CN115587389A - Firmware security protection method and system - Google Patents

Firmware security protection method and system Download PDF

Info

Publication number
CN115587389A
CN115587389A CN202211426019.3A CN202211426019A CN115587389A CN 115587389 A CN115587389 A CN 115587389A CN 202211426019 A CN202211426019 A CN 202211426019A CN 115587389 A CN115587389 A CN 115587389A
Authority
CN
China
Prior art keywords
firmware
application
boot
key
protection method
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211426019.3A
Other languages
Chinese (zh)
Inventor
张福健
秦放
黄臻
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu 30javee Microelectronics Co ltd
Original Assignee
Chengdu 30javee Microelectronics Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu 30javee Microelectronics Co ltd filed Critical Chengdu 30javee Microelectronics Co ltd
Priority to CN202211426019.3A priority Critical patent/CN115587389A/en
Publication of CN115587389A publication Critical patent/CN115587389A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a firmware safety protection method and a system, wherein the method divides firmware into BOOT firmware and application firmware, and comprises the following steps: s1: applying a firmware encryption key; s2: applying a firmware signing key; s3: after the equipment is powered on, loading BOOT firmware; s4: and the BOOT firmware decrypts and verifies the application firmware, and loads the application firmware for the user to use after the verification is successful. The invention utilizes the cryptographic algorithm and physical entity characteristics to carry out security processing on the firmware, thereby achieving the purposes of copy prevention, forgery prevention, falsification prevention and analysis prevention of the secure and credible firmware.

Description

Firmware security protection method and system
Technical Field
The invention relates to the technical field of computer software information security, in particular to a firmware security protection method and system.
Background
With the development of internet technology and electronic industry, various intelligent terminal devices appear in a burst mode in the life of people, and the safety of firmware in the terminal devices is more and more important. Various terminal devices of a known manufacturer are stolen in a hardware imitation and firmware copying mode, so that adverse effects on the ecological environment of the Internet of things industry are brought, and huge economic losses are brought to the terminal manufacturer.
Some manufacturers use a mode of printing data on the surface of a fuzzified chip to process the data, but only can play a certain physical safety protection role, and only through a firmware protection mode, the imitation products can be reduced to the maximum extent, and the market rate of the products is improved. However, most smart products on the market have fewer security concerns for firmware, on one hand, the complexity of product production is affected due to the addition of security factors, and on the other hand, the smart products with high-speed iteration do not have excessive development time to increase the product security capability.
Disclosure of Invention
The invention aims to provide a firmware safety protection method and a firmware safety protection system, which are used for solving the problems that the firmware of equipment of the Internet of things is stored in a flash, and an attacker reads the firmware by using special equipment after detaching a flash chip, so that on one hand, the safety risk of the firmware can be analyzed, the equipment is attacked, and on the other hand, the existing firmware can be used for copying a target product for imitation sale; and an attacker uses the illegal firmware to replace the original product firmware and steals the private data of the user.
The purpose of the invention is realized by adopting the following technical scheme: a firmware security protection method divides firmware into BOOT firmware and application firmware, and comprises the following steps:
s1: applying a firmware encryption key;
s2: applying a firmware signing key;
s3: after the equipment is powered on, loading BOOT firmware;
s4: and the BOOT firmware decrypts and verifies the application firmware, and loads the application firmware for the user to use after the verification is successful.
Further, step S1 specifically includes: and injecting equipment information with a specific identification function into the OTP of the main control chip, and performing multiple iterations according to the equipment information by using a digest algorithm to generate an encryption key bound with the equipment.
Further, the device information at least includes one or more of manufacturer information, device model, and device unique identification code.
Further, an encryption key is generated in a one-machine one-secret or one-type one-secret mode, and if the one-machine one-secret mode is adopted, the unique identification code of the equipment participates in the digest operation; if the type one password is adopted, the equipment type information is participated in abstract operation.
Further, step S2 specifically includes: and generating a firmware verification asymmetric key pair, determining one-type one-secret or multiple-type one-secret according to security requirements, maintaining a private key by the user, writing a public key into a flash, and writing a public key digest value into the OTP.
Further, a plurality of spare key pairs are backed up, and the keys are prevented from being broken.
Further, step S3 includes the following sub-steps:
s31: powering on the equipment, and loading BOOT firmware;
s32: detecting whether the condition for loading the application firmware is met, and if the condition is met, performing a step S4; and if not, entering BOOT business processing.
Further, the condition for loading the application firmware comprises resource validity detection.
Further, step S4 includes the following sub-steps:
s41: reading the device information from the OTP to generate an encryption key;
s42: reading the application firmware ciphertext from the flash and decrypting;
s43: reading the abstract value of the public key from the OTP, and verifying the public key data stored in the flash;
s44: if the verification is passed, loading application firmware and processing application services; and if the verification fails, performing BOOT business processing.
A firmware safety protection system comprises BOOT firmware and application firmware, wherein the BOOT firmware is loaded after equipment is powered on, the BOOT firmware decrypts and verifies the application firmware, and the application firmware is loaded after verification is successful for a user to use.
The invention has the beneficial effects that: the invention utilizes the cryptographic algorithm and physical entity characteristics to carry out security processing on the firmware, thereby achieving the purposes of copy prevention, forgery prevention, falsification prevention and analysis prevention of the secure and credible firmware; the invention has higher universality, feasibility and practical value; the invention backups a plurality of key pairs, thereby preventing potential safety hazard caused by key leakage; the generation mode of the firmware encryption key has the characteristics of copy prevention, traceability after copy and the like.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the structures shown in the drawings without creative efforts.
FIG. 1 is a flowchart of a device power-on load;
FIG. 2 is a block diagram of processor memory resources;
FIG. 3 is a memory device resource distribution diagram.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined or explained in subsequent figures.
Some embodiments of the invention are described in detail below with reference to the accompanying drawings. The embodiments and features of the embodiments described below can be combined with each other without conflict.
Example 1:
referring to fig. 1, a method for protecting firmware security, which divides firmware into BOOT firmware and application firmware, includes the following steps:
s1: applying a firmware encryption key;
s2: applying a firmware signing key;
s3: after the equipment is powered on, loading BOOT firmware;
s4: and the BOOT firmware decrypts and verifies the application firmware, and loads the application firmware for the user to use after the verification is successful.
The firmware program is generally stored in an internal flash or an external flash of the MCU, and after the device is powered on, the firmware is automatically moved from the address 0 of the boot flash chip to the RAM for operation (see fig. 2). The invention divides the firmware into BOOT firmware and application firmware, after power-on, the BOOT firmware is loaded first, the BOOT firmware decrypts and verifies the application firmware, and after verification succeeds, the application firmware is loaded for users to use, which specifically comprises the following steps:
application firmware encryption key: the equipment manufacturer injects manufacturer information, equipment model, equipment unique identification code and the like with specific identification function into the OTP of the main control chip. And (3) carrying out multiple iterations by using a digest algorithm according to the information to generate an encryption key bound with the equipment, wherein if one machine is required to be one secret, the unique identification code of the equipment is involved in digest operation, and if one machine is required to be one secret, the information such as the equipment model is involved in digest operation. The encryption key generated by the method has the characteristics of traceability and the like, and even if an illegal person breaks through the encryption key, the imitation product also needs to write data such as the producer information and the like into the OTP, so that the imitation product has a recognizable infringement judgment evidence.
The encryption key of the device is generated by adopting the manufacturer information, the device model information, the device unique identifier and the like stored in the OTP for a plurality of times of iteration through a digest algorithm, so that the confidentiality of the application firmware can be protected. Data such as equipment information and the like are stored in the OTP, and the OTP cannot be changed physically. Furthermore, a manufacturer can flexibly set one secret for one machine or one secret for one type according to the equipment requirement to generate a corresponding encryption key.
Application firmware signing key: the equipment manufacturer generates a firmware verification asymmetric key pair, can determine one-type one-secret or multiple-type one-secret according to security requirements, maintains a private key by itself, writes a public key into a flash, and writes a public key digest value into the OTP. In order to prevent the potential safety hazard caused by the key being broken, manufacturers can back up a plurality of spare key pairs and process the public keys according to the mode of the above formula. (see also FIG. 3)
The application firmware ciphertext is stored in the flash, the key generation source data is stored in the OTP area of the chip, the application firmware ciphertext and the key generation source data are stored in different places, the OTP is written by a manufacturer, the reading permission is set, an attacker can only obtain the ciphertext data in the flash, the key information cannot be obtained, and the high-security feature is achieved. Before the application firmware is encrypted, a manufacturer signs the firmware by using a production private key, places a signature code at the tail of the plaintext of the application firmware for encryption, writes a public key into a flash specific storage area, and writes a public key digest value into the OTP. Furthermore, a manufacturer can generate a plurality of pairs of spare key pairs, and relevant information is placed in the equipment, so that the problem of firmware safety caused by leakage of the production key under a specific condition can be effectively solved, and key switching is carried out.
BOOT firmware: after the BOOT firmware is loaded on power, firstly, information such as manufacturer information, equipment model, equipment unique identification code and the like is read from the OTP, an encryption key is recovered by using a digest algorithm, and the application firmware stored in the flash memory is decrypted; secondly, reading the digest value of the public key from the OTP, reading the public key from the flash, and verifying the validity of the public key; and then, checking the application firmware through the public key, and loading the application firmware after the check is successful.
Application firmware: the application firmware provides a normal service function, after the application firmware plaintext is generated, a manufacturer private key is firstly adopted for signing, and then the encryption key is used for encrypting the firmware plaintext and the signature code.
And the BOOT firmware needs to perform state detection including resource validity detection and the like before loading the application firmware, if the states do not conform to each other, BOOT service processing is performed, software upgrading and the like can be performed, and authority authentication and data verification are performed during software upgrading. If the state is in accordance with the preset condition, reading the equipment information from the OTP to generate an encryption key; reading an application firmware ciphertext from the flash and decrypting the application firmware ciphertext; reading the abstract value of the public key from the OTP, and verifying the public key data stored in the flash; loading application firmware to perform application service processing after the verification is passed; and if the verification fails, BOOT business processing is carried out.
A firmware safety protection system is used for realizing the firmware safety protection method, and comprises BOOT firmware and application firmware.
On the basis of the trusted start technology and the like, the invention adds the following characteristics: a plurality of key pair backup modes are adopted, so that potential safety hazards caused by key leakage are prevented; the generation mode of the firmware encryption key has the characteristics of copy prevention, traceability after copy and the like.
It should be noted that, for the sake of simplicity, the foregoing embodiments are described as a series of combinations of acts, but those skilled in the art should understand that the present application is not limited by the described order of acts, as some steps may be performed in other orders or simultaneously according to the present application. Further, those skilled in the art will also appreciate that the embodiments described in the specification are presently preferred and that no particular act is required in the present application.
In the above embodiments, the basic principle and the main features of the present invention and the advantages of the present invention are described. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, which are merely illustrative of the principles of the invention, and that modifications and variations can be made by one skilled in the art without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (10)

1. A firmware security protection method is characterized in that firmware is divided into BOOT firmware and application firmware, and the method comprises the following steps:
s1: applying a firmware encryption key;
s2: applying a firmware signing key;
s3: after the equipment is powered on, loading BOOT firmware;
s4: and the BOOT firmware decrypts and verifies the application firmware, and loads the application firmware for the user to use after the verification is successful.
2. The firmware security protection method according to claim 1, wherein the step S1 specifically includes: and injecting equipment information with a specific identification function into the OTP of the main control chip, and performing multiple iterations according to the equipment information by using a digest algorithm to generate an encryption key bound with the equipment.
3. A firmware security protection method according to claim 2, wherein the device information at least comprises one or more of manufacturer information, device model number and device unique identification code.
4. A firmware security protection method as claimed in claim 2, wherein the encryption key is generated by one-machine-one-secret or one-type-one-secret, and if one-machine-one-secret is adopted, the device unique identifier is used in the digest operation; if the type one password is adopted, the equipment type information is participated in the abstract operation.
5. The method for protecting firmware safety according to claim 1, wherein the step S2 specifically includes: and generating a firmware verification asymmetric key pair, determining one-type one-secret or multiple-type one-secret according to security requirements, maintaining a private key by the user, writing a public key into a flash, and writing a public key digest value into the OTP.
6. A firmware security protection method as claimed in claim 5, wherein a plurality of spare key pairs are backed up to prevent key hacking.
7. A firmware security protection method according to claim 1, wherein step S3 comprises the following sub-steps:
s31: powering on the equipment, and loading BOOT firmware;
s32: detecting whether the condition for loading the application firmware is met, and if the condition is met, performing a step S4; and if not, entering BOOT business processing.
8. A firmware security protection method as claimed in claim 7, wherein the condition for loading application firmware comprises a resource validity check.
9. A firmware security protection method according to claim 1, wherein step S4 comprises the sub-steps of:
s41: reading the device information from the OTP to generate an encryption key;
s42: reading an application firmware ciphertext from the flash and decrypting the application firmware ciphertext;
s43: reading the abstract value of the public key from the OTP, and verifying the public key data stored in the flash;
s44: loading application firmware to perform application service processing after the verification is passed; and if the verification fails, BOOT business processing is carried out.
10. A firmware safety protection system is used for realizing the firmware safety protection method of any one of claims 1 to 9, and is characterized by comprising BOOT firmware and application firmware, wherein the BOOT firmware is loaded after the equipment is powered on, the BOOT firmware decrypts and verifies the application firmware, and the application firmware is loaded for a user to use after the verification is successful.
CN202211426019.3A 2022-11-15 2022-11-15 Firmware security protection method and system Pending CN115587389A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211426019.3A CN115587389A (en) 2022-11-15 2022-11-15 Firmware security protection method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211426019.3A CN115587389A (en) 2022-11-15 2022-11-15 Firmware security protection method and system

Publications (1)

Publication Number Publication Date
CN115587389A true CN115587389A (en) 2023-01-10

Family

ID=84783331

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211426019.3A Pending CN115587389A (en) 2022-11-15 2022-11-15 Firmware security protection method and system

Country Status (1)

Country Link
CN (1) CN115587389A (en)

Similar Documents

Publication Publication Date Title
CN102508791B (en) Method and device for encrypting hard disk partition
CN111723383B (en) Data storage and verification method and device
US7779478B2 (en) System and method for distributed module authentication
CN109412812B (en) Data security processing system, method, device and storage medium
CN107908574B (en) Safety protection method for solid-state disk data storage
US20080040613A1 (en) Apparatus, system, and method for secure password reset
CN108629206B (en) Secure encryption method, encryption machine and terminal equipment
CN101523399A (en) Methods and systems for modifying an integrity measurement based on user athentication
CN109190401A (en) A kind of date storage method, device and the associated component of Qemu virtual credible root
KR20130008939A (en) Apparatus and method for preventing a copy of terminal's unique information in a mobile terminal
CN103971034A (en) Method and device for protecting Java software
US6651169B1 (en) Protection of software using a challenge-response protocol embedded in the software
Fisher et al. Trust and trusted computing platforms
CN114785503A (en) Cipher card, root key protection method thereof and computer readable storage medium
CN101447009A (en) Method, device and system for installing software
JP2009080772A (en) Software starting system, software starting method and software starting program
CN110837634A (en) Electronic signature method based on hardware encryption machine
CN108650214B (en) Dynamic page encryption anti-unauthorized method and device
JP2007094879A (en) Authentication system for basic program of operating system, computer used for the same, and computer program
CN105873043B (en) Method and system for generating and applying network private key for mobile terminal
CN101403985B (en) Software permission backup method for software protection apparatus
CN111310173A (en) Terminal virtual machine identity authentication method and system of trusted chip
CN110855429A (en) Software key protection method based on TPM
CN115062330A (en) TPM-based intelligent cipher key and cipher application interface realization method
CN115587389A (en) Firmware security protection method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination