CN110334486B

CN110334486B - Application program integrity checking method and device

Info

Publication number: CN110334486B
Application number: CN201910579896.6A
Authority: CN
Inventors: 刘晓波; 史家涛; 纪小娟; 徐龙增; 苗辰
Original assignee: Weichai Power Co Ltd
Current assignee: Weichai Power Co Ltd
Priority date: 2019-06-28
Filing date: 2019-06-28
Publication date: 2021-10-08
Anticipated expiration: 2039-06-28
Also published as: CN110334486A

Abstract

The embodiment of the invention provides an application program integrity checking method and equipment, wherein the method comprises the steps of carrying out integrity checking on a key program in an application program area where the application program to be checked is located to obtain a characteristic value of the key program; judging whether the key program is complete or not according to the characteristic value of the key program; and if the key program is complete, executing the application program to be verified. According to the embodiment of the invention, only important programs in the application programs can be verified, the verification time is shortened, the ECU is quickly started, the response speed of the user input instruction is increased, and the user experience is further improved.

Description

Application program integrity checking method and device

Technical Field

The embodiment of the invention relates to the technical field of program verification, in particular to a method and equipment for verifying integrity of an application program.

Background

When an Electronic Control Unit (ECU) is powered on, BootLoader is executed first, and then an application program is skipped. In order to ensure safe and reliable operation of the application program in the ECU, it is necessary to perform integrity check on the program in the ECU before jumping to the application program.

In the prior art, the integrity of the ECU program is generally checked in a BootLoader, and the integrity of the application program is determined by judging whether a characteristic value of the program area is consistent with a preset characteristic value.

However, the verification time of the above verification method varies with the size of the whole program area, and if the program area is large, the problem of long verification time occurs, so that the ECU cannot respond to the user command in time when being powered on.

Disclosure of Invention

The embodiment of the invention provides an application program integrity checking method and device, which are used for improving the response speed of an ECU (electronic control Unit) during power-on and improving the user experience

In a first aspect, an embodiment of the present invention provides an application integrity checking method, including:

carrying out integrity verification on a key program in an application program area where an application program to be verified is located to obtain a characteristic value of the key program;

judging whether the key program is complete or not according to the characteristic value of the key program;

and if the key program is complete, executing the application program to be verified.

In one possible design, the critical program includes first code that verifies the application area; if the key program is complete, after the application program to be verified is executed, the method further includes:

in the periodic scheduling task of the application program to be verified, performing integrity verification on the application program to be verified according to the first code to obtain a characteristic value of the application program to be verified;

judging whether the application program to be verified is complete or not according to the characteristic value of the application program to be verified;

and if the application program to be verified is incomplete, resetting the electronic control unit ECU.

In a possible design, the performing integrity check on the application program to be checked according to the first code in the periodic scheduling task of the application program to be checked to obtain the characteristic value of the application program to be checked includes:

and in the periodic scheduling task of the application program to be verified, performing integrity verification on the application program to be verified according to the first code through segmentation processing.

In a possible design, the obtaining a characteristic value of the application program to be verified by performing, by segmentation processing and according to the first code, integrity verification on the application program to be verified in the periodic scheduling task of the application program to be verified includes:

dividing the program to be verified into a plurality of sections of subprograms according to a preset rule;

in a first period in the periodic scheduling task of the application program to be verified, verifying a first subprogram in the plurality of sections of subprograms according to the first code to obtain a first characteristic value;

in a second period of the periodic scheduling task of the application program to be verified, verifying a second subprogram in the plurality of sections of subprograms according to the first code and the first characteristic value to obtain a second characteristic value;

in a third period in the periodic scheduling task of the application program to be verified, verifying a third subprogram in the multiple subprograms according to the first code and the second characteristic value to obtain a third characteristic value;

and repeating the steps until the plurality of sub programs are verified, and obtaining the characteristic value of the application program to be verified.

In a possible design, after determining whether the application to be verified is complete according to the feature value of the application to be verified, the method further includes:

and if the application program to be verified is complete, continuing to execute the application program to be verified.

In one possible design, before performing integrity check on the critical program in the application program area where the application program to be checked is located, the method further includes:

judging whether a flash instruction exists when the bootstrap program is executed;

and if the flash instruction does not exist, performing integrity check on the key program in the application program area where the application program to be checked is located.

In one possible design, the determining whether the critical program is complete according to the feature value of the critical program includes:

judging whether the characteristic value of the key program area is consistent with a preset characteristic value or not;

and if the characteristic value of the key program area is consistent with a preset characteristic value, the key program is complete.

In a second aspect, an embodiment of the present invention provides an application integrity checking device, including:

the first verification module is used for verifying the integrity of a key program in an application program area where the application program to be verified is located to obtain a characteristic value of the key program; the key program comprises a first code for checking the application program area;

the first judgment module is used for judging whether the key program is complete or not according to the characteristic value of the key program;

and the first execution module is used for executing the application program to be verified if the key program is complete.

In a third aspect, an embodiment of the present invention provides an application integrity checking device, including: at least one processor and memory;

the memory stores computer-executable instructions;

the at least one processor executes computer-executable instructions stored by the memory to cause the at least one processor to perform the method as set forth in the first aspect above and in various possible designs of the first aspect.

In a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium, in which computer-executable instructions are stored, and when a processor executes the computer-executable instructions, the method according to the first aspect and various possible designs of the first aspect are implemented.

According to the method and the device for verifying the integrity of the application program, the integrity of the key program in the application program area of the application program to be verified is verified to obtain the characteristic value of the key program; judging whether the key program is complete or not according to the characteristic value of the key program; and if the key program is complete, executing the application program to be verified. The method can only verify important programs in the application programs, shorten the verification time, and enable the ECU to be quickly started so as to improve the response speed of the user input instruction and further improve the user experience.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.

FIG. 1 is a schematic view of a partition of an ECU storage area provided in an embodiment of the present invention;

fig. 2 is a flowchart illustrating an application integrity checking method according to another embodiment of the present invention;

fig. 3 is a flowchart illustrating an application integrity checking method according to another embodiment of the present invention;

fig. 4 is a flowchart illustrating an application integrity checking method according to another embodiment of the present invention;

fig. 5 is a schematic structural diagram of an application integrity check device according to yet another embodiment of the present invention;

fig. 6 is a schematic structural diagram of an application integrity check device according to yet another embodiment of the present invention;

fig. 7 is a schematic diagram of a hardware structure of an application integrity check device according to yet another embodiment of the present invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

Fig. 1 is a schematic view of a partition of an ECU storage area according to an embodiment of the present invention. As shown in fig. 1, the ECU storage area includes at least a boot program (Bootloader) area, an application program area, and a checksum storage area. When the ECU is powered on, a Bootloader program stored in a Bootloader program area is executed to initialize hardware equipment, a memory space mapping chart is established, so that the software and hardware environment of the system is brought to a proper state, a correct environment is prepared for finally calling the application program, and then the application program stored in the application program area is executed. In order to ensure the security of the application program, before the application program is executed, integrity check is performed on the application program to detect whether the application program is wrong or tampered by people. The verification process may be executed by a terminal device, for example, a processor of the ECU itself, or may be executed by a background server, which is not limited in this application.

In the specific implementation process, after the Bootloader is executed, the terminal device or the server performs checksum calculation on the application program in the application program area to obtain a checksum of the application program, compares the calculated checksum with a pre-stored checksum stored in a checksum storage area, and if the checksum is consistent with the pre-stored checksum, the application program is complete, and then the application program is executed. If the difference is not consistent, the application program cannot be executed, and operations such as refreshing the application program are required.

It can be seen that the time at which the ECU is powered up includes the time at which the checksum of the application area application is calculated. The speed of the ECU powering on to respond to the user command is related to the time for calculating the checksum, that is, if the application program in the application program area is large, the calculation of the checksum takes a long time, so that the ECU cannot respond to the user command in time when being powered on. Based on this, the embodiment of the invention provides an application program integrity checking method, so as to improve the efficiency of application program integrity checking and shorten the response time of an ECU (electronic control Unit) to a user command when the ECU is powered on.

The technical solution of the present invention will be described in detail below with specific examples. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments.

Fig. 2 is a flowchart illustrating an application integrity checking method according to another embodiment of the present invention. As shown in fig. 2, the method includes:

201. and carrying out integrity verification on the key program in the application program area where the application program to be verified is located to obtain the characteristic value of the key program.

In practical applications, the execution subject of the embodiment may be a terminal device or a server, and the terminal device may be any kind of ECU, such as an engine ECU, a hydraulic ECU, and the like.

In this embodiment, the key program is a part of the application programs in the application program area. Is a program for performing the basic functions of the ECU. All programs except the critical program in the application program are non-critical programs, and the non-critical programs are programs for completing additional functions of the ECU. For example, for the engine ECU, the critical program at least includes an engine start program, and the non-critical program may be a program for collecting signals such as an air conditioner switch and an ambient temperature. For the hydraulic ECU in the bulldozer or the excavator, the key programs at least include programs for controlling basic functions such as forward movement, backward movement, and grab movement, and the non-key programs may be programs for controlling additional functions such as seat adjustment.

202. And judging whether the key program is complete or not according to the characteristic value of the key program.

Alternatively, the characteristic value may be a signature or a checksum. Obtaining the characteristic value may be accomplished by a variety of algorithms. For example, a CRC algorithm, a hash algorithm, or an MD5 algorithm may be used, which is not limited in this application.

Specifically, whether the characteristic value of the key program area is consistent with a preset characteristic value is judged.

It can be understood that the algorithm for performing integrity check to obtain the characteristic value needs to be consistent with the algorithm for obtaining the preset characteristic value, so that correct comparison can be performed.

203. And if the key program is complete, executing the application program to be verified.

In practical application, if the key program is detected to be complete, the ECU can control the corresponding hardware equipment to complete the basic function. So that the application program can be executed. For example, the engine may execute a normal start strategy, and the hydraulics may take basic actions such as forward and reverse.

In the method for verifying the integrity of the application program provided by this embodiment, the integrity of the key program in the application program area where the application program to be verified is located is verified to obtain the characteristic value of the key program; judging whether the key program is complete or not according to the characteristic value of the key program; and if the key program is complete, executing the application program to be verified. The method can only verify important programs in the application programs, shorten the verification time, and enable the ECU to be quickly started so as to improve the response speed of the user input instruction and further improve the user experience.

It is considered that even though the additional functionality controlled by non-critical programs in an application is less important, if there is a problem with the non-critical program, it will still have some impact. Fig. 3 is a flowchart illustrating an application integrity checking method according to another embodiment of the present invention. On the basis of the above embodiments, the present embodiment describes in detail the verification of the non-critical program. As shown in fig. 3, the method includes:

301. and carrying out integrity verification on the key program in the application program area where the application program to be verified is located to obtain the characteristic value of the key program.

302. And judging whether the key program is complete or not according to the characteristic value of the key program.

303. And if the key program is complete, executing the application program to be verified.

Steps 301 to 303 in this embodiment are similar to steps 201 to 203 in the above embodiment, and are not described again here.

304. The key program comprises a first code for checking the application program area; and in the periodic scheduling task of the application program to be verified, carrying out integrity verification on the application program to be verified according to the first code to obtain a characteristic value of the application program to be verified.

In this embodiment, the periodic scheduling task refers to a task that the ECU performs signal acquisition or signal processing periodically after initialization. Taking an engine ECU as an example, after the engine is started, the opening degree of an accelerator pedal can be acquired in a period of 10ms, the oil distribution amount can be controlled in a period of 10ms, the oil distribution parameters can be corrected, and the switching value of a fault lamp can be acquired in a period of 100 ms.

In practical application, when checking the key program, it is necessary to perform integrity check on an algorithm code used for further integrity check in the periodic scheduling task of the application program to be checked, that is, to check the first code. To ensure the accuracy of further checks in the periodic scheduling task.

Considering that the period of the periodic scheduling task is relatively short, the application program to be verified can be segmented, and a section of code is verified in each period.

In a specific implementation manner, the performing, by segmentation processing and according to the first code, integrity check on the application program to be checked in the periodic scheduling task of the application program to be checked may include:

3041. and dividing the program to be verified into a plurality of sections of subprograms according to a preset rule.

Specifically, the program to be verified may be divided according to a preset length, for example, the program to be verified is divided into 16K size.

3042. And in a first period in the periodic scheduling task of the application program to be verified, verifying a first subprogram in the plurality of sections of subprograms according to the first code to obtain a first characteristic value.

3043. And in a second period of the periodic scheduling task of the application program to be verified, verifying a second subprogram in the plurality of sections of subprograms according to the first code and the first characteristic value to obtain a second characteristic value.

3044. And in a third period in the periodic scheduling task of the application program to be verified, verifying a third subprogram in the plurality of sections of subprograms according to the first code and the second characteristic value to obtain a third characteristic value.

3045. And repeating the steps until the plurality of sub programs are verified, and obtaining the characteristic value of the application program to be verified.

In another specific implementation manner, the performing, by segmentation processing and according to the first code, integrity check on the application program to be checked in the periodic scheduling task of the application program to be checked may include:

3046. and dividing the program to be verified into a plurality of sections of subprograms according to a preset rule.

3047. And in a first period in the periodic scheduling task of the application program to be verified, verifying a first subprogram in the plurality of sections of subprograms according to the first code to obtain a first characteristic value.

3048. And in a second period of the periodic scheduling task of the application program to be verified, verifying a second subprogram in the plurality of sections of subprograms according to the first code to obtain a second characteristic value.

3049. And repeating the steps until the plurality of sub programs are verified, obtaining a plurality of characteristic values of the application program to be verified, and calculating the characteristic value of the application program to be verified according to the plurality of characteristic values.

305. And judging whether the application program to be verified is complete or not according to the characteristic value of the application program to be verified.

Alternatively, the characteristic value may be a signature or a checksum. Obtaining the characteristic value may be accomplished by a variety of algorithms. For example, a CRC algorithm, a hash algorithm, or an MD5 algorithm may be used, but the present application is not limited thereto.

Specifically, whether the characteristic value of the application program to be verified is consistent with a preset characteristic value is judged.

And if the characteristic value of the application program to be verified is consistent with a preset characteristic value, the key program is complete.

306. And if the application program to be verified is incomplete, resetting the electronic control unit ECU.

307. And if the application program to be verified is complete, continuing to execute the application program to be verified.

According to the application program integrity checking method provided by the embodiment, the integrity of the application program to be checked is checked in the periodic task scheduling, so that the integrity and the safety of the whole application program can be ensured.

In consideration of the fact that the application program needs to be refreshed after upgrading or failing, fig. 4 is a flowchart illustrating an application program integrity checking method according to another embodiment of the present invention. On the basis of the above-described embodiment, for example, on the basis of the embodiment shown in fig. 1, the present embodiment monitors a refresh command, and as shown in fig. 4, the method includes:

401. and judging whether a flash instruction exists when the bootstrap program is executed.

402. If the flash instruction does not exist, carrying out integrity verification on the key program in the application program area where the application program to be verified is located to obtain a characteristic value of the key program; the critical program includes a first code that verifies the application area.

403. And judging whether the key program is complete or not according to the characteristic value of the key program.

404. And if the key program is complete, executing the application program to be verified.

405. If the key program is not complete, the method stays in the Bootloader.

Steps 402 to 403 in this embodiment are similar to

steps

201 and 203 in the above embodiment, and are not described again here.

In practical application, if the application program needs to be upgraded, a flash instruction can be input to flash the application program. After the Bootloader is executed, monitoring the flashing instruction before checking the application program, and if the flashing instruction exists, the integrity check and the subsequent application program execution operation are not needed. And directly performing application program flashing operation.

According to the application program integrity checking method provided by the embodiment, the flash instruction is monitored, so that the process can be simplified, and unnecessary checking time is reduced.

Fig. 5 is a schematic structural diagram of an application integrity check device according to yet another embodiment of the present invention. As shown in fig. 5, the application integrity check device 50 includes: a first checking module 501, a first judging module 502 and a first executing module 503.

A first verification module 501, configured to perform integrity verification on a key program in an application program area where an application program to be verified is located, to obtain a feature value of the key program; the key program comprises a first code for checking the application program area;

a first determining module 502, configured to determine whether the key program is complete according to the feature value of the key program;

a first executing module 503, configured to execute the application to be verified if the key program is complete.

In the application integrity verification device provided in the embodiment of the present invention, the first verification module 501 obtains a characteristic value of a key program by performing integrity verification on the key program in an application area where the application to be verified is located; the key program comprises a first code for checking the application program area; a first judging module 502, configured to judge whether the key program is complete according to the feature value of the key program; the first execution module 503 executes the application to be verified when the critical program is complete. The checking time can be shortened, the ECU can be started quickly, the response speed of the user input instruction is improved, and the user experience is further improved.

Fig. 6 is a schematic structural diagram of an application integrity check device according to yet another embodiment of the present invention. As shown in fig. 6, the application integrity check device 50 further includes: a second checking module 504 and a second judging module 505.

Optionally, the apparatus further comprises:

a second checking module 504, configured to perform integrity checking on the application program to be checked according to the first code in a periodic scheduling task of the application program to be checked, so as to obtain a characteristic value of the application program to be checked;

Optionally, the second check module 504 is specifically configured to:

Optionally, the apparatus further comprises:

a second determining module 505, configured to determine whether a flash instruction exists when the bootstrap program is executed;

the first verification module 501 is specifically configured to, if there is no flash instruction, perform integrity verification on a key program in an application program area where an application program to be verified is located.

Optionally, the first determining module 502 is specifically configured to:

The application integrity checking device provided by the embodiment of the present invention may be used to execute the method embodiments described above, and the implementation principle and technical effect are similar, which are not described herein again.

Fig. 7 is a schematic diagram of a hardware structure of an application integrity check device according to yet another embodiment of the present invention. As shown in fig. 7, the application integrity check device 70 provided in this embodiment includes: at least one processor 701 and a memory 702. The processor 701 and the memory 702 are connected by a bus 703.

In a specific implementation process, the at least one processor 701 executes the computer-executable instructions stored in the memory 702, so that the at least one processor 701 executes the application integrity check method executed by the application integrity check device 70 as described above.

For a specific implementation process of the processor 701, reference may be made to the above method embodiments, which implement principles and technical effects similar to each other, and details of this embodiment are not described herein again.

In the embodiment shown in fig. 7, it should be understood that the Processor may be a Central Processing Unit (CPU), other general purpose processors, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the present invention may be embodied directly in a hardware processor, or in a combination of the hardware and software modules within the processor.

The memory may comprise high speed RAM memory and may also include non-volatile storage NVM, such as at least one disk memory.

The bus may be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, an Extended ISA (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, the buses in the figures of the present application are not limited to only one bus or one type of bus.

The application also provides a computer-readable storage medium, in which computer-executable instructions are stored, and when a processor executes the computer-executable instructions, the application integrity checking method executed by the application integrity checking device is implemented.

The computer-readable storage medium may be implemented by any type of volatile or non-volatile memory device or combination thereof, such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disk. Readable storage media can be any available media that can be accessed by a general purpose or special purpose computer.

An exemplary readable storage medium is coupled to the processor such the processor can read information from, and write information to, the readable storage medium. Of course, the readable storage medium may also be an integral part of the processor. The processor and the readable storage medium may reside in an Application Specific Integrated Circuits (ASIC). Of course, the processor and the readable storage medium may also reside as discrete components in the apparatus.

Those of ordinary skill in the art will understand that: all or a portion of the steps of implementing the above-described method embodiments may be performed by hardware associated with program instructions. The program may be stored in a computer-readable storage medium. When executed, the program performs steps comprising the method embodiments described above; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.

Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.

Claims

1. An application program integrity checking method, comprising:

carrying out integrity verification on a key program in an application program area where an application program to be verified is located to obtain a characteristic value of the key program, wherein the key program is a program used for completing basic functions of an ECU (electronic control unit);

if the key program is complete, executing the application program to be verified;

the key program comprises a first code for checking the application program area; if the key program is complete, after the application program to be verified is executed, the method further includes:

2. The method according to claim 1, wherein the performing integrity check on the application program to be checked according to the first code in the periodic scheduling task of the application program to be checked to obtain the characteristic value of the application program to be checked includes:

3. The method according to claim 2, wherein the obtaining the characteristic value of the application program to be verified by performing integrity verification on the application program to be verified according to the first code through segmentation processing in the periodic scheduling task of the application program to be verified comprises:

dividing the application program to be verified into a plurality of sections of subprograms according to a preset rule;

4. The method according to claim 1, wherein after determining whether the application to be verified is complete according to the characteristic value of the application to be verified, the method further comprises:

5. The method according to any one of claims 1 to 4, wherein before performing integrity check on the critical program in the application program area where the application program to be checked is located, the method further comprises:

6. The method according to any one of claims 1-4, wherein said determining whether the critical program is complete according to the eigenvalues of the critical program comprises:

if the characteristic value of the key program area is consistent with the preset characteristic value, the method

The key procedure is complete.

7. An application integrity checking device, comprising:

the system comprises a first checking module, a second checking module and a third checking module, wherein the first checking module is used for checking the integrity of a key program in an application program area where an application program to be checked is located to obtain a characteristic value of the key program, and the key program is used for completing the basic functions of an ECU (electronic control unit);

the key program comprises a first code for checking the application program area;

the first execution module is used for executing the application program to be verified if the key program is complete;

the second checking module is used for carrying out integrity checking on the application program to be checked according to the first code in the periodic scheduling task of the application program to be checked to obtain a characteristic value of the application program to be checked;

8. An application integrity checking device, comprising: at least one processor and memory;

the memory stores computer-executable instructions;

the at least one processor executing the memory-stored computer-executable instructions cause the at least one processor to perform the application integrity checking method of any of claims 1 to 6.

9. A computer-readable storage medium having stored thereon computer-executable instructions which, when executed by a processor, implement the application integrity checking method of any one of claims 1 to 6.