CN111695111A - Secure startup method and device of firmware program - Google Patents
Secure startup method and device of firmware program Download PDFInfo
- Publication number
- CN111695111A CN111695111A CN202010542637.9A CN202010542637A CN111695111A CN 111695111 A CN111695111 A CN 111695111A CN 202010542637 A CN202010542637 A CN 202010542637A CN 111695111 A CN111695111 A CN 111695111A
- Authority
- CN
- China
- Prior art keywords
- program
- firmware
- firmware program
- target
- security chip
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 71
- 238000012795 verification Methods 0.000 claims description 19
- 230000006854 communication Effects 0.000 claims description 15
- 238000004891 communication Methods 0.000 claims description 14
- 230000008569 process Effects 0.000 description 15
- 230000005540 biological transmission Effects 0.000 description 5
- 238000007689 inspection Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 3
- 241000700605 Viruses Species 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6281—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database at program execution time, where the protection is within the operating system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
Abstract
The invention relates to the technical field of information security, in particular to a secure startup method and a secure startup device for a firmware program, wherein the method comprises the following steps: starting a preset trusted program, and applying the trusted program to send a firmware program in the distributed control system DCS to a preset security chip; starting the security chip to check whether the firmware program is a legal program; when the firmware program is a legal program, starting the firmware program; and when the firmware program is not a legal program, prohibiting the firmware program from being started. By applying the method, the validity of the firmware program in the distributed control system DCS can be checked through the security chip, so that the firmware program is started when being a valid program, and the safety of the DCS is improved.
Description
Technical Field
The present invention relates to the field of information security technologies, and in particular, to a secure boot method and apparatus for a firmware program.
Background
In a distributed control system DCS, each data transmission process of the DCS is implemented by a DCS controller. However, when data is transmitted through the DCS controller, the data is usually transmitted in a plaintext form, so that the DCS controller cannot verify the authenticity of the data, and therefore, during the data transmission process, an illegal user may transmit illegal data such as trojan or virus to the DCS, attack or tamper the final firmware program of the DCS, and change the inside of the firmware program. When the tampered firmware program is started, an illegal user controls each system function of the DCS through the tampered firmware program, so that the safety of the DCS is reduced.
Disclosure of Invention
In view of this, the present invention provides a secure start method for a firmware program, and by using the method, a security chip is used to perform validity check on the firmware program in a distributed control system DCS, so as to ensure that the firmware program is started when the firmware program is a valid program, thereby improving the security of the DCS.
The invention also provides a safe starting device of the firmware program, which is used for ensuring the realization and the application of the method in practice.
A secure boot method of a firmware program, comprising:
starting a preset trusted program, and applying the trusted program to send a firmware program in the distributed control system DCS to a preset security chip;
starting the security chip to check whether the firmware program is a legal program;
when the firmware program is a legal program, starting the firmware program;
and when the firmware program is not a legal program, prohibiting the firmware program from being started.
Optionally, the enabling of the security chip to check whether the firmware program is a legal program includes:
acquiring a binary code contained in the firmware program, and calculating the binary code to obtain a check value corresponding to the firmware program;
obtaining a hash value pre-stored in the security chip;
and matching the check value with the hash value, and if the check value is matched with the hash value, determining that the firmware program is a legal program.
Optionally, in the method, the calculating the binary code to obtain the check value corresponding to the firmware program includes:
acquiring a hash algorithm preset in the security chip;
and carrying out hash operation on the binary code by applying the hash algorithm to obtain a check value corresponding to the firmware program.
The above method, optionally, further includes:
when a preset firmware updating message sent by an upper computer is received, acquiring an authentication key contained in the firmware updating message;
calling a preset upgrading program to carry out safe communication with the upper computer, and acquiring firmware information corresponding to the firmware updating message in the upper computer;
applying the authentication key to perform identity verification on the firmware information;
and when the identity of the firmware information is verified, acquiring a target firmware program to be updated contained in the firmware information, and updating the target firmware program to the DCS.
Optionally, the method further includes, after updating the target firmware program to the DCS, the step of:
acquiring a target binary code contained in the target firmware program;
calling a preset hash algorithm to calculate the target binary code to obtain a target check value corresponding to the target firmware program;
and determining the target check value as a new hash value and storing the new hash value in the security chip.
A secure boot device for a firmware program, comprising:
the system comprises a sending unit, a security chip and a control unit, wherein the sending unit is used for starting a preset trusted program and sending a firmware program in the distributed control system DCS to the preset security chip by applying the trusted program;
the verifying unit is used for starting the security chip to verify whether the firmware program is a legal program;
the starting unit is used for starting the firmware program when the firmware program is a legal program;
and the prohibiting unit is used for prohibiting the firmware program from being started when the firmware program is not a legal program.
The above apparatus, optionally, the inspection unit, comprises:
the calculating subunit is used for acquiring a binary code contained in the firmware program and calculating the binary code to acquire a check value corresponding to the firmware program;
the first obtaining subunit is configured to obtain a hash value pre-stored in the security chip;
and the matching subunit is used for matching the check value with the hash value, and if the check value is matched with the hash value, determining that the firmware program is a legal program.
The above apparatus, optionally, the inspection unit, comprises:
the second obtaining subunit is used for obtaining a hash algorithm preset in the security chip; and carrying out hash operation on the binary code by applying the hash algorithm to obtain a check value corresponding to the firmware program.
The above apparatus, optionally, further comprises:
the device comprises a first acquisition unit, a second acquisition unit and a third acquisition unit, wherein the first acquisition unit is used for acquiring an authentication key contained in a firmware update message when the firmware update message sent by a preset upper computer is received;
the communication unit is used for calling a preset upgrading program to carry out safe communication with the upper computer and acquiring firmware information corresponding to the firmware updating message in the upper computer;
the verification unit is used for applying the authentication key to carry out identity verification on the firmware information;
and the updating unit is used for acquiring a target firmware program to be updated contained in the firmware information and updating the target firmware program to the DCS when the firmware information passes the identity verification.
The above apparatus, optionally, further comprises:
a second obtaining unit, configured to obtain a target binary code included in the target firmware program;
the computing unit is used for calling a preset hash algorithm to compute the target binary code and obtaining a target check value corresponding to the target firmware program;
and the storage unit is used for determining the target check value as a new hash value and storing the new hash value into the security chip.
A storage medium comprises stored instructions, wherein when the instructions are executed, a device where the storage medium is located is controlled to execute the secure boot method of the firmware program.
An electronic device includes a memory, and one or more instructions, wherein the one or more instructions are stored in the memory and configured to be executed by one or more processors to perform the secure boot method of the firmware program.
Compared with the prior art, the invention has the following advantages:
the invention provides a safe starting method of a firmware program, which comprises the following steps: starting a preset trusted program, and applying the trusted program to send a firmware program in the distributed control system DCS to a preset security chip; starting the security chip to check whether the firmware program is a legal program; when the firmware program is a legal program, starting the firmware program; and when the firmware program is not a legal program, prohibiting the firmware program from being started. By applying the method, the validity of the firmware program in the distributed control system DCS can be checked through the security chip, so that the firmware program is started when being a valid program, and the safety of the DCS is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of a method for securely booting a firmware program according to an embodiment of the present invention;
fig. 2 is a flowchart of another method for securely booting a firmware program according to an embodiment of the present invention;
fig. 3 is a flowchart of another method for securely booting a firmware program according to an embodiment of the present invention;
fig. 4 is a flowchart of another method for securely booting a firmware program according to an embodiment of the present invention;
FIG. 5 is a block diagram of a secure boot apparatus for firmware programs according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In this application, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions, and the terms "comprises", "comprising", or any other variation thereof are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The invention is operational with numerous general purpose or special purpose computing device environments or configurations. For example: personal computers, server computers, hand-held or portable devices, tablet-type devices, multi-processor apparatus, distributed computing environments that include any of the above devices or equipment, and the like.
The embodiment of the invention provides a secure startup method of a firmware program, which can be applied to various system platforms, wherein an execution main body of the method can be a computer terminal or a processor of various mobile devices, and a flow chart of the method is shown in fig. 1 and specifically comprises the following steps:
s101: starting a preset trusted program, and applying the trusted program to send a firmware program in the distributed control system DCS to a preset security chip;
in the embodiment of the invention, before the firmware program in the distributed control system DCS is started, a trusted program preset in the DCS is started, wherein the trusted program is a root program of a non-falsifiable trusted measurement obtained by writing through a trusted computing technology, and the trusted program is solidified inside a controller of the DCS. The trusted program can send the firmware program in the DCS to the security chip so as to carry out security verification on the firmware program through the security chip.
It should be noted that, in the embodiment of the present invention, the security chip may be a memory chip disposed inside the CPU of the DCS, and the security chip may perform security check on the firmware program through a certain encryption algorithm or a certain verification technique.
S102: starting the security chip to check whether the firmware program is a legal program;
in the embodiment of the invention, after the trusted program is applied to send the firmware program in the DCS to the security chip, the security chip is started, and the firmware program in the DCS is checked through the security chip to determine whether the firmware program is a legal program.
It should be noted that the firmware program is pre-programmed in the DCS for implementing the process of DCS data transmission. Because the firmware programs in the DCS are the same program every time when the firmware programs are not updated, the firmware programs in the DCS need to be verified whether the firmware programs are legal or not by using the trusted program and the security chip before the firmware programs are started every time.
S103: when the firmware program is a legal program, starting the firmware program;
in the embodiment of the present invention, when the security chip is enabled to verify the firmware program and determine that the firmware program is a valid program, it can be determined that no illegal user attacks or tampers the firmware program before the firmware program is started. Therefore, when the firmware program is a legal program, the firmware program can be safely started.
S104: and when the firmware program is not a legal program, prohibiting the firmware program from being started.
In the embodiment of the present invention, when the security chip checks the firmware program and determines that the firmware program is a non-legitimate program, it may be determined that the firmware program may have been attacked or tampered by an illegal user before starting, and the current firmware program is not the firmware program originally burned in the DCS. Therefore, when the firmware program is a non-legal program, the firmware program needs to be prohibited from starting.
In the secure startup method of a firmware program provided in the embodiment of the present invention, before the firmware program in the DCS is started, it is necessary to determine whether the firmware program has been attacked or tampered by an illegal user, and perform security check on the firmware program. Writing a non-tampered trusted program in the DCS, solidifying the trusted program in a controller of the DCS, starting the trusted program before starting the firmware program, and applying the trusted program to send the firmware program to a preset security chip. And enabling the safety chip to check the firmware program to determine whether the firmware program is a legal program. And when the firmware program is determined to be a legal program, the firmware program is allowed to be started, otherwise, the firmware program is forbidden to be started.
In the method provided by the embodiment of the present invention, optionally, when the firmware program is an illegal program, a prompt message corresponding to the illegal program may be fed back to a preset information receiving end. The information receiving end may be a server, a client, or other devices for receiving the DCS feedback message. The user can change the firmware program according to the prompt message of the information receiving end, and carry out operations such as virus killing on the DCS.
By applying the method provided by the embodiment of the invention, before the firmware program in the DCS is started, the validity of the firmware program is checked through the trusted program and the security chip, so that the firmware program is guaranteed to be a valid program when being started, and the security of the DCS is improved.
In the method provided in the embodiment of the present invention, based on the content in step S102, after the application trusted program sends the firmware program to the security chip, a process of enabling the security chip to check whether the firmware program is a valid program for the firmware program is shown in fig. 2, and specifically, the process may include:
s201: acquiring a binary code contained in the firmware program, and calculating the binary code to obtain a check value corresponding to the firmware program;
in the embodiment of the invention, the binary code of the firmware program is set in the firmware program of the DCS, and if the firmware program is attacked or tampered, the binary code is changed. Therefore, when the validity of the firmware program needs to be checked, the binary code in the firmware program is acquired. And calculating the binary code to obtain a check value required to check the firmware program. If the binary code in the firmware program changes, the corresponding check value will also change.
It should be noted that, in the embodiment of the present invention, the check value may be a hash value of a binary code of a firmware program in the DCS.
S202: obtaining a hash value pre-stored in the security chip;
in the embodiment of the present invention, the secure chip stores the hash value corresponding to the valid firmware program, where the hash value is a value obtained by calculating the binary code included in the valid firmware program. The hash value is stored in the security chip in advance, and when the firmware program needs to be checked to determine whether the firmware program is a legal program, the hash value in the security chip is acquired for checking.
S203: and matching the check value with the hash value, and if the check value is matched with the hash value, determining that the firmware program is a legal program.
In the embodiment of the invention, the check value is matched with the hash value. If the firmware program is not attacked or tampered by an illegal user, the binary code of the firmware program will not be changed, and the obtained check value will not be changed. If the check value is consistent with the hash value, it can be determined that the firmware program is not attacked or tampered, and the firmware program is a legal program. When the firmware program is a legal program, the firmware program can be safely started.
In the secure start method for the firmware program provided by the embodiment of the invention, in order to ensure the security of the DCS when the firmware program is started, the firmware program is checked through a hash value pre-stored in a security chip. And acquiring a binary code contained in the firmware program and calculating the binary code to obtain a check value for performing security check on the firmware program. And acquiring a hash value pre-stored in the security chip, matching the check value with the hash value, and if the check value is consistent with the hash value, determining that the firmware program is a legal program. Optionally, if the check value does not match the hash value, that is, the check value does not match the hash value, it is determined that the firmware program has been tampered with, and the firmware program is a non-legitimate program.
Based on the method provided in the foregoing embodiment, in step S201, after obtaining the binary code in the firmware program, the binary code needs to be calculated to obtain the check value corresponding to the firmware program, which may specifically include:
acquiring a hash algorithm preset in the security chip;
and carrying out hash operation on the binary code by applying the hash algorithm to obtain a check value corresponding to the firmware program.
In the secure boot method of the firmware program provided in the embodiment of the present invention, the secure chip is provided with a hash algorithm, which can perform hash calculation on the binary code of the firmware program. When hashing a binary of a firmware program, the binary may be computed as a segment of a binary. If any one of the binary values is changed, the calculated check value will also be changed. The check value may actually be a hash value obtained by performing a hash operation on the binary value by using a hash algorithm. Therefore, the check value can be matched with the hash value in the secure chip to determine whether the check value is consistent with the hash value, and whether the firmware program is attacked or tampered can be determined by matching the check value with the hash value.
By applying the method provided by the embodiment of the invention, the binary code of the firmware program is calculated through the Hash algorithm, the check value of the firmware program is obtained, the Hash value of the legal firmware program stored in the safety chip in advance is obtained, and the legality of the firmware program is determined by matching the check value with the Hash value, so that the illegal firmware program is prevented from being started in the DCS, and the safety of the DCS is ensured.
In the method provided by the embodiment of the invention, the firmware program is a program which is written in the DCS in advance, and before the firmware program is not upgraded, the firmware program started each time needs to be ensured to be a legal program in the DCS. When the firmware program in the DCS needs to be upgraded, an update process corresponding to the upgrade of the new firmware program needs to be executed, and a flowchart of the specific update process is shown in fig. 3, which may specifically include:
s301: when a preset firmware updating message sent by an upper computer is received, acquiring an authentication key contained in the firmware updating message;
in the embodiment of the invention, when the firmware program in the DCS needs to be upgraded, the upper computer sends the firmware updating message to the DCS. And when a firmware updating message sent to the DCS by the upper computer is received, acquiring an authentication key contained in the firmware updating message.
It should be noted that the upper computer in the embodiment of the present invention may be a preset device that issues a firmware update message to the DCS, and is used to cooperate with the DCS to safely update a firmware program.
S302: calling a preset upgrading program to carry out safe communication with the upper computer, and acquiring firmware information corresponding to the firmware updating message in the upper computer;
in the embodiment of the invention, the DCS is provided with an upgrading program for carrying out safe communication with the upper computer and being matched with the upper computer to upgrade the firmware program. And after the secure communication is carried out with the upper computer through the upgrading program, acquiring the firmware information corresponding to the firmware updating message.
It should be noted that, in order to ensure the security of the upgrade process of the firmware program, the firmware information is transmitted in an encrypted transmission manner.
S303: applying the authentication key to perform identity verification on the firmware information;
in the embodiment of the invention, after the firmware information is obtained, the authentication key contained in the firmware updating message is applied to carry out identity verification on the encrypted firmware information so as to ensure the validity of the obtained firmware information.
S304: and when the identity of the firmware information is verified, acquiring a target firmware program to be updated contained in the firmware information, and updating the target firmware program to the DCS.
In the embodiment of the invention, when the identity of the firmware information is verified, the source of the firmware information is represented to be legal, a target firmware program required is obtained from the firmware information, the target firmware program is updated to the DCS, and the upgrading of the firmware program in the DCS is completed.
In the secure start method of the firmware program provided by the embodiment of the invention, when the firmware program in the DCS needs to be upgraded, the upper computer issues a firmware update message to the DCS, and sets the authentication key in the firmware update message. And after receiving a firmware update message sent by the upper computer to the DCS, acquiring an authentication key contained in the firmware update message, and carrying out safe communication with the upper computer through an upgrading program so as to acquire firmware information corresponding to the firmware update message in the safe communication process. The firmware information is transmitted in an encrypted manner, and the upper computer and the upgrading program perform secure communication to acquire the firmware information in the upper computer. The identity authentication is carried out on the firmware information through the pre-acquired authentication key, the safety of the firmware information is further determined, the firmware information is prevented from being attacked or tampered in the transmission process, and the safety of the source of firmware program upgrading is ensured. If the firmware information passes the identity authentication, the target firmware program contained in the firmware information can be acquired, and the firmware program is updated to the DCS, so that the upgrading of the firmware program in the DCS is completed.
It should be noted that, after the firmware program is upgraded, the original firmware program may be deleted, and the hash value originally stored in the security chip may also be deleted.
By applying the method provided by the embodiment of the invention, when the firmware program needs to be updated, the upgrading program needs to be in safe communication with the upper computer, and after the firmware information is obtained, the authentication key is applied to carry out identity verification, so that the safety of the source of the firmware program in the process of upgrading the firmware program is ensured, an illegal user is prevented from tampering the target firmware program in the process of upgrading the firmware program, and the safety of DCS is further improved.
In the method provided by the embodiment of the present invention, in the process of upgrading the firmware program based on the above embodiment, after the target firmware program is updated to the DCS, the hash value of the target firmware program also needs to be stored in the security chip, so as to ensure that the security of the target firmware program is checked when the target firmware program is subsequently started. As shown in fig. 4, the process of storing the new hash value in the security chip may further include:
s401: acquiring a target binary code contained in the target firmware program;
in the embodiment of the present invention, after the target firmware program is updated into the DCS, the hash value in the security chip needs to be updated. Therefore, the target binary code in the target firmware program needs to be acquired. Since the firmware program is updated, the target firmware program is different from the binary code of the original firmware program.
S402: calling a preset hash algorithm to calculate the target binary code to obtain a target check value corresponding to the target firmware program;
in the embodiment of the invention, after the target binary code of the target firmware program is obtained, the preset hash algorithm is called to calculate the target binary code. The hash algorithm may be a hash algorithm preset in the security chip, or a hash algorithm additionally set outside the security chip of the DCS. When the hash algorithm is the hash algorithm set in the security chip, the target binary code can be sent to the security chip, and the hash algorithm in the security chip is applied to perform hash operation on the target binary code. And after the hash operation is carried out on the target binary code, a target check value corresponding to the target firmware program is obtained.
S403: and determining the target check value as a new hash value and storing the new hash value in the security chip.
In the embodiment of the present invention, the target verification value is determined as a new hash value of the target firmware program, and the new hash value is stored in the security chip.
Optionally, in the method provided in this embodiment of the present invention, when the DCS needs to start the target firmware program after storing the new hash value in the security chip, the specific implementation process of steps S101 to S104 may be executed, which will not be described herein again.
In the secure start method for a firmware program provided in the embodiment of the present invention, in order to ensure the security of the DCS, after the target firmware program is updated, a new hash value corresponding to the target firmware program needs to be stored in the secure chip. And obtaining a target check value by acquiring a target binary code in the target firmware program and calling a preset hash algorithm to perform hash operation on the target binary code. And determining the target check value as a new hash value and storing the new hash value in a security chip, and ensuring that the security of the target firmware program is checked through the new hash value in the security chip before the target firmware program is started each time.
By applying the method provided by the embodiment of the invention, the new hash value is stored again after the target firmware program is updated, so that the safety inspection of the target firmware program can be ensured when the target firmware program is started every time, and the safety of DCS is further ensured.
The specific implementation procedures and derivatives thereof of the above embodiments are within the scope of the present invention.
Corresponding to the method described in fig. 1, an embodiment of the present invention further provides a secure boot apparatus for a firmware program, which is used to implement the method in fig. 1 specifically, the secure boot apparatus for a firmware program provided in the embodiment of the present invention may be applied to a computer terminal or various mobile devices, and a schematic structural diagram of the secure boot apparatus is shown in fig. 5, and specifically includes:
a sending unit 501, configured to start a preset trusted program, and send a firmware program in the distributed control system DCS to a preset security chip by using the trusted program;
a checking unit 502, configured to enable the security chip to check whether the firmware program is a valid program;
a starting unit 503, configured to start the firmware program when the firmware program is a valid program;
a prohibiting unit 504, configured to prohibit starting the firmware program when the firmware program is not a legal program.
In the secure startup method of the firmware program provided in the embodiment of the present invention, after the trusted program is started, the sending unit applies the trusted program to send the firmware program to the security chip, and the checking unit checks whether the firmware program is a legal program, if the firmware program is a legal program, the starting unit starts the firmware program, and if the firmware program is a non-legal program, the prohibiting unit prohibits the start of the firmware program, so as to ensure the security of the DCS.
In the apparatus provided in the embodiment of the present invention, the inspection unit 502 includes:
the calculating subunit is used for acquiring a binary code contained in the firmware program and calculating the binary code to acquire a check value corresponding to the firmware program;
the first obtaining subunit is configured to obtain a hash value pre-stored in the security chip;
and the matching subunit is used for matching the check value with the hash value, and if the check value is matched with the hash value, determining that the firmware program is a legal program.
In the apparatus provided in the embodiment of the present invention, the inspection unit 502 includes:
the second obtaining subunit is used for obtaining a hash algorithm preset in the security chip; and carrying out hash operation on the binary code by applying the hash algorithm to obtain a check value corresponding to the firmware program.
The device provided by the embodiment of the invention further comprises:
the device comprises a first acquisition unit, a second acquisition unit and a third acquisition unit, wherein the first acquisition unit is used for acquiring an authentication key contained in a firmware update message when the firmware update message sent by a preset upper computer is received;
the communication unit is used for calling a preset upgrading program to carry out safe communication with the upper computer and acquiring firmware information corresponding to the firmware updating message in the upper computer;
the verification unit is used for applying the authentication key to carry out identity verification on the firmware information;
and the updating unit is used for acquiring a target firmware program to be updated contained in the firmware information and updating the target firmware program to the DCS when the firmware information passes the identity verification.
The device provided by the embodiment of the invention further comprises:
a second obtaining unit, configured to obtain a target binary code included in the target firmware program;
the computing unit is used for calling a preset hash algorithm to compute the target binary code and obtaining a target check value corresponding to the target firmware program;
and the storage unit is used for determining the target check value as a new hash value and storing the new hash value into the security chip.
The specific working processes of each unit and sub-unit in the secure boot apparatus of the firmware program disclosed in the above embodiment of the present invention can refer to the corresponding contents in the secure boot method of the firmware program disclosed in the above embodiment of the present invention, and are not described herein again.
The embodiment of the invention also provides a storage medium, which comprises a stored instruction, wherein when the instruction runs, the device where the storage medium is located is controlled to execute the safe starting method of the firmware program.
An electronic device is provided in an embodiment of the present invention, and the structural diagram of the electronic device is shown in fig. 6, which specifically includes a memory 601 and one or more instructions 602, where the one or more instructions 602 are stored in the memory 601 and configured to be executed by one or more processors 603 to perform the following operations on the one or more instructions 602:
starting a preset trusted program, and applying the trusted program to send a firmware program in the distributed control system DCS to a preset security chip;
starting the security chip to check whether the firmware program is a legal program;
when the firmware program is a legal program, starting the firmware program;
and when the firmware program is not a legal program, prohibiting the firmware program from being started.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, the system or system embodiments are substantially similar to the method embodiments and therefore are described in a relatively simple manner, and reference may be made to some of the descriptions of the method embodiments for related points. The above-described system and system embodiments are only illustrative, wherein the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both.
To clearly illustrate this interchangeability of hardware and software, various illustrative components and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. A method for secure booting of a firmware program, comprising:
starting a preset trusted program, and applying the trusted program to send a firmware program in the distributed control system DCS to a preset security chip;
starting the security chip to check whether the firmware program is a legal program;
when the firmware program is a legal program, starting the firmware program;
and when the firmware program is not a legal program, prohibiting the firmware program from being started.
2. The method of claim 1, wherein enabling the security chip to verify whether the firmware program is a legitimate program comprises:
acquiring a binary code contained in the firmware program, and calculating the binary code to obtain a check value corresponding to the firmware program;
obtaining a hash value pre-stored in the security chip;
and matching the check value with the hash value, and if the check value is matched with the hash value, determining that the firmware program is a legal program.
3. The method of claim 2, wherein the calculating the binary code to obtain the check value corresponding to the firmware program comprises:
acquiring a hash algorithm preset in the security chip;
and carrying out hash operation on the binary code by applying the hash algorithm to obtain a check value corresponding to the firmware program.
4. The method of claim 1, further comprising:
when a preset firmware updating message sent by an upper computer is received, acquiring an authentication key contained in the firmware updating message;
calling a preset upgrading program to carry out safe communication with the upper computer, and acquiring firmware information corresponding to the firmware updating message in the upper computer;
applying the authentication key to perform identity verification on the firmware information;
and when the identity of the firmware information is verified, acquiring a target firmware program to be updated contained in the firmware information, and updating the target firmware program to the DCS.
5. The method of claim 4, wherein after updating the target firmware program to the DCS, further comprising:
acquiring a target binary code contained in the target firmware program;
calling a preset hash algorithm to calculate the target binary code to obtain a target check value corresponding to the target firmware program;
and determining the target check value as a new hash value and storing the new hash value in the security chip.
6. A secure boot apparatus for a firmware program, comprising:
the system comprises a sending unit, a security chip and a control unit, wherein the sending unit is used for starting a preset trusted program and sending a firmware program in the distributed control system DCS to the preset security chip by applying the trusted program;
the verifying unit is used for starting the security chip to verify whether the firmware program is a legal program;
the starting unit is used for starting the firmware program when the firmware program is a legal program;
and the prohibiting unit is used for prohibiting the firmware program from being started when the firmware program is not a legal program.
7. The apparatus of claim 6, wherein the verification unit comprises:
the calculating subunit is used for acquiring a binary code contained in the firmware program and calculating the binary code to acquire a check value corresponding to the firmware program;
the first obtaining subunit is configured to obtain a hash value pre-stored in the security chip;
and the matching subunit is used for matching the check value with the hash value, and if the check value is matched with the hash value, determining that the firmware program is a legal program.
8. The apparatus of claim 6, wherein the verification unit comprises:
the second obtaining subunit is used for obtaining a hash algorithm preset in the security chip; and carrying out hash operation on the binary code by applying the hash algorithm to obtain a check value corresponding to the firmware program.
9. The apparatus of claim 6, further comprising:
the device comprises a first acquisition unit, a second acquisition unit and a third acquisition unit, wherein the first acquisition unit is used for acquiring an authentication key contained in a firmware update message when the firmware update message sent by a preset upper computer is received;
the communication unit is used for calling a preset upgrading program to carry out safe communication with the upper computer and acquiring firmware information corresponding to the firmware updating message in the upper computer;
the verification unit is used for applying the authentication key to carry out identity verification on the firmware information;
and the updating unit is used for acquiring a target firmware program to be updated contained in the firmware information and updating the target firmware program to the DCS when the firmware information passes the identity verification.
10. The apparatus of claim 9, further comprising:
a second obtaining unit, configured to obtain a target binary code included in the target firmware program;
the computing unit is used for calling a preset hash algorithm to compute the target binary code and obtaining a target check value corresponding to the target firmware program;
and the storage unit is used for determining the target check value as a new hash value and storing the new hash value into the security chip.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010542637.9A CN111695111A (en) | 2020-06-15 | 2020-06-15 | Secure startup method and device of firmware program |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010542637.9A CN111695111A (en) | 2020-06-15 | 2020-06-15 | Secure startup method and device of firmware program |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111695111A true CN111695111A (en) | 2020-09-22 |
Family
ID=72481044
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010542637.9A Pending CN111695111A (en) | 2020-06-15 | 2020-06-15 | Secure startup method and device of firmware program |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111695111A (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1553349A (en) * | 2003-05-29 | 2004-12-08 | 联想(北京)有限公司 | Safety chip and information safety processor and processing method |
| CN103093141A (en) * | 2013-01-17 | 2013-05-08 | 北京华大信安科技有限公司 | Download method, guidance method and device of safe main control chip Coolcloud system (COS) |
| CN107273150A (en) * | 2017-05-10 | 2017-10-20 | 深圳市金百锐通信科技有限公司 | Preload firmware and download wiring method and device |
| CN108229132A (en) * | 2017-12-27 | 2018-06-29 | 北京和利时系统工程有限公司 | A kind of safe starting method and device, terminal |
| CN109063489A (en) * | 2018-08-28 | 2018-12-21 | 郑州云海信息技术有限公司 | A kind of starting method and device |
| CN109144584A (en) * | 2018-07-27 | 2019-01-04 | 浪潮(北京)电子信息产业有限公司 | A kind of programmable logic device and its starting method, system and storage medium |
| CN109951284A (en) * | 2017-12-20 | 2019-06-28 | 北京可信华泰信息技术有限公司 | A kind of authenticating safe state method and terminal |
| CN110110526A (en) * | 2019-05-08 | 2019-08-09 | 郑州信大捷安信息技术股份有限公司 | A kind of safety starting device and method based on safety chip |
| CN111124453A (en) * | 2019-12-25 | 2020-05-08 | 哈尔滨新中新电子股份有限公司 | Method for upgrading firmware program of terminal equipment |
-
2020
- 2020-06-15 CN CN202010542637.9A patent/CN111695111A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1553349A (en) * | 2003-05-29 | 2004-12-08 | 联想(北京)有限公司 | Safety chip and information safety processor and processing method |
| CN103093141A (en) * | 2013-01-17 | 2013-05-08 | 北京华大信安科技有限公司 | Download method, guidance method and device of safe main control chip Coolcloud system (COS) |
| CN107273150A (en) * | 2017-05-10 | 2017-10-20 | 深圳市金百锐通信科技有限公司 | Preload firmware and download wiring method and device |
| CN109951284A (en) * | 2017-12-20 | 2019-06-28 | 北京可信华泰信息技术有限公司 | A kind of authenticating safe state method and terminal |
| CN108229132A (en) * | 2017-12-27 | 2018-06-29 | 北京和利时系统工程有限公司 | A kind of safe starting method and device, terminal |
| CN109144584A (en) * | 2018-07-27 | 2019-01-04 | 浪潮(北京)电子信息产业有限公司 | A kind of programmable logic device and its starting method, system and storage medium |
| CN109063489A (en) * | 2018-08-28 | 2018-12-21 | 郑州云海信息技术有限公司 | A kind of starting method and device |
| CN110110526A (en) * | 2019-05-08 | 2019-08-09 | 郑州信大捷安信息技术股份有限公司 | A kind of safety starting device and method based on safety chip |
| CN111124453A (en) * | 2019-12-25 | 2020-05-08 | 哈尔滨新中新电子股份有限公司 | Method for upgrading firmware program of terminal equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107615292B (en) | System and method for managing installation of application packages requiring high risk permission access | |
| KR100711722B1 (en) | Software authentication apparatus for mobile communication terminal and the method thereof | |
| WO2015184891A1 (en) | Security management and control method, apparatus, and system for android system | |
| US20140075517A1 (en) | Authorization scheme to enable special privilege mode in a secure electronic control unit | |
| CN108092775B (en) | Calibration method and device, and electronic device | |
| KR20160042897A (en) | Secure os boot as per reference platform manifest and data sealing | |
| CN103679005A (en) | Method to enable development mode of a secure electronic control unit | |
| JP2009175923A (en) | Platform integrity verification system and method | |
| CN104751049A (en) | Application program installing method and mobile terminal | |
| CN109977662B (en) | Application program processing method, device, terminal and storage medium based on combined public key | |
| CN112257086A (en) | User privacy data protection method and electronic equipment | |
| CN107172100A (en) | A kind of local security updates the method and device of BIOS mirror images | |
| CN111460410A (en) | Server login method, device and system and computer readable storage medium | |
| CN112448930A (en) | Account registration method, device, server and computer readable storage medium | |
| KR101097103B1 (en) | Method and system for preventing outflow in software source code | |
| KR20180046593A (en) | Internet of things device firmware update system for firmware signature verification and security key management | |
| CN111953634B (en) | Access control method and device for terminal equipment, computer equipment and storage medium | |
| CN115643564A (en) | FOTA upgrading method, device, equipment and storage medium for automobile safety | |
| CN111832012B (en) | ECU and starting method thereof | |
| KR101436404B1 (en) | User authenticating method and apparatus | |
| KR100458515B1 (en) | System and method that can facilitate secure installation of JAVA application for mobile client through wireless internet | |
| JP6343928B2 (en) | Portable terminal, authentication system, authentication method, and authentication program | |
| CN111125705B (en) | Capability opening method and device | |
| CN114143197B (en) | OTA (over the air) upgrading method, device and equipment for Internet of things equipment and readable storage medium | |
| CN116707758A (en) | Authentication method, equipment and server of trusted computing equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |