CN114189337A - Firmware burning method, device, equipment and storage medium - Google Patents

Firmware burning method, device, equipment and storage medium Download PDF

Info

Publication number
CN114189337A
CN114189337A CN202111370600.3A CN202111370600A CN114189337A CN 114189337 A CN114189337 A CN 114189337A CN 202111370600 A CN202111370600 A CN 202111370600A CN 114189337 A CN114189337 A CN 114189337A
Authority
CN
China
Prior art keywords
firmware
preset
solid state
state disk
burned
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111370600.3A
Other languages
Chinese (zh)
Inventor
崔佳宁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Yunhai Guochuang Cloud Computing Equipment Industry Innovation Center Co Ltd
Original Assignee
Shandong Yunhai Guochuang Cloud Computing Equipment Industry Innovation Center Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Yunhai Guochuang Cloud Computing Equipment Industry Innovation Center Co Ltd filed Critical Shandong Yunhai Guochuang Cloud Computing Equipment Industry Innovation Center Co Ltd
Priority to CN202111370600.3A priority Critical patent/CN114189337A/en
Publication of CN114189337A publication Critical patent/CN114189337A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/61Installation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords

Abstract

The application discloses a firmware burning method, a device, a medium and a storage medium, comprising the following steps: generating a firmware to be burned and generating a current encryption key through a preset dynamic key generation algorithm; encrypting the firmware to be burned by using a current encryption key to obtain a firmware ciphertext; performing digest processing on firmware to be burned by using a preset message digest algorithm to obtain first digest information, and encrypting the first digest information to generate a firmware signature value; and sending the firmware ciphertext and the firmware signature value to the solid state disk so that the solid state disk can perform corresponding firmware burning operation based on the firmware ciphertext and the firmware signature value. The real-time generation of the encryption key in the application can ensure a playback-preventing mechanism, further encrypt the firmware to obtain a firmware ciphertext, prevent the firmware to be burned from being stolen, and simultaneously sign the firmware to obtain a firmware signature value, so that the firmware to be burned has non-repudiation and non-tampering property, and the burning safety of the firmware to be burned is ensured.

Description

Firmware burning method, device, equipment and storage medium
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a firmware burning method, apparatus, device, and storage medium.
Background
Currently, with the development of technologies such as internet and cloud computing, SSD (Solid State Disk) is widely used in many products as a new generation of storage device, wherein a main control, a flash memory chip and firmware are three key factors affecting the performance of the SSD. With the wide application of SSDs, the SSD is often upgraded by an OTA (Over-the-Air) technique, so as to repair product defects and enrich product functions of a product using a new generation of SSD storage device, but the existing OTA technique does not set related security measures in the manufacturing process and the transmission process of firmware, so that the firmware may be stolen and tampered, and a security problem of operating a plurality of SSDs that do not need to be upgraded after the firmware is stolen may occur.
Disclosure of Invention
In view of the above, the present invention provides a firmware burning method, apparatus, device and storage medium, which can prevent the firmware to be burned from being stolen and tampered, thereby ensuring the anti-replay mechanism and the safety of burning the firmware to be burned to the solid state disk. The specific scheme is as follows:
in a first aspect, the present application discloses a firmware burning method applied to a host, including:
generating a firmware to be burned and generating a current encryption key through a preset dynamic key generation algorithm;
encrypting the firmware to be burned by using the current encryption key to obtain a firmware ciphertext;
performing digest processing on the firmware to be burned by using a preset message digest algorithm to obtain first digest information, and encrypting the first digest information to generate a firmware signature value;
and abstracting the firmware to be burned by using a preset message abstraction algorithm to obtain first abstract information, and encrypting the first abstract information to generate a firmware signature value.
And sending the firmware ciphertext and the firmware signature value to the solid state disk so that the solid state disk can carry out corresponding firmware burning operation based on the firmware ciphertext and the firmware signature value.
Optionally, the generating a current encryption key through a preset dynamic key generation algorithm includes:
generating a current first random number in real time, sending the first random number to a solid state disk so as to enable the solid state disk to generate a second random number in real time after receiving the first random number, and operating the first random number, the second random number and first authorization data preset in the solid state disk by using a preset dynamic key generation algorithm to obtain a current decryption key;
and receiving the second random number sent by the solid state disk, and operating the first random number, the second random number and second authorization data preset in the host and identical to the first authorization data by using the preset dynamic key generation algorithm to generate the encryption key corresponding to the current decryption key.
Optionally, the firmware burning method further includes:
generating corresponding target authorization data for the solid state disk by using a preset authorization data generating tool, and sending the target authorization data to a first preset storage area in the solid state disk for storage to obtain the first authorization data in the solid state disk;
and storing the target authorization data to a second preset storage area of the host to obtain the second authorization data in the host.
Optionally, the operating the first random number, the second random number, and second authorization data preset in the host and identical to the first authorization data by using the preset dynamic key generation algorithm to generate the encryption key corresponding to the current decryption key includes:
processing the first random number, the second random number and second authorization data preset in the host and identical to the first authorization data by using a first preset hash algorithm to generate first secret data;
and calculating the first secret data by using a preset key derivation function based on a preset key length to generate the encryption key corresponding to the current decryption key.
Optionally, the sending the firmware ciphertext and the firmware signature value to the solid state disk so that the solid state disk performs a corresponding firmware burning operation based on the firmware ciphertext and the firmware signature value includes:
sending the firmware ciphertext and the firmware signature value to the solid state disk, so that the solid state disk checks the firmware signature value, burns a firmware plaintext obtained by decrypting the firmware ciphertext by using the decryption key after the check passes to the local, and deletes the decryption key currently stored in the solid state disk after the check is finished;
optionally, the firmware burning method further includes:
and acquiring a signature verification ending notice sent by the solid state disk, and then deleting the encryption key currently stored in the host.
Optionally, the digest processing is performed on the firmware to be burned by using a preset message digest algorithm to obtain first digest information, and the first digest information is encrypted to generate a firmware signature value, where the method includes:
performing abstract processing on the firmware to be burned by utilizing a second preset hash algorithm to obtain first abstract information;
encrypting the first digest information using a vendor private key to generate a firmware signature value; the manufacturer private key is a preset private key corresponding to a preset public key used for decrypting the firmware signature value in the solid state disk.
In a second aspect, the present application discloses a firmware burning method applied to a solid state disk, including:
receiving a firmware ciphertext and a firmware signature value which are generated and sent by a host; the firmware ciphertext is a file obtained by encrypting the firmware to be burned by the host by using an encryption key generated by a preset dynamic key generation algorithm, and the firmware signature value is a numerical value obtained by encrypting first digest information obtained by the host by using a preset message digest algorithm and performing digest processing on the firmware to be burned;
decrypting the firmware signature value to restore to obtain the first summary information;
decrypting the firmware ciphertext by using a decryption key corresponding to the encryption key generated by the preset dynamic key generation algorithm, and performing digest processing on a firmware plaintext obtained after decryption by using the preset message digest algorithm to obtain second digest information;
and judging whether the first abstract information is consistent with the second abstract information, and if so, burning the firmware plaintext into a local preset storage area.
In a third aspect, the present application discloses an apparatus for implementing firmware burning, which is applied to a host, and includes:
the firmware generating module is used for generating firmware to be burned;
the key generation module is used for generating a current encryption key through a preset dynamic key generation algorithm;
the firmware encryption module is used for encrypting the firmware to be burned by using the current encryption key to obtain a firmware ciphertext;
the firmware signature module is used for carrying out digest processing on the firmware to be burned by using a preset message digest algorithm to obtain first digest information and encrypting the first digest information to generate a firmware signature value;
and the file sending module is used for sending the firmware ciphertext and the firmware signature value to the solid state disk so that the solid state disk can carry out corresponding firmware burning operation based on the firmware ciphertext and the firmware signature value.
In a fourth aspect, the present application discloses an electronic device, comprising:
a memory for storing a computer program;
and the processor is used for executing the computer program to realize the steps of the firmware burning method disclosed by the foregoing.
In a fifth aspect, the present application discloses a computer readable storage medium for storing a computer program; wherein, the computer program realizes the steps of the firmware burning method disclosed in the foregoing when being executed by a processor.
Therefore, the present application provides a firmware burning method applied to a host, including: generating a firmware to be burned and generating a current encryption key through a preset dynamic key generation algorithm; encrypting the firmware to be burned by using the current encryption key to obtain a firmware ciphertext; performing digest processing on the firmware to be burned by using a preset message digest algorithm to obtain first digest information, and encrypting the first digest information to generate a firmware signature value; and sending the firmware ciphertext and the firmware signature value to the solid state disk so that the solid state disk can carry out corresponding firmware burning operation based on the firmware ciphertext and the firmware signature value. Therefore, the current encryption key is generated through the preset dynamic key generation algorithm, the firmware to be burned can be guaranteed not to be reused after being stolen, a playback prevention mechanism is guaranteed, the firmware to be burned can not be burned to other solid state disks, the encryption key is used for encrypting the firmware to be burned to obtain a firmware ciphertext, the firmware to be burned can be prevented from being stolen, meanwhile, the firmware to be burned is signed to obtain a firmware signature value, the firmware to be burned has non-repudiation and non-tampering, and accordingly the burning safety of the firmware to be burned is guaranteed.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a flowchart illustrating a firmware burning method disclosed in the present application;
FIG. 2 is a schematic diagram illustrating interaction between a host and a solid state disk disclosed in the present application;
FIG. 3 is a flowchart illustrating a specific firmware burning method disclosed herein;
FIG. 4 is a flowchart of another firmware burning method disclosed in the present application;
FIG. 5 is a schematic diagram of a firmware burning apparatus according to the present disclosure;
fig. 6 is a block diagram of an electronic device disclosed in the present application.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Currently, with the wide application of SSDs, an OTA technology is often used to upgrade an SSD, so as to repair defects of a product using a new generation of SSD storage device or enrich product functions, but no related security measures are set in the manufacturing process and the transmission process of a firmware by using the OTA technology, which may cause problems of theft and tampering of the firmware in the transmission process, and since the firmware is one of key factors affecting the performance of the SSD, the SSD upgrading may be failed when the firmware is stolen and tampered, and further, security problems may occur in which the firmware is burned into a plurality of SSDs that do not need to be upgraded after being stolen. Accordingly, the application correspondingly provides a method for realizing the secure burning of the firmware, which can solve the security problem that the firmware is possibly stolen and tampered in the manufacturing and transmission processes, thereby ensuring the security of burning the firmware to the SSD and ensuring that the firmware is not reused after being stolen.
The embodiment of the invention discloses a firmware burning method which is applied to a host and comprises the following steps:
step S11: and generating a firmware to be burned and generating a current encryption key through a preset dynamic key generation algorithm.
In this embodiment, a manufacturer generates a firmware to be burned through a third-party software tool on a local host, and then generates a current encryption key through a preset dynamic key generation algorithm by using a key generation factor. It will be appreciated that the key generation factor used for each generation of the encryption key is different.
In this embodiment, a current encryption key is generated through a preset dynamic key generation algorithm, specifically, a host generates a current first random number in real time and sends the first random number to a solid state disk, so that the solid state disk generates a second random number in real time after receiving the first random number, and the first random number, the second random number and first authorization data preset in the solid state disk are operated through the preset dynamic key generation algorithm to obtain a current decryption key; and the host receives the second random number sent by the solid state disk, and utilizes the preset dynamic key generation algorithm to operate the first random number, the second random number and second authorization data preset in the host and identical to the first authorization data so as to generate the encryption key corresponding to the current decryption key.
It should be noted that the first random number is a current random number generated by the host through a preset first random number generation function, and similarly, the second random number is also a random number generated by the solid state disk in real time through a preset second random number generation function, where the preset first random number generation function and the preset second random number generation function may be the same or different.
It can be understood that, the host sends the first random number to the solid state disk, and after the solid state disk generates the current decryption key, the solid state disk sends the generated current second random number to the host, so that the host can generate the current encryption key. Wherein the encryption key is the same as the decryption key. That is, the preset dynamic key generation algorithm is used to perform an operation on the first random number, the second random number, and second authorization data preset in the host and identical to the first authorization data, so as to generate the encryption key corresponding to the current decryption key, which may specifically include: processing the first random number, the second random number and second authorization data preset in the host and identical to the first authorization data by using a first preset hash algorithm to generate first secret data; and then, based on the length of a preset key, operating the first secret data by using a preset key derivation function to generate the encryption key corresponding to the current decryption key. Similarly, the operating the first random number, the second random number, and first authorization data preset in the solid state disk by using a preset dynamic key generation algorithm to obtain the current decryption key may specifically include: processing the first random number, the second random number and first authorization data preset in the solid state disk by using a first preset Hash algorithm to generate second secret data; and then, based on the length of the preset key, operating the second secret data by using a preset key derivation function to generate the current decryption key.
The method includes that a host generates corresponding target authorization data for a solid state disk by using a preset authorization data generation tool, and sends the target authorization data to a first preset storage area in the solid state disk for storage, so as to obtain the first authorization data in the solid state disk; and then, storing the target authorization data to a second preset storage area of the host to obtain the second authorization data located in the host. The first authorization data and the second authorization data are the same, and the target authorization data is only known by a manufacturer who produces the solid state disk and uses the host, the first preset storage area may refer to a specific area of a nonvolatile memory inside the solid state disk, and the second preset storage area may refer to a specific area of a nonvolatile memory inside the host. Since the first random number and the second random number may be stolen during the transmission process, the first authorization data and the second authorization data are added during the generation process of the decryption key and the encryption key, respectively, so as to ensure the security of the encryption key and the decryption key. In addition, in the generation process of the encryption key and the decryption key, different random numbers are used each time, so that the firmware cannot be reused after being stolen, the firmware to be burned cannot be burned to other solid state disks, the solid state disks cannot repeatedly burn old firmware in the burning process, and the safety of firmware burning is effectively guaranteed.
For example, a host generates a host random number, the host is remotely sent to an SSD (solid state disk) via a network, the solid state disk generates an SSDNonce (hard disk random number) after receiving the host random number sent by the host, and then the host processes the host random number, the hard disk random number, and an AuthDate (first authorization data) preset in the solid state disk by using a preset HMAC (Hash-based Message Authentication Code) algorithm to generate a ShareSecret (second secret data), where:
ShareSecret=HMAC(AuthDate,HostNonce||SSDNonce);
the symbol "|" represents that the host random number and the solid state disk random number are connected together.
After the second secret data is generated, the second secret data is further operated by using a preset KDF (Key derivation function) based on a preset Key length to generate a current SessionKey (decryption Key), in the following manner:
SessionKey=KDF(ShareSecret)。
and finally, the solid state disk remotely returns the hard disk random number to the host computer through a network, and the host computer generates an encryption key corresponding to the decryption key in the same way and the same algorithm.
Step S12: and encrypting the firmware to be burned by using the current encryption key to obtain a firmware ciphertext.
In this embodiment, after the current encryption key is generated by the preset dynamic key generation algorithm, the current encryption key is used to encrypt the firmware to be burned so as to obtain a firmware ciphertext. It can be understood that the encryption key is used for carrying out encryption protection on the firmware to be burned, so that the firmware is effectively prevented from being stolen, the encryption and decryption operation is faster by using the symmetric key pair than by using the asymmetric key pair, and the timely processing of the solid state disk can be ensured.
Step S13: and abstracting the firmware to be burned by using a preset message abstraction algorithm to obtain first abstract information, and encrypting the first abstract information to generate a firmware signature value.
In this embodiment, in order to sign the firmware to be burned to obtain a firmware signature value, first, the firmware to be burned needs to be abstracted, that is, the host performs abstraction processing on the firmware to be burned by using a preset message abstraction algorithm to obtain first abstract information. It can be understood that the preset message digest algorithm may be a second preset hash algorithm, that is, the second preset hash algorithm is used to digest the firmware to be burned to obtain the first digest information.
It should be noted that the preset Message Digest Algorithm includes, but is not limited to, MD5(Message-Digest Algorithm), SHA (Secure Hash Algorithm), MAC (Hash Authentication Code) Algorithm, and the like.
In this embodiment, after the first digest information is obtained, when the first digest information is encrypted, a private key provided by a manufacturer needs to be used for encryption, that is, the manufacturer private key is used for encrypting the first digest information to generate a firmware signature value; the manufacturer private key is a preset private key corresponding to a manufacturer public key which is stored in a specific area of a nonvolatile memory inside the solid state disk and used for decrypting the firmware signature value.
Step S14: and sending the firmware ciphertext and the firmware signature value to the solid state disk so that the solid state disk can carry out corresponding firmware burning operation based on the firmware ciphertext and the firmware signature value.
In this embodiment, after the firmware ciphertext is obtained by encrypting the firmware to be burned and the firmware signature value is obtained by signing the firmware to be burned, the host sends the firmware ciphertext and the firmware signature value to the solid state disk, so that the solid state disk performs corresponding firmware burning operation based on the firmware ciphertext and the firmware signature value.
In the firmware burning scheme of the application, the interaction between the host and the solid state disk can be specifically shown in fig. 2, when the host and the SSD of the remote server perform network transmission, the host generates a current first random number in real time, and sends the first random number to the SSD through the network remote, and then the SSD generates a current second random number in real time, and obtains a decryption key using the first random number and the second random number, the SSD transmits the second random number to the host through the network remote, and then the host obtains an encryption key using the first random number and the second random number, and further performs hash operation on the firmware to be burned to obtain a message digest, the host encrypts the message digest using a vendor private key to obtain a firmware signature value, and encrypts the firmware to be burned using the encryption key to obtain a firmware ciphertext, and then, the host sends the firmware ciphertext and the firmware signature value to the SSD, and after the SSD receives the firmware ciphertext and the firmware signature value, the SSD decrypts the firmware ciphertext to obtain a firmware plaintext and verifies the firmware signature value.
Therefore, in the embodiment of the application, the current encryption key is generated through the preset dynamic key generation algorithm, so that the firmware to be burned can be guaranteed not to be reused after being stolen, that is, a playback prevention mechanism is guaranteed, the firmware to be burned can not be burned repeatedly, and the firmware to be burned can not be burned to other solid state disks, the encryption key is used for encrypting the firmware to be burned to obtain a firmware ciphertext, the firmware to be burned can be prevented from being stolen, meanwhile, the firmware to be burned is signed to obtain a firmware signature value, the firmware to be burned has non-repudiation and non-tamper property, and accordingly the burning safety of the firmware to be burned is guaranteed.
Referring to fig. 3, the embodiment of the invention discloses a specific firmware burning method, and compared with the previous embodiment, the embodiment further describes and optimizes the technical solution.
Step S21: and generating a firmware to be burned and generating a current encryption key through a preset dynamic key generation algorithm.
Step S22: and encrypting the firmware to be burned by using the current encryption key to obtain a firmware ciphertext.
Step S23: and abstracting the firmware to be burned by using a preset message abstraction algorithm to obtain first abstract information, and encrypting the first abstract information to generate a firmware signature value.
Step S24: and abstracting the firmware to be burned by using a preset message abstraction algorithm to obtain first abstract information, and encrypting the first abstract information to generate a firmware signature value.
For the details of the above steps S21 to S24, reference may be made to the corresponding contents disclosed in the foregoing embodiments, and details are not repeated here.
Step S25: and sending the firmware ciphertext and the firmware signature value to the solid state disk, so that the solid state disk checks the firmware signature value, burns a firmware plaintext obtained by decrypting the firmware ciphertext by using the decryption key to the local after the check passes, and deletes the decryption key currently stored in the solid state disk after the check is finished.
In this embodiment, the firmware ciphertext and the firmware signature value are sent to the solid state disk, so that the solid state disk checks the firmware signature value, records the firmware plaintext obtained by decrypting the firmware ciphertext by using the decryption key to the local after the check passes, and records the firmware plaintext to the local after the check is finished. It can be understood that the firmware plaintext obtained after decryption is burned to the local only if the verification passes. However, whether the signature verification result passes or not, the decryption key currently stored in the solid state disk needs to be deleted.
Step S26: and acquiring a signature verification ending notice sent by the solid state disk, and then deleting the encryption key currently stored in the host.
In this embodiment, after the end of the signature verification of the solid state disk, a signature verification end notification needs to be sent to the host, and the host obtains the signature verification end notification sent by the solid state disk, and then deletes the encryption key currently stored in the host. It can be understood that the decryption key and the encryption key can be used only once, a new symmetric key pair needs to be generated by renegotiation when the next firmware burning is performed, and a new random number is generated again when the symmetric key pair is generated each time, so that the symmetric key pair generated each time is different, and the firmware is prevented from being stolen and then other burning operations are performed.
Therefore, in the embodiment of the application, after the solid state disk verifies and receives the firmware signature value, the host and the solid state disk both need to delete the decryption key and the encryption key, and then regenerate a new decryption key and a new encryption key next time, so that it can be ensured that the firmware to be burned is stolen and cannot be reused, that is, a playback-prevention mechanism is ensured, so that the firmware to be burned cannot be burned repeatedly and cannot be burned to other solid state disks. In this embodiment, the current encryption key is generated by a preset dynamic key generation algorithm, and the firmware ciphertexts are obtained by encrypting the firmware to be burned respectively, so that the firmware to be burned can be prevented from being stolen. The encryption key is generated in real time, and meanwhile, the firmware to be burned is signed to obtain a firmware signature value, so that the firmware to be burned has non-repudiation and non-tamper property, and the burning safety of the firmware to be burned is guaranteed.
The embodiment of the invention discloses a firmware burning method, which is applied to a solid state disk and is shown in figure 4, and the method comprises the following steps:
step S31: receiving a firmware ciphertext and a firmware signature value which are generated and sent by a host; the firmware ciphertext is a file obtained by encrypting the firmware to be burned by the host by using an encryption key generated by a preset dynamic key generation algorithm, and the firmware signature value is a numerical value obtained by encrypting first abstract information obtained by performing abstract processing on the firmware to be burned by the host by using a preset message abstract algorithm and performing abstract processing on the abstract information.
In this embodiment, the host encrypts the firmware to be burned by using the encryption key generated by the preset dynamic key generation algorithm to obtain a firmware ciphertext, then performs digest processing on the firmware to be burned by using the preset message digest algorithm, encrypts the first digest information obtained after the digest processing by using the manufacturer private key to obtain a firmware signature value, and then sends the firmware ciphertext and the firmware signature value to the solid state disk, which further receives the firmware ciphertext and the firmware signature value.
Step S32: and decrypting the firmware signature value to restore to obtain the first summary information.
In this embodiment, after receiving the firmware signature value, the manufacturer public key is used to decrypt the firmware signature value to recover the first digest information. It can be understood that the manufacturer public key is a secret key corresponding to the manufacturer private key, and the manufacturer public key is stored in the first preset storage area of the nonvolatile memory inside the solid state disk, that is, the manufacturer public key and the first authorization data are stored in the same location. It should be noted that the first authorization data is authorization data obtained by the host sending target authorization data generated for the solid state disk by using a preset authorization data generation tool to a first preset storage area in the solid state disk for storage, and the target authorization data is located in the solid state disk.
Step S33: and decrypting the firmware ciphertext by using a decryption key corresponding to the encryption key generated by the preset dynamic key generation algorithm, and performing digest processing on a firmware plaintext obtained after decryption by using the preset message digest algorithm to obtain second digest information.
In this embodiment, when the solid state disk generates the decryption key, an algorithm used by the solid state disk is consistent with an algorithm used by the host to generate the encryption key, that is, the solid state disk uses the decryption key corresponding to the encryption key generated by the preset dynamic key generation algorithm. Specifically, a first preset hash algorithm is used for processing the first random number, the second random number and first authorization data preset in the solid state disk, so as to generate second secret data; and then, based on the length of the preset key, operating the second secret data by using a preset key derivation function to generate the current decryption key. And then, decrypting the received firmware ciphertext by using the generated decryption key, and further performing digest processing on the decrypted firmware plaintext by using the preset message digest algorithm to obtain second digest information. It should be noted that, since the firmware ciphertext may be stolen and tampered during transmission, the firmware plaintext is not necessarily the firmware to be burned, and the firmware plaintext needs to be abstracted and checked to determine whether the firmware plaintext is the firmware to be burned. And the algorithm adopted by the second summary information obtained by the solid state disk and the algorithm adopted by the first summary information obtained by the host computer performing summary processing on the firmware to be burned are the same algorithm, namely the two algorithms are both the message summary algorithm. Specifically, the decrypted firmware plaintext is subjected to digest processing by using the second preset hash algorithm to obtain second digest information.
Step S34: and judging whether the first abstract information is consistent with the second abstract information, and if so, burning the firmware plaintext into a local preset storage area.
In this embodiment, after the first summary information is determined to be consistent with the second summary information, the firmware plaintext is burned into a local preset storage area. It is understood that the local preset storage area may be in a non-volatile memory inside the solid state disk, so as to be directly loaded when the solid state disk is powered on next time.
In this embodiment of the application, before burning the firmware to be burned into the preset storage area of the solid state disk, the firmware ciphertext and the firmware signature value generated and sent by the host are received, then the firmware ciphertext sent by the host is decrypted by using the decryption key corresponding to the encryption key generated in real time to obtain the firmware plaintext, the second digest information is used for performing digest processing on the firmware plaintext, the firmware signature value is decrypted by using the preset public key to restore to obtain the first digest information, and when the first digest information is consistent with the second digest information, the firmware plaintext is burned into the local preset storage area. As can be seen from the above, in the embodiment of the application, whether the firmware to be burned is not tampered can be verified through the above process, so that it is ensured that the firmware to be burned which is not tampered is burned into the local preset storage area, and the firmware ciphertext and the firmware signature value can be timely processed by the solid state disk through the symmetric encryption and decryption operations performed by using the encryption key and the decryption key.
Correspondingly, an embodiment of the present application further discloses a firmware burning apparatus, as shown in fig. 5, the apparatus includes:
the firmware generating module 11 is used for generating firmware to be burned;
the key generation module 12 is configured to generate a current encryption key through a preset dynamic key generation algorithm;
the firmware encryption module 13 is configured to encrypt the firmware to be burned by using the current encryption key to obtain a firmware ciphertext;
the firmware signature module 14 is configured to perform digest processing on the firmware to be burned by using a preset message digest algorithm to obtain first digest information, and encrypt the first digest information to generate a firmware signature value;
and the file sending module 15 is configured to send the firmware ciphertext and the firmware signature value to the solid state disk, so that the solid state disk performs corresponding firmware burning operation based on the firmware ciphertext and the firmware signature value.
Therefore, in the embodiment of the application, the current encryption key is generated through the preset dynamic key generation algorithm, and the firmware cryptographs are obtained by encrypting the firmware to be burned respectively, so that the firmware to be burned can be prevented from being stolen. The real-time generation of the encryption key ensures that the firmware to be burned cannot be reused after being stolen, namely, a playback-proof mechanism is ensured, so that the firmware to be burned cannot be repeatedly burned and can not be burned to other solid state disks, and meanwhile, the firmware to be burned is signed to obtain a firmware signature value, so that the firmware to be burned has non-repudiation and non-tampering, and the burning safety of the firmware to be burned is ensured.
In some specific embodiments, the key generation module 12 may specifically include:
the random number generating unit is used for generating a current first random number in real time;
the random number sending unit is used for sending the first random number to a solid state disk so that the solid state disk can generate a second random number in real time after receiving the first random number, and the first random number, the second random number and first authorization data preset in the solid state disk are operated by using a preset dynamic key generation algorithm to obtain a current decryption key;
the random number receiving unit is used for receiving the second random number sent by the solid state disk;
a first key generation unit, configured to perform an operation on the first random number, the second random number, and second authorization data preset in the host and identical to the first authorization data by using the preset dynamic key generation algorithm, so as to generate the encryption key corresponding to the current decryption key.
In some embodiments, the firmware burning apparatus further includes:
the authorization data generation module is used for generating corresponding target authorization data for the solid state disk by using a preset authorization data generation tool;
the first storage module is used for sending the target authorization data to a first preset storage area in the solid state disk for storage so as to obtain the first authorization data in the solid state disk;
and the second storage module is used for storing the target authorization data to a second preset storage area of the host so as to obtain the second authorization data in the host.
In some specific embodiments, the key generation module 12 may specifically include:
the data generating unit is used for processing the first random number, the second random number and second authorization data preset in the host and identical to the first authorization data by utilizing a first preset Hash algorithm to generate first secret data;
a second key generation unit, configured to perform an operation on the first secret data by using a preset key derivation function based on a preset key length to generate the encryption key corresponding to the current decryption key.
In some embodiments, the firmware signature module 14 may specifically include:
the abstract information generating unit is used for carrying out abstract processing on the firmware to be burned by utilizing a second preset hash algorithm so as to obtain first abstract information;
a signature value generation unit for encrypting the first digest information using a vendor private key to generate a firmware signature value; the manufacturer private key is a preset private key corresponding to a preset public key used for decrypting the firmware signature value in the solid state disk.
In some specific embodiments, the file sending module 15 may specifically include:
the file sending unit is used for sending the firmware ciphertext and the firmware signature value to the solid state disk so that the solid state disk can verify the firmware signature value, burn a firmware plaintext obtained by decrypting the firmware ciphertext by using the decryption key after the verification passes, and delete the decryption key currently stored in the solid state disk after the verification is finished;
in some embodiments, the firmware burning apparatus further includes:
and the notification acquisition unit is used for acquiring the signature verification ending notification sent by the solid state disk and then deleting the encryption key currently stored in the host.
Further, the embodiment of the application also provides electronic equipment. FIG. 6 is a block diagram illustrating an electronic device 20 according to an exemplary embodiment, and the contents of the diagram should not be construed as limiting the scope of use of the present application in any way.
Fig. 6 is a schematic structural diagram of an electronic device 20 according to an embodiment of the present disclosure. The electronic device 20 may specifically include: at least one processor 21, at least one memory 22, a power supply 23, a communication interface 24, an input output interface 25, and a communication bus 26. The memory 22 is used for storing a computer program, and the computer program is loaded and executed by the processor 21 to implement the relevant steps in the firmware burning method disclosed in any of the foregoing embodiments. In addition, the electronic device 20 in the present embodiment may be specifically an electronic computer.
In this embodiment, the power supply 23 is configured to provide a working voltage for each hardware device on the electronic device 20; the communication interface 24 can create a data transmission channel between the electronic device 20 and an external device, and a communication protocol followed by the communication interface is any communication protocol applicable to the technical solution of the present application, and is not specifically limited herein; the input/output interface 25 is configured to obtain external input data or output data to the outside, and a specific interface type thereof may be selected according to specific application requirements, which is not specifically limited herein.
In addition, the storage 22 is used as a carrier for resource storage, and may be a read-only memory, a random access memory, a magnetic disk or an optical disk, etc., and the resources stored thereon may include an operating system 221, a computer program 222, etc., and the storage manner may be a transient storage or a permanent storage.
The operating system 221 is used for managing and controlling each hardware device on the electronic device 20 and the computer program 222, and may be Windows Server, Netware, Unix, Linux, or the like. The computer program 222 may further include a computer program that can be used to perform other specific tasks in addition to the computer program that can be used to perform the firmware burning method performed by the electronic device 20 disclosed in any of the foregoing embodiments.
Further, an embodiment of the present application further discloses a storage medium, in which a computer program is stored, and when the computer program is loaded and executed by a processor, the steps of the firmware burning method disclosed in any of the foregoing embodiments are implemented.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The above detailed description is provided for a firmware burning method, apparatus, device and storage medium provided by the present invention, and a specific example is applied in the present document to explain the principle and the implementation of the present invention, and the description of the above embodiment is only used to help understanding the method and the core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims (10)

1. A firmware burning method is applied to a host, and comprises the following steps:
generating a firmware to be burned and generating a current encryption key through a preset dynamic key generation algorithm;
encrypting the firmware to be burned by using the current encryption key to obtain a firmware ciphertext;
performing digest processing on the firmware to be burned by using a preset message digest algorithm to obtain first digest information, and encrypting the first digest information to generate a firmware signature value;
and sending the firmware ciphertext and the firmware signature value to the solid state disk so that the solid state disk can carry out corresponding firmware burning operation based on the firmware ciphertext and the firmware signature value.
2. The firmware burning method of claim 1, wherein the generating the current encryption key through the preset dynamic key generation algorithm comprises:
generating a current first random number in real time, sending the first random number to a solid state disk so as to enable the solid state disk to generate a second random number in real time after receiving the first random number, and operating the first random number, the second random number and first authorization data preset in the solid state disk by using a preset dynamic key generation algorithm to obtain a current decryption key;
and receiving the second random number sent by the solid state disk, and operating the first random number, the second random number and second authorization data preset in the host and identical to the first authorization data by using the preset dynamic key generation algorithm to generate the encryption key corresponding to the current decryption key.
3. The firmware burning method of claim 2, further comprising:
generating corresponding target authorization data for the solid state disk by using a preset authorization data generating tool, and sending the target authorization data to a first preset storage area in the solid state disk for storage to obtain the first authorization data in the solid state disk;
and storing the target authorization data to a second preset storage area of the host to obtain the second authorization data in the host.
4. The method as claimed in claim 2, wherein the operating the first random number, the second random number, and second authorization data preset in the host and identical to the first authorization data by using the preset dynamic key generation algorithm to generate the encryption key corresponding to the current decryption key comprises:
processing the first random number, the second random number and second authorization data preset in the host and identical to the first authorization data by using a first preset hash algorithm to generate first secret data;
and calculating the first secret data by using a preset key derivation function based on a preset key length to generate the encryption key corresponding to the current decryption key.
5. The firmware burning method according to claim 2, wherein the sending the firmware cryptograph and the firmware signature value to the solid state disk so that the solid state disk performs corresponding firmware burning operations based on the firmware cryptograph and the firmware signature value comprises:
sending the firmware ciphertext and the firmware signature value to the solid state disk, so that the solid state disk checks the firmware signature value, burns a firmware plaintext obtained by decrypting the firmware ciphertext by using the decryption key after the check passes to the local, and deletes the decryption key currently stored in the solid state disk after the check is finished;
moreover, the firmware burning method further comprises the following steps:
and acquiring a signature verification ending notice sent by the solid state disk, and then deleting the encryption key currently stored in the host.
6. The method as claimed in any one of claims 1 to 5, wherein the abstracting the firmware to be burned by using a predetermined message abstraction algorithm to obtain first abstract information, and encrypting the first abstract information to generate a firmware signature value comprises:
performing abstract processing on the firmware to be burned by utilizing a second preset hash algorithm to obtain first abstract information;
encrypting the first digest information using a vendor private key to generate a firmware signature value; the manufacturer private key is a preset private key corresponding to a preset public key used for decrypting the firmware signature value in the solid state disk.
7. A firmware burning method is applied to a solid state disk and comprises the following steps:
receiving a firmware ciphertext and a firmware signature value which are generated and sent by a host; the firmware ciphertext is a file obtained by encrypting the firmware to be burned by the host by using an encryption key generated by a preset dynamic key generation algorithm, and the firmware signature value is a numerical value obtained by encrypting first digest information obtained by the host by using a preset message digest algorithm and performing digest processing on the firmware to be burned;
decrypting the firmware signature value to restore to obtain the first summary information;
decrypting the firmware ciphertext by using a decryption key corresponding to the encryption key generated by the preset dynamic key generation algorithm, and performing digest processing on a firmware plaintext obtained after decryption by using the preset message digest algorithm to obtain second digest information;
and judging whether the first abstract information is consistent with the second abstract information, and if so, burning the firmware plaintext into a local preset storage area.
8. An apparatus for implementing firmware burning, applied to a host, includes:
the firmware generating module is used for generating firmware to be burned;
the key generation module is used for generating a current encryption key through a preset dynamic key generation algorithm;
the firmware encryption module is used for encrypting the firmware to be burned by using the current encryption key to obtain a firmware ciphertext;
the firmware signature module is used for carrying out digest processing on the firmware to be burned by using a preset message digest algorithm to obtain first digest information and encrypting the first digest information to generate a firmware signature value;
and the file sending module is used for sending the firmware ciphertext and the firmware signature value to the solid state disk so that the solid state disk can carry out corresponding firmware burning operation based on the firmware ciphertext and the firmware signature value.
9. An electronic device, comprising:
a memory for storing a computer program;
a processor for executing the computer program to implement the steps of the firmware burning method as claimed in any one of claims 1 to 7.
10. A computer-readable storage medium for storing a computer program; wherein the computer program when executed by a processor implements the steps of the firmware burning method as claimed in any one of claims 1 to 7.
CN202111370600.3A 2021-11-18 2021-11-18 Firmware burning method, device, equipment and storage medium Pending CN114189337A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111370600.3A CN114189337A (en) 2021-11-18 2021-11-18 Firmware burning method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111370600.3A CN114189337A (en) 2021-11-18 2021-11-18 Firmware burning method, device, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN114189337A true CN114189337A (en) 2022-03-15

Family

ID=80540404

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111370600.3A Pending CN114189337A (en) 2021-11-18 2021-11-18 Firmware burning method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114189337A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115412244A (en) * 2022-10-31 2022-11-29 中孚信息股份有限公司 Method, system and equipment for updating encrypted firmware on line
TWI822001B (en) * 2022-04-20 2023-11-11 凌通科技股份有限公司 Licensing method for mass production certification, algorithm encripting method, programming device for mass production and algorithm device

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6108420A (en) * 1997-04-10 2000-08-22 Channelware Inc. Method and system for networked installation of uniquely customized, authenticable, and traceable software application
CN105812570A (en) * 2016-04-21 2016-07-27 深圳市旭子科技有限公司 Terminal firmware updating method and device
CN108880859A (en) * 2018-05-23 2018-11-23 北京五八信息技术有限公司 Configuration method, device, server, terminal and the storage medium of upgrade file
CN109976948A (en) * 2019-03-18 2019-07-05 北京思源互联科技有限公司 Private information backup method and recovery method and system
CN110597538A (en) * 2019-09-03 2019-12-20 广州小鹏汽车科技有限公司 Software upgrading method based on OTA upgrading system and OTA upgrading system
CN110912684A (en) * 2018-09-14 2020-03-24 北京京东尚科信息技术有限公司 System and method for authentication encryption based on device fingerprint
US20200328902A1 (en) * 2017-09-07 2020-10-15 China Iwncomm Co., Ltd. Digital credential management method and device
CN112187544A (en) * 2020-09-30 2021-01-05 深圳忆联信息系统有限公司 Firmware upgrading method and device, computer equipment and storage medium
CN113545115A (en) * 2020-11-28 2021-10-22 华为技术有限公司 Communication method and device

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6108420A (en) * 1997-04-10 2000-08-22 Channelware Inc. Method and system for networked installation of uniquely customized, authenticable, and traceable software application
CN105812570A (en) * 2016-04-21 2016-07-27 深圳市旭子科技有限公司 Terminal firmware updating method and device
US20200328902A1 (en) * 2017-09-07 2020-10-15 China Iwncomm Co., Ltd. Digital credential management method and device
CN108880859A (en) * 2018-05-23 2018-11-23 北京五八信息技术有限公司 Configuration method, device, server, terminal and the storage medium of upgrade file
CN110912684A (en) * 2018-09-14 2020-03-24 北京京东尚科信息技术有限公司 System and method for authentication encryption based on device fingerprint
CN109976948A (en) * 2019-03-18 2019-07-05 北京思源互联科技有限公司 Private information backup method and recovery method and system
CN110597538A (en) * 2019-09-03 2019-12-20 广州小鹏汽车科技有限公司 Software upgrading method based on OTA upgrading system and OTA upgrading system
CN112187544A (en) * 2020-09-30 2021-01-05 深圳忆联信息系统有限公司 Firmware upgrading method and device, computer equipment and storage medium
CN113545115A (en) * 2020-11-28 2021-10-22 华为技术有限公司 Communication method and device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI822001B (en) * 2022-04-20 2023-11-11 凌通科技股份有限公司 Licensing method for mass production certification, algorithm encripting method, programming device for mass production and algorithm device
CN115412244A (en) * 2022-10-31 2022-11-29 中孚信息股份有限公司 Method, system and equipment for updating encrypted firmware on line

Similar Documents

Publication Publication Date Title
CN106664202B (en) Method, system and computer readable medium for providing encryption on multiple devices
CN110798315B (en) Data processing method and device based on block chain and terminal
US7925023B2 (en) Method and apparatus for managing cryptographic keys
CN103138939B (en) Based on the key access times management method of credible platform module under cloud memory module
US11831753B2 (en) Secure distributed key management system
CN110311787B (en) Authorization management method, system, device and computer readable storage medium
WO2013010427A1 (en) Key generation, backup and migration method and system based on trusted computing
CN113545006A (en) Remote authorized access locked data storage device
CN109388961B (en) Security control method of storage device and storage device
CN107920052B (en) Encryption method and intelligent device
CN110868291B (en) Data encryption transmission method, device, system and storage medium
CN111294203B (en) Information transmission method
CN108199827B (en) Client code integrity checking method, storage medium, electronic device and system
CN114189337A (en) Firmware burning method, device, equipment and storage medium
CN116601912A (en) Post-secret provisioning service providing encryption security
US20150326402A1 (en) Authentication Systems
CN113557689A (en) Initializing data storage devices with manager devices
CN104767766A (en) Web Service interface verification method, Web Service server and client side
CN112003697A (en) Encryption and decryption method and device for cryptographic module, electronic equipment and computer storage medium
CN111654503A (en) Remote control method, device, equipment and storage medium
CN103592927A (en) Method for binding product server and service function through license
WO2020034881A1 (en) Method and apparatus for activating trusted execution environment
CN109450951B (en) Server-side security file management method, device and system
TW201608412A (en) Agent for providing security cloud service and security token device for security cloud service
US11216571B2 (en) Credentialed encryption

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination