CN113343245B - Chip secure starting method, secure chip and receiver thereof - Google Patents
Chip secure starting method, secure chip and receiver thereof Download PDFInfo
- Publication number
- CN113343245B CN113343245B CN202110584436.XA CN202110584436A CN113343245B CN 113343245 B CN113343245 B CN 113343245B CN 202110584436 A CN202110584436 A CN 202110584436A CN 113343245 B CN113343245 B CN 113343245B
- Authority
- CN
- China
- Prior art keywords
- chip
- starting
- firmware
- authorization code
- fails
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a chip safe starting method, which comprises executing bottom layer initialization codes; acquiring a chip starting mode and initializing; reading eFuse data, judging and recording ID; obtaining an authorization code ciphertext, decryption and verification from a storage medium; comparing the obtained chip ID; loading a firmware file header from a storage medium and verifying; loading firmware encrypted data, checking and extracting a chip ID; comparing the chip ID; setting a chip Rom; and executing the firmware of the chip to finish the starting. The invention also discloses a chip started by adopting the chip safe starting method, and a receiver comprising the chip safe starting method and the safe chip. The invention ensures the reliability and safety of the chip starting process by innovating the starting process of the chip, and is suitable for any chip and occasion with strict safety requirements on starting.
Description
Technical Field
The invention belongs to the field of chip design, and particularly relates to a chip safe starting method, a safe chip and a receiver thereof.
Background
With the development of economic technology and the improvement of living standard of people, the chip is widely applied to the production and the life of people, and brings endless convenience to the production and the life of people.
The execution process of any chip is summarized, and the starting is the premise for guaranteeing the subsequent work of the chip. If the boot loader software of the chip is modified, a series of security problems can result. For this reason, a secure way needs to be taken to start the chip.
At present, a commonly used chip secure boot scheme generally stores a plurality of secure keys in an eFuse of a chip; while a secure RSA public key requires 2048 bits, multiple eFuses are combined in the chip (usually, the eFuses occupy bits in the range of 256 to 2048), which significantly increases the cost of the chip. In addition, the chip ROM stores the code for loading the secondary boot, and the code is visible in JTAG mode, which undoubtedly exposes the security key in the eFuse, so that the chip has a security risk.
Disclosure of Invention
One of the objectives of the present invention is to provide a secure chip starting method with high reliability, good security and wide application range.
The invention also aims to provide a security chip comprising the chip security starting method.
The invention also aims to provide a receiver comprising the chip security starting method and the security chip.
The invention provides a chip safe starting method, which comprises the following steps:
s1, executing a bottom layer initialization code of a chip;
s2, acquiring a starting mode of the chip and initializing each peripheral driver;
s3, reading eFuse data of the chip, judging and recording the ID of the chip;
s4, obtaining an authorization code ciphertext from a storage medium of the chip, and decrypting and checking the authorization code ciphertext;
s5, comparing the chip ID obtained from the authorization code with the chip ID obtained in the step S3;
s6, loading a firmware file header from a storage medium of the chip and checking;
s7, loading firmware encrypted data from the chip according to the file header information, carrying out data correctness verification after decryption, and extracting a chip ID corresponding to the firmware;
s8, comparing the chip ID obtained in the step S7 with the chip ID obtained from the authorization code;
s9, configuring a chip Rom according to a safety model of the chip eFuse;
and S10, executing firmware of the chip, and finishing starting.
The chip safe starting method also comprises the following steps: after the firmware is started, the function list is enabled according to the authorization code.
The chip safe starting method also comprises the following steps: and after the firmware is started, judging the time in the authorization code according to the time service function and executing corresponding action.
The step S1 of executing the bottom initialization code of the chip specifically includes executing Cache/TLB initialization, setting the running mode and memory allocation of the CPU, and the like.
Initializing each peripheral driver in step S2 specifically includes initializing a serial port, a Timer, a decryption controller, and a start medium.
Reading chip eFuse data, judging and recording chip ID in step S3 includes the following steps:
A. reading chip eFuse data;
B. determining whether the eFuse data is valid:
if valid, enable secure configuration in the eFuse data;
if the chip is invalid, the safe start fails, and the chip enters an upgrading mode.
The obtaining of the authorization code ciphertext from the storage medium of the chip, the decrypting and the verifying in step S4 specifically includes the following steps:
a. obtaining an authorization code ciphertext from a storage medium and loading the authorization code ciphertext into an internal Ram;
b. decrypting the authorization code using a default RSA publish:
if the decryption is successful, performing subsequent starting steps;
if decryption fails, the secure boot fails, and an upgrade mode of the chip is entered;
c. and (3) carrying out plaintext verification on the decrypted authorization code:
if the verification is successful, performing a subsequent starting step;
and if the verification fails, the safe start fails, and the upgrading mode of the chip is entered.
The upgrading model specifically comprises that a PC terminal downloads an upgrading program to a memory inside a chip through a USB/SPI/I2C/UART and other transmission interfaces, and skips to execute the upgrading program; the upgrading program writes the file transmitted from the PC terminal to the storage medium of the chip; the storage medium comprises NorFlash/NandFlash/SD/MMC/eMMC and the like.
Comparing the chip ID obtained in the authorization code in step S5 with the chip ID obtained in step S3, specifically includes the following steps:
comparing the chip ID obtained in the authorization code with the chip ID obtained in step S3:
if the comparison is consistent, performing the subsequent starting step;
if the comparison is inconsistent, the safe start fails, and the upgrading mode of the chip is entered.
The loading and verifying of the firmware file header from the storage medium of the chip in step S6 specifically includes the following steps:
(1) loading a firmware file header from a storage medium to an internal Ram;
(2) and for the loaded firmware file header, whether CRC check is effective is adopted:
if the verification is passed, carrying out the subsequent starting step;
and if the verification fails, the safe start fails, and the chip enters an upgrading mode.
Step S7, where the firmware encrypted data is loaded from the chip according to the header information, the data correctness is verified after decryption, and the chip ID corresponding to the firmware is extracted, the method specifically includes the following steps:
1) according to the authorization code obtained after the verification in step S4, it is determined whether the firmware data is a plaintext:
if the firmware data is plaintext, performing CRC check directly:
if the CRC passes, performing subsequent starting steps;
if the CRC fails, the safe start fails, and the upgrading mode of the chip is entered;
if the firmware data is a ciphertext, performing the subsequent decryption process of the steps 2) to 6);
2) obtaining a ciphertext of the AES KEY from the firmware file header;
3) obtaining RSA keyindex according to the authorization code;
4) carrying out RSA decryption on the obtained AES KEY;
5) and performing AES decryption on the firmware data area by using the decrypted AES key:
if the decryption is successful, performing CRC check:
if the CRC passes, performing subsequent starting steps;
if the CRC fails, the safe start fails, and the upgrading mode of the chip is entered;
if the decryption fails, the safe start fails, and the upgrading mode of the chip is entered.
6) The chip ID is extracted from the firmware data.
Comparing the chip ID obtained in step S7 with the chip ID obtained in the authorization code in step S8, specifically including the following steps:
comparing the chip ID obtained in the step S7 with the chip ID obtained from the authorization code:
if the comparison is consistent, performing the subsequent starting step;
if the comparison is inconsistent, the safe start fails, and the upgrading mode of the chip is entered.
The invention also discloses a safety chip which is started by adopting the chip safety starting method.
The invention also discloses a receiver which comprises the safety chip, and the safety chip is started by adopting the chip safety starting method.
The chip safe starting method, the safe chip and the receiver thereof ensure the reliability and the safety of the chip starting process by innovating the starting process of the chip, and are suitable for any chip and occasion with strict safety requirements on starting.
Drawings
FIG. 1 is a schematic process flow diagram of the process of the present invention.
Detailed Description
The method is suitable for chips with the following specifications:
CPU is not limited to ARM/MIPS/etc series;
2. the bus is not limited to Axi/Ahb/Apb and the like, bus interconnection related IP and the like;
3. the decryption controllers such as RSA/AES/DES are supported, and the decryption controllers can be selected;
4. if the chip has the starting performance requirement, recommending to support hard decryption, otherwise, realizing a software decryption algorithm by Rom;
the eFuse controller can read and write eFuse peripherals of the chip;
6. the storage medium controller is not limited to QSPI NorFlash/NandFlash/SD/eMMC and the like;
7, a UART controller, which mainly has the function of information printing;
timer controller, the main function is timing function;
the IROM memory chip is used for solidifying codes, and the size of the IROM memory chip is customized according to application requirements;
the IRAM stores execution codes or data and the like, and the size is customized according to application requirements;
the system control modules such as PLL/CLK/Reset/IOMUX and the like are mainly used for clock control/module Reset/pin multiplexing and the like;
12. the programming controller module is not limited to USB otg/USB Device/UART/SD/SPI/I2C and the like;
13. other application specific modules, the function being application dependent; for example, a navigation baseband chip needs to implement logic function units such as RDSS/RNSS;
14. having a security module enabling function;
it can be seen that most of the chips on the market today meet the above requirements, and therefore the method of the present invention has proved to be very useful.
Secondly, the method of the invention is defined as follows:
1. exporting a plurality of pairs of publickeys and privatekeys of RSA by using a hardware encryption tool, wherein the publickeys are stored in a chip ROM, and the privatekeys are stored in a secure server;
such as: RSA 2048 is used, 8 public keys are stored in a chip Rom, and public key7 is set as a default public key;
2. the storage medium has at least two files, an authorization code file and a firmware file: the authorization code file must be a ciphertext, and the firmware file may be a plaintext or a ciphertext (determined by the authorization code);
such as: the format of the authorization code file is shown in table 1, the format of the firmware file is shown in table 2, and the format of the firmware file header is shown in table 3;
TABLE 1 authorization code File Format schematic Table
| Item | Occupying byte size | Definition of | Description of the invention |
| Magic | 4 | 0xacfd0def | Type (B) |
| Version | 4 | Version(s) | |
| ChipID | 4 | Chip ID | |
| SerialNum | 4 | Card serial number | |
| Feature0~5 | 24 | Firmware function definition | |
| Start_Date | 4 | Product registration start date | |
| End_Date | 4 | End date of use of product | |
| Flags | 4 | And (4) safety setting: whether the firmware is encrypted, rsakeyindex, etc | |
| CRC32 | 4 | Data verification |
TABLE 2 firmware File Format schematic Table
Table 3 firmware header format schematic table
The authorization code is encrypted and decrypted by RSA 2048, the encryption is private key7, and the encryption is public key 7;
the Data area in the firmware file can be plaintext or ciphertext, and whether encryption or decryption is determined by Flags in the authorization code;
encrypting and decrypting a Data area of the firmware by using AES 128; AESkey is encrypted by RSA 2048, and the encrypted and decrypted indexes (the range is 0-7) are specified by Flags in the authorization code;
the Aesk ciphertext is stored in a Header of the firmware file;
the data definition in the eFuse has at least two fields of chip ID and safety configuration Flags, and the occupied bit is less than 256;
4. before reading the data of the storage medium, whether the JTAG function needs to be invalidated or not is determined according to the eFuse safety configuration;
5. before the jump firmware is executed, determining whether Bootrom is set to be invisible according to the setting of the eFuse;
such as: setting a register, and informing a chip that the read data of the logical enable Rom address are all 0, wherein the real instruction is invisible;
6. before loading the authorization code, whether the Jtag function is enabled or not is determined according to eFuse setting;
7. failure of decryption of the authorization code or failure of decryption of the firmware can cause failure of startup;
8. the authorization code is decrypted successfully, and if the authorization code is inconsistent with the chip ID in the eFuse, the starting is failed;
9. the firmware file is successfully decrypted, the data is successfully verified, and if the firmware file is inconsistent with the chip ID in the eFuse, the starting is failed;
10. after the firmware is successfully started, the time in the authorization code is verified to be invalid, and the start is failed (optional);
12. after the firmware boot is successful, the function (optional) is enabled according to the authorization code.
The above definitions indicate that:
firstly: the firmware file taken by the user is a cipher text, and the firmware is to be decrypted by firstly taking the public key of RSA; but the keys store Bootrom read-only codes, and the settings cannot be seen, so that the firmware files are ensured to be safe;
then, the chip can write different chip IDs according to the categories; thus, the chip ID in the firmware and the information stored by the eFuse are matched, and the firmware can be executed; the firmware cannot be copied for other purposes maliciously;
finally, even if the firmware fails to be started, the Jtag is in an invalid state; the user cannot read Rom information including Public key and the like in the debug state.
FIG. 1 is a schematic flow chart of the method of the present invention: the invention provides a chip safe starting method, which comprises the following steps:
s1, executing a bottom layer initialization code of a chip; the method specifically comprises the steps of initializing a Cache/TLB, setting a running mode of a CPU, allocating memory and the like; then jumping to a Main function;
s2, acquiring a starting mode of the chip and initializing each peripheral driver; the method specifically comprises the steps of initializing a serial port, a Timer, a decryption controller, a starting medium (QSPI/Nand/SD/eMMC and the like) and the like;
s3, reading eFuse data of the chip, judging and recording the ID of the chip; the method specifically comprises the following steps:
A. reading chip eFuse data;
B. determining whether the eFuse data is valid:
if valid, enable secure configuration in the eFuse data; for example, disabling Jtag functionality, etc.;
if the chip is invalid, the safe start fails, and an upgrading mode of the chip is entered;
s4, obtaining an authorization code ciphertext from a storage medium of the chip, and decrypting and checking the authorization code ciphertext; the method specifically comprises the following steps:
a. obtaining an authorization code ciphertext from a storage medium (generally from a storage medium fixed address 0), and loading the authorization code ciphertext into an internal Ram;
b. decrypting the authorization code using a default RSA publish:
if the decryption is successful, performing subsequent starting steps;
if decryption fails, the secure boot fails, and an upgrade mode of the chip is entered;
c. and (3) carrying out plaintext verification on the decrypted authorization code:
if the verification is successful, performing a subsequent starting step;
if the verification fails, the safe start fails, and the chip enters an upgrading mode;
the upgrading model specifically comprises that the PC terminal downloads an upgrading program to the internal memory of the chip through a USB/SPI/I2C/UART and other transmission interfaces, and skips to execute the upgrading program; the upgrading program writes the file transmitted from the PC end to the storage medium of the chip; the storage medium comprises NorFlash/NandFlash/SD/MMC/eMMC and the like;
s5, comparing the chip ID obtained from the authorization code with the chip ID obtained in the step S3; the method specifically comprises the following steps:
comparing the chip ID obtained in the authorization code with the chip ID obtained in step S3:
if the comparison is consistent, performing the subsequent starting step;
if the comparison is inconsistent, the safe start fails, and the upgrading mode of the chip is entered;
s6, loading a firmware file header from a storage medium of the chip and checking; the method specifically comprises the following steps:
(1) loading a firmware file header from a storage medium (generally from a storage medium fixed address 1) to an internal Ram;
(2) and for the loaded firmware file header, whether CRC check is effective is adopted:
if the verification is passed, carrying out the subsequent starting step;
if the verification fails, the safe start fails, and the upgrading mode of the chip is entered
S7, loading firmware encrypted data from the chip according to the file header information, carrying out data correctness verification after decryption, and extracting a chip ID corresponding to the firmware; the method specifically comprises the following steps:
1) according to the authorization code obtained after the verification in step S4, it is determined whether the firmware file header is a plaintext:
if the firmware file header is plaintext, directly performing CRC check:
if the CRC passes, performing subsequent starting steps;
if the CRC fails, the safe start fails, and the upgrading mode of the chip is entered;
if the firmware file header is a cipher text, carrying out the subsequent decryption process of the steps 2) to 6);
2) obtaining a ciphertext of the AESKEY from the firmware file header;
3) obtaining RSA keyindex according to the authorization code;
4) carrying out RSA decryption on the obtained AES KEY;
5) and performing AES decryption on the firmware data area by using the decrypted AES key:
if the decryption is successful, performing CRC check:
if the CRC passes, performing subsequent starting steps;
if the CRC fails, the safe start fails, and the upgrading mode of the chip is entered;
if the decryption fails, the secure boot fails, and an upgrade mode of the chip is entered;
6) extracting chip ID from firmware data
S8, comparing the chip ID obtained in the step S7 with the chip ID obtained from the authorization code; the method specifically comprises the following steps:
comparing the chip ID obtained in the step S7 with the chip ID obtained from the authorization code:
if the comparison is consistent, performing the subsequent starting step;
if the comparison is inconsistent, the safe start fails, and the upgrading mode of the chip is entered;
s9, configuring a chip Rom according to a safety model of the chip eFuse;
s10, executing firmware of the chip, and finishing starting;
s11, enabling the function list according to the authorization code after the firmware is started;
and S12, after the firmware is started, judging the time in the authorization code according to the time service function and executing a corresponding action.
Claims (8)
1. A chip safe starting method comprises the following steps:
s1, executing the bottom layer initialization code of the chip;
s2, acquiring the starting mode of the chip and initializing each peripheral driver;
s3, reading eFuse data of the chip, judging and recording ID of the chip;
s4, obtaining the authorization code ciphertext from the storage medium of the chip, and decrypting and checking; the method specifically comprises the following steps:
a. obtaining an authorization code ciphertext from a storage medium and loading the authorization code ciphertext into an internal Ram;
b. decrypting the authorization code using a default RSA publish key:
if the decryption is successful, performing subsequent starting steps;
if the decryption fails, the secure boot fails, and an upgrade mode of the chip is entered;
c. and (3) carrying out plaintext verification on the decrypted authorization code:
if the verification is successful, performing a subsequent starting step;
if the verification fails, the safe starting fails, and the upgrading mode of the chip is entered;
s5, comparing the chip ID obtained from the authorization code with the chip ID obtained from the step S3;
s6, loading the firmware file header from the storage medium of the chip and checking;
s7, loading the firmware encrypted data from the chip according to the file header information, carrying out data correctness verification after decryption, and extracting the chip ID corresponding to the firmware; the method specifically comprises the following steps:
1) according to the authorization code obtained after the verification in step S4, it is determined whether the firmware data is a plaintext:
if the firmware data is a plaintext, performing CRC directly:
if the CRC passes, performing subsequent starting steps;
if the CRC fails, the safe start fails, and the upgrading mode of the chip is entered;
if the firmware data is a ciphertext, performing the subsequent decryption process of the step 2) to the step 6);
2) obtaining a ciphertext of the AESKEY from the firmware file header;
3) obtaining RSA keyindex according to the authorization code;
4) carrying out RSA decryption on the obtained AES KEY;
5) and performing AES decryption on the firmware data area by using the decrypted AES key:
if the decryption is successful, performing CRC check:
if the CRC passes, performing subsequent starting steps;
if the CRC fails, the safe starting fails, and an upgrading mode of the chip is entered;
if the decryption fails, the secure boot fails, and an upgrade mode of the chip is entered;
6) extracting a chip ID from the firmware data;
s8, comparing the chip ID obtained in the step S7 with the chip ID obtained in the authorization code;
s9, configuring the Rom of the chip according to the safety model of the eFuse of the chip;
and S10, executing the firmware of the chip and completing the starting.
2. The secure chip starting method according to claim 1, wherein the step S3 of reading chip eFuse data, determining and recording chip ID specifically includes the following steps:
A. reading chip eFuse data;
B. determining whether the eFuse data is valid:
if valid, enable secure configuration in the eFuse data;
if the chip is invalid, the safe start fails, and the chip enters an upgrading mode.
3. The chip secure booting method according to claim 2, characterized in that the upgrade mode specifically includes that the PC terminal downloads an upgrade program to a chip internal memory through a transmission interface, and skips to execute the upgrade program; the upgrading program writes the subsequent file transmitted from the PC end to the storage medium of the chip; the transmission interface comprises USB, SPI, I2C and UART; the storage medium comprises NorFlash, NandFlash, SD, MMC and eMMC.
4. The chip secure boot method according to claim 3, wherein the comparing the chip ID obtained in the authorization code in step S5 with the chip ID obtained in step S3 specifically includes the following steps:
comparing the chip ID obtained in the authorization code with the chip ID obtained in step S3:
if the comparison is consistent, performing subsequent starting steps;
if the comparison is inconsistent, the safe start fails, and the upgrading mode of the chip is entered.
5. The secure chip starting method according to claim 4, wherein the step S6 of loading and verifying the firmware file header from the storage medium of the chip specifically includes the following steps:
(1) loading a firmware file header from a storage medium to an internal Ram;
(2) and for the loaded firmware file header, whether CRC check is effective is adopted:
if the verification is passed, carrying out the subsequent starting step;
and if the verification fails, the safe start fails, and the upgrading mode of the chip is entered.
6. The chip secure boot method according to claim 5, wherein the step S8 of comparing the chip ID obtained in the step S7 with the chip ID obtained in the authorization code includes the following steps:
comparing the chip ID obtained in the step S7 with the chip ID obtained from the authorization code:
if the comparison is consistent, performing subsequent starting steps;
if the comparison is inconsistent, the safe start fails, and the upgrading mode of the chip is entered.
7. A security chip, characterized in that the chip security starting method of any one of claims 1 to 6 is used for starting.
8. A receiver, characterized in that it comprises a secure chip as claimed in claim 7, and the secure chip is activated by using the secure chip activation method as claimed in any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110584436.XA CN113343245B (en) | 2021-05-27 | 2021-05-27 | Chip secure starting method, secure chip and receiver thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110584436.XA CN113343245B (en) | 2021-05-27 | 2021-05-27 | Chip secure starting method, secure chip and receiver thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113343245A CN113343245A (en) | 2021-09-03 |
| CN113343245B true CN113343245B (en) | 2022-09-30 |
Family
ID=77471779
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110584436.XA Active CN113343245B (en) | 2021-05-27 | 2021-05-27 | Chip secure starting method, secure chip and receiver thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113343245B (en) |
Family Cites Families (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102622249B (en) * | 2012-03-05 | 2015-12-02 | 山东华芯半导体有限公司 | A kind of safe starting method preventing CPU self-locking |
| CN104123505A (en) * | 2014-07-24 | 2014-10-29 | 丹阳市广播电视台 | Android intelligent device anti-getroot system and calibration method thereof |
| KR101795457B1 (en) * | 2016-09-27 | 2017-11-10 | 시큐리티플랫폼 주식회사 | Method of initializing device and method of updating firmware of device having enhanced security function |
| CN107277591B (en) * | 2017-06-16 | 2020-04-21 | 深圳市亿联智能有限公司 | Method for encrypting fusion type set top box in OTG mode |
| CN109492370B (en) * | 2017-09-11 | 2022-06-28 | 华为技术有限公司 | Terminal starting method, terminal and signature device |
| CN108229132A (en) * | 2017-12-27 | 2018-06-29 | 北京和利时系统工程有限公司 | A kind of safe starting method and device, terminal |
| CN109150834A (en) * | 2018-07-20 | 2019-01-04 | 武汉虹信通信技术有限责任公司 | A kind of embedded device license authorization management method |
| US10997297B1 (en) * | 2019-12-06 | 2021-05-04 | Western Digital Technologies, Inc. | Validating firmware for data storage devices |
| CN111611602B (en) * | 2020-05-07 | 2023-01-24 | 山东华芯半导体有限公司 | Safe and controllable mass production method based on state secret chip |
| CN112231709B (en) * | 2020-10-15 | 2022-12-16 | 中国电子科技集团公司第三十八研究所 | System safety design method with remote upgrading function |
-
2021
- 2021-05-27 CN CN202110584436.XA patent/CN113343245B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN113343245A (en) | 2021-09-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9047486B2 (en) | Method for virtualizing a personal working environment and device for the same | |
| CN104794393B (en) | A kind of embedded partitions image safety certification and kernel trusted bootstrap method and its equipment | |
| US7447895B2 (en) | BIOS locking device, computer system with a BIOS locking device and control method thereof | |
| EP1870814B1 (en) | Method and apparatus for secure demand paging for processor devices | |
| US20030018892A1 (en) | Computer with a modified north bridge, security engine and smart card having a secure boot capability and method for secure booting a computer | |
| US20050141717A1 (en) | Apparatus, system, and method for sealing a data repository to a trusted computing platform | |
| US20100169631A1 (en) | Authentication for resume boot path | |
| US20130227262A1 (en) | Authentication device and authentication method | |
| CN107832589B (en) | Software copyright protection method and system | |
| US20160026799A1 (en) | Security device having indirect access to external non-volatile memory | |
| CN102254119B (en) | Safe mobile data storage method based on fingerprint U disk and virtual machine | |
| WO2002093335A2 (en) | External locking mechanism for personal computer memory locations | |
| US20100115202A1 (en) | Methods and systems for microcode patching | |
| CN103366103B (en) | The application program encryption protecting method of card reader | |
| US8751817B2 (en) | Data processing apparatus and validity verification method | |
| CN101334827A (en) | Magnetic disc encryption method and magnetic disc encryption system for implementing the method | |
| CN112181513B (en) | Trusted measurement method based on control host system guidance of hardware board card | |
| CN112560120B (en) | Secure memory bank and method for starting secure memory bank | |
| CN106657551A (en) | Method and system for preventing mobile terminal from being unlocked | |
| CN113343245B (en) | Chip secure starting method, secure chip and receiver thereof | |
| CN202217282U (en) | Safety data memory system based on finger print universal serial bus (USB) flash disk and virtual machine | |
| JP2003022216A (en) | Storage device | |
| CN106156632A (en) | Safety device and within it provide security service to the method for main frame, safety equipment | |
| US9047457B2 (en) | Portable electronic entity, host station and associated method | |
| CN113515414B (en) | Data processing system and non-transitory machine readable medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |