CN102117330A - Method and system for protecting integrity of critical area of embedded Linux operating system - Google Patents
Method and system for protecting integrity of critical area of embedded Linux operating system Download PDFInfo
- Publication number
- CN102117330A CN102117330A CN 201110052729 CN201110052729A CN102117330A CN 102117330 A CN102117330 A CN 102117330A CN 201110052729 CN201110052729 CN 201110052729 CN 201110052729 A CN201110052729 A CN 201110052729A CN 102117330 A CN102117330 A CN 102117330A
- Authority
- CN
- China
- Prior art keywords
- operating system
- file
- built
- linux operating
- linux
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a method for protecting the integrity of a critical area of an embedded Linux operating system, which comprises the following steps of: establishing the NandFlash partitioning information of the embedded Linux operating system, establishing a root file system of the critical area of the embedded Linux operating system, establishing a file system of a non-critical area of the embedded Linux operating system, and burning the embedded Linux operating system. Simultaneously, the invention also discloses a system for protecting the integrity of the critical area of the embedded Linux operating system. By the technical scheme provided by the invention, the critical area of the embedded Linux operating system can be prevented from falsification, and the stability of the embedded Linux operating system can be ensured.
Description
Technical field
The present invention relates to the embedded Linux system field, be specifically related to a kind of method and system of protecting built-in Linux operating system critical area integrality.
Background technology
Along with 32 bit CPU prices constantly drop, the capacity of memory device is compared increasingly on the sheet, and more and more embedded system begins to use various embedded OSs.Generally in built-in field, as long as be applied to will inevitably need one of operating system, or even a plurality of file system.In fact the called file system is exactly the tissue and the catalogue of any file on a concrete memory device.This equipment may be DOC equipment such as various RAM, NAND FLASH, NOR FLASH, also has based on the various storage cards of NAND FLASH etc.At present, there are a lot of file system available at different equipment and application, for example EXT2, TEMPFS, RAMDISK, CRAMFS, JFFS1/2, YAFFS1/2, XFS etc.In addition, the commercial file system that also has a lot of suppliers to provide.
The select File system will be according to concrete demands of applications.Generally, what at first will consider is exactly reliability, the demand of robustness and enhancing.If the application that does not need often to upgrade control program as the industry control, we select the such read-only file system of CARAMFS enough, and its another one benefit that can also bring be exactly the compressibility of CRAMFS up to 50%, can save our storage space greatly.But if picture relates to the application that this class of data acquisition need be preserved data, read-only file system just is difficult to satisfy the demand of application system, and we can select JFFS or the so read-write file system of YAFFS.But in actual applications, the factor that need consider also should be more.
In general embedded Linux system was used, root file system did not need frequent change, but but related to the access of some data.So in the selection of the critical area file system of built-in Linux operating system, adopt read-only property file system, then a read-write property of carry file system under this read-only type file system.The critical area that can prevent built-in Linux operating system is not so had a mind to or is not intended to distort and causes system crash, can carry out the storage of data again.
Summary of the invention
The invention provides a kind of method of protecting embedded Linux system critical area integrality, can protect the embedded Linux system critical area not distorted, guarantee the stability of system.
The invention provides a kind of method of protecting built-in Linux operating system critical area integrality, comprising: set up built-in Linux operating system NandFlash partition information; Set up built-in Linux operating system critical area root file system; Set up built-in Linux operating system non-critical areas file system; The programming built-in Linux operating system.
Simultaneously, the present invention also provides a kind of system that protects built-in Linux operating system critical area integrality, comprises with lower unit: Bootloader unit, linux kernel unit, cramfs file system elements, yaffs2 file system elements;
Described Bootloader unit guides built-in Linux operating system starts, and carries out the related hardware initialization;
Described linux kernel unit is the core of built-in Linux operating system, is responsible for the resources allocation and the operation of operating system;
Described cramfs file system elements is deposited built-in Linux operating system critical area file;
Described yaffs2 file system elements is deposited built-in Linux operating system non-critical areas file.
Technique scheme as can be seen because the present invention has following beneficial effect:
1. the present invention can prevent that the built-in Linux operating system critical area from not distorted.
2. the present invention can guarantee the stability of built-in Linux operating system.
3. can suitable expanding when the present invention guarantees the built-in Linux operating system integrality.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art, to do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art below, apparently, accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is one-piece construction figure of the present invention;
Fig. 2 is a process flow diagram of the present invention;
Fig. 3 is that built-in Linux operating system NandFlash partition information is set up process flow diagram among the present invention;
Fig. 4 is that built-in Linux operating system critical area root file system is set up process flow diagram among the present invention;
Fig. 5 is that built-in Linux operating system non-critical areas file system is set up process flow diagram among the present invention;
Fig. 6 is a built-in Linux operating system programming process flow diagram among the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making all other embodiment that obtained under the creative work prerequisite.
The embodiment of the invention provides a kind of method and system of protecting built-in Linux operating system critical area integrality, can protect the embedded Linux system critical area not distorted, and guarantees the stability of system, below is elaborated respectively.
Fig. 1 is one-piece construction figure of the present invention.
As shown in Figure 1, the present invention mainly comprises with lower unit: Bootloader unit, linux kernel unit, cramfs file system elements, yaffs2 file system elements.
Described Bootloader unit guides built-in Linux operating system starts, and carries out the related hardware initialization.
Described linux kernel unit is the core of built-in Linux operating system, is responsible for the resources allocation and the operation of operating system.
Described cramfs file system elements is deposited built-in Linux operating system critical area file.
Described yaffs2 file system elements is deposited built-in Linux operating system non-critical areas file.
Fig. 2 is the method for the invention process flow diagram.
As shown in Figure 1, comprise step:
Step 1: set up built-in Linux operating system NandFlash partition information.
Step 2: set up built-in Linux operating system critical area root file system.
Step 3: set up built-in Linux operating system non-critical areas file system.
Step 4: programming built-in Linux operating system.
Fig. 3 sets up process flow diagram for built-in Linux operating system NandFlash partition information.
The subregion of NandFlash is mainly finished in Bootloader.Bootloader mainly carries out some initialized processing, such as CPU, SDRAM etc., NandFlash is divided into 4 districts here, static struct Partition NandPart[among the Bootloader] the structure storage of array the subregion situation of NandFlash, structure struct Partition is made up of following data: subregion start address, subregion end address, zone name.Here suppose that the NandFlash size is 64M.
Step 11: at static struct Partition NandPart[] add the Bootloader partition information in the structure, start address is 0x00000000, and the end address is 0x00040000, and subregion is called boot.
Step 12: at static struct Partition NandPart[] add the Linuxkernel partition information in the structure, start address is 0x00040000, and the end address is 0x00400000, and subregion is called Linux kernel.
Step 13: at static struct Partition NandPart[] add the cramfs partition information in the structure, start address is 0x00400000,0x02c00000, subregion is called cramfs.
Step 14: at static struct Partition NandPart[] add the yaffs partition information in the structure, start address is 0x02c00000,0x04000000, subregion is called yaffs.
Fig. 4 sets up process flow diagram for embedded L inux operating system critical area root file system.
The built-in Linux operating system critical area mainly comprises the configuration file of some systems, dynamic base, and basic utilities etc. lack or the content revised wherein may cause operating system normally to move.Remove to generate the file of these critical areas here by the busybox instrument.Even revised these critical area files because of carelessness, after restarting, system can revert to former state automatically.
Step 21: under/usr/local/rootfs, create 8 catalogue files folders of built-in Linux operating system indispensability, be respectively: bin, etc, dev, proc, sbin, sys, usr, lib.
Step 22: under/usr/local/rootfs, create the non-essential catalogue file folder of built-in Linux operating system, be respectively: mnt, tmp, var, home etc.
Step 23: configuration, compiling and installation busybox-1.9.2.Revising cpu framework and the compiler option among the Makefile, is example with ARM CPU, is the place that the needs among the Makefile are revised: ARCH?=arm, CROSS_COMPILE?=/usr/local/arm/3.4.1/bin/arm-Linux-; Carry out the makemenuconfig order, modification Installation Options option is/usr/local/rootfs.
Step 24: the dynamic library file that down copy is necessary of the lib file from the developing instrument cross-compiler is under/usr/local/rootfs/lib.
Step 25: utilize the mkcramfs instrument that the rootfs file is made into rootfs.cramfs。
Fig. 5 sets up process flow diagram for built-in Linux operating system non-critical areas file system.
The built-in Linux operating system non-critical areas can be for the user storage file, and this zone can be revised arbitrarily, can not have influence on the operation of operating system.
Step 31: establishment/usr/local/yaffsrootfs file.
Step 32: utilize the mkyaffs2image instrument that the yaffsrootfs file is made into yaffs.img.
Fig. 6 is a built-in Linux operating system programming process flow diagram.
Step 41: the boot subregion is arrived in the Bootloader programming.
Step 42: Linux Kernel subregion is arrived in compiled linux kernel programming.
Step 43: the cramfs subregion is arrived in the rootfs.cramfs programming.
Step 44: the yaffs2 subregion is arrived in the yaffs.img programming.
Step 45: in the start file of (SuSE) Linux OS, add Mount-t yaffs2/dev/mtdblock4/usr/yaffs, yaffs.img is hung over/the usr/yaffs catalogue under, the file of user under can arbitrarily right/usr/yaffs catalogue carries out read-write operation.
Need to prove, contents such as the information interaction between said apparatus and intrasystem each unit, implementation since with the inventive method embodiment based on same design, particular content can repeat no more referring to the narration among the inventive method embodiment herein.
One of ordinary skill in the art will appreciate that all or part of step in the whole bag of tricks of the foregoing description is to instruct relevant hardware to finish by program, this program can be stored in the computer-readable recording medium, storage medium can comprise: ROM (read-only memory) (ROM, Read Only Memory), random access memory (RAM, Random Access Memory), disk or CD etc.
More than to a kind of method of protecting embedded Linux system critical area integrality that the embodiment of the invention provided, be described in detail, used specific case herein principle of the present invention and embodiment are set forth, the explanation of above embodiment just is used for helping to understand method of the present invention and core concept thereof; Simultaneously, for one of ordinary skill in the art, according to thought of the present invention, the part that all can change in specific embodiments and applications, in sum, this description should not be construed as limitation of the present invention.
Claims (6)
1. a method of protecting built-in Linux operating system critical area integrality is characterized in that, comprising: set up built-in Linux operating system NandFlash partition information; Set up built-in Linux operating system critical area root file system; Set up built-in Linux operating system non-critical areas file system; The programming built-in Linux operating system.
2. method according to claim 1, it is characterized in that, built-in Linux operating system NandFlash subregion is mainly finished in Bootloader, NandFlash is divided into 4 districts, static struct Partition NandPart[among the Bootloader] the structure storage of array the subregion situation of NandFlash, structure struct Partition is made up of following data: subregion start address, subregion end address, zone name; The NandFlash size is set herein is 64M;
Step 11: at static struct Partition NandPart[] add the Bootloader partition information in the structure, start address is 0x00000000, and the end address is 0x00040000, and subregion is called boot;
Step 12: at static struct Partition NandPart[] add the Linuxkernel partition information in the structure, start address is 0x00040000, and the end address is 0x00400000, and subregion is called Linux kernel;
Step 13: at static struct Partition NandPart[] add the cramfs partition information in the structure, start address is 0x00400000,0x02c00000, subregion is called cramfs;
Step 14: at static struct Partition NandPart[] add the yaffs partition information in the structure, start address is 0x02c00000,0x04000000, subregion is called yaffs.
3. method according to claim 1, it is characterized in that the built-in Linux operating system critical area mainly comprises the configuration file of some systems, dynamic base, basic utility lacks or the content revised wherein may cause operating system normally to move; Remove to generate the file of these critical areas by the busybox instrument,, can revert to former state automatically after system restarts even revised these critical area files; It is as follows that embedded Linux system critical area file system is set up flow process:
Step 21: under/usr/local/rootfs, create 8 catalogue files folders of built-in Linux operating system indispensability, be respectively: bin, etc, dev, proc, sbin, sys, usr, lib;
Step 22: under/usr/local/rootfs, create the non-essential catalogue file folder of built-in Linux operating system, be respectively: mnt, tmp, var, home;
Step 23: configuration, compiling and installation busybox-1.9.2; Revising cpu framework and the compiler option among the Makefile, is example with ARM CPU, is the place that the needs among the Makefile are revised: ARCH?=arm, CROSS_COMPILE?=/usr/local/arm/3.4.1/bin/arm-Linux-; Carry out the makemenuconfig order, modification Installation Options option is/usr/local/rootfs;
Step 24: the dynamic library file that down copy is necessary of the lib file from the developing instrument cross-compiler is under/usr/local/rootfs/lib;
Step 25: utilize the mkcramfs instrument that the rootfs file is made into rootfs.cramfs.
4. method according to claim 1 is characterized in that, the built-in Linux operating system non-critical areas is for the user storage file, and this zone can be revised arbitrarily, can not have influence on the operation of operating system; It is as follows that built-in Linux operating system non-critical areas file system is set up flow process:
Step 31: establishment/usr/local/yaffsrootfs file;
Step 32: utilize the mkyaffs2image instrument that the yaffsrootfs file is made into yaffs.img.
5. method according to claim 1 is characterized in that, built-in Linux operating system programming flow process is as follows:
Step 41: the boot subregion is arrived in the Bootloader programming;
Step 42: Linux Kernel subregion is arrived in compiled linux kernel programming;
Step 43: the cramfs subregion is arrived in the rootfs.cramfs programming;
Step 44: the yaffs2 subregion is arrived in the yaffs.img programming;
Step 45: in the start file of (SuSE) Linux OS, add Mount-t yaffs2/dev/mtdblock4/usr/yaffs, yaffs.img is hung over/the usr/yaffs catalogue under, the user is right/ file under the usr/yaffs catalogue carries out read-write operation.
6. a system that protects built-in Linux operating system critical area integrality is characterized in that, this system comprises with lower unit: Bootloader unit, linux kernel unit, cramfs file system elements, yaffs2 file system elements;
Described Bootloader unit guides built-in Linux operating system starts, and carries out the related hardware initialization;
Described linux kernel unit is the core of built-in Linux operating system, is responsible for the resources allocation and the operation of operating system;
Described cramfs file system elements is deposited built-in Linux operating system critical area file;
Described yaffs2 file system elements is deposited built-in Linux operating system non-critical areas file.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201110052729 CN102117330A (en) | 2011-03-04 | 2011-03-04 | Method and system for protecting integrity of critical area of embedded Linux operating system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201110052729 CN102117330A (en) | 2011-03-04 | 2011-03-04 | Method and system for protecting integrity of critical area of embedded Linux operating system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102117330A true CN102117330A (en) | 2011-07-06 |
Family
ID=44216100
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201110052729 Pending CN102117330A (en) | 2011-03-04 | 2011-03-04 | Method and system for protecting integrity of critical area of embedded Linux operating system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102117330A (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102520778A (en) * | 2011-12-09 | 2012-06-27 | 山东大学 | One-key reset method suitable for embedded Linux operating system |
| CN102693283A (en) * | 2012-05-07 | 2012-09-26 | 深圳市共进电子股份有限公司 | Data partition storage method and system boot method of embedded system |
| CN104503558A (en) * | 2014-12-26 | 2015-04-08 | 四川九洲电器集团有限责任公司 | Resetting method of embedding type equipment and embedding type equipment |
| CN104834547A (en) * | 2015-05-14 | 2015-08-12 | 烽火通信科技股份有限公司 | Remote upgrade method and system of Squashfs read-only root file system |
| CN104850015A (en) * | 2014-09-09 | 2015-08-19 | 北汽福田汽车股份有限公司 | Software packaging method and automobile electronic controller |
| CN105205142A (en) * | 2015-09-18 | 2015-12-30 | 广东欧珀移动通信有限公司 | Method, device and mobile terminal for saving log file |
| CN106874039A (en) * | 2017-01-13 | 2017-06-20 | 重庆邮电大学 | A kind of user program self-start method based on ext2 root file systems |
| CN106873913A (en) * | 2017-02-17 | 2017-06-20 | 山东浪潮商用系统有限公司 | A kind of method that embedded system self adaptation difference flash carries out subregion |
| CN109284232A (en) * | 2018-08-30 | 2019-01-29 | 大陆汽车投资(上海)有限公司 | Prevent the method for flash memory collapse in embedded Linux system |
| CN110032542A (en) * | 2019-04-19 | 2019-07-19 | 宁波三星医疗电气股份有限公司 | A kind of cramfs file system management method, device and electronic equipment |
| CN113407187A (en) * | 2021-05-25 | 2021-09-17 | 鹏城实验室 | Method, device and equipment for constructing file system and computer storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101226477A (en) * | 2007-01-16 | 2008-07-23 | 北京共创开源软件有限公司 | Method for implementing Linux operating system being suitable for mobile application |
| US20090144538A1 (en) * | 2007-11-05 | 2009-06-04 | Duda Kenneth J | Patch installation at boot time for dynamically installable, piecemeal revertible patches |
-
2011
- 2011-03-04 CN CN 201110052729 patent/CN102117330A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101226477A (en) * | 2007-01-16 | 2008-07-23 | 北京共创开源软件有限公司 | Method for implementing Linux operating system being suitable for mobile application |
| US20090144538A1 (en) * | 2007-11-05 | 2009-06-04 | Duda Kenneth J | Patch installation at boot time for dynamically installable, piecemeal revertible patches |
Non-Patent Citations (1)
| Title |
|---|
| 《朝阳科技大学资讯工程系硕士论文》 20070727 吴百发 使用者可配置的嵌入式Linux平台开发 第9~22页 1-6 , * |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102520778A (en) * | 2011-12-09 | 2012-06-27 | 山东大学 | One-key reset method suitable for embedded Linux operating system |
| CN102693283A (en) * | 2012-05-07 | 2012-09-26 | 深圳市共进电子股份有限公司 | Data partition storage method and system boot method of embedded system |
| CN102693283B (en) * | 2012-05-07 | 2015-10-28 | 深圳市共进电子股份有限公司 | A kind of data partition storage method of embedded system and System guides starting method |
| CN104850015B (en) * | 2014-09-09 | 2018-02-23 | 北汽福田汽车股份有限公司 | A kind of software packaging method and a kind of automobile electronic controller |
| CN104850015A (en) * | 2014-09-09 | 2015-08-19 | 北汽福田汽车股份有限公司 | Software packaging method and automobile electronic controller |
| CN104503558A (en) * | 2014-12-26 | 2015-04-08 | 四川九洲电器集团有限责任公司 | Resetting method of embedding type equipment and embedding type equipment |
| CN104834547A (en) * | 2015-05-14 | 2015-08-12 | 烽火通信科技股份有限公司 | Remote upgrade method and system of Squashfs read-only root file system |
| CN104834547B (en) * | 2015-05-14 | 2018-02-16 | 烽火通信科技股份有限公司 | A kind of remote upgrade method and system of the read-only root file systems of Squashfs |
| CN105205142A (en) * | 2015-09-18 | 2015-12-30 | 广东欧珀移动通信有限公司 | Method, device and mobile terminal for saving log file |
| CN105205142B (en) * | 2015-09-18 | 2017-10-31 | 广东欧珀移动通信有限公司 | Preserve method, device and the mobile terminal of journal file |
| CN106874039A (en) * | 2017-01-13 | 2017-06-20 | 重庆邮电大学 | A kind of user program self-start method based on ext2 root file systems |
| CN106873913A (en) * | 2017-02-17 | 2017-06-20 | 山东浪潮商用系统有限公司 | A kind of method that embedded system self adaptation difference flash carries out subregion |
| CN106873913B (en) * | 2017-02-17 | 2020-03-17 | 山东浪潮商用系统有限公司 | Method for partitioning embedded system by self-adapting to different flash |
| CN109284232A (en) * | 2018-08-30 | 2019-01-29 | 大陆汽车投资(上海)有限公司 | Prevent the method for flash memory collapse in embedded Linux system |
| CN110032542A (en) * | 2019-04-19 | 2019-07-19 | 宁波三星医疗电气股份有限公司 | A kind of cramfs file system management method, device and electronic equipment |
| CN110032542B (en) * | 2019-04-19 | 2021-04-27 | 宁波三星医疗电气股份有限公司 | Cramfs file system management method and device and electronic equipment |
| CN113407187A (en) * | 2021-05-25 | 2021-09-17 | 鹏城实验室 | Method, device and equipment for constructing file system and computer storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102117330A (en) | Method and system for protecting integrity of critical area of embedded Linux operating system | |
| CN102541475B (en) | Data storage method and data storage device | |
| CN102831173B (en) | Memory expanding method based on android system, device and terminal device | |
| US8868622B2 (en) | Method and apparatus for allocating resources in a computer system | |
| CN105739961B (en) | Starting method and device of embedded system | |
| WO2012131507A1 (en) | Running a plurality of instances of an application | |
| CN103677654A (en) | Method and electronic equipment for storing data | |
| CN102449599A (en) | System and method for converting a java application into a virtual server image for cloud deployment | |
| WO2008043197A1 (en) | Dynamically changing a garbage collector in a managed runtime system | |
| KR101651204B1 (en) | Apparatus and Method for synchronization of snapshot image | |
| CN103227812A (en) | Downloading method and device supporting breakpoint resuming in intelligent equipment | |
| KR101996975B1 (en) | Memory allocation method and device | |
| US10853264B2 (en) | Virtual memory system | |
| CN101814020A (en) | Rapid implementation method based on embedded program and system thereof | |
| CN101488093A (en) | Embedded computer system and its hardware configuration method | |
| CN102073525A (en) | Method and device for dynamically upgrading Web service system based on Java platform | |
| CN107562483A (en) | A kind of method and device of carry guiding file system | |
| JP2022545012A (en) | Data storage using flash order of memory aperture | |
| CN106250125A (en) | Obtain the method and device of daily record | |
| CN103365926A (en) | Method and device for storing snapshot in file system | |
| CN110032526B (en) | Page caching method, system and equipment based on nonvolatile medium | |
| CN101403966A (en) | Method for implementing portable software | |
| CN103176832A (en) | Method of similar UNIX operation system running virtual operation system and device of similar UNIX operation system running virtual operation system | |
| CN100573450C (en) | At the method and apparatus that has with system's executive utility of non-flash memory | |
| CN108932155A (en) | Virtual machine memory management method, device, electronic equipment and readable storage medium storing program for executing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20110706 |