CN109583189B - Firmware secure loading method and device, computer equipment and storage medium - Google Patents

Firmware secure loading method and device, computer equipment and storage medium Download PDF

Info

Publication number
CN109583189B
CN109583189B CN201811524830.9A CN201811524830A CN109583189B CN 109583189 B CN109583189 B CN 109583189B CN 201811524830 A CN201811524830 A CN 201811524830A CN 109583189 B CN109583189 B CN 109583189B
Authority
CN
China
Prior art keywords
encryption algorithm
asymmetric encryption
public key
core loading
abstract
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811524830.9A
Other languages
Chinese (zh)
Other versions
CN109583189A (en
Inventor
杨志佳
冯元元
冷志源
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Union Memory Information System Co Ltd
Original Assignee
Shenzhen Union Memory Information System Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Union Memory Information System Co Ltd filed Critical Shenzhen Union Memory Information System Co Ltd
Priority to CN201811524830.9A priority Critical patent/CN109583189B/en
Publication of CN109583189A publication Critical patent/CN109583189A/en
Application granted granted Critical
Publication of CN109583189B publication Critical patent/CN109583189B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to a method and a device for safely loading firmware, computer equipment and a storage medium, wherein the method comprises the steps of encrypting a multi-core loading project to obtain a ciphertext mirror image file; when the firmware is loaded, acquiring a ciphertext mirror image file; acquiring a secret key; decrypting the ciphertext mirror image file by using the secret key to obtain an asymmetric encryption algorithm public key abstract to be verified, a multi-core loading project, an asymmetric encryption algorithm public key and an asymmetric encryption algorithm digital signature; judging whether the public key abstract of the asymmetric encryption algorithm to be verified meets the preset requirement or not; if so, decrypting the asymmetric encryption algorithm digital signature to obtain a first multi-core loading engineering abstract; carrying out Hash algorithm processing on the multi-core loading engineering to obtain a second multi-core loading engineering abstract; judging whether the two multi-core loading engineering abstracts are consistent; and if so, running the multi-core loading project. The invention improves the safety during loading, solves the problem that the solid state hard disk controller is easy to be cracked, and prevents the controller from running illegal codes.

Description

Firmware secure loading method and device, computer equipment and storage medium
Technical Field
The invention relates to a solid state disk, in particular to a firmware secure loading method, a firmware secure loading device, a computer device and a storage medium.
Background
At present, the flow of loading firmware on a solid state disk is that a chip I is powered on, a code which is embedded in a microcontroller and used for normal work of the chip is firstly operated in a solid state disk controller, the code firstly loads a multi-core loading project of a plaintext from a nonvolatile flash memory chip, and the multi-core loading project is operated. The solid state hard disk controller loads a multi-core loading project, all loads in a plaintext mode, and by adopting the loading mode, the controller is easy to crack so as to run illegal codes, so that the safety performance is lower.
Therefore, it is necessary to design a new method to improve the security during loading, solve the problem that the solid state hard disk controller is easily broken, and prevent the controller from running illegal codes.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provides a firmware safe loading method, a firmware safe loading device, a computer device and a storage medium.
In order to achieve the purpose, the invention adopts the following technical scheme: the firmware safe loading method comprises the following steps:
encrypting the multi-core loading project to obtain a ciphertext mirror image file;
when the firmware is loaded, acquiring a ciphertext mirror image file;
acquiring a secret key for decrypting the ciphertext mirror image file;
decrypting the ciphertext mirror image file by using the secret key to obtain an asymmetric encryption algorithm public key abstract to be verified, a multi-core loading project, an asymmetric encryption algorithm public key and an asymmetric encryption algorithm digital signature;
judging whether the public key abstract of the asymmetric encryption algorithm to be verified meets preset requirements or not;
if so, decrypting the asymmetric encryption algorithm digital signature by adopting an asymmetric encryption algorithm public key to obtain a first multi-core loading engineering abstract;
carrying out Hash algorithm processing on the multi-core loading engineering to obtain a second multi-core loading engineering abstract;
judging whether the first multi-core loading engineering abstract is consistent with the second multi-core loading engineering abstract or not;
if yes, running a multi-core loading project to load the firmware.
The further technical scheme is as follows: the encrypting the multi-core loading project to obtain the ciphertext mirror image file comprises the following steps:
acquiring a multi-core loading engineering file;
carrying out Hash processing on the multi-core loading engineering file to obtain a second multi-core loading engineering abstract;
acquiring an asymmetric encryption algorithm private key, an asymmetric encryption algorithm public key and an advanced encryption standard secret key;
encrypting the second multi-core loading engineering digest by using an asymmetric encryption algorithm private key to generate an asymmetric encryption algorithm digital signature;
and performing advanced encryption standard encryption on a binary file consisting of the multi-core loading project, the asymmetric encryption algorithm public key and the asymmetric encryption algorithm digital signature by using an advanced encryption standard secret key to generate a ciphertext mirror image file.
The further technical scheme is as follows: the advanced encryption standard encryption is performed on the binary file consisting of the multi-core loading project, the asymmetric encryption algorithm public key and the asymmetric encryption algorithm digital signature by using the advanced encryption standard secret key to generate a ciphertext mirror image file, and the method further comprises the following steps:
writing the ciphertext mirror image file into a nonvolatile flash memory chip;
writing an advanced encryption standard key to a one-time programmable memory embedded in a microcontroller;
carrying out Hash processing on the asymmetric encryption algorithm public key to generate a standard asymmetric encryption algorithm public key abstract;
writing the standard asymmetric cryptographic algorithm public key digest into a one-time programmable memory embedded in the microcontroller.
The further technical scheme is as follows: the obtaining of the key for decrypting the ciphertext mirror image file includes:
obtaining an advanced encryption standard key from the one-time programmable memory;
and acquiring a public key abstract of the standard asymmetric encryption algorithm from the one-time programmable memory.
The further technical scheme is as follows: the decrypting the ciphertext mirror image file by using the secret key to obtain the asymmetric encryption algorithm public key abstract to be verified, the multi-core loading project, the asymmetric encryption algorithm public key and the asymmetric encryption algorithm digital signature comprises the following steps:
carrying out advanced encryption standard decryption on the ciphertext mirror image file by using an advanced encryption standard secret key to generate a plaintext file consisting of a multi-core loading project, an asymmetric encryption algorithm public key and an asymmetric encryption algorithm digital signature so as to obtain the multi-core loading project, the asymmetric encryption algorithm public key and the asymmetric encryption algorithm digital signature;
and carrying out Hash processing on the asymmetric encryption algorithm public key to generate an asymmetric encryption algorithm public key abstract to be verified.
The further technical scheme is as follows: the judging whether the asymmetric encryption algorithm public key abstract to be verified meets the preset requirement comprises the following steps:
judging whether the asymmetric encryption algorithm public key digest to be verified is consistent with the standard asymmetric encryption algorithm public key digest;
if so, the public key abstract of the asymmetric encryption algorithm to be verified meets the preset requirement;
if not, the public key abstract of the asymmetric encryption algorithm to be verified does not meet the preset requirement.
The further technical scheme is as follows: after the determining whether the first multi-core loading engineering abstract and the second multi-core loading engineering abstract are consistent, the method further includes:
if not, the firmware loading failure is displayed, and the code downloading function is skipped.
The invention also provides a firmware safe loading device, which comprises:
the encryption unit is used for carrying out encryption processing on the multi-core loading project to obtain a ciphertext mirror image file;
the image file acquisition unit is used for acquiring a ciphertext image file when the firmware is loaded;
the key obtaining unit is used for obtaining a key for decrypting the ciphertext mirror image file;
the first decryption unit is used for decrypting the ciphertext mirror image file by using a secret key to obtain an asymmetric encryption algorithm public key abstract to be verified, a multi-core loading project, an asymmetric encryption algorithm public key and an asymmetric encryption algorithm digital signature;
the first judgment unit is used for judging whether the public key abstract of the asymmetric encryption algorithm to be verified meets the preset requirement or not;
the second decryption unit is used for decrypting the digital signature of the asymmetric encryption algorithm by adopting the public key of the asymmetric encryption algorithm if the first multi-core loading engineering abstract is true, so as to obtain the first multi-core loading engineering abstract;
the hash processing unit is used for carrying out hash algorithm processing on the multi-core loading project to obtain a second multi-core loading project abstract;
a second determining unit, configured to determine whether the first multi-core loading engineering digest is consistent with the second multi-core loading engineering digest;
and the operation unit is used for operating the multi-core loading project to load the firmware if the firmware is in the multi-core loading project.
The invention also provides computer equipment, which is characterized by comprising a memory and a processor, wherein the memory stores a computer program, and the processor realizes the method when executing the computer program.
The invention also provides a storage medium, characterized in that the storage medium stores a computer program which, when executed by a processor, implements the method described above.
Compared with the prior art, the invention has the beneficial effects that: the invention adopts the advanced encryption standard algorithm, the asymmetric encryption algorithm and the Hash processing algorithm to encrypt the multi-core loading project, and combines the secret key of the advanced encryption standard algorithm, the public key and the private key of the asymmetric encryption algorithm to form a ciphertext mirror image file, when loading firmware, the ciphertext mirror image file needs to be decrypted, and after two judgment steps, the firmware loading is carried out only under the condition that the advanced encryption standard secret key, the public key of the asymmetric encryption algorithm, the private key of the asymmetric encryption algorithm and the multi-core loading project all meet the requirements, so that the safety during loading is improved, the problem that the solid state hard disk controller is easy to crack is solved, and the controller is prevented from operating illegal codes.
The invention is further described below with reference to the accompanying drawings and specific embodiments.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic view of an application scenario of a firmware secure loading method according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating a firmware secure loading method according to an embodiment of the present invention;
fig. 3 is a sub-flowchart of a firmware secure loading method according to an embodiment of the present invention;
fig. 4 is a sub-flowchart of a firmware secure loading method according to an embodiment of the present invention;
fig. 5 is a sub-flowchart of a firmware secure loading method according to an embodiment of the present invention;
fig. 6 is a sub-flowchart of a firmware secure loading method according to an embodiment of the present invention;
FIG. 7 is a schematic block diagram of a firmware security loading apparatus provided by an embodiment of the present invention;
FIG. 8 is a schematic block diagram of a computer device provided by an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It will be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in the specification of the present invention and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be further understood that the term "and/or" as used in this specification and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items.
Referring to fig. 1 and fig. 2, fig. 1 is a schematic view illustrating an application scenario of a firmware secure loading method according to an embodiment of the present invention. Fig. 2 is a schematic flowchart of a firmware secure loading method according to an embodiment of the present invention. The secure firmware loading method is applied to terminals and equipment with solid state disks, ciphertext mirror image files are manufactured by the terminals and mainly realized through a packaging tool, the manufactured ciphertext mirror image files and related keys are stored in the solid state disks, and the ciphertext mirror image files and the related keys are decrypted and used when the solid state disks load the firmware.
Fig. 2 is a flowchart illustrating a firmware secure loading method according to an embodiment of the present invention. As shown in fig. 2, the method includes the following steps S110 to S150.
And S110, encrypting the multi-core loading project to obtain a ciphertext mirror image file.
In this embodiment, the ciphertext mirror image file is an image file formed by encrypting two encryption and decryption algorithms, namely an advanced encryption standard and an asymmetric encryption algorithm digital signature, in a multi-core loading project, and combining the encryption and decryption algorithms with a related key.
In one embodiment, as shown in fig. 3, the step S110 may include steps S111 to S119.
And S111, acquiring the multi-core loading engineering file.
In this embodiment, a multi-core loading engineering file is first obtained from a solid state disk, and the multi-core loading engineering file is mainly used for loading firmware.
And S112, carrying out Hash processing on the multi-core loading engineering file to obtain a second multi-core loading engineering abstract.
In this embodiment, the second multi-core loading engineering digest is a digest obtained by performing hash processing on a multi-core loading engineering file and describing a hash value of the file.
And processing the multi-core loading engineering file by adopting a Hash algorithm, specifically, processing the file by adopting a Hash function to obtain a Hash value of the file, and forming a second multi-core loading engineering abstract.
S113, obtaining the private key of the asymmetric encryption algorithm, the public key of the asymmetric encryption algorithm and the secret key of the advanced encryption standard.
In the embodiment, the asymmetric encryption algorithm and the advanced encryption standard algorithm are used for encryption, so that the safety of the whole loading process is improved, and the controller is not easy to crack.
And S114, encrypting the second multi-core loading engineering digest by using the private key of the asymmetric encryption algorithm to generate a digital signature of the asymmetric encryption algorithm.
In this embodiment, the private key of the RSA asymmetric encryption algorithm is specifically used for encryption, and the public key is used for decryption, so as to achieve the effect of asymmetric encryption, thereby improving the security of the whole encryption process.
And S115, performing advanced encryption standard encryption on the binary file consisting of the multi-core loading project, the asymmetric encryption algorithm public key and the asymmetric encryption algorithm digital signature by using an advanced encryption standard secret key to generate a ciphertext mirror image file.
Specifically, the data block is encrypted by using an Advanced Encryption Standard (AES), the packet length of the AES encrypted data block must be 128 bits, and the key length of the AES encrypted data block may be any one of 128 bits, 192 bits, and 256 bits (if the data block and the key are insufficient, they are complemented). AES encryption has many rounds of repetition and transformation. Key expansion; an initial wheel; repeating rounds, each round in turn comprising: byte substitution, row shift, column obfuscation, round key addition; the final round, which is not column obfuscated, is replaced with another round key addition. Wherein, the byte replacement is to replace each byte with the corresponding byte by a non-linear replacement function in a lookup table mode. The row shift is a cyclic shift of each row in the matrix, such as a forward row shift and a reverse row shift. Column obfuscation is to fully mix the operations of the straight rows in the matrix, which uses a linear transformation to mix the four bytes of each column, such as forward column obfuscation and reverse column obfuscation. Round key addition is that each byte in the matrix is subjected to XOR operation with the secondary round key; each subkey is generated by a key generation scheme.
The advanced encryption standard encryption is carried out on the binary file consisting of the multi-core loading project, the asymmetric encryption algorithm public key and the asymmetric encryption algorithm digital signature by adopting the AES, so that the safety of the whole ciphertext mirror image file can be further improved.
And S116, writing the ciphertext mirror image file into the nonvolatile flash memory chip.
In this embodiment, the ciphertext mirror image file is written into the nonvolatile flash memory chip, so that the controller can load the file to decrypt and load the firmware.
S117, writing the advanced encryption standard secret key into a one-time programmable memory embedded in the microcontroller;
s118, carrying out Hash processing on the asymmetric encryption algorithm public key to generate a standard asymmetric encryption algorithm public key abstract;
and S119, writing the public key abstract of the standard asymmetric encryption algorithm into a one-time programmable memory embedded in the microcontroller.
The secret key of the advanced encryption standard algorithm is written in a one-time programmable memory of a controller of the solid-state hard disk, the private key of the asymmetric encryption algorithm is stored by a secret person made of an image, namely in the hand of a terminal holder, the public key of the asymmetric encryption algorithm is packed with the multi-core loading engineering and the digital signature of the asymmetric encryption algorithm, namely the secret key is encrypted by adopting AES (advanced encryption standard) and then downloaded into a nonvolatile flash memory chip, three key elements are stored in different positions, and only if the three key elements are owned at the same time, the decryption can be carried out, and the firmware is loaded safely.
And S120, acquiring the ciphertext mirror image file when the firmware is loaded.
In this embodiment, a code embedded in the microcontroller for normal operation of the chip is configured in a loading mode of the nonvolatile flash memory chip, the chip is powered on, the code is run, and an AES-encrypted ciphertext mirror image file composed of a multi-core loading project, an asymmetric encryption algorithm public key and an asymmetric encryption algorithm digital signature is read from the nonvolatile flash memory chip through the code.
S130, obtaining a secret key for decrypting the ciphertext mirror image file.
In this embodiment, the key includes an advanced encryption standard key and a public key digest of a standard asymmetric encryption algorithm.
In one embodiment, as shown in fig. 4, the step S130 may include steps S131 to S132.
S131, acquiring an advanced encryption standard secret key from the one-time programmable memory;
and S132, acquiring a public key abstract of the standard asymmetric encryption algorithm from the one-time programmable memory.
S140, decrypting the ciphertext mirror image file by using the secret key to obtain the asymmetric encryption algorithm public key abstract to be verified, the multi-core loading project, the asymmetric encryption algorithm public key and the asymmetric encryption algorithm digital signature.
In this embodiment, the process of loading the firmware is equivalent to performing a decryption operation on the initial encryption process.
In one embodiment, as shown in fig. 5, the step S140 may include steps S141 to S142.
S141, performing advanced encryption standard decryption on the ciphertext mirror image file by using an advanced encryption standard secret key to generate a plaintext file consisting of a multi-core loading project, an asymmetric encryption algorithm public key and an asymmetric encryption algorithm digital signature so as to obtain the multi-core loading project, the asymmetric encryption algorithm public key and the asymmetric encryption algorithm digital signature;
and S142, carrying out Hash processing on the asymmetric encryption algorithm public key to generate an asymmetric encryption algorithm public key abstract to be verified.
The AES decryption process is a reverse process of the AES encryption process for manufacturing the ciphertext mirror image file, and the Hash processing on the asymmetric encryption algorithm public key is consistent with the Hash processing process of the asymmetric encryption algorithm public key for manufacturing the ciphertext mirror image file, so that the consistency of comparison is ensured.
S150, judging whether the public key abstract of the asymmetric encryption algorithm to be verified meets the preset requirement.
In this embodiment, the preset requirement means that the to-be-verified public key digest of the asymmetric cryptographic algorithm is consistent with the public key digest of the standard asymmetric cryptographic algorithm.
In one embodiment, as shown in fig. 6, the step S150 may include steps S151 to S153.
S151, judging whether the to-be-verified asymmetric encryption algorithm public key digest is consistent with the standard asymmetric encryption algorithm public key digest;
s152, if yes, the public key abstract of the asymmetric encryption algorithm to be verified meets the preset requirement;
and S153, if not, the public key abstract of the asymmetric encryption algorithm to be verified does not meet the preset requirement.
If not, the step S200 is carried out;
and S160, if so, decrypting the asymmetric encryption algorithm digital signature by adopting the asymmetric encryption algorithm public key to obtain the first multi-core loading engineering abstract.
S170, carrying out hash algorithm processing on the multi-core loading project to obtain a second multi-core loading project abstract.
The second multi-core loading project digest is the digest which is generated in the process of making the ciphertext mirror image file and is related to the multi-core loading project and has the hash value of the digest.
S180, judging whether the first multi-core loading engineering abstract is consistent with the second multi-core loading engineering abstract or not;
s190, if yes, running a multi-core loading project to load the firmware;
s200, if not, displaying that the firmware loading fails, and jumping to a code downloading function.
The solid state hard disk controller needs to obtain a high-level encryption standard secret key, an asymmetric encryption algorithm public key and an asymmetric encryption algorithm private key when the code normally runs, and the three are all in short. If the secret key is not leaked, the controller cannot be cracked, the illegal codes cannot be run in the solid state disk controller, and the multi-core loading project can be run only when the project that the multi-core loading project is the solid state disk is ensured, so that the firmware can be loaded.
According to the firmware safe loading method, the high-level encryption standard algorithm, the asymmetric encryption algorithm and the Hash processing algorithm are adopted to encrypt the multi-core loading project, the secret key of the high-level encryption standard algorithm, the public key of the asymmetric encryption algorithm and the private key are combined to form the ciphertext mirror image file, the ciphertext mirror image file needs to be decrypted when the firmware is loaded, two judgment steps are carried out, the firmware loading is carried out only under the condition that the high-level encryption standard secret key, the public key of the asymmetric encryption algorithm, the private key of the asymmetric encryption algorithm and the multi-core loading project meet the requirements, the safety in loading is improved, the problem that a solid state hard disk controller is easy to break is solved, and the controller is prevented from running illegal codes.
Fig. 7 is a schematic block diagram of a firmware security loading apparatus 300 according to an embodiment of the present invention. As shown in fig. 7, the present invention further provides a firmware security loading apparatus 300 corresponding to the above firmware security loading method. The firmware security loading apparatus 300 includes a unit for executing the above firmware security loading method, and the apparatus may be configured in a terminal such as a desktop computer, a tablet computer, a portable computer, and a device with a solid state disk.
Specifically, referring to fig. 7, the firmware security loading apparatus 300 includes:
the encryption unit 301 is configured to encrypt the multi-core loading project to obtain a ciphertext mirror image file;
an image file obtaining unit 302, configured to obtain a ciphertext image file when the firmware is loaded;
a key obtaining unit 303, configured to obtain a key for decrypting the ciphertext mirror file;
the first decryption unit 304 is configured to decrypt the ciphertext mirror image file with a secret key to obtain an asymmetric encryption algorithm public key digest to be verified, a multi-core loading project, an asymmetric encryption algorithm public key, and an asymmetric encryption algorithm digital signature;
a first determining unit 305, configured to determine whether the public key digest of the asymmetric encryption algorithm to be verified meets a preset requirement;
the second decryption unit 306 is configured to decrypt the asymmetric encryption algorithm digital signature by using the asymmetric encryption algorithm public key if the first multi-core loading engineering digest is obtained;
a hash processing unit 307, configured to perform hash algorithm processing on the multi-core loading project to obtain a second multi-core loading project digest;
a second determining unit 308, configured to determine whether the first multi-core loading engineering digest and the second multi-core loading engineering digest are consistent;
and a running unit 309, configured to run a multi-core loading project to load the firmware if the firmware is not the same as the firmware.
In one embodiment, the encryption unit 301 includes:
the file acquisition subunit is used for acquiring the multi-core loading engineering file;
the first hash processing subunit is used for performing hash processing on the multi-core loading engineering file to obtain a second multi-core loading engineering abstract;
the first secret key obtaining subunit is used for obtaining an asymmetric encryption algorithm private key, an asymmetric encryption algorithm public key and an advanced encryption standard secret key;
the digest encryption subunit is used for encrypting the second multi-core loading engineering digest by using an asymmetric encryption algorithm private key so as to generate an asymmetric encryption algorithm digital signature;
the image file generation subunit is used for performing advanced encryption standard encryption on a binary file consisting of the multi-core loading project, the asymmetric encryption algorithm public key and the asymmetric encryption algorithm digital signature by using an advanced encryption standard secret key to generate a ciphertext image file;
the file writing subunit is used for writing the ciphertext mirror image file into the nonvolatile flash memory chip;
the key writing subunit is used for writing the advanced encryption standard key into a one-time programmable memory embedded in the microcontroller;
the public key processing subunit is used for carrying out Hash processing on the asymmetric encryption algorithm public key to generate a standard asymmetric encryption algorithm public key abstract;
and the public key writing subunit is used for writing the public key abstract of the standard asymmetric encryption algorithm into a one-time programmable memory embedded in the microcontroller.
In an embodiment, the key obtaining unit 303 includes
The standard key obtaining subunit is used for obtaining the advanced encryption standard key from the one-time programmable memory;
and the digest acquisition subunit is used for acquiring the public key digest of the standard asymmetric cryptographic algorithm from the one-time programmable memory.
In an embodiment, the first decryption unit 304 includes:
the advanced decryption subunit is used for performing advanced encryption standard decryption on the ciphertext mirror image file by using an advanced encryption standard secret key to generate a plaintext file consisting of a multi-core loading project, an asymmetric encryption algorithm public key and an asymmetric encryption algorithm digital signature so as to obtain the multi-core loading project, the asymmetric encryption algorithm public key and the asymmetric encryption algorithm digital signature;
and the to-be-verified abstract generating subunit is used for carrying out hash processing on the asymmetric encryption algorithm public key so as to generate the to-be-verified asymmetric encryption algorithm public key abstract.
In addition, the above apparatus further comprises:
and the display unit 310 is used for displaying that the firmware loading fails and jumping to the code downloading function if the firmware loading fails.
It should be noted that, as can be clearly understood by those skilled in the art, the specific implementation processes of the firmware security loading apparatus 300 and each unit may refer to the corresponding descriptions in the foregoing method embodiments, and for convenience and brevity of description, no further description is provided herein.
The firmware security loading apparatus 300 may be implemented in a form of a computer program, which can be run on a computer device as shown in fig. 8.
Referring to fig. 8, fig. 8 is a schematic block diagram of a computer device according to an embodiment of the present application. The computer device 500 may be a terminal with a solid state disk, or may be a server with a solid state disk, where the terminal may be an electronic device with a communication function, such as a smart phone, a tablet computer, a notebook computer, and a desktop computer. The server may be an independent server or a server cluster composed of a plurality of servers.
Referring to fig. 8, the computer device 500 includes a processor 502, memory, and a network interface 505 connected by a system bus 501, where the memory may include a non-volatile storage medium 503 and an internal memory 504.
The non-volatile storage medium 503 may store an operating system 5031 and a computer program 5032. The computer programs 5032 include program instructions that, when executed, cause the processor 502 to perform a firmware security loading method.
The processor 502 is used to provide computing and control capabilities to support the operation of the overall computer device 500.
The internal memory 504 provides an environment for the operation of the computer program 5032 in the non-volatile storage medium 503, and when the computer program 5032 is executed by the processor 502, the processor 502 can execute a firmware security loading method.
The network interface 505 is used for network communication with other devices. Those skilled in the art will appreciate that the configuration shown in fig. 8 is a block diagram of only a portion of the configuration relevant to the present teachings and does not constitute a limitation on the computer device 500 to which the present teachings may be applied, and that a particular computer device 500 may include more or less components than those shown, or combine certain components, or have a different arrangement of components.
Wherein the processor 502 is configured to run the computer program 5032 stored in the memory to implement the following steps:
encrypting the multi-core loading project to obtain a ciphertext mirror image file;
when the firmware is loaded, acquiring a ciphertext mirror image file;
acquiring a secret key for decrypting the ciphertext mirror image file;
decrypting the ciphertext mirror image file by using the secret key to obtain an asymmetric encryption algorithm public key abstract to be verified, a multi-core loading project, an asymmetric encryption algorithm public key and an asymmetric encryption algorithm digital signature;
judging whether the public key abstract of the asymmetric encryption algorithm to be verified meets preset requirements or not;
if so, decrypting the asymmetric encryption algorithm digital signature by adopting an asymmetric encryption algorithm public key to obtain a first multi-core loading engineering abstract;
carrying out Hash algorithm processing on the multi-core loading engineering to obtain a second multi-core loading engineering abstract;
judging whether the first multi-core loading engineering abstract is consistent with the second multi-core loading engineering abstract or not;
if yes, running a multi-core loading project to load the firmware.
In an embodiment, when implementing the step of encrypting the multi-core loading project to obtain the ciphertext mirror image file, the processor 502 specifically implements the following steps:
acquiring a multi-core loading engineering file;
carrying out Hash processing on the multi-core loading engineering file to obtain a second multi-core loading engineering abstract;
acquiring an asymmetric encryption algorithm private key, an asymmetric encryption algorithm public key and an advanced encryption standard secret key;
encrypting the second multi-core loading engineering digest by using an asymmetric encryption algorithm private key to generate an asymmetric encryption algorithm digital signature;
and performing advanced encryption standard encryption on a binary file consisting of the multi-core loading project, the asymmetric encryption algorithm public key and the asymmetric encryption algorithm digital signature by using an advanced encryption standard secret key to generate a ciphertext mirror image file.
In an embodiment, after implementing the step of performing advanced encryption standard encryption on the binary file composed of the multi-core loading project, the public key of the asymmetric encryption algorithm, and the digital signature of the asymmetric encryption algorithm by using the advanced encryption standard key to generate the ciphertext mirror image file, the processor 502 further implements the following steps:
writing the ciphertext mirror image file into a nonvolatile flash memory chip;
writing an advanced encryption standard key to a one-time programmable memory embedded in a microcontroller;
carrying out Hash processing on the asymmetric encryption algorithm public key to generate a standard asymmetric encryption algorithm public key abstract;
writing the standard asymmetric cryptographic algorithm public key digest into a one-time programmable memory embedded in the microcontroller.
In an embodiment, when the processor 502 implements the step of obtaining the key for decrypting the ciphertext mirror image file, the following steps are specifically implemented:
obtaining an advanced encryption standard key from the one-time programmable memory;
and acquiring a public key abstract of the standard asymmetric encryption algorithm from the one-time programmable memory.
In an embodiment, when the processor 502 implements the steps of decrypting the ciphertext mirror image file by using the key to obtain the asymmetric encryption algorithm public key digest to be verified, the multi-core loading project, the asymmetric encryption algorithm public key, and the asymmetric encryption algorithm digital signature, the following steps are specifically implemented:
carrying out advanced encryption standard decryption on the ciphertext mirror image file by using an advanced encryption standard secret key to generate a plaintext file consisting of a multi-core loading project, an asymmetric encryption algorithm public key and an asymmetric encryption algorithm digital signature so as to obtain the multi-core loading project, the asymmetric encryption algorithm public key and the asymmetric encryption algorithm digital signature;
and carrying out Hash processing on the asymmetric encryption algorithm public key to generate an asymmetric encryption algorithm public key abstract to be verified.
In an embodiment, when the step of determining whether the public key digest of the asymmetric cryptographic algorithm to be verified meets the preset requirement is implemented by the processor 502, the following steps are specifically implemented:
judging whether the asymmetric encryption algorithm public key digest to be verified is consistent with the standard asymmetric encryption algorithm public key digest;
if so, the public key abstract of the asymmetric encryption algorithm to be verified meets the preset requirement;
if not, the public key abstract of the asymmetric encryption algorithm to be verified does not meet the preset requirement.
In an embodiment, after implementing the step of determining whether the first multi-core loading engineering digest and the second multi-core loading engineering digest are consistent, the processor 502 further implements the following steps:
if not, the firmware loading failure is displayed, and the code downloading function is skipped.
It should be understood that, in the embodiment of the present Application, the Processor 502 may be a Central Processing Unit (CPU), and the Processor 502 may also be other general-purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field-Programmable Gate arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components, and the like. Wherein a general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
It will be understood by those skilled in the art that all or part of the flow of the method implementing the above embodiments may be implemented by a computer program instructing associated hardware. The computer program includes program instructions, and the computer program may be stored in a storage medium, which is a computer-readable storage medium. The program instructions are executed by at least one processor in the computer system to implement the flow steps of the embodiments of the method described above.
Accordingly, the present invention also provides a storage medium. The storage medium may be a computer-readable storage medium. The storage medium stores a computer program, wherein the computer program, when executed by a processor, causes the processor to perform the steps of:
encrypting the multi-core loading project to obtain a ciphertext mirror image file;
when the firmware is loaded, acquiring a ciphertext mirror image file;
acquiring a secret key for decrypting the ciphertext mirror image file;
decrypting the ciphertext mirror image file by using the secret key to obtain an asymmetric encryption algorithm public key abstract to be verified, a multi-core loading project, an asymmetric encryption algorithm public key and an asymmetric encryption algorithm digital signature;
judging whether the public key abstract of the asymmetric encryption algorithm to be verified meets preset requirements or not;
if so, decrypting the asymmetric encryption algorithm digital signature by adopting an asymmetric encryption algorithm public key to obtain a first multi-core loading engineering abstract;
carrying out Hash algorithm processing on the multi-core loading engineering to obtain a second multi-core loading engineering abstract;
judging whether the first multi-core loading engineering abstract is consistent with the second multi-core loading engineering abstract or not;
if yes, running a multi-core loading project to load the firmware.
In an embodiment, when the processor executes the computer program to implement the step of encrypting the multi-core loading project to obtain the ciphertext mirror image file, the following steps are specifically implemented:
acquiring a multi-core loading engineering file;
carrying out Hash processing on the multi-core loading engineering file to obtain a second multi-core loading engineering abstract;
acquiring an asymmetric encryption algorithm private key, an asymmetric encryption algorithm public key and an advanced encryption standard secret key;
encrypting the second multi-core loading engineering digest by using an asymmetric encryption algorithm private key to generate an asymmetric encryption algorithm digital signature;
and performing advanced encryption standard encryption on a binary file consisting of the multi-core loading project, the asymmetric encryption algorithm public key and the asymmetric encryption algorithm digital signature by using an advanced encryption standard secret key to generate a ciphertext mirror image file.
In an embodiment, after the step of implementing advanced encryption standard encryption on the binary file composed of the multi-core loading project, the public key of the asymmetric encryption algorithm, and the digital signature of the asymmetric encryption algorithm by using the key of the advanced encryption standard to generate the ciphertext image file by executing the computer program, the processor further implements the following steps:
writing the ciphertext mirror image file into a nonvolatile flash memory chip;
writing an advanced encryption standard key to a one-time programmable memory embedded in a microcontroller;
carrying out Hash processing on the asymmetric encryption algorithm public key to generate a standard asymmetric encryption algorithm public key abstract;
writing the standard asymmetric cryptographic algorithm public key digest into a one-time programmable memory embedded in the microcontroller.
In an embodiment, when the processor executes the computer program to implement the step of obtaining the key for decrypting the ciphertext image file, the following steps are specifically implemented:
obtaining an advanced encryption standard key from the one-time programmable memory;
and acquiring a public key abstract of the standard asymmetric encryption algorithm from the one-time programmable memory.
In an embodiment, when the processor executes the computer program to decrypt the ciphertext mirror image file by using the key to obtain the asymmetric encryption algorithm public key digest to be verified, the multi-core loading project, the asymmetric encryption algorithm public key, and the asymmetric encryption algorithm digital signature, the following steps are specifically implemented:
carrying out advanced encryption standard decryption on the ciphertext mirror image file by using an advanced encryption standard secret key to generate a plaintext file consisting of a multi-core loading project, an asymmetric encryption algorithm public key and an asymmetric encryption algorithm digital signature so as to obtain the multi-core loading project, the asymmetric encryption algorithm public key and the asymmetric encryption algorithm digital signature;
and carrying out Hash processing on the asymmetric encryption algorithm public key to generate an asymmetric encryption algorithm public key abstract to be verified.
In an embodiment, when the processor executes the computer program to implement the step of determining whether the public key digest of the asymmetric encryption algorithm to be verified meets the preset requirement, the processor further implements the following steps:
judging whether the asymmetric encryption algorithm public key digest to be verified is consistent with the standard asymmetric encryption algorithm public key digest;
if so, the public key abstract of the asymmetric encryption algorithm to be verified meets the preset requirement;
if not, the public key abstract of the asymmetric encryption algorithm to be verified does not meet the preset requirement.
In an embodiment, after the step of determining whether the first multi-core loading engineering summary and the second multi-core loading engineering summary are consistent is implemented by the processor executing the computer program, the following steps are further implemented:
if not, the firmware loading failure is displayed, and the code downloading function is skipped.
The storage medium may be a usb disk, a removable hard disk, a Read-Only Memory (ROM), a magnetic disk, or an optical disk, which can store various computer readable storage media.
Those of ordinary skill in the art will appreciate that the elements and algorithm steps of the examples described in connection with the embodiments disclosed herein may be embodied in electronic hardware, computer software, or combinations of both, and that the components and steps of the examples have been described in a functional general in the foregoing description for the purpose of illustrating clearly the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative. For example, the division of each unit is only one logic function division, and there may be another division manner in actual implementation. For example, various elements or components may be combined or may be integrated into another system, or some features may be omitted, or not implemented.
The steps in the method of the embodiment of the invention can be sequentially adjusted, combined and deleted according to actual needs. The units in the device of the embodiment of the invention can be merged, divided and deleted according to actual needs. In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a storage medium. Based on such understanding, the technical solution of the present invention essentially or partially contributes to the prior art, or all or part of the technical solution can be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a terminal, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention.
While the invention has been described with reference to specific embodiments, the invention is not limited thereto, and various equivalent modifications and substitutions can be easily made by those skilled in the art within the technical scope of the invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (10)

1. The firmware safe loading method is characterized by comprising the following steps:
encrypting the multi-core loading project to obtain a ciphertext mirror image file;
when the firmware is loaded, acquiring a ciphertext mirror image file;
acquiring a secret key for decrypting the ciphertext mirror image file;
decrypting the ciphertext mirror image file by using the secret key to obtain an asymmetric encryption algorithm public key abstract to be verified, a multi-core loading project, an asymmetric encryption algorithm public key and an asymmetric encryption algorithm digital signature;
judging whether the public key abstract of the asymmetric encryption algorithm to be verified meets preset requirements or not;
if so, decrypting the asymmetric encryption algorithm digital signature by adopting an asymmetric encryption algorithm public key to obtain a first multi-core loading engineering abstract;
carrying out Hash algorithm processing on the multi-core loading engineering to obtain a second multi-core loading engineering abstract;
judging whether the first multi-core loading engineering abstract is consistent with the second multi-core loading engineering abstract or not;
if yes, running a multi-core loading project to load the firmware.
2. The secure firmware loading method according to claim 1, wherein the encrypting the multi-core loading project to obtain the ciphertext mirror image file comprises:
acquiring a multi-core loading engineering file;
carrying out Hash processing on the multi-core loading engineering file to obtain a second multi-core loading engineering abstract;
acquiring an asymmetric encryption algorithm private key, an asymmetric encryption algorithm public key and an advanced encryption standard secret key;
encrypting the second multi-core loading engineering digest by using an asymmetric encryption algorithm private key to generate an asymmetric encryption algorithm digital signature;
and performing advanced encryption standard encryption on a binary file consisting of the multi-core loading project, the asymmetric encryption algorithm public key and the asymmetric encryption algorithm digital signature by using an advanced encryption standard secret key to generate a ciphertext mirror image file.
3. The method for securely loading firmware according to claim 2, wherein after the advanced encryption standard encryption is performed on the binary file composed of the multi-core loading project, the public key of the asymmetric encryption algorithm, and the digital signature of the asymmetric encryption algorithm by using the advanced encryption standard key to generate the ciphertext mirror image file, the method further comprises:
writing the ciphertext mirror image file into a nonvolatile flash memory chip;
writing an advanced encryption standard key to a one-time programmable memory embedded in a microcontroller;
carrying out Hash processing on the asymmetric encryption algorithm public key to generate a standard asymmetric encryption algorithm public key abstract;
writing the standard asymmetric cryptographic algorithm public key digest into a one-time programmable memory embedded in the microcontroller.
4. The method for securely loading firmware according to any one of claims 1 to 3, wherein the obtaining a key for decrypting the ciphertext image file comprises:
obtaining an advanced encryption standard key from the one-time programmable memory;
and acquiring a public key abstract of the standard asymmetric encryption algorithm from the one-time programmable memory.
5. The secure firmware loading method according to claim 4, wherein the decrypting the ciphertext mirror image file by using the key to obtain the asymmetric encryption algorithm public key digest to be verified, the multi-core loading project, the asymmetric encryption algorithm public key and the asymmetric encryption algorithm digital signature comprises:
carrying out advanced encryption standard decryption on the ciphertext mirror image file by using an advanced encryption standard secret key to generate a plaintext file consisting of a multi-core loading project, an asymmetric encryption algorithm public key and an asymmetric encryption algorithm digital signature so as to obtain the multi-core loading project, the asymmetric encryption algorithm public key and the asymmetric encryption algorithm digital signature;
and carrying out Hash processing on the asymmetric encryption algorithm public key to generate an asymmetric encryption algorithm public key abstract to be verified.
6. The method for securely loading firmware according to claim 5, wherein the determining whether the digest of the public key of the asymmetric encryption algorithm to be verified meets a preset requirement includes:
judging whether the asymmetric encryption algorithm public key digest to be verified is consistent with the standard asymmetric encryption algorithm public key digest;
if so, the public key abstract of the asymmetric encryption algorithm to be verified meets the preset requirement;
if not, the public key abstract of the asymmetric encryption algorithm to be verified does not meet the preset requirement.
7. The method for secure firmware loading according to claim 1, wherein after determining whether the first multi-core loading engineering digest and the second multi-core loading engineering digest are consistent, the method further comprises:
if not, the firmware loading failure is displayed, and the code downloading function is skipped.
8. The firmware safe loading device is characterized by comprising:
the encryption unit is used for carrying out encryption processing on the multi-core loading project to obtain a ciphertext mirror image file;
the image file acquisition unit is used for acquiring a ciphertext image file when the firmware is loaded;
the key obtaining unit is used for obtaining a key for decrypting the ciphertext mirror image file;
the first decryption unit is used for decrypting the ciphertext mirror image file by using a secret key to obtain an asymmetric encryption algorithm public key abstract to be verified, a multi-core loading project, an asymmetric encryption algorithm public key and an asymmetric encryption algorithm digital signature;
the first judgment unit is used for judging whether the public key abstract of the asymmetric encryption algorithm to be verified meets the preset requirement or not;
the second decryption unit is used for decrypting the digital signature of the asymmetric encryption algorithm by adopting the public key of the asymmetric encryption algorithm if the first multi-core loading engineering abstract is true, so as to obtain the first multi-core loading engineering abstract;
the hash processing unit is used for carrying out hash algorithm processing on the multi-core loading project to obtain a second multi-core loading project abstract;
a second determining unit, configured to determine whether the first multi-core loading engineering digest is consistent with the second multi-core loading engineering digest;
and the operation unit is used for operating the multi-core loading project to load the firmware if the firmware is in the multi-core loading project.
9. A computer device, characterized in that the computer device comprises a memory, on which a computer program is stored, and a processor, which when executing the computer program implements the method according to any of claims 1 to 7.
10. A storage medium, characterized in that the storage medium stores a computer program which, when executed by a processor, implements the method according to any one of claims 1 to 7.
CN201811524830.9A 2018-12-13 2018-12-13 Firmware secure loading method and device, computer equipment and storage medium Active CN109583189B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811524830.9A CN109583189B (en) 2018-12-13 2018-12-13 Firmware secure loading method and device, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811524830.9A CN109583189B (en) 2018-12-13 2018-12-13 Firmware secure loading method and device, computer equipment and storage medium

Publications (2)

Publication Number Publication Date
CN109583189A CN109583189A (en) 2019-04-05
CN109583189B true CN109583189B (en) 2020-08-11

Family

ID=65928401

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811524830.9A Active CN109583189B (en) 2018-12-13 2018-12-13 Firmware secure loading method and device, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN109583189B (en)

Families Citing this family (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110008689A (en) * 2019-04-15 2019-07-12 苏州浪潮智能科技有限公司 A kind of BMC starting method, apparatus, equipment and computer readable storage medium
CN110109714B (en) * 2019-04-25 2022-03-29 深圳忆联信息系统有限公司 Method and device for improving firmware loading efficiency, computer equipment and storage medium
CN110704852B (en) * 2019-09-26 2021-06-08 江苏方天电力技术有限公司 Encryption system for RTOS system program image file
CN113127262B (en) * 2020-01-13 2024-05-14 北京地平线机器人技术研发有限公司 Image file generation method and device, electronic equipment and storage medium
CN113138775B (en) * 2020-01-20 2022-11-18 上海交通大学 Firmware protection method and system for vehicle-mounted diagnosis system
CN113656086A (en) * 2020-04-28 2021-11-16 瑞昱半导体股份有限公司 Method for safely storing and loading firmware and electronic device
CN113742784A (en) * 2020-05-27 2021-12-03 瑞昱半导体股份有限公司 System for applying method for accelerating verification of mapping file
CN111783072A (en) * 2020-07-15 2020-10-16 北京同源华安软件科技有限公司 Security control method and device under Linux system
CN111857756A (en) * 2020-07-23 2020-10-30 上海世麦智能科技有限公司 Safe flashing method and system based on hardware encryption
CN112306547A (en) * 2020-09-29 2021-02-02 北京软慧科技有限公司 Method and device for identifying firmware encryption mode
CN112131612B (en) * 2020-09-30 2024-03-08 杭州安恒信息安全技术有限公司 CF card data tamper-proof method, device, equipment and medium
CN112187544B (en) * 2020-09-30 2023-08-08 深圳忆联信息系统有限公司 Firmware upgrading method, device, computer equipment and storage medium
CN112433742A (en) * 2020-11-26 2021-03-02 中电金融设备系统(深圳)有限公司 Secure firmware updating method, device, equipment and storage medium
CN112560064A (en) * 2020-12-23 2021-03-26 Oppo广东移动通信有限公司 File detection method and device, storage medium and user terminal
CN112733092B (en) * 2020-12-30 2022-12-23 五八有限公司 Information processing method and device
CN113177222A (en) * 2021-05-28 2021-07-27 沈阳美行科技有限公司 Dynamic library processing method and device, electronic equipment and storage medium
CN113239363A (en) * 2021-06-01 2021-08-10 长江存储科技有限责任公司 Firmware updating method, device, equipment, readable storage medium and memory system
CN113688399A (en) * 2021-08-25 2021-11-23 深圳忆联信息系统有限公司 Firmware digital signature protection method and device, computer equipment and storage medium
CN114201224B (en) * 2021-12-13 2024-04-12 北京奕斯伟计算技术股份有限公司 Processor starting method, heterogeneous processor system and processor starting device
CN114266055B (en) * 2022-03-02 2022-05-27 山东华翼微电子技术股份有限公司 Multi-core firmware secure storage method and system
CN114817935A (en) * 2022-05-26 2022-07-29 无锡华大国奇科技有限公司 Chip safe starting method
CN116992474B (en) * 2023-08-29 2024-08-13 密卡思(深圳)电讯有限公司 Firmware encryption method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101436141A (en) * 2008-11-21 2009-05-20 深圳创维数字技术股份有限公司 Firmware upgrading and encapsulating method and device based on digital signing
CN103914658A (en) * 2013-01-05 2014-07-09 展讯通信(上海)有限公司 Safe starting method of terminal equipment, and terminal equipment
CN104156659A (en) * 2014-08-14 2014-11-19 电子科技大学 Embedded system secure start method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101436141A (en) * 2008-11-21 2009-05-20 深圳创维数字技术股份有限公司 Firmware upgrading and encapsulating method and device based on digital signing
CN103914658A (en) * 2013-01-05 2014-07-09 展讯通信(上海)有限公司 Safe starting method of terminal equipment, and terminal equipment
CN103914658B (en) * 2013-01-05 2017-02-22 展讯通信(上海)有限公司 Safe starting method of terminal equipment, and terminal equipment
CN104156659A (en) * 2014-08-14 2014-11-19 电子科技大学 Embedded system secure start method

Also Published As

Publication number Publication date
CN109583189A (en) 2019-04-05

Similar Documents

Publication Publication Date Title
CN109583189B (en) Firmware secure loading method and device, computer equipment and storage medium
CN106529308B (en) data encryption method and device and mobile terminal
US9311487B2 (en) Tampering monitoring system, management device, protection control module, and detection module
CN109034796B (en) Alliance chain-based transaction supervision method, electronic device and readable storage medium
US20230325516A1 (en) Method for file encryption, terminal, electronic device and computer-readable storage medium
CN113014380B (en) File data password management method and device, computer equipment and storage medium
US20110026712A1 (en) Concealing plain text in scrambled blocks
CN114491611B (en) Security chip anti-attack method and device based on backup data
CN104866784A (en) BIOS encryption-based safety hard disk, and data encryption and decryption method
US9729319B2 (en) Key management for on-the-fly hardware decryption within integrated circuits
CN110855433A (en) Data encryption method and device based on encryption algorithm and computer equipment
CN111538983A (en) User password generation method and device, computer equipment and storage medium
WO2020078804A1 (en) Puf based securing of device update
CN114266055A (en) Multi-core firmware secure storage method and system
CN117395030A (en) Data encryption method, data decryption method, electronic device, and storage medium
US20180013551A1 (en) Apparatus for obfuscating and restoring program execution code and method thereof
CN112385175B (en) Device for data encryption and integrity
US9367690B2 (en) Encryption and decryption methods applied on operating system
CN103347017A (en) Data processing method and system on chip
CN114297686A (en) System security encryption and decryption method and device, computer equipment and storage medium
CN109598105B (en) Method and device for safely loading firmware by microcontroller, computer equipment and storage medium
KR101579696B1 (en) System and method for obfuscating initiation values of a cryptography protocol
CN108256346B (en) Key data protection method, encryption protection device and embedded system device
CN109784072B (en) Security file management method and system
CN107278357B (en) Cryptographic system and method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant