CN108319848B - Starting-up control method and device - Google Patents
Starting-up control method and device Download PDFInfo
- Publication number
- CN108319848B CN108319848B CN201710031772.5A CN201710031772A CN108319848B CN 108319848 B CN108319848 B CN 108319848B CN 201710031772 A CN201710031772 A CN 201710031772A CN 108319848 B CN108319848 B CN 108319848B
- Authority
- CN
- China
- Prior art keywords
- password
- boot
- storage chip
- boot password
- controller
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
Abstract
The invention relates to a startup control method and a device, wherein the method comprises the steps of generating and displaying a startup password input interface when a password storage chip of a terminal stores a first startup password after the terminal is powered on; receiving a second power-on password through the power-on password input interface; sending the second boot password to the password storage chip, so that the password storage chip verifies the second boot password according to the first boot password; and when the second power-on password is successfully verified, starting the operating system of the terminal. According to the boot control method and the boot control device, the boot password is stored on the password storage chip, the boot password can be prevented from being deleted or tampered after the terminal is root-started and the like, so that the security of the boot password is guaranteed, and the second boot password acquired by the controller is verified on the password storage chip in the boot process, so that the security of the verification of the boot password is further guaranteed.
Description
Technical Field
The present invention relates to the field of computers, and in particular, to a boot control method and apparatus.
Background
The boot password of the traditional terminal is stored in a data partition, the boot password stored in the data storage partition is read by a controller for verification to enter an operating system of the terminal when the terminal is started, but the boot password is used for verifying a root (root, which is a term in the computer field) of the terminal through tools such as a computer and the like, in a UNIX system, a UNIX-like system and an Android system, a super user is generally named as the root, the root is the only super user in the system, and the super user has all permissions in the system, such as starting or stopping a process, deleting or adding a user, adding or forbidding hardware and the like, and then can be deleted and modified, or the boot password can be deleted by recovering factory settings, so that the terminal can be opened easily.
On the basis, many methods for protecting the boot password through a software mode also exist, for example, the password file is protected through a file system, the file is prohibited to be deleted, or when the file is modified, whether the file is unlocked and enters an operating system is judged, and the password can be modified only after the boot password is correctly input and enters the operating system, so that the boot password is protected to some extent, and further the security of the terminal is protected.
Disclosure of Invention
Therefore, it is necessary to provide a boot control method and apparatus for solving the above problem of insecure boot password.
A method of boot control, the method comprising:
after a terminal is powered on, when a first power-on password is stored in a password storage chip of the terminal, a power-on password input interface is generated and displayed;
receiving a second power-on password through the power-on password input interface;
sending the second boot password to the password storage chip, so that the password storage chip verifies the second boot password according to the first boot password;
and when the second power-on password is successfully verified, starting the operating system of the terminal.
In one embodiment, the method further comprises:
when the password storage chip does not store the first boot password, a boot password setting interface is generated and displayed;
receiving a first boot password through the boot password setting interface;
and sending the received first power-on password to the password storage chip for storage.
In one embodiment, after the step of sending the received first power-on password to the password storage chip for storage, the method includes:
starting the operating system of the terminal, or
And continuing to generate and display the power-on password input interface.
A method of boot control, the method comprising:
receiving a second starting-up password sent by the controller;
verifying the second power-on password through the stored first power-on password;
when the second boot password is successfully verified, returning a result that the second boot password is successfully verified to the controller;
and when the second boot password fails to be verified, returning a result of the second boot password failure to the controller.
In one embodiment, the method further comprises:
and receiving and storing the first power-on password sent by the controller.
A power-on control apparatus, the apparatus comprising:
the interface generating module is used for generating and displaying a starting-up password input interface when the terminal is powered on and a first starting-up password is stored in the password storage chip;
the data receiving module is used for receiving a second power-on password through the power-on password input interface;
the first sending module is used for sending the second boot password to the password storage chip so that the password storage chip verifies the second boot password according to the first boot password;
and the starting module is used for starting the operating system of the terminal when the second boot password is successfully verified.
In one embodiment, the interface generating module is further configured to generate and display a boot password setting interface when the password storage chip does not store the first boot password;
the data receiving module is also used for receiving a first boot password through the boot password setting interface;
the first sending module is further configured to send the received first boot password to the password storage chip for storage.
In one embodiment, the starting module is further configured to start an operating system of the terminal after sending the received first boot password to the password storage chip for storage; or
The interface generating module is further used for generating and displaying a power-on password input interface after the received first power-on password is sent to the password storage chip for storage.
A power-on control apparatus, the apparatus comprising:
the receiving module is used for receiving a second starting-up password sent by the controller;
the verification module is used for verifying the second boot password through the stored first boot password;
the second sending module is used for returning a result of successful verification of the second boot password to the controller when the verification of the second boot password is successful; and when the second boot password fails to be verified, returning a result of the second boot password failure to the controller.
A terminal comprises a controller and a password storage chip, wherein the controller is connected with the password storage chip through an SPI bus;
the controller is used for detecting whether a first power-on password is stored in the password storage chip after the terminal is powered on, and generating and displaying a power-on password input interface when the first power-on password is stored in the password storage chip of the terminal; after receiving a second boot password through the boot password input interface, sending the second boot password to the password storage chip, so that the password storage chip verifies the second boot password according to the first boot password; when the second starting-up password is successfully verified, starting an operating system of the terminal;
the password storage chip is used for verifying a second power-on password through the stored first power-on password after receiving the second power-on password sent by the controller; and when the second boot password is successfully verified, returning a result that the second boot password is successfully verified to the controller, and when the second boot password is failed to be verified, returning a result that the second boot password is failed to be verified to the controller.
According to the boot control method and the boot control device, the boot password is stored on the password storage chip, the boot password can be prevented from being deleted or tampered after the terminal is root-started and the like, so that the security of the boot password is guaranteed, and the second boot password acquired by the controller is verified on the password storage chip in the boot process, so that the security of the verification of the boot password is further guaranteed.
Drawings
FIG. 1 is a diagram of a terminal in one embodiment;
FIG. 2 is a flowchart of a power-on control method according to an embodiment;
FIG. 3 is a flowchart illustrating steps for setting a boot password in an embodiment;
FIG. 4 is a flowchart of a boot control method in another embodiment;
FIG. 5 is a schematic diagram illustrating a configuration of a boot control apparatus according to an embodiment;
fig. 6 is a schematic structural diagram of a boot control device in another embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Before describing in detail embodiments that are in accordance with the present invention, it should be observed that the embodiments reside primarily in combinations of steps and system components related to a power-on control method and apparatus. Accordingly, the system components and method steps have been represented where appropriate by conventional symbols in the drawings, showing only those details that are pertinent to understanding the embodiments of the present invention so as not to obscure the disclosure with details that will be readily apparent to those of ordinary skill in the art having the benefit of the description herein.
In this document, relational terms such as left and right, top and bottom, front and back, first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Referring to fig. 1, fig. 1 is a schematic diagram of a terminal in an embodiment, where the terminal 100 may include a controller 110 and a password storage chip 120, and the controller 110 and the password storage chip 120 are connected via an SPI (serial peripheral Interface) bus.
The controller 110 may generate and display a boot password input interface when the first boot password is stored in the password storage chip 120 of the terminal 100, and send the second boot password to the password storage chip 120 after the second boot password is acquired through the boot password display interface, the password storage chip 120 may verify the second boot password according to the stored first boot password, if the verification is successful, a result of the successful verification is returned to the controller 110, and the controller 110 may start the operating system of the terminal 100 after receiving the result of the successful verification, so that the user may operate the terminal 100 normally.
The controller 110 may be a CPU or the like of the terminal 100. The password storage chip 120 is a security chip built in the terminal 100 and is used for storing the power-on password of the terminal 100. Wherein the terminal 100 may be a terminal 100 equipped with an intelligent operating system, such as a mobile phone, a tablet computer, a desktop computer, an intelligent bracelet, an intelligent watch, an in-vehicle intelligent terminal, an ATM machine, and the like. The cryptographic memory chip 120 may be a secure encryption chip, and when the external environment intends to tamper with or delete the content stored in the cryptographic memory chip 120 by an illegal means, such as a bypass attack (SCA), an illegal means of obtaining the content stored in the cryptographic memory chip 120 for multiple times in a short time, the cryptographic memory chip 120 may execute a self-protection program to encrypt the stored content, so as to ensure the security of the stored content.
Referring to fig. 2, fig. 2 is a flowchart illustrating a power-on control method according to an embodiment, where the power-on control method is applied to the controller 110 shown in fig. 1, and the method includes:
s202: after the terminal 100 is powered on, when the password storage chip 120 of the terminal 100 stores the first power-on password, a power-on password input interface is generated and displayed.
Specifically, in practical applications, in order to protect the security of the terminal 100, a power-on password of the terminal 100 generally needs to be set, so that the terminal 100 can be prevented from being lost or stolen and then operated by a lawbreaker, which leads to the loss of a user. As shown in fig. 1, the power-on password may be stored in the password storage chip 120, so that the power-on password may be prevented from being deleted or tampered after root of the terminal 100.
Generally, a user sets a boot password after booting for the first time, the boot password is stored in the password storage chip 120, when the user boots again, the user needs to input a correct boot password to start the operating system of the terminal 100, when the terminal 100 is powered on, the controller 110 first detects whether the password storage chip 120 stores the first boot password, and if so, a boot password input interface is generated and displayed to prompt the user to input the correct boot password.
S204: and receiving a second power-on password through the power-on password input interface.
Specifically, the power-on password input interface may be displayed on a display device of the terminal 100, and may include a user name and a password, where the user name may be displayed by default as the user name when the user logs in the terminal 100 last time, and the password may need to be input by the user, and may be input by the user through an external connection pad, or input by a virtual keyboard displayed on a touch display screen. In addition, the power-on password input interface may further include a verification code, such as a digital verification code, and the step S206 is only performed when the verification code input by the user is consistent with the verification code on the power-on password input interface. Or may be an instruction to the user to perform a corresponding operation, such as sliding up the screen, sliding down the screen, or the like, and the step S206 is not performed until the operation performed by the user meets the expected requirement.
S206: the second boot password is sent to the password storage chip 120, so that the password storage chip 120 verifies the second boot password according to the first boot password.
Specifically, when the controller 110 receives the second boot password through the boot password input interface, the second boot password is not verified, but is sent to the password storage chip 120 for verification, so that the security of the verification of the boot password is ensured.
Before the controller 110 sends the second boot password to the password storage chip 120, it may encrypt the second boot password, so as to prevent the second boot password from being tampered during transmission. The encryption method may be a symmetric encryption method or an asymmetric encryption method. For example, the controller 110 may store a public key of an encryption method corresponding to the password storage chip 120, the password storage chip 120 stores a corresponding private key, and when the second boot password needs to be encrypted, the controller 110 encrypts the second boot password through the public key to form a boot password verification instruction, and sends the boot password verification instruction to the password storage chip 120.
After obtaining the command for verifying the boot password, the password storage chip 120 decrypts the command to obtain a second boot password, and verifies the second boot password by using the stored first boot password to determine whether the second boot password input by the user is correct, where the verification method may be a Cyclic Redundancy Check (CRC).
S208: when the second boot password is successfully verified, the operating system of the terminal 100 is started.
Specifically, after the controller 110 sends the received second boot password to the password storage chip 120, it only needs to wait for the verification result returned by the password storage chip 120, if the second boot password is successfully verified, the operating system of the terminal 100 is started, the user can normally use the terminal 100, if the second boot password is unsuccessfully verified, the user is prompted to have a wrong boot password, etc., so that the user can re-input the boot password, and in order to further ensure the security of the terminal 100, the number of times of inputting the password by the user can be limited, for example, 3 times, 5 times, etc., and when the boot passwords input by the user many times are incorrect, the user is limited from inputting the boot password.
In the boot control method, the boot password is stored in the password storage chip 120, so that the boot password can be prevented from being deleted or tampered after the terminal 100 is root-enabled, and the security of the boot password is ensured, and the verification of the second boot password acquired by the controller 110 is also performed on the password storage chip 120 in the boot process, so that the security of the verification of the boot password is further ensured.
In one embodiment, please refer to fig. 3, where fig. 3 is a flowchart illustrating a step of setting a power-on password in an embodiment, the step of setting the power-on password in the embodiment may include:
s302: when the first boot password is not stored in the password storage chip 120, a boot password setting interface is generated and displayed.
Specifically, as shown above, when the terminal 100 is turned on for the first time, the terminal 100 is not set with the power-on password, that is, the first power-on password is not stored in the password storage chip 120, or the password storage chip 120 may be considered to store a default password, instead of the first power-on password set by the user, the controller 110 of the terminal 100 prompts the user to set a corresponding power-on password, so as to improve the security of the terminal 100, for example, in this embodiment, the controller 110 may generate and display a power-on password setting interface, which may be displayed on a display device of the terminal 100, which may include a username, which may be a default username, or a username newly registered by the user, and a password, which may require the user to enter himself, the input can be performed by a user through an external interface, or can be performed through a virtual keyboard displayed on a touch display screen. In addition, the power-on password setting interface may further include a verification code, such as a digital verification code, and the step S304 is only performed when the verification code input by the user is consistent with the verification code on the power-on password input interface. Or may be an instruction to the user to perform a corresponding operation, such as sliding up the screen, sliding down the screen, or the like, and the step S304 is not performed until the operation performed by the user meets the expected requirement.
S304: and receiving a first power-on password through a power-on password setting interface.
Specifically, the user can input the first boot password through the boot password setting interface according to the prompt, and in general, the newly set boot password requires the user to input at least twice, and the boot password input by the user is considered to be correct only when the boot passwords input at least twice are consistent. In addition, a startup password display control key can be provided, so that the user can see the password input by the user when inputting the password, and the user can conveniently check the password when the startup passwords input twice are inconsistent.
S306: and sending the received first power-on password to the password storage chip 120 for storage.
Specifically, after receiving the first boot password set by the user, the controller 110 does not store the first boot password by itself, but sends the first boot password to the password storage chip 120 for storage, so that the first boot password can be prevented from being deleted or tampered after the terminal 100 is root or the like, and the security of the first boot password is ensured.
In this embodiment, after receiving the first boot password set by the user, the controller 110 may encrypt the first boot password before sending the first boot password to the memory chip, so as to prevent the first boot password from being tampered during transmission. For example, the controller 110 may store a public key of an encryption method corresponding to the password storage chip 120, the password storage chip 120 stores a corresponding private key, and when the first boot password needs to be encrypted, the controller 110 encrypts the first boot password through the public key to form a boot password storage instruction, and sends the boot password storage instruction to the password storage chip 120.
In the above embodiment, when the terminal 100 does not set the boot password, the controller 110 sets the boot password, and stores the set boot password in the password storage chip 120, so as to prevent the boot password from being deleted or tampered after the terminal 100 is root or the like, thereby ensuring the security of the boot password.
In one embodiment, the step of sending the received first power-on password to the password storage chip 120 for storage may be followed by the step of starting the operating system of the terminal 100.
Specifically, after the first boot password is set, the first boot password needs to be sent to the password storage chip 120 to ensure the security of the first boot password, and after the first boot password is successfully stored, the operating system of the terminal 100 can be directly started without the user inputting the boot password again, so that the time is saved.
In this embodiment, after the controller 110 sends the first boot password to the password storage chip 120, the controller 110 may wait for a storage result returned by the password storage chip 120, and only when the storage is successful, the operating system of the terminal 100 is started, and when the storage is failed, the controller 110 may prompt the user that the storage of the boot password is failed, so as to reset the boot password.
In the above embodiment, after the first boot password is successfully stored in the password storage chip 120, the operating system of the terminal 100 may be directly started without the user inputting the boot password again, so as to save time, and in addition, the security of the first boot password may be ensured by storing the first boot password in the password storage chip 120.
In one embodiment, the step of generating and displaying the power-on password input interface may be continued after the step of sending the received first power-on password to the password storage chip 120 for storage.
Specifically, after the first boot password is set, the first boot password needs to be sent to the password storage chip 120 to ensure the security of the first boot password, and after the first boot password is successfully stored, the user can input the boot password again, and after the boot password is verified by the password storage chip 120, the operating system of the terminal 100 is restarted, so that the security of the terminal 100 can be improved.
In this embodiment, after the controller 110 sends the first boot password to the password storage chip 120, the controller 110 may wait for a storage result returned by the password storage chip 120, and only when the storage is successful, the operating system of the terminal 100 is started, and when the storage is failed, the controller 110 may prompt the user that the storage of the boot password is failed, so as to reset the boot password.
In the above embodiment, after the first boot password is successfully stored in the password storage chip 120, the user is required to input the boot password again to improve the security of the terminal 100, and the security of the first boot password can be ensured by storing the first boot password in the password storage chip 120.
Referring to fig. 4, fig. 4 is a flowchart illustrating a boot control method in another embodiment, where the boot control method is applied to the cryptographic memory chip 120 shown in fig. 1, and the boot control method may include:
s402: the second power-on password sent by the controller 110 is received.
Specifically, as shown above, after the controller 110 receives the second power-on password, it needs to send the second power-on password to the password storage chip 120 through the SPI bus for verification.
In addition, in this embodiment, since the second boot password sent by the controller 110 is included in the encrypted boot password verification instruction, when the password storage chip 120 receives the boot password verification instruction, the boot password verification instruction is first decrypted, and in the above-mentioned embodiment of the public key and the private key, the password storage chip 120 decrypts the boot password through the private key after receiving the boot password instruction, so as to obtain the second boot password.
S404: and verifying the second boot password through the stored first boot password.
Specifically, the first boot password is the correct boot password, and whether the controller 110 needs to start the operating system needs to determine whether the second boot password input by the user corresponds to the first boot password, or whether the second boot password is the same as the first boot password.
In this step, the second boot password is checked by the stored first boot password to determine whether the second boot password input by the user is correct, and the checking method may be a Cyclic Redundancy Check (CRC).
S406: when the second boot password is successfully verified, a result of the second boot password is returned to the controller 110.
Specifically, when the second power-on password is successfully verified, the verification result needs to be returned to the controller 110, so that the controller 110 can determine whether to start the operating system of the terminal 100 according to the verification result.
S408: when the second boot password is failed to be verified, a result of the second boot password being failed to be verified is returned to the controller 110.
Specifically, when the second power-on password fails to be verified, the verification result also needs to be returned to the controller 110, so that the controller 110 can determine whether to start the operating system of the terminal 100 according to the verification result, and when the verification result fails, the user may need to be prompted to input a password error, re-input, and the like.
In the above embodiment, the boot password is stored in the password storage chip 120, so that the boot password can be prevented from being deleted or tampered after the terminal 100 is root or the like, thereby ensuring the security of the boot password, and in the boot process, the verification of the second boot password acquired by the controller 110 is also performed on the password storage chip 120, thereby further ensuring the security of the verification of the boot password.
In one embodiment, the power-on control method may further include a step of setting a power-on password, for example, the step of setting the power-on password may include: the first power-on password sent by the controller 110 is received and stored.
Specifically, when the first power-on password is not stored in the password storage chip 120 or the default password is stored in the password storage chip 120 instead of the first power-on password set by the user, the controller 110 prompts the user to set a corresponding power-on password, so as to improve the security of the terminal 100. And the controller 110 receives the first power-on password set by the user and then transmits the first power-on password to the password storage chip 120, so that the security of the power-on password can be ensured.
In this embodiment, after receiving the first boot password set by the user, the controller 110 may encrypt the first boot password before sending the first boot password to the memory chip, so as to prevent the first boot password from being tampered during transmission. For example, the controller 110 may store a public key of an encryption method corresponding to the password storage chip 120, the password storage chip 120 stores a corresponding private key, and when the first boot password needs to be encrypted, the controller 110 encrypts the first boot password through the public key to form a boot password storage instruction, and sends the boot password storage instruction to the password storage chip 120.
Thus, after receiving the boot password storage instruction, the password storage chip 120 needs to decrypt the boot password storage instruction, for example, decrypt the boot password storage instruction through the private key stored in the password storage chip 120, so as to obtain the corresponding first boot password and store the first boot password.
In the above embodiment, the boot password is stored in the password storage chip 120, so that the boot password can be prevented from being deleted or tampered after the terminal 100 is root or the like, thereby ensuring the security of the boot password.
Referring to fig. 5, fig. 5 is a schematic structural diagram of a boot control device according to an embodiment, which is applied to the controller 110 shown in fig. 1, and the boot control device may include:
the interface generating module 111 is configured to generate and display a power-on password input interface when the terminal 100 is powered on and the password storage chip 120 stores the first power-on password.
The data receiving module 112 is configured to receive a second power-on password through the power-on password input interface.
The first sending module 113 is configured to send the second boot password to the password storage chip 120, so that the password storage chip 120 verifies the second boot password according to the first boot password.
The starting module 114 is configured to start the operating system of the terminal 100 when the second boot password is successfully verified.
In one embodiment, the interface generating module 111 is further configured to generate and display a power-on password setting interface when the password storage chip 120 does not store the first power-on password.
The data receiving module 112 is further configured to receive a first power-on password through the power-on password setting interface.
The first sending module 113 is further configured to send the received first power-on password to the password storage chip 120 for storage.
In one embodiment, the starting module 114 is further configured to start the operating system of the terminal 100 after sending the received first power-on password to the password storage chip 120 for storage; or the interface generating module 111 is further configured to generate and display a power-on password input interface after sending the received first power-on password to the password storage chip 120 for storage.
Referring to fig. 6, fig. 6 is a schematic structural diagram of a boot control device in another embodiment, the boot control device is used in the cryptographic memory chip 120 shown in fig. 1, and the boot control device may include:
the receiving module 121 is configured to receive the second power-on password sent by the controller 110.
The verifying module 122 is configured to verify the second boot password by using the stored first boot password.
A second sending module 123, configured to, when the second boot password is successfully verified, return a result that the second boot password is successfully verified to the controller 110; and returning a result of the second boot password verification failure to the controller 110 when the second boot password verification fails.
In one embodiment, the receiving module 121 is further configured to receive a first power-on password sent by the controller 110, and the apparatus further includes a storage module configured to store the first power-on password sent by the controller 110.
For specific limitations of the startup control device, reference may be made to the above specific limitations of the startup control method, which are not described herein again.
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present invention, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (10)
1. A boot control method, comprising:
after a terminal is powered on, when a first boot password is stored in a password storage chip of the terminal, a boot password input interface is generated and displayed, the first boot password is set, the first boot password is encrypted through a public key of an encryption method corresponding to the password storage chip to form a boot password storage instruction, and the boot password storage instruction is sent to the password storage chip, so that the boot password storage chip decrypts the boot password storage instruction through a corresponding private key to obtain and store the boot password;
receiving a second boot password through the boot password input interface, and encrypting the second boot password through a public key of an encryption method corresponding to a password storage chip stored in the controller to form a boot password verification instruction;
sending the boot password verifying instruction to a password storage chip, so that the password storage chip decrypts the boot password verifying instruction, verifies the second boot password according to the first boot password, and when the outside tampers or deletes the content stored in the password storage chip by an illegal means, the password storage chip executes a self-protection program to encrypt the stored content;
and when the second power-on password is successfully verified, starting the operating system of the terminal.
2. The method of claim 1, further comprising:
when the password storage chip does not store the first boot password, a boot password setting interface is generated and displayed;
receiving a first boot password through the boot password setting interface;
and sending the received first power-on password to the password storage chip for storage.
3. The method according to claim 2, wherein the step of sending the received first power-on password to the password storage chip for storage is followed by:
starting the operating system of the terminal, or
And continuing to generate and display the power-on password input interface.
4. A boot control method, comprising:
receiving a boot password verifying instruction sent by a controller, wherein the boot password verifying instruction is formed by encrypting a second boot password through a public key of an encryption method corresponding to a password storage chip stored in the controller;
decrypting the boot password verifying instruction, verifying the second boot password through the stored first boot password, and when the content stored in the password storage chip is tampered or deleted by an illegal means, executing a self-protection program by the password storage chip to encrypt the stored content; after the controller is set, the first boot password is encrypted by a public key of an encryption method corresponding to a password storage chip to form a boot password storage instruction, and the boot password storage instruction is sent to the password storage chip, so that the password storage chip decrypts the boot password storage instruction by a corresponding private key to obtain and store the boot password;
when the second boot password is successfully verified, returning a result that the second boot password is successfully verified to the controller;
and when the second boot password fails to be verified, returning a result of the second boot password failure to the controller.
5. The method of claim 4, further comprising:
and receiving and storing the first power-on password sent by the controller.
6. A power-on control apparatus, comprising:
the interface generating module is used for generating and displaying a starting-up password input interface when the terminal is powered on and a first starting-up password is stored in the password storage chip; after the first boot password is set, encrypting the first boot password by a public key of an encryption method corresponding to a password storage chip to form a boot password storage instruction, and sending the boot password storage instruction to the password storage chip, so that the password storage chip decrypts the boot password storage instruction by a corresponding private key to obtain and store the boot password;
the data receiving module is used for receiving a second boot password through the boot password input interface and encrypting the second boot password through a public key of an encryption method corresponding to a password storage chip stored in the controller to form a boot password verifying instruction;
the first sending module is used for sending the boot password verifying instruction to a password storage chip, so that the password storage chip decrypts the boot password verifying instruction, verifies the second boot password according to the first boot password, and executes a self-protection program to encrypt stored contents when the contents stored in the password storage chip are tampered or deleted by illegal means from the outside;
and the starting module is used for starting the operating system of the terminal when the second boot password is successfully verified.
7. The apparatus according to claim 6, wherein the interface generating module is further configured to generate and display a boot password setting interface when the password storage chip does not store the first boot password;
the data receiving module is also used for receiving a first boot password through the boot password setting interface;
the first sending module is further configured to send the received first boot password to the password storage chip for storage.
8. The device according to claim 7, wherein the starting module is further configured to start an operating system of the terminal after sending the received first power-on password to the password storage chip for storage; or
The interface generating module is further used for generating and displaying a power-on password input interface after the received first power-on password is sent to the password storage chip for storage.
9. A power-on control apparatus, comprising:
the receiving module is used for receiving a startup password verifying instruction sent by the controller, wherein the startup password verifying instruction is formed by encrypting a second startup password through a public key of an encryption method corresponding to a password storage chip stored in the controller;
the verification module is used for decrypting the boot password verification instruction, verifying the second boot password through the stored first boot password, and when the content stored in the password storage chip is tampered or deleted by an illegal means, the password storage chip executes a self-protection program to encrypt the stored content; after the controller is set, the first boot password is encrypted by a public key of an encryption method corresponding to a password storage chip to form a boot password storage instruction, and the boot password storage instruction is sent to the password storage chip, so that the password storage chip decrypts the boot password storage instruction by a corresponding private key to obtain and store the boot password;
the second sending module is used for returning a result of successful verification of the second boot password to the controller when the verification of the second boot password is successful; and when the second boot password fails to be verified, returning a result of the second boot password failure to the controller.
10. A terminal is characterized by comprising a controller and a password storage chip, wherein the controller is connected with the password storage chip through an SPI bus;
the controller is used for detecting whether a first power-on password is stored in the password storage chip after the terminal is powered on, and generating and displaying a power-on password input interface when the first power-on password is stored in the password storage chip of the terminal; after receiving a second boot password through the boot password input interface, encrypting the second boot password through a public key of an encryption method corresponding to a password storage chip stored in the controller to form a boot password verifying instruction, sending the boot password verifying instruction to the password storage chip, so that the password storage chip decrypts the boot password verifying instruction, and verifying the second boot password according to the first boot password; when the second starting-up password is successfully verified, starting an operating system of the terminal; after the controller is set, the first boot password is encrypted by a public key of an encryption method corresponding to a password storage chip to form a boot password storage instruction, and the boot password storage instruction is sent to the password storage chip, so that the password storage chip decrypts the boot password storage instruction by a corresponding private key to obtain and store the boot password;
the password storage chip is used for verifying a second power-on password through the stored first power-on password after receiving the second power-on password sent by the controller; and when the second boot password is successfully verified, returning a result of the successful verification of the second boot password to the controller, and when the second boot password is failed to be verified, returning a result of the failed verification of the second boot password to the controller, wherein when the content stored in the password storage chip is tampered or deleted by an illegal means from the outside, the password storage chip executes a self-protection program to encrypt the stored content.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710031772.5A CN108319848B (en) | 2017-01-17 | 2017-01-17 | Starting-up control method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710031772.5A CN108319848B (en) | 2017-01-17 | 2017-01-17 | Starting-up control method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108319848A CN108319848A (en) | 2018-07-24 |
| CN108319848B true CN108319848B (en) | 2020-09-29 |
Family
ID=62892053
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710031772.5A Active CN108319848B (en) | 2017-01-17 | 2017-01-17 | Starting-up control method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108319848B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112559004A (en) * | 2020-11-19 | 2021-03-26 | 山东云海国创云计算装备产业创新中心有限公司 | BIOS upgrading method, device, equipment and medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6747561B1 (en) * | 2000-06-20 | 2004-06-08 | Med-Datanet, Llc | Bodily worn device for digital storage and retrieval of medical records and personal identification |
| CN101888442A (en) * | 2010-04-16 | 2010-11-17 | 中兴通讯股份有限公司 | Security management method for mobile terminal and mobile terminal |
| CN104217142A (en) * | 2013-05-30 | 2014-12-17 | 华为终端有限公司 | Method and device for protecting terminal through power-on password |
| CN105631259A (en) * | 2015-04-28 | 2016-06-01 | 宇龙计算机通信科技(深圳)有限公司 | Power-on verification method, power-on verification device and terminal |
-
2017
- 2017-01-17 CN CN201710031772.5A patent/CN108319848B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6747561B1 (en) * | 2000-06-20 | 2004-06-08 | Med-Datanet, Llc | Bodily worn device for digital storage and retrieval of medical records and personal identification |
| CN101888442A (en) * | 2010-04-16 | 2010-11-17 | 中兴通讯股份有限公司 | Security management method for mobile terminal and mobile terminal |
| CN104217142A (en) * | 2013-05-30 | 2014-12-17 | 华为终端有限公司 | Method and device for protecting terminal through power-on password |
| CN105631259A (en) * | 2015-04-28 | 2016-06-01 | 宇龙计算机通信科技(深圳)有限公司 | Power-on verification method, power-on verification device and terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108319848A (en) | 2018-07-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101402509B1 (en) | Methods and systems for modifying an integrity measurement based on user authentication | |
| US9270466B2 (en) | System and method for temporary secure boot of an electronic device | |
| US8250373B2 (en) | Authenticating and verifying an authenticable and verifiable module | |
| KR101066727B1 (en) | Secure booting a computing device | |
| US11921860B2 (en) | Rollback resistant security | |
| CN107679425B (en) | Trusted boot method based on firmware and USBKey combined full disk encryption | |
| US10984107B2 (en) | Secure boot | |
| EP2051181A1 (en) | Information terminal, security device, data protection method, and data protection program | |
| CN108200078B (en) | Downloading and installing method of signature authentication tool and terminal equipment | |
| CN108256302B (en) | Data security access method and device | |
| CN109977039B (en) | Hard disk encryption key storage method, device, equipment and readable storage medium | |
| CN107124279B (en) | Method and device for erasing terminal data | |
| US9210134B2 (en) | Cryptographic processing method and system using a sensitive data item | |
| WO2016101559A1 (en) | Secure data access method and device, and computer storage medium | |
| JP2023542099A (en) | Wireless terminal and interface access authentication method in Uboot mode of wireless terminal | |
| CN108319848B (en) | Starting-up control method and device | |
| CN110674525A (en) | Electronic equipment and file processing method thereof | |
| CN115509587B (en) | Firmware upgrading method and device, electronic equipment and computer readable storage medium | |
| JP2021530776A (en) | Storage data safe operation method and system | |
| CN109840409B (en) | Core board and core board starting method | |
| JP5049179B2 (en) | Information processing terminal device and application program activation authentication method | |
| CN112800492A (en) | Control method and device for decrypting disk data | |
| CN111357003A (en) | Data protection in a pre-operating system environment | |
| CN112966276B (en) | Method, device and medium for safely starting computer | |
| CN110851881A (en) | Security detection method and device for terminal equipment, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |