The Research Of Trust Cryptography Module Based On Openrisc

With the coming of the network age, the means of attacking are emerging in endlessly. The traditional communication security systems, which mainly consist of three Traditional means(fireproofing wall,inbreak measure,virus guard), are not able to defend the variational attacks means. So, the trusted compute technology based on terminal security became the hotspot to guarantee communication security. The kernel principle is importing Trusted Compute Module into the terminal platform as the trusted base of the platform, according to this,the security of the terminal system is improved.At present, domestic authentic standards based on trusted chip has been achieved, but because of cost constraints, the used on a personal computer is still not common, at the same time, because the performance and safety deficiencies,the used in large server and national high security departments also did not get bigger promotion. Because of this, the study based on SOC design method , from reliability, safety, low cost and other factors, the TCM frame based on the open source processor ( openrisc or1200 ) with PCIE high speed interface was proposed.according to the analysis of the system,we discovered that PCIE bandwidth do not match cryptographic properties,so the high speed PCIE interface could not play its advantages. In view of this, to do the optimization and improvement for TCM, according to different applications and data length ,we using different mode call cryptographic service module, it greatly improved the service performance of TCM module. This paper proposes a new high-speed trusted cryptography module architecture, As to the traditional trusted module ,it has the following improvement.(1) based on the OPENRISC processor TCM framework, an open source processor not only reduces chip cost, and the designers can change code by independent controllable. it is more flexible and safe other than the processor module.(2) a high speed interface based on PCIE. Relief the performance bottleneck through the LPC bus communication, greatly improving the TCM external command communication rate. High speed cryptographic module provides the most basic high-speed channel at the server and high-end computer system.(3) the introduced of the DMA control module . because of the design of DMA control module, the external processor can directly call high speed cryptographic service module. The trusted cryptography module is in line with the trusted standard basic function, as well as the high speed external service function. While improving the cryptographic module external command communication rate. According to the modular realization way, shorten the design cycle. Among this, in addition to PCIE for a commercial IP , the other modules all implemented by self. Mainly has the following innovation: the cryptographic module design and implementation. The entire code module and the main processor interaction through the main processor created attribute data packet to control, and the three kernel complete with bus interaction through a control algorithm module, reduced the embedded processor interface pressure and the complexity of the design, improved the execution efficiency of the cryptographic module. under the premise of not in breach of trust norms, this paper increased the high speed of the cryptographic service function, make the cryptographic service segmentation apart into two models - the internal services and external service. Detailed design the command channel mode, the command channel with DMA channel and DMA channel, and implent the flow of call service process under these there model.During the System on chip design and implementation process, RTL development module implementation and code style and simulation validation coverage will directly affect the final result of design, so it is the core of the design and implementation. Its realization method is based on the TCM system architecture, make the module function structured, development with hardware description language ( HDL ).the function validation of the module and interface is implemented by the TCM validation boarD,which was developed by self.Not only verifies the correctness of the cryptographic module function, but also testified the correctness of calling the service during the three model.Then made the performance comparison and analysis of different application.