CN108229173B - System starting method and device - Google Patents
System starting method and device Download PDFInfo
- Publication number
- CN108229173B CN108229173B CN201611146818.XA CN201611146818A CN108229173B CN 108229173 B CN108229173 B CN 108229173B CN 201611146818 A CN201611146818 A CN 201611146818A CN 108229173 B CN108229173 B CN 108229173B
- Authority
- CN
- China
- Prior art keywords
- digital signature
- rom
- operating system
- partition
- verification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/4401—Bootstrapping
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44505—Configuring for program initiating, e.g. using registry, configuration files
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Storage Device Security (AREA)
- Stored Programmes (AREA)
Abstract
The disclosure relates to a system booting method and device, which are used for improving the security of an operating system. The method comprises the following steps: running an operating system ROM boot program; the operating system ROM bootstrap program is preset with system partition verification information; traversing a system partition where an operating system is located through the ROM bootstrap program of the operating system; performing security verification on the operating system by traversing the system partition and utilizing the system partition verification information; and when the security verification is passed, starting the operating system.
Description
Technical Field
The present disclosure relates to the field of communications and computer processing, and in particular, to a method and apparatus for system booting.
Background
With the development of electronic technology, mobile terminals have been widely used. Each large mobile terminal manufacturer has released multiple models of mobile terminals each year. The operating system is the core of the mobile terminal. The security of operating systems has also become a focus of attention in the industry.
Disclosure of Invention
To overcome the problems in the related art, the present disclosure provides a method and apparatus for system booting.
According to a first aspect of the embodiments of the present disclosure, there is provided a method for system startup, including:
running an operating system ROM boot program; the operating system ROM bootstrap program is preset with system partition verification information;
traversing a system partition where the operating system is located through the operating system ROM bootstrap program;
performing security verification on the operating system by traversing the system partition and utilizing the system partition verification information;
and when the security verification is passed, starting the operating system.
The technical scheme provided by the embodiment of the disclosure can have the following beneficial effects: in the embodiment, the security verification is performed on the operating system by using the system partition verification information before the operating system is started, and the operating system is started when the verification is passed, so that the security of the operating system is increased, and the possibility of tampering the operating system is reduced.
In one embodiment, the performing security verification on the operating system by traversing the system partition by using the system partition verification information includes:
generating a first digital signature according to an operating system by traversing the system partition;
matching the generated first digital signature with a second digital signature; the system partition verification information is the second digital signature;
and when the generated first digital signature is matched and consistent with the second digital signature, determining that the security verification is passed.
The technical scheme provided by the embodiment of the disclosure can have the following beneficial effects: according to the embodiment, the first digital signature is generated while the system partition is traversed, so that the processing efficiency is improved. So that the verification process has little impact on the boot time of the operating system.
In one embodiment, the generating a first digital signature from an operating system comprises:
generating a first digital signature according to the file position information of the operating system;
the system partition verification information is a digital signature generated in advance according to the file location information of the first version of the operating system, namely a second digital signature.
The technical scheme provided by the embodiment of the disclosure can have the following beneficial effects: in the embodiment, the first digital signature is generated through the file position information of the operating system, so that the process of generating the first digital signature can be simplified, and whether the operating system is modified or not can be checked through whether the position is modified or not, thereby improving the safety.
In one embodiment, the second digital signature is stored in a system partition in which the operating system resides.
The technical scheme provided by the embodiment of the disclosure can have the following beneficial effects: the embodiment stores the second digital signature in the system partition, which not only facilitates reading the second digital signature during verification, but also facilitates updating the second digital signature during updating of the operating system.
In one embodiment, prior to running the operating system ROM boot program, the method further comprises:
running a ROM program;
traversing the ROM partition by running the ROM program; the ROM program is preset with ROM partition verification information;
performing security verification on an operating system ROM bootstrap program by traversing a ROM partition and utilizing the ROM partition verification information;
and starting the ROM bootstrap program of the operating system when the security verification is passed.
The technical scheme provided by the embodiment of the disclosure can have the following beneficial effects: according to the embodiment, the security verification is carried out on the operating system ROM bootstrap program before the operating system ROM bootstrap program is started, and the operating system ROM bootstrap program is started when the verification is passed, so that the security of the operating system ROM bootstrap program is increased, and the possibility that the operating system ROM bootstrap program is tampered is reduced.
In one embodiment, the performing security verification on the operating system ROM boot program by traversing the ROM partition includes:
generating a third digital signature according to an operating system ROM boot program by traversing the ROM partition;
matching the generated third digital signature with a fourth digital signature; the ROM partition verification information is the fourth digital signature;
and when the generated third digital signature is matched and consistent with the fourth digital signature, determining that the security verification is passed.
The technical scheme provided by the embodiment of the disclosure can have the following beneficial effects: the third digital signature is generated while the ROM partition is traversed, and the processing efficiency is improved. So that the verification process has little impact on the boot time of the operating system.
In one embodiment, the generating a third digital signature from an operating system ROM boot program comprises:
generating a third digital signature according to the file position information of the ROM bootstrap program of the operating system;
the ROM partition verification information is a digital signature generated in advance according to the position information of the ROM boot program file of the initial version operating system, namely a fourth digital signature.
The technical scheme provided by the embodiment of the disclosure can have the following beneficial effects: in the embodiment, the third digital signature is generated through the file position information of the operating system ROM bootstrap program, so that the process of generating the third digital signature can be simplified, and whether the operating system ROM bootstrap program is modified or not can be checked through whether the position is modified or not, so that the safety is improved.
In one embodiment, the fourth digital signature is stored in the ROM partition.
The technical scheme provided by the embodiment of the disclosure can have the following beneficial effects: the fourth digital signature is stored in the system partition, so that the fourth digital signature is convenient to read during verification and update during updating of the operating system.
According to a second aspect of the embodiments of the present disclosure, there is provided a system startup apparatus, including:
the loading operation module is used for operating the ROM bootstrap program of the operating system; the operating system ROM bootstrap program is preset with system partition verification information;
the system traversing module is used for traversing the system partition where the operating system is located through the ROM bootstrap program of the operating system;
the system verification module is used for performing security verification on the operating system by traversing the system partition and utilizing the verification information of the system partition;
and the system starting module is used for starting the operating system when the security verification passes.
In one embodiment, the system verification module comprises:
the first generation submodule is used for generating a first digital signature according to an operating system by traversing the system partition;
a first matching sub-module, configured to match the generated first digital signature with a second digital signature; the system partition verification information is the second digital signature;
and the first determining sub-module is used for determining that the security verification is passed when the generated first digital signature is matched and consistent with the second digital signature.
In one embodiment, the first generation submodule generates a first digital signature according to file location information of an operating system; the system partition verification information is a digital signature generated in advance according to the file location information of the first version of the operating system, namely a second digital signature.
In one embodiment, the second digital signature is stored in a system partition in which the operating system resides.
In one embodiment, the apparatus further comprises:
the ROM operation module is used for operating the ROM program;
the ROM traversing module is used for traversing the ROM partitions by running the ROM programs; the ROM program is preset with ROM partition verification information;
the loading verification module is used for performing security verification on the ROM bootstrap program of the operating system by traversing the ROM partition and utilizing the verification information of the ROM partition;
and loading a starting module for starting the ROM bootstrap program of the operating system when the security verification is passed.
In one embodiment, the load verification module comprises:
the second generation submodule is used for generating a third digital signature according to an operating system ROM bootstrap program by traversing the ROM partition;
a second matching sub-module, configured to match the generated third digital signature with a fourth digital signature; the ROM partition verification information is the fourth digital signature;
and the second determining sub-module is used for determining that the security verification is passed when the generated third digital signature is matched and consistent with the fourth digital signature.
In one embodiment, the second generation submodule generates a third digital signature according to file location information of the operating system ROM boot program; the ROM partition verification information is a digital signature generated in advance according to the position information of the ROM boot program file of the initial version operating system, namely a fourth digital signature.
In one embodiment, the fourth digital signature is stored in the ROM partition.
According to a third aspect of the embodiments of the present disclosure, there is provided a system startup apparatus, including:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to:
running an operating system ROM boot program; the operating system ROM bootstrap program is preset with system partition verification information;
traversing a system partition where an operating system is located through the ROM bootstrap program of the operating system;
performing security verification on the operating system by traversing the system partition and utilizing the system partition verification information;
and starting the operating system when the safety verification is passed.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure.
FIG. 1 is a flow diagram illustrating a method of system startup in accordance with an exemplary embodiment.
FIG. 2 is a flow diagram illustrating a method of system startup in accordance with an exemplary embodiment.
FIG. 3 is a flowchart illustrating a method of system startup in accordance with an exemplary embodiment.
FIG. 4 is a flow diagram illustrating a method of system startup in accordance with an exemplary embodiment.
FIG. 5 is a block diagram illustrating a system-initiated apparatus in accordance with an exemplary embodiment.
FIG. 6 is a block diagram illustrating a system verification module in accordance with an exemplary embodiment.
FIG. 7 is a block diagram illustrating a system-initiated apparatus in accordance with an exemplary embodiment.
FIG. 8 is a block diagram illustrating a load verification module in accordance with an illustrative embodiment.
FIG. 9 is a block diagram illustrating an apparatus in accordance with an example embodiment.
FIG. 10 is a block diagram illustrating an apparatus in accordance with an example embodiment.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the disclosure, as detailed in the appended claims.
In the related art, a factory version ROM (firmware code memory) program, a factory version operating system ROM boot program (bootloader), and a factory version operating system are installed in a mobile terminal before shipment. And performing starting test on the operating system, and if the operating system can be started, passing the test. After the test is passed, the ROM program of the formal version, the ROM bootstrap program of the operating system of the formal version and the operating system of the formal version are reinstalled.
The factory ROM program and the factory operating system ROM bootstrap program are simplified versions, only whether the operating system can be started is verified, and safety check is not carried out on the operating system. The system can be illegally stolen and installed by others, and the safety is not high.
In order to solve the problem, the embodiment adds a verification process for the operating system so as to improve the security and reduce the possibility of being embezzled and tampered by others.
Fig. 1 is a flow chart illustrating a method of system startup, which may be implemented by a mobile terminal, as shown in fig. 1, according to an exemplary embodiment, including the steps of:
in step 101, an operating system ROM boot program is run. The operating system ROM bootstrap program is preset with system partition verification information.
In step 102, the operating system ROM boot program traverses the system partition in which the operating system resides.
In step 103, the operating system is securely verified by traversing the system partition using the system partition verification information.
In step 104, the operating system is started when the security verification is passed.
When the security verification fails, the operating system is not started, and an alarm prompt or automatic shutdown can be sent out.
The embodiment improves the ROM bootstrap program of the operating system, and the ROM bootstrap program of the operating system realizes the safety verification of the operating system.
In the embodiment, when the mobile terminal is started or restarted, the ROM bootstrap program of the operating system is operated. And performing security verification on the operating system by using the system partition verification information through an operating system ROM bootstrap program, and starting the operating system when the security verification is passed. The safety is improved. If others steal the operating system, the security can not pass the verification. And if the card is tampered, the security authentication cannot be passed. In addition, in the embodiment, the security verification is performed on the operating system by using the system partition verification information when traversing the system partition, and the two processes are performed synchronously, so that the starting time of the operating system is hardly influenced. The treatment efficiency is improved.
In one embodiment, step 103 comprises: step a 1-step A3.
In step A1, a first digital signature is generated from the operating system by traversing the system partition.
In step a2, the generated first digital signature is matched with a second digital signature. The system partition verification information is the second digital signature.
In step a3, when the generated first digital signature matches and matches the second digital signature, it is determined that the security verification is passed.
In this embodiment, when the operating system is installed, the operating system is packaged. While packaging, a second digital signature is generated. The second digital signature and the packaged operating system are both written to the system partition. When the mobile terminal is started or restarted, the system partition is traversed, and whether the data of the operating system is complete or not is checked. Meanwhile, traversing the system partition is also a process of generating the first digital signature. And matching the generated first digital signature with a second digital signature stored in advance. And if the matching is consistent, the security verification is passed. The operating system may be started. If the matching is inconsistent, the security verification fails, the operating system is not started, and the system can be automatically shut down. If the operating system is tampered, the first digital signature generated according to the tampered operating system will not match the second digital signature. Therefore, the embodiment can improve the safety, and can timely find the tampering and make the tampering impossible to use normally.
In one embodiment, step a1 includes:
generating a first digital signature according to the file position information of the operating system;
the system partition verification information is a digital signature generated in advance according to the file location information of the first version operating system, namely a second digital signature.
In the embodiment, the first digital signature is generated through the file position information of the operating system, so that the process of generating the first digital signature can be simplified, and whether the operating system is modified or not can be checked through whether the position is modified or not, so that the safety is improved.
In one embodiment, step a1 includes: step a 11.
In step a11, a first digital signature is generated based on the operating system and the existing first public key.
The present embodiment employs an asymmetric encryption algorithm. And when the operating system is installed, generating a second digital signature according to a preset first private key and the operating system. And generating a first digital signature according to the operating system and the existing first public key during security verification. The first digital signature and the second digital signature are encrypted, so that the safety is improved, and the possibility of being tampered is reduced. Even if tampered, the security authentication is not passed.
In one embodiment, the first public key and the second digital signature are stored in a system partition in which an operating system resides.
The operating system is updated continuously in the later period, so that the second digital signature needs to be regenerated according to the updated operating system, so that the operating system can be normally subjected to security verification after being updated. Storing the second digital signature in the system partition facilitates updating of the second digital signature.
In one embodiment, prior to running the operating system ROM boot program, the method further comprises: step B1-step B4.
In step B1, the ROM program is run.
In step B2, the ROM partition is traversed by running the ROM program. The ROM program is preset with ROM partition verification information.
In step B3, the operating system ROM boot is securely authenticated using the ROM partition authentication information by traversing the ROM partition.
In step B4, the operating system ROM boot program is started upon passing of the security verification.
The foregoing embodiments enable secure authentication of an operating system. In order to further improve the security, the embodiment improves the ROM program, and the ROM program realizes the security verification of the operating system ROM boot program. In this embodiment, after the mobile terminal is powered on or restarted, the security verification is also performed on the ROM bootstrap program of the operating system. And performing security verification on the operating system ROM bootstrap program through the ROM program, and starting the operating system ROM bootstrap program when the security verification is passed. The safety is improved. If others steal the ROM bootstrap program of the operating system, the security can not pass the verification. And if the card is tampered, the security authentication cannot be passed. In addition, in the embodiment, the security verification is performed on the operating system ROM boot program when the ROM partition is traversed, the two processes are performed synchronously, and the starting time of the operating system ROM boot program is hardly influenced. The processing efficiency is improved.
In one embodiment, step B3 includes: step B31-step B33.
In step B31, a third digital signature is generated from the operating system ROM boot program by traversing the ROM partition.
In step B32, the generated third digital signature is matched with a fourth digital signature. The ROM partition verification information is the fourth digital signature.
In step B33, when the generated third digital signature matches and matches the fourth digital signature, it is determined that the security verification is passed.
In this embodiment, the operating system ROM boot program is packaged when installed. While packaging, a fourth digital signature is generated. The fourth digitally signed and packaged operating system ROM boot program is both burned into the ROM partition. When the mobile terminal is started or restarted, the ROM partition is traversed, and whether the data of the ROM bootstrap program of the operating system is complete or not is checked. Traversing the ROM partition is also a process of generating a third digital signature. And matching the generated third digital signature with a pre-stored fourth digital signature. And if the matching is consistent, the security verification is passed. The operating system ROM boot program may be started. If the matching is inconsistent, the security verification fails, the ROM bootstrap program of the operating system is not started, and the automatic shutdown can be realized. If the operating system ROM boot program is tampered with, the third digital signature generated from the tampered operating system ROM boot program will not match the fourth digital signature. Therefore, the embodiment can improve the safety, can timely discover the tampering and can not be normally used.
In one embodiment, step B31 includes:
generating a third digital signature according to the file position information of the ROM bootstrap program of the operating system;
the ROM partition verification information is a digital signature generated in advance according to the position information of the boot program file of the initial version operating system ROM, namely a fourth digital signature.
In one embodiment, step B31 includes: and step B311.
In step B311, a third digital signature is generated based on the operating system ROM boot program and the existing second public key.
The present embodiment employs an asymmetric encryption algorithm. And when the operating system is installed, generating a fourth digital signature according to a preset second private key and an operating system ROM bootstrap program. And generating a third digital signature according to the operating system and the existing second public key during security verification. The third digital signature and the fourth digital signature are encrypted, so that the safety is improved, and the possibility of being tampered is reduced. Even if tampered, the security authentication is not passed.
In one embodiment, the second public key and the fourth digital signature are stored in a ROM partition.
The operating system ROM boot is typically not updated at a later time, and therefore the fourth digital signature is not updated. The second public key and the fourth digital signature are stored in the ROM partition and are not easy to modify. The safety is improved.
The implementation is described in detail below by way of several embodiments.
Fig. 2 is a flow chart illustrating a system-initiated method, which may be implemented by a mobile terminal, as shown in fig. 2, according to an exemplary embodiment, including the steps of:
in step 201, an operating system ROM boot program is run.
In step 202, the operating system is traversed by the operating system ROM boot program to the system partition in which the operating system resides.
In step 203, a first digital signature is generated from the operating system by traversing the system partition.
In step 204, the generated first digital signature is matched with a second digital signature. And when the generated first digital signature is matched and consistent with the second digital signature, determining that the security verification is passed. When the security verification passes, continue to step 205; when the security authentication is not passed, step 206 is continued.
In step 205, the operating system is started.
In step 206, the operating system is automatically powered off without booting.
Fig. 3 is a flow chart illustrating a system-initiated method, which may be implemented by a mobile terminal, as shown in fig. 3, according to an exemplary embodiment, including the steps of:
in step 301, the ROM program is run.
In step 302, the ROM partition is traversed by running the ROM program.
In step 303, the operating system ROM boot is securely verified by traversing the ROM partition. If the security authentication fails, proceed to step 304; when the security authentication is passed, step 305 is continued.
In step 304, the operating system ROM boot program is automatically powered off without being booted.
In step 305, the operating system ROM boot program is started.
In step 306, the operating system ROM boot program is run.
In step 307, the operating system ROM boot program traverses the system partition in which the operating system resides.
In step 308, a first digital signature is generated from the operating system and the existing first public key by traversing the system partition.
In step 309, the generated first digital signature is matched with a second digital signature. And when the generated first digital signature is matched and consistent with the second digital signature, determining that the security verification is passed. When the security verification passes, continue to step 310; when the security authentication is not passed, step 311 is continued.
In step 310, the operating system is started.
In step 311, the operating system is not started and the system is automatically powered off.
Fig. 4 is a flow chart illustrating a system-initiated method, which may be implemented by a mobile terminal, as shown in fig. 4, according to an exemplary embodiment, including the steps of:
in step 401, a ROM program is run.
In step 402, the ROM partition is traversed by running the ROM program.
In step 403, a third digital signature is generated from the operating system ROM boot by traversing the ROM partition.
In step 404, the generated third digital signature is matched with a fourth digital signature. And when the generated third digital signature is matched and consistent with the fourth digital signature, determining that the security verification is passed. And when the generated third digital signature is matched with the fourth digital signature in a non-matching way, determining that the security verification is not passed. If the security authentication is not passed, continue to step 405; when the security authentication passes, step 406 continues.
In step 405, the operating system ROM boot is not started and is automatically shut down.
In step 406, the operating system ROM boot program is started.
In step 407, the operating system ROM boot program is run.
In step 408, the operating system is traversed by the operating system ROM boot program to the system partition in which the operating system resides.
In step 409, the operating system is securely verified by traversing the system partition using the system partition verification information. When the security verification passes, continue to step 410; when the security authentication is not passed, step 411 is continued.
In step 410, the operating system is started.
In step 411, the operating system is automatically powered off without being started.
The above embodiments can be combined in various ways according to actual needs.
The implementation of the system start-up, which is implemented by a mobile terminal or a computer, is known from the above description, and the internal structure and functions of the device are described below.
FIG. 5 is a schematic diagram illustrating a system startup apparatus according to an exemplary embodiment. Referring to fig. 5, the apparatus includes: a loading running module 501, a system traversing module 502, a system verifying module 503 and a system starting module 504.
A load run module 501 is used to run the operating system ROM boot program. The operating system ROM boot program is preset with system partition verification information.
A system traversing module 502, configured to traverse, by the operating system ROM boot program, a system partition where the operating system is located.
And a system verification module 503, configured to perform security verification on the operating system by using the system partition verification information through traversing the system partition.
And a system starting module 504, configured to start the operating system when the security verification passes.
In one embodiment, as shown in fig. 6, the system verification module 503 includes: a first generation sub-module 601, a first matching sub-module 602, and a first determination sub-module 603.
The first generating sub-module 601 is configured to generate a first digital signature according to the operating system by traversing the system partition.
A first matching sub-module 602, configured to match the generated first digital signature with a second digital signature. The system partition verification information is the second digital signature.
The first determining sub-module 603 is configured to determine that the security verification is passed when the generated first digital signature matches and matches the second digital signature.
In one embodiment, the first generation sub-module 601 generates a first digital signature according to file location information of an operating system; the system partition verification information is a digital signature generated in advance according to the file location information of the first version operating system, namely a second digital signature.
In one embodiment, the first generation sub-module 601 generates a first digital signature according to the operating system and the existing first public key.
In one embodiment, the second digital signature is stored in a system partition in which the operating system resides.
In one embodiment, as shown in fig. 7, the apparatus further comprises: a ROM running module 701, a ROM traversal module 702, a load verification module 703, and a load start module 704.
A ROM running module 701 for running a ROM program.
A ROM traversal module 702 for traversing the ROM partition by running a ROM program. The ROM program is preset with ROM partition verification information.
The load verification module 703 is configured to perform security verification on the operating system ROM boot program by traversing the ROM partition.
A boot module 704 is loaded for booting the operating system ROM boot program when the security verification passes.
In one embodiment, as shown in fig. 8, the load verification module 703 includes: a second generation sub-module 801, a second matching sub-module 802, and a second determination sub-module 803.
A second generation submodule 801, configured to generate a third digital signature according to an operating system ROM boot program by traversing the ROM partition.
A second matching sub-module 802, configured to match the generated third digital signature with a fourth digital signature. The ROM partition verification information is the fourth digital signature.
And the second determining sub-module 803 is configured to determine that the security verification is passed when the generated third digital signature matches and matches the fourth digital signature.
In one embodiment, the second generation submodule 801 generates a third digital signature according to file location information of the operating system ROM boot program; the ROM partition verification information is a digital signature generated in advance according to the position information of the boot program file of the initial version operating system ROM, namely a fourth digital signature.
In one embodiment, the second generation submodule 801 generates a third digital signature according to the operating system ROM boot program and the existing second public key.
In one embodiment, the fourth digital signature is stored in the ROM partition.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
Fig. 9 is a block diagram illustrating an apparatus 900 for system startup according to an example embodiment. For example, the apparatus 900 may be a mobile phone, a computer, a digital broadcast terminal, a messaging device, a game console, a tablet device, a medical device, an exercise device, a personal digital assistant, and the like.
Referring to fig. 9, apparatus 900 may include one or more of the following components: processing component 902, memory 904, power component 906, multimedia component 908, audio component 910, input/output (I/O) interface 912, sensor component 914, and communication component 916.
The processing component 902 generally controls overall operation of the device 900, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations. The processing component 902 may include one or more processors 920 to execute instructions to perform all or a portion of the steps of the methods described above. Further, processing component 902 can include one or more modules that facilitate interaction between processing component 902 and other components. For example, the processing component 902 can include a multimedia module to facilitate interaction between the multimedia component 908 and the processing component 902.
The memory 904 is configured to store various types of data to support operation at the device 900. Examples of such data include instructions for any application or method operating on device 900, contact data, phonebook data, messages, pictures, videos, and so forth. The memory 904 may be implemented by any type or combination of volatile or non-volatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks.
The power supply component 906 provides power to the various components of the device 900. The power components 906 may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for the device 900.
The multimedia components 908 include a screen that provides an output interface between the device 900 and a user. In some embodiments, the screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive an input signal from a user. The touch panel includes one or more touch sensors to sense touch, slide, and gestures on the touch panel. The touch sensor may not only sense the boundary of a touch or slide action, but also detect the duration and pressure associated with the touch or slide operation. In some embodiments, the multimedia component 908 includes a front facing camera and/or a rear facing camera. The front camera and/or the rear camera may receive external multimedia data when the device 900 is in an operating mode, such as a shooting mode or a video mode. Each front camera and rear camera may be a fixed optical lens system or have a focal length and optical zoom capability.
The audio component 910 is configured to output and/or input audio signals. For example, audio component 910 includes a Microphone (MIC) configured to receive external audio signals when apparatus 900 is in an operating mode, such as a call mode, a recording mode, and a voice recognition mode. The received audio signals may further be stored in the memory 904 or transmitted via the communication component 916. In some embodiments, audio component 910 also includes a speaker for outputting audio signals.
I/O interface 912 provides an interface between processing component 902 and peripheral interface modules, which may be keyboards, click wheels, buttons, etc. These buttons may include, but are not limited to: a home button, a volume button, a start button, and a lock button.
The sensor component 914 includes one or more sensors for providing status assessment of various aspects of the apparatus 900. For example, the sensor component 914 may detect an open/closed state of the device 900, the relative positioning of components, such as a display and keypad of the device 900, the sensor component 914 may also detect a change in position of the device 900 or a component of the device 900, the presence or absence of user contact with the device 900, orientation or acceleration/deceleration of the device 900, and a change in temperature of the device 900. The sensor assembly 914 may include a proximity sensor configured to detect the presence of nearby objects in the absence of any physical contact. The sensor assembly 914 may also include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, the sensor assembly 914 may also include an acceleration sensor, a gyroscope sensor, a magnetic sensor, a pressure sensor, or a temperature sensor.
The communication component 916 is configured to facilitate communications between the apparatus 900 and other devices in a wired or wireless manner. The apparatus 900 may access a wireless network based on a communication standard, such as WiFi, 2G or 3G, or a combination thereof. In an exemplary embodiment, the communication component 916 receives a broadcast signal or broadcast associated information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the communication component 916 further includes a Near Field Communication (NFC) module to facilitate short-range communications. For example, the NFC module may be implemented based on Radio Frequency Identification (RFID) technology, infrared data association (IrDA) technology, Ultra Wideband (UWB) technology, Bluetooth (BT) technology, and other technologies.
In an exemplary embodiment, the apparatus 900 may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), controllers, micro-controllers, microprocessors or other electronic components for performing the above-described methods.
In an exemplary embodiment, a non-transitory computer readable storage medium comprising instructions, such as the memory 904 comprising instructions, executable by the processor 920 of the apparatus 900 to perform the above-described method is also provided. For example, the non-transitory computer readable storage medium may be a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.
A system-initiated device, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to:
running an operating system ROM boot program; the operating system ROM bootstrap program is preset with system partition verification information;
traversing a system partition where the operating system is located through the operating system ROM bootstrap program;
performing security verification on the operating system by traversing the system partition and utilizing the verification information of the system partition;
and starting the operating system when the safety verification is passed.
The processor may be further configured to:
the performing security verification on the operating system by traversing the system partition and using the verification information of the system partition includes:
generating a first digital signature according to an operating system by traversing the system partition;
matching the generated first digital signature with a second digital signature; the system partition verification information is the second digital signature;
and when the generated first digital signature is matched and consistent with the second digital signature, determining that the security verification is passed.
The processor may be further configured to:
the generating a first digital signature according to an operating system comprises:
generating a first digital signature according to the file position information of the operating system;
the system partition verification information is a digital signature generated in advance according to the file location information of the first version operating system, namely a second digital signature.
The processor may be further configured to:
the second digital signature is stored in a system partition where the operating system is located.
The processor may be further configured to:
prior to running the operating system ROM boot program, the method further comprises:
running a ROM program;
traversing the ROM partition by running the ROM program; the ROM program is preset with ROM partition verification information;
performing security verification on an operating system (ROM) bootstrap program by traversing a ROM partition and utilizing the ROM partition verification information;
and starting the ROM bootstrap program of the operating system when the safety verification is passed.
The processor may be further configured to:
the security verification of the operating system ROM bootstrap program by traversing the ROM partition includes:
generating a third digital signature according to an operating system ROM boot program by traversing the ROM partition;
matching the generated third digital signature with a fourth digital signature; the ROM partition verification information is the fourth digital signature;
and when the generated third digital signature is matched and consistent with the fourth digital signature, determining that the security verification is passed.
The processor may be further configured to:
the generating a third digital signature from an operating system ROM boot program includes:
generating a third digital signature according to the file position information of the ROM bootstrap program of the operating system;
the ROM partition verification information is a digital signature generated in advance according to the position information of the boot program file of the initial version operating system ROM, namely a fourth digital signature.
The processor may be further configured to:
the fourth digital signature is stored in the ROM partition.
A non-transitory computer readable storage medium having instructions therein, which when executed by a processor of a mobile terminal, enable the mobile terminal to perform a system-initiated method, the method comprising:
running an operating system ROM boot program; the operating system ROM bootstrap program is preset with system partition verification information;
traversing a system partition where the operating system is located through the operating system ROM bootstrap program;
performing security verification on the operating system by traversing the system partition and utilizing the system partition verification information;
and when the security verification is passed, starting the operating system.
The instructions in the storage medium may further include:
the performing security verification on the operating system by traversing the system partition and using the verification information of the system partition includes:
generating a first digital signature according to an operating system by traversing the system partition;
matching the generated first digital signature with a second digital signature; the system partition verification information is the second digital signature;
and when the generated first digital signature is matched and consistent with the second digital signature, determining that the security verification is passed.
The instructions in the storage medium may further include:
the generating a first digital signature from an operating system includes:
generating a first digital signature according to the file position information of the operating system;
the system partition verification information is a digital signature generated in advance according to the file location information of the first version operating system, namely a second digital signature.
The instructions in the storage medium may further include:
the second digital signature is stored in a system partition where the operating system is located.
The instructions in the storage medium may further include:
before running the operating system ROM boot program, the method further comprises:
running a ROM program;
traversing the ROM partition by running the ROM program; the ROM program is preset with ROM partition verification information;
performing security verification on an operating system ROM bootstrap program by traversing a ROM partition and utilizing the ROM partition verification information;
and starting the ROM bootstrap program of the operating system when the safety verification is passed.
The instructions in the storage medium may further include:
the security verification of the operating system ROM boot program by traversing the ROM partition includes:
generating a third digital signature according to an operating system ROM boot program by traversing the ROM partition;
matching the generated third digital signature with a fourth digital signature; the ROM partition verification information is the fourth digital signature;
and when the generated third digital signature is matched and consistent with the fourth digital signature, determining that the security verification is passed.
The instructions in the storage medium may further include:
the generating a third digital signature from an operating system ROM boot program includes:
generating a third digital signature according to the file position information of the ROM bootstrap program of the operating system;
the ROM partition verification information is a digital signature generated in advance according to the position information of the ROM boot program file of the initial version operating system, namely a fourth digital signature.
The instructions in the storage medium may further include:
the fourth digital signature is stored in the ROM partition.
Fig. 10 is a block diagram illustrating an apparatus 1000 for system startup in accordance with an exemplary embodiment. For example, the apparatus 1000 may be provided as a computer. Referring to fig. 10, the apparatus 1000 includes a processing component 1022 that further includes one or more processors and memory resources, represented by memory 1032, for storing instructions, such as application programs, that are executable by the processing component 1022. The application programs stored in memory 1032 may include one or more modules that each correspond to a set of instructions. Further, the processing component 1022 is configured to execute instructions to perform the above-described method system initiation.
The device 1000 may also include a power component 1026 configured to perform power management for the device 1000, a wired or wireless network interface 1050 configured to connect the device 1000 to a network, and an input-output (I/O) interface 1058. The apparatus 1000 may operate based on an operating system stored in memory 1032, such as Windows Server, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, or the like.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice in the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It will be understood that the present disclosure is not limited to the precise arrangements that have been described above and shown in the drawings, and that various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.
Claims (12)
1. A method of system boot, comprising:
running an operating system ROM boot program; the operating system ROM bootstrap program is preset with system partition verification information;
traversing a system partition where an operating system is located through the ROM bootstrap program of the operating system;
performing security verification on the operating system by traversing the system partition and utilizing the system partition verification information;
when the security verification passes, starting an operating system;
the performing security verification on the operating system by traversing the system partition and using the system partition verification information includes:
generating a first digital signature according to an operating system by traversing the system partition;
matching the generated first digital signature with a second digital signature; the system partition verification information is the second digital signature; the second digital signature is stored in a system partition where the operating system is located;
when the generated first digital signature is matched and consistent with the generated second digital signature, determining that the security verification is passed;
the generating a first digital signature from an operating system includes:
generating a first digital signature according to the file position information of the operating system;
the system partition verification information is a digital signature generated in advance according to the file location information of the first version of the operating system, namely a second digital signature.
2. The method of system boot according to claim 1, wherein prior to running the operating system ROM boot program, the method further comprises:
running the ROM program;
traversing the ROM partition by running the ROM program; the ROM program is preset with ROM partition verification information;
performing security verification on an operating system (ROM) bootstrap program by traversing a ROM partition and utilizing the ROM partition verification information;
and starting the ROM bootstrap program of the operating system when the safety verification is passed.
3. The method of system boot according to claim 2, wherein said securely authenticating the operating system ROM boot by traversing the ROM partition comprises:
generating a third digital signature according to an operating system ROM boot program by traversing the ROM partition;
matching the generated third digital signature with a fourth digital signature; the ROM partition verification information is the fourth digital signature;
and when the generated third digital signature is matched and consistent with the fourth digital signature, determining that the security verification is passed.
4. The method of system boot according to claim 3, wherein said generating a third digital signature from an operating system ROM boot includes:
generating a third digital signature according to the file position information of the ROM bootstrap program of the operating system;
the ROM partition verification information is a digital signature generated in advance according to the position information of the ROM boot program file of the initial version operating system, namely a fourth digital signature.
5. The method of system boot according to claim 4, wherein the fourth digital signature is stored in the ROM partition.
6. A system startup device, comprising:
the loading operation module is used for operating the ROM bootstrap program of the operating system; the operating system ROM bootstrap program is preset with system partition verification information;
the system traversing module is used for traversing the system partition where the operating system is located through the ROM bootstrap program of the operating system;
the system verification module is used for performing security verification on the operating system by traversing the system partition and utilizing the verification information of the system partition;
the system starting module is used for starting the operating system when the safety verification is passed;
the system authentication module includes:
the first generation submodule is used for generating a first digital signature according to an operating system by traversing the system partition;
a first matching sub-module, configured to match the generated first digital signature with a second digital signature; the system partition verification information is the second digital signature; the second digital signature is stored in a system partition where the operating system is located;
the first determining submodule is used for determining that the security verification is passed when the generated first digital signature is matched and consistent with the second digital signature;
the first generation submodule generates a first digital signature according to the file position information of the operating system; the system partition verification information is a digital signature generated in advance according to the file location information of the first version operating system, namely a second digital signature.
7. The system-enabled apparatus of claim 6, further comprising:
a ROM operation module for operating the ROM program;
the ROM traversing module is used for traversing the ROM partitions by running the ROM programs; the ROM program is preset with ROM partition verification information;
the loading verification module is used for performing security verification on the ROM bootstrap program of the operating system by traversing the ROM partition and utilizing the verification information of the ROM partition;
and the loading starting module is used for starting the ROM bootstrap program of the operating system when the safety verification is passed.
8. The system boot apparatus of claim 7, wherein the load verification module comprises:
the second generation submodule is used for generating a third digital signature according to an operating system ROM bootstrap program by traversing the ROM partition;
a second matching sub-module, configured to match the generated third digital signature with a fourth digital signature; the ROM partition verification information is the fourth digital signature;
and the second determining sub-module is used for determining that the security verification is passed when the generated third digital signature is matched and consistent with the fourth digital signature.
9. The apparatus for system boot according to claim 8, wherein the second generation submodule generates a third digital signature based on file location information of an operating system ROM boot program; the ROM partition verification information is a digital signature generated in advance according to the position information of the boot program file of the initial version operating system ROM, namely a fourth digital signature.
10. The system boot apparatus of claim 9, wherein the fourth digital signature is stored in a ROM partition.
11. A system startup device, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to:
running an operating system ROM boot program; the operating system ROM bootstrap program is preset with system partition verification information;
traversing a system partition where the operating system is located through the operating system ROM bootstrap program;
performing security verification on the operating system by traversing the system partition and utilizing the system partition verification information;
when the security verification passes, starting an operating system;
the performing security verification on the operating system by traversing the system partition and using the verification information of the system partition includes:
generating a first digital signature according to an operating system by traversing the system partition;
matching the generated first digital signature with a second digital signature; the system partition verification information is the second digital signature; the second digital signature is stored in a system partition where the operating system is located;
when the generated first digital signature is matched and consistent with the second digital signature, determining that the security verification is passed;
the generating a first digital signature from an operating system includes:
generating a first digital signature according to the file position information of the operating system;
the system partition verification information is a digital signature generated in advance according to the file location information of the first version operating system, namely a second digital signature.
12. A non-transitory computer readable storage medium having stored thereon computer instructions, which when executed by a processor, implement the steps of the method of any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611146818.XA CN108229173B (en) | 2016-12-13 | 2016-12-13 | System starting method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611146818.XA CN108229173B (en) | 2016-12-13 | 2016-12-13 | System starting method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108229173A CN108229173A (en) | 2018-06-29 |
| CN108229173B true CN108229173B (en) | 2022-08-19 |
Family
ID=62638184
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611146818.XA Active CN108229173B (en) | 2016-12-13 | 2016-12-13 | System starting method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108229173B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109542518B (en) * | 2018-10-09 | 2020-12-22 | 华为技术有限公司 | Chip and method for starting chip |
| CN110489963A (en) * | 2019-08-09 | 2019-11-22 | 四川虹美智能科技有限公司 | A kind of Android system smart machine guard method and device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104200153A (en) * | 2014-09-12 | 2014-12-10 | 北京赛科世纪数码科技有限公司 | Start verification method and system |
| KR20150000652A (en) * | 2013-06-25 | 2015-01-05 | 현대중공업 주식회사 | Apparatus and method of downloding operating program |
| CN105095767A (en) * | 2015-07-27 | 2015-11-25 | 四川长虹电器股份有限公司 | System and method for secure startup checked based on file data block |
| CN105224875A (en) * | 2015-11-13 | 2016-01-06 | 上海斐讯数据通信技术有限公司 | A kind of secure startup system of terminal and method |
| CN105975864A (en) * | 2016-04-29 | 2016-09-28 | 北京小米移动软件有限公司 | Operation system starting method and device, and terminal |
-
2016
- 2016-12-13 CN CN201611146818.XA patent/CN108229173B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20150000652A (en) * | 2013-06-25 | 2015-01-05 | 현대중공업 주식회사 | Apparatus and method of downloding operating program |
| CN104200153A (en) * | 2014-09-12 | 2014-12-10 | 北京赛科世纪数码科技有限公司 | Start verification method and system |
| CN105095767A (en) * | 2015-07-27 | 2015-11-25 | 四川长虹电器股份有限公司 | System and method for secure startup checked based on file data block |
| CN105224875A (en) * | 2015-11-13 | 2016-01-06 | 上海斐讯数据通信技术有限公司 | A kind of secure startup system of terminal and method |
| CN105975864A (en) * | 2016-04-29 | 2016-09-28 | 北京小米移动软件有限公司 | Operation system starting method and device, and terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108229173A (en) | 2018-06-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107393079B (en) | Virtual vehicle key management method and device and storage medium | |
| WO2016090822A1 (en) | Method and device for upgrading firmware | |
| CN111199039B (en) | Application security verification method and device and terminal equipment | |
| CN109214187B (en) | Method and device for controlling computer to start and electronic equipment | |
| EP3016349B1 (en) | Method and apparatus for verifying terminal and computer program product | |
| CN107767133B (en) | Virtual card opening method, device and system and storage medium | |
| EP3367286A1 (en) | Methods, apparatuses, computer program and recording medium for protecting information | |
| CN111221559A (en) | Application updating method and device, storage medium, terminal and server | |
| CN108229173B (en) | System starting method and device | |
| CN106375350B (en) | Flashing verification method and device | |
| US10402562B2 (en) | Method and device for encrypting application | |
| CN107733674B (en) | Component upgrading method and terminal | |
| CN104239095A (en) | Operating-system starting method, device and terminal equipment | |
| CN110008668B (en) | Data processing method, device and storage medium | |
| CN112163192A (en) | root authority acquisition method, root authority acquisition device, root authority acquisition medium and electronic equipment | |
| CN116954649A (en) | Method and device for updating attribute information of field replaceable unit | |
| CN106485151B (en) | Method and device for controlling flashing | |
| CN108228263A (en) | The method and device that system starts | |
| CN107103231B (en) | Method and device for installing and managing application | |
| CN112733092B (en) | Information processing method and device | |
| US10019604B2 (en) | Method and apparatus of verifying terminal and medium | |
| CN106709285B (en) | Display method and device of application lock interface | |
| CN108021808B (en) | Account book security reinforcing method and device and electronic equipment | |
| CN106874793B (en) | Database processing method and device | |
| CN111813426A (en) | Fingerprint data processing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |