CN107220547A - Terminal device and its startup method - Google Patents

Terminal device and its startup method Download PDF

Info

Publication number
CN107220547A
CN107220547A CN201610159979.6A CN201610159979A CN107220547A CN 107220547 A CN107220547 A CN 107220547A CN 201610159979 A CN201610159979 A CN 201610159979A CN 107220547 A CN107220547 A CN 107220547A
Authority
CN
China
Prior art keywords
bootstrap
hash digest
memory
code
terminal device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610159979.6A
Other languages
Chinese (zh)
Other versions
CN107220547B (en
Inventor
虞华伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Spreadtrum Communications Shanghai Co Ltd
Original Assignee
Spreadtrum Communications Shanghai Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Spreadtrum Communications Shanghai Co Ltd filed Critical Spreadtrum Communications Shanghai Co Ltd
Priority to CN201610159979.6A priority Critical patent/CN107220547B/en
Publication of CN107220547A publication Critical patent/CN107220547A/en
Application granted granted Critical
Publication of CN107220547B publication Critical patent/CN107220547B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

A kind of terminal device and its startup method, methods described include:Operation starts code and run with jumping at the first security code;First security code is run, basic security content is verified;When the basic security content verification by when, run the second security code in the basic security content, verify bootstrap;When the bootstrap is verified, the bootstrap is run;Wherein, first security code is stored in the storage region of the One Time Programmable in non-volatile first memory, the basic security content and the bootstrap are stored in non-volatile first memory, the startup code is stored in read-only second memory, and the first memory is in different chips from the second memory.Such scheme can use the chip for itself not being related to clean boot function to realize the clean boot of terminal device.

Description

Terminal device and its startup method
Technical field
The present invention relates to intelligent terminal field, more particularly to a kind of terminal device and its startup method.
Background technology
With the development of mobile terminal intelligence degree, intelligent terminal operation system can provide all kinds of The prosperity of the running environment of application software, the popularization of intelligent terminal and mobile Internet application causes increasingly Many users handle all kinds of security sensitive business by intelligent terminal, so that mobile terminal is faced with respectively Plant security threat.
All invasions to intelligent terminal field are required for changing system for content, and almost all of invasion is all needed The system file of key is changed, therefore system progress integrality and consistency checking are highly desirable to, Checking to the integrality and uniformity of system is carried out when intelligent terminal starts, so as to ensure intelligent terminal Clean boot.Refer to the typical structure of the intelligent terminal chip shown in Fig. 1, chip mainly by be responsible for control, The processor of calculation function and with read-only storage in nest plate (Read Only Memory, ROM), random Access the test that memory (Radom Access Memory, RAM), joint test working group are formulated Interface standard (Joint Test Action Group, JTAG) interface and general input/output port (General Purpose Input/Out, GPIO) and other functional modules composition.Due to by on-chip memory capacity Limitation, the main program of intelligent terminal is all placed on the nonvolatile memory (Non-Volatile of outside Memory, NVM) in.The normal boot process of Major Systems is during external RAM is chip operation:
1st, start since ROM in piece;
2nd, in the internal RAM that bootstrap is moved on into processor from NVM;
3rd, bootstrap is run, external RAM is initialized, code is copied to external RAM from NVM;
4th, program pointer points to external RAM, starts to perform the program in external RAM.
Said process is not verified to code, and code arbitrarily can be modified and crack, it is impossible to ensure The safety of intelligent terminal, such as locking network and card are easy to be cracked.However, some chips support safety to open It is dynamic, but some chips do not add the module about clean boot, are not related to clean boot for itself For the chip of function, security is poor on startup for terminal device.
The content of the invention
Present invention solves the technical problem that being to provide a kind of terminal device and its startup method, do not related in script And the clean boot of terminal device is realized on the basis of the chip of clean boot function, it is ensured that use this kind of core The security of the terminal device start-up course of piece.
In order to solve the above technical problems, the embodiment of the present invention provides a kind of startup method of terminal device, bag Include:
Operation starts code and run with jumping at the first security code;
First security code is run, basic security content is verified;
When the basic security content verification by when, run the second safety in the basic security content Code, verifies bootstrap;
When the bootstrap is verified, the bootstrap is run;
Wherein, what first security code was stored in non-volatile first memory disposable compiles The storage region of journey, the basic security content and the bootstrap are stored in described non-volatile In one memory, it is described startup code be stored in read-only second memory, the first memory with The second memory is in different chips.
Alternatively, operation first security code, verifies basic security content, including:
First security code is run, to calculate the first Hash digest of the basic security content;
When first Hash digest is identical with the Hash digest pre-saved, the basic security is verified Content passes through, wherein, the Hash digest pre-saved is stored in the first memory once In the programmable storage region of property.
Alternatively, the second security code in the operation basic security content, verifies bootstrap, Including:
The second security code in basic security content is run, the guiding is verified using public key algorithm Program.
Alternatively, the second security code in the operation basic security content, uses public key algorithm The bootstrap is verified, including:
Second security code is run, to use the public key in the basic security content to the guiding The plaintext for obtaining second Hash digest is decrypted in the ciphertext of the second Hash digest in program, and counts Calculating needs the actual Hash digest of verification portion in the bootstrap;
When need that the actual Hash digest of verification portion obtains with decryption in the bootstrap described second The plaintext of Hash digest is identical, then verifies that bootstrap passes through;
Wherein, the ciphertext of second Hash digest is encrypted by the first private key in advance, and described first is private Key constitutes a group key pair with the public key in the basic security content.
Alternatively, the public key algorithm is asymmetric key algorithm.
Alternatively, the basic security content also includes following one or more:
International mobile equipment identification number, production number, area code and language code.
Alternatively, the second memory with processor is in same crystal grain or is integrated in same physics core On piece, the first memory is coupled with outside the phy chip piece.
Alternatively, the startup method of the terminal device, in addition to:
When verify the bootstrap by when, run the bootstrap, verify image file;
Wherein, the image file is stored in non-volatile first memory.
Alternatively, the operation bootstrap, verifies image file, including:
The bootstrap is run, so that the public key in the bootstrap is in the image file The plaintext for obtaining the 3rd Hash digest is decrypted in the ciphertext of three Hash digests, and calculates the image The actual Hash digest of verification portion is needed in file;
As need that the actual Hash digest of verification portion obtains with decryption in the image file the described 3rd The plaintext of Hash digest is identical, then verifies that the image file passes through;
Wherein, the ciphertext of the 3rd Hash digest is encrypted by the second private key in advance, and described second is private Key constitutes a group key pair with the public key in the bootstrap.
The embodiment of the present invention also provides a kind of terminal device, and the terminal device includes:Processor, it is non-easily The first memory and read-only second memory for the property lost;
The processor, starts code suitable for operation and is run with jumping at the first security code;
Non-volatile first memory, with for storing the disposable of first security code Programmable storage region, and store basic security content and bootstrap;
The read-only second memory, suitable for storing the startup code;
Wherein, the processor runs first security code, to verify the basic security content; When verify the basic security content by when, run the second security code in the basic security content, To verify the bootstrap;When verify the bootstrap by when, run the bootstrap.
Alternatively, the processor is suitable to:
First security code is run, to calculate the first Hash digest of the basic security content;
When first Hash digest is identical with the Hash digest pre-saved, the basic security is verified Content passes through, wherein, the Hash digest pre-saved is stored in the first memory once In the programmable storage region of property.
Alternatively, the processor is suitable to the second security code in operation basic security content, uses public affairs Open key algorithm and verify the bootstrap.
Alternatively, the processor is suitable to:
The second security code in basic security content is run, to use the public affairs in the basic security content Key is decrypted to the ciphertext of the second Hash digest in the bootstrap and obtains second Hash digest Plaintext, and calculate the actual Hash digest of verification portion needed in the bootstrap;
When need that the actual Hash digest of verification portion obtains with decryption in the bootstrap described second The plaintext of Hash digest is identical, then verifies that bootstrap passes through;
Wherein, the ciphertext of second Hash digest is encrypted by the first private key in advance, and described first is private Key constitutes a group key pair with the public key in the basic security content.
Alternatively, the public key algorithm is asymmetric key algorithm.
Alternatively, the basic security content also includes following one or more:
International mobile equipment identification number, production number, area code and language code.
Alternatively, the second memory with processor is in same crystal grain or is integrated in same physics core On piece, the first memory is coupled with outside the phy chip piece.
Alternatively, the processor is further adapted for:
When verify the bootstrap by when, run the bootstrap, verify image file, wherein, The image file is stored in non-volatile first memory.
Alternatively, the processor is further adapted for:
The bootstrap is run, to use the public key in the bootstrap in the image file The plaintext for obtaining the 3rd Hash digest is decrypted in the ciphertext of 3rd Hash digest, and is reflected described in calculating Actual Hash digest as needing verification portion in file;
As need that the actual Hash digest of verification portion obtains with decryption in the image file the described 3rd The plaintext of Hash digest is identical, then verifies that the image file passes through;
Wherein, the ciphertext of the 3rd Hash digest is encrypted by the second private key in advance, and described second is private Key constitutes a group key pair with the public key in the bootstrap.
Compared with prior art, the technical scheme of the embodiment of the present invention has the advantages that:
The embodiment of the present invention starts code to jump to operation at the first security code by running, and runs institute State the first security code, verify basic security content, when the basic security content verification by when, fortune The second security code in the row basic security content, verifies bootstrap, when the bootstrap is tested When card passes through, the bootstrap is run, wherein, first security code is stored in non-volatile The storage region of One Time Programmable in first memory, the basic security content and the guiding journey Sequence is stored in non-volatile first memory, and the startup code is stored in read-only second and deposited In reservoir, the first memory is in different chips from the second memory, so as to ensure basic The integrality and uniformity of secure content and bootstrap, and then clean boot function is not supported in script The clean boot of terminal device is realized on the basis of chip.
In addition, the embodiment of the present invention also verifies the integrality and uniformity of image file by bootstrap. Therefore, although the terminal device chip in the embodiment of the present invention does not have clean boot function, but this in itself The technical scheme of inventive embodiments by setting up trust chain from bottom to top, with first memory once Property programmable storage region in code and data as the bottom of trust chain, demonstrate clean boot generation The integrality and uniformity of code, and then ensure the clean boot of terminal device.
Further, bootstrap and image file are verified by using public key algorithm, so as to ensure The upgradability of software.
Brief description of the drawings
Fig. 1 is a kind of structural representation of typical terminal device chip in the prior art;
Fig. 2 is a kind of flow chart of the startup method of terminal device in the embodiment of the present invention;
Fig. 3 is a kind of structural representation of bootstrap of having signed in the embodiment of the present invention;
Fig. 4 is the flow chart of the startup method of another terminal device in the embodiment of the present invention;
Fig. 5 is a kind of structural representation of terminal device in the embodiment of the present invention.
Embodiment
As background technology is sayed, all invasions to intelligent terminal field are required for changing system for content, several All invasions are required for the crucial system file of change, therefore carry out integrality and uniformity to system Checking is highly desirable to, and the checking to the integrality and uniformity of system is carried out when intelligent terminal starts, So as to ensure intelligent terminal clean boot.At present, some chips support clean boot, but some chips are simultaneously The module about clean boot is not added, and due to the limitation of each side reason such as storage resource, It can not add the module of clean boot, for example, integrated basic security content or similar can not be related to safety The content of startup.For itself is not related to the chip of clean boot function, it is impossible to ensure terminal device The security of startup.
The embodiment of the present invention starts code to jump to operation at the first security code by running, and runs institute State the first security code, verify basic security content, when the basic security content verification by when, fortune The second security code in the row basic security content, verifies bootstrap, when the bootstrap is tested When card passes through, the bootstrap is run, wherein, first security code is stored in non-volatile The storage region of One Time Programmable in first memory, the basic security content and the guiding journey Sequence is stored in non-volatile first memory, and the startup code is stored in read-only second and deposited In reservoir, the first memory is in different chips from the second memory, so as to ensure basic The integrality and uniformity of secure content and bootstrap, and then clean boot function is not supported in script The clean boot of terminal device is realized on the basis of chip.
In addition, the embodiment of the present invention also verifies the integrality and uniformity of image file by bootstrap. Therefore, although the terminal device chip in the embodiment of the present invention does not have clean boot function, but this in itself The technical scheme of inventive embodiments by setting up trust chain from bottom to top, with first memory once Property programmable storage region in code and data as the bottom of trust chain, demonstrate clean boot generation The integrality and uniformity of code, and then ensure the clean boot of terminal device.
It is understandable to enable above-mentioned purpose, feature and beneficial effect of the invention to become apparent, with reference to Accompanying drawing is described in detail to the specific embodiment of the present invention.
Fig. 2 is a kind of flow chart of the startup method of terminal device in the embodiment of the present invention.Such as Fig. 2 institutes The startup method of the terminal device shown, may include steps of:
Step S201:Operation starts code and run with jumping at the first security code;
Step S202:First security code is run, basic security content is verified;
Step S203:When the basic security content verification by when, run in the basic security content The second security code, verify bootstrap;
Step S204:When the bootstrap is verified, the bootstrap is run.
Wherein, what first security code was stored in non-volatile first memory disposable compiles The storage region of journey, the basic security content and the bootstrap are stored in described non-volatile In one memory, it is described startup code be stored in read-only second memory, the first memory with The second memory is in different chips (die).
In specific implementation, the second memory with processor is in same crystal grain or is integrated in same On phy chip, the second memory is read-only type, the first memory and the described second storage Device is in different chips.
In step S201 specific implementation, the function of starting code and the work(of conventional startup code Can be the same, the function of clean boot is not related to.After chip power-up, system is at read-only second memory Start to perform the startup code, then jump at first security code and run automatically.
In step S202 specific implementation, basic security content (Basal Secure Content, BSC) Be made up of user data, user data comprising client public key and user want to add it is not upgradeable any Information, BSC is stored in non-volatile first memory, and non-volatile first memory can To be flash memory (FLASH) and embedded multi-media card (Embedded Multi Media Card, EMMC).
First security code is stored in the One Time Programmable memory block in the first memory In domain (One-Time-Programmable Memory, OTP), first security code is run, can To verify the integrality of basic security content, in specific implementation, it can verify described by hash algorithm Basic security content.Specifically, by running first security code, it can calculate described basic First Hash digest of secure content, when first Hash digest actually calculated is with pre-saving Hash digest it is identical when, BSC is verified.Wherein, the Hash digest pre-saved is stored in In the OTP of the first memory.
The storage region of the One Time Programmable can be that micro- electric fuse etc. has One Time Programmable function Module.The storage region of the One Time Programmable cannot be changed once be programmed, disposably Programmable storage region can also store this terminal device chip unique mark (Unique Identifier, UID), the UID of chip is the unique unduplicated numbering of product, and UID writes before product export, right User-readable, it is ensured that UID is not tampered with.In specific implementation, the memory block of the One Time Programmable The Hash digest pre-saved in domain can account for 256 bits, and UID accounts for 128 bits.
The Hash digest pre-saved needs just to can determine that after the determination of basic security content, basic to pacify The information such as international mobile equipment identification number are had in complete, each terminal can be different, therefore deposited using OTP The need for the Hash digest pre-saved described in storage can be met by device customizing.
In specific implementation, the change of any basic security content is actually calculated after all causing start The first Hash digest change, when first Hash digest actually calculated and it is described once Property programmable storage region in the Hash digest that pre-saves it is inconsistent when, stop start, if calculated The Hash digest pre-saved in the first Hash digest and the storage region of the One Time Programmable out Unanimously, then basic security content intact and consistent, so that it is guaranteed that basic security content has not changed as, Improve the security that terminal device starts.
In step S203 specific implementation, when the basic security content verification by when, namely substantially When secure content is complete and consistent with original state, start to verify bootstrap.It can run described basic The second security code in secure content, the bootstrap is verified using public key algorithm.
Specifically, when program runs to checking bootstrap, second security code is run, is read The second Hash digest in bootstrap is stored in, using the public key in the basic security content to described The plaintext for obtaining second Hash digest is decrypted in the ciphertext of the second Hash digest in bootstrap, And calculate the actual Hash digest of verification portion is needed in the bootstrap.Fig. 3 is refer to, has signed and has drawn Helical pitch sequence is by digital signature, signature section and part composition of unsigning, and the signature section is bootstrap In need verification portion, the digital signature includes positional information, the length of the bootstrap signature section Information and the Hash digest with private key signature are spent, wherein length information is the length for the bootstrap that need to be verified, The actual Hash digest of the bootstrap of this length can be calculated according to length information.
When need that the actual Hash digest of verification portion obtains with decryption in the bootstrap described second The plaintext of Hash digest is identical, then verifies that bootstrap passes through.Wherein, second Hash digest is close Text is encrypted by the first private key in advance, first private key and the public key structure in the basic security content Into a group key pair.It is imperfect or inconsistent can all cause actual meter caused by the variation of any bootstrap The Hash digest calculated changes, so that the second Hash digest decrypted with public key algorithm Plaintext it is inconsistent, program then stops start, and only both consistent just represent are verified, terminal device It is just normal to start, so as to ensure that the security that terminal device starts.
In specific implementation, the public key algorithm is asymmetric key algorithm, for example, can be RSA Algorithm or elliptic curve.
In specific implementation, the basic security content can also include following one or more:The world is moved Dynamic EIC equipment identification code, production number, area code and language code.
The embodiment of the present invention starts code to jump to operation at the first security code by running, and runs institute State the first security code, verify basic security content, when the basic security content verification by when, fortune The second security code in the row basic security content, verifies bootstrap, when the bootstrap is tested When card passes through, the bootstrap is run, wherein, first security code is stored in non-volatile The storage region of One Time Programmable in first memory, the basic security content and the guiding journey Sequence is stored in non-volatile first memory, and the startup code is stored in read-only second and deposited In reservoir, so as to ensure the integrality and uniformity of basic security content and bootstrap, described first deposits Reservoir is in different chips from the second memory, and then does not support clean boot function in script The clean boot of terminal device is realized on the basis of chip.In addition, the embodiment of the present invention also passes through guiding The integrality and uniformity of program verification image file.Therefore, although the terminal in the embodiment of the present invention is set Standby chip does not have clean boot function in itself, but the technical scheme of the embodiment of the present invention passes through under foundation certainly And on trust chain, made with the code in the One Time Programmable storage region in first memory and data For the bottom of trust chain, the integrality and uniformity of clean boot code are demonstrated, and then ensures terminal The clean boot of equipment.
Further, bootstrap is verified by using public key algorithm, so as to ensure rising for software Level property.
Fig. 4 is the flow chart of the startup method of another terminal device in the embodiment of the present invention.Such as Fig. 4 The startup method of shown terminal device, may comprise steps of:
Step S401:Operation starts code and run with jumping at the first security code;
Step S402:First security code is run, basic security content is verified;
Step S403:When the basic security content verification by when, run in the basic security content The second security code, verify bootstrap;
Step S404:When the bootstrap is verified, the bootstrap is run;
Step S405:When verify the bootstrap by when, run the bootstrap, verify image File, wherein, the image file is stored in non-volatile first memory.
In above-mentioned steps, similarly, the startup code is stored in read-only second memory, described First security code is stored in the storage region of the One Time Programmable in non-volatile first memory, The basic security content and the bootstrap are stored in non-volatile first memory, institute State first memory and be in different chips from the second memory.
In specific implementation, the second memory and processor in same crystal grain or can be integrated in same On one phy chip, the first memory is coupled with outside the phy chip piece.
In specific implementation, step S401 to step S404 explanation can be to should refer to step S201 to step Rapid S203 description, will not be repeated here.
In specific implementation, during checking image file, it can equally be verified using public key algorithm, The bootstrap can be run, so that the public key in the bootstrap is in the image file The plaintext for obtaining the 3rd Hash digest is decrypted in the ciphertext of three Hash digests, and calculates the image The actual Hash digest of verification portion is needed in file, when needing the reality of verification portion in the image file Border Hash digest is identical with the plaintext for decrypting obtained the 3rd Hash digest, then verifies the image text Part passes through.Wherein, the ciphertext of the 3rd Hash digest is encrypted by the second private key in advance, and described Two private keys constitute a group key pair with the public key in the bootstrap.
Specifically, when programming jump to bootstrap, bootstrap reading and saving is signed in image file numeral Hash digest in name, using the public key decryptions preserved in bootstrap in advance by the of the second private key encryption The ciphertext of three Hash digests, the plaintext of the 3rd Hash digest after being decrypted.Bootstrap is run to read The check length preserved in image file digital signature, the reality of image file is calculated according to the check length The Hash digest of verification portion is needed, when actual Hash digest and solution that verification portion is needed in image file The plaintext of close obtained the 3rd Hash digest is identical, then verifies that the image file passes through.It is any to reflect As the variation of file can all cause the actual Hash digest actually calculated to compare the 3rd Hash digest Plaintext change, then program stop start, whereas if the actual Hash digest calculated with The plaintext for decrypting the 3rd obtained Hash digest is identical, then program performs normal boot-strap flow, so as to ensure The integrality and uniformity of image file.
The present embodiment verifies image file on the basis of bootstrap is by checking by bootstrap Integrality and uniformity.Therefore, the present embodiment realizes that checking starts by the trust chain set up from bottom to top The integrality and uniformity of code, the bottom are the code sums preserved in the OTP of the first memory According to top is system application.Though the terminal device chip in the embodiment of the present invention does not have in itself Clean boot function, but the embodiment of the present invention verifies clean boot by setting up trust chain from bottom to top The integrality and uniformity of code, and then ensure the clean boot of terminal device.
Further, bootstrap and image file are verified by using public key algorithm, so as to ensure The upgradability of software.
It is pointed out that those skilled in the art can based on the present embodiment inventive concept carry out etc. With change, the bootstrap and image file are for example distinguished, through the in the basic security content The bootstrap that two Secure code Authentications pass through, equally can use public key algorithm to verify next guiding Program, first in the first memory is verified by last bootstrap using public key algorithm Individual image file, then next image file is verified by image file above, so as to realize using trust The faith mechanism step by step of chain, a kind of safety of terminal device is provided not to be related to the chip of clean boot function The solution of startup.
Fig. 5 is a kind of structural representation of terminal device in the embodiment of the present invention.End as shown in Figure 5 End equipment 50, can include:Processor 501, non-volatile first memory 502, read-only second The storage region 504 of memory 503 and One Time Programmable.Wherein:
The processor 501, starts code suitable for operation and is run with jumping at the first security code;
Non-volatile first memory 502, with for storing first security code once The programmable storage region of property, and store basic security content and bootstrap;
The read-only second memory 503, suitable for storing the startup code;
The storage region 504 of the One Time Programmable, suitable for storing the Hash digest pre-saved.
Wherein, the processor 501 runs first security code, to verify in the basic security Hold;When verify the basic security content by when, run the second safety in the basic security content Code, to verify the bootstrap;When verify the bootstrap by when, run the guiding journey Sequence.
Refer to Fig. 5, first security code be stored in the first memory 502 it is disposable can The storage region 504 of programming, the basic security content and the bootstrap are stored in first storage In device 502, the startup code is stored in read-only second memory 503.
In specific implementation, the processor 501 can include basic security content verification unit and guiding Program verification unit.
The basic security content verification unit, suitable for running first security code, to calculate State the first Hash digest of basic security content;When first Hash digest and the Hash that pre-saves are plucked When wanting identical, verify that the basic security content passes through, wherein, the Hash digest pre-saved is deposited In the storage region 504 for the One Time Programmable being stored in the first memory.
In specific implementation, the storage region 504 of the One Time Programmable can be that micro- electric fuse etc. has The module of One Time Programmable function.
The bootstrap authentication unit, suitable for the second security code in operation basic security content, makes The bootstrap is verified with public key algorithm.
In specific implementation, the bootstrap authentication unit, suitable for the in operation basic security content Two security codes, to be breathed out using the public key in the basic security content to second in the bootstrap The plaintext for obtaining second Hash digest is decrypted in the ciphertext of uncommon summary, and calculates the bootstrap It is middle to need the actual Hash digest of verification portion;When needing the actual Kazakhstan of verification portion in the bootstrap Uncommon summary is identical with the plaintext for decrypting obtained second Hash digest, then verifies that bootstrap passes through; Wherein, the ciphertext of second Hash digest is encrypted by the first private key in advance, first private key with Public key in the basic security content constitutes a group key pair.
In specific implementation, the public key algorithm is asymmetric key algorithm, for example, can be RSA Algorithm or elliptic curve.
In specific implementation, the basic security content can also include international mobile equipment identification number, production One or more of Article Number, area code and language code.
In specific implementation, the second memory with processor is in same crystal grain or is integrated in same On phy chip, the first memory is coupled with outside the phy chip piece.
In specific implementation, the processor 501 be further adapted for when verify the bootstrap by when, fortune The row bootstrap, verifies image file;Wherein, the image file is stored in described non-volatile First memory 502 in.
In specific implementation, the processor 501 can also include image file authentication unit, suitable for fortune The row bootstrap, to be breathed out using the public key in the bootstrap to the 3rd in the image file The plaintext for obtaining the 3rd Hash digest is decrypted in the ciphertext of uncommon summary, and calculates the image file It is middle to need the actual Hash digest of verification portion;When needing the actual Kazakhstan of verification portion in the image file Uncommon summary is identical with the plaintext for decrypting obtained the 3rd Hash digest, then verifies that the image file leads to Cross;Wherein, the ciphertext of the 3rd Hash digest is encrypted by the second private key in advance, and described second is private Key constitutes a group key pair with the public key in the bootstrap.
The embodiment of the present invention starts code to jump to operation at the first security code by running, and runs institute State the first security code, verify basic security content, when the basic security content verification by when, fortune The second security code in the row basic security content, verifies bootstrap, when the bootstrap is tested When card passes through, the bootstrap is run, wherein, first security code is stored in non-volatile The storage region of One Time Programmable in first memory, the basic security content and the guiding journey Sequence is stored in non-volatile first memory, and the startup code is stored in read-only second and deposited In reservoir, the first memory is in different chips from the second memory, so as to ensure basic The integrality and uniformity of secure content and bootstrap, and then clean boot function is not supported in script The clean boot of terminal device is realized on the basis of chip.In addition, the embodiment of the present invention also passes through guiding The integrality and uniformity of program verification image file.Therefore, although the terminal in the embodiment of the present invention is set Standby chip does not have clean boot function in itself, but the technical scheme of the embodiment of the present invention passes through under foundation certainly And on trust chain, made with the code in the One Time Programmable storage region in first memory and data For the bottom of trust chain, the integrality and uniformity of clean boot code are demonstrated, and then ensures terminal The clean boot of equipment.
Further, bootstrap and image file are verified by using public key algorithm, so as to ensure The upgradability of software.
One of ordinary skill in the art will appreciate that all or part of step in the various methods of above-described embodiment Rapid to can be by program to instruct the hardware of correlation to complete, the program can be stored in can with computer Read in storage medium, storage medium can include:ROM, RAM, disk or CD etc..
Although present disclosure is as above, the present invention is not limited to this.Any those skilled in the art, Without departing from the spirit and scope of the present invention, it can make various changes or modifications, therefore the guarantor of the present invention Shield scope should be defined by claim limited range.

Claims (18)

1. a kind of startup method of terminal device, it is characterised in that including:
Operation starts code and run with jumping at the first security code;
First security code is run, basic security content is verified;
When the basic security content verification by when, run the second safe generation in the basic security content Code, verifies bootstrap;
When the bootstrap is verified, the bootstrap is run;
Wherein, first security code is stored in the One Time Programmable in non-volatile first memory Storage region, the basic security content and the bootstrap are stored in described non-volatile In one memory, the startup code is stored in the read-only second memory of piece, first storage Device is in different chips from the second memory.
2. the startup method of terminal device according to claim 1, it is characterised in that described in the operation First security code, verifies basic security content, including:
First security code is run, to calculate the first Hash digest of the basic security content;
When first Hash digest is identical with the Hash digest pre-saved, verify in the basic security Appearance passes through, wherein, the Hash digest pre-saved is stored in the first memory once In the programmable storage region of property.
3. the startup method of terminal device according to claim 1, it is characterised in that described in the operation The second security code in basic security content, verifies bootstrap, including:
The second security code in basic security content is run, the guiding journey is verified using public key algorithm Sequence.
4. the startup method of terminal device according to claim 3, it is characterised in that the operation is basic The second security code in secure content, the bootstrap is verified using public key algorithm, including:
Second security code is run, to use the public key in the basic security content to the guiding journey The plaintext for obtaining second Hash digest is decrypted in the ciphertext of the second Hash digest in sequence, and counts Calculating needs the actual Hash digest of verification portion in the bootstrap;
When second Kazakhstan for needing the actual Hash digest of verification portion to be obtained with decryption in the bootstrap The plaintext of uncommon summary is identical, then verifies that bootstrap passes through;
Wherein, the ciphertext of second Hash digest is encrypted by the first private key in advance, first private key A group key pair is constituted with the public key in the basic security content.
5. the startup method of terminal device according to claim 3, it is characterised in that the public-key cryptography Algorithm is asymmetric key algorithm.
6. the startup method of the terminal device according to claim any one of 1-5, it is characterised in that described Basic security content also includes following one or more:
International mobile equipment identification number, production number, area code and language code.
7. the startup method of terminal device according to claim 6, it is characterised in that second storage Device with processor is in same crystal grain or is integrated on same phy chip, the first memory with Coupled outside the phy chip piece.
8. the startup method of terminal device according to claim 1, it is characterised in that also include:
When verify the bootstrap by when, run the bootstrap, verify image file;
Wherein, the image file is stored in non-volatile first memory.
9. the startup method of terminal device according to claim 8, it is characterised in that described in the operation Bootstrap, verifies image file, including:
The bootstrap is run, so that the public key in the bootstrap is to the 3rd in the image file The plaintext for obtaining the 3rd Hash digest is decrypted in the ciphertext of Hash digest, and calculates the image The actual Hash digest of verification portion is needed in file;
When the 3rd Kazakhstan for needing the actual Hash digest of verification portion to be obtained with decryption in the image file The plaintext of uncommon summary is identical, then verifies that the image file passes through;
Wherein, the ciphertext of the 3rd Hash digest is encrypted by the second private key in advance, second private key A group key pair is constituted with the public key in the bootstrap.
10. a kind of terminal device, it is characterised in that including:Processor, non-volatile first memory and only The second memory of reading;
The processor, starts code suitable for operation and is run with jumping at the first security code;
Non-volatile first memory, with can for storing the disposable of the first security code The storage region of programming, and store basic security content and bootstrap;
The read-only second memory, suitable for storing the startup code;
Wherein, the first memory is in different chips, the processor fortune from the second memory Row first security code, to verify the basic security content;When in the checking basic security When appearance passes through, the second security code in the basic security content is run, to verify the guiding journey Sequence;When verify the bootstrap by when, run the bootstrap.
11. terminal device according to claim 10, it is characterised in that the processor is suitable to:
First security code is run, to calculate the first Hash digest of the basic security content;
When first Hash digest is identical with the Hash digest pre-saved, verify in the basic security Appearance passes through, wherein, the Hash digest pre-saved is stored in the first memory once In the programmable storage region of property.
12. terminal device according to claim 10, it is characterised in that it is basic that the processor is suitable to operation The second security code in secure content, the bootstrap is verified using public key algorithm.
13. terminal device according to claim 12, it is characterised in that the processor is suitable to:
The second security code in basic security content is run, to use the public key in the basic security content The ciphertext of the second Hash digest in the bootstrap is decrypted and obtains second Hash digest Plaintext, and calculate the actual Hash digest of verification portion needed in the bootstrap;
When second Kazakhstan for needing the actual Hash digest of verification portion to be obtained with decryption in the bootstrap The plaintext of uncommon summary is identical, then verifies that bootstrap passes through;
Wherein, the ciphertext of second Hash digest is encrypted by the first private key in advance, first private key A group key pair is constituted with the public key in the basic security content.
14. terminal device according to claim 12, it is characterised in that the public key algorithm is non-right Claim key algorithm.
15. the terminal device according to claim any one of 10-14, it is characterised in that the basic security Content also includes following one or more:
International mobile equipment identification number, production number, area code and language code.
16. terminal device according to claim 15, it is characterised in that the second memory and processor In same crystal grain or it is integrated on same phy chip, the first memory and the physics core Coupled outside piece piece.
17. terminal device according to claim 16, it is characterised in that the processor is further adapted for:
When verify the bootstrap by when, run the bootstrap, verify image file, wherein, The image file is stored in non-volatile first memory.
18. terminal device according to claim 17, it is characterised in that the processor is further adapted for:
Run the bootstrap, with using the public key in the bootstrap to the in the image file The plaintext for obtaining the 3rd Hash digest is decrypted in the ciphertext of three Hash digests, and is reflected described in calculating Actual Hash digest as needing verification portion in file;
When the 3rd Kazakhstan for needing the actual Hash digest of verification portion to be obtained with decryption in the image file The plaintext of uncommon summary is identical, then verifies that the image file passes through;
Wherein, the ciphertext of the 3rd Hash digest is encrypted by the second private key in advance, second private key A group key pair is constituted with the public key in the bootstrap.
CN201610159979.6A 2016-03-21 2016-03-21 Terminal equipment and starting method thereof Active CN107220547B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610159979.6A CN107220547B (en) 2016-03-21 2016-03-21 Terminal equipment and starting method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610159979.6A CN107220547B (en) 2016-03-21 2016-03-21 Terminal equipment and starting method thereof

Publications (2)

Publication Number Publication Date
CN107220547A true CN107220547A (en) 2017-09-29
CN107220547B CN107220547B (en) 2020-07-03

Family

ID=59927177

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610159979.6A Active CN107220547B (en) 2016-03-21 2016-03-21 Terminal equipment and starting method thereof

Country Status (1)

Country Link
CN (1) CN107220547B (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108241798A (en) * 2017-12-22 2018-07-03 北京车和家信息技术有限公司 Prevent the method, apparatus and system of brush machine
CN109542518A (en) * 2018-10-09 2019-03-29 华为技术有限公司 The method of chip and bootrom
CN109948327A (en) * 2017-12-20 2019-06-28 北京可信华泰信息技术有限公司 A kind of abnormality check method and terminal
CN110363010A (en) * 2019-07-17 2019-10-22 中国大恒(集团)有限公司北京图像视觉技术分公司 A kind of safety startup of system method based on MPSoC chip
CN111970122A (en) * 2020-08-06 2020-11-20 中国联合网络通信集团有限公司 Official APP identification method, mobile terminal and application server
CN112347481A (en) * 2019-08-06 2021-02-09 华为技术有限公司 Safe starting method, controller and control system
CN113254295A (en) * 2020-02-11 2021-08-13 瑞昱半导体股份有限公司 Verification method and system
CN114385248A (en) * 2020-10-22 2022-04-22 四零四科技股份有限公司 Computing system and device for processing trust chain
CN116775145A (en) * 2023-05-04 2023-09-19 合芯科技(苏州)有限公司 Method, device, equipment and storage medium for starting and recovering server

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101222590A (en) * 2008-01-28 2008-07-16 四川金网通电子科技有限公司 Method for controlling received information safety of digital television terminal
CN102902556A (en) * 2012-09-06 2013-01-30 深圳市共进电子股份有限公司 Multistage boot load method of embedded equipment
CN103049694A (en) * 2013-01-14 2013-04-17 上海慧银信息科技有限公司 Core safety architecture implementation method of intelligent financial transaction terminal
CN103502932A (en) * 2011-04-29 2014-01-08 惠普发展公司,有限责任合伙企业 Embedded controller to verify CRTM
CN103914658A (en) * 2013-01-05 2014-07-09 展讯通信(上海)有限公司 Safe starting method of terminal equipment, and terminal equipment
CN104200153A (en) * 2014-09-12 2014-12-10 北京赛科世纪数码科技有限公司 Start verification method and system
CN104221027A (en) * 2012-03-22 2014-12-17 凯为公司 Hardware and software association and authentication

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101222590A (en) * 2008-01-28 2008-07-16 四川金网通电子科技有限公司 Method for controlling received information safety of digital television terminal
CN103502932A (en) * 2011-04-29 2014-01-08 惠普发展公司,有限责任合伙企业 Embedded controller to verify CRTM
CN104221027A (en) * 2012-03-22 2014-12-17 凯为公司 Hardware and software association and authentication
CN102902556A (en) * 2012-09-06 2013-01-30 深圳市共进电子股份有限公司 Multistage boot load method of embedded equipment
CN103914658A (en) * 2013-01-05 2014-07-09 展讯通信(上海)有限公司 Safe starting method of terminal equipment, and terminal equipment
CN103049694A (en) * 2013-01-14 2013-04-17 上海慧银信息科技有限公司 Core safety architecture implementation method of intelligent financial transaction terminal
CN104200153A (en) * 2014-09-12 2014-12-10 北京赛科世纪数码科技有限公司 Start verification method and system

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109948327A (en) * 2017-12-20 2019-06-28 北京可信华泰信息技术有限公司 A kind of abnormality check method and terminal
CN108241798A (en) * 2017-12-22 2018-07-03 北京车和家信息技术有限公司 Prevent the method, apparatus and system of brush machine
CN109542518A (en) * 2018-10-09 2019-03-29 华为技术有限公司 The method of chip and bootrom
CN109542518B (en) * 2018-10-09 2020-12-22 华为技术有限公司 Chip and method for starting chip
CN110363010A (en) * 2019-07-17 2019-10-22 中国大恒(集团)有限公司北京图像视觉技术分公司 A kind of safety startup of system method based on MPSoC chip
CN110363010B (en) * 2019-07-17 2021-11-16 中国大恒(集团)有限公司北京图像视觉技术分公司 System safety starting method based on MPSoC chip
CN112347481A (en) * 2019-08-06 2021-02-09 华为技术有限公司 Safe starting method, controller and control system
WO2021022802A1 (en) * 2019-08-06 2021-02-11 华为技术有限公司 Secure startup method, controller, and control system
CN112347481B (en) * 2019-08-06 2024-04-23 华为技术有限公司 Safe starting method, controller and control system
CN113254295B (en) * 2020-02-11 2022-09-13 瑞昱半导体股份有限公司 Verification method and system
CN113254295A (en) * 2020-02-11 2021-08-13 瑞昱半导体股份有限公司 Verification method and system
CN111970122A (en) * 2020-08-06 2020-11-20 中国联合网络通信集团有限公司 Official APP identification method, mobile terminal and application server
CN111970122B (en) * 2020-08-06 2023-01-10 中国联合网络通信集团有限公司 Official APP identification method, mobile terminal and application server
CN114385248A (en) * 2020-10-22 2022-04-22 四零四科技股份有限公司 Computing system and device for processing trust chain
CN114385248B (en) * 2020-10-22 2024-04-23 四零四科技股份有限公司 Computing system and device for processing trust chain
CN116775145A (en) * 2023-05-04 2023-09-19 合芯科技(苏州)有限公司 Method, device, equipment and storage medium for starting and recovering server

Also Published As

Publication number Publication date
CN107220547B (en) 2020-07-03

Similar Documents

Publication Publication Date Title
CN107220547A (en) Terminal device and its startup method
KR101393307B1 (en) Secure boot method and semiconductor memory system for using the method
US8572410B1 (en) Virtualized protected storage
CN103914658B (en) Safe starting method of terminal equipment, and terminal equipment
CN103164666B (en) The method for protecting the storage arrangement and certification storage arrangement of secure data
CN103718185B (en) Authenticate device, certified device and authentication method
US7975151B2 (en) Decryption key table access control on ASIC or ASSP
US20150381729A1 (en) Data Storage Verification in Distributed Storage System
US11070380B2 (en) Authentication apparatus based on public key cryptosystem, mobile device having the same and authentication method
US20190221139A1 (en) Cryptographic device and memory based puf
US10339318B2 (en) Semiconductor memory system and operating method thereof
KR20090080115A (en) Method and system for encryption of information stored in an external nonvolatile memory
TWI738097B (en) Memory devices with cryptographic components
JP2010510574A (en) Protection and method of flash memory block in secure device system
TWI443517B (en) Memory stroage apparatus, memory controller and password verification method
US12061702B2 (en) Identity and root keys derivation scheme for embedded devices
US20060289658A1 (en) Processor circuit and method of allocating a logic chip to a memory chip
JP2013005293A (en) Authentication component, authentication target component, and authentication method for the same
WO2017181968A1 (en) Method for processing application file, method and device for accessing application file, and storage medium
CN108171041A (en) For the method and apparatus for carrying out authentication to the application program for accessing memory
CN102224508B (en) Method of storing data in a memory device and a processing device for processing such data
WO2019210471A1 (en) Data invoking method and data invoking apparatus
CN103338107A (en) A secret key generation method and a secret key generation apparatus
CN115062330B (en) TPM-based intelligent password key password application interface implementation method
KR20210132211A (en) Blockchain-based verification of memory commands

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant