CN103425932A - Signature calibration method and terminal device - Google Patents

Signature calibration method and terminal device Download PDF

Info

Publication number
CN103425932A
CN103425932A CN2013103472353A CN201310347235A CN103425932A CN 103425932 A CN103425932 A CN 103425932A CN 2013103472353 A CN2013103472353 A CN 2013103472353A CN 201310347235 A CN201310347235 A CN 201310347235A CN 103425932 A CN103425932 A CN 103425932A
Authority
CN
China
Prior art keywords
software package
terminal device
system software
signing messages
verification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2013103472353A
Other languages
Chinese (zh)
Other versions
CN103425932B (en
Inventor
李树彬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Honor Device Co Ltd
Original Assignee
Huawei Device Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Device Co Ltd filed Critical Huawei Device Co Ltd
Priority to CN201310347235.3A priority Critical patent/CN103425932B/en
Publication of CN103425932A publication Critical patent/CN103425932A/en
Application granted granted Critical
Publication of CN103425932B publication Critical patent/CN103425932B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Stored Programmes (AREA)

Abstract

The invention discloses a signature calibration method and a terminal device. The signature calibration method includes the steps of obtaining hardware information of the terminal device in the state that a system is safely started, and conducting calibration to find out whether a system software package is legal or not through the terminal device according to N pieces of signature information in the system software package and the hardware information of the terminal device, wherein the hardware information of the terminal device includes at least one of the type of a processor of the terminal device, information of a manufacturer and the type of the device or any combination of the type of the processor of the terminal device, information of the manufacturer and the type of the device, the N pieces of signature information is generated according to original data of the system software package and different types of hardware information, and N is larger than or equal to 2. Due to the fact that the N pieces of signature information is generated according to the original data of the system software package and the different types of hardware information, the signature calibration method and the terminal device can adapt to safe starting of various types of hardware, and when the hardware information such as the type of the processor, the information of the manufacturer and the type of the device changes, normal use such as starting of the device, updating of the device and maintaining of the device can not be influenced.

Description

Signature check method and terminal device
Technical field
The present invention relates to communication technical field, especially a kind of signature check method and terminal device.
Background technology
At present, the clean boot scheme (secureboot) of high-pass platform support based on the fuse failure technology.The clean boot scheme is a kind of clean boot scheme provided according to the different application demand, for the protection of starting the binary data of communicating by letter with some and using.Its principle is: first use softdog and digital certificate, raw data and the hardware information required to clean boot carry out signature verification process, and the signing messages of generation is bound together with corresponding raw data; Then when terminal device starts, the hardware information that the internal processes of terminal device chips is used this terminal device to the raw data that loads and signing messages carries out verification, with the legitimacy of the raw data guaranteeing to load, guarantee the legitimacy of the system software package that loads.
The existing signature check technology of high-pass platform, terminal device is when the raw data to loading and signing messages carry out verification, need to use the hardware information of this terminal device, when the hardware information of terminal device changes, the hardware information that this hardware information just may be used with the generation signing messages is inconsistent, there will be thus the verification failure, cause terminal device to start.
Summary of the invention
The problem to be solved in the present invention is that existing signature check technology, when hardware information changes, affects the normal use of equipment.
In view of this, in order addressing the above problem, in first aspect, to the present invention proposes a kind of signature check method, to comprise:
Under the state of safety startup of system, obtain the hardware information of terminal device, the hardware information of described terminal device comprises at least one or its combination in any of the processor model of described terminal device, manufacturer's information and unit type;
Described terminal device is according to the N bar signing messages in system software package and the hardware information of described terminal device, whether the described system software package of verification is legal, and described N bar signing messages is to generate according to the raw data of described system software package and different hardware informations; N >=2.
In conjunction with first aspect, in the first in possible embodiment, before the described hardware information that obtains terminal device, described method also comprises:
Using one in described N bar signing messages as the acquiescence signing messages, using described N bar signing messages other signing messages except described acquiescence signing messages as attaching signature information;
Wherein, described acquiescence signing messages is the signing messages that described terminal device is used while carrying out verification at every turn for the first time; After described acquiescence signing messages is kept at the mirror image data of described system software package, after described attaching signature information is kept at described acquiescence signing messages; Or described acquiescence signing messages is kept between the mirror image head and mirror image data of described system software package, after described attaching signature information is kept at described mirror image data.
The possible embodiment in conjunction with the first of first aspect, at the second, in possible embodiment, described terminal device is according to the N bar signing messages in system software package and the hardware information of described terminal device, and whether the described system software package of verification is legal, comprising:
Described terminal device is according to the described acquiescence signing messages in described system software package and the hardware information of described terminal device, and whether the described system software package of verification is legal;
If the hardware information according to described acquiescence signing messages and described terminal device, the described system software package of verification is illegal, successively according to the hardware information of described attaching signature information and described terminal device, whether the described system software package of verification is legal, until that verification goes out described system software package is legal.
The possible embodiment in conjunction with the second of first aspect, at the third in possible embodiment, described successively according to the hardware information of described attaching signature information and described terminal device, whether the described system software package of verification is legal, until verification go out described system software package legal after, described method also comprises:
Verification is gone out to the annex signing messages that described system software package is used when legal, replace described acquiescence signing messages.
In conjunction with first aspect or above-mentioned any possible embodiment, in the 4th kind of possible embodiment, described system software package comprises the raw data that needs upgrade,
Described terminal device is according to the N bar signing messages in system software package and the hardware information of described terminal device, and whether the described system software package of verification is legal, comprising:
In the process of upgrading described raw data, described terminal device is according to the hardware information of described N bar signing messages and described terminal device, and whether the described system software package of verification is legal;
Described method also comprises:
If described system software package is legal, carry out the more new technological process of the raw data of described system software package;
Otherwise, stop described system software package raw data renewal and report an error.
In conjunction with first aspect or possible embodiment or possible embodiment or the third the possible embodiment of the second of the first, in the 5th kind of possible embodiment, described terminal device is according to the N bar signing messages in system software package and the hardware information of described terminal device, whether the described system software package of verification is legal, comprising:
In the process of safety startup of system, described terminal device is according to the hardware information of described N bar signing messages and described terminal device, and whether the described system software package of verification is legal;
Described method also comprises:
If described system software package is legal, the flow process that executive system starts;
Otherwise, stop the flow process of executive system startup and report an error.
In second aspect, the present invention proposes a kind of terminal device, comprising:
The acquisition of information module, under the state of safety startup of system, obtain the hardware information of terminal device, and the hardware information of described terminal device comprises at least one or its combination in any of the processor model of described terminal device, manufacturer's information and unit type;
The signature check module, be used for according to the N bar signing messages of system software package and the hardware information of described terminal device, whether the described system software package of verification is legal, and described N bar signing messages is to generate according to the raw data of described system software package and different hardware informations; N >=2.
In conjunction with second aspect, in the first, in possible embodiment, described terminal device also comprises:
The signature processing module, for using one of described N bar signing messages as giving tacit consent to signing messages, using described N bar signing messages other signing messages except described acquiescence signing messages as attaching signature information;
Wherein, described acquiescence signing messages is the signing messages that described terminal device is used while carrying out verification at every turn for the first time; After described acquiescence signing messages is kept at the mirror image data of described system software package, after described attaching signature information is kept at described acquiescence signing messages; Or described acquiescence signing messages is kept between the mirror image head and mirror image data of described system software package, after described attaching signature information is kept at described mirror image data.
The possible embodiment in conjunction with the first of second aspect, at the second in possible embodiment, described signature check module specifically for: according to the described acquiescence signing messages in described system software package and the hardware information of described terminal device, whether the described system software package of verification legal; If the hardware information according to described acquiescence signing messages and described terminal device, the described system software package of verification is illegal, successively according to the hardware information of described attaching signature information and described terminal device, whether the described system software package of verification is legal, until that verification goes out described system software package is legal.
The possible embodiment in conjunction with the second of second aspect, at the third in possible embodiment, described signature processing module also for: in described signature check module successively according to the hardware information of described attaching signature information and described terminal device, whether the described system software package of verification is legal, until verification go out described system software package legal after, verification is gone out to the annex signing messages that described system software package is used when legal, replace described acquiescence signing messages.
In conjunction with second aspect or above-mentioned any possible embodiment, in the 4th kind of possible embodiment, described system software package comprises the raw data that needs upgrade, and described signature check module comprises:
Data updating unit, for the process upgrading described raw data, according to the hardware information of described N bar signing messages and described terminal device, whether the described system software package of verification is legal; If described system software package is legal, carry out the more new technological process of the raw data of described system software package; Otherwise, stop described system software package raw data renewal and report an error.
In conjunction with second aspect or possible embodiment or possible embodiment or the third the possible embodiment of the second of the first, in the 5th kind of possible embodiment, described signature check module comprises:
The clean boot unit, for the process at safety startup of system, according to the hardware information of described N bar signing messages and described terminal device, whether the described system software package of verification is legal; If described system software package is legal, the flow process that executive system starts; Otherwise, stop the flow process of executive system startup and report an error.
The embodiment of the present invention is under the state of safety startup of system, terminal device is according to the N bar signing messages in system software package and the hardware information of described terminal device, can the described system software package of verification whether legal, because N bar signing messages is to generate according to the raw data of described system software package and different hardware informations, can adapt to the clean boot of polytype hardware, when the hardware informations such as processor model, manufacturer's information or unit type change, the normal use such as the startup of equipment, upgrading and maintenance is unaffected.
The accompanying drawing explanation
The Figure of description that is included in instructions and forms the part of instructions shows exemplary embodiment of the present invention, feature and aspect together with instructions, and for explaining principle of the present invention.
The schematic flow sheet of the signature check method that Fig. 1 is the embodiment of the present invention one;
The schematic diagram of signing messages memory location in the signature check method that Fig. 2 a~Fig. 2 d is the embodiment of the present invention two;
The schematic flow sheet of the signature check method that Fig. 2 e is the embodiment of the present invention two;
The schematic flow sheet of the signature check method that Fig. 3 is the embodiment of the present invention three;
The structured flowchart of the terminal device that Fig. 4 is the embodiment of the present invention four;
The structured flowchart of the terminal device that Fig. 5 is the embodiment of the present invention five;
The structured flowchart of the terminal device that Fig. 6 is the embodiment of the present invention six.
Embodiment
Describe various exemplary embodiments of the present invention, feature and aspect in detail below with reference to accompanying drawing.The identical same or analogous element of Reference numeral presentation function in accompanying drawing.Although the various aspects of embodiment shown in the drawings, unless otherwise indicated, needn't draw accompanying drawing in proportion.
Here special-purpose word " exemplary " means " as example, embodiment or illustrative ".Here needn't be interpreted as being better than or being better than other embodiment as " exemplary " illustrated any embodiment.
In addition, for better explanation the present invention, provided numerous details in embodiment hereinafter.It will be appreciated by those skilled in the art that and there is no these details, the present invention can implement equally.In the other example, the method for knowing for everybody, means, element and circuit are not described in detail, so that highlight purport of the present invention.
The schematic flow sheet of the signature check method that Fig. 1 is the embodiment of the present invention one.On stream, different terminal equipment such as: mobile phone, PAD etc. may have dissimilar processor, and in use procedure, the situation of the new and old replacing of processor chips may appear in terminal device, therefore the processor type of terminal device support may have multiple, in the process of carrying out mirror image data upgrading or safety startup of system, need to adopt the hardware informations such as processor of terminal device to carry out signature check to system software package.As shown in Figure 1, this signature check method can comprise the following steps:
Step 101, under the state of safety startup of system, obtain the hardware information of terminal device, the hardware information of described terminal device comprises at least one or its combination in any of the processor model of described terminal device, manufacturer's information and unit type.
Particularly, the system of terminal device can be in clean boot state, for example: adopt the terminal device of high-pass platform in the secureboot state, under the clean boot state, when terminal device carries out signature check at the system software package to the needs operation, need to use the hardware information of this terminal device self.Wherein, each terminal device has the hardware information of self, and hardware information generally can comprise any one or a few in processor model, manufacturer's information and unit type.
Step 102, terminal device are according to the N bar signing messages in system software package and the hardware information of described terminal device, whether the described system software package of verification is legal, and described N bar signing messages is to generate according to the raw data of described system software package and different hardware informations.N≥2。
Different terminal devices may have different hardware informations, as: different processor models, manufacturer's information or unit type; Same terminal device has dissimilar hardware information, and for example: the processor model of same terminal device and manufacturer's information are dissimilar.A signing messages can be generated according to raw data and a hardware information of system software package, according to raw data and N the different hardware information of system software package, N bar signing messages can be generated; Wherein, N different hardware information can comprise the different hardware information that belongs to same terminal device, can also comprise the different hardware information that belongs to different terminal equipment.Concrete, before system software wraps on terminal device and moves, can use softdog and digital certificate respectively in system software package during clean boot required raw data and N different hardware information carry out signature verification process, generate corresponding N bar signing messages, and this N bar signing messages is stored in this system software package; Can comprise checking data (signature data) and certificate information (cert chain) etc. in signing messages.When terminal device carries out signature check at needs to system software package, can be successively according to the hardware information of N bar signing messages and terminal device, respectively system software package is carried out to signature check, if there is a signing messages can make the verification of system software package pass through, can finish checking process, process according to normal flow.If all signing messages all can not make the verification of system software package pass through, this terminal device can not be supported the normal operations such as the operation of this system software package and renewal.Concrete, terminal device is according to the hardware information of a signing messages and terminal device, the process of respectively system software package being carried out to signature check can comprise: terminal device obtains the raw data of self hardware information and the system software package of pending signature check, then the checking routine of the chip internal of terminal device storage calculates a signing messages according to this hardware information and raw data, whether the signing messages that then judgement obtains and the signing messages in this system software package mate, if coupling, mean the signature check of system software package is passed through, be that system software package is legal, if do not mate, mean the signature check of system software package is not passed through.
Because system software package comprises the signing messages corresponding from a plurality of different hardware informations, so this system software wraps in the different a plurality of terminal devices of hardware information while moving, all can verification pass through.
The present embodiment is under the state of safety startup of system, terminal device is according to the N bar signing messages in system software package and the hardware information of described terminal device, can the described system software package of verification whether legal, because N bar signing messages is to generate according to the raw data of described system software package and different hardware informations, can adapt to the clean boot of polytype hardware, when the hardware informations such as processor model, manufacturer's information or unit type change, the normal use such as the startup of equipment, upgrading and maintenance is unaffected.
The schematic diagram of signing messages memory location in the signature check method that Fig. 2 a~Fig. 2 d is the embodiment of the present invention two.On the basis of above-described embodiment, the memory location of N bar signing messages can have multiple, can all do the as a whole place that is kept at, and also can be divided into the multistage storage.A signing messages take in the embodiment of the present invention as the acquiescence signing messages, and remaining signing messages is that attaching signature information is that example describes.
Can be using one in described N bar signing messages as the acquiescence signing messages, other signing messages using described N bar signing messages except the acquiescence signing messages are as attaching signature information.Wherein, described acquiescence signing messages is the signing messages that described terminal device is used while carrying out verification at every turn for the first time.The storage mode of acquiescence signing messages and attaching signature information can comprise following any one:
After mode one, described acquiescence signing messages are kept at the mirror image data of described system software package, after described attaching signature information is kept at the acquiescence signing messages.
The raw data of system software package can comprise mirror image head and mirror image data, and for example: as shown in Figure 2 a, the mirror image head is that * hd.mbn and mirror image data are * sbl.mbn, and it is after * sbl.mbn that the acquiescence signing messages can be kept at mirror image data.As shown in Figure 2 b, after the acquiescence signing messages, can first preserve a mirror image signature whole head file, then preserve header file and the attaching signature information of each attaching signature.If described acquiescence signing messages is saved between mirror image head and mirror image data, after described attaching signature information can being saved in to described mirror image data.
Mode two, described acquiescence signing messages are kept between the mirror image head and mirror image data of described system software package, after described attaching signature information is kept at described mirror image data.
As shown in Figure 2 c, the mirror image head is that elf_header and mirror image data are * .mbn, and the acquiescence signing messages can be kept between mirror image head and mirror image data.In addition, if after described acquiescence signing messages is saved in to mirror image data, after described attaching signature information can being saved in to described acquiescence signing messages.As shown in Figure 2 d, after mirror image data, a mirror image signature whole head file be can first preserve, then header file and the attaching signature information of each attaching signature preserved.
Further, terminal device is according to the N bar signing messages in system software package and the hardware information of described terminal device, and whether the described system software package of verification is legal, specifically can comprise:
Described terminal device is according to the acquiescence signing messages in system software package and the hardware information of described terminal device, and whether the described system software package of verification is legal;
If the hardware information according to described acquiescence signing messages and described terminal device, the described system software package of verification is illegal, successively according to the hardware information of described attaching signature information and described terminal device, whether the described system software package of verification is legal, until that verification goes out described system software package is legal.
Again further, the signing messages that each verification is passed through may be different, if the acquiescence signing messages of system software package storage is the signing messages that verification is passed through, in the process of at every turn restarting terminal device, can preferentially adopt the acquiescence signing messages to carry out verification to system software package, to reduce checking time.Therefore, according to the hardware information of described attaching signature information and described terminal device, whether the described system software package of verification legal successively, until verification go out described system software package legal after, described signature check method also comprises:
Verification is gone out to the annex signing messages that described system software package is used when legal, replace described acquiescence signing messages.
Particularly, the upgrading flow process of the system software package of acquiescence generally: after entering more new technological process, terminal device carries out the mirror image integrity checking to system software package, if the mirror image data of system software package is complete, then upgrades mirror image data.In the embodiment of the present invention, can in the upgrading flow process of acquiescence, increase the verifying function to system software package, process features according to software upgrading, when described system software package comprises the raw data of needs renewal, terminal device is according to the N bar signing messages in system software package and the hardware information of described terminal device, whether the described system software package of verification is legal, specifically can comprise:
In the process of upgrading described raw data, described terminal device is according to the hardware information of described N bar signing messages and described terminal device, and whether the described system software package of verification is legal;
In this case, described method also comprises:
If described system software package is legal, carry out the more new technological process of the raw data of described system software package; Otherwise, stop described system software package raw data renewal and report an error.
The schematic flow sheet of the signature check method that Fig. 2 e is the embodiment of the present invention two, as shown in Figure 2 e, this signature check method can comprise the following steps:
Step 201, terminal device read the acquiescence signing messages of default location;
Step 202, terminal device are according to the acquiescence signing messages, and whether judgement needs the system software package of upgrading legal, if so, performs step 206; Otherwise, perform step 203;
Concrete, terminal device is according to the signing messages read, and judgement needs the whether legal process of system software package of upgrading can be for example:
Terminal device obtains the hardware information of self and needs the raw data in the system software package of upgrading, the chip internal of terminal device stores checking routine, according to this checking routine, hardware information and the raw data obtained are verified to calculating, obtain a signing messages, whether the signing messages that the signing messages that then judgement obtains and terminal device read mates, if coupling, this system software package is legal, if do not mate, this system software package is illegal; Wherein, terminal device, according to a signing messages, judges that the whether legal process of system software package can be referring to the checking procedure in existing secure launch process;
Step 203, terminal device judge whether to exist next attaching signature information, if so, perform step 204, otherwise, perform step 207;
Step 204, terminal device read an attaching signature information;
Step 205, terminal device are according to the attaching signature information read, and whether judgement needs the system software package of upgrading legal, if so, adopt the attaching signature information of coupling to replace the acquiescence signing messages, then perform step 206, otherwise return to execution step 203;
Step 206, according to normal process, terminal device continue to upgrade the raw data of this system software package, completes Data Update.
The renewal of the raw data of step 207, terminal device halt system software package also reports an error.For example: when the user provides the mirror image data AKU of wrong version, terminal device is initiatively refused update software and is pointed out the user reason of makeing mistakes, and to avoid user error to upgrade, causes mobile phone to start.
The present embodiment is under the state of safety startup of system, terminal device is according to the N bar signing messages in system software package and the hardware information of described terminal device, can the described system software package of verification whether legal, because N bar signing messages is to generate according to the raw data of described system software package and different hardware informations, can adapt to the clean boot of polytype hardware, when the hardware informations such as processor model, manufacturer's information or unit type change, the normal use such as the startup of equipment, upgrading and maintenance is unaffected.In addition, a kind of system software package can be adaptive to the terminal device that many moneys have adopted the different model processor, can reduce research staff's workload, and the compatibility of elevator system improves the user and experiences.Further, this signature check method can also, according to the renewal of check results Control System Software bag, be avoided the wrong AKU of upgrading.In addition, the signing messages that verification is passed through is signing messages by default, and in the time of can reducing the system software package renewal, the number of times of verification, improve the efficiency of verification.
The schematic flow sheet of the signature check method that Fig. 3 is the embodiment of the present invention three.The present embodiment can, when terminal device carries out clean boot, carry out signature check.When terminal device carries out the starting up, first be confirmed whether to carry out clean boot, when confirming to carry out clean boot, whether the system software package when starting in the verification terminal device is legal, checking process is substantially similar to the checking process of software upgrading in above-described embodiment, and difference is the trigger point difference of checking process.Wherein, the checking process of system software package in upgrading can more trigger during new technological process entering system software package.And the triggering can and find to carry out clean boot the starting up time of checking process during clean boot.The difference of the present embodiment and Fig. 2 e illustrated embodiment is, described terminal device is according to the N bar signing messages in system software package and the hardware information of described terminal device, and whether the described system software package of verification is legal, comprising:
In the process of safety startup of system, described terminal device is according to the hardware information of described N bar signing messages and described terminal device, and whether the described system software package of verification is legal;
In this case, described method also comprises:
If described system software package is legal, the flow process that executive system starts;
Otherwise, stop the flow process of executive system startup and report an error.
It should be noted that, can come indicating terminal equipment to carry out clean boot by multiple means.For example: the high pass chip is carried out to fuse failure, can be used to refer to the terminal device that uses this chip and carry out secure launch process when starting; When terminal device starts, can first check whether the fuse failure data are arranged, if having, carry out secure launch process, whether the check system software package is legal.
As shown in Figure 3, this signature check method can comprise the following steps:
Step 301, terminal device read the acquiescence signing messages of default location;
Step 302, terminal device, according to the acquiescence signing messages, judge that whether system software package is legal, if so, perform step 306; Otherwise, perform step 303;
Specifically judge that the whether legal method of system software package can be referring to the embodiment shown in Fig. 2 e;
Step 303, terminal device judge whether to exist next attaching signature information, if so, perform step 304, otherwise, perform step 307;
Step 304, terminal device read an attaching signature information;
Step 305, terminal device are according to the attaching signature information read, judge that whether system software package is legal, if, adopt the attaching signature information of coupling to replace the acquiescence signing messages, the attaching signature information that is about to this coupling is set to give tacit consent to signing messages, then perform step 306, otherwise return to execution step 303;
Step 306, terminal device permission equipment continue operation, the flow process that executive system starts.
Step 307, terminal device stop the flow process of executive system startup and report an error.Like this can no thoroughfare illegal system software package is started.
The present embodiment is under the state of safety startup of system, terminal device is according to the N bar signing messages in system software package and the hardware information of described terminal device, can the described system software package of verification whether legal, because N bar signing messages is to generate according to the raw data of described system software package and different hardware informations, can adapt to the clean boot of polytype hardware, when the hardware informations such as processor model, manufacturer's information or unit type change, the normal use such as the startup of equipment, upgrading and maintenance is unaffected.In addition, a kind of system software package can be adaptive to the terminal device that many moneys have adopted the different model processor, can reduce research staff's workload, and the compatibility of elevator system improves the user and experiences.Further, this signature check method can also control whether carry out the system startup according to check results.In addition, the signing messages that verification is passed through is as the acquiescence signing messages of checking data, and in the time of can reducing the terminal device startup, the number of times of verification, improve the efficiency of verification.
The structured flowchart of the terminal device that Fig. 4 is the embodiment of the present invention four, as shown in Figure 4, this terminal device 40 can comprise:
Acquisition of information module 41, under the state of safety startup of system, obtain the hardware information of terminal device, and the hardware information of described terminal device comprises at least one or its combination in any of the processor model of described terminal device, manufacturer's information and unit type.
Signature check module 43, be used for according to the N bar signing messages of system software package and the hardware information of described terminal device, whether the described system software package of verification is legal, and described N bar signing messages is to generate according to the raw data of described system software package and different hardware informations; N >=2.
Particularly, the system of terminal device can be in clean boot state, for example: adopt the terminal device of high-pass platform in the secureboot state, under the clean boot state, when terminal device carries out signature check at the system software package to the needs operation, need to use the hardware information of this terminal device self.Wherein, each terminal device has the hardware information of self, and hardware information generally can comprise any one or a few in processor model, manufacturer's information and unit type.
Before system software wraps on terminal device and moves, can use softdog and digital certificate respectively in system software package during clean boot required raw data and N different hardware information carry out signature verification process, generate corresponding N bar signing messages, and this N bar signing messages is stored in this system software package; Can comprise checking data (signature data) and certificate information (cert chain) etc. in signing messages.When terminal device carries out signature check at needs to system software package, signature check module 43 can be successively according to the hardware information of N bar signing messages and terminal device, respectively system software package is carried out to signature check, if there is a signing messages can make the verification of system software package pass through, can finish checking process, process according to normal flow.If all signing messages all can not make the verification of system software package pass through, this terminal device can not be supported the normal operations such as the operation of this system software package and renewal.
The terminal device that the present embodiment provides is for carrying out the method for said method embodiment, and concrete principle of work and workflow can be referring to above-mentioned each embodiments of the method.
The present embodiment, under the state of safety startup of system, the acquisition of information module of terminal device can be obtained the hardware information of terminal device, the signature check module is according to the N bar signing messages in system software package and the hardware information of described terminal device, can the described system software package of verification whether legal, because N bar signing messages is to generate according to the raw data of described system software package and different hardware informations, can adapt to the clean boot of polytype hardware, at processor model, when the hardware information such as manufacturer's information and unit type changes, the startup of equipment, the normal use such as upgrading and maintenance is unaffected.
The structured flowchart of the terminal device that Fig. 5 is the embodiment of the present invention five, the assembly that Fig. 5 is identical with Fig. 4 label has identical implication.As shown in Figure 5, with the key distinction of a upper embodiment, be, this terminal device 50 can also comprise: signature processing module 51, be used for one of described N bar signing messages as the acquiescence signing messages, using described N bar signing messages other signing messages except described acquiescence signing messages as attaching signature information;
Wherein, described acquiescence signing messages is the signing messages that described terminal device is used while carrying out verification at every turn for the first time; After described acquiescence signing messages is kept at the mirror image data of described system software package, after described attaching signature information is kept at the acquiescence signing messages; Or described acquiescence signing messages is kept between the mirror image head and mirror image data of described system software package, after described attaching signature information is kept at described mirror image data.Specifically can be referring to Fig. 2 a~Fig. 2 d and associated description thereof in the signature check method of above-described embodiment.
Described signature check module 43 specifically for: according to the acquiescence signing messages in system software package and the hardware information of described terminal device, whether the described system software package of verification legal; If the hardware information according to described acquiescence signing messages and described terminal device, the described system software package of verification is illegal, successively according to the hardware information of described attaching signature information and described terminal device, whether the described system software package of verification is legal, until that verification goes out described system software package is legal.
Further, signature processing module 51 can also for: in signature check module 43 successively according to the hardware information of described attaching signature information and described terminal device, whether the described system software package of verification is legal, until verification go out described system software package legal after, verification is gone out to the annex signing messages that described system software package is used when legal, replace described acquiescence signing messages.
In the first, in possible embodiment, described system software package comprises the raw data that needs upgrade, and described signature check module 43 can comprise:
Data updating unit 53, for the process upgrading described raw data, according to the hardware information of described N bar signing messages and described terminal device, whether the described system software package of verification is legal; If described system software package is legal, carry out the more new technological process of the raw data of described system software package; Otherwise, stop described system software package raw data renewal and report an error.Specifically can be referring to Fig. 2 e and associated description thereof in the signature check method of above-described embodiment.
At another kind, in possible embodiment, described signature check module 43 can also comprise:
Clean boot unit 55, for the process at safety startup of system, according to the hardware information of described N bar signing messages and described terminal device, whether the described system software package of verification is legal; If described system software package is legal, the flow process that executive system starts; Otherwise, stop the flow process of executive system startup and report an error.Specifically can be referring to Fig. 3 and associated description thereof in the signature check method of above-described embodiment.
The present embodiment, under the state of safety startup of system, the acquisition of information module of terminal device can be obtained the hardware information of terminal device, the signature check module is according to the N bar signing messages in system software package and the hardware information of described terminal device, can the described system software package of verification whether legal, because N bar signing messages is to generate according to the raw data of described system software package and different hardware informations, can adapt to the clean boot of polytype hardware, at processor model, when the hardware information such as manufacturer's information or unit type changes, the startup of equipment, the normal use such as upgrading and maintenance is unaffected.In addition, a kind of system software package can be adaptive to the terminal device that many moneys have adopted the different model processor, can reduce research staff's workload, and the compatibility of elevator system improves the user and experiences.Further, terminal device can also start according to renewal or the system of check results Control System Software bag, avoids wrong renewal AKU or system illegally to start.In addition, the signing messages that terminal device passes through verification is signing messages by default, can reduce the follow-up number of times that carries out verification, improves the efficiency of verification.
The structured flowchart of the terminal device that Fig. 6 is the embodiment of the present invention six.Described terminal device 60 can be host server, personal computer PC or portable portable computer or the terminal etc. that possess computing power.The specific embodiment of the invention is not done restriction to the specific implementation of computing node.This terminal device 60 can be for carrying out the method for above-mentioned each embodiment of the method.
Described terminal device 60 can comprise processor (processor) 61, communication interface (Communications Interface) 62, storer (memory array) 63 and bus 64.Wherein, processor 61, communication interface 62 and storer 63 complete mutual communication by bus 64.
Communication interface 62 for PERCOM peripheral communication.
Processor 61 is for executive routine.Processor 61 may be a central processor CPU, or application-specific integrated circuit ASIC (Application Specific Integrated Circuit), or is configured to implement one or more integrated circuit of the embodiment of the present invention.
Storer 63 is for storing documents and program.Storer 63 may comprise the high-speed RAM storer, also may also comprise nonvolatile memory (non-volatile memory), for example at least one magnetic disk memory.Storer 63 can be also memory array.Storer 63 also may be by piecemeal, and described can become virtual volume by certain principle combinations.
In a kind of possible embodiment, said procedure can be the program code that comprises computer-managed instruction.This program specifically can be used for:
Under the state of safety startup of system, obtain the hardware information of terminal device, the hardware information of described terminal device comprises at least one or its combination in any of the processor model of described terminal device, manufacturer's information and unit type;
According to the N bar signing messages in system software package and the hardware information of described terminal device, whether the described system software package of verification is legal, and described N bar signing messages is to generate according to the raw data of described system software package and different hardware informations; N >=2.
In a kind of possible embodiment, described program also for: before the described hardware information that obtains terminal device, using one in described N bar signing messages as the acquiescence signing messages, using described N bar signing messages other signing messages except described acquiescence signing messages as attaching signature information;
Wherein, described acquiescence signing messages is the signing messages that described terminal device is used while carrying out verification at every turn for the first time; After described acquiescence signing messages is kept at the mirror image data of described system software package, after described attaching signature information is kept at described acquiescence signing messages; Or described acquiescence signing messages is kept between the mirror image head and mirror image data of described system software package, after described attaching signature information is kept at described mirror image data.
In a kind of possible embodiment, according to the N bar signing messages in system software package and the hardware information of described terminal device, whether the described system software package of verification is legal, comprising:
According to the described acquiescence signing messages in described system software package and the hardware information of described terminal device, whether the described system software package of verification is legal;
If the hardware information according to described acquiescence signing messages and described terminal device, the described system software package of verification is illegal, successively according to the hardware information of described attaching signature information and described terminal device, whether the described system software package of verification is legal, until that verification goes out described system software package is legal.
In a kind of possible embodiment, described program also for: described successively according to the hardware information of described attaching signature information and described terminal device, whether the described system software package of verification is legal, until verification go out described system software package legal after, verification is gone out to the annex signing messages that described system software package is used when legal, replace described acquiescence signing messages.
In a kind of possible embodiment, described system software package comprises the raw data that needs upgrade, described terminal device is according to the N bar signing messages in system software package and the hardware information of described terminal device, and whether the described system software package of verification is legal, comprising:
In the process of upgrading described raw data, described terminal device is according to the hardware information of described N bar signing messages and described terminal device, and whether the described system software package of verification is legal;
Described program also for:
If described system software package is legal, carry out the more new technological process of the raw data of described system software package;
Otherwise, stop described system software package raw data renewal and report an error.
In a kind of possible embodiment, described terminal device is according to the N bar signing messages in system software package and the hardware information of described terminal device, and whether the described system software package of verification is legal, comprising:
In the process of safety startup of system, described terminal device is according to the hardware information of described N bar signing messages and described terminal device, and whether the described system software package of verification is legal;
Described program also for:
If described system software package is legal, the flow process that executive system starts;
Otherwise, stop the flow process of executive system startup and report an error.
The present embodiment, under the state of safety startup of system, terminal device can obtain the hardware information of terminal device, according to the N bar signing messages in system software package and the hardware information of described terminal device, can the described system software package of verification whether legal, because N bar signing messages is to generate according to the raw data of described system software package and different hardware informations, can adapt to the clean boot of polytype hardware, at processor model, when the hardware information such as manufacturer's information or unit type changes, the startup of equipment, the normal use such as upgrading and maintenance is unaffected.In addition, a kind of system software package can be adaptive to the terminal device that many moneys have adopted the different model processor, can reduce research staff's workload, and the compatibility of elevator system improves the user and experiences.Further, this signature check method can also start according to renewal or the system of check results Control System Software bag, avoids wrong renewal AKU or system illegally to start.In addition, the signing messages that verification is passed through is signing messages by default, can reduce the follow-up number of times that carries out verification, improves the efficiency of verification.
Those of ordinary skills can recognize, each exemplary cell and algorithm steps in embodiment described herein can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions realize with hardware or software form actually, depend on application-specific and the design constraint of technical scheme.The professional and technical personnel can realize described function for specific application choice diverse ways, but this realization should not thought and exceeds scope of the present invention.
If the form of computer software of usining realizes described function and as production marketing independently or while using, can think to a certain extent that all or part of (part for example prior art contributed) of technical scheme of the present invention is with the form embodiment of computer software product.This computer software product is stored in the storage medium of embodied on computer readable usually, comprises that some instructions are used so that computer equipment (can be personal computer, server or the network equipment etc.) is carried out all or part of step of various embodiments of the present invention method.And aforesaid storage medium comprises the various media that can be program code stored such as USB flash disk, portable hard drive, ROM (read-only memory) (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disc or CD.
The above; be only the specific embodiment of the present invention, but protection scope of the present invention is not limited to this, anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; can expect easily changing or replacing, within all should being encompassed in protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion by the described protection domain with claim.

Claims (12)

1. a signature check method, is characterized in that, comprising:
Under the state of safety startup of system, obtain the hardware information of terminal device, the hardware information of described terminal device comprises at least one or its combination in any of the processor model of described terminal device, manufacturer's information and unit type;
Described terminal device is according to the N bar signing messages in system software package and the hardware information of described terminal device, whether the described system software package of verification is legal, and described N bar signing messages is to generate according to the raw data of described system software package and different hardware informations; N >=2.
2. signature check method according to claim 1, is characterized in that, before the described hardware information that obtains terminal device, described method also comprises:
Using one in described N bar signing messages as the acquiescence signing messages, using described N bar signing messages other signing messages except described acquiescence signing messages as attaching signature information;
Wherein, described acquiescence signing messages is the signing messages that described terminal device is used while carrying out verification at every turn for the first time; After described acquiescence signing messages is kept at the mirror image data of described system software package, after described attaching signature information is kept at described acquiescence signing messages; Or described acquiescence signing messages is kept between the mirror image head and mirror image data of described system software package, after described attaching signature information is kept at described mirror image data.
3. signature check method according to claim 2, is characterized in that, described terminal device is according to the N bar signing messages in system software package and the hardware information of described terminal device, and whether the described system software package of verification is legal, comprising:
Described terminal device is according to the described acquiescence signing messages in described system software package and the hardware information of described terminal device, and whether the described system software package of verification is legal;
If the hardware information according to described acquiescence signing messages and described terminal device, the described system software package of verification is illegal, successively according to the hardware information of described attaching signature information and described terminal device, whether the described system software package of verification is legal, until that verification goes out described system software package is legal.
4. signature check method according to claim 3, it is characterized in that, described successively according to the hardware information of described attaching signature information and described terminal device, whether the described system software package of verification is legal, until verification go out described system software package legal after, described method also comprises:
Verification is gone out to the annex signing messages that described system software package is used when legal, replace described acquiescence signing messages.
5. according to the described signature check method of any one in claim 1-4, it is characterized in that, described system software package comprises the raw data that needs upgrade,
Described terminal device is according to the N bar signing messages in system software package and the hardware information of described terminal device, and whether the described system software package of verification is legal, comprising:
In the process of upgrading described raw data, described terminal device is according to the hardware information of described N bar signing messages and described terminal device, and whether the described system software package of verification is legal;
Described method also comprises:
If described system software package is legal, carry out the more new technological process of the raw data of described system software package;
Otherwise, stop described system software package raw data renewal and report an error.
6. according to the described signature check method of any one in claim 1-4, it is characterized in that, described terminal device is according to the N bar signing messages in system software package and the hardware information of described terminal device, and whether the described system software package of verification is legal, comprising:
In the process of safety startup of system, described terminal device is according to the hardware information of described N bar signing messages and described terminal device, and whether the described system software package of verification is legal;
Described method also comprises:
If described system software package is legal, the flow process that executive system starts;
Otherwise, stop the flow process of executive system startup and report an error.
7. a terminal device, is characterized in that, comprising:
The acquisition of information module, under the state of safety startup of system, obtain the hardware information of terminal device, and the hardware information of described terminal device comprises at least one or its combination in any of the processor model of described terminal device, manufacturer's information and unit type;
The signature check module, be used for according to the N bar signing messages of system software package and the hardware information of described terminal device, whether the described system software package of verification is legal, and described N bar signing messages is to generate according to the raw data of described system software package and different hardware informations; N >=2.
8. terminal device according to claim 7, is characterized in that, also comprises:
The signature processing module, for using one of described N bar signing messages as giving tacit consent to signing messages, using described N bar signing messages other signing messages except described acquiescence signing messages as attaching signature information;
Wherein, described acquiescence signing messages is the signing messages that described terminal device is used while carrying out verification at every turn for the first time; After described acquiescence signing messages is kept at the mirror image data of described system software package, after described attaching signature information is kept at described acquiescence signing messages; Or described acquiescence signing messages is kept between the mirror image head and mirror image data of described system software package, after described attaching signature information is kept at described mirror image data.
9. terminal device according to claim 8, is characterized in that, described signature check module specifically for: according to the described acquiescence signing messages in described system software package and the hardware information of described terminal device, whether the described system software package of verification legal; If the hardware information according to described acquiescence signing messages and described terminal device, the described system software package of verification is illegal, successively according to the hardware information of described attaching signature information and described terminal device, whether the described system software package of verification is legal, until that verification goes out described system software package is legal.
10. terminal device according to claim 9, is characterized in that, described signature processing module also for:
In described signature check module successively according to the hardware information of described attaching signature information and described terminal device, whether the described system software package of verification is legal, until verification go out described system software package legal after, verification is gone out to the annex signing messages that described system software package is used when legal, replace described acquiescence signing messages.
11. according to the described terminal device of any one in claim 7-10, it is characterized in that, described system software package comprises the raw data that needs upgrade, described signature check module comprises:
Data updating unit, for the process upgrading described raw data, according to the hardware information of described N bar signing messages and described terminal device, whether the described system software package of verification is legal; If described system software package is legal, carry out the more new technological process of the raw data of described system software package; Otherwise, stop described system software package raw data renewal and report an error.
12. according to the described terminal device of any one in claim 7-10, it is characterized in that, described signature check module comprises:
The clean boot unit, for the process at safety startup of system, according to the hardware information of described N bar signing messages and described terminal device, whether the described system software package of verification is legal; If described system software package is legal, the flow process that executive system starts; Otherwise, stop the flow process of executive system startup and report an error.
CN201310347235.3A 2013-08-09 2013-08-09 Signature calibration method and terminal device Active CN103425932B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310347235.3A CN103425932B (en) 2013-08-09 2013-08-09 Signature calibration method and terminal device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310347235.3A CN103425932B (en) 2013-08-09 2013-08-09 Signature calibration method and terminal device

Publications (2)

Publication Number Publication Date
CN103425932A true CN103425932A (en) 2013-12-04
CN103425932B CN103425932B (en) 2017-02-01

Family

ID=49650653

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310347235.3A Active CN103425932B (en) 2013-08-09 2013-08-09 Signature calibration method and terminal device

Country Status (1)

Country Link
CN (1) CN103425932B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107193612A (en) * 2014-06-27 2017-09-22 青岛海信移动通信技术股份有限公司 The version upgrading method and device of a kind of mobile terminal
CN110135130A (en) * 2019-04-25 2019-08-16 武汉虹信通信技术有限责任公司 A kind of embedded device software tamper-resistant method and system
CN111125725A (en) * 2019-11-22 2020-05-08 苏州浪潮智能科技有限公司 Encryption and decryption method, equipment and medium for mirror image verification
CN113434484A (en) * 2021-06-29 2021-09-24 青岛海尔科技有限公司 Method, system, device and electronic device for describing functions of equipment
CN117574352A (en) * 2024-01-16 2024-02-20 苏州元脑智能科技有限公司 Software and hardware combined anti-counterfeiting method, system, equipment and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080301774A1 (en) * 2007-05-28 2008-12-04 Kabushiki Kaisha Toshiba Information processing apparatus
CN101373437A (en) * 2007-04-10 2009-02-25 标准微系统公司 Accessing safety memory by embedded controller to increase system safety
CN102289622A (en) * 2011-09-01 2011-12-21 西安电子科技大学 Trusted startup method based on authentication policy file and hardware information collection

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101373437A (en) * 2007-04-10 2009-02-25 标准微系统公司 Accessing safety memory by embedded controller to increase system safety
US20080301774A1 (en) * 2007-05-28 2008-12-04 Kabushiki Kaisha Toshiba Information processing apparatus
CN102289622A (en) * 2011-09-01 2011-12-21 西安电子科技大学 Trusted startup method based on authentication policy file and hardware information collection

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107193612A (en) * 2014-06-27 2017-09-22 青岛海信移动通信技术股份有限公司 The version upgrading method and device of a kind of mobile terminal
CN107193612B (en) * 2014-06-27 2021-03-23 青岛海信移动通信技术股份有限公司 Version upgrading method and device for mobile terminal
CN110135130A (en) * 2019-04-25 2019-08-16 武汉虹信通信技术有限责任公司 A kind of embedded device software tamper-resistant method and system
CN110135130B (en) * 2019-04-25 2021-03-12 武汉虹信科技发展有限责任公司 Method and system for preventing embedded equipment software from being modified
CN111125725A (en) * 2019-11-22 2020-05-08 苏州浪潮智能科技有限公司 Encryption and decryption method, equipment and medium for mirror image verification
CN113434484A (en) * 2021-06-29 2021-09-24 青岛海尔科技有限公司 Method, system, device and electronic device for describing functions of equipment
CN117574352A (en) * 2024-01-16 2024-02-20 苏州元脑智能科技有限公司 Software and hardware combined anti-counterfeiting method, system, equipment and storage medium
CN117574352B (en) * 2024-01-16 2024-04-05 苏州元脑智能科技有限公司 Software and hardware combined anti-counterfeiting method, system, equipment and storage medium

Also Published As

Publication number Publication date
CN103425932B (en) 2017-02-01

Similar Documents

Publication Publication Date Title
CN102509046B (en) The operating system effectively measured with the overall situation of dormancy support is started
US8996933B2 (en) Memory management method, controller, and storage system
US20100235648A1 (en) Methods and systems for binding a removable trusted platform module to an information handling system
CN103425932A (en) Signature calibration method and terminal device
CN104570823A (en) Information processing method and information processing apparatus
US9582262B2 (en) Systems and methods for installing upgraded software on electronic devices
CN102279914A (en) Unified extensible firmware interface (UEFI) trusted supporting system and method for controlling same
CN103914658A (en) Safe starting method of terminal equipment, and terminal equipment
CN101276389B (en) Separation of logical trusted platform modules within a single physical trusted platform module
CN106648724B (en) Application program hot repair method and terminal
CN111694760B (en) Server system, flash memory module and method for updating firmware mapping file
CN110020528A (en) A kind of BMC starting method, apparatus and electronic equipment and storage medium
CN105095767A (en) System and method for secure startup checked based on file data block
JP5466645B2 (en) Storage device, information processing device, and program
CN105677409B (en) A kind of method for upgrading system and device
CN109992444A (en) The hardware based end-to-end data guard method of one kind, device, computer equipment and storage medium
CN102722669B (en) Completeness verification method of operating system
CN103119559A (en) Information generation system and method therefor
CN107077342A (en) Firmware module runs authority
CN105138378B (en) A kind of BIOS writes with a brush dipped in Chinese ink method and electronic equipment
CN105354107A (en) Data transmission method and system for NOR Flash
KR101428233B1 (en) Method of storing vehicle identification number, apparatus performing the same and system perfroming the same
US20140289874A1 (en) Integrated circuit (ic) chip and method of verifying data thereof
CN103034594A (en) Memory storage device and memory controller and password authentication method thereof
CN102096777A (en) Secure programming of vehicle modules

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20171027

Address after: Metro Songshan Lake high tech Industrial Development Zone, Guangdong Province, Dongguan City Road 523808 No. 2 South Factory (1) project B2 -5 production workshop

Patentee after: Huawei terminal (Dongguan) Co.,Ltd.

Address before: 518129 Longgang District, Guangdong, Bantian HUAWEI base B District, building 2, building No.

Patentee before: HUAWEI DEVICE Co.,Ltd.

CP01 Change in the name or title of a patent holder
CP01 Change in the name or title of a patent holder

Address after: 523808 Southern Factory Building (Phase I) Project B2 Production Plant-5, New Town Avenue, Songshan Lake High-tech Industrial Development Zone, Dongguan City, Guangdong Province

Patentee after: HUAWEI DEVICE Co.,Ltd.

Address before: 523808 Southern Factory Building (Phase I) Project B2 Production Plant-5, New Town Avenue, Songshan Lake High-tech Industrial Development Zone, Dongguan City, Guangdong Province

Patentee before: Huawei terminal (Dongguan) Co.,Ltd.

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20210430

Address after: Unit 3401, unit a, building 6, Shenye Zhongcheng, No. 8089, Hongli West Road, Donghai community, Xiangmihu street, Futian District, Shenzhen, Guangdong 518040

Patentee after: Honor Device Co.,Ltd.

Address before: 523808 Southern Factory Building (Phase I) Project B2 Production Plant-5, New Town Avenue, Songshan Lake High-tech Industrial Development Zone, Dongguan City, Guangdong Province

Patentee before: HUAWEI DEVICE Co.,Ltd.