Abstract: With the rapid development of information technology, information security is becoming more and more important. As the core component of information system, the security of processor plays an important role in system security. Building a secure and trusted execution environment on the processor is an important method to improve the security of processor. However, many security technologies still rely on independent security chip, such as trusted platform module (TPM) and trusted cryptography module (TCM). In recent years, the root of security, which is the security basis of computer system, has gradually shifted to the processor. In this paper, the security enhancement technologies of on-chip security subsystem are discussed. Firstly, the architecture of the security processor is studied. Secondly, the components of the security subsystem such as processor core, interconnection network, storage, cipher module, are researched. At the same time, the system security protection technologies such as key management, life-cycle management, secure boot, and physical attack resistant schemes are also realized. Finally, a security subsystem for desktop processors is implemented and analyzed.

Key words: security subsystem, random behavior, key management, life-cycle management, secure boot, physical attack resistant