CN103955648A - Method and device for verifying legality of system image - Google Patents
Method and device for verifying legality of system image Download PDFInfo
- Publication number
- CN103955648A CN103955648A CN201410205991.7A CN201410205991A CN103955648A CN 103955648 A CN103955648 A CN 103955648A CN 201410205991 A CN201410205991 A CN 201410205991A CN 103955648 A CN103955648 A CN 103955648A
- Authority
- CN
- China
- Prior art keywords
- mirror image
- loading device
- safe state
- device mirror
- image
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method and a device for verifying the legality of a system image. The method comprises the following steps of verifying the legality of a boot loader image used for guiding a corresponding system image to boot according to a safe sate bootstrap program stored in a safe state storage; judging that the system image is legal or illegal according to a verification result that the boot loader image is legal. Therefore the boot sequence after a system is powered on is the safe state bootstrap program, the boot loader image and the system image. As boot loader images before encryption are in one-to-one correspondence to the decrypted boot loader images, if the decrypted boot loader images are completely consistent with the boot loader images before encryption, the boot loader images are not illegally modified, and system images corresponding to the boot loader images are also legal; if the decrypted boot loader images are not completely consistent with the boot loader images before encryption, the boot loader images have been illegally modified, and the system images corresponding to the boot loader images are also illegal.
Description
Technical field
The application relates to Technology On Data Encryption field, relates in particular to a kind of method and device of check system mirror image legitimacy.
Background technology
Operating system image file is exactly clone's file of all data on operating system installation CD, and general image file suffix is " .ISO ", and the software of conventional editing system image file has ULtraISO, PowerISO etc.Image file is in fact similar with ZIP compressed package, and it is made into single file by specific a series of files according to certain form, to facilitate user to download and to use, and for example operating system, the game etc. of a beta version.The most important feature of operating system mirror image is and can directly be burnt on CD by specific software identification.Image file utilizes some virtual drive instruments to carry out could using after decompress(ion).
At present intelligent terminal as mobile phone, panel computer on, the use of Android system is more and more extensive.Except official channel provides the mirror image of Android system, also can there is a large amount of unofficial Android system mirror images at some unofficial channels, such as some fans and amateur are distributed on the Android system mirror image in some electrophile forum, claim and cracked some function or repaired some mistake.But, due to the publicity of network, and the complicacy of network security, some lawless person can add some trojan horses, Malware etc. in Android system mirror image, steals user profile or steals the Alipay amount of money etc.Therefore, how verification goes out illegal Android system mirror image becomes one of current problem demanding prompt solution.
As everyone knows, no matter be directly to start the operating system or operating system mirror image, before system starts, all need first to move start-up routine start-up loading device mirror image boot loader, the startup of guiding operating system, with initiating hardware equipment, create the mapping of storage space, to be ready to correct hardware environment for operating system.
For this reason, for verification violated system mirror image, the solution of a kind of combination start-up loading device mirror image bootloader is provided in prior art, it is roughly by increase verifying function in start-up loading device mirror image, and the hidden subregion that start-up loading device mirror image boot loader is stored in to flash, keep invisible to user.But, still can be by certain technological means, find the partition holding of start-up loading device mirror image bootloader, to start-up loading device mirror image, bootloader modifies, and still cannot verification go out violated system mirror image.
Summary of the invention
Technical problems to be solved in this application are to provide a kind of method and device of check system mirror image legitimacy, can modify and still cannot verification go out violated system mirror image start-up loading mirror image bootloader in order to overcome in prior art.
In order to address the above problem, the application has disclosed a kind of method of check system mirror image legitimacy, comprise: according to the safe state boot being stored on safe state storer, the legitimacy of the start-up loading device mirror image for guiding correspondence system image starting is carried out to verification; Be verified as legal check results according to described start-up loading device mirror image, judge that described system image is legal; Or, be verified as illegal check results according to described start-up loading device mirror image, judge that described system image is illegal.
Further, described basis is stored in the safe state boot on safe state storer, the legitimacy of the start-up loading device mirror image for guiding correspondence system image starting is carried out also comprising before verification: use the encryption key being stored on described safe state storer, start-up loading device mirror image for guiding correspondence system image starting is encrypted, obtains the start-up loading device mirror image after encrypting.
Further, described basis is stored in the safe state boot on safe state storer, the legitimacy of the start-up loading device mirror image for guiding correspondence system image starting is carried out to verification to be comprised: the safe state boot being stored on safe state storer is used the encryption key being stored on described safe state storer, and the start-up loading device mirror image after encrypting is decrypted; According to the result that the start-up loading device mirror image after encrypting is decrypted, the legitimacy of the start-up loading device mirror image after the encryption for guiding correspondence system image starting is carried out to verification.
Further, described basis is stored in the safe state boot on safe state storer, the legitimacy of the start-up loading device mirror image for guiding correspondence system image starting is carried out to verification to be comprised: the safe state boot use being stored on safe state storer is stored in the decrypted private key mating with encryption key on described safe state storer, to using the start-up loading device mirror image after described encryption key is encrypted to be decrypted; According to the result that the start-up loading device mirror image after encrypting is decrypted, the legitimacy of the start-up loading device mirror image after the encryption for guiding correspondence system image starting is carried out to verification.
Further, according to the safe state boot being stored on safe state storer, the legitimacy of the start-up loading device mirror image for guiding correspondence system image starting is carried out also comprising before verification: the mode by hardware resource and software resource isolation forms general area and place of safety on processor, makes described safe state memory bit in described place of safety.
In order to address the above problem, the application has disclosed a kind of device of check system mirror image legitimacy, comprise: correction verification module, for according to being stored in the safe state boot on safe state storer, carries out verification to the legitimacy of the start-up loading device mirror image for guiding correspondence system image starting; Determination module, for being verified as legal check results according to described start-up loading device mirror image, judges that described system image is legal; Or, be verified as illegal check results according to described start-up loading device mirror image, judge that described system image is illegal.
Further, also comprise: ciphering unit, for using the encryption key being stored on described safe state storer, the start-up loading device mirror image for guiding correspondence system image starting is encrypted, obtain the start-up loading device mirror image after encrypting.
Further, described correction verification module comprises: decryption unit, use for the safe state boot being stored on safe state storer the encryption key being stored on described safe state storer, and the start-up loading device mirror image after encrypting is decrypted; Verification unit, for according to the result that the start-up loading device mirror image after encrypting is decrypted, carries out verification to the legitimacy of the start-up loading device mirror image after the encryption for guiding correspondence system image starting.
Further, described correction verification module comprises: decryption unit, be stored in for the safe state boot use being stored on safe state storer the decrypted private key mating with encryption key on described safe state storer, to using the start-up loading device mirror image after described encryption key is encrypted to be decrypted; Verification unit, for according to the result that the start-up loading device mirror image after encrypting is decrypted, carries out verification to the legitimacy of the start-up loading device mirror image after the encryption for guiding correspondence system image starting.
Further, also comprise hardware logic module, for isolating hardware resource and software resource to form general area and place of safety on processor, make described safe state memory bit in described place of safety.
Compared with prior art, the application can obtain and comprise following technique effect:
According to the safe state boot being stored on safe state storer, the legitimacy of the start-up loading device mirror image for guiding correspondence system image starting is carried out to verification; Be verified as legal check results according to described start-up loading device mirror image afterwards, judge that described system image is closed or illegally.As can be seen here, the boot sequence of system after powering on becomes: safe state boot-> start-up loading device mirror image-> operating system mirror image.Because the start-up loading mirror image after start-up loading device mirror image and deciphering before encrypting is one to one, therefore, if the start-up loading device mirror image before the start-up loading device mirror image after deciphering and encryption is in full accord, show that start-up loading device mirror image is not illegally modified, its corresponding system image is also legal, otherwise, showing that start-up loading device mirror image is illegally modified, its corresponding system image is also illegal.
Brief description of the drawings
Accompanying drawing described herein is used to provide further understanding of the present application, forms the application's a part, and the application's schematic description and description is used for explaining the application, does not form the improper restriction to the application.In the accompanying drawings:
Fig. 1 is the method flow schematic diagram of this embodiment of the present application one check system mirror image legitimacy;
Fig. 2 is the method flow schematic diagram of the embodiment of the present application two check system mirror image legitimacies;
Fig. 3 is the schematic flow sheet that the embodiment of the present application three is deciphered start-up loading device mirror image;
Fig. 4 is the schematic flow sheet that the embodiment of the present application four is deciphered start-up loading device mirror image;
Fig. 5 is the apparatus function block diagram of the embodiment of the present application five check system mirror image legitimacies;
Fig. 6 is the apparatus function block diagram of the embodiment of the present application six check system mirror image legitimacies;
Fig. 7 is the functional block diagram of the embodiment of the present application seven correction verification modules;
Fig. 8 is the functional block diagram of the embodiment of the present application eight correction verification modules.
Embodiment
To coordinate drawings and Examples to describe the application's embodiment in detail below, by this application's implementation procedure how application technology means solve technical matters and reach technology effect can be fully understood and be implemented according to this.
Censure specific components as used some vocabulary in the middle of instructions and claim.Those skilled in the art should understand, and hardware manufacturer may be called same assembly with different nouns.This specification and claims are not come with the difference of title and save as to distinguish the mode of assembly, but the criterion of differentiation is carried out and saved as to the difference in function with assembly.If " comprising " mentioned in the middle of instructions and claim is in the whole text an open language, therefore should be construed to " comprise but be not limited to "." roughly " refer to that in receivable error range, those skilled in the art can solve the technical problem within the scope of certain error, reach described technique effect substantially.In addition, " couple " word and comprise directly any and electric property coupling means indirectly at this.Therefore, be coupled to one second device if describe a first device in literary composition, represent that described first device can directly be electrically coupled to described the second device, or be indirectly electrically coupled to described the second device by other devices or the means that couple.Instructions subsequent descriptions is to implement the application's preferred embodiments, and right described description is to illustrate that the application's rule is object, not in order to limit the application's scope.The application's protection domain is when being as the criterion depending on the claims person of defining.
one of core concept of the embodiment of the present application:
The method of the check system mirror image legitimacy that the following embodiment of the application provides, the thought of the method core comprises: first, according to the safe state boot being stored on safe state storer, the legitimacy of the start-up loading device mirror image for guiding correspondence system image starting is carried out to verification; Finally, be verified as legal check results according to described start-up loading device mirror image, judge that described system image is legal; Or, be verified as illegal check results according to described start-up loading device mirror image, judge that described system image is illegal.
two of the core concept of the embodiment of the present application:
The device of the check system mirror image legitimacy that the following embodiment of the application provides, the thought of this device comprises: correction verification module, for according to being stored in the safe state boot on safe state storer, the legitimacy of the start-up loading device mirror image for guiding correspondence system image starting is carried out to verification; Determination module, for being verified as legal check results according to described start-up loading device mirror image, judges that described system image is legal; Or, be verified as illegal check results according to described start-up loading device mirror image, judge that described system image is illegal.
the technique effect of the embodiment of the present application:
According to the safe state boot being stored on safe state storer, the legitimacy of the start-up loading device mirror image for guiding correspondence system image starting is carried out to verification; Be verified as legal check results according to described start-up loading device mirror image afterwards, judge that described system image is closed or illegally.As can be seen here, the boot sequence of system after powering on becomes: safe state boot-> start-up loading device mirror image-> operating system mirror image.Because the start-up loading mirror image after start-up loading device mirror image and deciphering before encrypting is one to one, therefore, if the start-up loading device mirror image before the start-up loading device mirror image after deciphering and encryption is in full accord, show that start-up loading device mirror image is not illegally modified, its corresponding system image is also legal, otherwise, showing that start-up loading device mirror image is illegally modified, its corresponding system image is also illegal.
In the following embodiment of the application, system refers to Android system, and system image refers to Android system mirror image, describes with the above-mentioned core concept to the application.But, it should be noted that, the application's above-mentioned core concept is not limited to and is applied on Android system, those of ordinary skill in the art are according to the application's inspiration, need not creative work, also can apply it in other operating systems, such as linux system, taking Android system or linux system in the improved any system in basis etc.
embodiment mono-
Fig. 1 is the method flow schematic diagram of this embodiment of the present application one check system mirror image legitimacy.As shown in Figure 1, the technical scheme of the present embodiment can comprise:
S101, basis are stored in the safe state boot on safe state storer, and the legitimacy of the start-up loading device mirror image for guiding correspondence system image starting is carried out to verification;
Start-up loading device mirror image BootLoader is operation before operating system nucleus operation.Can initiating hardware equipment, set up memory headroom mapping graph, thereby take the hardware environment of system to a proper states, to be ready to correct environment for final call operation system kernel.In embedded system, conventionally do not have the firmware program as BIOS, therefore the loading initiating task of whole system is just completed by BootLoader completely.In an embedded system based on ARM7TDMI core, system conventionally all starts to carry out from address 0x00000000 in the time powering on or reset, and what arrange at this address place is exactly the BootLoader program of system conventionally.
BootLoader in the present embodiment is not limited to following classification for example:
(1) Redboot is the BOOT scheme that Redhat company issues with eCos, is the item of increasing income.
(2) ARMboot is the firmware project of increasing income of an ARM platform, and it is especially based on PPCBoot, and one provides sisters' project of similar functions for the system on PowerPC platform.In view of the serious dependence to PPCBoot, merge with PPCBoot project, new project is U-Boot.
(3) U-Boot is grown up by the project PPCBoot of increasing income, and ARMboot has been incorporated to PPCBoot, and the Loader of some other arch is collectively referred to as U-Boot.
(4) Blob (Boot Loader Object) is issued by Jan-Derk Bakker and Erik Mouw, is the Boot Loader designing for the LART under StrongARM framework specially.
(5) Bios-lt is the Loader that supports specially Samsung (Samsung) ARM of company framework processor S3C4510B, and CPU/ROM/SDRAM/EXTIO can be set, and management programming FLASH load guiding uClinux kernel.
(6) Bootldr is that Compaq (Compaq) company issues, and is similar to compaq iPAQ Pocket PC, supports SA1100 chip.It is recommended is used for guiding Llinux, supports serial ports Y-modem agreement and jffs file system.The final version of Bootldr is Bootldr-2.19.
(7) vivi is the bootloader of mizi company of Korea S exploitation, is applicable to ARM9 processor.Vivi has two kinds of mode of operations: start-up loading pattern and downloading mode.Start-up loading pattern over time (this time can be changed) starts linux kernel voluntarily, and this is the default mode of vivi.Under downloading mode, vivi provides a command line interface, the number order that can use vivi to provide by interface for user
In the present embodiment, for the terminal that uses arm processor, because ARM company provides the safety technique of system scope: trust region TrustZone, this technology is for secure payment, digital copyright management (DRM), enterprises service and the service based on Web, and this technology can apply to Cortex-A series (ARM Cortex-A15, ARM Cortex-A9, ARM Cortex-A8, ARM Cortex-A7, ARM Cortex-A5, ARM1176) processor.TrustZone technology can with Cortex
tM-A processor is closely integrated, can protect the peripheral hardwares such as secure memory, cryptographic block, keyboard and screen, thereby can guarantee that they exempt from software attacks.Particularly, in TrustZone technology, use hardware logic, hardware resource and the software resource of isolation terminal, thereby on processor, form general area (normal world) and place of safety (secure world), make described safe state memory bit in described place of safety (secure world), guarantee the resource that the assembly of general area cannot access security district, thereby build powerful border between these two regions.
In above-mentioned steps S101, before the legitimacy of the start-up loading device mirror image for guiding correspondence system image starting is carried out to verification, realize by the method for start-up loading device mirror image being carried out to encryption and decryption, can participate in detail following specific embodiment two and three.
S102, be verified as legal check results according to described start-up loading device mirror image, judge that described system image is legal; Or, be verified as illegal check results according to described start-up loading device mirror image, judge that described system image is illegal.
In the present embodiment, when the words that adopt the mode of encryption and decryption start-up loading device mirror image to carry out verification, because the start-up loading mirror image after start-up loading device mirror image and deciphering before encrypting is one to one, therefore, if the start-up loading device mirror image before the start-up loading device mirror image after deciphering and encryption is in full accord, show that start-up loading device mirror image is not illegally modified, its corresponding system image is also legal, otherwise, show that start-up loading device mirror image is illegally modified, its corresponding system image is also illegal.
Need explanation time, the secret key of encryption and decryption can be identical, can be not identical yet, can adopt symmetric encryption method, also can adopt asymmet-ric encryption method, in detail please respectively referring to following embodiment tri-and embodiment tetra-.
embodiment bis-
Fig. 2 is the method flow schematic diagram of the embodiment of the present application two check system mirror image legitimacies.As shown in Figure 2, the technical scheme of the present embodiment can comprise:
S201, use are stored in the encryption key on described safe state storer, and the start-up loading device mirror image for guiding correspondence system image starting is encrypted, and obtain the start-up loading device mirror image after encrypting.
In the present embodiment, in the time that terminal is dispatched from the factory, give each equipment configuration an encryption key, not external disclosure of this encryption key, there will not be visible any user or cracks visible place by technology.Particularly, can each this encryption key that gone out in the safe state storer of plant programming, ensure cannot access this encryption key under non-security state.The start-up loading device bootloader mirror image that each is sent uses this encryption key to be encrypted.
S202, basis are stored in the safe state boot on safe state storer, and the legitimacy of the start-up loading device mirror image after the encryption for guiding correspondence system image starting is carried out to verification;
In the present embodiment, owing to first the start-up loading device mirror image after encrypting having been carried out to legitimacy verification by the safe state boot being stored on safe state storer, therefore, the boot sequence of system after powering on becomes: safe state boot-> start-up loading device mirror image-> operating system mirror image.So, before the legitimacy of start-up loading device mirror image is not verified, be the mirror image that can really not start the operating system.The legitimacy of only having start-up loading device mirror image to be verified is verified, and mirror image just can start the operating system.
S203, according to encrypt after start-up loading device mirror image be verified as legal check results, judge that described system image is legal; Or, be verified as illegal check results according to described start-up loading device mirror image, judge that described system image is illegal.
As previously mentioned, because start-up loading device mirror image and system image are strict corresponding relations, so, can pass through the legitimacy of start-up loading device mirror image, the indirectly legitimacy of decision-making system mirror image.
embodiment tri-
Fig. 3 is the schematic flow sheet that the embodiment of the present application three is deciphered start-up loading device mirror image; As shown in Figure 3, the technical scheme of the present embodiment can comprise:
S301, the safe state boot being stored on safe state storer are used the encryption key being stored on described safe state storer, and the start-up loading device mirror image after encrypting is decrypted;
The result that S302, basis are decrypted the start-up loading device mirror image after encrypting, carries out verification to the legitimacy of the start-up loading device mirror image after the encryption for guiding correspondence system image starting.
In the present embodiment, in the time that terminal is dispatched from the factory, give each equipment configuration an encryption key, not external disclosure of this encryption key, there will not be visible any user or cracks visible place by technology.Particularly, can each this encryption key that gone out in the safe state storer of plant programming, ensure cannot access this encryption key under non-security state.The start-up loading device bootloader mirror image that each is sent uses this encryption key to be encrypted.
It should be noted that, in the present embodiment, the key that the key reconciliation secret emissary who uses due to encryption uses is same key, that is to say that encryption and decryption adopts common key, its essence is encryption method or the symmetric encryption method of one-key cryptosystem, conventional specific algorithm has: data encryption algorithm (Data Encryption Algorithm, DEA), IDEA ((International Data Encryption Algorithm, IDEA) algorithm etc.
embodiment tetra-
Fig. 4 is the schematic flow sheet that the embodiment of the present application four is deciphered start-up loading device mirror image; As shown in Figure 4, the technical scheme of the present embodiment can comprise:
S401, the safe state boot use being stored on safe state storer are stored in the decrypted private key mating with encryption key on described safe state storer, to using the start-up loading device mirror image after described encryption key is encrypted to be decrypted;
The result that S402, basis are decrypted the start-up loading device mirror image after encrypting, carries out verification to the legitimacy of the start-up loading device mirror image after the encryption for guiding correspondence system image starting.
In the present embodiment, in the time that terminal is dispatched from the factory, give each equipment configuration a decruption key, not external disclosure of this decruption key, there will not be visible any user or cracks visible place by technology.Particularly, can each this decruption key that gone out in the safe state storer of plant programming, ensure cannot access this deciphering decryption key under non-security state.The start-up loading device bootloader mirror image that each is sent uses this decruption key to be decrypted.
Different from above-described embodiment four, in the present embodiment, decrypted private key is different from encryption key, and encryption key can public-key cryptography publickey, and decrypted private key is the privately owned secret key privatekey of safe state.Public-key cryptography and private cipher key are a pair of, composition one key pair.If start-up loading device is encrypted with public-key cryptography, only have and could decipher with corresponding private cipher key; If data are encrypted with private cipher key, only have so and could decipher with corresponding public-key cryptography.The encryption and decryption using in the present embodiment is actually a kind of rivest, shamir, adelman, concrete wrong inspection and correction (Error Correcting Code, be called for short ECC) algorithm, Lee Vista-Shamir-A Deman (Rivest-Shamir – Adleman, RSA) public key algorithm etc.
embodiment five
Fig. 5 is the apparatus function block diagram of the embodiment of the present application five check system mirror image legitimacies; As shown in Figure 5, the technical scheme of the present embodiment can comprise: the correction verification module 501 mutually coupling and determination module 502, wherein:
Correction verification module 501, for according to being stored in the safe state boot on safe state storer, carries out verification to the legitimacy of the start-up loading device mirror image for guiding correspondence system image starting.
Determination module 502, for being verified as legal check results according to described start-up loading device mirror image, judges that described system image is legal; Or, be verified as illegal check results according to described start-up loading device mirror image, judge that described system image is illegal.
embodiment six
Fig. 6 is the apparatus function block diagram of the embodiment of the present application six check system mirror image legitimacies; As shown in Figure 6, the technical scheme of the present embodiment is except comprising above-mentioned correction verification module 501 and determination module 502, can also comprise: the encrypting module 503 coupling with correction verification module 501, for using the encryption key being stored on described safe state storer, start-up loading device mirror image for guiding correspondence system image starting is encrypted, obtains the start-up loading device mirror image after encrypting.
embodiment seven
Fig. 7 is the functional block diagram of the embodiment of the present application seven correction verification modules; As shown in Figure 7, correction verification module can comprise: the symmetrical decryption unit 701 mutually coupling and the first verification unit 702, wherein:
Symmetrical decryption unit 701 is used for the safe state boot being stored on safe state storer the encryption key being stored on described safe state storer, and the start-up loading device mirror image after encrypting is decrypted;
The first verification unit 702, for according to the result that the start-up loading device mirror image after encrypting is decrypted, is carried out verification to the legitimacy of the start-up loading device mirror image after the encryption for guiding correspondence system image starting.
embodiment eight
Fig. 8 is the functional block diagram of the embodiment of the present application eight correction verification modules; As shown in Figure 8, correction verification module comprises: the asymmetric decryption unit 801 mutually coupling and the second verification unit 802, wherein:
Asymmetric decryption unit 801 is stored in for the safe state boot use being stored on safe state storer the decrypted private key mating with encryption key on described safe state storer, to using the start-up loading device mirror image after described encryption key is encrypted to be decrypted;
The second verification unit 802, for according to the result that the start-up loading device mirror image after encrypting is decrypted, is carried out verification to the legitimacy of the start-up loading device mirror image after the encryption for guiding correspondence system image starting.
On the embodiment basis of said apparatus, can also comprise hardware logic module, this hardware logic module is used for isolating hardware resource and software resource to form general area and place of safety on processor, makes described safe state memory bit in described place of safety.Repeat no more in detail.
Also it should be noted that, term " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability, thereby make to comprise that the commodity of a series of key elements or system not only comprise those key elements, but also comprise other key elements of clearly not listing, or be also included as this commodity or the intrinsic key element of system.The in the situation that of more restrictions not, the key element being limited by statement " comprising ... ", and be not precluded within and comprise in the commodity of described key element or system and also have other identical element.
Above-mentioned explanation illustrates and has described some preferred embodiments of the application, but as previously mentioned, be to be understood that the application is not limited to disclosed form herein, should not regard the eliminating to other embodiment as, and can be used for various other combinations, amendment and environment, and can, in invention contemplated scope described herein, change by technology or the knowledge of above-mentioned instruction or association area.And the spirit and scope that the change that those skilled in the art carry out and variation do not depart from the application, all should be in the protection domain of the application's claims.
Claims (10)
1. a method for check system mirror image legitimacy, is characterized in that, comprising:
According to the safe state boot being stored on safe state storer, the legitimacy of the start-up loading device mirror image for guiding correspondence system image starting is carried out to verification;
Be verified as legal check results according to described start-up loading device mirror image, judge that described system image is legal; Or, be verified as illegal check results according to described start-up loading device mirror image, judge that described system image is illegal.
2. method according to claim 1, is characterized in that, described basis is stored in the safe state boot on safe state storer, and the legitimacy of the start-up loading device mirror image for guiding correspondence system image starting is carried out also comprising before verification:
Use is stored in the encryption key on described safe state storer, and the start-up loading device mirror image for guiding correspondence system image starting is encrypted, and obtains the start-up loading device mirror image after encrypting.
3. method according to claim 1, is characterized in that, described basis is stored in the safe state boot on safe state storer, the legitimacy of the start-up loading device mirror image for guiding correspondence system image starting is carried out to verification and comprise:
The safe state boot being stored on safe state storer is used the encryption key being stored on described safe state storer, and the start-up loading device mirror image after encrypting is decrypted;
According to the result that the start-up loading device mirror image after encrypting is decrypted, the legitimacy of the start-up loading device mirror image after the encryption for guiding correspondence system image starting is carried out to verification.
4. method according to claim 1, is characterized in that, described basis is stored in the safe state boot on safe state storer, the legitimacy of the start-up loading device mirror image for guiding correspondence system image starting is carried out to verification and comprise:
The safe state boot use being stored on safe state storer is stored in the decrypted private key mating with encryption key on described safe state storer, to using the start-up loading device mirror image after described encryption key is encrypted to be decrypted;
According to the result that the start-up loading device mirror image after encrypting is decrypted, the legitimacy of the start-up loading device mirror image after the encryption for guiding correspondence system image starting is carried out to verification.
5. according to the arbitrary described method of claim 1-4, it is characterized in that, according to the safe state boot being stored on safe state storer, the legitimacy of the start-up loading device mirror image for guiding correspondence system image starting carried out also comprising before verification:
Mode by hardware resource and software resource isolation forms general area and place of safety on processor, makes described safe state memory bit in described place of safety.
6. a device for check system mirror image legitimacy, is characterized in that, comprising:
Correction verification module, for according to being stored in the safe state boot on safe state storer, carries out verification to the legitimacy of the start-up loading device mirror image for guiding correspondence system image starting;
Determination module, for being verified as legal check results according to described start-up loading device mirror image, judges that described system image is legal; Or, be verified as illegal check results according to described start-up loading device mirror image, judge that described system image is illegal.
7. device according to claim 6, it is characterized in that, also comprise: ciphering unit, for using the encryption key being stored on described safe state storer, start-up loading device mirror image for guiding correspondence system image starting is encrypted, obtains the start-up loading device mirror image after encrypting.
8. device according to claim 6, is characterized in that, described correction verification module comprises:
Decryption unit, is used for the safe state boot being stored on safe state storer the encryption key being stored on described safe state storer, and the start-up loading device mirror image after encrypting is decrypted;
Verification unit, for according to the result that the start-up loading device mirror image after encrypting is decrypted, carries out verification to the legitimacy of the start-up loading device mirror image after the encryption for guiding correspondence system image starting.
9. device according to claim 6, is characterized in that, described correction verification module comprises:
Decryption unit, is stored in for the safe state boot use being stored on safe state storer the decrypted private key mating with encryption key on described safe state storer, to using the start-up loading device mirror image after described encryption key is encrypted to be decrypted;
Verification unit, for according to the result that the start-up loading device mirror image after encrypting is decrypted, carries out verification to the legitimacy of the start-up loading device mirror image after the encryption for guiding correspondence system image starting.
10. according to the arbitrary described device of claim 6-9, it is characterized in that, also comprise hardware logic module, for isolating hardware resource and software resource to form general area and place of safety on processor, make described safe state memory bit in described place of safety.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410205991.7A CN103955648B (en) | 2014-05-15 | 2014-05-15 | Method and device for verifying legality of system image |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410205991.7A CN103955648B (en) | 2014-05-15 | 2014-05-15 | Method and device for verifying legality of system image |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103955648A true CN103955648A (en) | 2014-07-30 |
| CN103955648B CN103955648B (en) | 2017-02-01 |
Family
ID=51332923
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410205991.7A Expired - Fee Related CN103955648B (en) | 2014-05-15 | 2014-05-15 | Method and device for verifying legality of system image |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103955648B (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105320891A (en) * | 2015-11-18 | 2016-02-10 | 北京微智全景信息技术有限公司 | Method and device for securely loading system image for computer |
| CN105930730A (en) * | 2015-09-22 | 2016-09-07 | 中国银联股份有限公司 | Terminal system security update method and apparatus in trusted execution environment |
| CN106203124A (en) * | 2016-06-29 | 2016-12-07 | 宇龙计算机通信科技(深圳)有限公司 | Operational approach and operation device, terminal are installed |
| CN107729198A (en) * | 2017-10-18 | 2018-02-23 | 深圳合纵富科技有限公司 | A kind of Android system firmware method of calibration and device |
| CN109074090A (en) * | 2016-02-29 | 2018-12-21 | 深圳市大疆创新科技有限公司 | Unmanned plane hardware structure |
| CN109460262A (en) * | 2018-11-15 | 2019-03-12 | 深圳市网心科技有限公司 | Verify method, system, Android device and the medium of main system image legitimacy |
| US10242198B2 (en) | 2015-12-03 | 2019-03-26 | Garrison Technology Ltd | Secure booting of a computing system based on write request and power-up management |
| CN111177752A (en) * | 2019-12-20 | 2020-05-19 | 全球能源互联网研究院有限公司 | Credible file storage method, device and equipment based on static measurement |
| CN111680298A (en) * | 2020-04-29 | 2020-09-18 | 杭州涂鸦信息技术有限公司 | Embedded system safe starting method and device with storage function |
| CN111954073A (en) * | 2020-07-15 | 2020-11-17 | 深圳市九洲电器有限公司 | Method for quickly realizing android set top box production software and related products |
| CN112270010A (en) * | 2020-11-17 | 2021-01-26 | 上海好连网络科技有限公司 | Method for remotely and safely loading executable file |
| CN113127015A (en) * | 2021-04-25 | 2021-07-16 | 联想(北京)有限公司 | Installation method and device and electronic equipment |
| CN116467015A (en) * | 2023-06-20 | 2023-07-21 | 荣耀终端有限公司 | Mirror image generation method, system start verification method and related equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060090084A1 (en) * | 2004-10-22 | 2006-04-27 | Mark Buer | Secure processing environment |
| CN101578609A (en) * | 2007-01-07 | 2009-11-11 | 苹果公司 | Secure booting a computing device |
| CN102693139A (en) * | 2011-03-25 | 2012-09-26 | 比亚迪股份有限公司 | Method and system for wirelessly upgrading mobile phone software |
-
2014
- 2014-05-15 CN CN201410205991.7A patent/CN103955648B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060090084A1 (en) * | 2004-10-22 | 2006-04-27 | Mark Buer | Secure processing environment |
| CN101578609A (en) * | 2007-01-07 | 2009-11-11 | 苹果公司 | Secure booting a computing device |
| CN102693139A (en) * | 2011-03-25 | 2012-09-26 | 比亚迪股份有限公司 | Method and system for wirelessly upgrading mobile phone software |
Non-Patent Citations (1)
| Title |
|---|
| 李小将: "《基于TCM的嵌入式可信终端系统设计》", 《计算机工程与设计》 * |
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105930730A (en) * | 2015-09-22 | 2016-09-07 | 中国银联股份有限公司 | Terminal system security update method and apparatus in trusted execution environment |
| CN105320891A (en) * | 2015-11-18 | 2016-02-10 | 北京微智全景信息技术有限公司 | Method and device for securely loading system image for computer |
| CN105320891B (en) * | 2015-11-18 | 2018-10-09 | 北京微智全景信息技术有限公司 | A kind of method and device of computer security loading system mirror image |
| US10242198B2 (en) | 2015-12-03 | 2019-03-26 | Garrison Technology Ltd | Secure booting of a computing system based on write request and power-up management |
| CN109074090A (en) * | 2016-02-29 | 2018-12-21 | 深圳市大疆创新科技有限公司 | Unmanned plane hardware structure |
| CN106203124A (en) * | 2016-06-29 | 2016-12-07 | 宇龙计算机通信科技(深圳)有限公司 | Operational approach and operation device, terminal are installed |
| CN107729198A (en) * | 2017-10-18 | 2018-02-23 | 深圳合纵富科技有限公司 | A kind of Android system firmware method of calibration and device |
| CN109460262A (en) * | 2018-11-15 | 2019-03-12 | 深圳市网心科技有限公司 | Verify method, system, Android device and the medium of main system image legitimacy |
| CN111177752A (en) * | 2019-12-20 | 2020-05-19 | 全球能源互联网研究院有限公司 | Credible file storage method, device and equipment based on static measurement |
| CN111680298A (en) * | 2020-04-29 | 2020-09-18 | 杭州涂鸦信息技术有限公司 | Embedded system safe starting method and device with storage function |
| CN111680298B (en) * | 2020-04-29 | 2023-10-27 | 杭州涂鸦信息技术有限公司 | Safe starting method of embedded system and device with storage function |
| CN111954073A (en) * | 2020-07-15 | 2020-11-17 | 深圳市九洲电器有限公司 | Method for quickly realizing android set top box production software and related products |
| CN111954073B (en) * | 2020-07-15 | 2022-07-12 | 深圳市九洲电器有限公司 | Method for quickly realizing android set top box production software and related products |
| CN112270010A (en) * | 2020-11-17 | 2021-01-26 | 上海好连网络科技有限公司 | Method for remotely and safely loading executable file |
| CN112270010B (en) * | 2020-11-17 | 2024-04-12 | 上海好连网络科技有限公司 | Remote safe loading method for executable file |
| CN113127015A (en) * | 2021-04-25 | 2021-07-16 | 联想(北京)有限公司 | Installation method and device and electronic equipment |
| CN113127015B (en) * | 2021-04-25 | 2024-06-18 | 联想(北京)有限公司 | Mounting method and device and electronic equipment |
| CN116467015A (en) * | 2023-06-20 | 2023-07-21 | 荣耀终端有限公司 | Mirror image generation method, system start verification method and related equipment |
| CN116467015B (en) * | 2023-06-20 | 2023-10-20 | 荣耀终端有限公司 | Mirror image generation method, system start verification method and related equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103955648B (en) | 2017-02-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103955648B (en) | Method and device for verifying legality of system image | |
| US8677144B2 (en) | Secure software and hardware association technique | |
| EP3387813B1 (en) | Mobile device having trusted execution environment | |
| CN109937419B (en) | Initialization method for security function enhanced device and firmware update method for device | |
| KR101735023B1 (en) | Method and apparatus including architecture for protecting sensitive code and data | |
| US9043604B2 (en) | Method and apparatus for key provisioning of hardware devices | |
| US7055029B2 (en) | Cryptographic system enabling ownership of a secure process | |
| US8266448B2 (en) | Apparatus, system, method, and computer program product for generating and securing a program capable of being executed utilizing a processor to decrypt content | |
| US10878101B2 (en) | Trusted booting by hardware root of trust (HRoT) device | |
| CN108632240B (en) | Secure verification of FPGA codes | |
| Eisenbarth et al. | Reconfigurable trusted computing in hardware | |
| KR20170095163A (en) | Hardware device and authenticating method thereof | |
| AU2015214589B2 (en) | Multi-level assurance trusted computing platform | |
| US20200026882A1 (en) | Methods and systems for activating measurement based on a trusted card | |
| US20090063108A1 (en) | Compatible trust in a computing device | |
| JP2007512787A (en) | Trusted mobile platform architecture | |
| KR20190009755A (en) | Use of hardware-based security isolation zones for the prevention of piracy and illegal behavior of electronic devices | |
| CN111008094B (en) | Data recovery method, device and system | |
| WO2015149836A1 (en) | Cryptographic chip and related methods | |
| CN109814934B (en) | Data processing method, device, readable medium and system | |
| Zhang et al. | Trusttokenf: A generic security framework for mobile two-factor authentication using trustzone | |
| US20070226806A1 (en) | Method and apparatus for enhancing cryptographic engines against security attacks | |
| JP5575950B2 (en) | Wireless terminal device and system protection method | |
| US20060107054A1 (en) | Method, apparatus and system to authenticate chipset patches with cryptographic signatures | |
| Jiang et al. | Implementing a arm-based secure boot scheme for the isolated execution environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20170201 Termination date: 20170515 |