CN110414248B - Method for debugging microprocessor and microprocessor - Google Patents
Method for debugging microprocessor and microprocessor Download PDFInfo
- Publication number
- CN110414248B CN110414248B CN201910623583.6A CN201910623583A CN110414248B CN 110414248 B CN110414248 B CN 110414248B CN 201910623583 A CN201910623583 A CN 201910623583A CN 110414248 B CN110414248 B CN 110414248B
- Authority
- CN
- China
- Prior art keywords
- microprocessor
- public key
- debugging
- updated
- signature certificate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/22—Detection or location of defective computer hardware by testing during standby operation or during idle time, e.g. start-up testing
- G06F11/2205—Detection or location of defective computer hardware by testing during standby operation or during idle time, e.g. start-up testing using arrangements specific to the hardware being tested
- G06F11/2236—Detection or location of defective computer hardware by testing during standby operation or during idle time, e.g. start-up testing using arrangements specific to the hardware being tested to test CPU or processors
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/22—Detection or location of defective computer hardware by testing during standby operation or during idle time, e.g. start-up testing
- G06F11/26—Functional testing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Quality & Reliability (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Storage Device Security (AREA)
Abstract
The application provides a method for debugging a microprocessor and the microprocessor, which are used for improving the safety of data in the microprocessor. The method comprises the following steps: sending the signature certificate to at least one device, so that each device in the at least one device decrypts the signature certificate according to a prestored first public key to obtain a second public key in the decrypted signature certificate; wherein the at least one device is a device having the authority to debug the microprocessor; receiving a first debugging request; the first debugging request is sent by first equipment and carries first identity verification information encrypted by a public key stored in the first equipment; decrypting the first authentication information according to a prestored first private key; wherein the first private key corresponds to the second public key; and receiving debugging information sent by the first equipment under the condition that the first identity verification information is successfully decrypted, and debugging according to the debugging information.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method for debugging a microprocessor and a microprocessor.
Background
In order to facilitate later-stage manufacturers to debug the microprocessor, the microprocessor is generally provided with a debugging interface. When a manufacturer needs to debug the microprocessor, the manufacturer can send debugging information to the microprocessor through the debugging interface.
Typically, to facilitate manufacturer debugging of the microprocessor, the debug interface is generally open to the outside. However, in this way, a lawless person can steal the firmware in the microprocessor through the debug interface, or illegally refresh the firmware in the microprocessor.
Disclosure of Invention
The embodiment of the application provides a method for debugging a microprocessor and the microprocessor, which are used for improving the safety of data in the microprocessor.
In a first aspect, a method for debugging a microprocessor is provided, where the method is applied to the microprocessor, and includes:
sending the signature certificate to at least one device, so that each device in the at least one device decrypts the signature certificate according to a prestored first public key to obtain a second public key in the decrypted signature certificate; wherein the at least one device is a device having the authority to debug the microprocessor;
receiving a first debugging request; the first debugging request is sent by first equipment and carries first identity verification information encrypted by a public key stored in the first equipment;
decrypting the first authentication information according to a prestored first private key; wherein the first private key corresponds to the second public key;
and receiving debugging information sent by the first equipment under the condition that the first identity verification information is successfully decrypted, and debugging according to the debugging information.
In the embodiment of the application, the microprocessor sends the signature certificate of the microprocessor to the corresponding device in advance. After a certain device sends a debugging request, after a microprocessor receives the debugging request, the microprocessor decrypts first identity verification information in the debugging request according to a prestored first private key, if decryption is successful, a debugging interface is opened, debugging information is received, and debugging is performed according to the debugging information. In addition, other external verification equipment is not needed in the embodiment of the application, and the authentication information in the debugging request is verified.
In a possible embodiment, before sending the signed certificate to the at least one device, the method comprises:
and generating a signature certificate according to a prestored first private key, microprocessor information and a second public key corresponding to the first private key.
In the method for generating the signature certificate, the microprocessor generates the signature certificate according to the corresponding key, so that equipment with the authority of debugging the microprocessor can obtain the signature certificate of the microprocessor, and identity authentication information can be conveniently verified in the later period.
In a possible embodiment, before generating the signature certificate according to a pre-stored first private key, microprocessor information and a second public key corresponding to the first private key, the method includes:
generating a random number;
encrypting the random number according to a preset first encryption algorithm to generate a key seed;
and encrypting the key seed according to an encryption algorithm corresponding to the first private key to generate a second public key.
In the embodiment of the present application, a generation manner of the second public key is provided, and the random number is used to generate the corresponding second public key, so that flexibility of generating the second public key can be improved, and the random number can be updated at a later stage to update the second public key, so that the second public key is continuously updated, and security of the signature information can be further improved.
In a possible embodiment, after decrypting the first authentication information according to a pre-stored first private key, the method includes:
if the first authentication information of the first equipment fails to be decrypted, recording the failure times of decrypting the authentication information of the first equipment through a watchdog resetting unit in the microprocessor;
and when the failure times are larger than a preset threshold value, erasing the firmware in the microprocessor.
In the embodiment of the application, after the first authentication information is decrypted unsuccessfully, the watchdog resetting unit in the microprocessor can record the failure times, and when the failure times are larger than the preset threshold value, the microprocessor erases the firmware so as to avoid the situation that data in the microprocessor is stolen or tampered after the microprocessor is cracked violently.
In a possible embodiment, after decrypting the first authentication information according to a pre-stored first private key, the method includes:
if the first identity authentication information of the first device is decrypted successfully, resetting the watchdog resetting unit and updating the random number;
generating an updated second public key according to the updated random number, and generating an updated signature certificate according to the updated second public key;
and sending the updated signature certificate to the at least one device, so that each device in the at least one device generates updated identity verification information according to the updated second public key in the updated signature certificate.
In the embodiment of the application, after the first identity verification information is successfully decrypted, the microprocessor resets the watchdog resetting unit so that the watchdog resetting unit restarts counting, updates the random number, generates the updated signature certificate according to the updated random number, updates the signature certificate in real time, and can further ensure the security of the signature certificate.
In a second aspect, there is provided a microprocessor, the apparatus comprising:
the sending module is used for sending the signature certificate to at least one device so that each device in the at least one device decrypts the signature certificate according to a pre-stored first public key to obtain a second public key in the decrypted signature certificate; wherein the at least one device is a device having the authority to debug the microprocessor;
the receiving module is used for receiving a first debugging request; the first debugging request is sent by first equipment and carries first identity verification information encrypted by a public key stored in the first equipment;
the verification module is used for decrypting the first identity verification information according to a prestored first private key; wherein the first private key corresponds to the second public key;
the receiving module is further configured to receive debugging information sent by the first device under the condition that decryption of the first authentication information is successful;
and the debugging module is used for debugging according to the debugging information.
In one possible embodiment, the verification module is further configured to:
before the signature certificate is sent to at least one device, the signature certificate is generated according to a pre-stored first private key, microprocessor information and a second public key corresponding to the first private key.
In one possible embodiment, the verification module is further configured to:
generating a random number before generating a signature certificate according to a prestored first private key, microprocessor information and a second public key corresponding to the first private key;
encrypting the random number according to a preset first encryption algorithm to generate a key seed;
and encrypting the key seed according to an encryption algorithm corresponding to the first private key to generate a second public key.
In a possible embodiment, the debugging module is further configured to:
if the first authentication information of the first equipment fails to be decrypted, recording the failure times of decrypting the authentication information of the first equipment through a watchdog resetting unit in the microprocessor;
and when the failure times are larger than a preset threshold value, erasing the firmware in the microprocessor.
In a possible embodiment, the verification module is further configured to, after decrypting the first authentication information according to a pre-stored first private key, if decrypting the first authentication information of the first device is successful, reset the watchdog resetting unit, update the random number, generate an updated second public key according to the updated random number, and generate an updated signature certificate according to the updated second public key;
the sending module is further configured to send the updated signature certificate to the at least one device, so that each device in the at least one device generates updated authentication information according to the updated second public key in the updated signature certificate.
In a third aspect, a microprocessor is provided, comprising:
at least one processor, and
a memory communicatively coupled to the at least one processor;
wherein the memory stores instructions executable by the at least one processor, the at least one processor implementing the method according to any one of the first aspect and possible embodiments by executing the instructions stored by the memory.
In a fourth aspect, a computer-readable storage medium is provided, which stores computer instructions that, when executed on a computer, cause the computer to perform the method according to any of the first aspect and possible embodiments.
Drawings
Fig. 1 is a schematic view of an application scenario of a method for debugging a microprocessor according to an embodiment of the present application;
FIG. 2 is a flowchart illustrating a method for debugging a microprocessor according to an embodiment of the present disclosure;
FIG. 3 is a first block diagram illustrating a microprocessor according to an embodiment of the present disclosure;
fig. 4 is a second schematic structural diagram of a microprocessor according to an embodiment of the present disclosure.
Detailed Description
In order to better understand the technical solutions provided by the embodiments of the present application, the following detailed description is made with reference to the drawings and specific embodiments.
The following explains the terms of art related to the embodiments of the present application.
(1) The key pair has two keys, namely a private key and a public key in the asymmetric encryption technology, wherein the private key is held by the owner of the key pair and cannot be published, and the public key is published to other parties by the owner of the key pair.
(2) The private key, a key in asymmetric encryption, is used to decrypt the public key encrypted data.
(3) The public key is used to encrypt data, and data encrypted with the public key can only be decrypted using the private key.
The prior art to which this application relates is explained below.
Since the debugging interface of the microprocessor in the prior art is open to the outside, a user can randomly access the debugging interface, so that lawbreakers can acquire or tamper data and the like in the microprocessor through the debugging interface, and the security of the data in the microprocessor is low. The data in the microprocessor includes firmware of a code application area in the microprocessor, and the like. After a lawbreaker steals the firmware, the same product can be manufactured according to the firmware, which causes huge loss to the manufacturer. Or a rogue person injects a trojan program into a microprocessor, which may cause the microprocessor to be abnormal.
In view of the above, the present invention provides a method for debugging a microprocessor, where the method is performed by the microprocessor, and the microprocessor may be a Central Processing Unit (CPU) or an Integrated Circuit (ASIC).
An application scenario related to the method for accessing the debug interface in the embodiment of the present application is described below.
Referring to fig. 1, the application scenario includes a terminal device 11, an electronic device 12, and a server 13 corresponding to a vendor. The electronic device 12 comprises a microprocessor comprising a debug interface. Although the electronic device 12 is illustrated as an air conditioner in fig. 1, the specific type of the electronic device 12 is not limited in practice. The terminal device 11 is, for example, a mobile phone, a personal computer, or the like. Fig. 1 illustrates one terminal device 11 as an example, but the number of terminal devices 11 is not limited in practice.
Specifically, the microprocessor may send the signature certificate of the microprocessor to the server 13 corresponding to the manufacturer, and the server 13 corresponding to the manufacturer authorizes the signature certificate to the terminal device 11 corresponding to the corresponding user. The microprocessor may also send the signature certificate to the server 13 corresponding to the manufacturer and the terminal device 11 corresponding to the user. After the terminal device 11 obtains the signature certificate, the signature certificate may be decrypted to obtain the second public key in the signature certificate.
A certain terminal device 11 wants to debug the microprocessor, and a certain terminal device 11 can encrypt the authentication information according to the stored public key to generate a corresponding debugging request. After the microprocessor receives a debugging request sent by a certain device, the microprocessor decrypts the authentication information in the debugging request according to the pre-stored first private key. The first private key corresponds to the second public key in the signed certificate. If the microprocessor can correctly decrypt the authentication information in the debugging request to indicate that the terminal device 11 has the debugging authority, the microprocessor receives the debugging information sent by the terminal device, and performs debugging and the like according to the debugging information. If the microprocessor can not decrypt correctly, the debugging information sent by the terminal device 11 is rejected, and the data security in the microprocessor is ensured. Debugging permission refers to the permission to debug the microprocessor.
In the embodiment of the application, the microprocessor realizes the identity verification of the equipment through the decryption process, so that illegal equipment is prevented from stealing or tampering data in the microprocessor through a debugging interface, and the safety of the data in the microprocessor is improved.
The following describes a process of the method for debugging a microprocessor in the embodiment of the present application in detail based on the application scenario discussed in fig. 1.
Referring to fig. 2, after the microprocessor is powered on or reaches a preset time period, the microprocessor performs step 201, i.e., generates a signature certificate. The manner in which the signed certificate is generated will be described in detail below.
The first method is as follows:
and generating a signature certificate according to a prestored first private key, microprocessor information and a second public key corresponding to the first private key.
Specifically, the microprocessor generates a second public key according to a pre-stored first private key. The second public key is generated, for example, after the first private key is processed through an elliptic curve algorithm. The first private key and the second public key are corresponding, that is, the content encrypted by the second public key can only be decrypted by the first private key. The second public key may also be further understood to be the public key of the microprocessor.
After the second public key is obtained, the microprocessor encrypts the microprocessor information and the second public key through a preset second encryption algorithm to generate a signature certificate. That is, the second public key and the microprocessor information are included in the signature certificate. The microprocessor information includes version information of the firmware, a publisher of the firmware, and the like. The version information of the firmware is, for example, v1.0.2.
The second method comprises the following steps:
generating a random number;
encrypting the random number according to a first encryption algorithm to generate a key seed;
encrypting the key seed according to an encryption algorithm corresponding to the first private key to generate a second public key;
and according to the first private key, the first encryption algorithm, the second public key and the microprocessor information are manufactured to generate a signature certificate.
Specifically, the microprocessor may generate a Random Number through a Random Number Generator (TRNG), and after obtaining the Random Number, the microprocessor may encrypt the Random Number according to a first encryption algorithm to generate a key seed, encrypt the key seed according to an encryption algorithm corresponding to a first private key to generate a second public key, and create a signature certificate according to the first encryption algorithm, the second public key, and information of the microprocessor.
The signature certificate comprises microprocessor information and a second public key, and in addition, the signature certificate can also comprise the validity period of the signature certificate. The microprocessor information can refer to the above discussion and will not be described in detail herein.
In the embodiment of the application, the microprocessor generates the second public key according to the random number, and on one hand, the second public key can be updated in real time after the validity period of the signature certificate expires. And in the process of generating the second public key, the random number is encrypted, so that the security of the signature certificate is further improved.
After the microprocessor performs step 201, step 202 is performed to send the signed certificate to at least one device.
Specifically, after generating the signature certificate, the microprocessor may send the signature certificate to a device (i.e., at least one device) having debugging authority, which may be the terminal device 11 and the server 13 of fig. 1. The microprocessor may store a device list having a debugging right in advance, where the device list includes communication addresses of the respective devices, such as media Access Control (MAc) addresses of the devices. And after the microprocessor generates the signature certificate, the microprocessor sends the signature certificate to each device according to the device list. Or the processing amount of the microprocessor is reduced, the microprocessor sends the signature certificate to the server 13 corresponding to the manufacturer, and the server 13 authorizes the signature certificate to the terminal equipment 11 corresponding to a plurality of users.
In the embodiment of the application, the information of the microprocessor is added in the signature device, so that the identity verification information sent by the corresponding device can be conveniently verified in the later stage, the device with the debugging authority can conveniently acquire the corresponding information of the microprocessor, more appropriate debugging information is sent to the microprocessor, and the success rate of debugging the microprocessor is improved.
After each device in at least one device receives the signature certificate, each device prestores a first public key, and the first public key can decrypt the signature certificate to obtain microprocessor information and a second public key in the signature certificate. The first public key is typically pre-stored in each of the at least one device, and is typically fixed and invariant.
After each device in the at least one device obtains the corresponding second public key, when a certain device in the at least one device needs to debug the microprocessor, the microprocessor information can be encrypted according to the second public key to generate the authentication information.
After the microprocessor executes step 202, step 203 is executed to receive a first debug request.
Specifically, the first debug request is sent by the first device, and the first debug request carries first identity authentication information encrypted by the first device by using the storage public key. The first device may or may not be a device of at least one of the devices in the preceding paragraphs.
After the microprocessor receives the first debug request, step 204 is executed to decrypt the first authentication information according to the pre-stored first private key.
Specifically, the first private key may refer to the content discussed above, and is not described herein again. If the microprocessor can successfully decrypt the first authentication information according to the first private key, that is, the decryption is successful, the microprocessor performs step 205, that is, receives the debugging information sent by the first device, and performs debugging according to the debugging information. If the microprocessor cannot decrypt the first authentication information according to the first private key, i.e. the decryption fails, the microprocessor performs step 207, i.e. the watchdog reset unit records the number of times of failure to decrypt the first authentication information.
The following describes the microprocessor executing step 205 after the microprocessor successfully decrypts the first authentication information.
Specifically, when the first device belongs to a device having a debugging right, the first device can obtain the signature certificate through the microprocessor or at least one device, and obtain the second public key and the microprocessor information corresponding to the microprocessor. And after the microprocessor determines that the first device belongs to the device with the debugging authority, the microprocessor opens a debugging interface for the first device.
The first device can directly send the debugging information to the microprocessor through the debugging interface, and the microprocessor receives the debugging information. In order to avoid leakage of the debugging information, the first device can continue to encrypt the debugging information to be sent through the second public key, the encrypted debugging information is sent to the microprocessor, and the microprocessor decrypts the debugging information according to the first private key to obtain the debugging information. After the microprocessor obtains the debug information, debugging can be performed according to the debug information. The debugging information is, for example, a patch file for repairing firmware in the microprocessor or an upgrade file for upgrading firmware in the microprocessor.
As an embodiment, in order to avoid the situation that the second public key is leaked, after the microprocessor decrypts the first authentication information successfully, the microprocessor may further verify the identity information in the first authentication information, if the identity information is consistent with the microprocessor information of the microprocessor in the signature certificate, it is determined that the first device belongs to a device with a debugging right, and the microprocessor receives the debugging information sent by the first device and performs debugging according to the debugging information. If the identity information is not consistent with the microprocessor information in the signed certificate, it is determined that the decryption failed.
After the first authentication information is successfully decrypted, the microprocessor performs step 206, i.e. resets the watchdog reset unit, generating an updated signature certificate.
Specifically, the microprocessor includes a watchdog resetting unit, and the watchdog resetting unit may be configured to record the number of times of failure of the authentication information of the first device, and reset the watchdog resetting unit if decryption is successful along with the first authentication information, that is, zero clearing of timing of the watchdog resetting unit is performed, which may be further understood as restarting of timing by the watchdog resetting unit. The watchdog resetting unit comprises a watchdog timer and a watchdog resetting subunit, and the watchdog resetting subunit is used for resetting the watchdog timer under a preset condition.
It should be noted that, the number of failures recorded by the watchdog may actually be understood as a verification time length for performing identity verification on the first device, and when the verification time length is less than a timing time length of the watchdog timer, the watchdog resetting subunit controls the watchdog timer to restart timing.
At the same time, the microprocessor may renew the signed certificate for signed certificates that have already been used, or after expiration of the validity of the signed certificate, in order to further increase the security of the signed certificate.
Specifically, the microprocessor may update the random number through the random number generator after the first authentication information is successfully decrypted, and obtain the updated random number. And generating an updated second public key according to the updated random number. And generating an updated signature certificate according to the updated second public key.
The specific process of generating the updated signed certificate may refer to the process of generating the signed certificate discussed above, and is not described herein again. The updated second public key in the updated signature certificate is different from the second public key. After generating the updated signed certificate, the microprocessor may resend the updated signed certificate to the at least one device. The at least one device may obtain the updated second public key according to the updated signature certificate, and generate updated authentication information according to the second public key. If one of the at least one device needs to debug the microprocessor, a debugging request can be sent to the microprocessor, and the debugging request carries updated authentication information.
In fig. 2, step 206 is executed after step 205 as an example, but in practice, the execution order of step 205 and step 206 may be arbitrary, and the specific order of step 205 and step 206 is not limited herein.
The following describes the execution of step 207 by the microprocessor after the microprocessor fails to decrypt the first authentication information.
Specifically, if the first device does not belong to a device having a debugging right, the first device cannot obtain the second public key, and therefore the microprocessor cannot successfully decrypt the authentication information sent by the device. The microprocessor fails to decrypt the first authentication information of the first device, and the number of decryption failures is recorded through the watchdog resetting unit. However, at this time, the microprocessor cannot determine that the first device is a device without the right, because the decryption failure may be caused by a network abnormality and the like in the first authentication information generation process or the transmission process. Therefore, if the first device continues to send the subsequent authentication information to the microprocessor, after the microprocessor receives the subsequent authentication information, the microprocessor may decrypt the subsequent authentication information according to the first private key, if the decryption is successful, step 205 and step 206 are performed, and if the decryption is failed, step 207 is continuously performed.
The microprocessor performs step 208 to determine whether the number of failures is greater than a predetermined threshold.
Specifically, when the microprocessor determines that the number of failures is less than or equal to the preset threshold, the microprocessor proceeds to step 206 and step 205. The contents of step 206 and step 205 can refer to the contents discussed above, and are not described herein again. And when the microprocessor determines that the failure times are larger than a preset threshold value, the microprocessor determines that the first equipment is the equipment without the debugging authority, and determines that the first equipment tries brute force cracking. To ensure the security of the data, the microprocessor may execute step 209, i.e. erase the firmware in the microprocessor when the number of failures is greater than a preset threshold.
Specifically, the preset threshold may be a default value of the microprocessor, and may be stored in a Read Data Protection (RDP) area in the microprocessor, so as to prevent the preset threshold from being tampered. And when the microprocessor determines that the failure times are larger than the preset threshold value, the microprocessor erases the firmware in the application code area so as to avoid the firmware in the microprocessor from being leaked or tampered.
After the microprocessor erases the firmware, when the authentication information of a certain device is successfully verified, the microprocessor can request the firmware from the device, and the firmware is obtained through the device with the debugging authority. Or, the microprocessor stores backup firmware, and after the firmware is erased and subsequent authentication information of the first device is not received, the backup firmware can be reinstalled to avoid affecting the normal operation of the microprocessor. Or the microprocessor requests the firmware from the server 13 and obtains the firmware from the server 13.
If the first device still needs to debug the microprocessor next time, the method of steps 201 to 209 needs to be repeated.
It should be noted that step 201 is an optional step. Steps 205-206 and 207-208 are two different cases, i.e. after decrypting the first authentication information the microprocessor performs either steps 205-206 or steps 207-208.
Based on the foregoing discussion of a method for debugging a microprocessor, an embodiment of the present invention provides a microprocessor, referring to fig. 3, including:
a sending module 301, configured to send the signature certificate to at least one device, so that each device in the at least one device decrypts the signature certificate according to a pre-stored first public key to obtain a second public key in the decrypted signature certificate; wherein, at least one device is a device with the authority of debugging the microprocessor;
a receiving module 302, configured to receive a first debug request; the first debugging request is sent by the first equipment and carries first identity verification information encrypted by a public key stored in the first equipment;
the verification module 303 is configured to decrypt the first identity verification information according to a prestored first private key; wherein the first private key corresponds to the second public key;
the receiving module 302 is further configured to receive debugging information sent by the first device under the condition that decryption of the first authentication information is successful;
and the debugging module 304 is used for debugging according to the debugging information.
In one possible embodiment, the verification module 303 is further configured to:
before the signature certificate is sent to at least one device, the signature certificate is generated according to a pre-stored first private key, microprocessor information and a second public key corresponding to the first private key.
In one possible embodiment, the verification module 303 is further configured to:
generating a random number before generating a signature certificate according to a prestored first private key, microprocessor information and a second public key corresponding to the first private key;
encrypting the random number according to a preset first encryption algorithm to generate a key seed;
and encrypting the key seed according to an encryption algorithm corresponding to the first private key to generate a second public key.
In one possible embodiment, the debug module 304 is further configured to:
if the first authentication information of the first equipment fails to be decrypted, recording the failure times of decrypting the authentication information of the first equipment through a watchdog resetting unit in the microprocessor;
and when the failure times are larger than a preset threshold value, erasing the firmware in the microprocessor.
In a possible embodiment, the verification module 303 is further configured to, after decrypting the first authentication information according to a pre-stored first private key, if decrypting the first authentication information of the first device is successful, reset the watchdog resetting unit, update the random number, generate an updated second public key according to the updated random number, and generate an updated signature certificate according to the updated second public key;
the sending module 301 is further configured to send the updated signature certificate to at least one device, so that each device in the at least one device generates updated identity verification information according to the updated second public key in the updated signature certificate.
Based on the foregoing discussion of a method for debugging a microprocessor, an embodiment of the present invention provides a microprocessor, please refer to fig. 4, including:
at least one processor 401, and
a memory 402 communicatively coupled to the at least one processor 401;
wherein the memory 402 stores instructions executable by the at least one processor 401, the at least one processor 401 implements a method of debugging a microprocessor as previously discussed by executing the instructions stored by the memory 402.
Fig. 4 illustrates an example of one processor 401, but the number of processors 401 is not limited in practice.
The sending module 301, the receiving module 302, the verifying module 303 and the debugging module 304 in fig. 3 may be implemented by the processor 401 in fig. 4 as an embodiment.
The processor 401 in the embodiment of the present application may be understood as a functional module having calculation and processing capabilities in a microprocessor. The processor 401 and the memory 402 may be coupled or may be relatively independent.
Based on the foregoing discussion of a method for debugging a microprocessor, embodiments of the present application provide a computer-readable storage medium having stored thereon computer instructions that, when executed on a computer, cause the computer to perform a method for debugging a microprocessor as discussed above.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While the preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all alterations and modifications as fall within the scope of the application.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.
Claims (6)
1. A method for debugging a microprocessor, the method being applied to the microprocessor, the method comprising:
generating a signature certificate according to a prestored first private key, microprocessor information and a second public key corresponding to the first private key, and sending the signature certificate to at least one device, so that each device in the at least one device decrypts the signature certificate according to the prestored first public key to obtain a decrypted second public key in the signature certificate; wherein the at least one device is a device having the authority to debug the microprocessor;
receiving a first debugging request; the first debugging request is sent by first equipment and carries first identity verification information encrypted by a second public key stored in the first equipment;
decrypting the first authentication information according to the pre-stored first private key; wherein the first private key corresponds to the second public key;
if the decryption of the first authentication information of the first device fails, recording the failure times of the decryption of the authentication information of the first device through a watchdog reset unit in the microprocessor, and erasing the firmware in the microprocessor when the failure times are larger than a preset threshold value;
under the condition that the first identity authentication information is successfully decrypted, debugging information sent by the first equipment is received, debugging is carried out according to the debugging information, the watchdog resetting unit is reset, and the random number is updated; generating an updated second public key according to the updated random number, and generating an updated signature certificate according to the updated second public key; and sending the updated signature certificate to the at least one device, so that each device in the at least one device generates updated identity verification information according to the updated second public key in the updated signature certificate.
2. The method of claim 1, wherein before generating the signed certificate based on the pre-stored first private key, the microprocessor information, and a second public key corresponding to the first private key, comprising:
generating a random number;
encrypting the random number according to a preset first encryption algorithm to generate a key seed;
and encrypting the key seed according to an encryption algorithm corresponding to the first private key to generate a second public key.
3. A microprocessor, the microprocessor comprising:
the sending module is used for generating a signature certificate according to a prestored first private key, microprocessor information and a second public key corresponding to the first private key, and sending the signature certificate to at least one device, so that each device in the at least one device decrypts the signature certificate according to the prestored first public key to obtain a second public key in the decrypted signature certificate; wherein the at least one device is a device having the authority to debug the microprocessor;
the receiving module is used for receiving a first debugging request; the first debugging request is sent by first equipment and carries first identity verification information encrypted by a second public key stored in the first equipment;
the verification module is used for decrypting the first identity verification information according to the prestored first private key; wherein the first private key corresponds to the second public key;
the receiving module is further configured to receive debugging information sent by the first device under the condition that decryption of the first authentication information is successful;
the debugging module is used for debugging according to the debugging information, recording the failure times of decrypting the first identity authentication information of the first equipment through a watchdog resetting unit in the microprocessor if the first identity authentication information of the first equipment fails to be decrypted, and erasing the firmware in the microprocessor when the failure times are greater than a preset threshold value;
the verification module is further configured to, after decrypting the first authentication information according to a pre-stored first private key, if decrypting the first authentication information of the first device is successful, reset the watchdog resetting unit, update the random number, generate an updated second public key according to the updated random number, and generate an updated signature certificate according to the updated second public key;
the sending module is further configured to send the updated signature certificate to the at least one device, so that each device in the at least one device generates updated authentication information according to the updated second public key in the updated signature certificate.
4. The microprocessor of claim 3, wherein the verification module is further to:
generating a random number before generating a signature certificate according to the prestored first private key, the microprocessor information and a second public key corresponding to the first private key;
encrypting the random number according to a preset first encryption algorithm to generate a key seed;
and encrypting the key seed according to an encryption algorithm corresponding to the first private key to generate a second public key.
5. A microprocessor, comprising:
at least one processor, and
a memory communicatively coupled to the at least one processor;
wherein the memory stores instructions executable by the at least one processor, the at least one processor implementing the method of any one of claims 1-2 by executing the instructions stored by the memory.
6. A computer-readable storage medium having stored thereon computer instructions which, when executed on a computer, cause the computer to perform the method of any one of claims 1-2.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910623583.6A CN110414248B (en) | 2019-07-11 | 2019-07-11 | Method for debugging microprocessor and microprocessor |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910623583.6A CN110414248B (en) | 2019-07-11 | 2019-07-11 | Method for debugging microprocessor and microprocessor |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110414248A CN110414248A (en) | 2019-11-05 |
| CN110414248B true CN110414248B (en) | 2021-03-12 |
Family
ID=68361010
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910623583.6A Active CN110414248B (en) | 2019-07-11 | 2019-07-11 | Method for debugging microprocessor and microprocessor |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110414248B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112559437A (en) * | 2019-09-25 | 2021-03-26 | 阿里巴巴集团控股有限公司 | Debugging unit and processor |
| CN111147259B (en) * | 2019-12-26 | 2022-01-14 | 华为技术有限公司 | Authentication method and device |
| CN111338673B (en) * | 2020-02-21 | 2023-12-01 | Oppo(重庆)智能科技有限公司 | Equipment debugging method and device, electronic equipment and storage medium |
| CN111431873A (en) * | 2020-03-11 | 2020-07-17 | 山东超越数控电子股份有限公司 | Method, system, device and medium for reporting information |
| CN114124363A (en) * | 2020-08-27 | 2022-03-01 | 上海新微技术研发中心有限公司 | Electronic equipment, authentication system and authentication method |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101399663B (en) * | 2008-10-14 | 2010-10-20 | 北京大学 | Method, system and device for digital content authentication |
| CN104469736B (en) * | 2014-11-05 | 2018-01-19 | 中兴通讯股份有限公司 | A kind of data processing method, server and terminal |
| CN107483523A (en) * | 2016-11-02 | 2017-12-15 | 深圳市波普安创技术有限公司 | Legal the firmware debugging system and its method of information safety devices |
| CN109600223B (en) * | 2017-09-30 | 2021-05-14 | 腾讯科技(深圳)有限公司 | Verification method, activation method, device, equipment and storage medium |
| CN109150528A (en) * | 2018-11-07 | 2019-01-04 | 杭州海兴电力科技股份有限公司 | A kind of ammeter data access method, device, equipment and readable storage medium storing program for executing |
-
2019
- 2019-07-11 CN CN201910623583.6A patent/CN110414248B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN110414248A (en) | 2019-11-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110414248B (en) | Method for debugging microprocessor and microprocessor | |
| US11876791B2 (en) | Message authentication with secure code verification | |
| CN109313690B (en) | Self-contained encrypted boot policy verification | |
| CN110519260B (en) | Information processing method and information processing device | |
| US10474823B2 (en) | Controlled secure code authentication | |
| US20120272065A1 (en) | Authentication Method, Host Computer and Recording Medium | |
| CN112187544B (en) | Firmware upgrading method, device, computer equipment and storage medium | |
| US20180204004A1 (en) | Authentication method and apparatus for reinforced software | |
| CN112514321A (en) | Shared secret establishment | |
| CN110688660B (en) | Method and device for safely starting terminal and storage medium | |
| CN108595198B (en) | Safe firmware updating method | |
| CN114186199B (en) | License authorization method and device | |
| CN107534551B (en) | Method, computing device and computer readable medium for providing encrypted data | |
| CN114662087B (en) | Multi-terminal verification security chip firmware updating method and device | |
| CN115859267A (en) | Method for safely starting application program, storage control chip and electronic equipment | |
| JP2015104020A (en) | Communication terminal device, communication terminal association system, communication terminal association method and computer program | |
| US11216571B2 (en) | Credentialed encryption | |
| CN110837643A (en) | Activation method and device of trusted execution environment | |
| CN110619194B (en) | Upgrade package encryption and decryption methods and devices | |
| CN114189862A (en) | Wireless terminal and interface access authentication method of wireless terminal in Uboot mode | |
| CN103281188A (en) | Method and system for backing up private key in electronic signature token | |
| KR101711024B1 (en) | Method for accessing temper-proof device and apparatus enabling of the method | |
| CN116484379A (en) | System starting method, system comprising trusted computing base software, equipment and medium | |
| JP2004282391A (en) | Information processor having authentication function and method for applying authentication function | |
| CN115357948A (en) | Hardware anti-copying encryption method and device based on TEE and encryption chip |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |