CN110162317B - Singlechip structure and method for improving upgrading safety of singlechip firmware - Google Patents

Singlechip structure and method for improving upgrading safety of singlechip firmware Download PDF

Info

Publication number
CN110162317B
CN110162317B CN201910263179.2A CN201910263179A CN110162317B CN 110162317 B CN110162317 B CN 110162317B CN 201910263179 A CN201910263179 A CN 201910263179A CN 110162317 B CN110162317 B CN 110162317B
Authority
CN
China
Prior art keywords
firmware
secret key
decryption
upgrading
chip microcomputer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910263179.2A
Other languages
Chinese (zh)
Other versions
CN110162317A (en
Inventor
史明星
殷剑
张建
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou Mobi Inton Intelligent System Co ltd
Original Assignee
Suzhou Mobi Inton Intelligent System Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Suzhou Mobi Inton Intelligent System Co ltd filed Critical Suzhou Mobi Inton Intelligent System Co ltd
Priority to CN201910263179.2A priority Critical patent/CN110162317B/en
Publication of CN110162317A publication Critical patent/CN110162317A/en
Application granted granted Critical
Publication of CN110162317B publication Critical patent/CN110162317B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/4401Bootstrapping

Abstract

The invention provides a singlechip structure for improving the upgrading safety of singlechip firmware, which comprises an RAM unit for temporarily storing data and a ROM unit for finishing firmware upgrading, wherein the ROM unit comprises a guide area containing decryption and encryption algorithms and an application area for upgrading the firmware. The invention also provides a method for improving the upgrading safety of the firmware of the single chip microcomputer, which comprises the steps of importing, authenticating, decrypting and loading. The invention solidifies a section of bootstrap program containing decryption and encryption algorithm in the ROM bottom layer subarea, and matches with the encrypted firmware upgrade package, thereby protecting the security of firmware intellectual property while avoiding the error upgrade of users.

Description

Singlechip structure and method for improving upgrading safety of singlechip firmware
Technical Field
The invention relates to the technical field of single-chip microcomputers, in particular to a single-chip microcomputer structure and a method for improving the upgrading safety of firmware of a single-chip microcomputer.
Background
The existing chip firmware upgrading methods mainly include two methods, one is firmware upgrading carried by a chip, the other is firmware partitioning, a section of boot program code is solidified, and new firmware is loaded into a ROM through the boot program.
The first method has transparent upgrading flow and instructions, the chip firmware is easy to be maliciously tampered, a user can easily update the firmware which is not suitable for the product into the chip in error, and meanwhile, the user can burn any product of the same chip after obtaining a firmware upgrading package, so that the protection of intellectual property is not facilitated.
The second method can effectively avoid the wrong firmware upgrade package from being updated into the chip through the personalized bootstrap program, but after the customer obtains the upgrade package, the upgrade package manufacturer is also exposed to the risk of being cracked and intellectual property damage.
Disclosure of Invention
The invention aims to solve the defects in the prior art and provides a singlechip structure and a method for improving the upgrading safety of singlechip firmware.
In order to achieve the above object, the present invention provides a monolithic computer structure for improving the firmware upgrade security of monolithic computer, including a RAM unit for temporarily storing data and a ROM unit for completing the firmware upgrade, where the ROM unit includes a boot area including decryption and encryption algorithms and an application area for performing the firmware upgrade.
Preferably, the application area includes a plurality of application partitions.
The invention also provides a method for improving the upgrading safety of the firmware of the singlechip, which comprises the following steps:
s1, leading an encrypted firmware upgrade package into a single chip microcomputer with the single chip microcomputer structure, wherein the front section of the firmware upgrade package comprises a secret key;
s2, after the secret key is loaded into the RAM unit, the boot area authenticates the secret key;
s3, when the secret key passes the authentication, the boot area decrypts the content behind the secret key in the firmware upgrade package by using a decryption algorithm agreed by the secret key;
and S4, after the decryption is finished, loading the plaintext obtained by the decryption to the application area by the guide area until the loading is finished.
Preferably, the application area includes a plurality of application partitions, and the boot area loads the plaintext obtained by decryption to the corresponding application partition in step S4.
Preferably, the plaintext obtained by decryption in step S3 is temporarily stored in the RAM unit.
Compared with the prior art, the invention has the beneficial effects that: a section of bootstrap program containing decryption and encryption algorithms is solidified in a ROM bottom layer subarea, and an encrypted firmware upgrading package is matched, so that the safety of firmware intellectual property rights is protected while wrong upgrading of a user is avoided.
Drawings
Fig. 1 is a schematic structural diagram of a single chip microcomputer structure for improving upgrading security of firmware of the single chip microcomputer according to an embodiment of the present invention.
Detailed Description
In order to further understand the objects, structures, features, and functions of the present invention, the following embodiments are described in detail.
Referring to fig. 1, the present invention provides a single chip microcomputer structure for improving the security of firmware upgrade of a single chip microcomputer, including a RAM unit 1 for temporarily storing data and a ROM unit 2 for completing firmware upgrade, where the ROM unit 2 includes a boot area 21 containing decryption and encryption algorithms and an application area 22 for performing firmware upgrade.
Preferably, the application area 22 includes a plurality of application partitions to effectively differentiate between application functions while facilitating firmware upgrades.
The invention also provides a method for improving the upgrading safety of the firmware of the singlechip, which comprises the following steps:
s1, importing an encrypted firmware upgrade package into a single chip microcomputer with the single chip microcomputer structure, wherein the front section of the firmware upgrade package comprises a secret key;
s2, after the secret key is loaded into the RAM unit, the secret key is authenticated by the boot sector;
s3, when the secret key passes the authentication, the boot area decrypts the content behind the secret key in the firmware upgrade package by using a decryption algorithm agreed by the secret key;
and S4, after the decryption is finished, the guide area loads the plaintext obtained through the decryption to the application area until the loading is finished.
Preferably, the application area includes a plurality of application partitions, and the boot area loads the plaintext obtained by decryption to the corresponding application partition in step S4.
Preferably, the plaintext obtained by decryption in step S3 is temporarily stored in a RAM unit.
In the invention, a section of bootstrap program containing decryption and encryption algorithms is solidified in the bottom layer of the ROM in a subarea manner, and the encrypted firmware upgrade package is matched, so that the security of the intellectual property of the firmware is protected while the error upgrade of a user is avoided.
The present invention has been described in relation to the above embodiments, which are only exemplary of the implementation of the present invention. It should be noted that the disclosed embodiments do not limit the scope of the invention. Rather, it is intended that all such modifications and variations be included within the spirit and scope of this invention.

Claims (5)

1. A single chip microcomputer structure for improving the firmware upgrading safety of a single chip microcomputer is characterized by comprising an RAM unit for temporarily storing data and an ROM unit for finishing firmware upgrading, wherein the ROM unit comprises a guide area containing decryption and encryption algorithms and an application area for firmware upgrading, the RAM unit is used for loading a secret key of an encrypted firmware upgrading package, the guide area authenticates the secret key loaded by the RAM unit, when the authentication is passed, the guide area decrypts the firmware upgrading package by using a decryption algorithm agreed by the secret key, and after the decryption is finished, the guide area loads a plaintext obtained by the decryption into the application area.
2. The monolithic processor architecture for improving firmware upgrade security of the monolithic processor as claimed in claim 1, wherein said application area comprises a plurality of application partitions.
3. A method for improving the upgrading safety of a firmware of a single chip microcomputer is characterized by comprising the following steps:
s1, importing an encrypted firmware upgrade package into a single chip microcomputer with a single chip microcomputer structure according to claim 1 or 2, wherein the front section of the firmware upgrade package comprises a secret key;
s2, after the secret key is loaded to the RAM unit, the boot area authenticates the secret key;
s3, when the secret key passes the authentication, the guide area decrypts the content behind the secret key in the firmware upgrading package by using a decryption algorithm agreed by the secret key;
and S4, after the decryption is finished, the guide area loads the plaintext obtained by the decryption to the application area until the loading is finished.
4. The method as claimed in claim 3, wherein the application area includes a plurality of application partitions, and the boot area loads the decrypted plaintext into the corresponding application partition in step S4.
5. The method for improving the upgrading security of the firmware of the single chip microcomputer according to claim 3, wherein the plaintext obtained by decryption in the step S3 is temporarily stored in an RAM unit.
CN201910263179.2A 2019-04-02 2019-04-02 Singlechip structure and method for improving upgrading safety of singlechip firmware Active CN110162317B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910263179.2A CN110162317B (en) 2019-04-02 2019-04-02 Singlechip structure and method for improving upgrading safety of singlechip firmware

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910263179.2A CN110162317B (en) 2019-04-02 2019-04-02 Singlechip structure and method for improving upgrading safety of singlechip firmware

Publications (2)

Publication Number Publication Date
CN110162317A CN110162317A (en) 2019-08-23
CN110162317B true CN110162317B (en) 2022-11-18

Family

ID=67638836

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910263179.2A Active CN110162317B (en) 2019-04-02 2019-04-02 Singlechip structure and method for improving upgrading safety of singlechip firmware

Country Status (1)

Country Link
CN (1) CN110162317B (en)

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6442067B1 (en) * 2000-05-23 2002-08-27 Compaq Information Technologies Group, L.P. Recovery ROM for array controllers
CN102201044A (en) * 2011-04-08 2011-09-28 山东华芯半导体有限公司 Universal serial bus (USB) security key
CN102611555A (en) * 2011-01-17 2012-07-25 株式会社理光 Data processing apparatus
CN102802036A (en) * 2012-07-26 2012-11-28 深圳创维-Rgb电子有限公司 System and method for identifying digital television
CN103279372A (en) * 2013-05-23 2013-09-04 青岛海信宽带多媒体技术有限公司 Set top box software upgrading method and set top box
CN104573528A (en) * 2014-12-31 2015-04-29 湖南国科微电子有限公司 Copy-prevented Soc starting method and chip thereof
CN105184196A (en) * 2015-09-02 2015-12-23 四川九洲电器集团有限责任公司 Electronic system information security protection system and method
CN106776133A (en) * 2016-12-09 2017-05-31 浪潮电子信息产业股份有限公司 A kind of system and method for operating system recovery
CN107908942A (en) * 2017-11-30 2018-04-13 北京集创北方科技股份有限公司 Electronic equipment, display system, integrated control device and biological characteristic verification method
CN108196867A (en) * 2018-03-08 2018-06-22 深圳市文鼎创数据科技有限公司 Device for upgrading firmware, equipment and its firmware upgrade method of equipment
CN108287999A (en) * 2017-01-10 2018-07-17 厦门雅迅网络股份有限公司 A kind of startup method that system based on TrustZone is credible
CN109343873A (en) * 2018-08-28 2019-02-15 九阳股份有限公司 A kind of intelligent appliance remote upgrade control method
CN109543435A (en) * 2018-11-29 2019-03-29 郑州云海信息技术有限公司 A kind of FPGA encryption protecting method, system and server

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4302113B2 (en) * 2006-03-24 2009-07-22 三菱電機株式会社 In-vehicle control device
US10481900B2 (en) * 2016-04-11 2019-11-19 Endress+Hauser Conducta Gmbh+Co. Kg Method for updating a firmware component and device of measurement and control technology

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6442067B1 (en) * 2000-05-23 2002-08-27 Compaq Information Technologies Group, L.P. Recovery ROM for array controllers
CN102611555A (en) * 2011-01-17 2012-07-25 株式会社理光 Data processing apparatus
CN102201044A (en) * 2011-04-08 2011-09-28 山东华芯半导体有限公司 Universal serial bus (USB) security key
CN102802036A (en) * 2012-07-26 2012-11-28 深圳创维-Rgb电子有限公司 System and method for identifying digital television
CN103279372A (en) * 2013-05-23 2013-09-04 青岛海信宽带多媒体技术有限公司 Set top box software upgrading method and set top box
CN104573528A (en) * 2014-12-31 2015-04-29 湖南国科微电子有限公司 Copy-prevented Soc starting method and chip thereof
CN105184196A (en) * 2015-09-02 2015-12-23 四川九洲电器集团有限责任公司 Electronic system information security protection system and method
CN106776133A (en) * 2016-12-09 2017-05-31 浪潮电子信息产业股份有限公司 A kind of system and method for operating system recovery
CN108287999A (en) * 2017-01-10 2018-07-17 厦门雅迅网络股份有限公司 A kind of startup method that system based on TrustZone is credible
CN107908942A (en) * 2017-11-30 2018-04-13 北京集创北方科技股份有限公司 Electronic equipment, display system, integrated control device and biological characteristic verification method
CN108196867A (en) * 2018-03-08 2018-06-22 深圳市文鼎创数据科技有限公司 Device for upgrading firmware, equipment and its firmware upgrade method of equipment
CN109343873A (en) * 2018-08-28 2019-02-15 九阳股份有限公司 A kind of intelligent appliance remote upgrade control method
CN109543435A (en) * 2018-11-29 2019-03-29 郑州云海信息技术有限公司 A kind of FPGA encryption protecting method, system and server

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
LEO: Low Overhead Encryption GRAM for Non-Volatile Memories;Joydeep Rakshit 等;《IEEE COMPUTER ARCHITECTURE LETTERS》;20180118;第100-104页 *
基于闪存器的可下载固件方法(下);电子产品世界;《嵌入式系统》;20030331;全文 *

Also Published As

Publication number Publication date
CN110162317A (en) 2019-08-23

Similar Documents

Publication Publication Date Title
US9628277B2 (en) Methods, systems and apparatus to self authorize platform code
US8856553B2 (en) Managing self-encrypting drives in decentralized environments
JP5992457B2 (en) Protecting operating system configuration values
US8775784B2 (en) Secure boot up of a computer based on a hardware based root of trust
US8281115B2 (en) Security method using self-generated encryption key, and security apparatus using the same
CN104008342B (en) A kind of method that secure and trusted certification is realized by BIOS and kernel
US20130254906A1 (en) Hardware and Software Association and Authentication
US20060053302A1 (en) Information processing apparatus with security module
US20110246778A1 (en) Providing security mechanisms for virtual machine images
US8839451B1 (en) Activation and security of software
KR102030858B1 (en) Digital signing authority dependent platform secret
EP2051181A1 (en) Information terminal, security device, data protection method, and data protection program
KR20090034359A (en) Methods and systems for modifying an integrity measurement based on user authentication
CA2925733A1 (en) Encryption and decryption processing method, apparatus, and device
US11182469B2 (en) Application security authentication method, terminal and storage medium
US20080114685A1 (en) System and method for preventing unauthorized installation of a software program
CN104715208A (en) Platform integrity checking method based on TPM chip
US10192047B2 (en) Provisioning of identity information
US20170286665A1 (en) Devices and methods for facilitating software signing by more than one signing authority
CN110162317B (en) Singlechip structure and method for improving upgrading safety of singlechip firmware
CN115509587B (en) Firmware upgrading method and device, electronic equipment and computer readable storage medium
CN110674525A (en) Electronic equipment and file processing method thereof
TWI675340B (en) Application or driver verification method
CN105096184B (en) The method of smart television high security level payment
CN108667594B (en) Software program module integrity detection method based on PKI public key algorithm

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant