CN110363010A - A kind of safety startup of system method based on MPSoC chip - Google Patents
A kind of safety startup of system method based on MPSoC chip Download PDFInfo
- Publication number
- CN110363010A CN110363010A CN201910646023.2A CN201910646023A CN110363010A CN 110363010 A CN110363010 A CN 110363010A CN 201910646023 A CN201910646023 A CN 201910646023A CN 110363010 A CN110363010 A CN 110363010A
- Authority
- CN
- China
- Prior art keywords
- level
- bootstrap
- program
- chip
- stand
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Stored Programmes (AREA)
- Storage Device Security (AREA)
Abstract
This application discloses a kind of safety startup of system methods based on MPSoC chip, include: step 1, according to the globally unique identifier of System on Chip/SoC, two groups of public keys are generated using Encryption Algorithm, two groups of public key programmings are entered into System on Chip/SoC, and the electrically programmable fuse for the System on Chip/SoC that fuses;Step 2, according to two groups of public keys, primary bootstrap is encrypted and is packaged, be denoted as level-one bootstrap, and according to level-one bootstrap, generated and programming multistage directs the algorithm in system starting storage medium, wherein multistage bootstrap at least includes two-stage;Step 3, after embedded system powers on, according to globally unique identifier, using fault-tolerance processing method, multistage bootstrap is decrypted and is verified step by step, and pass through multistage one of bootstrap activation system image file and system image backup file.By the technical solution in the application, the safety of embedded system is improved, a possibility that system is copied by shovelling plate is greatly reduced.
Description
Technical field
This application involves the technical fields of embedded system, pacify in particular to a kind of system based on MPSoC chip
Full starting method.
Background technique
In existing embedded system, the bootstrap and system image file of system are stored in single Flash storage more
In unit, the data in Flash are maliciously read when opponent manufacturer, and realize shovelling plate, be just very easy to copy same specification and class
The product of type.
At the same time, the process of existing system start-up loading, there is no bootstrap and the system image texts to storage
Part carries out correctness verification, directly from the fixed address Flash bootload program and system image file when system starts,
And start operation.Can system correctly start, and depend entirely on and be stored in the complete of bootstrap and system image file in Flash
Whole property and correctness, if file content malfunctions in Flash, system starting process can not be jumped, and can directly result in starting failure.
When Flash accidentally erasing or storage medium occurs because (such as mechanical collision, pin loosening, power supply are excessively high for factor itself
Deng) failure, it will lead to storage content missing or value change that (data in Flash are stored in storage unit in a manner of bit, non-zero to be
1), cause the bootstrap loaded in system starting process or system image file incorrect, ultimately causing equipment cannot be normal
Starting.
In the industrial circle higher for system running environment stability requirement, commercial embedded system, equipment
Safety and stability is the key index of entire embedded system, and the prior art and can not to these key indexes provide can
The guarantee leaned on can both guarantee that system started therefore, it is necessary to combine back mechanism, take anti-plagiarism measure to system program
The stability and integrality of journey, and can guarantee the safety of system.
Summary of the invention
The purpose of the application is: the safety startup of system method based on MPSoC chip of complete set is designed, using more
The method of grade guidance verifying, while guaranteeing that programming file and system hardware (such as CPU, GPU, MCU) are bound, raising system is opened
Stability and integrality during dynamic.
The technical solution of the application first aspect is: a kind of safety startup of system method based on MPSoC chip is provided,
This method is suitable for the starting of embedded system, and embedded system includes System on Chip/SoC and system starting storage medium, and system opens
It is stored with system image file and system image backup file in dynamic storage medium, this method comprises:
Step 1, according to the globally unique identifier of System on Chip/SoC, two groups of public keys are generated using Encryption Algorithm, by two groups of public affairs
Key programming enters System on Chip/SoC, and the electrically programmable fuse for the System on Chip/SoC that fuses;
Step 2, according to two groups of public keys, primary bootstrap is encrypted and is packaged, be denoted as level-one bootstrap, and root
According to level-one bootstrap, generates and programming multistage directs the algorithm in system starting storage medium, wherein multistage directs the algorithm to
It less include two-stage;
Step 3, after embedded system powers on, multistage is guided using fault-tolerance processing method according to globally unique identifier
Program is decrypted and verifies step by step, and by multistage bootstrap activation system image file and system image backup file
One kind.
In any of the above-described technical solution, further, step 2 is specifically included: step 21, according to primary bootstrap and
Two groups of public keys generate and store first key and the second key using secure hash algorithm;Step 22, it is encrypted and is calculated using dark text
Method encrypts primary bootstrap according to two groups of public keys;Step 23, by first key, the second key and it is encrypted just
Grade bootstrap is packaged, and level-one bootstrap is denoted as.
In any of the above-described technical solution, further, dark text Encryption Algorithm include with operation or operation, add operation,
Inverse and or at least one of operation, shift operation.
In any of the above-described technical solution, further, multistage bootstrap includes two-stage bootstrap and corresponding draws
Lead stand-by program, wherein bootstrap includes level-one bootstrap and second level bootloader, and guidance stand-by program includes that level-one is drawn
Lead stand-by program and second level guidance stand-by program.
In any of the above-described technical solution, further, step 3 is specifically included: step 31, after embedded system powers on,
It reads starting information header file and hash calculating is carried out to level-one bootstrap according to globally unique identifier and first key;Step
Rapid 32, according to hash calculating as a result, using fault-tolerance processing method, level-one bootstrap is decrypted and first verifies, when
When determining that the first verification passes through, step 33 is executed, when the verification of judgement first does not pass through, 31 is re-execute the steps, level-one is drawn
It leads stand-by program and carries out hash calculating;Step 33, according to the second key, the second verification is carried out to level-one bootstrap, works as judgement
When second verification passes through, step 34 is executed, when the verification of judgement second does not pass through, 31 is re-execute the steps, level-one is guided standby
Part program carries out hash calculating;Step 34, third verification is carried out to second level bootloader, when determining second level bootloader by the
When three verifications, activation system image file obtains second level guidance backup when determining that second level bootloader is not verified by third
Program generates and sends system starting exception information, guides when getting second level when second level guidance stand-by program has not been obtained
When stand-by program, third verification is carried out to second level guidance stand-by program, is verified when judgement second level guidance stand-by program passes through third
When, activation system mirror backup file obtains next second level when determining that second level guidance stand-by program is not verified by third
Guide stand-by program.
In any of the above-described technical solution, further, it is 3 that level-one, which guides the backup quantity of stand-by program, second level guidance
The backup quantity of stand-by program is 2.
The technical solution of the application second aspect is: providing a kind of embedded system, includes system in embedded system
Chip and system start storage medium, are stored with startup program on system starting storage medium, when startup program is run, execute such as
The safety startup of system method based on MPSoC chip of any one of the application first aspect technical solution.
In any of the above-described technical solution, further, globally unique identifier, and system core are stored on System on Chip/SoC
On piece is provided with electrically programmable fuse.
The beneficial effect of the application is:
By the safe starting method of the application, using multistage guidance verifying, and the globally unique identifier of chip is combined,
Cryptographic check (certification) is carried out to level-one bootstrap itself, the risk of stored in clear is reduced, improves embedded system
Safety greatly reduces a possibility that system is copied by shovelling plate.
In conjunction with the multistage guidance in the application, increase system backup startup file, sets reasonable system starting path,
While improving security of system, the stability of embedded system is also improved, starts test, this Shen by million power down
Please in starting method can guarantee that embedded system is normal, stablizes starting.
Detailed description of the invention
The advantages of above-mentioned and/or additional aspect of the application, will become bright in combining description of the following accompanying drawings to embodiment
It shows and is readily appreciated that, in which:
Fig. 1 is the signal stream according to the safety startup of system method based on MPSoC chip of one embodiment of the application
Cheng Tu;
Fig. 2 is that verifying schematic flow diagram is guided according to the level-one of one embodiment of the application;
Fig. 3 is that verifying schematic flow diagram is guided according to the second level of one embodiment of the application;
Fig. 4 is to start path schematic diagram according to the embedded system of one embodiment of the application;
Fig. 5 is the schematic diagram according to the storage content of one embodiment of the application.
Specific embodiment
It is with reference to the accompanying drawing and specific real in order to be more clearly understood that the above objects, features, and advantages of the application
Mode is applied the application is further described in detail.It should be noted that in the absence of conflict, the implementation of the application
Feature in example and embodiment can be combined with each other.
In the following description, many details are elaborated in order to fully understand the application, still, the application may be used also
To be implemented using other than the one described here other modes, therefore, the protection scope of the application is not by described below
Specific embodiment limitation.
Embodiment one:
As shown in Figure 1, present embodiments providing a kind of safety startup of system method based on MPSoC chip, this method is suitable
For the starting of embedded system, embedded system includes System on Chip/SoC and system starting storage medium, and system starting storage is situated between
It is stored with system image file and system image backup file in matter, is stored with globally unique identifier, the party on System on Chip/SoC
Method includes:
Step 1, according to the globally unique identifier of System on Chip/SoC, two groups of public keys are generated using Encryption Algorithm, by two groups of public affairs
Key programming enters System on Chip/SoC, and the electrically programmable fuse for the System on Chip/SoC that fuses;
Specifically, in the present embodiment, using MPSoC chip as System on Chip/SoC, by the globally unique mark in System on Chip/SoC
Symbol GUID is known as default public key, which is 64 bytes, is calculated according to default public key (GUID) and Encryption Algorithm, such as Hash
Two groups of Hash data can be generated in method, are denoted as two groups of public keys, the two group key (Public stored as CPU in MPSoC chip
Key1 and Public Key2), this two groups of public keys are by the protection of electrically programmable fuse, the electrically programmable for the MPSoC chip that then fuses
Fuse, so that Public Key1 and the Public Key2 in deposit CPU can not be modified again.
Step 2, according to the two groups of public keys stored in System on Chip/SoC, primary bootstrap is encrypted and is packaged, is denoted as
Level-one bootstrap, and according to level-one bootstrap, it generates and programming multistage directs the algorithm in system starting storage medium,
In, multistage bootstrap at least includes two-stage;
Preferably, multistage bootstrap includes two-stage bootstrap and corresponding guidance stand-by program, wherein bootstrap
Including level-one bootstrap (FSBL) and second level bootloader (Uboot), guiding stand-by program includes level-one guidance stand-by program
Stand-by program is guided with second level.
Further, step 2 specifically includes:
Step 21, it according to primary bootstrap and two groups of public keys, using secure hash algorithm, generates and stores first key
With the second key, wherein primary bootstrap is for guiding MPSoC chip to start;
Specifically, using existing secure hash (SHA3) algorithm, according to the two of generation groups of public keys and primary bootstrap,
Two kinds of keys of SPK (Secondary Public Key) and PPK (Primary Public Key), both keys can be generated
It is 48 bytes.In the present embodiment, using PPK as first key, using SPK as the second key.
Step 22, primary bootstrap is encrypted according to two groups of public keys using dark text Encryption Algorithm;
Preferably, dark text Encryption Algorithm includes and operation or operation, add operation, inverse and or operation, displacement fortune
At least one of calculate.
Specifically, in order to improve the difficulty that program is plagiarized in the present embodiment, the primary bootstrap of plaintext version carries out
Encryption, that is, convert plaintext into dark text.Therefore, using dark text Encryption Algorithm, such as with operation or operation, add operation, non-fortune
Calculate, with or one of operation, shift operation or a variety of, using two groups of public keys of storage, primary bootstrap is encrypted,
Be converted to dark text.
The present embodiment provides a kind of dark text encryption method:
Firstly, two groups of public keys are carried out add operations, using obtained calculated result as encrypted code, wherein encrypted code is
64 bytes;
Then, using cycle calculations method, using the data of each in encrypted code, primary bootstrap is carried out by turn
Step-by-step and operation, are converted to dark text for primary bootstrap.
Step 23, first key PPK, the second key SPK and encrypted primary bootstrap are packaged, are denoted as one
Grade bootstrap.
Specifically, through the above technical solutions, using a part of GUID as storage to two groups of public keys of MPSoC chip,
Guarantee that the SPK value of each embedded device is different, FSBL (level-one bootstrap) file by encryption can be different, verify SPK
PPK key with FSBL (level-one bootstrap) file header also can be different, to realize complicated anti-shovelling plate function.
Above-mentioned technical proposal in through this embodiment, two groups of public keys and program (primary bootstrap) are packaged into level-one and draw
Program burn writing file is led, that is, completes the binding of level-one bootstrap, hardware chip GUID and default public key, three has arbitrary value not
Matching, system all can not normally start success.
Step 3, after embedded system powers on, multistage is guided using fault-tolerance processing method according to globally unique identifier
Program is decrypted and verifies (certification) step by step, and passes through multistage bootstrap activation system image file and system image backup
One of file.
Specifically, embedded system mainly includes two steps to verification (certification) process of level-one bootstrap:
1) PPK key value is used, to the starting information header file (Bootheader) and SPK of level-one bootstrap (FSBL)
Key itself verifies (certification);
2) SPK key value is used, the file content abstract decryption (inverse process of dark text encryption) to FSBL, reduction FSBL text
Part content just can enter the operation of level-one bootstrap after correct.
As shown in Figures 2 and 3, the present embodiment shows a kind of bootstrap method of calibration, and step 3 specifically includes:
Step 31, after embedded system powers on, starting information header file is read, it is close according to globally unique identifier and first
Key PPK carries out hash calculating to level-one bootstrap;
Step 32, according to hash calculate as a result, using fault-tolerance processing method, level-one bootstrap is decrypted and the
One verification (certification) executes step 33 when judgement first, which verifies (certification), to be passed through, and does not pass through when judgement first verifies (certification)
When, 31 are re-execute the steps, hash calculating is carried out to level-one guidance stand-by program;
Step 33, according to the second key SPK, the second verification (certification) is carried out to level-one bootstrap, when determining the second school
Test (certification) by when, execute step 34, when judgement second verify (certification) do not pass through when, 31 are re-execute the steps, to level-one
Guidance stand-by program carries out hash calculating;
Specifically, after system electrification, the cured ROM program of chip first loads GUID to memory, while inquiring FSBL (one
Grade bootstrap) starting information header file (protection head), judge whether the file of programming needs to authenticate, if it is desired, with regard to root
Two groups of public keys (key 1 and key 2) are generated using Encryption Algorithm, such as hash algorithm according to GUID, then carry out the hash meter of PPK
It calculates, carries out the first verification (certification), if passing through, show to start information header file and SPK is correct, then carry out the second verification and (recognize
Card), if passing through, show that level-one bootstrap itself is correct, and decrypt FSBL (level-one bootstrap) running paper, into two
Grade bootstrap, wherein first is verified as PPK verification, and second is verified as SPK verification.
During the verification of level-one bootstrap, if PPK verification, SPK verification do not pass through, new starting text is searched
Part, i.e. level-one guide stand-by program, re-start verification (PPK verification and SPK are verified) according to new level-one guidance stand-by program,
If not finding new level-one guidance stand-by program, prove that the embedded system cannot normally start.
The present embodiment starts in storage medium system and stores when being verified by the PPK verification of level-one bootstrap, SPK
The correctness of second level bootloader verified, by the MD5 code check of second level bootloader, to the system stored in chip
The correctness of image file and system image backup file is verified.
Step 34, third verification is carried out to second level bootloader, when determining that second level bootloader is verified by third, opened
Dynamic system image file obtains second level and guides stand-by program when determining that second level bootloader is not verified by third,
When second level guidance stand-by program has not been obtained, system starting exception information is generated and sent,
When getting second level guidance stand-by program, third verification is carried out to second level guidance stand-by program, when judgement second level
When stand-by program being guided to verify by third, activation system mirror backup file, when judgement second level guidance stand-by program does not pass through
When third verifies, next second level guidance stand-by program is obtained.
Specifically, in the present embodiment, backup journey is guided to second level bootloader (Uboot) or second level using MD5 code
Sequence is verified, and the correctness of system image file (Image.ub) is verified.Therefore, through this embodiment in fault-tolerant processing side
Method realizes the calling to system image file and system image backup file using the verifying of two-stage bootstrap, embedding to guarantee
Embedded system can stablize starting.
The present embodiment, using the signature key method of calibration of safety and (the system starting storage of multiple flash storages
Medium) in more parts of bootstrap of programming (level-one bootstrap, second level bootloader and corresponding backup), system image file,
Wherein, storing in a Flash is system default startup file, is stored as standby system in another flash storage;This
Embodiment loads level-one bootstrap by the ROM program of MPSoC chip, then verifies second level by level-one boot program loads
Bootstrap, after second level bootloader starting, load verification default system image file, and starting operation in memory;Load
It is added to abnormal fault-tolerant processing in the process: if the verification of level-one bootstrap is abnormal, starting from next level-one bootstrap;
If second level bootloader verification failure, loads the next second level bootloader of verification;If default system image file school
Error checking misses, then loads first backup image file of verification, unsuccessfully reloads second backup image file of verification.
Preferably, the backup quantity of level-one guidance stand-by program is 3, and it is 2 that second level, which guides the backup quantity of stand-by program,.
Embodiment two:
As shown in figure 4, a kind of implementation in embedded system starting path is present embodiments provided, in the embedded system
In the system starting storage medium of system default, stores a level-one bootstrap and corresponding 3 parts of level-ones guide stand-by program, one
Part second level bootloader and corresponding 2 parts of second levels guide stand-by program, while preserving (including 3 parts of four parts of system image files
System image backup file).
At the same time, the correctness verification function of load document is added in level-one bootstrap and second level bootloader
It can, it is ensured that the correctness of every level-one loading procedure file, to improve the stability of embedded system starting.
Under normal circumstances, the Booting sequence of system image file are as follows:
MPSoC chip powers on the Bootheader (starting information header file) of rear ROM program looks default starting medium, and
Start FSBL (level-one bootstrap), verification Uboot (second level bootloader) file is loaded by FSBL, (second level guides journey to Uboot
Sequence) start-up loading, verification default image file (system image file).That is path in Fig. 4 1. → 2. → 3.;
In abnormal cases, a kind of Booting sequence of system image backup file are as follows:
In above-mentioned path, when some file appearance exception (such as MD5 verification failure, incorrect or imperfect), can it touch
Send out the starting path of system image backup file.If system default image file damages, then corresponding starting path are as follows: 1. → 2.
→④;Such as first level-one bootstrap malfunctions, then corresponding starting path are as follows: 1. → 6. → and 7. → 8..
Embodiment three:
As shown in figure 5, including System on Chip/SoC (MPSoC core in embedded system the present embodiment provides a kind of embedded system
Piece) and system starting storage medium (Flash), system, which starts, is stored with startup program on storage medium, when startup program is run,
Execute the safety startup of system method based on MPSoC chip as disclosed in above-described embodiment one or embodiment two.
Further, globally unique identifier is stored on System on Chip/SoC, and it is molten that electrically programmable is provided on System on Chip/SoC
Silk.
After system electrification, the level-one bootstrap of the ROM program frisking guidance medium of MPSoC chip, and signature key school
The public key (two groups of public keys that Hash generates) and bootstrap computation key (PPK, SPK) of CPU storage are tested, after verification passes through,
Load operating, then verifies second level bootloader by level-one boot program loads, and second level bootloader reloads verification Flash
In default system image file, just allow to run after verification is correct and start.
The method realizes standby system text when safety startup of system and default system file normally start and are abnormal
Part starting reduces non-legal programming, the damage of part Flash file or modification, the risk for causing system not start normally and improves
The stability and safety of commercial embedded system.
Even if reading the public key value of the data and CPU in Flash, into imitated plate, system is also normally to open for programming
It is dynamic, it plays a very good protection for the safety of commercial embedded system, can effectively prevent the row of malice shovelling plate
For.
The technical solution for having been described in detail above with reference to the accompanying drawings the application, present applicant proposes one kind to be based on MPSoC chip
Safety startup of system method, comprising: step 1, according to the globally unique identifier of System on Chip/SoC, generate two using Encryption Algorithm
Two groups of public key programmings are entered System on Chip/SoC, and the electrically programmable fuse for the System on Chip/SoC that fuses by group public key;Step 2, according to two groups of public affairs
Key is encrypted and is packaged to primary bootstrap, and level-one bootstrap is denoted as, and according to level-one bootstrap, is generated and burnt
It writes multistage to direct the algorithm in system starting storage medium, wherein multistage bootstrap at least includes two-stage;Step 3, embedded
After system electrification, multistage bootstrap is decrypted and school step by step using fault-tolerance processing method according to globally unique identifier
It tests, and passes through multistage one of bootstrap activation system image file and system image backup file.By in the application
Technical solution, improve the safety of embedded system, greatly reduce a possibility that system is copied by shovelling plate.
Step in the application can be sequentially adjusted, combined, and deleted according to actual needs.
Unit in the application device can be combined, divided and deleted according to actual needs.
Although disclosing the application in detail with reference to attached drawing, it will be appreciated that, these descriptions are only exemplary, not
For limiting the application of the application.The protection scope of the application may include not departing from this Shen by appended claims
It please be in the case where protection scope and spirit for various modifications, remodeling and equivalent scheme made by inventing.
Claims (8)
1. a kind of safety startup of system method based on MPSoC chip, which is characterized in that this method is suitable for embedded system
Starting, the embedded system include System on Chip/SoC and system starting storage medium, are stored in the system starting storage medium
There are system image file and system image backup file, this method comprises:
Step 1, according to the globally unique identifier of the System on Chip/SoC, two groups of public keys are generated using Encryption Algorithm, by two groups of institutes
It states public key programming and enters the System on Chip/SoC, and the electrically programmable fuse for the System on Chip/SoC that fuses;
Step 2, the public key according to two groups is encrypted and is packaged to primary bootstrap, and level-one bootstrap, and root are denoted as
According to the level-one bootstrap, generates and programming multistage directs the algorithm in the system starting storage medium, wherein is described more
Grade bootstrap at least includes two-stage;
Step 3, after the embedded system powers on, according to the globally unique identifier, using fault-tolerance processing method, to described
Multistage bootstrap is decrypted and verifies step by step, and starts the system image file and institute by the multistage bootstrap
State one of system image backup file.
2. as described in claim 1 based on the safety startup of system method of MPSoC chip, which is characterized in that step 2 tool
Body includes:
Step 21, the public key according to the primary bootstrap and two groups is generated using secure hash algorithm and is stored first
Key and the second key;
Step 22, using dark text Encryption Algorithm, the public key according to two groups encrypts the primary bootstrap;
Step 23, the first key, second key and encrypted primary bootstrap are packaged, are denoted as described
Level-one bootstrap.
3. as claimed in claim 2 based on the safety startup of system method of MPSoC chip, which is characterized in that the dark text adds
Close algorithm include and operation or operation, add operation, inverse, with or at least one of operation, shift operation.
4. such as the described in any item safety startup of system methods based on MPSoC chip of Claims 2 or 3, which is characterized in that institute
Stating multistage bootstrap includes two-stage bootstrap and corresponding guidance stand-by program, wherein the bootstrap includes described
Level-one bootstrap and second level bootloader, the guidance stand-by program include level-one guidance stand-by program and second level guidance backup
Program.
5. as claimed in claim 4 based on the safety startup of system method of MPSoC chip, which is characterized in that step 3 tool
Body includes:
Step 31, after the embedded system powers on, starting information header file is read, according to the globally unique identifier and institute
First key is stated, hash calculating is carried out to the level-one bootstrap;
Step 32, according to the hash calculating as a result, the level-one bootstrap is decrypted using fault-tolerance processing method
Step 33 is executed when the verification of judgement first passes through with the first verification, when the verification of judgement first does not pass through, re-executes step
Rapid 31, hash calculating is carried out to level-one guidance stand-by program;
Step 33, according to second key, the second verification is carried out to the level-one bootstrap, when the verification of judgement second passes through
When, execute step 34, when judgement second verification not by when, re-execute the steps 31, to the level-one guide stand-by program into
Row hash calculates;
Step 34, third verification is carried out to the second level bootloader, is verified when the judgement second level bootloader passes through third
When, start the system image file, when determining that the second level bootloader is not verified by third, obtains the second level and draw
Stand-by program is led,
When the second level guidance stand-by program has not been obtained, system starting exception information is generated and sent,
When getting the second level guidance stand-by program, third verification is carried out to second level guidance stand-by program, works as judgement
When the second level guidance stand-by program is verified by third, start the system image backup file, when the judgement second level is drawn
When leading stand-by program not by third verification, next second level guidance stand-by program is obtained.
6. as claimed in claim 4 based on the safety startup of system method of MPSoC chip, which is characterized in that the level-one is drawn
The backup quantity for leading stand-by program is 3, and the backup quantity of the second level guidance stand-by program is 2.
7. a kind of embedded system, which is characterized in that be situated between in the embedded system comprising System on Chip/SoC and system starting storage
Matter is stored with startup program on system starting storage medium, when the startup program is run, execute as claim 1 to
Based on the safety startup of system method of MPSoC chip described in any one of claim 6.
8. embedded system as claimed in claim 7, which is characterized in that be stored with globally unique identifier on the System on Chip/SoC
Symbol, and electrically programmable fuse is provided on the System on Chip/SoC.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910646023.2A CN110363010B (en) | 2019-07-17 | 2019-07-17 | System safety starting method based on MPSoC chip |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910646023.2A CN110363010B (en) | 2019-07-17 | 2019-07-17 | System safety starting method based on MPSoC chip |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110363010A true CN110363010A (en) | 2019-10-22 |
CN110363010B CN110363010B (en) | 2021-11-16 |
Family
ID=68220916
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910646023.2A Active CN110363010B (en) | 2019-07-17 | 2019-07-17 | System safety starting method based on MPSoC chip |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110363010B (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110909316A (en) * | 2019-11-14 | 2020-03-24 | 武汉正维电子技术有限公司 | Encryption protection method of single chip microcomputer software and storage medium |
CN111143854A (en) * | 2019-12-25 | 2020-05-12 | 眸芯科技(上海)有限公司 | Device, system and method for starting chip secure download |
CN112231709A (en) * | 2020-10-15 | 2021-01-15 | 中国电子科技集团公司第三十八研究所 | System safety design method with remote upgrading function |
CN113642006A (en) * | 2021-08-30 | 2021-11-12 | 南方电网数字电网研究院有限公司 | Safe starting method of dual-core relay protection system |
WO2021232982A1 (en) * | 2020-05-22 | 2021-11-25 | 华为技术有限公司 | Redundant cryptographic algorithm-based secure boot method and device |
CN115934631A (en) * | 2022-12-30 | 2023-04-07 | 武汉麓谷科技有限公司 | Intelligent storage platform based on MPSoC |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102369535A (en) * | 2009-02-03 | 2012-03-07 | 费森尼斯医疗德国公司 | Device and method for preventing unauthorized use and/or manipulation of software |
EP2506488A2 (en) * | 2011-03-28 | 2012-10-03 | Nxp B.V. | Secure dynamic on-chip key programming |
CN104573528A (en) * | 2014-12-31 | 2015-04-29 | 湖南国科微电子有限公司 | Copy-prevented Soc starting method and chip thereof |
US9230112B1 (en) * | 2013-02-23 | 2016-01-05 | Xilinx, Inc. | Secured booting of a field programmable system-on-chip including authentication of a first stage boot loader to mitigate against differential power analysis |
CN107220547A (en) * | 2016-03-21 | 2017-09-29 | 展讯通信(上海)有限公司 | Terminal device and its startup method |
US20180181179A1 (en) * | 2016-12-22 | 2018-06-28 | Texas Instruments Incorporated | On chip power on reset with integrated supervisory functions for a functional safety system |
CN108399339A (en) * | 2018-02-12 | 2018-08-14 | 广东为辰信息科技有限公司 | A kind of credible startup method based on safety chip |
CN108664280A (en) * | 2017-03-31 | 2018-10-16 | 深圳市中兴微电子技术有限公司 | A kind of embedded system start method and device |
CN109284114A (en) * | 2017-07-20 | 2019-01-29 | 深圳市中兴微电子技术有限公司 | The automatic method for burn-recording of programmable chip in embedded system |
-
2019
- 2019-07-17 CN CN201910646023.2A patent/CN110363010B/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102369535A (en) * | 2009-02-03 | 2012-03-07 | 费森尼斯医疗德国公司 | Device and method for preventing unauthorized use and/or manipulation of software |
EP2506488A2 (en) * | 2011-03-28 | 2012-10-03 | Nxp B.V. | Secure dynamic on-chip key programming |
US9230112B1 (en) * | 2013-02-23 | 2016-01-05 | Xilinx, Inc. | Secured booting of a field programmable system-on-chip including authentication of a first stage boot loader to mitigate against differential power analysis |
CN104573528A (en) * | 2014-12-31 | 2015-04-29 | 湖南国科微电子有限公司 | Copy-prevented Soc starting method and chip thereof |
CN107220547A (en) * | 2016-03-21 | 2017-09-29 | 展讯通信(上海)有限公司 | Terminal device and its startup method |
US20180181179A1 (en) * | 2016-12-22 | 2018-06-28 | Texas Instruments Incorporated | On chip power on reset with integrated supervisory functions for a functional safety system |
CN108664280A (en) * | 2017-03-31 | 2018-10-16 | 深圳市中兴微电子技术有限公司 | A kind of embedded system start method and device |
CN109284114A (en) * | 2017-07-20 | 2019-01-29 | 深圳市中兴微电子技术有限公司 | The automatic method for burn-recording of programmable chip in embedded system |
CN108399339A (en) * | 2018-02-12 | 2018-08-14 | 广东为辰信息科技有限公司 | A kind of credible startup method based on safety chip |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110909316A (en) * | 2019-11-14 | 2020-03-24 | 武汉正维电子技术有限公司 | Encryption protection method of single chip microcomputer software and storage medium |
CN110909316B (en) * | 2019-11-14 | 2023-05-09 | 武汉正维电子技术有限公司 | Encryption protection method for singlechip software and storage medium |
CN111143854A (en) * | 2019-12-25 | 2020-05-12 | 眸芯科技(上海)有限公司 | Device, system and method for starting chip secure download |
CN111143854B (en) * | 2019-12-25 | 2021-11-30 | 眸芯科技(上海)有限公司 | Safe starting device, system and method of chip |
WO2021232982A1 (en) * | 2020-05-22 | 2021-11-25 | 华为技术有限公司 | Redundant cryptographic algorithm-based secure boot method and device |
CN112231709A (en) * | 2020-10-15 | 2021-01-15 | 中国电子科技集团公司第三十八研究所 | System safety design method with remote upgrading function |
CN113642006A (en) * | 2021-08-30 | 2021-11-12 | 南方电网数字电网研究院有限公司 | Safe starting method of dual-core relay protection system |
CN115934631A (en) * | 2022-12-30 | 2023-04-07 | 武汉麓谷科技有限公司 | Intelligent storage platform based on MPSoC |
CN115934631B (en) * | 2022-12-30 | 2023-10-27 | 武汉麓谷科技有限公司 | Intelligent storage platform based on MPSoC |
Also Published As
Publication number | Publication date |
---|---|
CN110363010B (en) | 2021-11-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110363010A (en) | A kind of safety startup of system method based on MPSoC chip | |
CN112035152B (en) | Secure processing system and method for upgrading firmware of SoC chip | |
CN109313690A (en) | Self-contained encryption boot policy verifying | |
CN102270288B (en) | Method for performing trusted boot on operation system based on reverse integrity verification | |
CN103886246B (en) | The method and apparatus for supporting the dynamic that authentication device guides safely to change | |
US11886593B2 (en) | Verification of a provisioned state of a platform | |
CN104866768B (en) | ATM os starting control method and device | |
US12061702B2 (en) | Identity and root keys derivation scheme for embedded devices | |
CN109445705B (en) | Firmware authentication method and solid state disk | |
CN109583162B (en) | Identity recognition method and system based on state cryptographic algorithm | |
CN105930733A (en) | Trust chain construction method and apparatus | |
CN113486360B (en) | RISC-V based safe starting method and system | |
US20160380771A1 (en) | Binary code authentication | |
CN109086578A (en) | A kind of method that soft ware authorization uses, equipment and storage medium | |
CN111597558B (en) | Trusted boot method and system of embedded operating system based on multiple mirror images of file | |
CN103577727B (en) | A kind of method and device of software deadline checking | |
CN110175478A (en) | A kind of mainboard powering method, system and programming device | |
CN109814934A (en) | Data processing method, device, readable medium and system | |
KR20180007717A (en) | Soc having double security features, and double security method for soc | |
CN117472465A (en) | System-on-chip secure starting method and device, electronic equipment and storage medium | |
CN108073411A (en) | A kind of kernel loads method and device of patch | |
CN116738392A (en) | Software and hardware verification method for main control system of wind generating set | |
Kroah-Hartman | Signed kernel modules | |
CN115828255A (en) | Method for upgrading signed firmware, electronic device and storage medium | |
CN107704756A (en) | Safe checking method and system before a kind of system upgrade |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |