CN107220547B - Terminal equipment and starting method thereof - Google Patents
Terminal equipment and starting method thereof Download PDFInfo
- Publication number
- CN107220547B CN107220547B CN201610159979.6A CN201610159979A CN107220547B CN 107220547 B CN107220547 B CN 107220547B CN 201610159979 A CN201610159979 A CN 201610159979A CN 107220547 B CN107220547 B CN 107220547B
- Authority
- CN
- China
- Prior art keywords
- memory
- hash digest
- code
- bootstrap program
- content
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
Abstract
A terminal device and a starting method thereof are provided, the method comprises the following steps: running the starting code to jump to the first safety code to run; running the first security code to verify basic security content; when the basic security content passes the verification, operating a second security code in the basic security content to verify a bootstrap program; when the bootstrap program passes the verification, the bootstrap program is operated; wherein the first security code is stored in a one-time programmable memory area in a non-volatile first memory, the basic security content and the boot program are stored in the non-volatile first memory, the boot code is stored in a read-only second memory, and the first memory and the second memory are on different die. According to the scheme, the chip which does not relate to the safety starting function can be used for realizing the safety starting of the terminal equipment.
Description
Technical Field
The invention relates to the field of intelligent terminals, in particular to a terminal device and a starting method thereof.
Background
With the development of the intelligent degree of the mobile terminal, the operating system of the intelligent terminal can provide running environments of various application software, and the popularization of the intelligent terminal and the prosperity of mobile internet application enable more and more users to process various security sensitive services by means of the intelligent terminal, so that the mobile terminal faces various security threats.
All the intrusions in the field of the intelligent terminal need to change system contents, almost all the intrusions need to change key system files, so that the integrity and consistency verification of the system is very necessary, and the integrity and consistency verification of the system is carried out when the intelligent terminal is started, so that the safe starting of the intelligent terminal is ensured. Referring to the typical structure of the intelligent terminal chip shown in fig. 1, the chip mainly includes a processor responsible for control and operation functions, a Read Only Memory (ROM) in a matching chip, a Random Access Memory (RAM), a Joint Test Action Group (JTAG) interface and a general purpose Input/output (GPIO) interface established by a Joint Test task Group, and other functional modules. Due to the limitation of the capacity of the on-chip Memory, the main programs of the intelligent terminal are all placed in an external nonvolatile Memory (NVM). The external RAM is the normal starting process of the main system during the running of the chip and comprises the following steps:
1. starting from an on-chip ROM;
2. moving the boot program from the NVM to an internal RAM of the processor;
3. operating a bootstrap program, initializing an external RAM, and copying codes from the NVM to the external RAM;
4. and the program pointer points to the external RAM and starts to execute the program in the external RAM.
The codes are not checked in the process, can be changed and cracked at will, and cannot guarantee the safety of the intelligent terminal, for example, the network locking and card locking are easy to crack. However, some chips support secure boot, but some chips do not add a module related to secure boot, and for chips which do not relate to the secure boot function, the security of the terminal device is poor during boot.
Disclosure of Invention
The invention solves the technical problem of providing a terminal device and a starting method thereof, which realize the safe starting of the terminal device on the basis of a chip which does not relate to the safe starting function originally and ensure the safety of the starting process of the terminal device using the chip.
To solve the foregoing technical problem, an embodiment of the present invention provides a method for starting a terminal device, including:
running the starting code to jump to the first safety code to run;
running the first security code to verify basic security content;
when the basic security content passes the verification, operating a second security code in the basic security content to verify a bootstrap program;
when the bootstrap program passes the verification, the bootstrap program is operated;
wherein the first security code is stored in a one-time programmable memory area in a non-volatile first memory, the basic security content and the boot program are stored in the non-volatile first memory, the boot code is stored in a read-only second memory, and the first memory and the second memory are on different die.
Optionally, the running the first security code to verify basic security content includes:
running the first security code to compute a first hash digest of the primary secure content;
verifying that the basic secure content passes when the first hash digest is the same as a pre-saved hash digest stored in a one-time programmable storage area in the first memory.
Optionally, the running of the second security code in the basic security content and the verification of the bootstrap program include:
running a second security code in the basic security content, and authenticating the bootstrap program by using a public key algorithm.
Optionally, the running second security code in the basic security content, the verifying the bootstrap program using a public key algorithm, includes:
running the second security code to decrypt the ciphertext of the second hash digest in the bootstrap program by using the public key in the basic security content to obtain the plaintext of the second hash digest, and calculating the actual hash digest of the part needing to be verified in the bootstrap program;
when the actual hash digest of the part needing to be verified in the bootstrap program is the same as the plaintext of the second hash digest obtained by decryption, the bootstrap program is verified to pass;
and the ciphertext of the second hash digest is encrypted by a first private key in advance, and the first private key and a public key in the basic secure content form a group of key pairs.
Optionally, the public key algorithm is an asymmetric key algorithm.
Optionally, the basic secure content further comprises one or more of:
an international mobile equipment identity, a product number, a region code and a language code.
Optionally, the second memory is on the same die or integrated on the same physical chip as the processor, and the first memory is coupled off-chip to the physical chip.
Optionally, the starting method of the terminal device further includes:
when the boot program is verified to pass, operating the boot program, and verifying the image file;
wherein the image file is stored in the non-volatile first memory.
Optionally, the running the boot program and verifying the image file includes:
operating the bootstrap program to enable a public key in the bootstrap program to decrypt a ciphertext of a third hash digest in the image file to obtain a plaintext of the third hash digest, and calculating an actual hash digest of a part needing to be verified in the image file;
when the actual hash digest of the part needing to be verified in the mapping file is the same as the plaintext of the third hash digest obtained by decryption, verifying that the mapping file passes;
and the ciphertext of the third hash digest is encrypted by a second private key in advance, and the second private key and the public key in the bootstrap program form a group of key pairs.
An embodiment of the present invention further provides a terminal device, where the terminal device includes: a processor, a non-volatile first memory and a read-only second memory;
the processor is suitable for running the starting code to jump to the first safety code to run;
the non-volatile first memory is provided with a one-time programmable storage area used for storing the first security code and storing basic security content and a bootstrap program;
said read-only second memory adapted to store said boot code;
wherein the processor executes the first security code to verify the primary secure content; when the basic security content is verified to pass, running a second security code in the basic security content to verify the bootstrap program; and when the boot program is verified to pass, running the boot program.
Optionally, the processor is adapted to:
running the first security code to compute a first hash digest of the primary secure content;
verifying that the basic secure content passes when the first hash digest is the same as a pre-saved hash digest stored in a one-time programmable storage area in the first memory.
Optionally, the processor is adapted to run second secure code in the primary secure content, the bootstrap program being authenticated using a public key algorithm.
Optionally, the processor is adapted to:
operating a second security code in the basic security content to decrypt the ciphertext of the second hash digest in the bootstrap program by using the public key in the basic security content to obtain the plaintext of the second hash digest, and calculating the actual hash digest of the part needing to be verified in the bootstrap program;
when the actual hash digest of the part needing to be verified in the bootstrap program is the same as the plaintext of the second hash digest obtained by decryption, the bootstrap program is verified to pass;
and the ciphertext of the second hash digest is encrypted by a first private key in advance, and the first private key and a public key in the basic secure content form a group of key pairs.
Optionally, the public key algorithm is an asymmetric key algorithm.
Optionally, the basic secure content further comprises one or more of:
an international mobile equipment identity, a product number, a region code and a language code.
Optionally, the second memory is on the same die or integrated on the same physical chip as the processor, and the first memory is coupled off-chip to the physical chip.
Optionally, the processor is further adapted to:
and when the boot program passes the verification, running the boot program and verifying an image file, wherein the image file is stored in the nonvolatile first memory.
Optionally, the processor is further adapted to:
the bootstrap program is operated to decrypt the ciphertext of the third hash abstract in the image file by using the public key in the bootstrap program to obtain the plaintext of the third hash abstract, and the actual hash abstract of the part needing to be verified in the image file is calculated;
when the actual hash digest of the part needing to be verified in the mapping file is the same as the plaintext of the third hash digest obtained by decryption, verifying that the mapping file passes;
and the ciphertext of the third hash digest is encrypted by a second private key in advance, and the second private key and the public key in the bootstrap program form a group of key pairs.
Compared with the prior art, the technical scheme of the embodiment of the invention has the following beneficial effects:
the embodiment of the invention skips to the first safety code to run by running the starting code, runs the first safety code, verifies the basic safety content, running a second security code in the primary secure content when the primary secure content is verified, verifying a bootstrap program, running the bootstrap program when the bootstrap program is verified, wherein the first security code is stored in a one-time programmable storage area in a non-volatile first memory, the basic secure content and the boot program are stored in the non-volatile first memory, the boot code is stored in a read-only second memory, the first memory being on a different die than the second memory, thereby ensuring basic security content and boot program integrity and consistency, and then the safe starting of the terminal equipment is realized on the basis of the chip which does not support the safe starting function originally.
In addition, the embodiment of the invention also verifies the integrity and consistency of the image file through the bootstrap program. Therefore, although the terminal device chip in the embodiment of the present invention does not have a secure boot function, the technical solution in the embodiment of the present invention verifies the integrity and consistency of the secure boot code by establishing a bottom-up chain of trust and using the code and data in the one-time programmable storage area in the first memory as the bottom layer of the chain of trust, thereby ensuring the secure boot of the terminal device.
Further, the boot program and the image file are verified by adopting a public key algorithm, so that the upgradeability of the software is ensured.
Drawings
FIG. 1 is a diagram illustrating a typical terminal device chip in the prior art;
fig. 2 is a flowchart of a method for starting a terminal device according to an embodiment of the present invention;
FIG. 3 is a block diagram of a signed bootstrap program in an embodiment of the present invention;
fig. 4 is a flowchart of a startup method of another terminal device in the embodiment of the present invention;
fig. 5 is a schematic structural diagram of a terminal device in an embodiment of the present invention.
Detailed Description
As background art, all intrusions into the field of intelligent terminals need to change system contents, and almost all intrusions need to change critical system files, so that it is very necessary to verify the integrity and consistency of the system, and the verification of the integrity and consistency of the system is performed when the intelligent terminal is started, thereby ensuring the safe start of the intelligent terminal. At present, some chips support secure boot, but some chips do not add a module related to secure boot, and cannot add a module related to secure boot due to limitations in various aspects such as storage resources, for example, cannot integrate basic secure content or similar content related to secure boot. For chips which do not relate to the secure boot function, the security of the terminal device boot cannot be ensured.
The embodiment of the invention skips to the first safety code to run by running the starting code, runs the first safety code, verifies the basic safety content, running a second security code in the primary secure content when the primary secure content is verified, verifying a bootstrap program, running the bootstrap program when the bootstrap program is verified, wherein the first security code is stored in a one-time programmable storage area in a non-volatile first memory, the basic secure content and the boot program are stored in the non-volatile first memory, the boot code is stored in a read-only second memory, the first memory being on a different die than the second memory, thereby ensuring basic security content and boot program integrity and consistency, and then the safe starting of the terminal equipment is realized on the basis of the chip which does not support the safe starting function originally.
In addition, the embodiment of the invention also verifies the integrity and consistency of the image file through the bootstrap program. Therefore, although the terminal device chip in the embodiment of the present invention does not have a secure boot function, the technical solution in the embodiment of the present invention verifies the integrity and consistency of the secure boot code by establishing a bottom-up chain of trust and using the code and data in the one-time programmable storage area in the first memory as the bottom layer of the chain of trust, thereby ensuring the secure boot of the terminal device.
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in detail below.
Fig. 2 is a flowchart of a method for starting a terminal device in an embodiment of the present invention. The method for starting the terminal device shown in fig. 2 may include the following steps:
step S201: running the starting code to jump to the first safety code to run;
step S202: running the first security code to verify basic security content;
step S203: when the basic security content passes the verification, operating a second security code in the basic security content to verify a bootstrap program;
step S204: and when the bootstrap program passes the verification, the bootstrap program is operated.
Wherein the first security code is stored in a one-time programmable memory area in a non-volatile first memory, the basic security content and the boot program are stored in the non-volatile first memory, the boot code is stored in a read-only second memory, and the first memory and the second memory are on different die (die).
In a specific implementation, the second memory is on the same die or integrated on the same physical chip as the processor, the second memory is of a read-only type, and the first memory and the second memory are on different dies.
In the specific implementation of step S201, the function of the boot code is the same as that of the conventional boot code, and does not involve a secure boot function. After the chip is powered on, the system starts to execute the boot code from the read-only second memory and then automatically jumps to the first safety code to run.
In a specific implementation of step S202, the Basic Secure Content (BSC) consists of user data that contains the user public key and any information that the user wants to add that is not upgradeable, and the BSC is stored in a non-volatile first memory, which may be a FLASH memory (FLASH) and an Embedded multimedia Card (EMMC).
The first security code is stored in a One-Time-Programmable Memory (OTP) located in the first Memory, and the integrity of the basic security content can be verified by running the first security code. Specifically, by running the first security code, a first hash digest of the basic security content can be calculated, and when the actually calculated first hash digest is the same as a pre-stored hash digest, the BSC verifies that the first hash digest is the same. Wherein the pre-saved hash digest is stored in the OTP of the first memory.
The one-time programmable storage area can be a module with one-time programmable function, such as a micro fuse. The one-time programmable storage area can not be modified once being programmed, the one-time programmable storage area can also store a Unique chip Identifier (UID) of the terminal equipment, the UID of the chip is a Unique but unrepeated number of a product, and the UID is written in before the product leaves a factory and is read only by a user, so that the UID is not modified. In a specific implementation, the pre-stored hash digest in the one-time programmable storage area may occupy 256 bits, and the UID may occupy 128 bits.
The pre-stored hash digest can be determined only after the basic secure content is determined, the basic secure content has information such as international mobile equipment identification codes, and each terminal is different, so that the requirement of customizing according to equipment can be met by storing the pre-stored hash digest by using the OTP.
In specific implementation, any change of basic security content can cause a first hash digest actually calculated after the terminal device is started to change, when the first hash digest actually calculated is not consistent with a hash digest pre-stored in the one-time programmable storage area, the terminal device is stopped to be started, and if the first hash digest calculated is consistent with the hash digest pre-stored in the one-time programmable storage area, the basic security content is complete and consistent, so that the basic security content is ensured not to be changed, and the security of starting the terminal device is improved.
In the implementation of step S203, when the basic secure content is verified, that is, the basic secure content is complete and consistent with the initial state, the verification boot process is started. A second security code in the primary secure content may be run to authenticate the bootstrap program using a public key algorithm.
Specifically, when a program runs to a verification bootstrap program, the second secure code is run, the second hash digest stored in the bootstrap program is read, the public key in the basic secure content is used for decrypting the ciphertext of the second hash digest in the bootstrap program to obtain the plaintext of the second hash digest, and the actual hash digest of the part needing to be verified in the bootstrap program is calculated. Referring to fig. 3, the signed bootstrap consists of a digital signature, a signature part and an unsigned part, the signature part is a part needing verification in the bootstrap, the digital signature comprises position information, length information and a hash digest signed by a private key of the signature part of the bootstrap, wherein the length information is the length of the bootstrap needing verification, and the actual hash digest of the bootstrap of the length can be calculated according to the length information.
And when the actual hash digest of the part needing to be verified in the bootstrap program is the same as the plaintext of the second hash digest obtained by decryption, the bootstrap program is verified to pass. And the ciphertext of the second hash digest is encrypted by a first private key in advance, and the first private key and a public key in the basic secure content form a group of key pairs. The incomplete or inconsistent result caused by the change of any bootstrap program can cause the actually calculated hash digest to change, so that the hash digest is inconsistent with the plaintext of the second hash digest decrypted by the public key algorithm, the program stops starting, the verification is passed only if the two are consistent, the terminal equipment is normally started, and the starting safety of the terminal equipment is ensured.
In a specific implementation, the public key algorithm is an asymmetric key algorithm, such as an RSA algorithm, and may also be an elliptic curve algorithm.
In particular implementations, the primary secure content may also include one or more of: an international mobile equipment identity, a product number, a region code and a language code.
The embodiment of the invention skips to the first safety code to run by running the starting code, runs the first safety code, verifies the basic safety content, running a second security code in the primary secure content when the primary secure content is verified, verifying a bootstrap program, running the bootstrap program when the bootstrap program is verified, wherein the first security code is stored in a one-time programmable storage area in a non-volatile first memory, the basic security content and the boot program are stored in the non-volatile first memory, the boot code is stored in a read-only second memory, thereby ensuring the integrity and consistency of basic security content and boot program, the first memory being on a different die than the second memory, and then the safe starting of the terminal equipment is realized on the basis of the chip which does not support the safe starting function originally. In addition, the embodiment of the invention also verifies the integrity and consistency of the image file through the bootstrap program. Therefore, although the terminal device chip in the embodiment of the present invention does not have a secure boot function, the technical solution in the embodiment of the present invention verifies the integrity and consistency of the secure boot code by establishing a bottom-up chain of trust and using the code and data in the one-time programmable storage area in the first memory as the bottom layer of the chain of trust, thereby ensuring the secure boot of the terminal device.
Further, the boot program is verified by adopting a public key algorithm, so that the software upgradeability is ensured.
Fig. 4 is a flowchart of another method for starting a terminal device in the embodiment of the present invention. The starting method of the terminal device shown in fig. 4 may include the following steps:
step S401: running the starting code to jump to the first safety code to run;
step S402: running the first security code to verify basic security content;
step S403: when the basic security content passes the verification, operating a second security code in the basic security content to verify a bootstrap program;
step S404: when the bootstrap program passes the verification, the bootstrap program is operated;
step S405: and when the boot program passes the verification, running the boot program and verifying an image file, wherein the image file is stored in the nonvolatile first memory.
In the above step, the boot code is also stored in a second read-only memory, the first security code is stored in a one-time programmable memory area in a first non-volatile memory, the basic security content and the boot program are stored in the first non-volatile memory, and the first memory and the second memory are on different dies.
In a specific implementation, the second memory and the processor may be on the same die or integrated on the same physical chip, and the first memory is coupled off-chip to the physical chip.
In a specific implementation, the descriptions of step S401 to step S404 may refer to the descriptions of step S201 to step S203, which are not repeated herein.
In a specific implementation, when an image file is verified, a public key algorithm may also be used for verification, the bootstrap program may be run, so that a public key in the bootstrap program decrypts a ciphertext of a third hash digest in the image file to obtain a plaintext of the third hash digest, and an actual hash digest of a portion of the image file that needs to be verified is calculated, and when the actual hash digest of the portion of the image file that needs to be verified is the same as the plaintext of the third hash digest obtained by decryption, the image file is verified to pass through. And the ciphertext of the third hash digest is encrypted by a second private key in advance, and the second private key and the public key in the bootstrap program form a group of key pairs.
Specifically, when the program jumps to the bootstrap program, the bootstrap program reads the hash digest stored in the digital signature of the image file, and decrypts the ciphertext of the third hash digest, which is encrypted by the second private key in advance, using the public key stored in the bootstrap program to obtain the plaintext of the decrypted third hash digest. And operating a bootstrap program to read the check length stored in the digital signature of the image file, calculating the hash abstract of the part of the image file which actually needs to be verified according to the check length, and verifying that the image file passes when the actual hash abstract of the part of the image file which needs to be verified is the same as the plaintext of the third hash abstract obtained by decryption. And if the calculated actual hash digest is the same as the plaintext of the decrypted third hash digest, executing a normal starting process by the program, thereby ensuring the integrity and consistency of the image file.
The embodiment verifies the integrity and consistency of the image file through the bootstrap program on the basis that the bootstrap program passes the verification. Therefore, the present embodiment implements verification of the integrity and consistency of the boot code by establishing a bottom-up chain of trust, the lowest layer being the code and data stored in the OTP of the first memory, and the highest layer being the system application. Although the terminal device chip in the embodiment of the invention does not have the safe starting function, the embodiment of the invention verifies the integrity and consistency of the safe starting code by establishing a bottom-up trust chain, thereby ensuring the safe starting of the terminal device.
Further, the boot program and the image file are verified by adopting a public key algorithm, so that the upgradeability of the software is ensured.
It should be noted that, those skilled in the art may make equivalent changes based on the inventive concept of this embodiment, for example, distinguish the boot program and the image file, verify the boot program passing through the second security code in the basic security content, also verify the next boot program by using a public key algorithm, verify the first image file in the first memory by using a public key algorithm by the last boot program, and then verify the next image file by using the previous image file, thereby implementing a step-by-step trust mechanism using a trust chain, and providing a solution for secure booting of a terminal device for a chip that does not involve a secure booting function.
Fig. 5 is a schematic structural diagram of a terminal device in an embodiment of the present invention. The terminal device 50 shown in fig. 5 may include: a processor 501, a non-volatile first memory 502, a read-only second memory 503, and a one-time programmable memory area 504. Wherein:
the processor 501 is adapted to run a boot code to jump to a first security code to run;
the non-volatile first memory 502 having a one-time programmable storage area for storing the first security code, and storing basic security contents and a boot program;
said second read-only memory 503 adapted to store said boot code;
the one-time programmable storage area 504 is adapted to store pre-saved hash digests.
Wherein the processor 501 runs the first security code to verify the basic secure content; when the basic security content is verified to pass, running a second security code in the basic security content to verify the bootstrap program; and when the boot program is verified to pass, running the boot program.
Referring to fig. 5, the first security code is stored in a one-time programmable memory area 504 in the first memory 502, the basic security content and the boot program are stored in the first memory 502, and the boot code is stored in a read-only second memory 503.
In a specific implementation, the processor 501 may include a basic secure content authentication unit and a bootstrap authentication unit.
The basic secure content verification unit is suitable for running the first secure code to calculate a first hash digest of the basic secure content; verifying that the basic secure content passes when the first hash digest is the same as a pre-saved hash digest stored in a one-time programmable storage area 504 in the first memory.
In a specific implementation, the otp memory area 504 can be a module with otp function, such as a micro fuse.
The bootstrap program verifying unit is suitable for running a second security code in the basic security content and verifying the bootstrap program by using a public key algorithm.
In a specific implementation, the bootstrap program verification unit is adapted to run a second secure code in the basic secure content, so as to decrypt the ciphertext of the second hash digest in the bootstrap program by using the public key in the basic secure content to obtain the plaintext of the second hash digest, and calculate the actual hash digest of the part needing to be verified in the bootstrap program; when the actual hash digest of the part needing to be verified in the bootstrap program is the same as the plaintext of the second hash digest obtained by decryption, the bootstrap program is verified to pass; and the ciphertext of the second hash digest is encrypted by a first private key in advance, and the first private key and a public key in the basic secure content form a group of key pairs.
In a specific implementation, the public key algorithm is an asymmetric key algorithm, such as an RSA algorithm, and may also be an elliptic curve algorithm.
In implementations, the primary secure content may also include one or more of an international mobile equipment identity, a product number, an area code, and a language code.
In a specific implementation, the second memory is on the same die or integrated on the same physical chip as the processor, and the first memory is coupled off-chip to the physical chip.
In a specific implementation, the processor 501 is further adapted to run the boot program and verify an image file when verifying that the boot program passes; wherein the image file is stored in the non-volatile first memory 502.
In a specific implementation, the processor 501 may further include an image file verification unit, adapted to run the bootstrap program, so as to decrypt, using a public key in the bootstrap program, a ciphertext of a third hash digest in the image file to obtain a plaintext of the third hash digest, and calculate an actual hash digest of a portion of the image file that needs to be verified; when the actual hash digest of the part needing to be verified in the mapping file is the same as the plaintext of the third hash digest obtained by decryption, verifying that the mapping file passes; and the ciphertext of the third hash digest is encrypted by a second private key in advance, and the second private key and the public key in the bootstrap program form a group of key pairs.
The embodiment of the invention skips to the first safety code to run by running the starting code, runs the first safety code, verifies the basic safety content, running a second security code in the primary secure content when the primary secure content is verified, verifying a bootstrap program, running the bootstrap program when the bootstrap program is verified, wherein the first security code is stored in a one-time programmable storage area in a non-volatile first memory, the basic secure content and the boot program are stored in the non-volatile first memory, the boot code is stored in a read-only second memory, the first memory being on a different die than the second memory, thereby ensuring basic security content and boot program integrity and consistency, and then the safe starting of the terminal equipment is realized on the basis of the chip which does not support the safe starting function originally. In addition, the embodiment of the invention also verifies the integrity and consistency of the image file through the bootstrap program. Therefore, although the terminal device chip in the embodiment of the present invention does not have a secure boot function, the technical solution in the embodiment of the present invention verifies the integrity and consistency of the secure boot code by establishing a bottom-up chain of trust and using the code and data in the one-time programmable storage area in the first memory as the bottom layer of the chain of trust, thereby ensuring the secure boot of the terminal device.
Further, the boot program and the image file are verified by adopting a public key algorithm, so that the upgradeability of the software is ensured.
Those skilled in the art will appreciate that all or part of the steps in the methods of the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer-readable storage medium, and the storage medium may include: ROM, RAM, magnetic or optical disks, and the like.
Although the present invention is disclosed above, the present invention is not limited thereto. Various changes and modifications may be effected therein by one skilled in the art without departing from the spirit and scope of the invention as defined in the appended claims.
Claims (18)
1. A starting method of terminal equipment is characterized in that the method is suitable for using a chip which does not have a safe starting function in the terminal equipment to safely start the terminal equipment; the method comprises the following steps: running the starting code to jump to the first safety code to run;
running the first security code to verify basic security content;
when the basic security content passes the verification, operating a second security code in the basic security content to verify a bootstrap program;
when the bootstrap program passes the verification, the bootstrap program is operated;
wherein the first security code is stored in a one-time programmable memory area in a non-volatile first memory, the basic security content and the boot program are stored in the non-volatile first memory, the boot code is stored in a second chip read-only memory, and the first memory and the second memory are on different die; the second memory is integrated in the chip without a safety starting function; the hash digest for verifying the basic secure content is pre-saved in a one-time programmable storage area in the first memory.
2. The method for starting the terminal device according to claim 1, wherein the running the first security code to verify the basic security content comprises:
running the first security code to compute a first hash digest of the primary secure content;
and when the first hash digest is the same as the pre-stored hash digest, verifying that the basic security content passes.
3. The method for starting the terminal device according to claim 1, wherein the running the second security code in the basic security content to verify the bootstrap program comprises:
running a second security code in the basic security content, and authenticating the bootstrap program by using a public key algorithm.
4. The method for starting the terminal device according to claim 3, wherein the running of the second security code in the basic security content, the verification of the bootstrap program using a public key algorithm, comprises:
running the second security code to decrypt the ciphertext of the second hash digest in the bootstrap program by using the public key in the basic security content to obtain the plaintext of the second hash digest, and calculating the actual hash digest of the part needing to be verified in the bootstrap program;
when the actual hash digest of the part needing to be verified in the bootstrap program is the same as the plaintext of the second hash digest obtained by decryption, the bootstrap program is verified to pass;
and the ciphertext of the second hash digest is encrypted by a first private key in advance, and the first private key and a public key in the basic secure content form a group of key pairs.
5. A method for starting a terminal device according to claim 3, wherein said public key algorithm is an asymmetric key algorithm.
6. A method for starting a terminal device according to any of claims 1-5, characterized in that said basic secure content further comprises one or more of the following:
an international mobile equipment identity, a product number, a region code and a language code.
7. The method of claim 6, wherein the second memory is on a same die or integrated on a same physical chip as the processor, and the first memory is off-chip coupled to the physical chip.
8. The method for starting the terminal device according to claim 1, further comprising:
when the boot program is verified to pass, operating the boot program, and verifying the image file;
wherein the image file is stored in the non-volatile first memory.
9. The method according to claim 8, wherein said running the boot program and verifying the image file comprises:
operating the bootstrap program to enable a public key in the bootstrap program to decrypt a ciphertext of a third hash digest in the image file to obtain a plaintext of the third hash digest, and calculating an actual hash digest of a part needing to be verified in the image file;
when the actual hash digest of the part needing to be verified in the mapping file is the same as the plaintext of the third hash digest obtained by decryption, verifying that the mapping file passes;
and the ciphertext of the third hash digest is encrypted by a second private key in advance, and the second private key and the public key in the bootstrap program form a group of key pairs.
10. A terminal device, comprising: a processor, a non-volatile first memory and a read-only second memory;
the processor is integrated on a chip without a safety starting function in the terminal equipment and is suitable for running a starting code to jump to a first safety code for running;
the non-volatile first memory is provided with a one-time programmable storage area used for storing the first security code and storing basic security content and a bootstrap program;
said read-only second memory adapted to store said boot code;
wherein the first memory is on a different die than the second memory, the processor running the first security code to verify the primary secure content; when the basic security content is verified to pass, running a second security code in the basic security content to verify the bootstrap program; when the bootstrap program is verified to pass, running the bootstrap program; the second memory is integrated in the chip without a safety starting function; the hash digest for verifying the basic secure content is pre-saved in a one-time programmable storage area in the first memory.
11. The terminal device of claim 10, wherein the processor is adapted to:
running the first security code to compute a first hash digest of the primary secure content;
and when the first hash digest is the same as the pre-stored hash digest, verifying that the basic security content passes.
12. The terminal device of claim 10, wherein the processor is adapted to run a second security code in the primary secure content to authenticate the boot program using a public key algorithm.
13. The terminal device of claim 12, wherein the processor is adapted to:
operating a second security code in the basic security content to decrypt the ciphertext of the second hash digest in the bootstrap program by using the public key in the basic security content to obtain the plaintext of the second hash digest, and calculating the actual hash digest of the part needing to be verified in the bootstrap program;
when the actual hash digest of the part needing to be verified in the bootstrap program is the same as the plaintext of the second hash digest obtained by decryption, the bootstrap program is verified to pass;
and the ciphertext of the second hash digest is encrypted by a first private key in advance, and the first private key and a public key in the basic secure content form a group of key pairs.
14. The terminal device of claim 12, wherein the public key algorithm is an asymmetric key algorithm.
15. A terminal device according to any of claims 10-14, wherein the primary secure content further comprises one or more of:
an international mobile equipment identity, a product number, a region code and a language code.
16. The terminal device of claim 15, wherein the second memory is on a same die or integrated on a same physical chip as the processor, and wherein the first memory is off-chip coupled to the physical chip.
17. The terminal device of claim 16, wherein the processor is further adapted to:
and when the boot program passes the verification, running the boot program and verifying an image file, wherein the image file is stored in the nonvolatile first memory.
18. The terminal device of claim 17, wherein the processor is further adapted to:
the bootstrap program is operated to decrypt the ciphertext of the third hash abstract in the image file by using the public key in the bootstrap program to obtain the plaintext of the third hash abstract, and the actual hash abstract of the part needing to be verified in the image file is calculated;
when the actual hash digest of the part needing to be verified in the mapping file is the same as the plaintext of the third hash digest obtained by decryption, verifying that the mapping file passes;
and the ciphertext of the third hash digest is encrypted by a second private key in advance, and the second private key and the public key in the bootstrap program form a group of key pairs.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610159979.6A CN107220547B (en) | 2016-03-21 | 2016-03-21 | Terminal equipment and starting method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610159979.6A CN107220547B (en) | 2016-03-21 | 2016-03-21 | Terminal equipment and starting method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107220547A CN107220547A (en) | 2017-09-29 |
| CN107220547B true CN107220547B (en) | 2020-07-03 |
Family
ID=59927177
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610159979.6A Active CN107220547B (en) | 2016-03-21 | 2016-03-21 | Terminal equipment and starting method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107220547B (en) |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109948327A (en) * | 2017-12-20 | 2019-06-28 | 北京可信华泰信息技术有限公司 | A kind of abnormality check method and terminal |
| CN108241798B (en) * | 2017-12-22 | 2021-04-02 | 北京车和家信息技术有限公司 | Method, device and system for preventing machine refreshing |
| CN109542518B (en) * | 2018-10-09 | 2020-12-22 | 华为技术有限公司 | Chip and method for starting chip |
| CN110363010B (en) * | 2019-07-17 | 2021-11-16 | 中国大恒(集团)有限公司北京图像视觉技术分公司 | System safety starting method based on MPSoC chip |
| CN112347481B (en) * | 2019-08-06 | 2024-04-23 | 华为技术有限公司 | Safe starting method, controller and control system |
| CN113254295B (en) * | 2020-02-11 | 2022-09-13 | 瑞昱半导体股份有限公司 | Verification method and system |
| CN111970122B (en) * | 2020-08-06 | 2023-01-10 | 中国联合网络通信集团有限公司 | Official APP identification method, mobile terminal and application server |
| EP3989478B1 (en) * | 2020-10-22 | 2023-10-18 | Moxa Inc. | Computing system and device for handling a chain of trust |
| CN116775145A (en) * | 2023-05-04 | 2023-09-19 | 合芯科技(苏州)有限公司 | Method, device, equipment and storage medium for starting and recovering server |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101222590A (en) * | 2008-01-28 | 2008-07-16 | 四川金网通电子科技有限公司 | Method for controlling received information safety of digital television terminal |
| CN102902556A (en) * | 2012-09-06 | 2013-01-30 | 深圳市共进电子股份有限公司 | Multistage boot load method of embedded equipment |
| CN103049694A (en) * | 2013-01-14 | 2013-04-17 | 上海慧银信息科技有限公司 | Core safety architecture implementation method of intelligent financial transaction terminal |
| CN103914658A (en) * | 2013-01-05 | 2014-07-09 | 展讯通信(上海)有限公司 | Safe starting method of terminal equipment, and terminal equipment |
| CN104200153A (en) * | 2014-09-12 | 2014-12-10 | 北京赛科世纪数码科技有限公司 | Start verification method and system |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103502932B (en) * | 2011-04-29 | 2016-12-14 | 惠普发展公司,有限责任合伙企业 | For verifying the embedded controller of CRTM |
| US20130254906A1 (en) * | 2012-03-22 | 2013-09-26 | Cavium, Inc. | Hardware and Software Association and Authentication |
-
2016
- 2016-03-21 CN CN201610159979.6A patent/CN107220547B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101222590A (en) * | 2008-01-28 | 2008-07-16 | 四川金网通电子科技有限公司 | Method for controlling received information safety of digital television terminal |
| CN102902556A (en) * | 2012-09-06 | 2013-01-30 | 深圳市共进电子股份有限公司 | Multistage boot load method of embedded equipment |
| CN103914658A (en) * | 2013-01-05 | 2014-07-09 | 展讯通信(上海)有限公司 | Safe starting method of terminal equipment, and terminal equipment |
| CN103049694A (en) * | 2013-01-14 | 2013-04-17 | 上海慧银信息科技有限公司 | Core safety architecture implementation method of intelligent financial transaction terminal |
| CN104200153A (en) * | 2014-09-12 | 2014-12-10 | 北京赛科世纪数码科技有限公司 | Start verification method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107220547A (en) | 2017-09-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107220547B (en) | Terminal equipment and starting method thereof | |
| KR101393307B1 (en) | Secure boot method and semiconductor memory system for using the method | |
| FI114416B (en) | Method for securing the electronic device, the backup system and the electronic device | |
| US20160241398A1 (en) | System and method for computing device with improved firmware service security using credential-derived encryption key | |
| CN110990084B (en) | Chip secure starting method and device, storage medium and terminal | |
| EP2746982B1 (en) | Method and apparatus for supporting dynamic change of authentication means for secure booting | |
| US8392724B2 (en) | Information terminal, security device, data protection method, and data protection program | |
| CN108140092B (en) | Device with multiple roots of trust | |
| WO2018076648A1 (en) | Secure enabling method and device for chip, and computer storage medium | |
| US20190372780A1 (en) | Method for provisioning device certificates for electronic processors in untrusted environments | |
| CN107908977B (en) | TrustZone-based intelligent mobile terminal trust chain security transmission method and system | |
| CN109814934B (en) | Data processing method, device, readable medium and system | |
| CN107944234B (en) | Machine refreshing control method for Android equipment | |
| CN110688660A (en) | Method and device for safely starting terminal and storage medium | |
| CN110555309A (en) | Starting method, starting device, terminal and computer readable storage medium | |
| CN111177709A (en) | Execution method and device of terminal trusted component and computer equipment | |
| CN115934194A (en) | Controller starting method and device, electronic equipment and storage medium | |
| KR102415005B1 (en) | Hardware security module for verifying execution code, device having the same, and operating method thereof | |
| CN112148314A (en) | Mirror image verification method, device, equipment and storage medium of embedded system | |
| CN111125665A (en) | Authentication method and device | |
| US20060156000A1 (en) | Integrated software and method for authenticating same | |
| CN115062291A (en) | Method, system, and computer readable medium for managing containers | |
| CN113204769A (en) | Secure device, electronic device, and secure boot management system | |
| CN112231649A (en) | Firmware encryption processing method, device, equipment and medium | |
| CN109934016B (en) | Application signature verification method and device and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |