CN106970678A - Under a kind of TEE under RPC mechanism secure clock control method - Google Patents
Under a kind of TEE under RPC mechanism secure clock control method Download PDFInfo
- Publication number
- CN106970678A CN106970678A CN201710145043.2A CN201710145043A CN106970678A CN 106970678 A CN106970678 A CN 106970678A CN 201710145043 A CN201710145043 A CN 201710145043A CN 106970678 A CN106970678 A CN 106970678A
- Authority
- CN
- China
- Prior art keywords
- tee
- clock control
- under
- spi
- clock
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F1/00—Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
- G06F1/04—Generating or distributing clock signals or signals derived directly therefrom
Abstract
The invention provides the control method of secure clock under RPC mechanism under a kind of TEE, comprise the following steps:CA routine call Client API;Client API Calls Client Driver;Client Driver are switched to TEE OS by smc call, and perform correspondence TA and by TA call TEE SPI communication interfaces send/receive data;Call the clock realized in the TEE to enable interface and by RPC, make can request that to REE ends tranmitting data register;Client Driver receive request, and request is distributed into the clock control driving of REE ends;Clock control driving calls Linux clock interfaces to enable SPI driving clocks, and TEE is returned by Client Driver;Safe SPI drivings start I/O operation, the data of TA needs are sent/received to spi bus, the method of the secure clock control of the present invention controls SPI clocks to have invocation step simple relative to conventional mode, efficiency high, and the operation in unsafe conditions will not also reduce security of system.
Description
Technical field
The present invention relates to the control field of secure clock under RPC mechanism under TEE, and in particular under a kind of TEE under RPC mechanism
The control method of secure clock.
Background technology
Increasing application protects secure user data using the bio-identification such as fingerprint, iris mode in terminal, this
Class bio-identification just seems still to be important using the security of data itself.
TEE certain applications can be in access system hardware device, such as fingerprint, eSE, for security consideration, are visited
Ask that these equipment need to realize in TEE, hardware control is typically all separate modular in itself, independent relative from REE ends
Easily realize, and hardware clock is related to whole system Clock Tree, independent to be realized into TEE, can destroy linux clocks system
System integrality, thus need to be adapted to by the way of a kind of compromise.It is conventional to be controlled by the way of CA accesses Linux driver
SPI clocks, so increase invocation step, efficiency reduction, operation of the prior increase in unsafe conditions, reduction system peace
Quan Xing.
The content of the invention
In order to solve above-mentioned not enough defect, the invention provides the controlling party of secure clock under RPC mechanism under a kind of TEE
Method, the method that secure clock of the invention is controlled is relative to conventional when SPI is controlled by the way of CA accesses Linux driver
Clock has invocation step simple, efficiency high, and the operation in unsafe conditions, will not also reduce security of system.
The invention provides the control method of secure clock under RPC mechanism under a kind of TEE, comprise the following steps:
Step (1):CA routine call Client API;
Step (2):The Client API Calls Client Driver;
Step (3):The Client Driver are switched to TEE OS by smc call, and perform correspondence TA and pass through
TA call TEE SPI communication interfaces send/receive data;
Step (4):Call the clock realized in the TEE to enable interface and by RPC, enabled to REE ends tranmitting data register
Request;
Step (5):The Client Driver receive request, and request is distributed into the clock control driving of REE ends;
Step (6):The clock control driving calls Linux clock interfaces to enable SPI driving clocks, by Client
Driver returns to TEE;
Step (7):Safe SPI drivings start I/O operation, send/receive the data of TA needs to spi bus;
Step (8):SPI clocks are closed after end;
Step (9):TA business processings are finished, and are back to CA.
Above-mentioned method, wherein, the step (4) includes:
The clock realized in TEE is called to enable interface.
Above-mentioned method, wherein, the step (8) includes:SPI clocks are entered to step (6) by above-mentioned step (4)
Row is closed.
Above-mentioned method, wherein, the step (5) includes:The request of clock control is received in Client Driver
When, the clock control driving of REE ends is called, practical operation is completed, inside modules then call Linux to pass through clock interface.
Above-mentioned method, wherein, in addition to the process realized inside REE ends clock control drive module external interface:Mould
Block external interface can be called by Client Driver, in enable/closing clock request, call Linux Clock Subsystems to connect
Mouthful complete.
Above-mentioned method, wherein, the clock control interface at the TEE ends is used for the encapsulation of RPC invoked procedures, to Client
The request of Driver tranmitting data registers enable/closing.
Above-mentioned method, wherein, the Client Driver are asked in reception TEE RPC and are judged as that clock control please
Ask, call clock control to drive.
Above-mentioned method, wherein, the interface type of REE ends clock control driving is:External interface, for enabling
Spi clock void rsee_rpc_spi_clk_enable (void), and close spi clock void rsee_rpc_spi_
clk_disable(void)。
Above-mentioned method, wherein, the TEE clock controls interface includes internal interface and external interface, and the inside connects
Mouth is used to enable spi clocks, by calling rpc to realize void rsee_rpc_spi_clk_enable (void), and closes
Spi clocks, by calling rpc to realize void rsee_rpc_spi_clk_disable (void), the external interface is used for
Spi clocks are enabled, rsee_rpc_spi_clk_enablevoid spi_enable_clk (void) are called, and close spi
Clock, calls rsee_rpc_spi_clk_disablevoid spi_disable_clk (void).
The present invention has advantages below:1st, the method for secure clock of the invention control is accessed relative to conventional using CA
Linux driver mode controls SPI clocks to have invocation step simple, efficiency high, and the behaviour in unsafe conditions
Make, will not also reduce security of system.When Linux driver driving opening SPI are called in the 2nd, optimization call flow, reduction CA
Clock, most of key component is placed in TEE and performed, and improves security, improves system effectiveness.
Brief description of the drawings
By reading the detailed description made with reference to the following drawings to non-limiting example, the present invention and its feature, outside
Shape and advantage will become more apparent upon.Identical mark indicates identical part in whole accompanying drawings.Not deliberately proportionally
Draw accompanying drawing, it is preferred that emphasis is the purport of the present invention is shown.
Fig. 1 for the control method of secure clock under RPC mechanism under a kind of TEE for providing of the present invention flow chart.
Fig. 2 for the control method of secure clock under RPC mechanism under a kind of TEE for providing of the present invention one of which embodiment party
Formula.
Fig. 3 for the control method of secure clock under RPC mechanism under a kind of TEE for providing of the present invention call flow chart.
The REE ends clock control driving flow chart that Fig. 4 provides for the present invention.
The REE ends clock control drive module initialization flowchart that Fig. 5 provides for the present invention.
Implementation process figure inside the REE ends clock control drive module external interface that Fig. 6 provides for the present invention.
The TEE ends clock control Interface Flowchart figure that Fig. 7 a provide for the present invention.
Fig. 7 b are asked for the RPC that the present invention is provided and are distributed to REE ends clock control driving flow chart.
Embodiment
In the following description, a large amount of concrete details are given to provide more thorough understanding of the invention.So
And, it is obvious to the skilled person that the present invention can be able to without one or more of these details
Implement.In other examples, in order to avoid obscuring with the present invention, do not enter for some technical characteristics well known in the art
Row description.
In order to thoroughly understand the present invention, detailed step and detailed structure will be proposed in following description, so as to
Explain technical scheme.Presently preferred embodiments of the present invention is described in detail as follows, but in addition to these detailed descriptions, this
Invention can also have other embodiment.
Referring to figs. 1 to shown in Fig. 7 a, Fig. 7 b, under a kind of TEE that the present invention is provided under RPC mechanism secure clock controlling party
Method, comprises the following steps:
Step (1):CA routine call Client API.
Step (2):The Client API Calls Client Driver;
Step (3):The Client Driver are switched to TEE OS by smc call, and perform correspondence TA and pass through
TA call TEE SPI communication interfaces send/receive data;
Step (4):Call the clock realized in the TEE to enable interface and by RPC, enabled to REE ends tranmitting data register
Request, including call safe SPI drive and access SPI, it is necessary to first enable SPI clocks;The clock realized in TEE is called to make
Energy interface, that is to say, that system calls safe SPI to drive, will now access SPI, it is necessary to first enable SPI clocks, both call foregoing
The clock realized in TEE enables interface.
Step (5):The Client Driver receive request, and request is distributed into the clock control driving of REE ends,
That is, REE ends Client Driver first receive request, be distributed to REE clock controls driving, including
When Client Driver receive the request of clock control, the clock control driving of REE ends is called, is completed in practical operation, module
Then Linux is called to pass through clock interface in portion.
Step (6):The clock control driving calls Linux clock interfaces to enable SPI driving clocks, by Client
Driver returns to TEE, and including module initialization process, wherein module is registered as platform device, Linux in linux system
Kernel travels through device tree when loading, and finds after the equipment of matching, the probe methods of calling driver module registration, performs just
Beginningization, further preferably, including the process realized inside REE ends clock control drive module external interface:Module-external interface
It can be called by Client Driver, in enable/closing clock request, call Linux Clock Subsystems interface to complete.
Step (7):Safe SPI drivings start I/O operation, send/receive the data of TA needs to spi bus.
Step (8):SPI clocks are closed after end, step (6) is arrived to SPI clocks including by above-mentioned step (4)
Closed.
Step (9):TA business processings are finished, and are back to CA.Present invention optimizes call flow, reduce and called in CA
SPI clocks are opened in Linux driver drivings, and most of key component is placed in TEE and performed, and improves safe venereal disease and improves system
System efficiency.
In the present invention one preferably and in non-limiting embodiment, the clock control interface at the TEE ends is called for RPC
The encapsulation of process, to the request of Client Driver tranmitting data registers enable/closing.
In the present invention one preferably and in non-limiting embodiment:
Interface design
Client Driver
In order to support to only need to make some extensions in the present invention, Client Driver, ask and sentence in reception TEE RPC
Break and asked for clock control, call clock control to drive.
REE clock controls drive
Type:External interface,
Function is described:External interface, enables spi clocks
void rsee_rpc_spi_clk_enable(void);
Type:External interface,
Function is described:Close spi clocks
void rsee_rpc_spi_clk_disable(void);
TEE clock control interfaces
Type:Internal interface,
Function is described:Spi clocks are enabled, by calling rpc to realize
void rsee_rpc_spi_clk_enable(void);
Type:Internal interface,
Function is described:Spi clocks are closed, by calling rpc to realize
void rsee_rpc_spi_clk_disable(void);
Type:External interface,
Function is described:External interface, enables spi clocks, calls rsee_rpc_spi_clk_enable
void spi_enable_clk(void);
Type:External interface,
Function is described:External interface, closes spi clocks, calls rsee_rpc_spi_clk_disable
void spi_disable_clk(void);
Presently preferred embodiments of the present invention is described above.It is to be appreciated that the invention is not limited in above-mentioned
Particular implementation, wherein the equipment and structure be not described in detail to the greatest extent are construed as giving reality with the common mode in this area
Apply;Any those skilled in the art, without departing from the scope of the technical proposal of the invention, all using the disclosure above
Methods and techniques content make many possible variations and modification to technical solution of the present invention, or be revised as equivalent variations etc.
Embodiment is imitated, this has no effect on the substantive content of the present invention.Therefore, every content without departing from technical solution of the present invention, foundation
The technical spirit of the present invention still falls within the present invention to any simple modifications, equivalents, and modifications made for any of the above embodiments
In the range of technical scheme protection.
Claims (7)
1. under a kind of TEE under RPC mechanism secure clock control method, it is characterised in that comprise the following steps:
Step (1):CA routine call Client API;
Step (2):The Client API Calls Client Driver;
Step (3):The Client Driver are switched to TEE OS by smc call, and perform correspondence TA and adjusted by TA
Sent with TEE SPI API communication interfaces/receive data;
Step (4):Call the clock realized in the TEE to enable interface and by RPC, make can request that to REE ends tranmitting data register;
Step (5):The Client Driver receive request, and request is distributed into the clock control driving of REE ends;
Step (6):The clock control driving calls Linux clock interfaces to enable SPI driving clocks, by Client
Driver returns to TEE;
Step (7):Safe SPI drivings start I/O operation, send/receive the data of TA needs to spi bus;
Step (8):SPI clocks are closed after end;
Step (9):TA business processings are finished, and are back to CA.
2. under a kind of TEE according to claim 1 under RPC mechanism secure clock control method, it is characterised in that it is described
Step (4) includes:
The clock realized in TEE is called to enable interface.
3. under a kind of TEE according to claim 1 under RPC mechanism secure clock control method, it is characterised in that it is described
Step (8) includes:SPI clocks are closed to step (6) by above-mentioned step (4).
4. under a kind of TEE according to claim 1 under RPC mechanism secure clock control method, it is characterised in that it is described
Step (5) includes:When Client Driver receive the request of clock control, the clock control driving of REE ends is called, is completed
Practical operation, inside modules then call Linux to pass through clock interface.
5. under a kind of TEE according to claim 1 under RPC mechanism secure clock control method, it is characterised in that also wrap
Include the process realized inside REE ends clock control drive module external interface:Module-external interface can be by Client Driver
Call, in enable/closing clock request, call Linux Clock Subsystems interface to complete.
6. under a kind of TEE according to claim any one of 1-5 under RPC mechanism secure clock control method, its feature
It is, the clock control interface at the TEE ends is used for the encapsulation of RPC invoked procedures, makes to Client Driver tranmitting data registers
The request of energy/closing.
7. under a kind of TEE according to claim 6 under RPC mechanism secure clock control method, it is characterised in that it is described
Client Driver are asked in reception TEE RPC and are judged as that clock control is asked, and call clock control to drive.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710145043.2A CN106970678B (en) | 2017-03-10 | 2017-03-10 | Control method of safety clock under RPC mechanism under TEE |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710145043.2A CN106970678B (en) | 2017-03-10 | 2017-03-10 | Control method of safety clock under RPC mechanism under TEE |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106970678A true CN106970678A (en) | 2017-07-21 |
CN106970678B CN106970678B (en) | 2020-01-21 |
Family
ID=59329396
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710145043.2A Active CN106970678B (en) | 2017-03-10 | 2017-03-10 | Control method of safety clock under RPC mechanism under TEE |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106970678B (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101116078A (en) * | 2004-12-30 | 2008-01-30 | 诺基亚公司 | System and method for representing a secure time on a device on an insecure clock |
CN101533438A (en) * | 2008-05-24 | 2009-09-16 | 威盛电子股份有限公司 | Microprocessor device for providing secure execution environment and method for executing secure code thereof |
CN103150514A (en) * | 2013-03-07 | 2013-06-12 | 中国科学院软件研究所 | Mobile equipment-based credible module and credible service method thereof |
US20140337929A1 (en) * | 2013-05-09 | 2014-11-13 | Samsung Electronics Co., Ltd. | Method for providing drm service and electronic device thereof |
CN104620253A (en) * | 2012-09-28 | 2015-05-13 | 意法爱立信有限公司 | Method and apparatus for maintaining secure time |
CN105468980A (en) * | 2015-11-16 | 2016-04-06 | 华为技术有限公司 | Security control method, device and system |
-
2017
- 2017-03-10 CN CN201710145043.2A patent/CN106970678B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101116078A (en) * | 2004-12-30 | 2008-01-30 | 诺基亚公司 | System and method for representing a secure time on a device on an insecure clock |
CN101533438A (en) * | 2008-05-24 | 2009-09-16 | 威盛电子股份有限公司 | Microprocessor device for providing secure execution environment and method for executing secure code thereof |
CN104620253A (en) * | 2012-09-28 | 2015-05-13 | 意法爱立信有限公司 | Method and apparatus for maintaining secure time |
CN103150514A (en) * | 2013-03-07 | 2013-06-12 | 中国科学院软件研究所 | Mobile equipment-based credible module and credible service method thereof |
US20140337929A1 (en) * | 2013-05-09 | 2014-11-13 | Samsung Electronics Co., Ltd. | Method for providing drm service and electronic device thereof |
CN105468980A (en) * | 2015-11-16 | 2016-04-06 | 华为技术有限公司 | Security control method, device and system |
Also Published As
Publication number | Publication date |
---|---|
CN106970678B (en) | 2020-01-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104778401B (en) | Data processing equipment and method for executing application | |
CN105045625B (en) | Root authority management-control method under a kind of Android platform | |
US20200233951A1 (en) | Authenticated discoverability of universal windows applications to win32 desktop applications | |
CN106415506B (en) | For calling the group scheme of the object-oriented of safety zone | |
US5566326A (en) | Copy file mechanism for transferring files between a host system and an emulated file system | |
US9268959B2 (en) | Trusted security zone access to peripheral devices | |
US10496824B2 (en) | Trusted language runtime on a mobile platform | |
CN108322307B (en) | Inter-container communication system and method based on kernel memory sharing | |
EP2746981A1 (en) | Trusted execution environment access control rules derivation | |
CN102253855B (en) | A kind of method and apparatus transmitting shared drive | |
US9635549B2 (en) | Providing subscriber identity module function | |
CN106874232B (en) | Charging method, device and terminal of Universal Serial Bus (USB) | |
CN109168156A (en) | A kind of implementation method and server of virtual SIM card | |
US10102154B2 (en) | Protected memory area | |
US10694381B1 (en) | System and method for authentication and sharing of subscriber data | |
US9245112B2 (en) | Apparatus and method for managing entitlements to program code | |
US20170046524A1 (en) | Electronic device for controlling file system and operating method thereof | |
JP2003332978A (en) | Communication device, program, and recording medium | |
CN106970678A (en) | Under a kind of TEE under RPC mechanism secure clock control method | |
CN103279382B (en) | Primary mode accesses the method for resource, Java end, primary end and system | |
CN108537535A (en) | Mobile terminal based on cellphone shield and cellphone shield management method | |
CN104714760B (en) | A kind of method and device for reading and writing storage device | |
CN109361752A (en) | A kind of data transmission method, device, server, system and storage medium | |
CN105893112B (en) | Data packet processing method and device in virtualization environment | |
CN104349321B (en) | A kind of secure access method for authenticating, access request sending method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20211123 Address after: Room 501, Jinqian block, 10 Hongyi Road, Xinwu District, Wuxi City, Jiangsu Province, 214028 Patentee after: Wuxi rongka Technology Co.,Ltd. Address before: 430000 No. 60-1, 1st floor, entrepreneurship building, Wuda Science Park, Donghu New Technology Development Zone, Wuhan, Hubei Patentee before: WUHAN RONGCARD INTELLIGENT INFORMATION TECHNOLOGY CO.,LTD. |