CN105608345A - Stm32 boot program encryption method - Google Patents
Stm32 boot program encryption method Download PDFInfo
- Publication number
- CN105608345A CN105608345A CN201510973902.8A CN201510973902A CN105608345A CN 105608345 A CN105608345 A CN 105608345A CN 201510973902 A CN201510973902 A CN 201510973902A CN 105608345 A CN105608345 A CN 105608345A
- Authority
- CN
- China
- Prior art keywords
- stm32
- encryption
- aes
- program
- encrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 29
- 230000005540 biological transmission Effects 0.000 abstract 1
- 238000013461 design Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 2
- 238000007630 basic procedure Methods 0.000 description 1
- 238000000151 deposition Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000003860 storage Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
Abstract
The invention provides an Stm32 boot program encryption method. The method comprises the following steps: when an stm32 program has an encryption demand, encrypting an original bin file by adopting an AES encryption algorithm and performing decryption according to an encryption rule in a boot program downloading process, wherein in an AES encryption process, a BIN file is generated for a program code and encrypted once through the AES encryption algorithm to obtain another BIN file. According to the method, an encrypted Bootloader is used for client upgrading, a ciphertext program is sent to a user, and the upgrading is performed in the position of the user; and the encryption can prevent program leakage in a transmission process.
Description
Technical field
The present invention relates to computer realm, be specifically related to a kind of method that Stm32 boot is encrypted.
Background technology
STM32 series is based on aiming at the Embedded Application specialized designs that requires high-performance, low cost, low-power consumptionARMCortex-0 kernel, at present the boot (bootloader) of STM32 does not generally have and addsClose function, or adopt DES algorithm to be encrypted stm32bootloader. Unencrypted Stm32Bootloader downloading mode is commonplace, but because bootloader does not relate to encryption, program is downloadedIn process, increase the stolen risk of code, safe not; Consider the reason of security risk, thoughSo adopt the method for des encryption can reduce security risk, but adopt des encryption algorithm to stm32The encryption efficiency of bootloader is not high.
Summary of the invention
The invention discloses a kind of method that Stm32 boot is encrypted, comprise the steps:
In the time that stm32 program has encryption requirements, adopt AES AES to be encrypted former bin file,In boot downloading process, be decrypted according to encryption rule;
Wherein, carrying out in the process of AES encryption, generating after BIN file at program code, then by BINFile, by AES AES, is encrypted and is once obtained another one BIN file.
In the method for encrypting in above-mentioned Stm32 boot, AES AES has 128,192, and 256The encryption key pair of position.
In the method for encrypting in above-mentioned Stm32 boot, before former bin file is encrypted, firstBoot, encryption key pair and application firmware are programmed in single-chip microcomputer.
In the method for encrypting in above-mentioned Stm32 boot, AES AES adopts IAR compiling, andByte is less than 2K.
In the present invention, adopt aes algorithm to be encrypted Stm32Bootloader, ciphertext programIssue user, ability updating client after user must be decrypted, encryption can prevent in transmitting procedureProgram leaks out, and efficiency is also higher simultaneously.
Detailed description of the invention
In the following description, having provided a large amount of concrete details manages the present invention more thoroughly to provideSeparate. But, it is obvious to the skilled person that the present invention can be without one orMultiple these details and being implemented. In other example, for fear of obscuring with the present invention,Be not described for technical characterictics more well known in the art.
In order thoroughly to understand the present invention, will detailed step and detailed knot be proposed in following descriptionStructure, to explain technical scheme of the present invention. Preferred embodiment of the present invention is described in detail as follows, butExcept these are described in detail, the present invention can also have other embodiments.
Stm32f107bootload introduces: be responsible for detecting in SD card whether have firmware more by BootloaderNew required BIN file. If needed BIN file detected, start xcopy and upgrade solidPart. The address that jumps to appointment after renewal finishes starts to carry out up-to-date program. The inner FLASH's of STM32Initial address is 0X08000000, Bootloader program file just from then on address start to write, deposit APPThe first address of program is arranged on immediately following after Bootloader. In the time that program starts to carry out, first moveBe Bootloader program, now Bootloader detects the BIN file in SD card and is copied toAPP region is upgraded firmware, and firmware also needs to jump to APP program and starts to carry out new after upgrading and finishingProgram, complete this last this step and will understand the interrupt vector table of Cortex-M3. After program starts, willFirst take out reset interrupt vector execution reset interrupt program from " interrupt vector table " and complete startup, when multiplePosition interrupt routine has moved the rear main function that just jumps to. As can be seen here, in the in the end design of a stepNeed, according to initial address and the interrupt vector table of depositing APP program, stack top address is set, and obtainReset interrupt address jumps to reset interrupt program. Next start routine analyzer design procedure.
Bootloader programming basic procedure is as follows:
1, detect and have the mark that need not upgrade, user can customize. Such as read flash positionThe byte of storage is position as a token of.
2, upgrade as needed, call the FLASH program polishing-shoes personal code work part of STM32.
3, by new bin file, (i.e. the direct programming of 2 system file is entered, the hex that keil need to be generatedFile is converted to bin file, then stores in the flash of external expansion) be written to that STM32 carriesIn FLASH, go, remembeing need to be consistent with the personal code work memory block of above-mentioned setting.
4, jump to again user program after being updated successfully.
In above-mentioned process, user program should be noted that a bit, in need to resetting before program operationDisconnected vector table, that is: NVIC_SetVectorTable ().
The problem dangerous for current Stm32bootload or encryption efficiency is lower, in this present inventionA kind of method that provides Stm32 boot to encrypt, concrete scheme is as follows: when stm32 program (exampleAs stm32f207 program) while thering is encryption requirements, adopt AES AES to carry out former bin fileEncrypt, in boot downloading process, be decrypted according to encryption rule, so that program upgrade is pacified moreEntirely, general; Wherein, carrying out in the process of AES encryption, generating after BIN file at program code,Again BIN file is passed through to AES AES, encrypt and once obtain another one BIN file. Like this,In the time that the APP program that will download must be encrypted, in BOOT, APP district is write in deciphering, and others is just like thisCan not write one section of code and read stm32 program. The feature of AESBootloader is: application is simple,Encryption is high, has the encryption key pair of 128,192,256; Code is little, with IAR compiling, is less than2K; Transfer rate is fast.
In using method 1. production processes, first bootloader, encryption key pair and application firmware are compiledJourney is in single-chip microcomputer. Bootloader receives actual firmware (initially) and it is programmed into FlashIn, at this moment need key to decipher the data of receiving. Locking bit is set up the firmware that ensures single-chip microcomputer insideThe safety of program. 2. product is by shipping or be sold in user's hand, and locking bit continues to ensure single-chip microcomputer firmwareThe safety of program. 3. after redaction program completes, need to be to product up-gradation, firmware program is dealt into after encryptingDealer. If there is no key, the firmware after encryption is utterly useless, even if propagation software is (as from warpIn pin business's hard disk, copy) do not have any impact yet. 4. dealer upgrades in stock's product and user's handProduct. The firmware downloads of encrypting is also deciphered in single-chip microcomputer, and locking bit continues to work, and ensures upgradingThe safety of rear program.
AES encryption standard has solved des encryption algorithm and has suffered to attack the leak occurring, and has moreHigh efficiency obtains applying more widely in the application of AVR single-chip microcomputer Bootloader.
For example: the code of 64K, adopt 115200bps in baud rate, under system clock 3.69MHz,
-AES128:27
-AES192:30
-AES256:33
(by contrast, the cipher mode of DES is slow many:
TypicalUpdateTimesofa16-KBApplication,IncludingTransferofData,Decryption
andProgrammingofFlashMemory
–DES,115200Bauds,16MHzTargetFrequency:20Seconds
–3DES,115200Bauds,16MHzTargetFrequency:50Seconds)
Advantage: the Bootloader of encryption is used in the upgrading of client, and ciphertext program is issued to user,Upgrade at user place, encryption can prevent that transmitting procedure Program from leaking out.
Above preferred embodiment of the present invention is described. It will be appreciated that, the present invention does not limit toIn above-mentioned specific implementations, the equipment of wherein not describing in detail to the greatest extent and structure are construed as uses this areaIn common mode implemented; Any those of ordinary skill in the art, are not departing from the technology of the present inventionIn scheme scope situation, all can utilize the method for above-mentioned announcement and technology contents to do technical solution of the present inventionGo out many possible variations and modification, or be revised as the equivalent embodiment of equivalent variations, this does not affect thisEssence of an invention content. Therefore, every content that does not depart from technical solution of the present invention, according to of the present inventionTechnical spirit, to any simple modification made for any of the above embodiments, equivalent variations and modification, all still belongs to thisIn the scope of invention technical scheme protection.
Claims (4)
1. the method that Stm32 boot is encrypted, is characterized in that, comprises the steps:
In the time that stm32 program has encryption requirements, adopt AES AES to be encrypted former bin file,In boot downloading process, be decrypted according to encryption rule;
Wherein, carrying out in the process of AES encryption, generating after BIN file at program code, then by BINFile, by AES AES, is encrypted and is once obtained another one BIN file.
2. the method that Stm32 boot as claimed in claim 1 is encrypted, is characterized in that, AES addsClose algorithm has 128,192, the encryption key pair of 256.
3. the method that Stm32 boot as claimed in claim 2 is encrypted, is characterized in that, rightBefore former bin file is encrypted, first boot, encryption key pair and application firmware are programmed into listIn sheet machine.
4. the method that Stm32 boot as claimed in claim 1 is encrypted, is characterized in that, AES addsClose algorithm adopts IAR compiling, and byte is less than 2K.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510973902.8A CN105608345A (en) | 2015-12-21 | 2015-12-21 | Stm32 boot program encryption method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510973902.8A CN105608345A (en) | 2015-12-21 | 2015-12-21 | Stm32 boot program encryption method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105608345A true CN105608345A (en) | 2016-05-25 |
Family
ID=55988274
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510973902.8A Pending CN105608345A (en) | 2015-12-21 | 2015-12-21 | Stm32 boot program encryption method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105608345A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106055932A (en) * | 2016-05-26 | 2016-10-26 | 东莞博力威电池有限公司 | MCU program anti-plagiarizing method and system with Boost loader function |
| CN109858267A (en) * | 2019-02-15 | 2019-06-07 | 深圳忆联信息系统有限公司 | The automatic encryption method of firmware, device and computer equipment based on solid state hard disk |
| CN110737448A (en) * | 2018-09-05 | 2020-01-31 | 杭州瑞彼加医疗科技有限公司 | firmware encryption system containing microcontroller and firmware protection and upgrade method thereof |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE102007059798B3 (en) * | 2007-12-11 | 2009-04-09 | Ascolab Gmbh | Executable program code i.e. executable file, coding method for computer, involves combining chains of sequential instructions to code fragments, and coding and storing detected code fragments belonging to methods in program library |
| CN101968844A (en) * | 2010-10-13 | 2011-02-09 | 深圳市华域软件有限公司 | Software encryption method |
-
2015
- 2015-12-21 CN CN201510973902.8A patent/CN105608345A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE102007059798B3 (en) * | 2007-12-11 | 2009-04-09 | Ascolab Gmbh | Executable program code i.e. executable file, coding method for computer, involves combining chains of sequential instructions to code fragments, and coding and storing detected code fragments belonging to methods in program library |
| CN101968844A (en) * | 2010-10-13 | 2011-02-09 | 深圳市华域软件有限公司 | Software encryption method |
Non-Patent Citations (1)
| Title |
|---|
| 曹玉晓等: "一种基于CPUID和AES算法的STM32固件升级方案", 《电子技术应用》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106055932A (en) * | 2016-05-26 | 2016-10-26 | 东莞博力威电池有限公司 | MCU program anti-plagiarizing method and system with Boost loader function |
| CN110737448A (en) * | 2018-09-05 | 2020-01-31 | 杭州瑞彼加医疗科技有限公司 | firmware encryption system containing microcontroller and firmware protection and upgrade method thereof |
| CN110737448B (en) * | 2018-09-05 | 2023-08-11 | 杭州瑞彼加医疗科技有限公司 | Firmware encryption system comprising microcontroller and firmware protection and upgrading method thereof |
| CN109858267A (en) * | 2019-02-15 | 2019-06-07 | 深圳忆联信息系统有限公司 | The automatic encryption method of firmware, device and computer equipment based on solid state hard disk |
| CN109858267B (en) * | 2019-02-15 | 2021-06-08 | 深圳忆联信息系统有限公司 | Firmware automatic encryption method and device based on solid state disk and computer equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11550962B2 (en) | Secure processor and a program for a secure processor | |
| KR102217501B1 (en) | Mobile device with trusted execution environment | |
| KR101735023B1 (en) | Method and apparatus including architecture for protecting sensitive code and data | |
| EP3320478B1 (en) | Secure handling of memory caches and cached software module identities for a method to isolate software modules by means of controlled encryption key management | |
| RU2541196C2 (en) | Method of providing software integrity | |
| US20110317831A1 (en) | Protecting video content using virtualization | |
| US9256731B2 (en) | System, information processing apparatus, secure module, and verification method | |
| JP2007233426A (en) | Application execution device | |
| CN105608345A (en) | Stm32 boot program encryption method | |
| JP5316592B2 (en) | Secure processor program | |
| JP5365664B2 (en) | Secure processor | |
| US9507955B2 (en) | System and method for executing code securely in general purpose computer | |
| WO2019147288A1 (en) | Data protection in a pre-operating system environment | |
| US20240089259A1 (en) | Remote authorization control system, resource access apparatus, authentication apparatus, remote authorization control method and program | |
| US20100162397A1 (en) | Apparatus and method for protecting asset in computer system | |
| JP2009301566A (en) | Secure processor and program for the same | |
| JP2009301565A (en) | Secure processor |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160525 |
|
| RJ01 | Rejection of invention patent application after publication |