CN104298913B - A kind of general intelligent terminal safe starting method - Google Patents
A kind of general intelligent terminal safe starting method Download PDFInfo
- Publication number
- CN104298913B CN104298913B CN201310303401.XA CN201310303401A CN104298913B CN 104298913 B CN104298913 B CN 104298913B CN 201310303401 A CN201310303401 A CN 201310303401A CN 104298913 B CN104298913 B CN 104298913B
- Authority
- CN
- China
- Prior art keywords
- boot
- bootstrap
- operating system
- intelligent terminal
- integrity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses a kind of general intelligent terminal safe starting method.This method is:1)In intelligent terminal start jump location, clean boot module s boot are set;Wherein preserve the integrity reference value of bootstrap and the integrity reference value of operating system;2)S boot are performed after intelligent terminal start, obtain the bootstrap of the intelligent terminal and the storage location of operating system;3)S boot load the bootstrap, obtain the integrity measurement value of the bootstrap, the bootstrap is verified, if checking is not by forcing the resetting of intelligent terminal;If the verification passes, then continue loading operation system, and integrity measurement is carried out to it, obtain the integrity measurement value of the operating system, the operating system is verified, if the verification passes, then Bootloader;Otherwise the resetting of intelligent terminal is forced.Other changes need not be made on terminal device, you can to ensure the secure launch process of system.
Description
Technical field
The invention belongs to mobile terminal safety field, the clean boot solution of mobile intelligent terminal is related generally to, more
It is precisely that and is related to a kind of general safe starting method, is intended for diversified mobile terminal device and flexile outer
Establishing is put, and the safety problem such as can effectively solve to escape from prison.
Background technology
In recent years, with mobile intelligent terminals such as the fast development of integrated circuit technique, smart mobile phone, tablet personal computers
Possess extremely powerful disposal ability, its storage capacity, computing capability, the speed of service, which are obtained for, significantly to be lifted.Along with
Transformation of the mobile intelligent terminal from function machine to intelligent machine, mobile terminal operating system arise at the historic moment.Intelligent terminal operation system
No longer to provide call management as main purpose, and be to provide one include call management, Entertainment, office account etc. it is all kinds of
Running environment including application software, intelligence degree are increasingly constantly close to desktop PC operating systems.Mobile intelligent terminal is grasped
The fast development for making system causes all kinds of the Internet, applications also to be migrated therewith to mobile intelligent terminal, and mobile Internet application layer goes out
It is not poor, become increasingly prosperous.
The prosperity of the popularization of mobile intelligent terminal and mobile Internet application causes increasing user by mobile intelligence
Can all kinds of security sensitive business of terminal processes.Therefore, it is quick to be more and more related to business secret and individual privacy etc. for mobile terminal
Feel information, so as to cause mobile terminal to be faced with various security threats, such as steal accounts information, monitor call.Wherein, escape from prison
As a kind of specific safety threat for mobile intelligent terminal, there is extremely strong destructive power.Escape from prison and obtain root authority, dislike
Meaning software can do anything after escaping from prison.Such as android system is built based on linux kernel, root user
Have systematic highest authority, can access and change file all on mobile terminal after escaping from prison.For the end after escaping from prison
End equipment, all security mechanisms run thereon can be bypassed, and the security architecture and mechanism of operating system level are just as void
If so that current intelligent mobile terminal faces serious potential security threat.And solve escape from prison problem one of them effectively way
Footpath is exactly the integrality for protecting intelligent terminal operation system.
At present, traditional PC trust chain technology has been gradually improved, and trust chain can effectively protect the complete of system mode
This viewpoint of property has been commonly recognized.Therefore, we can will establish this technical thought of trust chain and be incorporated into intelligence on traditional PC
It can come in terminal.It is personalized very strong but relative to traditional PC, mobile terminal is more flexible, software systems therein and hard
The combination of part closely, will typically be directed to the transplanting that hardware carries out system, even in same brand, with a series of product
It is also required to constantly be modified according to the change and increase and decrease of system hardware.So design one kind is towards with varied system
It is a significant challenge that the universal safety in the mobile intelligent terminal field of framework and external equipment, which starts scheme,.
The content of the invention
It is an object of the invention to provide the intelligent operating system run on a kind of effective approach protection mobile intelligent terminal
Integrality, structure trusts, Malware checked from source and is escaped from prison the powerful destructive power brought afterwards, while can be operation
The security mechanism that system kernel provides provides guarantee.
In order to achieve the above object, the present invention proposes a kind of general intelligent terminal safe starting method, is powered up in system
Moment is to introduce integrity verification mechanism, load operating entity in guarantee system(Including bootstrap and operating system)It is complete
Property is not destroyed, as shown in figure 1, its step is as follows:
1)The ROM first in piece, i.e., clean boot module s-boot, s-boot are set at iROM start jump address
In preserve the integrity reference value of bootstrap and the integrity reference value of operating system, integrity reference value is by using s-
The correct cryptographic Hash that boot production firm precalculates out.S-boot is stored in iROM in a manner of a programming,
It can ensure that s-boot is not distorted by rogue program, keep its integrality.System performs s-boot after power, i.e., safety opens
Dynamic model block;
2)S-boot initializes the hardware of system first;
3)S-boot judges the Starting mode of terminal device;
4)Selected to obtain the bootstrap of terminal device and the storage location of operating system according to the Starting mode of equipment;
5)Bootstrap is loaded from corresponding storage device;
6)Integrity measurement is carried out to bootstrap, i.e., the cryptographic Hash of bootstrap is calculated using hash algorithm;
7)Integrity verification is carried out to bootstrap, i.e., integrity measurement value and integrity reference value are compared;
8)If be proved to be successful, continue loading operation system;Otherwise, terminal resets are forced, that is, allow system not started
Come;
9)From corresponding storage device loading operation system;
10)Integrity measurement is carried out to operating system, i.e., the cryptographic Hash of operating system is calculated using hash algorithm;
11)Integrity verification is carried out to operating system, i.e., integrity measurement value and integrity reference value are compared;
12)If be proved to be successful, into the normal Booting sequence of system;Otherwise, terminal resets are forced.
Beneficial effects of the present invention:
The method that traditional PC typically takes chain type when chain is built, system control is being passed into next module
Before, next starting module is measured first.This also implies that each run entity on guiding chain is required for
Change to support credible startup.Present patent application only adds clean boot module in systems, is guided after being powered up as system
First run entity, as starting point is trusted, integrity measurement and checking are uniformly carried out to other entities on guiding chain, reduced
Modification to system, while shorten the length of trust chain.Other changes need not be made on terminal device, it is only necessary to load peace
Full starting module, you can to ensure the secure launch process of system.
In addition, mobile intelligent terminal for traditional PC, has and differed greatly from.First, processor architecture is a variety of
Various, processor system more popular at present has ARM, MIPS, PowerPC etc.;Secondly, same processor framework has a variety of
Different series, to handle due to the flexibility in mobile intelligent terminal field and with wide family these features of crowd's coverage rate
The model of device is numerous and diverse various, and each processor has different series to provide relatively unique performance to meet that different application is led
The demand in domain;Again, peripheral hardware is flexible and changeable, and due to the particularity in mobile intelligent terminal field, the configuration of peripheral hardware is also very flexible,
Different production firms can need to encapsulate different number of pin according to different, use different external memory etc..Due to upper
Feature is stated, it is also that species is various to run superincumbent bootstrap and operating system, and such as popular bootstrap has
Uboot, vivi, redboot, blob etc., and common operating system such as android, ios, windows mobile,
Symbian etc..This flexible and changeable characteristic to support clean boot to lack unified interface.The safety of present patent application
Starting module provides for this unified interface, i.e., need not be concerned about run on terminal device be which kind of bootstrap or
Operating system, it is only necessary to according to the incoming parameter of unified interface requirement of clean boot module.
Brief description of the drawings
Fig. 1 is the clean boot flow chart of the inventive method;
Fig. 2 is that sample architecture figure is implemented in clean boot;
Fig. 3 is that exemplary flowchart is implemented in clean boot;
Fig. 4 is that example detail flowchart is implemented in clean boot.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is further described,
It is understood that described embodiment is only part of the embodiment of the present invention, rather than whole embodiments.Based on this
Embodiment in invention, the every other implementation that those skilled in the art are obtained under the premise of creative work is not made
Example, belongs to the scope of protection of the invention.
The system architecture for the embodiment that present patent application provides is as shown in Fig. 2 ROM, i.e. iROM include clean boot in piece
Module s-boot.S-boot is stored in iROM in a manner of a programming, can ensure that s-boot is not usurped by rogue program
Change, keep its integrality.Ram in slice, i.e. iRAM, it is the static RAM of low capacity.DRAM and External memory equipment(Such as nand
Flash, SD card etc.)It is attached by the controller on piece.
S-boot is safe guiding module, main other important modules being responsible for system, such as u-boot, android systems
Mirror image etc. of uniting carries out integrity measurement, to ensure the credible of charging assembly.First, the integrity reference value provided using s-boot
Calculation procedure carries out Hash calculation to the u-boot and Android system mirror image that are used in the present embodiment, obtains corresponding complete
Property reference value.Then, the ardware model number of the present embodiment and the integrity reference value above calculated are added in option is compiled, is compiled
Translate and generate final s-boot mirror images.The Starting mode of system is started from SD card in the present embodiment, and s-boot is initialized first
Corresponding external equipment and dram controller, u-boot and Android system mirror image are read in DRAM from SD card.In order to protect
S-boot safety is demonstrate,proved, we take the mode of a programming to be together stored in it in iROM together with initial solidification code.u-
Boot is traditional bootloader modules, is responsible for the loading and guiding of Android system.Other all codes of system, bag
Include u-boot and android and application program is stored in SD card.
The integrity measurement and the unified interface function of authentication module realized in s-boot be:
Bool integrity_verification (unsigned char * input, int len, unsigned
char hash[32])
■ interfaces describe:
(1) parameter is read in:Main program entry address, main program length, main program reference value;
(2) return value:True | | whether false, representative are verified
According to the parameter of these readings it is known that uboot or OS entry address and length, also just can according to this two
Individual parameter goes to calculate the integrity measurement value of whole main program mirror image;It is apparent that there are a variety of modes it is possible to notify that s-boot
The storage location and length that carry out integrity measurement and the key code of checking required for it.The addition pair such as in s-boot
The support of FAT file system form, by the way that SD card is formatted as into FAT file system, configuration file is stored in SD card.s-
Boot is by reading the configuration file on FAT file system to obtain bootloader and OS storage location and size, then
The binary file of designated length is read from specified location to internal memory, integrity measurement and checking are carried out to it.Such as Fig. 3 institutes
Show, in the present embodiment, we take the mode of subregion that SD card is divided into u-boot subregions and Android system mirrored partition.s-
Boot detailed operational process is as shown in figure 4, comprise the following steps that:
1) the clean boot module s-boot storage locations that system jumps in iROM after power, s-boot safety is performed
Starting module;Jump address is specifically set by the designer of hardware, and which to jump to after determining start;Generally it can all set
Be calculated as jumping at OXOOOOOOO, s-boot is placed on to the opening position redirected, i.e., address at OXOOOOOOOO, this address one
As in the case of be exactly scope that iROM spaces are included, i.e. a programming ROM;
2) s-boot completes basic hardware initialization first;
3) s-boot initializes SD card controller, system is started from SD card;
4) s-boot initializes dram controller;
5) s-boot reads partition table from first sector in SD card;
6) s-boot loads first subregion to DRAM, i.e. u-boot subregions according to the information of partition table;
7) s-boot carries out Hash operation processing to u-boot subregions, calculates its integrity measurement value;
8) s-boot compares integrity measurement value that step 7 is calculated and the integrity reference value recorded in advance, enters
Row integrity verification.If be proved to be successful, continue to load android operating systems;Otherwise, terminal resets are forced;
If 9) step 8 is proved to be successful, second subregion is loaded according to the information of partition table and grasped to DRAM, i.e. android
Make system partitioning;
10) integrity measurement is carried out to the data on android operating system partitions, i.e., calculates its Kazakhstan using hash algorithm
Uncommon value, obtains integrity measurement value;
11) integrity verification is carried out to Android system, i.e., compared integrity measurement value and integrity reference value
It is right;
If 12) be proved to be successful, bootstrap is performed, into the normal Booting sequence of system, otherwise, forces terminal to be answered
Position.
This method can disposably verify the integrality of uboot and kernel mirror image, the not responsible systems of s-boot by s-boot
Guiding, the guiding work of system still completed by uboot.
Claims (7)
1. a kind of general intelligent terminal safe starting method, its step are:
1)In the iROM of intelligent terminal start jump location, clean boot module s-boot is set;Preserved in wherein s-boot
The integrity reference value of bootstrap and the integrity reference value of operating system;
2)S-boot is performed after intelligent terminal start, s-boot obtains the bootstrap of the intelligent terminal and depositing for operating system
Storage space is put;
3)S-boot loads the bootstrap, and carries out integrity measurement to it, obtains the integrity measurement value of the bootstrap;
4)S-boot is according to the integrity reference value of bootstrap and the integrity measurement value of the bootstrap to the bootstrap
Verified, if the verification passes, then carry out step 5);Otherwise, the resetting of intelligent terminal is forced;
5)S-boot continues loading operation system, and carries out integrity measurement to it, obtains the integrity measurement of the operating system
Value;
6)S-boot is according to the integrity reference value of operating system and the integrity measurement value of the operating system to the operating system
Verified, if the verification passes, then Bootloader;Otherwise the resetting of intelligent terminal is forced.
2. the method as described in claim 1, it is characterised in that the integrity reference value of the bootstrap is by using s-
The cryptographic Hash for the bootstrap that boot production firm precalculates out;The integrity reference value of the operating system is by making
The cryptographic Hash for the operating system for precalculating out with s-boot production firm.
3. method as claimed in claim 1 or 2, it is characterised in that a unified interface function is set in the s-boot;s-
Boot completes the integrity measurement to bootstrap and checking, and the integrality to operating system by the unified interface function
Measurement and checking;The reading parameter of the unified interface function includes:Main program entry address, main program length, main program ginseng
Examine value;Wherein, main program refers to bootstrap or operating system.
4. method as claimed in claim 3, it is characterised in that the s-boot is solidificated in intelligent end by a programming mode
In the iROM at end.
5. method as claimed in claim 3, it is characterised in that the s-boot obtains it according to the Starting mode of intelligent terminal
The storage location of bootstrap and operating system.
6. method as claimed in claim 5, it is characterised in that the Starting mode starts for SD card.
7. method as claimed in claim 6, it is characterised in that the SD card is provided with bootstrap subregion, operating system or operation
System image subregion, it is respectively used to store bootstrap and operating system.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310303401.XA CN104298913B (en) | 2013-07-18 | 2013-07-18 | A kind of general intelligent terminal safe starting method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310303401.XA CN104298913B (en) | 2013-07-18 | 2013-07-18 | A kind of general intelligent terminal safe starting method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104298913A CN104298913A (en) | 2015-01-21 |
CN104298913B true CN104298913B (en) | 2018-01-09 |
Family
ID=52318636
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310303401.XA Active CN104298913B (en) | 2013-07-18 | 2013-07-18 | A kind of general intelligent terminal safe starting method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104298913B (en) |
Families Citing this family (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104537302B (en) * | 2015-01-16 | 2017-12-12 | 宇龙计算机通信科技(深圳)有限公司 | A kind of safe starting method of terminal, device and terminal |
CN104750532A (en) * | 2015-04-27 | 2015-07-01 | 东南大学 | Android-based dual-system land verification PAD (portable android device) and starting method |
CN106295318A (en) * | 2015-06-05 | 2017-01-04 | 北京壹人壹本信息科技有限公司 | A kind of system start-up bootstrap technique and device |
CN105426750A (en) * | 2015-12-03 | 2016-03-23 | 致象尔微电子科技(上海)有限公司 | Startup method of embedded system, and embedded device |
CN106529301B (en) * | 2016-09-28 | 2020-02-21 | 东软集团股份有限公司 | Control method and device of vehicle-mounted machine system and vehicle-mounted machine system |
CN109948327A (en) * | 2017-12-20 | 2019-06-28 | 北京可信华泰信息技术有限公司 | A kind of abnormality check method and terminal |
CN109445874A (en) * | 2018-11-15 | 2019-03-08 | 济南浪潮高新科技投资发展有限公司 | A kind of more activation systems and method with safety certification based on embedded Linux system |
CN109684839A (en) * | 2018-12-19 | 2019-04-26 | Oppo广东移动通信有限公司 | Self-definition model tamper resistant method, device, terminal device and storage medium |
CN111443950A (en) * | 2018-12-29 | 2020-07-24 | 北京奇虎科技有限公司 | Vehicle-mounted system safety starting method and vehicle-mounted system |
CN110543769B (en) * | 2019-08-29 | 2023-09-15 | 武汉大学 | Trusted starting method based on encrypted TF card |
CN111723379B (en) * | 2020-06-18 | 2024-03-19 | 中国电力科学研究院有限公司 | Trusted protection method, system, equipment and storage medium for trusted platform area intelligent terminal |
CN112464271B (en) * | 2021-01-27 | 2021-05-04 | 信联科技(南京)有限公司 | Method and system for constructing high-reliability execution environment of power Internet of things edge Internet of things agent |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101038556A (en) * | 2007-04-30 | 2007-09-19 | 中国科学院软件研究所 | Trusted bootstrap method and system thereof |
CN101295340A (en) * | 2008-06-20 | 2008-10-29 | 北京工业大学 | Credible platform module and active measurement method thereof |
-
2013
- 2013-07-18 CN CN201310303401.XA patent/CN104298913B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101038556A (en) * | 2007-04-30 | 2007-09-19 | 中国科学院软件研究所 | Trusted bootstrap method and system thereof |
CN101295340A (en) * | 2008-06-20 | 2008-10-29 | 北京工业大学 | Credible platform module and active measurement method thereof |
Also Published As
Publication number | Publication date |
---|---|
CN104298913A (en) | 2015-01-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104298913B (en) | A kind of general intelligent terminal safe starting method | |
JP6053786B2 (en) | Firmware-based Trusted Platform Module (TPM) for ARM® Trust Zone implementation | |
KR101702289B1 (en) | Continuation of trust for platform boot firmware | |
Wang et al. | Exploiting smart-phone usb connectivity for fun and profit | |
EP2795829B1 (en) | Cryptographic system and methodology for securing software cryptography | |
US20090132816A1 (en) | PC on USB drive or cell phone | |
CN111159691B (en) | Dynamic credibility verification method and system for application program | |
US9881158B2 (en) | Secure option ROM control | |
US8935793B2 (en) | Hygienic charging station for mobile device security | |
US9111089B1 (en) | Systems and methods for safely executing programs | |
US11165572B2 (en) | Trusted measuring method, apparatus, system, storage medium, and computing device | |
CN107908977B (en) | TrustZone-based intelligent mobile terminal trust chain security transmission method and system | |
CN106778337B (en) | Document protection method, device and terminal | |
CN106096418B (en) | SELinux-based startup security level selection method and device and terminal equipment | |
CN106909848A (en) | A kind of computer security strengthening system and its method based on BIOS extensions | |
CN110674494B (en) | Process protection method, system and data processing method | |
CN109190411A (en) | A kind of active safety means of defence, system and the terminal device of operating system | |
CN109523261A (en) | Transaction verification method, relevant apparatus and the readable storage medium storing program for executing of block chain terminal | |
WO2022078366A1 (en) | Application protection method and apparatus, device and medium | |
CN104346572A (en) | Construction method of universal external intelligent terminal safety operation environment | |
JP6174247B2 (en) | Program integrity verification method using hash | |
WO2011055290A2 (en) | Method and apparatus for providing a fast and secure boot process | |
CN108171063A (en) | Method, terminal and the computer readable storage medium of access safety element | |
CN110543769B (en) | Trusted starting method based on encrypted TF card | |
CN107368738A (en) | A kind of anti-Root method and devices of smart machine |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |