CN109375953B - Operating system starting method and device - Google Patents

Operating system starting method and device Download PDF

Info

Publication number
CN109375953B
CN109375953B CN201811023507.3A CN201811023507A CN109375953B CN 109375953 B CN109375953 B CN 109375953B CN 201811023507 A CN201811023507 A CN 201811023507A CN 109375953 B CN109375953 B CN 109375953B
Authority
CN
China
Prior art keywords
program
crtm
backup
boot
designated
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811023507.3A
Other languages
Chinese (zh)
Other versions
CN109375953A (en
Inventor
秦娟
戴恒
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Information Technologies Co Ltd
Original Assignee
New H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Technologies Co Ltd filed Critical New H3C Technologies Co Ltd
Priority to CN201811023507.3A priority Critical patent/CN109375953B/en
Publication of CN109375953A publication Critical patent/CN109375953A/en
Application granted granted Critical
Publication of CN109375953B publication Critical patent/CN109375953B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/4401Bootstrapping
    • G06F9/4406Loading of operating system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1415Saving, restoring, recovering or retrying at system level
    • G06F11/1417Boot up procedures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1415Saving, restoring, recovering or retrying at system level
    • G06F11/1433Saving, restoring, recovering or retrying at system level during software upgrading
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1446Point-in-time backing up or restoration of persistent data
    • G06F11/1448Management of the data involved in backup or backup restore
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44505Configuring for program initiating, e.g. using registry, configuration files

Abstract

The application provides an operating system starting method and device, comprising the following steps: after the equipment is started, checking a first CRTM configured in a main bootstrap program; if the verification of the first CRTM passes, verifying a first designated program in the main bootstrap program by using the first CRTM; the first appointed program is a program except the first CRTM in the main bootstrap program; if the verification of the first designated program is not passed, verifying a second designated program in the backup boot program corresponding to the main boot program by using the first CRTM; the second appointed program is a program except the second CRTM in the backup bootstrap program; and if the verification of the second appointed program passes, updating the first appointed program by using the second appointed program, and starting the updated first appointed program so as to finish the starting of the operating system by the updated first appointed program. The method provided by the application can improve the starting reliability of the operating system.

Description

Operating system starting method and device
Technical Field
The present application relates to the field of computer communications, and in particular, to a method and an apparatus for starting an operating system.
Background
The CRTM (core of a root of trust measure), which is usually a part of a boot program of an electronic device, is a source point of trusted transfer from boot of the electronic device to boot process of an operating system of the electronic device.
The boot process of the electronic device to the operating system can be briefly described as follows: after the electronic device is started, the electronic device can verify the CRTM in the boot program of the device, and after the verification is passed. The electronic device may use the CRTM to verify a program other than the CRTM (referred to herein as a designated program) in the boot program. After the verification is passed, the electronic device can start the designated program, and verify the operating system by using the designated program, and if the verification is passed, the electronic device can start the operating system.
However, in the conventional method, when the device boot program is abnormal (e.g., tampered), the device does not verify the designated program, so that the device cannot complete the startup of the designated program, and further cannot start the operating system of the device.
Disclosure of Invention
In view of this, the present application provides a method and an apparatus for starting an operating system, so as to improve the reliability of starting the operating system.
Specifically, the method is realized through the following technical scheme:
according to a first aspect of the present application, there is provided an operating system booting method, which is applied to an electronic device, the method including:
after the equipment is powered on, checking a first CRTM configured in a main bootstrap program;
if the verification of the first CRTM passes, the first CRTM is used for verifying a first designated program in the main bootstrap program; the first appointed program is a program except the first CRTM in a main bootstrap program;
if the verification of the first designated program is not passed, the first CRTM is used for verifying a second designated program in the backup boot program corresponding to the main boot program; configuring a second CRTM in the backup bootstrap program, wherein the second designated program is a program except the second CRTM in the backup bootstrap program;
and if the verification of the second designated program passes, updating the first designated program by using the second designated program, and starting the updated first designated program so as to finish the starting of the operating system by the updated first designated program.
Optionally, the method further includes:
if the verification of the first CRTM is not passed, verifying the second CRTM;
and if the verification of the second CRTM passes, updating the first CRTM by using the second CRTM, and restarting the equipment.
Optionally, before the verifying the first specific program in the master boot program by using the first CRTM, the method further includes:
detecting whether an upgrade flag set for the main bootstrap program exists;
when the upgrading mark does not exist, detecting whether an updating mark configured for the backup bootstrap program exists or not;
if the update mark exists, updating the backup bootstrap program by using the current main bootstrap program of the equipment, clearing the update mark, and executing the step of checking a first designated program in the main bootstrap program by using the first CRTM;
and if the update mark does not exist, executing the step of checking a first designated program in the master boot program by using the first CRTM.
Optionally, the detecting whether there is an upgrade flag set for the primary boot program further includes:
when the upgrading mark exists, verifying a target bootstrap program upgraded by the main bootstrap program;
if the target bootstrap program is not verified, clearing the upgrading mark, and detecting whether an updating mark configured for the backup bootstrap program exists;
if the update mark exists, updating the backup bootstrap program by using the current main bootstrap program of the equipment, clearing the update mark, and executing the step of checking a first designated program in the main bootstrap program by using the first CRTM;
and if the update mark does not exist, executing the step of checking a first designated program in the master boot program by using the first CRTM.
Optionally, before the removing the upgrade flag and detecting whether there is an update flag configured for the backup boot program, the method further includes:
upgrading the main bootstrap program into the target bootstrap program;
and clearing the upgrading mark and restarting the equipment.
Optionally, after the starting of the updated first designated program, the method further includes:
checking whether the primary boot program and the backup boot program are consistent;
and if the backup boot program is inconsistent with the backup boot program, setting an update mark for the backup boot program.
According to a second aspect of the present application, there is provided an operating system boot apparatus, which is applied to an electronic device, the apparatus including:
the first verification unit is used for verifying the first CRTM configured in the main bootstrap program after the equipment is powered on;
a second verification unit, configured to verify, if the verification of the first CRTM passes, the first specified program in the master boot program using the first CRTM; the first appointed program is a program except the first CRTM in a main bootstrap program;
a third verification unit, configured to verify, by using the first CRTM, a second specified program in the backup boot program corresponding to the primary boot program if the first specified program is not verified; configuring a second CRTM in the backup bootstrap program, wherein the second designated program is a program except the second CRTM in the backup bootstrap program;
and the starting unit is used for updating the first designated program by using the second designated program and starting the updated first designated program if the second designated program passes the verification, so that the starting of the operating system is completed by the updated first designated program.
Optionally, the apparatus further comprises:
a fourth verification unit, configured to verify the second CRTM if the verification on the first CRTM fails; and if the verification of the second CRTM passes, updating the first CRTM by using the second CRTM, and restarting the equipment.
Optionally, the apparatus further comprises:
an upgrade updating unit, configured to detect whether an upgrade flag set for the primary boot program exists before the first specified program in the primary boot program is verified by using the first CRTM; when the upgrading mark does not exist, detecting whether an updating mark configured for the backup bootstrap program exists or not; if the update mark exists, updating the backup bootstrap program by using the current main bootstrap program of the equipment, clearing the update mark, and executing the step of checking a first designated program in the main bootstrap program by using the first CRTM; and if the update mark does not exist, executing the step of checking a first designated program in the master boot program by using the first CRTM.
Optionally, the upgrade updating unit is further configured to verify a target boot program to which the main boot program is upgraded when the upgrade flag exists; if the target bootstrap program is not verified, clearing the upgrading mark, and detecting whether an updating mark configured for the backup bootstrap program exists; if the update mark exists, updating the backup bootstrap program by using the current main bootstrap program of the equipment, clearing the update mark, and executing the step of checking a first designated program in the main bootstrap program by using the first CRTM; and if the update mark does not exist, executing the step of checking a first designated program in the master boot program by using the first CRTM.
Optionally, the upgrade updating unit is further configured to upgrade the main boot program to the target boot program if the upgrade flag is cleared and it is detected whether an update flag configured for the backup boot program exists; and clearing the upgrading mark and restarting the equipment.
Optionally, the apparatus further comprises:
a setting unit for checking whether the primary boot program and the backup boot program are consistent; and if the backup boot program is inconsistent with the backup boot program, setting an update mark for the backup boot program.
The method and the device have the advantages that the main bootstrap program and the backup bootstrap program are configured, when the main bootstrap program is abnormal, the electronic device can start the backup bootstrap program to finish the starting of the designated program in the bootstrap program, and further finish the starting of the operating system.
In addition, after the main bootstrap program needs to be upgraded, the embodiment of the present application may implement the upgrade of the main bootstrap program through the above steps, and at the same time, the embodiment of the present application may further synchronize the main bootstrap program and the backup bootstrap program, so that after the main bootstrap program is upgraded, the backup bootstrap program may also be consistent with the upgraded main bootstrap program, and further when a subsequent main bootstrap program has a problem, the latest backup bootstrap program may be used to repair the main bootstrap program, thereby completing the start of the operating system.
Drawings
FIG. 1 is a flow chart illustrating a method for operating system boot according to an exemplary embodiment of the present application;
FIG. 2 is a flow chart illustrating another operating system boot method according to an exemplary embodiment of the present application;
FIG. 3 is a block diagram illustrating an operating system boot device in accordance with an exemplary embodiment of the present application;
fig. 4 is a hardware block diagram of an electronic device according to an exemplary embodiment of the present application.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
The boot program in the electronic device may generally include the CRTM program, and other programs (referred to herein as a designated program for convenience of description) other than the CRTM program.
Generally, the types of electronic devices are different, as are the types of boot programs on the electronic devices. When the electronic device is a computer, the boot program of the electronic device may be a BIOS (Basic Input Output System) program. When the electronic device is a forwarding device, such as a switch, a router, or the like, the Boot program may be a Boot (Boot) program. Here, the electronic device and the boot program on the electronic device are only exemplarily described, and the electronic device and the boot program thereof are not particularly limited.
Referring to fig. 1, fig. 1 is a flowchart illustrating an operating system booting method according to an exemplary embodiment of the present application. The method can be applied to electronic equipment and can comprise the following steps.
Step 101: after the equipment is powered on, checking the first CRTM configured in the main bootstrap program.
Step 102: if the verification of the first CRTM passes, the first CRTM is used for verifying a first designated program in the main bootstrap program; the first appointed program is a program except the first CRTM in the main bootstrap program.
Step 103: if the verification of the first designated program is not passed, the first CRTM is used for verifying a second designated program in the backup boot program corresponding to the main boot program; the backup bootstrap program is configured with a second CRTM, and the second designated program is a program in the backup bootstrap program except the second CRTM.
Step 104: and if the verification of the second designated program passes, updating the first designated program by using the second designated program, and starting the updated first designated program so as to finish the starting of the operating system by the updated first designated program.
The electronic device shown in the embodiment of the application is configured with a main bootstrap program and a backup bootstrap program, the main bootstrap program and the backed-up bootstrap program can be stored in different memories (such as a FLASH), and when the main bootstrap program is abnormal, the electronic device can enable the backup bootstrap program to complete the starting of a designated program in the bootstrap program, so as to complete the starting of an operating system.
Before describing step 101 and step 102, several concepts related to the embodiments of the present application will be described.
The first CRTM is the CRTM in the master boot program.
The first designated program is a program except the first CRTM in the main bootstrap program.
The second CRTM is a CRTM in the backup boot program corresponding to the primary boot program.
The second designated program is a program other than the second CRTM in the backup boot program.
The first and second terms do not have actual meanings, but are simply referred to as a method for convenience of description.
In this embodiment, after the electronic device is started, the electronic device may verify the first CRTM of the primary boot program.
If the verification of the first CRTM fails, the electronic device can verify a second CRTM in the backup boot program. And if the verification of the second CRTM passes, updating the first CRTM by using the second CRTM, and restarting the equipment. If the verification of the second CRTM fails, a preset policy is adopted for processing, for example, the preset policy may be that the device is suspended, the device sends an alarm message, or the like, where the preset policy is not specifically limited.
If the verification of the first CRTM passes, the electronic device can verify the first designated program in the main bootstrap program by using the first CRTM.
If the electronic device does not check the first designated program by using the first CRTM, the electronic device can check the second designated program in the backup boot program by using the first CRTM. If the verification of the second designated program by using the first CRTM passes, the electronic equipment can update the first designated program by using the second designated program and start the updated first designated program. And if the verification of the second appointed program by using the first CRTM is not passed, processing by adopting a preset strategy. Such as the device hanging, the device sending an alarm message, etc.
If the electronic device passes the verification of the first designated program by using the first CRTM, the electronic device may start the first designated program.
After the first designated program is started, the electronic device can use the first designated program to verify the operating system, and if the operating system is verified to be passed, the operating system can be started.
It should be noted that, when the check of the first CRTM fails, indicating that the first CRTM is abnormal (for example, the first CRTM is tampered), updating the first CRTM using the second CRTM mainly repairs the first CRTM in the master boot program.
When the first designated program fails to check, which indicates that the first designated program is abnormal (such as the first designated program is tampered), the second designated program is used to update the first designated program, and the first designated program in the main bootstrap program is mainly repaired.
The verification method may be performed by using a verification method recorded in a standard specification of a trusted computing system, and details are not described here.
As can be seen from the above description, the embodiment of the application configures the main boot program and the backup boot program, and when the main boot program is abnormal, the electronic device may enable the backup boot program to complete the start of the designated program in the boot program, so as to complete the start of the operating system.
Therefore, after the main bootstrap program of the electronic device is abnormal, the embodiment of the application can also complete the start of the operating system through the backup bootstrap program, so that compared with the prior art in which the start is completed only by adopting a single bootstrap program, the reliability of completing the start of the operating system is higher.
In addition, when the embodiment of the present application configures a primary boot program and a backup boot program, how to upgrade the primary boot program, and how to make the upgraded primary boot program and the upgraded backup boot program consistent after upgrading the primary boot program are also problems to be solved. To this end, the embodiments of the present application further provide a mechanism to solve these problems.
The concrete implementation is as follows:
in this embodiment of the present application, before the step of checking the first specific program in the master boot program by using the first CRTM, the following is further included:
the electronic device may detect whether there is an upgrade flag set for the primary boot program that characterizes the primary boot program as requiring an upgrade.
When the upgrade flag configured for the primary boot program is not present, the electronic device may further detect whether an update flag configured for the backup boot program is present. If the update mark exists, the television device can use the current main bootstrap program of the device to update the backup bootstrap program, after the update is completed, the update mark of the backup bootstrap program is cleared, and then the step of checking the first appointed program in the main bootstrap program by using the first CRTM is executed. If the update mark does not exist, the step of checking the first designated program in the main bootstrap program by using the first CRTM is directly executed.
When the upgrading mark configured for the main bootstrap program exists, the electronic equipment can verify the target bootstrap program to which the main bootstrap program needs to be upgraded. And if the target bootstrap program passes the verification, the electronic equipment upgrades the main bootstrap program to the target bootstrap program, clears the upgrade mark configured for the main bootstrap program and restarts the equipment. If the target bootstrap program is not verified, the electronic equipment can clear the upgrading mark configured for the main bootstrap program and further detect whether the updating mark configured for the backup bootstrap program exists. If the update mark exists, the electronic device can update the backup bootstrap program by using the current main bootstrap program of the device, and after the update is completed, the update mark of the backup bootstrap program is cleared, and then the step of checking the first designated program in the main bootstrap program by using the first CRTM is executed. If the update mark does not exist, the step of checking the first designated program in the main bootstrap program by using the first CRTM is directly executed.
In addition, after the updated first designated program is started, the electronic device may further check whether the current primary boot program and the backup boot program are consistent, and if not, set an update flag for the backup boot program.
For the setting of the upgrade flag, when the electronic device receives an upgrade instruction, the upgrade flag may be set for the master boot program.
As can be seen from the above description, when the main boot program needs to be upgraded, the embodiment of the present application may implement the upgrade of the main boot program through the above steps, and at the same time, the embodiment of the present application may further synchronize the main boot program and the backup boot program, so that after the main boot program is upgraded, the backup boot program may also be consistent with the upgraded main boot program, and further when a problem occurs in the subsequent main boot program, the latest backup boot program may be used to repair the main boot program, thereby completing the start of the operating system.
Next, taking the electronic device as a forwarding device and the Boot program as a Boot program as an example, the method for starting the operating system will be described in detail with reference to fig. 2.
Referring to fig. 2, fig. 2 is a flowchart illustrating another operating system booting method according to an exemplary embodiment of the present application, which may include the following steps.
Step 201: the forwarding device is powered up.
Step 202: the forwarding device checks the first CRTM.
The first CRTM is a CRTM of the master Boot, and the first designated program described below is a program in the master Boot except the first CRTM.
The second CRTM described below is a CRTM of the backup Boot, and the second designated program described below is a program in the backup Boot other than the second CRTM.
Step 203: the forwarding device may detect whether the check of the first CRTM passes.
If the check on the first CRTM passes, go to step 208;
if the check on the first CRTM does not pass, then step 204 is performed.
Step 204: if the forwarding device does not check the first CRTM, the forwarding device can check a second CRTM in the backup Boot.
Step 205: the forwarding device may detect whether the check for the second CRTM passes.
If the verification of the second CRTM passes, step 206 is performed, i.e., the second CRTM is used to update the first CRTM. After step 206 is executed, the procedure returns to step 201, i.e. the forwarding device is restarted.
If the verification of the second CRTM does not pass, step 207 is executed, i.e., a designated process is performed.
Step 206: if the check of the second CRTM is passed, the forwarding device can use the second CRTM to update the first CRTM.
Step 207: if the check of the second CRTM is not passed, the forwarding device can perform designated processing.
The designated process is a preconfigured process such as suspending the forwarding device, issuing alarm information, and the like, and is not specifically limited herein.
Step 208: if the check of the first CRTM is passed, the forwarding device can detect whether an upgrade flag configured for the master Boot exists.
If the upgrade flag configured for the master Boot exists, step 209 to step 211 are executed.
Specifically, if an upgrade flag configured for the master Boot exists, it is further detected whether verification of a target Boot to which the master Boot is upgraded passes. If the target Boot passes the verification, step 210 is executed, that is, the master Boot is upgraded to the target Boot, and the upgrade flag is cleared. After step 210 is executed, step 201 is executed, i.e. the forwarding device is restarted.
If the target Boot is not verified, step 211 is executed, that is, the upgrade flag is cleared, and step 212 is executed after step 211 is executed, that is, the forwarding device detects whether an update flag configured for the backup Boot exists.
If the upgrade flag configured for the master Boot does not exist, step 212 is directly executed, that is, the forwarding device detects whether an update flag configured for the backup Boot exists.
Step 209: and if the upgrading mark configured for the master Boot exists, the forwarding equipment detects whether the verification of the target Boot passes.
Step 210: if the target Boot passes the verification, the forwarding device may upgrade the master Boot to the target Boot and clear the upgrade flag.
In the embodiment of the present application, after the step 210 is executed, the step 201 is executed, that is, the forwarding device is restarted.
Step 211: if the target Boot is not checked, the forwarding equipment can clear the upgrading mark.
In the embodiment of the present application, after the step 211 is executed, the step 212 is executed.
Step 212: if the upgrade flag configured for the master Boot does not exist or the target Boot is not verified, the forwarding device may detect whether the update flag configured for the backup Boot exists.
If an update flag configured for the backup Boot exists, the forwarding device may perform step 213.
If there is no update flag configured for the backup Boot, the forwarding device may perform step 214.
Step 213: if the update mark configured for the backup Boot exists, the forwarding device updates the backup Boot by using the current master Boot, and clears the update mark.
Step 214: and if the update mark configured for the backup Boot does not exist, the forwarding equipment checks the first designated program by using the first CRTM.
Step 215: the forwarding device detects whether the check of the first specified program passes.
If the verification of the first designated program passes, then step 220 is performed.
If the verification of the first designated program does not pass, then step 216 is performed.
Step 216: when the first designated program is not verified, the forwarding device may verify the second designated program using the first CRTM.
Step 217: the forwarding device may detect whether the check for the second designated procedure passed.
If the second designated program is verified, then step 219 is performed.
If the verification of the second designated program does not pass, then step 218 is performed.
Step 218: when the check of the second specifying program is failed, the forwarding device may perform the specifying processing.
The designated process is a preconfigured process such as suspending the forwarding device, issuing alarm information, and the like, and is not specifically limited herein.
Step 219: when the check of the second designated program passes, the forwarding device may update the first designated program with the second designated program.
Step 220: the forwarding device may initiate a first designated procedure.
Step 221: the forwarding device may detect whether the master Boot and the backup Boot are consistent.
If the master Boot is consistent with the backup Boot, step 223 is executed.
If the master Boot is not consistent with the backup Boot, step 222 is executed.
Step 222: if the master Boot is not consistent with the backup Boot, the forwarding device may configure an update flag for the backup Boot.
Step 223: if the master Boot is consistent with the backup Boot, the forwarding device may detect whether the check of the operating system by using the master Boot passes.
If the operating system is not verified, then step 224 is performed.
If the operating system is verified, then step 225 is performed.
Step 224: if the check of the operating system is not passed, the forwarding device can perform designated processing.
The designated process is a preconfigured process such as suspending the forwarding device, issuing alarm information, and the like, and is not specifically limited herein.
Step 225: if the check of the operating system passes, the forwarding device can start the operating system.
As can be seen from the above description, in the embodiment of the present application, a master Boot and a backup Boot are configured, and when the master Boot is abnormal, the electronic device may start the backup Boot to complete the starting of a designated program in the Boot, thereby completing the starting of the operating system.
Therefore, when the master Boot of the electronic device is abnormal, the embodiment of the application can also finish the starting of the operating system through the backup Boot, so that compared with the prior art in which the starting of the operating system is finished by only adopting a single Boot, the reliability of finishing the starting of the operating system is higher.
In addition, after the master Boot needs to be upgraded, the embodiment of the present application may upgrade the master Boot through the above steps, and meanwhile, the embodiment of the present application may also update the backup Boot using the master Boot, so that after the master Boot is upgraded, the backup Boot may also be consistent with the upgraded master Boot, and further when the subsequent master Boot is abnormal, the latest backup Boot may be used to repair the master Boot, thereby completing the startup of the operating system.
Referring to fig. 3, fig. 3 is a block diagram illustrating an operating system booting apparatus according to an exemplary embodiment of the present application, which may be applied to an electronic device and may include the following elements.
A first verification unit 301, configured to verify a first CRTM configured in the master boot program after the device is powered on;
a second verification unit 302, configured to verify the first specified program in the master boot program by using the first CRTM if the verification of the first CRTM passes; the first appointed program is a program except the first CRTM in a main bootstrap program;
a third verifying unit 303, configured to verify, by using the first CRTM, a second specified program in the backup boot program corresponding to the primary boot program if the first specified program is not verified; configuring a second CRTM in the backup bootstrap program, wherein the second designated program is a program except the second CRTM in the backup bootstrap program;
the starting unit 304 is configured to update the first designated program by using the second designated program if the second designated program passes the verification, and start the updated first designated program, so as to complete the starting of the operating system by using the updated first designated program.
Optionally, the apparatus further comprises:
a fourth verification unit 305, configured to verify the second CRTM if the verification on the first CRTM fails; and if the verification of the second CRTM passes, updating the first CRTM by using the second CRTM, and restarting the equipment.
Optionally, the apparatus further comprises:
an upgrade updating unit 306, configured to detect whether there is an upgrade flag set for the primary boot program before the first specified program in the primary boot program is verified by using the first CRTM; when the upgrading mark does not exist, detecting whether an updating mark configured for the backup bootstrap program exists or not; if the update mark exists, updating the backup bootstrap program by using the current main bootstrap program of the equipment, clearing the update mark, and executing the step of checking a first designated program in the main bootstrap program by using the first CRTM; and if the update mark does not exist, executing the step of checking a first designated program in the master boot program by using the first CRTM.
Optionally, the upgrade updating unit 306 is further configured to, when the upgrade flag exists, verify a target boot program to which the main boot program is upgraded; if the target bootstrap program is not verified, clearing the upgrading mark, and detecting whether an updating mark configured for the backup bootstrap program exists; if the update mark exists, updating the backup bootstrap program by using the current main bootstrap program of the equipment, clearing the update mark, and executing the step of checking a first designated program in the main bootstrap program by using the first CRTM; and if the update mark does not exist, executing the step of checking a first designated program in the master boot program by using the first CRTM.
Optionally, the upgrade updating unit 306 is further configured to, before the upgrade flag is cleared and whether an update flag configured for the backup boot program exists is detected, if the target boot program passes verification, upgrade the main boot program to the target boot program; and clearing the upgrading mark and restarting the equipment.
Optionally, the apparatus further comprises:
a setting unit 307 for checking whether the primary boot program and the backup boot program are consistent; and if the backup boot program is inconsistent with the backup boot program, setting an update mark for the backup boot program.
Referring to fig. 4, fig. 4 is a hardware structure diagram of an electronic device according to an exemplary embodiment of the present application.
The electronic device includes: a communication interface 401, a processor 402, a machine-readable storage medium 403, and a bus 404; wherein the communication interface 401, the processor 402 and the machine-readable storage medium 403 communicate with each other via a bus 404. The processor 402 may perform the operating system boot method described above by reading and executing machine-executable instructions in the machine-readable storage medium 403 corresponding to the operating system boot control logic.
The machine-readable storage medium 403 referred to herein may be any electronic, magnetic, optical, or other physical storage device that can contain or store information such as executable instructions, data, and the like. For example, the machine-readable storage medium may be: volatile memory, non-volatile memory, or similar storage media. In particular, the machine-readable storage medium 403 may be a RAM (random Access Memory), a flash Memory, a storage drive (e.g., a hard disk drive), a solid state disk, any type of storage disk (e.g., a compact disk, a DVD, etc.), or similar storage medium, or a combination thereof.
The implementation process of the functions and actions of each unit in the above device is specifically described in the implementation process of the corresponding step in the above method, and is not described herein again.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the application. One of ordinary skill in the art can understand and implement it without inventive effort.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the scope of protection of the present application.

Claims (12)

1. An operating system starting method is applied to an electronic device, and comprises the following steps:
after the equipment is powered on, checking a first CRTM configured in a main bootstrap program;
if the verification of the first CRTM passes, the first CRTM is used for verifying a first designated program in the main bootstrap program; the first appointed program is a program except the first CRTM in a main bootstrap program;
if the verification of the first designated program is not passed, the first CRTM is used for verifying a second designated program in the backup boot program corresponding to the main boot program; configuring a second CRTM in the backup bootstrap program, wherein the second designated program is a program except the second CRTM in the backup bootstrap program;
and if the verification of the second designated program passes, updating the first designated program by using the second designated program, and starting the updated first designated program so as to finish the starting of the operating system by the updated first designated program.
2. The method of claim 1, further comprising:
if the verification of the first CRTM is not passed, verifying the second CRTM;
and if the verification of the second CRTM passes, updating the first CRTM by using the second CRTM, and restarting the equipment.
3. The method of claim 1, wherein prior to said verifying a first specified program in said primary boot program using said first CRTM, said method further comprises:
detecting whether an upgrade flag set for the main bootstrap program exists;
when the upgrading mark does not exist, detecting whether an updating mark configured for the backup bootstrap program exists or not;
if the update mark exists, updating the backup bootstrap program by using the current main bootstrap program of the equipment, clearing the update mark, and executing the step of checking a first designated program in the main bootstrap program by using the first CRTM;
and if the update mark does not exist, executing the step of checking a first designated program in the master boot program by using the first CRTM.
4. The method of claim 3, wherein the detecting whether there is an upgrade flag set for the primary boot program further comprises:
when the upgrading mark exists, verifying a target bootstrap program upgraded by the main bootstrap program;
if the target bootstrap program is not verified, clearing the upgrading mark, and detecting whether an updating mark configured for the backup bootstrap program exists;
if the update mark exists, updating the backup bootstrap program by using the current main bootstrap program of the equipment, clearing the update mark, and executing the step of checking a first designated program in the main bootstrap program by using the first CRTM;
and if the update mark does not exist, executing the step of checking a first designated program in the master boot program by using the first CRTM.
5. The method of claim 4, further comprising:
and if the target bootstrap program passes the verification, upgrading the main bootstrap program into the target bootstrap program, clearing the upgrading mark and restarting the device.
6. The method of claim 3 or 4, wherein after said initiating the updated first designated program, the method further comprises:
checking whether the primary boot program and the backup boot program are consistent;
and if the backup boot program is inconsistent with the backup boot program, setting an update mark for the backup boot program.
7. An operating system boot apparatus, wherein the apparatus is applied to an electronic device, the apparatus comprising:
the first verification unit is used for verifying the first CRTM configured in the main bootstrap program after the equipment is powered on;
a second verification unit, configured to verify, if the verification of the first CRTM passes, the first specified program in the master boot program using the first CRTM; the first appointed program is a program except the first CRTM in a main bootstrap program;
a third verification unit, configured to verify, by using the first CRTM, a second specified program in the backup boot program corresponding to the primary boot program if the first specified program is not verified; configuring a second CRTM in the backup bootstrap program, wherein the second designated program is a program except the second CRTM in the backup bootstrap program;
and the starting unit is used for updating the first designated program by using the second designated program and starting the updated first designated program if the second designated program passes the verification, so that the starting of the operating system is completed by the updated first designated program.
8. The apparatus of claim 7, further comprising:
a fourth verification unit, configured to verify the second CRTM if the verification on the first CRTM fails; and if the verification of the second CRTM passes, updating the first CRTM by using the second CRTM, and restarting the equipment.
9. The apparatus of claim 7, further comprising:
an upgrade updating unit, configured to detect whether an upgrade flag set for the primary boot program exists before the first specified program in the primary boot program is verified by using the first CRTM; when the upgrading mark does not exist, detecting whether an updating mark configured for the backup bootstrap program exists or not; if the update mark exists, updating the backup bootstrap program by using the current main bootstrap program of the equipment, clearing the update mark, and executing the step of checking a first designated program in the main bootstrap program by using the first CRTM; and if the update mark does not exist, executing the step of checking a first designated program in the master boot program by using the first CRTM.
10. The apparatus according to claim 9, wherein the upgrade updating unit is further configured to verify a target boot program to which the master boot program is upgraded when the upgrade flag is present; if the target bootstrap program is not verified, clearing the upgrading mark, and detecting whether an updating mark configured for the backup bootstrap program exists; if the update mark exists, updating the backup bootstrap program by using the current main bootstrap program of the equipment, clearing the update mark, and executing the step of checking a first designated program in the main bootstrap program by using the first CRTM; and if the update mark does not exist, executing the step of checking a first designated program in the master boot program by using the first CRTM.
11. The apparatus according to claim 10, wherein the upgrade updating unit is further configured to upgrade the master boot program to the target boot program if the target boot program is verified; and clearing the upgrading mark and restarting the equipment.
12. The apparatus of claim 9 or 10, further comprising:
a setting unit for checking whether the primary boot program and the backup boot program are consistent; and if the backup boot program is inconsistent with the backup boot program, setting an update mark for the backup boot program.
CN201811023507.3A 2018-09-03 2018-09-03 Operating system starting method and device Active CN109375953B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811023507.3A CN109375953B (en) 2018-09-03 2018-09-03 Operating system starting method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811023507.3A CN109375953B (en) 2018-09-03 2018-09-03 Operating system starting method and device

Publications (2)

Publication Number Publication Date
CN109375953A CN109375953A (en) 2019-02-22
CN109375953B true CN109375953B (en) 2022-03-25

Family

ID=65405073

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811023507.3A Active CN109375953B (en) 2018-09-03 2018-09-03 Operating system starting method and device

Country Status (1)

Country Link
CN (1) CN109375953B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109992311B (en) * 2019-03-25 2022-07-29 新华三技术有限公司 Starting method and device of operating system, storage medium and client
CN111625840A (en) * 2020-05-29 2020-09-04 杭州海康威视数字技术股份有限公司 Program checking method, program upgrading method and device
CN114139168B (en) * 2022-01-29 2022-05-24 苏州浪潮智能科技有限公司 TPCM measuring method, device and medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101165696A (en) * 2006-10-16 2008-04-23 中国长城计算机深圳股份有限公司 Safety identification method based on safe computer
CN102136044A (en) * 2010-07-14 2011-07-27 华为技术有限公司 Safe starting method, device and computer system
CN104951701A (en) * 2015-06-10 2015-09-30 北京工业大学 Method for guiding terminal equipment operation system based on USB controller

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8433924B2 (en) * 2006-12-18 2013-04-30 Lenovo (Singapore) Pte. Ltd. Apparatus, system, and method for authentication of a core root of trust measurement chain
US8943491B2 (en) * 2008-06-26 2015-01-27 Lenovo Enterprise Solutions (Singapore) Pte. Ltd. Systems and methods for maintaining CRTM code

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101165696A (en) * 2006-10-16 2008-04-23 中国长城计算机深圳股份有限公司 Safety identification method based on safe computer
CN102136044A (en) * 2010-07-14 2011-07-27 华为技术有限公司 Safe starting method, device and computer system
CN104951701A (en) * 2015-06-10 2015-09-30 北京工业大学 Method for guiding terminal equipment operation system based on USB controller

Also Published As

Publication number Publication date
CN109375953A (en) 2019-02-22

Similar Documents

Publication Publication Date Title
US9836606B2 (en) Secure recovery apparatus and method
US9507604B2 (en) Boot method and boot system
JP5575338B2 (en) Information processing apparatus, information processing method, and computer program
KR101687277B1 (en) Key revocation in system on chip devices
CN104850762B (en) Prevent the undesirable method of the movement of computer, computer program and computer
US9852298B2 (en) Configuring a system
US20110320794A1 (en) Flash System And Method For Updating The Flash System
CN109375953B (en) Operating system starting method and device
CN102023908A (en) Method and device for backing up boot program
WO2016206514A1 (en) Startup processing method and device
CN106775610B (en) Electronic equipment starting method and electronic equipment
TW202030602A (en) The method and system of bios recovery and update
WO2016062146A1 (en) Serial number information update method, device and terminal
CN113064604B (en) Firmware upgrading method and device
WO2015184732A1 (en) Bootstrap storage method, bootstrap fault recovery method and device, and computer storage medium
CN103455750A (en) High-security verification method and high-security verification system for embedded devices
CN111221553A (en) Firmware upgrading method and device
JP2006146709A (en) Update control program, update control method and update controller
WO2020043361A1 (en) Installing application program code on a vehicle control system
CN112905218B (en) Firmware upgrading method, device and equipment
CN117369847A (en) Method for upgrading firmware, electronic device and storage medium
CN117555565A (en) Soft support multi-partition FOTA upgrading method, upgrading system and rollback method
JP2001022572A (en) Information processing system and firmware updating method
KR20160046594A (en) Restoration method for package information of the memory

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20230531

Address after: 310052 11th Floor, 466 Changhe Road, Binjiang District, Hangzhou City, Zhejiang Province

Patentee after: H3C INFORMATION TECHNOLOGY Co.,Ltd.

Address before: 310052 Changhe Road, Binjiang District, Hangzhou, Zhejiang Province, No. 466

Patentee before: NEW H3C TECHNOLOGIES Co.,Ltd.

TR01 Transfer of patent right