CN111832013A - Firmware upgrading method and device - Google Patents

Firmware upgrading method and device Download PDF

Info

Publication number
CN111832013A
CN111832013A CN202010753344.5A CN202010753344A CN111832013A CN 111832013 A CN111832013 A CN 111832013A CN 202010753344 A CN202010753344 A CN 202010753344A CN 111832013 A CN111832013 A CN 111832013A
Authority
CN
China
Prior art keywords
firmware
firmware file
file
key
verifying
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010753344.5A
Other languages
Chinese (zh)
Inventor
黄凯明
孙健康
王林青
邹启蒙
姚四海
曾晓东
林锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Advanced New Technologies Co Ltd
Original Assignee
Advanced New Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Advanced New Technologies Co Ltd filed Critical Advanced New Technologies Co Ltd
Priority to CN202010753344.5A priority Critical patent/CN111832013A/en
Publication of CN111832013A publication Critical patent/CN111832013A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Stored Programmes (AREA)

Abstract

An embodiment of the present specification provides a firmware upgrade method and apparatus, where the method includes: the server side encrypts the first firmware file by adopting a second key to obtain a second firmware file; verifying the second firmware file by adopting a preset verification algorithm to obtain a first verification value; and sending a firmware upgrading instruction to the terminal equipment, wherein the firmware upgrading instruction is used for indicating the terminal equipment to carry out firmware upgrading, and the firmware upgrading instruction carries a download address of the second firmware file, the second key and the first check value. Therefore, in the embodiment of the specification, the content of the firmware file is prevented from being cracked and tampered in the firmware upgrading process by encrypting and verifying the new firmware file developed by a developer, and the safety is high.

Description

Firmware upgrading method and device
(this application is a divisional application of the patent application No. 201810981834.3)
Technical Field
The present application relates to the field of electronic technologies, and in particular, to a firmware upgrading method and apparatus.
Background
Firmware (Firmware) refers to a device "driver" stored in the device, and bears the most basic and bottom layer work of an operating system, and the operating system can realize the running action of a specific machine according to the standard device driver through the Firmware. Therefore, in the hardware device, the firmware is the soul of the hardware device, and determines the function and performance of the hardware device.
In order to repair product defects, meet changing demands and new functions, and shorten product cycles, the firmware of the device is upgraded. At present, in the process of upgrading the firmware, the confidentiality degree of related firmware files is low, the related firmware files are easy to be tampered or cracked, and great potential safety hazards exist.
In order to solve the above technical problems, a firmware upgrading method with high security needs to be provided.
Disclosure of Invention
An object of the embodiments of the present specification is to provide a firmware upgrade method and apparatus, where the embodiments of the present specification are implemented as follows:
in a first aspect, a firmware upgrading method is provided, which is applied to a server, and the method includes:
encrypting the first firmware file by adopting a second key to obtain a second firmware file;
verifying the second firmware file by adopting a preset verification algorithm to obtain a first verification value;
sending a firmware upgrading instruction to a terminal device, wherein the firmware upgrading instruction is used for indicating the terminal device to carry out firmware upgrading, and the firmware upgrading instruction carries a download address of the second firmware file, the second key and the first check value; and the downloading address of the second firmware file is correspondingly provided with a digital certificate for verifying the validity of the downloading address of the second firmware file by the terminal equipment.
In a second aspect, a firmware upgrading method is provided, which is applied to a terminal device, and the method includes:
receiving a firmware upgrading instruction sent by a server, wherein the firmware upgrading instruction carries a download address of a second firmware file, a second key and a first verification value, the second firmware file is obtained by encrypting the first firmware file by using the second key, and the first verification value is obtained by verifying the second firmware file by using a preset verification algorithm; a digital certificate is correspondingly arranged at the download address of the second firmware file;
verifying the digital certificate corresponding to the download address of the second firmware file;
if the verification is passed, acquiring the second firmware file according to the download address of the second firmware file;
verifying the second firmware file by adopting the preset verification algorithm to obtain a second verification value;
if the second check value is matched with the first check value, decrypting the second firmware file by using the second key to obtain the first firmware file;
and updating the firmware of the terminal equipment based on the first firmware file.
In a third aspect, a firmware upgrading apparatus is provided, which is applied to a server, and includes:
the encryption module is used for encrypting the first firmware file by adopting a second key to obtain a second firmware file;
the first verification module is used for verifying the second firmware file by adopting a preset verification algorithm to obtain a first verification value;
a sending module, configured to send a firmware upgrade instruction to a terminal device, where the firmware upgrade instruction is used to instruct the terminal device to perform firmware upgrade, and the firmware upgrade instruction carries a download address of the second firmware file, the second key, and the first check value; and the downloading address of the second firmware file is correspondingly provided with a digital certificate for verifying the validity of the downloading address of the second firmware file by the terminal equipment.
In a fourth aspect, a firmware upgrading apparatus is provided, which is applied to a terminal device, and includes:
the instruction receiving module is used for receiving a firmware upgrading instruction sent by a server, wherein the firmware upgrading instruction carries a download address of a second firmware file, a second key and a first verification value, the second firmware file is obtained by encrypting the first firmware file by using the second key, and the first verification value is obtained by verifying the second firmware file by using a preset verification algorithm; a digital certificate is correspondingly arranged at the download address of the second firmware file;
the downloading module is used for verifying the digital certificate corresponding to the downloading address of the second firmware file; if the verification is passed, acquiring the second firmware file according to the download address of the second firmware file;
the second check module is used for checking the second firmware file by adopting the preset check algorithm to obtain a second check value;
the decryption module is used for decrypting the second firmware file by adopting the second key to obtain the first firmware file under the condition that the second check value is matched with the first check value;
and the upgrading module is used for upgrading the firmware of the terminal equipment based on the first firmware file.
In a fifth aspect, an electronic device is provided, comprising:
a processor; and
a memory arranged to store computer executable instructions that, when executed, cause the processor to:
encrypting the first firmware file by adopting a second key to obtain a second firmware file;
verifying the second firmware file by adopting a preset verification algorithm to obtain a first verification value;
sending a firmware upgrading instruction to a terminal device, wherein the firmware upgrading instruction is used for indicating the terminal device to carry out firmware upgrading, and the firmware upgrading instruction carries a download address of the second firmware file, the second key and the first check value; and the downloading address of the second firmware file is correspondingly provided with a digital certificate for verifying the validity of the downloading address of the second firmware file by the terminal equipment.
In a sixth aspect, an electronic device is provided, comprising:
a processor; and
a memory arranged to store computer executable instructions that, when executed, cause the processor to:
receiving a firmware upgrading instruction sent by a server, wherein the firmware upgrading instruction carries a download address of a second firmware file, a second key and a first verification value, the second firmware file is obtained by encrypting the first firmware file by using the second key, and the first verification value is obtained by verifying the second firmware file by using a preset verification algorithm; a digital certificate is correspondingly arranged at the download address of the second firmware file;
verifying the digital certificate corresponding to the download address of the second firmware file;
if the verification is passed, acquiring the second firmware file according to the download address of the second firmware file;
verifying the second firmware file by adopting the preset verification algorithm to obtain a second verification value;
if the second check value is matched with the first check value, decrypting the second firmware file by using the second key to obtain the first firmware file;
and upgrading the firmware of the terminal equipment based on the first firmware file.
In a seventh aspect, a computer storage medium is provided that stores one or more programs that, when executed by an electronic device that includes a plurality of application programs, cause the electronic device to:
encrypting the first firmware file by adopting a second key to obtain a second firmware file;
verifying the second firmware file by adopting a preset verification algorithm to obtain a first verification value;
sending a firmware upgrading instruction to a terminal device, wherein the firmware upgrading instruction is used for indicating the terminal device to carry out firmware upgrading, and the firmware upgrading instruction carries a download address of the second firmware file, the second key and the first check value; and the downloading address of the second firmware file is correspondingly provided with a digital certificate for verifying the validity of the downloading address of the second firmware file by the terminal equipment.
In an eighth aspect, a computer storage medium is provided that stores one or more programs that, when executed by an electronic device that includes a plurality of application programs, cause the electronic device to:
receiving a firmware upgrading instruction sent by a server, wherein the firmware upgrading instruction carries a download address of a second firmware file, a second key and a first verification value, the second firmware file is obtained by encrypting the first firmware file by using the second key, and the first verification value is obtained by verifying the second firmware file by using a preset verification algorithm; a digital certificate is correspondingly arranged at the download address of the second firmware file;
verifying the digital certificate corresponding to the download address of the second firmware file;
if the verification is passed, acquiring the second firmware file according to the download address of the second firmware file;
verifying the second firmware file by adopting the preset verification algorithm to obtain a second verification value;
if the second check value is matched with the first check value, decrypting the second firmware file by using the second key to obtain the first firmware file;
and updating the firmware of the terminal equipment based on the first firmware file.
As can be seen from the technical solutions provided by the embodiments of the present specification, in the embodiments of the present specification, the contents of the firmware file are not cracked and tampered during the firmware upgrade process by encrypting and verifying the new firmware file developed by the developer, and the security is high.
Drawings
In order to more clearly illustrate the embodiments of the present specification or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only some embodiments described in the present specification, and for those skilled in the art, other drawings can be obtained according to the drawings without any creative effort.
FIG. 1 is an application scenario diagram of a firmware upgrade method of one embodiment of the present description;
FIG. 2 is a flow diagram of a firmware upgrade method of one embodiment of the present description;
FIG. 3 is a flow diagram of a firmware upgrade method of another embodiment of the present description;
FIG. 4 is a schematic structural diagram of a firmware upgrade apparatus according to an embodiment of the present description;
FIG. 5 is a schematic structural diagram of a firmware upgrade apparatus according to another embodiment of the present description;
FIG. 6 is a schematic structural diagram of an electronic device of one embodiment of the present description;
fig. 7 is a schematic structural diagram of an electronic device according to another embodiment of the present specification.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in the present specification, the technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only a part of the embodiments of the present specification, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present specification without any creative effort shall fall within the protection scope of the present specification.
The embodiment of the specification provides a firmware upgrading method and device.
For ease of understanding, some concepts and application scenarios related to the embodiments of the present specification are first described below.
Over The Air (OTA): the technology is used for distributing resources or configuration to be upgraded to embedded terminal equipment through diversified over-the-air transmission methods (including WiFi, ZigBee, BLE and the like), and enabling the terminal equipment to be automatically updated and upgraded. Currently, firmware upgrade of terminal equipment is mainly realized through OTA.
Message Queue Telemetry Transport (MQTT): the instant messaging protocol developed by IBM belongs to a lightweight transmission protocol.
Asymmetric encryption: the asymmetric encryption algorithm is a secret key confidentiality method, and relates to a public key and a private key, wherein the public key and the private key are in a pair, and if the private key is used for encrypting data, only the corresponding public key can be used for decrypting the data; if the data is encrypted with a public key, it can only be decrypted with the corresponding private key.
Symmetric encryption: the symmetric encryption algorithm is a secret key encryption method, single-key encryption is adopted for encryption, and the same secret key can be used for data encryption and decryption at the same time, and is also called single-key encryption.
Digital abstract: the digital digest is a short message of a fixed length, which is similar to a Hash function, in which an argument is a function of the message. The digital digests use a one-way Hash function to convert the plaintext 'digest' to be encrypted into a string of ciphertext with a fixed length (e.g. 128 bits), which is also called digital fingerprint, and the string of ciphertext is a fixed length, and different plaintext digests are converted into ciphertext, the result is always different, and the digests of the same plaintext must be identical.
Boot loader (BootLoader): the first section of code executed by the embedded system after power-up, after it completes the initialization of CPU and relative hardware, the operating system image or the solidified embedded application program is installed in the memory and then jumps to the space where the operating system is located, starts the operating system to run.
The application scenario of the technical scheme of the embodiment of the specification is as follows: the application scene comprises the following steps: the system comprises a development environment, a management center, a server and terminal equipment; the firmware file developed by the developer is called a source firmware file, and the source firmware file is used for upgrading the firmware of the terminal equipment; the management center is used for storing and managing version information of source firmware files developed by developers, after the developers develop new source firmware files, the management center can input the new source firmware files into the management center, in order to ensure the legality of the source firmware files, the management center can carry out asymmetric encryption on the new source firmware files and provide the firmware files obtained by the asymmetric encryption for the server; after the server performs a series of processing on the firmware file from the management center, the server provides a download address of the processed firmware file to the terminal equipment; and the terminal equipment downloads the firmware file according to the firmware file downloading address from the server side, verifies and decrypts the downloaded firmware file, obtains a source firmware file if the verification is passed and the decryption is successful, and upgrades the firmware of the terminal equipment by using the source firmware file.
Next, a firmware upgrading method provided in an embodiment of the present specification is described.
Fig. 2 is a flowchart of a firmware upgrading method according to an embodiment of the present disclosure, which is applied to a server, and as shown in fig. 2, the method may include the following steps: step 204, step 206, and step 208, wherein,
in step 204, the first firmware file is encrypted by using the second key to obtain a second firmware file.
In this embodiment of the present specification, to avoid leakage of data and service logic of the firmware file in the transmission process, the server side encrypts the first firmware file. Considering that the AES encryption algorithm has the advantages of fast operation speed, high security, less resource consumption, and the like, the first firmware may be preferentially encrypted by the AES encryption algorithm, and at this time, the second key is the AES key.
The first firmware file may be a source firmware file or a firmware file obtained by processing the source firmware file, such as encryption. In this embodiment, a specific processing manner adopted by the source firmware file to obtain the first firmware file is not limited.
For example, before step 204, the following processing steps may also be performed to obtain the first firmware file:
and acquiring a first firmware file, wherein the first firmware file is obtained by encrypting the source firmware file by adopting a first key, and the first key is a private key.
In the embodiment of the present specification, the source firmware file is a firmware file developed by a developer in a development environment, and the source firmware file is an unencrypted file.
In the embodiment of the present specification, after a developer develops (or compiles) a new source firmware file in a development environment, the new source firmware file is recorded into a management center for storage, and the management center performs asymmetric encryption on the source firmware file to obtain an asymmetrically encrypted firmware file, that is, a first firmware file; specifically, the management center may encrypt the source firmware file by using a private key of an RSA encryption algorithm to obtain the first firmware file. Correspondingly, the server side acquires the first firmware file from the management center.
In step 206, the second firmware file is verified by using a preset verification algorithm to obtain a first verification value.
In this embodiment of the present description, security of the firmware upgrade process is ensured, and the server checks the second firmware file, where the check algorithm may include: SHA256 check algorithm, SHA128 check algorithm, or MD5 check algorithm. Specifically, when the verification algorithm is the SHA256 verification algorithm, the first verification value is a 256-bit character string; specifically, when the check algorithm is the SHA128 check algorithm, the first check value is a 128-bit character string; specifically, when the verification algorithm is the MD5 verification algorithm, the first verification value is a 128-bit character string.
In step 206, a firmware upgrade instruction is sent to the terminal device, where the firmware upgrade instruction is used to instruct the terminal device to perform firmware upgrade, and the firmware upgrade instruction carries a download address of the second firmware file, the second key, and the first check value.
In this embodiment of the present specification, when it is detected that the firmware version in the terminal device is lower than the version of the source firmware file, a firmware upgrade instruction is sent to the terminal device.
In consideration of the fact that the data volume carried in the firmware upgrading instruction is small, in the embodiment of the specification, the firmware upgrading instruction can be sent to the terminal device through a lightweight transmission protocol; the lightweight transport protocol may include: MQTT protocol or CoAP protocol.
In this embodiment, a server may receive state information reported by a terminal device, where the state information may include at least one of the following: the firmware upgrading method comprises the following steps of firmware version information and firmware installation progress information, wherein the firmware version information is used for determining whether the terminal equipment needs firmware upgrading.
In this embodiment of the present description, if a terminal device has an error during a firmware upgrade process, the server may perform error location according to installation progress information of the firmware.
In this embodiment of the present description, if the firmware upgrade of the terminal device fails, the server may issue the firmware upgrade instruction again when the terminal device is restarted.
As can be seen from the above embodiments, in this embodiment, the contents of the firmware file are not cracked and tampered during the firmware upgrade process by encrypting and verifying the new firmware file (i.e., the source firmware file) developed by the developer for many times, so that the security is high.
Fig. 3 is a flowchart of a firmware upgrading method according to another embodiment of the present disclosure, which is applied to a terminal device, and as shown in fig. 3, the method may include the following steps: step 302, step 304, step 306, step 308, and step 310, wherein,
in step 302, a firmware upgrade instruction sent by the server is received, where the firmware upgrade instruction carries a download address, a second key, and a first check value of a second firmware file, the second firmware file is obtained by encrypting the first firmware file with the second key, and the first check value is obtained by checking the second firmware file with a preset check algorithm.
In step 304, the second firmware file is obtained according to the download address of the second firmware file.
In this embodiment of the present description, the validity of the download address of the firmware file is verified in a manner that an HTTPS certificate can be authenticated, so as to ensure that the download address and the check value of the firmware file in the firmware upgrade instruction are not tampered with, and correspondingly, step 304 may specifically include the following steps:
acquiring a digital certificate corresponding to the download address of the second firmware file;
and judging whether the digital certificate is in a preset white list, if so, acquiring a second firmware file from a download address of the second firmware file, wherein the digital certificate in the preset white list is a legal digital certificate.
In this embodiment of the present specification, a certificate corresponding to a download address of a second firmware file may be obtained, and the obtained certificate is verified through a root certificate of a valid download address stored in advance; and if the verification is passed, acquiring the second firmware file from the download address of the second firmware file. Specifically, a root certificate of a legal download address is pre-embedded in the terminal device, when a firmware file needs to be acquired from the download address (namely, communication with the server is needed), a certificate of a host (namely, the server) is acquired through a host domain name included in the download address, the certificate of the host is verified by using a preset verification algorithm and the pre-embedded root certificate, if the verification is passed, the host is legal, at the moment, the corresponding firmware file is downloaded from the download address, if the verification is not passed, the host is illegal, and at the moment, the corresponding firmware file is not downloaded from the download address.
In step 306, the second firmware file is verified by using a preset verification algorithm to obtain a second verification value.
In the embodiment of the present specification, in order to ensure the validity of a firmware file, a terminal device may verify the downloaded firmware file to obtain a verification value, and determine the validity of the firmware file by comparing the verification value with a verification value carried in a firmware upgrade instruction; wherein, if the two are matched (i.e. identical), it indicates that the firmware file is legal and has not been tampered; if the two are not matched (i.e. not identical), it indicates that the firmware file is illegal and has been tampered, in which case the subsequent upgrade operation of the firmware file is not performed.
In step 308, if the second check value matches the first check value, the second firmware file is decrypted by using the second key to obtain the first firmware file. .
In the embodiment of the present specification, the downloaded firmware file is decrypted by using the key carried in the firmware upgrade instruction, so as to obtain a decrypted firmware file, where the firmware file may be used to upgrade the firmware of the terminal device.
In step 310, the terminal device is upgraded based on the first firmware file.
In some embodiments, the first firmware file may be a source firmware file directly, and thus the first firmware file may be used directly to perform a firmware upgrade on the terminal device.
In other embodiments, since the firmware file decrypted by the key carried in the firmware upgrade instruction may still be an encrypted firmware file, the firmware upgrade of the terminal device may be implemented only by further decrypting the first firmware file to obtain the source firmware file.
For example, before the server encrypts the first firmware file by using the second key to obtain the second firmware file, the first firmware file is obtained by encrypting the source firmware file by using the first key, and the first key is a private key. Accordingly, before performing this step, the following steps may be specifically performed:
and decrypting the first firmware file by adopting a prestored third key to obtain a source firmware file, wherein the third key is a public key corresponding to the first key.
Specifically, the terminal device stores a public key (i.e., the third key) and a private key (i.e., the first key) for firmware file signature in advance. When the terminal device decrypts the firmware file obtained by using the key carried in the firmware upgrading instruction into an encrypted firmware file, the firmware file is encrypted by using a private key, and the terminal device locally maintains a public key corresponding to the private key, the terminal device can decrypt the firmware file by using the corresponding public key, if decryption fails, the firmware file is illegal and is tampered, and under the condition, subsequent upgrading operation of the firmware file is not executed; and if the decryption is successful, the firmware of the terminal equipment is upgraded according to the firmware file (namely the source firmware file) obtained by the decryption.
Therefore, when the step is executed, the firmware of the terminal equipment can be upgraded by directly using the source firmware file obtained by decryption.
In this embodiment, the source firmware file may be written into a flash memory of the terminal device. After the source firmware file is written into a flash memory of the terminal equipment, the terminal equipment can be restarted immediately to finish the upgrading of the firmware; or after the preset time length is set or the preset time point is reached, restarting the terminal equipment to finish the upgrading of the firmware.
In this embodiment, the flash memory of the terminal device may be encrypted to ensure the security of data stored in the flash memory. Specifically, if the flash memory of the terminal device is encrypted, the flash memory needs to be decrypted first when data is written into the flash memory, and then the data is written into the flash memory; and when reading data from the flash memory, the flash memory needs to be decrypted first, and then the data is read.
In the embodiment of the present specification, in order to ensure that the BootLoader loaded on the terminal device is not tampered, a fourth key may be used to encrypt the BootLoader of the terminal device, and the encrypted BootLoader is verified to obtain a third verification value; storing the third check value into a flash memory of the terminal device, so that the BootLoader needs to be checked when the terminal device is restarted, and the terminal device can be started only after the check is passed; in this case, the third key may be stored in the BootLoader in advance to ensure the security of the third key. The fourth key may be a 256-bit character string generated after Security Boot is started, the character string may be used as an AES key to encrypt BootLoader, and the third check value may be stored at the beginning of the flash memory 0x 0.
In this embodiment, the terminal device may report status information to the server, where the status information includes at least one of the following: the firmware upgrading method comprises firmware version information and firmware installation progress information, wherein the firmware version information is used for determining whether the terminal equipment needs to be upgraded, and the firmware installation progress information is used for positioning firmware upgrading errors by a server side.
As can be seen from the above embodiments, in this embodiment, the contents of the firmware file are not cracked and tampered in the firmware upgrading process by encrypting and verifying the new firmware file developed by the developer, and the security is high.
Fig. 4 is a schematic structural diagram of a firmware upgrading apparatus according to an embodiment of the present disclosure, where the firmware upgrading apparatus is applied to a server, and in a software implementation, the firmware upgrading apparatus 400 may include: an encryption module 402, a first verification module 403, and a sending module 404, wherein,
an encryption module 402, configured to encrypt the first firmware file with a second key to obtain a second firmware file;
a first verification module 403, configured to verify the second firmware file by using a preset verification algorithm to obtain a first verification value;
a sending module 404, configured to send a firmware upgrade instruction to a terminal device, where the firmware upgrade instruction is used to instruct the terminal device to perform firmware upgrade, and the firmware upgrade instruction carries a download address of the second firmware file, the second key, and the first check value.
As can be seen from the above embodiments, in this embodiment, the contents of the firmware file are not cracked and tampered in the firmware upgrading process by encrypting and verifying the new firmware file developed by the developer, and the security is high.
Optionally, as an embodiment, the sending module 404 may include:
and the instruction sending submodule is used for sending a firmware upgrading instruction to the terminal equipment through a lightweight transmission protocol.
Optionally, as an embodiment, the second key includes: AES key.
Optionally, as an embodiment, the preset verification algorithm includes: SHA256 check algorithm, SHA128 check algorithm, or MD5 check algorithm.
Optionally, as an embodiment, the firmware upgrading apparatus 400 may further include:
receiving state information reported by the terminal equipment, wherein the state information comprises at least one of the following items: version information of the firmware and installation progress information of the firmware.
Optionally, as an embodiment, the firmware upgrading apparatus 400 may further include:
an obtaining module, configured to obtain the first firmware file, where the first firmware file is obtained by encrypting a source firmware file with a first key, and the first key is a private key.
Fig. 5 is a schematic structural diagram of a firmware upgrading apparatus according to another embodiment of the present disclosure, where the firmware upgrading apparatus is applied to a terminal device, and in a software implementation, the firmware upgrading apparatus 500 may include: an instruction receiving module 501, a downloading module 502, a second checking module 503, a decrypting module 504 and an upgrading module 505, wherein,
the instruction receiving module 501 is configured to receive a firmware upgrading instruction sent by a server, where the firmware upgrading instruction carries a download address of a second firmware file, a second key and a first verification value, the second firmware file is obtained by encrypting the first firmware file with the second key, and the first verification value is obtained by verifying the second firmware file with a preset verification algorithm;
a downloading module 502, configured to obtain the second firmware file according to a downloading address of the second firmware file;
the second checking module 503 is configured to check the second firmware file by using the preset checking algorithm to obtain a second checking value;
a decryption module 504, configured to decrypt the second firmware file with the second key to obtain the first firmware file when the second check value matches the first check value;
and an upgrading module 505, configured to upgrade firmware of the terminal device based on the source firmware file.
As can be seen from the above embodiments, in this embodiment, the contents of the firmware file are not cracked and tampered during the firmware upgrade process by encrypting and verifying the new firmware file (i.e., the source firmware file) developed by the developer for many times, so that the security is high.
Optionally, as an embodiment, the first firmware file is obtained by encrypting a source firmware file by using a first key, where the first key is a private key;
correspondingly, the decryption module 504 is configured to decrypt the first firmware file by using a prestored third key to obtain the source firmware file, where the third key is a public key corresponding to the first key; the upgrade module 505 is configured to upgrade firmware of the terminal device using the source firmware file.
Optionally, as an embodiment, the downloading module 502 may include:
the certificate acquisition submodule is used for acquiring a certificate corresponding to the download address of the second firmware file;
the verification submodule is used for verifying the acquired certificate through a prestored root certificate of the legal download address;
and the firmware file downloading submodule is used for acquiring the second firmware file from the downloading address of the second firmware file under the condition of passing the verification.
Optionally, as an embodiment, the firmware upgrading apparatus 500 may further include:
the encryption submodule is used for encrypting the BootLoader of the terminal equipment by adopting a fourth key and verifying the encrypted BootLoader to obtain a third verification value;
and the storage submodule is used for storing the third check value into a flash memory of the terminal equipment.
Optionally, as an embodiment, the third key is stored in the BootLoader in advance.
Optionally, as an embodiment, the upgrade module 505 may include:
and the upgrading submodule is used for writing the source firmware file into a flash memory of the terminal equipment.
Optionally, as an embodiment, the firmware upgrading apparatus 500 may further include:
a reporting module, configured to report status information to the server, where the status information includes at least one of the following: version information of the firmware and installation progress information of the firmware.
Fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present specification, where the electronic device may be a server, and as shown in fig. 6, the electronic device includes, on a hardware level, a processor, and optionally an internal bus, a network interface, and a memory. The Memory may include a Memory, such as a Random-Access Memory (RAM), and may further include a non-volatile Memory, such as at least 1 disk Memory. Of course, the electronic device may also include hardware required for other services.
The processor, the network interface, and the memory may be connected to each other via an internal bus, which may be an ISA (Industry Standard Architecture) bus, a PCI (peripheral component Interconnect) bus, an EISA (Extended Industry Standard Architecture) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one double-headed arrow is shown in FIG. 6, but that does not indicate only one bus or one type of bus.
And the memory is used for storing programs. In particular, the program may include program code comprising computer operating instructions. The memory may include both memory and non-volatile storage and provides instructions and data to the processor.
The processor reads the corresponding computer program from the nonvolatile memory into the memory and then runs the computer program, and the firmware upgrading device is formed on the logic level. The processor is used for executing the program stored in the memory and is specifically used for executing the following operations:
encrypting the first firmware file by adopting a second key to obtain a second firmware file;
verifying the second firmware file by adopting a preset verification algorithm to obtain a first verification value;
and sending a firmware upgrading instruction to the terminal equipment, wherein the firmware upgrading instruction is used for indicating the terminal equipment to carry out firmware upgrading, and the firmware upgrading instruction carries the download address of the second firmware file, the second key and the first check value.
Optionally, as an embodiment, the sending the firmware upgrade instruction to the terminal device includes:
and sending a firmware upgrading instruction to the terminal equipment through a lightweight transmission protocol.
Optionally, as an embodiment, the second key includes: AES key.
Optionally, as an embodiment, the preset verification algorithm includes: SHA256 check algorithm, SHA128 check algorithm, or MD5 check algorithm.
Optionally, as an embodiment, the method further includes:
receiving state information reported by the terminal equipment, wherein the state information comprises at least one of the following items: version information of the firmware and installation progress information of the firmware.
Optionally, as an embodiment, the method further includes:
and acquiring the first firmware file, wherein the first firmware file is obtained by encrypting a source firmware file by adopting a first secret key, and the first secret key is a private secret key.
The method executed by the firmware upgrading device according to the embodiment shown in fig. 6 of the present specification can be applied to a processor or implemented by a processor. The processor may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or instructions in the form of software. The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete gates or transistor logic devices, discrete hardware components. The various methods, steps and logic blocks disclosed in the embodiments of the present specification may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the embodiments of the present specification may be embodied directly in a hardware decoding processor, or in a combination of hardware and software modules in the decoding processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in a memory, and a processor reads information in the memory and completes the steps of the method in combination with hardware of the processor.
The electronic device may further execute the method in fig. 2, and implement the function of the firmware upgrading apparatus in the embodiment shown in fig. 2, which is not described herein again in this specification.
Fig. 7 is a schematic structural diagram of an electronic device according to another embodiment of the present specification, where the electronic device may be a terminal device, and as shown in fig. 7, the electronic device includes, on a hardware level, a processor, and optionally an internal bus, a network interface, and a memory. The memory may include a memory, such as a Random-access memory (RAM), and may further include a non-volatile memory, such as at least 1 disk memory. Of course, the electronic device may also include hardware required for other services.
The processor, the network interface, and the memory may be connected to each other via an internal bus, which may be an ISA (Industry Standard Architecture) bus, a PCI (peripheral component Interconnect) bus, an EISA (Extended Industry Standard Architecture) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one double-headed arrow is shown in FIG. 7, but this does not indicate only one bus or one type of bus.
And the memory is used for storing programs. In particular, the program may include program code comprising computer operating instructions. The memory may include both memory and non-volatile storage and provides instructions and data to the processor.
The processor reads the corresponding computer program from the nonvolatile memory into the memory and then runs the computer program, and the firmware upgrading device is formed on the logic level. The processor is used for executing the program stored in the memory and is specifically used for executing the following operations:
receiving a firmware upgrading instruction sent by a server, wherein the firmware upgrading instruction carries a download address of a second firmware file, a second key and a first verification value, the second firmware file is obtained by encrypting the first firmware file by using the second key, and the first verification value is obtained by verifying the second firmware file by using a preset verification algorithm; a digital certificate is correspondingly arranged at the download address of the second firmware file;
verifying the digital certificate corresponding to the download address of the second firmware file;
if the verification is passed, acquiring the second firmware file according to the download address of the second firmware file;
verifying the second firmware file by adopting the preset verification algorithm to obtain a second verification value;
if the second check value is matched with the first check value, decrypting the second firmware file by using the second key to obtain the first firmware file;
and updating the firmware of the terminal equipment based on the first firmware file.
Optionally, as an embodiment, the first firmware file is obtained by encrypting a source firmware file by using a first key, where the first key is a private key;
the method further comprises the following steps: decrypting the first firmware file by adopting a prestored third key to obtain the source firmware file, wherein the third key is a public key corresponding to the first key;
the firmware upgrade of the terminal device based on the first firmware file comprises:
and upgrading the firmware of the terminal equipment by using the source firmware file.
Optionally, as an embodiment, the obtaining the second firmware file according to the download address of the second firmware file includes:
acquiring a certificate corresponding to the download address of the second firmware file;
verifying the acquired certificate through a prestored root certificate of a legal download address;
and if the verification is passed, acquiring the second firmware file from the download address of the second firmware file.
Optionally, as an embodiment, the method further includes:
encrypting the BootLoader of the terminal equipment by adopting a fourth key, and verifying the encrypted BootLoader to obtain a third verification value;
and storing the third check value into a flash memory of the terminal equipment.
Optionally, as an embodiment, the third key is stored in the BootLoader in advance.
Optionally, as an embodiment, the performing firmware upgrade on the terminal device by using the source firmware file includes:
and writing the source firmware file into a flash memory of the terminal equipment.
Optionally, as an embodiment, the method further includes:
reporting status information to the server, wherein the status information comprises at least one of the following items: version information of the firmware and installation progress information of the firmware.
The method executed by the firmware upgrading device according to the embodiment shown in fig. 7 of the present specification can be applied to a processor or implemented by a processor. The processor may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or instructions in the form of software. The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete gates or transistor logic devices, discrete hardware components. The various methods, steps and logic blocks disclosed in the embodiments of the present specification may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the embodiments of the present specification may be embodied directly in a hardware decoding processor, or in a combination of hardware and software modules in the decoding processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in a memory, and a processor reads information in the memory and completes the steps of the method in combination with hardware of the processor.
The electronic device may further execute the method in fig. 3, and implement the function of the firmware upgrading apparatus in the embodiment shown in fig. 3, which is not described herein again in this specification.
The present specification embodiments also provide a computer readable storage medium storing one or more programs, the one or more programs comprising instructions, which when executed by a portable electronic device comprising a plurality of application programs, enable the portable electronic device to perform the method of the embodiment shown in fig. 2, and in particular to perform the method of:
encrypting the first firmware file by adopting a second key to obtain a second firmware file;
verifying the second firmware file by adopting a preset verification algorithm to obtain a first verification value;
sending a firmware upgrading instruction to a terminal device, wherein the firmware upgrading instruction is used for indicating the terminal device to carry out firmware upgrading, and the firmware upgrading instruction carries a download address of the second firmware file, the second key and the first check value; and the downloading address of the second firmware file is correspondingly provided with a digital certificate for verifying the validity of the downloading address of the second firmware file by the terminal equipment.
The present specification embodiments also provide a computer readable storage medium storing one or more programs, the one or more programs comprising instructions, which when executed by a portable electronic device comprising a plurality of application programs, enable the portable electronic device to perform the method of the embodiment shown in fig. 3, and in particular to perform the method of:
receiving a firmware upgrading instruction sent by a server, wherein the firmware upgrading instruction carries a download address of a second firmware file, a second key and a first verification value, the second firmware file is obtained by encrypting the first firmware file by using the second key, and the first verification value is obtained by verifying the second firmware file by using a preset verification algorithm; a digital certificate is correspondingly arranged at the download address of the second firmware file;
verifying the digital certificate corresponding to the download address of the second firmware file;
if the verification is passed, acquiring the second firmware file according to the download address of the second firmware file;
verifying the second firmware file by adopting the preset verification algorithm to obtain a second verification value;
if the second check value is matched with the first check value, decrypting the second firmware file by using the second key to obtain the first firmware file;
and updating the firmware of the terminal equipment based on the first firmware file.
In short, the above description is only a preferred embodiment of the present disclosure, and is not intended to limit the scope of the present disclosure. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present specification shall be included in the protection scope of the present specification.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.

Claims (19)

1. A firmware upgrading method is applied to a server side and comprises the following steps:
encrypting the first firmware file by adopting a second key to obtain a second firmware file;
verifying the second firmware file by adopting a preset verification algorithm to obtain a first verification value;
sending a firmware upgrading instruction to a terminal device, wherein the firmware upgrading instruction is used for indicating the terminal device to carry out firmware upgrading, and the firmware upgrading instruction carries a download address of the second firmware file, the second key and the first check value; and the downloading address of the second firmware file is correspondingly provided with a digital certificate for verifying the validity of the downloading address of the second firmware file by the terminal equipment.
2. The method of claim 1, wherein sending the firmware upgrade instructions to the terminal device comprises:
and sending a firmware upgrading instruction to the terminal equipment through a lightweight transmission protocol.
3. The method of claim 1, the second key comprising: AES key.
4. The method of claim 1, the preset verification algorithm comprising: SHA256 check algorithm, SHA128 check algorithm, or MD5 check algorithm.
5. The method of claim 1, further comprising:
receiving state information reported by the terminal equipment, wherein the state information comprises at least one of the following items: version information of the firmware and installation progress information of the firmware.
6. The method of claim 1, further comprising:
and acquiring the first firmware file, wherein the first firmware file is obtained by encrypting a source firmware file by adopting a first secret key, and the first secret key is a private secret key.
7. A firmware upgrading method is applied to terminal equipment and comprises the following steps:
receiving a firmware upgrading instruction sent by a server, wherein the firmware upgrading instruction carries a download address of a second firmware file, a second key and a first verification value, the second firmware file is obtained by encrypting the first firmware file by using the second key, and the first verification value is obtained by verifying the second firmware file by using a preset verification algorithm; a digital certificate is correspondingly arranged at the download address of the second firmware file;
verifying the digital certificate corresponding to the download address of the second firmware file;
if the verification is passed, acquiring the second firmware file according to the download address of the second firmware file;
verifying the second firmware file by adopting the preset verification algorithm to obtain a second verification value;
if the second check value is matched with the first check value, decrypting the second firmware file by using the second key to obtain the first firmware file;
and updating the firmware of the terminal equipment based on the first firmware file.
8. The method of claim 7, wherein the first firmware file is obtained by encrypting a source firmware file with a first key, and the first key is a private key;
the method further comprises the following steps: decrypting the first firmware file by adopting a prestored third key to obtain the source firmware file, wherein the third key is a public key corresponding to the first key;
the firmware upgrade of the terminal device based on the first firmware file comprises:
and upgrading the firmware of the terminal equipment by using the source firmware file.
9. The method of claim 7, wherein the verifying the digital certificate corresponding to the download address of the second firmware file; if the verification is passed, acquiring the second firmware file according to the download address of the second firmware file, wherein the acquisition of the second firmware file comprises the following steps:
acquiring a digital certificate corresponding to the download address of the second firmware file;
verifying the acquired digital certificate through a prestored root certificate of a legal download address;
and if the verification is passed, acquiring the second firmware file from the download address of the second firmware file.
10. The method of claim 8, further comprising:
encrypting the BootLoader loaded on the terminal equipment by adopting a fourth key, and verifying the encrypted BootLoader to obtain a third verification value;
and storing the third check value into a flash memory of the terminal equipment.
11. The method of claim 10, the third key being pre-stored in the BootLoader.
12. The method of claim 8, the firmware upgrade of the terminal device using the source firmware file, comprising:
and writing the source firmware file into a flash memory of the terminal equipment.
13. The method of claim 8, further comprising:
reporting status information to the server, wherein the status information comprises at least one of the following items: version information of the firmware and installation progress information of the firmware.
14. A firmware upgrading device is applied to a server side and comprises:
the encryption module is used for encrypting the first firmware file by adopting a second key to obtain a second firmware file;
the first verification module is used for verifying the second firmware file by adopting a preset verification algorithm to obtain a first verification value;
a sending module, configured to send a firmware upgrade instruction to a terminal device, where the firmware upgrade instruction is used to instruct the terminal device to perform firmware upgrade, and the firmware upgrade instruction carries a download address of the second firmware file, the second key, and the first check value; and the downloading address of the second firmware file is correspondingly provided with a digital certificate for verifying the validity of the downloading address of the second firmware file by the terminal equipment.
15. A firmware upgrading device is applied to terminal equipment and comprises:
the instruction receiving module is used for receiving a firmware upgrading instruction sent by a server, wherein the firmware upgrading instruction carries a download address of a second firmware file, a second key and a first verification value, the second firmware file is obtained by encrypting the first firmware file by using the second key, and the first verification value is obtained by verifying the second firmware file by using a preset verification algorithm; a digital certificate is correspondingly arranged at the download address of the second firmware file;
the downloading module is used for verifying the digital certificate corresponding to the downloading address of the second firmware file; if the verification is passed, acquiring the second firmware file according to the download address of the second firmware file;
the second check module is used for checking the second firmware file by adopting the preset check algorithm to obtain a second check value;
the decryption module is used for decrypting the second firmware file by adopting the second key to obtain the first firmware file under the condition that the second check value is matched with the first check value;
and the upgrading module is used for upgrading the firmware of the terminal equipment based on the first firmware file.
16. An electronic device, comprising:
a processor; and
a memory arranged to store computer executable instructions that, when executed, cause the processor to:
encrypting the first firmware file by adopting a second key to obtain a second firmware file;
verifying the second firmware file by adopting a preset verification algorithm to obtain a first verification value;
sending a firmware upgrading instruction to a terminal device, wherein the firmware upgrading instruction is used for indicating the terminal device to carry out firmware upgrading, and the firmware upgrading instruction carries a download address of the second firmware file, the second key and the first check value; and the downloading address of the second firmware file is correspondingly provided with a digital certificate for verifying the validity of the downloading address of the second firmware file by the terminal equipment.
17. An electronic device, comprising:
a processor; and
a memory arranged to store computer executable instructions that, when executed, cause the processor to:
receiving a firmware upgrading instruction sent by a server, wherein the firmware upgrading instruction carries a download address of a second firmware file, a second key and a first verification value, the second firmware file is obtained by encrypting the first firmware file by using the second key, and the first verification value is obtained by verifying the second firmware file by using a preset verification algorithm; a digital certificate is correspondingly arranged at the download address of the second firmware file;
verifying the digital certificate corresponding to the download address of the second firmware file;
if the verification is passed, acquiring the second firmware file according to the download address of the second firmware file;
verifying the second firmware file by adopting the preset verification algorithm to obtain a second verification value;
if the second check value is matched with the first check value, decrypting the second firmware file by using the second key to obtain the first firmware file;
and upgrading the firmware of the terminal equipment based on the first firmware file.
18. A computer-readable storage medium storing one or more programs that, when executed by an electronic device including a plurality of application programs, cause the electronic device to:
encrypting the first firmware file by adopting a second key to obtain a second firmware file;
verifying the second firmware file by adopting a preset verification algorithm to obtain a first verification value;
sending a firmware upgrading instruction to a terminal device, wherein the firmware upgrading instruction is used for indicating the terminal device to carry out firmware upgrading, and the firmware upgrading instruction carries a download address of the second firmware file, the second key and the first check value; and the downloading address of the second firmware file is correspondingly provided with a digital certificate for verifying the validity of the downloading address of the second firmware file by the terminal equipment.
19. A computer-readable storage medium storing one or more programs that, when executed by an electronic device including a plurality of application programs, cause the electronic device to:
receiving a firmware upgrading instruction sent by a server, wherein the firmware upgrading instruction carries a download address of a second firmware file, a second key and a first verification value, the second firmware file is obtained by encrypting the first firmware file by using the second key, and the first verification value is obtained by verifying the second firmware file by using a preset verification algorithm; a digital certificate is correspondingly arranged at the download address of the second firmware file;
verifying the digital certificate corresponding to the download address of the second firmware file;
if the verification is passed, acquiring the second firmware file according to the download address of the second firmware file;
verifying the second firmware file by adopting the preset verification algorithm to obtain a second verification value;
if the second check value is matched with the first check value, decrypting the second firmware file by using the second key to obtain the first firmware file;
and updating the firmware of the terminal equipment based on the first firmware file.
CN202010753344.5A 2018-08-27 2018-08-27 Firmware upgrading method and device Pending CN111832013A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010753344.5A CN111832013A (en) 2018-08-27 2018-08-27 Firmware upgrading method and device

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202010753344.5A CN111832013A (en) 2018-08-27 2018-08-27 Firmware upgrading method and device
CN201810981834.3A CN109214168B (en) 2018-08-27 2018-08-27 Firmware upgrading method and device

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN201810981834.3A Division CN109214168B (en) 2018-08-27 2018-08-27 Firmware upgrading method and device

Publications (1)

Publication Number Publication Date
CN111832013A true CN111832013A (en) 2020-10-27

Family

ID=64989729

Family Applications (2)

Application Number Title Priority Date Filing Date
CN202010753344.5A Pending CN111832013A (en) 2018-08-27 2018-08-27 Firmware upgrading method and device
CN201810981834.3A Active CN109214168B (en) 2018-08-27 2018-08-27 Firmware upgrading method and device

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN201810981834.3A Active CN109214168B (en) 2018-08-27 2018-08-27 Firmware upgrading method and device

Country Status (3)

Country Link
CN (2) CN111832013A (en)
TW (1) TWI709056B (en)
WO (1) WO2020042778A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112416716A (en) * 2020-11-25 2021-02-26 宁波阶梯教育科技有限公司 Automatic firmware checking method and equipment
CN113626792A (en) * 2021-07-09 2021-11-09 苏州浪潮智能科技有限公司 PCIe Switch firmware safe execution method, device, terminal and storage medium
CN114928551A (en) * 2022-04-30 2022-08-19 苏州浪潮智能科技有限公司 System configuration method, device and storage medium
CN115374488A (en) * 2022-10-25 2022-11-22 广州万协通信息技术有限公司 Vehicle-mounted terminal program checking method and device
CN118656841A (en) * 2024-08-20 2024-09-17 中孚信息股份有限公司 Firmware safety protection and upgrading method, system, equipment and medium

Families Citing this family (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111832013A (en) * 2018-08-27 2020-10-27 创新先进技术有限公司 Firmware upgrading method and device
US11372977B2 (en) 2018-11-12 2022-06-28 Thirdwayv, Inc. Secure over-the-air firmware upgrade
JP7334492B2 (en) * 2019-01-28 2023-08-29 オムロン株式会社 Safety system and maintenance method
WO2020155164A1 (en) * 2019-02-02 2020-08-06 深圳市大疆创新科技有限公司 Firmware upgrade method, radar system, terminal device and firmware upgrade system
CN112543927B (en) * 2019-04-17 2023-03-24 华为技术有限公司 Equipment upgrading method and related equipment
CN110333882B (en) * 2019-05-09 2023-03-14 阿波罗智联(北京)科技有限公司 System upgrading method, device, equipment and computer readable medium
CN110311773B (en) * 2019-06-28 2022-05-17 兆讯恒达科技股份有限公司 Method for preventing injection type attack of advanced encryption standard coprocessor
CN110417871A (en) * 2019-07-05 2019-11-05 青岛海信智慧家居系统股份有限公司 A kind of smart machine upgrade method
CN110377307A (en) * 2019-07-18 2019-10-25 上海擎感智能科技有限公司 A kind of car body controller firmware upgrade method, terminal, system
CN110928564B (en) * 2019-11-11 2020-10-09 中科有讯(北京)科技有限公司 Method for safely updating application, service server, cluster and storage medium
CN111142902B (en) * 2019-12-21 2023-05-16 广州小鹏汽车科技有限公司 Method and device for protecting upgrading firmware of processor and vehicle
CN111159717A (en) * 2019-12-25 2020-05-15 合肥联宝信息技术有限公司 Starting method and device for electronic equipment
CN111176696B (en) * 2019-12-31 2023-10-27 泰斗微电子科技有限公司 Memory chip upgrading method and device, terminal equipment and medium
CN111382397B (en) * 2020-02-26 2023-03-24 浙江大华技术股份有限公司 Configuration method of upgrade software package, software upgrade method, equipment and storage device
CN111596938A (en) * 2020-05-15 2020-08-28 青岛海米飞驰智能科技有限公司 Embedded equipment firmware safety upgrading method, system, terminal and storage medium
CN113840262A (en) 2020-06-23 2021-12-24 京东方科技集团股份有限公司 Over-the-air updating method, updating server, terminal equipment and Internet of things system
TWI790505B (en) * 2020-07-10 2023-01-21 凌通科技股份有限公司 Os-independent peripheral plug-and-play and driver update method for embedded systems and development system for embedded system using the same
CN114362981A (en) 2020-09-30 2022-04-15 京东方科技集团股份有限公司 Upgrading method of terminal equipment of Internet of things and related equipment
CN112612499A (en) * 2020-12-31 2021-04-06 京东数科海益信息科技有限公司 Application program upgrading method and device, electronic equipment and storage medium
CN113365244A (en) * 2021-05-10 2021-09-07 中国汽车技术研究中心有限公司 OTA (over the air) upgrading method and device for whole vehicle, electronic equipment, medium and signature method
CN113515747B (en) * 2021-05-17 2024-02-09 深圳市友华通信技术有限公司 Equipment upgrading method, device, equipment and storage medium
CN113721965B (en) * 2021-08-02 2024-05-03 国创移动能源创新中心(江苏)有限公司 Upgrading method of charging pile based on safety firmware
CN114143198B (en) * 2021-11-30 2023-06-13 四川启睿克科技有限公司 Firmware upgrading method
TWI815263B (en) * 2021-12-28 2023-09-11 尚承科技股份有限公司 Processing system and method for online firmware update
TWI797932B (en) * 2021-12-30 2023-04-01 新唐科技股份有限公司 Firmware verification system and firmware verification method
CN117609965B (en) * 2024-01-19 2024-06-25 深圳前海深蕾半导体有限公司 Upgrade data packet acquisition method of intelligent device, intelligent device and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101436141A (en) * 2008-11-21 2009-05-20 深圳创维数字技术股份有限公司 Firmware upgrading and encapsulating method and device based on digital signing
CN101924607A (en) * 2010-08-27 2010-12-22 华为终端有限公司 Firmware processing method based on firmware air transmission technology, device and system thereof
CN102955700A (en) * 2011-08-18 2013-03-06 腾讯科技(深圳)有限公司 System and method for upgrading software
KR101286711B1 (en) * 2013-03-28 2013-07-16 주식회사 이스턴웨어 System and method for preventing malicious codes of mobile terminal
CN103679004A (en) * 2012-09-19 2014-03-26 Nxp股份有限公司 Method and system for securely updating firmware in a computing device

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7603562B2 (en) * 2005-02-02 2009-10-13 Insyde Software Corporation System and method for reducing memory requirements of firmware
US8213612B2 (en) * 2007-12-07 2012-07-03 Inside Contactless S.A. Secure software download
US9965270B2 (en) * 2015-07-01 2018-05-08 Quanta Computer Inc. Updating computer firmware
CN105812570B (en) * 2016-04-21 2019-05-03 深圳市旭子科技有限公司 Terminal firmware update method and device
CN106203071A (en) * 2016-06-30 2016-12-07 浪潮(北京)电子信息产业有限公司 A kind of firmware upgrade method and device
CN108121915A (en) * 2016-11-30 2018-06-05 北京忆芯科技有限公司 The method of electronic equipment production, the method and system started
CN107688463B (en) * 2017-09-21 2020-08-18 杭州全维技术股份有限公司 Method for packaging version file of embedded equipment
CN108196867A (en) * 2018-03-08 2018-06-22 深圳市文鼎创数据科技有限公司 Device for upgrading firmware, equipment and its firmware upgrade method of equipment
CN108418893A (en) * 2018-03-20 2018-08-17 深圳市闪联信息技术有限公司 A kind of method of smart machine firmware safety upgrade
CN111832013A (en) * 2018-08-27 2020-10-27 创新先进技术有限公司 Firmware upgrading method and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101436141A (en) * 2008-11-21 2009-05-20 深圳创维数字技术股份有限公司 Firmware upgrading and encapsulating method and device based on digital signing
CN101924607A (en) * 2010-08-27 2010-12-22 华为终端有限公司 Firmware processing method based on firmware air transmission technology, device and system thereof
CN102955700A (en) * 2011-08-18 2013-03-06 腾讯科技(深圳)有限公司 System and method for upgrading software
CN103679004A (en) * 2012-09-19 2014-03-26 Nxp股份有限公司 Method and system for securely updating firmware in a computing device
KR101286711B1 (en) * 2013-03-28 2013-07-16 주식회사 이스턴웨어 System and method for preventing malicious codes of mobile terminal

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112416716A (en) * 2020-11-25 2021-02-26 宁波阶梯教育科技有限公司 Automatic firmware checking method and equipment
CN113626792A (en) * 2021-07-09 2021-11-09 苏州浪潮智能科技有限公司 PCIe Switch firmware safe execution method, device, terminal and storage medium
CN113626792B (en) * 2021-07-09 2023-07-14 苏州浪潮智能科技有限公司 PCIe Switch firmware secure execution method, device, terminal and storage medium
CN114928551A (en) * 2022-04-30 2022-08-19 苏州浪潮智能科技有限公司 System configuration method, device and storage medium
CN114928551B (en) * 2022-04-30 2024-03-12 苏州浪潮智能科技有限公司 System configuration method, device and storage medium
CN115374488A (en) * 2022-10-25 2022-11-22 广州万协通信息技术有限公司 Vehicle-mounted terminal program checking method and device
CN118656841A (en) * 2024-08-20 2024-09-17 中孚信息股份有限公司 Firmware safety protection and upgrading method, system, equipment and medium

Also Published As

Publication number Publication date
CN109214168B (en) 2020-08-18
TWI709056B (en) 2020-11-01
TW202009778A (en) 2020-03-01
WO2020042778A1 (en) 2020-03-05
CN109214168A (en) 2019-01-15

Similar Documents

Publication Publication Date Title
CN109214168B (en) Firmware upgrading method and device
JP6888011B2 (en) Mobile device with a reliable execution environment
CN111263352B (en) OTA upgrading method and system of vehicle-mounted equipment, storage medium and vehicle-mounted equipment
US8560820B2 (en) Single security model in booting a computing device
US9477848B2 (en) System and method for managing and diagnosing a computing device equipped with unified extensible firmware interface (UEFI)-compliant firmware
RU2601862C2 (en) Method, unit and device for processing encryption and decryption
US20090259855A1 (en) Code Image Personalization For A Computing Device
US8392724B2 (en) Information terminal, security device, data protection method, and data protection program
CN104462965A (en) Method for verifying integrity of application program and network device
KR20170114582A (en) Image processing apparatus and control method thereof
CN111201553B (en) Safety element and related equipment
WO2017045627A1 (en) Control board secure start method, and software package upgrade method and device
US20110145586A1 (en) Integrated circuit and system for installing computer code thereon
WO2024183595A1 (en) Password service method and apparatus, and electronic device and storage medium
CN114880011A (en) OTA (over the air) upgrading method and device, electronic equipment and readable storage medium
CN113360857A (en) Code starting method and system for software
JP2015104020A (en) Communication terminal device, communication terminal association system, communication terminal association method and computer program
CN107995230B (en) A kind of method for down loading and terminal
US20230058046A1 (en) Apparatus and Method for Protecting Shared Objects
CN112416395A (en) Hot repair updating method and device
CN112115430A (en) Apk reinforcement method, electronic equipment and storage medium
KR101711024B1 (en) Method for accessing temper-proof device and apparatus enabling of the method
CN113515747A (en) Equipment upgrading method, device, equipment and storage medium
US10459722B2 (en) Device, system, and method for secure supervisor system calls
CN115437673A (en) Vehicle-mounted MCU (microprogrammed control Unit) upgrading method, vehicle-mounted MCU upgrading system and server group

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination