CN110555309A - Starting method, starting device, terminal and computer readable storage medium - Google Patents

Starting method, starting device, terminal and computer readable storage medium Download PDF

Info

Publication number
CN110555309A
CN110555309A CN201910853820.8A CN201910853820A CN110555309A CN 110555309 A CN110555309 A CN 110555309A CN 201910853820 A CN201910853820 A CN 201910853820A CN 110555309 A CN110555309 A CN 110555309A
Authority
CN
China
Prior art keywords
image
hash value
boot
chip
public key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910853820.8A
Other languages
Chinese (zh)
Inventor
景永年
赖运娥
张鑫
雷海军
刘毅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Yingbo Supercomputing Technology Co Ltd
Original Assignee
Shenzhen Yingbo Supercomputing Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Yingbo Supercomputing Technology Co Ltd filed Critical Shenzhen Yingbo Supercomputing Technology Co Ltd
Priority to CN201910853820.8A priority Critical patent/CN110555309A/en
Publication of CN110555309A publication Critical patent/CN110555309A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/572Secure firmware programming, e.g. of basic input output system [BIOS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/4401Bootstrapping
    • G06F9/4411Configuring for operating with peripheral devices; Loading of device drivers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44505Configuring for program initiating, e.g. using registry, configuration files
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC

Abstract

The invention provides a starting method, which belongs to the technical field of electronics, and adopts multiple signature verification and Hash value verification to ensure the safety and integrity of each image file, and the corresponding image file can be started only after the signature verification and the Hash value verification are passed, so that the potential safety hazard in the starting process can be better avoided, the safety of a terminal is improved, and the machine is prevented from being refreshed.

Description

starting method, starting device, terminal and computer readable storage medium
Technical Field
The present invention relates to the field of electronic technologies, and in particular, to a starting method, an apparatus, a terminal, and a computer-readable storage medium.
Background
Note that the contents described in this section do not represent all the related art.
After the terminal device is started in a power-on state, the kernel can be started only by executing programs such as a secondary boot program (boot loader). The safety of the programs cannot be guaranteed, so that a great potential safety hazard exists in the starting process of the terminal.
disclosure of Invention
In view of this, in order to solve one of the technical problems in the related art to a certain extent, it is necessary to provide a booting method, an apparatus, a terminal and a computer-readable storage medium, which can better avoid the potential safety hazard during the booting process.
A first aspect of the invention provides a method of starting, the method comprising the steps of:
After power-on starting, moving the second-level boot image of the signature to the chip;
Calculating a hash value H1 corresponding to the secondary boot image and verifying the secondary boot image by using a first public key in a chip;
If the signature verification is successful and the hash value H2 obtained by signature verification is equal to the hash value H1, skipping to execute the secondary boot mirror image;
the second-level boot mirror image moves the third-level boot mirror image of the signature to the chip;
Calculating a hash value H3 corresponding to the three-level boot image and verifying the three-level boot image by using a second public key signature in the chip;
If the signature verification is successful and the hash value H4 obtained by signature verification is equal to the hash value H3, skipping to execute the three-level boot mirror image;
After the initialization of the three-level boot mirror image is completed, moving the signed kernel mirror image to a chip;
Calculating a hash value H5 corresponding to the kernel mirror image and verifying the kernel mirror image by using a third public key verification in the chip;
if the verification is successful and the hash value H6 obtained by verification is equal to the hash value H5, skipping to execute the kernel mirror image;
and when the second-level boot, the third-level boot and the kernel are mirror-imaged, obtaining corresponding hash values H2, H4 and H6 through hash calculation respectively and signing through corresponding private keys respectively.
Further, the first public key, the second public key, and the third public key may be the same or different.
Further, the second public key and the third public key are included in the secondary boot image.
Further, before the hash values H2, H4, and H6 are calculated, the image file is further encrypted by a symmetric encryption algorithm, a key of the symmetric encryption algorithm is stored in the OTP inside the chip, the hash values H2, H4, and H6 are obtained by performing hash calculation on the corresponding encrypted image file, and in the step of verifying, if the verification is successful and the hash values are equal, the decrypted image file is obtained by decryption through the corresponding key.
Further, the hash value H1 of the secondary boot image is calculated by a bootrom inside the chip.
Further, the hash value H3 of the three-level boot image is calculated from the two-level boot image.
Further, the hash value H5 of the kernel image is calculated by the OPEEE running in the secure world in the chip and the signature is checked.
A second aspect of the present invention provides a starting apparatus, the apparatus comprising:
The first moving module is used for moving the second-level boot image of the signature to the chip after the power-on starting;
the first calculation module is used for calculating a hash value H1 corresponding to the secondary boot image and verifying the secondary boot image by using a first public key in a chip;
The first execution module is used for jumping to execute the secondary boot mirror image when the signature verification is successful and the hash value H2 obtained by signature verification is equal to the hash value H1;
the second transfer module is used for transferring the three-level boot image of the signature to a chip by the second-level boot image;
The second calculation module is used for calculating a hash value H3 corresponding to the three-level boot image and verifying the three-level boot image by using a second public key signature in the chip;
The second execution module is used for jumping to execute the three-level boot mirror image when the signature verification is successful and the hash value H4 obtained by signature verification is equal to the hash value H3;
the third moving module is used for moving the signed kernel mirror image to the chip after the initialization of the three-level boot mirror image is completed;
the third calculation module is used for calculating a hash value H5 corresponding to the kernel mirror image and verifying the kernel mirror image by using a third public key verification in the chip;
A third executing module, configured to jump to execute the kernel image when the signature verification is successful and the hash value H6 obtained by signature verification is equal to the hash value H5;
and when the second-level boot, the third-level boot and the kernel are mirror-imaged, obtaining corresponding hash values H2, H4 and H6 through hash calculation respectively and signing through corresponding private keys respectively.
a third aspect of the present invention provides a terminal, including:
A processor; and
A storage device comprising processor-executable instructions for performing the steps of the boot method when executed by a processor.
A fourth aspect of the present invention provides a computer-readable storage medium having stored thereon a computer program which, when being executed by a processor, carries out the steps of the method of booting.
According to the scheme, before the second-level boot image, the third-level boot image and the kernel image are executed, the hash values and the signatures of the second-level boot image, the third-level boot image and the kernel image are required to be verified respectively to be started in sequence, so that the second-level boot image, the third-level boot image and the kernel image are guaranteed to be legal, and potential safety hazards existing in the terminal starting process are avoided.
Drawings
Fig. 1 is a schematic structural diagram of a startup method according to an embodiment of the present invention.
Fig. 2 is a schematic structural diagram of a terminal according to an embodiment of the present invention.
fig. 3 is a schematic structural diagram of a starting apparatus according to an embodiment of the present invention.
the following detailed description will further illustrate the invention in conjunction with the above-described figures.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without any inventive step, are within the scope of the present invention. It is to be understood that the drawings are provided solely for the purposes of reference and illustration and are not intended as a definition of the limits of the invention.
fig. 1 illustrates a method for starting a terminal according to a first embodiment of the present invention, where the type of the terminal is not limited herein, and the terminal may be a small handheld terminal (e.g., a mobile phone) or a large terminal (e.g., a vehicle or a machine).
In the starting method provided by this embodiment, as shown in fig. 1, the method may include the following steps.
s100: and after power-on starting, moving the second-level boot image of the signature to the chip.
the secondary boot image may be moved from an external eMMC (Embedded Multi Media Card) or Flash to a RAM (Random-Access Memory) inside the chip through the boot.
When the server makes the secondary boot image, the secondary boot image is allowed to contain a public key, moreover, the server can calculate a hash value H2 of the qualified secondary boot image (namely, the secondary boot image made by the legal server image and with complete codes) through a hash algorithm, and then signature release can be carried out through a first secure asymmetric encrypted private key (such as RSA private key 1).
The public key that the second grade boot mirror contains can be for example follow-up verify sign tertiary boot mirror's asymmetric encryption's second public key (for example RSA public key 2) and kernel mirror's asymmetric encryption's third public key (for example RSA public key 3), the second public key with third public key with can be the same between the first public key, also can be inequality, preferably mutually different, can strengthen the security of verifying the sign at every turn like this.
s110: and calculating a corresponding hash value H1 of the secondary boot image and verifying the secondary boot image by using a first public key in the chip.
The first public key and the first private key in step S100 are a pair of public private keys. The first public key may be stored in an OTP (One Time Programmable) or the bootrom inside the chip, and belongs to a secure public key. The corresponding hash value H1 of the secondary boot image can be calculated (calculated by the same hash algorithm) through the bootrom, and the signed secondary boot image can be checked through the first public key. The two public keys and the third public key can also be stored in the OTP inside the chip.
s120: and if the verification is successful and the verified hash value H2 is equal to the hash value H1, skipping to execute the secondary boot mirror.
If the signature verification is successful, it indicates that the secondary boot image is legal, and may obtain a hash value H1, and may also obtain a second public key and a third public key (if included in the secondary boot image). If the hash value H2 is equal to the hash value H1, it indicates that the secondary boot image is complete, so that the validity and integrity of the secondary boot image can be ensured, and the secondary boot image can be executed. Once the secondary boot image is verified as legitimate and complete, the secondary boot image will run in the CPU kernel, running in the secure world (secure world).
it should be appreciated that if the signature verification is unsuccessful or the hash value H2 is not equal to the hash value H1, the start-up procedure may be stopped.
s130: and the second-level boot mirror image moves the third-level boot mirror image of the signature to the chip.
similar to the secondary boot image, when the server creates the tertiary boot image, the server also needs to calculate the hash value H4 of the tertiary boot image, and sign the hash value with a secure asymmetric encrypted second private key (e.g., RSA private key 2). The second private key and the second public key are a pair of public private keys. It should be understood that the second public key and the third public key may be provided not only in the secondary boot image, but also directly in the OTP inside the chip. The three-level boot image can be moved to DDR (double data rate synchronous dynamic random access memory).
S140: and calculating a corresponding hash value H3 of the three-level boot image and verifying the three-level boot image by using a second public key signature in the chip.
this step is similar to the step S110, and the step may calculate the hash value H3 of the tertiary boot image through the secondary boot image, and perform signature verification through the second public key. Because the three-level boot image runs in the non-secure world, the safety of the running of the three-level boot image can be further improved by calculating the hash value and checking the label through the two-level boot image running in the secure world.
S150: and if the verification is successful and the verified hash value H4 is equal to the hash value H3, skipping to execute the three-level boot image.
If the signature verification is successful, a hash value H4 can be obtained, and if the hash value H4 is equal to the hash value H3, it can be shown that the three-level boot image is complete, so that the validity and integrity of the three-level boot image can be ensured, and the three-level boot image can be executed.
S160: and after the initialization of the three-level boot mirror image is completed, the signed kernel mirror image is moved to a chip.
similar to the secondary boot image and the tertiary boot image, when the server creates the kernel image, the server also needs to calculate the hash value H6 of the kernel image and sign the kernel image with a secure asymmetric encrypted third private key (e.g., RSA private key 3). The kernel image can also be moved to DDR (double data rate synchronous dynamic random access memory).
s170: and calculating a corresponding hash value H5 of the kernel image and verifying the kernel image by using a third public key verification in the chip.
Because the kernel mirror image is the same as the three-level boot mirror image and runs in a non-secure world, the hash value H5 of the kernel mirror image can be calculated by an Open-source-Trusted Execution Environment (OPEN-OPEN Trusted Execution Environment) running in the secure world, and the third public key is used for signature verification, so that the hash value calculation and the signature verification process are carried out in the secure world, and the running security of the kernel mirror image can be further improved.
S180: and if the verification is successful and the verified hash value H6 is equal to the hash value H5, skipping to execute the kernel mirror.
if the verification is successful and the verified hash value H6 is equal to the hash value H5, the kernel image is legal and complete, and then the kernel image is executed, so that the kernel boot is completed.
According to the scheme, before each program is executed, the terminal of the embodiment needs to verify the legality and the integrity of the program, and the program can be executed only if the program is legal and complete, so that the safety of kernel starting is ensured, and the terminal can be prevented from being refreshed.
Preferably, in this embodiment, when the second boot image, the third boot image, and the kernel image are mirror-imaged, encryption is performed by using keys (for example, AES) of corresponding symmetric encryption algorithms respectively (three image files may be encrypted by using the same key), so as to obtain corresponding symmetric encrypted files, and then hash values H2, H4, and H6 are obtained by using corresponding hash algorithms respectively. And the key of the symmetric encryption algorithm can be stored in the OTP inside the secure chip of the terminal in advance, so that the security of the key of the symmetric encryption algorithm is ensured. In step S120, step S150, and step S180, if the signature verification is successful and the hash values are equal, the image file is decrypted by using the corresponding key in the OTP to obtain the decrypted secondary boot image, the decrypted tertiary boot image, and the kernel image, and then the corresponding image file is executed.
Fig. 2 is a block diagram of an embodiment of the terminal 100 according to the present invention, where the terminal 100 may include a processor 10, a storage device 20, and a starting device, and further includes a computer program, such as a starting program, stored in the storage device 20 and executable on the processor 10.
The processor 10 may be a Central Processing Unit (CPU), but may also be other general purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. A general-purpose processor may be a microprocessor or the processor may be any conventional processor or the like, which is the control center of the terminal 100 and connects the various parts of the entire terminal 100 using various interfaces and lines.
the storage device 20 may be used to store the computer programs and/or modules, and the processor 10 implements various functions of the terminal by running or executing the computer programs and/or modules stored in the storage device 20 and calling data stored in the storage device 20. The storage device 20 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, a program required for at least one function, and the like; the storage data area may store data created according to the use of the mobile phone, and the like. In addition, the storage device 20 may include a high speed random access storage device, and may also include a non-volatile storage device, such as a hard disk, a memory, a plug-in hard disk, a smart memory card, a secure digital card, a flash memory card, at least one piece of magnetic disk storage, a flash memory device, or other non-volatile solid state storage device.
Fig. 3 is a schematic structural diagram of the starting apparatus 200 provided in the present invention, and the starting apparatus 200 may include a first moving module 21, a first calculating module 22, a first executing module 23, a second moving module 24, a second calculating module 25, a second executing module 26, a third moving module 27, a third calculating module 28, and a third executing module 29.
The first moving module 21 is configured to move the second-level boot image of the signature to the chip after power-on startup;
The first calculating module 22 is configured to calculate a hash value H1 corresponding to the secondary boot image and verify the secondary boot image by using a first public key in the chip;
the first execution module 23 is configured to jump to execute a secondary boot image when the signature verification is successful and the hash value H2 obtained by signature verification is equal to the hash value H1;
The second moving module 24 is configured to move the third boot image of the signature to the chip by using the second boot image;
The second calculating module 25 is configured to calculate a hash value H3 corresponding to the three-level boot image and verify the three-level boot image by using a second public key signature in the chip;
The second execution module 26 is configured to jump to execute the three-level boot image when the verification is successful and the verified hash value H4 is equal to the hash value H3;
The third moving module 27 is configured to move the signed kernel mirror image to a chip after the initialization of the three-level boot mirror image is completed;
the third calculation module 28 is configured to calculate a hash value H5 corresponding to the kernel image and verify the kernel image by using a third public key verification in the chip;
The third execution module 29 is configured to jump to execute the kernel image when the verification is successful and the verified hash value H6 is equal to the hash value H5;
And when the second-level boot, the third-level boot and the kernel are mirror-imaged, obtaining corresponding hash values H2, H4 and H6 through hash calculation respectively and signing through corresponding private keys respectively.
Further, the first public key, the second public key, and the third public key may be the same or different.
further, the second public key and the third public key are included in the secondary boot image.
Further, before the hash values H2, H4, and H6 are calculated, the image file is further encrypted by a symmetric encryption algorithm, a key of the symmetric encryption algorithm is stored in the OTP inside the chip, the hash values H2, H4, and H6 are obtained by performing hash calculation on the corresponding encrypted image file, and in the step of verifying, if the verification is successful and the hash values are equal, the decrypted image file is obtained by decryption through the corresponding key.
Further, the hash value H1 of the secondary boot image is calculated by a bootrom inside the chip.
further, the hash value H3 of the three-level boot image is calculated from the two-level boot image.
Further, the hash value H5 of the kernel image is calculated by a secure operating system in the chip.
An embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps of the starting method.
the above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.

Claims (10)

1. A method of starting, the method comprising the steps of:
After power-on starting, moving the second-level boot image of the signature to the chip;
calculating a hash value H1 corresponding to the secondary boot image and verifying the secondary boot image by using a first public key in a chip;
If the signature verification is successful and the hash value H2 obtained by signature verification is equal to the hash value H1, skipping to execute the secondary boot mirror image;
the second-level boot mirror image moves the third-level boot mirror image of the signature to the chip;
Calculating a hash value H3 corresponding to the three-level boot image and verifying the three-level boot image by using a second public key signature in the chip;
If the signature verification is successful and the hash value H4 obtained by signature verification is equal to the hash value H3, skipping to execute the three-level boot mirror image;
after the initialization of the three-level boot mirror image is completed, moving the signed kernel mirror image to a chip;
Calculating a hash value H5 corresponding to the kernel mirror image and verifying the kernel mirror image by using a third public key verification in the chip;
if the verification is successful and the hash value H6 obtained by verification is equal to the hash value H5, skipping to execute the kernel mirror image;
and when the second-level boot, the third-level boot and the kernel are mirror-imaged, obtaining corresponding hash values H2, H4 and H6 through hash calculation respectively and signing through corresponding private keys respectively.
2. The boot method according to claim 1, wherein the first public key, the second public key, and the third public key are the same or different.
3. A boot method according to claim 1, wherein the second public key and the third public key are included in the secondary boot image.
4. a start-up method according to any one of claims 1-3, characterised in that before calculating said hash values H2, H4 and H6, the image file is further encrypted by a symmetric encryption algorithm, the key of which is stored in the OTP inside the chip, said hash values H2, H4 and H6 are respectively obtained by hash calculation for the corresponding encrypted image file, and in said step of signature verification, if the signature verification is successful and the hash values are equal, the decrypted image file is obtained by decryption with the corresponding key.
5. The boot method according to claim 1, wherein the hash value H1 of the secondary boot image is calculated by a boot rom inside a chip.
6. a boot method according to claim 1, characterized in that the hash value H3 of the tertiary boot image is calculated from the secondary boot image.
7. The boot method according to claim 1, wherein the hash value H5 of the kernel image is calculated from an OPTEE running in the secure world within a chip and signed.
8. an activation device, comprising:
the first moving module is used for moving the second-level boot image of the signature to the chip after the power-on starting;
the first calculation module is used for calculating a hash value H1 corresponding to the secondary boot image and verifying the secondary boot image by using a first public key in a chip;
the first execution module is used for jumping to execute the secondary boot mirror image when the signature verification is successful and the hash value H2 obtained by signature verification is equal to the hash value H1;
the second transfer module is used for transferring the three-level boot image of the signature to a chip by the second-level boot image;
The second calculation module is used for calculating a hash value H3 corresponding to the three-level boot image and verifying the three-level boot image by using a second public key signature in the chip;
the second execution module is used for jumping to execute the three-level boot mirror image when the signature verification is successful and the hash value H4 obtained by signature verification is equal to the hash value H3;
The third moving module is used for moving the signed kernel mirror image to the chip after the initialization of the three-level boot mirror image is completed;
The third calculation module is used for calculating a hash value H5 corresponding to the kernel mirror image and verifying the kernel mirror image by using a third public key verification in the chip;
a third executing module, configured to jump to execute the kernel image when the signature verification is successful and the hash value H6 obtained by signature verification is equal to the hash value H5;
and when the second-level boot, the third-level boot and the kernel are mirror-imaged, obtaining corresponding hash values H2, H4 and H6 through hash calculation respectively and signing through corresponding private keys respectively.
9. a terminal, characterized in that the terminal comprises:
A processor; and
Storage means comprising processor-executable instructions for performing the steps of the boot method of any one of claims 1 to 7 when executed by a processor.
10. a computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the startup method according to any one of claims 1 to 7.
CN201910853820.8A 2019-09-10 2019-09-10 Starting method, starting device, terminal and computer readable storage medium Pending CN110555309A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910853820.8A CN110555309A (en) 2019-09-10 2019-09-10 Starting method, starting device, terminal and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910853820.8A CN110555309A (en) 2019-09-10 2019-09-10 Starting method, starting device, terminal and computer readable storage medium

Publications (1)

Publication Number Publication Date
CN110555309A true CN110555309A (en) 2019-12-10

Family

ID=68739723

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910853820.8A Pending CN110555309A (en) 2019-09-10 2019-09-10 Starting method, starting device, terminal and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN110555309A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111767231A (en) * 2020-07-08 2020-10-13 瓴盛科技有限公司 Multi-platform Bootrom verification method, device, system and computer readable medium
CN112733208A (en) * 2020-12-31 2021-04-30 宸芯科技有限公司 Secure boot method and device of chip, secure chip and computer equipment
CN113127262A (en) * 2020-01-13 2021-07-16 北京地平线机器人技术研发有限公司 Method and device for generating mirror image file, electronic equipment and storage medium
WO2023092958A1 (en) * 2021-11-29 2023-06-01 宁德时代新能源科技股份有限公司 Safe starting method and apparatus for vehicle, and electronic control unit and storage medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104156659A (en) * 2014-08-14 2014-11-19 电子科技大学 Embedded system secure start method
CN108154025A (en) * 2017-12-22 2018-06-12 北京四达时代软件技术股份有限公司 Method, the method and device of application program mirror image processing of embedded device startup
CN108399339A (en) * 2018-02-12 2018-08-14 广东为辰信息科技有限公司 A kind of credible startup method based on safety chip
CN108491229A (en) * 2018-02-01 2018-09-04 烽火通信科技股份有限公司 A kind of method that Femtocell equipment safeties start
CN109284114A (en) * 2017-07-20 2019-01-29 深圳市中兴微电子技术有限公司 The automatic method for burn-recording of programmable chip in embedded system
CN110008689A (en) * 2019-04-15 2019-07-12 苏州浪潮智能科技有限公司 A kind of BMC starting method, apparatus, equipment and computer readable storage medium
CN110110526A (en) * 2019-05-08 2019-08-09 郑州信大捷安信息技术股份有限公司 A kind of safety starting device and method based on safety chip

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104156659A (en) * 2014-08-14 2014-11-19 电子科技大学 Embedded system secure start method
CN109284114A (en) * 2017-07-20 2019-01-29 深圳市中兴微电子技术有限公司 The automatic method for burn-recording of programmable chip in embedded system
CN108154025A (en) * 2017-12-22 2018-06-12 北京四达时代软件技术股份有限公司 Method, the method and device of application program mirror image processing of embedded device startup
CN108491229A (en) * 2018-02-01 2018-09-04 烽火通信科技股份有限公司 A kind of method that Femtocell equipment safeties start
CN108399339A (en) * 2018-02-12 2018-08-14 广东为辰信息科技有限公司 A kind of credible startup method based on safety chip
CN110008689A (en) * 2019-04-15 2019-07-12 苏州浪潮智能科技有限公司 A kind of BMC starting method, apparatus, equipment and computer readable storage medium
CN110110526A (en) * 2019-05-08 2019-08-09 郑州信大捷安信息技术股份有限公司 A kind of safety starting device and method based on safety chip

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113127262A (en) * 2020-01-13 2021-07-16 北京地平线机器人技术研发有限公司 Method and device for generating mirror image file, electronic equipment and storage medium
CN111767231A (en) * 2020-07-08 2020-10-13 瓴盛科技有限公司 Multi-platform Bootrom verification method, device, system and computer readable medium
CN111767231B (en) * 2020-07-08 2023-10-31 瓴盛科技有限公司 Multi-platform Bootrom verification method, device and system and computer readable medium
CN112733208A (en) * 2020-12-31 2021-04-30 宸芯科技有限公司 Secure boot method and device of chip, secure chip and computer equipment
CN112733208B (en) * 2020-12-31 2021-10-19 宸芯科技有限公司 Secure boot method and device of chip, secure chip and computer equipment
WO2023092958A1 (en) * 2021-11-29 2023-06-01 宁德时代新能源科技股份有限公司 Safe starting method and apparatus for vehicle, and electronic control unit and storage medium

Similar Documents

Publication Publication Date Title
US11438165B2 (en) Method and apparatus for processing transaction requests
CN109313690B (en) Self-contained encrypted boot policy verification
EP3641218B1 (en) Service authorization method, apparatus and device
JP6371919B2 (en) Secure software authentication and verification
JP5703391B2 (en) System and method for tamper resistant boot processing
CN110555309A (en) Starting method, starting device, terminal and computer readable storage medium
US9749141B2 (en) Secure boot devices, systems, and methods
EP2979221B1 (en) Systems, methods and apparatuses for secure storage of data using a security-enhancing chip
US9755831B2 (en) Key extraction during secure boot
CN112257086B (en) User privacy data protection method and electronic equipment
CN108229144B (en) Verification method of application program, terminal equipment and storage medium
JP6387908B2 (en) Authentication system
US11632239B2 (en) System and method for blockchain-based device authentication based on a cryptographic challenge
US11048801B2 (en) Method and apparatus for secure computing device start up
CN103109280A (en) Method for verifying a memory block of a nonvolatile memory
CN111046440B (en) Tamper verification method and system for secure area content
EP3785410B1 (en) Validation of short authentication data with a zero knowledge proof
CN117556430B (en) Safe starting method, device, equipment and storage medium
WO2021063484A1 (en) Systems and methods for attestation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: Floor 18, Keya Building 1, Yincheng Inc center, No. 59, Tianyuan West Road, Jiangning District, Nanjing, Jiangsu Province (Jiangning Development Zone)

Applicant after: Inbo supercomputing (Nanjing) Technology Co.,Ltd.

Address before: 518000 Guangdong Province Nanshan District Yuehai Street High-tech Zone Community High-tech South Sidao 028 ZTE A Block 201

Applicant before: Shenzhen Yingbo Supercomputing Technology Co.,Ltd.

RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20191210