Silicon Storage Technology, Inc.
  • Program memory block 102a (designated, for convenience of reference, as the "lower program block") is addressable at the standard 87C58 32 Kbytes of internal ROM area
  • program memory block 102b (designated for convenience of reference as the "upper program memory block") is addressable at the high address end of the 8xC5x architecture.
  • the microcontroller system 100 is configurable to address up to 64 Kbytes of program memory (not shown) external to the system 100.
  • the system 100 also includes on-chip RAM (not shown) and is configurable to address external data RAM (not shown).
  • a flash operation controller 104 (shown in more detail in Fig.
  • a command/address decoder 106 interfaces the MCU core 103 to the addressable memory (whether program memory 102 or other addressable memory, internal or external), I/O ports, and configuration registers. Some of the configuration registers, particularly those within the flash operation controller, are discussed in greater detail later.
  • I/O pads interface 108 includes circuitry for interfacing the various components of the system 100 to external devices (not shown), for example, external memory or an external host.
  • test mode controller 1 10 assists in controlling the system 100 when it is operating in "external host mode", wherein an external "host” processor (not shown) is operating in place of the MCU core 103.
  • An example of an external host is a PCB tester automated test equipment, a PC-controlled development board, or an OTP (one-time programmable) MCU programmer.
  • OTP one-time programmable
  • a primary function of the flash operation controller 104 is to control read and/or write access to the blocks 102a and 102b of the program memory 102, in accordance with the value stored in a "security byte".
  • the flash control unit 201 controls such access responsive to the value of the security byte, as indicated by a field of the SuperFlash® Configuration register (SFCF) 202 which contains a decoding of the security byte.
  • the security byte is located at the highest address location, FFFFh, of the microcontroller system 100 memory space. That is, the security byte is located at the highest location in upper program memory block 102b.
  • either the entire program memory 102 may be locked; just the upper program memory block 102b may be locked; or both the lower program memory block 102a and the upper program memory block 102b may be unlocked.
  • value of the security byte is a shorthand notation herein for the value of the field in the SFCF register 202 that is a decoding of the security byte.
  • Precisely what it means for a block of memory to be "locked” or "unlocked” is discussed later.
  • the table shown in Fig. 3A provides a summary of the effect that a particular value of the security byte has on the security functions of the system 100.
  • both the program memory block 102a and program memory block 102b are unlocked.
  • the default value of the security byte is FFh.
  • the security byte value is other than FFh (i.e., has an "activated” value)
  • security is activated to lock at least one of the program memory blocks 102a and 102b.
  • the "move constant" (MOVC) instruction which in some instances could be used for read access of data from the program memory 102, is denied read access when the location of the MOVC instruction itself could be in either an unlocked flash memory location (i.e., a portion of the flash memory 102 is unlocked, as indicated by the activated value of the security byte) or may be in an external memory (as indicated by the signal at an External Enable, or EA#, input pin). Therefore, the contents of the internal flash program memory 102 are prevented from being read undesirably when any level of security is activated.
  • the CHIP ERASE function operates regardless of the value of the security byte.
  • the security byte is set back to the default value of FFh.
  • the external host may freely program (or otherwise access) the program memory 102, via the SFDT "mailbox register" 204.
  • the WDTD and WDTC registers shown in Fig. 2 are for controlling a watchdog timer and are not relevant to the present disclosure.
  • the security byte at location FFFFh has the value F5h, only the upper program memory block 102b is locked, and the lower program memory block 102a is not locked.
  • the lower program memory block 102a may be programmed (i.e., sector or block erase, write and verify operations) by program code executing from the upper program memory block 102b, but not by any program code executing from the external program code storage even though both program memory blocks 102a and 102b are security locked for any other access, such as External Mode Host Access.
  • This security mechanism is known as "soft lock".
  • the "soft lock” security mechanism allows the system to use a secure program code to perform in-system and in-field flash memory concurrent programming of the lower program memory block 102a under a predetermined secure environment.
  • the table in Fig. 3A further illustrates this security lock feature. More details of the program memory addressable space are now discussed with reference to Figs. 4A to 4C, particularly relative to how the program memory organization is adaptable to address safety and security concerns. More specifically, Figs. 4A to 4C show three program memory organization and assignment options of the microcontroller system 100.
  • the program (flash) memory 102 of the microcontroller system 100 includes two blocks, lower program memory block 102a and upper program memory block 102b.
  • the lower program memory block 102a has 32 Kbytes, and occupies the address space OOOOh to 7FFFh.
  • the 32 Kbytes of the lower program memory block 102a are organized as 512 rows (256 of
  • the upper program memory block 102b has 4 Kbytes, and occupies the address space FOOOh to FFFFh.
  • the 4 Kbytes of the upper program memory block 102b are organized as 128 rows (64 of 64- byte sectors per page, 7 X-address lines) and 256 columns (32 bytes per row,
  • the address space 8000h to EFFFh is always reserved for external memory (not shown), which may be, for example, memory of a development system or hardware programmer.
  • external memory not shown
  • hidden for code fetching it is meant that program instructions in the block “hidden for code fetching" cannot be fetched and executed from locations of the hidden block.
  • the concurrent programming field is the most significant bit of the SuperFlash® configuration register SFCF 202 (Fig. 2).
  • the security of the program memory is enhanced. Furthermore, in combination with the security lock circuitry, the security of the program is further enhanced.
  • Appendix A Attached hereto as Appendix A is the "SST89C58 Data Sheet" which is to be considered an integral part of this specification.

Abstract

A microcontroller system (104) includes program memory space allocation circuitry (104). In a first mode of operation, a first block of program memory (102a) is hidden for code fetching such that a processor is prohibited from retrieving program instructions from the first block of program memory (102a). In a second mode, however, the first block of program memory (102a) is accessible for code fetching. In a third mode of operation, the program memory space allocation means allocates the program memory space such that the processor (103) may retrieve program instructions only from an external memory, that is not unitarily formed in the integrated circuit. In some embodiments, the mode of operation of the program memory space allocation is controlled in response to the contents of a configuration register (106). By having circuitry to so allocate the program memory, the security of the program memory (102) is enhanced.

Description

MICROCONTROLLER HAVING ALLOCATION CIRCUITRY TO SELECTIVELY ALLOCATE AND/OR HIDE PORTIONS OF A PROGRAM MEMORY ADDRESS SPACE
Technical Field
The present invention relates to microcontroller systems having flash memory in a program memory address space and, in particular, to a microcontroller system that selectively allocates portions of the program memory space to either internal or external memories, or a combination thereof, for reasons of security of the internal memory contents. In another aspect, the present invention also relates to such microcontroller systems having security circuitry such that a program executing from one portion of the flash memory of the microcontroller can securely program or reprogram another portion of the flash memory.
Background
Microcontroller systems including memory are known in the art. With a conventional microcontroller system, blocks of the memory may be locked such that a locked block cannot be interrogated. This locking thus secures program code contained in the locked blocks from unauthorized access by fϊrmware piraters and from accidental erasing and programming.
However, conventionally, neither can the locked blocks be conveniently reprogrammed or accessed by an authorized user. It is desirable for a microcontroller system to be configurable such that blocks of memory can be locked from unauthorized interrogation or code corruption, but can also be reprogrammed and/or accessed under a predetermined secure environment.
Summary
In accordance with the present invention, a microcontroller system includes program memory space allocation means. In a first mode of operation, a first block of program memory is hidden for code fetching such that a processor is prohibited from retrieving program instructions from the first block of program memory. In a second mode, however, the first block of program memory is accessible for code fetching. In a third mode of operation, the program memory space allocation means allocates the program memory space such that the processor may retrieve program instructions only from an external memory, that is not unitarily formed in the integrated circuit. In some embodiments, the mode of operation of the program memory space allocation is controlled in response to the contents of a configuration register.
By having means to so allocate the program memory, the security of the program memory is enhanced.
In accordance with a further aspect of the present invention, a microcontroller system includes a security lock circuit to regulate access requests to contents of locations of a program memory. The regulation is selective, based on an operating mode of the security lock circuit, and also based on the source of the access request and the location of the program memory for which the access request is intended. Among other advantages, one major advantage provided by the security lock circuit is that concurrent — j — programming (i.e., programming of one area of memory using instructions executing from another area of memory) can be initiated under predetermined secure conditions.
Brief Description of the Drawings Fig. 1 is a block functional illustration of an embodiment of a microcontroller system.
Fig. 2 is a block functional illustration of an embodiment of a flash operation controller of the Fig. 1 microcontroller system.
Fig. 3A is a table that summarizes security functions of the Fig. 1 microcontroller system.
Fig. 3B is a table that further details the activated mode of the security lock circuit.
Figs. 4A to 4C illustrate various states of program memory organization of the Fig. 1 microcontroller system.
Detailed Description
Fig. 1 illustrates, in block functional form, a microcontroller system 100 in accordance with an embodiment of the present invention, unitarily formed in an integrated circuit. The system 100 includes a microcontroller unit (MCU) core 103, designated by part number T8052 in Fig. 1. In the described (preferred) embodiment, the microcontroller system 100 is compatible with standard 8xC58 microcontroller devices. Embedded program memory 102 includes two independent program memory blocks 102a and 102b. The program memory blocks 102a and 102b are erasable and reprogrammable, and are preferably flash EEPROM of the type disclosed, for example, in U.S. Patent No. 5,572,054, issued November 5, 1996 and assigned to Silicon Storage Technology, Inc. of Sunnyvale, California, the assignee of the present patent application. Program memory block 102a (designated, for convenience of reference, as the "lower program block") is addressable at the standard 87C58 32 Kbytes of internal ROM area, and program memory block 102b (designated for convenience of reference as the "upper program memory block") is addressable at the high address end of the 8xC5x architecture. In addition, the microcontroller system 100 is configurable to address up to 64 Kbytes of program memory (not shown) external to the system 100. The system 100 also includes on-chip RAM (not shown) and is configurable to address external data RAM (not shown). A flash operation controller 104 (shown in more detail in Fig. 2, discussed later) includes circuitry for controlling access to and from the program flash memory 102. A command/address decoder 106 interfaces the MCU core 103 to the addressable memory (whether program memory 102 or other addressable memory, internal or external), I/O ports, and configuration registers. Some of the configuration registers, particularly those within the flash operation controller, are discussed in greater detail later. When the system 100 is operating with the MCU core 103 (as opposed to an external processor, discussed below), this is known as "normal mode".
I/O pads interface 108 includes circuitry for interfacing the various components of the system 100 to external devices (not shown), for example, external memory or an external host. Finally, test mode controller 1 10 assists in controlling the system 100 when it is operating in "external host mode", wherein an external "host" processor (not shown) is operating in place of the MCU core 103. An example of an external host is a PCB tester automated test equipment, a PC-controlled development board, or an OTP (one-time programmable) MCU programmer. During external host mode, in response to hardware commands decoded from control signal input pins, the system 100 performs test, erase and/or programming functions.
Security functions of the microcontroller system 100 are now discussed with reference to Fig. 2, which is a more detailed functional diagram of the flash operation controller 104. In the context of the present invention, a primary function of the flash operation controller 104 is to control read and/or write access to the blocks 102a and 102b of the program memory 102, in accordance with the value stored in a "security byte". Specifically, the flash control unit 201 controls such access responsive to the value of the security byte, as indicated by a field of the SuperFlash® Configuration register (SFCF) 202 which contains a decoding of the security byte. The security byte is located at the highest address location, FFFFh, of the microcontroller system 100 memory space. That is, the security byte is located at the highest location in upper program memory block 102b.
Depending on the value of the security byte, either the entire program memory 102 may be locked; just the upper program memory block 102b may be locked; or both the lower program memory block 102a and the upper program memory block 102b may be unlocked. (Again, the term "value of the security byte" is a shorthand notation herein for the value of the field in the SFCF register 202 that is a decoding of the security byte.) Precisely what it means for a block of memory to be "locked" or "unlocked" is discussed later. The table shown in Fig. 3A provides a summary of the effect that a particular value of the security byte has on the security functions of the system 100.
When the security byte has a value FFh, both the program memory block 102a and program memory block 102b are unlocked. When the system 100 is delivered from the factory, or after a CHIP ERASE function whereby the contents of the program memory 102 are erased and there is no need for security, the default value of the security byte is FFh.
Referring also to Fig. 3B, if the security byte value is other than FFh (i.e., has an "activated" value), then security is activated to lock at least one of the program memory blocks 102a and 102b. In this case, the "move constant" (MOVC) instruction, which in some instances could be used for read access of data from the program memory 102, is denied read access when the location of the MOVC instruction itself could be in either an unlocked flash memory location (i.e., a portion of the flash memory 102 is unlocked, as indicated by the activated value of the security byte) or may be in an external memory (as indicated by the signal at an External Enable, or EA#, input pin). Therefore, the contents of the internal flash program memory 102 are prevented from being read undesirably when any level of security is activated.
The effect of the security byte on program memory 102 programming operations (i.e., write access) is now discussed. If the system 100 is in external host mode and the security byte value is other than FFh, the following external host mode commands are not allowed on the locked program memory 102: sector erase, to erase the addressed sector; block erase, to erase the addressed block; write byte, to write a byte to the addressed location; burst write, to write an entire addressed row by burst writing sequentially within the row if the byte location has been successfully erased and not yet programmed; and verify byte, to read a code byte from the addressed location. The read ID function, to read the chip "signature" and identification registers, is allowed even when the security byte is not FFh.
Put simply, when the system 100 is in external host mode, only the CHIP ERASE operation, to completely erase the program memory 102, can be used to access the lockable flash memory locations. That is, the CHIP ERASE function operates regardless of the value of the security byte. As discussed above, in response to the CHIP ERASE function being executed, the security byte is set back to the default value of FFh. Then, because security is disabled, the external host may freely program (or otherwise access) the program memory 102, via the SFDT "mailbox register" 204. (The WDTD and WDTC registers shown in Fig. 2 are for controlling a watchdog timer and are not relevant to the present disclosure.)
If the security byte at location FFFFh has the value F5h, only the upper program memory block 102b is locked, and the lower program memory block 102a is not locked. During concurrent programming mode, with the security byte at location FFFFh set to 05h, the lower program memory block 102a may be programmed (i.e., sector or block erase, write and verify operations) by program code executing from the upper program memory block 102b, but not by any program code executing from the external program code storage even though both program memory blocks 102a and 102b are security locked for any other access, such as External Mode Host Access. This security mechanism is known as "soft lock". Contrary to the "hard lock", when the security byte at location FFFFh is set to 55h (where both the upper 102b and lower 102a memory blocks are not accessible for any programming operation), the "soft lock" security mechanism allows the system to use a secure program code to perform in-system and in-field flash memory concurrent programming of the lower program memory block 102a under a predetermined secure environment. The table in Fig. 3A further illustrates this security lock feature. More details of the program memory addressable space are now discussed with reference to Figs. 4A to 4C, particularly relative to how the program memory organization is adaptable to address safety and security concerns. More specifically, Figs. 4A to 4C show three program memory organization and assignment options of the microcontroller system 100. As discussed above, the program (flash) memory 102 of the microcontroller system 100 includes two blocks, lower program memory block 102a and upper program memory block 102b.
In one embodiment, the lower program memory block 102a has 32 Kbytes, and occupies the address space OOOOh to 7FFFh. The 32 Kbytes of the lower program memory block 102a are organized as 512 rows (256 of
128-byte sectors per page, 9 X-address lines) and 512 columns (64 bytes per row, 6 Y-address lines). The upper program memory block 102b has 4 Kbytes, and occupies the address space FOOOh to FFFFh. The 4 Kbytes of the upper program memory block 102b are organized as 128 rows (64 of 64- byte sectors per page, 7 X-address lines) and 256 columns (32 bytes per row,
5 Y-address lines).
As can be seen from Figs. 4A to 4C, the address space 8000h to EFFFh is always reserved for external memory (not shown), which may be, for example, memory of a development system or hardware programmer. Referring now specifically to Fig. 4B, in "normal mode", when instructions are being executed by the MCU processor core 103, the upper program memory block 102b is "hidden for code fetching". This is so even when internal code execution is enabled (#EA = 1 ; see Fig. 3) such that code may be executed from the internal program memory 102. By "hidden for code fetching", it is meant that program instructions in the block "hidden for code fetching" cannot be fetched and executed from locations of the hidden block.
As shown in Fig. 4A, to make the upper program memory 102b visible for code fetching, so that the concurrent programming operation can be carried out by executing program instructions from the upper program memory 102b, the system 100 must be in internal mode (i.e.. #EA=1), and the user must set a concurrent programming field in the SuperFlash® configuration register SFCF 202. In one embodiment, the concurrent programming field is the most significant bit of the SuperFlash® configuration register SFCF 202 (Fig. 2).
As for the visibility of the lower program memory block 102a, while internal code execution is enabled (i.e., #EA = 1), the lower program memory block 102a is always visible for code fetching. This can be seen from Figs. 4A and 4B. If the external enable is asserted at hardware reset of the system 100, program execution starts from the lower program memory block 102a.
Finally, as can be seen from Fig. 4C, while internal code execution is not enabled (i.e., #EA = 0), both lower program memory block 102a and upper program memory block 102b are hidden for code fetching.
By having circuitry to so allocate the program memory, the security of the program memory is enhanced. Furthermore, in combination with the security lock circuitry, the security of the program is further enhanced.
Attached hereto as Appendix A is the "SST89C58 Data Sheet" which is to be considered an integral part of this specification.

Claims

What is claimed is: 1. A microcontroller system unitarily formed in an integrated circuit. including: a processor that retrieves program instructions from addressable locations of a program memory space and executes the retrieved program instructions; a first block of program memory whose locations are addressable in a first portion of the program memory space and a second block of program memory whose locations are addressable in a second portion of the program memory space, exclusive of the first portion; and program memory space allocation means that: when operating in a first mode, the program memory space allocation means allocates the program memory space such that: the first block of program memory is hidden for code fetching such that the processor is prohibited from retrieving program instructions from the first block of program memory; and the processor may retrieve program instructions from the second block of program memory; and when operating in a second mode, the program memory space allocation means allocates the program memory space such that: the processor may retrieve first program instructions from the first block of program memory and execute the first program instructions to write to locations of the second block of program memory; and the processor may retrieve second program instructions from the second block of program memory.
2. The microcontroller system of claim 1 , wherein in response to power- up of the microcontroller system under a predetermined condition, the program memory space allocation means is operating in the first mode.
3. The microcontroller system of claim 2. and further including: means for interrogating a configuration register and, in response to contents thereof, switching the program memory space allocation means from operating in the first mode to operating in the second mode.
4. The microcontroller system of claim 1, wherein: in response to an external enable signal being asserted, the program memory space allocation means operates in a third mode; and when the program memory space allocation means is operating in the third mode, the program memory space allocation means allocates the program memory space such that the processor may retrieve program instructions only from a memory that is not unitarily formed in the integrated circuit.
5. The microcontroller system of claim 1 , wherein: when the program memory space allocation means is operating in the first mode and the second mode, the program memory space allocation means further allocates the program memory space such that locations of an external memory, that is not unitarily formed in the integrated circuit, is addressable in a third portion of the program memory space, exclusive of the first portion and second portion of program memory space.
6. A method of programming a microcontroller system, wherein the microcontroller sytsem is unitarily formed in an integrated circuit and includes: a processor that retrieves program instructions from addressable locations of a program memory space and executes the retrieved program instructions; a first block of program memory whose locations are addressable in a first portion of the program memory space and a second block of program memory whose locations are addressable in a second portion of the program memory space, exclusive of the first portion; and memory space allocations means, the method comprising: switching the memory space allocation means from a first mode to a second mode, wherein: when operating in the first mode, the program memory space allocation means allocates the program memory space such that: the first block of program memory is hidden for code fetching such that the processor is prohibited from retrieving program instructions from the first block of program memory; and the processor may retrieve program instructions from the second block of program memory; and when operating in a second mode, the program memory space allocation means allocates the program memory space such that: the processor may retrieve first program instructions from the first block of program memory and execute the first program instructions to write to locations of the second block of program memory; and the processor may retrieve second program instructions from the second block of program memory; and causing the processor to retrieve the first program instructions from the first block.
7. The method of claim 6, wherein the system includes a configuration register, and the step of switching the memory space allocations means from the first mode to the second mode includes setting the configuration register to have a predetermined content.
8. A microcontroller system, comprising: a memory that includes a plurality of addressable locations, contents of a particular one of the plurality of locations being accessible in response to an access request for that particular location, the plurality of addressable locations including a particular group of addressable locations; a security lock circuit that, when operating in an activated mode, blocks access to the contents of the particular location by the access request if the particular location is any location within the particular group of addressable locations and the source of the access request may be a location not within the particular group of addressable locations.
9. The microcontroller system of claim 8, wherein: the access request is a write access request; and the activated mode of the security lock circuit includes a sub-mode such that, when the security lock circuit is operating in the sub-mode, the security lock circuit blocks write access to the particular location by the write access request if the particular location is any location within the particular group of addressable locations, even if the source of the write access request is any other location within the particular group of addressable locations.
10. The microcontroller system of claim 9, wherein: the sub-mode is a first sub-mode; the activated mode of the security lock circuit further includes a second sub-mode such that, when the security lock circuit is operating in the second sub-mode, the security lock circuit allows access to the particular location by the write access request if the particular location is any location within a sub-group of addressable locations that is at least a portion of the group of addressable locations; and the security lock circuit includes circuitry for switching from the first sub-mode to the second sub-mode only in response to a mode switch request whose source is within the particular group of addressable locations.
11. The microcontroller system of claim 10, wherein: the sub-group is a first sub-group, and at least another portion of the group of addressable locations, exclusive of the first sub-group, constitutes a second sub-group of addressable locations; and when the security lock circuit is operating in the second sub- mode: the security lock circuit blocks write access to the particular location by the write access request if the particular location is any location within the second sub-group of addressable locations; the security lock circuit allows access to the particular location even if: the particular location is any location within the first sub-group of addressable locations; and the source of the write access request outside the group of addressable locations.
12. The microcontroller system of claims 8, 9 or 10, wherein: the contents of all the particular group of locations, as a group, are erasable responsive to an erase request even if the security lock circuit is operating in the activated mode; and if the security lock circuit is in the activated mode prior to the erase request, the security lock circuit is switched out of the activated mode in response to the erase request.
13. The microcontroller system of claims 8. 9, or 10, and further including: a processing unit, wherein the access request may be generated as a result of the processing unit executing instructions fetched from a source that is one of the addressable locations of the memory, and wherein: the access request may, in an external memory mode of the microcontroller system, be generated as a result of the processing unit executing instructions fetched from a memory that is external to the microcontroller system, and the access request, if the microcontroller system is in the external memory mode, may have a source that is not a location within the particular group of addressable locations.
14. The microcontroller system of claims 8, 9, or 10, and further including: a processing unit, wherein the access request may be generated as a result of the processing unit executing instructions fetched from a source that is one of the addressable locations of the memory, and wherein: the access request may, in an external host operating mode of the microcontroller system, be generated as a result of an external processing unit, external to the microcontroller system, executing external host commands, and the access request, if it may be generated as a result of the external processing unit executing external host commands, has a source that may be a location not within the particular group of addressable locations.
PCT/US1999/018443 1998-08-14 1999-08-13 Microcontroller having allocation circuitry to selectively allocate and/or hide portions of a program memory address space WO2000010074A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP99942170A EP1031072A1 (en) 1998-08-14 1999-08-13 Microcontroller having allocation circuitry to selectively allocate and/or hide portions of a program memory address space

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US09/134,242 US6339815B1 (en) 1998-08-14 1998-08-14 Microcontroller system having allocation circuitry to selectively allocate and/or hide portions of a program memory address space
US09/135,410 1998-08-14
US09/135,410 US6505279B1 (en) 1998-08-14 1998-08-14 Microcontroller system having security circuitry to selectively lock portions of a program memory address space
US09/134,242 1998-08-14

Publications (1)

Publication Number Publication Date
WO2000010074A1 true WO2000010074A1 (en) 2000-02-24

Family

ID=26832105

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US1999/018443 WO2000010074A1 (en) 1998-08-14 1999-08-13 Microcontroller having allocation circuitry to selectively allocate and/or hide portions of a program memory address space

Country Status (2)

Country Link
EP (1) EP1031072A1 (en)
WO (1) WO2000010074A1 (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5014191A (en) * 1988-05-02 1991-05-07 Padgaonkar Ajay J Security for digital signal processor program memory
US5251304A (en) * 1990-09-28 1993-10-05 Motorola, Inc. Integrated circuit microcontroller with on-chip memory and external bus interface and programmable mechanism for securing the contents of on-chip memory
US5737760A (en) * 1995-10-06 1998-04-07 Motorola Inc. Microcontroller with security logic circuit which prevents reading of internal memory by external program
US5809544A (en) * 1995-10-06 1998-09-15 Motorola, Inc. Microcontroller which limits access to internal memory
US5911778A (en) * 1996-12-31 1999-06-15 Sun Microsystems, Inc. Processing system security
US5954818A (en) * 1997-02-03 1999-09-21 Intel Corporation Method of programming, erasing, and reading block lock-bits and a master lock-bit in a flash memory device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5014191A (en) * 1988-05-02 1991-05-07 Padgaonkar Ajay J Security for digital signal processor program memory
US5251304A (en) * 1990-09-28 1993-10-05 Motorola, Inc. Integrated circuit microcontroller with on-chip memory and external bus interface and programmable mechanism for securing the contents of on-chip memory
US5737760A (en) * 1995-10-06 1998-04-07 Motorola Inc. Microcontroller with security logic circuit which prevents reading of internal memory by external program
US5809544A (en) * 1995-10-06 1998-09-15 Motorola, Inc. Microcontroller which limits access to internal memory
US5911778A (en) * 1996-12-31 1999-06-15 Sun Microsystems, Inc. Processing system security
US5954818A (en) * 1997-02-03 1999-09-21 Intel Corporation Method of programming, erasing, and reading block lock-bits and a master lock-bit in a flash memory device

Also Published As

Publication number Publication date
EP1031072A1 (en) 2000-08-30

Similar Documents

Publication Publication Date Title
US6339815B1 (en) Microcontroller system having allocation circuitry to selectively allocate and/or hide portions of a program memory address space
US6505279B1 (en) Microcontroller system having security circuitry to selectively lock portions of a program memory address space
JP2727520B2 (en) Memory card and operating method thereof
US6976136B2 (en) Flash memory protection scheme for secured shared BIOS implementation in personal computers with an embedded controller
EP0851358B1 (en) Processing system security
US7493484B2 (en) Method and apparatus for executing the boot code of embedded systems
US5210854A (en) System for updating program stored in eeprom by storing new version into new location and updating second transfer vector to contain starting address of new version
US5327531A (en) Data processing system including corrupt flash ROM recovery
JP6306578B2 (en) Memory protection device and protection method
US5293610A (en) Memory system having two-level security system for enhanced protection against unauthorized access
US6453397B1 (en) Single chip microcomputer internally including a flash memory
US7165137B2 (en) System and method for booting from a non-volatile application and file storage device
US6292874B1 (en) Memory management method and apparatus for partitioning homogeneous memory and restricting access of installed applications to predetermined memory ranges
US7979630B2 (en) Data protection for non-volatile semiconductor memory block using block protection flags
JPH05173890A (en) Data protecting microprocessor circuit for portable data carrier
KR20050113659A (en) Universal memory device having a profile storage unit
US8417902B2 (en) One-time-programmable memory emulation
US5721877A (en) Method and apparatus for limiting access to nonvolatile memory device
US9542113B2 (en) Apparatuses for securing program code stored in a non-volatile memory
CN110968254A (en) Partition protection method and device for nonvolatile memory
JPH01219982A (en) Ic card
US20060080497A1 (en) Program-controlled unit
US20040186947A1 (en) Access control system for nonvolatile memory
KR930004944B1 (en) Memory system
WO2000010074A1 (en) Microcontroller having allocation circuitry to selectively allocate and/or hide portions of a program memory address space

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): CA JP

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 1999942170

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 1999942170

Country of ref document: EP

WWW Wipo information: withdrawn in national office

Ref document number: 1999942170

Country of ref document: EP