CN112417422A - Security chip upgrading method and computer readable storage medium - Google Patents
Security chip upgrading method and computer readable storage medium Download PDFInfo
- Publication number
- CN112417422A CN112417422A CN202011321760.4A CN202011321760A CN112417422A CN 112417422 A CN112417422 A CN 112417422A CN 202011321760 A CN202011321760 A CN 202011321760A CN 112417422 A CN112417422 A CN 112417422A
- Authority
- CN
- China
- Prior art keywords
- firmware
- data
- upgrading
- comparison result
- random number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 48
- 238000012545 processing Methods 0.000 claims abstract description 53
- 230000001915 proofreading effect Effects 0.000 claims abstract description 15
- 238000003672 processing method Methods 0.000 claims description 2
- 238000012937 correction Methods 0.000 abstract description 6
- 238000012795 verification Methods 0.000 description 6
- 230000005540 biological transmission Effects 0.000 description 3
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000013506 data mapping Methods 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a security chip upgrading method and a computer readable storage medium. The security chip upgrading method comprises the following steps: obtaining first upgrading data according to the firmware data; obtaining an access control address according to the firmware upgrading plaintext, and encrypting the firmware upgrading plaintext and the access control address to obtain second upgrading data; obtaining an upgrading data set according to the first upgrading data and the second upgrading data; performing proofreading processing on the firmware data to obtain a proofreading result, and receiving the upgrading data set according to the proofreading result; and performing data erasing processing on the firmware according to the upgrading data set. According to the method and the device, the firmware data can be corrected to obtain the correction result, and the upgrading data set is received according to the correction result, so that the received data set is guaranteed to be legal data.
Description
Technical Field
The present invention relates to the field of data processing, and in particular, to a security chip upgrade method and a computer-readable storage medium.
Background
In the related art, upgrade data is sent to the firmware in a plaintext form, and data erasing and writing are performed on the firmware according to the plaintext data to complete firmware upgrade.
However, the upgrade data is issued to the firmware in a plaintext form, so that the upgrade data is easily acquired and decoded halfway, and a great risk of disclosure exists.
Disclosure of Invention
The present invention is directed to solving at least one of the problems of the prior art. Therefore, the invention provides a security chip upgrading method which can be used for carrying out proofreading processing on firmware data to obtain a proofreading result and receiving an upgrading data set according to the proofreading result so as to ensure that the received data set is legal data. .
The invention also provides a computer readable storage medium with the security chip upgrading method.
The security chip upgrading method according to the embodiment of the first aspect of the invention comprises the following steps: obtaining first upgrading data according to the firmware data;
obtaining an access control address according to the firmware upgrading plaintext, and encrypting the firmware upgrading plaintext and the access control address to obtain second upgrading data; obtaining an upgrading data set according to the first upgrading data and the second upgrading data; performing proofreading processing on the firmware data to obtain a proofreading result, and receiving the upgrading data set according to the proofreading result; and performing data erasing processing on the firmware according to the upgrading data set.
The method for upgrading the security chip according to the embodiment of the invention at least has the following beneficial effects: the firmware data is corrected to obtain a correction result, and the upgrade data set is received according to the correction result, so that the received data set is guaranteed to be legal data. Namely, the received data can be guaranteed to legally upgrade the firmware.
Based on the identity non-repudiation of the authentication process, the phenomenon that the executive component repudiates sent or received information is avoided.
According to some embodiments of the invention, data-erasing the firmware according to the upgrade data set further comprises erasing restriction removal processing of the firmware; the erasure restriction removal process includes: receiving a random number acquisition instruction, and returning a corresponding random number according to the random number acquisition instruction; and signing the random number according to a preset key group to obtain a signature value, verifying the signature value to obtain a comparison result, and performing trusted mark processing and erasure restriction removal processing according to the comparison result. .
According to some embodiments of the present invention, signing the random number according to a preset key group to obtain a signature value, verifying the signature value to obtain a comparison result, and performing trusted token processing according to the comparison result, further includes: performing data erasing and writing processing on a trusted boot data area, and obtaining a data hash value of the trusted boot data area; and comparing the data hash value and the firmware hash value to obtain a hash comparison result, and setting a zone bit according to the hash comparison result.
According to some embodiments of the present invention, the setting a flag according to the hash comparison result further includes:
setting a flag bit of a bootstrap program according to the hash comparison result, and storing preset firmware setting parameters and redundancy check codes in corresponding preset storage areas; and restarting the firmware and updating data through the bootstrap program.
According to some embodiments of the invention, the firmware data comprises: the device comprises a firmware version number, a firmware data volume, firmware offset data and an access control address offset, wherein the key group comprises a first key and a second key corresponding to the first key; the obtaining of the first upgrade data according to the firmware data further includes: obtaining first upgrading data according to the firmware version number, the firmware data quantity, the firmware offset data and the access control address offset;
obtaining an access control address according to a firmware upgrading plaintext, and encrypting the firmware upgrading plaintext and the access control address to obtain second upgrading data, wherein the second upgrading data comprises: calculating the firmware upgrading plaintext according to the first secret key and a preset block cipher algorithm to obtain the access control address; encrypting the firmware upgrading plaintext and the access control address according to the second secret key and the preset block cipher algorithm to obtain second upgrading data; and obtaining the upgrading data set according to the first upgrading data and the second upgrading data.
According to some embodiments of the present invention, setting a flag bit of a boot program according to the hash comparison result, and storing a preset firmware setting parameter and a redundancy check code in a corresponding preset storage area, further includes: comparing the firmware version number with a chip pre-stored version number to obtain a comparison result, and performing erasing and writing limitation removal processing on a firmware code area of the firmware according to the comparison result; performing sub-packet receiving processing on the second upgrading data, and decrypting the second upgrading data according to the second secret key and the preset block cipher algorithm to obtain the firmware upgrading plaintext and the data hash value; storing the data hash value and the firmware upgrading plaintext in the firmware code area; obtaining a firmware hash value according to the preset block cipher algorithm, the first secret key and the firmware upgrading plaintext; comparing the data hash value and the firmware hash value to obtain a hash comparison result; and storing the data parameters and the redundancy check codes in the corresponding preset storage areas according to the hash comparison result.
According to some embodiments of the present invention, the receiving a random number obtaining instruction, and returning a corresponding random number according to the random number obtaining instruction, further includes: the security chip receives the random number acquisition instruction and returns the random number according to the random number acquisition instruction, wherein the random number is 32 bits;
the signing processing is carried out on the random number according to a preset secret key group to obtain a signature value, and the signing processing method further comprises the following steps: and signing the 32-bit random number according to the preset key group to obtain a signature value, wherein the signature value is 64 bits.
According to some embodiments of the invention, the erasing restriction removing processing on the firmware code area of the firmware according to the comparison result further comprises:
if the comparison result shows that the firmware version number is consistent with the pre-stored version number of the chip, erasing and writing limitation removal processing is carried out on the firmware code area of the firmware; and/or if the comparison result shows that the firmware version number is not consistent with the pre-stored version number of the chip, maintaining the erasing and writing limiting state for the firmware code area of the firmware.
According to some embodiments of the present invention, the storing the preset firmware setting parameters and the redundancy check codes in the corresponding preset storage areas further includes: restarting the security chip, and updating the firmware according to the data in the corresponding preset storage area; and starting erasing limit processing on the firmware.
According to some embodiments of the invention, the preset block cipher algorithm is the SM4 block cipher algorithm.
A computer-readable storage medium according to an embodiment of the second aspect of the invention, having stored thereon computer-executable instructions for: the method for upgrading the security chip described in any of the above embodiments is performed.
The computer-readable storage medium according to the embodiment of the invention has at least the following advantages: and performing signature processing and verification processing according to the preset key group and the random number to use a signature value obtained according to the random number as a signature key and ensure that the information transmission has identity non-repudiation in the authentication process. .
Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description.
Drawings
The invention is further described with reference to the following figures and examples, in which:
fig. 1 is a flowchart of a method for upgrading a security chip according to an embodiment of the present invention;
fig. 2 is a flowchart of a method for upgrading a security chip according to another embodiment of the present invention.
Fig. 3 is a flowchart of a method for upgrading a security chip according to another embodiment of the present invention.
Fig. 4 is a flowchart of a method for upgrading a security chip according to another embodiment of the present invention.
Fig. 5 is a flowchart of a method for upgrading a security chip according to another embodiment of the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the accompanying drawings are illustrative only for the purpose of explaining the present invention, and are not to be construed as limiting the present invention.
In the description of the present invention, it should be understood that the orientation or positional relationship referred to in the description of the orientation, such as the upper, lower, front, rear, left, right, etc., is based on the orientation or positional relationship shown in the drawings, and is only for convenience of description and simplification of description, and does not indicate or imply that the device or element referred to must have a specific orientation, be constructed and operated in a specific orientation, and thus, should not be construed as limiting the present invention.
In the description of the present invention, the meaning of a plurality is one or more, the meaning of a plurality is two or more, and the above, below, exceeding, etc. are understood as excluding the present numbers, and the above, below, within, etc. are understood as including the present numbers. If the first and second are described for the purpose of distinguishing technical features, they are not to be understood as indicating or implying relative importance or implicitly indicating the number of technical features indicated or implicitly indicating the precedence of the technical features indicated.
In the description of the present invention, unless otherwise explicitly limited, terms such as arrangement, installation, connection and the like should be understood in a broad sense, and those skilled in the art can reasonably determine the specific meanings of the above terms in the present invention in combination with the specific contents of the technical solutions.
In the description of the present invention, reference to the description of the terms "one embodiment," "some embodiments," "an illustrative embodiment," "an example," "a specific example," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Name interpretation: COS, chip operation system, i.e. a small software system, also called firmware, stored on a single chip.
BOOT, bootstrap. The boot program may first enter the system and gain control of the system, and then the operating system program is imported for import.
In the firmware upgrading process, upgrading data is issued to the firmware in a plaintext form, so that the upgrading data is easily acquired midway and decoded, and a large risk of disclosure exists.
Based on this, the embodiments of the present application provide a secure chip upgrade method and a computer-readable storage medium, so as to encrypt and transmit upgrade data, thereby protecting the upgrade data. The secure chip upgrading method can be used for carrying out program upgrading on firmware in the terminal device so as to update data in the firmware.
Referring to fig. 1, in some embodiments, a method for upgrading a security chip includes: step 100, obtaining first upgrading data according to firmware data; step 200, obtaining an access control address according to the firmware upgrading plaintext, and encrypting the firmware upgrading plaintext and the access control address to obtain second upgrading data; 300, obtaining an upgrading data set according to the first upgrading data and the second upgrading data; step 400, performing proofreading processing on the firmware data to obtain a proofreading result, and receiving an upgrading data set according to the proofreading result; and 500, performing data erasing processing on the firmware according to the upgrading data set.
The firmware data is corrected to obtain a correction result, and the upgrade data set is received according to the correction result, so that the received data set is guaranteed to be legal data. Namely, the received data can be guaranteed to legally upgrade the firmware. Based on the identity non-repudiation of the authentication process, the phenomenon that the executive component repudiates sent or received information is avoided.
Further, obtaining first upgrading data according to the firmware data; and obtaining an access control address according to the firmware upgrading plaintext, and encrypting the firmware upgrading plaintext and the access control address to obtain second upgrading data. During the upgrading process, the firmware can be verified through the firmware data, so that the validity of the identity of the firmware is serious.
Referring to fig. 2, in some embodiments, the step 500 of performing data erasing processing on the firmware according to the upgrade data set further includes performing erasing limitation removing processing on the firmware; the erasure restriction release process includes: step 510, receiving a random number acquisition instruction, and returning a corresponding random number according to the random number acquisition instruction; step 520, signing the random number according to a preset key group to obtain a signature value, and verifying the signature value to obtain a comparison result; step 530, performing the trusted flag processing and the erasure restriction removing processing according to the comparison result.
Signature processing and verification processing are carried out through the preset key group and the random number, so that a signature value obtained according to the random number is used as a signature key, and identity non-repudiation is achieved in information transmission in the authentication process.
The firmware receives the random number acquisition instruction and generates a random number according to the random number acquisition instruction and a preset random number generation algorithm so as to complete random number generation response. By performing signature processing on the random number to obtain the signature value, the fixed signature value is avoided to improve the confidentiality of data authentication.
And verifying the signature value to obtain an original text random number, and verifying the original text random number through a preset key group to obtain a comparison result.
Wherein the comparison result comprises: and the verification is successful and the verification fails. And if the verification result is judged to be successful, the credible mark processing is specifically to set a corresponding credible mark. And after the setting of the trusted flag is finished, the bootstrap program returns to the upper-level setting item, and the bootstrap program rechecks the trusted flag to determine whether the corresponding trusted flag is set. If the recheck result is that the credible mark is set, exiting the current bootstrap program, restarting the system to update data, and returning to the upper-level setting item.
It can be understood that the signing process and the verification process are performed through the preset key group and the random number, so that a signature value obtained according to the random number is used as a signing key, and the information transmission in the authentication process has identity non-repudiation. Based on the identity non-repudiation of the authentication process, the phenomenon that the executive component repudiates sent or received information is avoided. It will be appreciated that non-repudiation of the identity through authentication prevents the authentication process from failing to repudiate transmitted or received information. And generating a signature through the random number and taking the signature as interactive information of identity authentication so as to avoid replay attack on the system after a third party intercepts upgrade data or signature information.
Referring to fig. 3, in some embodiments, the random number is signed according to a preset key group to obtain a signature value, and the signature value is verified to obtain a comparison result. Step 530, performing trusted token processing according to the comparison result, further comprising: 531, performing data erasing and writing on the trusted boot data area, and obtaining a data hash value of the trusted boot data area; and 532, comparing the data hash value and the firmware hash value to obtain a hash comparison result, and setting a zone bit according to the hash comparison result.
The trusted boot data area is subjected to data erasing and writing processing to package and write upgrading data in the trusted boot data area, and the trusted boot data area is subjected to data mapping processing to obtain a corresponding firmware hash value. The firmware hash value is derived from the upgrading data in the trusted boot data area, and the data hash value is derived from the upgrading data which is not written in the trusted boot data area. And comparing the firmware hash value with the data hash value to obtain a hash comparison result, and judging whether the upgrade data is correctly written into the trusted boot data area according to the hash comparison result. If the hash comparison result (the firmware hash value and the data hash value have consistency) is that the upgrade data is correctly written into the trusted boot data area, the upgrade data written into the trusted boot data area is valid, and a corresponding flag bit is set to mark a program state corresponding to the upgrade data.
The flag bits may include a storage condition code flag, a control flag, and a system flag.
In some embodiments, the setting the flag according to the hash comparison result in step 532 further includes: step 5321, setting a flag bit of the bootstrap program according to the hash comparison result, and storing preset firmware setting parameters and redundancy check codes in corresponding preset storage areas; step 5322, the firmware is restarted and the data is updated by the boot program.
Further, the step 5321 of setting a flag of the bootstrap according to the hash comparison result includes: if the Hash comparison result (the firmware Hash value and the data Hash value have consistency) is that the upgrading data is correctly written into the trusted boot data area, the upgrading data written into the trusted boot data area is valid, and a corresponding flag bit is set to mark a program state corresponding to the upgrading data; and if the hash comparison result (the firmware hash value and the data hash value are not consistent) is that the upgrade data is judged not to be written into the trusted boot data area correctly, returning to the previous stage, and generating an incorrect writing early warning.
Further, if the hash comparison result (the firmware hash value and the data hash value have consistency) is that it is determined that the upgrade data has been correctly written into the trusted boot data area, setting a flag bit of the boot program according to the hash comparison result, and storing the preset firmware setting parameter and the redundancy check code in the corresponding preset storage area so that the program integrity can be quickly determined during the execution of the boot program.
And after the preset firmware setting parameters and the redundancy check codes are stored in the corresponding preset storage areas, the firmware executes restart processing and updates the data in the boot program, and erasing and writing limit protection is started to prevent abnormal data from being written into the storage areas of the firmware.
Referring to fig. 4, in some embodiments, the firmware data includes: the system comprises a firmware version number, a firmware data volume, firmware offset data and an access control address offset, wherein a key group comprises a first key and a second key corresponding to the first key; step 100, obtaining first upgrade data according to the firmware data, further comprising: the first upgrade data is obtained according to the firmware version number, the firmware data amount, the firmware offset data and the access control address offset. Step 200, obtaining an access control address according to the firmware upgrading plaintext, and encrypting the firmware upgrading plaintext and the access control address to obtain second upgrading data, wherein the method comprises the following steps: step 210, calculating the firmware upgrade plaintext according to the first secret key and a preset block cipher algorithm to obtain an access control address; step 220, encrypting the firmware upgrading plaintext and the access control address according to the second secret key and the preset block cipher algorithm to obtain second upgrading data; and step 230, obtaining an upgrading data set according to the first upgrading data and the second upgrading data.
The key set comprises a first key and a second key corresponding to the first key. If the first secret key is a public key, the second secret key is a private key; if the second key is a public key, the first key is a private key. In practical application, the first key and the second key may be the same key, associated keys or non-associated keys.
Obtaining first upgrading data according to the firmware version number, the firmware data quantity, the firmware offset data and the access control address offset; and calculating the firmware data according to the first secret key and a preset block cipher algorithm to obtain a data hash value. The data hash value is a 16-bit (16-byte) code.
Further, the firmware upgrading plaintext and the access control address are encrypted according to the second secret key and the preset block cipher algorithm to obtain second upgrading data, and the first upgrading data, the data hash value and the second upgrading data are sequentially written into the corresponding storage area to form complete upgrading data, so that the data hash value and the firmware hash value can be called for comparison processing after the firmware is upgraded by the upgrading data, and a judgment basis is provided for judging whether the upgrading data is correctly written into the trusted boot data area.
And calculating (or performing block decryption) on the firmware data according to the first key and a preset block cipher algorithm to obtain a data hash value. And obtaining a key Hash function through a preset block cipher algorithm to complete the calculation of the data Hash value, thereby ensuring the confidentiality and the integrity of data in the firmware.
Referring to fig. 1 to 5, in some embodiments, the step 5321 of storing the preset firmware setting parameters and the redundancy check codes in the corresponding preset storage areas further includes: step 53211, comparing the firmware version number with a pre-stored version number of the chip to obtain a comparison result, and performing erasure restriction removal processing on the firmware code region of the firmware according to the comparison result; step 53212, performing packet receiving processing on the second upgrade data, and decrypting the second upgrade data according to the second key and a preset block cipher algorithm to obtain a firmware upgrade plaintext and a data hash value; step 53213, storing the data hash value and firmware upgrade plaintext in a firmware code area; step 53214, obtaining a firmware hash value according to a preset block cipher algorithm, the first key and a firmware upgrade plaintext; step 53215, comparing the data hash value and the firmware hash value to obtain a hash comparison result; and 53216 storing the data parameters and the redundancy check codes in corresponding preset storage areas according to the hash comparison result.
In some embodiments, step S510, receiving a random number obtaining instruction, and returning a corresponding random number according to the random number obtaining instruction, further includes: step S511, the security chip receives the random number obtaining instruction and returns the random number according to the random number obtaining instruction, wherein the random number is 32 bits; step S520, signing the random number according to the preset key group to obtain a signature value, further comprising: and step S521, signing the 32-bit random number according to the preset key group to obtain a signature value, wherein the signature value is 64 bits.
The system generates a random number acquisition instruction and sends the random number acquisition instruction to the security chip, and a random number generation function is prestored in the security chip and generates a 32-bit random number according to the random number acquisition instruction and returns the random number to the system. The system signs the 32-bit random number according to the preset key group to obtain a signature value, wherein the signature value is 64 bits. The 32-bit random number is used as source data, and the source data is subjected to signature processing to obtain a 32-bit signature value, so that the security chip can effectively defend against replay attacks.
In some embodiments, performing erasure restriction removal processing on the firmware code region of the firmware according to the comparison result further includes: if the comparison result shows that the firmware version number is inconsistent with the pre-stored version number of the chip, erasing and writing limitation removal processing is carried out on the firmware code area of the firmware; and/or if the comparison result shows that the firmware version number is consistent with the pre-stored version number of the chip, maintaining the firmware code area of the firmware in an erasing and writing limiting state.
Further, the firmware version number and the chip pre-stored version number are compared to obtain a comparison result, and the erasing and writing limitation removing processing is performed on the firmware code area of the firmware according to the comparison result (whether the firmware version number is consistent with the chip pre-stored version number). The method specifically comprises the following steps: if the firmware version number is not consistent with the pre-stored version number of the chip, the system carries out erasing and writing limitation removal processing on the firmware code area of the firmware so that the firmware code area can be written with upgrading data; if the firmware version number is consistent with the pre-stored version number of the chip, the system maintains the firmware code area of the firmware in an erasing and writing limiting state and suspends the upgrade or returns to the last setting item, and meanwhile, the system generates a warning signal so that a user can know the reason of the upgrade failure in time.
And judging whether the firmware version number and the chip pre-stored version number have consistency or not according to the firmware version number and the chip pre-stored version number, so as to judge whether the upgrading environment is safe or whether upgrading operation can be executed or not.
In some embodiments, storing the preset firmware setting parameters and the redundancy check codes in the corresponding preset storage areas further includes: restarting the security chip, and updating the firmware according to the data in the corresponding preset storage area; the erase limit process is started for the firmware. The secure chip is restarted to load and install the upgrade data in the firmware, so that the upgrade is completed. After the upgrade data is loaded and installed, system resources and other tasks are prevented from being illegally accessed.
In some embodiments, the preset block cipher algorithm is the SM4 block cipher algorithm. The SM4 packet cipher algorithm is a packet data algorithm of the wireless local area network standard, and the symmetric encryption, the key length and the packet length are all 128 bits.
In some embodiments, a computer-readable storage medium stores computer-executable instructions for: the method for upgrading the security chip in any one of the above embodiments is performed.
The embodiments of the present invention have been described in detail with reference to the accompanying drawings, but the present invention is not limited to the above embodiments, and various changes can be made within the knowledge of those skilled in the art without departing from the gist of the present invention. Furthermore, the embodiments of the present invention and the features of the embodiments may be combined with each other without conflict.
Claims (10)
1. The method for upgrading the security chip is characterized by comprising the following steps:
obtaining first upgrading data according to the firmware data;
obtaining an access control address according to the firmware upgrading plaintext, and encrypting the firmware upgrading plaintext and the access control address to obtain second upgrading data;
obtaining an upgrading data set according to the first upgrading data and the second upgrading data;
performing proofreading processing on the firmware data to obtain a proofreading result, and receiving the upgrading data set according to the proofreading result;
and performing data erasing processing on the firmware according to the upgrading data set.
2. The secure chip upgrade method according to claim 1, wherein performing data erasure processing on the firmware according to the upgrade data set further includes performing erasure restriction removal processing on the firmware;
the erasure restriction removal process includes:
receiving a random number acquisition instruction, and returning a corresponding random number according to the random number acquisition instruction;
signing the random number according to a preset key group to obtain a signature value, and checking the signature value to obtain a comparison result; and carrying out credible mark processing and erasing limit removing processing according to the comparison result.
3. The method for upgrading a secure chip according to claim 2, wherein the random number is signed according to a preset key group to obtain a signature value, the signature value is verified to obtain a comparison result, and a trusted flag is processed according to the comparison result, further comprising:
performing data erasing and writing processing on a trusted boot data area, and obtaining a data hash value of the trusted boot data area;
and comparing the data hash value and the firmware hash value to obtain a hash comparison result, and setting a zone bit according to the hash comparison result.
4. The method for upgrading a security chip according to claim 3, wherein setting a flag bit according to the hash comparison result further comprises:
setting a flag bit of a bootstrap program according to the hash comparison result, and storing preset firmware setting parameters and redundancy check codes in corresponding preset storage areas;
and restarting the firmware and updating data through the bootstrap program.
5. The secure chip upgrade method according to claim 4, wherein the firmware data includes: the device comprises a firmware version number, a firmware data volume, firmware offset data and an access control address offset, wherein the key group comprises a first key and a second key corresponding to the first key;
the obtaining of the first upgrade data according to the firmware data further includes:
obtaining first upgrading data according to the firmware version number, the firmware data quantity, the firmware offset data and the access control address offset;
obtaining an access control address according to a firmware upgrading plaintext, and encrypting the firmware upgrading plaintext and the access control address to obtain second upgrading data, wherein the second upgrading data comprises:
calculating the firmware upgrading plaintext according to the first secret key and a preset block cipher algorithm to obtain the access control address;
encrypting the firmware upgrading plaintext and the access control address according to the second secret key and the preset block cipher algorithm to obtain second upgrading data;
and obtaining the upgrading data set according to the first upgrading data and the second upgrading data.
6. The method for upgrading a security chip according to claim 5, wherein a flag bit of a boot program is set according to the hash comparison result, and the preset firmware setting parameters and the redundancy check codes are stored in corresponding preset storage areas, further comprising:
comparing the firmware version number with a chip pre-stored version number to obtain a comparison result, and performing erasing and writing limitation removal processing on a firmware code area of the firmware according to the comparison result;
performing sub-packet receiving processing on the second upgrading data, and decrypting the second upgrading data according to the second secret key and the preset block cipher algorithm to obtain the firmware upgrading plaintext and the data hash value;
storing the data hash value and the firmware upgrading plaintext in the firmware code area;
obtaining the firmware hash value according to the preset block cipher algorithm, the first secret key and the firmware upgrading plaintext;
comparing the data hash value and the firmware hash value to obtain a hash comparison result;
and storing the data parameters and the redundancy check codes in the corresponding preset storage areas according to the hash comparison result.
7. The method for upgrading a security chip according to any one of claims 2 to 6, wherein the receiving a random number obtaining instruction and returning a corresponding random number according to the random number obtaining instruction further comprises:
the security chip receives the random number acquisition instruction and returns the random number according to the random number acquisition instruction, wherein the random number is 32 bits;
the signing processing is carried out on the random number according to a preset secret key group to obtain a signature value, and the signing processing method further comprises the following steps:
and signing the 32-bit random number according to the preset key group to obtain a signature value, wherein the signature value is 64 bits.
8. The method for upgrading a secure chip according to claim 6, wherein the erasing and writing limitation removing process is performed on the firmware code area of the firmware according to the comparison result, further comprising:
if the comparison result shows that the firmware version number is consistent with the pre-stored version number of the chip, erasing and writing limitation removal processing is carried out on the firmware code area of the firmware;
and/or
And if the comparison result shows that the firmware version number is not consistent with the pre-stored version number of the chip, maintaining the erasing and writing limiting state for the firmware code area of the firmware.
9. The method for upgrading a security chip according to claim 6, wherein the step of storing the preset firmware setting parameters and the redundancy check codes in the corresponding preset storage areas further comprises the steps of:
restarting the security chip, and updating the firmware according to the data in the corresponding preset storage area;
and starting erasing limit processing on the firmware.
10. A computer-readable storage medium storing computer-executable instructions for: performing the secure chip upgrade method of any one of claims 1 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011321760.4A CN112417422B (en) | 2020-11-23 | 2020-11-23 | Security chip upgrading method and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011321760.4A CN112417422B (en) | 2020-11-23 | 2020-11-23 | Security chip upgrading method and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112417422A true CN112417422A (en) | 2021-02-26 |
| CN112417422B CN112417422B (en) | 2024-06-18 |
Family
ID=74777361
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011321760.4A Active CN112417422B (en) | 2020-11-23 | 2020-11-23 | Security chip upgrading method and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112417422B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114662087A (en) * | 2022-05-20 | 2022-06-24 | 广州万协通信息技术有限公司 | Multi-terminal verification security chip firmware updating method and device |
| CN115357953A (en) * | 2022-10-21 | 2022-11-18 | 山东三未信安信息科技有限公司 | Dynamic distribution method and system for cipher card key storage |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107888577A (en) * | 2017-10-31 | 2018-04-06 | 美的智慧家居科技有限公司 | Upgrade method, door lock, server, system and the storage medium of door lock firmware |
| WO2018090642A1 (en) * | 2016-11-15 | 2018-05-24 | 平安科技(深圳)有限公司 | Application program upgrade method, user terminal and storage medium |
| CN110502250A (en) * | 2019-07-12 | 2019-11-26 | 苏州浪潮智能科技有限公司 | A kind of upgrade method and baseboard management controller |
| CN110650004A (en) * | 2019-08-28 | 2020-01-03 | 如般量子科技有限公司 | Anti-quantum computation RFID authentication method and system based on symmetric key pool and online and offline signature |
| WO2020073206A1 (en) * | 2018-10-09 | 2020-04-16 | 华为技术有限公司 | Chip, method for generating private key, and method for trusted verification |
-
2020
- 2020-11-23 CN CN202011321760.4A patent/CN112417422B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018090642A1 (en) * | 2016-11-15 | 2018-05-24 | 平安科技(深圳)有限公司 | Application program upgrade method, user terminal and storage medium |
| CN107888577A (en) * | 2017-10-31 | 2018-04-06 | 美的智慧家居科技有限公司 | Upgrade method, door lock, server, system and the storage medium of door lock firmware |
| WO2020073206A1 (en) * | 2018-10-09 | 2020-04-16 | 华为技术有限公司 | Chip, method for generating private key, and method for trusted verification |
| CN110502250A (en) * | 2019-07-12 | 2019-11-26 | 苏州浪潮智能科技有限公司 | A kind of upgrade method and baseboard management controller |
| CN110650004A (en) * | 2019-08-28 | 2020-01-03 | 如般量子科技有限公司 | Anti-quantum computation RFID authentication method and system based on symmetric key pool and online and offline signature |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114662087A (en) * | 2022-05-20 | 2022-06-24 | 广州万协通信息技术有限公司 | Multi-terminal verification security chip firmware updating method and device |
| CN115357953A (en) * | 2022-10-21 | 2022-11-18 | 山东三未信安信息科技有限公司 | Dynamic distribution method and system for cipher card key storage |
| CN115357953B (en) * | 2022-10-21 | 2023-02-10 | 山东三未信安信息科技有限公司 | Dynamic distribution method and system for cipher card key storage |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112417422B (en) | 2024-06-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8250373B2 (en) | Authenticating and verifying an authenticable and verifiable module | |
| KR100657532B1 (en) | A method for securing an electronic device, a security system and an electronic device | |
| US8171275B2 (en) | ROM BIOS based trusted encrypted operating system | |
| US8392724B2 (en) | Information terminal, security device, data protection method, and data protection program | |
| JP6371919B2 (en) | Secure software authentication and verification | |
| US20050076226A1 (en) | Computing device that securely runs authorized software | |
| KR20090109589A (en) | Secure protection method for access to protected resources in a processor | |
| CN110795126A (en) | Firmware safety upgrading system | |
| CN109657479B (en) | Data leakage prevention method and computer readable storage medium | |
| CN111611593A (en) | Secure data processing apparatus | |
| CN113656086A (en) | Method for safely storing and loading firmware and electronic device | |
| US20070277038A1 (en) | Method for authentication of software within a product | |
| CN113805908A (en) | Firmware update system and method | |
| CN112417422B (en) | Security chip upgrading method and computer readable storage medium | |
| CN115242397A (en) | OTA upgrade security verification method and readable storage medium for vehicle EUC | |
| CN116484379A (en) | System starting method, system comprising trusted computing base software, equipment and medium | |
| CN114040221B (en) | Anti-copy method for security authentication based on double signatures of set top box server side | |
| CN115495123A (en) | Flash method and system of hardware security module | |
| JP5099895B2 (en) | Communication terminal and access control method | |
| CN114297679B (en) | Method for encrypted transmission and upgrading of mirror image | |
| US20240086170A1 (en) | Software update system and software update method | |
| CN117556430B (en) | Safe starting method, device, equipment and storage medium | |
| CN116244754A (en) | Method and device for verifying target object of computer, storage medium and related device | |
| CN116257839A (en) | Method for upgrading signature firmware, electronic equipment and storage medium | |
| CN116776397A (en) | Method for verifying data in a computing unit |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |