CN117009003B - Safe starting method and related device - Google Patents
Safe starting method and related device Download PDFInfo
- Publication number
- CN117009003B CN117009003B CN202311272208.4A CN202311272208A CN117009003B CN 117009003 B CN117009003 B CN 117009003B CN 202311272208 A CN202311272208 A CN 202311272208A CN 117009003 B CN117009003 B CN 117009003B
- Authority
- CN
- China
- Prior art keywords
- token
- mirror image
- loaded
- service
- image service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 112
- 230000008569 process Effects 0.000 claims abstract description 62
- 230000006870 function Effects 0.000 claims description 35
- 238000012795 verification Methods 0.000 claims description 8
- 238000004590 computer program Methods 0.000 claims description 7
- 230000004044 response Effects 0.000 claims description 4
- 238000004883 computer application Methods 0.000 abstract description 2
- 238000004891 communication Methods 0.000 description 6
- 238000012545 processing Methods 0.000 description 6
- 238000013475 authorization Methods 0.000 description 5
- 230000009471 action Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000013461 design Methods 0.000 description 3
- 230000008520 organization Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012508 change request Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000005484 gravity Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000011022 operating instruction Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44505—Configuring for program initiating, e.g. using registry, configuration files
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44521—Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading
Abstract
The application provides a safe starting method and a related device, and relates to the technical field of computer application. The safe starting method can comprise the following steps: responding to a power-on request, and entering a safe starting process; in the safety starting process, determining the type of mirror image service to be loaded according to the mirror image service indication token stored in the token storage area; wherein the token storage area is a storage area in the one-time programmable storage component; the mirror image service indication token is written into the token storage area before the mirror image service to be loaded in the starting process of the computing device is replaced and is used for indicating the type of the mirror image service to be loaded in the starting process of the computing device; and according to the determined type of the mirror image service to be loaded, the corresponding mirror image file is booted and loaded. The technical scheme provided by the application can enable the user to use different mirror image services according to own requirements.
Description
Technical Field
The present disclosure relates to the field of computer applications, and in particular, to a method and an apparatus for secure startup.
Background
The general platform of the computing equipment is a base of an information system, bears the promise of thousands of industries, and has wide application requirements in a plurality of fields of office work, finance, media, scientific research, ecology and the like. However, different industries have a emphasis on platform applications, and the need for the platform applications is very different, and how to utilize the cured hardware platform to meet the different needs of users becomes a problem to be solved.
Disclosure of Invention
Based on the defects and shortcomings of the prior art, the application provides a safe starting method and a related device, so that a user can use different mirror image services according to own needs.
According to a first aspect of embodiments of the present application, there is provided a secure boot method applied to a computing device, the computing device including a one-time programmable storage component, the method comprising:
responding to a power-on request, and entering a safe starting process;
in the safety starting process, determining the type of mirror image service to be loaded according to the mirror image service indication token stored in the token storage area; wherein the token storage area is a storage area in the one-time programmable storage component; the mirror image service indication token is written into the token storage area before the mirror image service to be loaded in the starting process of the computing device is replaced and is used for indicating the type of the mirror image service to be loaded in the starting process of the computing device;
And according to the determined type of the mirror image service to be loaded, the corresponding mirror image file is booted and loaded.
According to a second aspect of embodiments of the present application, there is provided a secure launch apparatus for use in a computing device comprising a one-time programmable memory component, the apparatus comprising:
the starting module is used for responding to the power-on request and entering a safe starting process;
the first determining module is used for determining the type of mirror image service to be loaded according to the mirror image service indication token stored in the token storage area in the security starting process; wherein the token storage area is a storage area in the one-time programmable storage component; the mirror image service indication token is written into the token storage area before the mirror image service to be loaded in the starting process of the computing device is replaced and is used for indicating the type of the mirror image service to be loaded in the starting process of the computing device;
and the boot loading module is used for boot loading the corresponding image file according to the determined image service type to be loaded.
According to a third aspect of embodiments of the present application, there is provided an electronic device, including: a memory and a processor;
The memory is connected with the processor and used for storing programs;
the processor is configured to implement the secure boot method according to the first aspect by running a program in the memory.
According to a fourth aspect of embodiments of the present application, there is provided a storage medium having stored thereon a computer program which, when executed by a processor, implements the secure boot method according to the first aspect.
In the embodiment of the application, for the differentiated demands of users on the system mirror image, different types of mirror image services (also can be understood as different types of mirror image service modes) can be provided, and the users can replace the mirror image services according to the demands. In addition, for the replacement of the mirror image service, the embodiment of the application designs a mirror image service indication token, and different mirror image service indication tokens are used for indicating different mirror image services. Before the mirror image service is replaced each time, the corresponding mirror image service indication token can be written into the token storage area, so that in the starting process, the computing equipment can determine the type of the mirror image service to be loaded according to the mirror image service indication token stored in the token storage area, and the corresponding mirror image file can be guided and loaded correctly, thereby improving the safety of the starting process.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present application, and that other drawings may be obtained according to the provided drawings without inventive effort to a person skilled in the art.
Fig. 1 is a flow chart of a method for secure startup according to an embodiment of the present application.
Fig. 2 is a block diagram of a safety starting device according to an embodiment of the present application.
Fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
Summary of the application
The different industries have different emphasis on platform applications, and the need is quite different, so how to utilize the cured hardware platform to meet the different needs of users becomes a great challenge for the general platform. In order to cope with the above challenges, a scheme is proposed that the device is divided into different versions such as a development version, a standard version, a network security version and the like from the hardware level according to the requirement level of a user on the security of the device, but a general mirror image management strategy is still adopted for the mirror image of the system, that is, a general mirror image file is maintained by a mirror image provider for different user requirements. Applicants have found that the generic image management strategy lacks flexibility in facing the vastly different needs of the various industries and presents certain security risks, as follows:
the problem 1 and the scheme divide the equipment into three types according to the equipment safety, however, the difference of the user demands is not only the safety, but also different in aspects of software system, application support and the like, so the scheme only plays a certain role in relieving and cannot solve the actual challenges.
Problem 2: a general image file is maintained for all users, and all users are bound into a life-transport community to a certain extent, when an image issued for meeting the requirement of a certain user finds a major vulnerability, the vulnerability can be diffused in the systems of various industries, and immeasurable loss is caused.
Problem 3, in the digital age, software vulnerabilities (e.g., known vulnerabilities, zero-day vulnerabilities, unknown vulnerabilities, etc.) are unavoidable. As the user demands increase, the complexity of the general image file increases, and the risk of security holes increases naturally. While anti-rollback means for system images can prevent an attacker from implementing an attack using past versions of known vulnerabilities, they cannot deal with potential threats generated within the image file.
Based on the above technical problems, the present application provides a safe starting method, and an exemplary description will be given below of the safe starting method provided by the present application with reference to the accompanying drawings.
Exemplary method
Taking application to a computing device as an example, embodiments of the present application provide a secure boot method, which may include:
step 101: in response to the power-up request, a secure boot process is entered.
After the computing device is powered on, a secure boot process is automatically entered.
The secure boot process in the embodiment of the present application may be a chained secure boot process, that is, the on-chip image starts to load, verify and boot the next-level image step by step, in other words, each image file corresponds to a fixed boot level (i.e., boot order) in the secure boot, so as to improve the security of the entire boot process.
Step 102: and in the process of safe starting, determining the type of the mirror image service to be loaded according to the mirror image service indication token stored in the token storage area.
Wherein the token storage area is a storage area in a one-time programmable (One Time Programmable, OTP) storage component in the computing device.
Wherein the image service indication token is written into the token storage area before changing the image service to be loaded in the starting process of the computing device, and is used for indicating the image service type to be loaded in the subsequent starting process of the computing device.
In this embodiment of the present application, for the differentiated requirement of the user on the system image, instead of maintaining a general image service, different types of image services (which may also be understood as different types of image service modes) may be provided, and the user may perform image service replacement according to the requirement of the user. Wherein, the image files corresponding to the different types of image services are different.
The solidified hardware platform can better cope with different use demands of users, meanwhile, general users and special users (namely users with special demands) can be decoupled, the users do not need to be bound into a fate community, the mutual influence of the users is reduced, when security holes appear in mirror files under certain type of mirror services, the users using other types of mirror services cannot be influenced, and therefore the hazard range of the mirror holes is reduced. Furthermore, because different types of mirror image services can be provided for the user, the personalized requirements of the user are not required to be met by means of the universal mirror image service, so that the complexity of the universal mirror image file is reduced, the risk of security holes generated by the universal mirror image file is reduced, and the potential threat in the mirror image file is reduced.
For replacement of mirror services, mirror service indication tokens are designed, and different mirror service indication tokens are used for indicating different mirror services. Before the mirror image service is replaced each time, a corresponding mirror image service indication token can be written into the token storage area, so that the computing device can determine the type of the mirror image service to be loaded according to the mirror image service indication token stored in the token storage area in the starting process.
In the embodiment of the application, the mirror image service instruction token is written into the token storage area in the OTP storage component when in use, and the operation is simple and convenient. In addition, the effective condition of the mirror image service indication token is written into the token storage area in the OTP storage component, in other words, the effective mirror image service indication token cannot be changed or deleted, so that the problem that the mirror image service cannot be used due to malicious tampering or deletion can be avoided, and the security and reliability are improved.
Step 103: and according to the determined type of the mirror image service to be loaded, the corresponding mirror image file is booted and loaded.
After the type of the mirror image service to be loaded is determined based on the service indication token, the computing device can correctly boot and load the corresponding mirror image file according to the type of the mirror image service to improve the security of the starting process.
In one possible implementation, the mirrored service types may include: a generic mirror service corresponding to the generic mirror file and a proprietary mirror service corresponding to the proprietary mirror file.
The general image file refers to an image file formulated by an image provider for most users, for example, an image file used by a computing device in most scenes of general work, home, and the like. The general image file may include basic characteristics of the image file, such as integrity, readability, reproducibility, and the like, so as to meet the use requirements of most users. Where integrity means that the image file should contain the required data information in its entirety without damaging or losing the data. Readability means that the image file should be able to be properly read and parsed by the computing device. Reproducibility refers to the fact that the same results can be obtained on different computing devices using the same image file. The general image file is not limited to use of the device, in other words, any computing device may use the general image file. The image files injected when the computing device leaves the factory are generally universal image files.
The dedicated image file refers to an image file which is specially made by an image provider according to the special requirements of users. The special requirements mentioned herein refer to the use requirements that the general image file cannot meet, for example, for industries with high confidentiality requirements (such as scientific research industries), the security requirements are higher, but the security of the general image file may be difficult to meet the use requirements of the user, so the user may apply for the special image file with high security to the image provider. For another example, for industries with larger data processing capacity (such as financial industry), the requirement for the performance of the software system is higher, and as such, the performance of the software system supported by the general image file may be difficult to meet the use requirement of the user, so the user may apply for the dedicated image file capable of supporting high performance to the image provider. Wherein the proprietary image file is limited to a specific use device, in other words, only a specific computing device can use the proprietary image file.
In the embodiment of the present application, the image service corresponding to the generic image file may also be referred to as a mainstream image service mode, and the image service corresponding to the specific image file may also be referred to as an extra-needed image service mode.
In the embodiment of the application, various differentiated requirements of users can be met through the exclusive image file, so that different use requirements of the users can be better met through the solidified hardware platform, meanwhile, general users and special users (namely users with special requirements) can be decoupled, the general users and the special users do not need to be bound into fate communities, the respective mutual influence is reduced, when the general image file has security holes, users using the exclusive image file cannot be influenced, otherwise, the exclusive image file has security holes, and the users using the general image file cannot be influenced, so that the hazard range of the image holes is reduced. Furthermore, the exclusive image file can be provided for the user, so that the personalized requirement of the user is not required to be met by means of the universal image file, the complexity of the universal image file is reduced, and the risk of security holes generated by the universal image file is reduced.
Based on the above embodiments, the mirrored service indication token may include a first indication token and a second indication token.
The first indication token is used for indicating that the type of the mirror image service to be loaded in the starting process is a general mirror image service. The second indication token is used for indicating that the type of the mirror image service to be loaded in the starting process is a proprietary mirror image service.
In one possible implementation, the mirrored service indication token in the embodiments of the present application may be user-applied to a chip vendor of a computing device.
Alternatively, the mirror service indication token may be applied by the user to the chip manufacturer through the computing device, and the application process may include the following two steps:
step A1: and sending an application request of the mirror image service indication token to a chip manufacturer.
Step A2: and receiving at least one mirror image service indication token sent by the chip manufacturer according to the application request.
The user may trigger an application request for the mirror service indication token via the computing device to send the application request to the chip vendor. The chip manufacturer can generate at least one mirror image service indication token according to the application request sent by the computing device and send the mirror image service indication token to the computing device.
For the mirror image service indication token received by the computing device, the mirror image service indication token can be stored into other storage areas of the non-OTP storage component by the computing device, the other storage areas can be selected according to actual requirements, and the embodiment of the application is not limited in detail; of course the storage area (non-OTP storage means) of the mirror service indication token may also be selected by the user.
It will be appreciated that the user may apply for the mirror service indication token to the chip manufacturer in other realizable manners, which are not specifically limited in this embodiment of the present application.
Optionally, in the case that the image service type includes the generic image service and the proprietary image service, the chip vendor may generate the first indication token and the second indication token at one time and issue them to the computing device at the same time, that is: the number of the at least one mirror service indication token in the step A2 is 2, which is a first indication token and a second indication token respectively. Therefore, the user can be allowed to autonomously change the mirror image service in a limited way, the application times of the mirror image service indication token can be reduced, the application is not required every time, and the use of the user is convenient. In addition, one of the two generated indication tokens is always the mirror image service indication token required in the last switching, so that the computing device does not need to report which kind of mirror image service indication token is specifically required when sending an application request, and a chip manufacturer does not need to analyze and process the mirror image service indication token, thereby simplifying the application request processing flow.
It should be noted that, in the case that the chip manufacturer issues only one mirror image service indication token at a time according to the application request of the mirror image service indication token, the computing device may add the information of the required mirror image service indication token to the sent application request, so that the chip manufacturer issues the corresponding mirror image service indication token.
In one possible implementation, the mirrored service indication token may include at least one of a storage location number, a function identification, and a user device identification, as well as digital signature information. The foregoing information is explained below, respectively.
Storage location number
A storage location number (which may be denoted as TGID) is used to indicate the storage location in the token storage area of the OTP storage element for writing the mirrored service indication token. The user may provide the memory location number to the chip vendor when applying the mirror service indication token to the chip vendor, so that the chip vendor adds it to the mirror service indication token.
The storage location number may refer to at least one storage location. In the case where it refers to a plurality of storage locations, the mirroring service indication tokens may be written sequentially in order from the beginning to the end of the storage area.
The storage location numbers are illustrated below in two examples, respectively.
As shown in table 1, an example of the structure of a token storage area is illustrated. In this example, the token storage area includes 8 storage locations, which means that 8 mirror service indication tokens can be stored, and the number information corresponding to each storage location is respectively: 0. 1, 2, 3, 4, 5, 6, 7. If tgid=1, it indicates that the mirror service indication token can be written to the storage location numbered 1 in the token storage area.
TABLE 1
For the numbering scheme illustrated in table 1, a storage location number refers to one storage location. The numbering mode can be suitable for the situation that a chip manufacturer issues any number of mirror image service indication tokens at one time, and the storage position numbers in different mirror image service indication tokens are different.
As shown in table 2, another example of the structure of the token storage area is illustrated. In this example, the token storage area also includes 8 storage locations, meaning that 8 mirrored service indication tokens can be stored. The structure is different from that illustrated in table 1 in that one storage location number is set for every two storage locations in this example.
TABLE 2
For the numbering scheme illustrated in table 2, the storage location number refers to two storage locations. The numbering mode is more suitable for the situation that a chip manufacturer issues two different mirror image service indication tokens at one time, and the storage position numbers in the two mirror image service indication tokens issued in the same batch are the same, and the storage position numbers in the mirror image service indication tokens issued in different batches are different. For example, the chip manufacturer issues the first indication token T1 and the second indication token T2 at a time. The computing device may add a storage location number to the application request when sending the application request for the mirrored service indication token. The chip manufacturer adds the storage location number obtained from the application request to the first and second indication tokens T1 and T2, respectively. In the use process of the two mirror service indication tokens, two storage positions corresponding to the storage position numbers can be written in sequence according to the use sequence. As shown in table 2, assuming that the storage locations in the first and second indication tokens T1 and T2 are numbered "0", the first indication token T1 is written to the first storage location having the storage location number "0" in the case where the first indication token T1 is used, and then the second indication token T2 is written to the second storage location having the storage location number "0" in the case where the second indication token T2 is used, as shown in table 2. After the first indication token T1 and the second indication token T2 are used, the user may apply for the mirror service indication token again to the chip manufacturer, and when applying for the mirror service indication token again, the storage location number carried in the application request may be "1".
The contents shown in table 2 can be diverged, and when a chip manufacturer issues three or more mirror image service indication tokens at a time, three or more storage positions in the token storage area can be adaptively divided into one group, and each group is numbered.
On the basis of the foregoing, before entering the present secure boot, the method may further include:
in response to the token write request, a service indication token is written into a storage position in the token storage area, which corresponds to a storage position number in the service indication token, and the mirror service type to be loaded by the computing device in the starting process is changed.
In the embodiment of the application, the storage position number information is added to the mirror image service indication token, so that the mirror image service indication token can only be effective in a specific storage position, and frequent replacement of the mirror image service by a user can be avoided.
Function identification
A function identifier (may be denoted as FLAG) is used to identify an indication function of the mirror service indication token, where the indication function is: indicating the type of mirrored service to be loaded by the computing device during a later boot process.
Alternatively, for the aforementioned first indication token, its function identifier may be set to "false"; for the aforementioned second indication token, its function identifier may be set to "true" so as to distinguish the indication functions of the two mirrored service indication tokens.
Based on the foregoing function identification, step 102: the determining the type of the mirror service to be loaded according to the mirror service indication token stored in the token storage area may include:
step B1: and starting from the tail part of the token storage area, searching legal indication tokens in the mirror image service indication tokens stored in the token storage area.
The computing device may detect the presence of legitimate indication tokens starting from the end of the token storage area, e.g., in order of the storage location numbers from large to small, as exemplified in table 1.
Since the mirror service indication tokens are written in the sequence from beginning to end of the storage area when the mirror service indication tokens are written in the storage area of the token, the storage position of the mirror service indication token written last time is close to the last time, and in order to quickly locate the indication token which can be used for judging the mirror service type to be loaded when the mirror service indication tokens are started, the end of the storage area of the token can be used for detecting whether legal indication tokens exist.
Step B2: and determining the type of the mirror image service to be loaded according to the function identification in the first legal indication token.
If the legal indication token exists, the type of the mirror image service to be loaded can be determined according to the detected function identifier in the first legal indication token. For example, when the function identifier in the first legal indication token is "true", it is indicated that the type of the mirror image service to be loaded in the current start is the exclusive mirror image service, and the exclusive mirror image file should be booted and loaded in the secure boot process; when the function identifier in the first legal indication token is "false", it is indicated that the type of the mirror image service to be loaded in the current starting is the general mirror image service, and the general mirror image file should be booted and loaded in the security booting process.
If the legal indication token does not exist, the token storage area is considered to have no valid mirror image service indication token, and in this case, the type of the mirror image service to be loaded is determined to be a general mirror image service.
Digital signature information
The digital signature information is generated from target information, which may include: the mirror service indicates that at least one other information in the token than the digital signature information is generated. For example, the chip manufacturer may use a device root key (RPK) to perform signature processing on at least one information such as a storage location code TGID, a function identifier, a user equipment identifier UFGID, and the like, to obtain digital signature information.
Optionally, the target information may include, in addition to the above information, a Unique Identifier (UID) of the device chip, in other words, the digital signature information may be generated according to at least one information in the mirror service indication token and the UID, so that the handover token can only be validated in the device specified by the UID, thereby improving security. The UID may be provided by the user to the chip vendor, for example, by being carried in an application request of an indication token sent by the computing device, thereby being provided to the chip vendor.
Optionally, step B1: from the tail of the token storage area, searching the legal indication token in the mirror image service indication token stored in the token storage area can comprise:
step B11: and starting from the tail part of the token storage area, checking each mirror image service indication token one by one according to the digital signature information in each mirror image service indication token.
Step B12: and determining the first mirror image service indication token passing through the verification sign as the first legal indication token.
In the embodiment of the application, in the process of determining whether the legal indication token exists in the token storage area, whether the indication token exists in the token storage area can be judged first.
If the indication token is not stored, a legal switching token does not exist, and at the moment, the fact that the mirror image replacement does not occur is also indicated, and the mirror image service to be loaded by the current starting can be determined to be the general mirror image service (the default mirror image service is the general mirror image service when the computing equipment leaves the factory).
If the instruction token is stored, the instruction tokens can be checked one by one from the tail direction of the token storage area, and whether the instruction token is a legal token or not is judged. And stopping continuously checking the signature once one indication token passes the signature checking, determining that a legal indication token exists, and then determining mirror image service to be loaded in the starting according to the function identification in the legal indication token. In particular, the signing may be performed by a public key corresponding to the device root key.
If all indication tokens in the token storage area do not pass the signature verification, determining that no legal switching token exists, and at the moment, considering the mirror image service to be loaded in the current startup as a general mirror image service.
Alternatively, in the embodiment of the present application, the step B11 and the step B12 may be performed once at each guiding hierarchy, or may be performed only once at the guiding hierarchy of the first executable step B11 and the step B12, which may be specifically set according to actual requirements, and this embodiment of the present application is not specifically limited.
In the embodiment of the application, the indication token in the token storage area is checked to determine whether the legal indication token exists, and the mirror image service to be loaded is started according to the legal indication token under the condition that the legal indication token exists, so that the accuracy and the effectiveness of a judging result can be improved.
User equipment identification
A user equipment identification (which may be denoted as UFGID) is used to indicate the use object of the proprietary image file. The foregoing mentions that proprietary image files are limited to specific use devices, which user device identification is designed for identifying such specific use devices. The user equipment identification enables the exclusive image file to be used only in specific user equipment, so that theft by other people is prevented.
The user equipment identifier can be determined by negotiation between a chip manufacturer and a user, so that the uniqueness of the user equipment identifier is ensured, and the user equipment identifier is attributed to only one user (individual or organization). For example, when the dedicated image file is used by a person, the user equipment identifier may be generated based on information such as an identification card number or a mobile phone number of the user. When the exclusive image file is used for an enterprise organization, the user equipment identifier can be generated based on information such as enterprise organization codes and the like. Of course, this is merely illustrative, and the specific situation can be designed according to the actual requirements.
Specifically, in the embodiment of the present application, in order to distinguish the generic image file from the proprietary image file, use object information may be added to the authorized image file, and in the starting process, based on the use object information, it is verified whether the image file belongs to the image service to be loaded, so as to further improve the security of the secure starting process.
Alternatively, for a general image file, the usage object information may be represented with "0" (i.e., the device is not limited to use). For the exclusive mirror image file, the user equipment is identified by using the object information.
It should be noted that, the usage object information of the dedicated image file may be provided to the image provider by the user when the user applies for the dedicated image file to the image provider. Because the use object information of the exclusive image file is the user equipment identifier, and the user equipment identifier is stored in the image service indication token, the user can apply for the image service indication token first and then apply for the exclusive image file from the image provider.
In this embodiment of the present application, in a process of loading a corresponding image file in a boot manner, the method may further include:
step C1: and verifying whether the type of the target image file belongs to the image service to be loaded according to the first use object information corresponding to the target image file to be loaded.
Step C2: and if the first use object information indicates that the use object of the target image file is the use object of the universal image file under the condition that the type of the image file to be loaded is the universal image file, determining that the target image file belongs to the image service to be loaded.
Step C3: and if the type of the image file to be loaded is the exclusive image file, if the first use object information indicates that the use object of the target image file is the use object used by the exclusive image file and the first use object information is the same as the user equipment identifier in the first legal indication token, determining that the target image file belongs to the image service to be loaded.
In the starting process of the embodiment of the application, when the mirror image file is checked, whether the mirror image file to be loaded belongs to the mirror image service type to be loaded determined based on the mirror image service indication token or not is checked, that is, whether the use object set by the mirror image service indication token is consistent with the use object of the target mirror image file to be loaded or not is checked, so that the mirror image use authorization function is realized, and the safety of the starting process is improved. And stopping boot loading and starting failure when the target image file does not belong to the image service to be loaded.
On the basis of the above, after the image provider issues the new version image file for the exclusive image file, a notification message may be sent to the special-purpose user. The special user can actively update the mirror image according to the notification message to acquire new characteristics and improve the safety of the equipment, and the general flow of the special user can be as follows:
1. the special-need user submits an image version update request report to an image provider, wherein the report content comprises a user equipment identifier UFGID;
2. the image provider finds out a corresponding image file according to the report request, generates an image abstract, and generates electronic authorization information according to information such as user equipment identification UFGID, the image abstract and the like in report contents;
3. The image provider sends the exclusive image file of the new version after the electronic authorization to the special-need user;
4. and the special user uses the special image file of the new version responded by the image provider to perform safe starting.
Furthermore, in some scenarios, such as new version images poorly fitting devices, the user needs to roll the image back to some previous version. In these mirror change scenarios, the on-demand user may also actively apply for the required version of the on-demand mirror file to the mirror provider to complete the mirror change, which is generally as follows:
1. the special-need user submits an image version change request report to an image provider, wherein the report content comprises the needed image version information and UFGID;
2. the image provider finds a corresponding image file according to the image version of the report request, generates an image abstract after determining that the image file is a safe version, and generates electronic authorization information according to information such as user equipment identification UFGID, the image abstract and the like in report content;
3. the image provider sends the exclusive image file subjected to electronic authorization to an special-need user;
4. the special user uses the exclusive image file responded by the image provider to perform safe starting.
Preferably, in the embodiment of the present application, the mirror service indication token includes a storage location number, a function identifier, a user equipment identifier, and digital signature information, as shown in table 3.
TABLE 3 Table 3
The above is a description of the version verification method of the image file provided in the embodiment of the application.
In summary, for the differentiated requirement of the user on the system mirror image, a general mirror image service is not maintained, but different types of mirror image services can be provided, and the user can replace the mirror image service according to the self requirement, so that various requirements of the user are not required to be met through the general mirror image file, the complexity of the general mirror image file can be reduced to a certain extent, and the risk of security holes of the general mirror image file is reduced. Secondly, for the replacement of mirror image service, the embodiment of the application designs a mirror image service indication token, and different mirror image service indication tokens are used for indicating different mirror image services. Before the mirror image service is replaced each time, the corresponding mirror image service indication token can be written into the token storage area, so that in the starting process, the computing device can determine the type of the mirror image service to be loaded according to the mirror image service indication token stored in the token storage area, and the corresponding mirror image file can be guided and loaded correctly, and the safety of the starting process is improved.
Exemplary apparatus
Correspondingly, the embodiment of the application also provides a safe starting device which is applied to the computing equipment.
As shown in fig. 2, the apparatus may include:
the starting module 201 is configured to enter a secure starting procedure in response to a power-up request.
A first determining module 202, configured to determine, during the secure launch, a type of mirror service to be loaded according to the mirror service indication token stored in the token storage area.
Wherein the token storage area is a storage area in the one-time programmable storage component; the image service indication token is written into the token storage area before changing the image service to be loaded in the starting process of the computing device, and is used for indicating the image service type to be loaded in the subsequent starting process of the computing device.
And the boot loading module 203 is configured to boot load a corresponding image file according to the determined image service type to be loaded.
Optionally, the mirroring service type includes: the system comprises a universal mirror image service corresponding to a universal mirror image file and an exclusive mirror image service corresponding to an exclusive mirror image file, wherein the universal mirror image file is not limited to equipment, and the exclusive mirror image file is limited to specific equipment.
Optionally, the mirror image service indication token includes a first indication token and a second indication token, where the first indication token is used to indicate that the type of mirror image service to be loaded in the starting process is a generic mirror image service; the second indication token is used for indicating that the type of the mirror image service to be loaded in the starting process is the exclusive mirror image service.
Optionally, the mirror service indication token includes at least one of a storage location number, a function identifier, and a user equipment identifier, and digital signature information.
The storage location number is used to indicate a storage location in the token storage area for writing the mirrored service indication token.
The function identifier is used for identifying the indication function of the mirror service indication token.
The user equipment identification is used for indicating a use object of the exclusive image file.
The digital signature information is generated according to target information, and the target information comprises: the mirror service indicates that at least one other information in the token than the digital signature information is generated.
Optionally, the target information further includes: the chip of the computing device is uniquely identified.
Optionally, in the case that the mirrored service indication token includes a function identifier, the first determining module 202 includes:
And the searching unit is used for searching legal indication tokens from the mirror image service indication tokens stored in the token storage area from the tail part of the token storage area.
And the determining unit is used for determining the type of the mirror image service to be loaded according to the function identification in the first legal indication token.
Optionally, the search unit is specifically configured to:
starting from the tail part of the token storage area, checking each mirror image service indication token one by one according to the digital signature information in each mirror image service indication token;
and determining the first mirror image service indication token passing through the verification sign as the first legal indication token.
Optionally, in case that the mirror service indication token includes a user equipment identity, the apparatus further comprises:
and the verification module is used for verifying whether the target image file belongs to the image service to be loaded according to the first use object information corresponding to the target image file to be loaded in the process of guiding the image file to be loaded.
And the second determining module is used for determining that the target image file belongs to the image service to be loaded if the first using object information indicates that the using object of the target image file is the using object of the universal image file under the condition that the image service type to be loaded is the universal image service.
And the third determining module is configured to determine that the target image file belongs to the image service to be loaded if the first usage object information indicates that the usage object of the target image file is a usage object of the dedicated image file and the first usage object information is the same as the user equipment identifier in the first legal indication token, in the case that the image service type to be loaded is the dedicated image service.
Optionally, in the case that the mirrored service indication token includes a storage location number, the apparatus further includes:
and the token writing module is used for responding to the token writing request before entering the safe starting, writing a service indication token into a storage position corresponding to the storage position number in the service indication token in a token storage area, and changing the mirror image service type to be loaded by the computing equipment in the starting process.
The safety starting device provided in this embodiment belongs to the same application conception as the safety starting method provided in the foregoing embodiments of the present application, and may execute the safety starting method provided in any of the foregoing embodiments of the present application, and has the functional modules and beneficial effects corresponding to the execution method. Technical details not described in detail in this embodiment may be referred to the specific processing content of the secure boot method provided in the foregoing embodiment of the present application, and will not be described herein again.
Exemplary electronic device
The embodiment of the application also provides an electronic device, as shown in fig. 3, including: a memory 300 and a processor 310.
The memory 300 is coupled to the processor 310 for storing programs.
The processor 310 is configured to implement the secure booting method in the above embodiment by running a program stored in the memory 300.
Specifically, the electronic device may further include: a communication interface 320, an input device 330, an output device 340, and a bus 350.
The processor 310, the memory 300, the communication interface 320, the input device 330 and the output device 340 are interconnected by a bus. Wherein:
bus 350 may include a path to transfer information between components of a computer system.
The processor 310 may be a general-purpose processor, such as a general-purpose Central Processing Unit (CPU), microprocessor, etc., or may be an application-specific integrated circuit (ASIC), or one or more integrated circuits for controlling the execution of the program of the present invention. But may also be a Digital Signal Processor (DSP), application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components.
Processor 310 may include a host processor, and may also include a baseband chip, modem, and the like.
The memory 300 stores programs for implementing the technical scheme of the present invention, and may also store an operating system and other key services. In particular, the program may include program code including computer-operating instructions. More specifically, the memory 300 may include read-only memory (ROM), other types of static storage devices that may store static information and instructions, random access memory (random access memory, RAM), other types of dynamic storage devices that may store information and instructions, disk storage, flash, and the like.
The input device 330 may include means for receiving data and information entered by a user, such as a keyboard, mouse, camera, scanner, light pen, voice input device, touch screen, pedometer, or gravity sensor, among others.
Output device 340 may include means, such as a display screen, printer, speakers, etc., that allow information to be output to a user.
Communication interface 320 may include devices that use any type of transceiver to communicate with other devices or communication networks, such as an ethernet, a Radio Access Network (RAN), a Wireless Local Area Network (WLAN), etc.
The processor 310 executes programs stored in the memory 300 and invokes other devices that may be used to implement the steps of the secure boot method provided by the above-described embodiments of the present application.
Exemplary computer program product and storage Medium
In addition to the methods and apparatus described above, embodiments of the present application may also be a computer program product comprising computer program instructions which, when executed by a processor, cause the processor to perform steps in a secure boot method described in embodiments of the present application.
The computer program product may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server.
Furthermore, embodiments of the present application may also be a storage medium having stored thereon a computer program for executing steps of the secure boot method described in the embodiments of the present application by a processor.
For the foregoing method embodiments, for simplicity of explanation, the methodologies are shown as a series of acts, but one of ordinary skill in the art will appreciate that the present application is not limited by the order of acts described, as some acts may, in accordance with the present application, occur in other orders or concurrently. Further, those skilled in the art will also appreciate that the embodiments described in the specification are all preferred embodiments, and that the acts and modules referred to are not necessarily required in the present application.
It should be noted that, in the present specification, each embodiment is described in a progressive manner, and each embodiment is mainly described as different from other embodiments, and identical and similar parts between the embodiments are all enough to be referred to each other. For the apparatus class embodiments, the description is relatively simple as it is substantially similar to the method embodiments, and reference is made to the description of the method embodiments for relevant points.
The steps in the method of each embodiment of the application can be sequentially adjusted, combined and deleted according to actual needs, and the technical features described in each embodiment can be replaced or combined.
The modules and sub-modules in the device and the terminal of the embodiments of the present application may be combined, divided, and deleted according to actual needs.
In the embodiments provided in the present application, it should be understood that the disclosed terminal, apparatus and method may be implemented in other manners. For example, the above-described terminal embodiments are merely illustrative, and for example, the division of modules or sub-modules is merely a logical function division, and there may be other manners of division in actual implementation, for example, multiple sub-modules or modules may be combined or integrated into another module, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or modules, which may be in electrical, mechanical, or other forms.
The modules or sub-modules illustrated as separate components may or may not be physically separate, and components that are modules or sub-modules may or may not be physical modules or sub-modules, i.e., may be located in one place, or may be distributed over multiple network modules or sub-modules. Some or all of the modules or sub-modules may be selected according to actual needs to achieve the purpose of the embodiment.
In addition, each functional module or sub-module in each embodiment of the present application may be integrated in one processing module, or each module or sub-module may exist alone physically, or two or more modules or sub-modules may be integrated in one module. The integrated modules or sub-modules may be implemented in hardware or in software functional modules or sub-modules.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative elements and steps are described above generally in terms of functionality in order to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software unit executed by a processor, or in a combination of the two. The software elements may be disposed in Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
Finally, it is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises an element.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (16)
1. A secure launch method for use with a computing device, the computing device including a one-time programmable memory component, the method comprising:
responding to a power-on request, and entering a safe starting process;
in the safety starting process, determining the type of mirror image service to be loaded according to the mirror image service indication token stored in the token storage area; wherein the token storage area is a storage area in the one-time programmable storage component; the mirror image service indication token is written into the token storage area before the mirror image service to be loaded in the starting process of the computing device is replaced and is used for indicating the type of the mirror image service to be loaded in the starting process of the computing device;
checking whether a target image file to be loaded belongs to an image service type to be loaded, which is determined based on the image service indication token;
stopping boot loading and determining a start failure under the condition that the target image file to be loaded does not belong to the image service type to be loaded;
wherein the mirrored service indication token comprises a storage location number;
before entering the safe start, the method further comprises the following steps:
And in response to the token writing request, writing a mirror service indication token into a storage position corresponding to a storage position number in the mirror service indication token in a token storage area, and changing the mirror service type to be loaded by the computing equipment in a later starting process.
2. The secure launch method of claim 1, wherein said mirrored service types comprise: the system comprises a universal mirror image service corresponding to a universal mirror image file and an exclusive mirror image service corresponding to an exclusive mirror image file, wherein the universal mirror image file is not limited to equipment, and the exclusive mirror image file is limited to specific equipment.
3. The secure launch method according to claim 2, wherein said mirror service indication token comprises a first indication token and a second indication token, wherein said first indication token is used to indicate that the type of mirror service to be loaded by the launch process is a generic mirror service; the second indication token is used for indicating that the type of the mirror image service to be loaded in the starting process is the exclusive mirror image service.
4. A secure launch method according to claim 2 or 3 and wherein said mirrored service indication token further comprises at least one of a function identity and a user equipment identity, and digital signature information;
The function identifier is used for identifying an indication function of the mirror image service indication token;
the user equipment identifier is used for indicating a use object of the exclusive image file;
the digital signature information is generated according to target information, and the target information comprises: at least one piece of other information except the digital signature information in the mirror image service indication token is generated, wherein the other information comprises at least one of the storage location number, the function identifier and the user equipment identifier.
5. The secure launch method according to claim 4, wherein said target information further comprises: the chip of the computing device is uniquely identified.
6. The secure launch method according to claim 4, wherein in the case that said mirror service indication token comprises a function identifier, said determining the type of mirror service to be loaded based on the mirror service indication token stored in the token storage area comprises:
searching legal indication tokens from mirror image service indication tokens stored in the token storage area from the tail part of the token storage area;
and determining the type of the mirror image service to be loaded according to the function identification in the first legal indication token.
7. The secure launch method according to claim 6, wherein said searching for a legitimate indication token in the mirrored service indication tokens stored in said token storage area starting from the end of said token storage area comprises:
starting from the tail part of the token storage area, checking each mirror image service indication token one by one according to the digital signature information in each mirror image service indication token;
and determining the first mirror image service indication token passing through the verification sign as the first legal indication token.
8. The secure launch method according to claim 6, wherein in case that the image service indication token comprises a user equipment identification, said checking whether the target image file to be loaded belongs to the image service type to be loaded determined based on the image service indication token comprises:
verifying whether a target image file belongs to an image service to be loaded according to first use object information corresponding to the target image file to be loaded;
if the first usage object information indicates that the usage object of the target image file is the usage object of the universal image file under the condition that the type of the image service to be loaded is the universal image service, determining that the target image file belongs to the image service to be loaded;
And if the type of the mirror image service to be loaded is the exclusive mirror image service, if the first usage object information indicates that the usage object of the target mirror image file is the usage object of the exclusive mirror image file and the first usage object information is the same as the user equipment identifier in the first legal indication token, determining that the target mirror image file belongs to the mirror image service to be loaded.
9. A secure launch apparatus for use with a computing device, the computing device including a one-time programmable memory component, the apparatus comprising:
the starting module is used for responding to the power-on request and entering a safe starting process;
the first determining module is used for determining the type of mirror image service to be loaded according to the mirror image service indication token stored in the token storage area in the security starting process; wherein the token storage area is a storage area in the one-time programmable storage component; the mirror image service indication token is written into the token storage area before the mirror image service to be loaded in the starting process of the computing device is replaced and is used for indicating the type of the mirror image service to be loaded in the starting process of the computing device;
The boot loading module is used for checking whether the target image file to be loaded belongs to the image service type to be loaded, which is determined based on the image service indication token; stopping boot loading and determining a start failure under the condition that the target image file to be loaded does not belong to the image service type to be loaded;
wherein the mirrored service indication token comprises a storage location number;
the apparatus further comprises:
and the token writing module is used for responding to the token writing request before entering the safe starting, writing a mirror image service indication token into a storage position corresponding to the storage position number in the mirror image service indication token in a token storage area, and changing the mirror image service type to be loaded by the computing equipment in the starting process.
10. The secure launch apparatus according to claim 9, wherein said mirrored service types comprise: the system comprises a universal mirror image service corresponding to a universal mirror image file and an exclusive mirror image service corresponding to an exclusive mirror image file, wherein the universal mirror image file is not limited to equipment, and the exclusive mirror image file is limited to specific equipment.
11. The secure launch apparatus according to claim 10, wherein said mirrored service indication token further comprises at least one of a function identification and a user equipment identification, and digital signature information;
The function identifier is used for identifying an indication function of the mirror image service indication token;
the user equipment identifier is used for indicating a use object of the exclusive image file;
the digital signature information is generated according to target information, and the target information comprises: at least one piece of other information except the digital signature information in the mirror image service indication token is generated, wherein the other information comprises at least one of the storage location number, the function identifier and the user equipment identifier.
12. The secure launch apparatus according to claim 11, wherein said first determining means comprises, in the case where said mirrored service indication token comprises a function identifier:
the searching unit is used for searching legal indication tokens from the mirror image service indication tokens stored in the token storage area from the tail part of the token storage area;
and the determining unit is used for determining the type of the mirror image service to be loaded according to the function identification in the first legal indication token.
13. The safety starting device according to claim 12, wherein the search unit is specifically configured to:
starting from the tail part of the token storage area, checking each mirror image service indication token one by one according to the digital signature information in each mirror image service indication token;
And determining the first mirror image service indication token passing through the verification sign as the first legal indication token.
14. The secure launch apparatus according to claim 12, wherein said bootloader module, in the case that a user equipment identity is included in said mirrored service indication token, comprises:
the verification module is used for verifying whether the target image file belongs to the image service to be loaded according to first use object information corresponding to the target image file to be loaded;
the second determining module is configured to determine, when the type of the image service to be loaded is the generic image service, that the target image file belongs to the image service to be loaded if the first usage object information indicates that the usage object of the target image file is a usage object of the generic image file;
and the third determining module is configured to determine that the target image file belongs to the image service to be loaded if the first usage object information indicates that the usage object of the target image file is a usage object of the dedicated image file and the first usage object information is the same as the user equipment identifier in the first legal indication token, in the case that the image service type to be loaded is the dedicated image service.
15. An electronic device, comprising: a memory and a processor;
the memory is connected with the processor and used for storing programs;
the processor is configured to implement the secure boot method according to any one of claims 1 to 8 by running a program in the memory.
16. A storage medium having stored thereon a computer program which, when executed by a processor, implements the secure boot method of any of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311272208.4A CN117009003B (en) | 2023-09-28 | 2023-09-28 | Safe starting method and related device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311272208.4A CN117009003B (en) | 2023-09-28 | 2023-09-28 | Safe starting method and related device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117009003A CN117009003A (en) | 2023-11-07 |
| CN117009003B true CN117009003B (en) | 2024-01-09 |
Family
ID=88574681
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311272208.4A Active CN117009003B (en) | 2023-09-28 | 2023-09-28 | Safe starting method and related device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117009003B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101578609A (en) * | 2007-01-07 | 2009-11-11 | 苹果公司 | Secure booting a computing device |
| CN103092648A (en) * | 2013-01-07 | 2013-05-08 | 华为终端有限公司 | Method and system of mirror image upgrade and user device and personal computer |
| CN105393256A (en) * | 2013-03-13 | 2016-03-09 | 英特尔公司 | Policy-based secure web boot |
| CN105893115A (en) * | 2016-04-05 | 2016-08-24 | 上海携程商务有限公司 | Method and system for differential deployment of virtual machine |
| CN111443950A (en) * | 2018-12-29 | 2020-07-24 | 北京奇虎科技有限公司 | Vehicle-mounted system safety starting method and vehicle-mounted system |
| CN113282308A (en) * | 2021-06-17 | 2021-08-20 | 杭州华橙软件技术有限公司 | Mirror image construction method and device, storage medium and electronic device |
| CN115794257A (en) * | 2022-12-01 | 2023-03-14 | 北京首都在线科技股份有限公司 | System starting method and device, electronic equipment and storage medium |
| CN116467015A (en) * | 2023-06-20 | 2023-07-21 | 荣耀终端有限公司 | Mirror image generation method, system start verification method and related equipment |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7207039B2 (en) * | 2003-12-24 | 2007-04-17 | Intel Corporation | Secure booting and provisioning |
-
2023
- 2023-09-28 CN CN202311272208.4A patent/CN117009003B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101578609A (en) * | 2007-01-07 | 2009-11-11 | 苹果公司 | Secure booting a computing device |
| CN103092648A (en) * | 2013-01-07 | 2013-05-08 | 华为终端有限公司 | Method and system of mirror image upgrade and user device and personal computer |
| CN105393256A (en) * | 2013-03-13 | 2016-03-09 | 英特尔公司 | Policy-based secure web boot |
| CN105893115A (en) * | 2016-04-05 | 2016-08-24 | 上海携程商务有限公司 | Method and system for differential deployment of virtual machine |
| CN111443950A (en) * | 2018-12-29 | 2020-07-24 | 北京奇虎科技有限公司 | Vehicle-mounted system safety starting method and vehicle-mounted system |
| CN113282308A (en) * | 2021-06-17 | 2021-08-20 | 杭州华橙软件技术有限公司 | Mirror image construction method and device, storage medium and electronic device |
| CN115794257A (en) * | 2022-12-01 | 2023-03-14 | 北京首都在线科技股份有限公司 | System starting method and device, electronic equipment and storage medium |
| CN116467015A (en) * | 2023-06-20 | 2023-07-21 | 荣耀终端有限公司 | Mirror image generation method, system start verification method and related equipment |
Non-Patent Citations (2)
| Title |
|---|
| 基于SDN的云平台对网络安全及执法模拟环境设计及探索;郑宽永;《第三届全国公安院校网络安全与执法专业主任论坛暨教师研修班论文集》;第[1]-[9]页 * |
| 郑宽永.基于SDN的云平台对网络安全及执法模拟环境设计及探索.《第三届全国公安院校网络安全与执法专业主任论坛暨教师研修班论文集》.2017,第[1]-[9]页. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117009003A (en) | 2023-11-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11323260B2 (en) | Method and device for identity verification | |
| US8601599B2 (en) | Platform security apparatus and method thereof | |
| US7216369B2 (en) | Trusted platform apparatus, system, and method | |
| JP5745061B2 (en) | Authenticating the use of interactive components during the boot process | |
| CN109492378A (en) | A kind of auth method based on EIC equipment identification code, server and medium | |
| WO2020019483A1 (en) | Emulator identification method, identification device, and computer readable medium | |
| KR20160055725A (en) | Security policies for loading, linking, and executing native code by mobile applications running inside of virtual machines | |
| CN109561085A (en) | A kind of auth method based on EIC equipment identification code, server and medium | |
| Banuri et al. | An Android runtime security policy enforcement framework | |
| CN110278192B (en) | Method and device for accessing intranet by extranet, computer equipment and readable storage medium | |
| WO2020019485A1 (en) | Simulator identification method, identification device, and computer readable medium | |
| EP3163489A1 (en) | Token-based control of software installation and operation | |
| GB2403827A (en) | Kernel cryptographic module signature verification system and method | |
| US10019577B2 (en) | Hardware hardened advanced threat protection | |
| WO2019233022A1 (en) | Rollback prevention method and system | |
| CN111177703B (en) | Method and device for determining data integrity of operating system | |
| CN111241546B (en) | Malicious software behavior detection method and device | |
| US20160065375A1 (en) | Dynamic integrity validation of a high level operating system | |
| CN111966422A (en) | Localized plug-in service method and device, electronic equipment and storage medium | |
| CN110363011B (en) | Method and apparatus for verifying security of UEFI-based BIOS | |
| Baskaran et al. | Measuring the leakage and exploitability of authentication secrets in super-apps: The wechat case | |
| US11514165B2 (en) | Systems and methods for secure certificate use policies | |
| CN117009003B (en) | Safe starting method and related device | |
| US10268823B2 (en) | Device, system, and method for securing executable operations | |
| US11949696B2 (en) | Data security system with dynamic intervention response |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |