CN110008724A - Solid-state hard disk controller method for secure loading, device and storage medium - Google Patents
Solid-state hard disk controller method for secure loading, device and storage medium Download PDFInfo
- Publication number
- CN110008724A CN110008724A CN201910254911.XA CN201910254911A CN110008724A CN 110008724 A CN110008724 A CN 110008724A CN 201910254911 A CN201910254911 A CN 201910254911A CN 110008724 A CN110008724 A CN 110008724A
- Authority
- CN
- China
- Prior art keywords
- key
- bootloader
- random
- header
- hard disk
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/572—Secure firmware programming, e.g. of basic input output system [BIOS]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of solid-state hard disk controller method for secure loading, device and storage medium, method is the following steps are included: generate random number as random key;Existing fixed key is obtained, for adding solution/close header and random key;By fixed key and random key splicing composition integrity key, it to be used for enciphering/deciphering BootLoader;Fixed key and random key are stored separately the different location in solid state hard disk.The 256bit integrity key for being used for encryption and decryption BootLoader firmware is split into random key and fixed key by this programme, fixed key and random key are stored separately the different location in solid state hard disk, the difficulty for cracking and obtaining integrity key is improved, guarantees the safety of bootloader firmware.
Description
Technical field
The present invention relates to solid state hard disk firmware encrypting field, especially relate to a kind of solid-state hard disk controller safely plus
Support method, device and storage medium.
Background technique
The key component of solid state hard disk is the memory of solid-state hard disk controller and storing data, solid-state hard disk controller, also
Claim main control chip or master control, is one of key component of solid state hard disk.
Currently, the mode that solid-state hard disk controller is safely loaded with is that key needed for load Bootloader is stored in firmware
In file Header.Specifically, after chip powers on, bootrom usually using AES 256bit enciphering and deciphering algorithm to firmware into
It is run after row decryption, the key of required AES is stored in the header of Bootloader firmware.Since key is stored in
In Header, lawless people can disassemble the Flash chip in solid state hard disk by violence, read out the firmware in Flash
Information can parse key since the method header is plaintext from header, reuse what the key pair was read
Firmware is decrypted, and can obtain the firmware code of plaintext, and firmware safety is low.
There are more defects for existing technical solution, be easy to cause the loss of key, and the safety of firmware is unable to get guarantor
Barrier.It is therefore desirable to propose a kind of solid-state hard disk controller method for secure loading, device and storage medium.
Summary of the invention
In order to solve the defect of the above-mentioned prior art, the object of the present invention is to provide a kind of solid-state hard disk controllers to add safely
Support method, device and storage medium.
In order to achieve the above objectives, the technical scheme is that
A kind of solid-state hard disk controller method for secure loading, comprising the following steps:
Random number is generated as random key;
Existing fixed key is obtained, for adding solution/close header and random key;
By fixed key and random key splicing composition integrity key, it to be used for enciphering/deciphering BootLoader;
Fixed key and random key are stored separately the different location in solid state hard disk.
Further, the generation random number is as random key step, including,
The random number for generating 128bit size at random by strapping tool, as random key.
Further, described by fixed key and random key splicing composition integrity key step, including,
By the random key of the fixed key of 128bit and 128bit splice composition 256bit integrity key, for pair
BootLoader firmware carries out AES256 encryption.
Further, described that fixed key and random key are stored separately step, including,
Fixed key is stored in the EFUSE of solid state hard disk;
Random key is stored in the header of BootLoader firmware.
Further, it is described by fixed key and random key splicing composition integrity key step after, further include encryption
Process and decrypting process,
Ciphering process the following steps are included:
Header and random key are encrypted using fixed key, generates ciphertext header;
BootLoader is encrypted using integrity key, generates ciphertext BootLoader;
Ciphertext header and ciphertext BootLoader splicing is formed into complete BootLoader firmware, and Flash is written
In;
Decrypting process the following steps are included:
Encrypted BootLoader firmware is read, obtains ciphertext header and ciphertext BootLoader respectively;
Fixed key is read, and ciphertext header is decrypted, obtains plaintext header;
It parses plaintext header and obtains random key;
Splice random key and fixed key to obtain integrity key;
Ciphertext BootLoader is decrypted using integrity key, obtains plaintext BootLoader.
The present invention also proposes that a kind of solid-state hard disk controller is safely loaded with device, comprising:
Key generating unit, for generating random number as random key;
Key acquiring unit, for obtaining existing fixed key, for adding solution/close header and random key;
Key concatenation unit, for being used for enciphering/deciphering for fixed key and random key splicing composition integrity key
BootLoader;
Key storing unit, for fixed key and random key to be stored separately the different location in solid state hard disk.
Further, the Key generating unit includes generation module, for generating 128bit at random by strapping tool
The random number of size, as random key;
The key concatenation unit includes splicing module, for by the fixed key of 128bit and 128bit with secret
The integrity key of key splicing composition 256bit, for carrying out AES256 encryption to BootLoader firmware.
Further, the key storing unit includes the first memory module and the second memory module,
First memory module, for fixed key to be stored in the EFUSE of solid state hard disk;
Second memory module, for random key to be stored in the header of BootLoader firmware.
It further, further include encryption unit and decryption unit,
Encryption unit includes:
First encrypting module, for generating ciphertext header using fixed key encryption header and random key;
Second encrypting module generates ciphertext BootLoader for encrypting BootLoader using integrity key;
Firmware splicing module, for ciphertext header and ciphertext BootLoader splicing composition is complete
BootLoader firmware, and be written in Flash;
Decryption unit includes:
Firmware read module obtains ciphertext header and ciphertext for reading encrypted BootLoader firmware respectively
BootLoader;
First deciphering module is decrypted for reading fixed key, and to ciphertext header, obtains plaintext header;
Parsing module obtains random key for parsing plaintext header;
Key splicing module, for splicing random key and fixed key to obtain integrity key;
Second deciphering module is obtained in plain text for ciphertext BootLoader to be decrypted using integrity key
BootLoader。
The present invention also proposes a kind of non-transitorycomputer readable storage medium, is stored thereon with computer program, the journey
As above described in any item solid-state hard disk controller method for secure loading are realized when sequence is executed by processor.
The beneficial effects of the present invention are: this programme tears the 256bit integrity key for being used for encryption and decryption BootLoader firmware open
It is divided into random key and fixed key, fixed key and random key is stored separately the different location in solid state hard disk, improves
The difficulty for obtaining integrity key is cracked, guarantees the safety of bootloader firmware.
Detailed description of the invention
Fig. 1 is a kind of method flow diagram of solid-state hard disk controller method for secure loading of the present invention;
Fig. 2 is the method that fixed key and random key are stored separately the different location step in solid state hard disk by the present invention
Flow chart;
Fig. 3 is the method flow diagram of BootLoader firmware encrypting process of the present invention;
Fig. 4 is the method flow diagram of BootLoader firmware decrypting process of the present invention;
Fig. 5 is a kind of implementation flow chart of solid-state hard disk controller method for secure loading of a specific embodiment of the invention;
Fig. 6 is the structural principle block diagram that a kind of solid-state hard disk controller of the present invention is safely loaded with device;
Fig. 7 is the structural block diagram of Key generating unit of the present invention;
Fig. 8 is the structural block diagram of key concatenation unit of the present invention;
Fig. 9 is the structural block diagram of key storing unit of the present invention;
Figure 10 is the structural block diagram of encryption unit of the present invention;
Figure 11 is the structural block diagram of decryption unit of the present invention.
Specific embodiment
To illustrate thought and purpose of the invention, the present invention is done further below in conjunction with the drawings and specific embodiments
Explanation.
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiment is only a part of the embodiments of the present invention, instead of all the embodiments.Base
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts it is all its
His embodiment, shall fall within the protection scope of the present invention.
It is to be appreciated that the directional instruction (up, down, left, right, before and after etc.) of institute is only used in the embodiment of the present invention
It explains in relative positional relationship, the motion conditions etc. under a certain particular pose (as shown in the picture) between each component, if the spy
When determining posture and changing, then directionality instruction also correspondingly changes correspondingly, and the connection, which can be, to be directly connected to, can also
To be to be indirectly connected with.
In addition, the description for being such as related to " first ", " second " in the present invention is used for description purposes only, and should not be understood as
Its relative importance of indication or suggestion or the quantity for implicitly indicating indicated technical characteristic.Define as a result, " first ", "
Second " feature can explicitly or implicitly include at least one of the features.In addition, the technical solution between each embodiment
It can be combined with each other, but must be based on can be realized by those of ordinary skill in the art, when the combination of technical solution goes out
Existing conflicting or cannot achieve when, will be understood that the combination of this technical solution is not present, also not the present invention claims protection
Within the scope of.
Unless otherwise instructed, herein "/" represent meaning as " or ".
English abbreviation herein is explained as follows:
Bootrom: being solidificated in microcontroller, the code worked normally for chip.
A kind of AES: advanced symmetric encipherment algorithm.
A kind of Flash: non-volatile memory.
Bootloader: for loading the load engineering of solid state hard disk total system firmware.
The header file of Header:Bootloader, the relevant information comprising Bootloader.
A kind of EFUSE: disposable programmable memory.
SSD: solid state hard disk.
Referring to Fig.1-5, an of the invention specific embodiment proposes a kind of solid-state hard disk controller method for secure loading, including with
Lower step:
S10, random number is generated as random key.
S20, existing fixed key is obtained, for adding solution/close header and random key.
S30, fixed key and random key splicing are formed into integrity key, is used for enciphering/deciphering BootLoader.
S40, fixed key and random key are stored separately the different location in solid state hard disk.
In existing scheme, the mode that solid-state hard disk controller is safely loaded with is 256bit needed for loading Bootloader
Key be stored in firmware file Header.Detailed process is, after chip powers on, bootrom uses AES 256bit
Enciphering and deciphering algorithm runs BootLoader after firmware is decrypted, required key is stored in the header of Bootloader firmware
In.Since key is stored in header, lawless people can disassemble the Flash chip in solid state hard disk by violence, read
The firmware information in Flash is taken out, since in prior art, header is plaintext, the personnel of cracking can be from header
In parse key, reuse the firmware that the key pair is read and be decrypted, can obtain the firmware code of plaintext, firmware peace
Full property is low.
For step S10, the 256bit key that this programme uses is by 128bit random key and 128bit fixed key group
At.Wherein, random key is obtained by generating random number, and the random key that different ssd are used is entirely different, also, with secret
Key is stored in the header of BootLoader firmware, and random key deposits in the header of firmware after generating and encrypt at random
In, it can not be directly obtained according to regular or Brute Force, the key of 256bit is split into random key and fixed key
And storage is separated, it reduces the other Brute Force of key and obtains possibility, improve the safety of encrypted firmware.
Specifically, step S10 includes: S11, the random number for generating by strapping tool 128bit size at random, as with
Secret key.
Different from random key for step S20, solid-state key is correspondingly arranged with ssd, and is changeless random
The fixed key of number, different SSD is different, is stored in EFUSE, separately stores with random key, and can be used for will be with secret
Key encryption is stored in the header of BootLoader firmware, and the key of 256bit is split into random key and fixed key simultaneously
Separately storage reduces the other Brute Force of key and obtains possibility, improves the safety of encrypted firmware.
Step S30, integrity key 256bit can be used for encrypting BootLoader, by 128bit with secret
Key and fixed key are spliced, and relative to the key of existing 256bit, to get integrity key, then need to obtain simultaneously
To fixed key and random key, and fixed key is deposited in EFUSE by this embodiment scheme, by random key fixed key
It is stored after encryption as the ciphertext header of firmware, improves the acquisition difficulty of random key and then fixed key, and further
The difficulty for cracking and obtaining integrity key is improved, the safety of firmware is protected.
Specifically, step S30 include: S31, by the random key of the fixed key of 128bit and 128bit splice form
The integrity key of 256bit, for carrying out AES256 encryption to BootLoader firmware.
For step S40, fixed key and random key are being stored separately the different location in solid state hard disk.Specifically
, fixed key is deposited in EFUSE by this embodiment scheme, as the ciphertext of firmware after using fixed key to encrypt random key
Header storage, third party need while cracking EFUSE and ciphertext header that integrity key can be got, and improve random
The acquisition difficulty of key and then fixed key, and the difficulty for cracking and obtaining integrity key is further improved, protect firmware
Safety.
It should be noted that fixed key is deposited in EFUSE here, after using fixed key to encrypt random key as
The ciphertext header storage of firmware is only a kind of separately location mode of the invention, is also possible to deposit in other different independences
In storage medium.
Specifically, with reference to Fig. 2, step S40 includes:
S41, fixed key is stored in the EFUSE of solid state hard disk.
S42, random key is stored in the header of BootLoader firmware.
Specifically, further including ciphering process and decrypting process after step S40 with reference to Fig. 3 and 4.
Referring to Fig. 3, the ciphering process of BootLoader firmware the following steps are included:
S51, header and random key are encrypted using fixed key, generates ciphertext header.
S52, BootLoader is encrypted using integrity key, generates ciphertext BootLoader.
S53, ciphertext header and ciphertext BootLoader splicing is formed into complete BootLoader firmware, and be written
In Flash.
For step S51-S53, to use spliced integrity key to encrypt the process of BootLoader firmware, wherein with
Secret key is encrypted by fixed key, and the ciphertext header as firmware is saved together with ciphertext BootLoader.Make
Header and random key are encrypted with fixed key, generates ciphertext header, and encrypt BootLoader using integrity key, it is raw
At ciphertext BootLoader, ciphertext header and ciphertext BootLoader splicing is finally formed into complete BootLoader and is consolidated
Part, write-in Flash are saved, are improved the Information Security of BootLoader firmware, improve and crack difficulty.
Referring to Fig. 4, the decrypting process of BootLoader firmware the following steps are included:
S61, encrypted BootLoader firmware is read, obtains ciphertext header and ciphertext BootLoader respectively.
S62, fixed key is read, and ciphertext header is decrypted, obtain plaintext header.
S63, parsing plaintext header obtain random key.
S64, splice random key and fixed key to obtain integrity key.
S65, acquisition plaintext BootLoader is decrypted to ciphertext BootLoader using integrity key.
For step S61-S65, encrypted BootLoader firmware is by ciphertext header and ciphertext BootLoader two
Part forms, and includes random key in ciphertext header, needs first to be decrypted acquisition random key by fixed key, then sharp again
With the random key and fixed key splicing composition integrity key after decryption, acquisition is decrypted in plain text to ciphertext BootLoader
Operation pointer is finally jumped to the base address of Bootloader by BootLoader by Bootrom, runs Bootloader, complete
At the load of BootLoader.
It is a kind of specific embodiment of solid-state hard disk controller method for secure loading of the present invention with reference to Fig. 5, specific as follows:
Firmware encrypting process description is as follows:
1. strapping tool generates 128bit random number at random, as random key KEY4.
2. the random key KEY4 generated in 128bit fixed key KEY3 and process 1 is spliced the complete of composition 256bit
Key KEY5.
3. carrying out the header that AES128 encryption generates ciphertext to Header using fixed key KEY3.
4. the integrity key KEY5 in process for using 2 carries out AES256 encryption to Bootloader, ciphertext is generated
Bootloader。
5. the ciphertext Bootloader splicing composition in the ciphertext header and process 4 in process 3 is complete
Bootloader firmware.
6. by Bootloader firmware programming into Flash.
It is as follows that firmware decrypts process description:
1. chip powers on, Bootrom operation.
2.Bootrom read from Flash encryption BootLoader firmware, obtain encryption header and
bootloader。
3. reading the fixed key KEY3 of 128bit from EFUSE, the ciphertext obtained in the key pair process 2 is used
Header is decrypted, and obtains plaintext header.
4. parsing plaintext header, the random key KEY4 of 128bit is obtained.
5. splicing the random key KEY4 in the fixed key KEY3 and process 4 in process 3, the AES for forming 256bit is close
Key KEY5.
6. carrying out AES decryption to the ciphertext bootloader obtained in process 2 using integrity key KEY5, obtain in plain text
bootloader。
7.Bootrom jumps to the base address of Bootloader by pointer is run, and runs Bootloader.
Specifically, the 256bit integrity key for being used for encryption and decryption BootLoader firmware is split into random key by this programme
And fixed key, fixed key and random key are stored separately the different location in solid state hard disk, it is complete that raising cracks acquisition
The difficulty of key guarantees the safety of bootloader firmware.
With reference to Fig. 6-11, another embodiment of the present invention also proposes that a kind of solid-state hard disk controller is safely loaded with device, comprising:
Key generating unit 10, for generating random number as random key.
Key acquiring unit 20, for obtaining existing fixed key, for adding solution/close header and random key.
Key concatenation unit 30, for being used for enciphering/deciphering for fixed key and random key splicing composition integrity key
BootLoader。
Key storing unit 40, for fixed key and random key to be stored separately the different location in solid state hard disk.
In existing scheme, the mode that solid-state hard disk controller is safely loaded with is 256bit needed for loading Bootloader
Key be stored in firmware file Header.Detailed process is, after chip powers on, bootrom uses AES 256bit
Enciphering and deciphering algorithm runs BootLoader after firmware is decrypted, required key is stored in the header of Bootloader firmware
In.Since key is stored in header, lawless people can disassemble the Flash chip in solid state hard disk by violence, read
The firmware information in Flash is taken out, since in prior art, header is plaintext, the personnel of cracking can be from header
In parse key, reuse the firmware that the key pair is read and be decrypted, can obtain the firmware code of plaintext, firmware peace
Full property is low.
For Key generating unit 10, the 256bit key that this programme uses is consolidated by 128bit random key and 128bit
Determine key composition.Wherein, random key is obtained by generating random number, and the random key that different ssd are used is entirely different, and
And random key is stored in the header of BootLoader firmware, random key deposits in firmware after generating and encrypt at random
Header in, can not be directly obtained according to regular or Brute Force, by the key of 256bit split into random key and
Fixed key simultaneously separates storage, reduces the other Brute Force of key and obtains possibility, improves the safety of encrypted firmware.
With reference to Fig. 7, Key generating unit 10 includes generation module 11, big for generating 128bit at random by strapping tool
Small random number, as random key.
Different from random key for key acquiring unit 20, solid-state key is correspondingly arranged with ssd, and to immobilize
Random number, the fixed key of different SSD is different, be stored in EFUSE, separately stored with random key, and can be used for by
Random key encryption is stored in the header of BootLoader firmware, and the key of 256bit is split into random key and is consolidated
Determine key and separate storage, reduces the other Brute Force of key and obtain possibility, improve the safety of encrypted firmware.
For key concatenation unit 30, integrity key 256bit can be used for encrypting BootLoader, by 128bit's
Random key and fixed key are spliced, and relative to the key of existing 256bit, to get integrity key, then need same
When get fixed key and random key, and fixed key is deposited in EFUSE by this embodiment scheme, by random key with solid
Determine the ciphertext header after key encrypts as firmware to store, improves the acquisition difficulty of random key and then fixed key, and
The difficulty for cracking and obtaining integrity key is further improved, the safety of firmware is protected.
With reference to Fig. 8, key concatenation unit 30 includes splicing module 31, for by the fixed key of 128bit and 128bit
The integrity key of random key splicing composition 256bit, for carrying out AES256 encryption to BootLoader firmware.
For key storing unit 40, fixed key and random key are being stored separately in solid state hard disk different positions
It sets.Specifically, fixed key is deposited in EFUSE by this embodiment scheme, as solid after using fixed key to encrypt random key
The ciphertext header of part is stored, and third party needs while cracking EFUSE and ciphertext header that integrity key can be got,
The acquisition difficulty of random key and then fixed key is improved, and further improves the difficulty for cracking and obtaining integrity key, is protected
The safety of firmware is protected.
It should be noted that fixed key is deposited in EFUSE here, after using fixed key to encrypt random key as
The ciphertext header storage of firmware is only a kind of separately location mode of the invention, is also possible to deposit in other different independences
In storage medium.
With reference to Fig. 9, key storing unit 40 includes the first memory module 41 and the second memory module 42.
First memory module 41, for fixed key to be stored in the EFUSE of solid state hard disk.
Second memory module 42, for random key to be stored in the header of BootLoader firmware.
With reference to Fig. 6, it further includes that encryption unit 50 and decryption are single that a kind of solid-state hard disk controller of the present invention, which is safely loaded with device,
Member 60.
Referring to Fig.1 0, wherein encryption unit 50 includes:
First encrypting module 51, for generating ciphertext header using fixed key encryption header and random key.
Second encrypting module 52 generates ciphertext BootLoader for encrypting BootLoader using integrity key.
Firmware splicing module 53, for ciphertext header and ciphertext BootLoader splicing composition is complete
BootLoader firmware, and be written in Flash.
Referring to Fig.1 1, wherein decryption unit 60 includes:
Firmware read module 61 obtains ciphertext header and close for reading encrypted BootLoader firmware respectively
Literary BootLoader.
First deciphering module 62 is decrypted for reading fixed key, and to ciphertext header, obtains in plain text
header。
Parsing module 63 obtains random key for parsing plaintext header.
Key splicing module 64, for splicing random key and fixed key to obtain integrity key.
Second deciphering module 65 is obtained in plain text for ciphertext BootLoader to be decrypted using integrity key
BootLoader。
For encryption unit 50, BootLoader firmware is encrypted using spliced integrity key, wherein random key is logical
It crosses fixed key to be encrypted, and the ciphertext header as firmware is saved together with ciphertext BootLoader.It is close using fixation
Key encrypts header and random key, generates ciphertext header, and encrypt BootLoader using integrity key, generates ciphertext
Ciphertext header and ciphertext BootLoader splicing is finally formed complete BootLoader firmware, write-in by BootLoader
Flash is saved, and is improved the Information Security of BootLoader firmware, is improved and crack difficulty.
For decryption unit 60, encrypted BootLoader firmware is by ciphertext header and ciphertext BootLoader two
Part forms, and includes random key in ciphertext header, needs first to be decrypted acquisition random key by fixed key, then sharp again
With the random key and fixed key splicing composition integrity key after decryption, acquisition is decrypted in plain text to ciphertext BootLoader
Operation pointer is finally jumped to the base address of Bootloader by BootLoader by Bootrom, runs Bootloader, complete
At the load of BootLoader.
The 256bit integrity key for being used for encryption and decryption BootLoader firmware is split into random key and fixation by this programme
Fixed key and random key are stored separately the different location in solid state hard disk by key, are improved and are cracked acquisition integrity key
Difficulty guarantees the safety of bootloader firmware.
The present invention also proposes a kind of non-transitorycomputer readable storage medium, is stored thereon with computer program, the journey
Solid-state hard disk controller method for secure loading as above is realized when sequence is executed by processor.The storage medium can be aforementioned clothes
The internal storage unit of business device, such as the hard disk or memory of server.The storage medium is also possible to the outside of the equipment
The plug-in type hard disk being equipped in storage equipment, such as the equipment, intelligent memory card (Smart Media Card, SMC), safety
Digital (Secure Digital, SD) card, flash card (Flash Card) etc..Further, the storage medium can also be both
Internal storage unit including the equipment also includes External memory equipment.
The above description is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all utilizations
Equivalent structure or equivalent flow shift made by description of the invention and accompanying drawing content is applied directly or indirectly in other correlations
Technical field, be included within the scope of the present invention.
Claims (10)
1. a kind of solid-state hard disk controller method for secure loading, which comprises the following steps:
Random number is generated as random key;
Existing fixed key is obtained, for adding solution/close header and random key;
By fixed key and random key splicing composition integrity key, it to be used for enciphering/deciphering BootLoader;
Fixed key and random key are stored separately the different location in solid state hard disk.
2. solid-state hard disk controller method for secure loading as described in claim 1, which is characterized in that the generation random number is made
For random key step, including,
The random number for generating 128bit size at random by strapping tool, as random key.
3. solid-state hard disk controller method for secure loading as claimed in claim 2, which is characterized in that it is described by fixed key with
Random key splicing composition integrity key step, including,
By the random key of the fixed key of 128bit and 128bit splice composition 256bit integrity key, for pair
BootLoader firmware carries out AES256 encryption.
4. solid-state hard disk controller method for secure loading as described in claim 1, which is characterized in that it is described by fixed key and
Random key is stored separately step, including,
Fixed key is stored in the EFUSE of solid state hard disk;
Random key is stored in the header of BootLoader firmware.
5. solid-state hard disk controller method for secure loading as described in claim 1, which is characterized in that it is described by fixed key with
It further include ciphering process and decrypting process after random key splicing composition integrity key step,
Ciphering process the following steps are included:
Header and random key are encrypted using fixed key, generates ciphertext header;
BootLoader is encrypted using integrity key, generates ciphertext BootLoader;
Ciphertext header and ciphertext BootLoader splicing is formed into complete BootLoader firmware, and is written in Flash;
Decrypting process the following steps are included:
Encrypted BootLoader firmware is read, obtains ciphertext header and ciphertext BootLoader respectively;
Fixed key is read, and ciphertext header is decrypted, obtains plaintext header;
It parses plaintext header and obtains random key;
Splice random key and fixed key to obtain integrity key;
Ciphertext BootLoader is decrypted using integrity key, obtains plaintext BootLoader.
6. a kind of solid-state hard disk controller is safely loaded with device characterized by comprising
Key generating unit, for generating random number as random key;
Key acquiring unit, for obtaining existing fixed key, for adding solution/close header and random key;
Key concatenation unit, for being used for enciphering/deciphering for fixed key and random key splicing composition integrity key
BootLoader;
Key storing unit, for fixed key and random key to be stored separately the different location in solid state hard disk.
7. solid-state hard disk controller as claimed in claim 6 is safely loaded with device, which is characterized in that the Key generating unit
Including generation module, for generating the random number of 128bit size at random by strapping tool, as random key;
The key concatenation unit includes splicing module, for splicing the random key of the fixed key of 128bit and 128bit
The integrity key for forming 256bit, for carrying out AES256 encryption to BootLoader firmware.
8. solid-state hard disk controller as claimed in claim 6 is safely loaded with device, which is characterized in that the key storing unit
Including the first memory module and the second memory module,
First memory module, for fixed key to be stored in the EFUSE of solid state hard disk;
Second memory module, for random key to be stored in the header of BootLoader firmware.
9. solid-state hard disk controller as claimed in claim 6 is safely loaded with device, which is characterized in that further include encryption unit and
Decryption unit,
Encryption unit includes:
First encrypting module, for generating ciphertext header using fixed key encryption header and random key;
Second encrypting module generates ciphertext BootLoader for encrypting BootLoader using integrity key;
Firmware splicing module is consolidated for ciphertext header and ciphertext BootLoader splicing to be formed complete BootLoader
Part, and be written in Flash;
Decryption unit includes:
Firmware read module obtains ciphertext header and ciphertext for reading encrypted BootLoader firmware respectively
BootLoader;
First deciphering module is decrypted for reading fixed key, and to ciphertext header, obtains plaintext header;
Parsing module obtains random key for parsing plaintext header;
Key splicing module, for splicing random key and fixed key to obtain integrity key;
Second deciphering module obtains plaintext BootLoader for ciphertext BootLoader to be decrypted using integrity key.
10. a kind of non-transitorycomputer readable storage medium, is stored thereon with computer program, which is characterized in that the program
Solid-state hard disk controller method for secure loading according to any one of claims 1 to 5 is realized when being executed by processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910254911.XA CN110008724B (en) | 2019-03-29 | 2019-03-29 | Solid state hard disk controller safe loading method and device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910254911.XA CN110008724B (en) | 2019-03-29 | 2019-03-29 | Solid state hard disk controller safe loading method and device and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110008724A true CN110008724A (en) | 2019-07-12 |
| CN110008724B CN110008724B (en) | 2023-03-21 |
Family
ID=67169141
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910254911.XA Active CN110008724B (en) | 2019-03-29 | 2019-03-29 | Solid state hard disk controller safe loading method and device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110008724B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112632562A (en) * | 2020-12-28 | 2021-04-09 | 四川虹微技术有限公司 | Equipment starting method, equipment management method and embedded equipment |
| CN115828287A (en) * | 2023-01-10 | 2023-03-21 | 湖州丽天智能科技有限公司 | Model encryption method, model decryption method, computer and integrated chip |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101295342A (en) * | 2008-01-24 | 2008-10-29 | 清华大学 | Magnetic disk enciphering and recovery method based on single file system |
| CN103051963A (en) * | 2012-11-30 | 2013-04-17 | 北京视博数字电视科技有限公司 | Safety control method of digital television terminal equipment |
| CN103914658A (en) * | 2013-01-05 | 2014-07-09 | 展讯通信(上海)有限公司 | Safe starting method of terminal equipment, and terminal equipment |
| CN106503494A (en) * | 2016-11-05 | 2017-03-15 | 福建省北峰电讯科技有限公司 | A kind of firmware protection location and guard method with flash memory microcontroller on piece |
| CN107294702A (en) * | 2017-07-17 | 2017-10-24 | 四川长虹电器股份有限公司 | Front-end code encryption method based on Hybrid APP unique characteristics |
| CN108762791A (en) * | 2018-06-07 | 2018-11-06 | 深圳市元征科技股份有限公司 | Firmware upgrade method and device |
-
2019
- 2019-03-29 CN CN201910254911.XA patent/CN110008724B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101295342A (en) * | 2008-01-24 | 2008-10-29 | 清华大学 | Magnetic disk enciphering and recovery method based on single file system |
| CN103051963A (en) * | 2012-11-30 | 2013-04-17 | 北京视博数字电视科技有限公司 | Safety control method of digital television terminal equipment |
| CN103914658A (en) * | 2013-01-05 | 2014-07-09 | 展讯通信(上海)有限公司 | Safe starting method of terminal equipment, and terminal equipment |
| CN106503494A (en) * | 2016-11-05 | 2017-03-15 | 福建省北峰电讯科技有限公司 | A kind of firmware protection location and guard method with flash memory microcontroller on piece |
| CN107294702A (en) * | 2017-07-17 | 2017-10-24 | 四川长虹电器股份有限公司 | Front-end code encryption method based on Hybrid APP unique characteristics |
| CN108762791A (en) * | 2018-06-07 | 2018-11-06 | 深圳市元征科技股份有限公司 | Firmware upgrade method and device |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112632562A (en) * | 2020-12-28 | 2021-04-09 | 四川虹微技术有限公司 | Equipment starting method, equipment management method and embedded equipment |
| CN112632562B (en) * | 2020-12-28 | 2024-01-26 | 四川虹微技术有限公司 | Device starting method, device management method and embedded device |
| CN115828287A (en) * | 2023-01-10 | 2023-03-21 | 湖州丽天智能科技有限公司 | Model encryption method, model decryption method, computer and integrated chip |
| CN115828287B (en) * | 2023-01-10 | 2023-05-23 | 湖州丽天智能科技有限公司 | Model encryption method, model decryption method, computer and integrated chip |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110008724B (en) | 2023-03-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111723383B (en) | Data storage and verification method and device | |
| ES2970201T3 (en) | Personal identification system with contactless card | |
| CN100464315C (en) | Mobile memory divulgence protection method and system | |
| CN109918925A (en) | Date storage method, back end and storage medium | |
| CN101149768B (en) | Special processor software encryption and decryption method | |
| CN1889426B (en) | Method and system for realizing network safety storing and accessing | |
| CN102138300A (en) | Message authentication code pre-computation with applications to secure memory | |
| US9215070B2 (en) | Method for the cryptographic protection of an application | |
| US20120096280A1 (en) | Secured storage device with two-stage symmetric-key algorithm | |
| CN103914662A (en) | Access control method and device of file encrypting system on the basis of partitions | |
| EP2819057B1 (en) | Data processing system, method of initializing a data processing system, and computer program product | |
| CN104506504A (en) | Security mechanism and security device for confidential information of card-free terminal | |
| CN103544453A (en) | USB (universal serial bus) KEY based virtual desktop file protection method and device | |
| CN102799815B (en) | A kind of method and apparatus of safe loading procedure storehouse | |
| CN101770559A (en) | Data protecting device and data protecting method | |
| US20180123789A1 (en) | Apparatus and method for generating a key in a programmable hardware module | |
| CN110008724A (en) | Solid-state hard disk controller method for secure loading, device and storage medium | |
| US20080000971A1 (en) | Method for customizing customer identifier | |
| US20170243006A1 (en) | Secure provisioning of semiconductor chips in untrusted manufacturing factories | |
| CN107992760B (en) | Key writing method, device, equipment and storage medium | |
| CN103177224A (en) | Data protection method and device used for terminal external storage card | |
| US9756044B2 (en) | Establishment of communication connection between mobile device and secure element | |
| US9979541B2 (en) | Content management system, host device and content key access method | |
| CN112039876A (en) | Data ferrying method, device, equipment and medium | |
| CN116366289A (en) | Safety supervision method and device for remote sensing data of unmanned aerial vehicle |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |