CN110633055B - Method, device and related equipment for accessing RPMB partition - Google Patents

Method, device and related equipment for accessing RPMB partition Download PDF

Info

Publication number
CN110633055B
CN110633055B CN201910882681.1A CN201910882681A CN110633055B CN 110633055 B CN110633055 B CN 110633055B CN 201910882681 A CN201910882681 A CN 201910882681A CN 110633055 B CN110633055 B CN 110633055B
Authority
CN
China
Prior art keywords
rpmb
virtual
rpmb partition
partition
actual
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910882681.1A
Other languages
Chinese (zh)
Other versions
CN110633055A (en
Inventor
李伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Dongsoft Group Dalian Co ltd
Neusoft Corp
Original Assignee
Dongsoft Group Dalian Co ltd
Neusoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Dongsoft Group Dalian Co ltd, Neusoft Corp filed Critical Dongsoft Group Dalian Co ltd
Priority to CN201910882681.1A priority Critical patent/CN110633055B/en
Publication of CN110633055A publication Critical patent/CN110633055A/en
Application granted granted Critical
Publication of CN110633055B publication Critical patent/CN110633055B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0602Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
    • G06F3/062Securing storage systems
    • G06F3/0622Securing storage systems in relation to access
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0638Organizing or formatting or addressing of data
    • G06F3/0644Management of space entities, e.g. partitions, extents, pools
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0662Virtualisation aspects
    • G06F3/0665Virtualisation aspects at area level, e.g. provisioning of virtual or logical volumes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0668Interfaces specially adapted for storage systems adopting a particular infrastructure
    • G06F3/0671In-line storage system
    • G06F3/0673Single storage device
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Abstract

The application discloses a method, a device and related equipment for accessing an RPMB partition, which are characterized in that a plurality of virtual RPMB partitions are partitioned in a virtual service system, and corresponding virtual RPMB partitions are configured for each virtual machine. When the virtual service system is used, the virtual service system receives a virtual RPMB partition access request sent by the virtual machine, and determines the access operation address of the actual RPMB partition in the secure storage device according to the identification of the virtual machine and the access operation address of the virtual RPMB partition corresponding to the virtual machine in the virtual RPMB partition access request. The actual RPMB partition access request is then sent to a secure storage device, which may access the actual RPMB partition according to the operation address of the actual RPMB partition in the actual RPMB partition access request. In other words, by virtualizing the RPMB partition, a virtual RPMB partition is configured for each virtual machine, so that access of a plurality of virtual machines is supported on a secure storage device with only one RPMB partition, and synchronization and secure storage of data are realized.

Description

Method, device and related equipment for accessing RPMB partition
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a method, an apparatus, and a related device for accessing RPMB partitions.
Background
With the upgrade of car entertainment systems, it is often necessary to support the screen display and entertainment requirements of multiple seats simultaneously so that the operation between passengers is not affected by each other. To achieve the above functions, multiple operating systems (such as Android systems) need to be supported on the same chip at the same time, and secure data storage on each operating system needs to be supported by a replay protection memory block (Replay Protected Memory Block, RPMB) partition.
Currently, secure storage devices, such as embedded multimedia cards (Embedded Multi Media Card, EMMC), have only one RPMB partition, and in actual use, the secure storage device will allocate the entire RPMB partition for use by an operating system. However, when multiple operating systems are simultaneously running on the virtual system, if the RPMB partition is simultaneously allocated to each operating system for use, on one hand, data synchronization errors may be caused, and on the other hand, each operating system may learn the security data of other operating systems, which easily causes potential safety hazards.
Disclosure of Invention
In view of this, the embodiments of the present application provide a method, apparatus and related device for accessing an RPMB partition, so as to solve the problem caused by using the same RPMB partition by different systems.
In order to solve the above problems, the technical solution provided in the embodiments of the present application is as follows:
a method of accessing a replay protected memory block RPMB partition, the method comprising:
receiving a virtual RPMB partition access request sent by a virtual machine, wherein the virtual RPMB partition access request comprises an access operation address of a virtual RPMB partition corresponding to the virtual machine;
determining the access operation address of the actual RPMB partition in the secure storage equipment according to the identification of the virtual machine and the access operation address of the virtual RPMB partition corresponding to the virtual machine;
sending an actual RPMB partition access request to the secure storage device, so that the secure storage device accesses the actual RPMB partition according to the actual RPMB partition access request; the actual RPMB partition access request comprises an operation address of the actual RPMB partition.
In one possible implementation manner, the receiving the virtual RPMB partition access request sent by the virtual machine includes:
receiving a virtual RPMB partition writing request sent by a virtual machine, wherein the virtual RPMB partition writing request comprises a writing operation address of a virtual RPMB partition corresponding to the virtual machine, RPMB data to be written and a first digital signature, the first digital signature is obtained by signing the RPMB data to be written by the virtual machine by using a first key, and the first key corresponds to the virtual machine one by one.
In one possible implementation manner, the determining the access operation address of the actual RPMB partition of the secure storage device according to the identifier of the virtual machine and the access operation address of the virtual RPMB partition corresponding to the virtual machine includes:
signing the RPMB data to be written by using the first key to obtain a second digital signature;
and if the second digital signature is the same as the first digital signature, determining the writing operation address of the actual RPMB partition in the secure storage equipment according to the identification of the virtual machine and the writing operation address of the virtual RPMB partition corresponding to the virtual machine.
In one possible implementation manner, the sending the actual RPMB partition access request to the secure storage device, so that the secure storage device accesses the actual RPMB partition according to the actual RPMB partition access request, includes:
signing the RPMB data to be written by using a second key to obtain a third digital signature; the actual RPMB partition writing request comprises the RPMB data to be written and the third digital signature;
and sending the actual RPMB partition writing request to the secure storage equipment, so that the secure storage equipment writes the RPMB data to be written into the actual RPMB partition after the third digital signature is verified by the secure storage equipment through the second key.
In one possible implementation manner, the virtual RPMB partition access request is a virtual RPMB partition read request, the access operation address of the actual RPMB partition is a read operation address of the actual RPMB partition, the actual RPMB partition access request is an actual RPMB partition read request, and the virtual RPMB partition read request and the actual RPMB partition read request further include a random number, where the random number is generated by the virtual machine.
In one possible implementation, after sending the actual RPMB partition read request to the secure storage device, the method further comprises:
receiving first feedback information sent by the secure storage device; the first feedback information comprises the random number, RPMB data to be read and a fourth digital signature, and the fourth digital signature is obtained by signing the data to be read and the random number by the secure storage device through a second key;
verifying the first feedback information by using the second key;
if the first feedback information is verified, sending second feedback information to the virtual machine, so that the virtual machine verifies the second feedback information by using a first key; the second feedback information comprises the random number, the RPMB data to be read and a fifth digital signature, and the fifth digital signature is obtained by signing the RPMB data to be read and the random number by using the first key; the first secret keys are in one-to-one correspondence with the virtual machines.
In one possible implementation manner, the verifying the first feedback information with the second key includes:
signing the RPMB data to be read and the random number by using the second secret key to obtain a sixth digital signature;
and if the fourth digital signature is the same as the sixth digital signature, verifying the first feedback information.
In one possible implementation, the method further includes:
and generating a first key and sending the corresponding first key to the virtual machine.
In one possible implementation manner, the determining the access operation address of the actual RPMB partition in the secure storage device according to the identifier of the virtual machine and the access operation address of the virtual RPMB partition corresponding to the virtual machine includes:
multiplying the identification of the virtual machine by the storage space size of the virtual RPMB partition corresponding to the virtual machine to obtain an address offset;
and adding the address offset to the access operation address of the virtual RPMB partition corresponding to the virtual machine, and determining the sum value as the access operation address of the actual RPMB partition in the secure storage equipment.
An apparatus for accessing a playback-protected memory block RPMB partition, the apparatus comprising:
The first receiving unit is used for receiving a virtual RPMB partition access request sent by a virtual machine, wherein the virtual RPMB partition access request comprises an access operation address of a virtual RPMB partition corresponding to the virtual machine;
the determining unit is used for determining the access operation address of the actual RPMB partition in the secure storage equipment according to the identification of the virtual machine and the access operation address of the virtual RPMB partition corresponding to the virtual machine;
the first sending unit is used for sending an actual RPMB partition access request to the secure storage equipment so that the secure storage equipment accesses the actual RPMB partition according to the actual RPMB partition access request; the actual RPMB partition access request comprises an operation address of the actual RPMB partition.
The first receiving unit is specifically configured to receive a virtual RPMB partition writing request sent by a virtual machine, where the virtual RPMB partition writing request includes a writing operation address of a virtual RPMB partition corresponding to the virtual machine, RPMB data to be written, and a first digital signature, where the first digital signature is obtained by signing the RPMB data to be written by the virtual machine by using a first key, and the first key corresponds to the virtual machine one by one.
A computer readable storage medium having instructions stored therein which, when executed on a terminal device, cause the terminal device to perform the method of accessing a playback protected memory block RPMB partition.
An apparatus for accessing a playback-protected memory block RPMB partition, comprising: the method comprises the steps of accessing a playback protection memory block (RPMB) partition, storing a memory, a processor and a computer program stored in the memory and capable of running on the processor, wherein the processor realizes the method for accessing the playback protection memory block (RPMB) partition when executing the computer program.
From this, the embodiment of the application has the following beneficial effects:
in the embodiment of the application, a plurality of virtual RPMB partitions are firstly partitioned in a virtual service system, and corresponding virtual RPMB partitions are configured for each virtual machine. When the method is specifically used, the virtual service system receives a virtual RPMB partition access request sent by the virtual machine, and determines the access operation address of the actual RPMB partition in the secure storage device according to the identification of the virtual machine and the access operation address of the virtual RPMB partition corresponding to the virtual machine in the virtual RPMB partition access request. The actual RPMB partition access request is then sent to a secure storage device, which may access the actual RPMB partition according to the operation address of the actual RPMB partition in the actual RPMB partition access request. That is, by virtualizing the RPMB partition in the secure storage device, the embodiment of the present application implements configuring a virtual RPMB partition for each virtual machine, so as to support access of multiple virtual machines on the secure storage device with only one RPMB partition, and implement synchronization and secure storage of data.
Drawings
Fig. 1 is a schematic view of an application scenario provided in an embodiment of the present application;
FIG. 2 is a flowchart of a method for accessing an RPMB partition according to an embodiment of the present application;
fig. 3 is a schematic diagram of RPMB partitioning according to an embodiment of the present disclosure;
FIG. 4 is a flowchart of another method for accessing RPMB partition according to an embodiment of the present application;
FIG. 5 is a flowchart of yet another method for accessing RPMB partition according to an embodiment of the present application;
FIG. 6 is a diagram of an access RPMB partition framework provided by an embodiment of the present application;
fig. 7 is a block diagram of an apparatus for accessing RPMB partition according to an embodiment of the present application.
Detailed Description
In order to make the above objects, features and advantages of the present application more comprehensible, embodiments accompanied with figures and detailed description are described in further detail below.
The inventor found in research on conventional RPMB partition usage schemes that since a secure storage device such as EMMC has only one RPMB partition, the secure storage device would allocate the RPMB partition for use by an operating system in actual use. However, when multiple operating systems are running simultaneously on a virtual system, if RPMB partitions are allocated for each operating system to use, data synchronization errors and data leakage problems may result.
Based on this, the embodiment of the application provides a method for accessing and replaying an RPMB partition of a protection memory block, in order to support multiple virtual machines to access the RPMB partition simultaneously, multiple RPMB virtual partitions are virtualized in a virtual service system, and a virtual RPMB partition is allocated to each virtual machine. When the virtual machine needs to access the RPMB partition, a virtual RPMB partition access request is sent to the virtual service system, wherein the virtual RPMB partition access request comprises an access operation address of the virtual RPMB partition corresponding to the virtual machine. After receiving a virtual RPMB partition access request sent by a virtual machine, the virtual service system determines an access operation address of an actual RPMB partition corresponding to the access operation address of the virtual RPMB partition in the secure storage device according to the identification of the virtual machine and the access operation address of the virtual RPMB partition corresponding to the virtual machine. And then, sending the actual RPMB partition access request to the secure storage equipment, wherein the actual RPMB partition access request comprises the operation address of the actual RPMB partition, so that the secure storage equipment can access the actual RPMB partition according to the operation address of the actual RPMB partition, thereby realizing that a plurality of virtual machines access different areas in the RPMB partition simultaneously, and ensuring the synchronization of data and the security of data storage.
For the convenience of understanding the technical solution provided in the present application, referring to the application scenario schematic diagram shown in fig. 1, as shown in fig. 1, in this application scenario, at least one virtual machine 101, a virtual service system 102 and a secure storage device 103 may be included, where the method provided in the present embodiment may be applied to the virtual service system 102.
In practical application, the virtual service system 102 may receive the virtual RPMB partition access requests sent by the multiple virtual machines 101, and determine the access operation address of the practical RPMB partition in the secure storage device according to the access operation address of the virtual RPMB partition corresponding to the virtual machine in the virtual RPMB partition access request and the identifier of the virtual machine. Then, the virtual server system 102 transmits an actual RPMB partition access request including the operation address of the actual RPMB partition to the secure storage device 103, thereby causing the secure storage device 103 to access according to the operation address of the actual RPMB partition.
Those skilled in the art will appreciate that the frame diagram shown in fig. 1 is but one example in which embodiments of the present application may be implemented. The scope of applicability of the embodiments of the application is not limited in any way by the framework.
In order to facilitate understanding of the specific implementation of the technical solution of the present application, the method for accessing and replaying the protected memory block provided in the present application will be described below with reference to the accompanying drawings.
Referring to fig. 2, a flowchart of a method for accessing an RPMB partition of a replay protection memory block according to an embodiment of the present application is shown in fig. 2, where the method may include:
s201: and receiving a virtual RPMB partition access request sent by the virtual machine.
In this embodiment, when a virtual machine needs to access an actual RPMB partition, a virtual RPMB partition access request is first sent to a virtual service system, where the virtual RPMB partition access request includes an access operation address of a virtual RPMB partition corresponding to the virtual machine. That is, each virtual machine corresponds to a virtual RPMB partition, and when an actual RPMB partition needs to be accessed, the virtual service system sends the access operation address of the virtual RPMB partition corresponding to the virtual service system, so that the virtual service system can correspond to the access operation address of the actual RPMB partition according to the access operation address of the virtual RPMB partition.
The storage space size of the virtual RPMB partition that can be accessed by each virtual machine is predetermined according to the storage space size of the actual RPMB partition and the number of the virtual machines, and the determining manner may be: the storage size of the virtual RPMB partition that each virtual machine can access is equal to the storage size of the actual RPMB partition divided by the number of virtual machines. For example, the storage space of the actual RPMB partition is 4KB, and the number of virtual machines is 2, so that the storage space of the virtual RPMB partition that can be accessed by each virtual machine is 2KB.
After determining the storage space size of each virtual RPMB partition, the virtual service system may notify each virtual machine of the storage space size of the virtual RPMB partition, so that the access operation address range of the virtual RPMB partition sent by the virtual machine is within the storage space size range of the virtual RPMB partition. For example, if the storage space size of the virtual RPMB partition is 2KB, the access operation address range of the virtual RPMB partition sent by the virtual machine is within the range of 0-2 KB. It will be appreciated that in actual practice, the access of the virtual machine to the RPMB partition may include writing data to or reading data from the RPMB partition. That is, the virtual RPMB partition access request sent by the virtual machine may be a virtual RPMB partition write request or a virtual RPMB partition read request. The specific implementation of writing data to or reading data from an RPMB partition will be described in the following embodiments.
S202: and determining the access operation address of the actual RPMB partition in the secure storage equipment according to the identification of the virtual machine and the access operation address of the virtual RPMB partition corresponding to the virtual machine.
After the virtual service system obtains the access operation address of the virtual RPMB partition corresponding to a certain virtual machine, the access operation address of the virtual RPMB partition corresponding to the actual RPMB partition in the secure storage device can be determined according to the identification of the virtual machine and the access operation address of the virtual RPMB partition.
In a specific implementation, the embodiment of the application provides an implementation manner for determining an access operation address of an actual RPMB partition according to an identifier of a virtual machine and an access operation address of a virtual RPMB partition corresponding to the virtual machine, which specifically may include:
1) And multiplying the identification of the virtual machine by the storage space size of the virtual RPMB partition corresponding to the virtual machine to obtain the address offset.
In this embodiment, the address offset is determined by the identifier of the virtual machine and the storage space size of the virtual RPMB partition corresponding to the virtual machine. The storage space size of the virtual RPMB partition corresponding to the virtual machine may be determined according to the storage space size of the whole actual RPMB partition and the number of the virtual machines.
2) And adding the address offset to the access operation address of the virtual RPMB partition corresponding to the virtual machine, and determining the sum of the address offset and the access operation address of the virtual RPMB partition as the access operation address of the actual RPMB partition in the secure storage equipment.
In particular implementations, the access operation address of the actual RPMB partition may be determined by the following formula:
addR=ID*Size+addV (1)
the addR represents an access operation address of an actual RPMB partition, the ID is an identification of the virtual machine, the Size is a storage space Size of the virtual RPMB partition corresponding to the virtual machine, and the addV represents the access operation address of the virtual RPMB partition.
For example, as shown in fig. 3, the storage space of the actual RPMB partition is 4KB in total, and coexists in 2 virtual machines. Wherein 0-2KB of RPMB partition 0 is allocated to the 1 st virtual machine and 2KB-4KB of RPMB partition 1 is allocated to the 2 nd virtual machine. Wherein, the 1 st virtual machine is identified as 0, and the 2 nd virtual machine is identified as 1. When the access operation address of the virtual RPMB partition corresponding to the 1 st virtual machine is the operation address of 1KB, the access operation address of the corresponding actual RPMB partition can be determined to be the operation address of 1KB through the formula (1); when the access operation address of the virtual RPMB partition corresponding to the 2 nd virtual machine is the operation address of 1KB, the access operation address of the corresponding actual RPMB partition can be determined to be the operation address of 3KB through formula (1).
S203: and sending the actual RPMB partition access request to the secure storage equipment, so that the secure storage equipment accesses the RPMB partition according to the actual RPMB partition access request.
In this embodiment, when determining the access operation address of the actual RPMB partition, the virtual service system sends an actual RPMB partition access request including the access operation address of the actual RPMB partition to the secure storage device, so that the secure storage device accesses the actual RPMB partition according to the operation address of the actual RPMB partition, and further, multiple virtual machines access the RPMB partition simultaneously. It can be understood that the access operation addresses of the actual RPMB partition determined according to the virtual RPMB partition access requests sent by different virtual machines are in different areas in the actual RPMB partition, that is, each virtual machine correspondingly uses a space corresponding to a section of address in the actual RPMB partition, and each virtual machine cannot learn the security data of other virtual machines in the actual RPMB partition.
As can be seen from the above description, the present embodiment divides a plurality of virtual RPMB partitions in a virtual service system, and configures a corresponding virtual RPMB partition for each virtual machine. When the method is specifically used, the virtual service system receives a virtual RPMB partition access request sent by the virtual machine, and determines the access operation address of the actual RPMB partition in the secure storage device according to the identification of the virtual machine and the access operation address of the virtual RPMB partition corresponding to the virtual machine in the virtual RPMB partition access request. The actual RPMB partition access request is then sent to a secure storage device, which may access the actual RPMB partition according to the operation address of the actual RPMB partition in the actual RPMB partition access request. That is, by virtualizing the RPMB partition in the secure storage device EMMC, the embodiment of the present application implements configuring a virtual RPMB partition for each virtual machine, so as to support access of multiple virtual machines on the secure storage device having only one RPMB partition, and implement synchronization and secure storage of data.
Based on the above embodiments, the virtual RPMB partition access request sent by the virtual machine to the virtual service system may be a virtual RPMB partition write request or a virtual RPMB partition read request, which will be described below with reference to the accompanying drawings for facilitating understanding of specific implementations of two different requests.
Referring to fig. 4, a flowchart of another method for accessing an RPMB partition of a replay protection memory block according to an embodiment of the present application is shown in fig. 4, where the method may include:
s401: and receiving a virtual RPMB partition write-in request sent by the virtual machine.
In this embodiment, since the virtual machine performs a data writing operation to the RPMB partition, the virtual RPMB partition writing request may include a writing operation address of the virtual RPMB partition corresponding to the virtual machine, and RPMB data to be written. In practical application, to ensure that the written data is safe data, the virtual machine RPMB partition writing request can also comprise a first digital signature, wherein the first digital signature is obtained by the virtual machine by utilizing a first key to write the RPMB data signature, and the first key corresponds to the virtual machine one by one.
That is, in practical applications, to ensure the security of the transmitted data, a first key may be allocated to each virtual machine, and the first key of each virtual machine is different. The virtual machine and the virtual service system conduct signature authentication through the first secret key. In specific implementation, the virtual service system generates a first key and sends the first key corresponding to the virtual machine.
S402: and signing the data to be written by using the first key to obtain a second digital signature.
S403: and if the second digital signature is the same as the first digital signature, determining the write operation address of the actual RPMB partition of the secure storage device according to the identification of the virtual machine and the write operation address of the virtual RPMB partition corresponding to the virtual machine.
In this embodiment, after the virtual service system receives the virtual RPMB partition writing request sent by the virtual machine, the data to be written may be signed by using the first key corresponding to the virtual machine, so as to obtain the second digital signature. And judging whether the first digital signature is the same as the second digital signature, if so, indicating that the received data to be written is not tampered, and verifying the data to be written as safe data. And after the verification is passed, determining the write operation address of the actual RPMB partition in the secure storage device according to the identification of the virtual machine and the write operation address of the virtual RPMB partition corresponding to the virtual machine. If the verification is not passed, indicating that the data may be tampered with, the transmission of the data is stopped.
The specific implementation of determining the write operation address of the actual RPMB partition in the secure storage device according to the identifier of the virtual machine and the write operation address of the virtual RPMB partition corresponding to the virtual machine may be implemented by using the formula (1), which is not described herein.
S404: and signing the RPMB data to be written by using the second key to obtain a third digital signature.
In this embodiment, after determining the write operation address of the actual RPMB partition in the secure storage device, the virtual service system signs the data to be written with the second key to obtain the third digital signature, thereby obtaining the actual RPMB partition write request. The actual RPMB partition write request includes the RPMB data to be written and a third digital signature.
Wherein the second keys are keys fixed to the secure storage devices, each secure storage device having a unique second key. The second key may be read from the secure storage device when the virtual service system starts up running.
S405: and sending the actual RPMB partition writing request to the secure storage device, so that the secure storage device writes the RPMB data to be written into the actual RPMB partition after the third digital signature is verified by the second key.
In this embodiment, after the virtual service system obtains the actual RPMB partition writing request, the actual RPMB partition writing request is sent to the secure storage device, and the secure storage device verifies the third digital signature by using the second key, after verification, the fact that the RPMB data to be written in the actual RPMB partition writing request is the secure data is indicated, and then the RPMB data to be written in is written in the actual RPMB partition.
In specific implementation, after receiving an actual RPMB partition writing request, the secure storage device signs the RPMB data to be written with the second key, and obtains a seventh digital signature. If the seventh digital signature is the same as the third digital signature, the verification is passed, and the RPMB data to be written is written into the actual RPMB partition; otherwise, no write operation is performed.
The above embodiments introduce a specific implementation that the virtual RPMB partition access request is a virtual RPMB partition write request, when the virtual RPMB partition access request is a virtual RPMB partition read request, an access operation address of an actual RPMB partition is a read operation address of an actual RPMB partition, the actual RPMB partition access request is an actual RPMB partition read request, and the virtual RPMB partition read request and the actual RPMB partition read request further include a random number, where the random number is generated by a virtual machine, and the random number may be used to verify whether the read data is tampered during a transmission process.
It can be understood that when the virtual RPMB partition access request received by the virtual service system is a virtual RPMB partition read request, the actual RPMB partition read request is sent to the secure storage device, so that the secure storage device reads RPMB data to be read from the actual RPMB partition, sends the read RPMB data to be read to the virtual service system, and then the virtual service system forwards the read RPMB data to the virtual machine, thereby realizing data reading. The implementation of the virtual service system after receiving the RPMB data to be read will be described with reference to the accompanying drawings.
Referring to fig. 5, a flowchart of still another method for accessing an RPMB partition of a replay protection memory block according to an embodiment of the present application is shown in fig. 5, where the method may include:
s501: and receiving the first feedback information sent by the secure storage device.
In this embodiment, after the secure storage device obtains the RPMB data to be read according to the actual RPMB partition read request, the secure storage device sends the first feedback information to the virtual service system. The first feedback information comprises a random number, data to be read and a fourth digital signature. The fourth digital signature is obtained by signing the RPMB data to be read and the random number by the secure storage device by using a second key, wherein the second key is a key fixed by the secure storage device, and each secure storage device is provided with a unique second key. The second key may be read from the secure storage device when the virtual service system starts up running.
That is, after the secure storage device obtains the data to be read, the secure storage device combines the random number and the data to be read, and signs the combined random number and the RPMB data to be read by using the second key, so as to obtain a fourth digital signature.
S502: the first feedback information is verified using the second key.
S503: and if the first feedback information is verified, sending the second feedback information to the virtual machine, so that the virtual machine verifies the second feedback information by using the first key.
In this embodiment, after the virtual service system acquires the first feedback information, the first feedback information is verified by using the second key stored in the virtual service system. And if the verification is passed, indicating that the acquired RPMB data to be read is the security data, and sending second feedback information to the virtual machine. If the verification is not passed, the second feedback information is not sent.
The second feedback information comprises the random number, the RPMB data to be read and a fifth digital signature, and the fifth digital signature is obtained by signing the RPMB data to be read and the random number by the virtual service system through a first key. Wherein the first key corresponds to the virtual machine one by one. In practical applications, to ensure the security of the transmitted data, a first key may be allocated to each virtual machine. The virtual machine and the virtual service system conduct signature authentication through the first secret key. In specific implementation, the virtual service system generates a first key and sends the first key corresponding to the virtual machine.
The virtual service system verifies the first feedback information by using the second key, and specifically includes: signing the RPMB data to be read and the random number by using the second secret key to obtain a sixth digital signature; if the fourth digital signature and the sixth digital signature are identical, it is determined that the first feedback information is verified. The virtual service system combines the RPMB data to be read and the random number in the first feedback information after the first feedback information is acquired, and signs the combined RPMB data to be read and the random number by using the second key to acquire a sixth digital signature. If the sixth digital signature is identical to the fourth digital signature, indicating that the RPMB data to be read is not tampered, determining that the first feedback information passes verification.
The virtual machine verifies the second feedback information by using the first key, which may specifically include: firstly judging whether the random number in the second feedback information is the same as the random number sent by the user, if so, signing the RPMB data to be read and the random number by using the first key to obtain an eighth digital signature, and judging whether the eighth digital signature is the same as the fifth digital signature, if so, indicating that the acquired RPMB data to be read is the data to be read by the virtual machine, and storing the data; and if the two signatures are different or the received random number is different from the random number sent by the user, discarding the obtained RPMB data to be read.
For the sake of understanding the technical solution of the present application, reference is made to fig. 6, which is a frame diagram of an access replay protection memory block RPMB, and is illustrated by taking a virtual machine as an example. The virtual machine 1 may include a secure storage trusted computing application module and an encryption/decryption trusted computing application module. Wherein the first key in the encryption/decryption trusted computing application is generated by the virtual service system using a random number and sent to the virtual machine 1 via a secure channel. The RPMB access agent application module in the virtual machine 1 interacts with the virtual RPMB drive of the virtual service system through the RPMB access front-end drive module. After receiving an access request sent by an RPMB access front-end driving module, the virtual RPMB driver interacts with the RPMB driver of the control kernel to map access operation addresses of the virtual RPMB partition, obtain the access operation addresses of the actual RPMB partition, and then access the actual RPMB partition.
Based on the above method embodiments, the present application further provides an apparatus for accessing an RPMB partition of a replay protection memory block, and the apparatus will be described with reference to the accompanying drawings.
Referring to fig. 7, the block diagram of an RPMB partition device for accessing and replaying a protected memory according to an embodiment of the present application, as shown in fig. 7, the device may include:
A first receiving unit 701, configured to receive a virtual RPMB partition access request sent by a virtual machine, where the virtual RPMB partition access request includes an access operation address of a virtual RPMB partition corresponding to the virtual machine;
a determining unit 702, configured to determine an access operation address of an actual RPMB partition in the secure storage device according to the identifier of the virtual machine and the access operation address of the virtual RPMB partition corresponding to the virtual machine;
a first sending unit 703, configured to send an actual RPMB partition access request to the secure storage device, so that the secure storage device accesses the actual RPMB partition according to the actual RPMB partition access request; the actual RPMB partition access request comprises an operation address of the actual RPMB partition.
In one possible implementation manner, the first receiving unit is specifically configured to receive a virtual RPMB partition writing request sent by a virtual machine, where the virtual RPMB partition writing request includes a writing operation address of a virtual RPMB partition corresponding to the virtual machine, RPMB data to be written, and a first digital signature, where the first digital signature is obtained by signing the RPMB data to be written by the virtual machine by using a first key, and the first key is in one-to-one correspondence with the virtual machine.
In one possible implementation manner, the determining unit includes:
the first acquisition subunit is used for signing the RPMB data to be written by utilizing the first key to obtain a second digital signature;
and the determining subunit is used for determining the writing operation address of the actual RPMB partition in the secure storage equipment according to the identification of the virtual machine and the writing operation address of the virtual RPMB partition corresponding to the virtual machine if the second digital signature is the same as the first digital signature.
In one possible implementation, the first transmitting unit includes:
the second obtaining subunit is used for signing the RPMB data to be written by using a second key to obtain a third digital signature; the actual RPMB partition writing request comprises the RPMB data to be written and the third digital signature;
and the sending subunit is used for sending the actual RPMB partition writing request to the secure storage equipment, so that the secure storage equipment writes the RPMB data to be written into the actual RPMB partition after the third digital signature is verified by the second key.
In one possible implementation manner, the virtual RPMB partition access request is a virtual RPMB partition read request, the access operation address of the actual RPMB partition is a read operation address of the actual RPMB partition, the actual RPMB partition access request is an actual RPMB partition read request, and the virtual RPMB partition read request and the actual RPMB partition read request further include a random number, where the random number is generated by the virtual machine.
In one possible implementation, the apparatus further includes:
the second receiving unit is used for receiving the first feedback information sent by the secure storage device after the first sending unit is executed; the first feedback information comprises the random number, RPMB data to be read and a fourth digital signature, and the fourth digital signature is obtained by signing the data to be read and the random number by the secure storage device through a second key;
the verification unit is used for verifying the first feedback information by using the second key;
the second sending unit is used for sending second feedback information to the virtual machine if the first feedback information passes verification, so that the virtual machine verifies the second feedback information by using a first key; the second feedback information comprises the random number, the RPMB data to be read and a fifth digital signature, and the fifth digital signature is obtained by signing the RPMB data to be read and the random number by using the first key; the first secret keys are in one-to-one correspondence with the virtual machines.
In a possible implementation manner, the verification unit is specifically configured to sign the RPMB data to be read and the random number by using the second key, so as to obtain a sixth digital signature; and if the fourth digital signature is the same as the sixth digital signature, verifying the first feedback information.
In one possible implementation, the apparatus further includes:
and the generating unit is used for generating the first key and sending the corresponding first key to the virtual machine.
In one possible implementation manner, the determining unit includes:
the third obtaining subunit is used for multiplying the identifier of the virtual machine by the storage space size of the virtual RPMB partition corresponding to the virtual machine to obtain an address offset;
and the computing subunit is used for adding the address offset and the access operation address of the virtual RPMB partition corresponding to the virtual machine, and determining the sum value of the address offset and the access operation address of the virtual RPMB partition as the access operation address of the actual RPMB partition in the secure storage equipment.
It should be noted that, in this embodiment, specific implementations of each unit may be referred to the above method examples, and this embodiment is not limited herein.
In addition, the embodiment of the application also provides a computer readable storage medium, wherein the computer readable storage medium stores instructions, and when the instructions run on the terminal equipment, the terminal equipment is caused to execute the method for accessing the playback protection memory block RPMB partition.
The embodiment of the application provides equipment for accessing an RPMB partition of a replay protection memory block, which comprises the following steps: the method comprises the steps of accessing a playback protection memory block (RPMB) partition, storing a memory, a processor and a computer program stored in the memory and capable of running on the processor, wherein the processor realizes the method for accessing the playback protection memory block (RPMB) partition when executing the computer program.
Based on the above embodiments, in the embodiments of the present application, a plurality of virtual RPMB partitions are first partitioned in a virtual service system, and a corresponding virtual RPMB partition is configured for each virtual machine. When the method is specifically used, the virtual service system receives a virtual RPMB partition access request sent by the virtual machine, and determines the access operation address of the actual RPMB partition in the secure storage device according to the identification of the virtual machine and the access operation address of the virtual RPMB partition corresponding to the virtual machine in the virtual RPMB partition access request. The actual RPMB partition access request is then sent to a secure storage device, which may access the actual RPMB partition according to the operation address of the actual RPMB partition in the actual RPMB partition access request. That is, by virtualizing the RPMB partition in the secure storage device, the embodiment of the present application implements configuring a virtual RPMB partition for each virtual machine, so as to support access of multiple virtual machines on the secure storage device with only one RPMB partition, and implement synchronization and secure storage of data.
It should be noted that, in the present description, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different manner from other embodiments, and identical and similar parts between the embodiments are all enough to refer to each other. For the system or device disclosed in the embodiments, since it corresponds to the method disclosed in the embodiments, the description is relatively simple, and the relevant points refer to the description of the method section.
It should be understood that in this application, "at least one" means one or more, and "a plurality" means two or more. "and/or" for describing the association relationship of the association object, the representation may have three relationships, for example, "a and/or B" may represent: only a, only B and both a and B are present, wherein a, B may be singular or plural. The character "/" generally indicates that the context-dependent object is an "or" relationship. "at least one of" or the like means any combination of these items, including any combination of single item(s) or plural items(s). For example, at least one (one) of a, b or c may represent: a, b, c, "a and b", "a and c", "b and c", or "a and b and c", wherein a, b, c may be single or plural.
It is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. The software modules may be disposed in Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. A method of accessing a playback-protected memory block RPMB partition, the method comprising:
receiving a virtual RPMB partition access request sent by a virtual machine, wherein the virtual RPMB partition access request comprises an access operation address of a virtual RPMB partition corresponding to the virtual machine;
Determining the access operation address of the actual RPMB partition in the secure storage equipment according to the identification of the virtual machine and the access operation address of the virtual RPMB partition corresponding to the virtual machine;
sending an actual RPMB partition access request to the secure storage device, so that the secure storage device accesses the actual RPMB partition according to the actual RPMB partition access request; the actual RPMB partition access request comprises an operation address of the actual RPMB partition;
when the virtual RPMB partition access request is a virtual RPMB partition read request, the access operation address of the actual RPMB partition is the read operation address of the actual RPMB partition, the actual RPMB partition access request is an actual RPMB partition read request, the virtual RPMB partition read request and the actual RPMB partition read request further comprise random numbers, and the random numbers are generated by the virtual machine;
the method further comprises the steps of:
receiving first feedback information sent by the secure storage device; the first feedback information comprises the random number, RPMB data to be read and a fourth digital signature, and the fourth digital signature is obtained by signing the RPMB data to be read and the random number by the secure storage device through a second key;
Verifying the first feedback information by using the second key;
if the first feedback information is verified, sending second feedback information to the virtual machine, so that the virtual machine verifies the second feedback information by using a first key; the second feedback information comprises the random number, the RPMB data to be read and a fifth digital signature, and the fifth digital signature is obtained by signing the RPMB data to be read and the random number by using the first key; the first secret keys are in one-to-one correspondence with the virtual machines.
2. The method of claim 1, wherein receiving the virtual RPMB partition access request sent by the virtual machine comprises:
receiving a virtual RPMB partition writing request sent by a virtual machine, wherein the virtual RPMB partition writing request comprises a writing operation address of a virtual RPMB partition corresponding to the virtual machine, RPMB data to be written and a first digital signature, the first digital signature is obtained by signing the RPMB data to be written by the virtual machine by using a first key, and the first key corresponds to the virtual machine one by one.
3. The method according to claim 2, wherein determining the access operation address of the actual RPMB partition of the secure storage device according to the identification of the virtual machine and the access operation address of the virtual RPMB partition corresponding to the virtual machine comprises:
Signing the RPMB data to be written by using the first key to obtain a second digital signature;
and if the second digital signature is the same as the first digital signature, determining the writing operation address of the actual RPMB partition in the secure storage equipment according to the identification of the virtual machine and the writing operation address of the virtual RPMB partition corresponding to the virtual machine.
4. The method of claim 3, wherein the sending the actual RPMB partition access request to the secure storage device to cause the secure storage device to access the actual RPMB partition according to the actual RPMB partition access request comprises:
signing the RPMB data to be written by using a second key to obtain a third digital signature; the actual RPMB partition writing request comprises the RPMB data to be written and the third digital signature;
and sending the actual RPMB partition writing request to the secure storage equipment, so that the secure storage equipment writes the RPMB data to be written into the actual RPMB partition after the third digital signature is verified by the secure storage equipment through the second key.
5. The method of claim 1, wherein said verifying said first feedback information using said second key comprises:
Signing the RPMB data to be read and the random number by using the second secret key to obtain a sixth digital signature;
and if the fourth digital signature is the same as the sixth digital signature, verifying the first feedback information.
6. The method according to any one of claims 2-5, further comprising:
and generating a first key and sending the corresponding first key to the virtual machine.
7. The method according to claim 1, wherein the determining the access operation address of the actual RPMB partition in the secure storage device according to the identification of the virtual machine and the access operation address of the virtual RPMB partition corresponding to the virtual machine includes:
multiplying the identification of the virtual machine by the storage space size of the virtual RPMB partition corresponding to the virtual machine to obtain an address offset;
and adding the address offset to the access operation address of the virtual RPMB partition corresponding to the virtual machine, and determining the sum value as the access operation address of the actual RPMB partition in the secure storage equipment.
8. An apparatus for accessing a playback-protected memory block RPMB partition, said apparatus comprising:
The first receiving unit is used for receiving a virtual RPMB partition access request sent by a virtual machine, wherein the virtual RPMB partition access request comprises an access operation address of a virtual RPMB partition corresponding to the virtual machine;
the determining unit is used for determining the access operation address of the actual RPMB partition in the secure storage equipment according to the identification of the virtual machine and the access operation address of the virtual RPMB partition corresponding to the virtual machine;
the first sending unit is used for sending an actual RPMB partition access request to the secure storage equipment so that the secure storage equipment accesses the actual RPMB partition according to the actual RPMB partition access request; the actual RPMB partition access request comprises an operation address of the actual RPMB partition;
when the virtual RPMB partition access request is a virtual RPMB partition read request, the access operation address of the actual RPMB partition is the read operation address of the actual RPMB partition, the actual RPMB partition access request is an actual RPMB partition read request, the virtual RPMB partition read request and the actual RPMB partition read request further comprise random numbers, and the random numbers are generated by the virtual machine;
The apparatus further comprises:
the second receiving unit is used for receiving the first feedback information sent by the secure storage device after the first sending unit is executed; the first feedback information comprises the random number, RPMB data to be read and a fourth digital signature, and the fourth digital signature is obtained by signing the data to be read and the random number by the secure storage device through a second key;
the verification unit is used for verifying the first feedback information by using the second key;
the second sending unit is used for sending second feedback information to the virtual machine if the first feedback information passes verification, so that the virtual machine verifies the second feedback information by using a first key; the second feedback information comprises the random number, the RPMB data to be read and a fifth digital signature, and the fifth digital signature is obtained by signing the RPMB data to be read and the random number by using the first key; the first secret keys are in one-to-one correspondence with the virtual machines.
9. A computer readable storage medium having instructions stored therein which, when executed on a terminal device, cause the terminal device to perform the method of accessing a playback-protected memory block RPMB partition as claimed in any one of claims 1-7.
10. An apparatus for accessing a playback-protected memory block RPMB partition, comprising: a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the method of accessing a replay protected memory block RPMB partition as claimed in any one of claims 1 to 7 when executing the computer program.
CN201910882681.1A 2019-09-18 2019-09-18 Method, device and related equipment for accessing RPMB partition Active CN110633055B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910882681.1A CN110633055B (en) 2019-09-18 2019-09-18 Method, device and related equipment for accessing RPMB partition

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910882681.1A CN110633055B (en) 2019-09-18 2019-09-18 Method, device and related equipment for accessing RPMB partition

Publications (2)

Publication Number Publication Date
CN110633055A CN110633055A (en) 2019-12-31
CN110633055B true CN110633055B (en) 2023-05-16

Family

ID=68971301

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910882681.1A Active CN110633055B (en) 2019-09-18 2019-09-18 Method, device and related equipment for accessing RPMB partition

Country Status (1)

Country Link
CN (1) CN110633055B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112667354B (en) * 2020-12-30 2022-05-06 上海壁仞智能科技有限公司 Computer readable storage medium, virtualized register device, and method of accessing the device
CN114257877A (en) * 2021-12-02 2022-03-29 展讯通信(上海)有限公司 Key deployment and use method and device for broadband digital video protection (HDCP)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107209681A (en) * 2015-10-21 2017-09-26 华为技术有限公司 A kind of storage device access methods, devices and systems
CN110096908A (en) * 2018-01-31 2019-08-06 爱思开海力士有限公司 The operating method of storage device and storage device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9218891B2 (en) * 2013-11-27 2015-12-22 Silicon Motion, Inc. Data storage device and flash memory control method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107209681A (en) * 2015-10-21 2017-09-26 华为技术有限公司 A kind of storage device access methods, devices and systems
CN110096908A (en) * 2018-01-31 2019-08-06 爱思开海力士有限公司 The operating method of storage device and storage device

Also Published As

Publication number Publication date
CN110633055A (en) 2019-12-31

Similar Documents

Publication Publication Date Title
US9959410B2 (en) Encryption and decryption method and apparatus in virtualization system, and system
CN102726027B (en) Secret key transmission method and device during pre-boot under full-disk encryption of virtual machine
US20180285140A1 (en) Monitoring of memory page transitions between a hypervisor and a virtual machine
CN103955528B (en) The method of writing in files data, the method for file reading data and device
US20110289294A1 (en) Information processing apparatus
CN110633055B (en) Method, device and related equipment for accessing RPMB partition
CN111723383A (en) Data storage and verification method and device
US20130166922A1 (en) Method and system for frame buffer protection
CN103403732A (en) Processing method and device for input and output opeartion
US9881142B2 (en) Method and apparatus for preventing and investigating software piracy
CN111949372B (en) Virtual machine migration method, general processor and electronic equipment
CN111967065A (en) Data protection method, processor and electronic equipment
CN108400875A (en) Authorization and authentication method, system, electronic equipment, storage medium based on key assignments
US8006009B2 (en) Methods and device for implementing multifunction peripheral devices with a single standard peripheral device driver
US8972745B2 (en) Secure data handling in a computer system
KR20060135499A (en) Method and apparatus for managing drm right object in low-processing power's storage efficiently
CN111124956B (en) Container protection method, processor, operating system and computer equipment
CN110955904B (en) Data encryption method, data decryption method, processor and computer equipment
CN106326782B (en) A kind of information processing method and electronic equipment
CN113703918B (en) Virtual trusted platform based on hardware assistance and security processing method
CN114237817A (en) Virtual machine data reading and writing method and related device
CN112363800B (en) Network card memory access method, security processor, network card and electronic equipment
CN108021801A (en) Divulgence prevention method, server and storage medium based on virtual desktop
CN111079159B (en) Encrypted communication method and system for Hypervisor multi-domain architecture
CN111400726A (en) Data processing method, device, equipment and machine readable medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant