CN112711761B - Controller safety protection method, main chip of controller and controller - Google Patents
Controller safety protection method, main chip of controller and controller Download PDFInfo
- Publication number
- CN112711761B CN112711761B CN202110045398.0A CN202110045398A CN112711761B CN 112711761 B CN112711761 B CN 112711761B CN 202110045398 A CN202110045398 A CN 202110045398A CN 112711761 B CN112711761 B CN 112711761B
- Authority
- CN
- China
- Prior art keywords
- chip
- area
- controller
- digital signature
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 36
- 238000012795 verification Methods 0.000 claims abstract description 33
- 238000004891 communication Methods 0.000 claims description 49
- 230000006870 function Effects 0.000 claims description 46
- 238000004364 calculation method Methods 0.000 claims description 6
- TVZRAEYQIKYCPH-UHFFFAOYSA-N 3-(trimethylsilyl)propane-1-sulfonic acid Chemical compound C[Si](C)(C)CCCS(O)(=O)=O TVZRAEYQIKYCPH-UHFFFAOYSA-N 0.000 description 4
- 238000013478 data encryption standard Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000009191 jumping Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a controller safety protection method, a main chip of the controller and the controller, wherein the controller comprises a main chip and a safety chip arranged outside the main chip, the main chip comprises a start-up boot program area and an application program area, in the power-on process of the controller, the main chip is started and enters the start-up boot program area, corresponding secret keys and digital signatures can be obtained from the safety chip, corresponding verification digital signatures are calculated according to the secret keys, when the verification digital signatures are matched with the corresponding digital signatures, the main chip completely runs the start-up boot program and jumps to the application program area after the start-up boot program is finished, so that the safe start-up of the controller is finished, and the problems that the safety start-up function of the existing controller is high in cost, the safety start-up function of the controller is difficult to realize when the performance of the main chip is reduced and the like can be effectively solved.
Description
Technical Field
The application relates to the technical field of controllers, in particular to a safety protection method of a controller, a main chip of the controller and the controller.
Background
With the development of various intelligent system (e.g., car intelligent network system) technologies, controllers of the systems (e.g., motor controllers of cars, etc.) face more and more security threats. One security threat illegally falsifies a starting guide program in the controller, the controller is started by the falsified starting guide program, other parts in the system cannot normally operate, the other security threat illegally falsifies an application program in the controller, and the falsified application program is used for refreshing the controller, so that the purpose of changing the working logic of the controller is achieved.
As shown in fig. 1, the conventional function for implementing the secure start of the controller is mainly implemented based on a main chip 100 in the controller 10, where the main chip 100, such as a main chip containing a secure hardware extension (Secure Hardware Extension, abbreviated as SHE) module or a main chip containing a hardware security module (Hardware Security Module, abbreviated as HSM), is generally implemented by integrating a corresponding security module 102 (such as a security module with a low configuration, e.g., SHE module, or a security module with a high configuration, e.g., HSM module) on a chip where a micro control unit (Micro Controller Unit, abbreviated as MCU) 101 is located, and the security module 102, as an on-chip peripheral device of the micro control unit 100, can transfer the control of encryption keys from a software domain to a hardware domain, so as to protect the keys from software attacks.
The method for implementing the controller secure boot based on the master chip 100 generally includes the following processes:
(1) The micro control unit 101 of the main chip 100 acquires an encryption key and a key signature pre-stored in the main chip 100;
(2) The micro control unit 101 of the main chip 100 generates a verification signature from the encryption key, and then the security module 102 compares the key signature with the verification signature, and if the key signature and the verification signature are identical, the secure start of the controller 10 is achieved.
However, in practice, it is found that the above-mentioned mode of safe start-up of the controller requires the internal integration of the safety module in the main chip, so that the performance requirement on the main chip is high, and the hardware cost of the main chip is increased; when the performance of the main chip is reduced, for example, a lower security module is used in the main chip to replace the SHE module or the HSM module, and even when the security module is completely cancelled in the main chip, the security start function of the controller is difficult to be implemented, which results in that the security refresh function of the controller and the like cannot be implemented.
Therefore, a new controller safety protection scheme is needed, so that the implementation of functions such as safety starting of the controller can be ensured, the performance requirement on the main chip of the controller can be reduced, and the implementation cost for enhancing the safety of the controller is further effectively reduced.
Disclosure of Invention
The invention aims to provide a controller safety protection method and a controller, which can solve the problems in the prior art that the performance requirement on a main chip of the controller is high, the cost of the controller safety starting function is high, or the safety starting function of the controller is difficult to realize when the performance of the main chip is reduced.
Another object of the present invention is to provide a master chip of a controller, which can reduce performance requirements on the master chip of the controller and realize a safe start function of the controller.
In order to achieve the above object, the present invention provides a security protection method of a controller, the controller including a main chip and a security chip disposed outside the main chip, the main chip including a boot program area for storing a boot program and an application program area for storing an application program, the security chip being connected to the main chip, and a first key and a first digital signature being pre-stored in the security chip; the safety protection method comprises the steps of safely starting the controller, and the step of safely starting the controller comprises the following steps:
during the power-on process of the controller, the main chip is started and enters the starting bootstrap area;
the master chip acquires the first key and the first digital signature from the security chip, and calculates a corresponding verification digital signature according to the first key;
and if the verification digital signature is matched with the first digital signature, the main chip completely operates a starting bootstrap program, and jumps to the application program area from the starting bootstrap program area after the starting bootstrap program is operated, so that the safe starting of the controller is completed.
Optionally, the master chip obtains the first key and the first digital signature from the secure chip by using corresponding functions in the boot loader area, calculates the check digital signature according to the first key, and determines whether the check digital signature and the first digital signature match.
Optionally, an asymmetric public key is pre-stored in the starting bootstrap area, and an asymmetric private key corresponding to the asymmetric public key is pre-stored in the application area; after safely starting the controller, the safety protection method further comprises safely refreshing the controller, and the step of safely refreshing the controller comprises the following steps:
when a corresponding application program is generated in the application program area, the main chip generates a second digital signature for marking the validity of the application program by using the asymmetric private key calculation;
the master chip reads the second digital signature and adopts the asymmetric public key to carry out signature verification on the second digital signature;
if the signature verification is passed, the main chip carries out security refreshing on the application program area;
and after the refreshing is successful, the master chip recalculates the first digital signature of the application program area after the secure refreshing, and updates the recalculated first digital signature into the secure chip so as to finish the secure refreshing of the controller.
Optionally, the master chip obtains the second digital signature from the application program area by using a corresponding function in the boot loader area, performs signature verification on the second digital signature by using the asymmetric public key, and further performs security refreshing on the application program area after the signature verification is passed.
Optionally, the security protection method further includes protecting communication security between the security chip and the boot loader area, and the step of protecting communication security between the security chip and the boot loader area includes:
respectively presetting a session key generation key in the starting bootstrap program area and the security chip;
after the master chip enters the boot strap area and before the communication channel is established, the master chip generates and transmits a random number to the security chip in the boot strap area;
the boot loader area and the security chip generate a key based on the random number and the session key respectively, and generate a corresponding second key to establish a communication channel capable of enabling both parties to communicate securely;
and the starting bootstrap program area and the security chip encrypt and decrypt the instruction and the data transmitted by the communication channel by using the second secret key respectively so as to protect the communication security between the security chip and the starting bootstrap program area.
Based on the same inventive concept, the invention also provides a main chip of the controller, the main chip is connected with an external security chip, a first key and a first digital signature are prestored in the security chip, wherein the main chip comprises:
the starting guide program area is configured to store a starting guide program, is started in the power-on process of the controller, can acquire the first secret key and the first digital signature from the security chip, calculates a corresponding check digital signature according to the first secret key, allows the main chip to completely run the starting guide program when the check digital signature is matched with the first digital signature, and allows the main chip to jump to the application program area after the starting guide program is run, so that the secure starting of the controller is realized;
an application area configured to store applications.
Optionally, an asymmetric public key is pre-stored in the starting bootstrap area, and an asymmetric private key is pre-stored in the application area;
the application area is further configured to generate a second digital signature for marking the validity of the application by using the asymmetric private key calculation when generating the corresponding application;
the boot strap area is further configured to obtain the second digital signature from the application area, perform signature verification on the second digital signature by adopting the asymmetric public key, perform secure refreshing on the application area after signature verification is passed, and recalculate the first digital signature of the application area after secure refreshing, update the first digital signature into the secure chip to complete secure refreshing of the controller.
Optionally, session key generation keys are preset in the boot loader area and the security chip respectively;
the boot strap area is further configured to generate and transmit a random number to the secure chip before establishing a communication channel with the secure chip, generate a second key for establishing the communication channel based on the random number and the session key, and encrypt and decrypt instructions and data transmitted by the communication channel with the second key after establishing the communication channel with the secure chip to secure communication with the secure chip.
Optionally, the main chip includes an on-chip nonvolatile memory, and the boot loader area and the application program area are different storage areas of the on-chip nonvolatile memory.
Based on the same inventive concept, the invention also provides a controller, which comprises the main chip and a safety chip arranged outside the main chip and connected with the main chip.
Compared with the prior art, the technical scheme of the invention has at least one of the following beneficial effects:
1. the controller can be built by the main chip and the safety chip arranged outside the main chip, and any safety module is not required to be integrated in the main chip, so that the problems of higher performance requirements on the main chip of the controller and higher cost of the safety starting function of the controller in the prior art can be solved.
2. The main chip of the controller comprises a starting guide program area for storing a starting guide program and an application program area for storing an application program, a key and a digital signature for safely starting the controller are prestored in the safety chip, in the power-on process of the controller, the main chip is started and enters the starting guide program area, the corresponding key and the digital signature can be obtained from the safety chip, the corresponding verification digital signature is calculated according to the key, when the verification digital signature is matched with the corresponding digital signature, the main chip is allowed to completely run the starting guide program, and after the starting guide program is completed, the main chip is allowed to jump from the starting guide program area to the application program area, and then the safe starting of the controller is completed. Therefore, under the condition that the main chip is in communication connection with the external safety chip, the safety starting function of the controller can be realized, and because the main chip is not required to integrate any safety module, the problems that the safety starting function cost is high, the safety starting function of the controller is difficult to realize when the performance of the main chip is reduced and the like in the existing safety starting scheme of the controller can be effectively solved.
3. Further, after the main chip jumps from the starting bootstrap program area to the application program area, the controller can be safely refreshed by further utilizing the corresponding asymmetric public key and the asymmetric private key, so that the working logic of the controller is ensured, and the controller is prevented from being refreshed by an illegally tampered application program.
4. Furthermore, the starting bootstrap program area and the security chip can also respectively generate corresponding session keys by using a preset session key generation key and a random number generated in the starting bootstrap program area, establish a communication channel capable of enabling two parties to safely communicate, encrypt and decrypt instructions and data transmitted by the communication channel by using the session key, protect the communication security between the security chip and the starting bootstrap program area, and prevent the problem that the communication data in the controller chip is compromised.
Drawings
Fig. 1 is a schematic diagram of a functional module architecture of a conventional controller.
Fig. 2 is a schematic diagram of a system architecture of a controller according to an embodiment of the present invention.
Fig. 3 is a flowchart of a method for a secure boot controller according to an embodiment of the present invention.
Fig. 4 is a flowchart of a method for a security refresh controller according to an embodiment of the present invention.
FIG. 5 is a flow chart of a method for securing communications between a secure chip and a boot strap area of a host chip according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the technical solutions of the present invention will be further described in detail below with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention. "function," "program," "key," "signature," "instruction," "data," "algorithm," and the like are all codes formed by computer languages herein.
An embodiment of the present invention provides a method for protecting a controller, which is suitable for implementing functions such as secure startup, secure refresh, and internal secure communication of various controllers having a main chip (may be referred to as a micro controller chip), where the controller may be an electronic controller in an intelligent internet system of an automobile (for example, a motor controller, an engine controller, a complete machine controller, a vehicle body controller, etc.), and an electronic controller in a user intelligent terminal system of various forms such as a wearable device, etc.
Specifically, referring to fig. 2, the controller 20 of the present embodiment includes a main chip 200 and a Security Element (SE) 201, where the main chip 200 is a chip where a micro control unit (Micro Control Unit, MCU) is located, the security chip 201 is disposed outside the main chip 200 and is not integrated inside the main chip 200, and the main chip 200 and the security chip 201 are connected to each other and can communicate through an SPI (Serial Peripheral Interface ) bus channel (i.e., a Secure communication channel). The SPI bus is a high-speed, full-duplex and synchronous communication bus, communication between SPI devices can be realized by only 3-4 data lines and control lines, and the SPI bus has the advantages of less chip pin requirements, simple connection and wiring of IO ports, easiness in PCB layout and the like. The master chip 200 is used as SPI master equipment, and the security chip 201 is used as SPI slave equipment, so that an SPI communication mode of one master and one slave is realized.
In this embodiment, a first key and a first digital signature for implementing secure startup of the controller 20 and a session key generation key for implementing secure communication between the secure chip 201 and the master chip 200 are pre-stored in the secure chip 201. The first key is a message authentication code key (Security Key for Message Authentication Code, abbreviated as SK-MEC), which can be calculated by the boot loader area 200a and stored in the security chip 201, and can indicate the validity of the boot loader in the boot loader area 200a, and prevent whether the boot loader is illegally tampered with or disguised.
The main chip 200 includes a boot program (boot) area 200a for storing a boot program and an application program (Application Software, abbreviated as ASW) area 200b for storing at least one application program. The main chip 200 includes an on-chip nonvolatile memory (e.g., flash memory, etc., not shown), and the boot loader area 200a and the application program area 200b are different storage areas of the on-chip nonvolatile memory. And the boot loader area 200a is able to lock the on-chip nonvolatile memory before the controller 20 is safely booted to prevent the master chip 200 from jumping to the application area 200b when the boot loader is not fully running.
The method for protecting the controller 20 of the present embodiment includes safely starting the controller 20, and please refer to fig. 2 and 3, wherein the steps of safely starting the controller 20 include:
s11, during the power-up process of the controller 20, the main chip 200 starts and enters the start-up boot program area 200a;
s12, the main chip 200 acquires the first key and the first digital signature from the security chip 201, and calculates a corresponding verification digital signature according to the first key;
s13, the main chip 200 judges whether the check digital signature is matched with the first digital signature, if the check digital signature is matched with the first digital signature, the main chip 200 completely runs a start-up boot program, and jumps from the start-up boot program area 200a to the application program area 200b after the start-up boot program is completed, so as to complete the safe start-up of the controller 20.
Optionally, the boot loader in the boot loader area 200a includes a first function for reading data, a second function for calculating a check digital signature, and a third function for determining whether the check digital signature and the first digital signature match. After the main chip 200 enters the boot loader area 200a, the main chip 200 runs a part of the boot loader to call the first function, the second function and the third function in sequence, so as to execute steps S12 and S13 in sequence, that is, specifically, execute the following processes in sequence: acquiring the first key and the first digital signature from the security chip 201 by using a first function, and further calculating the acquired first key by using a second function to calculate a corresponding verification digital signature (i.e., step S12); and judging whether the calculated check digital signature is matched with the read first digital signature by using a third function, if the check digital signature is not matched with the first digital signature, the main chip 200 completely runs the start-up boot program, and after the start-up boot program is completed, the main chip jumps from the start-up boot program area 200a to the application program area 200b, so that the controller can only run the corresponding application program in the application program area 200b, and if the check digital signature is not matched with the first digital signature, the operation of the start-up boot program is terminated to interrupt the start-up of the controller (i.e. step S13).
In step S12, the first key corresponds to a private key, the first digital signature corresponds to a public key, and the second function may include, but is not limited to, a Rabin signature algorithm, a DSS digital (Digital Signature Standard, DSS) signature algorithm, an RSA signature algorithm, and the like, which are well known to those skilled in the art. Among them, the RSA signature algorithm was one proposed by ronad-levister (Ron Rivest), addi samer (Adi Shamir), and renad-adman (Leonard Adleman) together in 1977. The calculated verification digital signature is verified with the first digital signature in step S13 to verify the integrity, legitimacy and authenticity of the boot program in the boot program area 200 a.
In this embodiment, the startup bootstrap area 200a also pre-stores an asymmetric public key, the application area 200b also pre-stores an asymmetric private key corresponding to the asymmetric public key, and the security protection method of the controller 20 in this embodiment further includes: after the controller 20 is safely started, the controller 20 is safely refreshed. With reference to fig. 2 and fig. 4, the steps of safely refreshing the controller specifically include:
s21, when a corresponding application program is generated in the application program area 200b, the main chip 200 generates a second digital signature for marking the validity of the application program by using the asymmetric private key calculation;
s22, the main chip 200 reads the second digital signature and adopts the asymmetric public key to carry out signature verification on the second digital signature;
s23, if the signature verification is passed, the main chip 200 performs security refreshing on the application program area;
s24, after the refreshing is successful, the main chip 200 recalculates the first digital signature of the application program area after the secure refreshing, and updates the recalculated first digital signature into the secure chip 201 to complete the secure refreshing of the controller 20.
Alternatively, in the application area 200b, each application has a separate storage area, which may be referred to as a sub-application area. In step S21, when an application is stored in the application area 200b (i.e., a new sub-application area is generated in the application area 200 b), the master chip 20 may generate a validity tag of the application based on the asymmetric private key as a second digital signature of the sub-application area in which the application is located using a suitable signature algorithm. The signature algorithm includes, but is not limited to, a Rabin signature algorithm, a DSS digital (Digital Signature Standard, DSS) signature algorithm, a RSA (Rivest Shamir Adleman) signature algorithm, or any other suitable digital signature algorithm, and the like, which is not limited in this application. The signature algorithm (which may be referred to as a signature function) may be stored in the application area 200b or may be stored in the boot loader area 200a, and the master chip 20 may invoke the signature algorithm when it is desired to generate the second digital signature. The second digital signature can provide information security related services and guarantees such as source authenticity, data content integrity, non-repudiation of the signer, anonymity and the like of the corresponding application program.
Optionally, the boot loader of the boot loader area 200a has a fourth function for reading the corresponding data in the application area 200b and a fifth function for verifying the signature, and in step S22, the master chip 200 calls the fourth function to read the second digital signature and calls the fifth function to verify the signature of the second digital signature by using the asymmetric public key, so as to confirm whether the application area 200b can be refreshed. Step S22 can verify the integrity, legitimacy and authenticity of the application to be refreshed.
As an example, the second digital signature includes a hash value, and in step S22, the fifth function is called to perform a signature de-signing on the second digital signature by using the asymmetric public key, so as to obtain another hash value, and if the two hash values are equal, the signature verification is successful; otherwise, the signature verification fails.
Optionally, the boot loader of the boot loader area 200a has a sixth function for calculating the first digital signature, in step S24, after the refresh is successful, the main chip 200 invokes the sixth function to recalculate the first digital signature of the application area after the secure refresh, and updates the recalculated first digital signature to the secure chip 201, so as to implement the update of the first digital signature in the secure chip 201, thereby completing the secure refresh of the controller 20, and ensuring that the controller 20 can also implement secure startup in the next time, so as to avoid the problem that the controller 20 cannot be started up safely due to the refresh of the application area 200b.
Optionally, SPI bus channel communication can be established between boot strap area 200a of master chip 200 and secure chip 201, and encrypted communication can be performed in the SPI bus channel using the corresponding session key. That is, the security protection method of the controller 20 of the present embodiment further includes protecting the communication security between the security chip 201 and the boot loader area 200 a. With reference to fig. 2 and fig. 5, the steps for protecting the communication security between the secure core 201 and the boot loader area 200a specifically include:
s31, respectively presetting a session key generation key in the boot program area 200a and the security chip 201, wherein the session key generation key is a key which can be used for guaranteeing the security of SPI bus communication and is shared by the boot program area 200a and the security chip 201;
s32, after the master chip 200 enters the boot loader area 200a and before a communication channel is established with the secure chip 201, the master chip 200 generates and transmits a random number to the secure chip in the boot loader area 200a;
s33, the starting bootstrap program area and the security chip generate a key based on the random number and the session key respectively, and generate a corresponding second key so as to establish a communication channel capable of enabling the two parties to communicate securely;
s34, the starting bootstrap program area and the security chip encrypt and decrypt the instruction and the data transmitted by the communication channel by using the second secret key respectively so as to protect the communication security between the security chip and the starting bootstrap program area.
Optionally, the boot loader of the boot loader area 200a has a random number generation function and a session key generation function, and the security chip 201 also has a corresponding session key generation function. In step S32, the master chip 20 calls a random number generation function to generate a random number and transmits the random number to the security chip 201, in step S33, the master chip 20 calls a session key generation function in the boot loader area 200a to generate a second key based on the random number and the session key generation key, and the security chip 201 calls a session key generation function inside thereof to generate a second key based on the random number and the session key generation key. The session key generation function is a key generation algorithm, which includes, but is not limited to, DES (Data Encryption Standard ) key algorithm, IDEA key algorithm (International Data Encryption Algorithm ), 3DES key algorithm (Triple DES, triple data encryption algorithm), RC2 key algorithm, RC4 key algorithm, or other key algorithm, which are well known to those skilled in the art, and the present application is not limited thereto. RC2 Key Algorithm and RC4 Key Algorithm variable Key Length encryption Algorithm designed by Ron rivest for RSA data Security Inc. (RSADI), where "RC" stands for "Ron's Code.
According to the safety protection method of the controller, under the condition that an external safety chip is required to exist, the performance requirement of the safety starting function on the main chip can be effectively reduced, and the safety starting function, the safety refreshing function and the on-chip safety communication function of the controller can be realized.
Referring to fig. 2, an embodiment of the present invention further provides a main chip 200 of the controller, which can be connected to an external security chip 201, and with the aid of the security chip 201, the above-mentioned security protection method of the controller is implemented. The security chip 201 has a first key and a first digital signature pre-stored therein.
The master chip 200 has a boot loader area 200a and an application area 200b.
The boot loader area 200a is configured to implement steps S11 to S13 described above, namely, specifically configured to: the start-up boot program is stored and started in the power-up process of the controller 20, the first key and the first digital signature can be obtained from the security chip 201, a corresponding verification digital signature is calculated according to the first key, and when the verification digital signature is matched with the first digital signature, the main chip 200 is allowed to completely run the start-up boot program, and after the start-up boot program is run, the main chip 200 is allowed to jump to the application program area 200b, so that the secure start-up of the controller 20 is realized.
The application area 200b is configured to store at least one application. Each application may be stored in a sub-application area (not shown), and different applications may have priority when run or refreshed by the main chip 200, and the main chip 200 may run or refresh the plurality of applications in the application area 200b in sequence according to the priority.
Optionally, an asymmetric public key is pre-stored in the boot loader area 200a, and an asymmetric private key is pre-stored in the application area 200b.
The application area 200b is further configured to implement the above step S21, namely, is further specifically configured to: and when the corresponding application program is generated, generating a second digital signature for marking the validity of the application program by using the asymmetric private key calculation. The boot loader area 200a is further configured to implement steps S22 to S24 described above, namely, is further specifically configured to: the second digital signature is obtained from the application area 200b, the asymmetric public key is adopted to carry out signature verification on the second digital signature, after the signature verification is passed, the application area 200b is safely refreshed, the first digital signature of the application area 200b after the safe refreshing is recalculated, and the first digital signature is updated into the security chip 201, so that the safe refreshing of the controller is completed.
Alternatively, session key generation keys are preset in the boot loader area 200a and the security chip 201, respectively.
The boot loader area 200a is further configured to implement the steps S31 to S34 described above, namely specifically configured to: before establishing a communication channel with the secure chip 201, a random number is generated and transmitted to the secure chip 201, a key is generated based on the random number and the session key, a second key for establishing the communication channel is generated, and after establishing the communication channel with the secure chip 201, instructions and data transmitted by the communication channel are encrypted and decrypted by using the second key to secure communication with the secure chip 201.
Optionally, the main chip 200 includes on-chip nonvolatile memory, and the boot loader area 200a and the application program area 200b are different storage areas of the on-chip nonvolatile memory.
Referring to fig. 2, the controller 20 according to an embodiment of the present invention includes a main chip 200 and a security chip 201 disposed outside the main chip 200. For specific structures and the like inside the main chip 200 and the security chip 201, please refer to the related descriptions above, and the detailed descriptions are omitted here.
In the foregoing embodiments, the descriptions of the embodiments are focused on, and for those portions of one embodiment that are not described in detail, reference may be made to the related descriptions of other embodiments.
The steps in the method of the embodiment of the invention can be sequentially adjusted, combined and deleted according to actual needs.
The modules in the terminal equipment of the embodiment of the invention can be combined, divided and deleted according to actual needs.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the corresponding technical solutions from the scope of the technical solutions of the embodiments of the present application.
Claims (10)
1. The controller is characterized by comprising a main chip and a security chip arranged outside the main chip, wherein the main chip comprises a starting bootstrap program area for storing a starting bootstrap program and an application program area for storing an application program, the security chip is connected with the main chip, and a first secret key and a first digital signature are prestored in the security chip; the safety protection method comprises the steps of safely starting the controller, and the step of safely starting the controller comprises the following steps:
during the power-on process of the controller, the main chip is started and enters the starting bootstrap area;
the master chip acquires the first key and the first digital signature from the security chip, and calculates a corresponding verification digital signature according to the first key;
and if the verification digital signature is matched with the first digital signature, the main chip completely operates a starting bootstrap program, and jumps to the application program area from the starting bootstrap program area after the starting bootstrap program is operated, so that the safe starting of the controller is completed.
2. The security method of claim 1, wherein the master chip obtains the first key and the first digital signature from the secure chip using corresponding functions in the boot loader area, calculates the check digital signature from the first key, and determines whether the check digital signature and the first digital signature match.
3. The method according to claim 1, wherein an asymmetric public key is pre-stored in the boot loader area, and an asymmetric private key corresponding to the asymmetric public key is pre-stored in the application program area; after safely starting the controller, the safety protection method further comprises safely refreshing the controller, and the step of safely refreshing the controller comprises the following steps:
when a corresponding application program is generated in the application program area, the main chip generates a second digital signature for marking the validity of the application program by using the asymmetric private key calculation;
the master chip reads the second digital signature and adopts the asymmetric public key to carry out signature verification on the second digital signature;
if the signature verification is passed, the main chip carries out security refreshing on the application program area;
and after the refreshing is successful, the master chip recalculates the first digital signature of the application program area after the secure refreshing, and updates the recalculated first digital signature into the secure chip so as to finish the secure refreshing of the controller.
4. A security method according to claim 3, wherein the master chip obtains the second digital signature from the application area using a corresponding function in the boot loader area, and uses the asymmetric public key to verify the signature of the second digital signature, and after the signature verification is passed, further security refreshes the application area.
5. The method of any of claims 1-4, further comprising securing communications between the secure chip and the boot strap area, and wherein securing communications between the secure chip and the boot strap area comprises:
respectively presetting a session key generation key in the starting bootstrap program area and the security chip;
after the master chip enters the boot strap area and before the communication channel is established, the master chip generates and transmits a random number to the security chip in the boot strap area;
the boot loader area and the security chip generate a key based on the random number and the session key respectively, and generate a corresponding second key to establish a communication channel capable of enabling both parties to communicate securely;
and the starting bootstrap program area and the security chip encrypt and decrypt the instruction and the data transmitted by the communication channel by using the second secret key respectively so as to protect the communication security between the security chip and the starting bootstrap program area.
6. The main chip of the controller is characterized in that the main chip is connected with an external security chip, a first key and a first digital signature are prestored in the security chip, wherein the main chip comprises a start-up bootstrap program area and an application program area, and the main chip comprises the following components:
the starting guide program area is configured to store a starting guide program, is started in the power-on process of the controller, can acquire the first secret key and the first digital signature from the security chip, calculates a corresponding check digital signature according to the first secret key, allows the main chip to completely run the starting guide program when the check digital signature is matched with the first digital signature, and allows the main chip to jump to the application program area after the starting guide program is run to achieve the safe starting of the controller;
the application area is configured to store an application.
7. The main chip of claim 6, wherein an asymmetric public key is pre-stored in the boot loader area, and an asymmetric private key is pre-stored in the application program area;
the application area is further configured to generate a second digital signature for marking the validity of the application by using the asymmetric private key calculation when generating the corresponding application;
the boot strap area is further configured to obtain the second digital signature from the application area, perform signature verification on the second digital signature by adopting the asymmetric public key, perform secure refreshing on the application area after signature verification is passed, and recalculate the first digital signature of the application area after secure refreshing, update the first digital signature into the secure chip to complete secure refreshing of the controller.
8. The master chip of claim 6 or 7, wherein session key generation keys are preset in the boot loader area and the secure chip, respectively;
the boot strap area is further configured to generate and transmit a random number to the secure chip before establishing a communication channel with the secure chip, generate a second key for establishing the communication channel based on the random number and the session key, and encrypt and decrypt instructions and data transmitted by the communication channel with the second key after establishing the communication channel with the secure chip to secure communication with the secure chip.
9. The master chip of claim 6, wherein the master chip includes on-chip non-volatile memory, the boot loader area and the application area being different storage areas of the on-chip non-volatile memory.
10. A controller comprising the master chip of any one of claims 6-9, and a security chip disposed external to and connected to the master chip.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110045398.0A CN112711761B (en) | 2021-01-12 | 2021-01-12 | Controller safety protection method, main chip of controller and controller |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110045398.0A CN112711761B (en) | 2021-01-12 | 2021-01-12 | Controller safety protection method, main chip of controller and controller |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112711761A CN112711761A (en) | 2021-04-27 |
| CN112711761B true CN112711761B (en) | 2024-03-19 |
Family
ID=75549036
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110045398.0A Active CN112711761B (en) | 2021-01-12 | 2021-01-12 | Controller safety protection method, main chip of controller and controller |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112711761B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113778061B (en) * | 2021-09-16 | 2023-03-28 | 广州锦红源电子科技有限公司 | Method and device for verifying program integrity of electronic controller and electronic controller |
| CN114764347A (en) * | 2022-04-14 | 2022-07-19 | 重庆长安汽车股份有限公司 | Program verification system and method of multi-core controller and storage medium |
| CN115766014A (en) * | 2022-05-19 | 2023-03-07 | 惠州市德赛西威汽车电子股份有限公司 | Controller safety management method and device, vehicle and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103226482A (en) * | 2013-03-22 | 2013-07-31 | 深圳市九洲电器有限公司 | Method and device for guiding and starting set top box |
| WO2020037612A1 (en) * | 2018-08-23 | 2020-02-27 | 深圳市汇顶科技股份有限公司 | Embedded program secure boot method, apparatus and device, and storage medium |
-
2021
- 2021-01-12 CN CN202110045398.0A patent/CN112711761B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103226482A (en) * | 2013-03-22 | 2013-07-31 | 深圳市九洲电器有限公司 | Method and device for guiding and starting set top box |
| WO2020037612A1 (en) * | 2018-08-23 | 2020-02-27 | 深圳市汇顶科技股份有限公司 | Embedded program secure boot method, apparatus and device, and storage medium |
| CN111095213A (en) * | 2018-08-23 | 2020-05-01 | 深圳市汇顶科技股份有限公司 | Safe booting method, device, equipment and storage medium of embedded program |
Non-Patent Citations (1)
| Title |
|---|
| 嵌入式控制软件保密性设计研究与应用;戴计生;王成杰;李益;陈俊波;李程;;机车电传动(第05期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112711761A (en) | 2021-04-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112711761B (en) | Controller safety protection method, main chip of controller and controller | |
| US10708062B2 (en) | In-vehicle information communication system and authentication method | |
| US7058806B2 (en) | Method and apparatus for secure leveled access control | |
| US20080082828A1 (en) | Circuit arrangement and method for starting up a circuit arrangement | |
| CN107743067B (en) | Method, system, terminal and storage medium for issuing digital certificate | |
| CN110621014B (en) | Vehicle-mounted equipment, program upgrading method thereof and server | |
| CN103166759A (en) | Method and apparatus for secure firmware download using diagnostic link connector (dlc) and onstar system | |
| EP1346511A1 (en) | A platform and method for securely transmitting authorization data | |
| CN108200078B (en) | Downloading and installing method of signature authentication tool and terminal equipment | |
| WO2008122171A1 (en) | A security pilot method and a system thereof, code signature construction method and authentication method | |
| US20170111332A1 (en) | Method and system for asymmetric key derivation | |
| CN111177709A (en) | Execution method and device of terminal trusted component and computer equipment | |
| JP2017011491A (en) | Authentication system | |
| US20220182248A1 (en) | Secure startup method, controller, and control system | |
| KR20210054857A (en) | Apparatus and method for in-vehicle network communication | |
| CN111901109A (en) | White-box-based communication method, device, equipment and storage medium | |
| CN112861137A (en) | Secure firmware | |
| CN114867011A (en) | Vehicle-mounted data transmission device and method, vehicle and vehicle-mounted data transmission system | |
| CN117063174A (en) | Security module and method for inter-app trust through app-based identity | |
| CN110858246B (en) | Authentication method and system of security code space, and registration method thereof | |
| CN115361168B (en) | Data encryption method, device, equipment and medium | |
| US20230327883A1 (en) | Vehicle bootloader authentication system | |
| CN116015976A (en) | Data encryption transmission method and device | |
| US20230297695A1 (en) | Secure generation of pairing keys | |
| CN112613030A (en) | Credible safe starting method and system based on Internet of things gas meter |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |