CN108549812A - Security isolation method, safety insulating device based on Trustzone and car-mounted terminal - Google Patents

Security isolation method, safety insulating device based on Trustzone and car-mounted terminal Download PDF

Info

Publication number
CN108549812A
CN108549812A CN201810198424.1A CN201810198424A CN108549812A CN 108549812 A CN108549812 A CN 108549812A CN 201810198424 A CN201810198424 A CN 201810198424A CN 108549812 A CN108549812 A CN 108549812A
Authority
CN
China
Prior art keywords
operating system
environment
memory
running environment
common running
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810198424.1A
Other languages
Chinese (zh)
Inventor
刘均
龙德帆
刘新
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Launch Technology Co Ltd
Original Assignee
Shenzhen Launch Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Launch Technology Co Ltd filed Critical Shenzhen Launch Technology Co Ltd
Priority to CN201810198424.1A priority Critical patent/CN108549812A/en
Publication of CN108549812A publication Critical patent/CN108549812A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40208Bus networks characterized by the use of a particular bus standard
    • H04L2012/40215Controller Area Network CAN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40267Bus for use in transportation systems
    • H04L2012/40273Bus for use in transportation systems the transportation system being a vehicle

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention discloses a kind of security isolation methods based on Trustzone, are applied to car-mounted terminal, and the car-mounted terminal isolates secure operating environment and common running environment in advance;The method includes:The first operating system is run in the secure operating environment, first operating system controls relevant external equipment for accessing with automobile;The second operating system is run in the common running environment, second operating system controls unrelated external equipment for accessing with automobile;Wherein, first operating system is safe in second operating system.Lower second operating system of safety cannot access automobile bus etc. and control relevant peripheral hardware with automobile in the embodiment of the present invention, can improve the safety of car-mounted terminal.Correspondingly, the embodiment of the invention also discloses a kind of safety insulating devices and car-mounted terminal with Trustzone frameworks.

Description

Security isolation method, safety insulating device based on Trustzone and car-mounted terminal
Technical field
The present invention relates to automobile technical field more particularly to a kind of security isolation method based on Trustzone, safety every From device and car-mounted terminal.
Background technology
Currently, controller local area network (Controller Area Network, CAN) bus is obtained in automotive field It is widely applied, it is vehicle-mounted to realize that many world-famous automobile manufacturing companies (such as benz, BMW) all use CAN bus Data communication between the multiple electronic control units of terminal inner (Electronic Control Unit, ECU).
In general, car-mounted terminal may include three classes CAN bus, and wherein first kind CAN bus is for connecting automobile drive Each ECU (including Engine ECU, speed changer ECU etc.) of dynamic system (or being automotive control system), the second class CAN bus Each ECU (including car door ECU, air-conditioner ECU) for connecting body control system, third class CAN bus is for connecting automobile Each ECU (including audio ECU, telecommunication ECU etc.) of entertainment systems.When car-mounted terminal has remote control function, by In needing to carry out remote control to automobile driving system by first kind CAN bus, each ECU of automotive entertainment system also can It is directly connected in first kind CAN bus.In this case, as long as intentionally personage has broken through any one of automotive entertainment system A component can operate first kind CAN bus and then control automobile driving system so that the safety of car-mounted terminal is dropped significantly It is low.
Invention content
The embodiment of the present invention provides a kind of security isolation method based on Trustzone, the peace with Trustzone frameworks Full isolating device and car-mounted terminal, can improve the safety of car-mounted terminal.
In a first aspect, an embodiment of the present invention provides a kind of security isolation method based on Trustzone, it is applied to vehicle-mounted Terminal, the car-mounted terminal isolate secure operating environment and common running environment in advance, wherein the secure operating environment It is safe in the common running environment;The method includes:
The first operating system is run in the secure operating environment, first operating system is controlled for accessing with automobile Relevant external equipment;
The second operating system is run in the common running environment, second operating system is controlled for accessing with automobile Unrelated external equipment;
Wherein, first operating system is safe in second operating system.
Optionally, the memory of the car-mounted terminal includes the first region of memory and the second region of memory, wherein described second Region of memory it is safe in first region of memory;The method further includes:
When in the common running environment, if detecting the first handover event, enter monitoring mode, described first Handover event is the first subset for receiving the first security monitoring call instruction or receiving hardware anomalies mechanism;
By the first state information storage of the common running environment to first memory field under the monitoring mode Domain, and restore the second status information of the secure operating environment, second status information is stored in second memory field Domain;
The mode flags position of specified register is set as 0 to enter the safe operation ring under the monitoring mode Border.
Optionally, the method further includes:
When in the secure operating environment, if detecting the second handover event, enter the monitoring mode, it is described Second handover event is the second subset for receiving the second security monitoring call instruction or receiving hardware anomalies mechanism;
The second status information of the secure operating environment is stored to second memory field under the monitoring mode Domain, and restore the first state information of the common running environment, the first state information storage is in first memory field Domain;
The mode flags position of specified register is set as 1 to enter the common operation ring under the monitoring mode Border.
Optionally, the car-mounted terminal cannot access the specified register under the common running environment;The side Method further includes:
When in the monitoring mode, first operating system is run in the secure operating environment.
Optionally, the method further includes:
When receiving power-on servicing, first is run into the secure operating environment, and in the secure operating environment Bootstrap;
After the first bootstrap end of run, the second bootstrap is run;
After the second bootstrap end of run, start first operating system;
After first os starting, into the common running environment, and in the common operation ring Border runs third bootstrap;
After the third bootstrap end of run, start second operating system.
Optionally, before entering the common running environment, the method further includes:
The access rights of first operating system and second operating system are configured in the secure operating environment, So that first operating system controls relevant external equipment for accessing with automobile, second operating system is for accessing Unrelated external equipment is controlled with automobile.
Second aspect, an embodiment of the present invention provides a kind of safety insulating device with Trustzone frameworks, the dresses Set and isolate secure operating environment and common running environment in advance, wherein the secure operating environment it is safe in described Common running environment;Described device includes:
First operation module, for running the first operating system, first operating system in the secure operating environment For accessing relevant external equipment is controlled with automobile;
Second operation module, for running the second operating system, second operating system in the common running environment For accessing unrelated external equipment is controlled with automobile;
Wherein, first operating system is safe in second operating system.
Optionally, the memory of the car-mounted terminal includes the first region of memory and the second region of memory, wherein described second Region of memory it is safe in first region of memory;Described device further includes:
First handover module, for when in the common running environment, if detecting the first handover event, entering Monitoring mode, first handover event are to receive the first security monitoring call instruction or receive the of hardware anomalies mechanism One subset;
First memory module is used for the first state information storage of the common running environment under the monitoring mode To first region of memory;
First recovery module, the second status information for restoring the secure operating environment under the monitoring mode, Second status information is stored in second region of memory;
First setup module, under the monitoring mode by the mode flags position of specified register be set as 0 with into Enter the secure operating environment.
Optionally, described device further includes:
Second handover module, for when in the secure operating environment, if detecting the second handover event, entering The monitoring mode, second handover event are to receive the second security monitoring call instruction or receive hardware anomalies mechanism Second subset;
Second memory module, for storing the second status information of the secure operating environment under the monitoring mode To second region of memory;
Second recovery module, the first state information for restoring the common running environment under the monitoring mode, The first state information storage is in first region of memory;
Second setup module, for the mode flags position of the specified register to be set as 1 under the monitoring mode To enter the common running environment.
Optionally, described device cannot access the specified register under the common running environment;Second fortune Row module is additionally operable to when in the monitoring mode, and first operating system is run in the secure operating environment.
Optionally, described device further includes:
Third runs module, for when receiving power-on servicing, into the secure operating environment, and in the safety Running environment runs the first bootstrap;
The third runs module, is additionally operable to after the first bootstrap end of run, runs the second bootstrap;
Starting module, for after the second bootstrap end of run, starting first operating system;
Third runs module, is additionally operable to after first os starting, into the common running environment, And run third bootstrap in the common running environment;
The starting module is additionally operable to after the third bootstrap end of run, starts second operating system.
Optionally, described device further includes:
Configuration module, for before entering the common running environment, described first to be configured in the secure operating environment The access rights of operating system and second operating system, so that first operating system is controlled for accessing with automobile Relevant external equipment, second operating system control unrelated external equipment for accessing with automobile.
The third aspect, an embodiment of the present invention provides a kind of car-mounted terminal, the car-mounted terminal includes processor and storage Device, wherein the memory is for storing computer program, and the computer program includes program instruction, the processor quilt It is configured to call described program instruction, the method for executing above-mentioned first aspect.
Fourth aspect, an embodiment of the present invention provides a kind of computer readable storage medium, the computer-readable storage It includes program instruction that media storage, which has computer program, the computer program, and described program instructs when being executed by a processor The method for making the processor execute above-mentioned first aspect.
The embodiment of the present invention is strictly controlled by isolating secure operating environment and common running environment in car-mounted terminal The peripheral access permission of secure operating environment processed and common running environment so that the second of the lower common running environment of safety Operating system cannot access automobile bus etc. and control relevant peripheral hardware with automobile, can improve the safety of car-mounted terminal.
Description of the drawings
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with Obtain other attached drawings according to these attached drawings.
Fig. 1 is a kind of secure operating environment provided in an embodiment of the present invention and the switching schematic diagram of common running environment;
Fig. 2 is a kind of flow diagram of security isolation method based on Trustzone provided in an embodiment of the present invention;
Fig. 3 is a kind of peripheral access permission schematic diagram of car-mounted terminal provided in an embodiment of the present invention;
Fig. 4 is the flow diagram of another security isolation method based on Trustzone provided in an embodiment of the present invention;
Fig. 5 is a kind of structural representation of safety insulating device with Trustzone frameworks provided in an embodiment of the present invention Figure;
Fig. 6 is that another structure with the safety insulating device of Trustzone frameworks provided in an embodiment of the present invention is shown It is intended to;
Fig. 7 is a kind of structural schematic diagram of car-mounted terminal provided in an embodiment of the present invention.
Specific implementation mode
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation describes, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, those of ordinary skill in the art are obtained every other without creative efforts Embodiment shall fall within the protection scope of the present invention.
The embodiment of the present invention provides a kind of security isolation method being based on trusted region (Trustzone), is applied to vehicle Mounted terminal.Wherein, Trustzone is a kind of hardware structure that ARM companies are directed to that consumption electronic product proposes, the purpose is to disappear Expense electronic product builds a security framework to resist various possible attacks.
Specifically, Trustzone isolates secure operating environment (Secure World) and general in advance in car-mounted terminal Logical running environment (Normal World), and by the central processing unit of car-mounted terminal (Central Processing Unit, CPU whole system resources (including hardware and software resource)) are divided into secure operating environment and common running environment in advance, with And it is the physical core of CPU is virtual for a safe kernel (Secure Core) and non-security core (Non-Secure a Core, NS Core), wherein safe kernel is used to run the first operating system (Operating System, OS), non-peace in secure operating environment Full core is used in common running environment (or being non-security running environment) the second operating system of operation.Wherein, virtual safety Core and non-security core occupy physical core in turn in a manner of timeslot-based, specifically, as needed safe kernel and non-security core its One of in real time occupy physical core.
Wherein, the safe safety in common running environment of secure operating environment, the safety of the first operating system Property be higher than the second operating system safety.As an alternative embodiment, the second operating system can be Android (Android) operating system.
In addition, supporting the level expansion interface (Advanced eXtensible Interface, AXI) of Trustzone total Hardware logic in line construction may insure that non-security core can only access the system resource of common running environment, and safe nuclear energy is visited Ask that all system resources, the i.e. system resource of secure operating environment will not be accessed by non-security core, in safe operation ring Powerful boundary is built between border and common running environment.
In an embodiment of the present invention, the first operating system can access automobile bus etc. and automobile control is relevant External equipment (can abbreviation peripheral hardware), wherein automobile bus can in order to control device LAN (Controller Area Network, CAN) arbitrary in bus, local interconnect network (Local Interconnect Network, LIN) bus, Flexray buses One kind, certainly, automobile bus are not limited to above-mentioned three kinds of buses;Second operating system can be accessed controls unrelated outside with automobile Equipment, such as Wireless Fidelity (Wireless Fidelity, Wi-Fi) module, bluetooth module, display panel module, audio-frequency module etc.. It is understood that the first operating system can also be accessed controls unrelated external equipment with automobile, but the second operating system is not It can access and control relevant external equipment with automobile.
It should be noted that secure operating environment and common running environment are carried out by monitoring mode (Monitor Mode) Switching, as shown in Figure 1.From fig. 1, it can be seen that when CPU is in user mode (the User Mode) of common running environment, if needed Secure operating environment is switched to from common running environment, then initially enter the privileged mode of common running environment (Privileged Mode) subsequently into monitoring mode, then enters by monitoring mode the privileged mode of secure operating environment, Finally enter the user mode of secure operating environment.It should be noted that CPU from common running environment or secure operating environment into The operation for entering monitoring mode is tightly controlled, and these operations are considered as the exception sent out to monitoring mode.Specifically, The first security monitoring calling (Secure can be executed by software by entering the operation of monitoring mode from common running environment Monitor Call, SMC) it instruction triggers or is triggered by the first subset of hardware anomalies mechanism.Wherein, hardware anomalies mechanism First subset may include fast interrupt requests (Fast Interrupt reQuest, FIQ).
It is also known from Fig. 1, when CPU is in the user mode of secure operating environment, if necessary from safe operation ring Border switches to common running environment, then initially enters the privileged mode of secure operating environment, subsequently into monitoring mode, then passes through Monitoring mode enters the privileged mode of common running environment, finally enters the user mode of common running environment.Specifically, from peace The operation that full running environment enters monitoring mode can execute the 2nd SMC instruction triggers or by hardware anomalies mechanism by software Second subset triggering.Wherein, the second subset of hardware anomalies mechanism may include interrupt requests (Interrupt Request, IRQ)。
It should be noted that in an embodiment of the present invention, FIQ is the interrupt source of secure operating environment, specifically, when When secure operating environment receives IRQ, CPU handles the FIQ under the secure operating environment being presently in;IRQ is common fortune The interrupt source of row environment, specifically, when common running environment receives IRQ, CPU is in the common running environment being presently in The lower processing IRQ.
It should also be noted that, further including coprocessor CP15, the security configuration of coprocessor CP15 in car-mounted terminal Register (Secure Configuration Register, SCR) includes mode flags position NS, and the NS for referring to Show which running environment CPU is currently at.Specifically, show that CPU is currently located in secure operating environment when being 0 for NS, when NS show that CPU is currently located in common running environment when being 1.It should be noted that SCR registers are under common running environment Cannot be accessed, therefore when CPU is in monitoring mode, no matter NS be 0 or it is all in secure operating environment to be 1, CPU Run the second operating system, i.e., monitoring mode is to be located at secure operating environment always, this point from Fig. 1 it is also seen that.
It should also be noted that, the memory of car-mounted terminal includes the first region of memory and the second region of memory.Wherein, second The safe safety in the first region of memory of region of memory.
When CPU enters monitoring mode from common running environment, by the way that the positions NS of SCR registers are set in the monitoring mode Secure operating environment can be entered by being set to 0, CPU.In this case, CPU also needs to commonly run ring in the monitoring mode The first state information storage in border restores the second status information of secure operating environment to the first region of memory, second shape State information storage is in the second region of memory.
When CPU enters monitoring mode from secure operating environment, by the way that the positions NS of SCR registers are set in the monitoring mode Common running environment can be entered by being set to 1, CPU.In this case, CPU is also needed to safe operation ring in the monitoring mode Second status information in border is stored to the second region of memory, and restores the first state information of common running environment, first shape State information storage is in the first region of memory.Wherein, first state information and the second status information be respectively common running environment and The information such as the data of secure operating environment and setting.
Seen from the above description, AXI buses mechanism can isolate safe fortune in car-mounted terminal in the embodiment of the present invention Row environment and common running environment, CPU start after by strictly controlling the access right of secure operating environment and common running environment It limits (i.e. the access rights of the first operating system and the second operating system), the safety of car-mounted terminal can be improved.
It should be noted that CPU, which is connected various external equipments by external bus, constitutes system on chip (System On Chip, SoC).The safety of SoC itself is determined by its Booting sequence.After the power is turned on, SoC is first from safe operation ring for car-mounted terminal Border starts to execute, and secure operating environment can verify the bootstrap (Bootloader) of common running environment, it is ensured that general The code that logical running environment executes is by mandate without being tampered with.Then common running environment can load the second operation system System, completes the startup of entire SoC.In the second operating system of boot program loads of common running environment, secure operating environment Also the code of the second operating system can be verified, it is ensured that it is not tampered with.Specifically, car-mounted terminal after the power is turned on, adds first Carry and run the bootstrap of SoC;After the bootstrap end of run of Soc, the bootstrap of Flash equipment is loaded and run; After the bootstrap end of run of Flash equipment, the first operating system of simultaneously operational safety running environment is loaded;Safe operation ring The bootstrap of common running environment is verified in border, after being verified, loads and run the guiding journey of common running environment Sequence;After the bootstrap end of run of common running environment, second operating system of the secure operating environment to common running environment It is verified, after being verified, loads and run the second operating system of common running environment, so far, SoC start completions are simultaneously opened Begin to run.
In conclusion the embodiment of the present invention in car-mounted terminal by isolating secure operating environment and common operation ring Border, and strictly control the peripheral access permission of secure operating environment and common running environment so that the lower common fortune of safety Second operating system of row environment cannot access automobile bus etc. and control relevant peripheral hardware with automobile, can improve vehicle-mounted end The safety at end.With reference to Fig. 2 to Fig. 7 to security isolation method provided in an embodiment of the present invention based on Trustzone, tool The safety insulating device and car-mounted terminal for having Trustzone frameworks are described in detail respectively.
Fig. 2 is referred to, is that a kind of flow of security isolation method based on Trustzone provided in an embodiment of the present invention is shown It is intended to.Specifically, the method is applied to car-mounted terminal, and the car-mounted terminal isolates secure operating environment and common fortune in advance Row environment, wherein the secure operating environment it is safe in the common running environment.It is as shown in Figure 2 based on The security isolation method of Trustzone may include:
S101, the first operating system is run in the secure operating environment.
In an embodiment of the present invention, first operating system controls relevant external equipment for accessing with automobile, As shown in Figure 3.Wherein, described to control relevant external equipment with automobile (such as CAN is total including at least the automobile bus of car-mounted terminal Line, LIN buses, Flexray buses etc.).
S102, the second operating system is run in the common running environment.
In an embodiment of the present invention, first operating system is safe in second operating system, and The external device access permission of first operating system is higher than second operating system, specifically, second operation system System controls unrelated external equipment for accessing with automobile, as shown in Figure 3.It is understood that first operating system It can access and control unrelated external equipment with automobile, but second operating system cannot be accessed and be controlled outside relevant with automobile Portion's equipment.It is wherein, described that unrelated external equipment is controlled with automobile may include Wi-Fi module, bluetooth module, display screen mould Block, audio-frequency module etc..As an alternative embodiment, second operating system can be Android operation system.
It is in an embodiment of the present invention, safe in the common running environment due to the secure operating environment, Therefore high security require operation (such as fingerprint recognition, Cipher Processing, data encrypting and deciphering, safety certification need for confidentiality behaviour Make) it can be executed in the secure operating environment, other operations can be in institute (such as operating system of user, various application programs etc.) It states common running environment to execute, so may insure that car-mounted terminal can resist numerous potential attacks.
It should be noted that whole system resources of the CPU of car-mounted terminal are divided into the safety by Trustzone in advance Running environment and the common running environment, and be virtually a safe kernel and a non-security core by the physical core of CPU, Middle safe kernel is used to run the first operating system in secure operating environment, non-security core be used for (or be in common running environment Non-security running environment) the second operating system of operation.Wherein, virtual safe kernel and non-security the core wheel in a manner of timeslot-based Stream occupies physical core, specifically, one of safe kernel and non-security core occupy physical core in real time as needed.Therefore, it compares For the first operating system and the second operating system occupy the technical solution of a physical core respectively, the embodiment of the present invention is saved One physical core.
It should also be noted that, the AXI bus mechanism that Trustzone is provided may insure that non-security core can only access commonly The system resource of running environment, and safe nuclear energy accesses all system resources, the i.e. system resource of secure operating environment will not be by Non-security core is accessed, and to build powerful boundary between secure operating environment and common running environment, realizes first The security isolation of operating system and the second operating system improves the safety of car-mounted terminal.
In embodiments of the present invention, by isolating secure operating environment and common running environment in car-mounted terminal, and The peripheral access permission of stringent control secure operating environment and common running environment so that the lower common running environment of safety The second operating system cannot access automobile bus etc. and automobile and control relevant peripheral hardware, the peace of car-mounted terminal can be improved Quan Xing.
Fig. 4 is referred to, is the flow of another security isolation method based on Trustzone provided in an embodiment of the present invention Schematic diagram.Specifically, the method is applied to car-mounted terminal, and the car-mounted terminal isolates secure operating environment and common in advance Running environment, wherein the secure operating environment it is safe in the common running environment.It is as shown in Figure 4 based on The security isolation method of Trustzone may include:
S201, when receiving power-on servicing, into the secure operating environment, and the secure operating environment run First bootstrap.
After the power is turned on, SoC is executed since the secure operating environment car-mounted terminal first.In an embodiment of the present invention, First bootstrap can be SoC bootstrap.
S202, the second bootstrap of operation.
After the first bootstrap end of run, car-mounted terminal can run the second bootstrap.The present invention's In embodiment, second bootstrap can be the bootstrap of Flash equipment.
S203, start the first operating system.
After the second bootstrap end of run, car-mounted terminal can start the first operating system.The present invention's In embodiment, first operating system is the operating system of the secure operating environment.
S204, third bootstrap is run into the common running environment, and in the common running environment.
After first os starting, car-mounted terminal can enter the common running environment, and in institute State common running environment operation third bootstrap.In an embodiment of the present invention, the third bootstrap is described common The bootstrap of running environment.
It should be noted that the secure operating environment can verify the bootstrap of the common running environment, Ensure that the code that the common running environment executes passes through mandate without being tampered with.
It should also be noted that, before car-mounted terminal enters the common running environment, car-mounted terminal can also configure described The access rights of first operating system and second operating system, so that first operating system is for access and automobile Relevant external equipment is controlled, second operating system controls unrelated external equipment for accessing with automobile.
S205, start the second operating system.
After the third bootstrap end of run, car-mounted terminal can start the second operating system.The present invention's In embodiment, second operating system is the operating system of the common running environment.Wherein, first operating system It is safe in second operating system.As an alternative embodiment, second operating system can be Android operation system.
It should be noted that the secure operating environment can also verify the code of second operating system, really It protects it to be not tampered with, ensures that the safety of entire SoC itself.Wherein, SoC is passed through external total by the CPU of car-mounted terminal Various external equipments are connected composition by line.
S206, second operating system is run in the common running environment.
In an embodiment of the present invention, the external device access permission of first operating system is operated higher than described second System, specifically, first operating system controls relevant external equipment, second operating system for accessing with automobile For accessing unrelated external equipment is controlled with automobile.It is understood that first operating system can also access and vapour Vehicle controls unrelated external equipment, but second operating system cannot access and control relevant external equipment with automobile.
Wherein, described to control relevant external equipment with automobile (such as CAN is total including at least the automobile bus of car-mounted terminal Line, LIN buses, Flexray buses etc.), it is described that unrelated external equipment is controlled with automobile may include Wi-Fi module, bluetooth Module, display panel module, audio-frequency module etc..
S207, when in the common running environment, if detecting the first handover event, enter monitoring mode.
It should be noted that in an embodiment of the present invention, secure operating environment and common running environment are by monitoring mould Formula switches over.
In an embodiment of the present invention, first handover event is to receive the first SMC instructions or to receive hardware different First subset of normal mechanism.Wherein, the first subset of hardware anomalies mechanism may include FIQ.
S208, under the monitoring mode by the first state information storage of the common running environment to the first memory field Domain, and restore the second status information of the secure operating environment.
It should be noted that in an embodiment of the present invention, the memory of car-mounted terminal includes the first region of memory and second Region of memory.Wherein, the safe safety in the first region of memory of the second region of memory.
In an embodiment of the present invention, second status information is stored in second region of memory.
S209, under the monitoring mode by the mode flags position of specified register be set as 0 with enter it is described safety transport Row environment.
In an embodiment of the present invention, the specified register is SCR registers.
It should be noted that further including coprocessor CP15, the SCR register packets of coprocessor CP15 in car-mounted terminal Mode flags position NS is included, the NS is used to indicate which running environment car-mounted terminal is currently located in.Specifically, working as NS Position shows that car-mounted terminal is currently located in secure operating environment when being 0, shows that car-mounted terminal is currently located in common fortune when being 1 for NS Row environment.
It should also be noted that, SCR registers cannot be accessed under common running environment, therefore work as car-mounted terminal When in monitoring mode, no matter NS be 0 or be 1, car-mounted terminal is all to run the first operating system in secure operating environment, I.e. monitoring mode is positioned at secure operating environment.
S210, first operating system is run in the secure operating environment.
It is in an embodiment of the present invention, safe in the common running environment due to the secure operating environment, Therefore high security require operation (such as fingerprint recognition, Cipher Processing, data encrypting and deciphering, safety certification need for confidentiality behaviour Make) it can be executed in the secure operating environment, the secure operating environment can be by implementing result (as added solution after being finished Close result) return to the common running environment.
In an alternative embodiment, when car-mounted terminal is in secure operating environment, if detecting the second switching thing Part, then the car-mounted terminal enter the monitoring mode.Wherein, second handover event be receive the 2nd SMC instruction or Receive the second subset of hardware anomalies mechanism.Wherein, the second subset of hardware anomalies mechanism may include IRQ.
Further, car-mounted terminal stores the second status information of the secure operating environment under the monitoring mode To second region of memory, and restore the first state information of the common running environment.Wherein, the first state information It is stored in first region of memory.In addition, car-mounted terminal also under the monitoring mode by the mode flags position of SCR registers 1 is set as to enter the common running environment.
In embodiments of the present invention, by isolating secure operating environment and common running environment in car-mounted terminal, and The peripheral access permission of stringent control secure operating environment and common running environment so that the lower common running environment of safety The second operating system cannot access automobile bus etc. and automobile and control relevant peripheral hardware, the peace of car-mounted terminal can be improved Quan Xing.
The embodiment of the present invention also provides a kind of safety insulating device 100 with Trustzone frameworks, described device 100 Isolate secure operating environment and common running environment in advance, wherein the secure operating environment it is safe in described general Logical running environment.The device 100 includes the module for executing the application method shown in Fig. 2, can be configured at car-mounted terminal In.Specifically, Fig. 5 is referred to, is a kind of structural schematic diagram of safety insulating device provided in an embodiment of the present invention.Such as Fig. 5 institutes The safety insulating device 100 shown may include:First operation module 101 and second runs module 102.Wherein,
The first operation module 101, for running the first operating system, first behaviour in the secure operating environment Make system for access with the relevant external equipment of automobile control.
The second operation module 102, for running the second operating system, second behaviour in the common running environment Make system and controls unrelated external equipment with automobile for accessing.
Wherein, first operating system is safe in second operating system.
It should be noted that the specific workflow of safety insulating device 100 provided in an embodiment of the present invention please refers to this The method flow part that inventive embodiments provide, details are not described herein.
In embodiments of the present invention, by isolating secure operating environment and common operation ring in safety insulating device Border, and strictly control the peripheral access permission of secure operating environment and common running environment so that the lower common fortune of safety Second operating system of row environment cannot access automobile bus etc. and automobile and control relevant peripheral hardware, can improve safety every Safety from device.
The embodiment of the present invention also provides another safety insulating device 200 with Trustzone frameworks, described device 200 isolate secure operating environment and common running environment in advance, wherein the secure operating environment it is safe in described Common running environment.The device 200 includes the module for executing the application method shown in Fig. 4, can be configured at vehicle-mounted end In end.Specifically, Fig. 6 is referred to, is a kind of structural schematic diagram of safety insulating device provided in an embodiment of the present invention.Such as Fig. 6 Shown in safety insulating device 200 may include:Third runs module 201, starting module 202, configuration module 203, first and transports Row module 204, second runs module 205, the first handover module 206, the first memory module 207, the first recovery module 208, the One setup module 209, the second handover module 210, the second memory module 211 and the second recovery module 212 and the second setup module 213.Wherein,
The third runs module 201, for when receiving power-on servicing, into the secure operating environment, and The secure operating environment runs the first bootstrap.
The third runs module 201, is additionally operable to after the first bootstrap end of run, operation the second guiding journey Sequence.
The starting module 202, for after the second bootstrap end of run, starting the first operating system.
The third runs module 201, is additionally operable to after first os starting, into the common fortune Row environment, and run third bootstrap in the common running environment.
The starting module 202 is additionally operable to after the third bootstrap end of run, starts the second operating system.
Wherein, first operating system is safe in second operating system.
The configuration module 203, for before entering the common running environment, institute to be configured in the secure operating environment The access rights of the first operating system and second operating system are stated, so that first operating system is for access and vapour Vehicle controls relevant external equipment, and second operating system controls unrelated external equipment for accessing with automobile.
The first operation module 204, for running first operating system in the secure operating environment, described the One operating system controls relevant external equipment for accessing with automobile.
The second operation module 205, for running second operating system in the common running environment, described the Two operating systems control unrelated external equipment for accessing with automobile.
In an embodiment of the present invention, the memory of the car-mounted terminal includes the first region of memory and the second region of memory, Wherein, second region of memory is safe in first region of memory.
First handover module 206 is used for when in the common running environment, if detecting the first switching thing Part, then enter monitoring mode, and first handover event is to receive the first security monitoring call instruction or to receive hardware different First subset of normal mechanism.
First memory module 207 is used for the first state of the common running environment under the monitoring mode Information storage is to first region of memory.
First recovery module 208, the second shape for restoring the secure operating environment under the monitoring mode State information, second status information are stored in second region of memory.
First setup module 209, for the mode flags position of specified register to be arranged under the monitoring mode For 0 to enter the secure operating environment.
Second handover module 210 is used for when in the secure operating environment, if detecting the second switching thing Part, then enter the monitoring mode, and second handover event is to receive the second security monitoring call instruction or receive hard The second subset of part abnormal mechanism.
Second memory module 211 is used for the second state of the secure operating environment under the monitoring mode Information storage is to second region of memory.
Second recovery module 212, the first shape for restoring the common running environment under the monitoring mode State information, the first state information storage is in first region of memory.
Second setup module 213 is used for the mode flags position of the specified register under the monitoring mode 1 is set as to enter the common running environment.
Optionally, described device 200 cannot access the specified register under the common running environment;Described first Module 204 is run, is additionally operable to when in the monitoring mode, in secure operating environment operation first operation system System.
It should be noted that the specific workflow of safety insulating device 200 provided in an embodiment of the present invention please refers to this The method flow part that inventive embodiments provide, details are not described herein.
In embodiments of the present invention, by isolating secure operating environment and common operation ring in safety insulating device Border, and strictly control the peripheral access permission of secure operating environment and common running environment so that the lower common fortune of safety Second operating system of row environment cannot access automobile bus etc. and automobile and control relevant peripheral hardware, can improve safety every Safety from device.
It is a kind of schematic block diagram of car-mounted terminal provided in an embodiment of the present invention referring to Fig. 7.The car-mounted terminal is advance Isolate secure operating environment and common running environment, wherein the secure operating environment it is safe in the common fortune Row environment.Car-mounted terminal 300 in the present embodiment as shown in Figure 7 may include processor 301 and memory 302, wherein institute It states processor 301 and memory 302 is connected by bus 303.The memory 302 is for storing computer program, the meter Calculation machine program includes program instruction.
Specifically, the processor 301 is configured for calling described program instruction execution:
The first operating system is run in the secure operating environment, first operating system is controlled for accessing with automobile Relevant external equipment;
The second operating system is run in the common running environment, second operating system is controlled for accessing with automobile Unrelated external equipment;
Wherein, first operating system is safe in second operating system.
In an embodiment of the present invention, the memory of the car-mounted terminal includes the first region of memory and the second region of memory, Wherein, second region of memory is safe in first region of memory.
Optionally, the processor 301 is configured for that described program instruction is called also to execute:
When in the common running environment, if detecting the first handover event, enter monitoring mode, described first Handover event is the first subset for receiving the first security monitoring call instruction or receiving hardware anomalies mechanism;
By the first state information storage of the common running environment to first memory field under the monitoring mode Domain, and restore the second status information of the secure operating environment, second status information is stored in second memory field Domain;
The mode flags position of specified register is set as 0 to enter the safe operation ring under the monitoring mode Border.
Optionally, the processor 301 is configured for that described program instruction is called also to execute:
When in the secure operating environment, if detecting the second handover event, enter the monitoring mode, it is described Second handover event is the second subset for receiving the second security monitoring call instruction or receiving hardware anomalies mechanism;
The second status information of the secure operating environment is stored to second memory field under the monitoring mode Domain, and restore the first state information of the common running environment, the first state information storage is in first memory field Domain;
The mode flags position of the specified register is set as 1 to enter the common operation under the monitoring mode Environment.
Optionally, the car-mounted terminal 300 cannot access the specified register under the common running environment;It is described Processor 301 is configured for that described program instruction is called also to execute:
When in the monitoring mode, first operating system is run in the secure operating environment.
Optionally, the processor 301 is configured for that described program instruction is called also to execute:
When receiving power-on servicing, first is run into the secure operating environment, and in the secure operating environment Bootstrap;
After the first bootstrap end of run, the second bootstrap is run;
After the second bootstrap end of run, start first operating system;
After first os starting, into the common running environment, and in the common operation ring Border runs third bootstrap;
After the third bootstrap end of run, start second operating system.
Optionally, before entering the common running environment, the processor 301 is configured for that described program is called to refer to Order also executes:
The access rights of first operating system and second operating system are configured in the secure operating environment, So that first operating system controls relevant external equipment for accessing with automobile, second operating system is for accessing Unrelated external equipment is controlled with automobile.
It should be appreciated that in embodiments of the present invention, the processor 301 can be CPU.The memory 302 can wrap Read-only memory (Read-Only Memory, ROM) and random access memory (Random Access Memory, RAM) are included, And provide computer program and data to the processor 301.
In the specific implementation, processor 301 described in the embodiment of the present invention can execute shown in the application Fig. 2 or Fig. 4 The security isolation method based on Trustzone realization method, details are not described herein.
In embodiments of the present invention, the processor 301 calls the program instruction being stored in the memory 302, leads to It crosses and isolates secure operating environment and common running environment in car-mounted terminal, and strictly control secure operating environment and common fortune The peripheral access permission of row environment so that the second operating system of the lower common running environment of safety cannot access such as vapour Vehicle bus etc. controls relevant peripheral hardware with automobile, can improve the safety of car-mounted terminal.
A kind of computer readable storage medium, the computer readable storage medium are also provided in an embodiment of the present invention It is stored with computer program, the computer program includes program instruction, and described program instruction makes institute when being executed by a processor It states processor and executes such as security isolation methods of the application Fig. 2 or shown in Fig. 4 based on Trustzone.
The computer readable storage medium can be the internal storage unit of the car-mounted terminal described in previous embodiment, example Such as the hard disk or memory of car-mounted terminal.The computer readable storage medium can also be that the external storage of the car-mounted terminal is set Plug-in type hard disk that is standby, such as being equipped on the car-mounted terminal, intelligent memory card (Smart Media Card, SMC), safe number Word (Secure Digital, SD) blocks, flash card (Flash Card) etc..
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any Those familiar with the art in the technical scope disclosed by the present invention, can readily occur in various equivalent modifications or replace It changes, these modifications or substitutions should be covered by the protection scope of the present invention.Therefore, protection scope of the present invention should be with right It is required that protection domain subject to.

Claims (13)

1. a kind of security isolation method based on Trustzone, which is characterized in that be applied to car-mounted terminal, the car-mounted terminal Isolate secure operating environment and common running environment in advance, wherein the secure operating environment it is safe in described general Logical running environment;The method includes:
The first operating system is run in the secure operating environment, first operating system is related to automobile control for accessing External equipment;
The second operating system is run in the common running environment, second operating system is unrelated with automobile control for accessing External equipment;
Wherein, first operating system is safe in second operating system.
2. according to the method described in claim 1, it is characterized in that, the memory of the car-mounted terminal include the first region of memory and Second region of memory, wherein second region of memory it is safe in first region of memory;The method is also wrapped It includes:
When in the common running environment, if detecting the first handover event, enter monitoring mode, first switching Event is the first subset for receiving the first security monitoring call instruction or receiving hardware anomalies mechanism;
By the first state information storage of the common running environment to first region of memory under the monitoring mode, and Restore the second status information of the secure operating environment, second status information is stored in second region of memory;
The mode flags position of specified register is set as 0 to enter the secure operating environment under the monitoring mode.
3. according to the method described in claim 2, it is characterized in that, the method further includes:
When in the secure operating environment, if detecting the second handover event, enter the monitoring mode, described second Handover event is the second subset for receiving the second security monitoring call instruction or receiving hardware anomalies mechanism;
The second status information of the secure operating environment is stored to second region of memory under the monitoring mode, and Restore the first state information of the common running environment, the first state information storage is in first region of memory;
The mode flags position of the specified register is set as 1 to enter the common operation ring under the monitoring mode Border.
4. according to the method described in claim 2, it is characterized in that, the car-mounted terminal cannot under the common running environment Access the specified register;The method further includes:
When in the monitoring mode, first operating system is run in the secure operating environment.
5. according to the method described in claim 1, it is characterized in that, the method further includes:
When receiving power-on servicing, into the secure operating environment, and in the first guiding of secure operating environment operation Program;
After the first bootstrap end of run, the second bootstrap is run;
After the second bootstrap end of run, start first operating system;
After first os starting, transported into the common running environment, and in the common running environment Row third bootstrap;
After the third bootstrap end of run, start second operating system.
6. according to the method described in claim 5, it is characterized in that, before entering the common running environment, the method is also Including:
The access rights of first operating system and second operating system are configured in the secure operating environment, so that First operating system controls relevant external equipment for accessing with automobile, and second operating system is used to access and vapour Vehicle controls unrelated external equipment.
7. a kind of safety insulating device with Trustzone frameworks, which is characterized in that described device isolates safe fortune in advance Row environment and common running environment, wherein the secure operating environment it is safe in the common running environment;The dress Set including:
First operation module, for running the first operating system in the secure operating environment, first operating system is used for It accesses and controls relevant external equipment with automobile;
Second operation module, for running the second operating system in the common running environment, second operating system is used for It accesses and controls unrelated external equipment with automobile;
Wherein, first operating system is safe in second operating system.
8. device according to claim 7, which is characterized in that the memory of described device includes the first region of memory and second Region of memory, wherein second region of memory it is safe in first region of memory;Described device further includes:
First handover module, for when in the common running environment, if detecting the first handover event, entering monitoring Pattern, first handover event are the first son for receiving the first security monitoring call instruction or receiving hardware anomalies mechanism Collection;
First memory module is used for the first state information storage of the common running environment to institute under the monitoring mode State the first region of memory;
First recovery module, the second status information for restoring the secure operating environment under the monitoring mode are described Second status information is stored in second region of memory;
First setup module, for the mode flags position of specified register to be set as 0 to enter under the monitoring mode State secure operating environment.
9. device according to claim 8, which is characterized in that described device further includes:
Second handover module, for when in the secure operating environment, if detecting the second handover event, entering described Monitoring mode, second handover event are to receive the second security monitoring call instruction or receive the of hardware anomalies mechanism Two subsets;
Second memory module, for storing the second status information of the secure operating environment to institute under the monitoring mode State the second region of memory;
Second recovery module, the first state information for restoring the common running environment under the monitoring mode are described First state information storage is in first region of memory;
Second setup module, under the monitoring mode by the mode flags position of the specified register be set as 1 with into Enter the common running environment.
10. device according to claim 8, which is characterized in that described device cannot visit under the common running environment Ask the specified register;
The second operation module, is additionally operable to when in the monitoring mode, in secure operating environment operation described the One operating system.
11. device according to claim 7, which is characterized in that described device further includes:
Third runs module, for when receiving power-on servicing, into the secure operating environment, and in the safe operation Environment runs the first bootstrap;
The third runs module, is additionally operable to after the first bootstrap end of run, runs the second bootstrap;
Starting module, for after the second bootstrap end of run, starting first operating system;
Third runs module, is additionally operable to after first os starting, into the common running environment, and The common running environment runs third bootstrap;
The starting module is additionally operable to after the third bootstrap end of run, starts second operating system.
12. according to the devices described in claim 11, which is characterized in that described device further includes:
Configuration module, for before entering the common running environment, being operated in secure operating environment configuration described first The access rights of system and second operating system, so that first operating system is related to automobile control for accessing External equipment, second operating system controls unrelated external equipment for accessing with automobile.
13. a kind of car-mounted terminal, which is characterized in that including processor and memory, wherein the memory is calculated for storing Machine program, the computer program include program instruction, and the processor is configured for calling described program instruction, executes such as Claim 1 to 7 any one of them method.
CN201810198424.1A 2018-03-12 2018-03-12 Security isolation method, safety insulating device based on Trustzone and car-mounted terminal Pending CN108549812A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810198424.1A CN108549812A (en) 2018-03-12 2018-03-12 Security isolation method, safety insulating device based on Trustzone and car-mounted terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810198424.1A CN108549812A (en) 2018-03-12 2018-03-12 Security isolation method, safety insulating device based on Trustzone and car-mounted terminal

Publications (1)

Publication Number Publication Date
CN108549812A true CN108549812A (en) 2018-09-18

Family

ID=63516178

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810198424.1A Pending CN108549812A (en) 2018-03-12 2018-03-12 Security isolation method, safety insulating device based on Trustzone and car-mounted terminal

Country Status (1)

Country Link
CN (1) CN108549812A (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110135197A (en) * 2019-05-22 2019-08-16 核芯互联科技(青岛)有限公司 A kind of reliability real-time protection method of SoC chip
CN111212094A (en) * 2020-03-20 2020-05-29 山东大学 TrustZone-based safety control method for automatic driving carrier
CN111240751A (en) * 2019-12-27 2020-06-05 深圳市众鸿科技股份有限公司 Hardware isolation method and system based on vehicle-mounted intelligent cabin
CN112026783A (en) * 2019-06-04 2020-12-04 上海擎感智能科技有限公司 Vehicle control method, front end, rear end, device, and computer-readable storage medium
CN112305962A (en) * 2020-10-21 2021-02-02 麒麟软件有限公司 Wireless device control method based on ARM platform supporting Trustzone
CN113014381A (en) * 2021-02-19 2021-06-22 广州橙行智动汽车科技有限公司 Secret key processing method and device of vehicle-mounted terminal, electronic equipment and medium
WO2022141128A1 (en) * 2020-12-29 2022-07-07 华为技术有限公司 Safety isolation apparatus and method
CN115242854A (en) * 2022-09-21 2022-10-25 广汽埃安新能源汽车有限公司 Automobile remote control method and system
CN117633912A (en) * 2024-01-26 2024-03-01 南湖实验室 RISC-V architecture-based high-throughput secret calculation method and system

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104318182A (en) * 2014-10-29 2015-01-28 中国科学院信息工程研究所 Intelligent terminal isolation system and intelligent terminal isolation method both based on processor safety extension

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104318182A (en) * 2014-10-29 2015-01-28 中国科学院信息工程研究所 Intelligent terminal isolation system and intelligent terminal isolation method both based on processor safety extension

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
SE WON KIM ET AL: "Secure Device Access for Automotive Software", 《2013 INTERNATIONAL CONFERENCE ON CONNECTED VEHICLES AND EXPO》 *

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110135197A (en) * 2019-05-22 2019-08-16 核芯互联科技(青岛)有限公司 A kind of reliability real-time protection method of SoC chip
CN112026783A (en) * 2019-06-04 2020-12-04 上海擎感智能科技有限公司 Vehicle control method, front end, rear end, device, and computer-readable storage medium
CN111240751A (en) * 2019-12-27 2020-06-05 深圳市众鸿科技股份有限公司 Hardware isolation method and system based on vehicle-mounted intelligent cabin
CN111240751B (en) * 2019-12-27 2024-06-07 深圳市众鸿科技股份有限公司 Hardware isolation method and system based on vehicle-mounted intelligent cabin
CN111212094A (en) * 2020-03-20 2020-05-29 山东大学 TrustZone-based safety control method for automatic driving carrier
CN112305962A (en) * 2020-10-21 2021-02-02 麒麟软件有限公司 Wireless device control method based on ARM platform supporting Trustzone
WO2022141128A1 (en) * 2020-12-29 2022-07-07 华为技术有限公司 Safety isolation apparatus and method
CN113014381A (en) * 2021-02-19 2021-06-22 广州橙行智动汽车科技有限公司 Secret key processing method and device of vehicle-mounted terminal, electronic equipment and medium
CN115242854A (en) * 2022-09-21 2022-10-25 广汽埃安新能源汽车有限公司 Automobile remote control method and system
CN117633912A (en) * 2024-01-26 2024-03-01 南湖实验室 RISC-V architecture-based high-throughput secret calculation method and system
CN117633912B (en) * 2024-01-26 2024-05-03 南湖实验室 RISC-V architecture-based high-throughput secret calculation method and system

Similar Documents

Publication Publication Date Title
CN108549812A (en) Security isolation method, safety insulating device based on Trustzone and car-mounted terminal
US11416415B2 (en) Technologies for secure device configuration and management
CN108363347B (en) Hardware security for electronic control unit
CN104318182B (en) A kind of intelligent terminal shielding system and method extended based on processor security
KR101952226B1 (en) Secure interaction method and device
EP2587376B1 (en) Systems and methods for semaphore-based protection of shared system resources
CN101874245B (en) Method and apparatus for delegation of secure operating mode access privilege from processor to peripheral
US20180060077A1 (en) Trusted platform module support on reduced instruction set computing architectures
US20070271461A1 (en) Method for managing operability of on-chip debug capability
US20140223047A1 (en) System and method for per-task memory protection for a non-programmable bus master
CN109522099B (en) Method and system for improving instantaneity of non-instantaneity operating system
WO2022001514A1 (en) Method and apparatus for isolating kernel from task
US20210397700A1 (en) Method and apparatus for isolating sensitive untrusted program code on mobile device
CN112817780B (en) Method and system for realizing safety and high-performance interprocess communication
JP2020091849A (en) System-on-chip and method for actuating system-on-chip
CN103714018A (en) Security access control method for chip storage circuit
CN110276214B (en) Dual-core trusted SOC architecture and method based on slave access protection
CN108090376B (en) CAN bus data protection method and system based on TrustZone
CN116881987A (en) Method and device for enabling PCIE equipment to pass through virtual machine and related equipment
CN114844726B (en) Firewall implementation method, chip, electronic device and computer readable storage medium
Thangarajan et al. Towards bridging the gap between modern and legacy automotive ecus: A software-based security framework for legacy ecus
US20190042732A1 (en) Technologies for usb controller state integrity protection
CN112181860B (en) Controller with flash memory simulation function and control method thereof
Schnarz et al. Towards attacks on restricted memory areas through co-processors in embedded multi-os environments via malicious firmware injection
CN202103700U (en) Double network isolation system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180918