CN108319473B - Terminal system starting method and device - Google Patents
Terminal system starting method and device Download PDFInfo
- Publication number
- CN108319473B CN108319473B CN201710029510.5A CN201710029510A CN108319473B CN 108319473 B CN108319473 B CN 108319473B CN 201710029510 A CN201710029510 A CN 201710029510A CN 108319473 B CN108319473 B CN 108319473B
- Authority
- CN
- China
- Prior art keywords
- file
- read
- data
- identifier
- hash value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44505—Configuring for program initiating, e.g. using registry, configuration files
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/14—Details of searching files based on file metadata
- G06F16/148—File search processing
- G06F16/152—File search processing using file content signatures, e.g. hash values
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Abstract
The invention relates to a method and a device for starting a terminal system, wherein the method comprises the following steps: acquiring a system starting instruction; acquiring a preset file hash list from a read-only file system according to the system starting instruction; reading a file identifier in the file hash list, and inquiring system file data according to the read file identifier; obtaining a file hash value according to the inquired system file data; and detecting whether the obtained file hash value is the same as the corresponding file hash value in the file hash list, and if not, terminating the system start. According to the terminal system starting method and device, when the obtained file hash value and the corresponding file hash value in the accurate file hash list detect that the system file data is tampered, the system is stopped to start, the tampered system file data is prevented from being executed in the system starting process, and the tampered system file data is prevented from influencing the normal operation of the system.
Description
Technical Field
The present invention relates to the field of data processing technologies, and in particular, to a method and an apparatus for starting a terminal system.
Background
With the development of computer technology, various system programs are developed, and in the production process of a terminal, a system file is implanted into the terminal, so that the terminal starts a system according to the system file. However, these system files may be modified or corrupted, causing problems in system operation and even system failure to boot.
However, after the system file is implanted into the terminal, some system files may be tampered during the terminal booting process, so that some tampered system files are executed during the system booting process, and the tampered system files may affect the normal booting or normal operation of the system.
Disclosure of Invention
Based on this, it is necessary to provide a terminal system booting method and apparatus for the problem that a tampered system file affects normal booting or normal operation of the system.
A terminal system starting method comprises the following steps:
acquiring a system starting instruction;
acquiring a preset file hash list from a read-only file system according to the system starting instruction;
reading a file identifier in the file hash list, and inquiring system file data according to the read file identifier;
obtaining a file hash value according to the inquired system file data;
and detecting whether the obtained file hash value is the same as the corresponding file hash value in the file hash list, and if not, terminating the system start.
In one embodiment, before acquiring the system start instruction, the method further includes:
receiving system firmware loaded by a server through a data line interface, wherein the system firmware is generated by compiling the server according to read-only system data and system file data, and the read-only system data is generated by presetting a file hash list in a read-only file system by the server.
In one embodiment, the method further comprises:
the server scans a system file to obtain a file identifier, generates a file identifier list according to the obtained file identifier, traverses the file identifier in the file identifier list, queries system file data corresponding to the file identifier, calculates a file hash value corresponding to each file identifier according to the queried system file data, and correspondingly stores the file identifier and the calculated file hash value to generate a file hash list.
In one embodiment, after detecting whether the obtained file hash value is the same as the file hash value corresponding to the file hash list, the method further includes:
if the obtained file hash value is detected to be the same as the corresponding file hash value in the file hash list, detecting whether the read file identifier is the last file identifier arranged in the file hash list;
if yes, starting the system according to the system file data;
and if not, reading the next file identification in the file hash list according to the arrangement sequence, and executing the step of inquiring the system file data according to the read file identification.
In one embodiment, after terminating the start-up system, the method further includes:
generating file damage information according to the read file identification and the obtained file hash value;
displaying inquiry information whether to enter a system security mode;
acquiring a security mode entering instruction input according to the inquiry information;
and entering a system safety mode according to the safety mode entering instruction, and displaying file damage information in the system safety mode.
According to the terminal system starting method, the preset file hash list is read from the read-only file system in the system starting process, the file hash list preset in the read-only file system is not easy to tamper, and the accuracy of the file hash list is guaranteed. And obtaining a file hash value according to the system file data corresponding to the file identifier in the file hash list, and detecting whether the system file data is tampered or not through the obtained file hash value and the corresponding file hash value in the accurate file hash list as long as the system file data is tampered, so that the detection efficiency of the system file data is improved. When the system file data is detected to be tampered, the system is stopped to start, the tampered system file data is prevented from being executed in the system starting process, and the tampered system file data is prevented from influencing the normal operation of the system.
An end system activation device, the device comprising:
the starting instruction receiving module is used for acquiring a system starting instruction;
the hash list acquisition module is used for acquiring a preset file hash list from a read-only file system according to the system starting instruction;
the file identifier reading module is used for reading the file identifier in the file hash list and inquiring system file data according to the read file identifier;
a hash value obtaining module, configured to obtain a file hash value according to the queried system file data;
and the hash value detection module is used for detecting whether the obtained file hash value is the same as the corresponding file hash value in the file hash list or not, and if not, terminating the system start.
In one embodiment, the apparatus further comprises:
the system firmware receiving module is used for receiving system firmware loaded by a server through a data line interface, the system firmware is generated by compiling the server according to read-only system data and system file data, and the read-only system data is generated by presetting a file hash list in a read-only file system by the server.
In one embodiment, the apparatus further comprises:
the server scans a system file to obtain a file identifier, generates a file identifier list according to the obtained file identifier, traverses the file identifier in the file identifier list, queries system file data corresponding to the file identifier, calculates a file hash value corresponding to each file identifier according to the queried system file data, and correspondingly stores the file identifier and the calculated file hash value to generate a file hash list.
In one embodiment, the apparatus further comprises:
the system starting module is used for detecting whether the read file identifier is the last file identifier arranged in the file hash list or not if the obtained file hash value is detected to be the same as the corresponding file hash value in the file hash list; if yes, starting the system according to the system file data;
the file identifier reading module is further configured to read a next file identifier in the file hash list according to the arrangement sequence and query system file data according to the read file identifier if it is detected that the read file identifier is not the last file identifier arranged in the file hash list.
In one embodiment, the apparatus further comprises:
the damaged information generating module is used for generating file damaged information according to the read file identification and the obtained file hash value;
the inquiry information display module is used for displaying inquiry information whether to enter a system security mode;
an entry instruction acquisition module for acquiring a security mode entry instruction input according to the inquiry information;
and the damage information display module is used for entering a system safety mode according to the safety mode entering instruction and displaying file damage information in the system safety mode.
According to the terminal system starting device, the preset file hash list is read from the read-only file system in the system starting process, the file hash list preset in the read-only file system is not easy to tamper, and the accuracy of the file hash list is guaranteed. And obtaining a file hash value according to the system file data corresponding to the file identifier in the file hash list, and detecting whether the system file data is tampered or not through the obtained file hash value and the corresponding file hash value in the accurate file hash list as long as the system file data is tampered, so that the detection efficiency of the system file data is improved. When the system file data is detected to be tampered, the system is stopped to start, the tampered system file data is prevented from being executed in the system starting process, and the tampered system file data is prevented from influencing the normal operation of the system.
Drawings
FIG. 1 is a diagram of an application environment for a method for booting a terminal system in one embodiment;
FIG. 2 is a block diagram showing a terminal in an application environment of a terminal system startup method according to an embodiment;
FIG. 3 is a flowchart illustrating a method for booting a terminal system according to an embodiment;
fig. 4 is a flowchart illustrating a method for starting a terminal system in another embodiment;
FIG. 5 is a flow diagram illustrating the steps of entering a secure mode in one embodiment;
FIG. 6 is a block diagram showing the construction of an activating apparatus of the terminal system in one embodiment;
FIG. 7 is a block diagram showing the construction of an activating apparatus of the terminal system in another embodiment;
fig. 8 is a block diagram showing the configuration of an end system activating apparatus according to still another embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Fig. 1 is an application environment diagram of a terminal system startup method in one embodiment. Referring to fig. 1, the application environment of the terminal system starting method includes a terminal 110 and a server 120, wherein the terminal 110 is connected to the server 120 through a data line 130. The terminal 110 may be a fixed terminal, which may be at least one of a printer, a scanner, and a monitor, or a mobile terminal, which may be at least one of a tablet, a smart phone, a personal digital assistant, and a digital camera.
Fig. 2 is a schematic diagram illustrating an internal structure of the terminal 110 in an application environment of the terminal system starting method in fig. 1 according to an embodiment. As shown in fig. 2, the terminal 110 includes a processor, a nonvolatile storage medium, an internal memory, a data line interface, an input device, and a display screen, which are connected through a system bus. The nonvolatile storage medium of the terminal 110 stores an operating system and a starting device of a terminal system, and the starting device of the terminal system is used for implementing a starting method of the terminal system. The processor is configured to provide computing and control capabilities, support the operation of the whole terminal 110, and an internal memory in the terminal 110 provides an environment for the operation of the booting apparatus of the terminal system in the nonvolatile storage medium, and the internal memory may store computer readable instructions, and when the computer readable instructions are executed by the processor, the processor may be configured to execute a booting method of the terminal system. The data line interface is used for data transmission with the server 120.
As shown in fig. 3, in an embodiment, a method for starting a terminal system is provided, and this embodiment is exemplified by applying the method to the terminal 110 in the application environment of fig. 1, where the method specifically includes the following steps:
s302, a system starting instruction is obtained.
Specifically, the terminal 110 is provided with a power-on key, and a user can trigger a system start instruction through the power-on key. The terminal 110 monitors a trigger event of the power-on key, and generates a system start instruction if the trigger event of the power-on key is monitored.
S304, acquiring a preset file hash list from the read-only file system according to the system starting instruction.
Specifically, after acquiring the system start instruction, the terminal 110 acquires read-only system data from the flash memory, and acquires a file hash list preset in the read-only file system from the read-only system data. The file hash list stores the file identifier of the system file and the file hash value of the system file. The read-only system data is data stored in a read-only file system, and the data in the read-only file system is not allowed to be modified. The file identification may be at least one of a file number, a file name, a file version number, and a file storage path. Wherein the read-only file system may be a RAMFS file system, and data stored in the RAMFS file system cannot be tampered with.
In one embodiment, the file in the file hash list is identified as a file path, and the file hash value in the file hash list is calculated by using the secret SM3 calculation. For example, the storage contents in the file hash list are as follows:
Name:system/app/DocumentsUI/DocumentsUI.apk
SM3-Digest:15cb759a5121e2e2651adecd777f66ec99c265503ea3935352d38a68285760e8
Name:bin/xxx
SM3-Digest:53de08cae838663264ef9b789a2805766314014ab9b0dd3f933e723571dae98c
the Name corresponds to a file path, and the SM3-Digest corresponds to a file hash value of system file data corresponding to the file path.
S306, reading the file identification in the file hash list, and inquiring system file data according to the read file identification.
Specifically, after acquiring a file hash list preset in the read-only file system, the terminal 110 reads a file identifier in the file hash list, stores system file data corresponding to the file identifier in the flash memory, and queries the system file data corresponding to the read file identifier in the flash memory.
And S308, obtaining a file hash value according to the inquired system file data.
Specifically, after querying the system file data, the terminal 110 calls a hash algorithm to calculate the system file data, and obtains a file hash value of the system file data through calculation. The hash algorithm may specifically be at least one of MD5 algorithm, SM3 algorithm, MD2 algorithm, MD4 algorithm, and SHA-1 algorithm. The hash algorithm used by the terminal 110 to calculate the file hash value according to the system file data is the same as the hash algorithm used by the server 120 to generate the file hash value in the file hash list.
S310, detecting whether the obtained file hash value is the same as the corresponding file hash value in the file hash list, and if not, terminating the system start.
Specifically, the terminal 110 queries the read file identifier in the hash file list according to the file hash value calculated by the queried system file data, extracts the file hash value corresponding to the read file identifier from the hash file list, and compares the calculated file hash value with the extracted file hash value. And determining whether the calculated file hash value is the same as the extracted file hash value or not through comparison, and if not, indicating that the system file data corresponding to the read file identifier is tampered, and terminating the system start by the terminal 110.
In the embodiment, in the system starting process, the preset file hash list is read from the read-only file system, the file hash list preset in the read-only file system is not easy to be tampered, and the accuracy of the file hash list is ensured. And obtaining a file hash value according to the system file data corresponding to the file identifier in the file hash list, and detecting whether the system file data is tampered or not through the obtained file hash value and the corresponding file hash value in the accurate file hash list as long as the system file data is tampered, so that the detection efficiency of the system file data is improved. When the system file data is detected to be tampered, the system is stopped to start, the tampered system file data is prevented from being executed in the system starting process, and the tampered system file data is prevented from influencing the normal operation of the system.
In an embodiment, before S302, a step of receiving a server to load system firmware is further included, where the step specifically includes the following steps: and receiving system firmware loaded by the server through a data line interface, wherein the system firmware is generated by compiling the server according to read-only system data and system file data, and the read-only system data is generated by presetting a file hash list in a read-only file system by the server.
Specifically, a data line is connected to a data line interface of the terminal 110, another segment of the data line is connected to the server 120, and the terminal 110 and the server 120 perform data transmission through the data line. The server 120 searches the system file data, calculates a file hash value of each system file according to the searched system file data, and stores the calculated file hash value and the file identifier of each system file correspondingly to generate a file hash list. The server 120 presets the generated file hash list to a read-only file system to generate read-only system data. The server 120 compiles and packages the read-only system data and the system file data to generate system firmware, and the server 120 loads the system firmware into a flash memory of the terminal 110 through a data line.
In one embodiment, a server scans a system file to obtain a file identifier, generates a file identifier list according to the obtained file identifier, traverses the file identifier in the file identifier list, queries system file data corresponding to the file identifier, calculates a file hash value corresponding to each file identifier according to the queried system file data, and correspondingly stores the file identifier and the calculated file hash value to generate a file hash list.
Specifically, the server 120 obtains a file identifier of a scanned system file by scanning the system file, generates a file identifier list according to the obtained file identifier, reads the file identifiers in the file identifier list according to the arrangement sequence from front to back, queries system file data according to the read file identifiers, calculates a file hash value according to the queried system file data, stores the calculated file hash value and the read file identifier correspondingly, detects whether the read file identifier is the last file identifier arranged in the file identifier list, and if so, generates the file hash list; if not, reading the next file identification, and executing the step of inquiring the system file data according to the read file identification.
In this embodiment, the server generates the file hash list according to the file identifier of the scanned system file data and the file hash value of the system file data, so that the file hash list stores the file hash values corresponding to all the scanned system file data, and it is ensured that all the scanned system file data can be detected according to the file hash list, thereby improving the detection efficiency of the system file data.
As shown in fig. 4, in an embodiment, a method for starting a terminal system is provided, where the method specifically includes the following steps:
s402, acquiring a system starting instruction.
S404, acquiring a preset file hash list from the read-only file system according to the system starting instruction.
S406, reading the file identifications in the file hash list according to the arrangement sequence from front to back.
And S408, inquiring system file data according to the read file identification.
S410, detecting whether the obtained file hash value is the same as the corresponding file hash value in the file hash list; if yes, go to S414; if not, go to step S412.
S412, terminating the system startup.
S414, detecting whether the read file identifier is the last file identifier arranged in the file hash list; if yes, go to S418; if not, go to S416.
And S416, reading the next file identifier in the file hash list according to the arrangement sequence.
And S418, starting the system according to the system file data.
Specifically, the reading sequence of the terminal 110 reading the file identifiers from the file hash list is from front to back, and after detecting that the obtained file hash value is the same as the corresponding file hash value in the file hash list, the terminal 110 detects whether the read file identifier is the last file identifier arranged in the file hash list. And if the read file identifier is detected to be the last file identifier arranged in the file hash list, starting the system according to the system file data corresponding to the file identifier in the file hash list. And if the read file identification is not the last file identification arranged in the file hash list, reading the next file identification according to the arrangement sequence, and executing the step of inquiring the system file data according to the read file identification.
In this embodiment, when detecting system file data, it is ensured that the system file data corresponding to each file identifier in the file hash list is detected, and it is ensured that the system file data corresponding to each file identifier is not tampered or damaged, and then the system is started according to the system file data corresponding to each file identifier, so that a situation that a tampered or damaged system file is executed in a system starting process is avoided, and a situation that the system cannot be started or runs abnormally is avoided.
As shown in fig. 5, in an embodiment, after S310, a step of entering a secure mode is further included, where the step specifically includes the following steps:
and S502, generating file damage information according to the read file identification and the obtained file hash value.
Specifically, when detecting that the obtained file hash value is different from the corresponding file hash value in the file hash list, the terminal 110 indicates that the system file data corresponding to the read file identifier is damaged, and the terminal 110 generates file damage information according to the read file identifier and the obtained file hash value.
S504, displaying the inquiry information whether to enter the system security mode.
Specifically, after generating the file damage information, the terminal 110 acquires inquiry information about whether to enter the system security mode, and displays the inquiry information on the display screen. The inquiry information may specifically be "whether to enter a system security mode". The terminal 110 enters the system security mode without mounting the system file data.
S506, a security mode entering instruction input according to the inquiry information is obtained.
Specifically, after the user sees inquiry information on whether to enter the system security mode on the display screen of the terminal 110, a security mode entry instruction is input through an input device of the terminal 110. The terminal 110 acquires a security mode entry instruction input through an input device.
And S508, entering a system security mode according to the security mode entering instruction, and displaying file damage information in the system security mode.
Specifically, after acquiring the security mode entry instruction, the terminal 110 starts the system security mode according to the security mode entry instruction, and displays file damage information in the system security mode. The file damage information includes a file identifier and a file hash value calculated by the terminal 110 according to the system file data corresponding to the file identifier. The user can determine the damaged system file through the file identification, so that the damaged system file can be repaired.
In the embodiment, file damage information is generated according to the read file identification and the obtained file hash value, the file damage information is displayed in the system security mode when the system security mode is entered, the damaged file can be determined according to the displayed file damage information, and the efficiency of detecting the damaged file is improved.
As shown in fig. 6, in an embodiment, an apparatus 600 for starting a terminal system is provided, which specifically includes: the hash table includes an instruction receiving module 602, a hash list obtaining module 604, a file identifier reading module 606, a hash value obtaining module 608, and a hash value detecting module 610.
A start instruction receiving module 602, configured to obtain a system start instruction;
a hash list obtaining module 604, configured to obtain a preset file hash list from the read-only file system according to the system start instruction;
a file identifier reading module 606, configured to read a file identifier in the file hash list, and query system file data according to the read file identifier;
a hash value obtaining module 608, configured to obtain a file hash value according to the queried system file data;
the hash value detection module 610 is configured to detect whether the obtained file hash value is the same as a corresponding file hash value in the file hash list, and if not, terminate the system start.
In the embodiment, in the system starting process, the preset file hash list is read from the read-only file system, the file hash list preset in the read-only file system is not easy to be tampered, and the accuracy of the file hash list is ensured. And obtaining a file hash value according to the system file data corresponding to the file identifier in the file hash list, and detecting whether the system file data is tampered or not through the obtained file hash value and the corresponding file hash value in the accurate file hash list as long as the system file data is tampered, so that the detection efficiency of the system file data is improved. When the system file data is detected to be tampered, the system is stopped to start, the tampered system file data is prevented from being executed in the system starting process, and the tampered system file data is prevented from influencing the normal operation of the system.
As shown in fig. 7, in an embodiment, the terminal system starting apparatus 600 further includes: a system firmware receiving module 612 and a system boot module 614.
The system firmware receiving module 612 is configured to receive, through the data line interface, system firmware loaded by the server, where the system firmware is generated by the server through compiling according to read-only system data and system file data, and the read-only system data is generated by the server by presetting a file hash list in a read-only file system.
In one embodiment, a server scans a system file to obtain a file identifier, generates a file identifier list according to the obtained file identifier, traverses the file identifier in the file identifier list, queries system file data corresponding to the file identifier, calculates a file hash value corresponding to each file identifier according to the queried system file data, and correspondingly stores the file identifier and the calculated file hash value to generate a file hash list.
The system starting module 614 is configured to detect whether the read file identifier is a file identifier arranged at the last in the file hash list if it is detected that the obtained file hash value is the same as a corresponding file hash value in the file hash list; if yes, starting the system according to the system file data.
The file identifier reading module 606 is further configured to, if it is detected that the read file identifier is not the last file identifier arranged in the file hash list, read a next file identifier in the file hash list according to the arrangement order, and query the system file data according to the read file identifier.
In this embodiment, the server generates the file hash list according to the file identifier of the scanned system file data and the file hash value of the system file data, so that the file hash list stores the file hash values corresponding to all the scanned system file data, and it is ensured that all the scanned system file data can be detected according to the file hash list, thereby improving the detection efficiency of the system file data. When the system file data is detected, the system file data corresponding to each file identifier in the file hash list is ensured to be detected, and the system is started according to the system file data corresponding to each file identifier when the system file data corresponding to each file identifier is not tampered or damaged, so that the condition that the tampered or damaged system file is executed in the starting process of the system is avoided, and the condition that the system cannot be started or runs abnormally is avoided.
As shown in fig. 8, in an embodiment, the terminal system starting apparatus 600 further includes: a damage information generating module 616, an inquiry information displaying module 618, an entry instruction acquiring module 620 and a damage information displaying module 622.
And a damaged information generating module 616, configured to generate file damaged information according to the read file identifier and the obtained file hash value.
And an inquiry information display module 618 for displaying inquiry information whether to enter the system security mode.
An entry instruction obtaining module 620, configured to obtain a security mode entry instruction input according to the query information.
And a damage information display module 622, configured to enter a system security mode according to the security mode entry instruction, and display file damage information in the system security mode.
In the embodiment, file damage information is generated according to the read file identification and the obtained file hash value, the file damage information is displayed in the system security mode when the system security mode is entered, the damaged file can be determined according to the displayed file damage information, and the efficiency of detecting the damaged file is improved.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and can include the processes of the embodiments of the methods described above when the computer program is executed. The storage medium may be a non-volatile storage medium such as a magnetic disk, an optical disk, a Read-Only Memory (ROM), or a Random Access Memory (RAM).
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present invention, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (10)
1. A terminal system starting method comprises the following steps:
acquiring a system starting instruction;
acquiring read-only system data according to the system starting instruction, and acquiring a file hash list preset in a read-only file system from the read-only system data;
reading a file identifier in the file hash list, and inquiring system file data according to the read file identifier; the file identifier is a file identifier of a system file;
obtaining a file hash value according to the inquired system file data;
detecting whether the obtained file hash value is the same as the corresponding file hash value in the file hash list, and if not, terminating the system start;
if the file identifiers are the same, detecting whether the read file identifiers are the last file identifiers arranged in the file hash list;
if yes, starting the system according to the system file data;
and if not, reading the next file identification in the file hash list according to the arrangement sequence, and executing the step of inquiring the system file data according to the read file identification.
2. The method of claim 1, wherein before the obtaining the system boot instruction, further comprising:
receiving system firmware loaded by a server through a data line interface, wherein the system firmware is generated by compiling the server according to read-only system data and system file data, and the read-only system data is generated by presetting a file hash list in a read-only file system by the server.
3. The method of claim 2, further comprising:
the server scans a system file to obtain a file identifier, generates a file identifier list according to the obtained file identifier, traverses the file identifier in the file identifier list, queries system file data corresponding to the file identifier, calculates a file hash value corresponding to each file identifier according to the queried system file data, and correspondingly stores the file identifier and the calculated file hash value to generate a file hash list.
4. The method of claim 1, wherein after terminating the start-up system, further comprising:
generating file damage information according to the read file identification and the obtained file hash value;
displaying inquiry information whether to enter a system security mode;
acquiring a security mode entering instruction input according to the inquiry information;
and entering a system safety mode according to the safety mode entering instruction, and displaying file damage information in the system safety mode.
5. An end system activation apparatus, comprising:
the starting instruction receiving module is used for acquiring a system starting instruction;
the hash list acquisition module is used for acquiring read-only system data according to the system starting instruction and acquiring a file hash list preset in a read-only file system from the read-only system data;
the file identifier reading module is used for reading the file identifier in the file hash list and inquiring system file data according to the read file identifier; the file identifier is a file identifier of a system file;
a hash value obtaining module, configured to obtain a file hash value according to the queried system file data;
the hash value detection module is used for detecting whether the obtained file hash value is the same as the corresponding file hash value in the file hash list or not, and if not, the system is stopped to start;
the system starting module is used for detecting whether the read file identifier is the last file identifier arranged in the file hash list or not if the obtained file hash value is detected to be the same as the corresponding file hash value in the file hash list; if yes, starting the system according to the system file data;
the file identifier reading module is further configured to read a next file identifier in the file hash list according to the arrangement sequence and query system file data according to the read file identifier if it is detected that the read file identifier is not the last file identifier arranged in the file hash list.
6. The apparatus of claim 5, further comprising:
the system firmware receiving module is used for receiving system firmware loaded by a server through a data line interface, the system firmware is generated by compiling the server according to read-only system data and system file data, and the read-only system data is generated by presetting a file hash list in a read-only file system by the server.
7. The apparatus of claim 6, further comprising:
the server scans a system file to obtain a file identifier, generates a file identifier list according to the obtained file identifier, traverses the file identifier in the file identifier list, queries system file data corresponding to the file identifier, calculates a file hash value corresponding to each file identifier according to the queried system file data, and correspondingly stores the file identifier and the calculated file hash value to generate a file hash list.
8. The apparatus of claim 5, further comprising:
the damaged information generating module is used for generating file damaged information according to the read file identification and the obtained file hash value;
the inquiry information display module is used for displaying inquiry information whether to enter a system security mode;
an entry instruction acquisition module for acquiring a security mode entry instruction input according to the inquiry information;
and the damage information display module is used for entering a system safety mode according to the safety mode entering instruction and displaying file damage information in the system safety mode.
9. A computer device comprising a memory and a processor, the memory having stored therein a computer program that, when executed by the processor, causes the processor to perform the steps of the method of any one of claims 1 to 4.
10. A storage medium storing a computer program which, when executed by a processor, causes the processor to carry out the steps of the method according to any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710029510.5A CN108319473B (en) | 2017-01-16 | 2017-01-16 | Terminal system starting method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710029510.5A CN108319473B (en) | 2017-01-16 | 2017-01-16 | Terminal system starting method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108319473A CN108319473A (en) | 2018-07-24 |
| CN108319473B true CN108319473B (en) | 2021-09-03 |
Family
ID=62890851
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710029510.5A Active CN108319473B (en) | 2017-01-16 | 2017-01-16 | Terminal system starting method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108319473B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110781040B (en) * | 2018-07-31 | 2023-05-30 | 深圳兆日科技股份有限公司 | Automatic system performance test method and device and computer readable storage medium |
| CN109472132A (en) * | 2018-11-12 | 2019-03-15 | 深圳市腾瑞丰科技有限公司 | Anti- brush machine guard method and device |
| CN110365656B (en) * | 2019-06-21 | 2021-12-14 | 深圳市元征科技股份有限公司 | Data management method, data management device and environment-friendly detection equipment |
| CN111859402A (en) * | 2020-07-30 | 2020-10-30 | 山东超越数控电子股份有限公司 | Safe boot method and device based on UEFI BIOS start |
| CN116305169B (en) * | 2023-05-12 | 2023-08-11 | 天津市中环电子计算机有限公司 | Firmware security detection method and firmware verification method |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103729597A (en) * | 2014-01-16 | 2014-04-16 | 宇龙计算机通信科技(深圳)有限公司 | System starting verifying method and device and terminal |
| CN104408370A (en) * | 2014-12-25 | 2015-03-11 | 珠海全志科技股份有限公司 | Android system security verification method and verification device thereof |
| CN105204906A (en) * | 2015-09-29 | 2015-12-30 | 北京元心科技有限公司 | Operating system starting method and intelligent terminal |
| CN105447391A (en) * | 2015-12-09 | 2016-03-30 | 浪潮电子信息产业股份有限公司 | Operating system secure startup method, startup manager and operating system secure startup system |
| CN105975864A (en) * | 2016-04-29 | 2016-09-28 | 北京小米移动软件有限公司 | Operation system starting method and device, and terminal |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101102286A (en) * | 2006-07-05 | 2008-01-09 | 阿里巴巴公司 | A method and device for referring to user information in instant communication system |
| US7908276B2 (en) * | 2006-08-25 | 2011-03-15 | Qnx Software Systems Gmbh & Co. Kg | Filesystem having a filename cache |
| CN101227318B (en) * | 2007-12-04 | 2011-05-11 | 东南大学 | Method for overtrick real-time detection of high speed network flow quantity |
| US8200641B2 (en) * | 2009-09-11 | 2012-06-12 | Dell Products L.P. | Dictionary for data deduplication |
| CN104331666A (en) * | 2014-11-10 | 2015-02-04 | 成都卫士通信息产业股份有限公司 | Trusted measurement method for computer systems |
-
2017
- 2017-01-16 CN CN201710029510.5A patent/CN108319473B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103729597A (en) * | 2014-01-16 | 2014-04-16 | 宇龙计算机通信科技(深圳)有限公司 | System starting verifying method and device and terminal |
| CN104408370A (en) * | 2014-12-25 | 2015-03-11 | 珠海全志科技股份有限公司 | Android system security verification method and verification device thereof |
| CN105204906A (en) * | 2015-09-29 | 2015-12-30 | 北京元心科技有限公司 | Operating system starting method and intelligent terminal |
| CN105447391A (en) * | 2015-12-09 | 2016-03-30 | 浪潮电子信息产业股份有限公司 | Operating system secure startup method, startup manager and operating system secure startup system |
| CN105975864A (en) * | 2016-04-29 | 2016-09-28 | 北京小米移动软件有限公司 | Operation system starting method and device, and terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108319473A (en) | 2018-07-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108319473B (en) | Terminal system starting method and device | |
| CN102663288B (en) | Virus killing method and device thereof | |
| CN106940651B (en) | POS terminal software upgrading method and device | |
| CN109582907B (en) | Method, device and equipment for verifying integrity of webpage resources and readable storage medium | |
| US20190332776A1 (en) | Firmware map data | |
| CN103729597A (en) | System starting verifying method and device and terminal | |
| CN105468477B (en) | A kind of android system guard method and device | |
| CN104484592A (en) | Starting method and system of mobile equipment factory pattern | |
| CN106843947B (en) | Method and device for processing code defects | |
| JP2015022521A (en) | Secure boot method, built-in apparatus, secure boot device and secure boot program | |
| CN111538523A (en) | Differential upgrading method, device and storage medium | |
| CN103679054A (en) | Method and system for detecting integrity of boot animation file of intelligent terminal | |
| CN108762787B (en) | Software repairing method, device, computer equipment and storage medium | |
| CN109446008B (en) | Fault reason detection method, fault reason detection device and terminal equipment | |
| US8146158B2 (en) | Extensible activation exploit scanner | |
| CN105760264A (en) | Method and device for detecting faulty hardware equipment of server | |
| CN113918384A (en) | Data saving method, device, equipment and storage medium | |
| US11295005B2 (en) | Information processing apparatus capable of detecting alteration, method for controlling information processing apparatus, and storage medium | |
| KR101369254B1 (en) | Apparatus and method for detecting malicious application | |
| CN109657455B (en) | Application real-time switching method, device, storage medium and apparatus | |
| GB2599195A (en) | Computer program trust assurance for Internet of Things (IoT) devices | |
| EP3942470A1 (en) | Using surface textures as unique identifiers for tracking material with a distributed ledger | |
| CN111767539A (en) | APK safety system and safety verification method | |
| CN111143887A (en) | Safety control method, processor, integrated device and computer equipment | |
| CN111258938B (en) | Method and equipment for processing application docking service provider to be adapted |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |