CN110740041B - Embedded system safe starting and credibility measuring method based on credible computing module - Google Patents
Embedded system safe starting and credibility measuring method based on credible computing module Download PDFInfo
- Publication number
- CN110740041B CN110740041B CN201910984512.9A CN201910984512A CN110740041B CN 110740041 B CN110740041 B CN 110740041B CN 201910984512 A CN201910984512 A CN 201910984512A CN 110740041 B CN110740041 B CN 110740041B
- Authority
- CN
- China
- Prior art keywords
- internet
- things
- computing module
- trusted computing
- firmware
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0813—Configuration setting characterised by the conditions triggering a change of settings
- H04L41/082—Configuration setting characterised by the conditions triggering a change of settings the condition being updates or upgrades of network functionality
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Software Systems (AREA)
- Signal Processing (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention relates to the technical field of trusted operation of intelligent terminals, in particular to a method for secure startup and trusted measurement of an embedded system based on a trusted computing module; the method comprises the following steps: the trusted computing module of the internet of things writes a root certificate P0; the trusted computing module of the internet of things writes a scheme quotient identification public key P1; the intelligent terminal main control MCU writes BootLoader to finish the binding of the Internet of things trusted computing module and the intelligent terminal main control MCU; downloading firmware by an intelligent terminal main control MCU; the trusted computing module of the internet of things writes an intelligent terminal identification public key P2 and a private key r 2; and the intelligent terminal starts verification and identity authentication. Compared with the mode in the prior art, the method for safely starting the embedded system based on the trusted computing module and measuring the trusted performance has the advantages that the overall process is simpler; the trusted computing module is easy to design; the change to the original system is small; the firmware image may be updated.
Description
Technical Field
The invention relates to the technical field of trusted operation of intelligent terminals, in particular to a method for secure startup and trusted measurement of an embedded system based on a trusted computing module.
Background
The rapid development of the information technology brings unprecedented prosperity of the information industry; however, the information security is endangered, and the situation of the information security is increasingly severe. The current popular system security technologies include mandatory access control technology and encryption technology, but these technologies are all operated on the upper layer of the system, and the premise that they can implement a security mechanism is that the system itself is secure, and if the system itself enters an untrusted state due to being tampered by a malicious program or the like when being started, both an application program and the upper layer security mechanism based on the system are untrusted. Therefore, the secure boot technology of the system has gradually attracted attention, and is the core part of trusted computing. Meanwhile, the credibility measurement in the running process is also an important component of credible calculation.
Chinese patent CN201120295129.1 proposes a trusted computing system compatible with multiple trusted computing modes, which includes a firmware setting module, a firmware downloading module, a firmware storage module and a trusted computing unit, where the trusted computing unit is provided with a communication interface for communicating with the firmware downloading module and a bus; the firmware setting module is used for setting the working mode of the trusted computing unit; the firmware storage module stores a trusted computing standard firmware; the firmware downloading module is used for downloading the firmware corresponding to the working mode of the trusted computing unit set by the firmware setting module from the firmware storage module to the trusted computing unit; the trusted computing unit is used for carrying out data transmission with the bus and carrying the firmware downloaded by the firmware downloading module; the trusted computing system has better adaptability in commercial application, has great flexibility and greatly reduces the cost.
Trusted Computing Group (TCG) to increase the security and trustworthiness of computing platforms from the base, a trusted third party is defined, a Trusted Platform Module (TPM) with secure storage and encryption and decryption engines is provided, and starting from both hardware components and software, cross-platform and cross-operating environment constraints are solved, and a trusted computing environment independent of any specific computing platform is developed. This solution is very efficient for the PC side.
Because the safety research in the embedded field starts late, the safety research aiming at the embedded intelligent terminal is still incomplete, particularly the software defense measures at the system level are still to be strengthened, and the safety of the system level is just the safety foundation of the whole equipment. Some inherent features of the intelligent terminal make security defense measures and techniques on the PC difficult to implement in these devices. In response to these security threats, a set of defense system should be established in the embedded device to prevent some illegal and malicious programs from running, and to prevent these programs with attack threats from running, or at least to be able to be detected after these programs run. The main solutions on the embedded platform at present are: the read-only block device is designed to store a starting mirror image, the unchanged mirror image is read from the read-only device during starting, the mirror image of the read-only device is programmed once when the read-only device leaves a factory, the mirror image cannot be tampered during later starting, and the integrity of the starting mirror image can be verified. The two measures are that extra hardware overhead is added, the burden of equipment with strict cost control is too large, and the mirror image needing to be loaded is once programmed, so that normal system updating and mirror image updating cannot be realized. The objective defects are as follows:
(1) the security of the soft algorithm is poor, and the trust root is easy to be tampered;
(2) the TPM and TPCM flows facing the PC are too complicated for the embedded platform, and the practicability is poor;
(3) the solution of designing a read-only block device storage boot image cannot achieve normal system updates.
Therefore, in order to solve the above problems, it is urgently needed to invent a new method for secure booting and trusted measurement of an embedded system based on a trusted computing module.
Disclosure of Invention
The invention aims to: the method for safely starting the embedded system and measuring the credibility based on the credible computing module has the characteristics of simple flow, high safety and permission of updating the firmware of the embedded platform.
The invention provides the following scheme:
a method for secure boot and trust measurement of an embedded system based on a trusted computing module comprises the following steps:
the trusted computing module of the internet of things writes a root certificate P0;
the trusted computing module of the internet of things writes a scheme quotient identification public key P1;
the intelligent terminal main control MCU writes BootLoader to finish the binding of the Internet of things trusted computing module and the intelligent terminal main control MCU;
downloading firmware by an intelligent terminal main control MCU;
the trusted computing module of the internet of things writes an intelligent terminal identification public key P2 and a private key r 2;
and the intelligent terminal starts verification and identity authentication.
Preferably, the method for secure boot and trust measurement of an embedded system based on a trusted computing module further includes:
the Internet of things application management platform carries out remote measurement operation;
and performing online firmware upgrading operation.
Preferably, the step of writing the root certificate P0 in the internet-of-things trusted computing module specifically includes:
the trusted great wall trusted computing management platform randomly generates a pair of keys r0 and P0;
the trusted great wall trusted computing management platform writes the P0 into the Internet of things trusted computing module by using a trusted computing volume production tool;
the private key r0 corresponding to P0 is stored in the trusted computing management platform in the great wall of trust.
Preferably, the step of writing the scheme identifier public key P1 into the internet-of-things trusted computing module specifically includes:
the trusted great wall trusted computing management platform generates a key pair r1 and P1, and signs the P1 by r0 to obtain Sign 0;
the trusted great wall trusted computing management platform sends r1, P1 and Sign0 to the Internet of things application management platform;
the application management platform of the internet of things writes the P1 into the trusted computing module of the internet of things, and the r1 is stored by the application management platform of the internet of things.
Preferably, the BootLoader is written by the intelligent terminal main control MCU, and the step of binding the internet of things trusted computing module and the intelligent terminal main control MCU is completed, specifically:
the Internet of things application management platform calculates a hash value H0 of BootLoader and attribute information, and signs H0 by r1 to obtain Sign 1;
the Internet of things application management platform writes the BootLoader to an intelligent terminal main control MCU in a flashing manner;
the application management platform of the Internet of things sends Sign1 and H0 to the trusted computing module of the Internet of things;
the internet of things trusted computing module verifies the validity of Sign1 based on P0, and if the validity is verified, H0 and attribute information are stored in Flash.
Preferably, the step of downloading the firmware by the intelligent terminal main control MCU specifically includes:
the application management platform of the Internet of things signs the hash value of the firmware by using r1 to obtain Sign 2;
the Internet of things application management platform sends the firmware to an intelligent terminal main control MCU;
the BootLoader of the intelligent terminal main control MCU calculates a hash value of the firmware to obtain H1, and sends H1 and Sign2 to the Internet of things trusted calculation module to verify the validity of the signature; and if the signature is valid, the Internet of things trusted computing module stores H1, and BootLoader writes the firmware into Flash to complete the downloading of the firmware.
Preferably, the step of writing the intelligent terminal identification public key P2 and the private key r2 into the internet of things trusted computing module specifically includes:
the Internet of things application management platform generates a key pair r2 and a key pair P2, and a combined signature formed by r1 on r2 and P2 is used for obtaining Sign 3;
sending r2, P2 and Sign3 to an intelligent terminal main control MCU;
the intelligent terminal main control MCU utilizes the Internet of things trusted computing module to verify the validity of r2, P2 and Sign3, and if the validity is achieved, r2 and P2 are stored in the Internet of things trusted computing module.
Preferably, the intelligent terminal starts the check and identity authentication, specifically:
after the intelligent terminal is powered on, the Internet of things trusted computing module calculates the hash value of the BootLoader and compares the hash value with H0, and if the hash value is consistent and indicates that the BootLoader is complete, the BootLoader is allowed to be started;
the BootLoader calculates a hash value of the firmware, transmits the hash value to the trusted computing module, the internet of things trusted computing module is matched with H1, and returns a result to the BootLoader;
BootLoader judges whether the firmware is complete, and if the firmware is complete, the firmware is started;
after the firmware is started, requesting an Internet of things trusted computing module to generate an identity authentication signature;
the internet of things trusted computing module judges whether the integrity measurement of BootLoader and firmware is completed or not, if the integrity measurement of BootLoader and firmware is completed, an identity authentication signature Sign4 is generated by r2, and if not, an error is returned;
the firmware sends Sign4 to the Internet of things application management platform by using the communication module;
and after receiving the authentication request of the intelligent terminal, the Internet of things application management platform verifies Sign4, and if the verification is passed, identity authentication is completed.
Preferably, the step of performing remote measurement operation by the internet of things application management platform specifically includes:
the management platform initiates a remote measurement command to the terminal;
the terminal master control calculates the abstract value according to the command and sends the abstract value to the trusted calculation module for comparison;
the trusted computing module compares the digest values, if the BootLoader is required to be measured, the digest value of the BootLoader is actively computed and compared with the previously stored value, and if the comparison is successful, the result is signed;
the trusted computing module returns the result and the signature value to the main control MCU;
the master control MCU uploads the result to a management platform, and the management platform verifies the validity of the signature and checks the compliance of the metric; if the content is in compliance, the application management platform randomly generates an automatically initiated time value, and encrypts the value and the content to be measured by using P2 of the terminal to obtain EncCheckParas;
the management platform sends EncCheckParas to the terminal, and the terminal sends the EncCheckParas to the trusted computing module through the MCU;
the credible computing module decrypts EncCheckParas to obtain CheckParas and sets an active measurement plan;
and when the set active measurement time is up, the trusted module initiates active measurement and signs the measurement result.
Preferably, the step of performing an online firmware upgrade operation specifically includes:
the Internet of things application management platform signs a hash value of the new firmware by using r1 to obtain Sign 5;
the Internet of things application management platform sends the new firmware and the signature to the intelligent terminal;
the intelligent terminal main control MCU calculates a hash value of the firmware and sends the hash value and Sign5 to the Internet of things trusted calculation module;
the trusted computing module of the Internet of things checks the Sign5 by using P1, and if the check passes, the hash value of the firmware is stored; and if the verification passes, starting a firmware replacement flow and restarting the intelligent terminal main control MCU.
The invention has the following beneficial effects:
the invention discloses a method for secure startup and credibility measurement of an embedded system based on a credible computing module, which comprises the following steps: the trusted computing module of the internet of things writes a root certificate P0; the trusted computing module of the internet of things writes a scheme quotient identification public key P1; the intelligent terminal main control MCU writes BootLoader to finish the binding of the Internet of things trusted computing module and the intelligent terminal main control MCU; downloading firmware by an intelligent terminal main control MCU; the trusted computing module of the internet of things writes an intelligent terminal identification public key P2 and a private key r 2; the intelligent terminal starts verification and identity authentication; compared with the prior art, the whole process is simpler; the trusted computing module is easy to design; the change to the original system is small; the firmware image may be updated.
Drawings
FIG. 1 is a block diagram of a process flow of the secure booting and trust measurement method of an embedded system based on a trusted computing module according to the present invention.
Detailed Description
The technical solutions of the present invention will be described clearly and completely with reference to the accompanying drawings, and it should be understood that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the description of the present invention, it should be noted that the terms "center", "upper", "lower", "left", "right", "vertical", "horizontal", "inner", "outer", etc., indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, and are only for convenience of description and simplicity of description, but do not indicate or imply that the device or element being referred to must have a particular orientation, be constructed and operated in a particular orientation, and thus, should not be construed as limiting the present invention. Furthermore, the terms "first," "second," and "third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
Referring to fig. 1, a method for secure booting and trusted measurement of an embedded system based on a trusted computing module includes the following steps:
the trusted computing module of the internet of things writes a root certificate P0;
the trusted computing module of the internet of things writes a scheme quotient identification public key P1;
the intelligent terminal main control MCU writes BootLoader to finish the binding of the Internet of things trusted computing module and the intelligent terminal main control MCU;
downloading firmware by an intelligent terminal main control MCU;
the trusted computing module of the internet of things writes an intelligent terminal identification public key P2 and a private key r 2;
and the intelligent terminal starts verification and identity authentication.
The method for secure boot and trust measurement of the embedded system based on the trusted computing module further comprises the following steps:
the Internet of things application management platform carries out remote measurement operation;
and performing online firmware upgrading operation.
The method comprises the following steps that the internet-of-things trusted computing module writes a root certificate P0, specifically:
the trusted great wall trusted computing management platform randomly generates a pair of keys r0 and P0;
the trusted great wall trusted computing management platform writes the P0 into the Internet of things trusted computing module by using a trusted computing volume production tool;
the private key r0 corresponding to P0 is stored in the trusted computing management platform in the great wall of trust.
The method for writing the scheme mark identification public key P1 into the Internet of things trusted computing module specifically comprises the following steps:
the trusted great wall trusted computing management platform generates a key pair r1 and P1, and signs the P1 by r0 to obtain Sign 0;
the trusted great wall trusted computing management platform sends r1, P1 and Sign0 to the Internet of things application management platform;
the application management platform of the internet of things writes the P1 into the trusted computing module of the internet of things, and the r1 is stored by the application management platform of the internet of things.
The method comprises the following steps of flashing BootLoader by the intelligent terminal main control MCU, and completing the binding of the Internet of things trusted computing module and the intelligent terminal main control MCU, wherein the steps specifically comprise:
the Internet of things application management platform calculates a hash value H0 of BootLoader and attribute information, and signs H0 by r1 to obtain Sign 1;
the Internet of things application management platform writes the BootLoader to an intelligent terminal main control MCU in a flashing manner;
the application management platform of the Internet of things sends Sign1 and H0 to the trusted computing module of the Internet of things;
the internet of things trusted computing module verifies the validity of Sign1 based on P0, and if the validity is verified, H0 and attribute information are stored in Flash.
The method comprises the following steps of downloading firmware by the intelligent terminal main control MCU:
the application management platform of the Internet of things signs the hash value of the firmware by using r1 to obtain Sign 2;
the Internet of things application management platform sends the firmware to an intelligent terminal main control MCU;
the BootLoader of the intelligent terminal main control MCU calculates a hash value of the firmware to obtain H1, and sends H1 and Sign2 to the Internet of things trusted calculation module to verify the validity of the signature; and if the signature is valid, the Internet of things trusted computing module stores H1, and BootLoader writes the firmware into Flash to complete the downloading of the firmware.
The method comprises the following steps that an internet of things trusted computing module writes an intelligent terminal identification public key P2 and a private key r2, and specifically comprises the following steps:
the Internet of things application management platform generates a key pair r2 and a key pair P2, and a combined signature formed by r1 on r2 and P2 is used for obtaining Sign 3;
sending r2, P2 and Sign3 to an intelligent terminal main control MCU;
the intelligent terminal main control MCU utilizes the Internet of things trusted computing module to verify the validity of r2, P2 and Sign3, and if the validity is achieved, r2 and P2 are stored in the Internet of things trusted computing module.
The method comprises the steps that the intelligent terminal starts verification and identity authentication, and specifically comprises the following steps:
after the intelligent terminal is powered on, the Internet of things trusted computing module calculates the hash value of the BootLoader and compares the hash value with H0, and if the hash value is consistent and indicates that the BootLoader is complete, the BootLoader is allowed to be started;
the BootLoader calculates a hash value of the firmware, transmits the hash value to the trusted computing module, the internet of things trusted computing module is matched with H1, and returns a result to the BootLoader;
BootLoader judges whether the firmware is complete, and if the firmware is complete, the firmware is started;
after the firmware is started, requesting an Internet of things trusted computing module to generate an identity authentication signature;
the internet of things trusted computing module judges whether the integrity measurement of BootLoader and firmware is completed or not, if the integrity measurement of BootLoader and firmware is completed, an identity authentication signature Sign4 is generated by r2, and if not, an error is returned;
the firmware sends Sign4 to the Internet of things application management platform by using the communication module;
and after receiving the authentication request of the intelligent terminal, the Internet of things application management platform verifies Sign4, and if the verification is passed, identity authentication is completed.
The method comprises the steps of carrying out remote measurement operation on an Internet of things application management platform, and specifically comprises the following steps:
the management platform initiates a remote measurement command to the terminal;
the terminal master control calculates the abstract value according to the command and sends the abstract value to the trusted calculation module for comparison;
the trusted computing module compares the digest values, if the BootLoader is required to be measured, the digest value of the BootLoader is actively computed and compared with the previously stored value, and if the comparison is successful, the result is signed;
the trusted computing module returns the result and the signature value to the main control MCU;
the master control MCU uploads the result to a management platform, and the management platform verifies the validity of the signature and checks the compliance of the metric; if the content is in compliance, the application management platform randomly generates an automatically initiated time value, and encrypts the value and the content to be measured by using P2 of the terminal to obtain EncCheckParas;
the management platform sends EncCheckParas to the terminal, and the terminal sends the EncCheckParas to the trusted computing module through the MCU;
the credible computing module decrypts EncCheckParas to obtain CheckParas and sets an active measurement plan;
and when the set active measurement time is up, the trusted module initiates active measurement and signs the measurement result.
The method comprises the following steps of performing online firmware upgrading operation:
the Internet of things application management platform signs a hash value of the new firmware by using r1 to obtain Sign 5;
the Internet of things application management platform sends the new firmware and the signature to the intelligent terminal;
the intelligent terminal main control MCU calculates a hash value of the firmware and sends the hash value and Sign5 to the Internet of things trusted calculation module;
the trusted computing module of the Internet of things checks the Sign5 by using P1, and if the check passes, the hash value of the firmware is stored; and if the verification passes, starting a firmware replacement flow and restarting the intelligent terminal main control MCU.
The method for secure boot and trusted measurement of the embedded system based on the trusted computing module in the embodiment comprises the following steps: the trusted computing module of the internet of things writes a root certificate P0; the trusted computing module of the internet of things writes a scheme quotient identification public key P1; the intelligent terminal main control MCU writes BootLoader to finish the binding of the Internet of things trusted computing module and the intelligent terminal main control MCU; downloading firmware by an intelligent terminal main control MCU; the trusted computing module of the internet of things writes an intelligent terminal identification public key P2 and a private key r 2; the intelligent terminal starts verification and identity authentication; compared with the prior art, the whole process is simpler; the trusted computing module is easy to design; the change to the original system is small; the firmware image may be updated.
In the embodiment of the method for secure boot and trusted measurement of the embedded system based on the trusted computing module, the overall architecture is composed of an intelligent terminal, an internet of things application management platform and a trusted great wall trusted computing management platform. The trusted great wall trusted computing management platform is responsible for generating a pair of public and private keys r0, P0 for issuance of a scheme quotient identity key pair r1, P1. And the Internet of things application management platform is responsible for the intelligent terminal to control the operations of the BootLoader of the MCU, such as flashing, identity authentication and the like. To achieve trusted computing purposes, the present solution needs to be based on the following conditions: the trusted computing module of the internet of things can read and write a BootLoader memory.
In this embodiment, the method for secure boot and trusted measurement of an embedded system based on a trusted computing module includes the following main processes:
1. root certificate P0 written in trusted computing module of internet of things
(1) The trusted great wall trusted computing management platform randomly generates a pair of keys r0 and P0;
(2) the trusted computing management platform of the great wall writes the P0 into the trusted computing module of the Internet of things by using a trusted computing volume production tool.
The private key r0 corresponding to P0 is stored in the trusted computing management platform in the great wall of trust.
2. Internet of things trusted computing module writing scheme identification public key P1
P1 is the public key corresponding to the identity of the scheme merchant, and the corresponding private key is r 1.
(1) The trusted great wall trusted computing management platform generates a key pair r1 and P1, and signs the P1 by r0 to obtain Sign 0;
(2) the trusted great wall trusted computing management platform sends r1, P1 and Sign0 to the Internet of things application management platform;
(3) the application management platform of the internet of things writes P1 into the trusted computing module of the internet of things by using a special tool (the trusted computing module firstly verifies the validity of Sign0 and writes into P1 if the validity is valid), and r1 is saved by the application management platform of the internet of things.
3. BootLoader is rewritten to intelligent terminal master control MCU, and thing networking trusted computing module binds with intelligent terminal master control MCU
(1) The Internet of things application management platform calculates a hash value H0 of BootLoader and attribute information, and signs H0 by r1 to obtain Sign 1;
(2) the Internet of things application management platform flushes the BootLoader to an intelligent terminal main control MCU by using a volume production tool;
(3) the Internet of things application management platform sends Sign1, H0 and other attribute information to the Internet of things trusted computing module by using a volume production tool;
(4) the internet of things trusted computing module verifies the validity of Sign1 based on P0, and if the validity is verified, H0 and attribute information are stored in Flash.
4. Intelligent terminal main control MCU downloading firmware
(1) The application management platform of the Internet of things signs the hash value of the firmware by using r1 to obtain Sign 2;
(2) the Internet of things application management platform sends the firmware to the intelligent terminal main control MCU by using a downloading tool;
(3) the BootLoader of the intelligent terminal main control MCU calculates a hash value of the firmware to obtain H1, and sends H1 and Sign2 to the Internet of things trusted calculation module to verify the validity of the signature;
(4) and if the signature is valid, the Internet of things trusted computing module stores H1, and BootLoader writes the firmware into Flash to complete the downloading of the firmware.
5. The trusted computing module of the Internet of things writes an intelligent terminal identification public key P2 and a private key r2
And the public and private key pair of the intelligent terminal is used for identity authentication and data encryption of the intelligent terminal.
(1) The Internet of things application management platform generates a key pair r2 and a key pair P2, and a combined signature formed by r1 on r2 and P2 is used for obtaining Sign 3;
(2) sending r2, P2 and Sign3 to an intelligent terminal main control MCU;
(3) the intelligent terminal main control MCU utilizes the Internet of things trusted computing module to verify the validity of r2, P2 and Sign3, and if the validity is achieved, r2 and P2 are stored in the Internet of things trusted computing module.
6. Intelligent terminal starts check-up, authentication
(1) After the intelligent terminal is powered on, the Internet of things trusted computing module calculates the hash value of the BootLoader and compares the hash value with H0, and if the hash value is consistent and indicates that the BootLoader is complete, the BootLoader is allowed to be started;
(2) the BootLoader calculates a hash value of the firmware, transmits the hash value to the trusted computing module, the internet of things trusted computing module is matched with H1, and returns a result to the BootLoader;
(3) BootLoader judges whether the firmware is complete, and if the firmware is complete, the firmware is started;
(4) after the firmware is started, requesting an Internet of things trusted computing module to generate an identity authentication signature;
(5) the internet of things trusted computing module judges whether the integrity measurement of BootLoader and firmware is completed or not, if the integrity measurement of BootLoader and firmware is completed, an identity authentication signature Sign4 is generated by r2, and if not, an error is returned;
(6) the firmware sends Sign4 to the Internet of things application management platform by using the communication module;
(7) and after receiving the authentication request of the intelligent terminal, the Internet of things application management platform verifies Sign4, and if the verification is passed, identity authentication is completed.
7. Remote measurement
The remote measurement is remotely initiated and automatically initiated by the application management platform, so that the behavior of illegal application evading measurement when a terminal has a leak is effectively avoided. The basic flow is as follows:
(1) the management platform initiates a remote measurement command to the terminal;
(2) the terminal master control calculates the abstract value according to the command and sends the abstract value to the trusted calculation module for comparison;
(3) the trusted computing module compares the abstract values, if the BootLoader is required to be measured, the abstract value of the BootLoader is actively computed and compared with the previously stored value, and if the comparison is successful, the result is signed
(4) The trusted computing module returns the result and the signature value to the main control MCU;
(5) the master control MCU uploads the result to a management platform, and the management platform verifies the validity of the signature and checks the compliance of the metric;
(6) if the content is in compliance, the application management platform randomly generates an automatically initiated time value, and encrypts the value and the content to be measured by using P2 of the terminal to obtain EncCheckParas;
(7) the management platform sends EncCheckParas to the terminal, and the terminal sends the EncCheckParas to the trusted computing module through the MCU;
(8) the trusted computing module decrypts EncCheckParas to obtain CheckParas and sets an initiative measurement plan.
(9) When the set active measurement time is up, the trusted module initiates active measurement, signs the measurement result, and then flows (4) - (7) follow.
8. Firmware on-line upgrade
(1) The Internet of things application management platform signs a hash value of the new firmware by using r1 to obtain Sign 5;
(2) the Internet of things application management platform sends the new firmware and the signature to the intelligent terminal;
(3) the intelligent terminal main control MCU calculates a hash value of the firmware and sends the hash value and Sign5 to the Internet of things trusted calculation module;
(4) the trusted computing module of the Internet of things checks the Sign5 by using P1, and if the check passes, the hash value of the firmware is stored;
(5) and if the verification passes, starting a firmware replacement flow and restarting the intelligent terminal main control MCU.
The innovation points of the method for secure boot and credibility measurement of the embedded system based on the credible computing module in the embodiment are as follows: (1) the internet of things trusted computing module can be designed based on security chips such as national center CC3310 and magnificent CIU 981024;
(2) writing a root certificate P0 into the Internet of things trusted computing module;
(3) writing a scheme mark public key P1 into the Internet of things trusted computing module;
(4) the method comprises the following steps that the intelligent terminal main control MCU writes BootLoader and an Internet of things trusted computing module and the intelligent terminal main control MCU are bound;
(5) downloading firmware flow by the intelligent terminal main control MCU;
(6) the internet of things trusted computing module writes an intelligent terminal identification public key P2 and a private key r2 into the process;
(7) the intelligent terminal starts a verification and identity authentication process;
(8) and (5) remote measurement process.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.
Claims (6)
1. A method for secure boot and credibility measurement of an embedded system based on a credible computing module is characterized by comprising the following steps: the method comprises the following steps:
the trusted computing module of the internet of things writes a root certificate P0;
the trusted computing module of the internet of things writes a scheme quotient identification public key P1;
the intelligent terminal main control MCU writes BootLoader to finish the binding of the Internet of things trusted computing module and the intelligent terminal main control MCU;
downloading firmware by an intelligent terminal main control MCU; the method for downloading the firmware by the intelligent terminal main control MCU comprises the following steps:
the application management platform of the Internet of things signs the hash value of the firmware by using r1 to obtain Sign 2;
the Internet of things application management platform sends the firmware to an intelligent terminal main control MCU;
the BootLoader of the intelligent terminal main control MCU calculates a hash value of the firmware to obtain H1, and sends H1 and Sign2 to the Internet of things trusted calculation module to verify the validity of the signature; if the signature is valid, the Internet of things trusted computing module stores H1, and BootLoader writes the firmware into Flash to complete the downloading of the firmware;
the trusted computing module of the internet of things writes an intelligent terminal identification public key P2 and a private key r 2; the steps of writing the intelligent terminal identification public key P2 and the private key r2 into the internet-of-things trusted computing module are specifically as follows:
the Internet of things application management platform generates a key pair r2 and a key pair P2, and a combined signature formed by r1 on r2 and P2 is used for obtaining Sign 3;
sending r2, P2 and Sign3 to an intelligent terminal main control MCU;
the intelligent terminal main control MCU utilizes the Internet of things trusted computing module to verify the validity of r2, P2 and Sign3, and if the validity is achieved, r2 and P2 are stored in the Internet of things trusted computing module;
the intelligent terminal starts verification and identity authentication; the method comprises the steps that the intelligent terminal starts verification and identity authentication, and specifically comprises the following steps:
after the intelligent terminal is powered on, the Internet of things trusted computing module calculates the hash value of the BootLoader and compares the hash value with H0, and if the hash value is consistent and indicates that the BootLoader is complete, the BootLoader is allowed to be started;
the BootLoader calculates a hash value of the firmware, transmits the hash value to the trusted computing module, the internet of things trusted computing module is matched with H1, and returns a result to the BootLoader;
BootLoader judges whether the firmware is complete, and if the firmware is complete, the firmware is started;
after the firmware is started, requesting an Internet of things trusted computing module to generate an identity authentication signature;
the internet of things trusted computing module judges whether the integrity measurement of BootLoader and firmware is completed or not, if the integrity measurement of BootLoader and firmware is completed, an identity authentication signature Sign4 is generated by r2, and if not, an error is returned;
the firmware sends Sign4 to the Internet of things application management platform by using the communication module;
and after receiving the authentication request of the intelligent terminal, the Internet of things application management platform verifies Sign4, and if the verification is passed, identity authentication is completed.
2. The method for secure boot and trust measurement of an embedded system based on a trusted computing module according to claim 1, wherein: further comprising:
the Internet of things application management platform carries out remote measurement operation; the method comprises the steps of carrying out remote measurement operation on an Internet of things application management platform, and specifically comprises the following steps:
the management platform initiates a remote measurement command to the terminal;
the terminal master control calculates the abstract value according to the command and sends the abstract value to the trusted calculation module for comparison;
the trusted computing module compares the digest values, if the BootLoader is required to be measured, the digest value of the BootLoader is actively computed and compared with the previously stored value, and if the comparison is successful, the result is signed;
the trusted computing module returns the result and the signature value to the main control MCU;
the master control MCU uploads the result to a management platform, and the management platform verifies the validity of the signature and checks the compliance of the metric;
if the content is in compliance, the application management platform randomly generates an automatically initiated time value, and encrypts the value and the content to be measured by using P2 of the terminal to obtain EncCheckParas;
the management platform sends EncCheckParas to the terminal, and the terminal sends the EncCheckParas to the trusted computing module through the MCU;
the credible computing module decrypts EncCheckParas to obtain CheckParas and sets an active measurement plan;
when the set active measurement time is up, the trusted module initiates active measurement and signs the measurement result;
and performing online firmware upgrading operation.
3. The method for secure boot and trust measurement of an embedded system based on a trusted computing module according to claim 2, wherein: the method comprises the following steps that the internet-of-things trusted computing module writes a root certificate P0, specifically:
the trusted great wall trusted computing management platform randomly generates a pair of keys r0 and P0;
the trusted great wall trusted computing management platform writes the P0 into the Internet of things trusted computing module by using a trusted computing volume production tool;
the private key r0 corresponding to P0 is stored in the trusted computing management platform in the great wall of trust.
4. The method for secure boot and trust measurement of an embedded system based on a trusted computing module according to claim 3, wherein: the method for writing the scheme mark identification public key P1 into the Internet of things trusted computing module specifically comprises the following steps:
the trusted great wall trusted computing management platform generates a key pair r1 and P1, and signs the P1 by r0 to obtain Sign 0;
the trusted great wall trusted computing management platform sends r1, P1 and Sign0 to the Internet of things application management platform;
the application management platform of the internet of things writes the P1 into the trusted computing module of the internet of things, and the r1 is stored by the application management platform of the internet of things.
5. The method for secure boot and trust measurement of an embedded system based on a trusted computing module according to claim 4, wherein: the method comprises the following steps of flashing BootLoader by the intelligent terminal main control MCU, and completing the binding of the Internet of things trusted computing module and the intelligent terminal main control MCU, wherein the steps specifically comprise:
the Internet of things application management platform calculates a hash value H0 of BootLoader and attribute information, and signs H0 by r1 to obtain Sign 1;
the Internet of things application management platform writes the BootLoader to an intelligent terminal main control MCU in a flashing manner;
the application management platform of the Internet of things sends Sign1 and H0 to the trusted computing module of the Internet of things;
the internet of things trusted computing module verifies the validity of Sign1 based on P0, and if the validity is verified, H0 and attribute information are stored in Flash.
6. The method for secure boot and trust measurement of an embedded system based on a trusted computing module according to claim 5, wherein: the method comprises the following steps of performing online firmware upgrading operation:
the Internet of things application management platform signs a hash value of the new firmware by using r1 to obtain Sign 5;
the Internet of things application management platform sends the new firmware and the signature to the intelligent terminal;
the intelligent terminal main control MCU calculates a hash value of the firmware and sends the hash value and Sign5 to the Internet of things trusted calculation module;
the trusted computing module of the Internet of things checks the Sign5 by using P1, and if the check passes, the hash value of the firmware is stored; and if the verification passes, starting a firmware replacement flow and restarting the intelligent terminal main control MCU.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910984512.9A CN110740041B (en) | 2019-10-16 | 2019-10-16 | Embedded system safe starting and credibility measuring method based on credible computing module |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910984512.9A CN110740041B (en) | 2019-10-16 | 2019-10-16 | Embedded system safe starting and credibility measuring method based on credible computing module |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110740041A CN110740041A (en) | 2020-01-31 |
| CN110740041B true CN110740041B (en) | 2022-04-15 |
Family
ID=69269033
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910984512.9A Active CN110740041B (en) | 2019-10-16 | 2019-10-16 | Embedded system safe starting and credibility measuring method based on credible computing module |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110740041B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112613030A (en) * | 2020-12-15 | 2021-04-06 | 深圳市燃气集团股份有限公司 | Credible safe starting method and system based on Internet of things gas meter |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102693385A (en) * | 2012-05-28 | 2012-09-26 | 山东神思电子技术股份有限公司 | Embedded terminal based on SD (secure digital) trusted computing module and implementation method thereof |
| CN103530548A (en) * | 2013-10-22 | 2014-01-22 | 山东神思电子技术股份有限公司 | Embedded terminal dependable starting method based on mobile dependable computing module |
| CN104156659A (en) * | 2014-08-14 | 2014-11-19 | 电子科技大学 | Embedded system secure start method |
| CN110324355A (en) * | 2019-07-15 | 2019-10-11 | 山西百信信息技术有限公司 | A kind of internet-of-things terminal method for security protection based on trust computing |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104158791A (en) * | 2013-05-14 | 2014-11-19 | 北大方正集团有限公司 | Safe communication authentication method and system in distributed environment |
-
2019
- 2019-10-16 CN CN201910984512.9A patent/CN110740041B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102693385A (en) * | 2012-05-28 | 2012-09-26 | 山东神思电子技术股份有限公司 | Embedded terminal based on SD (secure digital) trusted computing module and implementation method thereof |
| CN103530548A (en) * | 2013-10-22 | 2014-01-22 | 山东神思电子技术股份有限公司 | Embedded terminal dependable starting method based on mobile dependable computing module |
| CN104156659A (en) * | 2014-08-14 | 2014-11-19 | 电子科技大学 | Embedded system secure start method |
| CN110324355A (en) * | 2019-07-15 | 2019-10-11 | 山西百信信息技术有限公司 | A kind of internet-of-things terminal method for security protection based on trust computing |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110740041A (en) | 2020-01-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108399339B (en) | Trusted starting method based on security chip | |
| TWI667586B (en) | System and method for verifying changes to uefi authenticated variables | |
| TWI674533B (en) | Apparatus of authorizing an operation to be performed on a targeted computing device | |
| US9229706B2 (en) | Method and apparatus for field firmware updates in data storage systems | |
| JP5079803B2 (en) | System and method for authenticating a game device | |
| KR101867789B1 (en) | Secure battery authentication | |
| US11803366B2 (en) | Firmware updating system and method | |
| US20110246778A1 (en) | Providing security mechanisms for virtual machine images | |
| US20060136708A1 (en) | Information processing system, program product, and information processing method | |
| CN110795126A (en) | Firmware safety upgrading system | |
| CN102833745B (en) | Method, communication equipment and communication system that a kind of software security is upgraded | |
| CN110730079B (en) | System for safe starting and trusted measurement of embedded system based on trusted computing module | |
| WO2022083046A1 (en) | Smart electricity meter checking method and apparatus, smart electricity meter, and computer storage medium | |
| CN116070217A (en) | Safe starting system and method for chip module | |
| CN112148314A (en) | Mirror image verification method, device, equipment and storage medium of embedded system | |
| CN111147259B (en) | Authentication method and device | |
| TW201602835A (en) | Allowing use of a test key for a BIOS installation | |
| CN115329321A (en) | Firmware starting method, chip and computing device | |
| CN110740041B (en) | Embedded system safe starting and credibility measuring method based on credible computing module | |
| CN110532777B (en) | Secure start system and method, terminal equipment and core system thereof | |
| CN106412121A (en) | System security upgrade method applied to intelligent refrigerators | |
| CN112417422A (en) | Security chip upgrading method and computer readable storage medium | |
| CN111400771A (en) | Target partition checking method and device, storage medium and computer equipment | |
| CN115618360A (en) | Server tamper-proof safe starting method and device | |
| CN114764347A (en) | Program verification system and method of multi-core controller and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: A1501, 15 / F, No. 22, Zhongguancun Street, Haidian District, Beijing 100089 Patentee after: Beijing xinchangcheng Technology Development Co.,Ltd. Address before: 100080 room 1505, 15 / F, block B, 3 Haidian Street, Haidian District, Beijing Patentee before: BEIJING RENXINZHENG TECHNOLOGY CO.,LTD. |
|
| CP03 | Change of name, title or address |