1、 ETSI GS ECI 001-4 V1.1.1 (2017-07) Embedded Common Interface (ECI) for exchangeable CA/DRM solutions; Part 4: The Virtual Machine Disclaimer The present document has been produced and approved by the Embedded Common Interface (ECI) for exchangeable CA/DRM solutions ETSI Industry Specification Group
2、 (ISG) and represents the views of those members who participated in this ISG. It does not necessarily represent the views of the entire ETSI membership. GROUP SPECIFICATION ETSI ETSI GS ECI 001-4 V1.1.1 (2017-07) 2 Reference DGS/ECI-001-4 Keywords CA, DRM, VM ETSI 650 Route des Lucioles F-06921 Sop
3、hia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The p
4、resent document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such ve
5、rsions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the
6、 current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification
7、No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the
8、foregoing restriction extend to reproduction in all media. ETSI 2017. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are trademarks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are trademarks of ETSI registered for the benefit of its Members and of the 3GPP Or
9、ganizational Partners. oneM2M logo is protected for the benefit of its Members. GSM and the GSM logo are trademarks registered and owned by the GSM Association. ETSI ETSI GS ECI 001-4 V1.1.1 (2017-07) 3 Contents Intellectual Property Rights 7g3Foreword . 7g3Modal verbs terminology 7g3Introduction 8g
10、31 Scope 9g32 References 9g32.1 Normative references . 9g32.2 Informative references 9g33 Definitions and abbreviations . 10g33.1 Definitions 10g33.2 Abbreviations . 10g34 Conceptual principles . 11g34.1 The Virtual Machine as a CPU . 11g34.2 Characteristics of the Virtual Machine . 11g34.3 Isolatio
11、n of individual ECI Clients . 11g34.4 Specifying the Virtual Machine 11g34.5 ECI Client loader 12g35 The Virtual Machine 12g35.1 Execution environment . 12g35.2 Virtual Machine Architecture . 13g35.2.1 CPU architecture . 13g35.2.2 Registers . 14g35.2.3 Data space . 15g35.2.4 Code space 15g35.2.5 Sta
12、ck . 16g35.2.6 Endianness 16g35.2.7 Exceptions. 16g35.2.8 Calling convention 16g35.3 Virtual Machine instruction set 16g35.3.1 Notation 16g35.3.2 Arithmetic Instructions . 17g35.3.2.1 Register operands 17g35.3.2.2 Register, immediate. 17g35.3.3 Short Forms 18g35.3.4 Control Flow. 18g35.3.4.1 Common
13、rules . 18g35.3.4.2 Unconditional Branches and Function Calls . 19g35.3.4.3 Conditional Branches 19g35.3.4.4 Conditional Branches Based on Memory Comparisons with Constant . 19g35.3.4.5 Far Conditional Branches 19g35.3.5 Load and Store instructions 19g35.3.5.1 Register + offset 19g35.3.5.2 Register
14、+ short offset . 20g35.3.5.3 Register Indexed . 20g35.3.5.4 Absolute indexed. 20g35.3.5.5 Dedicated Stack Access 20g35.3.5.6 Memory Transfer 20g35.3.6 Complex Instructions 20g35.3.7 Miscellaneous . 21g35.3.7.1 System Calls 21g35.3.7.2 Pseudo Instructions . 21g36 Interface between the ECI Client and
15、the ECI Host 21g3ETSI ETSI GS ECI 001-4 V1.1.1 (2017-07) 4 6.1 General principles. 21g36.2 Error value 22g36.3 SYS_EXIT . 22g36.4 SYS_PUTMSG 23g36.5 SYS_GETMSG 23g36.6 SYS_HEAPSIZE 23g36.7 SYS_STACKSIZE . 24g36.8 SYS_SYNCCALL 24g36.9 SYS_CLIB . 24g37 bytecode lifecycle 25g37.1 Introduction 25g37.2 L
16、oading a new ECI Client into the VM 25g37.3 Initialization of the VM 25g37.4 The Central Run Loop 25g3Annex A (normative): VM System resources 27g3Annex B (normative): Op codes for the VM 28g3Annex C (normative): Standard C library routines 32g3C.1 Introduction 32g3C.2 memmove . 32g3C.3 strcpy 32g3C
17、.4 strncpy 33g3C.5 strcat . 33g3C.6 strncat . 33g3C.7 memcmp . 33g3C.8 strcmp . 33g3C.9 strncmp . 34g3C.10 memchr . 34g3C.11 strchr . 34g3C.12 strcspn. 34g3C.13 strpbrk. 35g3C.14 strrchr . 35g3C.15 strspn 35g3C.16 strstr 35g3C.17 memset . 35g3Annex D (normative): ECI Client File Format 36g3Annex E (
18、informative): Authors Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR s
19、earches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Trademarks The present document may include trademarks
20、and/or tradenames which are asserted and/or registered by their owners. ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document doe
21、s not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks. Foreword This Group Specification (GS) has been produced by ETSI Industry Specification Group (ISG) Embedded Common Interface (ECI) for exchangeable CA/DRM solutions. The present document
22、 is part 4 of a multi-part deliverable covering the Virtual Machine for the Embedded Common Interface for exchangeable CA/DRM solutions specification, as identified below: Part 1: “Architecture, Definitions and Overview“; Part 2: “Use cases and requirements“; Part 3: “CA/DRM Container, Loader, Inter
23、faces, Revocation“; Part 4: “The Virtual Machine“; Part 5: “The Advanced Security System“; Part 6: “Trust Environment“. Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as des
24、cribed in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. ETSI ETSI GS ECI 001-4 V1.1.1 (2017-07) 8 Introduction The present document describes the concept of a Virt
25、ual Machine that executes in a Sandbox and offers a range of instructions and System Call functions. The VM is designed to work in a variety of environments. It interoperates with other applications that exist on the same machine using well-defined interfaces and provides a combination of support fo
26、r its own instruction set and a modular mechanism for the execution of elements written in the native code of the ECI Host CPU and interacting with the hardware and other elements of the ECI Host environment. This provides the VM with the means to execute readily renewable code that can provide a wi
27、de range of potential secure applications, including the implementation of CA/DRM clients. ETSI ETSI GS ECI 001-4 V1.1.1 (2017-07) 9 1 Scope The present document specifies a Virtual Machine which is intended for inclusion in the implementation of digital television receivers and Set Top Boxes, and w
28、hich is able to provide a secured environment for executing Conditional Access kernel or Digital Rights Management client applications. The intention is to provide a uniform execution environment in which such clients can operate in the knowledge that minimum ECI Host performance requirements are me
29、t, that a standard API is provided to be used for retrieval of essential security data from content (i.e. encapsulated with content) or via external networks (e.g. the Internet) and where resources can be accessed from the ECI Host environment in a standardized way. The presence and use of the VM al
30、lows to exchange CA/DRM clients at will and to support multiple simultaneous instances of such clients in ECI Hosts so that users and operators are not tied in to a particular content protection provider and that they can use security solutions of different types to suit differing content types. For
31、 Content Protection system providers, it ensures the availability of a known execution platform that does not require specific integration with any and every vendor of ECI Host devices. 2 References 2.1 Normative references References are either specific (identified by date of publication and/or edi
32、tion number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. Referenced documents which are not found to be publicly available in the expected lo
33、cation might be found at http:/docbox.etsi.org/Reference. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are necessary for the application of the present document. 1 ETSI GS
34、ECI 001-3: “Embedded Common Interface (ECI) for exchangeable CA/DRM solutions; Part 3: CA/DRM Container, Loader, Interfaces, Revocation“. 2 “Tool Interface Standard (TIS) Executable and Linking Format (ELF) Specification, version 1.2“, TIS Committee, 1995. NOTE: Available at https:/refspecs.linuxfou
35、ndation.org/elf/elf.pdf. 2.2 Informative references References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced d
36、ocument (including any amendments) applies. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are not necessary for the application of the present document but they assist the u
37、ser with regard to a particular subject area. i.1 ISO/IEC 9899: “Information technology - Programming Languages - C“, ISO/IEC JTC1/SC22 WG14. i.2 ETSI GR ECI 004: “Embedded Common Interface (ECI) for exchangeable CA/DRM solutions; Guidelines for the implementation of ECI“. ETSI ETSI GS ECI 001-4 V1.
38、1.1 (2017-07) 10 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the following terms and definitions apply: bytecode: code of ECI Client (typically comprising a Conditional Access kernel or Digital Rights Management client) that is executed by the VM content
39、 protection system: system that uses cryptographic techniques to manage access to digital content NOTE: Typically, a content protection system is either a conditional access system or a digital rights management system. Customer Premises Equipment (CPE): customer device that provides ECI specified d
40、ecryption and encryption functions ECI (Embedded CI): architecture and the system specified in the ETSI ISG “Embedded CI“, which allows the development and implementation of software-based swappable ECI Clients in customer premises equipment (CPE) and thus provides interoperability of CPE devices wi
41、th respect to ECI ECI Client (Embedded CI Client): implementation of a CA/DRM client which is compliant with the ECI specifications ECI Host: hardware and software system of a CPE, which covers ECI related functionalities and has interfaces to an ECI Client ecosystem: content and system environment
42、in which the Virtual Machine described in the present document exists NOTE: It takes into account the wider perspective of content preparation, delivery, authorization, etc. and is not limited to a specific device or implementation. interface specification: wrapper document that describes the extens
43、ion, restrictions or any other modifications to the present document that are required to meet the specific needs of a wider ecosystem in which the VM is required to operate native code: programmatic code written in the native executable instruction set of the ECI Host processor sandbox: application
44、 execution environment limiting application access to only those resources defined by the sandbox API VM Instance: instantiation of VM established by an ECI Host that appears to an ECI Client as an execution environment to run in 3.2 Abbreviations For the purposes of the present document, the follow
45、ing abbreviations apply: API Application Programming Interface CA Conditional Access CI Common InterfaceCP Content Protection CPU Central Processing Unit DRM Digital Rights ManagementELF Executable and Linkable Format EPG Electronic Programme Guide ID Identification/Identity/Identifier OS Operating
46、System PC Program CounterPOSIX Portable Operating System Interface RISC Reduced Instruction Set Computer VM Virtual Machine ETSI ETSI GS ECI 001-4 V1.1.1 (2017-07) 11 4 Conceptual principles 4.1 The Virtual Machine as a CPU In essence, the Virtual Machine (VM) comprises a virtual CPU with its own co
47、de and data memory and a set of system interfaces that provide access to hardware features of the ECI Host machine. The emulated CPU executes code in the manner of a virtual 32-bit CPU, and the code it executes is called bytecode in the present document. Since the VM is a simulation of a general pur
48、pose RISC processor it is able to execute a variety of applications. 4.2 Characteristics of the Virtual Machine The VM shall provide a single-process, single-threaded environment. The interface to the ECI Host hardware and other functions is provided in the form of a standard library of calls, terme
49、d SYSCALLs. The SYSCALL instruction is one of the customized instructions of the VM and it is generally executed after preparing the parameters required by the library routine (i.e. passed in “registers“ of the VM). All interaction between the ECI Client and the ECI Host is achieved through this operation. No interrupt architecture is defined and, once started, the ECI Client runs to completion. Therefore, there is no opportunity to invoke calls into the VM. Whilst restricting flexibility to a certain extent, this is outweighed by the enhanced control of the VM exe