CN108632024B - Method and device for running bootstrap program - Google Patents
Method and device for running bootstrap program Download PDFInfo
- Publication number
- CN108632024B CN108632024B CN201710169541.0A CN201710169541A CN108632024B CN 108632024 B CN108632024 B CN 108632024B CN 201710169541 A CN201710169541 A CN 201710169541A CN 108632024 B CN108632024 B CN 108632024B
- Authority
- CN
- China
- Prior art keywords
- check value
- key
- encrypted
- boot program
- storage area
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to a method and a device for operating a bootstrap program, wherein the method comprises the following steps: reading the encrypted first key from the external memory; decrypting the encrypted first key by using the corresponding second key to obtain a first key; reading the encrypted version header of the bootstrap program from the external memory; decrypting the encrypted version header of the bootstrap program by using the first secret key to obtain the version header of the bootstrap program; reading partial data from a bootstrap program in an external memory, and calculating a first check value of the partial data; if the first check value is the same as the second check value in the version header, decrypting the partial data of the bootstrap program according to a third key; and running part of data of the bootstrap program. By the technical scheme of the embodiment of the invention, the encrypted storage of the BOOT program encryption key can be realized under the condition that an additional memory is not needed, the equipment cost is further reduced, and the equipment performance is improved.
Description
Technical Field
The invention relates to the technical field of computer control, in particular to a method and a device for running a bootstrap program.
Background
Currently, in an embedded system, a device generally reads a BOOT program from an external storage device to start the BOOT program. And directly welding the external storage equipment in the equipment, and if the program in the external storage equipment is not protected, a hacker can acquire the BOOT program by using the loophole of the system and can also weld the storage equipment FLASH, violently reading the BOOT program in the FLASH through other equipment, disassembling and analyzing the BOOT program, modifying the BOOT program and writing the BOOT program into the FLASH again.
In order to protect the BOOT program from being damaged, the prior art often performs encryption processing on the BOOT program, and when a processor is started, the BOOT program needs to be decrypted first and then run. When the BOOT program is encrypted, an additional storage device is required for storing the decrypted key, and the device cost is increased.
Disclosure of Invention
The technical problem to be solved by the invention is to provide a method for running a bootstrap program, which is used for realizing the encrypted storage of a BOOT program encryption key under the condition of not needing an additional memory, further reducing the equipment cost and improving the equipment performance.
The technical scheme provided by the invention is as follows:
a method of running a boot program, the method comprising:
Reading the encrypted first key from a first storage area in the external memory;
decrypting the encrypted first key by using a second key corresponding to the first key to obtain the first key;
reading a version header of the encrypted boot program from a second storage area in the external memory;
decrypting the encrypted version head of the bootstrap program by using the first secret key to obtain the version head of the bootstrap program;
reading partial data from a boot program stored in a third storage area in the external memory, and calculating a first check value of the partial data;
if the first check value of the partial data is the same as the second check value of the first preset position in the version header, decrypting the partial data of the bootstrap program according to a third secret key of a second preset position in the version header;
and running partial data of the bootstrap program.
Further, in the method for running a boot program, before the step of reading partial data from the boot program stored in the third storage area in the external memory and calculating the first check value of the partial data, the method further includes:
Judging whether the version head is effective or not according to a third check value of a third preset position of the version head and/or a fourth check value of a fourth preset position of the version head;
and if the third check value is the same as the first preset value and/or the fourth check value is the same as the second preset value, judging that the version header is valid.
Further, in the method for running a boot program, the decrypting the partial data of the boot program according to the third key at the second predetermined location in the version header includes:
judging whether a bootstrap program stored in a third storage area in the external memory is encrypted or not according to a fifth check value of a fifth preset position of the version header;
and if the boot program stored in the third storage area in the external memory is encrypted, decrypting part of data of the boot program according to a third secret key at a second preset position in the version header.
Further, in the method for running a boot program, the method further includes:
reading boot program data from a boot program stored in a third storage area in the external memory, and calculating a sixth check value of the boot program data;
If the sixth check value of the bootstrap program data is the same as the seventh check value of a sixth preset position in the version header, further judging whether the bootstrap program stored in a third storage area in the external memory is encrypted;
if the bootstrap program stored in the third storage area in the external memory is not encrypted, running the bootstrap program;
and if the bootstrap program stored in the third storage area in the external memory is encrypted, operating the bootstrap program after decrypting the bootstrap program according to the third secret key at the second preset position in the version header.
Further, in the method for running a boot program, the encrypted version header of the boot program includes:
storing the second check value at the first predetermined position;
a third key stored in a second predetermined location;
a third check value stored at a third predetermined location;
a fourth check value stored at a fourth predetermined location;
a fifth check value stored at a fifth predetermined location;
and a seventh check value stored at the sixth predetermined location.
Furthermore, the invention relates to a device for running a boot program, comprising:
the first reading module is used for reading the encrypted first key from a first storage area in the external memory;
The first decryption module is used for decrypting the encrypted first key by using a second key corresponding to the first key to obtain the first key;
a second reading module, configured to read the encrypted version header of the bootstrap program from a second storage area in the external memory;
the second decryption module is used for decrypting the encrypted version head of the bootstrap program by using the first secret key to obtain the version head of the bootstrap program;
the first processing module is used for reading partial data from a bootstrap program stored in a third storage area in the external memory and calculating a first check value of the partial data;
a third decryption module, configured to, when the first processing module calculates that the first check value of the partial data is the same as the second check value of the first predetermined location in the version header, decrypt the partial data of the boot program according to a third key of the second predetermined location in the version header;
and the program running module is used for running partial data of the bootstrap program.
Further, in the apparatus for running a boot program, the apparatus further includes:
The first checking module is used for judging whether the version head is effective or not according to a third checking value at a third preset position of the version head and/or a fourth checking value at a fourth preset position of the version head;
and if the third check value is the same as the first preset value and/or the fourth check value is the same as the second preset value, judging that the version header is valid.
Further, in the apparatus for running a boot program, the apparatus further includes:
the second check module is used for judging whether the bootstrap program stored in the third storage area in the external memory is encrypted or not according to a fifth check value of a fifth preset position of the version header;
and if the bootstrap program stored in a third storage area in the external memory is encrypted, the third decryption module decrypts part of data of the bootstrap program according to a third secret key at a second preset position in the version header.
Further, in the apparatus for running a boot program, the apparatus further includes:
the third reading module is used for reading the boot program data from the boot program stored in a third storage area in the external memory and calculating a sixth check value of the boot program data;
A third checking module, configured to further determine whether the boot program stored in a third storage area in the external memory is encrypted when a sixth check value of the boot program data is the same as a seventh check value of a sixth predetermined location in the version header;
if the third check module judges that the bootstrap program stored in the third storage area in the external memory is not encrypted, the program running module runs the bootstrap program;
and the fourth decryption module is configured to decrypt the bootstrap program according to the third key at the second predetermined location in the version header when the third verification module determines that the bootstrap program stored in the third storage area in the external memory is encrypted, and after the bootstrap program is decrypted, the program running module runs the bootstrap program.
Further, in the apparatus for running a boot program, the second storage area includes:
a first predetermined location for storing a second calibration value;
a second predetermined location for storing a third key;
a third predetermined location for storing a third check value;
a fourth predetermined location for storing a fourth check value;
A fifth predetermined position for storing a fifth check value;
and a sixth predetermined location for storing a seventh check value.
The beneficial effects brought by the invention are as follows:
the method and the device for running the bootstrap program provided by the embodiment of the invention realize the encryption storage of the BOOT program encryption key through the mutual cooperation of the data of the central processing unit CPU and the external memory. By using the technical scheme of the embodiment of the invention, the encrypted storage of the BOOT program encryption key can be realized under the condition of not needing an additional memory, thereby further reducing the equipment cost and further improving the equipment performance.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings used in the description of the embodiments of the present invention will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained based on these drawings without creative efforts.
FIG. 1 is a flow chart illustrating a method for operating a boot program according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of an external memory according to an embodiment of the present invention;
FIG. 3 is a flow chart illustrating another method for operating a boot program according to an embodiment of the present invention;
FIG. 4 is a diagram illustrating a structure of a version header of a boot program according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an apparatus for running a boot program according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail below with reference to specific embodiments and the attached drawings. The described embodiments are only some, but not all embodiments of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, fig. 1 is a flowchart of a method for running a boot program according to an embodiment of the present invention, where as shown in fig. 1, the method includes:
s101, reading the encrypted first key from a first storage area in an external memory.
In the embodiment of the invention, the encrypted first key is stored in the first storage area in the external memory without an additional memory, which is beneficial to reducing the equipment cost and further improving the equipment performance.
Referring to fig. 2, fig. 2 is a schematic structural diagram of an external memory according to an embodiment of the present invention, and as shown in fig. 2, the external memory includes: a first storage area 110, a second storage area 120, and a third storage area 130. The first storage area 110 is used for storing encrypted key information, such as an RSA public key; the second storage area 120 is used for storing encrypted version headers; and the third storage area is used for storing the encrypted BOOT program version.
S102, decrypting the encrypted first key by using a second key corresponding to the first key to obtain the first key.
In the embodiment of the present invention, the first key is obtained by decrypting the encrypted key. The first key may be an RSA-2048 public key, and its data format is shown in table 1.
Table 1 first key data format
| Offset, unit: byte(s) | Means of |
| 0~3 | Key type, 0-RSA 2048 |
| 4~7 | CRC32 |
| 8~511 | Storing original keys |
S103, reading the version header of the encrypted bootstrap program from a second storage area in the external memory.
S104, decrypting the encrypted version header of the bootstrap program by using the first secret key to obtain the version header of the bootstrap program.
In the embodiment of the present invention, the encrypted version header of the boot program is decrypted by using the first key, so as to obtain the version header of the boot program, as shown in table 2. The version header of the bootstrap program mainly comprises a key for decrypting the bootstrap program and a series of check values for judging the relevant state of the bootstrap program.
Table 2 version header format
And S105, reading partial data from the bootstrap program stored in the third storage area in the external memory, and calculating a first check value of the partial data.
S106, judging that a first check value of partial data is the same as a second check value of a first preset position in the version header, and if so, entering S107; otherwise, go to S109;
s107, decrypting part of data of the bootstrap program according to a third key at a second preset position in the version header, and then entering S108.
And S108, running partial data of the bootstrap program.
And S109, outputting error information when the starting fails.
In this embodiment of the present invention, the partial data may be header 8K data of the boot program, and the first check value of the partial data may be a HASH value of the partial data, which is used to determine whether a state of the partial data is complete.
It should be understood that the partial data may be the header 8K data of the boot program, but is not limited to the header 8K data of the boot program, and may be selected from the data of the boot program according to the requirement.
And when the first check value of the partial data is the same as the second check value of the first preset position in the version header, judging that the state of the partial data is complete, decrypting the partial data of the boot program according to a third secret key of the second preset position in the version header, and operating the partial data of the boot program.
And when the first check value of the partial data is different from the second check value of the first preset position in the version header, judging that the state of the partial data is complete and the partial data is damaged, not running the bootstrap program, and failing to start.
Further, in the method for running a boot program, before the step of decrypting the encrypted version header of the boot program by using the first key to obtain the version header of the boot program, the method further includes:
judging whether the version head is effective or not according to a third check value of a third preset position of the version head and/or a fourth check value of a fourth preset position of the version head;
and if the third check value is the same as the first preset value and/or the fourth check value is the same as the second preset value, judging that the version header is valid.
In the embodiment of the present invention, as shown in table 2, the third check value at the third predetermined position and the fourth check value at the fourth predetermined position of the version header are a MAGIC value and a cyclic redundancy check CRC32 value. And when the MAGIC value is 0x626F6F74 and the cyclic redundancy check value CRC32 value of the 8 th to 255 th bytes of data is equal to the CRC32 value of the 4 th to 7 th bytes, judging that the version header is valid. When the version header is judged to be valid, further executing S104; and when the version header is judged to be invalid, the bootstrap program is not operated, and the starting is failed.
Further, in the method for running a boot program, before the step of decrypting the partial data of the boot program according to the third key at the second predetermined location in the version header, the method further includes:
judging whether a bootstrap program stored in a third storage area in the external memory is encrypted or not according to a fifth check value of a fifth preset position of the version header;
and if the boot program stored in the third storage area in the external memory is encrypted, decrypting part of data of the boot program according to a third secret key at a second preset position in the version header.
In the embodiment of the present invention, as shown in table 2, the fifth check value at the fifth predetermined position of the version header is Flag, and the value of the Flag is used to determine whether the boot program is encrypted. If the bootstrap program is not encrypted, directly running partial data of the bootstrap program; and if the bootstrap program is encrypted, decrypting part of data of the bootstrap program according to a third secret key at a second preset position in the version header, and then operating the part of data of the bootstrap program. The encryption scheme of Flag is shown in table 3.
TABLE 3 encryption scheme of Flag
| 00 | Not to encrypt |
| 01 | AES-128 |
| 10 | Reserved |
| 11 | Reserved |
Further, as shown in fig. 3, fig. 3 is a flowchart of another method for running a boot program according to an embodiment of the present invention, where S101 to S109 are the same as those described above, and the method further includes:
s201, reading boot program data from a boot program stored in a third storage area in the external memory, and calculating a sixth check value of the boot program data;
s202, if the sixth check value of the bootstrap program data is the same as the seventh check value of the sixth preset position in the version header, further judging whether the bootstrap program stored in a third storage area in the external memory is encrypted;
s203, if the bootstrap program stored in the third storage area in the external memory is encrypted, S204 is carried out; otherwise, S205 is performed.
S204, decrypting the bootstrap program according to a third secret key at a second preset position in the version header.
And S205, operating the bootstrap program.
Further, fig. 4 is a schematic diagram illustrating a structure of a version header of a bootstrap program according to an embodiment of the present invention, and as shown in fig. 4, in the method for running a bootstrap program, the encrypted version header of the bootstrap program includes:
A second check value 301 stored in a first predetermined location;
a third key 302 stored in a second predetermined location;
a third check value 303 stored at a third predetermined location;
a fourth check value 304 stored at a fourth predetermined location;
a fifth check value 305 stored at a fifth predetermined location;
and a seventh check value 306 stored at a sixth predetermined location.
In addition, the embodiment of the present invention further includes a device for running a bootstrap program, fig. 5 is a schematic structural diagram of the device for running a bootstrap program provided in the embodiment of the present invention, and as shown in fig. 5, the device includes:
a first reading module 501, configured to read an encrypted first key from a first storage area in an external memory;
a first decryption module 502, configured to decrypt the encrypted first key with a second key corresponding to the first key to obtain the first key;
a second reading module 503, configured to read the version header of the encrypted boot program from a second storage area in the external memory;
a second decryption module 504, configured to decrypt the encrypted version header of the bootstrap with the first key to obtain the version header of the bootstrap;
A first processing module 505, configured to read partial data from a boot program stored in a third storage area in the external memory, and calculate a first check value of the partial data;
a third decryption module 506, configured to, when the first check value calculated by the first processing module for the partial data is the same as the second check value at the first predetermined location in the version header, decrypt the partial data of the boot program according to a third key at a second predetermined location in the version header;
a program running module 507, configured to run partial data of the boot program.
Further, as shown in fig. 5, in the device for running the boot program, the device further includes:
a first checking module 601, where the first checking module 601 is configured to determine whether the version header is valid according to a third check value at a third predetermined position of the version header and/or a fourth check value at a fourth predetermined position of the version header;
and if the third check value is the same as the first preset value and/or the fourth check value is the same as the second preset value, judging that the version header is valid.
Further, as shown in fig. 5, in the device for running the boot program, the device further includes:
A second check module 602, where the second check module 602 is configured to determine whether a boot program stored in a third storage area in the external memory is encrypted according to a fifth check value at a fifth predetermined location of the version header;
if the boot program stored in the third storage area of the external memory is encrypted, the third decryption module 506 decrypts a part of the data of the boot program according to the third key at the second predetermined location in the version header.
Further, as shown in fig. 5, in the device for running the boot program, the device further includes:
a third reading module 603, configured to read boot program data from a boot program stored in a third storage area in the external memory, and calculate a sixth check value of the boot program data;
a third checking module 604, where the third checking module 604 is configured to further determine whether the boot program stored in a third storage area in the external memory is encrypted when a sixth check value of the boot program data is the same as a seventh check value of a sixth predetermined location in the version header;
if the third check module determines that the bootstrap program stored in the third storage area in the external memory is not encrypted, the program running module 507 runs the bootstrap program;
A fourth decryption module 605, configured to decrypt the bootstrap according to the third key at the second predetermined location in the version header when the third verification module 604 determines that the bootstrap stored in the third storage area in the external memory is encrypted, and after the bootstrap is decrypted, the program running module 507 runs the bootstrap.
Further, in the apparatus for running a boot program, the second storage area includes:
a first predetermined location for storing a second check value;
a second predetermined location for storing a third key;
a third predetermined location for storing a third check value;
a fourth predetermined location for storing a fourth check value;
a fifth predetermined position for storing a fifth check value;
and a sixth predetermined location for storing a seventh check value.
It should be understood that, in various embodiments of the present invention, the sequence numbers of the above-mentioned processes do not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation on the implementation process of the embodiments of the present invention.
In the several embodiments provided in the present application, it should be understood that the disclosed method and apparatus may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules or units is only one logical division, and there may be other divisions when actually implemented, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not executed.
The foregoing is merely illustrative of the preferred embodiments of the present invention and is not to be construed as limiting thereof in any way. Any modification or variation of the present invention made within the spirit of the same invention should still be included in the scope of the intended protection of the present invention.
Claims (10)
1. A method of running a boot program, the method comprising:
reading the encrypted first key from a first storage area in the external memory;
decrypting the encrypted first key by using a second key corresponding to the first key to obtain the first key;
reading a version header of the encrypted boot program from a second storage area in the external memory;
decrypting the encrypted version head of the bootstrap program by using the first secret key to obtain the version head of the bootstrap program;
reading partial data from a boot program stored in a third storage area in the external memory, and calculating a first check value of the partial data;
if the first check value of the partial data is the same as the second check value of the first preset position in the version header, decrypting the partial data of the bootstrap program according to a third secret key of the second preset position in the version header;
And running partial data of the bootstrap program.
2. The method for operating a boot program according to claim 1, wherein before the step of reading partial data from the boot program stored in the third storage area of the external memory and calculating the first check value of the partial data, the method further comprises:
judging whether the version head is effective or not according to a third check value of a third preset position of the version head and/or a fourth check value of a fourth preset position of the version head;
and if the third check value is the same as the first preset value and/or the fourth check value is the same as the second preset value, judging that the version header is valid.
3. The method for running a boot program according to claim 1, wherein the decrypting the partial data of the boot program according to the third key at the second predetermined position in the version header comprises:
judging whether a bootstrap program stored in a third storage area in the external memory is encrypted or not according to a fifth check value of a fifth preset position of the version header;
and if the boot program stored in the third storage area in the external memory is encrypted, decrypting part of data of the boot program according to a third secret key at a second preset position in the version header.
4. The method of running a boot program according to claim 1, further comprising:
reading boot program data from a boot program stored in a third storage area in the external memory, and calculating a sixth check value of the boot program data;
if the sixth check value of the bootstrap program data is the same as the seventh check value of a sixth preset position in the version header, further judging whether the bootstrap program stored in a third storage area in the external memory is encrypted;
if the bootstrap program stored in the third storage area in the external memory is not encrypted, running the bootstrap program;
and if the bootstrap program stored in the third storage area in the external memory is encrypted, operating the bootstrap program after decrypting the bootstrap program according to the third secret key at the second preset position in the version header.
5. A method of running a boot program according to any of claims 1 to 4, wherein the encrypted boot program version header comprises:
storing the second check value at the first predetermined position;
a third key stored in a second predetermined location;
a third check value stored at a third predetermined location;
A fourth check value stored at a fourth predetermined location;
a fifth check value stored at a fifth predetermined location;
and a seventh check value stored at the sixth predetermined location.
6. An apparatus for running a boot program, the apparatus comprising:
the first reading module is used for reading the encrypted first key from a first storage area in the external memory;
the first decryption module is used for decrypting the encrypted first key by using a second key corresponding to the first key to obtain the first key;
a second reading module, configured to read the version header of the encrypted boot program from a second storage area in the external memory;
the second decryption module is used for decrypting the encrypted version header of the bootstrap program by using the first secret key to obtain the version header of the bootstrap program;
the first processing module is used for reading partial data from a bootstrap program stored in a third storage area in the external memory and calculating a first check value of the partial data;
a third decryption module, configured to, when the first processing module calculates that the first check value of the partial data is the same as the second check value of the first predetermined location in the version header, decrypt, by the third decryption module, the partial data of the boot program according to a third key of a second predetermined location in the version header;
And the program running module is used for running partial data of the bootstrap program.
7. The apparatus for running a boot program according to claim 6, wherein the apparatus further comprises:
the first checking module is used for judging whether the version head is valid or not according to a third checking value of a third preset position of the version head and/or a fourth checking value of a fourth preset position of the version head;
and if the third check value is the same as the first preset value and/or the fourth check value is the same as the second preset value, judging that the version header is valid.
8. The apparatus for running a bootstrap program of claim 6, characterized in that the apparatus further comprises:
the second check module is used for judging whether the bootstrap program stored in the third storage area in the external memory is encrypted or not according to the fifth check value of the fifth preset position of the version header;
the third decryption module is further configured to decrypt a part of the data of the boot program according to a third key at a second predetermined location in the version header if the boot program stored in a third storage area in the external memory is encrypted.
9. The apparatus for running a boot program according to claim 6, wherein the apparatus further comprises:
the third reading module is used for reading the boot program data from the boot program stored in a third storage area in the external memory and calculating a sixth check value of the boot program data;
a third checking module, configured to determine whether the boot program stored in a third storage area in the external memory is encrypted when a sixth check value of the boot program data is the same as a seventh check value of a sixth predetermined location in the version header;
if the third check module judges that the bootstrap program stored in the third storage area in the external memory is not encrypted, the program running module runs the bootstrap program;
and the fourth decryption module is configured to decrypt the bootstrap program according to the third key at the second predetermined location in the version header when the third verification module determines that the bootstrap program stored in the third storage area in the external memory is encrypted, and after the bootstrap program is decrypted, the program running module runs the bootstrap program.
10. An apparatus for running a boot program according to any one of claims 6 to 9, wherein the second storage area comprises:
A first predetermined location for storing a second check value;
a second predetermined location for storing a third key;
a third predetermined location for storing a third check value;
a fourth predetermined location for storing a fourth check value;
a fifth predetermined position for storing a fifth check value;
and a sixth predetermined location for storing a seventh check value.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710169541.0A CN108632024B (en) | 2017-03-21 | 2017-03-21 | Method and device for running bootstrap program |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710169541.0A CN108632024B (en) | 2017-03-21 | 2017-03-21 | Method and device for running bootstrap program |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108632024A CN108632024A (en) | 2018-10-09 |
| CN108632024B true CN108632024B (en) | 2022-06-28 |
Family
ID=63687301
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710169541.0A Active CN108632024B (en) | 2017-03-21 | 2017-03-21 | Method and device for running bootstrap program |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108632024B (en) |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100654446B1 (en) * | 2004-12-09 | 2006-12-06 | 삼성전자주식회사 | Apparatus and method for Secure booting |
| JP2010262715A (en) * | 2009-05-11 | 2010-11-18 | Renesas Electronics Corp | System and method for inspecting memory |
| CN103135995A (en) * | 2011-11-22 | 2013-06-05 | 中兴通讯股份有限公司 | BootLoader backup management method and device |
| CN105487888A (en) * | 2015-11-26 | 2016-04-13 | 武汉光迅科技股份有限公司 | Method for generating upgrade file in system upgrade and/or application upgrade |
| CN106503494A (en) * | 2016-11-05 | 2017-03-15 | 福建省北峰电讯科技有限公司 | A kind of firmware protection location and guard method with flash memory microcontroller on piece |
-
2017
- 2017-03-21 CN CN201710169541.0A patent/CN108632024B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN108632024A (en) | 2018-10-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109388975B (en) | Memory organization for security and reliability | |
| US10469256B2 (en) | Cryptographic communication system and cryptographic communication method | |
| US9418027B2 (en) | Secure boot information with validation control data specifying a validation technique | |
| US8732445B2 (en) | Information processing device, information processing method, information processing program, and integrated circuit | |
| JP4851182B2 (en) | Microcomputer, program writing method for microcomputer, and writing processing system | |
| US11151290B2 (en) | Tamper-resistant component networks | |
| US8127144B2 (en) | Program loader operable to verify if load-destination information has been tampered with, processor including the program loader, data processing device including the processor, promgram loading method, and integrated circuit | |
| US20180204004A1 (en) | Authentication method and apparatus for reinforced software | |
| CN111404682A (en) | Android environment key segmentation processing method and device | |
| US7979628B2 (en) | Re-flash protection for flash memory | |
| US20220029818A1 (en) | Message authentication code (mac) based compression and decompression | |
| CN110659506A (en) | Replay protection of memory based on key refresh | |
| US20200233676A1 (en) | Bios management device, bios management system, bios management method, and bios management program-stored recording medium | |
| CN111176696B (en) | Memory chip upgrading method and device, terminal equipment and medium | |
| CN108632024B (en) | Method and device for running bootstrap program | |
| CN111949996A (en) | Generation method, encryption method, system, device and medium of security private key | |
| CN114579337A (en) | Method and system for generating core dump in user equipment | |
| CN114969794A (en) | SoC system and data encryption method | |
| CN114928551B (en) | System configuration method, device and storage medium | |
| CN114816549B (en) | Method and system for protecting bootloader and environment variable thereof | |
| US20230119890A1 (en) | Method for securely processing digital information in a secure element | |
| CN113032265B (en) | Asymmetric encryption algorithm testing method and device, computer equipment and storage medium | |
| JP2013084079A (en) | Information processing device, authenticity verification method, and authenticity verification program | |
| CN117272377A (en) | Authority data processing method and device and electronic equipment | |
| CN116414737A (en) | Micro control chip and access method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |