Table of Contents: 目录
2. IPC Initialization Scenarios
2.IPC 初始化场景
2.1. What is the meaning of IPC initialization and why it is needed?
2.1.IPC 初始化的含义是什么,为什么需要初始化?
3.1. How the HOST indicates to the HSM the ready state?
3.1.主机如何向 HSM 指示就绪状态?
3.3. It is important to verify these points:
3.3.验证这些要点非常重要:
4. Debugging Points to Check the IPC Initialization
4.检查 IPC 初始化的调试点
8. Hardware Limitations and Workarounds
8.硬件限制和变通方法
1. Overview 1.概述
The veHsm and the HOST core communicate over a RAM-based IPC protocol Inter Processor Communication. However, this protocol has a version which needs to be the same on both sides.
veHsm 和 HOST 内核通过基于 RAM 的 IPC 协议 Inter Processor Communication 进行通信。不过,该协议有一个版本,需要双方保持一致。
For HSM versions starting from protocol version 2, the version is synchronized via the generated pre-config file and this pre-config file should be added as additional defines in the CRYPTO veHSM driver.
对于从协议版本 2 开始的 HSM 版本,可通过生成的预配置文件同步版本,该预配置文件应作为附加定义添加到 CRYPTO veHSM 驱动程序中。
With protocol version 2 and higher, there is no limit for driver objects, and it is highly recommended to upgrade to protocol version 3 because it contains some performance optimizations and can deserialize data dynamically from the IPC storage.
协议版本 2 及更高版本对驱动程序对象没有限制,强烈建议升级到协议版本 3,因为它包含一些性能优化,并能从 IPC 存储动态反序列化数据。
Inside the IPC shared memory, values are only written by one core and read by the other core and there is no concurrent write access to the memory. The information, which is written into the IPC is only pointers for the job processing, the actual data will be fetched from the address the pointer refers to.
在 IPC 共享内存中,数值只能由一个内核写入,由另一个内核读取,不存在对内存的并发写入访问。写入 IPC 的信息只是用于作业处理的指针,实际数据将从指针指向的地址获取。
In this KnowledgeBase article, the IPC configuration will not be covered and for more information about this part, please refer to the vHsm_IntegrationHints.pdf in the veHSM delivery.
本知识库文章不涉及 IPC 配置,有关这部分的更多信息,请参阅 veHSM 交付中的 vHsm_IntegrationHints.pdf 。
The IPC configuration section discusses the hardware architecture and the needed requirements on both sides the HOST and HSM side.
IPC 配置部分将讨论硬件架构以及主机和 HSM 两侧的所需要求。
2. IPC Initialization Scenarios
2.IPC 初始化场景
The veHSM IPC initialization is an interesting topic and somehow it needs to be handled carefully in the project. The booting process must boot at least two cores. Typically, the HSM core is started first. Only this core has access to the keys and can check the integrity of the code to be loaded to the host core(s). Then the start of the host core(s) takes place.
veHSM IPC 初始化是一个有趣的话题,在项目中需要谨慎处理。启动过程必须至少启动两个内核。通常情况下,HSM 内核首先启动。只有该内核可以访问密钥,并检查要加载到主机内核的代码的完整性。然后启动主机内核。
Depending on the project requirements you can choose between two scenarios:
根据项目要求,您可以选择两种方案:
- Sequential startup
顺序启动
- In this scenario, the HSM core is started first while the HOST core is not started yet. The HSM core will execute its startup and initialize the veHSM firmware, then performs the auto-started secure boot groups if configured. Once the auto-started secure boot groups are verified successfully, the HSM will release the HOST cores.
在这种情况下,HSM 内核首先启动,而 HOST 内核尚未启动。HSM 内核将执行启动并初始化 veHSM 固件,然后执行自动启动的安全启动组(如果已配置)。一旦自动启动的安全启动组验证成功,HSM 将释放 HOST 内核。
- In this scenario, the HSM core is started first while the HOST core is not started yet. The HSM core will execute its startup and initialize the veHSM firmware, then performs the auto-started secure boot groups if configured. Once the auto-started secure boot groups are verified successfully, the HSM will release the HOST cores.
- Parallel startup
并行启动
- In this scenario, both the HSM core and the HOST cores are started at the same time. The application is running now on HOST cores while the boot jobs are still being processed if secure boot is enabled.
在这种情况下,HSM 内核和 HOST 内核同时启动。如果启用了安全启动,应用程序将在 HOST 内核上运行,同时仍在处理启动作业。
- In this scenario, both the HSM core and the HOST cores are started at the same time. The application is running now on HOST cores while the boot jobs are still being processed if secure boot is enabled.
We recommend reading the Secure Startup chapter in the UserManualHSM.pdf provided with the HSM delivery. This diagram shows the sequential startup scenario:
建议阅读随 HSM 一起提供的 UserManualHSM.pdf 中的 Secure Startup 章节。此图显示了顺序启动方案:
HINT: This analysis is based on release 31.07.08 (Package: HSM_Vector_SLP1) because the implementation for the IPC initialization has been slightly changed if we compared for example release 25 with release 31.
提示:本分析基于 31.07.08 版(软件包:HSM_Vector_SLP1),因为如果我们将第 25 版与第 31 版进行比较,IPC 初始化的实现略有变化。
2.1. What is the meaning of IPC initialization and why it is needed?
2.1.IPC 初始化的含义是什么,为什么需要初始化?
Initializing the IPC means: clearing the IPC allocated memory in the RAM. It is needed to avoid the ECC errors triggered when reading from uninitialized memory and avoid any garbage value in this memory that could be treated as a job request to the HSM.
初始化 IPC 意味着:清除 RAM 中分配给 IPC 的内存。这样做是为了避免读取未初始化内存时引发 ECC 错误,并避免内存中的任何垃圾值被视为向 HSM 发出的任务请求。
There could be many scenarios to synchronize the initialization of the IPC between the veHSM and the HOST, in this KnowledgeBase article, four of these scenarios will be addressed:
在veHSM和HOST之间同步初始化IPC可能有多种情况,本知识库文章将讨论其中的四种情况:
- Sequential startup and the IPC initialization will be done by HOST.
顺序启动和 IPC 初始化将由 HOST 完成。 - Sequential startup and the IPC initialization will be done by HSM.
顺序启动和 IPC 初始化将由 HSM 完成。 - Parallel startup and the IPC initialization will be done by the HOST.
并行启动和 IPC 初始化将由主机完成。 - Parallel startup and the IPC initialization will be done by the HSM.
并行启动和 IPC 初始化将由 HSM 完成。- Sequential auto-started secure boot groups are configured.
配置了顺序自动启动的安全启动组。
- Sequential auto-started secure boot groups are configured.
3. Scenario 1: Sequential Startup and the IPC Initialization will be done by HOST
3.方案 1:顺序启动,IPC 初始化由主机完成
In this scenario, the HSM will start first and execute the HSM startup initialization sequence then the veHSM firmware initialization. If the auto-started secure boot groups verified successfully then the HSM will release the HOST cores and start the application cores otherwise the HSM will trigger the secure boot configured sanction. For more information about the veHSM startup sequence, the technical reference of the veHSM core TechnicalReference_vHsm_Core.pdf has a well-designed sequence diagram in the section veHSM Startup Sequence Overview.
在这种情况下,HSM 将首先启动并执行 HSM 启动初始化序列,然后执行 veHSM 固件初始化。如果自动启动的安全启动组验证成功,HSM 将释放 HOST 内核并启动应用内核,否则 HSM 将触发安全启动配置的制裁。有关 veHSM 启动顺序的更多信息,veHSM 内核的技术参考 TechnicalReference_vHsm_Core.pdf 在 veHSM 启动顺序概述一节中提供了精心设计的顺序图。
Once the HSM calls the vHsm_Hal_StartApplicationCores() which starts the HOST core, the HOST core will be released but the HOST core is not ready yet to request cryptographic jobs from the HSM because the IPC is not prepared yet to be used.
一旦 HSM 调用 vHsm_Hal_StartApplicationCores() 启动 HOST 内核,HOST 内核将被释放,但 HOST 内核尚未准备好向 HSM 请求加密作业,因为 IPC 尚未准备好使用。
The HSM will expect an indication from the HOST core that HOST is ready now to communicate with the HSM. The question is how this indication happens?
HSM 将期望从 HOST 核心获得 HOST 已准备好与 HSM 通信的指示。问题是这种指示是如何发出的?
Before speaking about how this indication happens, normally most platforms have at least two communication registers which can be used to share information between the application and the HSM core. Otherwise shared RAM can be used. These two registers are HSM2HOST and HOST2HSM.
在讨论如何进行指示之前,通常大多数平台都至少有两个通信寄存器,可用于在应用程序和 HSM 内核之间共享信息。否则,可以使用共享 RAM。这两个寄存器是 HSM2HOST 和 HOST2HSM 。
The HSM uses the Hsm2Host register to provides the internal state to the application core. Once the HSM calls vHsm_Hal_StartApplicationCores(), the HSM sets its state to ACTIVE Bit 0 and READY Bit 1. The ACTIVE Bit 0 is activated before the READY Bit 1, and this happens at this function vHsm_SystemInit_Callout() at the startup of the HSM during calling this function vHsm_Init.
HSM 使用 Hsm2Host 寄存器向应用内核提供内部状态。一旦 HSM 调用 vHsm_Hal_StartApplicationCores() ,HSM 就会将其状态设置为 ACTIVE 位 0 和 READY 位 1。ACTIVE Bit 0 在 READY Bit 1 之前被激活,这发生在调用 vHsm_SystemInit_Callout() 时启动 HSM 的函数 vHsm_Init 中。
If the READY Bit 1 is set, this means that the veHSM starts the HOST cores and is ready to receive commands and interrupts from the HOST core.
如果READY位1被设置,这意味着veHSM启动了HOST内核,并准备好接收来自HOST内核的命令和中断。
This API Crypto_30_vHsm_WaitForHsmRam() can be called at the startup phase in HOST side.
该 API Crypto_30_vHsm_WaitForHsmRam() 可在 HOST 端启动阶段调用。
For example if the Vector boot manager is part of your project, in the boot manager demo project received in the delivery, this API is called in this API ApplFblBmInitPost. The first thing it will do it will poll on the ACTIVE and READY bits from the HSM side, if the HOST core started after the HSM core, then this polling will not consume any time otherwise the HOST core will wait here.
例如,如果 Vector 引导管理器是您项目的一部分,在交付的引导管理器演示项目中,该 API 将在此 API ApplFblBmInitPost 中调用。它要做的第一件事是轮询 HSM 端 ACTIVE 和 READY 位,如果 HOST 内核在 HSM 内核之后启动,则轮询不会消耗任何时间,否则 HOST 内核将在此等待。
3.1. How the HOST indicates to the HSM the ready state?
3.1.主机如何向 HSM 指示就绪状态?
The veHsm expects the HOST core to initialize the IPC. The HOST core needs to write 1 to the Host2Hsm register as indication of an initialized IPC memory. The bit position corresponds to the IPC instance Id, this means that if the project has one IPC instance, then the ID is 0, then an initialized IPC memory is indicated by writing 1 to HOST2HSM register Bit 0, if the project has two IPC instance Ex. multi-core, then Bit 1 will be used to indicate initialized IPC memory for the second IPC instance.
veHsm 希望 HOST 内核能初始化 IPC。HOST 内核需要向Host2Hsm寄存器写入 1,表示已初始化 IPC 内存。该位的位置与 IPC 实例的 ID 相对应,这意味着如果项目只有一个 IPC 实例,则 ID 为 0,则向 HOST2HSM 寄存器第 0 位写入 1 表示已初始化 IPC 内存;如果项目有两个 IPC 实例(如多核),则第 1 位将用于表示已初始化第二个 IPC 实例的 IPC 内存。
As per the below sequence diagram, the initialization of the crypto stack will happen after the startup code of the application code, the calling sequence is Crypto_30_vHsm_InitMemory() then Crypto_30_vHsm_Init().
根据下面的序列图,加密堆栈的初始化将在应用程序代码的启动代码之后进行,调用序列为 Crypto_30_vHsm_InitMemory() 然后 Crypto_30_vHsm_Init() 。
In the Crypto_30_vHsm_Init(), if the (./Crypto_30_vHsm/Crypto/CryptovHsm/CryptoIpcInitialization) is enabled, the crypto driver will check if IPC has already been initialized before, it is just checking the IPC instance ID then identify the corresponding bit in the HOST2HSM register and check if it has been set before, if not the Crypto_30_vHsm_Init() will initialize the IPC by clearing the IPC memory.
在 Crypto_30_vHsm_Init() 中,如果 (./Crypto_30_vHsm/Crypto/CryptovHsm/CryptoIpcInitialization)已启用,加密驱动程序将检查 IPC 是否已被初始化、如果没有,Crypto_30_vHsm_Init() 将通过清空 IPC 内存来初始化 IPC。
If this configuration parameter is not enabled then, the application core should clear this IPC memory. Multiple calls of the (Crypto_30_vHsm_Init()) function are possible as long as the (./Crypto_30_vHsm/Crypto/CryptovHsm/CryptoIpcInitialization) is enabled.
如果未启用此配置参数,应用内核应清除 IPC 内存。只要 (./Crypto_30_vHsm/Crypto/CryptovHsm/CryptoIpcInitialization) 函数启用,就可以多次调用 (Crypto_30_vHsm_Init()) 函数。
If this configuration parameter is enabled the Crypto_30_vHsm_Init() will indicates that the IPC has been initialized and the HSM will now be able to use the IPC. The driver uses the HOST2HSM register to indicate to the HSM if the IPC has been initialized and usable by setting the corresponding bit in the HOST2HSM register based on the IPC ID.
如果启用了该配置参数,Crypto_30_vHsm_Init() 寄存器将指示 IPC 已被初始化,HSM 现在可以使用 IPC。驱动程序使用 HOST2HSM 寄存器,通过根据 IPC ID 设置 HOST2HSM 寄存器中的相应位,向 HSM 指示 IPC 是否已初始化和可用。
Additionally, the driver will trigger an interrupt on HSM side to indicate an initialized IPC, if (./Crypto_30_vHsm/Crypto/CryptovHsm/CryptoJobRequestInterrupt/CryptoJobRequestInterruptFlagSetting) is enabled.
此外,如果启用(./Crypto_30_vHsm/Crypto/CryptovHsm/CryptoJobRequestInterrupt/CryptoJobRequestInterruptFlagSetting ),驱动程序将在 HSM 端触发中断,以指示已初始化 IPC。
If the IPC is not marked as initialized, the veHSM will not fetch jobs from the shared memory. In the vHsm_MainFunction the HSM iterates cyclically over all the IPCs in the project and if one of the IPCs is initialized the veHSM will indicate to the HOST application a ready flag of this IPC by writing this pattern 0xDEADBEEFU in this IPC memory at the readyFlag offset then start fetching jobs from this IPC shared memory, please refer to this data type Crypto_30_vHsm_Ipc_MemoryLayoutType.
如果 IPC 没有被标记为初始化,veHSM 将不会从共享内存中获取作业。在 vHsm_MainFunction 中,HSM 会循环遍历项目中的所有 IPC,如果其中一个 IPC 已被初始化,veHSM 将通过在该 IPC 内存中写入 0xDEADBEEFUreadyFlag偏移量处的 IPC 内存中,然后开始从 IPC 共享内存中获取作业、请参考此数据类型 Crypto_30_vHsm_Ipc_MemoryLayoutType 。
The HSM check the initialization state of each IPC using this code snippet (vHsm_State.vHsm_IpcInitialized[ipc] == FALSE) and if the state is TRUE, then the HSM check the HOST2HSM register based on the IPC ID if it is initialized.
HSM 使用此代码段(vHsm_State.vHsm_IpcInitialized[ipc] == FALSE)检查每个 IPC 的初始化状态,如果状态为 TRUE 则 HSM 会根据 IPC ID 检查 HOST2HSM 寄存器是否初始化。
The same check of initialization state can be done from the ISR context, if the HOST core requested any job and notified the HSM with interrupt to process this job.
如果 HOST 内核要求处理任何任务,并通过中断通知 HSM 处理该任务,则可在 ISR 上下文中对初始化状态进行同样的检查。
The Crypro_vHsm driver is initializing the IPC and indicating it via HOST2HSM since version 2.03.00. If an older Crypro_vHsm driver is used, then the HOST application must be adapted to initialize the IPC and indicate it to the HSM, or the IPC needs to be initialized at startup inside the veHSM and the vHsm_State.vHsm_IpcInitialized[ipc] needs to be set to TRUE.
自 2.03.00 版起,Crypro_vHsm 驱动程序将初始化 IPC 并通过 HOST2HSM 指示 IPC。如果使用的是较早的 Crypro_vHsm 驱动程序,则必须调整 HOST 应用程序以初始化 IPC 并将其指示给 HSM,或者在 veHSM 内部启动时初始化 IPC,并使用 vHsm_State.vHsm_IpcInitialized[ipc] 需要设置为 TRUE 。
The HOST application will wait until this pattern 0xDEADBEEFU is written by the HSM in this IPC memory. So to recap, once the HOST core indicates READY by writing the first bit in the HOST2HSM register to 1, the HOST core will wait a confirmation from the HSM, then the HSM will confirm this indication by writing a specific pattern in the IPC memory (DEADBEEF).
HOST 应用程序将等待直到 HSM 在 IPC 内存中写入 0xDEADBEEFU 模式。因此,概括地说,一旦 HOST 内核将 READY 寄存器 HOST2HSM 中的第一位写为 1,HOST 内核将等待 HSM 的确认,然后 HSM 将通过在 IPC 内存中写入特定模式(DEADBEEF )来确认这一指示。
3.2. Experts Hint: 3.2.专家提示
On hardware platforms, where the HOST2HSM register is not available, the HOST application can indicate an initialized IPC by triggering an interrupt. This interrupt can either be triggered separately or in combination with a job that waits to be fetched by the veHSM in the respective IPC memory. To do this, in the HSM this define (VHSM_SETTING_ENABLE_IPC_INIT_VIA_INTERRUPT) needs to be enabled in the HSM code as part of the (./vHsm/vHsmGeneral/vHsmUserConfigurationFile).
在硬件平台上,如果HOST2HSM寄存器不可用,HOST 应用程序可以通过触发中断来指示初始化的 IPC。该中断既可单独触发,也可与等待 veHSM 在相应 IPC 内存中获取的作业一起触发。为此,需要在 HSM 代码中启用此定义 (VHSM_SETTING_ENABLE_IPC_INIT_VIA_INTERRUPT) 作为 (./vHsm/vHsmGeneral/vHsmUserConfigurationFile) 的一部分。
- The HOST application can use interrupts to signal the veHSM that a job request was transmitted to the
IPC. A CATEGORY_1interrupt is handled without the operating system, and therefore has no OS functionality available. On the TC3 platform you can only useCATEGORY_1interrupt request from application to veHSM.
HOST 应用程序可使用中断向 veHSM 发出信号,表明作业请求已传送到IPC。CATEGORY_1中断是在没有操作系统的情况下处理的,因此没有操作系统功能可用。在 TC3 平台上,您只能使用从应用程序到 veHSM 的CATEGORY_1中断请求。 - In this case the (
./Crypto_30_vHsm/Crypto/CryptovHsm/CryptoJobRequestInterrupt) must be enabled in the crypto driver.
在这种情况下,必须在加密驱动程序中启用(./Crypto_30_vHsm/Crypto/CryptovHsm/CryptoJobRequestInterrupt)。
3.3. It is important to verify these points:
3.3.验证这些要点非常重要:
- The latest generated pre-config file is added as additional defines in the
CRYPTOveHSM driver.
最新生成的预配置文件将作为附加定义添加到CRYPTOveHSM 驱动程序中。 - The IPC address configured in
/vHsm/vHsmIpc/vHsmIpcInstance[0:vHsmIpcAddress]is the same as the mapping of the sectionvHsmIpcMemoryon HOST./vHsm/vHsmIpc/vHsmIpcInstance[0:vHsmIpcAddress]中配置的 IPC 地址与 HOST 上vHsmIpcMemory部分的映射相同。 - If the HSM is running in interrupt mode (
/vHsm/vHsmScheduling[0:vHsmInterruptMode]) the used driver version should be (>=2.03.00) which triggers interrupts when a new request is sent to the HSM.
如果 HSM 以中断模式运行(/vHsm/vHsmScheduling[0:vHsmInterruptMode]),则使用的驱动程序版本应为(>=2.03.00),该版本会在向 HSM 发送新请求时触发中断。 - If the same IPC instance is used in boot manager or flashboot loader or application, make sure that the symbols are linked at the same location and consume the same amount of memory size.
如果引导管理器或闪存启动加载程序或应用程序中使用了相同的 IPC 实例,请确保符号链接在相同位置并占用相同大小的内存。
4. Debugging Points to Check the IPC Initialization
4.检查 IPC 初始化的调试点
- Check the
Hsm2Hostregister at the startup entry point of the HOST, to make sure that both of theACTIVEandREADYbits have been set by the HSM.
检查 HOST 启动入口点的Hsm2Host寄存器,确保 HSM 设置了ACTIVE和READY位。Hsm2Host = 0x00→ veHsm is not available and not ready.Hsm2Host = 0x00→ veHsm 不可用且未就绪。Hsm2Host = 0x01→ veHsm is available and not ready.Hsm2Host = 0x01→ veHsm 可用但未就绪。Hsm2Host = 0x03→ veHsm is available and ready.Hsm2Host = 0x03→ veHsm 已可用并准备就绪。
- Check the
Hsm2Hostregister LSBs based on how many IPCs configured that the driver indicates to the HSM that the IPC has been initialized.
根据驱动程序向 HSM 指示 IPC 已初始化的 IPC 配置数量,检查Hsm2Host寄存器 LSB。 - The HSM indicates to the HOST application a ready flag of this IPC by writing this pattern
0xDEADBEEFUin this IPC memory at thereadyFlagOffset.
HSM 通过在 IPC 内存的readyFlagOffset处写入0xDEADBEEFU模式,向 HOST 应用程序指示该 IPC 的就绪标志。
5. Scenario 2: Sequential Startup and the IPC Initialization will be done by HSM
5.方案 2:顺序启动,IPC 初始化由 HSM 完成
In this scenario, the HSM will start first and execute the HSM startup code initialization sequence. After that the HSM initializes the IPC memory by clearing it then initialize the veHSM firmware. A vLinkGen section can be configured for the IPC memory and the Brs_MemoryZeroInit will clear it.
在这种情况下,HSM 将首先启动并执行 HSM 启动代码初始化序列。之后,HSM 通过清除 IPC 内存来初始化 IPC 内存,然后初始化 veHSM 固件。可为 IPC 内存配置 vLinkGen 部分,Brs_MemoryZeroInit 将清除该部分。
If the auto-started secure boot groups verified successfully then the HSM will release the HOST cores and start the application cores otherwise the HSM will trigger the secure boot configured sanction. Staring from this point (HSM calls vHsm_Hal_StartApplicationCores()) which starts the HOST core, the HOST core will be released but the HOST core is not ready yet to request cryptographic jobs from the HSM, so the HSM will wait an indication from the HOST core that HOST is ready now to communicate with the HSM.
如果自动启动的安全启动组验证成功,HSM 将释放 HOST 内核并启动应用程序内核,否则 HSM 将触发安全启动配置的制裁。从这一点(HSM 调用 vHsm_Hal_StartApplicationCores() 启动 HOST 内核)开始,HOST 内核将被释放,但 HOST 内核尚未准备好向 HSM 请求加密任务,因此 HSM 将等待 HOST 内核发出 HOST 已准备好与 HSM 通信的指示。
As per the below sequence diagram, there is no need now to enable this configuration in the HOST core (./Crypto_30_vHsm/Crypto/CryptovHsm/CryptoIpcInitialization) since the IPC initialization done by the HSM core. After the HOST core starts, the flow will be the same as the first scenario.
根据下面的序列图,现在无需在 HOST 内核(./Crypto_30_vHsm/Crypto/CryptovHsm/CryptoIpcInitialization )中启用此配置,因为 IPC 初始化由 HSM 内核完成。HOST 内核启动后,流程将与第一种情况相同。
6. Scenario 3: Parallel Startup and the IPC Initialization will be done by the HOST
6.方案 3:并行启动和 IPC 初始化将由主机完成
In this scenario, both of the HSM core and HOST core started at the same time. The HOST side will initialize the IPC memory, so this (./Crypto_30_vHsm/Crypto/CryptovHsm/CryptoIpcInitialization) needs to be enabled in this case. Since there is no auto-started secure boot groups and all the groups configured as parallel secure boot, the boot time will be faster than the first scenario and the second scenario. The sequence diagram will be like this, and the flow will be the same as the other scenarios after initializing the IPC:
在这种情况下,HSM 内核和 HOST 内核同时启动。HOST 端将初始化 IPC 内存,因此在这种情况下需要启用此项(./Crypto_30_vHsm/Crypto/CryptovHsm/CryptoIpcInitialization )。由于没有自动启动的安全启动组,且所有组都配置为并行安全启动,因此启动时间将比第一种方案和第二种方案更快。在初始化 IPC 后,序列图将如下所示,流程与其他方案相同:
7. Scenario 4: Parallel Startup and the IPC Initialization will be done by the HSM
7.方案 4:并行启动和 IPC 初始化将由 HSM 完成
In this scenario, both of the HSM core and the HOST core started at the same time. Like scenario two, the veHSM will initialize the IPC memory. After the IPC memory initialization the veHSM starts to initialize the firmware, then starts the auto-stared secure boot groups. The boot time now has been affected although both the HSM and HOST started in parallel. If the auto-stared secure boot groups verified successfully, the HSM will write this pattern 0xDEADBEEFU in this IPC memory. Once the 0xDEADBEEFU observed by the HOST, the HOST will exit the Crypto_30_vHsm_WaitForHsmRam() and is able now to requests crypto jobs from the HSM.
在这种情况下,HSM 内核和 HOST 内核同时启动。与方案二一样,veHSM 将初始化 IPC 内存。IPC 内存初始化完成后,veHSM 开始初始化固件,然后启动自动静态安全启动组。虽然 HSM 和 HOST 同时启动,但现在的启动时间已受到影响。如果自动清除安全启动组验证成功,HSM 将在 IPC 内存中写入 0xDEADBEEFU 模式。一旦主机观察到0xDEADBEEFU,主机将退出Crypto_30_vHsm_WaitForHsmRam(),现在可以向 HSM 请求加密任务。
The sequence diagram will be like this:
序列图将是这样的
8. Hardware Limitations and Workarounds
8.硬件限制和变通方法
There is a known issue with Infineon target that this register Hsm2Host is not always reset to zeros although this is the reset value mentioned in the datasheet, this is the case in TC3xx. Therefore, make sure that this register is set to 0 before the driver initialization is performed the first time by e.g. the boot manager or the flashboot loader before initializing the HSM driver.
英飞凌目标存在一个已知问题,即寄存器 Hsm2Host 并不总是复位为 0,尽管这是数据手册中提到的复位值,TC3xx 就是这种情况。因此,在初始化 HSM 驱动程序之前,请确保在启动管理器或 flashboot 加载器等首次执行驱动程序初始化之前将该寄存器设置为 0。
A workaround can be implemented in the HSM directly after starting the HOST core. A wait loop can be implemented in this callout vHsm_StartApplicationCores_Callout to wait on this bit or bits. In case multiple IPCs to be cleared by the HOST otherwise the HSM will think that the HOST core indicated ready bit for the IPC memory IPC is initialized and the whole IPC initialization sequence will be out of sync. If the project has multiple IPC instances, then take care to wait on the corresponding bits for each IPC instance.
可以在启动 HOST 内核后直接在 HSM 中实施变通方法。可以在此调用 vHsm_StartApplicationCores_Callout 中执行一个等待循环,以等待该位或这些位。如果多个 IPC 被 HOST 清除,否则 HSM 将认为 HOST 内核为 IPC 内存 IPC 初始化指示了就绪位,整个 IPC 初始化序列将不同步。如果项目有多个 IPC 实例,则应注意等待每个 IPC 实例的相应位。
