CN108256298A - A kind of resource access method and device - Google Patents
A kind of resource access method and device Download PDFInfo
- Publication number
- CN108256298A CN108256298A CN201711339922.5A CN201711339922A CN108256298A CN 108256298 A CN108256298 A CN 108256298A CN 201711339922 A CN201711339922 A CN 201711339922A CN 108256298 A CN108256298 A CN 108256298A
- Authority
- CN
- China
- Prior art keywords
- resource
- program
- chip
- user
- application programming
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 25
- 230000008859 change Effects 0.000 abstract description 7
- 238000010586 diagram Methods 0.000 description 8
- 238000004590 computer program Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 6
- 238000003860 storage Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 238000004519 manufacturing process Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 125000004122 cyclic group Chemical group 0.000 description 2
- 241000208340 Araliaceae Species 0.000 description 1
- 101100348617 Candida albicans (strain SC5314 / ATCC MYA-2876) NIK1 gene Proteins 0.000 description 1
- 101100234408 Danio rerio kif7 gene Proteins 0.000 description 1
- 101100221620 Drosophila melanogaster cos gene Proteins 0.000 description 1
- 235000005035 Panax pseudoginseng ssp. pseudoginseng Nutrition 0.000 description 1
- 235000003140 Panax quinquefolius Nutrition 0.000 description 1
- 101100007329 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) COS1 gene Proteins 0.000 description 1
- 101100007330 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) COS2 gene Proteins 0.000 description 1
- 101100398237 Xenopus tropicalis kif11 gene Proteins 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000006378 damage Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 235000008434 ginseng Nutrition 0.000 description 1
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
Abstract
The invention discloses a kind of resource access method and device, including:When user program needs to access the resource not in user program access rights, the application programming interface of kernel program is called, so that the application programming interface of kernel program accesses the not resource in user program access rights;The resource that user program receives the application programming interface from kernel program accesses result.Through the embodiment of the present invention, resource is accessed by calling the application programming interface of kernel program, that is user program is not directly to access resource, it avoids when user program accesses resource and destroys the code in resource, and since application programming interface is just encapsulated into chip when chip dispatches from the factory, user can not change, that is application programming interface is safe, the code in resource will not be destroyed when accessing resource, so as to ensure that the safety of resources of chip.
Description
Technical field
The present invention relates to chip secure technology, espespecially a kind of resource access method and device.
Background technology
With the development of current information technology, more and more smart machines can accomplish a tractor serves several purposes, such as an intelligence
Energy equipment can be used as public transport joint name card, financial social security card and mobile phone payment card.One is realized by the chip in smart machine
Machine is mostly used, and chip includes user's (Consumer, abbreviation COS) program and kernel program, and kernel program is able to access that the money of chip
Source is able to access that the resource of chip is more than user program.In the related art, if user program needs to access not in the user
Resource in routine access permission, for example, user program COS1 needs to access the resource of kernel program or needs to access user
Memory protection location (Memory Protect Uint, MPU) in chip is first unlocked, is set after unlock by the resource of program COS2
The access rights of user program are put, then memory protection location is locked, finally jump to user program, user program is unlocking
Resource is accessed in the access rights set afterwards.Since user program directly accesses the money not in the user program access rights
Source, user program is when accessing resource, if subjected to the attack of disabled user, results in user program destruction and belong in resource
Code, the safety of chip are on the hazard.
Invention content
In order to solve the above-mentioned technical problem, an embodiment of the present invention provides a kind of resource access method and devices, can keep away
Exempt from the code that user program is destroyed in resource.
In order to reach the object of the invention, an embodiment of the present invention provides a kind of resource access method, including:
When user program needs to access the resource not in user program access rights, the application program of kernel program is called
Programming interface, so that the application programming interface of kernel program accesses the not resource in user program access rights;
The resource that user program receives the application programming interface from kernel program accesses result.
An embodiment of the present invention provides another resource access method, including:
The application programming interface of kernel program receives the parameter of user setting;
Application programming interface accesses resource corresponding with the parameter received according to the parameter of reception;
Resource access result is sent to user program by application programming interface.
In one alternative, after the parameter for receiving user setting, the access is corresponding with the parameter received
Before resource, further include:
The application programming interface determines chip belonging to the kernel program in the user mode;
The application programming interface call request management program, the supervisor call of calling are used to enter chip
It interrupts and chip is switched to core schema from user mode.
In one alternative, it is described by resource access result be sent to user program after, further include:
The chip is switched to the user mode by the application programming interface from the core schema.
In one alternative, the supervisor call is additionally operable to,
Judge whether the interruption that the chip generates is legal;When the interruption for judging that the chip generates is legal, by institute
It states chip and is switched to core schema from the user mode;When the interruption for judging that the chip generates is illegal, cycle is held
Row do-nothing operation.
In one alternative, the supervisor call is specifically used for,
Compare the code of the supervisor call when being executed and start address and the pre-set request management journey
Whether the code entry address of sequence is consistent;If comparing the code of the supervisor call when being executed starts address and institute
The code entry address for stating supervisor call is consistent, then judges that the interruption that the chip generates is legal, if compared described
Code during supervisor call starts address and the code entry address of the pre-set supervisor call is inconsistent,
Then judge that the interruption that the chip generates is illegal.
The embodiment of the present invention provides a kind of resource access device, including:
First calling module when needing to access the resource not in user program access rights for user program, calls
The application programming interface of kernel program does not access so that the application programming interface of kernel program accesses in user program
Resource in permission;
First receiving module accesses result for receiving the resource of the application programming interface from kernel program.
The embodiment of the present invention provides another resource access device, including:
Second receiving module, for receiving the parameter of user setting;
Access modules for the parameter according to reception, access resource corresponding with the parameter received;
Sending module, for resource access result to be sent to user program.
In one alternative, resource access device further includes:
Determining module, for determining the chip belonging to the kernel program in the user mode;
Second calling module, for call request management program, the supervisor call of calling is used to make in chip entrance
Break and chip is switched to core schema from user mode.
In one alternative, resource access device further includes:
Handover module, for the chip to be switched to the user mode from the core schema.
In one alternative, the supervisor call that second calling module calls is additionally operable to,
Judge whether the interruption that the chip generates is legal;When the interruption for judging that the chip generates is legal, by institute
It states chip and is switched to core schema from the user mode;When the interruption for judging that the chip generates is illegal, cycle is held
Row do-nothing operation.
In one alternative, the supervisor call that second calling module calls is specifically used for,
Compare the code of the supervisor call when being executed and start address and the pre-set request management journey
Whether the code entry address of sequence is consistent;If comparing the code of the supervisor call when being executed starts address and institute
The code entry address for stating supervisor call is consistent, then judges that the interruption that the chip generates is legal, if compared described
Code during supervisor call starts address and the code entry address of the pre-set supervisor call is inconsistent,
Then judge that the interruption that the chip generates is illegal.
The embodiment of the present invention includes at least:When user program needs to access the resource not in user program access rights,
The application programming interface of kernel program is called, so that the application programming interface of kernel program is accessed not in user program
Resource in access rights;The resource that user program receives the application programming interface from kernel program accesses result.From
The embodiment of the present invention passes through calling as it can be seen that when user program needs to access the resource not in the user program access rights
The application programming interface of kernel program accesses resource, that is to say, that and user program is not directly to access resource, but
Resource is accessed by the application programming interface of kernel program, avoids when user program accesses resource and destroys the generation in resource
Code.And since the application programming interface of kernel program is just encapsulated into chip when chip dispatches from the factory, user is nothing
What method changed, that is to say, that application programming interface is safe, and the code in resource will not be carried out when accessing resource
It destroys, so as to ensure that the safety of code in resource.
Other features and advantages of the present invention will be illustrated in the following description, also, partly becomes from specification
It obtains it is clear that being understood by implementing the present invention.The purpose of the present invention and other advantages can be by specification, rights
Specifically noted structure is realized and is obtained in claim and attached drawing.
Description of the drawings
Attached drawing is used for providing further understanding technical solution of the present invention, and a part for constitution instruction, with this
The embodiment of application technical solution for explaining the present invention together, does not form the limitation to technical solution of the present invention.
Fig. 1 is a kind of flow diagram of resource access method provided in an embodiment of the present invention;
Fig. 2 is the principle schematic that user program provided in an embodiment of the present invention accesses resource;
Fig. 3 is the flow diagram of another resource access method provided in an embodiment of the present invention;
Fig. 4 is the flow diagram of another resource access method provided in an embodiment of the present invention;
Fig. 5 is the schematic diagram of resources of chip provided in an embodiment of the present invention distribution;
Fig. 6 is a kind of flow diagram of API Access resource provided in an embodiment of the present invention;
Fig. 7 is a kind of structure diagram of resource access device provided in an embodiment of the present invention;
Fig. 8 is the structure diagram of another resource access device provided in an embodiment of the present invention;
Fig. 9 is the structure diagram of another resource access device provided in an embodiment of the present invention.
Specific embodiment
To make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction with attached drawing to the present invention
Embodiment be described in detail.It should be noted that in the absence of conflict, in the embodiment and embodiment in the application
Feature mutually can arbitrarily combine.
Step shown in the flowchart of the accompanying drawings can be in the computer system of such as a group of computer-executable instructions
It performs.Also, although logical order is shown in flow charts, it in some cases, can be to be different from herein suitable
Sequence performs shown or described step.
The embodiment of the present invention provides a kind of resource access method, as shown in Figure 1, the resource access method includes:
When step 101, user program need to access the resource not in user program access rights, kernel program is called
Application programming interface (Application Programming Interface, API), so that the application journey of kernel program
Sequence programming interface accesses the not resource in user program access rights.
It should be noted that user program includes but not limited to:It is general for the user program of encryption and decryption and for controlling
The user program of input/output (General Purpose Input Output, GPIO).Kernel program is in addition to including API, also
It can include but is not limited to:Startup program (such as Bootloader), firmware code (such as code of driving), operating system and
Bootstrap.User program and kernel program are stored in the program in the different memory space of chip, kernel program and core
The application programming interface of program is to be stored in chip production into chip.User program can be after chip production
It downloads in chip according to the demand of user.When user program is downloaded in chip, different user programs is downloaded
To the different memory spaces of chip, while access rights of the user program to resource are set, by the visit of the user program of setting
It asks in permission storage to the memory protection location (Memory Protect Uint, MPU) of chip.When user passes through external equipment
When selecting the user program downloaded, the access rights of user program are read from memory protection location.
In fig. 2, by taking chip includes two user programs as an example, in user program COS1 and user program COS2
Each user program, user program can access resource in the access rights of oneself, and inaccessible is more than oneself access rights
Resource.For example, user program COS1 is authorized to a part of resource that can access user program COS2, that is, user program
Another part resource of COS2 cannot be accessed by user program COS1, and user program COS1 accesses another portion of user program COS2
Point resource is exactly not in the access rights of user program COS1.Or the uncommitted access kernel programs of user program COS1
Resource, then the resource that user program COS1 accesses kernel program is exactly not in the access rights of user program COS1.If
User program accesses the not resource in the access rights of the user program, because user program is developed by third party, uses
Family program is there are some potential safety problems, and when application programming interface of kernel program is chip production is just encapsulated into chip
In, user can not change, so it is safe, therefore user program can call core that application programming interface, which accesses resource,
The application programming interface that heart program provides accesses resource.It, can be when chip dispatches from the factory for application programming interface
It is in advance kernel program package application Program Interfaces, application programming interface is put into the fixed position of chip, is needed
From the call by location application programming interface during calling, call the realization of application programming interface that the relevant technologies may be used
In mode realize, implement the protection domain being not intended to limit the present invention, which is not described herein again.
The resource that step 102, user program receive the application programming interface from kernel program accesses result.
It should be noted that after application programming interface accesses resource, resource access result is sent to user's journey
Sequence.For example, user program programming interface has read the data in FLASH (also referred to as FLASH memory, flash memory), user program
The data of reading are sent to user program by programming interface.
Resource access method according to embodiments of the present invention, user program need to access not in user program access rights
Resource when, the application programming interface of kernel program is called, so that the application programming interface of kernel program accesses not
Resource in user program access rights;The resource that user program receives the application programming interface from kernel program is visited
Ask result.From the embodiment of the present invention as it can be seen that when user program needs to access the resource not in the user program access rights,
Resource is accessed by calling the application programming interface of kernel program, that is to say, that user program is not directly to access money
Source, but resource is accessed by the application programming interface of kernel program, it avoids when user program accesses resource and destroys money
Code in source.And since the application programming interface of kernel program is just encapsulated into chip when chip dispatches from the factory,
User can not change, that is to say, that application programming interface be it is safe, will not be in resource when accessing resource
Code is destroyed, so as to ensure that the safety of code in resource.
The embodiment of the present invention provides another resource access method, as shown in figure 3, the resource access method includes:
Step 201, the application programming interface of kernel program receive the parameter of user setting.
It should be noted that after application programming interface is called, user compiles according to pre-set application program
The parameter declaration of journey interface carrys out arrange parameter.For example, parameter declaration includes:1 represents the register of operation chip, and 2 represent operation
The flash memory of chip.If user program needs to operate the register of chip, the parameter set is 1, with the deposit of access chip
Device;It is 2 in the parameter of setting, to access flash memory if user program needs to operate the flash memory of chip.Access the ginseng with receiving
The mode that the realization of the corresponding resource of number may be used in the relevant technologies is realized, implements the guarantor being not intended to limit the present invention
Range is protected, which is not described herein again.
Step 202, application programming interface access resource corresponding with the parameter received according to the parameter of reception.
The resource wherein accessed can be hardware resource, and wherein hardware resource can include but is not limited to the register of chip
And flash memory.Due to when user program needs to access the resource not in user program access rights, calling answering for kernel program
With Program Interfaces, application programming interface accesses the parameter according to reception, accesses resource corresponding with the parameter received,
The corresponding resource of the parameter with reception is exactly the not resource in user program access rights.
Resource access result is sent to user program by step 203, application programming interface.
In one alternative, on the basis of Fig. 3 corresponding embodiments, after step 201, before step 202, also wrap
It includes:
Application programming interface determines chip belonging to kernel program in the user mode;Application programming interface tune
With supervisor call (Supervisor Call, SVC), the supervisor call of calling is used to that chip to be made to enter interruption and incites somebody to action
Chip is switched to core schema from user mode.
It should be noted that the operating mode of chip includes user mode and core schema, the corresponding mark of user mode
Mark corresponding with core schema is predetermined.It is the corresponding mark of user mode when the operating mode of chip identifies, says
Bright chip works in the user mode, and user program can access resource in the access rights of oneself.When the Working mould of chip
Formula mark is the corresponding mark of core schema, illustrates that chip works under core schema.Due to chip in the user mode, it applies
Program Interfaces are the resources that cannot be accessed not in user program permission, therefore by calling and performing request management journey
Sequence, chip enters interruption after supervisor call is performed, and in chip after entering the interrupt, supervisor call carries out work to chip
The switching of operation mode.When chip is switched to core schema from user mode, the operating mode mark of chip is revised as core
The corresponding mark of heart pattern.Supervisor call is also referred to as power user's calling, and supervisor call is a kind of processor instruction,
Chip can generate interruption when performing the processor instruction.
Due to chip in the user mode when, application programming interface cannot be accessed not in user program permission
Resource, if application programming interface accesses the not resource in user program permission, can directly report an error.Pass through core in this way
Different access rights design to complete safety protection of chip between the switching of piece different working modes and operating mode.Separately
Outside, under core schema, in addition to switching that can be with access chip resource and to chip operation pattern, user's journey can also be downloaded
Sequence calls Encryption Algorithm to be encrypted and call the firmware codes such as driving interface and sets the access rights of user program.
In one alternative, on the basis of Fig. 3 corresponding embodiments, after step 203, further include:
Chip is switched to user mode by application programming interface from core schema.
It should be noted that chip is in the user mode, the resource that user program is accessed is accessed in this user program
In permission.If user program accesses the resource not in access rights, application programming interface is called to complete resource and is accessed,
And need chip switching to core schema before resource access, it completes to need chip switching back into user's mould after resource accesses
Formula.If chip user mode is not switched back into, that is to say, that for chip under core schema, user program will utilize application program
Programming interface accesses whole resources.Therefore it needs chip being switched to user mode, could complete to kernel program and resource
Security protection.The realization that from user mode chip is switched to core schema and user mode is switched to from core schema can
It is realized in a manner of using in the relevant technologies, implements the protection domain being not intended to limit the present invention, which is not described herein again.
In one alternative, on the basis of Fig. 3 corresponding embodiments, supervisor call is additionally operable to,
Judge whether the interruption that chip generates is legal;When the interruption for judging that chip generates is legal, by chip from user
Pattern switching is to core schema;When the interruption for judging that chip generates is illegal, cycle performs do-nothing operation.
It should be noted that the data due to chip discloses relatively, user program can be called voluntarily and perform request pipe
Program is managed, therefore the interruption that chip generates can be that voluntarily call request management program generates user program, can also be core
What the application programming interface call request management program of heart program generated.Voluntarily if call request manages journey to user program
Sequence is interrupted to generate, and such disabled user can be using user program come call request management program, can be to the safety of chip
It threatens, therefore, after chip generates interruption, needs to judge whether the interruption of chip generation is legal, it can be with when illegal
Do-nothing operation is constantly performed to enter endless loop, to forbid accessing resource, so as to further ensure that the safety for accessing resource.
When the interruption for judging that chip generates is legal, it is the application programming interface call request management journey of kernel program to illustrate interruption
What sequence generated, chip is switched to core schema by application programming interface from user mode.
In one alternative, on the basis of Fig. 3 corresponding embodiments, supervisor call is specifically used for,
Compare the code of supervisor call when being executed and start address and the code of pre-set supervisor call
Whether entry address is consistent;If comparing supervisor call code when being executed starts address and supervisor call
Code entry address is consistent, then judges that the interruption that chip generates is legal, if code when comparing supervisor call starts
Address and the code entry address of pre-set supervisor call are inconsistent, then judge that the interruption that chip generates is illegal.
It should be noted that judge that the code of supervisor call when being executed starts in the supervisor call of calling
Address if code startup address is consistent with the code entry address of pre-set supervisor call, illustrates that the code opens
In the effective coverage of kernel program firmware code, interruption is called and is held by the application programming interface of kernel program for dynamic address
Row supervisor call generates, then chip is switched to core schema from user mode;If the code start address with
The code entry address of pre-set supervisor call is inconsistent, illustrates that interrupting voluntarily is called and performed by user program
For supervisor call come what is generated, interrupt has security threat to chip, it can be determined that the interruption of generation is illegal.
Resource access method according to embodiments of the present invention, the application programming interface of kernel program receive user setting
Parameter;Application programming interface accesses resource corresponding with the parameter received according to the parameter of reception;Application programming
Resource access result is sent to user program by interface.From the embodiment of the present invention as it can be seen that application programming by kernel program
Interface accesses resource, avoids when user program accesses resource and destroys the code in resource.And answering due to kernel program
With Program Interfaces just it is encapsulated into chip when chip dispatches from the factory, user can not change, that is to say, that using journey
Sequence programming interface is safe, the code in resource will not be destroyed when accessing resource, so as to ensure that generation in resource
The safety of code.
The embodiment of the present invention provides another resource access method, as shown in figure 4, the resource access method includes:
Step 301 judges whether to select user program, when judging to select user program, enters step 308, sentencing
Break when non-selected user program, enter step 302.It should be noted that user selects user program by external equipment.
It needs first to download user program before user program is selected;After user program is downloaded, user can be existed by external equipment
User program is selected in the user program of download.
Step 302, the instruction that receives of judgement, when instructing of judging to receive is for downloading the instruction of user program,
303 are entered step, when the instruction for judging to receive is, for setting the instruction of access rights, enters step 304, when judgement receives
The instruction arrived is the instruction for other operations in addition to downloading user program and setting access rights, enters step 305.It needs
It is noted that it needs to carry out different operations due to receiving different instructions, it is therefore desirable to judge the instruction received, with
Different steps is respectively enterd according to judging result.
Step 303 downloads user program.It should be noted that due to the running space of different user program be it is different,
The starting running space of the user program can be set when downloading user program, to complete the download of different user program.
Step 304, the access rights that user program is set, and by the access rights of setting storage to storage medium (such as
The MPU of chip) in.The access rights of setting include but not limited to:The permission of FLASH, Yong Hucheng in user program access chip
In sequence access chip in the permission of random access memory (Random Access Memory, RAM), user program access chip
The permission in hardware device space.
The access rights of user program and kernel program are illustrated below by Fig. 5.
As shown in figure 5, SRW_UFE represents that chip is readable writeable under core schema, chip is forbidden reading in the user mode
It writes;SRW_URO represents that chip is readable writeable under core schema, and chip is read-only in the user mode;SRW_URW represents that chip exists
Readable writeable under core schema, chip is readable writeable in the user mode;SFE_UFE represents that chip is forbidden reading under core schema
It writes, chip is forbidden reading and writing in the user mode.
1st, the exclusive memory space belonging to kernel program can only access under core schema.It is exclusive belonging to kernel program
Memory space includes:BOOT_CODE and CPY_DEVICE_CODE, BOOT_CODE represent the startup code of kernel program,
CPY_DEVICE_CODE represents the device drives code that kernel program provides to the user, and chip is readable writeable under core schema,
Chip is forbidden in the user mode.CODE_RO represents the code of kernel program, can be to core in the case where chip is in core schema
The code of heart program is readable writeable, can be read-only to the code of kernel program in the case where chip is in user mode.
2nd, the region that kernel program is readable writeable but user program is forbidden, only accesses in the case where chip is in core schema.
3rd, chip is under user mode, and different user program may operate in the code area of this user program, other areas
Domain does not allow read and write access.COS1_CODE represents the code of user program COS1, and COS2_CODE represents user program COS2's
Code, user program COS1 may operate in the code area of user program COS1, it is impossible to the generation of read and write access user program COS2
Code area.
4th, hardware ram space distributes, and chip is under user mode, and different user programs can only access public RAM
Space and the exclusive ram space of user program, other ram spaces do not allow to access.For example, COS1_RAM represents user program
Ram space exclusive COS1, COS2_RAM represent the exclusive ram spaces of user program COS2, and SHARE_RAM represents user program
Public ram space, BOOT_RAM represent to start the ram space of code.User program COS1 can access COS1_RAM and
SHARE_RAM, it is impossible to access COS2_RAM.
5th, hardware device DECIVE, including 8 block registers, be respectively SUB_0CPR, SUB_1SYS_COL, SUB_2WDT,
SUB_3RFU, SUB_4CRC16, SUB_5RANDOM, SUB_6SBLOCK and SUB_7RFU.Wherein, SUB_0CPR represents that clock is posted
Storage, SUB_1SYS_COL represent system clock register, and SUB_2WDT represents house dog register, SUB_3RFU and SUB_
7RFU represents the idle register register of address free time (register of i.e. no address in other words), SUB_4CRC16 tables respectively
Show cyclic redundancy check code (Cyclic Redundancy Check, CRC) register, SUB_5RANDOM represents random number deposit
Device, SUB_6SBLOCK represent FLASH registers, and CPY_RAM represents the exclusive RAM areas of kernel program encryption and decryption, NVR_FLASH tables
Show the exclusive FLASH data safeties memory block of kernel program.Chip is in user program under user mode can only access rights opening
Hardware resource, other regions do not allow to access.
6th, space exclusive hardware CPU, SYSTERM CONTROL represent the exclusive spaces of chip CPU, under core schema
It can access, in the user mode, user program can not access.
Step 305, other operations.
Step 306 judges whether that successful execution instructs, in other words, after instruction is received, the step of judging to perform
303rd, step 304 or step 305 whether successful execution.
Step 307 returns to judging result.Specifically, according to communication protocol, the judging result of step 306 is packaged and is returned
To external equipment, and re-execute step 302.
Step 308, obtain selection user program jump address, between step 310 and step 311, according to obtaining
The jump address taken jumps to user program from kernel program.
Step 309, the access rights that user program is read from the storage medium of step 304.
Step 310, setting user mode and user program to be redirected.It should be noted that when chip powers on, chip
In core schema, before user program is jumped to, chip is switched to user mode from core schema, to ensure chip
Safety.
The application programming interface of step 311, initialization library and kernel program.
Step 312, the instruction that receives of judgement, when instructing of judging to receive is for calling the instruction of API, into step
Rapid 313, when the instruction for judging to receive is, for calling the instruction of Encryption Algorithm, enters step 316, when the finger that judgement receives
It enables for other instructions operated in addition to calling API and calling Encryption Algorithm, to enter step 319.
Step 313 calls API, it should be noted that the API of calling is the API of the kernel program of chip.
Step 314, setting core schema.Chip is alternatively switched to core schema from user mode.
It should be noted that it as shown in fig. 6, is further included between step 313 and step 314:Step 401, step 402,
Step 403 and step 404.
Step 401, API modification access rights.It could also say that the initialization to the access rights of user program, it is specific logical
The access rights mark of modification user program is crossed to change the access rights of user program, when user program calls kernel program
Access rights will be changed during API.
Step 402, API Calls supervisor call.
Step 403, API perform supervisor call so that chip generates interruption.
Step 404, supervisor call judge whether the interruption that chip generates is legal, when the determination result is yes, perform
Step 405, when the judgment result is No, step 408 is performed.
Start address and the generation of pre-set supervisor call by comparing code when performing supervisor call
Whether code entry address is consistent;If comparing consistent, judge that the interruption generated is legal, if comparing inconsistent, judge to produce
Raw interruption is illegal.
Step 405, supervisor call set chip operation to be switched to chip from user mode under core schema
Core schema.Step 405 is equivalent to the step 314 in Fig. 4.
Step 408, API Access resources of chip.
Step 409, chip enter error interrupt.It should be noted that when chip does not switch to core mould from user mode
During formula, chip can enter error interrupt when API goes to access the resource for not allowing to access.
Step 410, supervisor call endless loop, and prompt user's illegal operation.Can constantly perform do-nothing operation come into
Enter endless loop.
Step 315, API Access resources of chip (are equivalent to the step 406) in Fig. 6, setting user mode (is equivalent to Fig. 6
In step 407), the result of API Access resource is finally returned into user program.Step 315 includes:Using in step 313
The API of calling, the access chip resource in the access rights of user program, after resources of chip has been accessed, by chip from core
Pattern switching is to user mode.
Step 316, user program call the Encryption Algorithm in algorithms library.Assert for example, Encryption Algorithm is State Commercial Cryptography Administration
Domestic cryptographic algorithm or international Encryption Algorithm.
Step 317, setting core schema.Chip is alternatively switched to core schema from user mode.
Step 318 is encrypted using Encryption Algorithm, sets user mode.It is required in step 215 and step 218
By chip setting to user mode.
Step 319, other operations.
Step 320, the processing of subsequent function.Wherein subsequent function processing includes:Judgment step 313, step 316 and step
Whether rapid 319 instruction runs succeeded.
Step 321, transmission data.The data of transmission refer to subsequent function processing in step 320 as a result, for example will
The result whether instruction of step 313, step 316 and step 319 runs succeeded is sent to external equipment.
The embodiment of the present invention provides a kind of resource access device, as shown in fig. 7, the resource access device 5 includes:
First calling module 51 when needing to access the resource not in user program access rights for user program, is adjusted
With the application programming interface of kernel program, do not visited so that the application programming interface of kernel program accesses in user program
Ask the resource in permission.
First receiving module 52 accesses result for receiving the resource of the application programming interface from kernel program.
In practical applications, the first calling module 51 and the first receiving module 52 can be by resource access devices 5
CPU, microprocessor (Micro Processor Unit, MPU), digital signal processor (Digital Signal
Processor, DSP) or the realizations such as field programmable gate array (Field Programmable Gate Array, FPGA).
Resource access device according to embodiments of the present invention, user program need to access not in user program access rights
Resource when, the application programming interface of kernel program is called, so that the application programming interface of kernel program accesses not
Resource in user program access rights;The resource that user program receives the application programming interface from kernel program is visited
Ask result.From the embodiment of the present invention as it can be seen that when user program needs to access the resource not in the user program access rights,
Resource is accessed by calling the application programming interface of kernel program, that is to say, that user program is not directly to access money
Source, but resource is accessed by the application programming interface of kernel program, it avoids when user program accesses resource and destroys money
Code in source.And since the application programming interface of kernel program is just encapsulated into chip when chip dispatches from the factory,
User can not change, that is to say, that application programming interface be it is safe, will not be in resource when accessing resource
Code is destroyed, so as to ensure that the safety of code in resource.
The embodiment of the present invention provides another resource access device, as shown in figure 8, the resource access device 6 includes:
Second receiving module 61, for receiving the parameter of user setting.
Access modules 62 for the parameter according to reception, access resource corresponding with the parameter received.
Sending module 63, for resource access result to be sent to user program.
In one alternative, on the basis of Fig. 8 corresponding embodiments, the present invention provides another resource access device,
As shown in figure 9, resource access device 6 further includes:
Determining module 64, for determining the chip belonging to kernel program in the user mode.
Second calling module 65, for call request management program, the supervisor call of calling is used to enter chip
It interrupts and chip is switched to core schema from user mode.
In one alternative, on the basis of Fig. 9 corresponding embodiments, resource access device 6 further includes:
Handover module 66, for chip to be switched to user mode from core schema.
In one alternative, on the basis of Fig. 9 corresponding embodiments, the request that the second calling module 65 calls manages journey
Sequence is additionally operable to,
Judge whether the interruption that chip generates is legal;When the interruption for judging that chip generates is legal, by chip from user
Pattern switching is to core schema;When the interruption for judging that chip generates is illegal, cycle performs do-nothing operation.
In one alternative, on the basis of Fig. 9 corresponding embodiments, the request that the second calling module 65 calls manages journey
Sequence is specifically used for,
Compare the code of supervisor call when being executed and start address and the code of pre-set supervisor call
Whether entry address is consistent;If comparing supervisor call code when being executed starts address and supervisor call
Code entry address is consistent, then judges that the interruption that chip generates is legal, if code when comparing supervisor call starts
Address and the code entry address of pre-set supervisor call are inconsistent, then judge that the interruption that chip generates is illegal.
In practical applications, the second receiving module 61, access modules 62, sending module 63, determining module 64, second are called
Module 65 and handover module 66 can by CPU, microprocessor, digital signal processor or the scene in resource access device 6
Program the realizations such as gate array.
Resource access device according to embodiments of the present invention, the application programming interface of kernel program receive user setting
Parameter;Application programming interface accesses resource corresponding with the parameter received according to the parameter of reception;Application programming
Resource access result is sent to user program by interface.From the embodiment of the present invention as it can be seen that application programming by kernel program
Interface accesses resource, avoids when user program accesses resource and destroys the code in resource.And answering due to kernel program
With Program Interfaces just it is encapsulated into chip when chip dispatches from the factory, user can not change, that is to say, that using journey
Sequence programming interface is safe, the code in resource will not be destroyed when accessing resource, so as to ensure that generation in resource
The safety of code.
The embodiment of the present invention provides another resource access device, the resource access device include memory, processor with
And the computer program that can be run on a memory and on a processor is stored, processor performs the step realized during computer program
Suddenly include:
When user program needs to access the resource not in user program access rights, the application program of kernel program is called
Programming interface, so that the application programming interface of kernel program accesses the not resource in user program access rights;
The resource that user program receives the application programming interface from kernel program accesses result.
The embodiment of the present invention provides another resource access device, the resource access device include memory, processor with
And the computer program that can be run on a memory and on a processor is stored, processor performs the step realized during computer program
Suddenly include:
The application programming interface of kernel program receives the parameter of user setting;
Application programming interface accesses resource corresponding with the parameter received according to the parameter of reception;
Resource access result is sent to user program by application programming interface.
In one alternative, the step of above-mentioned processor is realized when performing computer program, further includes:
Application programming interface determines chip belonging to kernel program in the user mode;
Application programming interface call request management program, the supervisor call of calling are used to that chip to be made to enter interruption
And chip is switched to core schema from user mode.
In one alternative, the step of above-mentioned processor is realized when performing computer program, further includes:
Chip is switched to user mode by application programming interface from core schema.
In one alternative, supervisor call is additionally operable to,
Judge whether the interruption that chip generates is legal;When the interruption for judging that chip generates is legal, by chip from user
Pattern switching is to core schema;When the interruption for judging that chip generates is illegal, cycle performs do-nothing operation.
In one alternative, supervisor call is specifically used for,
Compare the code of supervisor call when being executed and start address and the code of pre-set supervisor call
Whether entry address is consistent;If comparing supervisor call code when being executed starts address and supervisor call
Code entry address is consistent, then judges that the interruption that chip generates is legal, if code when comparing supervisor call starts
Address and the code entry address of pre-set supervisor call are inconsistent, then judge that the interruption that chip generates is illegal.
Although disclosed herein embodiment as above, the content only for ease of understanding the present invention and use
Embodiment is not limited to the present invention.Technical staff in any fields of the present invention is taken off not departing from the present invention
Under the premise of the spirit and scope of dew, any modification and variation, but the present invention can be carried out in the form and details of implementation
Scope of patent protection, still should be subject to the scope of the claims as defined in the appended claims.
Claims (12)
1. a kind of resource access method, which is characterized in that including:
When user program needs to access the resource not in user program access rights, the application programming of kernel program is called
Interface, so that the application programming interface of kernel program accesses the not resource in user program access rights;
The resource that user program receives the application programming interface from kernel program accesses result.
2. a kind of resource access method, which is characterized in that including:
The application programming interface of kernel program receives the parameter of user setting;
Application programming interface accesses resource corresponding with the parameter received according to the parameter of reception;
Resource access result is sent to user program by application programming interface.
3. resource access method according to claim 2, which is characterized in that after the parameter for receiving user setting,
Before access resource corresponding with the parameter of reception, further include:
The application programming interface determines chip belonging to the kernel program in the user mode;
The application programming interface call request management program, the supervisor call of calling are used to that chip to be made to enter interruption
And chip is switched to core schema from user mode.
4. resource access method according to claim 3, which is characterized in that described that resource access result is sent to user
After program, further include:
The chip is switched to the user mode by the application programming interface from the core schema.
5. resource access method according to claim 3, which is characterized in that the supervisor call is additionally operable to,
Judge whether the interruption that the chip generates is legal;When the interruption for judging that the chip generates is legal, by the core
Piece is switched to core schema from the user mode;When the interruption for judging that the chip generates is illegal, cycle performs sky
Operation.
6. resource access method according to claim 5, which is characterized in that the supervisor call is specifically used for,
Compare the code of the supervisor call when being executed and start address and the pre-set supervisor call
Whether code entry address is consistent;It is asked if comparing the code of the supervisor call when being executed and starting address with described
The code entry address for seeking management program is consistent, then judges that the interruption that the chip generates is legal, if comparing the request
Code during management program starts address and the code entry address of the pre-set supervisor call is inconsistent, then sentences
The interruption that the disconnected chip generates is illegal.
7. a kind of resource access device, which is characterized in that including:
First calling module when needing to access the resource not in user program access rights for user program, calls core
The application programming interface of program, so that the application programming interface of kernel program is accessed not in user program access rights
Interior resource;
First receiving module accesses result for receiving the resource of the application programming interface from kernel program.
8. a kind of resource access device, which is characterized in that including:
Second receiving module, for receiving the parameter of user setting;
Access modules for the parameter according to reception, access resource corresponding with the parameter received;
Sending module, for resource access result to be sent to user program.
9. resource access device according to claim 8, which is characterized in that further include:
Determining module, for determining the chip belonging to the kernel program in the user mode;
Second calling module, for call request management program, the supervisor call of calling interrupts simultaneously for entering chip
Chip is switched to core schema from user mode.
10. resource access device according to claim 8, which is characterized in that further include:
Handover module, for the chip to be switched to the user mode from the core schema.
11. resource access device according to claim 8, which is characterized in that the request that second calling module calls
Management program is additionally operable to,
Judge whether the interruption that the chip generates is legal;When the interruption for judging that the chip generates is legal, by the core
Piece is switched to core schema from the user mode;When the interruption for judging that the chip generates is illegal, cycle performs sky
Operation.
12. resource access device according to claim 11, which is characterized in that the request that second calling module calls
Management program is specifically used for,
Compare the code of the supervisor call when being executed and start address and the pre-set supervisor call
Whether code entry address is consistent;It is asked if comparing the code of the supervisor call when being executed and starting address with described
The code entry address for seeking management program is consistent, then judges that the interruption that the chip generates is legal, if comparing the request
Code during management program starts address and the code entry address of the pre-set supervisor call is inconsistent, then sentences
The interruption that the disconnected chip generates is illegal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711339922.5A CN108256298A (en) | 2017-12-14 | 2017-12-14 | A kind of resource access method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711339922.5A CN108256298A (en) | 2017-12-14 | 2017-12-14 | A kind of resource access method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108256298A true CN108256298A (en) | 2018-07-06 |
Family
ID=62723052
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711339922.5A Pending CN108256298A (en) | 2017-12-14 | 2017-12-14 | A kind of resource access method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108256298A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109684049A (en) * | 2018-11-23 | 2019-04-26 | 上海琪埔维半导体有限公司 | A kind of routine call method |
| CN113225344A (en) * | 2021-05-10 | 2021-08-06 | 深信服科技股份有限公司 | Access control method, device, equipment and readable storage medium |
| CN113836497A (en) * | 2020-06-24 | 2021-12-24 | 武汉杰开科技有限公司 | Program running method, integrated circuit chip and related device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101246537A (en) * | 2008-03-28 | 2008-08-20 | 兰雨晴 | Method for implementing reliable computation based on reliable multi-task operating system |
| CN101620658A (en) * | 2009-07-14 | 2010-01-06 | 北京大学 | Hook detecting method under Windows operation system |
| CN102902909A (en) * | 2012-10-10 | 2013-01-30 | 北京奇虎科技有限公司 | System and method for preventing file from being tampered |
| CN104424034A (en) * | 2013-09-04 | 2015-03-18 | 华为技术有限公司 | Hardware resource access method and hardware resource access device |
-
2017
- 2017-12-14 CN CN201711339922.5A patent/CN108256298A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101246537A (en) * | 2008-03-28 | 2008-08-20 | 兰雨晴 | Method for implementing reliable computation based on reliable multi-task operating system |
| CN101620658A (en) * | 2009-07-14 | 2010-01-06 | 北京大学 | Hook detecting method under Windows operation system |
| CN102902909A (en) * | 2012-10-10 | 2013-01-30 | 北京奇虎科技有限公司 | System and method for preventing file from being tampered |
| CN104424034A (en) * | 2013-09-04 | 2015-03-18 | 华为技术有限公司 | Hardware resource access method and hardware resource access device |
Non-Patent Citations (2)
| Title |
|---|
| 周艳: "LINUX的系统调用与函数调用", 《辽宁大学学报自然科学版》 * |
| 李大明: "一种操作系统增强访问控制实现技术研究", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109684049A (en) * | 2018-11-23 | 2019-04-26 | 上海琪埔维半导体有限公司 | A kind of routine call method |
| CN113836497A (en) * | 2020-06-24 | 2021-12-24 | 武汉杰开科技有限公司 | Program running method, integrated circuit chip and related device |
| CN113225344A (en) * | 2021-05-10 | 2021-08-06 | 深信服科技股份有限公司 | Access control method, device, equipment and readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106462708B (en) | Authenticate the management method and device of variable | |
| US8555015B2 (en) | Multi-layer content protecting microcontroller | |
| CN101300583B (en) | Simple scalable and configurable secure boot for trusted mobile phones | |
| CN103748594B (en) | For ARM*TRUSTZONETMThe credible platform module based on firmware realized | |
| JP4940460B2 (en) | Processing system, method and device | |
| CN104077533A (en) | Sensitive data operating method and device | |
| US20180060609A1 (en) | Policies for secrets in trusted execution environments | |
| Daniels et al. | S μ v-the security microvisor: a virtualisation-based security middleware for the internet of things | |
| CN104318182A (en) | Intelligent terminal isolation system and intelligent terminal isolation method both based on processor safety extension | |
| US20070237325A1 (en) | Method and apparatus to improve security of cryptographic systems | |
| CN108256298A (en) | A kind of resource access method and device | |
| CN107066887A (en) | Processing unit with sensitive data access module | |
| KR20090095843A (en) | Processor apparatus having secure performance | |
| US9563754B2 (en) | Method of generating a structure and corresponding structure | |
| CN112528288A (en) | Running method of trusted application, information processing and memory allocation method and device | |
| CN113139175A (en) | Processing unit, electronic device, and security control method | |
| CN104424028A (en) | Terminal device and switching method thereof | |
| US7353403B2 (en) | Computer systems such as smart cards having memory architectures that can protect security information, and methods of using same | |
| CN109753793A (en) | A kind of hot patch method and hot patch device | |
| KR20190085387A (en) | Semiconductor device and method for operating semiconductor device | |
| CN113987599B (en) | Method, device, equipment and readable storage medium for realizing firmware trusted root | |
| CN107798256A (en) | A kind of smart card and design method based on cryptographic algorithm separation storage | |
| CN107341416A (en) | Hard disk decryption method, equipment and readable storage medium storing program for executing | |
| CN113168477A (en) | Data processing method, device and system chip | |
| CN110555302A (en) | Unlocking method and device and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180706 |