CN112231649A - Firmware encryption processing method, device, equipment and medium - Google Patents

Firmware encryption processing method, device, equipment and medium Download PDF

Info

Publication number
CN112231649A
CN112231649A CN202011119023.6A CN202011119023A CN112231649A CN 112231649 A CN112231649 A CN 112231649A CN 202011119023 A CN202011119023 A CN 202011119023A CN 112231649 A CN112231649 A CN 112231649A
Authority
CN
China
Prior art keywords
key
firmware
information
address information
application program
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011119023.6A
Other languages
Chinese (zh)
Inventor
廖秋华
朱玉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Netum Intelligent Guangzhou Technology Co ltd
Original Assignee
Netum Intelligent Guangzhou Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Netum Intelligent Guangzhou Technology Co ltd filed Critical Netum Intelligent Guangzhou Technology Co ltd
Priority to CN202011119023.6A priority Critical patent/CN112231649A/en
Publication of CN112231649A publication Critical patent/CN112231649A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/101Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities
    • G06F21/1011Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities to devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/107License processing; Key processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • G06F21/125Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code

Abstract

The invention discloses a firmware encryption processing method, a device, equipment and a medium, which relate to the technical field of encryption, and the firmware encryption processing method comprises the following steps: acquiring key address information stored in a start loading area; determining whether the firmware is encrypted according to the key address information; if the firmware is not encrypted, encrypting the equipment identity information through an encryption algorithm to obtain key information; and storing the key information into a key area corresponding to the key address information. The embodiment of the invention increases the safety without increasing the cost and the operation difficulty.

Description

Firmware encryption processing method, device, equipment and medium
Technical Field
The embodiment of the invention relates to the technical field of encryption, in particular to a firmware encryption processing method, device, equipment and medium.
Background
Firmware (Firmware) refers to a device "driver" stored inside a device, and through the Firmware, an operating system can implement operation of a specific machine according to a standard device driver, for example, an optical disc drive, a recorder, etc. have internal Firmware.
In actual processing, the firmware is typically encrypted using a software encryption method. At present, the software encryption method generally adopts the following modes in the processing of an encryption algorithm:
firstly, an encryption algorithm is stored in an external secure storage chip, which increases the chip cost, and because communication with the external secure storage chip is required, Input Output (IO) port resources of a Micro Control Unit (MCU) are consumed;
secondly, the encryption algorithm is directly stored in a boot loader (Bootloader), and if the firmware is read out, the risk of decompiling and cracking is high;
thirdly, an encryption algorithm is edited by a downloading tool, and an application key AppKey is written into the program at the same time, but the difficulty of burning operation is increased by the method.
Disclosure of Invention
In view of the above, the present invention provides a firmware encryption processing method, apparatus, device and medium, so as to increase security without increasing cost and operation difficulty.
In a first aspect, an embodiment of the present invention provides a firmware encryption processing method, including:
acquiring key address information stored in a start loading area;
determining whether the firmware is encrypted according to the key address information;
if the firmware is not encrypted, encrypting the equipment identity information through an encryption algorithm to obtain key information;
and storing the key information into a key area corresponding to the key address information.
Optionally, determining whether the firmware is encrypted according to the key address information includes:
judging whether the key address information meets the write operation requirement of the flash memory;
and if the key address information meets the write operation requirement of the flash memory, determining that the firmware is not encrypted.
Optionally, the firmware encryption processing method further includes:
when the key address information does not meet the write operation requirement of the flash memory, determining that the firmware is encrypted, and performing key verification according to the key address information;
and after the key verification is passed, starting the user application program.
Optionally, the performing key verification according to the key address information includes:
acquiring key information based on the key address information;
a decryption algorithm is called to decrypt the key information to obtain decryption result information;
and if the decryption result information is matched with the equipment identity information, determining that the key verification is passed.
Optionally, after obtaining the decryption result information, the method further includes: judging whether the decryption result information is matched with the equipment identity information; and if the decryption result information is not matched with the equipment identity information, determining that the key verification is wrong.
Optionally, before the starting the user application, the method further includes:
running a starting loading program;
judging whether the application program interface is in an upgrading mode or not through the starting loading program;
if the mode is the application program interface upgrading mode, starting an application program interface upgrading program; otherwise, the user application is launched.
Optionally, after the user application is started, the method further includes:
verifying whether the key information corresponding to the key address information is correct or not through the user application program;
if the key information is correct, detecting whether the encryption algorithm is erased;
if the encryption algorithm is not erased, writing default parameters after erasing the whole page of storage space where the encryption algorithm is located so as to operate the user application program according to the default parameters;
and if the encryption algorithm is erased, reading the data parameters stored in the data storage area so as to operate the user application program according to the read data parameters.
In a second aspect, an embodiment of the present invention further provides a firmware encryption processing apparatus, including:
the key address acquisition module is used for acquiring key address information stored in the start loading area;
the firmware encryption determining module is used for determining whether the firmware is encrypted according to the key address information;
the firmware encryption module is used for encrypting the equipment identity information through an encryption algorithm when the firmware is not encrypted to obtain key information;
and the key information storage module is used for storing the key information into the key area corresponding to the key address information.
In a third aspect, an embodiment of the present invention further provides an electronic device, including: the method comprises the following steps: a processor and a memory; the memory has stored therein at least one instruction that, when executed by the processor, causes the electronic device to perform the firmware encryption processing method of the first aspect.
In a fourth aspect, the embodiment of the present invention further provides a computer-readable storage medium, where instructions in the computer-readable storage medium, when executed by a processor of a device, enable the device to perform the firmware encryption processing method according to the first aspect.
According to the embodiment of the invention, the key address information stored in the start loading area is obtained, and whether the firmware is encrypted is determined according to the key address information, so that the encryption can be carried out according to the encryption algorithm when the firmware is not encrypted, and then the encrypted key information is stored in the key area corresponding to the key address information, so that the purpose of encrypting the firmware is achieved, an external encryption chip is not needed, the problem that the cost is increased due to the fact that the encryption algorithm is stored in the external encryption chip in the prior art is solved, exposed communication signals are not generated, the risk that encrypted read-write communication is grabbed is reduced, the encryption safety is improved, the trouble that the encryption algorithm is edited by a burner in the prior art is avoided, and the problem that the burning operation difficulty is large due to the fact that the encryption algorithm is edited by the burner in.
Drawings
Fig. 1 is a flowchart illustrating steps of a firmware encryption processing method according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating steps of a firmware encryption processing method according to an alternative embodiment of the present invention;
FIG. 3 is a flow diagram of a firmware encryption processing method according to an alternative example of the present invention;
fig. 4 is a block diagram of a firmware encryption processing apparatus according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an electronic device in an example of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Firmware encryption is generally divided into hardware encryption and software encryption. The hardware encryption is to prevent the internal firmware from being read out by configuring Option (Option) bytes through the read-write prevention function of the MCU; software encryption generally carries out certain calculation and unidirectional encryption through 96-bit equipment unique codes (ID) inside an MCU (microprogrammed control unit), obtains a unique application key AppKey and stores the unique application key AppKey in a Flash memory (Flash, when the APP is operated, the key AppKey at the position of the Flash is read, the read key AppKey is compared with the calculated key AppKey to judge whether the read key AppKey is the same as the calculated key AppKey or not, if the read key AppKey is the same as the calculated key, the software encryption normally operates, and if the read key AppKey is different from the calculated key, the software encryption quits.
In order to overcome the defects of the existing software encryption scheme, embodiments of the present invention provide a new firmware encryption processing method, apparatus, device, and medium, in which key address information stored in a Bootloader area is obtained to determine whether a firmware is encrypted according to the key address information, so that the firmware can be encrypted according to an encryption algorithm when the firmware is not encrypted, and the encrypted key information can be stored in a key area corresponding to the key address information.
Referring to fig. 1, a flowchart illustrating steps of a firmware encryption processing method according to an embodiment of the present invention is shown, where the embodiment is applicable to a firmware encryption processing situation, and the method may be executed by a firmware encryption processing apparatus, and specifically includes the following steps:
step 110, key address information stored in the boot load area is obtained.
The key address information may refer to an address for storing the key, for example, a segment of memory space for storing the key in the Bootloader area. In a specific implementation, a segment of memory space in the Bootloader area can be used as an address for storing a key AppKey during the first running of the program, so that whether the firmware is encrypted can be determined by the key AppKey address during the running of the program.
Step 120, determining whether the firmware is encrypted according to the key address information.
Specifically, in this embodiment, after the boot loader is started, key address information in the Bootloader area may be obtained, so as to determine whether the firmware is encrypted based on the key address information. If the firmware is judged to be encrypted, jumping to a user program section area so as to run the user application program after an application program Code (APP Code) verifies that a key AppKey is correct; otherwise, a jump may be made to an encryption (Encrypt) program segment to be encrypted by an encryption algorithm, i.e., step 130 is performed.
Step 130, if the firmware is not encrypted, encrypting the equipment identity information through an encryption algorithm to obtain key information.
Specifically, when the firmware is not encrypted, the device identity information may be obtained, and the device identity information may be encrypted into a ciphertext by an encryption algorithm to be used as the key information. The device identity information may include a unique User Identity (UID) information of the device, such as a device serial number, and the like, which is not specifically limited in this embodiment.
Step 140, storing the key information into the key area corresponding to the key address information.
The key area corresponding to the key address information may refer to an area determined according to the key address information, and may specifically include a storage space determined according to the key address information. Specifically, after the key information is obtained by encryption, the key information may be stored in the key area corresponding to the key address information according to the key address information, so that the subsequent program can be verified through the key information stored in the key area when being started, thereby achieving the purpose of firmware encryption.
Therefore, the embodiment of the invention obtains the key address information stored in the start loading area, and determines whether the firmware is encrypted according to the key address information, so that the firmware can be encrypted according to the encryption algorithm when the firmware is not encrypted, and then the encrypted key information is stored in the key area corresponding to the key address information, thereby achieving the purpose of encrypting the firmware.
In the actual processing, a section of storage space in the start loading area can be set as the address of the storage key applied for the first time of program operation according to the write operation requirement of the Flash memory (Flash), so that whether the firmware is encrypted can be determined by judging whether the address of the storage key applied accords with the write operation requirement of the Flash memory (Flash) after the start loading program is started. Optionally, the determining whether the firmware is encrypted according to the key address information in the embodiment of the present invention may include: judging whether the key address information meets the write operation requirement of the flash memory; if the key address information meets the write operation requirement of the flash memory, it is determined that the firmware is not encrypted, and then step 130 and step 140 can be executed to encrypt the firmware, so as to achieve the purpose of encrypting the firmware. If the key address information does not meet the write operation requirement of the flash memory, the firmware can be ensured to be encrypted, and then key verification can be carried out so as to start the user program after the key verification is passed.
Further, on the basis of the foregoing embodiment, the firmware encryption processing method provided in the embodiment of the present invention may further include: when the key address information does not meet the write operation requirement of the flash memory, determining that the firmware is encrypted, and performing key verification according to the key address information; and after the key verification is passed, starting the user application program.
Optionally, in this embodiment, after the user program is started, whether the key information is correct may also be verified through the user application program, so that the user application program is run after the key information is verified to be correct, and the running is exited when the key information is incorrect, that is, the user application program is exited when the key information is verified to be incorrect. Further, after the user application is started, the method may further include: verifying whether the key information corresponding to the key address information is correct or not through the user application program; if the key information is correct, detecting whether the encryption algorithm is erased; if the encryption algorithm is not erased, writing default parameters after erasing the whole page of storage space where the encryption algorithm is located so as to operate the user application program according to the default parameters; and if the encryption algorithm is erased, reading the data parameters stored in the data storage area so as to operate the user application program according to the read data parameters.
In actual processing, when a user application program starts to run, Data parameters are usually initialized or Data parameters stored in a Data storage area (Data storage area) are read, so as to run according to the Data parameters obtained after initialization or the read Data. In the embodiment, after the key information is verified to be correct, whether the encryption algorithm is erased or not can be determined by detecting the erasure Flag (Erase Flag) parameter, so that the erasure is determined when the Erase Flag parameter is detected, then the whole page of storage space where the encryption algorithm is located can be erased, and the initialized default parameter is stored, so that the encryption algorithm is erased when the encryption algorithm is operated for the first time, and the encryption security is ensured. The default parameters may include various parameter data written after initialization, which is not limited in this embodiment.
Referring to fig. 2, a flowchart illustrating steps of a firmware encryption processing method according to an alternative embodiment of the present invention is shown. The firmware encryption processing method specifically comprises the following steps:
step 210, key address information stored in the boot load area is obtained.
Specifically, after the boot loader is started, the key address information stored in the boot load area may be acquired by the boot loader.
Step 220, judging whether the key address information meets the write operation requirement of the flash memory.
Specifically, after the key address information is obtained, whether the firmware is encrypted may be determined by determining whether the key address information meets the flash memory write operation requirement. If the key address information meets the flash memory write operation requirement, it is determined that the firmware is not encrypted, and then step 230 may be performed to encrypt through an encryption algorithm; otherwise, it may be determined that the firmware is encrypted and execution may then jump to step 240 to run the user application upon key verification.
And step 230, when the key address information meets the write operation requirement of the flash memory, encrypting the equipment identity information through an encryption algorithm to obtain key information, and storing the key information into a key area corresponding to the key address information.
For example, when the program runs for the first time, the boot loader can judge that the first address information in the key address information is all 0xFF, namely, the key address information meets the requirement of MCU Flash write operation, then can jump to an encryption program (Encrypt) section, calculate a series of data through an encryption algorithm according to the unique UID of the device, and can store the series of data in a cipher text form in a key area to be used as a key Apkey, and can clear the first address information in the key address information, so that the next time the program runs without transferring to the Encrypt program. It should be noted that, under the requirement of the MCU Flash write operation, a non-0 xFF region needs to be erased and then written in a whole page; further, data starting with 0x represents 16 bins, with 0xff being converted to a decimal of 255.
And step 240, when the key address information does not meet the write operation requirement of the flash memory, determining that the firmware is encrypted, and performing key verification according to the key address information.
Specifically, in this embodiment, when it is determined that the key address information does not satisfy the flash memory write operation requirement, it may be determined that the firmware is encrypted, and corresponding key information may be obtained based on the key address information, that is, the key information of the firmware is obtained, so as to perform key verification by using the key information, so that the user application program may be started after the key verification is correct, that is, step 250 is performed. For example, with reference to the above example, after the boot loader determines that the first address information in the key address information does not satisfy the flash memory write operation requirement, the user application program may be run after the key APP sequence is verified to be correct by the APP Code by jumping to the APP Code region of the user program segment.
Further, the performing of the key verification according to the key address information in this embodiment may specifically include: acquiring key information based on the key address information; a decryption algorithm is called to decrypt the key information to obtain decryption result information; and if the decryption result information is matched with the equipment identity information, determining that the key verification is passed. If the decryption result information does not match the device identity information, it may be determined that the key check fails, i.e., the key check is incorrect, and then the program may be restarted. Optionally, after obtaining the decryption result information, this embodiment may further include: judging whether the decryption result information is matched with the equipment identity information; and if the decryption result information is not matched with the equipment identity information, determining that the key verification is wrong.
After the key verification is passed, the user application is started, step 250.
Specifically, in the embodiment of the present invention, after the key verification passes, the boot loader may be run, so that the boot loader is run to determine that the boot loader is the Application Program Interface (API) upgrade mode, and further, the user Application may be started in the non-API upgrade mode.
Further, before the starting the user application program, the firmware encryption processing method provided in this embodiment may further include: running a starting loading program; judging whether the application program interface is in an upgrading mode or not through the starting loading program; if the mode is the application program interface upgrading mode, starting an application program interface upgrading program; otherwise, the user application is launched. It can be seen that, in the embodiment of the present invention, after the key is correctly verified, whether the current program mode is the API upgrade mode may be determined by running the start loader, so that the API upgrade program may be started in the API upgrade mode to perform API upgrade, and when the previous program mode is not the API upgrade mode, the user application program is started, and then step 260 is executed.
And step 260, verifying whether the key information corresponding to the key address information is correct through the user application program.
Specifically, in this embodiment, after the user application program is started, the key information corresponding to the key address information may be obtained by the user application program, and whether the key information is correct or not is verified, so that the key is verified again by the user application program, thereby increasing security.
For example, in the case where the boot loader verifies that the first half of the key information is correct, the user application may verify whether the second half of the key information is correct according to the device identity information, such as comparing the second half of the decrypted information obtained after decrypting the key information with the second half of the device identity information, to determine whether the decrypted information obtained after decrypting the key information matches the device identity information. If the latter half of the decrypted information is different from the latter half of the device identity information, it may be determined that the decrypted information obtained after the decryption of the key information is not matched with the device identity information, and it may be further determined that the key information is wrong, that is, the key information is failed to be verified, and then the program operation may be exited, for example, the user application program operation may be exited, and the following steps are not performed, that is, step 270, step 280, and step 290 are not performed. If the second half of the decrypted information is the same as the second half of the device identity information, it may be determined that the decrypted information obtained after the key information is decrypted matches the device identity information, and it may be further determined that the key information is correct, and then step 270 is performed.
Step 270, when the key information is correct, detecting whether the encryption algorithm is erased.
Specifically, after the user application program verifies that the password information is correct, whether the encryption algorithm needs to be deleted can be determined by detecting the deletion flag parameter. If the deletion flag parameter is detected, it can be determined that the encryption algorithm needs to be deleted currently, i.e. the encryption algorithm is not erased, and then step 280 is performed. If the deletion flag parameter is not detected, it can be determined that the encryption algorithm is not currently deleted, i.e., the encryption algorithm is erased, and then execution can jump to step 290.
Step 280, if the encryption algorithm is not erased, writing default parameters after erasing the whole page of storage space where the encryption algorithm is located, so as to run the user application program according to the default parameters.
Specifically, when the encryption algorithm is not erased, the encryption algorithm may be deleted by erasing the entire page of storage space where the encryption algorithm is located, and then writing the initialized default parameter into the data storage area, so as to run the user application program according to the written default parameter, thereby achieving the purpose of running the user application program.
Step 290, if the encryption algorithm is erased, reading the data parameters stored in the data storage area, so as to run the user application program according to the read data parameters.
Specifically, in the present embodiment, under the condition that the encryption algorithm is erased, the data parameters stored in the data storage area may be directly read, so as to run the user application program according to the data parameters stored in the data storage area, thereby achieving the purpose of running the user application program.
As an example of the present invention, a section of storage space in the Bootloader area may be preset to 0xFF according to the requirement of MCU Flash write operation, so as to serve as an address where a program first runs a storage key Appkey; optionally, the storage address of the encryption algorithm may also be placed in the Flash space, for example, the storage address of the encryption algorithm may be placed in a parameter data storage area at the tail of Flash, so that the encryption algorithm is erased after the first operation, thereby ensuring the security of encryption.
Specifically, when the program runs for the first time, the boot loader can judge whether the first addresses of the key Appkey are all 0 xFF; if the initial addresses of the key Appkey are all 0xFF, jumping to an encryption (Encrypt) program segment, calculating a series of data according to the unique UID of the equipment, storing the data in a key Appkey area as key information, and clearing the initial address of the key Appkey so that the key Appkey cannot be switched into the Encrypt program to run when the key is run next time; if the initial address of the key Apkey is not all 0xFF, the user program segment APP Code area can be jumped into, the user application program is operated after the APP Code verifies that the key Apkey sequence is correct, and the operation is quitted when the key Apkey sequence is verified to be incorrect.
For example, as shown in fig. 3, after the boot loader in the boot loading area is started, it may be determined whether the firmware is encrypted; if the firmware is not encrypted, the key series data can be stored in the key area through an encryption algorithm, and if the encrypted equipment identity information is stored in the key area, the program can be restarted, namely, the loading program is restarted; if the firmware is encrypted, performing key verification to judge whether the key verification is correct, further running a starting loading program after the key verification is correct, and restarting the program when the key verification is incorrect, namely restarting the program when the key verification is wrong.
After the loading program is started to run, whether the loading program is in the application program interface upgrading mode can be judged, so that the application program code area is entered to start the user application program when the loading program is not in the application program interface upgrading mode, and the application program interface upgrading program is started when the loading program is in the application program interface mode.
After the user application program is started, whether the key verification is correct or not can be judged, so that data parameter initialization is carried out after the key verification is correct, and the program operation is quitted when the key verification is wrong.
In the process of initializing the data parameters, whether the encryption algorithm is deleted or not can be judged by detecting the parameters of a deletion Flag (Erase Flag); if the Erase Flag parameter is detected, the encryption algorithm can be determined not to be deleted, then the whole page storage space where the encryption algorithm is located can be erased firstly, and the initialized default parameter is written in, so that the user application program can be operated according to the written default parameter; if the Erase Flag parameter is not detected, it may be determined that the encryption algorithm is deleted, and then the Data parameter may be read, for example, the Data parameter stored in the Data Storage Area (Data Storage Area) may be read, so that the user application may be run according to the read Data parameter.
In summary, the embodiment of the invention stores the encryption algorithm in the Flash storage space inside the MCU, so that the encryption algorithm can be erased after the first operation, and the encryption security is ensured; compared with the encryption algorithm edited by the burner in the prior art, the embodiment of the invention can flexibly control the complexity of the encryption algorithm and the order without increasing the burning operation difficulty, thereby further increasing the encryption security.
In addition, the embodiment of the invention has no exposed communication signal, and compared with the method for storing the encryption algorithm by an external encryption chip in the prior art, the method reduces the risk of capturing the encrypted read-write communication without increasing the cost.
Referring to fig. 4, a block diagram of a firmware encryption processing apparatus according to an embodiment of the present invention is shown, where the firmware encryption processing apparatus may specifically include the following modules:
a key address obtaining module 410, configured to obtain key address information stored in the boot load area;
a firmware encryption determining module 420, configured to determine whether the firmware is encrypted according to the key address information;
the firmware encryption module 430 is configured to encrypt the device identity information through an encryption algorithm when the firmware is not encrypted, so as to obtain key information;
and a key information storing module 440, configured to store the key information into a key area corresponding to the key address information.
On the basis of the above embodiment, optionally, the firmware encryption determining module 420 may include the following sub-modules:
the judgment submodule is used for judging whether the key address information meets the write operation requirement of the flash memory;
and the unencrypted determining submodule is used for determining that the firmware is unencrypted when the key address information meets the write operation requirement of the flash memory.
Optionally, the firmware encryption processing apparatus further includes the following modules:
the key verification module is used for determining that the firmware is encrypted when the key address information does not meet the write operation requirement of the flash memory and verifying a key according to the key address information;
and the user application program starting module is used for starting the user application program after the key verification is passed.
Optionally, the key checking module includes the following sub-modules:
a key obtaining submodule for obtaining key information based on the key address information;
the decryption submodule is used for calling a decryption algorithm to decrypt the key information to obtain decryption result information;
and the verification passing sub-module is used for determining that the key passes verification when the decryption result information is matched with the equipment identity information.
On the basis of the above embodiment, optionally, the key verification module further includes the following sub-modules:
the judgment submodule is used for judging whether the decryption result information is matched with the equipment identity information or not after the decryption submodule obtains the decryption result information;
and the error checking submodule is used for determining the key error check when the decryption result information is not matched with the equipment identity information.
Optionally, the firmware encryption processing apparatus further includes the following modules:
the starting loading program running module is used for running the starting loading program before the user application program starting module starts the user application program;
the interface upgrading mode judging module is used for judging whether the interface upgrading mode is the application program interface upgrading mode or not through the starting loading program; if the mode is the application program interface upgrading mode, triggering an interface upgrading program module to start an application program interface upgrading program; otherwise, triggering the user application program starting module to start the user application program;
and the interface upgrading program module is used for starting the application program interface upgrading program.
Optionally, the firmware encryption processing apparatus further includes the following modules:
the key verification module is used for verifying whether the key information corresponding to the key address information is correct or not through the user application program after the user application program is started by the user application program starting module;
the encryption algorithm detection module is used for detecting whether the encryption algorithm is erased or not when the key information is correct;
the default parameter writing module is used for writing default parameters after the encryption algorithm is not erased and the whole page of storage space where the encryption algorithm is located is erased so as to trigger the user application program running module to run the user application program according to the default parameters;
the data parameter reading module is used for reading the data parameters stored in the data storage area when the encryption algorithm is erased so as to trigger the user application program running module to run the user application program according to the read data parameters;
and the user application program running module is used for running the user application program according to the default parameters or the data parameters.
It should be noted that the firmware encryption processing apparatus described above can execute the firmware encryption processing method provided by any embodiment of the present invention, and has the corresponding functions and advantages of the execution method.
In a specific implementation, the firmware encryption processing apparatus may be integrated in an electronic device. The electronic device may be formed by two or more physical entities, or may be formed by one physical entity, for example, the electronic device may be a Personal Computer (PC), a smart phone, a tablet Computer, a server, and the like, which is not limited in this embodiment.
Further, an embodiment of the present invention further provides an electronic device, including: a processor and a memory. At least one instruction is stored in the memory, and the instruction is executed by the processor, so that the electronic device executes the firmware encryption processing method in the embodiment of the method.
Referring to fig. 5, a schematic structural diagram of an electronic device in one example of the invention is shown. As shown in fig. 5, the electronic device may specifically include: a processor 50, a memory 51 and a communication device 52. The number of the processors 50 in the electronic device may be one or more, and one processor 50 is taken as an example in fig. 5. The number of the memory 51 in the electronic device may be one or more, and one memory 51 is taken as an example in fig. 5. The processor 50, the memory 51 and the communication device 52 of the electronic apparatus may be connected by a bus or other means, and fig. 5 illustrates the connection by the bus as an example.
The memory 51 is a computer-readable storage medium, and can be used for storing software programs, computer-executable programs, and modules, such as program instructions/modules corresponding to the firmware encryption processing method according to any embodiment of the present invention (for example, the key address obtaining module 410, the firmware encryption determining module 420, the firmware encryption module 430, the key information storing module 440, and the like in the above-mentioned firmware encryption processing apparatus). The memory 51 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating device, an application program required for at least one function; the storage data area may store data created according to use of the electronic device, and the like. Further, the memory 51 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some examples, the memory 51 may further include memory located remotely from the processor 50, which may be connected to the electronic device through a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The communication device 52 is used for establishing a communication connection with other devices, and may be a wired communication device and/or a wireless communication device.
The processor 50 executes various functional applications and data processing of the electronic device by executing software programs, instructions, and modules stored in the memory 51, that is, implements the firmware encryption processing method described above. Specifically, in the embodiment, when the processor 50 executes one or more programs stored in the memory 51, the following operations are specifically implemented: acquiring key address information stored in a start loading area; determining whether the firmware is encrypted according to the key address information; if the firmware is not encrypted, encrypting the equipment identity information through an encryption algorithm to obtain key information; and storing the key information into a key area corresponding to the key address information.
Embodiments of the present invention further provide a computer-readable storage medium, where instructions in the computer-readable storage medium, when executed by a processor of an electronic device, enable the electronic device to perform the firmware encryption processing method according to the foregoing method embodiment. Illustratively, the firmware encryption processing method includes: acquiring key address information stored in a start loading area; determining whether the firmware is encrypted according to the key address information; if the firmware is not encrypted, encrypting the equipment identity information through an encryption algorithm to obtain key information; and storing the key information into a key area corresponding to the key address information.
It should be noted that, in the present specification, the embodiments are all described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments may be referred to each other. For simplicity of explanation, the method embodiments are described as a series of acts or combinations, but those skilled in the art will appreciate that the embodiments are not limited by the order of acts described, as some steps may occur in other orders or concurrently with other steps in accordance with the embodiments of the invention. For the system, apparatus, and media embodiments, because they are substantially similar to the method embodiments, the description is relatively simple, and for related parts, reference may be made to some descriptions of the method embodiments.
From the above description of the embodiments, it is obvious for those skilled in the art that the present invention can be implemented by software and necessary general hardware, and certainly, can also be implemented by hardware, but the former is a better embodiment in many cases. It should be noted that, the units and modules included in the above embodiments are merely divided according to functional logic, but are not limited to the above division as long as the corresponding functions can be implemented; in addition, specific names of the functional units are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present invention.
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.

Claims (10)

1. A firmware encryption processing method, comprising:
acquiring key address information stored in a start loading area;
determining whether the firmware is encrypted according to the key address information;
if the firmware is not encrypted, encrypting the equipment identity information through an encryption algorithm to obtain key information;
and storing the key information into a key area corresponding to the key address information.
2. The firmware encryption processing method according to claim 1, wherein determining whether the firmware is encrypted based on the key address information includes:
judging whether the key address information meets the write operation requirement of the flash memory;
and if the key address information meets the write operation requirement of the flash memory, determining that the firmware is not encrypted.
3. The firmware encryption processing method according to claim 2, further comprising:
when the key address information does not meet the write operation requirement of the flash memory, determining that the firmware is encrypted, and performing key verification according to the key address information;
and after the key verification is passed, starting the user application program.
4. The firmware encryption processing method according to claim 3, wherein the performing key verification according to the key address information includes:
acquiring key information based on the key address information;
a decryption algorithm is called to decrypt the key information to obtain decryption result information;
and if the decryption result information is matched with the equipment identity information, determining that the key verification is passed.
5. The firmware encryption processing method according to claim 4, further comprising, after obtaining the decryption result information:
judging whether the decryption result information is matched with the equipment identity information;
and if the decryption result information is not matched with the equipment identity information, determining that the key verification is wrong.
6. The firmware encryption processing method according to claim 3, further comprising, before the starting of the user application program:
running a starting loading program;
judging whether the application program interface is in an upgrading mode or not through the starting loading program;
if the mode is the application program interface upgrading mode, starting an application program interface upgrading program; otherwise, the user application is launched.
7. The firmware encryption processing method according to any one of claims 3 to 6, further comprising, after the starting of the user application program:
verifying whether the key information corresponding to the key address information is correct or not through the user application program;
if the key information is correct, detecting whether the encryption algorithm is erased;
if the encryption algorithm is not erased, writing default parameters after erasing the whole page of storage space where the encryption algorithm is located so as to operate the user application program according to the default parameters;
and if the encryption algorithm is erased, reading the data parameters stored in the data storage area so as to operate the user application program according to the read data parameters.
8. A firmware encryption processing apparatus, comprising:
the key address acquisition module is used for acquiring key address information stored in the start loading area;
the firmware encryption determining module is used for determining whether the firmware is encrypted according to the key address information;
the firmware encryption module is used for encrypting the equipment identity information through an encryption algorithm when the firmware is not encrypted to obtain key information;
and the key information storage module is used for storing the key information into the key area corresponding to the key address information.
9. An electronic device, comprising: the method comprises the following steps: a processor and a memory;
the memory has stored therein at least one instruction that, when executed by the processor, causes the electronic device to perform the firmware encryption processing method of any one of claims 1 to 7.
10. A computer-readable storage medium, wherein instructions in the readable storage medium, when executed by a processor of a device, enable the device to perform the firmware encryption processing method of any one of claims 1 to 7.
CN202011119023.6A 2020-10-19 2020-10-19 Firmware encryption processing method, device, equipment and medium Pending CN112231649A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011119023.6A CN112231649A (en) 2020-10-19 2020-10-19 Firmware encryption processing method, device, equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011119023.6A CN112231649A (en) 2020-10-19 2020-10-19 Firmware encryption processing method, device, equipment and medium

Publications (1)

Publication Number Publication Date
CN112231649A true CN112231649A (en) 2021-01-15

Family

ID=74118748

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011119023.6A Pending CN112231649A (en) 2020-10-19 2020-10-19 Firmware encryption processing method, device, equipment and medium

Country Status (1)

Country Link
CN (1) CN112231649A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116933295A (en) * 2023-09-15 2023-10-24 北京光润通科技发展有限公司 FPGA firmware encryption method and device
CN117131519A (en) * 2023-02-27 2023-11-28 荣耀终端有限公司 Information protection method and equipment

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117131519A (en) * 2023-02-27 2023-11-28 荣耀终端有限公司 Information protection method and equipment
CN116933295A (en) * 2023-09-15 2023-10-24 北京光润通科技发展有限公司 FPGA firmware encryption method and device

Similar Documents

Publication Publication Date Title
US10931451B2 (en) Securely recovering a computing device
US9898368B1 (en) Computing device with recovery mode
US8254568B2 (en) Secure booting a computing device
US8826405B2 (en) Trusting an unverified code image in a computing device
CN111832013A (en) Firmware upgrading method and device
KR101875866B1 (en) Method and server for checking weak point of mobile application
CN105934751B (en) Data erasure for target devices
CN109858267B (en) Firmware automatic encryption method and device based on solid state disk and computer equipment
JP2011210129A (en) Storage device, data processing device, registration method, and computer program
CN110874467B (en) Information processing method, device, system, processor and storage medium
US20160004648A1 (en) Data erasing apparatus, data erasing method, and computer-readable storage medium
US20210367781A1 (en) Method and system for accelerating verification procedure for image file
CN112231649A (en) Firmware encryption processing method, device, equipment and medium
US20020169976A1 (en) Enabling optional system features
EP3454216B1 (en) Method for protecting unauthorized data access from a memory
CN106951771B (en) Mobile terminal using method of android operating system
de Assumpção et al. Forensic method for decrypting TPM-protected BitLocker volumes using Intel DCI
CN115688120A (en) Secure chip firmware importing method, secure chip and computer readable storage medium
CN110990840A (en) Method and device for starting equipment
CN115599407B (en) Firmware burning method, firmware burning system and memory storage device
KR20230082388A (en) Apparatus for verifying bootloader of ecu and method thereof
CN113420340A (en) Information recording device, computer equipment and information recording method
CN114417320A (en) System starting method and device
CN117971283A (en) Firmware upgrading method of graphic processor, terminal equipment and storage medium
CN116257839A (en) Method for upgrading signature firmware, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination