CN110008724A - Solid-state hard disk controller method for secure loading, device and storage medium - Google Patents

Solid-state hard disk controller method for secure loading, device and storage medium Download PDF

Info

Publication number
CN110008724A
CN110008724A CN201910254911.XA CN201910254911A CN110008724A CN 110008724 A CN110008724 A CN 110008724A CN 201910254911 A CN201910254911 A CN 201910254911A CN 110008724 A CN110008724 A CN 110008724A
Authority
CN
China
Prior art keywords
key
bootloader
random
header
hard disk
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910254911.XA
Other languages
Chinese (zh)
Other versions
CN110008724B (en
Inventor
杨志佳
冯元元
周强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ramaxel Technology Shenzhen Co Ltd
Original Assignee
Ramaxel Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ramaxel Technology Shenzhen Co Ltd filed Critical Ramaxel Technology Shenzhen Co Ltd
Priority to CN201910254911.XA priority Critical patent/CN110008724B/en
Publication of CN110008724A publication Critical patent/CN110008724A/en
Application granted granted Critical
Publication of CN110008724B publication Critical patent/CN110008724B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/572Secure firmware programming, e.g. of basic input output system [BIOS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of solid-state hard disk controller method for secure loading, device and storage medium, method is the following steps are included: generate random number as random key;Existing fixed key is obtained, for adding solution/close header and random key;By fixed key and random key splicing composition integrity key, it to be used for enciphering/deciphering BootLoader;Fixed key and random key are stored separately the different location in solid state hard disk.The 256bit integrity key for being used for encryption and decryption BootLoader firmware is split into random key and fixed key by this programme, fixed key and random key are stored separately the different location in solid state hard disk, the difficulty for cracking and obtaining integrity key is improved, guarantees the safety of bootloader firmware.

Description

Solid-state hard disk controller method for secure loading, device and storage medium
Technical field
The present invention relates to solid state hard disk firmware encrypting field, especially relate to a kind of solid-state hard disk controller safely plus Support method, device and storage medium.
Background technique
The key component of solid state hard disk is the memory of solid-state hard disk controller and storing data, solid-state hard disk controller, also Claim main control chip or master control, is one of key component of solid state hard disk.
Currently, the mode that solid-state hard disk controller is safely loaded with is that key needed for load Bootloader is stored in firmware In file Header.Specifically, after chip powers on, bootrom usually using AES 256bit enciphering and deciphering algorithm to firmware into It is run after row decryption, the key of required AES is stored in the header of Bootloader firmware.Since key is stored in In Header, lawless people can disassemble the Flash chip in solid state hard disk by violence, read out the firmware in Flash Information can parse key since the method header is plaintext from header, reuse what the key pair was read Firmware is decrypted, and can obtain the firmware code of plaintext, and firmware safety is low.
There are more defects for existing technical solution, be easy to cause the loss of key, and the safety of firmware is unable to get guarantor Barrier.It is therefore desirable to propose a kind of solid-state hard disk controller method for secure loading, device and storage medium.
Summary of the invention
In order to solve the defect of the above-mentioned prior art, the object of the present invention is to provide a kind of solid-state hard disk controllers to add safely Support method, device and storage medium.
In order to achieve the above objectives, the technical scheme is that
A kind of solid-state hard disk controller method for secure loading, comprising the following steps:
Random number is generated as random key;
Existing fixed key is obtained, for adding solution/close header and random key;
By fixed key and random key splicing composition integrity key, it to be used for enciphering/deciphering BootLoader;
Fixed key and random key are stored separately the different location in solid state hard disk.
Further, the generation random number is as random key step, including,
The random number for generating 128bit size at random by strapping tool, as random key.
Further, described by fixed key and random key splicing composition integrity key step, including,
By the random key of the fixed key of 128bit and 128bit splice composition 256bit integrity key, for pair BootLoader firmware carries out AES256 encryption.
Further, described that fixed key and random key are stored separately step, including,
Fixed key is stored in the EFUSE of solid state hard disk;
Random key is stored in the header of BootLoader firmware.
Further, it is described by fixed key and random key splicing composition integrity key step after, further include encryption Process and decrypting process,
Ciphering process the following steps are included:
Header and random key are encrypted using fixed key, generates ciphertext header;
BootLoader is encrypted using integrity key, generates ciphertext BootLoader;
Ciphertext header and ciphertext BootLoader splicing is formed into complete BootLoader firmware, and Flash is written In;
Decrypting process the following steps are included:
Encrypted BootLoader firmware is read, obtains ciphertext header and ciphertext BootLoader respectively;
Fixed key is read, and ciphertext header is decrypted, obtains plaintext header;
It parses plaintext header and obtains random key;
Splice random key and fixed key to obtain integrity key;
Ciphertext BootLoader is decrypted using integrity key, obtains plaintext BootLoader.
The present invention also proposes that a kind of solid-state hard disk controller is safely loaded with device, comprising:
Key generating unit, for generating random number as random key;
Key acquiring unit, for obtaining existing fixed key, for adding solution/close header and random key;
Key concatenation unit, for being used for enciphering/deciphering for fixed key and random key splicing composition integrity key BootLoader;
Key storing unit, for fixed key and random key to be stored separately the different location in solid state hard disk.
Further, the Key generating unit includes generation module, for generating 128bit at random by strapping tool The random number of size, as random key;
The key concatenation unit includes splicing module, for by the fixed key of 128bit and 128bit with secret The integrity key of key splicing composition 256bit, for carrying out AES256 encryption to BootLoader firmware.
Further, the key storing unit includes the first memory module and the second memory module,
First memory module, for fixed key to be stored in the EFUSE of solid state hard disk;
Second memory module, for random key to be stored in the header of BootLoader firmware.
It further, further include encryption unit and decryption unit,
Encryption unit includes:
First encrypting module, for generating ciphertext header using fixed key encryption header and random key;
Second encrypting module generates ciphertext BootLoader for encrypting BootLoader using integrity key;
Firmware splicing module, for ciphertext header and ciphertext BootLoader splicing composition is complete BootLoader firmware, and be written in Flash;
Decryption unit includes:
Firmware read module obtains ciphertext header and ciphertext for reading encrypted BootLoader firmware respectively BootLoader;
First deciphering module is decrypted for reading fixed key, and to ciphertext header, obtains plaintext header;
Parsing module obtains random key for parsing plaintext header;
Key splicing module, for splicing random key and fixed key to obtain integrity key;
Second deciphering module is obtained in plain text for ciphertext BootLoader to be decrypted using integrity key BootLoader。
The present invention also proposes a kind of non-transitorycomputer readable storage medium, is stored thereon with computer program, the journey As above described in any item solid-state hard disk controller method for secure loading are realized when sequence is executed by processor.
The beneficial effects of the present invention are: this programme tears the 256bit integrity key for being used for encryption and decryption BootLoader firmware open It is divided into random key and fixed key, fixed key and random key is stored separately the different location in solid state hard disk, improves The difficulty for obtaining integrity key is cracked, guarantees the safety of bootloader firmware.
Detailed description of the invention
Fig. 1 is a kind of method flow diagram of solid-state hard disk controller method for secure loading of the present invention;
Fig. 2 is the method that fixed key and random key are stored separately the different location step in solid state hard disk by the present invention Flow chart;
Fig. 3 is the method flow diagram of BootLoader firmware encrypting process of the present invention;
Fig. 4 is the method flow diagram of BootLoader firmware decrypting process of the present invention;
Fig. 5 is a kind of implementation flow chart of solid-state hard disk controller method for secure loading of a specific embodiment of the invention;
Fig. 6 is the structural principle block diagram that a kind of solid-state hard disk controller of the present invention is safely loaded with device;
Fig. 7 is the structural block diagram of Key generating unit of the present invention;
Fig. 8 is the structural block diagram of key concatenation unit of the present invention;
Fig. 9 is the structural block diagram of key storing unit of the present invention;
Figure 10 is the structural block diagram of encryption unit of the present invention;
Figure 11 is the structural block diagram of decryption unit of the present invention.
Specific embodiment
To illustrate thought and purpose of the invention, the present invention is done further below in conjunction with the drawings and specific embodiments Explanation.
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiment is only a part of the embodiments of the present invention, instead of all the embodiments.Base Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts it is all its His embodiment, shall fall within the protection scope of the present invention.
It is to be appreciated that the directional instruction (up, down, left, right, before and after etc.) of institute is only used in the embodiment of the present invention It explains in relative positional relationship, the motion conditions etc. under a certain particular pose (as shown in the picture) between each component, if the spy When determining posture and changing, then directionality instruction also correspondingly changes correspondingly, and the connection, which can be, to be directly connected to, can also To be to be indirectly connected with.
In addition, the description for being such as related to " first ", " second " in the present invention is used for description purposes only, and should not be understood as Its relative importance of indication or suggestion or the quantity for implicitly indicating indicated technical characteristic.Define as a result, " first ", " Second " feature can explicitly or implicitly include at least one of the features.In addition, the technical solution between each embodiment It can be combined with each other, but must be based on can be realized by those of ordinary skill in the art, when the combination of technical solution goes out Existing conflicting or cannot achieve when, will be understood that the combination of this technical solution is not present, also not the present invention claims protection Within the scope of.
Unless otherwise instructed, herein "/" represent meaning as " or ".
English abbreviation herein is explained as follows:
Bootrom: being solidificated in microcontroller, the code worked normally for chip.
A kind of AES: advanced symmetric encipherment algorithm.
A kind of Flash: non-volatile memory.
Bootloader: for loading the load engineering of solid state hard disk total system firmware.
The header file of Header:Bootloader, the relevant information comprising Bootloader.
A kind of EFUSE: disposable programmable memory.
SSD: solid state hard disk.
Referring to Fig.1-5, an of the invention specific embodiment proposes a kind of solid-state hard disk controller method for secure loading, including with Lower step:
S10, random number is generated as random key.
S20, existing fixed key is obtained, for adding solution/close header and random key.
S30, fixed key and random key splicing are formed into integrity key, is used for enciphering/deciphering BootLoader.
S40, fixed key and random key are stored separately the different location in solid state hard disk.
In existing scheme, the mode that solid-state hard disk controller is safely loaded with is 256bit needed for loading Bootloader Key be stored in firmware file Header.Detailed process is, after chip powers on, bootrom uses AES 256bit Enciphering and deciphering algorithm runs BootLoader after firmware is decrypted, required key is stored in the header of Bootloader firmware In.Since key is stored in header, lawless people can disassemble the Flash chip in solid state hard disk by violence, read The firmware information in Flash is taken out, since in prior art, header is plaintext, the personnel of cracking can be from header In parse key, reuse the firmware that the key pair is read and be decrypted, can obtain the firmware code of plaintext, firmware peace Full property is low.
For step S10, the 256bit key that this programme uses is by 128bit random key and 128bit fixed key group At.Wherein, random key is obtained by generating random number, and the random key that different ssd are used is entirely different, also, with secret Key is stored in the header of BootLoader firmware, and random key deposits in the header of firmware after generating and encrypt at random In, it can not be directly obtained according to regular or Brute Force, the key of 256bit is split into random key and fixed key And storage is separated, it reduces the other Brute Force of key and obtains possibility, improve the safety of encrypted firmware.
Specifically, step S10 includes: S11, the random number for generating by strapping tool 128bit size at random, as with Secret key.
Different from random key for step S20, solid-state key is correspondingly arranged with ssd, and is changeless random The fixed key of number, different SSD is different, is stored in EFUSE, separately stores with random key, and can be used for will be with secret Key encryption is stored in the header of BootLoader firmware, and the key of 256bit is split into random key and fixed key simultaneously Separately storage reduces the other Brute Force of key and obtains possibility, improves the safety of encrypted firmware.
Step S30, integrity key 256bit can be used for encrypting BootLoader, by 128bit with secret Key and fixed key are spliced, and relative to the key of existing 256bit, to get integrity key, then need to obtain simultaneously To fixed key and random key, and fixed key is deposited in EFUSE by this embodiment scheme, by random key fixed key It is stored after encryption as the ciphertext header of firmware, improves the acquisition difficulty of random key and then fixed key, and further The difficulty for cracking and obtaining integrity key is improved, the safety of firmware is protected.
Specifically, step S30 include: S31, by the random key of the fixed key of 128bit and 128bit splice form The integrity key of 256bit, for carrying out AES256 encryption to BootLoader firmware.
For step S40, fixed key and random key are being stored separately the different location in solid state hard disk.Specifically , fixed key is deposited in EFUSE by this embodiment scheme, as the ciphertext of firmware after using fixed key to encrypt random key Header storage, third party need while cracking EFUSE and ciphertext header that integrity key can be got, and improve random The acquisition difficulty of key and then fixed key, and the difficulty for cracking and obtaining integrity key is further improved, protect firmware Safety.
It should be noted that fixed key is deposited in EFUSE here, after using fixed key to encrypt random key as The ciphertext header storage of firmware is only a kind of separately location mode of the invention, is also possible to deposit in other different independences In storage medium.
Specifically, with reference to Fig. 2, step S40 includes:
S41, fixed key is stored in the EFUSE of solid state hard disk.
S42, random key is stored in the header of BootLoader firmware.
Specifically, further including ciphering process and decrypting process after step S40 with reference to Fig. 3 and 4.
Referring to Fig. 3, the ciphering process of BootLoader firmware the following steps are included:
S51, header and random key are encrypted using fixed key, generates ciphertext header.
S52, BootLoader is encrypted using integrity key, generates ciphertext BootLoader.
S53, ciphertext header and ciphertext BootLoader splicing is formed into complete BootLoader firmware, and be written In Flash.
For step S51-S53, to use spliced integrity key to encrypt the process of BootLoader firmware, wherein with Secret key is encrypted by fixed key, and the ciphertext header as firmware is saved together with ciphertext BootLoader.Make Header and random key are encrypted with fixed key, generates ciphertext header, and encrypt BootLoader using integrity key, it is raw At ciphertext BootLoader, ciphertext header and ciphertext BootLoader splicing is finally formed into complete BootLoader and is consolidated Part, write-in Flash are saved, are improved the Information Security of BootLoader firmware, improve and crack difficulty.
Referring to Fig. 4, the decrypting process of BootLoader firmware the following steps are included:
S61, encrypted BootLoader firmware is read, obtains ciphertext header and ciphertext BootLoader respectively.
S62, fixed key is read, and ciphertext header is decrypted, obtain plaintext header.
S63, parsing plaintext header obtain random key.
S64, splice random key and fixed key to obtain integrity key.
S65, acquisition plaintext BootLoader is decrypted to ciphertext BootLoader using integrity key.
For step S61-S65, encrypted BootLoader firmware is by ciphertext header and ciphertext BootLoader two Part forms, and includes random key in ciphertext header, needs first to be decrypted acquisition random key by fixed key, then sharp again With the random key and fixed key splicing composition integrity key after decryption, acquisition is decrypted in plain text to ciphertext BootLoader Operation pointer is finally jumped to the base address of Bootloader by BootLoader by Bootrom, runs Bootloader, complete At the load of BootLoader.
It is a kind of specific embodiment of solid-state hard disk controller method for secure loading of the present invention with reference to Fig. 5, specific as follows:
Firmware encrypting process description is as follows:
1. strapping tool generates 128bit random number at random, as random key KEY4.
2. the random key KEY4 generated in 128bit fixed key KEY3 and process 1 is spliced the complete of composition 256bit Key KEY5.
3. carrying out the header that AES128 encryption generates ciphertext to Header using fixed key KEY3.
4. the integrity key KEY5 in process for using 2 carries out AES256 encryption to Bootloader, ciphertext is generated Bootloader。
5. the ciphertext Bootloader splicing composition in the ciphertext header and process 4 in process 3 is complete Bootloader firmware.
6. by Bootloader firmware programming into Flash.
It is as follows that firmware decrypts process description:
1. chip powers on, Bootrom operation.
2.Bootrom read from Flash encryption BootLoader firmware, obtain encryption header and bootloader。
3. reading the fixed key KEY3 of 128bit from EFUSE, the ciphertext obtained in the key pair process 2 is used Header is decrypted, and obtains plaintext header.
4. parsing plaintext header, the random key KEY4 of 128bit is obtained.
5. splicing the random key KEY4 in the fixed key KEY3 and process 4 in process 3, the AES for forming 256bit is close Key KEY5.
6. carrying out AES decryption to the ciphertext bootloader obtained in process 2 using integrity key KEY5, obtain in plain text bootloader。
7.Bootrom jumps to the base address of Bootloader by pointer is run, and runs Bootloader.
Specifically, the 256bit integrity key for being used for encryption and decryption BootLoader firmware is split into random key by this programme And fixed key, fixed key and random key are stored separately the different location in solid state hard disk, it is complete that raising cracks acquisition The difficulty of key guarantees the safety of bootloader firmware.
With reference to Fig. 6-11, another embodiment of the present invention also proposes that a kind of solid-state hard disk controller is safely loaded with device, comprising:
Key generating unit 10, for generating random number as random key.
Key acquiring unit 20, for obtaining existing fixed key, for adding solution/close header and random key.
Key concatenation unit 30, for being used for enciphering/deciphering for fixed key and random key splicing composition integrity key BootLoader。
Key storing unit 40, for fixed key and random key to be stored separately the different location in solid state hard disk.
In existing scheme, the mode that solid-state hard disk controller is safely loaded with is 256bit needed for loading Bootloader Key be stored in firmware file Header.Detailed process is, after chip powers on, bootrom uses AES 256bit Enciphering and deciphering algorithm runs BootLoader after firmware is decrypted, required key is stored in the header of Bootloader firmware In.Since key is stored in header, lawless people can disassemble the Flash chip in solid state hard disk by violence, read The firmware information in Flash is taken out, since in prior art, header is plaintext, the personnel of cracking can be from header In parse key, reuse the firmware that the key pair is read and be decrypted, can obtain the firmware code of plaintext, firmware peace Full property is low.
For Key generating unit 10, the 256bit key that this programme uses is consolidated by 128bit random key and 128bit Determine key composition.Wherein, random key is obtained by generating random number, and the random key that different ssd are used is entirely different, and And random key is stored in the header of BootLoader firmware, random key deposits in firmware after generating and encrypt at random Header in, can not be directly obtained according to regular or Brute Force, by the key of 256bit split into random key and Fixed key simultaneously separates storage, reduces the other Brute Force of key and obtains possibility, improves the safety of encrypted firmware.
With reference to Fig. 7, Key generating unit 10 includes generation module 11, big for generating 128bit at random by strapping tool Small random number, as random key.
Different from random key for key acquiring unit 20, solid-state key is correspondingly arranged with ssd, and to immobilize Random number, the fixed key of different SSD is different, be stored in EFUSE, separately stored with random key, and can be used for by Random key encryption is stored in the header of BootLoader firmware, and the key of 256bit is split into random key and is consolidated Determine key and separate storage, reduces the other Brute Force of key and obtain possibility, improve the safety of encrypted firmware.
For key concatenation unit 30, integrity key 256bit can be used for encrypting BootLoader, by 128bit's Random key and fixed key are spliced, and relative to the key of existing 256bit, to get integrity key, then need same When get fixed key and random key, and fixed key is deposited in EFUSE by this embodiment scheme, by random key with solid Determine the ciphertext header after key encrypts as firmware to store, improves the acquisition difficulty of random key and then fixed key, and The difficulty for cracking and obtaining integrity key is further improved, the safety of firmware is protected.
With reference to Fig. 8, key concatenation unit 30 includes splicing module 31, for by the fixed key of 128bit and 128bit The integrity key of random key splicing composition 256bit, for carrying out AES256 encryption to BootLoader firmware.
For key storing unit 40, fixed key and random key are being stored separately in solid state hard disk different positions It sets.Specifically, fixed key is deposited in EFUSE by this embodiment scheme, as solid after using fixed key to encrypt random key The ciphertext header of part is stored, and third party needs while cracking EFUSE and ciphertext header that integrity key can be got, The acquisition difficulty of random key and then fixed key is improved, and further improves the difficulty for cracking and obtaining integrity key, is protected The safety of firmware is protected.
It should be noted that fixed key is deposited in EFUSE here, after using fixed key to encrypt random key as The ciphertext header storage of firmware is only a kind of separately location mode of the invention, is also possible to deposit in other different independences In storage medium.
With reference to Fig. 9, key storing unit 40 includes the first memory module 41 and the second memory module 42.
First memory module 41, for fixed key to be stored in the EFUSE of solid state hard disk.
Second memory module 42, for random key to be stored in the header of BootLoader firmware.
With reference to Fig. 6, it further includes that encryption unit 50 and decryption are single that a kind of solid-state hard disk controller of the present invention, which is safely loaded with device, Member 60.
Referring to Fig.1 0, wherein encryption unit 50 includes:
First encrypting module 51, for generating ciphertext header using fixed key encryption header and random key.
Second encrypting module 52 generates ciphertext BootLoader for encrypting BootLoader using integrity key.
Firmware splicing module 53, for ciphertext header and ciphertext BootLoader splicing composition is complete BootLoader firmware, and be written in Flash.
Referring to Fig.1 1, wherein decryption unit 60 includes:
Firmware read module 61 obtains ciphertext header and close for reading encrypted BootLoader firmware respectively Literary BootLoader.
First deciphering module 62 is decrypted for reading fixed key, and to ciphertext header, obtains in plain text header。
Parsing module 63 obtains random key for parsing plaintext header.
Key splicing module 64, for splicing random key and fixed key to obtain integrity key.
Second deciphering module 65 is obtained in plain text for ciphertext BootLoader to be decrypted using integrity key BootLoader。
For encryption unit 50, BootLoader firmware is encrypted using spliced integrity key, wherein random key is logical It crosses fixed key to be encrypted, and the ciphertext header as firmware is saved together with ciphertext BootLoader.It is close using fixation Key encrypts header and random key, generates ciphertext header, and encrypt BootLoader using integrity key, generates ciphertext Ciphertext header and ciphertext BootLoader splicing is finally formed complete BootLoader firmware, write-in by BootLoader Flash is saved, and is improved the Information Security of BootLoader firmware, is improved and crack difficulty.
For decryption unit 60, encrypted BootLoader firmware is by ciphertext header and ciphertext BootLoader two Part forms, and includes random key in ciphertext header, needs first to be decrypted acquisition random key by fixed key, then sharp again With the random key and fixed key splicing composition integrity key after decryption, acquisition is decrypted in plain text to ciphertext BootLoader Operation pointer is finally jumped to the base address of Bootloader by BootLoader by Bootrom, runs Bootloader, complete At the load of BootLoader.
The 256bit integrity key for being used for encryption and decryption BootLoader firmware is split into random key and fixation by this programme Fixed key and random key are stored separately the different location in solid state hard disk by key, are improved and are cracked acquisition integrity key Difficulty guarantees the safety of bootloader firmware.
The present invention also proposes a kind of non-transitorycomputer readable storage medium, is stored thereon with computer program, the journey Solid-state hard disk controller method for secure loading as above is realized when sequence is executed by processor.The storage medium can be aforementioned clothes The internal storage unit of business device, such as the hard disk or memory of server.The storage medium is also possible to the outside of the equipment The plug-in type hard disk being equipped in storage equipment, such as the equipment, intelligent memory card (Smart Media Card, SMC), safety Digital (Secure Digital, SD) card, flash card (Flash Card) etc..Further, the storage medium can also be both Internal storage unit including the equipment also includes External memory equipment.
The above description is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all utilizations Equivalent structure or equivalent flow shift made by description of the invention and accompanying drawing content is applied directly or indirectly in other correlations Technical field, be included within the scope of the present invention.

Claims (10)

1. a kind of solid-state hard disk controller method for secure loading, which comprises the following steps:
Random number is generated as random key;
Existing fixed key is obtained, for adding solution/close header and random key;
By fixed key and random key splicing composition integrity key, it to be used for enciphering/deciphering BootLoader;
Fixed key and random key are stored separately the different location in solid state hard disk.
2. solid-state hard disk controller method for secure loading as described in claim 1, which is characterized in that the generation random number is made For random key step, including,
The random number for generating 128bit size at random by strapping tool, as random key.
3. solid-state hard disk controller method for secure loading as claimed in claim 2, which is characterized in that it is described by fixed key with Random key splicing composition integrity key step, including,
By the random key of the fixed key of 128bit and 128bit splice composition 256bit integrity key, for pair BootLoader firmware carries out AES256 encryption.
4. solid-state hard disk controller method for secure loading as described in claim 1, which is characterized in that it is described by fixed key and Random key is stored separately step, including,
Fixed key is stored in the EFUSE of solid state hard disk;
Random key is stored in the header of BootLoader firmware.
5. solid-state hard disk controller method for secure loading as described in claim 1, which is characterized in that it is described by fixed key with It further include ciphering process and decrypting process after random key splicing composition integrity key step,
Ciphering process the following steps are included:
Header and random key are encrypted using fixed key, generates ciphertext header;
BootLoader is encrypted using integrity key, generates ciphertext BootLoader;
Ciphertext header and ciphertext BootLoader splicing is formed into complete BootLoader firmware, and is written in Flash;
Decrypting process the following steps are included:
Encrypted BootLoader firmware is read, obtains ciphertext header and ciphertext BootLoader respectively;
Fixed key is read, and ciphertext header is decrypted, obtains plaintext header;
It parses plaintext header and obtains random key;
Splice random key and fixed key to obtain integrity key;
Ciphertext BootLoader is decrypted using integrity key, obtains plaintext BootLoader.
6. a kind of solid-state hard disk controller is safely loaded with device characterized by comprising
Key generating unit, for generating random number as random key;
Key acquiring unit, for obtaining existing fixed key, for adding solution/close header and random key;
Key concatenation unit, for being used for enciphering/deciphering for fixed key and random key splicing composition integrity key BootLoader;
Key storing unit, for fixed key and random key to be stored separately the different location in solid state hard disk.
7. solid-state hard disk controller as claimed in claim 6 is safely loaded with device, which is characterized in that the Key generating unit Including generation module, for generating the random number of 128bit size at random by strapping tool, as random key;
The key concatenation unit includes splicing module, for splicing the random key of the fixed key of 128bit and 128bit The integrity key for forming 256bit, for carrying out AES256 encryption to BootLoader firmware.
8. solid-state hard disk controller as claimed in claim 6 is safely loaded with device, which is characterized in that the key storing unit Including the first memory module and the second memory module,
First memory module, for fixed key to be stored in the EFUSE of solid state hard disk;
Second memory module, for random key to be stored in the header of BootLoader firmware.
9. solid-state hard disk controller as claimed in claim 6 is safely loaded with device, which is characterized in that further include encryption unit and Decryption unit,
Encryption unit includes:
First encrypting module, for generating ciphertext header using fixed key encryption header and random key;
Second encrypting module generates ciphertext BootLoader for encrypting BootLoader using integrity key;
Firmware splicing module is consolidated for ciphertext header and ciphertext BootLoader splicing to be formed complete BootLoader Part, and be written in Flash;
Decryption unit includes:
Firmware read module obtains ciphertext header and ciphertext for reading encrypted BootLoader firmware respectively BootLoader;
First deciphering module is decrypted for reading fixed key, and to ciphertext header, obtains plaintext header;
Parsing module obtains random key for parsing plaintext header;
Key splicing module, for splicing random key and fixed key to obtain integrity key;
Second deciphering module obtains plaintext BootLoader for ciphertext BootLoader to be decrypted using integrity key.
10. a kind of non-transitorycomputer readable storage medium, is stored thereon with computer program, which is characterized in that the program Solid-state hard disk controller method for secure loading according to any one of claims 1 to 5 is realized when being executed by processor.
CN201910254911.XA 2019-03-29 2019-03-29 Solid state hard disk controller safe loading method and device and storage medium Active CN110008724B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910254911.XA CN110008724B (en) 2019-03-29 2019-03-29 Solid state hard disk controller safe loading method and device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910254911.XA CN110008724B (en) 2019-03-29 2019-03-29 Solid state hard disk controller safe loading method and device and storage medium

Publications (2)

Publication Number Publication Date
CN110008724A true CN110008724A (en) 2019-07-12
CN110008724B CN110008724B (en) 2023-03-21

Family

ID=67169141

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910254911.XA Active CN110008724B (en) 2019-03-29 2019-03-29 Solid state hard disk controller safe loading method and device and storage medium

Country Status (1)

Country Link
CN (1) CN110008724B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112632562A (en) * 2020-12-28 2021-04-09 四川虹微技术有限公司 Equipment starting method, equipment management method and embedded equipment
CN115828287A (en) * 2023-01-10 2023-03-21 湖州丽天智能科技有限公司 Model encryption method, model decryption method, computer and integrated chip

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101295342A (en) * 2008-01-24 2008-10-29 清华大学 Magnetic disk enciphering and recovery method based on single file system
CN103051963A (en) * 2012-11-30 2013-04-17 北京视博数字电视科技有限公司 Safety control method of digital television terminal equipment
CN103914658A (en) * 2013-01-05 2014-07-09 展讯通信(上海)有限公司 Safe starting method of terminal equipment, and terminal equipment
CN106503494A (en) * 2016-11-05 2017-03-15 福建省北峰电讯科技有限公司 A kind of firmware protection location and guard method with flash memory microcontroller on piece
CN107294702A (en) * 2017-07-17 2017-10-24 四川长虹电器股份有限公司 Front-end code encryption method based on Hybrid APP unique characteristics
CN108762791A (en) * 2018-06-07 2018-11-06 深圳市元征科技股份有限公司 Firmware upgrade method and device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101295342A (en) * 2008-01-24 2008-10-29 清华大学 Magnetic disk enciphering and recovery method based on single file system
CN103051963A (en) * 2012-11-30 2013-04-17 北京视博数字电视科技有限公司 Safety control method of digital television terminal equipment
CN103914658A (en) * 2013-01-05 2014-07-09 展讯通信(上海)有限公司 Safe starting method of terminal equipment, and terminal equipment
CN106503494A (en) * 2016-11-05 2017-03-15 福建省北峰电讯科技有限公司 A kind of firmware protection location and guard method with flash memory microcontroller on piece
CN107294702A (en) * 2017-07-17 2017-10-24 四川长虹电器股份有限公司 Front-end code encryption method based on Hybrid APP unique characteristics
CN108762791A (en) * 2018-06-07 2018-11-06 深圳市元征科技股份有限公司 Firmware upgrade method and device

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112632562A (en) * 2020-12-28 2021-04-09 四川虹微技术有限公司 Equipment starting method, equipment management method and embedded equipment
CN112632562B (en) * 2020-12-28 2024-01-26 四川虹微技术有限公司 Device starting method, device management method and embedded device
CN115828287A (en) * 2023-01-10 2023-03-21 湖州丽天智能科技有限公司 Model encryption method, model decryption method, computer and integrated chip
CN115828287B (en) * 2023-01-10 2023-05-23 湖州丽天智能科技有限公司 Model encryption method, model decryption method, computer and integrated chip

Also Published As

Publication number Publication date
CN110008724B (en) 2023-03-21

Similar Documents

Publication Publication Date Title
ES2970201T3 (en) Personal identification system with contactless card
CN111723383B (en) Data storage and verification method and device
CN100464315C (en) Mobile memory divulgence protection method and system
CN109918925A (en) Date storage method, back end and storage medium
CN101149768B (en) Special processor software encryption and decryption method
CN1889426B (en) Method and system for realizing network safety storing and accessing
US20080297326A1 (en) Low Cost RFID Tag Security And Privacy System And Method
CN102138300A (en) Message authentication code pre-computation with applications to secure memory
US9215070B2 (en) Method for the cryptographic protection of an application
CN106682521B (en) File transparent encryption and decryption system and method based on driver layer
US20120284534A1 (en) Memory Device and Method for Accessing the Same
CN103914662A (en) Access control method and device of file encrypting system on the basis of partitions
EP2819057B1 (en) Data processing system, method of initializing a data processing system, and computer program product
CN104506504A (en) Security mechanism and security device for confidential information of card-free terminal
CN103544453A (en) USB (universal serial bus) KEY based virtual desktop file protection method and device
CN102799815B (en) A kind of method and apparatus of safe loading procedure storehouse
US8181869B2 (en) Method for customizing customer identifier
CN101770559A (en) Data protecting device and data protecting method
US20180123789A1 (en) Apparatus and method for generating a key in a programmable hardware module
CN110008724A (en) Solid-state hard disk controller method for secure loading, device and storage medium
US20170243006A1 (en) Secure provisioning of semiconductor chips in untrusted manufacturing factories
CN107992760B (en) Key writing method, device, equipment and storage medium
CN103177224A (en) Data protection method and device used for terminal external storage card
CN116366289B (en) Safety supervision method and device for remote sensing data of unmanned aerial vehicle
US9979541B2 (en) Content management system, host device and content key access method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant