CN104298913A - Universal safe intelligent terminal starting method - Google Patents
Universal safe intelligent terminal starting method Download PDFInfo
- Publication number
- CN104298913A CN104298913A CN201310303401.XA CN201310303401A CN104298913A CN 104298913 A CN104298913 A CN 104298913A CN 201310303401 A CN201310303401 A CN 201310303401A CN 104298913 A CN104298913 A CN 104298913A
- Authority
- CN
- China
- Prior art keywords
- boot
- operating system
- intelligent terminal
- integrity
- reference value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
Abstract
The invention discloses a universal safe intelligent terminal starting method. According to the method, firstly, a safe starting module s-boot is arranged at the starting skipping position of an intelligent terminal, wherein the integrity reference value of a bootstrap program and the integrity reference value of an operating system are stored; secondly, s-boot is executed after the intelligent terminal is started, the storage positions of the bootstrap program and the operating system of the intelligent terminal are acquired; thirdly, the bootstrap program is installed on the s-boot, the integrity measuring value of the bootstrap program is obtained, the bootstrap program is verified, and if the bootstrap program does not pass the verification, the intelligent terminal is forced to reset; if the bootstrap program passes the verification, the operating system continues to be installed, the integrity of the operating system is measured, the integrity measuring value of the operating system is obtained, the operating system is verified, and if the operating system passes the verification, the bootstrap program is started; if not, the intelligent terminal is forced to reset. The safe starting process of the system can be guaranteed without making other change on a terminal device.
Description
Technical field
The invention belongs to mobile terminal safety field, relate generally to the clean boot solution of mobile intelligent terminal, more properly relate to a kind of general safe starting method, be intended for diversified mobile terminal device and flexile peripheral configuration, effectively can solve safety problems such as escaping from prison.
Background technology
In recent years, along with the fast development of integrated circuit technique, smart mobile phone, the mobile intelligent terminals such as panel computer have had very powerful processing power, and its storage capacity, computing power, travelling speed are obtained for and significantly promote.Along with mobile intelligent terminal from function machine to the transformation of intelligent machine, mobile terminal operating system arises at the historic moment.Intelligent terminal operation system no longer to provide call management for fundamental purpose, and is to provide the running environment that one comprises the types of applications softwares such as call management, Entertainment, office account, and intelligence degree is day by day constantly close to desktop PC operating system.The fast development of mobile intelligent terminal operating system makes all kinds of internet, applications also thereupon to mobile intelligent terminal migration, and mobile Internet application emerges in an endless stream, and becomes increasingly prosperous.
The prosperity that is universal and mobile Internet application of mobile intelligent terminal makes increasing user by all kinds of security sensitive business of mobile intelligent terminal process.Therefore, mobile terminal more and more relates to the sensitive information such as secret of the trade and individual privacy, thus causes mobile terminal to be faced with various security threat, as stolen accounts information, monitoring call etc.Wherein, escape from prison as a kind of specific safety threat for mobile intelligent terminal, have extremely strong destructive power.Escape from prison and namely obtain root authority, Malware can do anything after escaping from prison.Such as android system builds based on linux kernel, and the systematic highest weight limit of root user's tool, can access and revise files all on mobile terminal after escaping from prison.For the terminal device after escaping from prison, all security mechanisms that it runs can be bypassed, and security architecture and the mechanism of operating system level perform practically no function, and make current intelligent mobile terminal face serious potential security threat.And one of them effective way solving problem of escaping from prison is exactly the integrality of protection intelligent terminal operation system.
At present, the trust chain technology of conventional P C is gradually improved, and trust chain can this viewpoint of integrality of available protecting system state be commonly recognized.Therefore, this for chain that conventional P C breaks the wall of mistrust technical thought can be incorporated on intelligent terminal by we.But, relative to traditional PC, mobile terminal is more flexible, personalization is very strong, software systems wherein and the combination of hardware are closely, generally to carry out the transplanting of system for hardware, though same brand, with a series of product in also need constantly to modify according to the change of system hardware and increase and decrease.So the universal safety startup scheme designing a kind of mobile intelligent terminal field towards having varied architectural framework and external unit is a significant challenge.
Summary of the invention
The object of this invention is to provide the integrality of the intelligent operating system that a kind of effective approach protection mobile intelligent terminal runs; build and trust; check the powerful destructive power brought after Malware is escaped from prison from source, the security mechanism that simultaneously can provide for operating system nucleus is given security.
In order to achieve the above object, the present invention proposes a kind of general intelligent terminal safe starting method, namely integrity verification mechanism is introduced in the system power-up moment, in guarantee system, the integrality of load operating entity (comprising boot and operating system) is not destroyed, as shown in Figure 1, its step is as follows:
1) first ROM in sheet, namely clean boot module s-boot is set at the start jump address place of iROM, preserve the integrity reference value of boot and the integrity reference value of operating system in s-boot, integrity reference value is by the correct cryptographic hash using the production firm of s-boot to precalculate out.S-boot is stored in iROM in the mode of a programming, can ensure s-boot not distort by rogue program, keep its integrality.System performs s-boot after power, i.e. clean boot module;
2) hardware of s-boot first initialization system;
3) s-boot judges the Starting mode of terminal device;
4) select to obtain the boot of terminal device and the memory location of operating system according to the Starting mode of equipment;
5) boot is loaded from corresponding memory device;
6) integrity measurement is carried out to boot, namely utilize hash algorithm to calculate the cryptographic hash of boot;
7) integrity verification is carried out to boot, compare by integrity measurement value and integrity reference value;
8) if be proved to be successful, loading operation system is continued; Otherwise, force terminal resets, namely allow system start up;
9) from corresponding memory device loading operation system;
10) integrity measurement is carried out to operating system, namely utilize the cryptographic hash of hash algorithm calculating operation system;
11) integrity verification is carried out to operating system, compare by integrity measurement value and integrity reference value;
12) if be proved to be successful, then the normal Booting sequence of system is entered; Otherwise, force terminal resets.
Beneficial effect of the present invention:
Conventional P C generally takes the method for chain type when building chain, before Systematical control power is passed to next module, first start module to the next one and measure.This also just means that each run entity on guiding chain needs amendment to support credible startup.Present patent application only adds clean boot module in systems in which, as the first run entity guided after system power-up, as trust starting point, carry out integrity measurement and checking to other entities on guiding chain are unified, reduce the amendment to system, shorten the length of trust chain simultaneously.Terminal device does not need the change doing other, only need to load clean boot module, namely can ensure the secure launch process of system.
In addition, mobile intelligent terminal, relative to conventional P C, has great difference.First, processor architecture is varied, and processor system more popular at present has ARM, MIPS, PowerPC etc.; Secondly, same processor architecture has multiple different series, due to the dirigibility in mobile intelligent terminal field and make the model of processor numerous and diverse various by wide family these features of crowd's coverage rate, each processor has different series to provide relatively unique performance to meet the demand in different application field; Again, peripheral hardware is flexible and changeable, and due to the singularity in mobile intelligent terminal field, the configuration of peripheral hardware is also very flexible, and different production firms can encapsulate the pin of different number according to different needs, use different external memory etc.Due to These characteristics, run superincumbent boot and operating system is also of a great variety, the boot as popular has uboot, vivi, redboot, blob etc., and common operating system is as android, ios, windows mobile, symbian etc.This flexible and changeable characteristic makes to support that clean boot lacks unified interface.The clean boot module of present patent application just provides this unified interface, does not namely need to be concerned about that what terminal device ran is which kind of boot or operating system, only needs to require to import parameter into according to the unified interface of clean boot module.
Accompanying drawing explanation
Fig. 1 is the clean boot process flow diagram of the inventive method;
Fig. 2 is that sample architecture figure is implemented in clean boot;
Fig. 3 is that exemplary flowchart is implemented in clean boot;
Fig. 4 is that example detail flowchart is implemented in clean boot.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, further describe, be understandable that the technical scheme in the embodiment of the present invention, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those skilled in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
As shown in Figure 2, ROM in sheet, namely iROM comprises clean boot module s-boot to the system architecture of the embodiment that present patent application provides.S-boot is stored in iROM in the mode of a programming, can ensure s-boot not distort by rogue program, keep its integrality.Ram in slice, i.e. iRAM are the static RAM (SRAM) of low capacity.DRAM and External memory equipment (as nand flash, SD card etc.) are connected by the controller on sheet.
S-boot is safe guidance module, and primary responsibility is to other important module of system, and as u-boot, Android system mirror image etc. carries out integrity measurement, to ensure the credible of charging assembly.First, the integrity reference value calculation procedure utilizing s-boot to provide carries out Hash calculation to the u-boot used in the present embodiment and Android system mirror image, obtains corresponding integrity reference value.Then, in compile option, add the integrity reference value that the ardware model number of the present embodiment and previous calculations go out, compiling generates final s-boot mirror image.In the present embodiment, the Starting mode of system is from SD card start-up, and s-boot is the corresponding external unit of initialization and dram controller first, u-boot and Android system mirror image is read DRAM from SD card.In order to ensure the safety of s-boot, we take the mode of a programming it to be together stored in iROM together with initial solidification code.U-boot is traditional bootloader module, is responsible for loading and the guiding of Android system.Other all codes of system, comprise u-boot and android and application program is all stored in SD card.
The unified interface function of the integrity measurement realized in s-boot and authentication module is:
bool?integrity_verification(unsigned?char?*input,int?len,unsigned?char?hash[32])
■ interface describes:
(1) parameter is read in: master routine entry address, master routine length, master routine reference value;
(2) rreturn value: true||false, whether representative is verified
Just can know entry address and the length of uboot or OS according to these parameters of reading in, also just can go according to these two parameters the integrity measurement value calculating whole master routine mirror image; It is apparent that there is a variety of mode can inform the memory location of carrying out the key code of integrity measurement and checking of s-boot required for it and length.As added the support to FAT file system format in s-boot, by SD card is formatted as FAT file system, configuration file is stored on SD card.S-boot to obtain memory location and the size of bootloader and OS by the configuration file in reading FAT file system, is then read the binary file of designated length to internal memory from assigned address, carries out integrity measurement and checking to it.As shown in Figure 3, in the present embodiment, we take the mode of subregion that SD card is divided into u-boot subregion and Android system mirrored partition.As shown in Figure 4, concrete steps are as follows for the detailed operational scheme of s-boot:
1) system jumps to the clean boot module s-boot memory location in iROM after power, performs s-boot clean boot module; Jump address is specifically set by the designer of hardware, will which jump to after determining start; Generally all can be designed to jump to OXOOOOOOO place, s-boot is placed on the position of redirect, i.e. address, OXOOOOOOOO place, this address is exactly generally the scope that iROM space comprises, i.e. a programming ROM;
2) first s-boot completes basic hardware initialization;
3) s-boot initialization SD card controller, makes system from SD card start-up;
4) s-boot initialization dram controller;
5) s-boot reads partition table from the sector of first SD card;
6) s-boot is according to the information of partition table, loads first subregion to DRAM, i.e. u-boot subregion;
7) s-boot carries out Hash operation process to u-boot subregion, calculates its integrity measurement value;
8) s-boot integrity measurement value step 7 calculated and the integrity reference value comparison of recording in advance, carries out integrity verification.If be proved to be successful, continue to load android operating system; Otherwise, force terminal resets;
9) if step 8 is proved to be successful, second subregion is loaded to DRAM according to the information of partition table, i.e. android operating system partition;
10) integrity measurement is carried out to the data on android operating system partition, namely utilize hash algorithm to calculate its cryptographic hash, obtain integrity measurement value;
11) integrity verification is carried out to Android system, compare by integrity measurement value and integrity reference value;
12) if be proved to be successful, perform boot, enter the normal Booting sequence of system, otherwise, force terminal resets.
This method is by the integrality of the disposable checking uboot of s-boot and kernel mirror image, and the guiding of the not responsible system of s-boot, the guiding work of system is still completed by uboot.
Claims (7)
1. a general intelligent terminal safe starting method, the steps include:
1) clean boot module s-boot is set in the start jump location of the iROM of intelligent terminal; Wherein preserve the integrity reference value of boot and the integrity reference value of operating system in s-boot;
2) perform s-boot after the start of this intelligent terminal, s-boot obtains the boot of this intelligent terminal and the memory location of operating system;
3) s-boot loads this boot, and carries out integrity measurement to it, obtains the integrity measurement value of this boot;
4) s-boot verifies this boot according to the integrity reference value of boot and the integrity measurement value of this boot, if the verification passes, then carries out step 5); Otherwise, force this resetting of intelligent terminal;
5) s-boot continues loading operation system, and carries out integrity measurement to it, obtains the integrity measurement value of this operating system;
6) s-boot verifies this operating system according to the integrity reference value of operating system and the integrity measurement value of this operating system, if the verification passes, then and Bootloader; Otherwise force this resetting of intelligent terminal.
2. the method for claim 1, is characterized in that the integrity reference value of described boot is by the cryptographic hash of the boot using the production firm of s-boot to precalculate out; The integrity reference value of described operating system is by the cryptographic hash of the operating system using the production firm of s-boot to precalculate out.
3. method as claimed in claim 1 or 2, is characterized in that arranging a unified interface function in described s-boot; S-boot completes integrity measurement to boot and checking by this unified interface function, and to the integrity measurement of operating system and checking; The parameter of reading in of described unified interface function comprises: master routine entry address, master routine length, master routine reference value; Wherein, master routine refers to boot or operating system.
4. method as claimed in claim 3, is characterized in that described s-boot is solidificated in the iROM of intelligent terminal by a programming mode.
5. method as claimed in claim 3, is characterized in that described s-boot obtains the memory location of its boot and operating system according to the Starting mode of intelligent terminal.
6. method as claimed in claim 5, is characterized in that described Starting mode is SD card start-up.
7. method as claimed in claim 6, is characterized in that described SD is arranged with boot subregion, operating system or operating system mirrored partition, is respectively used to store boot and operating system.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310303401.XA CN104298913B (en) | 2013-07-18 | 2013-07-18 | A kind of general intelligent terminal safe starting method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310303401.XA CN104298913B (en) | 2013-07-18 | 2013-07-18 | A kind of general intelligent terminal safe starting method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104298913A true CN104298913A (en) | 2015-01-21 |
CN104298913B CN104298913B (en) | 2018-01-09 |
Family
ID=52318636
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310303401.XA Active CN104298913B (en) | 2013-07-18 | 2013-07-18 | A kind of general intelligent terminal safe starting method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104298913B (en) |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104537302A (en) * | 2015-01-16 | 2015-04-22 | 宇龙计算机通信科技(深圳)有限公司 | Terminal safety starting method and device, and terminal |
CN104750532A (en) * | 2015-04-27 | 2015-07-01 | 东南大学 | Android-based dual-system land verification PAD (portable android device) and starting method |
CN105426750A (en) * | 2015-12-03 | 2016-03-23 | 致象尔微电子科技(上海)有限公司 | Startup method of embedded system, and embedded device |
CN106295318A (en) * | 2015-06-05 | 2017-01-04 | 北京壹人壹本信息科技有限公司 | A kind of system start-up bootstrap technique and device |
CN106529301A (en) * | 2016-09-28 | 2017-03-22 | 东软集团股份有限公司 | Method and device for controlling vehicle-mounted machine system, and vehicle-mounted machine system |
CN109445874A (en) * | 2018-11-15 | 2019-03-08 | 济南浪潮高新科技投资发展有限公司 | A kind of more activation systems and method with safety certification based on embedded Linux system |
CN109948327A (en) * | 2017-12-20 | 2019-06-28 | 北京可信华泰信息技术有限公司 | A kind of abnormality check method and terminal |
CN110543769A (en) * | 2019-08-29 | 2019-12-06 | 武汉大学 | Trusted starting method based on encrypted TF card |
WO2020125134A1 (en) * | 2018-12-19 | 2020-06-25 | Oppo广东移动通信有限公司 | Customized model tamper-proof method and apparatus, terminal device and storage medium |
CN111443950A (en) * | 2018-12-29 | 2020-07-24 | 北京奇虎科技有限公司 | Vehicle-mounted system safety starting method and vehicle-mounted system |
CN111723379A (en) * | 2020-06-18 | 2020-09-29 | 中国电力科学研究院有限公司 | Trusted protection method, system, equipment and storage medium for trusted platform zone intelligent terminal |
CN112464271A (en) * | 2021-01-27 | 2021-03-09 | 信联科技(南京)有限公司 | Method and system for constructing high-reliability execution environment of power Internet of things edge Internet of things agent |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101038556A (en) * | 2007-04-30 | 2007-09-19 | 中国科学院软件研究所 | Trusted bootstrap method and system thereof |
CN101295340A (en) * | 2008-06-20 | 2008-10-29 | 北京工业大学 | Credible platform module and active measurement method thereof |
-
2013
- 2013-07-18 CN CN201310303401.XA patent/CN104298913B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101038556A (en) * | 2007-04-30 | 2007-09-19 | 中国科学院软件研究所 | Trusted bootstrap method and system thereof |
CN101295340A (en) * | 2008-06-20 | 2008-10-29 | 北京工业大学 | Credible platform module and active measurement method thereof |
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104537302B (en) * | 2015-01-16 | 2017-12-12 | 宇龙计算机通信科技(深圳)有限公司 | A kind of safe starting method of terminal, device and terminal |
CN104537302A (en) * | 2015-01-16 | 2015-04-22 | 宇龙计算机通信科技(深圳)有限公司 | Terminal safety starting method and device, and terminal |
CN104750532A (en) * | 2015-04-27 | 2015-07-01 | 东南大学 | Android-based dual-system land verification PAD (portable android device) and starting method |
CN106295318A (en) * | 2015-06-05 | 2017-01-04 | 北京壹人壹本信息科技有限公司 | A kind of system start-up bootstrap technique and device |
CN105426750A (en) * | 2015-12-03 | 2016-03-23 | 致象尔微电子科技(上海)有限公司 | Startup method of embedded system, and embedded device |
CN106529301A (en) * | 2016-09-28 | 2017-03-22 | 东软集团股份有限公司 | Method and device for controlling vehicle-mounted machine system, and vehicle-mounted machine system |
CN106529301B (en) * | 2016-09-28 | 2020-02-21 | 东软集团股份有限公司 | Control method and device of vehicle-mounted machine system and vehicle-mounted machine system |
CN109948327A (en) * | 2017-12-20 | 2019-06-28 | 北京可信华泰信息技术有限公司 | A kind of abnormality check method and terminal |
CN109445874A (en) * | 2018-11-15 | 2019-03-08 | 济南浪潮高新科技投资发展有限公司 | A kind of more activation systems and method with safety certification based on embedded Linux system |
WO2020125134A1 (en) * | 2018-12-19 | 2020-06-25 | Oppo广东移动通信有限公司 | Customized model tamper-proof method and apparatus, terminal device and storage medium |
CN111443950A (en) * | 2018-12-29 | 2020-07-24 | 北京奇虎科技有限公司 | Vehicle-mounted system safety starting method and vehicle-mounted system |
CN110543769A (en) * | 2019-08-29 | 2019-12-06 | 武汉大学 | Trusted starting method based on encrypted TF card |
CN110543769B (en) * | 2019-08-29 | 2023-09-15 | 武汉大学 | Trusted starting method based on encrypted TF card |
CN111723379A (en) * | 2020-06-18 | 2020-09-29 | 中国电力科学研究院有限公司 | Trusted protection method, system, equipment and storage medium for trusted platform zone intelligent terminal |
CN111723379B (en) * | 2020-06-18 | 2024-03-19 | 中国电力科学研究院有限公司 | Trusted protection method, system, equipment and storage medium for trusted platform area intelligent terminal |
CN112464271A (en) * | 2021-01-27 | 2021-03-09 | 信联科技(南京)有限公司 | Method and system for constructing high-reliability execution environment of power Internet of things edge Internet of things agent |
Also Published As
Publication number | Publication date |
---|---|
CN104298913B (en) | 2018-01-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104298913A (en) | Universal safe intelligent terminal starting method | |
CN107025406B (en) | Motherboard, computer-readable storage device, and firmware verification method | |
KR101974188B1 (en) | Firmware-based trusted platform module for arm® trustzone™ implementations | |
EP3674954B1 (en) | Security control method and computer system | |
EP3098712B1 (en) | Credible kernel starting method and device | |
CN101515316B (en) | Trusted computing terminal and trusted computing method | |
Zaddach et al. | Embedded devices security and firmware reverse engineering | |
US8135945B2 (en) | Flexible boot methods for multi-processor devices | |
KR102324336B1 (en) | User device and integrity verification method for the same | |
US20170289193A1 (en) | Secure smart terminal and an information processing method | |
US11165572B2 (en) | Trusted measuring method, apparatus, system, storage medium, and computing device | |
CN103914658A (en) | Safe starting method of terminal equipment, and terminal equipment | |
CN105144185A (en) | Verifying controller code and system boot code | |
CN104572168A (en) | BIOS (Basic Input/Output System) self-updating protection system and BIOS self-updating protection method | |
US10489582B1 (en) | Firmware security vulnerability verification service | |
WO2013059782A1 (en) | Secure option rom control | |
CN109992973B (en) | Starting measurement method and device by using OPROM mechanism | |
CN111709032A (en) | Method, system, equipment and medium for realizing PFR function on multiple partitions | |
CN111159691A (en) | Dynamic credibility verification method and system for application program | |
CN110674494B (en) | Process protection method, system and data processing method | |
US10019577B2 (en) | Hardware hardened advanced threat protection | |
CN110515671B (en) | Initialization method, initialization device, terminal device and readable storage medium | |
EP3314416B1 (en) | Firmware block dispatch based on fuses | |
CN111966470B (en) | Loading method and device of virtual machine monitor and electronic equipment | |
US20220179962A1 (en) | Multi-domain boot and runtime status code drift detection |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |