Secured booting of a field programmable system-on-chip including authentication of a first stage boot loader to mitigate against differential power analysis
US-9230112-B1 · Jan 5, 2016 · US
System-Level Dual-Boot Capability in Systems Having One or More Devices Without Native Dual-Boot Capability
US2016011878A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2016011878-A1 |
| Application number | US-201414327811-A |
| Country | US |
| Kind code | A1 |
| Filing date | Jul 10, 2014 |
| Priority date | Jul 10, 2014 |
| Publication date | Jan 14, 2016 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
In one embodiment, a system has a master programmable device (PD) with native dual-boot capability and one or more slave PDs with no native dual-boot capability. A master golden image includes an embedded dual-boot function. During power-up, each PD copies its primary image into its volatile configuration memory and determines whether the primary image is valid. When the master's configuration engine detects an invalid master primary image, then the master's native dual-boot capability enables the master to implement a system-reboot procedure, which includes copying the master golden image from an external memory device into the master's volatile configuration memory and launching the embedded dual-boot function, which in turn copies the slave golden images from the external memory device into the slaves' volatile configuration memories before enabling other master-golden-image functions. Significant system reliability and robustness are achieved without provisioning every PD with native dual-boot capability.
First claim
Opening claim text (preview).
What is claimed is: 1 . A system (e.g., 100 ) comprising: a master programmable device (PD) (e.g., 110 ) having native dual-boot capability; and a slave PD (e.g., 120 ) without native dual-boot capability and connected to the master PD, wherein: the master PD has master volatile configuration memory (e.g., 112 ); the slave PD has slave volatile configuration memory (e.g., 122 ); a first non-volatile configuration memory (e.g., 114 ) in the system stores a master primary image for the master PD; a second non-volatile configuration memory (e.g., 124 ) in the system stores a slave primary image for the slave PD; and a third non-volatile memory (e.g., 130 ) in the system stores a master golden image (e.g., 202 ( 0 )) for the master PD and a slave golden image (e.g., 202 ( 1 )) for the slave PD, wherein the master golden image comprises a dual-boot function and one or more other master-PD functions and the system is designed such that: during system power-up, (i) the master PD copies the master primary image from the first non-volatile memory into the master volatile memory and (ii) the slave PD copies the slave primary image from the second non-volatile memory into the slave volatile memory; and when the master PD detects that the master primary non-volatile image is invalid, then: (1) the master PD copies the master golden image from the third non-volatile memory into the master volatile memory of the master PD; (2) then the master PD launches the dual-boot function of the master golden image; (3) then the dual-boot function inhibits the one or more other master-PD functions of the master golden image; (4) then the dual-boot function copies the slave golden image from the third non-volatile memory into the slave volatile memory of the slave PD; and (5) then the dual-boot function enables the one or more other master-PD functions of the master golden image. 2 . The system of claim 1 , wherein: the master primary image is stored in master non-volatile memory within the master PD such that the first non-volatile memory is part of the master non-volatile memory within the master PD; and the slave primary image is stored in slave non-volatile memory within the slave PD such that the second non-volatile memory is part of the slave non-volatile memory within the slave PD. 3 . The system of claim 1 , wherein the first non-volatile memory is external to the master PD. 4 . The system of claim 1 , wherein the second non-volatile memory is external to the slave PD. 5 . The system of claim 1 , further comprising an external memory device (e.g., 130 ), wherein the master golden image and the slave golden image are stored in the external memory device such that the third non-volatile memory is part of the external memory device. 6 . The system of claim 5 , wherein the external memory device is directly connected to the master PD, but not directly connected to the slave PD. 7 . The system of claim 5 , wherein: the master and slave golden images are stored as a single, combined golden image (e.g., 200 ) in the external memory device; and the dual-boot function of the master golden image is configured to extract and separately copy the master golden image and the slave golden image from the external memory device into the corresponding volatile memories of the master and slave PDs. 8 . The system of claim 1 , wherein the system is programmed by: (a) erasing memory for the master PD; (b) then erasing, programming, and verifying memory for the slave PD; and (c) then programming and verifying the memory for the master PD. 9 . The system of claim 8 , wherein the system is designed such that, when power cycling occurs during any of steps (a), (b), and (c) of claim IB, then steps (1)-(5) of claim I are implemented. 10 . The system of claim 8 , further comprising one or more other slave PDs, wherein: step (4) of claim 1 further comprises, for each other slave PD, the dual-boot function copying a corresponding slave golden image from the third non-volatile memory into corresponding slave volatile memory within the other slave PD; and step (b) of claim 8 further comprises, for each other slave PD, erasing, programming, and verifying corresponding slave primary memory within the other slave PD. 11 . A computer-based tool for developing the golden images for the system of claim I, wherein: the tool enables a user to design a new master golden image for the master PD; and the tool is configurable to embed the dual-boot function into the new master golden image for the master PD. 12 . The tool of claim 11 , wherein the tool is configured to generate a combined golden image (e.g., 200 ) comprising the new master golden image for the master PD and the slave golden image for the slave PD for storage in an external memory device (e.g., 130 ), such that: the third non-volatile memory is part of the external memory device; and the dual-boot function is enabled to extract and separately copy (1) the new master golden image in the combined golden image from the external memory device into the master volatile memory of the master PD and (2) the slave golden image in the combined golden image from the external memory device into the slave volatile memory of the slave PD. 13 . A method comprising: providing a master programmable device (PD) (e.g., 110 ) having volatile configuration memory (e.g., 112 ) and non-volatile configuration memory (e.g., 114 ) for storing a master primary image for the master PD, at least one slave PD (e.g., 120 ) having volatile configuration memory (e.g., 122 ) and non-volatile configuration memory (e.g., 124 ) for storing a slave primary image for the slave PD, and a memory device (e.g., 130 ) storing a master golden image (e.g., 202 ( 0 )) for the master PD and a slave golden image (e.g., 202 ( 1 )) for the slave PD; and upon detecting that the master primary image for the master PD is invalid: causing the master PD to copy the master golden image from the memory device into the volatile configuration memory of the PD; and causing the master PD to copy the slave golden image from the memory device into the volatile configuration memory of the slave PD. 14 . The method of claim 13 , wherein the method further includes: providing at least a second slave PD having volatile configuration memory and non-volatile configuration memory for storing a slave primary image for the second slave PD, and the memory device for storing a slave golden image (e.g., 202 ( 2 )) for the second slave PD; and upon detecting that the master primary image for the master PD is invalid: causing the master PD to copy the slave golden image for the second slave PD from the memory device into the volatile configuration memory of the second slave PD. 15 . A system comprising: a master programmable device (PD) (e.g., 110 ) having volatile configuration memory (e.g., 112 ) and non-volatile configuration memory (e.g., 114 ) for storing a master primary image for the master PD, at least one slave PD (e.g., 120 ) having volatile configuration memory (e.g., 122 ) and non-volatile configuration memory (e.g., 124 ) for storing a slave primary image for the slave PD; and a memory device (e.g., 130 ) storing a master golden image (e.g., 202 ( 0 )) for the master PD and a slave golden image (e.g., 202 ( 1 )) for the slave PD; wherein the master PD is configured, upon detecting that the master primary image for the master PD is invalid, to copy the master golden image from the memory device into the volatile configuration memory of the PD and to copy the s
Assignees
Inventors
Classifications
Combination of memories, e.g. ROM and RAM such as to permit replacement or supplementing of words in one module by words in another module (address formation of the next microinstruction G06F9/26; masking faults in memories by using spares or by reconfiguring G11C29/70) · CPC title
- G06F9/4401Primary
Bootstrapping (security arrangements therefor G06F21/57) · CPC title
Hybrid memory, e.g. using both volatile and non-volatile memory · CPC title
Multiple device management, e.g. distributing data over multiple flash devices · CPC title
in block erasable memory, e.g. flash memory · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2016011878A1 cover?
- In one embodiment, a system has a master programmable device (PD) with native dual-boot capability and one or more slave PDs with no native dual-boot capability. A master golden image includes an embedded dual-boot function. During power-up, each PD copies its primary image into its volatile configuration memory and determines whether the primary image is valid. When the master's configuration …
- Who is the assignee on this patent?
- Lattice Semiconductor Corp
- What technology area does this patent fall under?
- Primary CPC classification G06F9/4401. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Thu Jan 14 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).