CN101025770A - Method for starting protected partition - Google Patents
Method for starting protected partition Download PDFInfo
- Publication number
- CN101025770A CN101025770A CNA2006100077691A CN200610007769A CN101025770A CN 101025770 A CN101025770 A CN 101025770A CN A2006100077691 A CNA2006100077691 A CN A2006100077691A CN 200610007769 A CN200610007769 A CN 200610007769A CN 101025770 A CN101025770 A CN 101025770A
- Authority
- CN
- China
- Prior art keywords
- storage section
- secure storage
- sinit
- instruction
- completeness check
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention is a method for starting protected partitions, comprising the steps of: loading at least safety initialization instruction in safety initialization instruction and domain manager into first safety storage region; preparing and executing safety entrance instruction of a processor; loading the safety initialization instruction from the first safety storage region and making integrity check and after the integrity check passes, running the safety initialization instruction and storing the integrity check value into the first or second safety storage region; loading the domain manager from the first safety storage region or storage medium of a storage domain manager into the first or second safety storage region and then making integrity check and storing the corresponding integrity value into the first or second safety storage region; calling the domain manager for initialization to manage the protected partitions. And the method can assure the safety in the course of starting the protected partitions.
Description
Technical field
The present invention relates to the startup of computer system subregion, particularly relate to a kind of method that starts protected partition.
Background technology
Along with computing machine important effect of play more and more in current society, it will inevitably handle some extremely sensitive and secret information more.These information have higher value usually, are the targets of computer hacker's very attractive.And to the attack of subscriber's computer system, be to attack frequency or the difficulty of screening all increases constantly; And scholarly forecast, this attack future also with sustainable growth.
Though firewall software, virus scanning software, encryption software and other some fail-safe softwares provide some protections, the solution of these softwares can only be avoided the attack of other softwares (may be malice) by the software that a large amount of work protects some to follow them to have identical or higher Permission Levels.So the safeguard measure of pure software will be subjected to bigger restriction.
TPM (Trusted Platform Module) is called trusted platform module, and it is a built-in firmware in the cryptographic algorithm chip on the mainboard, is a microcontroller that is used for storage key, password and digital certificate.It is fixed on the mainboard of PC usually, need also can be applied to any computing equipment of its corresponding function.Information inside the characteristic of this microcontroller has guaranteed to be stored in can be avoided the attack of software, prevents to obtain top information by stealing physically, thereby makes the superincumbent information of storage safer.Some need the process of safeguard protection, such as digital signature and key change, can be protected by TPM.If start-up course does not meet expection, the data and the secret of then visiting on this platform all can be rejected.Thereby make the application and the performance of some keys, as the Email of safety, the access to netwoks of safety, and this locality of data protection all can be therefore and safer.
After the system boot of operating system had been installed, that at first start was TPM.In a single day system powers up, the TPM chip will be checked Basic Input or Output System (BIOS) (BIOS) immediately and comprise the ROM as system, the related hardware of Main Boot Record of hardware driving (MBR) and partition table, and their cryptographic hash is stored in the platform configuration register (PCR) of TPM.These values will compare with the value of the startup record of preserving, if the result produces contradiction, TPM does not just allow system partitioning is conducted interviews; If pass through relatively, TPM will allow start-up course to proceed.Next, Main Boot Record (MBR) can be controlled the startup process, and its specified activities subregion loads first sector in Installed System Memory, afterwards by starting sector control.
LT (LaGrande Technology) technology is meant the nextport hardware component NextPort of a series of increased functionality, and they are designed to help to protect responsive information to avoid attack from software.The LT characteristic has comprised the characteristic on microprocessor, chipset, I/O subsystem and some other platform assembly.When the LT technology and support the operating system of LT technology and use in conjunction with the time, it can be subjected to helping under more and more environment that threaten the security and the integrality of protected data in security.LT technical support guiding starts the process of shielded subregion, and this process is utilized the back Starting mode of LT technology, is supported in to start shielded subregion under the situation that does not restart computing platform.And under the standard that the operates in subregion that original software can not made an amendment.
As shown in Figure 1, LT supports to switch to safe Windows partition by normal Windows partition.Usually starting shielded subregion is the request of being sent by the operating system of supporting the LT characteristic; then memory headroom is divided into a series of shielded memory headrooms; and be denoted as protected; then with domain manager (Domain Manager; DM) be loaded in the memory headroom of appointment; and (Authenticated Code, AC) module is registered to pass through authentication code.
For supporting this switching, the LT chipset provides new instruction, its secure launch process as shown in Figure 2, concrete steps are as follows:
1. the security initialization instruction (SINIT) of processor and DM are loaded in the middle of the internal memory, processor is carried out initialization;
2. carry out safe entry instruction (SENTER), behind this instruction operation in the former processor all activities such as computing all stop, preparing to enter shielded subregion;
3. 1. processor goes on foot from the and loads the SINIT instruction the described internal memory, and instruction authenticates to SINIT to utilize the PKI of processor producer, starts the SINIT instruction by authenticating the back;
4. whether the configuration of SINIT command detection main hardware is correct, is to move in shielded zone at this moment, will be stored in the corresponding platform configuration register of TPM (PCR) through the integrity check value of the instruction of the SINIT after the authentication simultaneously;
5. SINIT instruction is carried out completeness check to the DM that 1. goes on foot in the internal memory, by after call DM, and the integrity check value of DM also is stored among the corresponding PCR of TPM;
6. DM carries out initialization, and the power of will operating is given DM, manages shielded memory partitioning by DM.
In above-mentioned start-up course, the purpose that SINIT carries out is to detect the hardware of incorrect configuration; The SENTER process is used for guaranteeing not starting and disturbs; The verification of DM is meant by SENTER carries out verification operation to DM, detects distorting domain manager; Registration DM is meant that SENTER stores the proof test value of DM among the TPM into; Authentication code is used for detecting incorrect hardware configuration, and comprising chipset, after chipset configuration was verified, internal memory was just trusted; Authentication code adopts the private key of unsymmetrical key to sign by chipset producer, and during authentication, authentication code PKI by digital signature in special hardware protection zone authenticates.
Notice in the top process; load SINIT and DM process and have security breaches: because 1. the go on foot the SINIT instruction and DM is placed in the middle of the not shielded region of memory; therefore Virus may be attacked it; like this when 3. go on foot verification SINIT integrity check value and and 5. go on foot verification DM integrity check value; it can't can't enter the secure operating system state forever by verification under the situation that does not restart computing platform.
In view of this, need be in starting the process of protected partition, providing further protection to SINIT instruction and DM, thus strengthen the security of whole startup protected partition method.
Summary of the invention
The objective of the invention is; a kind of method that starts protected partition is provided; solve the storage area that starts protected partition process security initialization instruction and domain manager loading in the prior art and be subjected to the software virus attack easily, thereby influence the problem of whole starting process security.
To achieve these goals, the method for startup protected partition of the present invention may further comprise the steps:
Step 100, with in security initialization instruction and the domain manager at least security initialization instruction be loaded into first secure storage section;
The safe entry instruction of processor is prepared and carried out to step 110;
Step 120 loads security initialization instruction and carries out completeness check from first secure storage section, passes through back security of operation initialization directive at completeness check, and integrity check value is stored in first or second secure storage section;
Step 130, carry out completeness check after from first secure storage section or from the storage medium of storage domain manager, domain manager being loaded into first or second secure storage section, and integrity check value is stored in first or second secure storage section;
Step 140 is called domain manager and is carried out initialization, manages shielded subregion.
The another kind of method that starts protected partition of the present invention may further comprise the steps:
Step 200 is carried out initialization to processor, prepares and carry out safe entry instruction;
Step 210, with in security initialization instruction and the domain manager at least security initialization instruction send to first secure storage section, utilize hash algorithm to carry out completeness check, and integrity check value be stored in first or second secure storage section;
Step 220 loads security initialization instruction from storage medium, carry out the completeness check authentication of authentication code mode, starts security initialization instruction by the back, and with in integrity check value storage first or second secure storage section;
Step 230 is loaded into first or second secure storage section with domain manager, carries out completeness check, by after call domain manager, and integrity check value is stored in first, second or the 3rd secure storage section;
Step 240 is called domain manager and is carried out initialization, manages shielded memory partitioning.
Compared with prior art; the invention has the beneficial effects as follows: on the basis of the method for original startup protected partition; by when loading SINIT and DM, utilizing hash algorithm that it is carried out completeness check; guarantee the SINIT that loads and the integrality of DM; further; by in the storage area of safety, carrying out the completeness check of SINIT and DM; and integrity check value is stored in the secure storage section; can make its attack of avoiding Virus, thereby guarantee to start the security of protected partition process.
Description of drawings
Fig. 1 shows in the LT technology by normal Windows partition and switches to system schematic behind the shielded Windows partition;
Fig. 2 shows the process flow diagram that prior art starts the method for protected partition;
Fig. 3 starts the process flow diagram of the 1st example of the method for security partitioning in the save memory for the present invention;
Fig. 4 starts the process flow diagram of the 2nd example of the method for security partitioning in the save memory for the present invention;
Fig. 5 starts the process flow diagram of the 3rd example of the method for security partitioning in the save memory for the present invention;
Fig. 6 carries out the process flow diagram of method of the startup protected partition of completeness check to SINIT and DM in TPM for the present invention;
Fig. 7 starts the flow process of being carried out completeness check in the method for protected partition by TPM for the present invention, wherein, proof test value is stored in the register of reserving in CPU or the chipset hardware;
Fig. 8 starts the flow process of being carried out completeness check in the protected partition method by TPM for the present invention, and wherein, proof test value is stored in the register of reserving among the TPM;
Fig. 9 starts in the protected partition method to be come SINIT is carried out completeness check by TPM for the present invention, carries out the flow process of DM completeness check then in the internal memory that empties.
Embodiment
Understand and implement the present invention for the ease of those of ordinary skills, describe the method for the startup protected partition based on the LT technology of the present invention with reference to the accompanying drawings.
In the present invention,, two kinds of solutions have been proposed in order to fill up the leak of prior art when starting security partitioning, that is, and the internal memory isolation method that the back will be described respectively and two kinds of methods of TPM complete verification.
The internal memory isolation method
For the internal memory isolation method, the present invention physically provides special memory headroom at internal memory, and this space can only be visited by the specific hardware instruction of CPU, and software can't use this memory headroom.Said specific hardware instruction can only be by LT instruction calls such as corresponding SINIT.For convenience of description, follow-up this special memory headroom is called the save memory.
Above-mentioned save memory can be realized by following method:
At first some address wire (as low side address wire or chip selection signal line) to internal memory increases steering logic when carrying out address decoding, and steering logic judges that whether present instruction is the LT instruction, if then allow visit, otherwise does not allow visit.There is certain restriction this part address to the visit from CPU, keeps for special instruction access.Then, the unloading phase of BIOS, these memory headrooms that are subjected to special instruction visit protection are assigned to specific instruction and use.
By above-mentioned implementation method, the save memory of Fen Peiing just can only be by the LT instruction control like this, thereby prevents the content of its storage of attack of external code.
Illustrate that below with reference to Fig. 3 to Fig. 5 the present invention adopts the save memory to start the method for security partitioning.
Fig. 3 starts the process flow diagram of the 1st example of the method for security partitioning in the save memory for the present invention.As shown in Figure 3, the present invention's method of starting protected partition may further comprise the steps:
1) at first utilize hash algorithm that SINIT instruction and the DM that is stored in hard disk or other storage mediums carried out completeness check.
2) SINIT instruction or DM by completeness check are loaded in the middle of the save memory, processor is carried out initialization.If DM is excessive, so only load the SINIT instruction.
3) carry out the SENTER instruction, behind this instruction operation in the former processor all activities such as computing all stop, preparing to enter shielded environment.
4) processor is the 2nd) load the SINIT instruction in the save memory in step, instruction authenticates to SINIT to utilize the PKI of processor producer, starts the SINIT instruction by authenticating the back.
5) whether the configuration of SINIT command detection main hardware is correct, is to move in the save memory at this moment, will be stored in the corresponding platform configuration register of TPM through the integrity check value of the instruction of the SINIT after the authentication simultaneously, empties the internal memory in save memory.Notice that the completeness check of indication starts in the security partitioning method completeness check that the authentication code mode is carried out in to SINIT instruction for existing LT technology in this step 5), and adopt hash algorithm different in the step 1) the completeness check mode that SINIT and DM carry out.
6) if DM loads, then SINIT instruction is to the 2nd) DM in the step save memory carries out completeness check, completeness check by after call DM, and the integrity check value of DM also is stored among the corresponding PCR of TPM; Otherwise again DM is carried out completeness check after DM called in the save memory, completeness check by after call DM, and the integrity check value of DM also is stored among the corresponding PCR of TPM.Notice that the completeness check of indication starts the completeness check that in the security partitioning method DM is carried out the authentication code mode for existing LT technology in this step 6), and adopt hash algorithm different in the step 1) the completeness check mode that SINIT and DM carry out.
7) DM carries out initialization, and the power of will operating is given DM, manages shielded memory partitioning by DM.
In above-mentioned the 1st example,, can guarantee that the SINIT and the DM that are loaded are complete SINIT and DM by before loading SINIT and DM, utilizing hash algorithm that it is carried out completeness check.And, be stored among the specific PCR of TPM by the SINIT of completeness check and the integrity check value of DM, can avoid its integrality in start-up course to be damaged.Therefore, can further improve the reliability of SINIT and DM.
In the flow process of above-mentioned the 1st example, can do following modification or variation:
A. after in step 1), carrying out the completeness check of SINIT and DM, also can be stored in the specific save memory, because can think that SINIT and the DM of this moment are complete.
B. when any one is not by completeness check among SINIT and the DM, can adopt the mode of automatic reparation that it is repaired.So-called automatic reparation is to realize that by SINIT or the DM that covers destroy integrity with the SIINIT of backup in computer system and DM SINIT instruction and the integrality of DM on storage medium before guaranteeing to load are avoided by virus or hack tool attack.
C. SINIT and DM can carry out completeness check simultaneously in the step 1), can carry out verification to DM again to the SINIT completeness check and after loading;
D. above-mentioned steps 5) and step 6) in SINIT and the integrity check value of DM can be stored among the specific PCR among the TPM, can be stored in the above-mentioned save memory is that this part zone is unaffected when emptying the internal memory in save memory in the respective regions of its distribution.
Fig. 4 starts the process flow diagram of the 2nd example of the method for security partitioning in the save memory for the present invention.As shown in Figure 4, this method specifically may further comprise the steps:
Step 41 unloading phase of BIOS, is respectively SINIT and DM and distributes corresponding save memory, that is, and and SINIT save memory and DM save memory;
Step 42 is loaded into SINIT save memory and DM save memory with SINIT and DM;
Step 43 respectively in SINIT save memory and DM save memory, utilizes hash algorithm that SINIT and DM are carried out completeness check, and proof test value is stored in SINIT save memory and DM save memory respectively;
Step 44, the Safety Sweep instruction SCLEAR of operation LT, this instruction empties other region of memorys outside the save memory;
Step 45 is enabled SINIT and DM successively, and after DM carried out initialization, the power of will operating was given DM, manages shielded subregion by DM.
Process flow diagram from Fig. 4 as can be seen; compare with the method for startup protected partition among Fig. 2; the present invention starts in the method for protected partition; SINIT and DM are loaded into SINIT save memory and DM save memory into its distribution respectively; and in SINIT save memory and DM save memory, carry out completeness check respectively, then proof test value is stored in respectively in SINIT save memory and the DM save memory.Can effectively avoid SINIT and DM to be subjected to virus attack, improve the reliability of SINIT and DM.
And; here; can carry out completeness check and replace in the existing method that starts protected partition completeness check being carried in SINIT in the save memory and DM by adopting hash algorithm SINIT and DM; omitted the completeness check second time in the 1st example; thereby; under the situation of the integrality that guarantees SINIT and DM, simplified the process that starts protected partition.
Certainly, can after from the save memory, loading SINIT and/or DM, have the completeness check that is adopted in the method for startup protected partition, not be damaged with the integrality of SINIT and DM in the further assurance loading procedure.
Fig. 5 starts the process flow diagram of the 3rd example of the method for security partitioning in the save memory for the present invention.When the memory headroom that needs as DM is bigger, load DM after SINIT can be loaded earlier.As shown in Figure 5, for loading the example of DM behind the loading SINIT of elder generation, this method specifically may further comprise the steps:
Step 51 unloading phase of BIOS, is respectively SINIT storage allocation reserved area, that is, and and the SINIT save memory;
Step 52 is loaded into the SINIT save memory with SINIT, utilizes hash algorithm that SINIT is carried out completeness check, and proof test value is kept at the SINIT save memory;
Step 53, the Safety Sweep instruction SCLEAR of operation LT, this instruction empties other region of memorys outside the SINIT save memory;
Step 54 is called SINIT from the SINIT save memory, start SINIT;
Step 55 is loaded into a certain memory headroom after emptying with DM, utilizes hash algorithm that DM is carried out completeness check, be kept at proof test value in this memory headroom or the corresponding PCR of TPM in, enable DM then;
Step 56, after DM carried out initialization, the power of will operating was given DM, manages shielded subregion by DM.
For the 3rd example, above-mentioned steps can be carried out following modification and variation:
A. in the step 54, after calling SINIT, can be at first with step 52 in proof test value compare, under the situation of unanimity, start SINIT.
B. in the step 52, after loading SINIT, can not utilize hash algorithm that SINIT is carried out completeness check, and after it is called from the SINIT save memory, carry out completeness check again, and integrity check value is stored among the corresponding PCR of TPM, perhaps in the SINIT save memory.
The verification of TPM complete
The foregoing description is described at the method for the startup protected partition of the completeness check that carries out SINIT and DM in the save memory, below with reference to embodiment the method for the startup protected partition that carries out completeness check in TPM is described.
As shown in Figure 6, for the present invention carries out the process flow diagram of method of the startup protected partition of completeness check to SINIT and DM in TPM, the method includes the steps of:
Step 61 is carried out initialization to processor, prepares to carry out the SENTER instruction;
Step 62 is carried out the SENTER instruction, behind this instruction operation in the former processor all activities such as computing all stop, preparing to enter shielded environment;
Step 63, utilize the TPM_HASH instruction to send to TPM SINIT instruction or DM, utilize hash algorithm that its integrality is carried out verification by TPM, and proof test value is stored in TPM or the CPU corresponding registers, thereby the integrality of SINIT or DM before guaranteeing to load, avoid being attacked,, so only load the SINIT instruction if DM is excessive by virus or hack tool;
Step 64, processor directly load the SINIT instruction from hard disk or other storage mediums, and instruction authenticates to SINIT to utilize the PKI of processor producer, starts the SINIT instruction by authenticating the back;
Step 65, whether the configuration of SINIT command detection main hardware is correct, is to move in special shielded zone at this moment, will be stored among the corresponding PCR of TPM through the integrity check value of the instruction of the SINIT after the authentication simultaneously, empties internal memory;
Step 66, SINIT instruction load DM carries out completeness check to DM, by after call DM, and the integrity check value of DM also is stored among the corresponding PCR of TPM;
Step 67, DM carries out initialization, and the power of will operating is given DM, manages shielded memory partitioning by DM.
In the said method, the key of TPM complete verification is because TPM inside has the hashing algorithm module, and implementation is finished at chip internal fully, therefore the outside can't be surveyed, and the completeness check of SINIT and DM can be transferred to TPM to the Hash instruction of TPM and is finished by being sent by hardware.
For said method, there is the corresponding scheme of modifying or changing:
Can before initialization processor, carry out the completeness check of SINIT and DM, promptly, before initialization processor, simultaneously or in TPM, carry out the completeness check of SINIT and DM successively, integrity check value is stored in respectively in the register predetermined among processor or the TPM;
Then, after initialization processor, carry out the SENTER instruction, instruction authenticates to SINIT to utilize the PKI of processor producer, starts the SINIT instruction by authenticating the back;
Next, SINIT instruction calls DM, DM carries out initialization, and the power of will operating is given DM, manages shielded memory partitioning by DM.
In the said method, different according to the value storage zone after SINIT and the DM verification, and the zone that DM is loaded into is different, is divided into 3 different flow processs again, respectively as Fig. 7, Fig. 8 and shown in Figure 9.
Wherein, Fig. 7 represents, in CPU or chipset hardware, reserve the check register of SINIT and DM, when needs carry out completeness check to SINIT and DM, send corresponding TPM Hash instruction by CPU or chipset, come SINIT and DM are carried out completeness check by TPM, the check register of the value storage after the verification at SINIT and DM, and after SINIT and DM need not being loaded into internal memory, in internal memory, finish completeness check by CPU.
Fig. 8 represents, when needs carry out completeness check to SINIT and DM, issue TPM by CPU or the corresponding TPM Hash instruction of chipset, come SINIT and DM are carried out completeness check by TPM, and proof test value is stored in the corresponding register of TPM inside, read the benchmark proof test value of preserving in advance then and verify its integrality.
Fig. 9 represents that under the bigger situation of DM file, with TPM it being carried out verification needs for a long time, thereby, can carry out completeness check to SINIT earlier.When SINIT is carried out completeness check, send corresponding TPM Hash instruction by CPU or chipset, directly use TPM that SINIT is carried out completeness check, proof test value is stored in the register of TPM inside, read corresponding proof test value then and verify its integrality.After having verified the integrality of SINIT, enter the SENTER stage, start SINIT, empty internal memory, DM is loaded in the internal memory that empties, DM is carried out completeness check, and operation.
In sum, the present invention starts in the protected partition method, and SINIT and DM load and verification is all carried out at the storage area of safety, may attack it thereby make it avoid Virus, thereby guarantee the security of startup protected partition process.
It should be noted that the computer system of indication in the present invention, refer to some systems like this, such as desk-top computer, notebook computer, server, top setting box or some other similar equipment based on processor.In specific embodiments of the invention, described computer system comprises the processor of supporting the LT technology usually.But it is pointed out that the present invention can be applied to some other computer system that contains the processor of supporting similar secured computing environment fully.
Claims (10)
1. method that starts protected partition may further comprise the steps:
Step 100, with in security initialization instruction and the domain manager at least security initialization instruction be loaded into first secure storage section;
The safe entry instruction of processor is prepared and carried out to step 110;
Step 120 loads security initialization instruction and carries out completeness check from first secure storage section, passes through back security of operation initialization directive at completeness check, and integrity check value is stored in first or second secure storage section;
Step 130, carry out completeness check after from first secure storage section or from the storage medium of storage domain manager, domain manager being loaded into first or second secure storage section, and integrity check value is stored in first or second secure storage section;
Step 140 is called domain manager and is carried out initialization, manages shielded subregion.
2. the method for claim 1 is characterized in that, before step 100 security initialization instruction and the domain manager that is stored in the storage medium is carried out completeness check.
3. method as claimed in claim 1 or 2 is characterized in that, between step 100 and 110 security initialization instruction at least that is loaded in first secure storage section is carried out completeness check, and integrity check value is stored in first secure storage section.
4. as each described method in the claim 1 to 3, it is characterized in that, between step 120 and 130, the security initialization instruction at least that is loaded in first secure storage section is carried out completeness check, and integrity check value is stored in first secure storage section.
5. as each described method in the claim 1 to 4, it is characterized in that first secure storage section is the save memory, second secure storage section is PCR predetermined among the TPM.
6. as each described method in the claim 1 to 4, it is characterized in that above-mentioned completeness check is the completeness check of authentication code mode or the completeness check that utilizes hash algorithm.
7. method that starts protected partition may further comprise the steps:
Step 200 is carried out initialization to processor, prepares and carry out safe entry instruction;
Step 210, with in security initialization instruction and the domain manager at least security initialization instruction send to first secure storage section, utilize hash algorithm to carry out completeness check, and integrity check value be stored in first or second secure storage section;
Step 220 loads security initialization instruction from storage medium, carry out the completeness check authentication of authentication code mode, starts security initialization instruction by the back, and with in integrity check value storage first or second secure storage section;
Step 230 is loaded into first or second secure storage section with domain manager, carries out completeness check, by after call domain manager, and integrity check value is stored in first, second or the 3rd secure storage section;
Step 240 is called domain manager and is carried out initialization, manages shielded memory partitioning.
8. in accordance with the method for claim 7, it is characterized in that described first secure storage section is TPM.
9. method as claimed in claim 7 is characterized in that, described second secure storage section is the predetermined register of processor.
10. method as claimed in claim 7 is characterized in that, described the 3rd secure storage section is the save memory.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006100077691A CN100504897C (en) | 2006-02-20 | 2006-02-20 | Method for starting protected partition |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006100077691A CN100504897C (en) | 2006-02-20 | 2006-02-20 | Method for starting protected partition |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101025770A true CN101025770A (en) | 2007-08-29 |
| CN100504897C CN100504897C (en) | 2009-06-24 |
Family
ID=38744063
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2006100077691A Active CN100504897C (en) | 2006-02-20 | 2006-02-20 | Method for starting protected partition |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100504897C (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103679037A (en) * | 2013-12-05 | 2014-03-26 | 长城信息产业股份有限公司 | Asymmetric encryption authentication method and embedded device based on asymmetric encryption authentication |
| CN105046116A (en) * | 2015-06-25 | 2015-11-11 | 上海斐讯数据通信技术有限公司 | Method for protecting dex file from being decompiled in Android system |
| CN105786588A (en) * | 2016-02-22 | 2016-07-20 | 中南大学 | Remote authentication method for cleanroom trusted virtual machine monitor |
| CN106415587A (en) * | 2014-05-30 | 2017-02-15 | 微软技术许可有限责任公司 | Data transfer service |
| CN108369558A (en) * | 2015-11-25 | 2018-08-03 | 罗伯特·博世有限公司 | Method for running microcontroller |
| CN108932249A (en) * | 2017-05-24 | 2018-12-04 | 华为技术有限公司 | A kind of method and device managing file system |
| CN109542518A (en) * | 2018-10-09 | 2019-03-29 | 华为技术有限公司 | The method of chip and bootrom |
| CN110298145A (en) * | 2019-06-28 | 2019-10-01 | 兆讯恒达微电子技术(北京)有限公司 | A kind of firmware program loading guard method based on public key cryptography algorithm |
| CN111399926A (en) * | 2018-12-13 | 2020-07-10 | 北汽福田汽车股份有限公司 | Method and device for downloading starting program |
-
2006
- 2006-02-20 CN CNB2006100077691A patent/CN100504897C/en active Active
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103679037B (en) * | 2013-12-05 | 2017-09-26 | 长城信息产业股份有限公司 | Asymmetric encryption authentication method and the embedded device based on asymmetric encryption certification |
| CN103679037A (en) * | 2013-12-05 | 2014-03-26 | 长城信息产业股份有限公司 | Asymmetric encryption authentication method and embedded device based on asymmetric encryption authentication |
| CN106415587B (en) * | 2014-05-30 | 2019-04-30 | 微软技术许可有限责任公司 | Method and system for data transmission |
| CN106415587A (en) * | 2014-05-30 | 2017-02-15 | 微软技术许可有限责任公司 | Data transfer service |
| CN105046116B (en) * | 2015-06-25 | 2018-07-31 | 上海斐讯数据通信技术有限公司 | Protect dex files not by the method for decompiling in android system |
| CN105046116A (en) * | 2015-06-25 | 2015-11-11 | 上海斐讯数据通信技术有限公司 | Method for protecting dex file from being decompiled in Android system |
| CN108369558A (en) * | 2015-11-25 | 2018-08-03 | 罗伯特·博世有限公司 | Method for running microcontroller |
| CN105786588A (en) * | 2016-02-22 | 2016-07-20 | 中南大学 | Remote authentication method for cleanroom trusted virtual machine monitor |
| CN108932249A (en) * | 2017-05-24 | 2018-12-04 | 华为技术有限公司 | A kind of method and device managing file system |
| CN108932249B (en) * | 2017-05-24 | 2021-02-12 | 华为技术有限公司 | Method and device for managing file system |
| CN109542518A (en) * | 2018-10-09 | 2019-03-29 | 华为技术有限公司 | The method of chip and bootrom |
| CN111399926A (en) * | 2018-12-13 | 2020-07-10 | 北汽福田汽车股份有限公司 | Method and device for downloading starting program |
| CN110298145A (en) * | 2019-06-28 | 2019-10-01 | 兆讯恒达微电子技术(北京)有限公司 | A kind of firmware program loading guard method based on public key cryptography algorithm |
| CN110298145B (en) * | 2019-06-28 | 2022-03-18 | 兆讯恒达科技股份有限公司 | Firmware program loading protection method based on public key cryptographic algorithm |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100504897C (en) | 2009-06-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100504897C (en) | Method for starting protected partition | |
| US9547772B2 (en) | Secure vault service for software components within an execution environment | |
| US9489512B2 (en) | Trustzone-based integrity measurements and verification using a software-based trusted platform module | |
| CN105205401B (en) | Trusted computer system and its trusted bootstrap method based on security password chip | |
| US7725703B2 (en) | Systems and methods for securely booting a computer with a trusted processing module | |
| CN102103673B (en) | Providing integrity verification and attestation in a hidden execution environment | |
| US8909940B2 (en) | Extensible pre-boot authentication | |
| US8201239B2 (en) | Extensible pre-boot authentication | |
| US8923520B2 (en) | System and method for recovery key management | |
| US20030196100A1 (en) | Protection against memory attacks following reset | |
| US7624261B2 (en) | Secure booting of an electronic apparatus with SMP architecture | |
| CN102298529B (en) | Providing silicon integrated code for a system | |
| US20140325239A1 (en) | System and method for validating program execution at run-time using control flow signatures | |
| US20090282268A1 (en) | Cross validation of data using multiple subsystems | |
| US20080278285A1 (en) | Recording device | |
| CN103080904A (en) | Providing a multi-phase lockstep integrity reporting mechanism | |
| CN112182560B (en) | Efficient isolation method, system and medium for Intel SGX interior | |
| CN113486360B (en) | RISC-V based safe starting method and system | |
| US8108905B2 (en) | System and method for an isolated process to control address translation | |
| KR102579861B1 (en) | In-vehicle software update system and method for controlling the same | |
| Ma et al. | Booting IoT Terminal Device Securely with eMMC | |
| CN115221499A (en) | Information processing apparatus, control method thereof, and storage medium | |
| EP4285259A1 (en) | Secure in-service firmware update |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |