CN110795126A - Firmware safety upgrading system - Google Patents
Firmware safety upgrading system Download PDFInfo
- Publication number
- CN110795126A CN110795126A CN201911026068.6A CN201911026068A CN110795126A CN 110795126 A CN110795126 A CN 110795126A CN 201911026068 A CN201911026068 A CN 201911026068A CN 110795126 A CN110795126 A CN 110795126A
- Authority
- CN
- China
- Prior art keywords
- key
- firmware
- signature
- updated
- hash value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000012795 verification Methods 0.000 claims abstract description 54
- 230000015654 memory Effects 0.000 claims description 11
- 230000006870 function Effects 0.000 claims description 6
- 238000004806 packaging method and process Methods 0.000 claims description 6
- 230000001172 regenerating effect Effects 0.000 claims description 4
- 230000000977 initiatory effect Effects 0.000 claims description 2
- 238000007726 management method Methods 0.000 description 43
- 238000000034 method Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Abstract
The invention discloses a firmware safety upgrading system, comprising: the electronic equipment with signature verification function adopts a key management system for managing a master key and a signature key; the key management system comprises an automatic signature service platform and a signature service platform, wherein the automatic signature service platform is used for generating signed firmware according to original firmware and product basic information of the electronic equipment; when the signature key is overdue or the private key of the signature key is leaked, revoking the overdue or leaked signature key to generate a new signature key; the electronic equipment comprises an OTP (one time programmable) and a signature verification module, wherein the OTP and the signature verification module are used for storing a hash value of a public key of the signature key; the signature verification module is used for performing signature verification on the firmware to be updated before the firmware of the electronic equipment is upgraded, and triggering firmware upgrading operation after the firmware to be updated passes the signature verification. The system provided by the invention ensures the safe upgrade of the firmware, reduces the hardware cost for storing the public key, and can replace the secret key when the secret key is leaked.
Description
Technical Field
The invention relates to the technical field of trusted computing, in particular to a firmware security upgrading system.
Background
In a computing and communication system, terminal devices are usually servers and memories, and the security of the terminal devices can be effectively improved only by comprehensively taking security measures from firmware such as chips, mainboards and the like and bottom layer software. The trusted computing technology is formally widely researched for solving the problem, and the basic idea is that a trust root is constructed in a system based on a hardware security module, and the credibility of the trust root is jointly ensured by physical security, technical security and management security; and establishing a trust chain from the trust root to the software and hardware platform, to the operating system and to the application, authenticating the first-level measurement and the first-level trust, and extending the trust to the whole computer system so as to ensure the trust of the whole computer system. And (3) carrying out integrity protection on hardware, firmware software, virtualization software, operating system software and application software of the embedded terminal, the storage device and the server, and discovering falsified attacks or exceptions. And on the premise of determining that the end computing environment is not tampered, carrying out software upgrading, installation, running and the like.
One popular scheme in the prior art is to protect software or firmware by encrypting the software or firmware to prevent tampering. And encrypting the software or the firmware and then releasing the encrypted software or firmware. The corresponding decryption algorithm is contained in the firmware. And the electronic equipment downloads the firmware from the server after receiving the upgrading instruction, and decrypts the downloaded firmware by using the firmware on the electronic equipment to obtain the original firmware to complete upgrading. According to the scheme, if the key is leaked, the firmware is tampered and the key cannot be replaced.
The other scheme is to adopt a digital signature technology to sign and verify the firmware, verify the integrity and prevent the firmware from being tampered. And the electronic equipment manufacturer generates a pair of public and private keys, signs the original firmware package by the private key and then releases the signed original firmware package. And the electronic equipment downloads the firmware from the server after receiving the upgrading instruction and verifies the firmware by using a public key on the electronic equipment. The upgrade flow can only be started after the signature verification is passed. Although this scheme does not encrypt the firmware, the design using a one-level key structure results in that the public key cannot be replaced as well. In addition, since the public key is generally 1024 or 2048 bytes in length, the hardware required for storage is costly.
In summary, it can be seen that how to ensure the secure upgrade of the firmware, reduce the hardware cost for storing the public key, and avoid the risk that the secret key cannot be replaced when the secret key is leaked is a problem to be solved at present.
Disclosure of Invention
The invention aims to provide a firmware safety upgrading system to solve the problems that in the prior art, the risk of tampering exists during firmware upgrading, the risk that a secret key cannot be replaced exists during secret key leakage, and the hardware cost for storing a public key is too high.
In order to solve the above technical problem, the present invention provides a firmware security upgrade system, including: the electronic equipment with signature verification function adopts a key management system for secret management of a master key and a signature key; the key management system comprises an automatic signature service platform and a signature key generation module, wherein the automatic signature service platform is used for generating firmware signed by the signature key according to original firmware and product basic information of the electronic equipment; when the signature key is expired or the private key of the signature key is leaked, revoking the expired or leaked signature key and generating a new signature key for firmware signature; the electronic equipment comprises a one-time editable memory and a signature verification module; the one-time editable memory is used for storing a hash value of a public key of the master key; the signature verification module is used for performing signature verification on the firmware to be updated before the firmware of the electronic equipment is upgraded, and triggering firmware upgrading operation after the firmware to be updated passes the signature verification.
Preferably, the key management system includes:
the signature key management module is used for generating and storing a corresponding private key of the signature key and a corresponding public key of the signature key according to the model of the electronic equipment;
the master key management module is used for generating and storing a private key of the master key and a public key of the master key;
a key storage for storing keys required by the master key;
and the key storage database is used for storing the certificate revocation list, the certificate in the validity period and the private key.
Preferably, the automated signature service platform comprises:
the acquisition unit is used for acquiring original firmware, product model, type information and version information of the electronic equipment;
the firmware generating unit is used for generating a firmware header according to the original firmware, the product model, the type information and the version information;
a hash value generating unit, configured to perform a hash operation on the firmware header and the original firmware to generate a hash value;
the signature unit is used for signing a hash value obtained after hash operation is carried out on the firmware header and the original firmware by using a private key of a signature key in the signature key management module to obtain a signature value;
the certificate providing unit is used for providing a signature certificate, and the signature certificate is signed and issued by a private key of a master key stored in the master key management module;
and the packaging unit is used for packaging the public key of the main secret key, the signature certificate, the firmware header and the original firmware to produce a hash value obtained after hash operation, the original firmware and the firmware header and then generating the firmware signed by the signature secret key.
Preferably, the automated signature service platform comprises:
the searching unit is used for searching whether the original signing key exists in the local database information or not when a request for updating the signing key is received;
an adding unit, configured to add the original signature key to the certificate revocation list if the original signature key exists in the local database information;
the generating unit is used for carrying out hash operation on the firmware head and the original firmware to generate a hash value and regenerating an updated signature key;
the signature unit is used for signing a hash value obtained by performing hash operation on the firmware header and the original firmware by using a private key of the updated signature key to obtain an updated signature value;
and the certificate issuing unit is used for verifying and issuing the public key of the updated signature key by using the private key of one master key stored in the master key management module.
Preferably, the signature verification module includes:
the reading unit is used for reading a public key of a master key in the firmware to be updated when a firmware upgrading request is received, and performing hash operation to obtain a first hash value;
the first verification unit is used for comparing the first hash value with a hash value of the public key of the master key stored in the one-time editable memory and verifying whether the public key of the master key in the firmware to be updated is tampered according to a comparison result;
the first judging unit is used for judging that the public key of the main key in the firmware to be updated is credible when the first hash value is consistent with the hash value of the public key of the main key;
the second verification unit is used for verifying the certificate in the firmware to be updated through the public key of the master key in the firmware to be updated;
the second judging unit is used for judging that the public key of the signature key in the firmware to be updated is credible when the certificate in the firmware to be updated is verified;
the decryption unit is used for decrypting the signature in the firmware to be updated through the public key of the signature key in the firmware to be updated to obtain a second hash value;
the third verification unit is used for comparing the second hash value with a hash value obtained after the hash operation is carried out on the firmware head and the original firmware;
and the third judging unit is used for judging that the firmware to be updated is credible and initiating firmware upgrading operation when the second hash value is consistent with the hash value obtained after the hash operation is carried out on the firmware head and the original firmware.
Preferably, the first authentication module is followed by:
and the deleting module is used for judging that the public key of the main key color in the firmware to be updated is falsified when the comparison between the first hash value and the hash value of the public key of the main key is inconsistent, rejecting the firmware upgrading request and deleting the public key and the sensitive data stored in the flash area.
Preferably, the signing key management module employs a public-private key pair for generating the signing key by an asymmetric cryptographic algorithm.
Preferably, the master key management module generates a public-private key pair of the master key by using RSA2048 algorithm.
Preferably, the electronic device is any one of a server, a storage device, a switch, or a router.
The firmware safety upgrading system provided by the invention comprises electronic equipment with a signature verification function and a key management system adopting secondary key management. The key management system generates a master key and a signature key by adopting a secondary key management method. The key management system comprises an automatic signature service platform and is used for generating the firmware signed by the signature key according to the original firmware and the product basic information of the electronic equipment. When the signing key is expired or the private key of the signing key is leaked, the automatic signing service platform can perform revoking operation of the expired or leaked signing key and generate a new signing key for firmware signing. The electronic device comprises a one-time editable memory and a signature verification module. Because the length of the public key is generally 1024 or 2048 bits, the hash operation is carried out on the public key, and the obtained hash value length is only 160 bits or 256 bits. Therefore, the invention stores the hash value of the public key of the main key in the one-time editable memory, and solves the problem of overhigh hardware cost of storing the key in the prior art. The signature verification module is used for performing signature verification on the firmware to be updated before the firmware of the electronic equipment is upgraded, and triggering firmware upgrading operation after the firmware to be updated passes the signature verification. In the invention, the signature verification module is utilized to effectively solve the problem of potential safety hazard during firmware upgrading.
Drawings
In order to more clearly illustrate the embodiments or technical solutions of the present invention, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained based on these drawings without creative efforts.
Fig. 1 is a first structural block diagram of a firmware security upgrade system according to an embodiment of the present invention;
fig. 2 is a second structural block diagram of a firmware security upgrade system according to an embodiment of the present invention.
Detailed Description
The core of the invention is to provide a firmware safety upgrading system, which ensures the safety upgrading of the firmware, reduces the hardware cost for storing the public key and can replace the secret key when the secret key is leaked.
In order that those skilled in the art will better understand the disclosure, the invention will be described in further detail with reference to the accompanying drawings and specific embodiments. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, fig. 1 is a first structural block diagram of a firmware security upgrade system according to an embodiment of the present invention. The firmware security upgrading system provided by the embodiment comprises: an electronic device 10 having a signature verification function uses a key management system 11 for managing a master key and a signature key.
It should be noted that, in this embodiment, a user may use all functions of the firmware security upgrade system only after logging in the firmware security upgrade system through authentication of the firmware security upgrade system.
The key management system 11 includes an automated signing service platform ((KMS service) 110) configured to generate a firmware signed by a signing key according to original firmware and product basic information of the electronic device, perform revoking operation on the expired or leaked signing key when the signing key is expired or a private key of the signing key is leaked, and generate a new signing key for firmware signing.
The electronic device 10 includes a One Time Programmable (OTP) 100 and a signature verification module 101. The one-time editable memory 100 is used to store a hash value of the public key of the master key. The signature verification module 101 is configured to perform signature verification on the firmware to be updated before the firmware of the electronic device 10 is upgraded, and trigger a firmware upgrade operation after the firmware to be updated passes the signature verification.
In this embodiment, the electronic device 10 with signature verification function may be a server, a storage device, a switch, a router, or other embedded devices. In a trusted environment before the electronic equipment leaves a factory, burning a hash value of a public key of a master key into a one-time programmable OTP region; and before the firmware is upgraded, reading a hash value of a public key from the one-time programmable OTP region, and verifying whether the public key of the master key in the firmware to be updated is tampered.
The signed firmware generated by the automatic signature service platform is issued to a factory official website by a configuration manager, and can also be sent to an owner of the electronic equipment by a maintainer of the electronic equipment.
The electronic equipment downloads the firmware to be updated to the local from the remote management server in the local area network after receiving the upgrading instruction, and signature verification is carried out before writing the firmware to be updated to the local flash. In addition, the electronic device can receive the firmware to be updated by a offline method, such as directly inserting a USB disk or an optical disk. Regardless of how the firmware to be updated is obtained, the firmware to be updated can be written into the flash area only after the signature verification is passed.
Because the key management system in this embodiment adopts a management form of a secondary key, the public key of the signature key is not stored in the electronic device, and if risks such as expiration of the signature key, disclosure of the private key and the like occur, a manufacturer can replace the signature key by using an automatic signature service platform. In the prior art, the public key of the signature key is usually stored in the OTP area, and the length is generally 1024 or 2048 bits, which requires a large OPT storage capacity. However, the electronic device provided in this embodiment stores the hash value of the public key of the master key into the OTP area, and the length is generally 160 bits or 256 bits, which saves a large amount of storage capacity.
Referring to fig. 2, fig. 2 is a block diagram illustrating a second structure of a firmware security upgrade system according to an embodiment of the present invention.
Based on the above embodiments, in this embodiment, the key management system includes an automated signature service platform, a signature key management module, a master key management module, a key storage, and a key storage database.
The signature key management module is used for generating and storing a corresponding private key of the signature key and a corresponding public key of the signature key according to the model of the electronic equipment.
The signature key management module is a hardware security module, and can generate and store one or more private keys corresponding to the signature key according to the product model or type. The signing key management module may be a stand-alone external physical device providing tamper-resistant and cryptographic services, such as a device with a TPM. In the key management system, only an automatic signature service platform can authorize to access the signature key management module through an internal local area network in an encryption transmission mode.
The master key management module is used for generating and storing a private key of the master key and a public key of the master key. For security reasons, the master key management module is an offline component.
The master key management module and the signature key management module respectively adopt an asymmetric encryption algorithm, such as RSA2048, to generate a pair of public and private keys. Performing firmware signature by using a private key of the signature key; and protecting the public key of the signature key from being tampered by adopting the public key of the master key. The public key has a length of 2048 bits. The public key of the master key is subjected to hash operation, such as SHA256 algorithm, to obtain a character string with length of only 256 bits, namely a hash value. The value is burned into the OPT, and the occupied storage space is obviously reduced.
The key stores the key required for storing the master key. The key required for creating the master key is specially responsible for inputting by a plurality of people, and is respectively stored in the key for storage, encryption and storage.
The key storage database is used for storing a certificate revocation list, a certificate in a validity period and a private key.
The key storage database at least provides protection measures for preventing data from being leaked and tampered in modes of encryption, access control and the like of the stored data.
In this embodiment, the automated signature service platform includes:
the acquisition unit is used for acquiring original firmware, product model, type information and version information of the electronic equipment;
the firmware generating unit is used for generating a firmware header according to the original firmware, the product model, the type information and the version information;
a hash value generating unit, configured to perform a hash operation on the firmware header and the original firmware to generate a hash value;
the signature unit is used for signing a hash value obtained after hash operation is carried out on the firmware header and the original firmware by using a private key of a signature key in the signature key management module to obtain a signature value;
the certificate providing unit is used for providing a signature certificate, and the signature certificate is signed and issued by a private key of a master key stored in the master key management module;
and the packaging unit is used for packaging the public key of the main secret key, the signature certificate, the firmware header and the original firmware to produce a hash value obtained after hash operation, the original firmware and the firmware header and then generating the firmware signed by the signature secret key.
And the authorized user accesses the automatic signature service platform after passing the authentication in a safe access mode, submits information of the original firmware, the product model, the type, the version and the like of the electronic equipment, and applies for generating the signed firmware. The login authentication mode of the automatic signature service platform at least adopts a two-factor authentication mechanism, such as a user name and password and certificate mode, a user name and password mode and a mobile phone token mode. And the authorized user can only access through an internal local area network or a dedicated network.
The automatic signature service platform firstly generates a firmware header according to information such as original firmware, product model, type and version of the electronic equipment, and then performs hash operation on the firmware header and the firmware together to generate a hash value. And then, signing the generated hash value by using a private key of a signature key stored in the signature key management module to obtain a signature value. Meanwhile, the automatic signature service platform also provides a signature certificate, and the signature certificate is signed and issued by a private key of a master key stored in the master key management module to a public key of the signature key.
When the signing key is expired or the private key of the signing key is leaked, the automatic signing service platform comprises:
the searching unit is used for searching whether the original signing key exists in the local database information or not when a request for updating the signing key is received;
an adding unit, configured to add the original signature key to the certificate revocation list if the original signature key exists in the local database information;
the generating unit is used for carrying out hash operation on the firmware head and the original firmware to generate a hash value and regenerating an updated signature key;
the signature unit is used for signing a hash value obtained by performing hash operation on the firmware header and the original firmware by using a private key of the updated signature key to obtain an updated signature value;
and the certificate issuing unit is used for verifying and issuing the public key of the updated signature key by using the private key of one master key stored in the master key management module.
And when the signing key is leaked and new signing firmware needs to be reissued, an authorized user logs in the automatic signing service platform and submits an application. The automated signature service platform searches for local database information and checks whether an old signature key exists. If the old signing key exists, then this key is posted to the revocation list. And carrying out hash operation on the firmware head and the firmware together to generate a hash value, and regenerating a new signature key. And signing the hash value by a private key of the new signature key to obtain a signature value. And issuing a certificate of the public key of the new signature key by the private key of one master key stored in the master key management module.
Based on the foregoing embodiment, in this embodiment, the signature verification module includes: the device comprises a reading unit, a first verification unit, a first judgment unit, a second verification unit, a second judgment unit, a decryption unit, a third verification unit and a third judgment unit.
The reading unit is used for reading a public key of a master key in the firmware to be updated when a firmware upgrading request is received, and performing hash operation to obtain a first hash value;
the first verification unit is configured to compare the first hash value with a hash value of the public key of the master key stored in the one-time editable memory, and verify whether the public key of the master key in the firmware to be updated is tampered according to a comparison result.
In this embodiment, after the first verification module, the method may further include: and the deleting module is used for judging that the public key of the main key color in the firmware to be updated is tampered when the comparison of the first hash value and the hash value of the public key of the signature key is inconsistent, rejecting the firmware upgrading request and deleting the public key and the sensitive data stored in the flash area.
And the first judging unit is used for judging that the public key of the main key in the firmware to be updated is credible when the first hash value is consistent with the hash value of the public key of the main key.
The second verification unit is used for verifying the certificate in the firmware to be updated through the public key of the master key in the firmware to be updated.
And the second judging unit is used for judging that the public key of the signature key in the firmware to be updated is credible when the certificate in the firmware to be updated is verified.
And the decryption unit is used for decrypting the signature in the firmware to be updated through the public key of the signature key in the firmware to be updated to obtain a second hash value.
And the third verification unit is used for comparing the second hash value with a hash value obtained after the hash operation is carried out on the firmware head and the original firmware.
And the third judging unit judges that the firmware to be updated is credible and initiates firmware upgrading operation when the second hash value is consistent with the hash value obtained after the hash operation is carried out on the firmware head and the original firmware.
In this embodiment, the signature verification module is configured to perform a hash operation by reading a public key of a master key from the firmware to be updated, and then obtain a first hash value. And comparing the first hash value with the hash value of the public key of the master key in the OTP region, and verifying whether the public key of the master key in the firmware to be updated is tampered. And if the first hash value is consistent with the hash value comparison of the public key of the main key, judging that the public key of the main key in the firmware to be updated is credible. When the firmware is updated, the signature verification module is further used for verifying the certificate in the firmware to be updated through the public key of the master key in the firmware to be updated. If the verification is passed, the public key of the obtained signature key is authentic. Meanwhile, the signature verification module is also used for verifying the signature in the firmware to be updated through the public key of the signature key. Namely, the public key of the signature key decrypts the signature in the firmware to be updated to obtain the second hash value. And the signature verification module compares a hash value obtained after hash operation is carried out on the firmware head and the original firmware with the second hash value. If the comparison is consistent, the firmware to be updated is considered to be authentic, and the firmware upgrading process can be initiated. If the comparison is inconsistent, the tampering is detected, the security upgrading fails, and the public key and the sensitive data stored in the flash are deleted. In this embodiment, the public key of the master key is a root of trust of the electronic device.
In summary, the embodiment of the present invention provides a firmware security upgrading system. And the key management system in the firmware security upgrading system adopts a management scheme of a secondary key to generate a master key and a signature key. The firmware signed by the signature key is generated by using an automatic signature service platform, and comprises a firmware header designed for preventing information errors of manufacturers, models, versions and the like, original firmware, a signature, a certificate issued by a master key to the signature key and a public key of the master key. In the trusted environment, burning the hash value of the public key of the master key to an OTP region for storage. An electronic device having firmware signed with a signing key is received and the electronic device verifies a public key of a master key and verifies a signature of the signing key. And the electronic equipment refuses or starts the upgrading activity of the firmware based on the verification result. The embodiment of the invention ensures that the public key hash value and the firmware program cannot be tampered by combining the OTP and the key management system as the trusted core root of the trusted computing platform, and can ensure that the firmware of the whole system is authenticated and completely trusted after a series of authentication and trust transmission.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
The firmware security upgrading system provided by the invention is described in detail above. The principles and embodiments of the present invention are explained herein using specific examples, which are presented only to assist in understanding the method and its core concepts. It should be noted that, for those skilled in the art, it is possible to make various improvements and modifications to the present invention without departing from the principle of the present invention, and those improvements and modifications also fall within the scope of the claims of the present invention.
Claims (10)
1. A firmware security upgrade system, comprising:
the electronic equipment with signature verification function adopts a key management system for secret management of a master key and a signature key;
the key management system comprises an automatic signature service platform and a signature key generation module, wherein the automatic signature service platform is used for generating firmware signed by the signature key according to original firmware and product basic information of the electronic equipment; when the signature key is expired or the private key of the signature key is leaked, revoking the expired or leaked signature key and generating a new signature key for firmware signature;
the electronic equipment comprises a one-time editable memory and a signature verification module;
the one-time editable memory is used for storing a hash value of a public key of the master key;
the signature verification module is used for performing signature verification on the firmware to be updated before the firmware of the electronic equipment is upgraded, and triggering firmware upgrading operation after the firmware to be updated passes the signature verification.
2. The system of claim 1, wherein the key management system comprises:
the signature key management module is used for generating and storing a corresponding private key of the signature key and a corresponding public key of the signature key according to the model of the electronic equipment;
the master key management module is used for generating and storing a private key of the master key and a public key of the master key;
a key storage for storing keys required by the master key;
and the key storage database is used for storing the certificate revocation list, the certificate in the validity period and the private key.
3. The system of claim 2, wherein the automated signature service platform comprises:
the acquisition unit is used for acquiring original firmware, product model, type information and version information of the electronic equipment;
the firmware generating unit is used for generating a firmware header according to the original firmware, the product model, the type information and the version information;
a hash value generating unit, configured to perform a hash operation on the firmware header and the original firmware to generate a hash value;
the signature unit is used for signing a hash value obtained after hash operation is carried out on the firmware header and the original firmware by using a private key of a signature key in the signature key management module to obtain a signature value;
the certificate providing unit is used for providing a signature certificate, and the signature certificate is signed and issued by a private key of a master key stored in the master key management module;
and the packaging unit is used for packaging the public key of the main secret key, the signature certificate, the firmware header and the original firmware to produce a hash value obtained after hash operation, the original firmware and the firmware header and then generating the firmware signed by the signature secret key.
4. The system of claim 3, wherein the automated signature service platform comprises:
the searching unit is used for searching whether the original signing key exists in the local database information or not when a request for updating the signing key is received;
an adding unit, configured to add the original signature key to the certificate revocation list if the original signature key exists in the local database information;
the generating unit is used for carrying out hash operation on the firmware head and the original firmware to generate a hash value and regenerating an updated signature key;
the signature unit is used for signing a hash value obtained by performing hash operation on the firmware header and the original firmware by using a private key of the updated signature key to obtain an updated signature value;
and the certificate issuing unit is used for verifying and issuing the public key of the updated signature key by using the private key of one master key stored in the master key management module.
5. The system of claim 4, wherein the signature verification module comprises:
the reading unit is used for reading a public key of a master key in the firmware to be updated when a firmware upgrading request is received, and performing hash operation to obtain a first hash value;
the first verification unit is used for comparing the first hash value with a hash value of the public key of the master key stored in the one-time editable memory and verifying whether the public key of the master key in the firmware to be updated is tampered according to a comparison result;
the first judging unit is used for judging that the public key of the main key in the firmware to be updated is credible when the first hash value is consistent with the hash value of the public key of the main key;
the second verification unit is used for verifying the certificate in the firmware to be updated through the public key of the master key in the firmware to be updated;
the second judging unit is used for judging that the public key of the signature key in the firmware to be updated is credible when the certificate in the firmware to be updated passes verification;
the decryption unit is used for decrypting the signature in the firmware to be updated through the public key of the signature key in the firmware to be updated to obtain a second hash value;
the third verification unit is used for comparing the second hash value with a hash value obtained after the hash operation is carried out on the firmware head and the original firmware;
and the third judging unit is used for judging that the firmware to be updated is credible and initiating firmware upgrading operation when the second hash value is consistent with the hash value obtained after the hash operation is carried out on the firmware head and the original firmware.
6. The system of claim 5, further comprising, after the first authentication module:
and the deleting module is used for judging that the public key of the main key color in the firmware to be updated is falsified when the comparison between the first hash value and the hash value of the public key of the main key is inconsistent, rejecting the firmware upgrading request and deleting the public key and the sensitive data stored in the flash area.
7. The system of claim 2, wherein the signing key management module employs a public-private key pair for generating the signing key using an asymmetric cryptographic algorithm.
8. The system of claim 7, wherein the master key management module employs an asymmetric cryptographic algorithm to generate a public-private key pair for the master key.
9. The system of claim 8, wherein the master key management module generates a public-private key pair of the master key using an RSA2048 algorithm.
10. The system of any one of claims 1-9, wherein the electronic device is any one of a server, a storage device, a switch, or a router.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911026068.6A CN110795126A (en) | 2019-10-25 | 2019-10-25 | Firmware safety upgrading system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911026068.6A CN110795126A (en) | 2019-10-25 | 2019-10-25 | Firmware safety upgrading system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110795126A true CN110795126A (en) | 2020-02-14 |
Family
ID=69441336
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911026068.6A Withdrawn CN110795126A (en) | 2019-10-25 | 2019-10-25 | Firmware safety upgrading system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110795126A (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111382397A (en) * | 2020-02-26 | 2020-07-07 | 浙江大华技术股份有限公司 | Configuration method of upgrade software package, software upgrade method, equipment and storage device |
| CN111984962A (en) * | 2020-09-08 | 2020-11-24 | 英韧科技(上海)有限公司 | Firmware security verification method and device |
| CN113282930A (en) * | 2020-02-19 | 2021-08-20 | 瑞昱半导体股份有限公司 | Computer system with firmware verification mechanism and firmware verification method thereof |
| CN113486360A (en) * | 2021-07-14 | 2021-10-08 | 上海瓶钵信息科技有限公司 | RISC-V based safe starting method and system |
| CN113569230A (en) * | 2021-08-13 | 2021-10-29 | 珠海奔图电子有限公司 | Firmware updating method, device and system |
| WO2021217410A1 (en) * | 2020-04-28 | 2021-11-04 | Arris Enterprises Llc | Electronic device, system, method and program with enhanced detection of potential bricking |
| CN113721965A (en) * | 2021-08-02 | 2021-11-30 | 国创移动能源创新中心(江苏)有限公司 | Charging pile upgrading method based on safety firmware |
| CN113805908A (en) * | 2020-06-17 | 2021-12-17 | 瑞昱半导体股份有限公司 | Firmware update system and method |
| CN114448794A (en) * | 2022-01-07 | 2022-05-06 | 苏州浪潮智能科技有限公司 | Method and device for safely upgrading firmware based on trusted root of chip |
| CN116501353A (en) * | 2023-06-21 | 2023-07-28 | 苏州浪潮智能科技有限公司 | Firmware updating method, device, equipment and medium |
-
2019
- 2019-10-25 CN CN201911026068.6A patent/CN110795126A/en not_active Withdrawn
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113282930A (en) * | 2020-02-19 | 2021-08-20 | 瑞昱半导体股份有限公司 | Computer system with firmware verification mechanism and firmware verification method thereof |
| CN113282930B (en) * | 2020-02-19 | 2024-03-01 | 瑞昱半导体股份有限公司 | Computer system with firmware verification mechanism and firmware verification method thereof |
| CN111382397A (en) * | 2020-02-26 | 2020-07-07 | 浙江大华技术股份有限公司 | Configuration method of upgrade software package, software upgrade method, equipment and storage device |
| WO2021217410A1 (en) * | 2020-04-28 | 2021-11-04 | Arris Enterprises Llc | Electronic device, system, method and program with enhanced detection of potential bricking |
| CN113805908A (en) * | 2020-06-17 | 2021-12-17 | 瑞昱半导体股份有限公司 | Firmware update system and method |
| CN111984962A (en) * | 2020-09-08 | 2020-11-24 | 英韧科技(上海)有限公司 | Firmware security verification method and device |
| CN113486360B (en) * | 2021-07-14 | 2022-11-11 | 上海瓶钵信息科技有限公司 | RISC-V based safe starting method and system |
| CN113486360A (en) * | 2021-07-14 | 2021-10-08 | 上海瓶钵信息科技有限公司 | RISC-V based safe starting method and system |
| CN113721965A (en) * | 2021-08-02 | 2021-11-30 | 国创移动能源创新中心(江苏)有限公司 | Charging pile upgrading method based on safety firmware |
| CN113569230A (en) * | 2021-08-13 | 2021-10-29 | 珠海奔图电子有限公司 | Firmware updating method, device and system |
| CN114448794A (en) * | 2022-01-07 | 2022-05-06 | 苏州浪潮智能科技有限公司 | Method and device for safely upgrading firmware based on trusted root of chip |
| CN114448794B (en) * | 2022-01-07 | 2023-08-18 | 苏州浪潮智能科技有限公司 | Method and device for safely upgrading firmware based on chip trusted root |
| CN116501353A (en) * | 2023-06-21 | 2023-07-28 | 苏州浪潮智能科技有限公司 | Firmware updating method, device, equipment and medium |
| CN116501353B (en) * | 2023-06-21 | 2023-09-29 | 苏州浪潮智能科技有限公司 | Firmware updating method, device, equipment and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110795126A (en) | Firmware safety upgrading system | |
| CN109313690B (en) | Self-contained encrypted boot policy verification | |
| CN110677418B (en) | Trusted voiceprint authentication method and device, electronic equipment and storage medium | |
| US9876783B2 (en) | Distributed password verification | |
| US8874922B2 (en) | Systems and methods for multi-layered authentication/verification of trusted platform updates | |
| KR101216306B1 (en) | Updating configuration parameters in a mobile terminal | |
| WO2020192406A1 (en) | Method and apparatus for data storage and verification | |
| JP6371919B2 (en) | Secure software authentication and verification | |
| TW201732669A (en) | Controlled secure code authentication | |
| JP2004295271A (en) | Card and pass code generator | |
| TW201516733A (en) | System and method for verifying changes to UEFI authenticated variables | |
| JP2004265026A (en) | Application authentication system and device | |
| KR20090007123A (en) | Secure boot method and semiconductor memory system for using the method | |
| CN103269271A (en) | Method and system for back-upping private key in electronic signature token | |
| CN108496323B (en) | Certificate importing method and terminal | |
| JP6387908B2 (en) | Authentication system | |
| CN107133512B (en) | POS terminal control method and device | |
| CN103248491A (en) | Method and system for backing up electronic signed token private key | |
| CN111814132B (en) | Security authentication method and device, security authentication chip and storage medium | |
| KR20170089352A (en) | Firmware integrity verification for performing the virtualization system | |
| CN111147259B (en) | Authentication method and device | |
| JP6199712B2 (en) | Communication terminal device, communication terminal association method, and computer program | |
| CN110730079B (en) | System for safe starting and trusted measurement of embedded system based on trusted computing module | |
| KR101711024B1 (en) | Method for accessing temper-proof device and apparatus enabling of the method | |
| CN103281188A (en) | Method and system for backing up private key in electronic signature token |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20200214 |