CN106295363A - Startup calibration method and device - Google Patents

Startup calibration method and device Download PDF

Info

Publication number
CN106295363A
CN106295363A CN201610620662.8A CN201610620662A CN106295363A CN 106295363 A CN106295363 A CN 106295363A CN 201610620662 A CN201610620662 A CN 201610620662A CN 106295363 A CN106295363 A CN 106295363A
Authority
CN
China
Prior art keywords
terminal
layer
signature
public key
verification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610620662.8A
Other languages
Chinese (zh)
Other versions
CN106295363B (en
Inventor
梁博
于淼
赵亚帆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Xiaomi Mobile Software Co Ltd
Original Assignee
Beijing Xiaomi Mobile Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Xiaomi Mobile Software Co Ltd filed Critical Beijing Xiaomi Mobile Software Co Ltd
Priority to CN201610620662.8A priority Critical patent/CN106295363B/en
Publication of CN106295363A publication Critical patent/CN106295363A/en
Application granted granted Critical
Publication of CN106295363B publication Critical patent/CN106295363B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

本公开揭示了一种开机校验方法及装置,属于嵌入式技术领域。所述方法包括:检测终端是否为非测试用终端,当确定终端为非测试用终端时,通过Kernel层使用公钥对签名进行校验,签名是根据与公钥不匹配的私钥生成的签名,在校验失败时,指示结束校验;解决了终端因为运行测试版本的Rom包导致安全性较低的问题;通过在终端中设置一套匹配的密钥和一套不匹配的密钥,达到了非测试用终端由于校验失败而无法成功启动,保证了终端的安全性的效果。

The disclosure discloses a power-on verification method and device, which belong to the field of embedded technology. The method includes: detecting whether the terminal is a non-test terminal, and when it is determined that the terminal is a non-test terminal, verifying the signature through the Kernel layer using a public key, and the signature is a signature generated according to a private key that does not match the public key , when the verification fails, it indicates the end of the verification; solves the problem of low security caused by running the test version of the Rom package in the terminal; by setting a set of matching keys and a set of non-matching keys in the terminal, It achieves the effect that the non-test terminal cannot be successfully started due to verification failure, and the security of the terminal is guaranteed.

Description

开机校验方法及装置Power-on verification method and device

技术领域technical field

本公开涉及嵌入式技术领域,特别涉及一种开机校验方法及装置。The present disclosure relates to the field of embedded technology, in particular to a method and device for power-on verification.

背景技术Background technique

Android(安卓)系统是一种以Linux为基础的开放源代码的操作系统,Android系统的系统源码可以被打包成为Rom image(ReadOnlyMemory image,只读存储器镜像),Romimage也被称为Rom包。当Rom包被写入手机或者平板电脑等终端的Rom中时,终端通过加载该Rom包运行该Rom包中的系统源码。Android (Android) system is a kind of open source operating system based on Linux, and the system source code of Android system can be packaged into Rom image (ReadOnlyMemory image, read-only memory image), and Romimage is also called Rom package. When the Rom package is written into the Rom of a terminal such as a mobile phone or a tablet computer, the terminal runs the system source code in the Rom package by loading the Rom package.

目前的Rom包主要分为官方版本和测试版本两种,Rom中存储有官方版本的Rom包的终端的文件系统通常不支持root(超级用户)权限,Rom中存储有测试版本的Rom包的终端的文件系统通常支持root权限,其中,root拥有系统的最高权限,因此当用户所使用的终端中的Rom中安装有测试版本的Rom时,终端中的任何一个应用程序都可以获取到root权限,并通过root权限来读取终端中存储的用户的隐私数据。The current Rom package is mainly divided into two types: official version and test version. The file system of the terminal with the official version of the Rom package stored in the Rom usually does not support root (super user) permissions, and the terminal with the test version of the Rom package stored in the Rom The file system usually supports root privileges, where root has the highest privileges of the system, so when the Rom of the test version is installed in the terminal used by the user, any application in the terminal can obtain root privileges, And use the root authority to read the user's private data stored in the terminal.

发明内容Contents of the invention

为了解决终端因为运行测试版本的Rom导致安全性较低的问题,本公开提供一种开机校验方法及装置。所述技术方案如下:In order to solve the problem of low security of a terminal caused by running a test version of Rom, the present disclosure provides a method and device for power-on verification. Described technical scheme is as follows:

根据本公开实施例的第一方面,提供一种开机校验方法,该方法用于终端中,该终端中至少包括硬件层、Kernel(内核)层、Bootloader(启动装载)层和文件系统层,Kernel层中存储有公钥,Bootloader层携带有签名,该方法包括:According to the first aspect of the embodiments of the present disclosure, there is provided a boot-up verification method, the method is used in a terminal, and the terminal at least includes a hardware layer, a Kernel (kernel) layer, a Bootloader (boot loader) layer, and a file system layer, The public key is stored in the Kernel layer, and the Bootloader layer carries a signature. The method includes:

检测终端是否为非测试用终端;Detect whether the terminal is a non-test terminal;

当确定终端为非测试用终端时,则通过Kernel层使用公钥对签名进行校验,签名是根据私钥生成的签名,私钥与公钥不匹配,在校验失败时,指示结束校验。When it is determined that the terminal is not a test terminal, the signature is verified using the public key through the Kernel layer. The signature is a signature generated based on the private key. The private key does not match the public key. When the verification fails, it is instructed to end the verification .

可选的,检测终端是否为非测试用终端,包括:Optionally, detecting whether the terminal is a non-test terminal includes:

检测终端中是否包含预设电路结构,预设电路结构用于表示终端是测试用终端;Detecting whether the terminal contains a preset circuit structure, the preset circuit structure is used to indicate that the terminal is a terminal for testing;

若终端中不包含预设电路结构,则确定终端为非测试用终端。If the terminal does not include the preset circuit structure, it is determined that the terminal is not a terminal for testing.

可选的,检测终端中是否包含预设电路结构,包括:Optionally, detect whether the terminal contains a preset circuit structure, including:

检测硬件层的可信区域中是否包含预设电路结构,可信区域是硬件层中禁止被应用程序直接访问的区域。Detect whether a preset circuit structure is included in the trusted area of the hardware layer. The trusted area is an area in the hardware layer that is prohibited from being directly accessed by applications.

可选的,检测终端是否为非测试用终端,包括:Optionally, detecting whether the terminal is a non-test terminal includes:

检测终端中是否包含预设标识,预设标识为用于表示终端为测试用终端的标识;Detecting whether the terminal contains a preset identifier, where the preset identifier is an identifier used to indicate that the terminal is a terminal for testing;

若终端中不包含预设标识,则确定终端为非测试用终端。If the terminal does not contain the preset identifier, it is determined that the terminal is not a terminal for testing.

可选的,检测终端中是否包含预设标识,包括:Optionally, detect whether the terminal contains a preset identifier, including:

检测硬件层的可信存储区域中是否包含预设标识,可信存储区域是硬件层中禁止被应用程序直接访问的区域。Detect whether a preset identifier is included in the trusted storage area of the hardware layer. The trusted storage area is an area in the hardware layer that is prohibited from being directly accessed by applications.

根据本公开实施例的第二方面,提供一种开机校验装置,用于终端中,终端中至少包括硬件层、Kernel层、Bootloader层和文件系统层,Kernel层中存储有公钥,Bootloader层携带有签名,该装置包括:According to the second aspect of the embodiments of the present disclosure, a boot verification device is provided, which is used in a terminal. The terminal includes at least a hardware layer, a Kernel layer, a Bootloader layer, and a file system layer. The Kernel layer stores a public key, and the Bootloader layer Carrying a signature, the device consists of:

检测模块,被配置为检测终端是否为非测试用终端;a detection module configured to detect whether the terminal is a non-test terminal;

校验模块,被配置为在终端为非测试用终端时,则通过Kernel层使用公钥对签名进行校验,签名是根据私钥生成的签名,私钥与公钥不匹配,在校验失败时,指示结束校验。The verification module is configured to use the public key to verify the signature through the Kernel layer when the terminal is not a test terminal. The signature is a signature generated according to the private key. If the private key does not match the public key, the verification fails. , indicating the end of the verification.

可选的,检测模块包括:Optionally, the detection module includes:

第一检测子模块,被配置为检测终端中是否包含预设电路结构,预设电路结构用于表示终端是测试用终端;The first detection submodule is configured to detect whether the terminal contains a preset circuit structure, and the preset circuit structure is used to indicate that the terminal is a terminal for testing;

第一确定子模块,被配置为在不包含预设电路结构时,则确定终端为非测试用终端。The first determination submodule is configured to determine that the terminal is not a terminal for testing when the preset circuit structure is not included.

可选的,第一检测子模块,还被配置为检测硬件层的可信区域中是否包含预设电路结构,可信区域是硬件层中禁止被应用程序直接访问的区域。Optionally, the first detection submodule is further configured to detect whether a preset circuit structure is included in the trusted area of the hardware layer, where the trusted area is an area in the hardware layer that is prohibited from being directly accessed by applications.

可选的,检测模块包括:Optionally, the detection module includes:

第二检测子模块,检测终端中是否包含预设标识,预设标识为用于表示终端为测试用终端的标识;The second detection submodule detects whether the terminal contains a preset identifier, and the preset identifier is an identifier used to indicate that the terminal is a terminal for testing;

第二确定子模块,若终端中不包含预设标识,则确定终端为非测试用终端。The second determination submodule determines that the terminal is not a terminal for testing if the terminal does not contain a preset identifier.

可选的,第二检测子模块,还被配置为检测硬件层的可信存储区域中是否包含预设标识,可信存储区域是硬件层中禁止被应用程序直接访问的区域。Optionally, the second detection submodule is further configured to detect whether the trusted storage area of the hardware layer contains a preset identifier. The trusted storage area is an area in the hardware layer that is prohibited from being directly accessed by applications.

根据本公开实施例的第三方面,提供一种开机校验装置,用于终端中,终端中至少包括硬件层、Kernel层、Bootloader层和文件系统层,Kernel层中存储有公钥,Bootloader层携带有签名,该装置包括:According to the third aspect of the embodiments of the present disclosure, a boot verification device is provided, which is used in a terminal. The terminal includes at least a hardware layer, a Kernel layer, a Bootloader layer, and a file system layer. The Kernel layer stores a public key, and the Bootloader layer Carrying a signature, the device consists of:

处理器;processor;

用于存储处理器可执行指令的存储器;memory for storing processor-executable instructions;

其中,处理器被配置为:where the processor is configured as:

检测终端是否为非测试用终端;Detect whether the terminal is a non-test terminal;

当确定终端为非测试用终端时,则通过Kernel层使用公钥对签名进行校验,签名是根据私钥生成的签名,私钥与公钥不匹配,在校验失败时,指示结束校验。When it is determined that the terminal is not a test terminal, the signature is verified using the public key through the Kernel layer. The signature is a signature generated based on the private key. The private key does not match the public key. When the verification fails, it is instructed to end the verification .

本公开的实施例提供的技术方案可以包括以下有益效果:The technical solutions provided by the embodiments of the present disclosure may include the following beneficial effects:

通过检测终端是否为非测试用终端,当确定终端为非测试用终端时,通过Kernel层使用公钥对签名进行校验,由于签名是根据私钥生成的签名,而私钥与公钥不匹配,因此终端校验失败,无法开启;解决了终端因为运行测试版本的Rom包导致安全性较低的问题;通过在终端中设置一套匹配的密钥和一套不匹配的密钥,达到了非测试用终端由于校验失败而无法成功启动,保证了终端的安全性的效果。By detecting whether the terminal is a non-test terminal, when it is determined that the terminal is a non-test terminal, the signature is verified using the public key through the Kernel layer. Since the signature is generated based on the private key, the private key does not match the public key. , so the terminal verification fails and cannot be opened; it solves the problem of low security caused by running the test version of the Rom package in the terminal; by setting a set of matching keys and a set of mismatching keys in the terminal, it achieves The non-test terminal cannot be successfully started due to verification failure, which ensures the security effect of the terminal.

应当理解的是,以上的一般描述和后文的细节描述仅是示例性的,并不能限制本公开。It is to be understood that both the foregoing general description and the following detailed description are exemplary only and are not restrictive of the present disclosure.

附图说明Description of drawings

此处的附图被并入说明书中并构成本说明书的一部分,示出了符合本公开的实施例,并于说明书一起用于解释本公开的原理。The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description serve to explain the principles of the disclosure.

图1是根据一示例性实施例示出的一种终端的结构示意图;Fig. 1 is a schematic structural diagram of a terminal shown according to an exemplary embodiment;

图2是根据一示例性实施例示出的一种开机校验方法的流程图;Fig. 2 is a flow chart showing a power-on verification method according to an exemplary embodiment;

图3是根据另一示例性实施例示出的一种开机校验方法的流程图;Fig. 3 is a flow chart of a power-on verification method according to another exemplary embodiment;

图4是根据另一示例性实施例示出的一种开机校验方法的流程图;Fig. 4 is a flowchart of a power-on verification method according to another exemplary embodiment;

图5是根据另一示例性实施例示出的一种开机校验方法的流程图;Fig. 5 is a flow chart of a power-on verification method according to another exemplary embodiment;

图6是根据另一示例性实施例示出的一种开机校验方法的流程图;Fig. 6 is a flow chart of a power-on verification method according to another exemplary embodiment;

图7A是根据一示例性实施例示出的一种开机校验方法的示意图;Fig. 7A is a schematic diagram showing a power-on verification method according to an exemplary embodiment;

图7B是根据另一示例性实施例示出的一种开机校验方法的示意图;Fig. 7B is a schematic diagram of a power-on verification method according to another exemplary embodiment;

图8是根据一示例性实施例示出的一种开机校验装置的框图;Fig. 8 is a block diagram of a power-on verification device according to an exemplary embodiment;

图9A是根据另一示例性实施例示出的一种开机校验装置的框图;Fig. 9A is a block diagram of a power-on verification device according to another exemplary embodiment;

图9B是根据另一示例性实施例示出的一种开机校验装置的框图;Fig. 9B is a block diagram of a power-on verification device according to another exemplary embodiment;

图10是根据另一示例性实施例示出的一种终端的框图。Fig. 10 is a block diagram of a terminal according to another exemplary embodiment.

具体实施方式detailed description

这里将详细地对示例性实施例进行说明,其示例表示在附图中。下面的描述涉及附图时,除非另有表示,不同附图中的相同数字表示相同或相似的要素。以下示例性实施例中所描述的实施方式并不代表与本公开相一致的所有实施方式。相反,它们仅是与如所附权利要求书中所详述的、本公开的一些方面相一致的装置和方法的例子。Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numerals in different drawings refer to the same or similar elements unless otherwise indicated. The implementations described in the following exemplary examples do not represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatuses and methods consistent with aspects of the present disclosure as recited in the appended claims.

本公开各个实施例提供的开机校验方法,可以由采用Android操作系统的终端来实现,该终端可以是诸如智能手机、智能电视和平板电脑之类的终端。The power-on verification method provided by various embodiments of the present disclosure can be implemented by a terminal using an Android operating system, and the terminal can be a terminal such as a smart phone, a smart TV, and a tablet computer.

该终端的结构示意图可以如图1所示,终端10中至少包括:硬件层110、Kernel层120、Bootloader层130和文件系统层140。Kernel层120位于硬件层110的上层,Bootloader层130位于Kernel层120的上层,文件系统层140位于Bootloader层130的上层。A schematic structural diagram of the terminal may be shown in FIG. 1 , and the terminal 10 at least includes: a hardware layer 110 , a Kernel layer 120 , a Bootloader layer 130 and a file system layer 140 . The Kernel layer 120 is located on the upper layer of the hardware layer 110 , the Bootloader layer 130 is located on the upper layer of the Kernel layer 120 , and the file system layer 140 is located on the upper layer of the Bootloader layer 130 .

其中,硬件层110中通常包括处理器、存储器、寄存器、电容、二极管和三极管等硬件器件;终端10中的Kernel是基于Linux的内核,Kernel层120通常用于管理存储器、进程、文件和系统资源等;Bootloader层130主要用于对处理器和相关硬件进行初始化;文件系统用于对终端中的文件信息进行管理和存储。Among them, the hardware layer 110 usually includes hardware devices such as processors, memory, registers, capacitors, diodes, and triodes; the Kernel in the terminal 10 is a Linux-based kernel, and the Kernel layer 120 is usually used to manage memory, processes, files, and system resources. etc.; the Bootloader layer 130 is mainly used to initialize the processor and related hardware; the file system is used to manage and store file information in the terminal.

在本公开实施例中,Kernel层120中存储的公钥为第一公钥,Bootloader层130携带的签名为第一签名,该第一签名是根据第一私钥生成的签名。Bootloader层130中还存储有第二公钥,文件系统层140携带有第二签名,该第二签名是根据第二私钥生成的签名。In this disclosed embodiment, the public key stored in the Kernel layer 120 is the first public key, and the signature carried by the Bootloader layer 130 is the first signature, and the first signature is a signature generated according to the first private key. The bootloader layer 130 also stores a second public key, and the file system layer 140 carries a second signature, which is a signature generated according to the second private key.

图2是根据一示例性实施例示出的一种开机校验方法的流程图,本实施例以该方法用于图1所示的终端中为例进行说明,该方法可以包括如下几个步骤:Fig. 2 is a flow chart of a power-on verification method shown according to an exemplary embodiment. In this embodiment, the method is used in the terminal shown in Fig. 1 as an example for illustration, and the method may include the following steps:

在步骤201中,检测终端是否为非测试用终端。In step 201, it is detected whether the terminal is a non-test terminal.

终端在加载终端中存储的Rom包时执行本公开实施例提供的开机校验方法,该终端可以是测试用终端或非测试用终端,测试用终端是用于对Rom包进行测试的终端,通常是Rom包的测试人员所使用的终端;非测试用终端是运行Rom包的终端中除测试用终端之外的终端,通常是普通用户所使用的终端。The terminal executes the power-on verification method provided by the embodiment of the present disclosure when loading the Rom package stored in the terminal. The terminal can be a test terminal or a non-test terminal, and the test terminal is a terminal used to test the Rom package. Usually It is the terminal used by the testers of the Rom package; the non-test terminal is the terminal except the test terminal among the terminals running the Rom package, usually the terminal used by ordinary users.

在步骤202中,当确定终端为非测试用终端时,则通过Kernel层使用公钥对签名进行校验,在校验失败时,指示结束校验。In step 202, when it is determined that the terminal is not a terminal for testing, the signature is verified by using the public key through the Kernel layer, and when the verification fails, an instruction is given to end the verification.

在终端通过Kernel层使用公钥对签名校验失败时,终端指示校验结束,不启动Bootloader层且不再执行开机过程中的其他操作,保持处于关机状态。When the terminal fails to verify the signature using the public key pair through the Kernel layer, the terminal indicates that the verification is complete, does not start the Bootloader layer and does not perform other operations during the boot process, and remains in the shutdown state.

其中,签名是根据私钥生成的签名,私钥与公钥不匹配。公钥和私钥是由开发Rom包的软件开发人员提前配置的,公钥和私钥携带在Rom包中,终端在安装该Rom包时,从Rom包中获取公钥和私钥,并将公钥存储在Kernel层中以及使用私钥对Bootloader层进行签名,对Bootloader层进行签名指的是对Bootloader层中的数据进行签名。Among them, the signature is a signature generated according to the private key, and the private key does not match the public key. The public key and private key are configured in advance by the software developer who develops the Rom package. The public key and private key are carried in the Rom package. When the terminal installs the Rom package, it obtains the public key and private key from the Rom package, and The public key is stored in the Kernel layer and the private key is used to sign the Bootloader layer. Signing the Bootloader layer refers to signing data in the Bootloader layer.

可选的,公钥和私钥均为字符串,该字符串包括数字、字母和符号中的至少一种,该字符串可以是16位的字符串、32位的字符串或者64位的字符串,本实施例对公钥和私钥的格式不作限定。Optionally, both the public key and the private key are strings, the strings include at least one of numbers, letters and symbols, and the strings can be 16-bit strings, 32-bit strings or 64-bit characters String, this embodiment does not limit the format of the public key and private key.

可选的,终端通过预定加密算法使用私钥对Bootloader层的数据进行加密处理得到签名,预定加密算法是Schnorr签名算法、椭圆曲线数字签名算法和EIGamal签名算法中的任意一种。Optionally, the terminal encrypts the data in the Bootloader layer using a private key using a predetermined encryption algorithm to obtain a signature, and the predetermined encryption algorithm is any one of the Schnorr signature algorithm, the elliptic curve digital signature algorithm, and the EIGamal signature algorithm.

综上所述,本公开实施例提供的开机校验方法,通过检测终端是否为非测试用终端,当确定终端为非测试用终端时,通过Kernel层使用公钥对签名进行校验,由于签名是根据私钥生成的签名,而私钥与公钥不匹配,因此终端校验失败,无法开启;解决了终端因为运行测试版本的Rom包导致安全性较低的问题;通过在终端中设置一套匹配的密钥和一套不匹配的密钥,达到了非测试用终端由于校验失败而无法成功启动,保证了终端的安全性的效果。To sum up, the power-on verification method provided by the embodiments of the present disclosure detects whether the terminal is a non-test terminal. When it is determined that the terminal is a non-test terminal, the signature is verified by using the public key at the Kernel layer. Since the signature It is a signature generated based on the private key, but the private key does not match the public key, so the terminal verification fails and cannot be opened; it solves the problem of low security caused by running the test version of the Rom package in the terminal; by setting a A set of matching keys and a set of non-matching keys achieve the effect that the non-test terminal cannot be successfully started due to verification failure, and the security of the terminal is guaranteed.

以如图1所示的终端为例,当该终端为测试用终端时,终端在加载Rom包之前通常包括如下几个步骤,如图3所示:Taking the terminal shown in Figure 1 as an example, when the terminal is a testing terminal, the terminal usually includes the following steps before loading the Rom package, as shown in Figure 3:

在步骤301中,接收生成指令。In step 301, a generating instruction is received.

其中,生成指令用于指示终端生成预设电路结构或生成预设标识,通常只有测试人员才具有触发该生成指令的权限。Wherein, the generating instruction is used to instruct the terminal to generate a preset circuit structure or generate a preset identifier, and usually only testers have the authority to trigger the generating instruction.

可选的,生成指令用于指示终端通过调整电压和电流等参数对原有电路结构进行不可逆的改变,生成预设电路结构。预设电路结构包括处于熔断状态的预定电容、处于熔断状态的预定二极管和处于熔断状态的预定三极管中的至少一种。可选的,生成指令用于指示终端在硬件层的可信区域中生成预设电路结构。Optionally, the generating instruction is used to instruct the terminal to irreversibly change the original circuit structure by adjusting parameters such as voltage and current to generate a preset circuit structure. The preset circuit structure includes at least one of a predetermined capacitor in a blown state, a predetermined diode in a blown state, and a predetermined triode in a blown state. Optionally, the generating instruction is used to instruct the terminal to generate a preset circuit structure in the trusted area of the hardware layer.

通常来说,终端硬件层中包括一些预留的器件或者包括专门用于进行测试的器件,比如预留的电容和预留的二极管,终端在对这些预留的器件进行操作时,对终端的正常工作没有影响,因此,生成指令可以指示终端对这些预留的器件执行不可逆的操作,形成预设电路结构,比如,指示终端调大电压击穿预定电容。可选的,生成指令用于指示终端在可信存储区域中写入预设标识。可选的,可信存储区域是终端硬件层中的存储器。可选的,预设标识是预定的字段,比如,预设标识是字段0或字段1,在一个实际的例子中,生成指令可以用于指示终端在存储器的地址1对应的存储单元中写入字段1。Generally speaking, the terminal hardware layer includes some reserved devices or devices specially used for testing, such as reserved capacitors and reserved diodes. When the terminal operates on these reserved devices, the Normal operation is not affected. Therefore, generating instructions can instruct the terminal to perform irreversible operations on these reserved devices to form a preset circuit structure, for example, instruct the terminal to increase the voltage to break down the predetermined capacitor. Optionally, the instruction is generated to instruct the terminal to write the preset identifier in the trusted storage area. Optionally, the trusted storage area is a memory in the terminal hardware layer. Optionally, the preset identifier is a predetermined field. For example, the preset identifier is field 0 or field 1. In a practical example, the generated instruction can be used to instruct the terminal to write in the storage unit corresponding to address 1 of the memory. Field 1.

在步骤302中,根据生成指令生成预设电路结构和/或预设标识。In step 302, a preset circuit structure and/or a preset identifier is generated according to the generating instruction.

可选的,为了避免被伪造,终端根据生成指令在终端硬件层的可信区域生成预设电路结构,可信区域是硬件层中禁止被应用程序直接访问的区域。Optionally, in order to avoid being counterfeited, the terminal generates a preset circuit structure in the trusted area of the terminal hardware layer according to the generated instruction. The trusted area is an area in the hardware layer that is prohibited from being directly accessed by applications.

可选的,终端根据生成指令在终端硬件层的可信存储区域存储预设标识,可信存储区域是硬件层中禁止被应用程序直接访问的区域。Optionally, the terminal stores the preset identifier in the trusted storage area of the terminal hardware layer according to the generated instruction, and the trusted storage area is an area in the hardware layer that is prohibited from being directly accessed by applications.

需要说明的是,测试用终端可以是通过上述步骤形成该预设电路结构;或者,该测试用终端是专门用于对该测试版本的Rom包进行测试的终端,生产该测试用终端时在测试用终端中形成有该预设电路结构。It should be noted that the test terminal can be the preset circuit structure formed through the above steps; or, the test terminal is a terminal specially used for testing the Rom package of the test version, and the test terminal is tested during the production of the test terminal. The preset circuit structure is formed in the terminal.

终端在进行开机校验时的流程图可以如图4所示,本实施例以该方法用于图1所示的终端中为例进行说明,该方法可以包括如下几个步骤:The flow chart of the terminal when performing power-on verification can be as shown in Figure 4. In this embodiment, the method is used in the terminal shown in Figure 1 as an example for illustration. The method can include the following steps:

在步骤401中,检测终端中是否包含预设电路结构,预设电路结构用于表示终端是测试用终端。In step 401, it is detected whether the terminal includes a preset circuit structure, and the preset circuit structure is used to indicate that the terminal is a terminal for testing.

可选的,测试用终端通过上述步骤301和步骤302生成的预设电路结构位于测试用终端硬件层的可信区域中,或者,测试用终端在生产时形成的预设电路结构位于测试用终端硬件层的可信区域中,则该步骤可以实现成为检测硬件层的可信区域中是否包含预设电路结构。Optionally, the preset circuit structure generated by the test terminal through the above steps 301 and 302 is located in the trusted area of the hardware layer of the test terminal, or the preset circuit structure formed by the test terminal during production is located in the test terminal In the trusted area of the hardware layer, this step can be implemented as detecting whether the preset circuit structure is included in the trusted area of the hardware layer.

在步骤402中,若不包含预设电路结构,则确定终端为非测试用终端。In step 402, if the preset circuit structure is not included, it is determined that the terminal is not a terminal for testing.

在步骤403中,当确定终端为非测试用终端时,则通过Kernel层使用第一公钥对第一签名进行校验,在校验失败时,指示结束校验。In step 403, when it is determined that the terminal is not a terminal for testing, the first signature is verified by using the first public key through the Kernel layer, and when the verification fails, an instruction is given to end the verification.

其中,第一签名是根据第一私钥生成的签名,第一私钥与第一公钥不匹配。Wherein, the first signature is a signature generated according to the first private key, and the first private key does not match the first public key.

第一公钥和第一私钥是携带在Rom包中的,当终端的Rom中写入某个Rom包时,终端从Rom包中获取第一公钥和第一私钥,将第一公钥存储在Kernel层中,并使用第一私钥对Bootloader层进行签名生成第一签名。其中,对Bootloader层签名是指对Bootloader层中包括的文件和数据等进行签名。The first public key and the first private key are carried in the Rom package. When a certain Rom package is written in the Rom of the terminal, the terminal obtains the first public key and the first private key from the Rom package, and stores the first public key The key is stored in the Kernel layer, and the first private key is used to sign the Bootloader layer to generate a first signature. Wherein, signing the Bootloader layer refers to signing files and data included in the Bootloader layer.

对于一个测试版本的Rom包来说,软件开发人员在生成该测试版本的Rom包时在该Rom包中携带有不属于同一个密钥对的第一公钥和第一私钥,即第一公钥与第一私钥无法互相加解密,因此,对于不包含预设电路结构的终端来说,终端在通过Kernel层使用第一公钥对第一签名进行校验时,校验会失败,终端无法启动。For a Rom package of a test version, when the software developer generates the Rom package of the test version, the first public key and the first private key that do not belong to the same key pair are carried in the Rom package, that is, the first The public key and the first private key cannot encrypt and decrypt each other. Therefore, for a terminal that does not contain a preset circuit structure, when the terminal uses the first public key to verify the first signature through the Kernel layer, the verification will fail. Terminal fails to start.

在步骤404中,若包含预设电路结构,则确定终端是测试用终端。In step 404, if the preset circuit structure is included, it is determined that the terminal is a testing terminal.

在步骤405中,当确定终端为测试用终端时,则通过Bootloader层使用第二公钥对第二签名进行校验,在校验成功时,指示开启终端。In step 405, when it is determined that the terminal is a testing terminal, the second signature is verified by using the second public key through the Bootloader layer, and when the verification is successful, an instruction is given to open the terminal.

其中,第二签名是根据第二私钥生成的签名,第二私钥与第二公钥相匹配。Wherein, the second signature is a signature generated according to the second private key, and the second private key matches the second public key.

第二公钥和第二私钥也是携带在Rom包中的,当终端的Rom中写入某个Rom包时,终端从Rom包中获取第二公钥和第二私钥,将第二公钥存储在Bootloader层中,并使用第二私钥对文系统层进行签名生成第二签名。其中,对文件系统层签名是指对文件系统层中包括的文件和数据等进行签名。The second public key and the second private key are also carried in the Rom package. When a certain Rom package is written in the Rom of the terminal, the terminal obtains the second public key and the second private key from the Rom package, and stores the second public key The key is stored in the Bootloader layer, and the second private key is used to sign the file system layer to generate a second signature. Wherein, signing the file system layer refers to signing files and data included in the file system layer.

可选的,本公开实施例中,终端的Rom中写入的是测试版本的Rom包。对于一个测试版本的Rom包来说,软件开发人员在生成该测试版本的Rom时在该Rom包中携带有属于同一个密钥对的第二公钥和第二私钥,即第二公钥与第二私钥可以互相加解密。对于包含预设电路结构的测试用终端来说,测试用终端无需通过Kernel层使用第一公钥对第一签名进行校验,只需直接通过Bootloader层使用第二公钥对第二签名进行校验时,此时校验会成功,终端成功启动。Optionally, in this embodiment of the present disclosure, the Rom package of the test version is written in the Rom of the terminal. For a Rom package of a test version, the software developer carries the second public key and the second private key belonging to the same key pair in the Rom package when generating the Rom of the test version, that is, the second public key It can be encrypted and decrypted with the second private key. For a test terminal that includes a preset circuit structure, the test terminal does not need to use the first public key to verify the first signature through the Kernel layer, but only needs to directly use the second public key to verify the second signature through the Bootloader layer. At this time, the verification will succeed and the terminal will start successfully.

可选的,第一公钥与第二公钥相同。Optionally, the first public key is the same as the second public key.

可选的,同一个终端可以是用于测试多个不同测试版本的Rom包的测试用终端,则该终端中可以包括一个预设电路结构,不同测试版本的Rom包都对应于同一个预设电路结构;或者,该终端中包括多个不同的预设电路结构,不同测试版本的Rom包对应于不同的预设电路结构,当终端中写入不同测试版本的Rom时,则终端通过检测是否包含与当前加载的测试版本的Rom包对应的预设电路结构判断该是否是用于测试该测试版本的Rom包的测试用终端。Optionally, the same terminal can be a test terminal for testing Rom packages of multiple different test versions, then a preset circuit structure can be included in the terminal, and the Rom packages of different test versions all correspond to the same preset circuit structure; or, the terminal includes a plurality of different preset circuit structures, and Rom packages of different test versions correspond to different preset circuit structures. When Rom of different test versions is written in the terminal, the terminal passes the detection whether Including the preset circuit structure corresponding to the Rom package of the currently loaded test version, it is judged whether it is a testing terminal for testing the Rom package of the test version.

比如,与Rom包1对应的预设电路结构是预设电路结构1,与Rom包2对应的预设电路结构是预设电路结构2,终端中包含有预设电路结构1。当终端的Rom中写入有Rom包1时,终端进行开机校验时检测到终端中包含预设电路结构1,则确定终端为测试用终端。当终端的Rom中写入有Rom包2时,终端进行开机校验时检测到终端中不包含预设电路结构2,则此时确定终端为非测试用终端。For example, the preset circuit structure corresponding to the Rom package 1 is the preset circuit structure 1, the preset circuit structure corresponding to the Rom package 2 is the preset circuit structure 2, and the terminal includes the preset circuit structure 1. When the Rom package 1 is written in the Rom of the terminal, and the terminal detects that the terminal contains the preset circuit structure 1 during the power-on verification, it is determined that the terminal is a terminal for testing. When the Rom package 2 is written in the Rom of the terminal, and the terminal detects that the terminal does not contain the preset circuit structure 2 during power-on verification, it is determined that the terminal is not a terminal for testing at this time.

综上所述,本公开实施例提供的开机校验方法,通过检测终端是否为非测试用终端,当确定终端为非测试用终端时,通过Kernel层使用第一公钥对第一签名进行校验,由于第一签名是根据第一私钥生成的签名,而第一私钥与第一公钥不匹配,因此终端校验失败,无法开启;而当确定终端为测试用终端时,直接通过Bootloader层使用第二公钥对文件系统层携带的第二签名进行校验,第二签名由第二私钥生成,此时由于第二公钥与第二私钥相匹配,因此测试用终端校验成功并成功开启;解决了终端因为运行测试版本的Rom包导致安全性较低的问题;通过在终端中设置一套匹配的密钥和一套不匹配的密钥,达到了非测试用终端由于校验失败而无法成功启动,因此也无法运行测试版本的Rom包,保证了终端的安全性的效果。To sum up, the power-on verification method provided by the embodiments of the present disclosure detects whether the terminal is a non-test terminal, and when it is determined that the terminal is a non-test terminal, uses the first public key to verify the first signature through the Kernel layer. verification, because the first signature is generated according to the first private key, and the first private key does not match the first public key, so the verification of the terminal fails and cannot be opened; when the terminal is determined to be a test terminal, it directly passes The Bootloader layer uses the second public key to verify the second signature carried by the file system layer. The second signature is generated by the second private key. At this time, because the second public key matches the second private key, the test terminal verifies the signature. The test was successful and successfully opened; the problem of low security caused by running the Rom package of the test version of the terminal was solved; by setting a set of matching keys and a set of non-matching keys in the terminal, the non-testing terminal was achieved Due to the failure of the verification, it cannot be successfully started, so the Rom package of the test version cannot be run, which ensures the security effect of the terminal.

本公开实施例提供的开机校验方法,预设电路结构设置在终端硬件层的可信区域,使用户无法通过应用程序直接访问该预设电路结构,避免了对预设电路结构的伪造,提高了预设电路结构的可靠性。In the power-on verification method provided by the embodiments of the present disclosure, the preset circuit structure is set in the trusted area of the terminal hardware layer, so that the user cannot directly access the preset circuit structure through the application program, avoiding the forgery of the preset circuit structure, and improving The reliability of the preset circuit structure is improved.

终端在进行开机校验时的流程图还可以如图5所示,本实施例以该方法用于图1所示的终端中为例进行说明,该方法可以包括如下几个步骤:The flow chart of the terminal when performing power-on verification can also be shown in Figure 5. This embodiment uses the method in the terminal shown in Figure 1 as an example for illustration. The method can include the following steps:

在步骤501中,检测终端中是否包含预设标识,预设标识为用于表示终端为测试用终端的标识。In step 501, it is detected whether the terminal contains a preset identifier, and the preset identifier is an identifier used to indicate that the terminal is a terminal for testing.

可选的,该步骤可以实现成为检测硬件层的可信存储区域中是否包含预设标识。Optionally, this step can be implemented as detecting whether the trusted storage area of the hardware layer contains a preset identifier.

在步骤502中,若终端中不包含预设标识,则确定终端为非测试用终端。In step 502, if the terminal does not contain the preset identifier, it is determined that the terminal is not a terminal for testing.

在步骤503中,当确定终端为非测试用终端时,则通过Kernel层使用第一公钥对第一签名进行校验,在校验失败时,指示结束校验。In step 503, when it is determined that the terminal is not a terminal for testing, the first signature is verified by using the first public key through the Kernel layer, and when the verification fails, it is instructed to end the verification.

第一签名是根据第一私钥生成的签名,第一私钥与第一公钥不匹配。The first signature is a signature generated according to the first private key, and the first private key does not match the first public key.

在步骤504中,若终端中包含预设标识,则确定终端是测试用终端。In step 504, if the terminal contains the preset identifier, it is determined that the terminal is a terminal for testing.

在步骤505中,当确定终端为测试用终端时,则通过Bootloader层使用第二公钥对第二签名进行校验,在校验成功时,指示开启终端。In step 505, when it is determined that the terminal is a testing terminal, the second signature is verified by using the second public key through the Bootloader layer, and when the verification is successful, an instruction is given to open the terminal.

其中,第二签名是根据第二私钥生成的签名,第二私钥与第二公钥相匹配。Wherein, the second signature is a signature generated according to the second private key, and the second private key matches the second public key.

上述步骤501-步骤505的具体实现方式可以结合上述图4所示的实施例,本实施例对此不再赘述。The specific implementation manners of the above steps 501 to 505 may be combined with the above embodiment shown in FIG. 4 , which will not be repeated in this embodiment.

本公开实施例提供的开机校验方法,预设标识设置在终端硬件层的可信存储区域,使用户无法通过应用程序直接访问该预设标识,避免了对预设电路的伪造,提高了预设标识的可靠性。In the power-on verification method provided by the embodiments of the present disclosure, the preset identifier is set in the trusted storage area of the terminal hardware layer, so that the user cannot directly access the preset identifier through the application program, avoiding the forgery of the preset circuit, and improving the predictability. Set the reliability of the identification.

在实际实现时,终端加载的Rom包可以是测试版本的Rom包,也可以是官方版本的Rom包,而对于官方版本的Rom包来说,由于所有加载官方版本的Rom包的终端都可以校验成功并运行该Rom包,因此加载该Rom包的终端中并不会包括预设电路结构或预设标识。且对于官方版本的Rom包来说,Rom中携带的第一公钥与第一私钥相匹配,第二公钥与第二私钥也相匹配。In actual implementation, the Rom package loaded by the terminal can be the Rom package of the test version or the official version of the Rom package, and for the official version of the Rom package, since all terminals loaded with the official version of the Rom package can be verified The verification is successful and the Rom package is run, so the terminal loading the Rom package does not include the preset circuit structure or preset logo. And for the Rom package of the official version, the first public key carried in the Rom matches the first private key, and the second public key also matches the second private key.

则当终端在加载官方版本的Rom包时,上述步骤403或步骤503可被替代实现为如下步骤,如图6所示:Then when the terminal is loading the official version of the Rom package, the above step 403 or step 503 can be replaced by the following steps, as shown in Figure 6:

在步骤601中,当确定终端为非测试用终端时,则通过Kernel层使用第一公钥校验第一签名,则终端通过Kernel层使用第一公钥对第一签名进行校验。In step 601, when it is determined that the terminal is not a terminal for testing, the first signature is verified by using the first public key through the Kernel layer, and the terminal verifies the first signature by using the first public key through the Kernel layer.

其中,第一签名为根据第一私钥生成的签名,第一私钥与第一公钥匹配。Wherein, the first signature is a signature generated according to the first private key, and the first private key matches the first public key.

在步骤602中,在校验成功时,通过Bootloader层使用第二公钥对第二签名进行校验,在校验成功时,指示开启终端。In step 602, when the verification is successful, the second signature is verified by using the second public key through the Bootloader layer, and when the verification is successful, it is instructed to open the terminal.

其中,第二签名是根据第二私钥生成的签名,第二私钥与第二公钥相匹配。Wherein, the second signature is a signature generated according to the second private key, and the second private key matches the second public key.

在本实施例中,第一公钥与第二公钥可以相同,第一私钥与第二私钥也可以相同。In this embodiment, the first public key may be the same as the second public key, and the first private key may also be the same as the second private key.

综上所述,本公开实施例提供的开机校验方法,对于官方版本的Rom包,Rom包中携带的第一公钥和第一私钥相匹配,携带的第二公钥和第二私钥也相匹配,保证了所有终端都能成功启动并正常运行官方版本的Rom包。To sum up, in the power-on verification method provided by the embodiment of the present disclosure, for the official version of the Rom package, the first public key and the first private key carried in the Rom package match, and the second public key and the second private key carried in the Rom package match. The keys also match, ensuring that all terminals can successfully start and run the official version of the Rom package normally.

在一个示例性的例子中,当终端的Rom中写入的是测试版本的Rom包时,假设终端从Rom包中获取的第一公钥与第二公钥都是公钥A,第一私钥是私钥B,根据私钥B生成第一签名,第二私钥是私钥A,根据私钥A生成第二签名,私钥B与公钥A不匹配,私钥A与公钥A相匹配。则当终端是测试用终端时,终端检测到硬件区中包含预设标识,则终端的开机校验的示意图可以如图7A中的(a)所示,终端不通过Kernel层使用公钥A对第一签名进行校验,直接通过Bootloader层使用公钥A对第二签名进行校验;当终端是非测试用终端时,终端检测到硬件区中不包含预设标识,终端的开机校验的示意图可以如图7A中的(b)所示,终端通过Kernel层使用公钥A对第一签名进行校验,校验失败。In an illustrative example, when the test version of the Rom package is written in the Rom of the terminal, it is assumed that the first public key and the second public key obtained by the terminal from the Rom package are both public key A, and the first private key The key is private key B, the first signature is generated according to private key B, the second private key is private key A, the second signature is generated according to private key A, private key B does not match public key A, private key A and public key A match. Then when the terminal is a testing terminal, and the terminal detects that the hardware area contains a preset identifier, the schematic diagram of the terminal’s power-on verification can be shown in (a) in Figure 7A, and the terminal does not use the public key A through the Kernel layer to pair The first signature is verified, and the second signature is verified directly through the Bootloader layer using the public key A; when the terminal is not a test terminal, the terminal detects that the hardware area does not contain the preset logo, and the schematic diagram of the terminal’s power-on verification As shown in (b) in FIG. 7A , the terminal uses the public key A to verify the first signature through the Kernel layer, and the verification fails.

在另一个示例性的例子中,当终端的Rom中写入的是官方版本的Rom包时,假设终端从Rom包中获取的第一公钥与第二公钥都是公钥A,获取到的第一私钥和第二私钥都是私钥A,第一签名和第二签名都根据私钥A生成,私钥A与私钥B相匹配。则对于加载该Rom包的任意一个终端来说,终端中都可以不包含预设标识和预设电路结构,则终端在检测到不包含预设标识或预设电路结构时,终端的开机校验的示意图可以如图7B所示,终端通过Kernel层使用公钥A对第一签名进行校验,校验成功时,通过Bootloader层使用公钥A对第二签名进行校验。In another illustrative example, when the official version of the Rom package is written in the Rom of the terminal, assuming that the first public key and the second public key obtained by the terminal from the Rom package are both public key A, the obtained Both the first private key and the second private key are private key A, the first signature and the second signature are both generated according to private key A, and private key A matches private key B. Then for any terminal that loads the Rom package, the terminal may not contain the preset logo and the preset circuit structure, and when the terminal detects that the preset logo or the preset circuit structure is not included, the terminal’s power-on verification 7B, the terminal uses the public key A to verify the first signature through the Kernel layer, and when the verification is successful, uses the public key A to verify the second signature through the Bootloader layer.

下述为本公开装置实施例,可以用于执行本公开方法实施例。对于本公开装置实施例中未披露的细节,请参照本公开方法实施例。The following are device embodiments of the present disclosure, which can be used to implement the method embodiments of the present disclosure. For details not disclosed in the disclosed device embodiments, please refer to the disclosed method embodiments.

图8是根据一示例性实施例示出的一种开机校验装置的框图,如图8所示,该装置可以通过软件、硬件或者两者的结合实现成为如图1所示的终端,该装置包括但不限于:检测模块810和校验模块820。Fig. 8 is a block diagram of a power-on verification device according to an exemplary embodiment. As shown in Fig. 8, the device can be implemented as a terminal as shown in Fig. 1 through software, hardware or a combination of the two. Including but not limited to: detection module 810 and verification module 820 .

检测模块810,被配置为检测终端是否为非测试用终端。The detection module 810 is configured to detect whether the terminal is not a terminal for testing.

校验模块820,被配置为当通过检测模块810检测到确定终端为非测试用终端时,则通过Kernel层使用公钥对签名进行校验,签名是根据私钥生成的签名,私钥与公钥不匹配,在校验失败时,指示结束校验。The verification module 820 is configured to verify the signature using the public key through the Kernel layer when the detection module 810 detects that the terminal is not a test terminal. The signature is a signature generated according to the private key, and the private key and the public key The keys do not match, and when the verification fails, it indicates the end of the verification.

综上所述,本公开实施例提供的开机校验装置,通过检测终端是否为非测试用终端,当确定终端为非测试用终端时,通过Kernel层使用公钥对签名进行校验,由于签名是根据私钥生成的签名,而私钥与公钥不匹配,因此终端校验失败,无法开启;解决了终端因为运行测试版本的Rom包导致安全性较低的问题;通过在终端中设置一套匹配的密钥和一套不匹配的密钥,达到了非测试用终端由于校验失败而无法成功启动,保证了终端的安全性的效果。To sum up, the power-on verification device provided by the embodiments of the present disclosure detects whether the terminal is a non-test terminal, and when it is determined that the terminal is a non-test terminal, uses the public key to verify the signature through the Kernel layer. Since the signature It is a signature generated based on the private key, but the private key does not match the public key, so the terminal verification fails and cannot be opened; it solves the problem of low security caused by running the test version of the Rom package in the terminal; by setting a A set of matching keys and a set of non-matching keys achieve the effect that the non-test terminal cannot be successfully started due to verification failure, and the security of the terminal is guaranteed.

图9A和图9B是根据另一示例性实施例示出的一种开机校验装置的框图,该装置可以通过软件、硬件或者两者的结合实现成为如图1所示的终端,该装置包括但不限于:Figures 9A and 9B are block diagrams of a power-on verification device according to another exemplary embodiment. The device can be implemented as the terminal shown in Figure 1 through software, hardware or a combination of the two. The device includes but not limited to:

检测模块910,被配置为检测终端是否为非测试用终端。The detection module 910 is configured to detect whether the terminal is not a terminal for testing.

可选的,检测模块910包括如下几个子模块,如图9A所示:Optionally, the detection module 910 includes the following submodules, as shown in FIG. 9A:

第一检测子模块911,被配置为检测终端中是否包含预设电路结构,预设电路结构用于表示终端是测试用终端。The first detection sub-module 911 is configured to detect whether the terminal contains a preset circuit structure, and the preset circuit structure is used to indicate that the terminal is a terminal for testing.

第一检测子模块911,还被配置为检测硬件层的可信区域中是否包含预设电路结构,可信区域是硬件层中禁止被应用程序直接访问的区域。The first detection sub-module 911 is further configured to detect whether a preset circuit structure is included in the trusted area of the hardware layer. The trusted area is an area in the hardware layer that is prohibited from being directly accessed by applications.

第一确定子模块912,被配置为在通过第一检测子模块911检测到终端中不包含预设电路结构时,则确定终端为非测试用终端。The first determination submodule 912 is configured to determine that the terminal is not a terminal for testing when it is detected by the first detection submodule 911 that the terminal does not contain a preset circuit structure.

或者,可选的,检测模块910包括如下几个子模块,如图9B所示:Or, optionally, the detection module 910 includes the following submodules, as shown in FIG. 9B:

第二检测子模块913,被配置为检测终端中是否包含预设标识,预设标识为用于表示终端为测试用终端的标识。The second detection submodule 913 is configured to detect whether the terminal contains a preset identifier, where the preset identifier is an identifier used to indicate that the terminal is a terminal for testing.

第二检测子模块913,还被配置为检测硬件层的可信存储区域中是否包含预设标识,可信存储区域是硬件层中禁止被应用程序直接访问的区域。The second detection submodule 913 is further configured to detect whether a preset identifier is contained in the trusted storage area of the hardware layer. The trusted storage area is an area in the hardware layer that is prohibited from being directly accessed by applications.

第二确定子模块914,被配置为在通过第二检测子模块911检测到终端中不包含预设标识时,则确定终端为非测试用终端。The second determination submodule 914 is configured to determine that the terminal is not a terminal for testing when it is detected by the second detection submodule 911 that the terminal does not contain a preset identifier.

校验模块920,被配置为在通过第一确定子模块912或者通过第二确定子模块914确定终端为非测试用终端时,则通过Kernel层使用公钥对签名进行校验,签名是根据私钥生成的签名,私钥与公钥不匹配,在校验失败时,指示结束校验。The verification module 920 is configured to verify the signature using the public key through the Kernel layer when the terminal is determined to be a non-test terminal by the first determination submodule 912 or the second determination submodule 914, and the signature is based on the private key. The signature generated by the key, the private key does not match the public key, and when the verification fails, it indicates the end of the verification.

综上所述,本公开实施例提供的开机校验装置,通过检测终端是否为非测试用终端,当确定终端为非测试用终端时,通过Kernel层使用公钥对签名进行校验,由于签名是根据私钥生成的签名,而私钥与公钥不匹配,因此终端校验失败,无法开启;解决了终端因为运行测试版本的Rom包导致安全性较低的问题;通过在终端中设置一套匹配的密钥和一套不匹配的密钥,达到了非测试用终端由于校验失败而无法成功启动,保证了终端的安全性的效果。To sum up, the power-on verification device provided by the embodiments of the present disclosure detects whether the terminal is a non-test terminal, and when it is determined that the terminal is a non-test terminal, uses the public key to verify the signature through the Kernel layer. Since the signature It is a signature generated based on the private key, but the private key does not match the public key, so the terminal verification fails and cannot be opened; it solves the problem of low security caused by running the test version of the Rom package in the terminal; by setting a A set of matching keys and a set of non-matching keys achieve the effect that the non-test terminal cannot be successfully started due to verification failure, and the security of the terminal is guaranteed.

关于上述实施例中的装置,其中各个模块执行操作的具体方式已经在有关该方法的实施例中进行了详细描述,此处将不做详细阐述说明。Regarding the apparatus in the foregoing embodiments, the specific manner in which each module executes operations has been described in detail in the embodiments related to the method, and will not be described in detail here.

本公开一示例性实施例提供了一种开机校验装置,能够实现本公开提供的。开机校验方法,该装置包括:处理器、用于存储处理器可执行指令的存储器;An exemplary embodiment of the present disclosure provides a power-on verification device capable of realizing what is provided in the present disclosure. A power-on verification method, the device comprising: a processor, a memory for storing instructions executable by the processor;

其中,处理器被配置为:where the processor is configured as:

检测终端是否为非测试用终端;Detect whether the terminal is a non-test terminal;

当确定终端为非测试用终端时,则通过Kernel层使用公钥对签名进行校验,签名是根据私钥生成的签名,私钥与公钥不匹配,在校验失败时,指示结束校验。When it is determined that the terminal is not a test terminal, the signature is verified using the public key through the Kernel layer. The signature is a signature generated based on the private key. The private key does not match the public key. When the verification fails, it is instructed to end the verification .

图10是根据一示例性实施例示出的一种开机校验装置的框图。例如,装置1000可以是移动电话,计算机,数字广播终端,消息收发设备,游戏控制台,平板设备,医疗设备,健身设备,个人数字助理等。Fig. 10 is a block diagram of a power-on verification device according to an exemplary embodiment. For example, the apparatus 1000 may be a mobile phone, a computer, a digital broadcast terminal, a messaging device, a game console, a tablet device, a medical device, a fitness device, a personal digital assistant, and the like.

参照图10,装置1000可以包括以下一个或多个组件:处理组件1002,存储器1004,电源组件1006,多媒体组件1008,音频组件1010,输入/输出(I/O)接口1012,传感器组件1014,以及通信组件1016。10, device 1000 may include one or more of the following components: processing component 1002, memory 1004, power supply component 1006, multimedia component 1008, audio component 1010, input/output (I/O) interface 1012, sensor component 1014, and communication component 1016 .

处理组件1002通常控制装置1000的整体操作,诸如与显示,电话呼叫,数据通信,相机操作和记录操作相关联的操作。处理组件1002可以包括一个或多个处理器1018来执行指令,以完成上述的方法的全部或部分步骤。此外,处理组件1002可以包括一个或多个模块,便于处理组件1002和其他组件之间的交互。例如,处理组件1002可以包括多媒体模块,以方便多媒体组件1008和处理组件1002之间的交互。The processing component 1002 generally controls the overall operations of the device 1000, such as those associated with display, telephone calls, data communications, camera operations, and recording operations. The processing component 1002 may include one or more processors 1018 to execute instructions to complete all or part of the steps of the above method. Additionally, processing component 1002 may include one or more modules that facilitate interaction between processing component 1002 and other components. For example, processing component 1002 may include a multimedia module to facilitate interaction between multimedia component 1008 and processing component 1002 .

存储器1004被配置为存储各种类型的数据以支持在装置1000的操作。这些数据的示例包括用于在装置1000上操作的任何应用程序或方法的指令,联系人数据,电话簿数据,消息,图片,视频等。存储器1004可以由任何类型的易失性或非易失性存储设备或者它们的组合实现,如静态随机存取存储器(SRAM),电可擦除可编程只读存储器(EEPROM),可擦除可编程只读存储器(EPROM),可编程只读存储器(PROM),只读存储器(ROM),磁存储器,快闪存储器,磁盘或光盘。The memory 1004 is configured to store various types of data to support operations at the device 1000 . Examples of such data include instructions for any application or method operating on device 1000, contact data, phonebook data, messages, pictures, videos, and the like. The memory 1004 can be realized by any type of volatile or non-volatile storage device or their combination, such as static random access memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable Programmable Read Only Memory (EPROM), Programmable Read Only Memory (PROM), Read Only Memory (ROM), Magnetic Memory, Flash Memory, Magnetic or Optical Disk.

电源组件1006为装置1000的各种组件提供电力。电源组件1006可以包括电源管理系统,一个或多个电源,及其他与为装置1000生成、管理和分配电力相关联的组件。The power supply component 1006 provides power to various components of the device 1000 . Power components 1006 may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for device 1000 .

多媒体组件1008包括在装置1000和用户之间的提供一个输出接口的屏幕。在一些实施例中,屏幕可以包括液晶显示器(LCD)和触摸面板(TP)。如果屏幕包括触摸面板,屏幕可以被实现为触摸屏,以接收来自用户的输入信号。触摸面板包括一个或多个触摸传感器以感测触摸、滑动和触摸面板上的手势。触摸传感器可以不仅感测触摸或滑动动作的边界,而且还检测与触摸或滑动操作相关的持续时间和压力。在一些实施例中,多媒体组件1008包括一个前置摄像头和/或后置摄像头。当装置1000处于操作模式,如拍摄模式或视频模式时,前置摄像头和/或后置摄像头可以接收外部的多媒体数据。每个前置摄像头和后置摄像头可以是一个固定的光学透镜系统或具有焦距和光学变焦能力。The multimedia component 1008 includes a screen that provides an output interface between the device 1000 and the user. In some embodiments, the screen may include a liquid crystal display (LCD) and a touch panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive input signals from a user. The touch panel includes one or more touch sensors to sense touches, swipes, and gestures on the touch panel. The touch sensor may not only sense a boundary of a touch or a swipe action, but also detect duration and pressure associated with the touch or swipe operation. In some embodiments, the multimedia component 1008 includes a front camera and/or a rear camera. When the device 1000 is in an operation mode, such as a shooting mode or a video mode, the front camera and/or the rear camera can receive external multimedia data. Each front camera and rear camera can be a fixed optical lens system or have focal length and optical zoom capability.

音频组件1010被配置为输出和/或输入音频信号。例如,音频组件1010包括一个麦克风(MIC),当装置1000处于操作模式,如呼叫模式、记录模式和语音识别模式时,麦克风被配置为接收外部音频信号。所接收的音频信号可以被进一步存储在存储器1004或经由通信组件1016发送。在一些实施例中,音频组件1010还包括一个扬声器,用于输出音频信号。The audio component 1010 is configured to output and/or input audio signals. For example, the audio component 1010 includes a microphone (MIC), which is configured to receive external audio signals when the device 1000 is in operation modes, such as call mode, recording mode and voice recognition mode. Received audio signals may be further stored in memory 1004 or sent via communication component 1016 . In some embodiments, the audio component 1010 also includes a speaker for outputting audio signals.

I/O接口1012为处理组件1002和外围接口模块之间提供接口,上述外围接口模块可以是键盘,点击轮,按钮等。这些按钮可包括但不限于:主页按钮、音量按钮、启动按钮和锁定按钮。The I/O interface 1012 provides an interface between the processing component 1002 and a peripheral interface module, which may be a keyboard, a click wheel, a button, and the like. These buttons may include, but are not limited to: a home button, volume buttons, start button, and lock button.

传感器组件1014包括一个或多个传感器,用于为装置1000提供各个方面的状态评估。例如,传感器组件1014可以检测到装置1000的打开/关闭状态,组件的相对定位,例如组件为装置1000的显示器和小键盘,传感器组件1014还可以检测装置1000或装置1000一个组件的位置改变,用户与装置1000接触的存在或不存在,装置1000方位或加速/减速和装置1000的温度变化。传感器组件1014可以包括接近传感器,被配置用来在没有任何的物理接触时检测附近物体的存在。传感器组件1014还可以包括光传感器,如CMOS或CCD图像传感器,用于在成像应用中使用。在一些实施例中,该传感器组件1014还可以包括加速度传感器,陀螺仪传感器,磁传感器,压力传感器或温度传感器。Sensor assembly 1014 includes one or more sensors for providing status assessments of various aspects of device 1000 . For example, the sensor component 1014 can detect the open/closed state of the device 1000, the relative positioning of components, such as the display and keypad of the device 1000, the sensor component 1014 can also detect a change in the position of the device 1000 or a component of the device 1000, the user The presence or absence of contact with the device 1000, the device 1000 orientation or acceleration/deceleration and the temperature change of the device 1000. The sensor assembly 1014 may include a proximity sensor configured to detect the presence of nearby objects in the absence of any physical contact. The sensor assembly 1014 may also include an optical sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, the sensor component 1014 may also include an acceleration sensor, a gyroscope sensor, a magnetic sensor, a pressure sensor or a temperature sensor.

通信组件1016被配置为便于装置1000和其他设备之间有线或无线方式的通信。装置1000可以接入基于通信标准的无线网络,如Wi-Fi,2G或3G,或它们的组合。在一个示例性实施例中,通信组件1016经由广播信道接收来自外部广播管理系统的广播信号或广播相关信息。在一个示例性实施例中,通信组件1016还包括近场通信(NFC)模块,以促进短程通信。例如,在NFC模块可基于射频识别(RFID)技术,红外数据协会(IrDA)技术,超宽带(UWB)技术,蓝牙(BT)技术和其他技术来实现。The communication component 1016 is configured to facilitate wired or wireless communication between the apparatus 1000 and other devices. The device 1000 can access wireless networks based on communication standards, such as Wi-Fi, 2G or 3G, or a combination thereof. In an exemplary embodiment, the communication component 1016 receives broadcast signals or broadcast related information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the communication component 1016 also includes a near field communication (NFC) module to facilitate short-range communication. For example, the NFC module may be implemented based on Radio Frequency Identification (RFID) technology, Infrared Data Association (IrDA) technology, Ultra Wide Band (UWB) technology, Bluetooth (BT) technology and other technologies.

在示例性实施例中,装置1000可以被一个或多个应用专用集成电路(ASIC)、数字信号处理器(DSP)、数字信号处理设备(DSPD)、可编程逻辑器件(PLD)、现场可编程门阵列(FPGA)、控制器、微控制器、微处理器或其他电子元件实现,用于执行上述开机校验方法。In an exemplary embodiment, apparatus 1000 may be programmed by one or more application specific integrated circuits (ASICs), digital signal processors (DSPs), digital signal processing devices (DSPDs), programmable logic devices (PLDs), field programmable Realized by a gate array (FPGA), controller, microcontroller, microprocessor or other electronic components, it is used to execute the above power-on verification method.

在示例性实施例中,还提供了一种包括指令的非临时性计算机可读存储介质,例如包括指令的存储器1004,上述指令可由装置1000的处理器1018执行以完成上述开机校验方法。例如,非临时性计算机可读存储介质可以是ROM、随机存取存储器(RAM)、CD-ROM、磁带、软盘和光数据存储设备等。In an exemplary embodiment, there is also provided a non-transitory computer-readable storage medium including instructions, such as the memory 1004 including instructions, which can be executed by the processor 1018 of the device 1000 to complete the above power-on verification method. For example, the non-transitory computer readable storage medium may be ROM, random access memory (RAM), CD-ROM, magnetic tape, floppy disk, and optical data storage device, among others.

本领域技术人员在考虑说明书及实践这里公开的发明后,将容易想到本公开的其它实施方案。本申请旨在涵盖本公开的任何变型、用途或者适应性变化,这些变型、用途或者适应性变化遵循本公开的一般性原理并包括本公开未公开的本技术领域中的公知常识或惯用技术手段。说明书和实施例仅被视为示例性的,本公开的真正范围和精神由下面的权利要求指出。Other embodiments of the present disclosure will be readily apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any modification, use or adaptation of the present disclosure, and these modifications, uses or adaptations follow the general principles of the present disclosure and include common knowledge or conventional technical means in the technical field not disclosed in the present disclosure . The specification and examples are to be considered exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.

应当理解的是,本公开并不局限于上面已经描述并在附图中示出的精确结构,并且可以在不脱离其范围进行各种修改和改变。本公开的范围仅由所附的权利要求来限制。It should be understood that the present disclosure is not limited to the precise constructions which have been described above and shown in the drawings, and various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.

Claims (11)

1.一种开机校验方法,其特征在于,用于终端中,所述终端中至少包括硬件层、内核Kernel层、启动装载Bootloader层和文件系统层,所述Kernel层中存储有公钥,所述Bootloader层携带有签名,所述方法包括:1. a boot checking method, it is characterized in that, be used in the terminal, at least comprise hardware layer, kernel Kernel layer, start loading Bootloader layer and file system layer in the described terminal, public key is stored in the described Kernel layer, Described Bootloader layer carries signature, and described method comprises: 检测所述终端是否为非测试用终端;Detecting whether the terminal is a non-test terminal; 当确定所述终端为所述非测试用终端时,则通过所述Kernel层使用所述公钥对所述签名进行校验,所述签名是根据私钥生成的签名,所述私钥与所述公钥不匹配,在校验失败时,指示结束校验。When it is determined that the terminal is the non-test terminal, the signature is verified using the public key through the Kernel layer, the signature is a signature generated according to a private key, and the private key is the same as the public key. If the above public key does not match, when the verification fails, it indicates to end the verification. 2.根据权利要求1所述的方法,其特征在于,所述检测所述终端是否为非测试用终端,包括:2. The method according to claim 1, wherein the detecting whether the terminal is a non-test terminal comprises: 检测所述终端中是否包含预设电路结构,所述预设电路结构用于表示所述终端是测试用终端;Detecting whether the terminal includes a preset circuit structure, the preset circuit structure is used to indicate that the terminal is a terminal for testing; 若所述终端中不包含所述预设电路结构,则确定所述终端为所述非测试用终端。If the terminal does not include the preset circuit structure, then determine that the terminal is the non-test terminal. 3.根据权利要求2所述的方法,其特征在于,所述检测所述终端中是否包含预设电路结构,包括:3. The method according to claim 2, wherein the detecting whether a preset circuit structure is included in the terminal comprises: 检测所述硬件层的可信区域中是否包含所述预设电路结构,所述可信区域是所述硬件层中禁止被应用程序直接访问的区域。Detecting whether the preset circuit structure is included in the trusted area of the hardware layer, where the trusted area is an area in the hardware layer that is prohibited from being directly accessed by applications. 4.根据权利要求1所述的方法,其特征在于,所述检测所述终端是否为非测试用终端,包括:4. The method according to claim 1, wherein the detecting whether the terminal is a non-test terminal comprises: 检测所述终端中是否包含预设标识,所述预设标识为用于表示所述终端为测试用终端的标识;Detecting whether the terminal contains a preset identifier, where the preset identifier is an identifier indicating that the terminal is a terminal for testing; 若所述终端中不包含所述预设标识,则确定所述终端为所述非测试用终端。If the terminal does not contain the preset identifier, determine that the terminal is the non-test terminal. 5.根据权利要求4所述的方法,其特征在于,所述检测所述终端中是否包含预设标识,包括:5. The method according to claim 4, wherein the detecting whether a preset identifier is included in the terminal comprises: 检测所述硬件层的可信存储区域中是否包含所述预设标识,所述可信存储区域是所述硬件层中禁止被应用程序直接访问的区域。Detecting whether the preset identifier is included in the trusted storage area of the hardware layer, where the trusted storage area is an area in the hardware layer that is prohibited from being directly accessed by applications. 6.一种开机校验装置,其特征在于,用于终端中,所述终端中至少包括硬件层、内核Kernel层、启动装载Bootloader层和文件系统层,所述Kernel层中存储有公钥,所述Bootloader层携带有签名,所述装置包括:6. A boot checking device is characterized in that, it is used in a terminal, and the terminal includes at least a hardware layer, a kernel Kernel layer, a startup loading Bootloader layer and a file system layer, and a public key is stored in the Kernel layer, The Bootloader layer carries a signature, and the device includes: 检测模块,被配置为检测所述终端是否为非测试用终端;a detection module configured to detect whether the terminal is a non-test terminal; 校验模块,被配置为当确定所述终端为所述非测试用终端时,则通过所述Kernel层使用所述公钥对所述签名进行校验,所述签名是根据私钥生成的签名,所述私钥与所述公钥不匹配,在校验失败时,指示结束校验。A verification module configured to verify the signature using the public key through the Kernel layer when the terminal is determined to be the non-test terminal, the signature is a signature generated according to the private key , the private key does not match the public key, and when the verification fails, it indicates to end the verification. 7.根据权利要求6所述的装置,其特征在于,所述检测模块包括:7. The device according to claim 6, wherein the detection module comprises: 第一检测子模块,被配置为检测所述终端中是否包含预设电路结构,所述预设电路结构用于表示所述终端是测试用终端;The first detection submodule is configured to detect whether the terminal includes a preset circuit structure, and the preset circuit structure is used to indicate that the terminal is a terminal for testing; 第一确定子模块,被配置为在所述终端中不包含所述预设电路结构时,则确定所述终端为所述非测试用终端。The first determination submodule is configured to determine that the terminal is the non-test terminal when the terminal does not contain the preset circuit structure. 8.根据权利要求7所述的装置,其特征在于,8. The device of claim 7, wherein: 所述第一检测子模块,还被配置为检测所述硬件层的可信区域中是否包含所述预设电路结构,所述可信区域是所述硬件层中禁止被应用程序直接访问的区域。The first detection submodule is further configured to detect whether the preset circuit structure is included in the trusted area of the hardware layer, and the trusted area is an area in the hardware layer that is prohibited from being directly accessed by applications . 9.根据权利要求6所述的装置,其特征在于,所述检测模块包括:9. The device according to claim 6, wherein the detection module comprises: 第二检测子模块,被配置为检测所述终端中是否包含预设标识,所述预设标识为用于表示所述终端为测试用终端的标识;The second detection submodule is configured to detect whether the terminal contains a preset identifier, and the preset identifier is an identifier used to indicate that the terminal is a terminal for testing; 第二确定子模块,被配置为在所述终端中不包含所述预设标识时,则确定所述终端为所述非测试用终端。The second determination submodule is configured to determine that the terminal is the non-test terminal when the terminal does not contain the preset identifier. 10.根据权利要求9所述的装置,其特征在于,10. The apparatus of claim 9, wherein: 所述第二检测子模块,还被配置为检测所述硬件层的可信存储区域中是否包含所述预设标识,所述可信存储区域是所述硬件层中禁止被应用程序直接访问的区域。The second detection submodule is further configured to detect whether the preset identifier is contained in the trusted storage area of the hardware layer, and the trusted storage area is prohibited from being directly accessed by applications in the hardware layer. area. 11.一种开机校验装置,其特征在于,用于终端中,所述终端中至少包括硬件层、内核Kernel层、启动装载Bootloader层和文件系统层,所述Kernel层中存储有公钥,所述Bootloader层携带有签名,所述装置包括:11. A power-on verification device, characterized in that it is used in a terminal, and the terminal at least includes a hardware layer, a kernel Kernel layer, a boot loader layer and a file system layer, and a public key is stored in the Kernel layer, The Bootloader layer carries a signature, and the device includes: 处理器;processor; 用于存储所述处理器可执行指令的存储器;memory for storing said processor-executable instructions; 其中,所述处理器被配置为:Wherein, the processor is configured as: 检测所述终端是否为非测试用终端;Detecting whether the terminal is a non-test terminal; 当确定所述终端为所述非测试用终端时,则通过所述Kernel层使用所述公钥对所述签名进行校验,所述签名是根据私钥生成的签名,所述私钥与所述公钥不匹配,在校验失败时,指示结束校验。When it is determined that the terminal is the non-test terminal, the signature is verified using the public key through the Kernel layer, the signature is a signature generated according to a private key, and the private key is the same as the public key. If the above public keys do not match, when the verification fails, it indicates to end the verification.
CN201610620662.8A 2016-07-29 2016-07-29 Power-on verification method and device Active CN106295363B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610620662.8A CN106295363B (en) 2016-07-29 2016-07-29 Power-on verification method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610620662.8A CN106295363B (en) 2016-07-29 2016-07-29 Power-on verification method and device

Publications (2)

Publication Number Publication Date
CN106295363A true CN106295363A (en) 2017-01-04
CN106295363B CN106295363B (en) 2019-05-14

Family

ID=57663850

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610620662.8A Active CN106295363B (en) 2016-07-29 2016-07-29 Power-on verification method and device

Country Status (1)

Country Link
CN (1) CN106295363B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107194211A (en) * 2017-05-19 2017-09-22 环旭电子股份有限公司 Automatic certification testing system and method
WO2022028075A1 (en) * 2020-08-03 2022-02-10 深圳市广和通无线股份有限公司 Network connection method and apparatus, and computer device and storage medium
US11392687B2 (en) * 2019-01-04 2022-07-19 Baidu Usa Llc Method and system for validating kernel objects to be executed by a data processing accelerator of a host system
TWI824602B (en) * 2022-07-05 2023-12-01 大陸商星宸科技股份有限公司 Electronic device and control method thereof

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW200838251A (en) * 2007-03-06 2008-09-16 Chunghwa Telecom Co Ltd Dynamic one-time password authentication system
CN103914658A (en) * 2013-01-05 2014-07-09 展讯通信(上海)有限公司 Safe starting method of terminal equipment, and terminal equipment
CN104200153A (en) * 2014-09-12 2014-12-10 北京赛科世纪数码科技有限公司 Start verification method and system
US20140380031A1 (en) * 2013-06-24 2014-12-25 Red Hat, Inc. System wide root of trust chaining via signed applications

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW200838251A (en) * 2007-03-06 2008-09-16 Chunghwa Telecom Co Ltd Dynamic one-time password authentication system
CN103914658A (en) * 2013-01-05 2014-07-09 展讯通信(上海)有限公司 Safe starting method of terminal equipment, and terminal equipment
US20140380031A1 (en) * 2013-06-24 2014-12-25 Red Hat, Inc. System wide root of trust chaining via signed applications
CN104200153A (en) * 2014-09-12 2014-12-10 北京赛科世纪数码科技有限公司 Start verification method and system

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107194211A (en) * 2017-05-19 2017-09-22 环旭电子股份有限公司 Automatic certification testing system and method
CN107194211B (en) * 2017-05-19 2020-03-10 环旭电子股份有限公司 Automatic authentication test system and method
US11392687B2 (en) * 2019-01-04 2022-07-19 Baidu Usa Llc Method and system for validating kernel objects to be executed by a data processing accelerator of a host system
WO2022028075A1 (en) * 2020-08-03 2022-02-10 深圳市广和通无线股份有限公司 Network connection method and apparatus, and computer device and storage medium
TWI824602B (en) * 2022-07-05 2023-12-01 大陸商星宸科技股份有限公司 Electronic device and control method thereof

Also Published As

Publication number Publication date
CN106295363B (en) 2019-05-14

Similar Documents

Publication Publication Date Title
CN107241688A (en) Signature, verification method, device and the storage medium of application installation package
US20180152454A1 (en) Method and apparatus for managing program of electronic device
JP5069359B2 (en) System and method for allowing execution of software code based on at least one installed profile
US8539610B2 (en) Software security
US11238161B2 (en) Secure boot and apparatus, and terminal device
CN105975864A (en) Operation system starting method and device, and terminal
CN111199039B (en) Application security verification method and device and terminal equipment
CN107169320A (en) Method of calibration and device
US12481761B2 (en) Secure boot method of IoT apparatus, IoT apparatus and storage medium
WO2019047148A1 (en) Password verification method, terminal, and computer readable storage medium
CN107766701A (en) Electronic equipment, dynamic library file guard method and device
CN106406895A (en) Operating system starting method and device
CN106295363A (en) Startup calibration method and device
US9684790B2 (en) Application processing apparatus and method for mobile terminal
CN106709284A (en) Root package validation method and device
CN107506636A (en) The guard method of pre-installed applications program and device
CN108228263A (en) The method and device that system starts
CN106062762A (en) Application encryption method and device
CN108229173B (en) System starting method and device
CN107480076A (en) Protection processing method, device and the terminal of system partitioning
CN106485151B (en) Method and device for controlling flashing
CN115438345A (en) Log encryption and decryption method, device, equipment and storage medium
CN106407818B (en) Network data packet encryption method and device
CN110139230A (en) The method, apparatus and smart machine of forwarding short message
CN111241522B (en) Firmware signature method and device and storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant