The content of the invention
In view of the above the shortcomings that prior art, it is an object of the invention to provide a kind of secure startup system of terminal
And method, it is less to startup stage protection in the prior art for solving, and the problem of leak be present in security.
In order to achieve the above objects and other related objects, the present invention provides a kind of secure startup system of terminal, including:Text
Part load-on module, for after the terminal electrification reset, loading the process of the system file of the terminal;Memory module, use
In the storage system file;Load-on module is guided, the memory module completion loading is loaded for guiding;Safety verification mould
Block, for the content after checking memory module loading;System starting module, for starting security protocol while completing to grasp
Make the system loads of the terminal.
In one embodiment of the invention, the file load module, which is additionally operable to obtain from address set in advance, to be referred to
Order, so as to which solid condition apparatus are mapped on the address.
In one embodiment of the invention, the memory module includes:OTP unit;Initialized for the memory module
Afterwards, the value for storing the public key of the system file carries out the hash values after hash computings;Random memory unit;For the storage
After module initialization, the value of the public key is stored.
In one embodiment of the invention, the file load module is additionally operable to the mapping of inspection system internal memory, loading kernel
Image and file system image.
In one embodiment of the invention, in addition to:Digital Signature module, for the kernel image loaded to needs
And the file system image segmentation is digitally signed;After the secure verification module is additionally operable to segmentation loading, described in judgement
Whether the hash values in OTP unit are consistent with the matching result of the value of the public key in the random memory unit, and sentence
The value of the disconnected public key is digitally signed whether certification passes through;It is additionally operable to send above-mentioned judged result to the system and starts
Module;The system starting module decides whether secure startup system according to the judged result of the secure verification module.
The present invention also provides a kind of safe starting method of terminal, is related to the secure startup system of above-mentioned terminal, described
The safe starting method of terminal comprises the following steps:S1, the terminal electrification reset, the file load module load the end
The process of the system file at end;System file is completed in memory module loading described in S2, the bootstrap loader module booting;
S3, the secure verification module carry out safety verification;S4, the system starting module start security protocol and complete the end simultaneously
The system loads at end.
In one embodiment of the invention, the step S1 also includes step:Instruction is obtained from address set in advance,
So as to which solid condition apparatus are mapped on the address.
In one embodiment of the invention, the step S2 also includes step:S21, the memory module is carried out initially
Change;S22, the value for the public key for storing the system file carry out the hash values after hash computings to the OTP unit;S23, storage
The value of the public key is to the random memory unit.
In one embodiment of the invention, the step S2 also includes step:In the file load module inspection system
Deposit mapping;Load kernel image and file system image.
In one embodiment of the invention, the step S3 also includes step:S31, the Digital Signature module are to needing
The kernel image of loading and file system image segmentation are digitally signed, while are provided corresponding with private key public
Key;Hash values and the value of the initial public key after S32, the secure verification module load segmentation in the OTP unit
Matched, and whether judged result is consistent;If otherwise system loads fail;If so, then enter step S33;S33, judge institute
The value for stating public key is digitally signed whether certification passes through;If it is not, then system loads fail;If so, then the system starts mould
At first instruction of the kernel that the block control terminal jumps to the terminal;S34, held successively at first instruction
All instructions of row.
As described above, the secure startup system and method for the terminal of the present invention, have the advantages that:In digital signature
On the basis of, using OTP hardware and hash computings are combined, higher security is provided public key Puk, activation system is provided
More reliably ensure.
Embodiment
Illustrate embodiments of the present invention below by way of specific instantiation, those skilled in the art can be by this specification
Disclosed content understands other advantages and effect of the present invention easily.The present invention can also pass through specific realities different in addition
The mode of applying is embodied or practiced, the various details in this specification can also be based on different viewpoints with application, without departing from
Various modifications or alterations are carried out under the spirit of the present invention.It should be noted that in the case where not conflicting, following examples and implementation
Feature in example can be mutually combined.
It should be noted that the diagram provided in following examples only illustrates the basic structure of the present invention in a schematic way
Think, only show the component relevant with the present invention in schema then rather than according to component count, shape and the size during actual implement
Draw, kenel, quantity and the ratio of each component can be a kind of random change during its actual implementation, and its assembly layout kenel
It is likely more complexity.
Referring to Fig. 1, Fig. 1 is shown as the module square frame signal in an embodiment of the secure startup system of terminal of the present invention
Figure.The present invention provides a kind of secure startup system of terminal, including:File load module 10, for after terminal electrification reset,
Load the process of the system file of terminal;Memory module 20, for storage system file;Load-on module 30 is guided, for guiding
Load store module completes loading;Secure verification module 40, for the content after checking memory module loading;System starts mould
Block 50, for starting security protocol while completing to operate the system loads of terminal.
Further, file load module 10 is additionally operable to obtain instruction from address set in advance, so as to which solid-state be set
It is standby to be mapped on address.In one embodiment of the invention, memory module 20 includes:OTP (one-time-programmable) is single
Member 201;After being initialized for memory module, the value of the public key of storage system file carries out the hash after hash (Hash) computing
Value;Random memory unit 202;After being initialized for memory module, the value of storage of public keys.In general, pass through RSA-PSS algorithms
Public key (Puk) length of production is more than 1024.Therefore, in order to reduce OTP use, SOC cost is reduced, the present invention is to public affairs
Key (Puk) carries out hash (Hash) computing, obtains length less hash (Hash) value, and so, public key (Puk) can be with storage
In the relatively low Off-soc of security, and hash (Hash) value of public key (Puk) is deposited in OTP.It can only be write using OTP
Ardware feature once, multiple OTP are integrated in Soc, to deposit public key (Puk) hash (Hash) value, to ensure public key
(Puk) security.
File load module 10 is additionally operable to the mapping of inspection system internal memory, loading kernel image and file system image.Terminal
Secure startup system also include Digital Signature module 60, for being segmented to the kernel image that loads of needs and file system image
It is digitally signed.The embedded device manufacturer of usual trust is signed by private key (Prk) to system image (image)
Name, meanwhile, the public key (Puk) that one and private key (Prk) pairing are provided in equipment is digitally signed checking.It is basic herein
On, embedded device manufacturer can be segmented to file system image (image), i.e., by multistage digital signature, to protect
File load module 10 is all loaded with correct system image at each section when card system starts.
After secure verification module 40 is additionally operable to segmentation loading, hash values and the random memory unit in OTP unit 201 are judged
Whether the matching result of the value of the public key in 202 is consistent, and judges that the value of public key is digitally signed whether certification passes through;Also
For above-mentioned judged result to be sent to system starting module;System starting module 50 is according to the judged result of secure verification module
Decide whether secure startup system.When the value for judging the public key in the hash values in OTP unit 201 and random memory unit 202
Matching result is inconsistent or the value of public key be digitally signed certification not over when, system loads failure.When judging OTP
Hash values in unit 201 are consistent with the matching result of the value of the public key in random memory unit 202 and the value of person's public key is carried out
Digital signature identification by when, kernel image (kernel image) and file system image are correctly loaded in monitored mode, and terminal jumps to
At first instruction of the kernel of terminal;Perform all instructions successively at first instruction, after all instructions have performed, system
Clean boot.
Present invention also offers a kind of safe starting method of terminal, it is related to the secure startup system of the above-mentioned terminal stated,
As shown in Fig. 2 Fig. 2 is shown as the process blocks schematic diagram in an embodiment of the safe starting method of terminal of the present invention.This hair
In a bright embodiment, the safe starting method of terminal comprises the following steps:S1, terminal electrification reset, file load module 10
Load the process of the system file of terminal;S2, bootstrap loader module 30 guide the loading of memory module 20 to complete system file;
S3, secure verification module 40 carry out safety verification;S4, system starting module 50 start the system that security protocol completes terminal simultaneously
Loading.
In another embodiment of the invention, the safe starting method of terminal comprises the following steps:Replied by cable on S1, terminal
Position, file load module 10 load the process of the system file of terminal;File load module 10 obtains from address set in advance
Instruction fetch, so as to which solid condition apparatus are mapped on address.After system electrification or reset, all CPU are generally from some by CPU
Instruction fetch on the prearranged address of manufacturer.Such as:After cpu reset, generally all from address, 0x00000000 takes its first
Bar instructs.And the embedded system based on CPU structures is usually constructed with certain type of solid condition apparatus (such as:ROM, EEPROM or
FLASH etc.) it is mapped on this prearranged address.Therefore, system electrification or reset after, CPU will be first carried out from ROM
The program of file load module 10, in this process file load module 10 hardware device is initialized, prepare it is required
Ram, load, jump to the entry address needed for next step.Up to the present, it is substantially safety that system, which starts, because rom can
It will not be changed with the code ensured in file load module 10.
As shown in figure 3, Fig. 3 is shown as the stream of the step S2 in another embodiment of the safe starting method of terminal of the present invention
Journey block diagram.S2, bootstrap loader module 30 guide the loading of memory module 20 to complete system file;File load module
10 inspection system internal memories map;Load kernel image and file system image.Wherein, step S2 also includes step:S21, to depositing
Storage module 20 is initialized;S22, the value of public key of storage system file carry out the hash values after hash computings to OTP unit
201;S23, the value of storage of public keys are to random memory unit 202.In loading procedure, Installed System Memory mapping is first checked for, is then added
Carry kernel image and file system image.Because the code of the program of file load module 10 is in ram, it is meant that it has can
It is able to can be changed, the kernel iamge and file system Image for causing loading to be crossed by malicious modification.By to required loading
Image segmentation carry out RSA digital signature, meanwhile, left in equipment with Prk pairing Puk.Due to being given birth to by RSA-PSS
Into Puk length be usually more than 1024bit, Soc size, power consumption, cost can be brought in depositing respectively into OTP bigger
Influence.Therefore, 32bit hash values are obtained by carrying out hash computings to each Puk, then Puk hash values is preserved respectively
In OTP.Meanwhile OTP can be integrated into Soc to provide more reliably security, and the storage that Puk is stored in outside Soc
In device, such as flash etc..
As shown in figure 4, Fig. 4 is shown as the stream of the step S3 in another embodiment of the safe starting method of terminal of the present invention
Journey block diagram.S3, secure verification module carry out safety verification;Wherein, step S3 also includes step:S31, digital signature mould
Kernel image and the file system image segmentation that block loads to needs are digitally signed, while are provided corresponding with private key public
Key;Hash values after S32, secure verification module load segmentation in OTP unit are matched with the value of initial public key, and are sentenced
Whether disconnected result is consistent;If otherwise system loads fail;If so, then enter step S33;S33, judge that the value of public key carries out numeral
Whether signature authentication passes through;If it is not, then system loads fail;If so, then system starting module control terminal jumps to terminal
At first instruction of kernel;S34, all instructions are performed successively at first instruction.
During loading system is segmented, hash fortune is carried out with corresponding Puk by the hash values being stored in OTP respectively
It is compared, if unanimously, illustrating that Puk is not verified by malicious modification, Puk.Then, numeral is carried out by this Puk
Signature authentication, if by illustrating that this segmentation Image not by malicious modification, is verified.All segmentation image checking
By rear, kernel image and file system image are correctly loaded in monitored mode.Finally, first instruction of kernel is jumped directly to
Place is performed, and all instructions are performed successively at first instruction.All instructions enter step S4 after having performed.
S4, system starting module start the system loads that security protocol completes terminal simultaneously, safety startup of system.
In summary, it is of the invention, on the basis of digital signature, using OTP hardware and hash computings are combined, to public key
Puk provides higher security, and activation system is provided and more reliably ensured.So the present invention effectively overcomes existing skill
Various shortcoming in art and have high industrial utilization.
The above-described embodiments merely illustrate the principles and effects of the present invention, not for the limitation present invention.It is any ripe
Know the personage of this technology all can carry out modifications and changes under the spirit and scope without prejudice to the present invention to above-described embodiment.Cause
This, those of ordinary skill in the art is complete without departing from disclosed spirit and institute under technological thought such as
Into all equivalent modifications or change, should by the present invention claim be covered.