CN109766134A - System start method, device, electronic equipment and storage medium - Google Patents
System start method, device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN109766134A CN109766134A CN201910018421.XA CN201910018421A CN109766134A CN 109766134 A CN109766134 A CN 109766134A CN 201910018421 A CN201910018421 A CN 201910018421A CN 109766134 A CN109766134 A CN 109766134A
- Authority
- CN
- China
- Prior art keywords
- image file
- signature
- verifying
- system image
- electronic equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 41
- 238000003860 storage Methods 0.000 title claims abstract description 28
- 238000012795 verification Methods 0.000 claims abstract description 16
- 238000004891 communication Methods 0.000 claims description 5
- 238000004590 computer program Methods 0.000 claims description 3
- 238000004422 calculation algorithm Methods 0.000 description 18
- 230000008569 process Effects 0.000 description 7
- 238000013478 data encryption standard Methods 0.000 description 5
- 230000000694 effects Effects 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The embodiment of the present application provides a kind of system start method, device, electronic equipment and storage medium, is related to encryption and decryption verification technique field.Method includes: to obtain encrypted system image file during system starts and runs;Encrypted system image file is decrypted, the system image file of decryption and the image file signature of system image file are obtained;To verifying for image file signature;Determining when being verified of image file signature, the system image file of starting operation decryption.It since system image file has already been through encryption before factory, therefore needs that encrypted system image file is decrypted, can sign and verify to the image file of system image file.The probability that code key is cracked just is reduced by preparatory encryption, and also prevents system image file and distorts, improves the safety of system.
Description
Technical field
This application involves encryption and decryption verification technique fields, in particular to a kind of system start method, device, electronics
Equipment and storage medium.
Background technique
During system starting, the prior art is often tested using signature of the root public key to system image file
Card.If being verified, then it represents that system image file is legal, runs the system image file to start.
But the safety of this mode is not high enough, once code key is cracked, then the safety of system just cannot ensure.
Summary of the invention
The application's is designed to provide a kind of system start method, device, electronic equipment and storage medium, is to improve
The safety of system.
To achieve the goals above, embodiments herein is accomplished in that
In a first aspect, the embodiment of the present application provides a kind of system start method, which comprises
During system starts and runs, encrypted system image file is obtained;
The encrypted system image file is decrypted, the system image file and the system mirror of decryption are obtained
As the image file of file is signed;
To verifying for image file signature;
Determining when being verified of the image file signature, starting runs the system image file of the decryption.
In the embodiment of the present application, since system image file has already been through encryption before factory, therefore need to encrypted
System image file be decrypted, can to the image file of system image file sign verify.By preparatory
Encryption just reduces the probability that code key is cracked, and also prevents system image file and distort, and improves the safety of system.
With reference to first aspect, in the first possible implementation, the image file signature of acquisition is to be wrapped
The authentication document of the signature containing the image file, to verifying for image file signature, comprising:
According to first key, the first verifying is carried out to the authentication document signature in the authentication document;
When determining that described first is verified, the second key in the authentication document is obtained;
According to second key, the carry out second of image file signature is verified.
In the embodiment of the present application, before being verified to image file signature, need to signing comprising image file
The legitimacy of authentication document is first verified, and removes verifying image file signature again when being verified.In this, pass through twice
Verifying greatly improves safety.
With reference to first aspect or the first possible implementation of first aspect, in second of possible implementation
In, obtain encrypted system image file, comprising:
Using the root public key being stored in One Time Programmable, to the signature of bootstrap loader needed for system starting into
Row verifying;
When determining that the signature verification of the bootstrap loader passes through, based on the bootstrap loader is run, execute
Step: encrypted system image file is obtained.
In the embodiment of the present application, due to before obtaining encrypted system image file, it is also necessary to first load journey to guidance
The signature verification of sequence, therefore the safety of system is improved again.
With reference to first aspect, in the third possible implementation, it is verified what is signed to the image file
Later, the method also includes:
Obstructed out-of-date in the verifying for determining image file signature, starting operation is stored in that erasable programmable is read-only to be deposited
The system image file of backup in reservoir, and the unacceptable information of verifying that the image file is signed is sent to service
Device.
In the embodiment of the present application, even if not passing through to image file signature verification, being also available with that operation is stored in can
The system image file of backup in erasable programmable read-only memory (EPROM), starting of the Lai Shixian system based on default setting are realized
The normal use for nor affecting on user in the event of an anomaly improves the usage experience of user.
Second aspect, the embodiment of the present application provide a kind of system starting device, which comprises
File obtains module, for obtaining encrypted system image file during system starts and runs.
File decryption module obtains the system mirror of decryption for the encrypted system image file to be decrypted
As the image file of file and the system image file is signed.
File verification module is verified for what is signed to the image file.
Running paper module, for determining when being verified of the image file signature, starting runs the decryption
System image file.
In conjunction with second aspect, in the first possible implementation, the image file signature of acquisition is to be wrapped
The authentication document of the signature containing the image file,
The file verification module, is also used to according to first key, to the authentication document in the authentication document sign into
Row first is verified;When determining that described first is verified, the second key in the authentication document is obtained;According to described second
Key verifies the carry out second of image file signature.
In conjunction with the possible implementation of the first of second aspect or second aspect, in second of possible implementation
In,
The file obtains module, is also used to using the root public key being stored in One Time Programmable, starts institute to system
The signature of the bootstrap loader needed is verified;When determining that the signature verification of the bootstrap loader passes through, based on fortune
The row bootstrap loader, executes step: obtaining encrypted system image file.
In conjunction with second aspect, in the third possible implementation, described device further include:
Backup starting module, for obstructed out-of-date in the verifying for determining the image file signature, starting operation is stored in
The system image file of backup in Erasable Programmable Read Only Memory EPROM, and the verifying that the image file is signed is not passed through
Information be sent to server.
The third aspect, the embodiment of the present application provide a kind of electronic equipment, and the electronic equipment includes: processor, storage
Device, bus and communication interface.
The processor, the communication interface and the memory are connected by the bus.
The memory, for storing program.
The processor, for executed by calling storage described program in the memory as in a first aspect,
Or system start method described in any implementation of first aspect.
Fourth aspect, the embodiment of the present application provide a kind of computer readable storage medium, the computer-readable storage
It is stored with computer program on medium, executes when the computer program is run by computer as in a first aspect, or first aspect
Any implementation described in system start method.
To enable the above objects, features, and advantages of the application to be clearer and more comprehensible, preferred embodiment is cited below particularly, and cooperate
Appended attached drawing, is described in detail below.
Detailed description of the invention
Technical solution in ord to more clearly illustrate embodiments of the present application, below will be to needed in the embodiment attached
Figure is briefly described, it should be understood that the following drawings illustrates only some embodiments of the application, therefore is not construed as pair
The restriction of range for those of ordinary skill in the art without creative efforts, can also be according to this
A little attached drawings obtain other relevant attached drawings.
Fig. 1 shows the structural block diagram of a kind of electronic equipment provided by the embodiments of the present application;
Fig. 2 shows a kind of flow charts of system start method provided by the embodiments of the present application;
Fig. 3 shows a kind of structural block diagram of system starting device provided by the embodiments of the present application.
Specific embodiment
To keep the purposes, technical schemes and advantages of the embodiment of the present application clearer, below in conjunction with the embodiment of the present application
In attached drawing, the technical scheme in the embodiment of the application is clearly and completely described, it should be understood that attached drawing in the application
The purpose of illustration and description is only played, is not used to limit the protection scope of the application.In addition, it will be appreciated that schematical attached
Figure does not press scale.Process used herein shows the behaviour realized according to some embodiments of the present application
Make.It should be understood that the operation of flow chart can be realized out of order, the step of context relation of logic can not inverted suitable
Sequence is implemented simultaneously.In addition, those skilled in the art are under the guide of teachings herein, can be added to flow chart one or
Other multiple operations, can also remove one or more operations from flow chart.
In addition, described embodiments are only a part of embodiments of the present application, instead of all the embodiments.Usually exist
The component of the embodiment of the present application described and illustrated in attached drawing can be arranged and be designed with a variety of different configurations herein.Cause
This, is not intended to limit claimed the application's to the detailed description of the embodiments herein provided in the accompanying drawings below
Range, but it is merely representative of the selected embodiment of the application.Based on embodiments herein, those skilled in the art are not being done
Every other embodiment obtained under the premise of creative work out, shall fall in the protection scope of this application.
It should be noted that term " includes " will be used in the embodiment of the present application, for pointing out the spy stated thereafter
The presence of sign, but the other features of increase are not precluded.
Referring to Fig. 1, the application, some embodiments provide a kind of electronic equipment 10, which can be terminal
Or server.
Wherein, when electronic equipment 10 can be terminal, terminal can be mobile phone, tablet computer, personal digital assistant
(PersonalDigital Assistant, PDA) or point-of-sale terminal (Point of Sales, POS) etc..
And in the case where electronic equipment 10 can be for server conditions, server can be individual server, be also possible to server
Group.Server group can be centralization, be also possible to distributed (for example, server can be distributed system).And
In some embodiments, server can be realized in cloud platform;Only as an example, cloud platform may include private clound, public cloud,
Mixed cloud, community cloud (community cloud), distributed cloud, across cloud (inter-cloud), cloudy (multi-cloud)
Deng or their any combination.
As shown in Figure 1, electronic equipment 10 either terminal or server, electronic equipment 10 may include being connected to network
Communication interface 11, the one or more processors 12 for executing program instructions, bus 13 and by various forms of storages be situated between
Texture at memory 14, for example, disk, ROM or RAM, or any combination thereof.Illustratively, computer platform can also wrap
Include be stored in ROM, RAM or other kinds of non-transitory storage medium, or any combination thereof in program instruction.According to this
The present processes may be implemented in a little program instructions.Electronic equipment 10 further include computer and other input-output equipment (such as
Keyboard, display screen) between input/output (Input/Output, I/O) interface 15.
Referring to Fig. 2, some embodiments of the present application provide a kind of system start method, which can be with
Electronic equipment is executed, and optionally, which may include: step S100, step S200, step S300 and step
Rapid S400.
Step S100: during system starts and runs, encrypted system image file is obtained.
Step S200: being decrypted the encrypted system image file, obtain decryption system image file and
The image file of the system image file is signed.
Step S300: to verifying for image file signature.
Step S400: when being verified of the image file signature is being determined, starting runs the system mirror of the decryption
As file.
The step of the present embodiment, will be described in detail below.
On an electronic device after electricity, electronic equipment can star the operation for the system installed in it, i.e. electronic equipment can be with
It calls and runs the initial program inside the storage medium for being stored in electronic equipment, wherein storage medium can be rom chip
(Read Only Memory;Read-only storage).Electronic equipment is transported based on the initial program inside the storage medium to calling
Row, electronic equipment can start the process of execution system starting operation.
Certainly, generating also can store for verifying the root public key of the signature of the bootstrap loader in electronic equipment
OTP chip (One Time Programmable;One Time Programmable) or the eFuse chip of One Time Programmable in.So,
During system starts and runs, electronic equipment also calls the program in OTP chip or eFuse chip accordingly, thus
The root public key of the signature for being used to verify the bootstrap loader can be obtained.
In the present embodiment, electronic equipment can use preset bootstrap loader, that is, utilize preset Bootloader
It goes to execute the operation to the system image file in electronic equipment.So, it is the safety for guaranteeing system, guides load journey executing
Before sequence, need whether to verify bootstrap loader safely.
It can be pre- before electronic equipment appearance as the optional way whether verified safely to bootstrap loader
The signature of the bootstrap loader is generated by the Encryption Algorithm encryption of root private key first with bootstrap loader, and is generated
For verifying the root public key of the signature of the bootstrap loader.Wherein, Encryption Algorithm can be symmetric encipherment algorithm such as DES calculation
Method (Data Encryption Standard, data encryption standards), (Rivest Cipher 4, Reeves spy are close for RC4 algorithm
Code 4) etc., rivest, shamir, adelman such as ECC algorithm (Elliptic curve cryptography, elliptic curve encryption algorithm) etc.,
Hash algorithm such as MD2 algorithm (Message Digest Algorithm2, Message Digest 5 2) etc..And it can also incite somebody to action
The signature of the bootstrap loader of generation and corresponding root public key are stored in initial program.
It is that for electronic equipment based on the operation to initial program, electronic equipment can obtain the initial journey accordingly in this
The signing messages of bootstrap loader in sequence and corresponding root public key.So, electronic equipment can utilize the root public key pair
The signature of bootstrap loader is verified, i.e., electronic equipment can use the root public key and carry out to the signature of bootstrap loader
Decryption, if successful decryption, illustrates to be verified, not pass through conversely, then verifying.
Determine that the verifying of the signature of bootstrap loader is obstructed out-of-date, in electronic equipment so to prevent system appearance at this time
It hangs up and system is caused not start normally, therefore before electronic equipment factory, it can be in advance by initial bootstrap loader
Backup storage is into the not writeable region in electronic equipment, for example, storage (erasable into the EPROM of electronic equipment
programmable read-only memory;Erasable Programmable Read Only Memory EPROM).In this way, electronic equipment can be from
The bootstrap loader of the backup is read and run in EPROM, so that system can continue to start.It but is the verifying for recording this
Do not pass through, electronic equipment can be generated the unacceptable information of verifying for indicating the signature of bootstrap loader and be sent to
To server, enables and administrative staff's timely learning at server and formulate corresponding reclamation activities.
When being verified of signature of bootstrap loader is so determined in electronic equipment, then electronic equipment can be after
It is continuous that the required system image file of system starting is read from storage medium such as hard disk.Wherein, system image file can be
With all types of system image files needed for system starting, for example, TEE mirror image (Trusted Execution
Environment, credible performing environment), kernel mirror image etc..Certainly, with the progress of Booting sequence, electronic equipment is read
The type of system image file is also had nothing in common with each other;For example, based on the execution to bootstrap loader, electronic equipment most starts can be with
TEE mirror image is read, and to after being verified and run TEE mirror image of TEE mirror image, electronic equipment can continue to read kernel mirror
Picture successively reads the mirror image of next stage after being verified like this, until all mirror images are read.
For ease of understanding, the present embodiment is read out and is verified with the system system image file primary to certain to illustrate this
Application, but it is not intended as the restriction to the application.
In this, electronic equipment can execute step S100.
Step S100: during system starts and runs, encrypted system image file is obtained.
For the safety for guaranteeing system image file, system image file is avoided to be tampered, therefore before electronic equipment factory
System image file and authentication document can be encrypted by the Encryption Algorithm of root private key, to obtain encrypted system
Image file, and the root public key for decrypting the encrypted system image file also can be generated.Wherein, which can
To be the file of the image file signature comprising the system image file, it can be used for electronic equipment verifying system image file
Safety.Certainly, the root public key for being used to decrypt the encrypted system image file can also be stored in rom chip,
In OTP chip or eFuse chip.
In the present embodiment, to guarantee efficiency in system starting process, that is, it is required to the starting of complete paired systems as soon as possible,
Symmetric encipherment algorithm such as DES algorithm (Data Encryption so can be used to the encryption of system image file
Standard, data encryption standards), RC4 algorithm (Rivest Cipher 4, Reeves spy password 4) etc..But if further
The safety of raising system starting, then the encryption to system image file can then add using rivest, shamir, adelman is asymmetric
Close algorithm such as ECC algorithm (Elliptic curve cryptography, elliptic curve encryption algorithm) etc., but will lead in this way and be
The time-consuming of start-up course of uniting can be longer compared with symmetric encipherment algorithm.And each type of system image file can be using not
Same root private key encryption, to improve safety.It certainly, can be to an electronic equipment or a batch from the angle for saving code key
Electronic equipment all encrypts its system image file using identical root private key.
Therefore after electronic equipment obtains the encrypted system image file, electronic equipment is just needed to the encrypted system
System image file is decrypted, i.e., electronic equipment can continue to execute step S200.
Step S200: being decrypted the encrypted system image file, obtain decryption system image file and
The image file of the system image file is signed.
While electronic equipment obtains the encrypted system image file, electronic equipment is also from rom chip, OTP chip
Or root public key for decrypting the encrypted system image file is obtained in eFuse chip.And it also can use the root public key
Encrypted system image file is decrypted.
So electronic equipment determine encrypted system image file decryption it is unsuccessful when, also to prevent system at this time
Appearance is hung up and system is caused not start normally, therefore before electronic equipment factory, it can also be in advance by the system mirror of unencryption
As file backup store into the not writeable region in electronic equipment, for example, being also stored into the EPROM of electronic equipment.This
Sample, electronic equipment can read from EPROM and run the system image file of the unencryption of the backup, so that system can
Continue to start.But do not pass through to record this verifying, electronic equipment can be generated for indicating the encrypted system image
File guidance decrypts failed information and simultaneously sends it to server, enables administrative staff's timely learning at server
And formulate corresponding reclamation activities.
So when electronic equipment determines the successful decryption of encrypted system image file, electronic equipment can then be obtained
Decrypt file obtained from the encrypted system image file, it can obtain the system image file of the decryption, and obtain
Obtain the authentication document that the image file comprising the system image file is signed.
Based on this, electronic equipment can continue to execute step S300.
Step S300: to verifying for image file signature.
In the present embodiment, to improve safety, the mirror image of the system image file not only may include in the authentication document
File signature can also be signed comprising the authentication document of authentication document in the authentication document.
In detail, before electronic equipment factory, it can use system image text of the Encryption Algorithm to the decryption of root private key
Part is encrypted, to generate the signature of the system image file, and also generates this for verifying the system image file
The root public key of signature, wherein the root public key for being used to verify the signature of the system image file can be used as the second key.
In this way, it includes any for the signature of the system image file and the second key being written to the authentication document
In two fields, for example, the signature of system image file is written in the first field of authentication document, and by the second key
It is written in the second field of authentication document, but also it's not limited to that.
Based on this, then the authentication document can also be encrypted using the Encryption Algorithm of root private key, to generate
The signature of the authentication document, and also generate the root public key of the signature for being used for authentication verification file, wherein this, which is used to verify, recognizes
The root public key for demonstrate,proving the signature of file can be used as the first code key.
It includes example in any one field that the signature of authentication document just can also be written to the authentication document in this way
Such as, the signature of system image file is written in the 4th field of authentication document.Wherein, the third field in authentication document can
Some extension information are written, in order to there are some scalability applications to the authentication document, therefore this is not limited.And base
In first code key, just first code key can also be stored into rom chip, OTP chip or eFuse chip.
Therefore, for electronic equipment while obtaining the authentication document, electronic equipment just can also obtain rom chip, OTP core
First code key in piece or eFuse chip.In this way, electronic equipment can based on first secret key pair authentication document
Authentication document signature in four fields carries out the first verifying, i.e., electronic equipment also can use the first secret key pair authentication document label
Name is decrypted, if successful decryption, illustrates to be verified, not pass through conversely, then verifying.
So determine that the verifying of authentication document signature is obstructed out-of-date in electronic equipment, for prevent at this time system occur hanging up and
System is caused not start normally, electronic equipment can also read from EPROM and run the system mirror of the unencryption of the backup
As file, so that system can continue to start.But do not pass through to record this verifying, electronic equipment also can be generated for table
Show the unsanctioned information of verifying of authentication document signature and be also sent to server, so that the administrative staff at server
Timely learning and corresponding reclamation activities can be formulated.
And when being verified of authentication document signature is determined in electronic equipment, then it represents that the authentication document is legal, therefore
According to processing logic, electronic equipment can continue to obtain the second key and image file signature in the authentication document.Therefore, electric
Sub- equipment can also carry out the second verifying based on the second secret key pair image file signature, i.e., electronic equipment also can use this
Second secret key pair image file signature is decrypted, if successful decryption, illustrates to be verified, not pass through conversely, then verifying.
So electronic equipment determine image file signature verifying it is obstructed out-of-date, also for prevent at this time system hang up
And system is caused not start normally, what electronic equipment can also read from the EPROM and run the unencryption of the backup is
System image file, so that system can continue to start.But do not pass through to record this verifying, use also can be generated in electronic equipment
In the unsanctioned information of verifying for indicating image file signature and it is also sent to server, so that the management at server
Personnel timely learning and can formulate corresponding reclamation activities.
Conversely, determining being verified for image file signature in electronic equipment, step S400 can be continued to execute.
Step S400: when being verified of the image file signature is being determined, starting runs the system mirror of the decryption
As file.
When being verified of image file signature is determined in electronic equipment, then it represents that the legitimacy of the system image file is full
Foot requires, therefore electronic equipment can star the system image file for running the decryption.
So, electronic equipment is based on decryption, the verifying to each system image file, and starting operation, electronic equipment
Just it is capable of the starting of complete paired systems.
Referring to Fig. 3, some embodiments of the present application provide a kind of system starting device 100, the system starting device
100 can be applied to electronic equipment, which may include:
File obtains module 110, for obtaining encrypted system image file during system starts and runs;
File decryption module 120, for the encrypted system image file to be decrypted, the system for obtaining decryption
The image file of image file and system image file signature;
File verification module 130 is verified for what is signed to the image file;
Running paper module 140, for determining when being verified of the image file signature, starting runs the solution
Close system image file.
Backup starting module 150, for obstructed out-of-date, the starting operation storage in the verifying for determining the image file signature
The system image file of backup in Erasable Programmable Read Only Memory EPROM, and the verifying that the image file is signed is obstructed
The information crossed is sent to server.
Optionally, the file obtains module 110, is also used to using the root public key being stored in One Time Programmable, right
The signature of bootstrap loader needed for system starting is verified;Pass through in the signature verification for determining the bootstrap loader
When, based on the bootstrap loader is run, executes step: obtaining encrypted system image file.
Optionally, authentication document of the image file signature of acquisition for acquisition comprising image file signature;
The file verification module 130 is also used to sign to the authentication document in the authentication document according to first key
Carry out the first verifying;When determining that described first is verified, the second key in the authentication document is obtained;According to described
Two keys verify the carry out second of image file signature.
It should be noted that due to it is apparent to those skilled in the art that, for the convenience and letter of description
Clean, system, the specific work process of device and unit of foregoing description can be with reference to corresponding in preceding method embodiment
Journey, details are not described herein.
The computer that some embodiments of the application additionally provide a kind of non-volatile program code that computer is executable can
Storage medium is read, is stored with program code on the computer readable storage medium, execution when which is run by computer
The step of system start method of any of the above-described embodiment.
Specifically, which can be general storage medium, such as mobile disk, hard disk, on the storage medium
Program code when being run, the step of being able to carry out the above-mentioned system start method for applying example, to improve the safety of system.
The program code product of system start method provided by the embodiment of the present application, the meter including storing program code
Calculation machine readable storage medium storing program for executing, the instruction that program code includes can be used for executing the method in previous methods embodiment, specific implementation
It can be found in embodiment of the method, details are not described herein.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description
It with the specific work process of device, can refer to corresponding processes in the foregoing method embodiment, details are not described herein.
In conclusion the embodiment of the present application provides a kind of system start method, device, electronic equipment and storage medium.
Method includes: to obtain encrypted system image file during system starts and runs;To encrypted system image text
Part is decrypted, and obtains the system image file of decryption and the image file signature of system image file;It signs to image file
Carry out verify;Determining when being verified of image file signature, the system image file of starting operation decryption.
Since system image file has already been through encryption before factory, thus need to encrypted system image file into
Row decryption can sign to the image file of system image file and verify.Code key quilt is just reduced by preparatory encryption
The probability cracked, and also prevent system image file and distort, improve the safety of system.
The above is only preferred embodiment of the present application, are not intended to limit this application, for those skilled in the art
For member, various changes and changes are possible in this application.Within the spirit and principles of this application, it is made it is any modification,
Equivalent replacement, improvement etc., should be included within the scope of protection of this application.It should also be noted that similar label and letter are under
Similar terms are indicated in the attached drawing in face, therefore, once being defined in a certain Xiang Yi attached drawing, are not then needed in subsequent attached drawing
It is further defined and explained.
More than, the only specific embodiment of the application, but the protection scope of the application is not limited thereto, and it is any to be familiar with
Those skilled in the art within the technical scope of the present application, can easily think of the change or the replacement, and should all cover
Within the protection scope of the application.Therefore, the protection scope of the application should be subject to the protection scope in claims.
Claims (10)
1. a kind of system start method, which is characterized in that the described method includes:
During system starts and runs, encrypted system image file is obtained;
The encrypted system image file is decrypted, the system image file and system image text of decryption are obtained
The image file of part is signed;
To verifying for image file signature;
Determining when being verified of the image file signature, starting runs the system image file of the decryption.
2. a kind of system start method according to claim 1, which is characterized in that the image file of acquisition, which is signed, is
The authentication document comprising image file signature is obtained, to verifying for image file signature, comprising:
According to first key, the first verifying is carried out to the authentication document signature in the authentication document;
When determining that described first is verified, the second key in the authentication document is obtained;
According to second key, the carry out second of image file signature is verified.
3. a kind of system start method according to claim 1 or 2, which is characterized in that obtaining encrypted system mirror
Before picture file, the method also includes:
Using the root public key being stored in One Time Programmable, the signature of bootstrap loader needed for system starting is tested
Card;
When determining that the signature verification of the bootstrap loader passes through, based on the bootstrap loader is run, step is executed:
Obtain encrypted system image file.
4. a kind of system start method according to claim 1, which is characterized in that the image file sign into
After row verifying, the method also includes:
Obstructed out-of-date in the verifying for determining the image file signature, starting operation is stored in Erasable Programmable Read Only Memory EPROM
In backup system image file, and the unacceptable information of verifying that the image file is signed is sent to server.
5. a kind of system starting device, which is characterized in that described device includes:
File obtains module, for obtaining encrypted system image file during system starts and runs;
File decryption module obtains the system image text of decryption for the encrypted system image file to be decrypted
The image file of part and system image file signature;
File verification module is verified for what is signed to the image file;
Running paper module, for determining when being verified of the image file signature, what starting ran the decryption is
System image file.
6. a kind of system starting device according to claim 5, which is characterized in that the image file of acquisition, which is signed, is
The authentication document comprising image file signature is obtained,
The file verification module, is also used to according to first key, carries out the to the authentication document signature in the authentication document
One verifying;When determining that described first is verified, the second key in the authentication document is obtained;It is close according to described second
Key verifies the carry out second of image file signature.
7. a kind of system starting device according to claim 5 or 6, which is characterized in that
The file obtains module, is also used to using the root public key being stored in One Time Programmable, to needed for system starting
The signature of bootstrap loader is verified;When determining that the signature verification of the bootstrap loader passes through, based on operation institute
Bootstrap loader is stated, step is executed: obtaining encrypted system image file.
8. a kind of system starting device according to claim 5, which is characterized in that described device further include:
Backup starting module, for obstructed out-of-date in the verifying for determining the image file signature, starting operation is stored in erasable
Except the system image file of the backup in programmable read only memory, and the unacceptable letter of verifying that the image file is signed
Breath is sent to server.
9. a kind of electronic equipment, which is characterized in that the electronic equipment includes: processor, memory, bus and communication interface;
The processor, the communication interface and the memory are connected by the bus;
The memory, for storing program;
The processor, for by calling the described program of storage in the memory to appoint to execute claim 1-4 such as
System start method described in one claim.
10. a kind of computer readable storage medium, which is characterized in that be stored with computer on the computer readable storage medium
Program executes the system start method as described in any claim of claim 1-4 when the computer program is run by computer.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910018421.XA CN109766134A (en) | 2019-01-08 | 2019-01-08 | System start method, device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910018421.XA CN109766134A (en) | 2019-01-08 | 2019-01-08 | System start method, device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109766134A true CN109766134A (en) | 2019-05-17 |
Family
ID=66453530
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910018421.XA Pending CN109766134A (en) | 2019-01-08 | 2019-01-08 | System start method, device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109766134A (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110677418A (en) * | 2019-09-29 | 2020-01-10 | 四川虹微技术有限公司 | Trusted voiceprint authentication method and device, electronic equipment and storage medium |
| CN110990084A (en) * | 2019-12-20 | 2020-04-10 | 紫光展讯通信(惠州)有限公司 | Chip secure starting method and device, storage medium and terminal |
| CN111327429A (en) * | 2020-02-25 | 2020-06-23 | 杭州海康威视数字技术股份有限公司 | Terminal starting processing method and device |
| CN112099855A (en) * | 2020-08-05 | 2020-12-18 | 联想(北京)有限公司 | Information processing method, electronic equipment and computer storage medium |
| CN112256338A (en) * | 2020-10-27 | 2021-01-22 | 记忆科技(深圳)有限公司 | SOC starting method and device, computer equipment and storage medium |
| CN112379898A (en) * | 2020-12-01 | 2021-02-19 | 上海爱信诺航芯电子科技有限公司 | Software safety starting method and system for V2X equipment |
| CN112463224A (en) * | 2020-11-11 | 2021-03-09 | 苏州浪潮智能科技有限公司 | System start control method, device, equipment and readable storage medium |
| CN112632562A (en) * | 2020-12-28 | 2021-04-09 | 四川虹微技术有限公司 | Equipment starting method, equipment management method and embedded equipment |
| CN114816549A (en) * | 2022-05-27 | 2022-07-29 | 国网电力科学研究院有限公司 | Method and system for protecting bootloader and environment variable thereof |
| CN116405316A (en) * | 2023-05-26 | 2023-07-07 | 苏州浪潮智能科技有限公司 | Method, device, equipment, medium and special machine management system for starting special machine |
| WO2024045828A1 (en) * | 2022-08-27 | 2024-03-07 | 华为技术有限公司 | Operating system secure boot method, operating system installation method, and related apparatus |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101196839A (en) * | 2006-12-06 | 2008-06-11 | 英业达股份有限公司 | Data renovation and synchronization process of double-flash read-only memory |
| CN102594568A (en) * | 2012-03-23 | 2012-07-18 | 南京小网科技有限责任公司 | Method for ensuring safety of mobile equipment software mirror image based on multilevel digital certificate |
| CN105989306A (en) * | 2015-02-13 | 2016-10-05 | 中兴通讯股份有限公司 | File signature method and device of operating system and file verification method and device of operating system |
| CN106295318A (en) * | 2015-06-05 | 2017-01-04 | 北京壹人壹本信息科技有限公司 | A kind of system start-up bootstrap technique and device |
| CN108491229A (en) * | 2018-02-01 | 2018-09-04 | 烽火通信科技股份有限公司 | A kind of method that Femtocell equipment safeties start |
| CN108604263A (en) * | 2016-02-10 | 2018-09-28 | 思科技术公司 | The executable mirror image of dual signature for the integrality that client provides |
| CN108647119A (en) * | 2018-05-16 | 2018-10-12 | 杭州海兴电力科技股份有限公司 | The startup method, apparatus and equipment of linux system |
-
2019
- 2019-01-08 CN CN201910018421.XA patent/CN109766134A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101196839A (en) * | 2006-12-06 | 2008-06-11 | 英业达股份有限公司 | Data renovation and synchronization process of double-flash read-only memory |
| CN102594568A (en) * | 2012-03-23 | 2012-07-18 | 南京小网科技有限责任公司 | Method for ensuring safety of mobile equipment software mirror image based on multilevel digital certificate |
| CN105989306A (en) * | 2015-02-13 | 2016-10-05 | 中兴通讯股份有限公司 | File signature method and device of operating system and file verification method and device of operating system |
| CN106295318A (en) * | 2015-06-05 | 2017-01-04 | 北京壹人壹本信息科技有限公司 | A kind of system start-up bootstrap technique and device |
| CN108604263A (en) * | 2016-02-10 | 2018-09-28 | 思科技术公司 | The executable mirror image of dual signature for the integrality that client provides |
| CN108491229A (en) * | 2018-02-01 | 2018-09-04 | 烽火通信科技股份有限公司 | A kind of method that Femtocell equipment safeties start |
| CN108647119A (en) * | 2018-05-16 | 2018-10-12 | 杭州海兴电力科技股份有限公司 | The startup method, apparatus and equipment of linux system |
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110677418B (en) * | 2019-09-29 | 2021-11-19 | 四川虹微技术有限公司 | Trusted voiceprint authentication method and device, electronic equipment and storage medium |
| CN110677418A (en) * | 2019-09-29 | 2020-01-10 | 四川虹微技术有限公司 | Trusted voiceprint authentication method and device, electronic equipment and storage medium |
| CN110990084B (en) * | 2019-12-20 | 2023-01-24 | 紫光展讯通信(惠州)有限公司 | Chip secure starting method and device, storage medium and terminal |
| CN110990084A (en) * | 2019-12-20 | 2020-04-10 | 紫光展讯通信(惠州)有限公司 | Chip secure starting method and device, storage medium and terminal |
| CN111327429A (en) * | 2020-02-25 | 2020-06-23 | 杭州海康威视数字技术股份有限公司 | Terminal starting processing method and device |
| CN112099855A (en) * | 2020-08-05 | 2020-12-18 | 联想(北京)有限公司 | Information processing method, electronic equipment and computer storage medium |
| CN112099855B (en) * | 2020-08-05 | 2022-01-14 | 联想(北京)有限公司 | Information processing method, electronic equipment and computer storage medium |
| CN112256338A (en) * | 2020-10-27 | 2021-01-22 | 记忆科技(深圳)有限公司 | SOC starting method and device, computer equipment and storage medium |
| CN112256338B (en) * | 2020-10-27 | 2023-12-05 | 记忆科技(深圳)有限公司 | SOC starting method and device, computer equipment and storage medium |
| CN112463224A (en) * | 2020-11-11 | 2021-03-09 | 苏州浪潮智能科技有限公司 | System start control method, device, equipment and readable storage medium |
| CN112379898B (en) * | 2020-12-01 | 2022-08-09 | 上海爱信诺航芯电子科技有限公司 | Software safety starting method and system for V2X equipment |
| CN112379898A (en) * | 2020-12-01 | 2021-02-19 | 上海爱信诺航芯电子科技有限公司 | Software safety starting method and system for V2X equipment |
| CN112632562A (en) * | 2020-12-28 | 2021-04-09 | 四川虹微技术有限公司 | Equipment starting method, equipment management method and embedded equipment |
| CN112632562B (en) * | 2020-12-28 | 2024-01-26 | 四川虹微技术有限公司 | Device starting method, device management method and embedded device |
| CN114816549A (en) * | 2022-05-27 | 2022-07-29 | 国网电力科学研究院有限公司 | Method and system for protecting bootloader and environment variable thereof |
| CN114816549B (en) * | 2022-05-27 | 2024-04-02 | 国网电力科学研究院有限公司 | Method and system for protecting bootloader and environment variable thereof |
| WO2024045828A1 (en) * | 2022-08-27 | 2024-03-07 | 华为技术有限公司 | Operating system secure boot method, operating system installation method, and related apparatus |
| CN116405316A (en) * | 2023-05-26 | 2023-07-07 | 苏州浪潮智能科技有限公司 | Method, device, equipment, medium and special machine management system for starting special machine |
| CN116405316B (en) * | 2023-05-26 | 2023-08-25 | 苏州浪潮智能科技有限公司 | Method, device, equipment, medium and special machine management system for starting special machine |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109766134A (en) | System start method, device, electronic equipment and storage medium | |
| US10790976B1 (en) | System and method of blockchain wallet recovery | |
| EP3229397B1 (en) | Method for fulfilling a cryptographic request requiring a value of a private key | |
| CN1985466B (en) | Method of delivering direct proof private keys in signed groups to devices using a distribution CD | |
| CN109714303A (en) | BIOS starts method and data processing method | |
| CN109710315A (en) | BIOS writes with a brush dipped in Chinese ink the processing method of method and BIOS image file | |
| CN110830242A (en) | Key generation and management method and server | |
| CN107196907A (en) | A kind of guard method of Android SO files and device | |
| CN113055380B (en) | Message processing method and device, electronic equipment and medium | |
| CN110929291A (en) | Method and device for accessing text file and computer readable storage medium | |
| CN107979599A (en) | Data Encrypting Transmission System | |
| CN111695097A (en) | Login checking method and device and computer readable storage medium | |
| CN114117376A (en) | Identity authentication method, method for distributing dynamic password and corresponding equipment | |
| CN111404892B (en) | Data supervision method and device and server | |
| US20070215693A1 (en) | Method and apparatus to provide authentication using an authentication card | |
| CN114553532A (en) | Data secure transmission method and device, electronic equipment and storage medium | |
| WO2019178981A1 (en) | Password management method and device employing customized rules, terminal apparatus, and storage medium | |
| CN111445250B (en) | Block chain key testing method and device | |
| CN110414269B (en) | Processing method, related device, storage medium and system of application installation package | |
| CN111127020A (en) | Transaction data confusion method based on block chain and related equipment | |
| CN114117388A (en) | Device registration method, device registration apparatus, electronic device, and storage medium | |
| CN111949996A (en) | Generation method, encryption method, system, device and medium of security private key | |
| CN106850609A (en) | The method of calibration and device of a kind of file | |
| CN110659900A (en) | Payment method without application, device, medium and electronic equipment | |
| CN117834137B (en) | Password card switching method, device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190517 |
|
| RJ01 | Rejection of invention patent application after publication |