Currently, after several years of promotion and implementation, the "Golden Tax Project" in China has achieved tremendous economic and social benefits nationwide. The most important aspect of the Golden Tax Project is the protection of data in the invoicing system. To prevent the invoicing system from being infected by viruses or deliberately damaged, most units are required to use dedicated machines to ensure the security and stability of the system. However, with the in-depth promotion of the "Golden Tax Project," some urgent problems have also been exposed: First, due to the State Taxation Administration's requirement that enterprises' anti-counterfeiting tax control invoicing systems be "dedicated to specific purposes," the anti-counterfeiting tax control equipment and computers purchased by enterprises at a cost of over 10,000 yuan can only be used for issuing value-added tax invoices, resulting in a huge waste of resources. Second, with the application of technologies such as electronic tax filing and export tax refunds in enterprises, as well as the digitalization of enterprise financial management, all of these rely on computer processing. This inevitably leads to enterprises needing to invest in another computer for financial personnel to handle this work, which is a redundant investment for enterprises. Finally, the anti-counterfeiting tax control system and data, financial software and data, and electronic tax filing system and data are all important enterprise data. How to ensure their security and prevent system crashes or even the loss of important data due to errors by financial personnel or viruses, thus affecting the normal operation of the enterprise, is a critical issue.
Hardware implementation of financial and tax security card
The working process and principle of the financial and tax security card are as follows: Utilizing the extended ROM mechanism of the PCI bus, an extended program is embedded on the security card. Through the CH365's local 8-bit bus, it takes over and extends the BIOS's INT13H interrupt, monitoring system read and write operations in real time. Filtering is performed according to settings to ensure the security of read and write operations, achieving hard drive isolation and multi-purpose functionality. Relevant hard drive system boot partition information can be stored in the EEPROM through the CH365's two-wire serial host interface, achieving dynamic partitioning of hard drive space, dividing a single hard drive into multiple isolated and non-interfering hard drive spaces.
Figure 1: Hardware circuit diagram of the financial and tax security card
The PCI bus protocol is quite complex, and users can choose the appropriate development method based on their specific needs. Generally, PCI bus development uses two approaches:
One approach is to use a CPLD to design the control interface. Its biggest advantage is its flexibility; users can develop chips tailored to specific functions without having to implement all PCI functionalities. Many manufacturers of programmable logic devices, such as Xilinx's LogiCore and Altera's AMPP, offer rigorously tested PCI interface modules, allowing users to simply combine them in their design. However, due to the complexity of the PCI bus protocol, designing a PCI control interface is quite difficult and costly, especially for small-scale projects with tight deadlines.
Secondly, general-purpose PCI interface chips are used, such as the CH365 from Nanjing Qinheng, the AMCCS5920 and AMCCS5933 from AMCC, and the PLX9054 and PLX9080 from PLX. Dedicated chips can realize the complete functions of the PCI host module and target module, converting the complex PCI bus interface into a relatively simple user interface. Users only need to design the converted bus interface, which can implement all the hardware interface signals and configuration space registers required by the PCI specification. Dedicated interface chips have lower cost and versatility, effectively reducing the difficulty of interface design, shortening development time, and achieving better data transmission performance.
The second method is suitable for small-scale applications, effectively shortening development time and reducing costs. Therefore, the CH365 PCI interface chip was chosen for the design of the financial and tax security card. The CH365 is a general-purpose interface chip that connects to the PCI bus, supporting I/O port mapping, memory mapping, extended ROM, and interrupts. It converts the slave device interface based on the 32-bit PCI bus into an active parallel interface: 8-bit data, 16-bit address, I/O read and write, and memory read and write. It supports low-level active local interrupt requests and interrupt sharing. It supports I/O ports up to 240 bytes in length. It supports local hardware addressing, allowing free selection of I/O addresses and implementation of I/O ports at specified addresses. The hardware circuit diagram of the financial and tax security card based on the CH365 is shown in Figure 1.
In this design, the memory used is Winbond's W27C512, with a capacity of 64K. A larger memory, such as 128K, is selected based on the size of the security card's expansion program. The EEPROM is Atmel's AT24C02, which supports write protection to effectively prevent information tampering. The core hardware circuit components of the financial and tax security card in Figure 1 are the PCI interface chip CH365, W27C512, and AT24C02. Some pins of the CH365 are directly connected to the gold fingers (the connection point between the circuit board and the slot).
The CH365 is connected to the ROM chip U2 (27C512) via MEM_RD. The CH365 supports EPROM and flash memory with capacities of 32KB or 64KB. If SYS_EX is used for the A16 address line, the maximum capacity can reach 128KB. Normally, the CH365 directly supports a 32KB extended ROM (i.e., the capacity of the 27C256 chip), but a 64KB ROM chip can be supported by controlling the A15 address line in the extended ROM program. An optional pull-down resistor R1 is used to set the CH365's operating mode. In the diagram, data line D0 is connected to the pull-down resistor, so after system reset, address line A15 is low, thus selecting the lower 32KB of U2 (offset address 0000H~7FFFH). When the higher 32KB of U2 needs to be read (offset address 8000H~0FFFFH), the higher byte of the ROM can be accessed by resetting the A15 address line by writing bit 0 of the chip control register.
Figure 2: CH365 read/write timings
Additionally, the contents of the PCI extended ROM are typically copied to RAM by the BIOS, so the CH365's extended ROM base address needs to be set to remap U2 to memory space. The CH365 connects to the EPPROM chip U3 (model AT24C02) via SYS_EX. The CH365's SCL signal line can be either SYS_EX or A15; the default selection after system reset is A15. Typically, SYS_EX is used when A15 is used as an address line; otherwise, A15 is used. Because the SDA signal line is also the data line D7, to prevent unnecessary malfunctions due to SDA changes during SCL high-level periods, the SCL signal line (SYS_EX or A15) is usually kept low after system reset using operating mode settings. The CH365's two-wire serial interface uses a 7-bit device address, allowing multiple devices to be connected simultaneously. Bits 7 to 1 of the device address and command register are 7-bit device address bits used to select the slave device; bit 0 is the command bit, set to 0 for a write operation and set to 1 for a read operation. In this design, a device is connected, and the relevant hard drive boot partition information is stored via data cable D7. Simultaneously, the "LOCK" signal enables write protection of the device to prevent information tampering. The CH365 read/write timings are shown in Figure 2.
Tax Security Card Extension Program Design
The extended ROM in a PC is essentially an electronic disk. If a bootloader and application programs are written into it, even without a hard drive and operating system, the bootloader and applications in the extended ROM can control the computer to perform certain functions. For example, hard drive-less PCs are used in industrial control to control external devices and workflows.
The financial and tax security card utilizes an extended ROM on the PCI bus. Through a specific extended boot application, it effectively takes over and controls the hard drive boot process when the computer starts up, dynamically dividing the hard drive into multiple isolated, non-interfering hard drive spaces. Users can then boot into the appropriate system and use the corresponding space according to their needs. The extended boot application mainly includes a PC boot control takeover module, a dynamically isolated hard drive space module, and a multi-system boot module (which includes an I2C read/write module). By enriching the extended boot application, functions such as BIOS-level system partition backup, system data backup, and system copying can be achieved.
1. Implementation of PC boot control takeover
During a PC's BIOS self-test, after the hardware devices pass the test normally, the system boot control is handed over to the floppy disk, hard drive, or optical drive according to the user-specified boot order. Taking booting from the C drive as an example, the system BIOS will read and execute the Master Boot Record (MBR) on the hard drive. The MBR then finds the first active partition from the partition table, and then reads and executes the partition boot record of this active partition. The partition boot record is responsible for reading and executing IO.SYS, which is the most basic system file for DOS and Windows 9x.
The extended ROM program gains initial CPU control, modifies the system bootstrap interrupt INT19 to ensure it is initialized before booting the operating system, rewrites the new INT19 interrupt service routine, and uses the INT7B interrupt vector as the return address. BOOT_ROM_INIT: PUSH DX; saves register PUSH BX; MOV DH, 80H; bit 7 set to 1 for automatic detection of the motherboard BIOS; MOV DL, 0FFH; specifies the initialization method, 0FFH for automatic detection; MOV BX, OFFSET ROM_INT19; specifies the offset address of the new INT19 program; _ROM_INT19, CALL INIT_ROM; ROM initialization routine, returning DL as the actual initialization method used; POP BX POP DX RETF; returns after ROM initialization, must be a remote return.
2. Implementation of Dynamically Isolated Hard Disk Space
The hard drive features "AddressOffsetMode" and "SetMax" can be used to effectively reduce hard drive space and dynamically isolate the hard drive space. This involves setting the maximum logical block address (LBA) by obtaining the base address of the hard drive's I/O port. Traditional methods of reducing hard drive space use hidden partitions, achieved by modifying the system flags in the system partition table. This method has low security, cannot effectively isolate the hard drive, and fails to meet security requirements for financial and tax purposes.
3. Implementation of Multi-System Boot Module
Multi-system booting selects the appropriate system and bootloader based on the user's choice of boot program. This differs from the original multi-boot (logically isolated) system bootloader, which is a simple single-partition, single-system boot mode. It reads the boot record of the active partition of the hard drive to boot the system, and the active partition is relatively fixed. The rewritten system bootloader implements a multi-partition, multi-system boot mode, treating any partition of the hard drive as the active partition and reading its boot record to boot the system. This design uses a multi-boot information sector loading process to verify data validity and dynamically sets hard drive partition information during the loading process.
References:
[1] Li Guishan, Qi Dehu. PCI Local Bus Developer's Guide. Xi'an: Xi'an University of Electronic Science and Technology Press, 2001.
[2]PCILocalBusSpecificationRevision2.2December18,1998
[3] Chinese manual for PCI bus interface chip CH365. Nanjing Qinheng Electronics Co., Ltd., 2001
