CN108632024A - A kind of method and device of operation bootstrap - Google Patents

A kind of method and device of operation bootstrap Download PDF

Info

Publication number
CN108632024A
CN108632024A CN201710169541.0A CN201710169541A CN108632024A CN 108632024 A CN108632024 A CN 108632024A CN 201710169541 A CN201710169541 A CN 201710169541A CN 108632024 A CN108632024 A CN 108632024A
Authority
CN
China
Prior art keywords
bootstrap
check value
precalculated position
version head
external memory
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710169541.0A
Other languages
Chinese (zh)
Other versions
CN108632024B (en
Inventor
鲍小云
江坤
刘怀霖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201710169541.0A priority Critical patent/CN108632024B/en
Publication of CN108632024A publication Critical patent/CN108632024A/en
Application granted granted Critical
Publication of CN108632024B publication Critical patent/CN108632024B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to it is a kind of operation bootstrap method and device, the method includes:Encrypted first key is read from external memory;The first key crossed using corresponding second key pair encryption is decrypted, and first key is obtained;The version head of encrypted bootstrap is read from external memory;The version head of encrypted bootstrap is decrypted using first key, obtains the version head of bootstrap;Partial data is read from the bootstrap in external memory, and calculates its first check value;If first check value is identical as the second check value in version head, it is decrypted according to the partial data of third key pair bootstrap;Run the partial data of bootstrap.Technical solution through the embodiment of the present invention may be implemented encryption storage of the BOOT program encryption keys in the case where not needing extra memory, further decrease equipment cost, improve equipment performance.

Description

A kind of method and device of operation bootstrap
Technical field
The present invention relates to Computer Control Technology field more particularly to a kind of method and devices of operation bootstrap.
Background technology
Currently, in embedded system, equipment reads bootstrap BOOT programs generally from External memory equipment, and startup is drawn Helical pitch sequence.The External memory equipment being directly welded in equipment, if the program in External memory equipment is not added with any protection, hacker The loophole that system can be utilized, gets BOOT programs, also solderable lower storage device FLASH, is read by other equipment violence BOOT programs in FLASH, dis-assembling analysis BOOT programs simultaneously change BOOT programs, FLASH are written again.
To protect BOOT programs not to be damaged, the prior art is often encrypted BOOT programs, and processor starts When, it needs that first BOOT programs are decrypted, BOOT programs of reruning.BOOT programs are encrypted, additional deposit is needed Storage equipment is used for storing the key of decryption, certainly will need additionally to increase equipment cost.
Invention content
The technical problem to be solved in the present invention is to provide a kind of methods of operation bootstrap, and BOOT is realized using the method Encryption storage of the program encryption key in the case where not needing extra memory, further decreases equipment cost, improves equipment Performance.
Technical solution provided by the invention is as follows:
A method of operation bootstrap, the method includes:
The first storage region reads encrypted first key from external memory;
It is decrypted using first key encrypted described in the second key pair corresponding with the first key, obtains institute State first key;
The second storage region reads the version head of encrypted bootstrap from the external memory;
The version head of the encrypted bootstrap is decrypted using the first key, obtains the guiding journey The version head of sequence;
Partial data is read from the bootstrap that third storage region in the external memory stores, and described in calculating First check value of partial data;
If the second check value phase of the first check value of the partial data and the first precalculated position in the version head Together, then it is decrypted according to the partial data of bootstrap described in the third key pair in the second precalculated position in the version head;
Run the partial data of the bootstrap.
Further, in the method for the operation bootstrap, the third storage region from the external memory Partial data is read in the bootstrap of storage, and before the step of calculating the first check value of the partial data, the side Method further includes:
According to the 4th pre-determined bit of the third check value in the third precalculated position of the version head and/or the version head The 4th check value set judges whether the version head is effective;
If the third check value is identical as first predetermined value and/or the 4th check value and second predetermined value phase Together, then judging result is that the version head is effective.
Further, described according to the second precalculated position in the version head in the method for the operation bootstrap The partial data of bootstrap described in third key pair be decrypted including:
According to the 5th check value in the 5th precalculated position of the version head, judge that third stores in the external memory Whether the bootstrap of region storage encrypts;
If the bootstrap encryption that third storage region stores in the external memory, according in the version head the The partial data of bootstrap described in the third key pair in two precalculated positions is decrypted.
Further, in the method for the operation bootstrap, the method further includes:
Bootstrap data are read from the bootstrap that third storage region in the external memory stores, and are calculated 6th check value of the bootstrap data;
If the 7th verification of the 6th check value of the bootstrap data and the 6th precalculated position in the version head It is worth identical, further judges whether the bootstrap that third storage region in the external memory stores encrypts;
If the bootstrap unencryption that third storage region stores in the external memory, runs the guiding journey Sequence;
If the bootstrap encryption that third storage region stores in the external memory, according in the version head the After bootstrap described in the third key pair in two precalculated positions is decrypted, the bootstrap is run.
Further, in the method for the operation bootstrap, the version head of the encrypted bootstrap includes:
Deposit in second check value in the first precalculated position;
Deposit in the third key in the second precalculated position;
Deposit in the third check value in third precalculated position;
Deposit in the 4th check value in the 4th precalculated position;
Deposit in the 5th check value in the 5th precalculated position;
And deposit in the 7th check value in the 6th precalculated position.
Moreover, it relates to which a kind of device of operation bootstrap, described device include:
First read module, for from external memory the first storage region read encrypted first key;
First deciphering module, for close using described in the second key pair corresponding with the first key encrypted first Key is decrypted, and obtains the first key;
Second read module, for from the external memory the second storage region read encrypted bootstrap Version head;
Second deciphering module, for being solved to the version head of the encrypted bootstrap using the first key It is close, obtain the version head of the bootstrap;
First processing module, for the reading part from the bootstrap that third storage region in the external memory stores Divided data, and calculate the first check value of the partial data;
Third deciphering module, for calculated when the first processing module the first check value of the partial data with it is described When second check value in the first precalculated position is identical in version head, the third deciphering module is pre- according in the version head second The partial data for positioning bootstrap described in the third key pair set is decrypted;
Program runs module, the partial data for running the bootstrap.
Further, in the device of the operation bootstrap, described device further includes:
First correction verification module, first correction verification module are used for the third school in the third precalculated position according to the version head The 4th check value for testing the 4th precalculated position of value and/or the version head judges whether the version head is effective;
If the third check value is identical as first predetermined value and/or the 4th check value and second predetermined value phase Together, then judging result is that the version head is effective.
Further, in the device of the operation bootstrap, described device further includes:
Second correction verification module, second correction verification module are used for the 5th school in the 5th precalculated position according to the version head Value is tested, judges whether the bootstrap that third storage region stores in the external memory encrypts;
If the bootstrap encryption that third storage region stores in the external memory, the third deciphering module root The partial data of bootstrap described in third key pair according to the second precalculated position in the version head is decrypted.
Further, in the device of the operation bootstrap, described device further includes:
Third read module draws for being read from the bootstrap that third storage region in the external memory stores Program data is led, and calculates the 6th check value of the bootstrap data;
Third correction verification module, the third correction verification module be used for when the bootstrap data the 6th check value with it is described When the 7th check value in the 6th precalculated position is identical in version head, third storage region in the external memory is further judged Whether the bootstrap of storage encrypts;
If the third correction verification module judges the bootstrap of third storage region storage in the external memory not Encryption, described program run module and run the bootstrap;
4th deciphering module judges that third storage region is deposited in the external memory for working as the third correction verification module When the bootstrap encryption of storage, solved according to bootstrap described in the third key pair in the second precalculated position in the version head Close, after the bootstrap is decrypted, described program runs module and runs the bootstrap.
Further, in the device of the operation bootstrap, second storage region includes:
First precalculated position, for storing the second check value;
Second precalculated position, for storing third key;
Third precalculated position, for storing third check value;
4th precalculated position, for storing the 4th check value;
5th precalculated position, for storing the 5th check value;
And the 6th precalculated position, for storing the 7th check value.
It is had the beneficial effect that caused by the present invention:
A kind of method and device for operation bootstrap that the embodiment of the present invention is provided, passes through equipment central processing unit The data of CPU and external memory cooperate, and realize the encryption storage of BOOT program encryption keys.Utilize the method present invention Encryption storage of the BOOT program encryption keys in the case where not needing extra memory may be implemented in embodiment technical solution, To further decrease equipment cost, further increase equipment performance.
Description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, needed in being described below to the embodiment of the present invention Attached drawing to be used is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, For those of ordinary skill in the art, without creative efforts, it can also be obtained according to these attached drawings Other attached drawings.
Fig. 1 shows a kind of flow charts of the method for operation bootstrap provided in an embodiment of the present invention;
Fig. 2 indicates external memory structural schematic diagram provided in an embodiment of the present invention;
Fig. 3 indicates the flow chart of the method for another operation bootstrap provided in an embodiment of the present invention;
Fig. 4 indicate the present embodiments relate to bootstrap version head structural schematic diagram;
Fig. 5 indicates the structural schematic diagram of the device of operation bootstrap provided in an embodiment of the present invention.
Specific implementation mode
Below in conjunction with specific embodiments and attached drawing, the present invention is described in further detail.Described implementation Example is a part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, ordinary skill The every other embodiment that personnel are obtained without creative efforts, shall fall within the protection scope of the present invention.
It is a kind of flow chart of the method for operation bootstrap provided in an embodiment of the present invention referring to Fig. 1, Fig. 1, such as Fig. 1 institutes Show, the method includes:
S101, the first storage region reads encrypted first key from external memory.
In the embodiment of the present invention, encrypted first key is stored in the first storage region in external memory, without Extra memory is needed, equipment cost is advantageously reduced, further increases equipment performance.
It is external memory structural schematic diagram provided in an embodiment of the present invention referring to Fig. 2, Fig. 2, as shown in Fig. 2, described outer Portion's memory includes:First storage region 110, the second storage region 120, third storage region 130.Wherein, the first memory block Domain 110 is for storing encrypted key information, such as RSA public keys;Second storage region 120 is for storing encrypted version Head;Third storage region is for storing encrypted BOOT program versions.
S102, it is decrypted using first key encrypted described in the second key pair corresponding with the first key, Obtain the first key.
In the embodiment of the present invention, by being decrypted to obtain the first key to the encrypted key.Wherein, institute It can be RSA-2048 public keys to state first key, and data format is as shown in table 1.
1 first key data format of table
Offset, unit:Byte Meaning
0~3 Key Tpe, 0-RSA 2048
4~7 CRC32
8~511 Store primary key
S103, the second storage region reads the version head of encrypted bootstrap from the external memory.
S104, the version head of the encrypted bootstrap is decrypted using the first key, is obtained described The version head of bootstrap.
In the embodiment of the present invention, the version head of encrypted bootstrap is solved by using the first key It is close, the version head of the bootstrap is obtained, as shown in table 2.Wherein, the version head of the bootstrap mainly include for pair The key of the bootstrap decryption, and the serial check value for judging the bootstrap correlated condition.
2 version head format of table
S105, partial data is read from the bootstrap that third storage region in the external memory stores, and counted Calculate the first check value of the partial data.
S106, judgment part data the first check value and the first precalculated position in the version head the second check value phase Together, if it is, into S107;Otherwise, into S109;
S107, according to the partial data of bootstrap described in the third key pair in the second precalculated position in the version head into Row decryption, subsequently into S108.
The partial data of S108, the operation bootstrap.
S109, start failure, output error message.
In the embodiment of the present invention, the partial data can be the head 8K data of the bootstrap, the partial data First check value can be for judging the whether complete partial data Hash HASH values of the partial data state.
It should be understood that the partial data can be the head 8K data of the bootstrap, but it is not limited to institute The head 8K data for stating bootstrap, can be chosen in the data of the bootstrap as needed.
When the first check value of the partial data is identical as second check value in the first precalculated position in the version head When, judge that the partial data state is complete, is guided according to described in the third key pair in the second precalculated position in the version head The partial data of program is decrypted, and runs the partial data of the bootstrap.
When the first check value of the partial data is different from second check value in the first precalculated position in the version head When, judge that the partial data state is complete, the partial data is destroyed, does not run the bootstrap, start failure.
Further, it is described operation bootstrap method in, it is described using the first key to described encrypted The version head of bootstrap is decrypted, and before the step of obtaining the version head of the bootstrap, the method further includes:
According to the 4th pre-determined bit of the third check value in the third precalculated position of the version head and/or the version head The 4th check value set judges whether the version head is effective;
If the third check value is identical as first predetermined value and/or the 4th check value and second predetermined value phase Together, then judging result is that the version head is effective.
In the embodiment of the present invention, as shown in table 2, the third check value in the third precalculated position of the version head and described 4th check value in four precalculated positions is MAGIC values and cyclic redundancy check value CRC32 values.The MAGIC values are 0x626F6F74, and the cyclic redundancy check value CRC32 values of the 8th~255 byte data are equal to the 4th~7 byte CRC32 values When, judge that the version head is effective.When judging that the version head is effective, S104 is further executed;When judging the version head When invalid, the bootstrap is not run, starts failure.
Further, described according to the second precalculated position in the version head in the method for the operation bootstrap Before the step of partial data of bootstrap described in third key pair is decrypted, the method further includes:
According to the 5th check value in the 5th precalculated position of the version head, judge that third stores in the external memory Whether the bootstrap of region storage encrypts;
If the bootstrap encryption that third storage region stores in the external memory, according in the version head the The partial data of bootstrap described in the third key pair in two precalculated positions is decrypted.
In the embodiment of the present invention, as shown in table 2, the 5th check value in the 5th precalculated position of the version head is mark Flag judges that the value of Flag judges whether the bootstrap encrypts using described.If the bootstrap unencryption, directly transport The partial data of the row bootstrap;If bootstrap encryption, according to the of the second precalculated position in the version head The partial data of bootstrap described in three key pairs is decrypted, and then runs the partial data of the bootstrap.Wherein, The cipher mode of Flag is as shown in table 3.
The cipher mode of 3 Flag of table
00 It does not encrypt
01 AES-128
10 Reserved
11 Reserved
Further, as shown in figure 3, Fig. 3 is the method for another operation bootstrap provided in an embodiment of the present invention As described above to S109, the method further includes for flow chart, wherein S101:
S201, bootstrap data are read from the bootstrap that third storage region in the external memory stores, And calculate the 6th check value of the bootstrap data;
If the 6th check value of S202, the bootstrap data and the 7th of the 6th precalculated position in the version head Check value is identical, further judges whether the bootstrap that third storage region stores in the external memory encrypts;
If the bootstrap encryption that third storage region stores in S203, the external memory, carries out S204;It is no Then, S205 is carried out.
S204, it is decrypted according to bootstrap described in the third key pair in the second precalculated position in the version head.
S205, the operation bootstrap.
Further, Fig. 4 be the present embodiments relate to bootstrap version header structure composition schematic diagram, such as Fig. 4 Shown, in the method for the operation bootstrap, the version head of the encrypted bootstrap includes:
Deposit in second check value 301 in the first precalculated position;
Deposit in the third key 302 in the second precalculated position;
Deposit in the third check value 303 in third precalculated position;
Deposit in the 4th check value 304 in the 4th precalculated position;
Deposit in the 5th check value 305 in the 5th precalculated position;
And deposit in the 7th check value 306 in the 6th precalculated position.
In addition, the embodiment of the invention also includes a kind of device of operation bootstrap, Fig. 5 is that the embodiment of the present invention is provided Operation bootstrap device structural schematic diagram, as shown in figure 5, described device includes:
First read module 501, for from external memory the first storage region read encrypted first key;
First deciphering module 502, for utilizing described in the second key pair corresponding with the first key encrypted the One key is decrypted, and obtains the first key;
Second read module 503, for from the external memory the second storage region read encrypted guiding journey The version head of sequence;
Second deciphering module 504, for using the first key to the version head of the encrypted bootstrap into Row decryption, obtains the version head of the bootstrap;
First processing module 505, for being read from the bootstrap that third storage region in the external memory stores Partial data is taken, and calculates the first check value of the partial data;
Third deciphering module 506, for calculated when the first processing module the first check value of the partial data with When second check value in the first precalculated position is identical in the version head, the third deciphering module is according in the version head The partial data of bootstrap described in the third key pair in two precalculated positions is decrypted;
Program runs module 507, the partial data for running the bootstrap.
Further, as shown in figure 5, in the device of the operation bootstrap, described device further includes:
First correction verification module 601, first correction verification module 601 are used for according to the third precalculated position of the version head 4th check value in the 4th precalculated position of third check value and/or the version head judges whether the version head is effective;
If the third check value is identical as first predetermined value and/or the 4th check value and second predetermined value phase Together, then judging result is that the version head is effective.
Further, as shown in figure 5, in the device of the operation bootstrap, described device further includes:
Second correction verification module 602, second correction verification module 602 are used for according to the 5th precalculated position of the version head 5th check value, judges whether the bootstrap that third storage region stores in the external memory encrypts;
If the bootstrap encryption that third storage region stores in the external memory, the third deciphering module 506 are decrypted according to the partial data of bootstrap described in the third key pair in the second precalculated position in the version head.
Further, as shown in figure 5, in the device of the operation bootstrap, described device further includes:
Third read module 603, for being read from the bootstrap that third storage region in the external memory stores Bootstrap data are taken, and calculate the 6th check value of the bootstrap data;
Third correction verification module 604, the third correction verification module 604 are used for the 6th check value when the bootstrap data With when the 7th check value in the 6th precalculated position is identical in the version head, further judge that third is deposited in the external memory Whether the bootstrap of storage area domain storage encrypts;
If the third correction verification module judges the bootstrap of third storage region storage in the external memory not Encryption, described program operation module 507 run the bootstrap;
4th deciphering module 605 judges that third stores in the external memory for working as the third correction verification module 604 When the bootstrap encryption of region storage, according to bootstrap described in the third key pair in the second precalculated position in the version head It is decrypted, after the bootstrap is decrypted, described program operation module 507 runs the bootstrap.
Further, in the device of the operation bootstrap, second storage region includes:
First precalculated position, for storing the second check value;
Second precalculated position, for storing third key;
Third precalculated position, for storing third check value;
4th precalculated position, for storing the 4th check value;
5th precalculated position, for storing the 5th check value;
And the 6th precalculated position, for storing the 7th check value.
It should be understood that in various embodiments of the present invention, size of the sequence numbers of the above procedures is not meant to execute The execution sequence of the priority of sequence, each process should be determined by its function and internal logic, the reality without coping with the embodiment of the present invention It applies process and constitutes any restriction.
In several embodiments provided herein, it should be understood that disclosed method and apparatus, it can be by other Mode realize.For example, the apparatus embodiments described above are merely exemplary, for example, the module, unit are drawn Point, only a kind of division of logic function, formula that in actual implementation, there may be another division manner, such as multiple units or component can To combine or be desirably integrated into another system, or some features can be ignored or not executed.
The foregoing is merely the preferred embodiments for explaining the present invention, not do limitation in any form to the present invention.It is all Made any modification or change for the present invention under identical spirit, all should still be included in the invention is intended to Within the scope of protection.

Claims (10)

1. a kind of method of operation bootstrap, which is characterized in that the method includes:
The first storage region reads encrypted first key from external memory;
It is decrypted using first key encrypted described in the second key pair corresponding with the first key, obtains described One key;
The second storage region reads the version head of encrypted bootstrap from the external memory;
The version head of the encrypted bootstrap is decrypted using the first key, obtains the bootstrap Version head;
Partial data is read from the bootstrap that third storage region in the external memory stores, and calculates the part First check value of data;
If the first check value of the partial data is identical as second check value in the first precalculated position in the version head, It is decrypted according to the partial data of bootstrap described in the third key pair in the second precalculated position in the version head;
Run the partial data of the bootstrap.
2. the method for running bootstrap according to claim 1, which is characterized in that described the from the external memory Three storage regions storage bootstrap in read partial data, and the step of calculating the first check value of the partial data it Before, the method further includes:
According to the 4th precalculated position of the third check value in the third precalculated position of the version head and/or the version head 4th check value judges whether the version head is effective;
If the third check value is identical as first predetermined value and/or the 4th check value is identical as second predetermined value, Judging result is that the version head is effective.
3. the method for running bootstrap according to claim 1, which is characterized in that described according to second in the version head The partial data of bootstrap described in the third key pair in precalculated position be decrypted including:
According to the 5th check value in the 5th precalculated position of the version head, third storage region in the external memory is judged Whether the bootstrap of storage encrypts;
If the bootstrap encryption that third storage region stores in the external memory, pre- according in the version head second The partial data for positioning bootstrap described in the third key pair set is decrypted.
4. the method for running bootstrap according to claim 1, which is characterized in that the method further includes:
Bootstrap data are read from the bootstrap that third storage region in the external memory stores, and described in calculating 6th check value of bootstrap data;
If the 7th check value phase of the 6th check value and the 6th precalculated position in the version head of the bootstrap data Together, further judge whether the bootstrap that third storage region stores in the external memory encrypts;
If the bootstrap unencryption that third storage region stores in the external memory, runs the bootstrap;
If the bootstrap encryption that third storage region stores in the external memory, pre- according in the version head second After bootstrap described in the third key pair that positioning is set is decrypted, the bootstrap is run.
5. according to the method for any one of the claim 1-4 operation bootstrap, which is characterized in that the encrypted guiding The version head of program includes:
Deposit in second check value in the first precalculated position;
Deposit in the third key in the second precalculated position;
Deposit in the third check value in third precalculated position;
Deposit in the 4th check value in the 4th precalculated position;
Deposit in the 5th check value in the 5th precalculated position;
And deposit in the 7th check value in the 6th precalculated position.
6. a kind of device of operation bootstrap, which is characterized in that described device includes:
First read module, for from external memory the first storage region read encrypted first key;
First deciphering module, for using encrypted first key described in the second key pair corresponding with the first key into Row decryption, obtains the first key;
Second read module, for from the external memory the second storage region read the version of encrypted bootstrap Head;
Second deciphering module, for the version head of the encrypted bootstrap to be decrypted using the first key, Obtain the version head of the bootstrap;
First processing module, for the reading part score from the bootstrap that third storage region in the external memory stores According to, and calculate the first check value of the partial data;
Third deciphering module, the first check value for calculating the partial data when the first processing module and the version When second check value in the first precalculated position is identical in head, the third deciphering module is according to the second pre-determined bit in the version head The partial data of bootstrap described in the third key pair set is decrypted;
Program runs module, the partial data for running the bootstrap.
7. the device of operation bootstrap according to claim 6, which is characterized in that described device further includes:
First correction verification module, first correction verification module are used to be verified according to the third in the third precalculated position of the version head 4th check value in the 4th precalculated position of value and/or the version head, judges whether the version head is effective;
If the third check value is identical as first predetermined value and/or the 4th check value is identical as second predetermined value, Judging result is that the version head is effective.
8. the device of operation bootstrap according to claim 6, which is characterized in that described device further includes:
Second correction verification module is used for the 5th check value in the 5th precalculated position according to the version head, judges that the outside is deposited Whether the bootstrap that third storage region stores in reservoir encrypts;
If the bootstrap encryption that third storage region stores in the external memory, the third deciphering module are additionally operable to It is decrypted according to the partial data of bootstrap described in the third key pair in the second precalculated position in the version head.
9. the device of operation bootstrap according to claim 6, which is characterized in that described device further includes:
Third read module, for reading guiding journey from the bootstrap that third storage region in the external memory stores Ordinal number evidence, and calculate the 6th check value of the bootstrap data;
Third correction verification module, for the 6th check value when the bootstrap data and the 6th precalculated position in the version head The 7th check value it is identical when, judge whether the bootstrap that third storage region in the external memory stores adds It is close;
If the third correction verification module judges the bootstrap unencryption that third storage region stores in the external memory, Described program runs module and runs the bootstrap;
4th deciphering module, for judging third storage region storage in the external memory when the third correction verification module When bootstrap is encrypted, it is decrypted according to bootstrap described in the third key pair in the second precalculated position in the version head, After the bootstrap is decrypted, described program runs module and runs the bootstrap.
10. running the device of bootstrap according to claim 6-9 any one of them, which is characterized in that second storage Region includes:
First precalculated position, for storing the second check value;
Second precalculated position, for storing third key;
Third precalculated position, for storing third check value;
4th precalculated position, for storing the 4th check value;
5th precalculated position, for storing the 5th check value;
And the 6th precalculated position, for storing the 7th check value.
CN201710169541.0A 2017-03-21 2017-03-21 Method and device for running bootstrap program Active CN108632024B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710169541.0A CN108632024B (en) 2017-03-21 2017-03-21 Method and device for running bootstrap program

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710169541.0A CN108632024B (en) 2017-03-21 2017-03-21 Method and device for running bootstrap program

Publications (2)

Publication Number Publication Date
CN108632024A true CN108632024A (en) 2018-10-09
CN108632024B CN108632024B (en) 2022-06-28

Family

ID=63687301

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710169541.0A Active CN108632024B (en) 2017-03-21 2017-03-21 Method and device for running bootstrap program

Country Status (1)

Country Link
CN (1) CN108632024B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1786916A (en) * 2004-12-09 2006-06-14 三星电子株式会社 Secure booting apparatus and method
US20100287426A1 (en) * 2009-05-11 2010-11-11 Nec Electronics Corporation Memory checking system and method
CN103135995A (en) * 2011-11-22 2013-06-05 中兴通讯股份有限公司 BootLoader backup management method and device
CN105487888A (en) * 2015-11-26 2016-04-13 武汉光迅科技股份有限公司 Method for generating upgrade file in system upgrade and/or application upgrade
CN106503494A (en) * 2016-11-05 2017-03-15 福建省北峰电讯科技有限公司 A kind of firmware protection location and guard method with flash memory microcontroller on piece

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1786916A (en) * 2004-12-09 2006-06-14 三星电子株式会社 Secure booting apparatus and method
US20100287426A1 (en) * 2009-05-11 2010-11-11 Nec Electronics Corporation Memory checking system and method
CN103135995A (en) * 2011-11-22 2013-06-05 中兴通讯股份有限公司 BootLoader backup management method and device
CN105487888A (en) * 2015-11-26 2016-04-13 武汉光迅科技股份有限公司 Method for generating upgrade file in system upgrade and/or application upgrade
CN106503494A (en) * 2016-11-05 2017-03-15 福建省北峰电讯科技有限公司 A kind of firmware protection location and guard method with flash memory microcontroller on piece

Also Published As

Publication number Publication date
CN108632024B (en) 2022-06-28

Similar Documents

Publication Publication Date Title
CN109388975B (en) Memory organization for security and reliability
JP6277101B2 (en) Data verification method and data verification apparatus
US20190158296A1 (en) Redactable document signatures
CN107438850B (en) Use the address validation of signature
Suh et al. Aegis: A single-chip secure processor
CN107194242A (en) Firmware upgrade method and device
US10686589B2 (en) Combining hashes of data blocks
US9298947B2 (en) Method for protecting the integrity of a fixed-length data structure
CN101149768B (en) Special processor software encryption and decryption method
JP4851182B2 (en) Microcomputer, program writing method for microcomputer, and writing processing system
CN104756120B (en) Store and access data
KR20140018410A (en) Method and apparatus for memory encryption with integrity check and protection against replay attacks
JP7464586B2 (en) Integrity Trees for Memory Integrity Checking
US10797857B2 (en) Data interleaving scheme for an external memory of a secure microcontroller
JP2010517449A (en) Secret protection for untrusted recipients
CN108694122B (en) Method for symbol execution of restricted devices
CN110825672A (en) High performance autonomous hardware engine for online cryptographic processing
CN110659506A (en) Replay protection of memory based on key refresh
CN101901316A (en) Data integrity protection method based on Bloom filter
CN101582765B (en) User bound portable trusted mobile device
US20230259660A1 (en) Integrity tree for memory security
CN108632024A (en) A kind of method and device of operation bootstrap
CN106548098A (en) For detecting the method and system of fault attacks
CN111949996A (en) Generation method, encryption method, system, device and medium of security private key
US8127203B2 (en) Method, data processing apparatus and wireless device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant