CN108549812A - Security isolation method, safety insulating device based on Trustzone and car-mounted terminal - Google Patents
Security isolation method, safety insulating device based on Trustzone and car-mounted terminal Download PDFInfo
- Publication number
- CN108549812A CN108549812A CN201810198424.1A CN201810198424A CN108549812A CN 108549812 A CN108549812 A CN 108549812A CN 201810198424 A CN201810198424 A CN 201810198424A CN 108549812 A CN108549812 A CN 108549812A
- Authority
- CN
- China
- Prior art keywords
- operating system
- environment
- memory
- running environment
- common running
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L2012/40208—Bus networks characterized by the use of a particular bus standard
- H04L2012/40215—Controller Area Network CAN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L2012/40267—Bus for use in transportation systems
- H04L2012/40273—Bus for use in transportation systems the transportation system being a vehicle
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention discloses a kind of security isolation methods based on Trustzone, are applied to car-mounted terminal, and the car-mounted terminal isolates secure operating environment and common running environment in advance;The method includes:The first operating system is run in the secure operating environment, first operating system controls relevant external equipment for accessing with automobile;The second operating system is run in the common running environment, second operating system controls unrelated external equipment for accessing with automobile;Wherein, first operating system is safe in second operating system.Lower second operating system of safety cannot access automobile bus etc. and control relevant peripheral hardware with automobile in the embodiment of the present invention, can improve the safety of car-mounted terminal.Correspondingly, the embodiment of the invention also discloses a kind of safety insulating devices and car-mounted terminal with Trustzone frameworks.
Description
Technical field
The present invention relates to automobile technical field more particularly to a kind of security isolation method based on Trustzone, safety every
From device and car-mounted terminal.
Background technology
Currently, controller local area network (Controller Area Network, CAN) bus is obtained in automotive field
It is widely applied, it is vehicle-mounted to realize that many world-famous automobile manufacturing companies (such as benz, BMW) all use CAN bus
Data communication between the multiple electronic control units of terminal inner (Electronic Control Unit, ECU).
In general, car-mounted terminal may include three classes CAN bus, and wherein first kind CAN bus is for connecting automobile drive
Each ECU (including Engine ECU, speed changer ECU etc.) of dynamic system (or being automotive control system), the second class CAN bus
Each ECU (including car door ECU, air-conditioner ECU) for connecting body control system, third class CAN bus is for connecting automobile
Each ECU (including audio ECU, telecommunication ECU etc.) of entertainment systems.When car-mounted terminal has remote control function, by
In needing to carry out remote control to automobile driving system by first kind CAN bus, each ECU of automotive entertainment system also can
It is directly connected in first kind CAN bus.In this case, as long as intentionally personage has broken through any one of automotive entertainment system
A component can operate first kind CAN bus and then control automobile driving system so that the safety of car-mounted terminal is dropped significantly
It is low.
Invention content
The embodiment of the present invention provides a kind of security isolation method based on Trustzone, the peace with Trustzone frameworks
Full isolating device and car-mounted terminal, can improve the safety of car-mounted terminal.
In a first aspect, an embodiment of the present invention provides a kind of security isolation method based on Trustzone, it is applied to vehicle-mounted
Terminal, the car-mounted terminal isolate secure operating environment and common running environment in advance, wherein the secure operating environment
It is safe in the common running environment;The method includes:
The first operating system is run in the secure operating environment, first operating system is controlled for accessing with automobile
Relevant external equipment;
The second operating system is run in the common running environment, second operating system is controlled for accessing with automobile
Unrelated external equipment;
Wherein, first operating system is safe in second operating system.
Optionally, the memory of the car-mounted terminal includes the first region of memory and the second region of memory, wherein described second
Region of memory it is safe in first region of memory;The method further includes:
When in the common running environment, if detecting the first handover event, enter monitoring mode, described first
Handover event is the first subset for receiving the first security monitoring call instruction or receiving hardware anomalies mechanism;
By the first state information storage of the common running environment to first memory field under the monitoring mode
Domain, and restore the second status information of the secure operating environment, second status information is stored in second memory field
Domain;
The mode flags position of specified register is set as 0 to enter the safe operation ring under the monitoring mode
Border.
Optionally, the method further includes:
When in the secure operating environment, if detecting the second handover event, enter the monitoring mode, it is described
Second handover event is the second subset for receiving the second security monitoring call instruction or receiving hardware anomalies mechanism;
The second status information of the secure operating environment is stored to second memory field under the monitoring mode
Domain, and restore the first state information of the common running environment, the first state information storage is in first memory field
Domain;
The mode flags position of specified register is set as 1 to enter the common operation ring under the monitoring mode
Border.
Optionally, the car-mounted terminal cannot access the specified register under the common running environment;The side
Method further includes:
When in the monitoring mode, first operating system is run in the secure operating environment.
Optionally, the method further includes:
When receiving power-on servicing, first is run into the secure operating environment, and in the secure operating environment
Bootstrap;
After the first bootstrap end of run, the second bootstrap is run;
After the second bootstrap end of run, start first operating system;
After first os starting, into the common running environment, and in the common operation ring
Border runs third bootstrap;
After the third bootstrap end of run, start second operating system.
Optionally, before entering the common running environment, the method further includes:
The access rights of first operating system and second operating system are configured in the secure operating environment,
So that first operating system controls relevant external equipment for accessing with automobile, second operating system is for accessing
Unrelated external equipment is controlled with automobile.
Second aspect, an embodiment of the present invention provides a kind of safety insulating device with Trustzone frameworks, the dresses
Set and isolate secure operating environment and common running environment in advance, wherein the secure operating environment it is safe in described
Common running environment;Described device includes:
First operation module, for running the first operating system, first operating system in the secure operating environment
For accessing relevant external equipment is controlled with automobile;
Second operation module, for running the second operating system, second operating system in the common running environment
For accessing unrelated external equipment is controlled with automobile;
Wherein, first operating system is safe in second operating system.
Optionally, the memory of the car-mounted terminal includes the first region of memory and the second region of memory, wherein described second
Region of memory it is safe in first region of memory;Described device further includes:
First handover module, for when in the common running environment, if detecting the first handover event, entering
Monitoring mode, first handover event are to receive the first security monitoring call instruction or receive the of hardware anomalies mechanism
One subset;
First memory module is used for the first state information storage of the common running environment under the monitoring mode
To first region of memory;
First recovery module, the second status information for restoring the secure operating environment under the monitoring mode,
Second status information is stored in second region of memory;
First setup module, under the monitoring mode by the mode flags position of specified register be set as 0 with into
Enter the secure operating environment.
Optionally, described device further includes:
Second handover module, for when in the secure operating environment, if detecting the second handover event, entering
The monitoring mode, second handover event are to receive the second security monitoring call instruction or receive hardware anomalies mechanism
Second subset;
Second memory module, for storing the second status information of the secure operating environment under the monitoring mode
To second region of memory;
Second recovery module, the first state information for restoring the common running environment under the monitoring mode,
The first state information storage is in first region of memory;
Second setup module, for the mode flags position of the specified register to be set as 1 under the monitoring mode
To enter the common running environment.
Optionally, described device cannot access the specified register under the common running environment;Second fortune
Row module is additionally operable to when in the monitoring mode, and first operating system is run in the secure operating environment.
Optionally, described device further includes:
Third runs module, for when receiving power-on servicing, into the secure operating environment, and in the safety
Running environment runs the first bootstrap;
The third runs module, is additionally operable to after the first bootstrap end of run, runs the second bootstrap;
Starting module, for after the second bootstrap end of run, starting first operating system;
Third runs module, is additionally operable to after first os starting, into the common running environment,
And run third bootstrap in the common running environment;
The starting module is additionally operable to after the third bootstrap end of run, starts second operating system.
Optionally, described device further includes:
Configuration module, for before entering the common running environment, described first to be configured in the secure operating environment
The access rights of operating system and second operating system, so that first operating system is controlled for accessing with automobile
Relevant external equipment, second operating system control unrelated external equipment for accessing with automobile.
The third aspect, an embodiment of the present invention provides a kind of car-mounted terminal, the car-mounted terminal includes processor and storage
Device, wherein the memory is for storing computer program, and the computer program includes program instruction, the processor quilt
It is configured to call described program instruction, the method for executing above-mentioned first aspect.
Fourth aspect, an embodiment of the present invention provides a kind of computer readable storage medium, the computer-readable storage
It includes program instruction that media storage, which has computer program, the computer program, and described program instructs when being executed by a processor
The method for making the processor execute above-mentioned first aspect.
The embodiment of the present invention is strictly controlled by isolating secure operating environment and common running environment in car-mounted terminal
The peripheral access permission of secure operating environment processed and common running environment so that the second of the lower common running environment of safety
Operating system cannot access automobile bus etc. and control relevant peripheral hardware with automobile, can improve the safety of car-mounted terminal.
Description of the drawings
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
Obtain other attached drawings according to these attached drawings.
Fig. 1 is a kind of secure operating environment provided in an embodiment of the present invention and the switching schematic diagram of common running environment;
Fig. 2 is a kind of flow diagram of security isolation method based on Trustzone provided in an embodiment of the present invention;
Fig. 3 is a kind of peripheral access permission schematic diagram of car-mounted terminal provided in an embodiment of the present invention;
Fig. 4 is the flow diagram of another security isolation method based on Trustzone provided in an embodiment of the present invention;
Fig. 5 is a kind of structural representation of safety insulating device with Trustzone frameworks provided in an embodiment of the present invention
Figure;
Fig. 6 is that another structure with the safety insulating device of Trustzone frameworks provided in an embodiment of the present invention is shown
It is intended to;
Fig. 7 is a kind of structural schematic diagram of car-mounted terminal provided in an embodiment of the present invention.
Specific implementation mode
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation describes, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, those of ordinary skill in the art are obtained every other without creative efforts
Embodiment shall fall within the protection scope of the present invention.
The embodiment of the present invention provides a kind of security isolation method being based on trusted region (Trustzone), is applied to vehicle
Mounted terminal.Wherein, Trustzone is a kind of hardware structure that ARM companies are directed to that consumption electronic product proposes, the purpose is to disappear
Expense electronic product builds a security framework to resist various possible attacks.
Specifically, Trustzone isolates secure operating environment (Secure World) and general in advance in car-mounted terminal
Logical running environment (Normal World), and by the central processing unit of car-mounted terminal (Central Processing Unit,
CPU whole system resources (including hardware and software resource)) are divided into secure operating environment and common running environment in advance, with
And it is the physical core of CPU is virtual for a safe kernel (Secure Core) and non-security core (Non-Secure a Core, NS
Core), wherein safe kernel is used to run the first operating system (Operating System, OS), non-peace in secure operating environment
Full core is used in common running environment (or being non-security running environment) the second operating system of operation.Wherein, virtual safety
Core and non-security core occupy physical core in turn in a manner of timeslot-based, specifically, as needed safe kernel and non-security core its
One of in real time occupy physical core.
Wherein, the safe safety in common running environment of secure operating environment, the safety of the first operating system
Property be higher than the second operating system safety.As an alternative embodiment, the second operating system can be Android
(Android) operating system.
In addition, supporting the level expansion interface (Advanced eXtensible Interface, AXI) of Trustzone total
Hardware logic in line construction may insure that non-security core can only access the system resource of common running environment, and safe nuclear energy is visited
Ask that all system resources, the i.e. system resource of secure operating environment will not be accessed by non-security core, in safe operation ring
Powerful boundary is built between border and common running environment.
In an embodiment of the present invention, the first operating system can access automobile bus etc. and automobile control is relevant
External equipment (can abbreviation peripheral hardware), wherein automobile bus can in order to control device LAN (Controller Area Network,
CAN) arbitrary in bus, local interconnect network (Local Interconnect Network, LIN) bus, Flexray buses
One kind, certainly, automobile bus are not limited to above-mentioned three kinds of buses;Second operating system can be accessed controls unrelated outside with automobile
Equipment, such as Wireless Fidelity (Wireless Fidelity, Wi-Fi) module, bluetooth module, display panel module, audio-frequency module etc..
It is understood that the first operating system can also be accessed controls unrelated external equipment with automobile, but the second operating system is not
It can access and control relevant external equipment with automobile.
It should be noted that secure operating environment and common running environment are carried out by monitoring mode (Monitor Mode)
Switching, as shown in Figure 1.From fig. 1, it can be seen that when CPU is in user mode (the User Mode) of common running environment, if needed
Secure operating environment is switched to from common running environment, then initially enter the privileged mode of common running environment
(Privileged Mode) subsequently into monitoring mode, then enters by monitoring mode the privileged mode of secure operating environment,
Finally enter the user mode of secure operating environment.It should be noted that CPU from common running environment or secure operating environment into
The operation for entering monitoring mode is tightly controlled, and these operations are considered as the exception sent out to monitoring mode.Specifically,
The first security monitoring calling (Secure can be executed by software by entering the operation of monitoring mode from common running environment
Monitor Call, SMC) it instruction triggers or is triggered by the first subset of hardware anomalies mechanism.Wherein, hardware anomalies mechanism
First subset may include fast interrupt requests (Fast Interrupt reQuest, FIQ).
It is also known from Fig. 1, when CPU is in the user mode of secure operating environment, if necessary from safe operation ring
Border switches to common running environment, then initially enters the privileged mode of secure operating environment, subsequently into monitoring mode, then passes through
Monitoring mode enters the privileged mode of common running environment, finally enters the user mode of common running environment.Specifically, from peace
The operation that full running environment enters monitoring mode can execute the 2nd SMC instruction triggers or by hardware anomalies mechanism by software
Second subset triggering.Wherein, the second subset of hardware anomalies mechanism may include interrupt requests (Interrupt Request,
IRQ)。
It should be noted that in an embodiment of the present invention, FIQ is the interrupt source of secure operating environment, specifically, when
When secure operating environment receives IRQ, CPU handles the FIQ under the secure operating environment being presently in;IRQ is common fortune
The interrupt source of row environment, specifically, when common running environment receives IRQ, CPU is in the common running environment being presently in
The lower processing IRQ.
It should also be noted that, further including coprocessor CP15, the security configuration of coprocessor CP15 in car-mounted terminal
Register (Secure Configuration Register, SCR) includes mode flags position NS, and the NS for referring to
Show which running environment CPU is currently at.Specifically, show that CPU is currently located in secure operating environment when being 0 for NS, when
NS show that CPU is currently located in common running environment when being 1.It should be noted that SCR registers are under common running environment
Cannot be accessed, therefore when CPU is in monitoring mode, no matter NS be 0 or it is all in secure operating environment to be 1, CPU
Run the second operating system, i.e., monitoring mode is to be located at secure operating environment always, this point from Fig. 1 it is also seen that.
It should also be noted that, the memory of car-mounted terminal includes the first region of memory and the second region of memory.Wherein, second
The safe safety in the first region of memory of region of memory.
When CPU enters monitoring mode from common running environment, by the way that the positions NS of SCR registers are set in the monitoring mode
Secure operating environment can be entered by being set to 0, CPU.In this case, CPU also needs to commonly run ring in the monitoring mode
The first state information storage in border restores the second status information of secure operating environment to the first region of memory, second shape
State information storage is in the second region of memory.
When CPU enters monitoring mode from secure operating environment, by the way that the positions NS of SCR registers are set in the monitoring mode
Common running environment can be entered by being set to 1, CPU.In this case, CPU is also needed to safe operation ring in the monitoring mode
Second status information in border is stored to the second region of memory, and restores the first state information of common running environment, first shape
State information storage is in the first region of memory.Wherein, first state information and the second status information be respectively common running environment and
The information such as the data of secure operating environment and setting.
Seen from the above description, AXI buses mechanism can isolate safe fortune in car-mounted terminal in the embodiment of the present invention
Row environment and common running environment, CPU start after by strictly controlling the access right of secure operating environment and common running environment
It limits (i.e. the access rights of the first operating system and the second operating system), the safety of car-mounted terminal can be improved.
It should be noted that CPU, which is connected various external equipments by external bus, constitutes system on chip (System
On Chip, SoC).The safety of SoC itself is determined by its Booting sequence.After the power is turned on, SoC is first from safe operation ring for car-mounted terminal
Border starts to execute, and secure operating environment can verify the bootstrap (Bootloader) of common running environment, it is ensured that general
The code that logical running environment executes is by mandate without being tampered with.Then common running environment can load the second operation system
System, completes the startup of entire SoC.In the second operating system of boot program loads of common running environment, secure operating environment
Also the code of the second operating system can be verified, it is ensured that it is not tampered with.Specifically, car-mounted terminal after the power is turned on, adds first
Carry and run the bootstrap of SoC;After the bootstrap end of run of Soc, the bootstrap of Flash equipment is loaded and run;
After the bootstrap end of run of Flash equipment, the first operating system of simultaneously operational safety running environment is loaded;Safe operation ring
The bootstrap of common running environment is verified in border, after being verified, loads and run the guiding journey of common running environment
Sequence;After the bootstrap end of run of common running environment, second operating system of the secure operating environment to common running environment
It is verified, after being verified, loads and run the second operating system of common running environment, so far, SoC start completions are simultaneously opened
Begin to run.
In conclusion the embodiment of the present invention in car-mounted terminal by isolating secure operating environment and common operation ring
Border, and strictly control the peripheral access permission of secure operating environment and common running environment so that the lower common fortune of safety
Second operating system of row environment cannot access automobile bus etc. and control relevant peripheral hardware with automobile, can improve vehicle-mounted end
The safety at end.With reference to Fig. 2 to Fig. 7 to security isolation method provided in an embodiment of the present invention based on Trustzone, tool
The safety insulating device and car-mounted terminal for having Trustzone frameworks are described in detail respectively.
Fig. 2 is referred to, is that a kind of flow of security isolation method based on Trustzone provided in an embodiment of the present invention is shown
It is intended to.Specifically, the method is applied to car-mounted terminal, and the car-mounted terminal isolates secure operating environment and common fortune in advance
Row environment, wherein the secure operating environment it is safe in the common running environment.It is as shown in Figure 2 based on
The security isolation method of Trustzone may include:
S101, the first operating system is run in the secure operating environment.
In an embodiment of the present invention, first operating system controls relevant external equipment for accessing with automobile,
As shown in Figure 3.Wherein, described to control relevant external equipment with automobile (such as CAN is total including at least the automobile bus of car-mounted terminal
Line, LIN buses, Flexray buses etc.).
S102, the second operating system is run in the common running environment.
In an embodiment of the present invention, first operating system is safe in second operating system, and
The external device access permission of first operating system is higher than second operating system, specifically, second operation system
System controls unrelated external equipment for accessing with automobile, as shown in Figure 3.It is understood that first operating system
It can access and control unrelated external equipment with automobile, but second operating system cannot be accessed and be controlled outside relevant with automobile
Portion's equipment.It is wherein, described that unrelated external equipment is controlled with automobile may include Wi-Fi module, bluetooth module, display screen mould
Block, audio-frequency module etc..As an alternative embodiment, second operating system can be Android operation system.
It is in an embodiment of the present invention, safe in the common running environment due to the secure operating environment,
Therefore high security require operation (such as fingerprint recognition, Cipher Processing, data encrypting and deciphering, safety certification need for confidentiality behaviour
Make) it can be executed in the secure operating environment, other operations can be in institute (such as operating system of user, various application programs etc.)
It states common running environment to execute, so may insure that car-mounted terminal can resist numerous potential attacks.
It should be noted that whole system resources of the CPU of car-mounted terminal are divided into the safety by Trustzone in advance
Running environment and the common running environment, and be virtually a safe kernel and a non-security core by the physical core of CPU,
Middle safe kernel is used to run the first operating system in secure operating environment, non-security core be used for (or be in common running environment
Non-security running environment) the second operating system of operation.Wherein, virtual safe kernel and non-security the core wheel in a manner of timeslot-based
Stream occupies physical core, specifically, one of safe kernel and non-security core occupy physical core in real time as needed.Therefore, it compares
For the first operating system and the second operating system occupy the technical solution of a physical core respectively, the embodiment of the present invention is saved
One physical core.
It should also be noted that, the AXI bus mechanism that Trustzone is provided may insure that non-security core can only access commonly
The system resource of running environment, and safe nuclear energy accesses all system resources, the i.e. system resource of secure operating environment will not be by
Non-security core is accessed, and to build powerful boundary between secure operating environment and common running environment, realizes first
The security isolation of operating system and the second operating system improves the safety of car-mounted terminal.
In embodiments of the present invention, by isolating secure operating environment and common running environment in car-mounted terminal, and
The peripheral access permission of stringent control secure operating environment and common running environment so that the lower common running environment of safety
The second operating system cannot access automobile bus etc. and automobile and control relevant peripheral hardware, the peace of car-mounted terminal can be improved
Quan Xing.
Fig. 4 is referred to, is the flow of another security isolation method based on Trustzone provided in an embodiment of the present invention
Schematic diagram.Specifically, the method is applied to car-mounted terminal, and the car-mounted terminal isolates secure operating environment and common in advance
Running environment, wherein the secure operating environment it is safe in the common running environment.It is as shown in Figure 4 based on
The security isolation method of Trustzone may include:
S201, when receiving power-on servicing, into the secure operating environment, and the secure operating environment run
First bootstrap.
After the power is turned on, SoC is executed since the secure operating environment car-mounted terminal first.In an embodiment of the present invention,
First bootstrap can be SoC bootstrap.
S202, the second bootstrap of operation.
After the first bootstrap end of run, car-mounted terminal can run the second bootstrap.The present invention's
In embodiment, second bootstrap can be the bootstrap of Flash equipment.
S203, start the first operating system.
After the second bootstrap end of run, car-mounted terminal can start the first operating system.The present invention's
In embodiment, first operating system is the operating system of the secure operating environment.
S204, third bootstrap is run into the common running environment, and in the common running environment.
After first os starting, car-mounted terminal can enter the common running environment, and in institute
State common running environment operation third bootstrap.In an embodiment of the present invention, the third bootstrap is described common
The bootstrap of running environment.
It should be noted that the secure operating environment can verify the bootstrap of the common running environment,
Ensure that the code that the common running environment executes passes through mandate without being tampered with.
It should also be noted that, before car-mounted terminal enters the common running environment, car-mounted terminal can also configure described
The access rights of first operating system and second operating system, so that first operating system is for access and automobile
Relevant external equipment is controlled, second operating system controls unrelated external equipment for accessing with automobile.
S205, start the second operating system.
After the third bootstrap end of run, car-mounted terminal can start the second operating system.The present invention's
In embodiment, second operating system is the operating system of the common running environment.Wherein, first operating system
It is safe in second operating system.As an alternative embodiment, second operating system can be
Android operation system.
It should be noted that the secure operating environment can also verify the code of second operating system, really
It protects it to be not tampered with, ensures that the safety of entire SoC itself.Wherein, SoC is passed through external total by the CPU of car-mounted terminal
Various external equipments are connected composition by line.
S206, second operating system is run in the common running environment.
In an embodiment of the present invention, the external device access permission of first operating system is operated higher than described second
System, specifically, first operating system controls relevant external equipment, second operating system for accessing with automobile
For accessing unrelated external equipment is controlled with automobile.It is understood that first operating system can also access and vapour
Vehicle controls unrelated external equipment, but second operating system cannot access and control relevant external equipment with automobile.
Wherein, described to control relevant external equipment with automobile (such as CAN is total including at least the automobile bus of car-mounted terminal
Line, LIN buses, Flexray buses etc.), it is described that unrelated external equipment is controlled with automobile may include Wi-Fi module, bluetooth
Module, display panel module, audio-frequency module etc..
S207, when in the common running environment, if detecting the first handover event, enter monitoring mode.
It should be noted that in an embodiment of the present invention, secure operating environment and common running environment are by monitoring mould
Formula switches over.
In an embodiment of the present invention, first handover event is to receive the first SMC instructions or to receive hardware different
First subset of normal mechanism.Wherein, the first subset of hardware anomalies mechanism may include FIQ.
S208, under the monitoring mode by the first state information storage of the common running environment to the first memory field
Domain, and restore the second status information of the secure operating environment.
It should be noted that in an embodiment of the present invention, the memory of car-mounted terminal includes the first region of memory and second
Region of memory.Wherein, the safe safety in the first region of memory of the second region of memory.
In an embodiment of the present invention, second status information is stored in second region of memory.
S209, under the monitoring mode by the mode flags position of specified register be set as 0 with enter it is described safety transport
Row environment.
In an embodiment of the present invention, the specified register is SCR registers.
It should be noted that further including coprocessor CP15, the SCR register packets of coprocessor CP15 in car-mounted terminal
Mode flags position NS is included, the NS is used to indicate which running environment car-mounted terminal is currently located in.Specifically, working as NS
Position shows that car-mounted terminal is currently located in secure operating environment when being 0, shows that car-mounted terminal is currently located in common fortune when being 1 for NS
Row environment.
It should also be noted that, SCR registers cannot be accessed under common running environment, therefore work as car-mounted terminal
When in monitoring mode, no matter NS be 0 or be 1, car-mounted terminal is all to run the first operating system in secure operating environment,
I.e. monitoring mode is positioned at secure operating environment.
S210, first operating system is run in the secure operating environment.
It is in an embodiment of the present invention, safe in the common running environment due to the secure operating environment,
Therefore high security require operation (such as fingerprint recognition, Cipher Processing, data encrypting and deciphering, safety certification need for confidentiality behaviour
Make) it can be executed in the secure operating environment, the secure operating environment can be by implementing result (as added solution after being finished
Close result) return to the common running environment.
In an alternative embodiment, when car-mounted terminal is in secure operating environment, if detecting the second switching thing
Part, then the car-mounted terminal enter the monitoring mode.Wherein, second handover event be receive the 2nd SMC instruction or
Receive the second subset of hardware anomalies mechanism.Wherein, the second subset of hardware anomalies mechanism may include IRQ.
Further, car-mounted terminal stores the second status information of the secure operating environment under the monitoring mode
To second region of memory, and restore the first state information of the common running environment.Wherein, the first state information
It is stored in first region of memory.In addition, car-mounted terminal also under the monitoring mode by the mode flags position of SCR registers
1 is set as to enter the common running environment.
In embodiments of the present invention, by isolating secure operating environment and common running environment in car-mounted terminal, and
The peripheral access permission of stringent control secure operating environment and common running environment so that the lower common running environment of safety
The second operating system cannot access automobile bus etc. and automobile and control relevant peripheral hardware, the peace of car-mounted terminal can be improved
Quan Xing.
The embodiment of the present invention also provides a kind of safety insulating device 100 with Trustzone frameworks, described device 100
Isolate secure operating environment and common running environment in advance, wherein the secure operating environment it is safe in described general
Logical running environment.The device 100 includes the module for executing the application method shown in Fig. 2, can be configured at car-mounted terminal
In.Specifically, Fig. 5 is referred to, is a kind of structural schematic diagram of safety insulating device provided in an embodiment of the present invention.Such as Fig. 5 institutes
The safety insulating device 100 shown may include:First operation module 101 and second runs module 102.Wherein,
The first operation module 101, for running the first operating system, first behaviour in the secure operating environment
Make system for access with the relevant external equipment of automobile control.
The second operation module 102, for running the second operating system, second behaviour in the common running environment
Make system and controls unrelated external equipment with automobile for accessing.
Wherein, first operating system is safe in second operating system.
It should be noted that the specific workflow of safety insulating device 100 provided in an embodiment of the present invention please refers to this
The method flow part that inventive embodiments provide, details are not described herein.
In embodiments of the present invention, by isolating secure operating environment and common operation ring in safety insulating device
Border, and strictly control the peripheral access permission of secure operating environment and common running environment so that the lower common fortune of safety
Second operating system of row environment cannot access automobile bus etc. and automobile and control relevant peripheral hardware, can improve safety every
Safety from device.
The embodiment of the present invention also provides another safety insulating device 200 with Trustzone frameworks, described device
200 isolate secure operating environment and common running environment in advance, wherein the secure operating environment it is safe in described
Common running environment.The device 200 includes the module for executing the application method shown in Fig. 4, can be configured at vehicle-mounted end
In end.Specifically, Fig. 6 is referred to, is a kind of structural schematic diagram of safety insulating device provided in an embodiment of the present invention.Such as Fig. 6
Shown in safety insulating device 200 may include:Third runs module 201, starting module 202, configuration module 203, first and transports
Row module 204, second runs module 205, the first handover module 206, the first memory module 207, the first recovery module 208, the
One setup module 209, the second handover module 210, the second memory module 211 and the second recovery module 212 and the second setup module
213.Wherein,
The third runs module 201, for when receiving power-on servicing, into the secure operating environment, and
The secure operating environment runs the first bootstrap.
The third runs module 201, is additionally operable to after the first bootstrap end of run, operation the second guiding journey
Sequence.
The starting module 202, for after the second bootstrap end of run, starting the first operating system.
The third runs module 201, is additionally operable to after first os starting, into the common fortune
Row environment, and run third bootstrap in the common running environment.
The starting module 202 is additionally operable to after the third bootstrap end of run, starts the second operating system.
Wherein, first operating system is safe in second operating system.
The configuration module 203, for before entering the common running environment, institute to be configured in the secure operating environment
The access rights of the first operating system and second operating system are stated, so that first operating system is for access and vapour
Vehicle controls relevant external equipment, and second operating system controls unrelated external equipment for accessing with automobile.
The first operation module 204, for running first operating system in the secure operating environment, described the
One operating system controls relevant external equipment for accessing with automobile.
The second operation module 205, for running second operating system in the common running environment, described the
Two operating systems control unrelated external equipment for accessing with automobile.
In an embodiment of the present invention, the memory of the car-mounted terminal includes the first region of memory and the second region of memory,
Wherein, second region of memory is safe in first region of memory.
First handover module 206 is used for when in the common running environment, if detecting the first switching thing
Part, then enter monitoring mode, and first handover event is to receive the first security monitoring call instruction or to receive hardware different
First subset of normal mechanism.
First memory module 207 is used for the first state of the common running environment under the monitoring mode
Information storage is to first region of memory.
First recovery module 208, the second shape for restoring the secure operating environment under the monitoring mode
State information, second status information are stored in second region of memory.
First setup module 209, for the mode flags position of specified register to be arranged under the monitoring mode
For 0 to enter the secure operating environment.
Second handover module 210 is used for when in the secure operating environment, if detecting the second switching thing
Part, then enter the monitoring mode, and second handover event is to receive the second security monitoring call instruction or receive hard
The second subset of part abnormal mechanism.
Second memory module 211 is used for the second state of the secure operating environment under the monitoring mode
Information storage is to second region of memory.
Second recovery module 212, the first shape for restoring the common running environment under the monitoring mode
State information, the first state information storage is in first region of memory.
Second setup module 213 is used for the mode flags position of the specified register under the monitoring mode
1 is set as to enter the common running environment.
Optionally, described device 200 cannot access the specified register under the common running environment;Described first
Module 204 is run, is additionally operable to when in the monitoring mode, in secure operating environment operation first operation system
System.
It should be noted that the specific workflow of safety insulating device 200 provided in an embodiment of the present invention please refers to this
The method flow part that inventive embodiments provide, details are not described herein.
In embodiments of the present invention, by isolating secure operating environment and common operation ring in safety insulating device
Border, and strictly control the peripheral access permission of secure operating environment and common running environment so that the lower common fortune of safety
Second operating system of row environment cannot access automobile bus etc. and automobile and control relevant peripheral hardware, can improve safety every
Safety from device.
It is a kind of schematic block diagram of car-mounted terminal provided in an embodiment of the present invention referring to Fig. 7.The car-mounted terminal is advance
Isolate secure operating environment and common running environment, wherein the secure operating environment it is safe in the common fortune
Row environment.Car-mounted terminal 300 in the present embodiment as shown in Figure 7 may include processor 301 and memory 302, wherein institute
It states processor 301 and memory 302 is connected by bus 303.The memory 302 is for storing computer program, the meter
Calculation machine program includes program instruction.
Specifically, the processor 301 is configured for calling described program instruction execution:
The first operating system is run in the secure operating environment, first operating system is controlled for accessing with automobile
Relevant external equipment;
The second operating system is run in the common running environment, second operating system is controlled for accessing with automobile
Unrelated external equipment;
Wherein, first operating system is safe in second operating system.
In an embodiment of the present invention, the memory of the car-mounted terminal includes the first region of memory and the second region of memory,
Wherein, second region of memory is safe in first region of memory.
Optionally, the processor 301 is configured for that described program instruction is called also to execute:
When in the common running environment, if detecting the first handover event, enter monitoring mode, described first
Handover event is the first subset for receiving the first security monitoring call instruction or receiving hardware anomalies mechanism;
By the first state information storage of the common running environment to first memory field under the monitoring mode
Domain, and restore the second status information of the secure operating environment, second status information is stored in second memory field
Domain;
The mode flags position of specified register is set as 0 to enter the safe operation ring under the monitoring mode
Border.
Optionally, the processor 301 is configured for that described program instruction is called also to execute:
When in the secure operating environment, if detecting the second handover event, enter the monitoring mode, it is described
Second handover event is the second subset for receiving the second security monitoring call instruction or receiving hardware anomalies mechanism;
The second status information of the secure operating environment is stored to second memory field under the monitoring mode
Domain, and restore the first state information of the common running environment, the first state information storage is in first memory field
Domain;
The mode flags position of the specified register is set as 1 to enter the common operation under the monitoring mode
Environment.
Optionally, the car-mounted terminal 300 cannot access the specified register under the common running environment;It is described
Processor 301 is configured for that described program instruction is called also to execute:
When in the monitoring mode, first operating system is run in the secure operating environment.
Optionally, the processor 301 is configured for that described program instruction is called also to execute:
When receiving power-on servicing, first is run into the secure operating environment, and in the secure operating environment
Bootstrap;
After the first bootstrap end of run, the second bootstrap is run;
After the second bootstrap end of run, start first operating system;
After first os starting, into the common running environment, and in the common operation ring
Border runs third bootstrap;
After the third bootstrap end of run, start second operating system.
Optionally, before entering the common running environment, the processor 301 is configured for that described program is called to refer to
Order also executes:
The access rights of first operating system and second operating system are configured in the secure operating environment,
So that first operating system controls relevant external equipment for accessing with automobile, second operating system is for accessing
Unrelated external equipment is controlled with automobile.
It should be appreciated that in embodiments of the present invention, the processor 301 can be CPU.The memory 302 can wrap
Read-only memory (Read-Only Memory, ROM) and random access memory (Random Access Memory, RAM) are included,
And provide computer program and data to the processor 301.
In the specific implementation, processor 301 described in the embodiment of the present invention can execute shown in the application Fig. 2 or Fig. 4
The security isolation method based on Trustzone realization method, details are not described herein.
In embodiments of the present invention, the processor 301 calls the program instruction being stored in the memory 302, leads to
It crosses and isolates secure operating environment and common running environment in car-mounted terminal, and strictly control secure operating environment and common fortune
The peripheral access permission of row environment so that the second operating system of the lower common running environment of safety cannot access such as vapour
Vehicle bus etc. controls relevant peripheral hardware with automobile, can improve the safety of car-mounted terminal.
A kind of computer readable storage medium, the computer readable storage medium are also provided in an embodiment of the present invention
It is stored with computer program, the computer program includes program instruction, and described program instruction makes institute when being executed by a processor
It states processor and executes such as security isolation methods of the application Fig. 2 or shown in Fig. 4 based on Trustzone.
The computer readable storage medium can be the internal storage unit of the car-mounted terminal described in previous embodiment, example
Such as the hard disk or memory of car-mounted terminal.The computer readable storage medium can also be that the external storage of the car-mounted terminal is set
Plug-in type hard disk that is standby, such as being equipped on the car-mounted terminal, intelligent memory card (Smart Media Card, SMC), safe number
Word (Secure Digital, SD) blocks, flash card (Flash Card) etc..
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any
Those familiar with the art in the technical scope disclosed by the present invention, can readily occur in various equivalent modifications or replace
It changes, these modifications or substitutions should be covered by the protection scope of the present invention.Therefore, protection scope of the present invention should be with right
It is required that protection domain subject to.
Claims (13)
1. a kind of security isolation method based on Trustzone, which is characterized in that be applied to car-mounted terminal, the car-mounted terminal
Isolate secure operating environment and common running environment in advance, wherein the secure operating environment it is safe in described general
Logical running environment;The method includes:
The first operating system is run in the secure operating environment, first operating system is related to automobile control for accessing
External equipment;
The second operating system is run in the common running environment, second operating system is unrelated with automobile control for accessing
External equipment;
Wherein, first operating system is safe in second operating system.
2. according to the method described in claim 1, it is characterized in that, the memory of the car-mounted terminal include the first region of memory and
Second region of memory, wherein second region of memory it is safe in first region of memory;The method is also wrapped
It includes:
When in the common running environment, if detecting the first handover event, enter monitoring mode, first switching
Event is the first subset for receiving the first security monitoring call instruction or receiving hardware anomalies mechanism;
By the first state information storage of the common running environment to first region of memory under the monitoring mode, and
Restore the second status information of the secure operating environment, second status information is stored in second region of memory;
The mode flags position of specified register is set as 0 to enter the secure operating environment under the monitoring mode.
3. according to the method described in claim 2, it is characterized in that, the method further includes:
When in the secure operating environment, if detecting the second handover event, enter the monitoring mode, described second
Handover event is the second subset for receiving the second security monitoring call instruction or receiving hardware anomalies mechanism;
The second status information of the secure operating environment is stored to second region of memory under the monitoring mode, and
Restore the first state information of the common running environment, the first state information storage is in first region of memory;
The mode flags position of the specified register is set as 1 to enter the common operation ring under the monitoring mode
Border.
4. according to the method described in claim 2, it is characterized in that, the car-mounted terminal cannot under the common running environment
Access the specified register;The method further includes:
When in the monitoring mode, first operating system is run in the secure operating environment.
5. according to the method described in claim 1, it is characterized in that, the method further includes:
When receiving power-on servicing, into the secure operating environment, and in the first guiding of secure operating environment operation
Program;
After the first bootstrap end of run, the second bootstrap is run;
After the second bootstrap end of run, start first operating system;
After first os starting, transported into the common running environment, and in the common running environment
Row third bootstrap;
After the third bootstrap end of run, start second operating system.
6. according to the method described in claim 5, it is characterized in that, before entering the common running environment, the method is also
Including:
The access rights of first operating system and second operating system are configured in the secure operating environment, so that
First operating system controls relevant external equipment for accessing with automobile, and second operating system is used to access and vapour
Vehicle controls unrelated external equipment.
7. a kind of safety insulating device with Trustzone frameworks, which is characterized in that described device isolates safe fortune in advance
Row environment and common running environment, wherein the secure operating environment it is safe in the common running environment;The dress
Set including:
First operation module, for running the first operating system in the secure operating environment, first operating system is used for
It accesses and controls relevant external equipment with automobile;
Second operation module, for running the second operating system in the common running environment, second operating system is used for
It accesses and controls unrelated external equipment with automobile;
Wherein, first operating system is safe in second operating system.
8. device according to claim 7, which is characterized in that the memory of described device includes the first region of memory and second
Region of memory, wherein second region of memory it is safe in first region of memory;Described device further includes:
First handover module, for when in the common running environment, if detecting the first handover event, entering monitoring
Pattern, first handover event are the first son for receiving the first security monitoring call instruction or receiving hardware anomalies mechanism
Collection;
First memory module is used for the first state information storage of the common running environment to institute under the monitoring mode
State the first region of memory;
First recovery module, the second status information for restoring the secure operating environment under the monitoring mode are described
Second status information is stored in second region of memory;
First setup module, for the mode flags position of specified register to be set as 0 to enter under the monitoring mode
State secure operating environment.
9. device according to claim 8, which is characterized in that described device further includes:
Second handover module, for when in the secure operating environment, if detecting the second handover event, entering described
Monitoring mode, second handover event are to receive the second security monitoring call instruction or receive the of hardware anomalies mechanism
Two subsets;
Second memory module, for storing the second status information of the secure operating environment to institute under the monitoring mode
State the second region of memory;
Second recovery module, the first state information for restoring the common running environment under the monitoring mode are described
First state information storage is in first region of memory;
Second setup module, under the monitoring mode by the mode flags position of the specified register be set as 1 with into
Enter the common running environment.
10. device according to claim 8, which is characterized in that described device cannot visit under the common running environment
Ask the specified register;
The second operation module, is additionally operable to when in the monitoring mode, in secure operating environment operation described the
One operating system.
11. device according to claim 7, which is characterized in that described device further includes:
Third runs module, for when receiving power-on servicing, into the secure operating environment, and in the safe operation
Environment runs the first bootstrap;
The third runs module, is additionally operable to after the first bootstrap end of run, runs the second bootstrap;
Starting module, for after the second bootstrap end of run, starting first operating system;
Third runs module, is additionally operable to after first os starting, into the common running environment, and
The common running environment runs third bootstrap;
The starting module is additionally operable to after the third bootstrap end of run, starts second operating system.
12. according to the devices described in claim 11, which is characterized in that described device further includes:
Configuration module, for before entering the common running environment, being operated in secure operating environment configuration described first
The access rights of system and second operating system, so that first operating system is related to automobile control for accessing
External equipment, second operating system controls unrelated external equipment for accessing with automobile.
13. a kind of car-mounted terminal, which is characterized in that including processor and memory, wherein the memory is calculated for storing
Machine program, the computer program include program instruction, and the processor is configured for calling described program instruction, executes such as
Claim 1 to 7 any one of them method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810198424.1A CN108549812A (en) | 2018-03-12 | 2018-03-12 | Security isolation method, safety insulating device based on Trustzone and car-mounted terminal |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810198424.1A CN108549812A (en) | 2018-03-12 | 2018-03-12 | Security isolation method, safety insulating device based on Trustzone and car-mounted terminal |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108549812A true CN108549812A (en) | 2018-09-18 |
Family
ID=63516178
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810198424.1A Pending CN108549812A (en) | 2018-03-12 | 2018-03-12 | Security isolation method, safety insulating device based on Trustzone and car-mounted terminal |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108549812A (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110135197A (en) * | 2019-05-22 | 2019-08-16 | 核芯互联科技(青岛)有限公司 | A kind of reliability real-time protection method of SoC chip |
CN111212094A (en) * | 2020-03-20 | 2020-05-29 | 山东大学 | TrustZone-based safety control method for automatic driving carrier |
CN111240751A (en) * | 2019-12-27 | 2020-06-05 | 深圳市众鸿科技股份有限公司 | Hardware isolation method and system based on vehicle-mounted intelligent cabin |
CN112026783A (en) * | 2019-06-04 | 2020-12-04 | 上海擎感智能科技有限公司 | Vehicle control method, front end, rear end, device, and computer-readable storage medium |
CN112305962A (en) * | 2020-10-21 | 2021-02-02 | 麒麟软件有限公司 | Wireless device control method based on ARM platform supporting Trustzone |
CN113014381A (en) * | 2021-02-19 | 2021-06-22 | 广州橙行智动汽车科技有限公司 | Secret key processing method and device of vehicle-mounted terminal, electronic equipment and medium |
WO2022141128A1 (en) * | 2020-12-29 | 2022-07-07 | 华为技术有限公司 | Safety isolation apparatus and method |
CN115242854A (en) * | 2022-09-21 | 2022-10-25 | 广汽埃安新能源汽车有限公司 | Automobile remote control method and system |
CN117633912A (en) * | 2024-01-26 | 2024-03-01 | 南湖实验室 | RISC-V architecture-based high-throughput secret calculation method and system |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104318182A (en) * | 2014-10-29 | 2015-01-28 | 中国科学院信息工程研究所 | Intelligent terminal isolation system and intelligent terminal isolation method both based on processor safety extension |
-
2018
- 2018-03-12 CN CN201810198424.1A patent/CN108549812A/en active Pending
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104318182A (en) * | 2014-10-29 | 2015-01-28 | 中国科学院信息工程研究所 | Intelligent terminal isolation system and intelligent terminal isolation method both based on processor safety extension |
Non-Patent Citations (1)
Title |
---|
SE WON KIM ET AL: "Secure Device Access for Automotive Software", 《2013 INTERNATIONAL CONFERENCE ON CONNECTED VEHICLES AND EXPO》 * |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110135197A (en) * | 2019-05-22 | 2019-08-16 | 核芯互联科技(青岛)有限公司 | A kind of reliability real-time protection method of SoC chip |
CN112026783A (en) * | 2019-06-04 | 2020-12-04 | 上海擎感智能科技有限公司 | Vehicle control method, front end, rear end, device, and computer-readable storage medium |
CN111240751A (en) * | 2019-12-27 | 2020-06-05 | 深圳市众鸿科技股份有限公司 | Hardware isolation method and system based on vehicle-mounted intelligent cabin |
CN111240751B (en) * | 2019-12-27 | 2024-06-07 | 深圳市众鸿科技股份有限公司 | Hardware isolation method and system based on vehicle-mounted intelligent cabin |
CN111212094A (en) * | 2020-03-20 | 2020-05-29 | 山东大学 | TrustZone-based safety control method for automatic driving carrier |
CN112305962A (en) * | 2020-10-21 | 2021-02-02 | 麒麟软件有限公司 | Wireless device control method based on ARM platform supporting Trustzone |
WO2022141128A1 (en) * | 2020-12-29 | 2022-07-07 | 华为技术有限公司 | Safety isolation apparatus and method |
CN113014381A (en) * | 2021-02-19 | 2021-06-22 | 广州橙行智动汽车科技有限公司 | Secret key processing method and device of vehicle-mounted terminal, electronic equipment and medium |
CN115242854A (en) * | 2022-09-21 | 2022-10-25 | 广汽埃安新能源汽车有限公司 | Automobile remote control method and system |
CN117633912A (en) * | 2024-01-26 | 2024-03-01 | 南湖实验室 | RISC-V architecture-based high-throughput secret calculation method and system |
CN117633912B (en) * | 2024-01-26 | 2024-05-03 | 南湖实验室 | RISC-V architecture-based high-throughput secret calculation method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108549812A (en) | Security isolation method, safety insulating device based on Trustzone and car-mounted terminal | |
US11416415B2 (en) | Technologies for secure device configuration and management | |
CN108363347B (en) | Hardware security for electronic control unit | |
CN104318182B (en) | A kind of intelligent terminal shielding system and method extended based on processor security | |
KR101952226B1 (en) | Secure interaction method and device | |
EP2587376B1 (en) | Systems and methods for semaphore-based protection of shared system resources | |
CN101874245B (en) | Method and apparatus for delegation of secure operating mode access privilege from processor to peripheral | |
US20180060077A1 (en) | Trusted platform module support on reduced instruction set computing architectures | |
US20070271461A1 (en) | Method for managing operability of on-chip debug capability | |
US20140223047A1 (en) | System and method for per-task memory protection for a non-programmable bus master | |
CN109522099B (en) | Method and system for improving instantaneity of non-instantaneity operating system | |
WO2022001514A1 (en) | Method and apparatus for isolating kernel from task | |
US20210397700A1 (en) | Method and apparatus for isolating sensitive untrusted program code on mobile device | |
CN112817780B (en) | Method and system for realizing safety and high-performance interprocess communication | |
JP2020091849A (en) | System-on-chip and method for actuating system-on-chip | |
CN103714018A (en) | Security access control method for chip storage circuit | |
CN110276214B (en) | Dual-core trusted SOC architecture and method based on slave access protection | |
CN108090376B (en) | CAN bus data protection method and system based on TrustZone | |
CN116881987A (en) | Method and device for enabling PCIE equipment to pass through virtual machine and related equipment | |
CN114844726B (en) | Firewall implementation method, chip, electronic device and computer readable storage medium | |
Thangarajan et al. | Towards bridging the gap between modern and legacy automotive ecus: A software-based security framework for legacy ecus | |
US20190042732A1 (en) | Technologies for usb controller state integrity protection | |
CN112181860B (en) | Controller with flash memory simulation function and control method thereof | |
Schnarz et al. | Towards attacks on restricted memory areas through co-processors in embedded multi-os environments via malicious firmware injection | |
CN202103700U (en) | Double network isolation system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180918 |