CN110008724B - Solid state hard disk controller safe loading method and device and storage medium - Google Patents

Solid state hard disk controller safe loading method and device and storage medium Download PDF

Info

Publication number
CN110008724B
CN110008724B CN201910254911.XA CN201910254911A CN110008724B CN 110008724 B CN110008724 B CN 110008724B CN 201910254911 A CN201910254911 A CN 201910254911A CN 110008724 B CN110008724 B CN 110008724B
Authority
CN
China
Prior art keywords
key
bootloader
random
header
ciphertext
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910254911.XA
Other languages
Chinese (zh)
Other versions
CN110008724A (en
Inventor
杨志佳
冯元元
周强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ramaxel Technology Shenzhen Co Ltd
Original Assignee
Ramaxel Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ramaxel Technology Shenzhen Co Ltd filed Critical Ramaxel Technology Shenzhen Co Ltd
Priority to CN201910254911.XA priority Critical patent/CN110008724B/en
Publication of CN110008724A publication Critical patent/CN110008724A/en
Application granted granted Critical
Publication of CN110008724B publication Critical patent/CN110008724B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/572Secure firmware programming, e.g. of basic input output system [BIOS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a safe loading method, a safe loading device and a storage medium for a solid state hard disk controller, wherein the method comprises the following steps: generating a random number as a random key; acquiring an existing fixed key for encrypting/decrypting a header and a random key; splicing the fixed key and the random key to form a complete key for encrypting/decrypting BootLoader; and the fixed key and the random key are separately stored in different positions in the solid state disk. The scheme splits the 256-bit complete key for encrypting and decrypting BootLoader firmware into the random key and the fixed key, and separately stores the fixed key and the random key in different positions in the solid state disk, thereby improving the difficulty of obtaining the complete key by cracking and ensuring the safety of the BootLoader firmware.

Description

Solid state hard disk controller safe loading method and device and storage medium
Technical Field
The invention relates to the field of solid state disk firmware encryption, in particular to a method and a device for safely loading a solid state disk controller and a storage medium.
Background
The key components of the solid state disk are a solid state disk controller and a memory for storing data, and the solid state disk controller, also called a main control chip or a main control, is one of the key components of the solid state disk.
Currently, a secure loading mode of a solid state disk controller is to store a key required by loading a Bootloader in a firmware file Header. Specifically, after the chip is powered on, the bootrom usually decrypts the firmware by using an AES 256-bit encryption and decryption algorithm and then runs, and a key of the required AES is stored in a header of the Bootloader firmware. Because the secret key is stored in the Header, illegal personnel can disassemble the Flash chip on the solid state disk violently and read the firmware information in the Flash, because the Header is in the clear text, the secret key can be analyzed from the Header, and the read firmware is decrypted by using the secret key, so that the firmware code in the clear text can be obtained, and the security of the firmware is low.
The existing technical scheme has more defects, the loss of the key is easy to cause, and the safety of the firmware cannot be guaranteed. Therefore, it is necessary to provide a method, an apparatus and a storage medium for loading a solid state hard disk controller securely.
Disclosure of Invention
In order to solve the above-mentioned drawbacks of the prior art, an object of the present invention is to provide a method, an apparatus, and a storage medium for securely loading a solid state hard disk controller.
In order to achieve the purpose, the technical scheme of the invention is as follows:
a secure loading method for a solid state hard disk controller comprises the following steps:
generating a random number as a random key;
acquiring an existing fixed key for encrypting/decrypting a header and a random key;
splicing the fixed key and the random key to form a complete key for encrypting/decrypting BootLoader;
and the fixed key and the random key are separately stored in different positions in the solid state disk.
Further, the step of generating a random number as a random key includes,
a random number of 128bit size is randomly generated by the packaging tool as a random key.
Further, the step of splicing the fixed key and the random key to form a complete key comprises,
and splicing the 128-bit fixed key and the 128-bit random key to form a 256-bit complete key for AES256 encryption of BootLoader firmware.
Further, the step of storing the fixed key and the random key separately includes,
storing the fixed secret key in an EFUSE of the solid state disk;
the random key is stored in the header of BootLoader firmware.
Furthermore, after the step of splicing the fixed key and the random key into a complete key, the method also comprises an encryption process and a decryption process,
the encryption process comprises the following steps:
encrypting the header and the random key by using a fixed key to generate a ciphertext header;
encrypting BootLoader by using the complete key to generate a ciphertext BootLoader;
splicing the ciphertext header and the ciphertext BootLoader to form complete BootLoader firmware, and writing the BootLoader firmware into Flash;
the decryption process comprises the following steps:
reading encrypted BootLoader firmware, and respectively acquiring a ciphertext header and a ciphertext BootLoader;
reading the fixed key, decrypting the ciphertext header and obtaining a plaintext header;
analyzing a plaintext header to obtain a random key;
splicing the random key and the fixed key to obtain a complete key;
and decrypting the ciphertext BootLoader by using the complete key to obtain the plaintext BootLoader.
The invention also provides a safe loading device of the solid state hard disk controller, which comprises:
a key generation unit for generating a random number as a random key;
a key obtaining unit, configured to obtain an existing fixed key, which is used for encrypting/decrypting the header and the random key;
the key splicing unit is used for splicing the fixed key and the random key to form a complete key for encrypting/decrypting the BootLoader;
and the key storage unit is used for separately storing the fixed key and the random key in different positions in the solid state disk.
Further, the key generation unit comprises a generation module, configured to randomly generate a random number with a size of 128 bits as a random key through a packaging tool;
the key splicing unit comprises a splicing module, and is used for splicing a 128-bit fixed key and a 128-bit random key to form a 256-bit complete key and performing AES256 encryption on BootLoader firmware.
Further, the key storage unit includes a first storage module and a second storage module,
the first storage module is used for storing the fixed secret key in the EFUSE of the solid state disk;
and the second storage module is used for storing the random key in a header of BootLoader firmware.
Further, the system also comprises an encryption unit and a decryption unit,
the encryption unit includes:
the first encryption module is used for encrypting the header and the random key by using a fixed key to generate a ciphertext header;
the second encryption module is used for encrypting the BootLoader by using the complete key to generate a ciphertext BootLoader;
the firmware splicing module is used for splicing the ciphertext header and the ciphertext BootLoader to form complete BootLoader firmware and writing the complete BootLoader firmware into Flash;
the decryption unit includes:
the firmware reading module is used for reading encrypted BootLoader firmware and respectively acquiring a ciphertext header and a ciphertext BootLoader;
the first decryption module is used for reading the fixed key and decrypting the ciphertext header to obtain a plaintext header;
the analysis module is used for analyzing the plaintext header to obtain a random key;
the key splicing module is used for splicing the random key and the fixed key to obtain a complete key;
and the second decryption module is used for decrypting the ciphertext BootLoader by using the complete key to obtain the plaintext BootLoader.
The present invention also proposes a non-transitory computer-readable storage medium, on which a computer program is stored, which, when executed by a processor, implements the method for secure loading of a solid state disk controller as described in any of the above.
The invention has the beneficial effects that: the scheme splits the 256-bit complete key for encrypting and decrypting BootLoader firmware into the random key and the fixed key, and separately stores the fixed key and the random key in different positions in the solid state disk, thereby improving the difficulty of obtaining the complete key by cracking and ensuring the safety of the BootLoader firmware.
Drawings
FIG. 1 is a flowchart illustrating a method for loading a solid state disk controller safely according to the present invention;
FIG. 2 is a flowchart of a method for separately storing a fixed key and a random key at different locations in a solid state drive according to the present invention;
FIG. 3 is a flowchart of a method for BootLoader firmware encryption according to the present invention;
FIG. 4 is a flowchart of a method for BootLoader firmware decryption process according to the present invention;
fig. 5 is a flowchart illustrating an implementation of a secure loading method for a solid state disk controller according to an embodiment of the present invention;
FIG. 6 is a schematic block diagram illustrating a structure of a secure loading apparatus of a solid state disk controller according to the present invention;
FIG. 7 is a block diagram of a key generation unit according to the present invention;
FIG. 8 is a block diagram of the structure of a key concatenation unit according to the present invention;
FIG. 9 is a block diagram of a key storage unit according to the present invention;
FIG. 10 is a block diagram of the structure of an encryption unit according to the present invention;
fig. 11 is a block diagram of a decryption unit according to the present invention.
Detailed Description
For the purpose of illustrating the spirit and objects of the present invention, the present invention will be further described with reference to the accompanying drawings and specific embodiments.
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without inventive step based on the embodiments of the present invention, are within the scope of protection of the present invention.
It should be noted that all directional indicators (such as up, down, left, right, front, back, etc.) in the embodiments of the present invention are only used to explain the relative position relationship between the components, the motion situation, etc. in a specific posture (as shown in the drawings), and if the specific posture is changed, the directional indicator is changed accordingly, and the connection may be a direct connection or an indirect connection.
In addition, descriptions related to "first", "second", etc. in the present invention are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicit to the number of technical features indicated. Thus, a feature defined as "first", "second", may explicitly or implicitly include at least one of the feature. In addition, technical solutions between various embodiments may be combined with each other, but must be realized by a person skilled in the art, and when the technical solutions are contradictory or cannot be realized, such a combination should not be considered to exist, and is not within the protection scope of the present invention.
In this specification, "/" means "or" unless otherwise specified.
The abbreviations used in this document are explained as follows:
bootrom: and the code is solidified in the microcontroller and is used for normal work of the chip.
AES: an advanced symmetric encryption algorithm.
Flash: a non-volatile memory.
Bootloader: and the loading engineering is used for loading the solid state disk full system firmware.
A Header: and the header file of the Bootloader comprises the relevant information of the Bootloader.
EFUSE: a one-time programmable memory.
SSD: provided is a solid state disk.
Referring to fig. 1 to 5, an embodiment of the present invention provides a method for securely loading a solid state hard disk controller, including the following steps:
and S10, generating a random number as a random key.
And S20, acquiring the existing fixed key for encrypting/decrypting the header and the random key.
And S30, splicing the fixed key and the random key to form a complete key for encrypting/decrypting the BootLoader.
And S40, separately storing the fixed key and the random key in different positions in the solid state disk.
In the existing scheme, the mode of secure loading of the solid state hard disk controller is to store a 256-bit key required for loading the Bootloader in the firmware file Header. After the chip is powered on, the bootrom decrypts the firmware by using an AES256bit encryption and decryption algorithm and then runs a BootLoader, and a required key is stored in a header of the BootLoader firmware. Because the secret key is stored in the header, an illegal person can disassemble the Flash chip on the solid state disk violently and read the firmware information in the Flash, and because the header is a plaintext in the prior art, a cracker can analyze the secret key from the header and decrypt the read firmware by using the secret key, so that the firmware code of the plaintext can be obtained, and the security of the firmware is low.
For step S10, the 256-bit key used in the present scheme is composed of a 128-bit random key and a 128-bit fixed key. The random key is obtained by generating a random number, the random keys used by different ssds are completely different, the random key is stored in a header of BootLoader firmware, the random key is randomly generated and stored in the header of the firmware after being encrypted, the random key cannot be directly obtained according to the existing rule or brute force, the 256-bit key is divided into the random key and the fixed key and stored separately, the possibility of obtaining the 256-bit key by brute force cracking is reduced, and the security of the encrypted firmware is improved.
Specifically, step S10 includes: and S11, randomly generating a random number with the size of 128bit as a random key by a packaging tool.
For step S20, different from the random secret key, the solid secret key is set corresponding to the SSD and is a fixed random number, and different fixed secret keys of the SSD are different and stored in the EFUSE, and stored separately from the random secret key, and may be used to encrypt and store the random secret key in the header of the BootLoader firmware, and split the 256-bit secret key into the random secret key and the fixed secret key and store them separately, thereby reducing the possibility of obtaining the secret key by brute force cracking, and improving the security of the encrypted firmware.
For step S30, the complete key is 256 bits, which can be used for encrypting BootLoader, and is formed by splicing a 128-bit random key and a fixed key, and compared with the existing 256-bit key, to obtain the complete key, the fixed key and the random key need to be obtained at the same time.
Specifically, step S30 includes: s31, splicing the 128-bit fixed key and the 128-bit random key to form a 256-bit complete key, and carrying out AES256 encryption on the BootLoader firmware.
For step S40, the fixed key and the random key are separately stored in different locations in the solid state disk. Specifically, in the scheme of this embodiment, the fixed key is stored in the EFUSE, the random key is stored as the ciphertext header of the firmware after being encrypted by the fixed key, and a third party needs to simultaneously crack the EFUSE and the ciphertext header to obtain the complete key, so that the difficulty in obtaining the random key and then the fixed key is improved, the difficulty in obtaining the complete key is further improved, and the security of the firmware is protected.
It should be noted that storing the fixed key in the EFUSE and the random key encrypted by the fixed key as the ciphertext header of the firmware is only a separate storage method of the present invention, and may be stored in other different independent storage media.
Specifically, referring to fig. 2, step S40 includes:
and S41, storing the fixed key in the EFUSE of the solid state disk.
And S42, storing the random key in a header of BootLoader firmware.
Specifically, referring to fig. 3 and 4, after step S40, an encryption process and a decryption process are further included.
Referring to fig. 3, the encryption process of bootloader firmware includes the following steps:
s51, encrypting the header and the random key by using the fixed key to generate a ciphertext header.
S52, encrypting the BootLoader by using the complete key to generate a ciphertext BootLoader.
And S53, splicing the ciphertext header and the ciphertext BootLoader to form complete BootLoader firmware, and writing the complete BootLoader firmware into Flash.
For steps S51 to S53, the procedure is to encrypt BootLoader firmware using the spliced complete key, where the random key is encrypted by a fixed key and stored together with the ciphertext BootLoader as a ciphertext header of the firmware. The method comprises the steps of encrypting a header and a random key by using a fixed key to generate a ciphertext header, encrypting a BootLoader by using an integral key to generate a ciphertext BootLoader, splicing the ciphertext header and the ciphertext BootLoader to form integral BootLoader firmware, writing the integral BootLoader firmware into Flash for storage, improving the data security of the BootLoader firmware, and improving the cracking difficulty.
Referring to fig. 4, the decryption process of bootloader firmware includes the following steps:
s61, reading the encrypted BootLoader firmware, and respectively obtaining a ciphertext header and a ciphertext BootLoader.
S62, reading the fixed key, decrypting the ciphertext header and acquiring the plaintext header.
And S63, analyzing the plaintext header to obtain a random key.
And S64, splicing the random key and the fixed key to obtain a complete key.
S65, decrypting the ciphertext BootLoader by using the complete key to obtain the plaintext BootLoader.
For steps S61 to S65, the encrypted BootLoader firmware is composed of a ciphertext header and a ciphertext BootLoader, where the ciphertext header includes a random key, and the random key needs to be obtained by first decrypting the random key with a fixed key, and then the decrypted random key and the fixed key are spliced to form an integral key, and the ciphertext BootLoader is decrypted to obtain a plaintext BootLoader, and finally the Bootrom jumps an operation pointer to a base address of the BootLoader to operate the BootLoader, thereby completing the loading of the BootLoader.
Fig. 5 is a specific embodiment of a method for securely loading a solid state hard disk controller according to the present invention, which is specifically as follows:
the firmware encryption flow is illustrated as follows:
1. the packaging tool randomly generates a 128bit random number as the random KEY4.
2. And splicing the 128-bit fixed KEY KEY3 with the random KEY KEY4 generated in the process 1 to form a 256-bit complete KEY KEY5.
3. AES128 encryption of the Header using the fixed KEY3 generates the Header of the ciphertext.
4. And performing AES256 encryption on the Bootloader by using the complete KEY KEY5 in the flow 2 to generate a ciphertext Bootloader.
5. And splicing the ciphertext header in the flow 3 and the ciphertext Bootloader in the flow 4 to form complete Bootloader firmware.
6. And burning Bootloader firmware into Flash.
The firmware decryption flow is illustrated as follows:
1. and powering on the chip, and operating Bootrom.
And 2, reading the encrypted BootLoader firmware from the Flash by the Bootrom, and acquiring an encrypted header and a BootLoader.
3. And reading a 128-bit fixed KEY KEY3 from the EFUSE, and decrypting the ciphertext header acquired in the flow 2 by using the KEY to acquire a plaintext header.
4. And (4) analyzing the plaintext header to obtain a 128-bit random KEY KEY4.
5. And splicing the fixed KEY KEY3 in the process 3 and the random KEY KEY4 in the process 4 to form a 256-bit AES KEY KEY5.
6. And using the complete KEY KEY5 to carry out AES decryption on the ciphertext bootloader obtained in the flow 2 to obtain a plaintext bootloader.
And 7, jumping the running pointer to the base address of the Bootloader by the Bootrom, and running the Bootloader.
Specifically, the scheme splits the 256-bit complete key for encrypting and decrypting BootLoader firmware into a random key and a fixed key, and separately stores the fixed key and the random key in different positions in the solid state disk, so that the difficulty of obtaining the complete key by cracking is improved, and the safety of the BootLoader firmware is ensured.
Referring to fig. 6 to 11, another embodiment of the present invention further provides a solid state hard disk controller security loading apparatus, including:
a key generation unit 10 for generating a random number as a random key.
A key obtaining unit 20 for obtaining an existing fixed key for encrypting/decrypting the header and the random key.
And the key splicing unit 30 is configured to splice the fixed key and the random key to form a complete key, and is used to encrypt/decrypt the BootLoader.
And the key storage unit 40 is used for separately storing the fixed key and the random key in different positions in the solid state disk.
In the existing scheme, the mode of secure loading of the solid state hard disk controller is to store a 256-bit key required for loading the Bootloader in the firmware file Header. After the chip is powered on, the bootrom decrypts the firmware by using an AES256bit encryption and decryption algorithm and then runs a BootLoader, and a required key is stored in a header of the BootLoader firmware. Because the secret key is stored in the header, an illegal person can disassemble the Flash chip on the solid state disk violently and read the firmware information in the Flash, and because the header is a plaintext in the prior art, a cracker can analyze the secret key from the header and decrypt the read firmware by using the secret key, so that the firmware code of the plaintext can be obtained, and the security of the firmware is low.
For the key generation unit 10, the 256-bit key used in the present scheme is composed of a 128-bit random key and a 128-bit fixed key. The random key is obtained by generating a random number, the random keys used by different ssds are completely different, the random key is stored in a header of BootLoader firmware, the random key is randomly generated and stored in the header of the firmware after being encrypted, the random key cannot be directly obtained according to the existing rule or brute force, the 256-bit key is divided into the random key and the fixed key and stored separately, the possibility of obtaining the 256-bit key by brute force cracking is reduced, and the security of the encrypted firmware is improved.
Referring to fig. 7, the key generation unit 10 includes a generation module 11 for randomly generating a random number of 128bit size as a random key by a packaging tool.
For the key obtaining unit 20, different from the random key, the solid key and the SSD are correspondingly set and are fixed random numbers, different fixed keys of the SSD are different and stored in the EFUSE, and stored separately from the random key, and can be used for storing the random key in the header of the BootLoader firmware in an encrypted manner, splitting the 256-bit key into the random key and the fixed key and storing separately, thereby reducing the possibility of obtaining the key by brute force cracking, and improving the security of the encrypted firmware.
For the key splicing unit 30, the complete key is 256 bits, which can be used for encrypting BootLoader, and is formed by splicing a 128-bit random key and a fixed key, and compared with the existing 256-bit key, to obtain the complete key, the fixed key and the random key need to be obtained at the same time.
Referring to fig. 8, the key splicing unit 30 includes a splicing module 31, configured to splice a 128-bit fixed key and a 128-bit random key into a 256-bit complete key, and perform AES256 encryption on BootLoader firmware.
For the key storage unit 40, the fixed key and the random key are separately stored in different positions in the solid state disk. Specifically, in the scheme of this embodiment, the fixed key is stored in the EFUSE, the random key is stored as the ciphertext header of the firmware after being encrypted by the fixed key, and a third party needs to simultaneously crack the EFUSE and the ciphertext header to obtain the complete key, so that the difficulty in obtaining the random key and then the fixed key is improved, the difficulty in obtaining the complete key is further improved, and the security of the firmware is protected.
It should be noted that storing the fixed key in the EFUSE and the random key encrypted by the fixed key as the ciphertext header of the firmware is only a separate storage method of the present invention, and may be stored in other different independent storage media.
Referring to fig. 9, the key storage unit 40 includes a first storage module 41 and a second storage module 42.
The first storage module 41 is configured to store the fixed key in an EFUSE of the solid state disk.
And the second storage module 42 is configured to store the random key in a header of BootLoader firmware.
Referring to fig. 6, the secure loading apparatus of a solid state hard disk controller according to the present invention further includes an encryption unit 50 and a decryption unit 60.
Referring to fig. 10, among others, the encryption unit 50 includes:
and a first encryption module 51, configured to encrypt the header and the random key by using the fixed key, and generate a ciphertext header.
And the second encryption module 52 is configured to encrypt the BootLoader using the complete key to generate a ciphertext BootLoader.
And the firmware splicing module 53 is configured to splice the ciphertext header and the ciphertext BootLoader to form an integral BootLoader firmware, and write the complete BootLoader firmware into Flash.
Referring to fig. 11, among others, the decryption unit 60 includes:
and the firmware reading module 61 is configured to read encrypted BootLoader firmware and obtain a ciphertext header and a ciphertext BootLoader respectively.
The first decryption module 62 is configured to read the fixed key, decrypt the ciphertext header, and obtain a plaintext header.
And the analyzing module 63 is configured to analyze the plaintext header to obtain the random key.
And a key splicing module 64, configured to splice the random key and the fixed key to obtain a complete key.
And the second decryption module 65 is configured to decrypt the ciphertext BootLoader using the complete key to obtain the plaintext BootLoader.
For the encryption unit 50, bootLoader firmware is encrypted by using the spliced complete key, wherein a random key is encrypted by using a fixed key and is stored together with a ciphertext BootLoader as a ciphertext header of the firmware. The method comprises the steps of encrypting a header and a random key by using a fixed key to generate a ciphertext header, encrypting a BootLoader by using an integral key to generate a ciphertext BootLoader, splicing the ciphertext header and the ciphertext BootLoader to form integral BootLoader firmware, writing the integral BootLoader firmware into Flash for storage, improving the data security of the BootLoader firmware, and improving the cracking difficulty.
For the decryption unit 60, the encrypted BootLoader firmware is composed of a ciphertext header and a ciphertext BootLoader, the ciphertext header contains a random key, the random key needs to be obtained by decryption of a fixed key, then the decrypted random key and the fixed key are spliced to form an integral key, the ciphertext BootLoader is decrypted to obtain a plaintext BootLoader, finally, a Bootrom jumps an operation pointer to a base address of the BootLoader, the BootLoader is operated, and loading of the BootLoader is completed.
The scheme splits a 256-bit complete secret key for encrypting and decrypting BootLoader firmware into a random secret key and a fixed secret key, and separately stores the fixed secret key and the random secret key in different positions in a solid state disk, thereby improving the difficulty of obtaining the complete secret key by cracking and ensuring the safety of the BootLoader firmware.
The present invention also proposes a non-transitory computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the above method for secure loading of a solid state disk controller. The storage medium may be an internal storage unit of the aforementioned server, such as a hard disk or a memory of the server. The storage medium may also be an external storage device of the device, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like provided on the device. Further, the storage medium may also include both an internal storage unit and an external storage device of the apparatus.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims (8)

1. A secure loading method for a solid state hard disk controller is characterized by comprising the following steps:
generating a random number as a random key;
acquiring an existing fixed key for encrypting/decrypting a header and a random key;
splicing the fixed key and the random key to form a complete key for encrypting/decrypting BootLoader;
separately storing the fixed key and the random key in different positions in the solid state disk;
encrypting the header and the random key by using a fixed key to generate a ciphertext header;
encrypting BootLoader by using the complete key to generate a ciphertext BootLoader;
splicing the ciphertext header and the ciphertext BootLoader to form complete BootLoader firmware, and writing the BootLoader firmware into Flash;
reading encrypted BootLoader firmware, and respectively acquiring a ciphertext header and a ciphertext BootLoader;
reading the fixed key, and decrypting the ciphertext header to obtain a plaintext header;
analyzing a plaintext header to obtain a random key;
splicing the random key and the fixed key to obtain a complete key;
and decrypting the ciphertext BootLoader by using the complete key to obtain the plaintext BootLoader.
2. The method of secure loading of a solid state hard disk controller as recited in claim 1, wherein the step of generating a random number as a random key comprises,
a random number of 128bit size is randomly generated by the packaging tool as a random key.
3. The secure loading method for a solid state disk controller according to claim 2, wherein the step of concatenating the fixed key and the random key to form a complete key comprises,
and splicing the 128-bit fixed key and the 128-bit random key to form a 256-bit complete key for AES256 encryption of BootLoader firmware.
4. The method for secure loading of a solid state disk controller as claimed in claim 1 wherein said step of storing the fixed key and the random key separately comprises,
storing the fixed secret key in an EFUSE of the solid state disk;
the random key is stored in the header of BootLoader firmware.
5. A secure loading apparatus for a solid state disk controller, comprising:
a key generation unit for generating a random number as a random key;
a key obtaining unit, configured to obtain an existing fixed key, which is used for encrypting/decrypting the header and the random key;
the key splicing unit is used for splicing the fixed key and the random key to form a complete key for encrypting/decrypting the BootLoader;
the key storage unit is used for separately storing the fixed key and the random key at different positions in the solid state disk;
the first encryption module is used for encrypting the header and the random key by using a fixed key to generate a ciphertext header;
the second encryption module is used for encrypting the BootLoader by using the complete key to generate a ciphertext BootLoader;
the firmware splicing module is used for splicing the ciphertext header and the ciphertext BootLoader to form complete BootLoader firmware and writing the complete BootLoader firmware into Flash;
the firmware reading module is used for reading encrypted BootLoader firmware and respectively acquiring a ciphertext header and a ciphertext BootLoader;
the first decryption module is used for reading the fixed key and decrypting the ciphertext header to obtain a plaintext header;
the analysis module is used for analyzing the plaintext header to obtain a random key;
the key splicing module is used for splicing the random key and the fixed key to obtain a complete key;
and the second decryption module is used for decrypting the ciphertext BootLoader by using the complete key to obtain the plaintext BootLoader.
6. The solid state disk controller secure loading apparatus of claim 5, wherein the key generation unit includes a generation module configured to randomly generate a random number of 128bit size as the random key by a packaging tool;
the key splicing unit comprises a splicing module, and is used for splicing a 128-bit fixed key and a 128-bit random key to form a 256-bit complete key and performing AES256 encryption on BootLoader firmware.
7. The solid state hard disk controller secure loading apparatus of claim 5, wherein the key storage unit comprises a first storage module and a second storage module,
the first storage module is used for storing the fixed secret key in the EFUSE of the solid state disk;
and the second storage module is used for storing the random key in a header of BootLoader firmware.
8. A non-transitory computer readable storage medium having stored thereon a computer program, wherein the program, when executed by a processor, implements the method for secure loading of a solid state disk controller according to any of claims 1-4.
CN201910254911.XA 2019-03-29 2019-03-29 Solid state hard disk controller safe loading method and device and storage medium Active CN110008724B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910254911.XA CN110008724B (en) 2019-03-29 2019-03-29 Solid state hard disk controller safe loading method and device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910254911.XA CN110008724B (en) 2019-03-29 2019-03-29 Solid state hard disk controller safe loading method and device and storage medium

Publications (2)

Publication Number Publication Date
CN110008724A CN110008724A (en) 2019-07-12
CN110008724B true CN110008724B (en) 2023-03-21

Family

ID=67169141

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910254911.XA Active CN110008724B (en) 2019-03-29 2019-03-29 Solid state hard disk controller safe loading method and device and storage medium

Country Status (1)

Country Link
CN (1) CN110008724B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112632562B (en) * 2020-12-28 2024-01-26 四川虹微技术有限公司 Device starting method, device management method and embedded device
CN115828287B (en) * 2023-01-10 2023-05-23 湖州丽天智能科技有限公司 Model encryption method, model decryption method, computer and integrated chip

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101295342A (en) * 2008-01-24 2008-10-29 清华大学 Magnetic disk enciphering and recovery method based on single file system
CN103051963A (en) * 2012-11-30 2013-04-17 北京视博数字电视科技有限公司 Safety control method of digital television terminal equipment
CN103914658A (en) * 2013-01-05 2014-07-09 展讯通信(上海)有限公司 Safe starting method of terminal equipment, and terminal equipment
CN106503494A (en) * 2016-11-05 2017-03-15 福建省北峰电讯科技有限公司 A kind of firmware protection location and guard method with flash memory microcontroller on piece
CN107294702A (en) * 2017-07-17 2017-10-24 四川长虹电器股份有限公司 Front-end code encryption method based on Hybrid APP unique characteristics
CN108762791A (en) * 2018-06-07 2018-11-06 深圳市元征科技股份有限公司 Firmware upgrade method and device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101295342A (en) * 2008-01-24 2008-10-29 清华大学 Magnetic disk enciphering and recovery method based on single file system
CN103051963A (en) * 2012-11-30 2013-04-17 北京视博数字电视科技有限公司 Safety control method of digital television terminal equipment
CN103914658A (en) * 2013-01-05 2014-07-09 展讯通信(上海)有限公司 Safe starting method of terminal equipment, and terminal equipment
CN106503494A (en) * 2016-11-05 2017-03-15 福建省北峰电讯科技有限公司 A kind of firmware protection location and guard method with flash memory microcontroller on piece
CN107294702A (en) * 2017-07-17 2017-10-24 四川长虹电器股份有限公司 Front-end code encryption method based on Hybrid APP unique characteristics
CN108762791A (en) * 2018-06-07 2018-11-06 深圳市元征科技股份有限公司 Firmware upgrade method and device

Also Published As

Publication number Publication date
CN110008724A (en) 2019-07-12

Similar Documents

Publication Publication Date Title
US9043610B2 (en) Systems and methods for data security
US7499552B2 (en) Cipher method and system for verifying a decryption of an encrypted user data key
US8995653B2 (en) Generating a secret key from an asymmetric private key
CN110490008B (en) Security device and security chip
KR101216995B1 (en) A code encryption and decryption device against reverse engineering based on indexed table and the method thereof
US20150242332A1 (en) Self-encrypting flash drive
CN110929291A (en) Method and device for accessing text file and computer readable storage medium
US7841014B2 (en) Confidential information processing method, confidential information processor, and content data playback system
US20120096280A1 (en) Secured storage device with two-stage symmetric-key algorithm
CN103914662A (en) Access control method and device of file encrypting system on the basis of partitions
CN101887713B (en) Encryption method and device for font library
CN102831346A (en) Method and system for file protection
CN101770559A (en) Data protecting device and data protecting method
CN110008724B (en) Solid state hard disk controller safe loading method and device and storage medium
JP4684714B2 (en) File management system and program
CN112395627A (en) Encryption and decryption method, device and storage medium
KR101630462B1 (en) Apparatus and Method for Securing a Keyboard
US20210143978A1 (en) Method to secure a software code performing accesses to look-up tables
CN115694786A (en) Data encryption method and device based on national cryptographic algorithm and readable storage medium
CN109889372B (en) Method, device and equipment for acquiring configuration information and storage medium
CN113849829B (en) Method and device for realizing key destruction of password equipment
US20240356732A1 (en) Information processing system
JP2007158967A (en) Information processing apparatus, tamper resistant device, encryption processing method and computer program
KR102027815B1 (en) Pin-based file decryption method and apparatus for performing the same
CN116451185A (en) Application program protection method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant