CN113177201A - Program checking and signing method and device and SOC chip - Google Patents
Program checking and signing method and device and SOC chip Download PDFInfo
- Publication number
- CN113177201A CN113177201A CN202110554170.4A CN202110554170A CN113177201A CN 113177201 A CN113177201 A CN 113177201A CN 202110554170 A CN202110554170 A CN 202110554170A CN 113177201 A CN113177201 A CN 113177201A
- Authority
- CN
- China
- Prior art keywords
- program
- key
- chip
- started
- signature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F15/00—Digital computers in general; Data processing equipment in general
- G06F15/76—Architectures of general purpose stored program computers
- G06F15/78—Architectures of general purpose stored program computers comprising a single central processing unit
- G06F15/7807—System on chip, i.e. computer system on a single chip; System in package, i.e. computer system on one or more chips in a single package
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
Abstract
The application provides a program verification method and device, a program signature method and device, an SOC chip, an electronic device and a storage medium. The program checking method comprises the following steps: loading a program to be started to a chip internal memory; signature verification is carried out on the program to be started by using a signature verification key obtained from the inside of the chip; if the signature verification fails, refusing to start the program to be started; and if the signature verification is passed, allowing the program to be started. The application can realize the check of the program to be started in the chip, can reduce the data interaction with an external memory, and realizes the acceleration of a hardware layer, thereby effectively improving the program check efficiency.
Description
Technical Field
The present application relates to the field of chip technologies, and in particular, to a program verification method and apparatus, a program signature method and apparatus, an SOC chip, an electronic device, and a storage medium.
Background
SOC is an abbreviation for System on Chip, with the transliteration being "System-on-Chip", often simply "System-on-Chip", which is an integrated circuit containing a processor, memory, and on-Chip logic.
For the SOC chip, after the processor is released from reset for some reason, a value-taking operation instruction is started from a designated address to establish a target software execution environment, which is called BOOT. In the BOOT process, signature verification needs to be carried out on a program to be started, the signature verification process comprises a large amount of large digital-analog operation, the SOC chip needs to continuously exchange a large amount of data with an external memory, on one hand, signature verification efficiency can be reduced, and on the other hand, the risk of data leakage exists.
In view of the above, it is desirable to provide a program verification scheme with higher efficiency and better security.
Disclosure of Invention
An object of the embodiments of the present application is to provide a program verification method and apparatus, a program signature method and apparatus, an SOC chip, an electronic device, and a storage medium, so as to at least solve the problem of low program verification efficiency and security at present.
In order to solve the above technical problem, an embodiment of the present application provides the following technical solutions:
a first aspect of the present application provides a program checking method, where the method includes: loading a program to be started to a chip internal memory; signature verification is carried out on the program to be started by using a signature verification key obtained from the inside of the chip; if the signature verification fails, refusing to start the program to be started; and if the signature verification is passed, allowing the program to be started.
In some modified embodiments of the first aspect of the present application, the program to be started includes a BootLoader and/or external software.
In some modified embodiments of the first aspect of the present application, the program to be started includes a BootLoader and external software; the signature verification of the program to be started by using the signature verification key obtained from the inside of the chip comprises the following steps: and utilizing a signature verification key obtained from the inside of the chip to sequentially carry out signature verification on the BootLoader and the external software, wherein if any verification fails, the verification of the whole signature is judged to fail.
In some modified embodiments of the first aspect of the present application, the signing and verifying the program to be started by using the signature key obtained from inside of the chip includes: extracting a data field and a signature field of the program to be started; calculating a first digital abstract corresponding to the data field; decrypting the signature field by using a signature verification key acquired from the inside of the chip to obtain a second digital digest; if the first digital abstract is the same as the second digital abstract, the signature verification is passed; and if the first digital abstract is not the same as the second digital abstract, the signature verification is not passed.
In some variations of the first aspect of the present application, the signature verification key comprises a public key generated using an asymmetric cryptographic algorithm.
In some variations of the first aspect of the present application, the asymmetric encryption algorithm comprises an elliptic curve cryptography ECC encryption algorithm.
In some modified embodiments of the first aspect of the present application, before the signature verification of the program to be started by using the signature verification key obtained from inside of the chip, the method further includes: reading a prestored first coordinate value from an electronic fuse eFuse inside the chip, wherein the first coordinate value is a part of a signature verification key based on an ECC encryption algorithm; calculating a second coordinate value corresponding to the first coordinate value by adopting a curve equation corresponding to the ECC encryption algorithm; and determining the signature verification key according to the first coordinate value and the second coordinate value.
In some modified embodiments of the first aspect of the present application, before the signature verification of the program to be started by using the signature verification key obtained from inside of the chip, the method further includes: and reading a pre-stored signature verification key from the eFuse inside the chip.
In some modified embodiments of the first aspect of the present application, before the loading the program to be started to the chip internal memory, the method further includes: acquiring encrypted data of a program to be started from an external memory, wherein the program to be started is encrypted and then stored in the external memory; and decrypting the encrypted data of the program to be started by adopting a read-write secret key prestored in the chip to obtain the program to be started.
In some modified embodiments of the first aspect of the present application, the decrypting the encrypted to-be-started program data by using a read-write key pre-stored in the chip includes: and decrypting the encrypted program data to be started by adopting a read-write key prestored in the eFuse inside the chip.
In some variations of the first aspect of the present application, the read-write key comprises a symmetric key for symmetric encryption and decryption.
In some variations of the first aspect of the present application, the chip comprises a system-on-chip SOC chip.
A second aspect of the present application provides a program signing method, the method comprising: determining a program to be started for running on a chip; generating a digital signature of the program to be started based on a signature key; and storing the signature verification key corresponding to the signature key into the chip so as to conveniently carry out signature verification on the digital signature of the program to be started in the chip.
In some modified embodiments of the second aspect of the present application, the program to be booted includes a BootLoader and/or external software.
In some variations of the second aspect of the present application, the signing key comprises a private key generated using an asymmetric cryptographic algorithm, and the signing key comprises a public key generated using an asymmetric cryptographic algorithm.
In some variations of the second aspect of the present application, the asymmetric encryption algorithm comprises an elliptic curve cryptography ECC encryption algorithm.
In some modified embodiments of the second aspect of the present application, the storing a signature verification key corresponding to the signature key into the chip includes: and burning a first coordinate value of the signature verification key corresponding to the signature key into an eFuse inside the chip, so that the chip calculates a second coordinate value corresponding to the first coordinate value according to a curve equation corresponding to the ECC encryption algorithm, and determines the signature verification key according to the first coordinate value and the second coordinate value, wherein the first coordinate value is a part of the signature verification key based on the ECC encryption algorithm.
In some modified embodiments of the second aspect of the present application, the storing a signature verification key corresponding to the signature key into the chip includes: and programming the signature verification key corresponding to the signature key into an eFuse inside the chip.
In some variations of the second aspect of the present application, the method further comprises: acquiring a read-write key aiming at an external memory, wherein the read-write key is used for encrypting or decrypting data written in or read out of the external memory; and programming the read-write key into an eFuse inside the chip.
In some variations of the second aspect of the application, the read-write key comprises a symmetric key for symmetric encryption and decryption.
In some variations of the second aspect of the present application, the method further comprises: and setting a designated electronic bit outside the key storage area in the eFuse to a designated state, so that the key storage area prohibits external software from reading and writing.
In some modified embodiments of the second aspect of the present application, the chip comprises a system on chip SOC chip.
A third aspect of the present application provides a program verifying apparatus, the apparatus comprising: the internal loading module is used for loading a program to be started to the internal memory of the chip; the signature verification module is used for performing signature verification on the program to be started by using a signature verification key acquired from the inside of the chip; the starting refusing module is used for refusing to start the program to be started if the signature verification fails; and the starting permission module is used for permitting the program to be started if the signature verification passes.
In some variations of the third aspect of the present application, the program to be booted includes a BootLoader and/or external software.
In some modified embodiments of the third aspect of the present application, the program to be started includes a BootLoader and external software; the signature verification module comprises: and the sequential verification unit is used for sequentially performing signature verification on the BootLoader and the external software by using a signature verification key acquired from the inside of the chip, wherein if any one verification fails, the verification of the whole signature is judged to fail.
In some variations of the third aspect of the present application, the signature verification module includes: the field extraction unit is used for extracting the data field and the signature field of the program to be started; the digital abstract calculating unit is used for calculating a first digital abstract corresponding to the data field; the digital digest decryption unit is used for decrypting the signature field by using a signature verification key acquired from the inside of the chip to obtain a second digital digest; the digest same processing unit is used for verifying the signature if the first digital digest is the same as the second digital digest; and the digest difference processing unit is used for judging that the signature verification is not passed if the first digital digest is different from the second digital digest.
In some variations of the third aspect of the present application, the signing key comprises a public key generated using an asymmetric cryptographic algorithm.
In some variations of the third aspect of the present application, the asymmetric encryption algorithm comprises an elliptic curve cryptography ECC encryption algorithm.
In some variations of the third aspect of the present application, the apparatus further comprises: the partial key reading module is used for reading a prestored first coordinate value from an electronic fuse eFuse inside the chip, and the first coordinate value is a part of a signature verification key based on an ECC (error correction code) encryption algorithm; the partial key calculation module is used for calculating a second coordinate value corresponding to the first coordinate value by adopting a curve equation corresponding to the ECC encryption algorithm; and the complete key determining module is used for determining the signature verification key according to the first coordinate value and the second coordinate value.
In some variations of the third aspect of the present application, the apparatus further comprises: and the complete key reading module is used for reading a pre-stored signature verification key from the eFuses inside the chip.
In some variations of the third aspect of the present application, the apparatus further comprises: the external data reading module is used for acquiring encrypted data of the program to be started from an external memory, wherein the program to be started is encrypted and then stored in the external memory; and the external data decryption module is used for decrypting the encrypted program data to be started by adopting a read-write secret key prestored in the chip to obtain the program to be started.
In some variations of the third aspect of the present application, the external data decryption module includes: and the read-write key decryption unit is used for decrypting the encrypted program data to be started by adopting a read-write key prestored in the eFuse inside the chip.
In some variations of the third aspect of the present application, the read-write key comprises a symmetric key for symmetric encryption and decryption.
In some variations of the third aspect of the present application, the chip comprises a system-on-chip SOC chip.
A fourth aspect of the present application provides a program signing apparatus, comprising: the program determining module is used for determining a program to be started for running on the chip; the program signature module is used for generating a digital signature of the program to be started based on the signature key; and the key storage module is used for storing the signature verification key corresponding to the signature key into the chip so as to conveniently carry out signature verification on the program to be started in the chip.
In some variations of the fourth aspect of the present application, the program to be booted includes a BootLoader and/or external software.
In some variations of the fourth aspect of the present application, the signing key comprises a private key generated using an asymmetric cryptographic algorithm, and the signing key comprises a public key generated using an asymmetric cryptographic algorithm.
In some variations of the fourth aspect of the present application, the asymmetric encryption algorithm comprises an elliptic curve cryptography ECC encryption algorithm.
In some modified embodiments of the fourth aspect of the present application, the key storage module includes: and the partial key programming unit is used for programming a first coordinate value of the signature verification key corresponding to the signature key into an eFuse inside the chip, so that the chip calculates a second coordinate value corresponding to the first coordinate value according to a curve equation corresponding to the ECC encryption algorithm, and determines the signature verification key according to the first coordinate value and the second coordinate value, wherein the first coordinate value is a part of the signature verification key based on the ECC encryption algorithm.
In some modified embodiments of the fourth aspect of the present application, the key storage module includes: and the complete key programming unit is used for programming the signature verification key corresponding to the signature key into the eFuse inside the chip.
In some variations of the fourth aspect of the present application, the apparatus further comprises: the device comprises a read-write key acquisition module, a read-write key acquisition module and a read-write key generation module, wherein the read-write key acquisition module is used for acquiring a read-write key aiming at an external memory, and the read-write key is used for encrypting or decrypting data written in or read out from the external memory; and the read-write key programming module is used for programming the read-write key into the eFuse inside the chip.
In some variations of the fourth aspect of the present application, the read-write key comprises a symmetric key for symmetric encryption and decryption.
In some variations of the fourth aspect of the present application, the apparatus further comprises: and the read-write forbidding setting module is used for forbidding external software read-write in the key storage area by setting the designated electronic bit outside the key storage area in the eFuse to be in a designated state.
In some modified embodiments of the fourth aspect of the present application, the chip comprises a system on chip SOC chip.
A fifth aspect of the present application provides an SOC chip, wherein the SOC chip performs signature verification on a program to be started by using the method of the first aspect of the present application.
A sixth aspect of the present application provides an electronic device, comprising: memory, a processor and a computer program stored on the memory and executable on the processor, the processor executing when executing the computer program to implement the method of the first or second aspect of the application.
A seventh aspect of the present application provides a computer readable storage medium having computer readable instructions stored thereon which are executable by a processor to implement the method of the first or second aspect of the present application.
In a program checking method provided in a first aspect of the present application, a program to be started is loaded into an internal memory of a chip; signature verification is carried out on the program to be started by using a signature verification key obtained from the inside of the chip; if the signature verification fails, refusing to start the program to be started; and if the signature verification is passed, allowing the program to be started. In addition, because the signature verification process is executed in the chip, and the verification key used for verification is also stored in the chip, the safety can be effectively improved.
The program signature method provided by the second aspect, the program verification device provided by the third aspect, the program signature device provided by the fourth aspect, the SOC chip provided by the fifth aspect, the electronic device provided by the sixth aspect, and the computer-readable storage medium provided by the seventh aspect of the present application are based on the same inventive concept, and have the same beneficial effects as the program verification method provided by the first aspect of the present application.
Drawings
The above and other objects, features and advantages of exemplary embodiments of the present application will become readily apparent from the following detailed description read in conjunction with the accompanying drawings. Several embodiments of the present application are illustrated by way of example and not by way of limitation in the figures of the accompanying drawings and in which like reference numerals refer to similar or corresponding parts and in which:
FIG. 1 schematically illustrates an overall flow diagram of a chip signature and verification provided by some embodiments of the present application;
FIG. 2 schematically illustrates a flow chart of a program verification method provided by some embodiments of the present application;
FIG. 3 schematically illustrates a schematic view of a multiple-test signature provided by some embodiments of the present application;
FIG. 4 schematically illustrates a schematic diagram of the encryption and decryption of external memory data provided by some embodiments of the present application;
FIG. 5 schematically illustrates a schematic diagram of a program verification device provided in some embodiments of the present application;
FIG. 6 schematically illustrates a flow chart of a program signing method provided by some embodiments of the present application;
FIG. 7 schematically illustrates a schematic diagram of a program signing apparatus provided in some embodiments of the present application;
FIG. 8 schematically illustrates a schematic view of an electronic device provided by some embodiments of the present application;
FIG. 9 schematically illustrates a schematic diagram of a computer-readable storage medium provided by some embodiments of the present application.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
It is to be noted that, unless otherwise specified, technical or scientific terms used herein shall have the ordinary meaning as understood by those skilled in the art to which this application belongs.
In addition, the terms "first" and "second", etc. are used to distinguish different objects, rather than to describe a particular order. Furthermore, the terms "include" and "have," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements listed, but may alternatively include other steps or elements not listed, or inherent to such process, method, article, or apparatus.
For convenience of understanding, the overall technical concept of the embodiment of the present application is briefly described as follows with reference to fig. 1, as shown in fig. 1, which schematically illustrates an overall flowchart of a chip signing and verifying provided by some embodiments of the present application, before a chip leaves a factory, a chip supplier may specifically sign a program for each chip demander, where the signed program may be a BootLoader, or external software (e.g., operating system software or other software) that the chip demander needs to run on the chip, or both the BootLoader and the external software may be signed, and the steps may include:
s201: determining a program to be started for running on a chip;
s202: generating a digital signature of the program to be started based on a signature key;
s203: and storing the signature verification key corresponding to the signature key into the chip so as to conveniently carry out signature verification on the digital signature of the program to be started in the chip.
Then, the signed program to be started and the chip with the stored verification key can be provided for the chip demander.
After the chip leaves the factory, in the process of using the chip by a chip demander and a downstream user, when the chip has a BOOT, a signature verification key stored in the chip is required to be used for signature verification of a program to be started running on the chip, and the steps may include:
s101: loading a program to be started to a chip internal memory;
s102: signature verification is carried out on the program to be started by using a signature verification key obtained from the inside of the chip;
s103: if the signature verification fails, refusing to start the program to be started;
s104: and if the signature verification is passed, allowing the program to be started.
Based on the steps, the verification of the program to be started can be realized in the chip, the data interaction with an external memory can be reduced, the acceleration of a hardware layer is realized, and the program verification efficiency is effectively improved. In addition, because the signature verification process is executed in the chip, and the verification key used for verification is also stored in the chip, the security can be effectively improved.
The chip demander can only run the self to-be-started program on the chip provided by the chip demander, thereby playing the effect of preventing goods from being mixed and avoiding the delivery of the agent with low goods taking price for the agent with high goods taking price.
On the basis of the above technical concept, embodiments of the present application provide a program verification method and apparatus, a program signature method and apparatus, an SOC chip, an electronic device, and a storage medium, so as to at least solve the problem of low program verification efficiency and security at present. The following description is made by way of example with reference to the accompanying drawings.
Referring to fig. 2, which schematically illustrates a flowchart of a program verification method provided in some embodiments of the present application, as shown in fig. 2, a program verification method may include the following steps:
s101: loading a program to be started to a chip internal memory;
s102: signature verification is carried out on the program to be started by using a signature verification key obtained from the inside of the chip;
s103: if the signature verification fails, refusing to start the program to be started;
s104: and if the signature verification is passed, allowing the program to be started.
The program verification method provided by the embodiment of the application can at least obtain the following beneficial effects: loading a program to be started to a chip internal memory; signature verification is carried out on the program to be started by using a signature verification key obtained from the inside of the chip; if the signature verification fails, refusing to start the program to be started; and if the signature passes the verification, the program to be started is allowed to be started, so that the verification of the program to be started is realized in the chip, the data interaction with an external memory can be reduced, the acceleration of a hardware layer is realized, and the program verification efficiency is effectively improved. In addition, because the signature verification process is executed in the chip, and the verification key used for verification is also stored in the chip, the security can be effectively improved.
The program checking method can be realized based on Boot ROM (or Boot ROM) which is a small mask ROM or a write-protection flash memory embedded in a processor chip. It contains the first code that the processor executes upon power-up or reset. Depending on the configuration of certain ribbon pins or internal electronic fuses, it may be decided where to load the next portion of code to be executed from and how or whether to verify its correctness or validity.
The chip may be an SOC chip, or a chip such as a microcontroller with a processor and a memory integrated therein, which may all use the method provided in the embodiments of the present application.
The internal Memory may be a readable and writable Memory integrated on a chip, such as a Static Random-Access Memory (SRAM), for temporarily storing data of a program to be started, which needs to be checked.
In addition, the program to be started may be a BootLoader, or may also be external software (for example, operating system software or other software) that needs to be run on the chip by the chip requirement side, or may include both the BootLoader and the external software.
If the to-be-started program includes a BootLoader and external software, the signing and verifying the to-be-started program by using a signature verification key obtained from the inside of the chip (step S102) may include: and utilizing a signature verification key obtained from the inside of the chip to sequentially carry out signature verification on the BootLoader and the external software, wherein if any verification fails, the verification of the whole signature is judged to fail.
The above process of signature verification may be understood as multiple signatures (signature verification is abbreviated as "signature verification"), please refer to fig. 3, which schematically illustrates a schematic diagram of multiple signatures provided by some embodiments of the present application. As shown in fig. 3, the Boot ROM may first load a signed Boot loader into the internal memory SRAM, perform signature verification on the signed Boot loader, if the item fails to be verified, it is not necessary to check the subsequent items (e.g., external software), and may immediately terminate the multiple signature verification process and determine that the entire signature verification fails, and refuse to start the program to be started; and if the verification passes, then performing signature verification on subsequent projects, wherein if a plurality of subsequent projects exist, the signature verification also needs to be performed in sequence, if any one of the subsequent projects fails, stopping the multiple signature verification process, judging that the overall signature verification fails, refusing to start the program to be started, and if all the projects pass the signature verification, judging that the overall signature verification passes, and allowing the program to be started.
Through the embodiment, the verification of the whole signature can be judged to be failed when any one verification is found to be failed, and the subsequent meaningless signature verification work on other items is avoided, so that the signature verification efficiency is integrally improved.
In order to speed up the BOOT process, only signature verification of BootLoader may be performed, that is, the program to be booted may be BootLoader, and the step S102 performs signature verification on the program to be booted by using a signature verification key obtained from the inside of the chip, which may include: and utilizing a signature verification key obtained from the inside of the chip to carry out signature verification on the BootLoader. Because external software is generally great, if also checking the label to external software, can increase the chip load, reduce whole efficiency of checking the label, consequently, through only checking the label to BootLoader and not checking the label to external software, can effectively improve whole efficiency of checking the label, and then improve BOOT efficiency.
For any one signature verification project (such as BootLoader or external software), a more specific signature verification process may include the following steps: extracting a data field and a signature field of the program to be started; calculating a first digital abstract corresponding to the data field; decrypting the signature field by using a signature verification key acquired from the inside of the chip to obtain a second digital digest; if the first digital abstract is the same as the second digital abstract, the signature verification is passed; and if the first digital abstract is not the same as the second digital abstract, the signature verification is not passed.
This test and sign flow is similar with current test and sign flow, and concrete process is no longer repeated, and its difference mainly lies in that the test and sign secret key is obtained from chip inside, and the process of testing the sign also realizes in chip inside, can effectively improve and test and sign efficiency and security.
In addition, the signature key and the signature verification key related in the embodiment of the present application may be symmetric keys generated by using a symmetric encryption algorithm, or public and private keys generated by using an asymmetric encryption algorithm. In order to improve the difficulty of the decryption, a public and private key generated by an asymmetric encryption algorithm is preferably used as a signature key and a signature verification key, wherein the signature key is a private key, and the signature verification key is a public key.
For the asymmetric encryption Algorithm, an embodiment of the present application is not limited, and the asymmetric encryption Algorithm may be implemented by any asymmetric encryption Algorithm provided in the prior art, and considering that an Elliptic Curve Cryptography (ECC) ECC encryption Algorithm may use a smaller key to obtain higher security, the present application preferably uses an ECC encryption Algorithm, where the ECC encryption Algorithm is not limited to an Elliptic Curve Digital Signature Algorithm (ECDSA), and may also be implemented by another Signature verification Algorithm based on ECC, and an embodiment of the present application is not limited.
In consideration of safety and avoiding the erasing and writing tampering of the signature verification key in the chip by the chip demanding side, in the embodiment of the application, the signature verification key can be burnt in an electronic fuse eFuse in the chip before the chip leaves a factory, the eFuse is a one-time programmable memory, also called as an electronic fuse or an electronic fuse, information can be written in the eFuse before the chip leaves the factory, the electronic bits are all 1 initially, and when the eFuse and the eFuse can only change 1 into 0 once, so that the one-time programming is realized, and the signature verification key is prevented from being tampered by the chip demanding side after the chip leaves the factory.
Because the storage capacity of the eFuses is small, for example, 128bit, 256bit, etc., the application correspondingly adopts an ECC encryption algorithm to generate a small signature verification key that can be stored in the eFuses. Considering that the efuses need to store other information, in order to avoid that the signature verification key occupies more storage space, in the embodiment of the present application, in combination with the characteristics of the ECC encryption algorithm, a part (for example, a first coordinate value x) of the signature verification key based on the ECC encryption algorithm may be stored in the efuses, and when signature verification is performed, a corresponding second coordinate value y is calculated by using the elliptic curve according to the first coordinate value x, and then the signature verification key is determined by using the first coordinate value x and the second coordinate value y, thereby further reducing the occupied space of the signature verification key.
Corresponding to the above, before the signature verification of the program to be started by using the signature verification key obtained from the inside of the chip (step S102), the method further includes: reading a prestored first coordinate value from an electronic fuse eFuse inside the chip, wherein the first coordinate value is a part of value of a signature verification key based on an ECC encryption algorithm, and the first coordinate value is a part of the signature verification key based on the ECC encryption algorithm; calculating a second coordinate value corresponding to the first coordinate value by adopting a curve equation corresponding to the ECC encryption algorithm; and determining the signature verification key according to the first coordinate value and the second coordinate value.
As a modified implementation of the foregoing implementation, a complete signature verification key may be stored in the eFuse, and accordingly, before performing signature verification on the program to be started by using the signature verification key obtained from inside of the chip (step S120), the method further includes: and reading a pre-stored signature verification key from the eFuse inside the chip.
The embodiment has the advantages that the step of calculating the second coordinate value to restore the signature verification key in the signature verification process can be reduced, and the overall signature verification efficiency can be improved.
The program to be started used by the chip demander is stored in an external memory, which refers to a memory outside the chip and may include, but is not limited to, a memory such as Flash, RAM, ROM, and the like. In the prior art, data of a program to be started is stored in an external memory in a plaintext form, and there is a risk of data leakage. To this end, please refer to fig. 4 for understanding, fig. 4 schematically illustrates a schematic diagram of the principle of encrypting and decrypting data of the external memory according to some embodiments of the present application, and as shown in fig. 4, in an embodiment of the present application, an encryption and decryption module may be additionally disposed in a bus (e.g., an AHB bus and an APB bus) connected to the external memory, so as to selectively encrypt or decrypt data written into or read from the external memory, so that data that needs to be prevented from being leaked (e.g., data of a program to be started) can be encrypted and stored, thereby preventing risk of data leakage. Correspondingly, before the loading the program to be started to the chip internal memory (step S101), the method further includes: acquiring encrypted data of a program to be started from an external memory, wherein the program to be started is encrypted and then stored in the external memory; and decrypting the encrypted data of the program to be started by adopting a read-write secret key prestored in the chip to obtain the program to be started.
The read-write secret key can be realized by adopting a symmetric secret key for symmetric encryption and decryption, and the symmetric encryption algorithm has the characteristics of high speed, high efficiency and convenient realization, so that the speed of reading data from an external memory and writing data in the external memory can be ensured not to be greatly influenced, and the data transmission speed is ensured to meet the use requirement.
In addition, the above-mentioned read-write key may also be stored in an eFuse to avoid tampering with the read-write key by a chip requiring party, and correspondingly, the above-mentioned decrypting the encrypted program data to be started by using the read-write key pre-stored in the chip may include: and decrypting the encrypted program data to be started by adopting a read-write key prestored in the eFuse inside the chip.
By writing the read-write key into the eFuse, the read-write key can be prevented from being cracked and tampered by a chip demand side or a downstream user side after leaving a factory, and the safety of data in the external memory is ensured.
The symmetric encryption algorithm may include, but is not limited to, AES, IDEA, and the like, and the embodiment of the present application is not limited.
In the foregoing embodiment, a program checking method is provided, and correspondingly, the present application further provides a program checking apparatus. The program checking device provided by the embodiment of the application can implement the program checking method, and the program checking device can be implemented by software, hardware or a combination of software and hardware. For example, the program checking means may comprise integrated or separate functional modules or units for performing the corresponding steps of the above-described methods. Please refer to fig. 5, which schematically illustrates a schematic diagram of a program verifying apparatus according to some embodiments of the present application. Since the apparatus embodiments are substantially similar to the method embodiments, they are described in a relatively simple manner, and reference may be made to some of the descriptions of the method embodiments for relevant points. The device embodiments described below are merely illustrative.
As shown in fig. 5, an embodiment of the present application provides a program verifying apparatus 10, where the apparatus 10 includes: the internal loading module 101 is used for loading a program to be started to the internal memory of the chip; the signature verification module 102 is configured to perform signature verification on the program to be started by using a signature verification key obtained from the inside of the chip; the start refusing module 103 is used for refusing to start the program to be started if the signature verification fails; and the starting permission module 104 is used for allowing the program to be started if the signature verification is passed.
In some variations of the embodiments of the present application, the program to be started includes a BootLoader and/or external software.
In some modified embodiments of the embodiment of the present application, the program to be started includes a BootLoader and external software; the signature verification module 102 includes: and the sequential verification unit is used for sequentially performing signature verification on the BootLoader and the external software by using a signature verification key acquired from the inside of the chip, wherein if any one verification fails, the verification of the whole signature is judged to fail.
In some variations of the embodiments of the present application, the signature verification module 102 includes: the field extraction unit is used for extracting the data field and the signature field of the program to be started; the digital abstract calculating unit is used for calculating a first digital abstract corresponding to the data field; the digital digest decryption unit is used for decrypting the signature field by using a signature verification key acquired from the inside of the chip to obtain a second digital digest; the digest same processing unit is used for verifying the signature if the first digital digest is the same as the second digital digest; and the digest difference processing unit is used for judging that the signature verification is not passed if the first digital digest is different from the second digital digest.
In some variations of embodiments of the present application, the signature verification key includes a public key generated by an asymmetric encryption algorithm.
In some variations of embodiments of the present application, the asymmetric encryption algorithm comprises an elliptic curve cryptography ECC encryption algorithm.
In some variations of the embodiments of the present application, the apparatus 10 further comprises: the partial key reading module is used for reading a prestored first coordinate value from an electronic fuse eFuse inside the chip, and the first coordinate value is a part of a signature verification key based on an ECC (error correction code) encryption algorithm; the partial key calculation module is used for calculating a second coordinate value corresponding to the first coordinate value by adopting a curve equation corresponding to the ECC encryption algorithm; and the complete key determining module is used for determining the signature verification key according to the first coordinate value and the second coordinate value.
In some variations of the embodiments of the present application, the apparatus 10 further comprises: and the complete key reading module is used for reading a pre-stored signature verification key from the eFuses inside the chip.
In some variations of the embodiments of the present application, the apparatus 10 further comprises: the external data reading module is used for acquiring encrypted data of the program to be started from an external memory, wherein the program to be started is encrypted and then stored in the external memory; and the external data decryption module is used for decrypting the encrypted program data to be started by adopting a read-write secret key prestored in the chip to obtain the program to be started.
In some variations of the embodiments of the present application, the external data decryption module includes: and the read-write key decryption unit is used for decrypting the encrypted program data to be started by adopting a read-write key prestored in the eFuse inside the chip.
In some variations of the embodiments of the present application, the read-write key includes a symmetric key for symmetric encryption and decryption.
In some variations of embodiments of the present application, the chip comprises a system on a chip SOC chip.
The program verifying apparatus 10 provided in the embodiment of the present application and the program verifying method provided in the foregoing embodiment of the present application have the same inventive concept and the same beneficial effects, and are not described herein again.
Based on the same technical concept as the program verification method, an embodiment of the present application further provides a program signature method, and the following embodiment of the program signature method may be understood with reference to the foregoing description of the embodiment of the program verification method, and a part of the contents are not described again. Referring to fig. 6, which schematically illustrates a flowchart of a program signing method provided in some embodiments of the present application, as shown in fig. 6, a program signing method may include the following steps:
s201: determining a program to be started for running on a chip;
s202: generating a digital signature of the program to be started based on a signature key;
s203: and storing the signature verification key corresponding to the signature key into the chip so as to conveniently carry out signature verification on the digital signature of the program to be started in the chip.
The program verification method provided by the embodiment of the application can at least obtain the following beneficial effects: after the program to be started is digitally signed, the signature verification key corresponding to the signature key is stored in the chip, so that signature verification of the digital signature of the program to be started in the chip can be ensured in the subsequent program verification process, and the program verification efficiency and safety are improved.
The chip may include a system on chip SOC chip, and the program to be started may include a boot loader BootLoader and/or external software.
In some embodiments, the signing key may comprise a private key generated using an asymmetric cryptographic algorithm, and the signing key comprises a public key that may be generated using an asymmetric cryptographic algorithm.
Additionally, the asymmetric encryption algorithm may include an elliptic curve cryptography ECC encryption algorithm.
Correspondingly, the storing the signature verification key corresponding to the signature key into the chip (step S203) may include: and burning a first coordinate value of the signature verification key corresponding to the signature key into an eFuse inside the chip, so that the chip calculates a second coordinate value corresponding to the first coordinate value according to a curve equation corresponding to the ECC encryption algorithm, and determines the signature verification key according to the first coordinate value and the second coordinate value, wherein the first coordinate value is a part of the signature verification key based on the ECC encryption algorithm.
As a modified implementation of the foregoing implementation, the storing the entire signature verification key in the eFuse, and correspondingly, the storing the signature verification key corresponding to the signature key in the chip (step S203) may include: and programming the signature verification key corresponding to the signature key into an eFuse inside the chip.
In addition, considering the problem of data security of the external memory, the embodiment of the present application may further encrypt the data in the external memory by using the read-write key, and accordingly, the method may further include: acquiring a read-write key aiming at an external memory, wherein the read-write key is used for encrypting or decrypting data written in or read out of the external memory; and programming the read-write key into an eFuse inside the chip.
The read-write key may include a symmetric key for symmetric encryption and decryption.
On the basis of any of the above embodiments, the method may further include: and setting a designated electronic bit outside the key storage area in the eFuse to a designated state, so that the key storage area prohibits external software from reading and writing.
For example, the designated electronic bit may be set to a designated state "0", and when there is an external software to access the signature verification key or the read/write key stored in the key storage region, it is first determined whether the state of the designated electronic bit is the designated state "0", and if so, the external software is prohibited from reading and writing. By the embodiment, the key in the eFuse can be prevented from being tampered and read, and the safety of the scheme is improved.
In the above embodiments, a program signing method is provided, and correspondingly, the present application also provides a program signing apparatus. The program signing device provided by the embodiment of the application can implement the program signing method, and the program signing device can be implemented by software, hardware or a combination of software and hardware. For example, the program signing means may comprise integrated or separate functional modules or units for performing the corresponding steps of the methods described above. Please refer to fig. 7, which schematically illustrates a schematic diagram of a program signing apparatus provided in some embodiments of the present application. Since the apparatus embodiments are substantially similar to the method embodiments, they are described in a relatively simple manner, and reference may be made to some of the descriptions of the method embodiments for relevant points. The device embodiments described below are merely illustrative.
As shown in fig. 7, an embodiment of the present application provides a program signing apparatus 20, where the apparatus 20 includes: a program determining module 201, configured to determine a program to be started for running on a chip; a program signing module 202, configured to generate a digital signature of the program to be started based on a signing key; and the key storage module 203 is configured to store the signature verification key corresponding to the signature key into the chip, so as to perform signature verification on the program to be started in the chip.
In some variations of the embodiments of the present application, the program to be started includes a BootLoader and/or external software.
In some variations of the embodiments of the present application, the signature key includes a private key generated by an asymmetric encryption algorithm, and the signature verification key includes a public key generated by the asymmetric encryption algorithm.
In some variations of embodiments of the present application, the asymmetric encryption algorithm comprises an elliptic curve cryptography ECC encryption algorithm.
In some variations of the embodiments of the present application, the key storage module 203 includes: and the partial key programming unit is used for programming a first coordinate value of the signature verification key corresponding to the signature key into an eFuse inside the chip, so that the chip calculates a second coordinate value corresponding to the first coordinate value according to a curve equation corresponding to the ECC encryption algorithm, and determines the signature verification key according to the first coordinate value and the second coordinate value, wherein the first coordinate value is a part of the signature verification key based on the ECC encryption algorithm.
In some variations of the embodiments of the present application, the key storage module 203 includes: and the complete key programming unit is used for programming the signature verification key corresponding to the signature key into the eFuse inside the chip.
In some variations of the embodiments of the present application, the apparatus 20 further comprises: the device comprises a read-write key acquisition module, a read-write key acquisition module and a read-write key generation module, wherein the read-write key acquisition module is used for acquiring a read-write key aiming at an external memory, and the read-write key is used for encrypting or decrypting data written in or read out from the external memory; and the read-write key programming module is used for programming the read-write key into the eFuse inside the chip.
In some variations of the embodiments of the present application, the read-write key includes a symmetric key for symmetric encryption and decryption.
In some variations of the embodiments of the present application, the apparatus 20 further comprises: and the read-write forbidding setting module is used for forbidding external software read-write in the key storage area by setting the designated electronic bit outside the key storage area in the eFuse to be in a designated state.
In some variations of embodiments of the present application, the chip comprises a system on a chip SOC chip.
The program signature apparatus 20 provided in the embodiment of the present application and the program signature method provided in the foregoing embodiment of the present application have the same inventive concept and the same beneficial effects, and are not described herein again.
For convenience of understanding, the following description is further described with reference to specific embodiments, wherein the following exemplary descriptions may be understood with reference to the description of any of the foregoing embodiments, and some details are not repeated.
In the following description, although some terms are changed, they do not affect the expression of their meanings, and some terms are described in correspondence with terms in the foregoing description of the embodiments, and the correspondence expressed by the correspondence may include an equivalent relationship or a top-bottom relationship, and those skilled in the art can understand the correspondence in consideration of the actual situation.
In some specific embodiments, based on the characteristics of high speed, high efficiency and convenient implementation of a symmetric encryption algorithm, while a non-symmetric encryption algorithm has the characteristics of high safety but low speed, the present embodiment uses the symmetric encryption algorithm to encrypt plaintext data, such as AES, so that data in a memory is ciphertext. The software version is processed by using the SHA-2 encryption algorithm to obtain a data abstract, and the digital signature of the abstract is realized by using the ECC encryption algorithm, so that the security in the software execution process is guaranteed, and the digital signature is completed. Moreover, the encryption and decryption algorithm is accelerated by using hardware and integrated in an SOC chip, so that the system throughput rate and the speed of generating and authenticating a digital signature are greatly improved, and meanwhile, high-strength guarantee is provided for the safety of a BOOT starting scheme.
The secure BOOT startup scheme of the embodiment includes two layers: 1) the software version is checked by using an asymmetric encryption and decryption algorithm ECC, when the software version cannot be checked, the software version is judged to be an illegal version, and the system refuses to start; 2) and the software version is encrypted and protected by using a symmetric encryption and decryption algorithm, so that data leakage is avoided.
The chip security Boot process is shown in fig. 3: the Boot ROM moves the Boot loader in the memory into the SRAM in the chip for signature verification, after the Boot loader passes the verification, the Boot loader loads the large version program (namely external software, considering that the external software can be frequently updated, only the large version program can be verified to avoid misjudgment caused by program updating) into the internal SRAM, the verification is carried out again, after the verification passes, the system is started, otherwise, the starting is refused;
and (3) signature process: compiling to generate a BootLoader program, calculating a HASH value by a production test tool by using an SHA2 algorithm, encrypting the HASH value by an ECC algorithm to obtain a signature of the BootLoader, and burning a public key of the ECC into an eFuse of the electronic fuse.
And (3) a label checking process: and the Bootrom program loads BootLoader to an internal SRAM, extracts a data field and a signature field, calculates the HASH value of BootLaoder, inputs a public key and a signature in the eFuse as an ECC algorithm, confirms the consistency of the signature, continues starting if the public key and the signature are consistent, refuses starting if the public key and the signature are not consistent, gives information when trying for a certain number of times, and enters exception handling.
The signature and signature verification process of the large version is the same as that of the signature verification process, the same algorithm is used, and only the signature and signature verification of the bootloader can be carried out in order to accelerate the BOOT process.
The signature verification only needs to store one coordinate (x coordinate or y coordinate) of the public key into the eFuse, and the other coordinate can be obtained through curve equation calculation, so that the eFuse storage space can be saved. Different ECC key pairs are distributed to the clients, the BootLoaders are provided for the clients after ECC signing, so that the chips taken by the low-price agents can only use the matched BootLoaders, namely only use a specific software version, otherwise, the chips are refused to be started, and the phenomenon of goods fleeing can be prevented.
The schematic diagram of memory encryption is shown in fig. 4: the memory controller in the chip comprises two access channels, one access channel can read and write the memory through an APB bus; the other is that only the memory can be read through the AHB bus.
The AHB and APB buses pass through an encryption and decryption module of an external memory, and the encryption and decryption module can encrypt or not perform any processing on data written into the external memory by the APB bus; the read data of the AHB bus is decrypted or not processed, and the encryption/decryption control signals are stored in the eFuses. After encryption is enabled, data read from the memory by using a physical means (such as a serial port SPI) is encrypted, and most of the data cannot be recovered to obtain real data.
The encryption and decryption module supports 128 bits, 192 bits, 256 bits and other different keys, and the specific number of bits is determined by an encryption and decryption algorithm. The key is generated by random numbers, after the key is generated, the key is programmed into the eFuses, and the function of the software read-write key area can be controlled through the eFuse enabling signals, so that the key is prevented from being leaked and tampered.
Through the above-mentioned embodiment, at least the following technical effects can be obtained:
1. and hardware is used for acceleration, and the hardware is integrated into an SOC chip, so that the operation efficiency is greatly improved.
2. And the data of the memory is encrypted and decrypted by using a symmetric encryption algorithm, so that the data is prevented from being leaked. And simultaneously, the encryption and decryption key is stored in an eFuse of the electronic fuse, and the software is added to the key to prohibit the read-write function so as to prevent the key from being tampered and read.
3. Through different key pairs, cross-shipment can be prevented.
4. Through digital signature verification, the normal function realization of the chip is ensured, malicious software intrusion is effectively prevented, and the safety and the quality of the product are effectively improved.
The embodiment of the present application further provides an SOC chip corresponding to the program verification method provided by the foregoing embodiment, where the SOC chip performs signature verification on a program to be started by using the program verification method provided by any foregoing embodiment of the present application, and for relevant points, reference is made to the foregoing description of the embodiment of the program verification method for understanding.
The SOC chip provided in the embodiment of the present application and the program verification method provided in the foregoing embodiment of the present application have the same inventive concept and the same beneficial effects, and are not described herein again.
The embodiment of the present application further provides an electronic device corresponding to the program verification method or the program signature method provided in the foregoing embodiment, where the electronic device may include, but is not limited to, a device provided with the SOC chip or the microcontroller to execute the program verification method, and the electronic device may also include, but is not limited to, a chip burning device, a desktop computer, a notebook computer, and the like to execute the program signature method.
Please refer to fig. 8, which schematically illustrates a schematic diagram of an electronic device according to some embodiments of the present application. As shown in fig. 8, the electronic device 30 includes: the system comprises a processor 300, a memory 301, a bus 302 and a communication interface 303, wherein the processor 300, the communication interface 303 and the memory 301 are connected through the bus 302; the memory 301 stores a computer program that can be executed on the processor 300, and the processor 300 executes the program verification method or the program signature method provided in any of the foregoing embodiments when executing the computer program.
The Memory 301 may include a Random Access Memory (RAM) and may further include a non-volatile Memory (non-volatile Memory), such as at least one disk Memory. The communication connection between the network element of the system and at least one other network element is realized through at least one communication interface 303 (which may be wired or wireless), and the internet, a wide area network, a local network, a metropolitan area network, and the like can be used.
The electronic device provided by the embodiment of the present application and the program verification method or the program signature method provided by the foregoing embodiment of the present application have the same inventive concept and the same beneficial effects as the method adopted, operated or implemented by the electronic device.
Referring to fig. 9, a computer-readable storage medium is shown as an optical disc 40, on which a computer program (i.e., a program product) is stored, where the computer program is executed by a processor to perform the program verification method or the program signature method provided in any of the foregoing embodiments.
It should be noted that examples of the computer-readable storage medium may also include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory, or other optical and magnetic storage media, which are not described in detail herein.
The computer-readable storage medium provided by the above-mentioned embodiment of the present application and the program verification method or the program signature method provided by the foregoing embodiment of the present application have the same advantages as the method adopted, run or implemented by the application program stored in the computer-readable storage medium.
It should be noted that the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and there may be other divisions when actually implemented, and for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of devices or units through some communication interfaces, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
Finally, it should be noted that: the above embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; such modifications and substitutions do not depart from the spirit and scope of the present disclosure, and the present disclosure should be construed as being covered by the claims and the specification.
Claims (27)
1. A program verification method, comprising:
loading a program to be started to a chip internal memory;
signature verification is carried out on the program to be started by using a signature verification key obtained from the inside of the chip;
if the signature verification fails, refusing to start the program to be started;
and if the signature verification is passed, allowing the program to be started.
2. The method according to claim 1, wherein the program to be started comprises a BootLoader and/or external software.
3. The method according to claim 2, wherein the program to be started comprises a BootLoader and external software;
the signature verification of the program to be started by using the signature verification key obtained from the inside of the chip comprises the following steps:
and utilizing a signature verification key obtained from the inside of the chip to sequentially carry out signature verification on the BootLoader and the external software, wherein if any verification fails, the verification of the whole signature is judged to fail.
4. The method according to claim 1, wherein the signature verification of the program to be started by using a signature verification key obtained from the inside of the chip comprises:
extracting a data field and a signature field of the program to be started;
calculating a first digital abstract corresponding to the data field;
decrypting the signature field by using a signature verification key acquired from the inside of the chip to obtain a second digital digest;
if the first digital abstract is the same as the second digital abstract, the signature verification is passed;
and if the first digital abstract is not the same as the second digital abstract, the signature verification is not passed.
5. The method of claim 1, wherein the signing key comprises a public key generated using an asymmetric cryptographic algorithm.
6. The method of claim 5, wherein the asymmetric encryption algorithm comprises an Elliptic Curve Cryptography (ECC) encryption algorithm.
7. The method according to claim 6, before said signature verification of said program to be started by using a signature key obtained from inside said chip, further comprising:
reading a prestored first coordinate value from an electronic fuse eFuse inside the chip, wherein the first coordinate value is a part of value of a signature verification key based on an ECC encryption algorithm, and the first coordinate value is a part of the signature verification key based on the ECC encryption algorithm;
calculating a second coordinate value corresponding to the first coordinate value by adopting a curve equation corresponding to the ECC encryption algorithm;
and determining the signature verification key according to the first coordinate value and the second coordinate value.
8. The method according to claim 1, before said signature verification of said program to be started by using a signature key obtained from inside of said chip, further comprising:
and reading a pre-stored signature verification key from the eFuse inside the chip.
9. The method according to claim 1, further comprising, before the loading the program to be started into the chip internal memory:
acquiring encrypted data of a program to be started from an external memory, wherein the program to be started is encrypted and then stored in the external memory;
and decrypting the encrypted data of the program to be started by adopting a read-write secret key prestored in the chip to obtain the program to be started.
10. The method according to claim 9, wherein decrypting the encrypted program data to be started by using a read-write key pre-stored in the chip comprises:
and decrypting the encrypted program data to be started by adopting a read-write key prestored in the eFuse inside the chip.
11. The method of claim 9, wherein the read-write key comprises a symmetric key for symmetric encryption and decryption.
12. The method of claim 1, wherein the chip comprises a system on a chip (SOC) chip.
13. A program signing method, the method comprising:
determining a program to be started for running on a chip;
generating a digital signature of the program to be started based on a signature key;
and storing the signature verification key corresponding to the signature key into the chip so as to conveniently carry out signature verification on the digital signature of the program to be started in the chip.
14. The method according to claim 13, wherein the program to be started comprises a BootLoader and/or external software.
15. The method of claim 13, wherein the signing key comprises a private key generated using an asymmetric cryptographic algorithm, and wherein the signing key comprises a public key generated using an asymmetric cryptographic algorithm.
16. The method of claim 15, wherein the asymmetric encryption algorithm comprises an elliptic curve cryptography ECC encryption algorithm.
17. The method of claim 16, wherein storing the signature verification key corresponding to the signature key inside the chip comprises:
and burning a first coordinate value of the signature verification key corresponding to the signature key into an eFuse inside the chip, so that the chip calculates a second coordinate value corresponding to the first coordinate value according to a curve equation corresponding to the ECC encryption algorithm, and determines the signature verification key according to the first coordinate value and the second coordinate value, wherein the first coordinate value is a part of the signature verification key based on the ECC encryption algorithm.
18. The method according to claim 13, wherein storing the signature verification key corresponding to the signature key into the chip comprises:
and programming the signature verification key corresponding to the signature key into an eFuse inside the chip.
19. The method of claim 13, further comprising:
acquiring a read-write key aiming at an external memory, wherein the read-write key is used for encrypting or decrypting data written in or read out of the external memory;
and programming the read-write key into an eFuse inside the chip.
20. The method of claim 19, wherein the read-write key comprises a symmetric key for symmetric encryption and decryption.
21. The method of any one of claims 17 to 19, further comprising:
and setting a designated electronic bit outside the key storage area in the eFuse to a designated state, so that the key storage area prohibits external software from reading and writing.
22. The method of claim 13, wherein the chip comprises a system on a chip (SOC) chip.
23. A program verifying apparatus, comprising:
the internal loading module is used for loading a program to be started to the internal memory of the chip;
the signature verification module is used for performing signature verification on the program to be started by using a signature verification key acquired from the inside of the chip;
the starting refusing module is used for refusing to start the program to be started if the signature verification fails;
and the starting permission module is used for permitting the program to be started if the signature verification passes.
24. A program signing apparatus, said apparatus comprising:
the program determining module is used for determining a program to be started for running on the chip;
the program signature module is used for generating a digital signature of the program to be started based on the signature key;
and the key storage module is used for storing the signature verification key corresponding to the signature key into the chip so as to conveniently carry out signature verification on the program to be started in the chip.
25. An SOC-chip, characterized in that it verifies the signature of the program to be started by the method according to any of claims 1 to 12.
26. An electronic device, characterized in that the electronic device comprises: memory, a processor and a computer program stored on the memory and executable on the processor, the processor executing when executing the computer program to implement the method of any one of claims 1 to 22.
27. A computer readable storage medium having computer readable instructions stored thereon which are executable by a processor to implement the method of any one of claims 1 to 22.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110554170.4A CN113177201A (en) | 2021-05-20 | 2021-05-20 | Program checking and signing method and device and SOC chip |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110554170.4A CN113177201A (en) | 2021-05-20 | 2021-05-20 | Program checking and signing method and device and SOC chip |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113177201A true CN113177201A (en) | 2021-07-27 |
Family
ID=76929474
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110554170.4A Pending CN113177201A (en) | 2021-05-20 | 2021-05-20 | Program checking and signing method and device and SOC chip |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113177201A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113536356A (en) * | 2021-07-30 | 2021-10-22 | 海宁奕斯伟集成电路设计有限公司 | Data verification method and distributed storage system |
| CN114448627A (en) * | 2022-02-21 | 2022-05-06 | 广州鼎甲计算机科技有限公司 | Encryption card and encryption method thereof |
| CN115454517A (en) * | 2022-11-11 | 2022-12-09 | 山东云海国创云计算装备产业创新中心有限公司 | Multi-medium secure startup method, system, storage medium, device and chip |
| WO2023221251A1 (en) * | 2022-05-19 | 2023-11-23 | 惠州市德赛西威汽车电子股份有限公司 | Controller security management method and apparatus, and vehicle and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016070382A1 (en) * | 2014-11-06 | 2016-05-12 | 华为技术有限公司 | Secure information configuration method, secure authentication method and related chip |
| CN110990084A (en) * | 2019-12-20 | 2020-04-10 | 紫光展讯通信(惠州)有限公司 | Chip secure starting method and device, storage medium and terminal |
| US20200117805A1 (en) * | 2018-08-23 | 2020-04-16 | Shenzhen GOODIX Technology Co., Ltd. | Secure booting method, apparatus, device for embedded program, and storage medium |
-
2021
- 2021-05-20 CN CN202110554170.4A patent/CN113177201A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016070382A1 (en) * | 2014-11-06 | 2016-05-12 | 华为技术有限公司 | Secure information configuration method, secure authentication method and related chip |
| US20200117805A1 (en) * | 2018-08-23 | 2020-04-16 | Shenzhen GOODIX Technology Co., Ltd. | Secure booting method, apparatus, device for embedded program, and storage medium |
| CN110990084A (en) * | 2019-12-20 | 2020-04-10 | 紫光展讯通信(惠州)有限公司 | Chip secure starting method and device, storage medium and terminal |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113536356A (en) * | 2021-07-30 | 2021-10-22 | 海宁奕斯伟集成电路设计有限公司 | Data verification method and distributed storage system |
| CN114448627A (en) * | 2022-02-21 | 2022-05-06 | 广州鼎甲计算机科技有限公司 | Encryption card and encryption method thereof |
| WO2023221251A1 (en) * | 2022-05-19 | 2023-11-23 | 惠州市德赛西威汽车电子股份有限公司 | Controller security management method and apparatus, and vehicle and storage medium |
| CN115454517A (en) * | 2022-11-11 | 2022-12-09 | 山东云海国创云计算装备产业创新中心有限公司 | Multi-medium secure startup method, system, storage medium, device and chip |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109313690B (en) | Self-contained encrypted boot policy verification | |
| US8006095B2 (en) | Configurable signature for authenticating data or program code | |
| CN103210396B (en) | Comprise the method and apparatus of the framework for the protection of sensitive code and data | |
| CN113177201A (en) | Program checking and signing method and device and SOC chip | |
| US8656146B2 (en) | Computer system comprising a secure boot mechanism | |
| US7934049B2 (en) | Methods used in a secure yet flexible system architecture for secure devices with flash mass storage memory | |
| KR100792287B1 (en) | Method for security and the security apparatus thereof | |
| US8438377B2 (en) | Information processing apparatus, method and computer-readable storage medium that encrypts and decrypts data using a value calculated from operating-state data | |
| US8332635B2 (en) | Updateable secure kernel extensions | |
| JP4891324B2 (en) | Secure yet flexible system architecture for high-reliability devices with high-capacity flash memory | |
| US20130019105A1 (en) | Secure software and hardware association technique | |
| EP2759955A1 (en) | Secure backup and restore of protected storage | |
| JP6073320B2 (en) | Authority-dependent platform secret to digitally sign | |
| KR20090007123A (en) | Secure boot method and semiconductor memory system for using the method | |
| TW201314492A (en) | Secure update of boot image without knowledge of secure key | |
| TW201319863A (en) | Method and system for preventing execution of malware | |
| CN113434853B (en) | Method for burning firmware to storage device and controller | |
| CN109445705B (en) | Firmware authentication method and solid state disk | |
| EP2270707B1 (en) | Loading secure code into a memory | |
| US11683155B2 (en) | Validating data stored in memory using cryptographic hashes | |
| US11270003B2 (en) | Semiconductor device including secure patchable ROM and patch method thereof | |
| TWI402755B (en) | Secure memory card with life cycle phases | |
| CN109814934B (en) | Data processing method, device, readable medium and system | |
| US11481523B2 (en) | Secure element | |
| CN113204769A (en) | Secure device, electronic device, and secure boot management system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: Room 101, floor 1, building 3, yard 18, Kechuang 10th Street, Beijing Economic and Technological Development Zone, Daxing District, Beijing 100176 Applicant after: Beijing yisiwei Computing Technology Co.,Ltd. Applicant after: GUANGZHOU QUANSHENGWEI INFORMATION TECHNOLOGY Co.,Ltd. Address before: Room 101, floor 1, building 3, yard 18, Kechuang 10th Street, Beijing Economic and Technological Development Zone, Daxing District, Beijing 100176 Applicant before: Beijing yisiwei Computing Technology Co.,Ltd. Applicant before: GUANGZHOU QUANSHENGWEI INFORMATION TECHNOLOGY Co.,Ltd. |
|
| CB02 | Change of applicant information |