CN108632024A - A kind of method and device of operation bootstrap - Google Patents
A kind of method and device of operation bootstrap Download PDFInfo
- Publication number
- CN108632024A CN108632024A CN201710169541.0A CN201710169541A CN108632024A CN 108632024 A CN108632024 A CN 108632024A CN 201710169541 A CN201710169541 A CN 201710169541A CN 108632024 A CN108632024 A CN 108632024A
- Authority
- CN
- China
- Prior art keywords
- bootstrap
- check value
- precalculated position
- version head
- external memory
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The present invention relates to it is a kind of operation bootstrap method and device, the method includes:Encrypted first key is read from external memory;The first key crossed using corresponding second key pair encryption is decrypted, and first key is obtained;The version head of encrypted bootstrap is read from external memory;The version head of encrypted bootstrap is decrypted using first key, obtains the version head of bootstrap;Partial data is read from the bootstrap in external memory, and calculates its first check value;If first check value is identical as the second check value in version head, it is decrypted according to the partial data of third key pair bootstrap;Run the partial data of bootstrap.Technical solution through the embodiment of the present invention may be implemented encryption storage of the BOOT program encryption keys in the case where not needing extra memory, further decrease equipment cost, improve equipment performance.
Description
Technical field
The present invention relates to Computer Control Technology field more particularly to a kind of method and devices of operation bootstrap.
Background technology
Currently, in embedded system, equipment reads bootstrap BOOT programs generally from External memory equipment, and startup is drawn
Helical pitch sequence.The External memory equipment being directly welded in equipment, if the program in External memory equipment is not added with any protection, hacker
The loophole that system can be utilized, gets BOOT programs, also solderable lower storage device FLASH, is read by other equipment violence
BOOT programs in FLASH, dis-assembling analysis BOOT programs simultaneously change BOOT programs, FLASH are written again.
To protect BOOT programs not to be damaged, the prior art is often encrypted BOOT programs, and processor starts
When, it needs that first BOOT programs are decrypted, BOOT programs of reruning.BOOT programs are encrypted, additional deposit is needed
Storage equipment is used for storing the key of decryption, certainly will need additionally to increase equipment cost.
Invention content
The technical problem to be solved in the present invention is to provide a kind of methods of operation bootstrap, and BOOT is realized using the method
Encryption storage of the program encryption key in the case where not needing extra memory, further decreases equipment cost, improves equipment
Performance.
Technical solution provided by the invention is as follows:
A method of operation bootstrap, the method includes:
The first storage region reads encrypted first key from external memory;
It is decrypted using first key encrypted described in the second key pair corresponding with the first key, obtains institute
State first key;
The second storage region reads the version head of encrypted bootstrap from the external memory;
The version head of the encrypted bootstrap is decrypted using the first key, obtains the guiding journey
The version head of sequence;
Partial data is read from the bootstrap that third storage region in the external memory stores, and described in calculating
First check value of partial data;
If the second check value phase of the first check value of the partial data and the first precalculated position in the version head
Together, then it is decrypted according to the partial data of bootstrap described in the third key pair in the second precalculated position in the version head;
Run the partial data of the bootstrap.
Further, in the method for the operation bootstrap, the third storage region from the external memory
Partial data is read in the bootstrap of storage, and before the step of calculating the first check value of the partial data, the side
Method further includes:
According to the 4th pre-determined bit of the third check value in the third precalculated position of the version head and/or the version head
The 4th check value set judges whether the version head is effective;
If the third check value is identical as first predetermined value and/or the 4th check value and second predetermined value phase
Together, then judging result is that the version head is effective.
Further, described according to the second precalculated position in the version head in the method for the operation bootstrap
The partial data of bootstrap described in third key pair be decrypted including:
According to the 5th check value in the 5th precalculated position of the version head, judge that third stores in the external memory
Whether the bootstrap of region storage encrypts;
If the bootstrap encryption that third storage region stores in the external memory, according in the version head the
The partial data of bootstrap described in the third key pair in two precalculated positions is decrypted.
Further, in the method for the operation bootstrap, the method further includes:
Bootstrap data are read from the bootstrap that third storage region in the external memory stores, and are calculated
6th check value of the bootstrap data;
If the 7th verification of the 6th check value of the bootstrap data and the 6th precalculated position in the version head
It is worth identical, further judges whether the bootstrap that third storage region in the external memory stores encrypts;
If the bootstrap unencryption that third storage region stores in the external memory, runs the guiding journey
Sequence;
If the bootstrap encryption that third storage region stores in the external memory, according in the version head the
After bootstrap described in the third key pair in two precalculated positions is decrypted, the bootstrap is run.
Further, in the method for the operation bootstrap, the version head of the encrypted bootstrap includes:
Deposit in second check value in the first precalculated position;
Deposit in the third key in the second precalculated position;
Deposit in the third check value in third precalculated position;
Deposit in the 4th check value in the 4th precalculated position;
Deposit in the 5th check value in the 5th precalculated position;
And deposit in the 7th check value in the 6th precalculated position.
Moreover, it relates to which a kind of device of operation bootstrap, described device include:
First read module, for from external memory the first storage region read encrypted first key;
First deciphering module, for close using described in the second key pair corresponding with the first key encrypted first
Key is decrypted, and obtains the first key;
Second read module, for from the external memory the second storage region read encrypted bootstrap
Version head;
Second deciphering module, for being solved to the version head of the encrypted bootstrap using the first key
It is close, obtain the version head of the bootstrap;
First processing module, for the reading part from the bootstrap that third storage region in the external memory stores
Divided data, and calculate the first check value of the partial data;
Third deciphering module, for calculated when the first processing module the first check value of the partial data with it is described
When second check value in the first precalculated position is identical in version head, the third deciphering module is pre- according in the version head second
The partial data for positioning bootstrap described in the third key pair set is decrypted;
Program runs module, the partial data for running the bootstrap.
Further, in the device of the operation bootstrap, described device further includes:
First correction verification module, first correction verification module are used for the third school in the third precalculated position according to the version head
The 4th check value for testing the 4th precalculated position of value and/or the version head judges whether the version head is effective;
If the third check value is identical as first predetermined value and/or the 4th check value and second predetermined value phase
Together, then judging result is that the version head is effective.
Further, in the device of the operation bootstrap, described device further includes:
Second correction verification module, second correction verification module are used for the 5th school in the 5th precalculated position according to the version head
Value is tested, judges whether the bootstrap that third storage region stores in the external memory encrypts;
If the bootstrap encryption that third storage region stores in the external memory, the third deciphering module root
The partial data of bootstrap described in third key pair according to the second precalculated position in the version head is decrypted.
Further, in the device of the operation bootstrap, described device further includes:
Third read module draws for being read from the bootstrap that third storage region in the external memory stores
Program data is led, and calculates the 6th check value of the bootstrap data;
Third correction verification module, the third correction verification module be used for when the bootstrap data the 6th check value with it is described
When the 7th check value in the 6th precalculated position is identical in version head, third storage region in the external memory is further judged
Whether the bootstrap of storage encrypts;
If the third correction verification module judges the bootstrap of third storage region storage in the external memory not
Encryption, described program run module and run the bootstrap;
4th deciphering module judges that third storage region is deposited in the external memory for working as the third correction verification module
When the bootstrap encryption of storage, solved according to bootstrap described in the third key pair in the second precalculated position in the version head
Close, after the bootstrap is decrypted, described program runs module and runs the bootstrap.
Further, in the device of the operation bootstrap, second storage region includes:
First precalculated position, for storing the second check value;
Second precalculated position, for storing third key;
Third precalculated position, for storing third check value;
4th precalculated position, for storing the 4th check value;
5th precalculated position, for storing the 5th check value;
And the 6th precalculated position, for storing the 7th check value.
It is had the beneficial effect that caused by the present invention:
A kind of method and device for operation bootstrap that the embodiment of the present invention is provided, passes through equipment central processing unit
The data of CPU and external memory cooperate, and realize the encryption storage of BOOT program encryption keys.Utilize the method present invention
Encryption storage of the BOOT program encryption keys in the case where not needing extra memory may be implemented in embodiment technical solution,
To further decrease equipment cost, further increase equipment performance.
Description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, needed in being described below to the embodiment of the present invention
Attached drawing to be used is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention,
For those of ordinary skill in the art, without creative efforts, it can also be obtained according to these attached drawings
Other attached drawings.
Fig. 1 shows a kind of flow charts of the method for operation bootstrap provided in an embodiment of the present invention;
Fig. 2 indicates external memory structural schematic diagram provided in an embodiment of the present invention;
Fig. 3 indicates the flow chart of the method for another operation bootstrap provided in an embodiment of the present invention;
Fig. 4 indicate the present embodiments relate to bootstrap version head structural schematic diagram;
Fig. 5 indicates the structural schematic diagram of the device of operation bootstrap provided in an embodiment of the present invention.
Specific implementation mode
Below in conjunction with specific embodiments and attached drawing, the present invention is described in further detail.Described implementation
Example is a part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, ordinary skill
The every other embodiment that personnel are obtained without creative efforts, shall fall within the protection scope of the present invention.
It is a kind of flow chart of the method for operation bootstrap provided in an embodiment of the present invention referring to Fig. 1, Fig. 1, such as Fig. 1 institutes
Show, the method includes:
S101, the first storage region reads encrypted first key from external memory.
In the embodiment of the present invention, encrypted first key is stored in the first storage region in external memory, without
Extra memory is needed, equipment cost is advantageously reduced, further increases equipment performance.
It is external memory structural schematic diagram provided in an embodiment of the present invention referring to Fig. 2, Fig. 2, as shown in Fig. 2, described outer
Portion's memory includes:First storage region 110, the second storage region 120, third storage region 130.Wherein, the first memory block
Domain 110 is for storing encrypted key information, such as RSA public keys;Second storage region 120 is for storing encrypted version
Head;Third storage region is for storing encrypted BOOT program versions.
S102, it is decrypted using first key encrypted described in the second key pair corresponding with the first key,
Obtain the first key.
In the embodiment of the present invention, by being decrypted to obtain the first key to the encrypted key.Wherein, institute
It can be RSA-2048 public keys to state first key, and data format is as shown in table 1.
1 first key data format of table
Offset, unit:Byte | Meaning |
0~3 | Key Tpe, 0-RSA 2048 |
4~7 | CRC32 |
8~511 | Store primary key |
S103, the second storage region reads the version head of encrypted bootstrap from the external memory.
S104, the version head of the encrypted bootstrap is decrypted using the first key, is obtained described
The version head of bootstrap.
In the embodiment of the present invention, the version head of encrypted bootstrap is solved by using the first key
It is close, the version head of the bootstrap is obtained, as shown in table 2.Wherein, the version head of the bootstrap mainly include for pair
The key of the bootstrap decryption, and the serial check value for judging the bootstrap correlated condition.
2 version head format of table
S105, partial data is read from the bootstrap that third storage region in the external memory stores, and counted
Calculate the first check value of the partial data.
S106, judgment part data the first check value and the first precalculated position in the version head the second check value phase
Together, if it is, into S107;Otherwise, into S109;
S107, according to the partial data of bootstrap described in the third key pair in the second precalculated position in the version head into
Row decryption, subsequently into S108.
The partial data of S108, the operation bootstrap.
S109, start failure, output error message.
In the embodiment of the present invention, the partial data can be the head 8K data of the bootstrap, the partial data
First check value can be for judging the whether complete partial data Hash HASH values of the partial data state.
It should be understood that the partial data can be the head 8K data of the bootstrap, but it is not limited to institute
The head 8K data for stating bootstrap, can be chosen in the data of the bootstrap as needed.
When the first check value of the partial data is identical as second check value in the first precalculated position in the version head
When, judge that the partial data state is complete, is guided according to described in the third key pair in the second precalculated position in the version head
The partial data of program is decrypted, and runs the partial data of the bootstrap.
When the first check value of the partial data is different from second check value in the first precalculated position in the version head
When, judge that the partial data state is complete, the partial data is destroyed, does not run the bootstrap, start failure.
Further, it is described operation bootstrap method in, it is described using the first key to described encrypted
The version head of bootstrap is decrypted, and before the step of obtaining the version head of the bootstrap, the method further includes:
According to the 4th pre-determined bit of the third check value in the third precalculated position of the version head and/or the version head
The 4th check value set judges whether the version head is effective;
If the third check value is identical as first predetermined value and/or the 4th check value and second predetermined value phase
Together, then judging result is that the version head is effective.
In the embodiment of the present invention, as shown in table 2, the third check value in the third precalculated position of the version head and described
4th check value in four precalculated positions is MAGIC values and cyclic redundancy check value CRC32 values.The MAGIC values are
0x626F6F74, and the cyclic redundancy check value CRC32 values of the 8th~255 byte data are equal to the 4th~7 byte CRC32 values
When, judge that the version head is effective.When judging that the version head is effective, S104 is further executed;When judging the version head
When invalid, the bootstrap is not run, starts failure.
Further, described according to the second precalculated position in the version head in the method for the operation bootstrap
Before the step of partial data of bootstrap described in third key pair is decrypted, the method further includes:
According to the 5th check value in the 5th precalculated position of the version head, judge that third stores in the external memory
Whether the bootstrap of region storage encrypts;
If the bootstrap encryption that third storage region stores in the external memory, according in the version head the
The partial data of bootstrap described in the third key pair in two precalculated positions is decrypted.
In the embodiment of the present invention, as shown in table 2, the 5th check value in the 5th precalculated position of the version head is mark
Flag judges that the value of Flag judges whether the bootstrap encrypts using described.If the bootstrap unencryption, directly transport
The partial data of the row bootstrap;If bootstrap encryption, according to the of the second precalculated position in the version head
The partial data of bootstrap described in three key pairs is decrypted, and then runs the partial data of the bootstrap.Wherein,
The cipher mode of Flag is as shown in table 3.
The cipher mode of 3 Flag of table
00 | It does not encrypt |
01 | AES-128 |
10 | Reserved |
11 | Reserved |
Further, as shown in figure 3, Fig. 3 is the method for another operation bootstrap provided in an embodiment of the present invention
As described above to S109, the method further includes for flow chart, wherein S101:
S201, bootstrap data are read from the bootstrap that third storage region in the external memory stores,
And calculate the 6th check value of the bootstrap data;
If the 6th check value of S202, the bootstrap data and the 7th of the 6th precalculated position in the version head
Check value is identical, further judges whether the bootstrap that third storage region stores in the external memory encrypts;
If the bootstrap encryption that third storage region stores in S203, the external memory, carries out S204;It is no
Then, S205 is carried out.
S204, it is decrypted according to bootstrap described in the third key pair in the second precalculated position in the version head.
S205, the operation bootstrap.
Further, Fig. 4 be the present embodiments relate to bootstrap version header structure composition schematic diagram, such as Fig. 4
Shown, in the method for the operation bootstrap, the version head of the encrypted bootstrap includes:
Deposit in second check value 301 in the first precalculated position;
Deposit in the third key 302 in the second precalculated position;
Deposit in the third check value 303 in third precalculated position;
Deposit in the 4th check value 304 in the 4th precalculated position;
Deposit in the 5th check value 305 in the 5th precalculated position;
And deposit in the 7th check value 306 in the 6th precalculated position.
In addition, the embodiment of the invention also includes a kind of device of operation bootstrap, Fig. 5 is that the embodiment of the present invention is provided
Operation bootstrap device structural schematic diagram, as shown in figure 5, described device includes:
First read module 501, for from external memory the first storage region read encrypted first key;
First deciphering module 502, for utilizing described in the second key pair corresponding with the first key encrypted the
One key is decrypted, and obtains the first key;
Second read module 503, for from the external memory the second storage region read encrypted guiding journey
The version head of sequence;
Second deciphering module 504, for using the first key to the version head of the encrypted bootstrap into
Row decryption, obtains the version head of the bootstrap;
First processing module 505, for being read from the bootstrap that third storage region in the external memory stores
Partial data is taken, and calculates the first check value of the partial data;
Third deciphering module 506, for calculated when the first processing module the first check value of the partial data with
When second check value in the first precalculated position is identical in the version head, the third deciphering module is according in the version head
The partial data of bootstrap described in the third key pair in two precalculated positions is decrypted;
Program runs module 507, the partial data for running the bootstrap.
Further, as shown in figure 5, in the device of the operation bootstrap, described device further includes:
First correction verification module 601, first correction verification module 601 are used for according to the third precalculated position of the version head
4th check value in the 4th precalculated position of third check value and/or the version head judges whether the version head is effective;
If the third check value is identical as first predetermined value and/or the 4th check value and second predetermined value phase
Together, then judging result is that the version head is effective.
Further, as shown in figure 5, in the device of the operation bootstrap, described device further includes:
Second correction verification module 602, second correction verification module 602 are used for according to the 5th precalculated position of the version head
5th check value, judges whether the bootstrap that third storage region stores in the external memory encrypts;
If the bootstrap encryption that third storage region stores in the external memory, the third deciphering module
506 are decrypted according to the partial data of bootstrap described in the third key pair in the second precalculated position in the version head.
Further, as shown in figure 5, in the device of the operation bootstrap, described device further includes:
Third read module 603, for being read from the bootstrap that third storage region in the external memory stores
Bootstrap data are taken, and calculate the 6th check value of the bootstrap data;
Third correction verification module 604, the third correction verification module 604 are used for the 6th check value when the bootstrap data
With when the 7th check value in the 6th precalculated position is identical in the version head, further judge that third is deposited in the external memory
Whether the bootstrap of storage area domain storage encrypts;
If the third correction verification module judges the bootstrap of third storage region storage in the external memory not
Encryption, described program operation module 507 run the bootstrap;
4th deciphering module 605 judges that third stores in the external memory for working as the third correction verification module 604
When the bootstrap encryption of region storage, according to bootstrap described in the third key pair in the second precalculated position in the version head
It is decrypted, after the bootstrap is decrypted, described program operation module 507 runs the bootstrap.
Further, in the device of the operation bootstrap, second storage region includes:
First precalculated position, for storing the second check value;
Second precalculated position, for storing third key;
Third precalculated position, for storing third check value;
4th precalculated position, for storing the 4th check value;
5th precalculated position, for storing the 5th check value;
And the 6th precalculated position, for storing the 7th check value.
It should be understood that in various embodiments of the present invention, size of the sequence numbers of the above procedures is not meant to execute
The execution sequence of the priority of sequence, each process should be determined by its function and internal logic, the reality without coping with the embodiment of the present invention
It applies process and constitutes any restriction.
In several embodiments provided herein, it should be understood that disclosed method and apparatus, it can be by other
Mode realize.For example, the apparatus embodiments described above are merely exemplary, for example, the module, unit are drawn
Point, only a kind of division of logic function, formula that in actual implementation, there may be another division manner, such as multiple units or component can
To combine or be desirably integrated into another system, or some features can be ignored or not executed.
The foregoing is merely the preferred embodiments for explaining the present invention, not do limitation in any form to the present invention.It is all
Made any modification or change for the present invention under identical spirit, all should still be included in the invention is intended to
Within the scope of protection.
Claims (10)
1. a kind of method of operation bootstrap, which is characterized in that the method includes:
The first storage region reads encrypted first key from external memory;
It is decrypted using first key encrypted described in the second key pair corresponding with the first key, obtains described
One key;
The second storage region reads the version head of encrypted bootstrap from the external memory;
The version head of the encrypted bootstrap is decrypted using the first key, obtains the bootstrap
Version head;
Partial data is read from the bootstrap that third storage region in the external memory stores, and calculates the part
First check value of data;
If the first check value of the partial data is identical as second check value in the first precalculated position in the version head,
It is decrypted according to the partial data of bootstrap described in the third key pair in the second precalculated position in the version head;
Run the partial data of the bootstrap.
2. the method for running bootstrap according to claim 1, which is characterized in that described the from the external memory
Three storage regions storage bootstrap in read partial data, and the step of calculating the first check value of the partial data it
Before, the method further includes:
According to the 4th precalculated position of the third check value in the third precalculated position of the version head and/or the version head
4th check value judges whether the version head is effective;
If the third check value is identical as first predetermined value and/or the 4th check value is identical as second predetermined value,
Judging result is that the version head is effective.
3. the method for running bootstrap according to claim 1, which is characterized in that described according to second in the version head
The partial data of bootstrap described in the third key pair in precalculated position be decrypted including:
According to the 5th check value in the 5th precalculated position of the version head, third storage region in the external memory is judged
Whether the bootstrap of storage encrypts;
If the bootstrap encryption that third storage region stores in the external memory, pre- according in the version head second
The partial data for positioning bootstrap described in the third key pair set is decrypted.
4. the method for running bootstrap according to claim 1, which is characterized in that the method further includes:
Bootstrap data are read from the bootstrap that third storage region in the external memory stores, and described in calculating
6th check value of bootstrap data;
If the 7th check value phase of the 6th check value and the 6th precalculated position in the version head of the bootstrap data
Together, further judge whether the bootstrap that third storage region stores in the external memory encrypts;
If the bootstrap unencryption that third storage region stores in the external memory, runs the bootstrap;
If the bootstrap encryption that third storage region stores in the external memory, pre- according in the version head second
After bootstrap described in the third key pair that positioning is set is decrypted, the bootstrap is run.
5. according to the method for any one of the claim 1-4 operation bootstrap, which is characterized in that the encrypted guiding
The version head of program includes:
Deposit in second check value in the first precalculated position;
Deposit in the third key in the second precalculated position;
Deposit in the third check value in third precalculated position;
Deposit in the 4th check value in the 4th precalculated position;
Deposit in the 5th check value in the 5th precalculated position;
And deposit in the 7th check value in the 6th precalculated position.
6. a kind of device of operation bootstrap, which is characterized in that described device includes:
First read module, for from external memory the first storage region read encrypted first key;
First deciphering module, for using encrypted first key described in the second key pair corresponding with the first key into
Row decryption, obtains the first key;
Second read module, for from the external memory the second storage region read the version of encrypted bootstrap
Head;
Second deciphering module, for the version head of the encrypted bootstrap to be decrypted using the first key,
Obtain the version head of the bootstrap;
First processing module, for the reading part score from the bootstrap that third storage region in the external memory stores
According to, and calculate the first check value of the partial data;
Third deciphering module, the first check value for calculating the partial data when the first processing module and the version
When second check value in the first precalculated position is identical in head, the third deciphering module is according to the second pre-determined bit in the version head
The partial data of bootstrap described in the third key pair set is decrypted;
Program runs module, the partial data for running the bootstrap.
7. the device of operation bootstrap according to claim 6, which is characterized in that described device further includes:
First correction verification module, first correction verification module are used to be verified according to the third in the third precalculated position of the version head
4th check value in the 4th precalculated position of value and/or the version head, judges whether the version head is effective;
If the third check value is identical as first predetermined value and/or the 4th check value is identical as second predetermined value,
Judging result is that the version head is effective.
8. the device of operation bootstrap according to claim 6, which is characterized in that described device further includes:
Second correction verification module is used for the 5th check value in the 5th precalculated position according to the version head, judges that the outside is deposited
Whether the bootstrap that third storage region stores in reservoir encrypts;
If the bootstrap encryption that third storage region stores in the external memory, the third deciphering module are additionally operable to
It is decrypted according to the partial data of bootstrap described in the third key pair in the second precalculated position in the version head.
9. the device of operation bootstrap according to claim 6, which is characterized in that described device further includes:
Third read module, for reading guiding journey from the bootstrap that third storage region in the external memory stores
Ordinal number evidence, and calculate the 6th check value of the bootstrap data;
Third correction verification module, for the 6th check value when the bootstrap data and the 6th precalculated position in the version head
The 7th check value it is identical when, judge whether the bootstrap that third storage region in the external memory stores adds
It is close;
If the third correction verification module judges the bootstrap unencryption that third storage region stores in the external memory,
Described program runs module and runs the bootstrap;
4th deciphering module, for judging third storage region storage in the external memory when the third correction verification module
When bootstrap is encrypted, it is decrypted according to bootstrap described in the third key pair in the second precalculated position in the version head,
After the bootstrap is decrypted, described program runs module and runs the bootstrap.
10. running the device of bootstrap according to claim 6-9 any one of them, which is characterized in that second storage
Region includes:
First precalculated position, for storing the second check value;
Second precalculated position, for storing third key;
Third precalculated position, for storing third check value;
4th precalculated position, for storing the 4th check value;
5th precalculated position, for storing the 5th check value;
And the 6th precalculated position, for storing the 7th check value.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710169541.0A CN108632024B (en) | 2017-03-21 | 2017-03-21 | Method and device for running bootstrap program |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710169541.0A CN108632024B (en) | 2017-03-21 | 2017-03-21 | Method and device for running bootstrap program |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108632024A true CN108632024A (en) | 2018-10-09 |
CN108632024B CN108632024B (en) | 2022-06-28 |
Family
ID=63687301
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710169541.0A Active CN108632024B (en) | 2017-03-21 | 2017-03-21 | Method and device for running bootstrap program |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108632024B (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1786916A (en) * | 2004-12-09 | 2006-06-14 | 三星电子株式会社 | Secure booting apparatus and method |
US20100287426A1 (en) * | 2009-05-11 | 2010-11-11 | Nec Electronics Corporation | Memory checking system and method |
CN103135995A (en) * | 2011-11-22 | 2013-06-05 | 中兴通讯股份有限公司 | BootLoader backup management method and device |
CN105487888A (en) * | 2015-11-26 | 2016-04-13 | 武汉光迅科技股份有限公司 | Method for generating upgrade file in system upgrade and/or application upgrade |
CN106503494A (en) * | 2016-11-05 | 2017-03-15 | 福建省北峰电讯科技有限公司 | A kind of firmware protection location and guard method with flash memory microcontroller on piece |
-
2017
- 2017-03-21 CN CN201710169541.0A patent/CN108632024B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1786916A (en) * | 2004-12-09 | 2006-06-14 | 三星电子株式会社 | Secure booting apparatus and method |
US20100287426A1 (en) * | 2009-05-11 | 2010-11-11 | Nec Electronics Corporation | Memory checking system and method |
CN103135995A (en) * | 2011-11-22 | 2013-06-05 | 中兴通讯股份有限公司 | BootLoader backup management method and device |
CN105487888A (en) * | 2015-11-26 | 2016-04-13 | 武汉光迅科技股份有限公司 | Method for generating upgrade file in system upgrade and/or application upgrade |
CN106503494A (en) * | 2016-11-05 | 2017-03-15 | 福建省北峰电讯科技有限公司 | A kind of firmware protection location and guard method with flash memory microcontroller on piece |
Also Published As
Publication number | Publication date |
---|---|
CN108632024B (en) | 2022-06-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109388975B (en) | Memory organization for security and reliability | |
JP6277101B2 (en) | Data verification method and data verification apparatus | |
US20190158296A1 (en) | Redactable document signatures | |
CN107438850B (en) | Use the address validation of signature | |
Suh et al. | Aegis: A single-chip secure processor | |
CN107194242A (en) | Firmware upgrade method and device | |
US10686589B2 (en) | Combining hashes of data blocks | |
US9298947B2 (en) | Method for protecting the integrity of a fixed-length data structure | |
CN101149768B (en) | Special processor software encryption and decryption method | |
JP4851182B2 (en) | Microcomputer, program writing method for microcomputer, and writing processing system | |
CN104756120B (en) | Store and access data | |
KR20140018410A (en) | Method and apparatus for memory encryption with integrity check and protection against replay attacks | |
JP7464586B2 (en) | Integrity Trees for Memory Integrity Checking | |
US10797857B2 (en) | Data interleaving scheme for an external memory of a secure microcontroller | |
JP2010517449A (en) | Secret protection for untrusted recipients | |
CN108694122B (en) | Method for symbol execution of restricted devices | |
CN110825672A (en) | High performance autonomous hardware engine for online cryptographic processing | |
CN110659506A (en) | Replay protection of memory based on key refresh | |
CN101901316A (en) | Data integrity protection method based on Bloom filter | |
CN101582765B (en) | User bound portable trusted mobile device | |
US20230259660A1 (en) | Integrity tree for memory security | |
CN108632024A (en) | A kind of method and device of operation bootstrap | |
CN106548098A (en) | For detecting the method and system of fault attacks | |
CN111949996A (en) | Generation method, encryption method, system, device and medium of security private key | |
US8127203B2 (en) | Method, data processing apparatus and wireless device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |