WO2023102757A1 - Boot verification scheme employing risc-v-oriented architecture - Google Patents

Boot verification scheme employing risc-v-oriented architecture Download PDF

Info

Publication number
WO2023102757A1
WO2023102757A1 PCT/CN2021/136243 CN2021136243W WO2023102757A1 WO 2023102757 A1 WO2023102757 A1 WO 2023102757A1 CN 2021136243 W CN2021136243 W CN 2021136243W WO 2023102757 A1 WO2023102757 A1 WO 2023102757A1
Authority
WO
WIPO (PCT)
Prior art keywords
boot loader
stage boot
verification
stage
risc
Prior art date
Application number
PCT/CN2021/136243
Other languages
French (fr)
Chinese (zh)
Inventor
常瑞
戴勤明
张行健
苑子琦
Original Assignee
浙江大学
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 浙江大学 filed Critical 浙江大学
Priority to PCT/CN2021/136243 priority Critical patent/WO2023102757A1/en
Publication of WO2023102757A1 publication Critical patent/WO2023102757A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/76Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD]

Definitions

  • the invention relates to a startup loading and startup verification process, in particular to a startup verification scheme based on RISC-V architecture.
  • RISC-V As a new type of reduced instruction set, RISC-V has the advantages of open source, openness, and modularization. However, the current RISC-V also has some clear problems, including imperfect software and hardware ecology, the proportion of high-quality open source processors and Limited quantities and more. Especially in the field of information security, RISC-V has not yet formed a set of recognized system security specifications at this stage, and the security processors for RISC-V are also very limited. Boot security, as a part of the system security mechanism, ensures that only certified operating systems or hardware drivers can be loaded on the motherboard, thereby preventing malicious software from intruding.
  • the more classic startup security method is the TrustZone security boot method for the ARM instruction set: by implementing a trust chain mechanism, starting from the first power-on procedure, each loaded component will verify the subsequent one or Trustworthiness and integrity of multiple modules and loading them without detecting anomalies.
  • the startup security mechanism of TrustZone does not emphasize hardware-level protection; on the other hand, for RISC-V processors, there are still many factors that need to be considered in the actual trust chain design process, so it cannot be directly implemented. Corresponding transplantation.
  • the purpose of the present invention is to provide a startup verification scheme based on RISC-V architecture to address the deficiencies of the prior art.
  • a startup verification scheme based on RISC-V architecture comprising the steps of:
  • Step 1 constructing a system-on-chip SOC oriented to the RISC-V instruction set architecture, the system-on-chip SOC verifies the one-stage boot loader, and if the verification is successful, the one-stage boot loader is run;
  • Step 2 After the first-stage boot loader is run, the first-stage boot loader verifies the second-stage boot loader and the operating system kernel image. According to different loading sources, different verification methods are adopted, including three second-stage Startup verification method: local information digest verification method, remote transmission information digest verification method and local digital signature verification method.
  • step 1 and step 2 are all implemented for the RISC-V instruction set architecture.
  • system-on-chip SOC runs on dedicated hardware independent of the central processing unit (CPU), and the dedicated hardware can use an information summary algorithm to complete the first-stage boot loader or the second-stage boot loader. Security verification to prevent it from being tampered with.
  • the information digest algorithm includes MD5 or SHA-1 algorithm.
  • the first step is specifically: after the device is powered on and before the central processing unit (CPU) runs, the system-on-chip SOC reads the corresponding code of the first-stage boot loader, and obtains the first-stage boot loader by using the information summary algorithm.
  • the digest value of the loader is matched with the digest value pre-stored in the digest matching library. If the match is successful, the one-stage boot loader is allowed to run.
  • the local information summary verification method described in step 2 is used for high security scenarios or high ecological closure scenarios, specifically, the first-stage boot loader reads the second-stage boot loader and the operating system kernel image from the local storage medium , and use the information digest algorithm to verify the loaded image. After the corresponding digest value is matched in the digest matching library, the two-stage boot loader is allowed to run, and then the operating system kernel image is started.
  • the remote transmission information summary verification method described in step 2 is used for the application scenario where there is a need for remote unified startup and transmission, specifically, the first-stage boot loader receives the second-stage boot loader and the operating system kernel image from the network , and use the information digest algorithm to verify the loaded image. After matching the corresponding digest value in the digest matching library, the two-stage boot loader and the subsequent operating system kernel image are allowed to run.
  • step 2 the local digital signature verification method described in step 2 is used to ensure the decoupling of software and hardware design under the premise of ensuring security to improve system flexibility, specifically:
  • the software provider uses its own private key to sign the two-stage boot loader and the operating system kernel image;
  • the specific signing process is: first calculate the digest value of the two-stage boot loader and the operating system kernel image, and then use The 512-bit RSA private key encrypts the digest value, and the obtained ciphertext is the digital signature p;
  • the software provider sends its own public key certificate, the second-stage boot loader, the operating system kernel image, and the digital signature p to the hardware provider, and the hardware provider stores the public key in the public key library, and the second-stage boot
  • the loader, the operating system kernel image and the digital signature p are packaged and stored in the local storage medium;
  • the first-stage boot loader reads the second-stage boot loader, the operating system kernel image and the corresponding digital signature p from the local storage medium, and uses the software provider's certificate pre-stored in the public key certificate store, Verify the digital signature p of the loaded image, so as to complete the identity verification of the software provider, and only the image that passes the signature verification is allowed to execute;
  • the specific verification process is: the first-stage boot loader first uses the information of the packaged file, Select the corresponding software provider’s public key certificate from the public key library, and perform a real-time information digest calculation on the packaged file to generate an information digest m, and then use the public key in the corresponding public key certificate to decrypt the digital signature p to obtain the decrypted Information summary e, if m and e are consistent, the verification is passed.
  • the method of the present invention aims at the problem of RISC-V startup security, and designs a set of software-hardware cooperative startup trust chain, which can complete the step-by-step protection of the multi-level startup process, and in the design of verification mechanisms at all levels, according to the application scenario Different, there is a trade-off between security and flexibility.
  • a set of feasible verification solutions for the RISC-V architecture is provided to improve the security defense capabilities of the system startup phase.
  • Fig. 1 is a kind of flow chart of the startup verification scheme based on RISC-V architecture
  • Fig. 2 is a flowchart of a local digital signature verification method.
  • the present invention proposes a startup verification scheme based on RISC-V architecture, including the following steps:
  • Step 1 constructing a system-on-chip SOC oriented to the RISC-V instruction set architecture, the system-on-chip SOC verifies the one-stage boot loader, and if the verification is successful, the one-stage boot loader is run;
  • the first stage boot loader (First Stage Bootloader) is the first piece of code run by the central processing unit (CPU), which is related to the safety of the entire device and is one of the security foundations of the device; the first stage boot loader is solidified In the read-only storage hardware; in order to ensure that the integrity of the one-stage boot loader is not destroyed, add special hardware to check the integrity of the code in the device, and build a system-on-chip SOC on the special hardware for Verify the integrity of the one-stage boot loader.
  • CPU central processing unit
  • the system-on-chip SOC runs on proprietary hardware independent of the central processing unit (CPU), and the proprietary hardware is functionally able to complete the first-stage boot loader or the second-stage boot loader using an information digest algorithm. In terms of performance, it uses a three-stage pipeline mechanism of memory access, buffering, and calculation. Before the verification is passed, the reset signal of the central processing unit (CPU) is locked. Only when the verification is passed, it matches the pre-sealed Only read-only digests of information stored in hardware are allowed to boot.
  • CPU central processing unit
  • the information digest algorithm includes MD5 or SHA-1 algorithm, which extracts fingerprint information for all data to realize functions such as data integrity verification; the main feature of the message digest algorithm is that the encryption process does not require a key, and the obtained The data (summary value) cannot be decrypted, and the same digest value can only be obtained by entering the same plaintext data through the same message digest algorithm.
  • Step 1 is specifically realized through the following sub-steps:
  • the MD5 or SHA-1 digest value of the first-stage boot loader is calculated by the read-only storage hardware provider and stored in the digest value matching library.
  • the system-on-chip SOC running on the proprietary hardware reads the corresponding code of the one-stage bootloader, and uses the information summary algorithm to obtain the one-stage boot The digest value of the loader. Match the obtained digest value with the digest value pre-stored in the digest matching library. If the match is successful, the one-stage bootloader is allowed to run.
  • Step 2 After the first-stage boot loader is run, the first-stage boot loader verifies the second-stage boot loader and the operating system kernel image.
  • different verification methods including three second-stage Startup verification method: local information digest verification method, remote transmission information digest verification method and local digital signature verification method;
  • the second-stage boot loader (Second Stage Boot Loader) is the code loaded and executed by the first-stage boot loader, and is mainly used to further initialize necessary equipment hardware and guide the startup of the system kernel. During the secure boot process, it is generally verified by a one-stage boot loader.
  • the operating system kernel image is exactly the clone file of all data installed on the CD by the operating system, including all the content needed for an operating system to run; here the operating system kernel image is packaged and stored with the second-stage boot loader, reducing system An authentication step during the boot process, thereby enhancing security during the boot process.
  • the local information summary verification method is used for high security scenarios or high ecological closure scenarios. Specifically, the first-stage boot loader reads the second-stage boot loader and the operating system kernel image from the local storage medium, and uses the information summary The algorithm verifies the loaded image. The verification method is similar to step 1. After the corresponding digest value is matched in the digest matching library, the second-stage boot loader is allowed to run, and then the operating system kernel image is started;
  • the high-security scenario refers to devices and application scenarios that require extremely high security, such as related devices in aerospace and finance.
  • the high ecological closure scenario refers to a device with a closed operating environment that does not or rarely interacts with the outside world, such as electronic tokens. This type of device is characterized in that no firmware update is required from delivery to recycling and destruction.
  • the remote transmission information summary verification method is used for application scenarios that require unified remote startup and transmission.
  • the first-stage boot loader receives the second-stage boot loader and operating system kernel image from the network, and uses the information summary
  • the algorithm verifies the loaded image, and the second-stage boot loader and the subsequent operating system kernel image are allowed to run only after matching the corresponding digest value in the digest matching library;
  • the application scenario of the remote unified startup and transmission requirements refers to the application scenario of the terminal device being started by the control center and transmitting the firmware through the network.
  • Such terminal devices often have no or very little local storage, and their startup needs to obtain firmware from outside. This mode is generally used in scenarios that require highly centralized and unified management of terminal devices.
  • the local digital signature verification method is used to ensure the decoupling of software and hardware design under the premise of ensuring security to improve system flexibility. As shown in Figure 2, it specifically includes the following steps:
  • the software provider uses its own private key to sign the two-stage boot loader and the operating system kernel image;
  • the specific signing process is: first calculate the digest value of the two-stage boot loader and the operating system kernel image, and then use The 512-bit RSA private key encrypts the digest value, and the obtained ciphertext is the digital signature p;
  • the software provider sends its own public key certificate, the second-stage boot loader, the operating system kernel image, and the digital signature p to the hardware provider, and the hardware provider stores the public key in the public key library, and the second-stage boot
  • the loader, the operating system kernel image and the digital signature p are packaged and stored in the local storage medium;
  • the first-stage boot loader reads the second-stage boot loader, the operating system kernel image, and the corresponding digital signature from the local storage medium, and uses the certificate of the software provider pre-stored in the public key certificate library to The digital signature of the loaded image is verified to complete the identity verification of the software provider, and only the image that passes the signature verification is allowed to execute.
  • the specific verification process is as follows: the first-stage boot loader first uses the information of the packaged file to select the corresponding software provider’s public key certificate from the public key storehouse, and performs a real-time information summary calculation on the packaged file to generate an information summary m, and then uses The digital signature p is decrypted corresponding to the public key in the public key certificate, and the decrypted information digest e is obtained. If m and e are consistent, the verification is passed.
  • step 1 and step 2 are implemented for the RISC-V instruction set architecture.
  • the present invention strictly limits the verification method of the remote start of the network to the method of verifying the abstract of the remote transmission information.

Abstract

Designed in the present invention is a boot verification scheme employing a RISC-V-oriented architecture. In the boot verification method, after verification of a first stage boot loader is successful, verification is further performed with respect to a second stage boot loader. The present invention provides stage-by-stage protection for a multi-stage boot process, and adjust the security level and flexibility according to different application scenarios when designing verification mechanisms at various stages. The proposed verification policy is based on an information digest and a digital signature algorithm, and can be efficiently implemented on a field-programmable gate array chip, thereby improving the security and defense capability of a system at the boot stage.

Description

一种基于面向RISC-V架构的启动验证方案A startup verification scheme based on RISC-V architecture 技术领域technical field
本发明涉及启动加载与启动验证流程,尤其涉及一种基于面向RISC-V架构的启动验证方案。The invention relates to a startup loading and startup verification process, in particular to a startup verification scheme based on RISC-V architecture.
背景技术Background technique
RISC-V作为一种新型的精简指令集,具有开源、开放、模块化等优点,但目前的RISC-V也具有一些明确的问题,包括软硬件生态不完善、高质量开源处理器的比例和数量有限等等。尤其在信息安全领域,RISC-V现阶段尚未形成一套公认的系统安全规范,面向RISC-V的安全处理器也非常有限。而启动安全作为系统安全机制的一部分,保证主板上只能加载经过认证过的操作系统或者硬件驱动程序,从而防止恶意软件侵入。As a new type of reduced instruction set, RISC-V has the advantages of open source, openness, and modularization. However, the current RISC-V also has some clear problems, including imperfect software and hardware ecology, the proportion of high-quality open source processors and Limited quantities and more. Especially in the field of information security, RISC-V has not yet formed a set of recognized system security specifications at this stage, and the security processors for RISC-V are also very limited. Boot security, as a part of the system security mechanism, ensures that only certified operating systems or hardware drivers can be loaded on the motherboard, thereby preventing malicious software from intruding.
在这一领域,较为经典启动安全方法是面向ARM指令集的TrustZone安全导引方式:通过实现一个信任链机制,从第一段上电程序开始开始,每个被加载的组件将验证后续一个或多个模块的可信任性和完整性,并在未检测到异常的情况下加载它们。但是,一方面,TrustZone的启动安全机制并不强调硬件级别的防护;另一方面针对RISC-V处理器,在实际信任链设计过程中还存在很多需要额外考虑的因素,因而并不能直接地进行相应的移植。In this field, the more classic startup security method is the TrustZone security boot method for the ARM instruction set: by implementing a trust chain mechanism, starting from the first power-on procedure, each loaded component will verify the subsequent one or Trustworthiness and integrity of multiple modules and loading them without detecting anomalies. However, on the one hand, the startup security mechanism of TrustZone does not emphasize hardware-level protection; on the other hand, for RISC-V processors, there are still many factors that need to be considered in the actual trust chain design process, so it cannot be directly implemented. Corresponding transplantation.
发明内容Contents of the invention
本发明的目的在于针对现有技术的不足,提供了一种基于面向RISC-V架构的启动验证方案。The purpose of the present invention is to provide a startup verification scheme based on RISC-V architecture to address the deficiencies of the prior art.
本发明的目的通过以下技术方案来具体实现的:一种基于面向RISC-V架构的启动验证方案,包括如下步骤:The purpose of the present invention is specifically achieved by the following technical solutions: a startup verification scheme based on RISC-V architecture, comprising the steps of:
步骤一:构建面向RISC-V指令集架构的片上系统SOC,所述片上系统SOC对一阶段启动加载器进行验证,验证成功则一阶段启动加载器被运行;Step 1: constructing a system-on-chip SOC oriented to the RISC-V instruction set architecture, the system-on-chip SOC verifies the one-stage boot loader, and if the verification is successful, the one-stage boot loader is run;
步骤二:当一阶段启动加载器被运行后,一阶段启动加载器对二阶段启动加载器和操作系统内核镜像进行验证,根据加载来源的不同,采取不同的验证方法,具体包括三种二阶段启动验证方法:本地信息摘要验证方法、远端传输信息摘要验证方法以及本地数字签名验证方法。Step 2: After the first-stage boot loader is run, the first-stage boot loader verifies the second-stage boot loader and the operating system kernel image. According to different loading sources, different verification methods are adopted, including three second-stage Startup verification method: local information digest verification method, remote transmission information digest verification method and local digital signature verification method.
进一步地,所述步骤一和步骤二的具体动作均面向RISC-V指令集架构进行实现。Further, the specific actions of step 1 and step 2 are all implemented for the RISC-V instruction set architecture.
进一步地,所述片上系统SOC运行在独立于中央处理器(CPU)之外的专有硬件上,所 述专有硬件能够利用信息摘要算法对一阶段启动加载器或二阶段启动加载器进行完整性验证,防止其被篡改。Further, the system-on-chip SOC runs on dedicated hardware independent of the central processing unit (CPU), and the dedicated hardware can use an information summary algorithm to complete the first-stage boot loader or the second-stage boot loader. Security verification to prevent it from being tampered with.
进一步地,所述信息摘要算法包括MD5或SHA-1算法。Further, the information digest algorithm includes MD5 or SHA-1 algorithm.
进一步地,所述步骤一具体为:设备上电启动后、中央处理器(CPU)运行前,所述片上系统SOC读取一阶段启动加载器的相应代码,利用信息摘要算法得到一阶段启动加载器的摘要值,将得到的摘要值与预先存储在摘要匹配库中的摘要值进行匹配,若匹配成功,则一阶段启动加载器被允许运行。Further, the first step is specifically: after the device is powered on and before the central processing unit (CPU) runs, the system-on-chip SOC reads the corresponding code of the first-stage boot loader, and obtains the first-stage boot loader by using the information summary algorithm. The digest value of the loader is matched with the digest value pre-stored in the digest matching library. If the match is successful, the one-stage boot loader is allowed to run.
进一步地,步骤二中所述本地信息摘要验证方法针对高安全性场景或高生态封闭性场景使用,具体为一阶段启动加载器从本地存储介质中读取二阶段启动加载器及操作系统内核镜像,并利用信息摘要算法对被加载镜像进行验证,在摘要匹配库中匹配到相应的摘要值后,二阶段启动加载器才允许运行,进而启动操作系统内核镜像。Further, the local information summary verification method described in step 2 is used for high security scenarios or high ecological closure scenarios, specifically, the first-stage boot loader reads the second-stage boot loader and the operating system kernel image from the local storage medium , and use the information digest algorithm to verify the loaded image. After the corresponding digest value is matched in the digest matching library, the two-stage boot loader is allowed to run, and then the operating system kernel image is started.
进一步地,步骤二中所述远端传输信息摘要验证方法针对存在远端统一启动和传输需求的应用场景使用,具体为一阶段启动加载器从网络中接收二阶段启动加载器及操作系统内核镜像,并利用信息摘要算法对被加载镜像进行验证,在摘要匹配库中匹配到相应的摘要值后,二阶段启动加载器以及后续的操作系统内核镜像才允许运行。Further, the remote transmission information summary verification method described in step 2 is used for the application scenario where there is a need for remote unified startup and transmission, specifically, the first-stage boot loader receives the second-stage boot loader and the operating system kernel image from the network , and use the information digest algorithm to verify the loaded image. After matching the corresponding digest value in the digest matching library, the two-stage boot loader and the subsequent operating system kernel image are allowed to run.
进一步地,步骤二中所述本地数字签名验证方法针对在保证安全性的前提下保证软硬件设计的解耦合以提升系统灵活性的情况使用,具体为:Further, the local digital signature verification method described in step 2 is used to ensure the decoupling of software and hardware design under the premise of ensuring security to improve system flexibility, specifically:
S1设备出厂前,软件提供方使用自己的私钥对二阶段启动加载器和操作系统内核镜像进行签名;具体签名过程为:首先计算二阶段启动加载器和操作系统内核镜像的摘要值,然后利用512-位RSA私钥对该摘要值加密,得到的密文则为数字签名p;Before the S1 device leaves the factory, the software provider uses its own private key to sign the two-stage boot loader and the operating system kernel image; the specific signing process is: first calculate the digest value of the two-stage boot loader and the operating system kernel image, and then use The 512-bit RSA private key encrypts the digest value, and the obtained ciphertext is the digital signature p;
S2软件提供方将自己的公钥证书、二阶段启动加载器和操作系统内核镜像以及数字签名p发送给硬件提供方,并由硬件提供方将公钥存储于公钥库中,将二阶段启动加载器和操作系统内核镜像以及数字签名p打包存放于本地存储介质中;S2 The software provider sends its own public key certificate, the second-stage boot loader, the operating system kernel image, and the digital signature p to the hardware provider, and the hardware provider stores the public key in the public key library, and the second-stage boot The loader, the operating system kernel image and the digital signature p are packaged and stored in the local storage medium;
S3设备启动时,一阶段启动加载器从本地存储介质中读取二阶段启动加载器、操作系统内核镜像以及对应的数字签名p,利用预先存储在公钥证书库中的软件提供方的证书,对被加载镜像的的数字签名p进行验证,从而完成对软件提供方的身份验证,只有签名验证通过的镜像才被允许执行;具体验证过程为:一阶段启动加载器首先利用打包文件的信息,从公钥库中选取对应的软件提供方公钥证书,并对打包文件进行一次实时信息摘要计算,生成信息摘要m,再用对应公钥证书中的公钥对数字签名p进行解密,得到解密信息摘要e,如果m和e一致则验证通过。When the S3 device is started, the first-stage boot loader reads the second-stage boot loader, the operating system kernel image and the corresponding digital signature p from the local storage medium, and uses the software provider's certificate pre-stored in the public key certificate store, Verify the digital signature p of the loaded image, so as to complete the identity verification of the software provider, and only the image that passes the signature verification is allowed to execute; the specific verification process is: the first-stage boot loader first uses the information of the packaged file, Select the corresponding software provider’s public key certificate from the public key library, and perform a real-time information digest calculation on the packaged file to generate an information digest m, and then use the public key in the corresponding public key certificate to decrypt the digital signature p to obtain the decrypted Information summary e, if m and e are consistent, the verification is passed.
本发明的有益效果如下:The beneficial effects of the present invention are as follows:
本发明的方法针对RISC-V启动安全问题,设计了一套软硬件协同的启动信任链,其能够完成多级启动流程的逐级防护,并在各级验证机制的设计上,根据应用场景的不同,在安全性和灵活性上进行了权衡。在现如今RISC-V架构尚未形成公认的启动安全方案的背景下,提供了一套面向RISC-V架构可行的验证方案,以提升系统启动阶段的安全防御能力。The method of the present invention aims at the problem of RISC-V startup security, and designs a set of software-hardware cooperative startup trust chain, which can complete the step-by-step protection of the multi-level startup process, and in the design of verification mechanisms at all levels, according to the application scenario Different, there is a trade-off between security and flexibility. In the context that the RISC-V architecture has not yet formed a recognized startup security solution, a set of feasible verification solutions for the RISC-V architecture is provided to improve the security defense capabilities of the system startup phase.
附图说明Description of drawings
图1为一种基于面向RISC-V架构的启动验证方案的流程图;Fig. 1 is a kind of flow chart of the startup verification scheme based on RISC-V architecture;
图2为本地数字签名验证方法的流程图。Fig. 2 is a flowchart of a local digital signature verification method.
具体实施方式Detailed ways
如图1所述,本发明提出了一种基于面向RISC-V架构的启动验证方案,包括以下步骤:As shown in Figure 1, the present invention proposes a startup verification scheme based on RISC-V architecture, including the following steps:
步骤一:构建面向RISC-V指令集架构的片上系统SOC,所述片上系统SOC对一阶段启动加载器进行验证,验证成功则一阶段启动加载器被运行;Step 1: constructing a system-on-chip SOC oriented to the RISC-V instruction set architecture, the system-on-chip SOC verifies the one-stage boot loader, and if the verification is successful, the one-stage boot loader is run;
所述一阶段启动加载器(First Stage Bootloader)是中央处理器(CPU)所运行的第一块代码,关系到整个设备的安全,是设备的安全基础之一;所述一阶段启动加载器固化在只读存储硬件中;为了保证一阶段启动加载器的完整性不被破坏,在设备中增加校验该代码完整性的专有硬件,并在所述专有硬件上构建片上系统SOC用于验证一阶段启动加载器的完整性。The first stage boot loader (First Stage Bootloader) is the first piece of code run by the central processing unit (CPU), which is related to the safety of the entire device and is one of the security foundations of the device; the first stage boot loader is solidified In the read-only storage hardware; in order to ensure that the integrity of the one-stage boot loader is not destroyed, add special hardware to check the integrity of the code in the device, and build a system-on-chip SOC on the special hardware for Verify the integrity of the one-stage boot loader.
所述片上系统SOC运行在独立于中央处理器(CPU)之外的专有硬件上,所述专有硬件在功能上能够利用信息摘要算法对一阶段启动加载器或二阶段启动加载器进行完整性验证,防止其被篡改;在性能上使用访存、缓冲、运算的三级流水线机制,在验证通过前,锁死中央处理器(CPU)的复位信号,只有验证通过,匹配到预先封在只读存储硬件中的信息摘要才允许启动。The system-on-chip SOC runs on proprietary hardware independent of the central processing unit (CPU), and the proprietary hardware is functionally able to complete the first-stage boot loader or the second-stage boot loader using an information digest algorithm. In terms of performance, it uses a three-stage pipeline mechanism of memory access, buffering, and calculation. Before the verification is passed, the reset signal of the central processing unit (CPU) is locked. Only when the verification is passed, it matches the pre-sealed Only read-only digests of information stored in hardware are allowed to boot.
所述信息摘要算法包括MD5或SHA-1算法,其通过对所有数据提取指纹信息以实现数据完整性校验等功能;消息摘要算法的主要特征是加密过程不需要密钥,并且经过加密所得到的数据(摘要值)无法被解密,只有输入相同的明文数据经过相同的消息摘要算法才能得到相同的摘要值。The information digest algorithm includes MD5 or SHA-1 algorithm, which extracts fingerprint information for all data to realize functions such as data integrity verification; the main feature of the message digest algorithm is that the encryption process does not require a key, and the obtained The data (summary value) cannot be decrypted, and the same digest value can only be obtained by entering the same plaintext data through the same message digest algorithm.
步骤一通过以下子步骤具体实现:Step 1 is specifically realized through the following sub-steps:
(1.1)在设备出厂前,由只读存储硬件提供商计算一阶段启动加载器的MD5或SHA-1摘要值,并存储在摘要值匹配库中。(1.1) Before the device leaves the factory, the MD5 or SHA-1 digest value of the first-stage boot loader is calculated by the read-only storage hardware provider and stored in the digest value matching library.
(1.2)当设备上电启动后、中央处理器(CPU)运行前,所述运行在专有硬件上的片上系统SOC读取一阶段启动加载器的相应代码,利用信息摘要算法得到一阶段启动加载器的摘要值,将得到的摘要值与预先存储在摘要匹配库中的摘要值进行匹配,若匹配成功,则一阶 段启动加载器被允许运行。(1.2) After the device is powered on and before the central processing unit (CPU) runs, the system-on-chip SOC running on the proprietary hardware reads the corresponding code of the one-stage bootloader, and uses the information summary algorithm to obtain the one-stage boot The digest value of the loader. Match the obtained digest value with the digest value pre-stored in the digest matching library. If the match is successful, the one-stage bootloader is allowed to run.
步骤二:当一阶段启动加载器被运行后,一阶段启动加载器对二阶段启动加载器和操作系统内核镜像进行验证,根据加载来源的不同,采取不同的验证方法,具体包括三种二阶段启动验证方法:本地信息摘要验证方法、远端传输信息摘要验证方法以及本地数字签名验证方法;Step 2: After the first-stage boot loader is run, the first-stage boot loader verifies the second-stage boot loader and the operating system kernel image. According to different loading sources, different verification methods are adopted, including three second-stage Startup verification method: local information digest verification method, remote transmission information digest verification method and local digital signature verification method;
所述二阶段启动加载器(Second Stage Boot Loader)是由一阶段启动加载器加载并执行的代码,主要用于进一步的初始化必要的设备硬件,引导系统内核的启动。在安全启动过程中,一般由一阶段启动加载器进行校验。The second-stage boot loader (Second Stage Boot Loader) is the code loaded and executed by the first-stage boot loader, and is mainly used to further initialize necessary equipment hardware and guide the startup of the system kernel. During the secure boot process, it is generally verified by a one-stage boot loader.
所述操作系统内核镜像就是操作系统安装在光盘上所有数据的克隆文件,包括了一个操作系统运行所需要的所有内容;此处将操作系统内核镜像与第二阶段启动加载器打包存放,减少系统启动过程中的验证步骤,从而增强了启动过程中的安全性。The operating system kernel image is exactly the clone file of all data installed on the CD by the operating system, including all the content needed for an operating system to run; here the operating system kernel image is packaged and stored with the second-stage boot loader, reducing system An authentication step during the boot process, thereby enhancing security during the boot process.
所述三种二阶段启动验证方法分别如下:`The three two-stage startup verification methods are as follows:`
(2.1)本地信息摘要验证方法针对高安全性场景或高生态封闭性场景使用,具体为一阶段启动加载器从本地存储介质中读取二阶段启动加载器及操作系统内核镜像,并利用信息摘要算法对被加载镜像进行验证,验证方法与步骤一类似,在摘要匹配库中匹配到相应的摘要值后,二阶段启动加载器才允许运行,进而启动操作系统内核镜像;(2.1) The local information summary verification method is used for high security scenarios or high ecological closure scenarios. Specifically, the first-stage boot loader reads the second-stage boot loader and the operating system kernel image from the local storage medium, and uses the information summary The algorithm verifies the loaded image. The verification method is similar to step 1. After the corresponding digest value is matched in the digest matching library, the second-stage boot loader is allowed to run, and then the operating system kernel image is started;
所述高安全性场景指对安全性要求极高的设备和应用场景例如航空航天、金融等方面的相关设备。The high-security scenario refers to devices and application scenarios that require extremely high security, such as related devices in aerospace and finance.
所述高生态封闭性场景指运行环境封闭,不与或极少与外界交互的设备例如电子令牌等,此类设备特征在于从出厂到回收销毁都不用进行固件更新。The high ecological closure scenario refers to a device with a closed operating environment that does not or rarely interacts with the outside world, such as electronic tokens. This type of device is characterized in that no firmware update is required from delivery to recycling and destruction.
(2.2)远端传输信息摘要验证方法针对存在远端统一启动和传输需求的应用场景使用,具体为一阶段启动加载器从网络中接收二阶段启动加载器及操作系统内核镜像,并利用信息摘要算法对被加载镜像进行验证,在摘要匹配库中匹配到相应的摘要值后,二阶段启动加载器以及后续的操作系统内核镜像才允许运行;(2.2) The remote transmission information summary verification method is used for application scenarios that require unified remote startup and transmission. Specifically, the first-stage boot loader receives the second-stage boot loader and operating system kernel image from the network, and uses the information summary The algorithm verifies the loaded image, and the second-stage boot loader and the subsequent operating system kernel image are allowed to run only after matching the corresponding digest value in the digest matching library;
所述远端统一启动和传输需求的应用场景指由控制中心统一启动并通过网络传输固件来启动终端设备的应用场景。此类终端设备往往没有或只含有极少的本地存储,其启动需要从外部获取固件。此模式一般应用于需要高度集中统一管理终端设备的场景。The application scenario of the remote unified startup and transmission requirements refers to the application scenario of the terminal device being started by the control center and transmitting the firmware through the network. Such terminal devices often have no or very little local storage, and their startup needs to obtain firmware from outside. This mode is generally used in scenarios that require highly centralized and unified management of terminal devices.
(2.3)本地数字签名验证方法针对在保证安全性的前提下保证软硬件设计的解耦合以提升系统灵活性的情况下使用,如图2所示,具体包括如下步骤:(2.3) The local digital signature verification method is used to ensure the decoupling of software and hardware design under the premise of ensuring security to improve system flexibility. As shown in Figure 2, it specifically includes the following steps:
S1设备出厂前,软件提供方使用自己的私钥对二阶段启动加载器和操作系统内核镜像进行签名;具体签名过程为:首先计算二阶段启动加载器和操作系统内核镜像的摘要值,然后 利用512-位RSA私钥对该摘要值加密,得到的密文则为数字签名p;Before the S1 device leaves the factory, the software provider uses its own private key to sign the two-stage boot loader and the operating system kernel image; the specific signing process is: first calculate the digest value of the two-stage boot loader and the operating system kernel image, and then use The 512-bit RSA private key encrypts the digest value, and the obtained ciphertext is the digital signature p;
S2软件提供方将自己的公钥证书、二阶段启动加载器和操作系统内核镜像以及数字签名p发送给硬件提供方,并由硬件提供方将公钥存储于公钥库中,将二阶段启动加载器和操作系统内核镜像以及数字签名p打包存放于本地存储介质中;S2 The software provider sends its own public key certificate, the second-stage boot loader, the operating system kernel image, and the digital signature p to the hardware provider, and the hardware provider stores the public key in the public key library, and the second-stage boot The loader, the operating system kernel image and the digital signature p are packaged and stored in the local storage medium;
S3设备启动时,一阶段启动加载器从本地存储介质中读取二阶段启动加载器、操作系统内核镜像以及对应的数字签名,利用预先存储在公钥证书库中的软件提供方的证书,对被加载镜像的的数字签名进行验证,从而完成对软件提供方的身份验证,只有签名验证通过的镜像才被允许执行。具体验证过程为:一阶段启动加载器首先利用打包文件的信息,从公钥库中选取对应的软件提供方公钥证书,并对打包文件进行一次实时信息摘要计算,生成信息摘要m,再用对应公钥证书中的公钥对数字签名p进行解密,得到解密信息摘要e,如果m和e一致则验证通过。When the S3 device starts, the first-stage boot loader reads the second-stage boot loader, the operating system kernel image, and the corresponding digital signature from the local storage medium, and uses the certificate of the software provider pre-stored in the public key certificate library to The digital signature of the loaded image is verified to complete the identity verification of the software provider, and only the image that passes the signature verification is allowed to execute. The specific verification process is as follows: the first-stage boot loader first uses the information of the packaged file to select the corresponding software provider’s public key certificate from the public key storehouse, and performs a real-time information summary calculation on the packaged file to generate an information summary m, and then uses The digital signature p is decrypted corresponding to the public key in the public key certificate, and the decrypted information digest e is obtained. If m and e are consistent, the verification is passed.
所述步骤一和步骤二的具体动作均面向RISC-V指令集架构进行实现。The specific actions of the step 1 and step 2 are implemented for the RISC-V instruction set architecture.
考虑到网络远端启动可能带来复杂的安全性问题,本发明将网络远端启动的验证方式严格限制为远端传输信息摘要验证方法。Considering that the remote start of the network may bring complex security issues, the present invention strictly limits the verification method of the remote start of the network to the method of verifying the abstract of the remote transmission information.
本领域普通技术人员可以理解,以上所述仅为发明的单个实例而已,并不用于限制发明,尽管参照前述实例对发明进行了详细的说明,对于本领域的技术人员来说,其依然可以对前述各实例记载的技术方法进行修改,或者对其中部分技术特征进行等同替换。凡在发明的精神和原则之内,所做的修改、等同替换等均应包含在发明的保护范围之内。Those of ordinary skill in the art can understand that the above description is only a single example of the invention, and is not intended to limit the invention. Although the invention has been described in detail with reference to the foregoing examples, for those skilled in the art, it can still be understood. The technical methods recorded in the foregoing examples are modified, or some technical features are replaced equivalently. All modifications, equivalent replacements, etc. within the spirit and principles of the invention shall be included in the scope of protection of the invention.

Claims (8)

  1. 一种基于面向RISC-V架构的启动验证方案,其特征在于,包括以下步骤:A kind of startup verification scheme based on RISC-V architecture, it is characterized in that, comprising the following steps:
    步骤一:构建面向RISC-V指令集架构的片上系统SOC,所述片上系统SOC对一阶段启动加载器进行验证,验证成功则一阶段启动加载器被运行;Step 1: constructing a system-on-chip SOC oriented to the RISC-V instruction set architecture, the system-on-chip SOC verifies the one-stage boot loader, and if the verification is successful, the one-stage boot loader is run;
    步骤二:当一阶段启动加载器被运行后,一阶段启动加载器对二阶段启动加载器和操作系统内核镜像进行验证,根据加载来源的不同,采取不同的验证方法,具体包括三种二阶段启动验证方法:本地信息摘要验证方法、远端传输信息摘要验证方法以及本地数字签名验证方法。Step 2: After the first-stage boot loader is run, the first-stage boot loader verifies the second-stage boot loader and the operating system kernel image. According to different loading sources, different verification methods are adopted, including three second-stage Startup verification method: local information digest verification method, remote transmission information digest verification method and local digital signature verification method.
  2. 根据权利要求1所述的一种基于面向RISC-V架构的启动验证方案,其特征在于,所述步骤一和步骤二的具体动作均面向RISC-V指令集架构进行实现。A startup verification scheme based on RISC-V architecture according to claim 1, characterized in that the specific actions in step 1 and step 2 are all implemented for RISC-V instruction set architecture.
  3. 根据权利要求1所述的一种基于面向RISC-V架构的启动验证方案,其特征在于,所述片上系统SOC运行在独立于中央处理器(CPU)之外的专有硬件上,所述专有硬件能够利用信息摘要算法对一阶段启动加载器或二阶段启动加载器进行完整性验证,防止其被篡改。A kind of startup verification scheme based on RISC-V architecture according to claim 1, characterized in that, said system-on-chip SOC runs on proprietary hardware independent of central processing unit (CPU), said proprietary hardware There is hardware capable of verifying the integrity of a one-stage boot loader or two-stage boot loader using a message digest algorithm to prevent it from being tampered with.
  4. 根据权利要求3所述的一种基于面向RISC-V架构的启动验证方案,其特征在于,所述信息摘要算法包括MD5或SHA-1算法。The startup verification scheme based on RISC-V architecture according to claim 3, wherein the information digest algorithm includes MD5 or SHA-1 algorithm.
  5. 根据权利要求1所述的一种基于面向RISC-V架构的启动验证方案,其特征在于,所述步骤一具体为:设备上电启动后、中央处理器(CPU)运行前,所述片上系统SOC读取一阶段启动加载器的相应代码,利用信息摘要算法得到一阶段启动加载器的摘要值,将得到的摘要值与预先存储在摘要匹配库中的摘要值进行匹配,若匹配成功,则一阶段启动加载器被允许运行。A startup verification scheme based on RISC-V architecture according to claim 1, wherein said step 1 is specifically: after the device is powered on and before the central processing unit (CPU) runs, the system-on-chip The SOC reads the corresponding code of the first-stage boot loader, uses the information summary algorithm to obtain the summary value of the first-stage boot loader, and matches the obtained summary value with the summary value pre-stored in the summary matching library. If the match is successful, then One-stage boot loaders are allowed to run.
  6. 根据权利要求1所述的一种基于面向RISC-V架构的启动验证方案,其特征在于,步骤二中所述本地信息摘要验证方法针对高安全性场景或高生态封闭性场景使用,具体为一阶段启动加载器从本地存储介质中读取二阶段启动加载器及操作系统内核镜像,并利用信息摘要算法对被加载镜像进行验证,在摘要匹配库中匹配到相应的摘要值后,二阶段启动加载器才允许运行,进而启动操作系统内核镜像。A kind of startup verification scheme based on RISC-V architecture according to claim 1, characterized in that, the local information summary verification method described in step 2 is used for high security scenarios or high ecological closure scenarios, specifically a The stage boot loader reads the second-stage boot loader and the operating system kernel image from the local storage medium, and uses the information digest algorithm to verify the loaded image. After matching the corresponding digest value in the digest matching library, the second-stage boot The loader is allowed to run, and then the operating system kernel image is started.
  7. 根据权利要求1所述的一种基于面向RISC-V架构的启动验证方案,其特征在于,步骤二中所述远端传输信息摘要验证方法针对存在远端统一启动和传输需求的应用场景使用,具体为一阶段启动加载器从网络中接收二阶段启动加载器及操作系统内核镜像,并利用信息摘要算法对被加载镜像进行验证,在摘要匹配库中匹配到相应的摘要值后,二阶段启动加载 器以及后续的操作系统内核镜像才允许运行。A startup verification scheme based on RISC-V architecture according to claim 1, characterized in that, the remote transmission information digest verification method described in step 2 is used for application scenarios where remote unified startup and transmission requirements exist, Specifically, the first-stage boot loader receives the second-stage boot loader and the operating system kernel image from the network, and uses the information digest algorithm to verify the loaded image. After matching the corresponding digest value in the digest matching library, the second-stage boot The loader and subsequent operating system kernel images are allowed to run.
  8. 根据权利要求1所述的一种基于面向RISC-V架构的启动验证方案,其特征在于,步骤二中所述本地数字签名验证方法针对在保证安全性的前提下保证软硬件设计的解耦合以提升系统灵活性的情况使用,具体为:A kind of startup verification scheme based on RISC-V architecture according to claim 1, characterized in that, the local digital signature verification method described in step 2 is aimed at ensuring the decoupling of software and hardware design under the premise of ensuring safety. The situation to improve the flexibility of the system is used, specifically:
    S1设备出厂前,软件提供方使用自己的私钥对二阶段启动加载器和操作系统内核镜像进行签名;具体签名过程为:首先计算二阶段启动加载器和操作系统内核镜像的摘要值,然后利用512-位RSA私钥对该摘要值加密,得到的密文则为数字签名p;Before the S1 device leaves the factory, the software provider uses its own private key to sign the two-stage boot loader and the operating system kernel image; the specific signing process is: first calculate the digest value of the two-stage boot loader and the operating system kernel image, and then use The 512-bit RSA private key encrypts the digest value, and the obtained ciphertext is the digital signature p;
    S2软件提供方将自己的公钥证书、二阶段启动加载器和操作系统内核镜像以及数字签名p发送给硬件提供方,并由硬件提供方将公钥存储于公钥库中,将二阶段启动加载器和操作系统内核镜像以及数字签名p打包存放于本地存储介质中;S2 The software provider sends its own public key certificate, the second-stage boot loader, the operating system kernel image, and the digital signature p to the hardware provider, and the hardware provider stores the public key in the public key library, and the second-stage boot The loader, the operating system kernel image and the digital signature p are packaged and stored in the local storage medium;
    S3设备启动时,一阶段启动加载器从本地存储介质中读取二阶段启动加载器、操作系统内核镜像以及对应的数字签名p,利用预先存储在公钥证书库中的软件提供方的证书,对被加载镜像的的数字签名p进行验证,从而完成对软件提供方的身份验证,只有签名验证通过的镜像才被允许执行;具体验证过程为:一阶段启动加载器首先利用打包文件的信息,从公钥库中选取对应的软件提供方公钥证书,并对打包文件进行一次实时信息摘要计算,生成信息摘要m,再用对应公钥证书中的公钥对数字签名p进行解密,得到解密信息摘要e,如果m和e一致则验证通过。When the S3 device is started, the first-stage boot loader reads the second-stage boot loader, the operating system kernel image and the corresponding digital signature p from the local storage medium, and uses the software provider's certificate pre-stored in the public key certificate store, Verify the digital signature p of the loaded image, so as to complete the identity verification of the software provider, and only the image that passes the signature verification is allowed to execute; the specific verification process is: the first-stage boot loader first uses the information of the packaged file, Select the corresponding software provider’s public key certificate from the public key library, and perform a real-time information digest calculation on the packaged file to generate an information digest m, and then use the public key in the corresponding public key certificate to decrypt the digital signature p to obtain the decrypted Information summary e, if m and e are consistent, the verification is passed.
PCT/CN2021/136243 2021-12-08 2021-12-08 Boot verification scheme employing risc-v-oriented architecture WO2023102757A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2021/136243 WO2023102757A1 (en) 2021-12-08 2021-12-08 Boot verification scheme employing risc-v-oriented architecture

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2021/136243 WO2023102757A1 (en) 2021-12-08 2021-12-08 Boot verification scheme employing risc-v-oriented architecture

Publications (1)

Publication Number Publication Date
WO2023102757A1 true WO2023102757A1 (en) 2023-06-15

Family

ID=86729531

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/136243 WO2023102757A1 (en) 2021-12-08 2021-12-08 Boot verification scheme employing risc-v-oriented architecture

Country Status (1)

Country Link
WO (1) WO2023102757A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117272317A (en) * 2023-09-25 2023-12-22 中汽智联技术有限公司 System safety starting method, electronic equipment and storage medium
CN117633912A (en) * 2024-01-26 2024-03-01 南湖实验室 RISC-V architecture-based high-throughput secret calculation method and system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108287999A (en) * 2017-01-10 2018-07-17 厦门雅迅网络股份有限公司 A kind of startup method that system based on TrustZone is credible
US20200082091A1 (en) * 2018-09-07 2020-03-12 Raytheon Company Trusted booting by hardware root of trust (hrot) device
CN112632562A (en) * 2020-12-28 2021-04-09 四川虹微技术有限公司 Equipment starting method, equipment management method and embedded equipment
CN112784280A (en) * 2021-01-12 2021-05-11 苏州浪潮智能科技有限公司 SoC chip security design method and hardware platform
CN113486360A (en) * 2021-07-14 2021-10-08 上海瓶钵信息科技有限公司 RISC-V based safe starting method and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108287999A (en) * 2017-01-10 2018-07-17 厦门雅迅网络股份有限公司 A kind of startup method that system based on TrustZone is credible
US20200082091A1 (en) * 2018-09-07 2020-03-12 Raytheon Company Trusted booting by hardware root of trust (hrot) device
CN112632562A (en) * 2020-12-28 2021-04-09 四川虹微技术有限公司 Equipment starting method, equipment management method and embedded equipment
CN112784280A (en) * 2021-01-12 2021-05-11 苏州浪潮智能科技有限公司 SoC chip security design method and hardware platform
CN113486360A (en) * 2021-07-14 2021-10-08 上海瓶钵信息科技有限公司 RISC-V based safe starting method and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
CHANG, RUI: "Research on Trusted Execution Environment Construction and Security Defense Techniques for Embedded Devices", CHINESE DOCTORAL DISSERTATIONS FULL-TEXT DATABASE, vol. 38-41, 30 April 2017 (2017-04-30), CN, pages 1 - 145, XP009546494 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117272317A (en) * 2023-09-25 2023-12-22 中汽智联技术有限公司 System safety starting method, electronic equipment and storage medium
CN117272317B (en) * 2023-09-25 2024-02-23 中汽智联技术有限公司 System safety starting method, electronic equipment and storage medium
CN117633912A (en) * 2024-01-26 2024-03-01 南湖实验室 RISC-V architecture-based high-throughput secret calculation method and system
CN117633912B (en) * 2024-01-26 2024-05-03 南湖实验室 RISC-V architecture-based high-throughput secret calculation method and system

Similar Documents

Publication Publication Date Title
EP1934882B1 (en) Simple scalable and configurable secure boot for trusted mobile phones
US8341422B2 (en) Method and apparatus for incremental code signing
US9043615B2 (en) Method and apparatus for a trust processor
US8949586B2 (en) System and method for authenticating computer system boot instructions during booting by using a public key associated with a processor and a monitoring device
US8560845B2 (en) System and method for tamper-resistant booting
US7577839B2 (en) Transferring application secrets in a trusted operating system environment
US9563774B1 (en) Apparatus and method for securely logging boot-tampering actions
WO2023102757A1 (en) Boot verification scheme employing risc-v-oriented architecture
US20090282254A1 (en) Trusted mobile platform architecture
US20170093582A1 (en) Secure boot devices, systems, & methods
US10936722B2 (en) Binding of TPM and root device
US20210056207A1 (en) Securing Devices From Unauthorized Software Upgrade
CN115943610B (en) Secure signing configuration settings
CN114329479A (en) RISC-V architecture-oriented start verification method
CN112511306A (en) Safe operation environment construction method based on mixed trust model
CN114499892B (en) Firmware starting method and device, computer equipment and readable storage medium
CN114651253A (en) Virtual environment type verification for policy enforcement
CN112269980A (en) Processor architecture
CN117556430B (en) Safe starting method, device, equipment and storage medium
US20240037216A1 (en) Systems And Methods For Creating Trustworthy Orchestration Instructions Within A Containerized Computing Environment For Validation Within An Alternate Computing Environment
US20240037217A1 (en) Digital content management through on-die cryptography and remote attestation
CN116776311A (en) Hierarchical verification starting method and device
Bin et al. Research and design of Bootrom supporting secure boot mode
CN117610083A (en) File verification method and device, electronic equipment and computer storage medium
CN115292727A (en) TrustZone-based root file system encryption method, device, equipment and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21966681

Country of ref document: EP

Kind code of ref document: A1