CN110363010B - System safety starting method based on MPSoC chip - Google Patents
System safety starting method based on MPSoC chip Download PDFInfo
- Publication number
- CN110363010B CN110363010B CN201910646023.2A CN201910646023A CN110363010B CN 110363010 B CN110363010 B CN 110363010B CN 201910646023 A CN201910646023 A CN 201910646023A CN 110363010 B CN110363010 B CN 110363010B
- Authority
- CN
- China
- Prior art keywords
- program
- primary
- bootstrap
- backup
- chip
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Abstract
The application discloses a system safety starting method based on an MPSoC chip, which comprises the following steps: step 1, generating two groups of public keys by adopting an encryption algorithm according to a global unique identifier of a system chip, burning the two groups of public keys into the system chip, and fusing an electrically programmable fuse of the system chip; step 2, encrypting and packaging the primary bootstrap program according to the two groups of public keys, recording the primary bootstrap program as a primary bootstrap program, and generating and programming a multi-level bootstrap program to a system starting storage medium according to the primary bootstrap program, wherein the multi-level bootstrap program at least comprises two levels; and 3, after the embedded system is powered on, decrypting and checking the multi-level bootstrap program step by adopting a fault-tolerant processing method according to the global unique identifier, and starting one of a system image file and a system image backup file through the multi-level bootstrap program. Through the technical scheme in the application, the safety of the embedded system is improved, and the possibility that the system is imitated by the shoveling plate is greatly reduced.
Description
Technical Field
The application relates to the technical field of embedded systems, in particular to a system security starting method based on an MPSoC chip.
Background
In the existing embedded system, a bootstrap program and a system image file of the system are mostly stored in a single Flash storage unit, and when an adversary manufacturer maliciously reads data in Flash and realizes a copy board, products with the same specification and type can be very easily imitated.
Meanwhile, in the existing system starting and loading process, the correctness of the stored bootstrap program and the system image file is not checked, and the bootstrap program and the system image file are directly loaded from a fixed Flash address and started to operate when the system is started. Whether the system can be started correctly depends on the completeness and correctness of a bootstrap program and a system image file stored in Flash, and if the content of the file in Flash is wrong, the system cannot jump in the starting process, so that the starting failure is directly caused.
When Flash is erased by mistake or a storage medium fails due to factors (such as mechanical collision, pin looseness, over-high power supply and the like), stored content is lost or a value is changed (data in Flash is stored in a storage unit in a bit mode and is not 0 or 1), a boot program or a system image file loaded in the starting process of a system is incorrect, and finally equipment cannot be started normally.
In the industrial field with high requirement on the stability of the system operation environment, the safety and stability of commercial embedded systems and equipment are key indexes of the whole embedded system, and the prior art cannot provide reliable guarantee for the key indexes, so that a backup mechanism is required to be combined to take anti-plagiarism measures for system programs, the stability and integrity of the system starting process can be guaranteed, and the safety of the system can also be guaranteed.
Disclosure of Invention
The purpose of this application lies in: a set of complete system safe starting method based on the MPSoC chip is designed, and a multi-stage guide verification method is adopted, so that the stability and the integrity of the system in the starting process are improved while the binding of a programming file and system hardware (such as a CPU, a GPU and an MCU) is ensured.
The technical scheme of the first aspect of the application is as follows: the method is suitable for starting an embedded system, wherein the embedded system comprises a system chip and a system starting storage medium, a system image file and a system image backup file are stored in the system starting storage medium, and the method comprises the following steps:
step 1, generating two groups of public keys by adopting an encryption algorithm according to a global unique identifier of a system chip, burning the two groups of public keys into the system chip, and fusing an electrically programmable fuse of the system chip;
and 3, after the embedded system is powered on, decrypting and checking the multi-level bootstrap program step by adopting a fault-tolerant processing method according to the global unique identifier, and starting one of a system image file and a system image backup file through the multi-level bootstrap program.
In any one of the above technical solutions, further, step 2 specifically includes: step 21, generating and storing a first key and a second key by adopting a secure hash algorithm according to the primary bootstrap program and the two groups of public keys; step 22, encrypting the primary bootstrap program according to the two groups of public keys by adopting a ciphertext encryption algorithm; and step 23, packaging the first key, the second key and the encrypted primary bootstrap program and recording as a primary bootstrap program.
In any of the above technical solutions, further, the ciphertext encryption algorithm includes at least one of an and operation, an or operation, an addition operation, a non-operation, an and operation, and a shift operation.
In any one of the foregoing technical solutions, further, the multi-level boot program includes a two-level boot program and a corresponding boot backup program, where the boot program includes a primary boot program and a secondary boot program, and the boot backup program includes a primary boot backup program and a secondary boot backup program.
In any one of the above technical solutions, further, step 3 specifically includes: step 31, after the embedded system is powered on, reading a start information header file, and performing hash calculation on a first-level bootstrap program according to the global unique identifier and the first secret key; step 32, according to the result of the hash calculation, adopting a fault-tolerant processing method to decrypt and perform first verification on the primary bootstrap program, executing step 33 when the first verification is judged to pass, and executing step 31 again when the first verification is judged not to pass, and performing the hash calculation on the primary bootstrap backup program; step 33, performing a second check on the primary boot program according to the second key, executing step 34 when the second check is determined to pass, and re-executing step 31 when the second check is determined not to pass to perform hash calculation on the primary boot backup program; and step 34, performing third verification on the secondary boot program, starting the system image file when the secondary boot program is judged to pass the third verification, acquiring the secondary boot backup program when the secondary boot program is judged not to pass the third verification, generating and sending system starting abnormal information when the secondary boot backup program is not acquired, performing third verification on the secondary boot backup program when the secondary boot backup program is acquired, starting the system image backup file when the secondary boot backup program is judged to pass the third verification, and acquiring the next secondary boot backup program when the secondary boot backup program is judged not to pass the third verification.
In any of the above technical solutions, further, the backup number of the primary boot backup program is 3, and the backup number of the secondary boot backup program is 2.
The technical scheme of the second aspect of the application is as follows: the embedded system comprises a system chip and a system starting storage medium, wherein a starting program is stored in the system starting storage medium, and when the starting program runs, the system safety starting method based on the MPSoC chip in any one of the technical schemes of the first aspect of the application is executed.
In any one of the above technical solutions, further, the system chip stores a globally unique identifier, and the system chip is provided with an electrically programmable fuse.
The beneficial effect of this application is:
by the safe starting method, the encryption verification (authentication) is carried out on the first-level bootstrap program by utilizing the multi-level bootstrap verification and combining the global unique identifier of the chip, the risk of plaintext storage is reduced, the safety of the embedded system is improved, and the possibility that the system is imitated by a copying board is greatly reduced.
By combining the multi-stage guidance in the application, a system backup starting file is added, a reasonable system starting path is set, the safety of the system is improved, the stability of the embedded system is also improved, and the normal and stable starting of the embedded system can be ensured by the starting method in the application through millions of power failure starting tests.
Drawings
The advantages of the above and/or additional aspects of the present application will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
fig. 1 is a schematic flow diagram of a system secure boot method based on an MPSoC chip according to an embodiment of the present application;
FIG. 2 is a schematic flow diagram of a primary boot verification according to one embodiment of the present application;
FIG. 3 is a schematic flow diagram of secondary boot verification according to an embodiment of the present application;
FIG. 4 is a schematic diagram of an embedded system boot path according to one embodiment of the present application;
FIG. 5 is a schematic diagram of stored content according to one embodiment of the present application.
Detailed Description
In order that the above objects, features and advantages of the present application can be more clearly understood, the present application will be described in further detail with reference to the accompanying drawings and detailed description. It should be noted that the embodiments and features of the embodiments of the present application may be combined with each other without conflict.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present application, however, the present application may be practiced in other ways than those described herein, and therefore the scope of the present application is not limited by the specific embodiments disclosed below.
The first embodiment is as follows:
as shown in fig. 1, this embodiment provides a method for starting a system based on an MPSoC chip, where the method is applicable to starting an embedded system, where the embedded system includes a system chip and a system start storage medium, a system image file and a system image backup file are stored in the system start storage medium, and a globally unique identifier is stored in the system chip, and the method includes:
step 1, generating two groups of public keys by adopting an encryption algorithm according to a global unique identifier of a system chip, burning the two groups of public keys into the system chip, and fusing an electrically programmable fuse of the system chip;
specifically, in this embodiment, the mpoc chip is used as a system chip, the global unique identifier GUID in the system chip is used as a preset Public Key, the preset Public Key is 64 bytes, two sets of Hash data can be generated according to the preset Public Key (GUID) and an encryption algorithm, such as a Hash algorithm, and are recorded as two sets of Public keys, which are used as two sets of keys (Public Key1 and Public Key2) stored in the CPU in the mpoc chip, the two sets of Public keys are protected by an electrically programmable fuse, and then the electrically programmable fuse of the mpoc chip is blown, so that the Public Key1 and the Public Key2 stored in the CPU cannot be modified.
preferably, the multi-level boot program comprises a two-level boot program and a corresponding boot backup program, wherein the boot program comprises a primary boot program (FSBL) and a secondary boot program (Uboot), and the boot backup program comprises the primary boot backup program and the secondary boot backup program.
Further, step 2 specifically includes:
step 21, generating and storing a first key and a second key by adopting a secure hash algorithm according to a primary bootstrap program and two groups of public keys, wherein the primary bootstrap program is used for guiding the MPSoC chip to start;
specifically, by using the existing secure hash (SHA3) algorithm, two keys, namely spk (secondary Public key) and ppk (primary Public key), can be generated according to the generated two sets of Public keys and the primary bootstrap program, and both the two keys are 48 bytes. In this embodiment, the PPK is used as the first key and the SPK is used as the second key.
Step 22, encrypting the primary bootstrap program according to the two groups of public keys by adopting a ciphertext encryption algorithm;
preferably, the ciphertext encryption algorithm comprises at least one of an and operation, an or operation, an add operation, a not operation, an and operation, a shift operation.
Specifically, in order to increase the difficulty of copying the program in this embodiment, the primary boot program in the form of the plaintext is encrypted, that is, the plaintext is converted into the ciphertext. Therefore, the primary bootstrap program is encrypted and converted into the ciphertext by using the stored two groups of public keys by adopting a ciphertext encryption algorithm, such as one or more of an and operation, an or operation, an addition operation, a non-operation, an and operation and a shift operation.
The embodiment provides a ciphertext encryption method:
firstly, carrying out addition operation on two groups of public keys, and taking an obtained calculation result as an encryption code, wherein the encryption code is 64 bytes;
then, by adopting a circular calculation method, the primary bootstrap program is bitwise operated by utilizing the data of each bit in the encryption code, and the primary bootstrap program is converted into a ciphertext.
And step 23, packaging the first key PPK, the second key SPK and the encrypted primary bootstrap program and recording the packaged primary bootstrap program as a primary bootstrap program.
Specifically, by the technical scheme, the GUID is used as one part of two groups of public keys stored in the MPSoC chip, so that different SPK values of each embedded device are ensured, different encrypted FSBL (primary boot program) files are ensured, different PPK keys for checking the SPK file headers and different FSBL (primary boot program) file headers are ensured, and the complex anti-copying function is realized.
Through the technical scheme in the embodiment, the two groups of public keys and the program (primary bootstrap program) are packaged into the primary bootstrap program programming file, namely the binding of the primary bootstrap program, the hardware chip GUID and the preset public key is completed, and the system cannot be started successfully normally due to the fact that any values of the primary bootstrap program, the hardware chip GUID and the preset public key are not matched.
And 3, after the embedded system is powered on, decrypting and checking (authenticating) the multi-stage bootstrap program step by adopting a fault-tolerant processing method according to the global unique identifier, and starting one of a system image file and a system image backup file through the multi-stage bootstrap program.
Specifically, the verification (authentication) process of the embedded system to the primary bootstrap program mainly comprises two steps:
1) checking (authenticating) a boot header file (bootloader) of a primary boot program (FSBL) and an SPK key by using a PPK key value;
2) and (3) decrypting the file content digest of the FSBL (the reverse process of ciphertext encryption) by using the SPK key value, restoring the file content of the FSBL, and entering the operation of a primary bootstrap program after the file content digest is correct.
As shown in fig. 2 and fig. 3, this embodiment shows a boot program verification method, where step 3 specifically includes:
step 31, after the embedded system is powered on, reading a start information header file, and performing hash calculation on a primary bootstrap program according to the global unique identifier and the first secret key PPK;
step 32, according to the result of the hash calculation, adopting a fault-tolerant processing method to decrypt and first check (authenticate) the primary bootstrap program, when the first check (authentication) is judged to pass, executing step 33, and when the first check (authentication) is judged not to pass, executing step 31 again to hash the primary bootstrap backup program;
step 33, performing a second check (authentication) on the primary boot program according to the second key SPK, executing step 34 when the second check (authentication) is determined to pass, and re-executing step 31 when the second check (authentication) is determined not to pass, and performing hash calculation on the primary boot backup program;
specifically, after the system is powered on, a chip-solidified ROM program loads a GUID (secure read only memory) to a memory, simultaneously queries a boot header file (protection header) of an FSBL (primary boot loader), judges whether the written file needs to be authenticated, if so, generates two groups of public keys (a secret key1 and a secret key2) by adopting an encryption algorithm such as a hash algorithm according to the GUID, performs hash calculation of a PPK (Peer to Peer), performs first verification (authentication), if so, indicates that the boot header file and the SPK are correct, performs second verification (authentication), if so, indicates that the primary boot loader is correct, decrypts the FSBL (primary boot loader) file to run, and enters a secondary boot loader, wherein the first verification is the PPK verification, and the second verification is the SPK verification.
In the process of primary boot program verification, if the PPK verification and the SPK verification are not passed, a new starting file, namely a primary boot backup program, is searched, verification (the PPK verification and the SPK verification) is carried out again according to the new primary boot backup program, and if the new primary boot backup program is not found, the embedded system is proved to be incapable of being started normally.
In this embodiment, when the PPK check and the SPK check of the primary boot program are performed, the correctness of the secondary boot program stored in the system boot storage medium is checked, and the correctness of the system image file and the system image backup file stored in the chip is checked by the MD5 code check of the secondary boot program.
Step 34, performing a third verification on the secondary boot program, starting the system image file when the secondary boot program is judged to pass the third verification, acquiring a secondary boot backup program when the secondary boot program is judged not to pass the third verification,
when the secondary boot backup program is not acquired, generating and sending system startup abnormal information,
and when the secondary boot backup program is acquired, performing third verification on the secondary boot backup program, starting a system mirror image backup file when the secondary boot backup program is judged to pass the third verification, and acquiring the next secondary boot backup program when the secondary boot backup program is judged not to pass the third verification.
Specifically, in the present embodiment, the MD5 code is used to check the secondary boot program (Uboot) or the secondary boot backup program, and verify the correctness of the system image file (image. Therefore, by the fault-tolerant processing method in the embodiment, the system image file and the system image backup file are called by using the verification of the two-stage bootstrap program, so that the embedded system can be stably started.
In this embodiment, a secure signature key verification method is adopted, and multiple copies of boot programs (a primary boot program, a secondary boot program, and corresponding backups) and system image files are programmed in multiple Flash memories (system boot storage media), where one Flash memory stores a system default boot file and the other Flash memory stores a backup system; in the embodiment, a primary boot program is loaded through a ROM (read only memory) program of an MPSoC (multi-processor system on chip), a verification secondary boot program is loaded through the primary boot program, and after the secondary boot program is started, a verification default system image file is loaded and started in a memory; exception fault-tolerant processing is added in the loading process: if the first-level bootstrap program is abnormal in verification, starting from the next first-level bootstrap program; if the secondary bootstrap program fails to be verified, loading and verifying the next secondary bootstrap program; and if the default system image file is wrong in verification, loading and verifying the first backup image file, and failing to load and verify the second backup image file.
Preferably, the backup number of the primary boot backup program is 3, and the backup number of the secondary boot backup program is 2.
Example two:
as shown in fig. 4, this embodiment provides an implementation manner of an embedded system boot path, where a set of primary boot program and 3 corresponding primary boot backup programs, a set of secondary boot program and 2 corresponding secondary boot backup programs are stored in a default system boot storage medium of the embedded system, and four sets of system image files (including 3 sets of system image backup files) are stored at the same time.
Meanwhile, the correctness checking function of loading files is added in the first-level bootstrap program and the second-level bootstrap program, so that the correctness of each level of loading program files is ensured, and the starting stability of the embedded system is improved.
Under normal conditions, the starting process of the system image file is as follows:
after the MPSoC chip is powered on, a ROM program searches a boot loader (a boot header file) of a default boot medium, starts an FSBL (a primary boot program), loads a check Uboot (a secondary boot program) file by the FSBL, and starts loading and checking a default image file (a system image file). I.e. path (1) → (→) (C) in FIG. 4;
under the abnormal condition, one starting process of the system image backup file is as follows:
in the above path, when a certain file is abnormal (e.g. MD5 fails to verify, is incorrect or incomplete), the start path of the system image backup file may be triggered. If the default image file of the system is damaged, the corresponding starting path is as follows: → ② → fourthly; if the first level bootstrap program has errors, the corresponding starting path is as follows: → → seventeen → eighty percent (left).
Example three:
as shown in fig. 5, this embodiment provides an embedded system, where the embedded system includes a system chip (MPSoC chip) and a system boot storage medium (Flash), and the system boot storage medium stores a boot program, and when the boot program runs, the system secure boot method based on the MPSoC chip as disclosed in the first embodiment or the second embodiment is executed.
Further, a globally unique identifier is stored on the system chip, and an electrically programmable fuse is disposed on the system chip.
After the system is powered on, a ROM program of the MPSoC chip searches a primary bootstrap program of a bootstrap medium, public keys (two groups of public keys generated by Hash) stored in a signature key verification CPU and bootstrap program calculation keys (PPK and SPK) are signed, the system is loaded and operated after the verification is passed, then a secondary bootstrap program is loaded and verified through the primary bootstrap program, the secondary bootstrap program loads and verifies a default system image file in Flash, and the operation is allowed to be started after the verification is correct.
The method realizes the safe starting of the system, the normal starting of the default system file and the starting of the backup system file in an abnormal state, reduces the risk that the system cannot be normally started due to non-legal programming and partial Flash file damage or modification, and improves the stability and the safety of the commercial embedded system.
Even if the data in the Flash and the public key value of the CPU are read and written into the imitation board, the system can not be started normally, thereby playing a good protection role for the safety of a commercial embedded system and effectively preventing the behavior of malicious copying.
The technical scheme of the present application is described in detail above with reference to the accompanying drawings, and the present application provides a system secure boot method based on an MPSoC chip, including: step 1, generating two groups of public keys by adopting an encryption algorithm according to a global unique identifier of a system chip, burning the two groups of public keys into the system chip, and fusing an electrically programmable fuse of the system chip; step 2, encrypting and packaging the primary bootstrap program according to the two groups of public keys, recording the primary bootstrap program as a primary bootstrap program, and generating and programming a multi-level bootstrap program to a system starting storage medium according to the primary bootstrap program, wherein the multi-level bootstrap program at least comprises two levels; and 3, after the embedded system is powered on, decrypting and checking the multi-level bootstrap program step by adopting a fault-tolerant processing method according to the global unique identifier, and starting one of a system image file and a system image backup file through the multi-level bootstrap program. Through the technical scheme in the application, the safety of the embedded system is improved, and the possibility that the system is imitated by the shoveling plate is greatly reduced.
The steps in the present application may be sequentially adjusted, combined, and subtracted according to actual requirements.
The units in the device can be merged, divided and deleted according to actual requirements.
Although the present application has been disclosed in detail with reference to the accompanying drawings, it is to be understood that such description is merely illustrative and not restrictive of the application of the present application. The scope of the present application is defined by the appended claims and may include various modifications, adaptations, and equivalents of the invention without departing from the scope and spirit of the application.
Claims (6)
1. A system security starting method based on MPSoC chip is characterized in that the method is suitable for starting an embedded system, the embedded system comprises a system chip and a system starting storage medium, a system image file and a system image backup file are stored in the system starting storage medium, and the method comprises the following steps:
step 1, generating two groups of public keys by adopting an encryption algorithm according to the global unique identifier of the system chip, burning the two groups of public keys into the system chip, and fusing an electrically programmable fuse of the system chip;
step 2, encrypting and packaging a primary bootstrap program according to the two groups of public keys, recording the primary bootstrap program as a primary bootstrap program, and generating and programming a multi-level bootstrap program to the system startup storage medium according to the primary bootstrap program, wherein the multi-level bootstrap program comprises a two-level bootstrap program and a corresponding bootstrap backup program, the two-level bootstrap program comprises the primary bootstrap program and a two-level bootstrap backup program, the bootstrap backup program comprises the primary bootstrap backup program and the secondary bootstrap backup program, and the backup number of the secondary bootstrap backup program is 2;
step 3, after the embedded system is powered on, according to the global unique identifier, a fault-tolerant processing method is adopted to decrypt and check the multi-stage bootstrap program step by step, and one of the system image file and the system image backup file is started through the multi-stage bootstrap program, wherein the step 3 specifically comprises:
step 31, after the embedded system is powered on, reading a start header file, and performing hash calculation on the primary bootstrap program according to the globally unique identifier and a first key, wherein the primary bootstrap program comprises the first key and an encrypted primary bootstrap program, the first key is a PPK key, and the PPK key is generated by the primary bootstrap program and two groups of public keys by adopting a secure hash algorithm;
step 32, according to the result of the hash calculation, performing decryption and first check on the primary bootstrap program by adopting a fault-tolerant processing method, when the first check is judged to pass, executing step 33, and when the first check is judged not to pass, executing step 31 again, and performing the hash calculation on the primary bootstrap backup program, wherein the first check is a PPK check;
step 33, performing a second check on the primary bootstrap according to a second secret key, executing step 34 when the second check is determined to pass, and re-executing step 31 when the second check is determined not to pass, and performing hash calculation on the primary bootstrap backup program, wherein the second secret key is an SPK secret key, the SPK secret key is generated by the primary bootstrap and the two sets of public keys by using a secure hash algorithm, and the second check is an SPK check;
step 34, performing a third verification on the secondary boot program, starting the system image file when the secondary boot program is determined to pass the third verification, acquiring the secondary boot backup program when the secondary boot program is determined not to pass the third verification,
when the secondary boot backup program is not acquired, generating and sending system startup abnormal information,
and when the secondary boot backup program is acquired, performing third verification on the secondary boot backup program, when the secondary boot backup program is judged to pass the third verification, starting the system image backup file, and when the secondary boot backup program is judged not to pass the third verification, acquiring the next secondary boot backup program.
2. The system secure booting method based on the MPSoC chip according to claim 1, wherein the step 2 specifically includes:
step 21, generating and storing a first key and a second key by adopting a secure hash algorithm according to the primary bootstrap program and the two groups of public keys;
step 22, encrypting the primary bootstrap program according to the two groups of public keys by adopting a ciphertext encryption algorithm;
and step 23, packaging the first key, the second key and the encrypted primary bootstrap program, and recording as the primary bootstrap program.
3. The MPSoC chip-based system secure booting method of claim 2, wherein the ciphertext encryption algorithm includes at least one of an AND operation, an OR operation, an add operation, a NOT operation, an AND operation, and a shift operation.
4. The method for secure booting of a system based on an MPSoC chip according to claim 1, wherein the number of the first-level boot backup program is 3.
5. An embedded system, comprising a system chip and a system boot storage medium, wherein the system boot storage medium has a boot program stored thereon, and when the boot program runs, the method for securely booting the system based on the MPSoC chip according to any one of claims 1 to 4 is performed.
6. The embedded system of claim 5, wherein the system-on-chip has a globally unique identifier stored thereon, and wherein the system-on-chip has electrically programmable fuses disposed thereon.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910646023.2A CN110363010B (en) | 2019-07-17 | 2019-07-17 | System safety starting method based on MPSoC chip |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910646023.2A CN110363010B (en) | 2019-07-17 | 2019-07-17 | System safety starting method based on MPSoC chip |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110363010A CN110363010A (en) | 2019-10-22 |
| CN110363010B true CN110363010B (en) | 2021-11-16 |
Family
ID=68220916
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910646023.2A Active CN110363010B (en) | 2019-07-17 | 2019-07-17 | System safety starting method based on MPSoC chip |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110363010B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110909316B (en) * | 2019-11-14 | 2023-05-09 | 武汉正维电子技术有限公司 | Encryption protection method for singlechip software and storage medium |
| CN111143854B (en) * | 2019-12-25 | 2021-11-30 | 眸芯科技(上海)有限公司 | Safe starting device, system and method of chip |
| CN113708921B (en) * | 2020-05-22 | 2023-05-09 | 华为技术有限公司 | Method and equipment for safe starting based on redundant cryptographic algorithm |
| CN112231709B (en) * | 2020-10-15 | 2022-12-16 | 中国电子科技集团公司第三十八研究所 | System safety design method with remote upgrading function |
| CN113642006A (en) * | 2021-08-30 | 2021-11-12 | 南方电网数字电网研究院有限公司 | Safe starting method of dual-core relay protection system |
| CN115934631B (en) * | 2022-12-30 | 2023-10-27 | 武汉麓谷科技有限公司 | Intelligent storage platform based on MPSoC |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102369535A (en) * | 2009-02-03 | 2012-03-07 | 费森尼斯医疗德国公司 | Device and method for preventing unauthorized use and/or manipulation of software |
| EP2506488A2 (en) * | 2011-03-28 | 2012-10-03 | Nxp B.V. | Secure dynamic on-chip key programming |
| CN104573528A (en) * | 2014-12-31 | 2015-04-29 | 湖南国科微电子有限公司 | Copy-prevented Soc starting method and chip thereof |
| US9230112B1 (en) * | 2013-02-23 | 2016-01-05 | Xilinx, Inc. | Secured booting of a field programmable system-on-chip including authentication of a first stage boot loader to mitigate against differential power analysis |
| CN107220547A (en) * | 2016-03-21 | 2017-09-29 | 展讯通信(上海)有限公司 | Terminal device and its startup method |
| CN108399339A (en) * | 2018-02-12 | 2018-08-14 | 广东为辰信息科技有限公司 | A kind of credible startup method based on safety chip |
| CN108664280A (en) * | 2017-03-31 | 2018-10-16 | 深圳市中兴微电子技术有限公司 | A kind of embedded system start method and device |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10613604B2 (en) * | 2016-12-22 | 2020-04-07 | Texas Instruments Incorporated | On chip power on reset with integrated supervisory functions for a functional safety system |
| CN109284114B (en) * | 2017-07-20 | 2022-07-12 | 深圳市中兴微电子技术有限公司 | Automatic burning method for programmable chip in embedded system |
-
2019
- 2019-07-17 CN CN201910646023.2A patent/CN110363010B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102369535A (en) * | 2009-02-03 | 2012-03-07 | 费森尼斯医疗德国公司 | Device and method for preventing unauthorized use and/or manipulation of software |
| EP2506488A2 (en) * | 2011-03-28 | 2012-10-03 | Nxp B.V. | Secure dynamic on-chip key programming |
| US9230112B1 (en) * | 2013-02-23 | 2016-01-05 | Xilinx, Inc. | Secured booting of a field programmable system-on-chip including authentication of a first stage boot loader to mitigate against differential power analysis |
| CN104573528A (en) * | 2014-12-31 | 2015-04-29 | 湖南国科微电子有限公司 | Copy-prevented Soc starting method and chip thereof |
| CN107220547A (en) * | 2016-03-21 | 2017-09-29 | 展讯通信(上海)有限公司 | Terminal device and its startup method |
| CN108664280A (en) * | 2017-03-31 | 2018-10-16 | 深圳市中兴微电子技术有限公司 | A kind of embedded system start method and device |
| CN108399339A (en) * | 2018-02-12 | 2018-08-14 | 广东为辰信息科技有限公司 | A kind of credible startup method based on safety chip |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110363010A (en) | 2019-10-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110363010B (en) | System safety starting method based on MPSoC chip | |
| FI114416B (en) | Method for securing the electronic device, the backup system and the electronic device | |
| US20060015754A1 (en) | E-fuses for storing security version data | |
| US11803366B2 (en) | Firmware updating system and method | |
| US11791984B2 (en) | Local ledger block chain for secure updates | |
| CN109445705B (en) | Firmware authentication method and solid state disk | |
| US20220358221A1 (en) | Local ledger block chain for secure electronic control unit updates | |
| TWI736075B (en) | Storage device | |
| CN104866768A (en) | Startup control method and device for ATM (Automatic Teller Machine) operating system | |
| US20210367781A1 (en) | Method and system for accelerating verification procedure for image file | |
| CN113553115A (en) | Starting method based on heterogeneous multi-core chip and storage medium | |
| KR101954439B1 (en) | Soc having double security features, and double security method for soc | |
| KR101988404B1 (en) | Soc having double security features, and double security method for soc | |
| CN113505363B (en) | Method and system for realizing memory space replay prevention through software mode | |
| CN111814208A (en) | Method for preventing fault injection during safe starting of soc security chip | |
| CN115357908B (en) | Network equipment kernel credibility measurement and automatic restoration method | |
| CN116775145A (en) | Method, device, equipment and storage medium for starting and recovering server | |
| CN117009976A (en) | Firmware loading control method, device and chip | |
| CN114444083B (en) | BMC-based server BIOS full life cycle safety protection system | |
| CN113486360B (en) | RISC-V based safe starting method and system | |
| CN114065218B (en) | SoC system chip safe starting method | |
| CN116431189B (en) | Board card upgrading method, device, equipment and storage medium based on PCIE link | |
| TWI824602B (en) | Electronic device and control method thereof | |
| WO2021184712A1 (en) | Software upgrading method and device | |
| CN117472465A (en) | System-on-chip secure starting method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |